 |
cybsec: Advisories!: Latest Advisories & Live Feeds (03/16/04) |
 |
|
Latest Advisories
Live Virus Advisory Feeds
03-16-2004
*Live Feeds are from Panda, Trend Micro, and Symantec
Live Virus Advisory Feeds
National Cyber Alert System (US-Cert)
Secunia
Secunia Highlights:
ISS Multiple Products SMB Packet Handling Buffer Overflow Vulnerability
eEye Digital Security has discovered a vulnerability in multiple ISS products, which can be exploited by malicious people to compromise a vulnerable system.
WinZip MIME Archive Parsing Buffer Overflow Vulnerability
iDEFENSE has reported a vulnerability in WinZip, which potentially can be exploited by malicious people to compromise a user's system.
Latest 15 Secunia Security Advisories:
2004-03-16
- 4nGuestbook x Parameter SQL Injection and Cross-Site Scripting
- Macromedia ColdFusion MX / JRun SOAP Request Denial of Service
- CA Unicenter TNG Daemons Buffer Overflow Vulnerabilities
- Sun Java System Application Server SOAP Request Denial of Service
- YaBB / YaBB SE Formatting Tag Cross-Site Scripting Vulnerability
2004-03-15
- SPIP forum.php3 PHP Code Injection Vulnerability
- HP Web Based Management Anonymous Certificate Upload Vulnerability
- OpenPKG update for uudeview
- cPanel Login Command Injection Vulnerability
- Macromedia Multiple Products Privilege Escalation Vulnerability
- Pegasi Web Server Directory Traversal and Cross-Site Scripting
- phpBB SQL Injection and Cross Site Scripting Vulnerabilities
- AntiGen for Domino Encrypted Zip File Denial of Service
- Novell Groupwise WebAccess Insecure Default Configuration
- Oracle Web Cache Unspecified Client Request Handling Vulnerabilities
Top 5 Most Read Secunia Security Advisories (Last 24 hours):
- SPIP forum.php3 PHP Code Injection Vulnerability
- Novell Groupwise WebAccess Insecure Default Configuration
- cPanel Login Command Injection Vulnerability
- Macromedia Multiple Products Privilege Escalation Vulnerability
- Internet Explorer URL Spoofing Vulnerability
Security Tracker
Macromedia ColdFusion SOAP Request Processing Bug Lets Remote Users Deny Service
A vulnerability was reported in the Macromedia ColdFusion Server in the processing of SOAP requests. A remote user can cause denial of service conditions on the target system.
Impact: Denial of service via network
Macromedia JRun SOAP Request Processing Bug Lets Remote Users Deny Service
A vulnerability was reported in the Macromedia JRun Server in the processing of SOAP requests. A remote user can cause denial of service conditions on the target system.
Impact: Denial of service via network
Sun Java Application Server SOAP Request Processing Bug Lets Remote Users Deny Service
A vulnerability was reported in the Sun Java Application Server in the processing of SOAP requests. A remote user can cause denial of service conditions on the target system.
Impact: Denial of service via network
YaBB SE Input Validation Flaws in 'glow' and 'shadow' Tags Permit Cross-Site Scripting Attacks
An input validation vulnerability was reported in YaBB SE. A remote user can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
YaBB Input Validation Flaws in 'glow' and 'shadow' Tags Permit Cross-Site Scripting Attacks
An input validation vulnerability was reported in YaBB. A remote user can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
SecurityFocus Vulnerabilities
2004-03-13: Linux Kernel Samba Share Local Privilege Elevation Vulnerability
2004-03-12: NFS-Utils rpc.mountd Denial Of Service Vulnerability
