|
|
2003-09-30
Secunia
Security Tracker
Security Focus
Symantec
FTC
The Federal Trade Commission is warning consumers about
fake credit report sites sent over e-mail that cash-in on your personal information. The scam is called "phishing," and it asks people to release personal information on Credit Report Web sites that look legitimate, but are in fact fake. The F-T-C says do not reply to these e-mail credit report offers. For more information about this scam go to FTC
Secunia
Secunia Highlights:
Special Update: Microsoft Internet Explorer Multiple Vulnerabilities
Microsoft has issued a cumulative patch for Internet Explorer, which fixes multiple vulnerabilities. The worst vulnerability can lead to execution of arbitrary code on the client system via HTML emails or web sites.
Microsoft Windows RPCSS Service DCOM Interface Vulnerabilities
Three vulnerabilities have been identified in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system or cause a DoS (Denial of Service).
Sun Solaris Sadmind Insecure Default Configuration
Sun has issued a security alert for Sun Solaris to raise awareness of the known insecure default configuration of sadmind (Solstice Administration Daemon) because an exploit has been discovered in the wild.
Latest 15 Secunia Security Advisories:
2003-09-30
- SGI IRIX update for sendmail
- Geeklog Cross Site Scripting Vulnerabilities
- winShadow Denial of Service Vulnerability
- A-Cart signin.asp Cross-Site Scripting Vulnerability
- Open UNIX/UnixWare Frame Padding Vulnerability
- ArGoSoft FTP Server XCWD Buffer Overflow Vulnerability
2003-09-29
- Mandrake update for Apache
- Apache 2 CGI Denial of Service Vulnerability
- Open UNIX/UnixWare update for OpenSSH
- Open UNIX/UnixWare update for Sendmail
- Mandrake update for ProFTPD
- Trustix update for ProFTPD
- Smoothwall update for OpenSSH
- Debian update for freesweep
- SGI IRIX DCE Denial of Service Vulnerability
More Advisories
Security Tracker
Freesweep Buffer Overflows Let Local Users Obtain 'games' Group Privileges
Some buffer overflow vulnerabilities were reported in the Freesweep game software. A local user may be able to obtain elevated privileges on the system.
Impact: Execution of arbitrary code via local system, User access via local system
Geeklog Input Validation Flaws Permit SQL Injection and Cross-Site Scripting Attacks
Lorenzo Hernandez Garcia-Hierro reported several vulnerabilities in Geeklog. A remote user can inject SQL commands. A remote user can also conduct cross-site scripting attacks.
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Invision Power Board Configuration File Permission Flaw Lets Local Users Inject Malicious Code
f3rm0r of Media Assasins reported a file permission vulnerability in Invision Power Board. A local user can modify a global configuration file.
Impact: Execution of arbitrary code via local system, Modification of user information, User access via local system
A-CART Input Validation Flaw in 'signin.asp' Permits Remote Cross-Site Scripting Attacks
G00db0y from Zone-h Security Team reported an input validation vulnerability in A-CART. A remote user can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
A denial of service vulnerability was reported in the Apache 2.0 web server. A user with the ability to place CGI scripts on the server can cause the web service to hang.
Impact: Denial of service via local system
SecurityFocus BugTraq
SecurityFocus Vulnerabilities
09/29/2003 Re: SMC Router Denial of Service exploit Ranjeet Shetye
09/29/2003 sendmail prescan() vulnerability on IRIX SGI Security Coordinator
09/29/2003 Re: cfengine2-2.0.3 remote exploit for redhat Keith Matthews
09/29/2003 Re: SMC Router Denial of Service exploit Claus A
09/29/2003 [ANNOUNCE] kses 0.2.1 Härnhammar, Ulf
09/29/2003 Re: cfengine2-2.0.3 remote exploit for redhat Stephen Smoogen
09/29/2003 [CLA-2003:750] Conectiva Security Announcement - proftpd Conectiva Updates
09/29/2003 Re: Geeklog Multiple Versions Vulnerabilities Chris Kulish us ing com
09/29/2003 [SECURITY] [DSA-392-1] New webfs packages fix buffer overflows, file and directory exposure Matt Zimmerman
09/29/2003 GLSA: net-ftp/proftpd (200309-16) aliz gentoo org (Daniel Ahlberg)
09/29/2003 GLSA: media-video/mplayer (200309-15) aliz gentoo org (Daniel Ahlberg)
09/29/2003 Shattering SEH III Brett Moore
09/29/2003 ECHU.ORG Alert #4: GuppY makes XSS attacks easy David Suzanne
09/29/2003 [RELEASE] GenXE - Generate Xss Exploit Liu Die Yu
09/29/2003 TSLSA-2003-0037 - proftpd Trustix Secure Linux Advisor
2003-09-26: Multiple Vendor OSF Distributed Computing Environment Denial Of Service Vulnerability
2003-09-26: Sun One Application Server LDAP Incorrect Authentication Vulnerability
2003-09-26: Savant Web Server Page Redirect Denial Of Service Vulnerability
2003-09-26: Sendmail Ruleset Parsing Buffer Overflow Vulnerability
Symantec SSR
W32.HLLW.Gaobot.AN
W32.HLLW.Gaobot.AF September 29, 2003 September 30, 2003
Trojan.PWS.QQPass.E September 28, 2003 September 29, 2003
Trojan.Vardo September 28, 2003 September 29, 2003
W32.Galil.C@mm September 28, 2003 September 29, 2003
W32.HLLW.Donk.B
W32/Sdbot.worm [McAfee], Backdoor.SdBot.gen [KAV] September 27, 2003 September 29, 2003
XM.VNN
XF/Sic.gen [McAfee], X97M_WISAB.A [Trend] September 27, 2003 September 29, 2003
W32.HLLP.Spreda.B
W32.HLLP.Savno, W32/HLLP.Savno!p2p [McAfee], Win32.HLLP.Savno [KAV] September 26, 2003 September 29, 2003
|
|
|
 |
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 0
Votes: 0
|
|
|