2004-03-12: Samba Mksmbpasswd.sh Insecure User Account Creation Vulnerability
2004-03-12: Computer Associates Unicenter TNG Utilities Multiple Remote Buffer Overflow Vulnerabilities
2004-03-12: Macromedia Studio MX 2004 /Contribute 2 Local Privilege Escalation Vulnerability
2004-03-12: HP HTTP Server Trusted Certificate Compromise Vulnerability
2004-03-12: Chaogic Systems VHost Unspecified Cross-Site Scripting Vulnerability
2004-03-12: Emumail EMU Webmail Multiple Vulnerabilities
2004-03-12: Sysstat Insecure Temporary File Creation Vulnerability
2004-03-12: Sysstat Isag Temporary File Creation Vulnerability
2004-03-12: UUDeview Insecure Temporary File Creation Vulnerability
2004-03-12: IP3 Networks IP3 NetAccess Appliance SQL Injection Vulnerability
2004-03-12: Dogpatch Software CFWebstore Cross-Site Scripting Vulnerability
2004-03-12: UUDeview MIME Archive Buffer Overrun Vulnerability
2004-03-12: cPanel Login Script Remote Command Execution Vulnerability
2004-03-12: Dogpatch Software CFWebstore SQL Injection Vulnerability
2004-03-12: cPanel dir Parameter Cross-Site Scripting Vulnerability
2004-03-12: XInterceptTalk XITalk Privilege Escalation Vulnerability
2004-03-12: Sun Solaris Patch Unexpected Security Weakness
2004-03-12: Metamail Extcompose Program Symlink Vulnerability
2004-03-12: cPanel Resetpass Remote Command Execution Vulnerability
2004-03-11: Targem Games Battle Mages Remote Denial Of Service Vulnerability
2004-03-11: Epic Games Unreal Tournament Server Engine Remote Format String Vulnerability
2004-03-11: Calife Local Memory Corruption Vulnerability
2004-03-11: Microsoft Outlook Mailto Parameter Quoting Zone Bypass Vulnerability
2004-03-11: Norton AntiVirus 2002 ASCII Control Character Denial Of Service Vulnerability
2004-03-11: GNU MyProxy Cross-Site Scripting Vulnerability
2004-03-11: Courier Multiple Remote Buffer Overflow Vulnerabilities
2004-03-11: Confixx DB Parameter SQL Injection Vulnerability
2004-03-11: Multiple BEA WebLogic Server/Express Denial of Service and Information Disclosure Vulnerabilities
2004-03-10: Invision Power Board Multiple Cross-Site Scripting Vulnerabilities
2004-03-10: Multiple Vendor Internet Browser Cookie Path Argument Restriction Bypass Vulnerability
2004-03-10: Software602 602Pro LAN Suite Web Mail Installation Path Disclosure Vulnerability
2004-03-10: Software602 602Pro LAN Suite Web Mail Cross-Site Scripting Vulnerability
2004-03-10: OpenSSL ASN.1 Parsing Vulnerabilities
2004-03-10: GdkPixbuf Unspecified Bitmap Handling Denial Of Service Vulnerability
2004-03-10: Invicta WMCam Server Remote Denial Of Service Vulnerability
2004-03-10: Multiple Vendor S/MIME ASN.1 Parsing Denial of Service Vulnerabilities
2004-03-10: GNU Anubis Multiple Remote Buffer Overflow and Format String Vulnerabilities
2004-03-10: Mozilla Browser Script.prototype.freeze/thaw Arbitrary Code Execution Vulnerability
2004-03-10: Mozilla Browser Proxy Server Authentication Credential Disclosure Vulnerability
2004-03-10: F-Secure Anti-Virus For Linux Unspecified Scanner Bypass Vulnerability
2004-03-10: Mozilla Browser Cookie Path Restriction Bypass Vulnerability
2004-03-10: Sun Solaris Multiple Unspecified Local UUCP Buffer Overrun Vulnerabilities
2004-03-10: Python getaddrinfo Function Remote Buffer Overflow Vulnerability
2004-03-10: IBM AIX Rexecd Privilege Escalation Vulnerability
2004-03-09: IBM WebSphere Unspecified Security Vulnerability
2004-03-09: IBM DFSMS/MVS Tape Utility Unspecified Vulnerability
2004-03-09: WU-FTPD restricted-gid Unauthorized Access Vulnerability
2004-03-09: F-Secure SSH Server Password Authentication Policy Evasion Vulnerability
2004-03-09: SmarterTools SmarterMail Multiple Vulnerabilities
2004-03-09: Confixx Perl Debugger Remote Command Execution Vulnerability
2004-03-09: RhinoSoft Serv-U FTP Server MDTM Command Time Argument Buffer Overflow Vulnerability
2004-03-09: Microsoft Windows XP HCP URI Handler Arbitrary Command Execution Vulnerability
2004-03-09: IBM DB2 Remote Command Server Privilege Escalation Vulnerability
2004-03-09: Cisco IOS 12.1 Large TCP Scan Denial of Service Vulnerability
2004-03-09: BolinTech Dream FTP Server User Name Format String Vulnerability
2004-03-09: Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
2004-03-09: Apache Mod_Access Access Control Rule Bypass Vulnerability
2004-03-09: LionMax Software Chat Anywhere User IP Address Obfuscation Vulnerability
2004-03-09: Microsoft Windows Media Services Remote Denial of Service Vulnerability
2004-03-09: Microsoft MSN Messenger Information Disclosure Vulnerability
2004-03-09: Wu-Ftpd S/Key Remote Buffer Overrun Vulnerability
2004-03-09: Mutt Menu Drawing Remote Buffer Overflow Vulnerability
2004-03-09: Linux Kernel do_mremap Function Boundary Condition Vulnerability
2004-03-09: Linux Kernel do_brk Function Boundary Condition Vulnerability
2004-03-09: Coreutils LS Width Argument Integer Overflow Vulnerability
2004-03-09: RSync Daemon Mode Undisclosed Remote Heap Overflow Vulnerability
2004-03-09: OmniCom winShadow hostname Buffer Overflow Vulnerability
2004-03-09: OmniCom winShadow Server Login Denial of Service Vulnerability
2004-03-09: Invision Power Board Pop Parameter Cross-Site Scripting Vulnerability
2004-03-09: BSD Out Of Sequence Packets Remote Denial Of Service Vulnerability
Symantec SSR
W32.Beagle.N@mm
PE_BAGLE.P [Trend], W32/Bagle.p@MM [McAfee] March 15, 2004 March 15, 2004
W32.Tuoba.Trojan March 15, 2004 March 15, 2004
W32.Cone.F@mm March 14, 2004 March 14, 2004
Trojan.Mitglieder.E
W32/Bagle.gen@mm March 13, 2004 March 13, 2004
Trojan.Mitglieder.D
W32/Bagle.gen@mm March 13, 2004 March 13, 2004
W32.Beagle.M@mm
PE_BAGLE.N [Trend], W32/Bagle.n@MM [McAfee], Bagle.N [F-Secure], Win32.Bagle.N [Computer Associates], W32/Bagle-N [Sophos] March 13, 2004 March 13, 2004
W32.HLLW.Citor March 13, 2004 March 13, 2004
W32.HLLW.Annil@mm March 12, 2004 March 13, 2004
W32.Cone.E@mm March 12, 2004 March 13, 2004
PWSteal.Irftp March 12, 2004 March 13, 2004
Trojan.Etsur March 12, 2004 March 13, 2004
Trojan.Noupdate March 11, 2004 March 12, 2004
Trojan.Gipma March 10, 2004 March 11, 2004
W32.Cone.D@mm March 10, 2004 March 11, 2004
W32.Netsky.M@mm
I-Worm.NetSky.m [Kaspersky], W32/Netsky.m@MM [McAfee], WORM_NETSKY.M [Trend], W32/Netsky-M [Sophos], Win32.Netsky.M [Computer Associates] March 10, 2004 March 11, 2004
Trojan.Simcss.B March 10, 2004 March 10, 2004
W97M.Trug.B March 9, 2004 March 10, 2004
W32.Netsky.L@mm March 9, 2004 March 10, 2004
W32.Cone.C@mm March 9, 2004 March 9, 2004
W32.Netsky.K@mm
W32/Netsky-J [Sophos], Win32.Netsky.J [Computer Associates], W32/Netsky.j@MM [McAfee], WORM_NETSKY.J [Trend], I-Worm.NetSky.j [Kaspersky] March 8, 2004 March 8, 2004
W32.Keco@mm
W32/Keco.worm [McAfee], WORM_KECO.A [Trend], Win32.Keco.A [Computer Associates], I-Worm.Keco [Kaspersky] March 8, 2004 March 8, 2004
W32.Netsky.J@mm
NetSky.J [F-Secure], W32/Netsky-K [Sophos], Win32.Netsky.K [Computer Associates], WORM_NETSKY.K [Trend] March 8, 2004 March 8, 2004
W32.Sober.D@mm
Win32.Sober.D [Computer Associates], W32/Sober.d@MM [McAfee], WORM_SOBER.D [Trend], W32/Roca-A [Sophos], I-Worm.Sober.d [Kaspersky] March 7, 2004 March 8, 2004
W32.Netsky.I@mm
W32/Netsky.i@MM [McAfee], I-Worm.Netsky.gen [Kaspersky], Win32.Netsky.I [Computer Associates], WORM_NETSKY.I [Trend], W32/Netsky-I [Sophos] March 7, 2004 March 8, 2004
Trojan.Reur.B March 5, 2004 March 8, 2004
W32.HLLW.Reur.B March 5, 2004 March 8, 2004
W32.HLLW.Heycheck March 5, 2004 March 8, 2004
PWSteal.Banpaes.C March 5, 2004 March 5, 2004
W32.Netsky.H@mm March 5, 2004 March 5, 2004
W32.Netsky.G@mm
Win32.Netsky.G [Computer Associates], NetSky.G [F-Secure], W32/Netsky.g@MM [McAfee], WORM_NETSKY.G [Trend] March 4, 2004 March 5, 2004
X97M.Kbase
X97M/Generic (McAfee) March 3, 2004 March 4, 2004
W32.Mydoom.H@mm
W32/Mydoom.h@MM [McAfee], Win32.Mydoom.H [Computer Associates], WORM_MYDOOM.H [Trend] March 3, 2004 March 4, 2004
W32.Beagle.K@mm
Win32.Bagle.K [Computer Associates], Bagle.K [F-Secure], W32/Bagle.k@MM [McAfee], W32/Bagle.K.worm [Panda], W32/Bagle-K [Sophos], WORM_BAGLE.K [Trend Micro] March 3, 2004 March 3, 2004
W32.Netsky.F@mm
Win32.Netsky.F [Computer Associates], NetSky.F [F-Secure], W32/Netsky.f@MM [McAfee], WORM_NETSKY.F [Trend] March 3, 2004 March 3, 2004
W32.Beagle.J@mm
W32/Bagle.j@MM [McAfee], WORM_BAGLE.J [Trend], Win32.Bagle.J [Computer Associates], W32/Bagle-J [Sophos] March 2, 2004 March 2, 2004
W32.Hiton@mm
W32/Hiton.a@MM [McAfee], WORM_HITON.A [Trend], Win32.Hiton.A [Computer Associates] March 2, 2004 March 2, 2004
W32.Mydoom.G@mm
W32/Mydoom.g@MM [McAfee], WORM_MYDOOM.G [Trend], Win32.Mydoom.G [Computer Associates], W32/MyDoom-G [Sophos] March 2, 2004 March 2, 2004
W32.Beagle.I@mm
WORM_BAGLE.I [Trend], W32/Bagle-I [Sophos], Win32.Bagle.I [Computer Associates], W32/Bagle.i@MM [McAfee] March 1, 2004 March 2, 2004
W32.Beagle.H@mm
W32/Bagle.h@MM [McAfee], W32/Bagle-H [Sophos], I-Worm.Bagle.Gen [Kaspersky], WORM_BAGLE.H [Trend], Win32.Bagle.H [Computer Associates] March 1, 2004 March 1, 2004
W32.Netsky.E@mm
Win32.Netsky.E [Computer Associates], W32/Netsky.e@MM [McAfee], W32/Netsky-E [Sophos], WORM_NETSKY.E [Trend], I-Worm.Netsky.e [Kaspersky] March 1, 2004 March 1, 2004
W32.Netsky.D@mm
WORM_NETSKY.D [Trend], W32/Netsky.d@MM [McAfee], W32/Netsky.D.worm [Panda], W32/Netsky-D [Sophos], Win32.Netsky.D [Computer Associates], I-Worm.Netsky.d [Kaspersky] March 1, 2004 March 1, 2004
W32.Beagle.G@mm
W32/Bagle.g@MM [McAfee], WORM_BAGLE.G [Trend] February 29, 2004 February 29, 2004
W32.Beagle.F@mm
W32/Bagle.f@MM [McAfee], W32/Bagle-F [Sophos], Win32.Bagle.F [Computer Associates], WORM_BAGLE.F [Trend], I-Worm.Bagle.f [Kaspersky] February 29, 2004 February 29, 2004
W32.Cone.B@mm February 29, 2004 February 29, 2004
W32.HLLW.Cult.P@mm February 29, 2004 February 29, 2004
Trojan.Bookmarker.F February 29, 2004 February 29, 2004
W32.Beagle.E@mm
Bagle.E [F-Secure], I-Worm.Bagle.e [Kaspersky], WORM_BAGLE.E [Trend], Win32.Bagle.E [Computer Associates], W32/Bagle-E [Sophos] February 28, 2004 February 28, 2004
W32.HLLW.Evianc
Bloodhound.W32.5, Worm.P2P.gen [Kaspersky] February 28, 2004 February 28, 2004
W32.HLLW.Moega.AP February 28, 2004 February 28, 2004
W32.Beagle.C@mm
W32.Beagle.A@mm, W32/Bagle.c@MM [McAfee], WORM_BAGLE.C [Trend], Win32.Bagle.C [Computer Associates], W32/Bagle-C [Sophos], I-Worm.Bagle.c [Kaspersky] February 27, 2004 February 27, 2004
Trojan.Tilser February 27, 2004 February 27, 2004
PWSteal.Bancos.E February 26, 2004 February 27, 2004
Backdoor.IRC.Loonbot February 26, 2004 February 26, 2004
PWSteal.Tarno.B February 26, 2004 February 26, 2004
W32.Mockbot.A.Worm February 25, 2004 February 26, 2004
Backdoor.IRC.Aladinz.M February 25, 2004 February 26, 2004
W32.Netsky.C@mm
W32/Netsky.c@MM [McAfee], Win32.Netsky.C [Computer Associates], W32/Netsky-C [Sophos], WORM_NETSKY.C [Trend], I-Worm.Moodown.c [Kaspersky] February 24, 2004 February 25, 2004
W32.Bizex.Worm
Worm.Win32.Bizex [Kaspersky], W32/Bizex.worm [McAfee], W32/Bizex-A [Sophos] February 24, 2004 February 25, 2004
W32.Welchia.D.Worm February 23, 2004 February 23, 2004
Downloader.Botten February 23, 2004 February 23, 2004
W97M.Ortant@mm
WM97/Ortant-A (Sophos), W97M/Ortant (McAfee), W97M_ORTANT.A. (Trend) February 22, 2004 February 23, 2004
W32.Cone@mm February 22, 2004 February 23, 2004
Backdoor.IRC.Aladinz.L February 21, 2004 February 23, 2004
Java.StartPage
Trojan.Java.StartPage [Kaspersky], Exploit-ByteVerify [McAfee] February 20, 2004 February 23, 2004
W32.Mydoom.F@mm
W32/Mydoom.f@MM [McAfee], WORM_MYDOOM.F [Trend], W32/MyDoom-F [Sophos], I-Worm.Mydoom.f [Kaspersky], Win32.Mydoom.F [Computer Associates] February 20, 2004 February 23, 2004
Backdoor.Kaitex.E February 20, 2004 February 23, 2004
W97M.Saver.H
Macro.Word97.Saver [Kaspersky], W97M/Doccopy.A [F-Prot] February 19, 2004 February 20, 2004
Backdoor.IRC.Aladinz.K February 19, 2004 February 19, 2004
W32.Netsky.B@mm
W32/Netsky.b@MM [McAfee], W32/Netsky.B.worm [Panda], WORM_NETSKY.B [Trend Micro], Moodown.B [F-Secure], I-Worm.Moodown.b [Kaspersky] February 18, 2004 February 18, 2004
W32.Beagle.B@mm
W32.Alua@mm, Win32/Bagle.B.Worm [Computer Associates], Bagle.B [F-Secure], W32/Bagle.b@MM [McAfee], W32/Bagle.B@mm [Norman], WORM_BAGLE.B [Trend Mirco], W32/Bagle.B.worm [Panda], W32/Tanx-A [Sophos], I-Worm.Bagle.b [Kaspersky] February 17, 2004 February 17, 2004
W32.HLLW.Antinny.E February 17, 2004 February 17, 2004
X97M.Ellar.F February 16, 2004 February 16, 2004
W32.Kifer.B February 16, 2004 February 16, 2004
W32.Netsky@mm
WORM_NETSKY.A [Trend] February 16, 2004 February 16, 2004
NAV Daily Definitions (Go!)
*Note: The i32 Intelligent Updater package cannot be used to update Symantec AntiVirus Corporate Edition 8.0 servers or Norton AntiVirus Corporate Edition 7.6 servers, but can be used to update Corporate Edition clients. The x86 Intelligent Updater package can be used to update corporate Edition clients and servers.
National Cyber Alert System (US-Cert)
Latest version: March 15, 2004 16:31:01 EST
W32/Beagle.M-P Variants
W32/Netsky and Variants
W32/Beagle.J-K Variants
W32/Beagle.C-I Variants
W32/Bizex
W32/Mydoom.F
W32/Welchia.D
IMail server exploitation
W32/Beagle.B or W32/Bagle.B ASN.1 exploit code
W32/Mydoom.C or W32.HLLW.Doomjuice
W32/Mydoom or W32/Novarg
W32/Beagle or W32/Bagle Worm
Systems compromised via buffer overflow in DameWare
Technical Alerts
TA04-070A
Microsoft Outlook mailto URL Handling Vulnerability
SB04-063
Summary of Security Items from February 18 through March 3, 2004
Non-technical Alerts
SA04-070A
Vulnerability in Microsoft Outlook 2002
ST04-004
Understanding Firewalls
New and Notable Vulnerabilities
Linux Kernel mremap() Vulnerabilities
BlackICE and RealSecure heap overflow vulnerability
Microsoft ASN.1 vulnerabilities
Vulnerabilities in H.323 messaging
Live Virus Advisory Feed
|
|
|
|
Posted on Tuesday, 16 March 2004 @ 09:35:09 EST by phoenix22
|
 |
|
|
|
Login |
|
 |
|
|
|
· New User? ·
Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
Average Score: 0
Votes: 0
|
|
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
