-
March 29, 2005
Securiteam has reported that the Nortel VPN Client stores user and group passwords unencrypted in local memory, making it easy to retrieve them by dumping the memory of the client.
The VPN client uses the unencrypted password in the memory of the process "Extranet.exe" for accessing the VPN. Therefore, it is possible to retrieve the password by dumping the process memory to a file, which can be done using a PMDump type utility or by causing the system to crash to obtain a physical memory dump.
This allows both the user password and group password, if group authentication is used, to be recovered. In the memory dump, passwords appear near the associated user name or group name in plain-text, which makes it easy to locate them.
More information at
http://www.securiteam.com/windowsntf...RP0O15F5M.html
-
Security updates for Cisco products
Security updates for Cisco products
March 31, 2005- Cisco has published two security bulletins informing of security problems that could allow a remote user to launch denial of service attacks.
The first problem lies in Cisco Catalyst 6500 Series Switch devices and Cisco 7600 Series Internet Router devices. These products could be affected by a denial of service attack on receiving a malformed IKE (Internet Key Exchange) packet. It is important to point out that this problem only affects Cisco devices with IOS software and Crypto support.
Cisco VPN 3000 series concentrators are affected by a denial of service problem on receiving a malicious SSL packet, which could cause the device to reload or drop user connections.
Cisco has released fixes for both of these problems. The bulletins published by Cisco are available at:
http://www.cisco.com/warp/public/707...30-vpn3k.shtml
and http://www.cisco.com/warp/public/707...08-vpnsm.shtml
-
April 21st, 2005
PandaLabs has detected the mass mailing of spam that contains the new and dangerous CG variant of the Mitglieder Trojan (also known as Bagle.bn by other security companies). Data collected by the international PandaLabs network shows that this new malicious code is starting to spread rapidly across several countries.
The email messages in which this new Trojan has been detected have a blank subject and message body and include an attached file called work.zip. However, users should be careful, as this Trojan is being spammed out manually or through zombi computers and therefore, the characteristics of the email message carrying Mitglieder.CG could be totally different.
If the user runs the file containing Mitglieder.CG, the Notepad application will be opened, displaying the word 'Sorry'. At the same time, a file called winshost.exe is created in the Windows system directory on the affected computer. When the computer restarts, this file will be run and create another file called wiwhost.exe. This file will modify the host file so that the user will not be able to access certain websites; mainly websites related to antivirus programs and IT security.
In addition, the Trojan deletes files and Registry entries and stops processes related to security applications that could be installed on the computer.
According to Luis Corrons: "the aim of Mitglieder.CG is to download malware to the computer. It does this by connecting to a large number of Internet addresses and trying to download files, which could predictably contain other malware, such as backdoors, spyware, adware, bots, etc. This allows the authors of these malicious code to create networks of infected computers in order to launch attacks on other computers or collect hundreds of thousands of email address to send spam to."
-
In This Week's SecurityTracker Vulnerability Summary
=====================================
1. Php
Vendor: PHP Group
iDEFENSE reported a vulnerability in PHP in getimagesize(). A
user can cause denial of service conditions.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2005/Mar/1013619.html
2. Microsoft Jet
Vendor: Microsoft
A vulnerability was reported in the Microsoft Jet database. A
remote user can cause arbitrary code to be executed.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013618.html
3. MaxWebPortal
Vendor: Yuan, Max
Zinho of Hackers Center Security Group reported some input
validation vulnerabilities in MaxWebPortal. A remote user can
inject SQL commands and conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013617.html
4. Linux Kernel
Vendor: kernel.org
A vulnerability was reported in the LInux kernel futex
functions. A local user can cause the kernel to crash.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2005/Mar/1013616.html
5. Samsung ADSL Router
Vendor: Samsung
A vulnerability was reported in a Samsung ADSL Router. A
remote user can view arbitrary files on the device. The device
also uses common default accounts and passwords.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Mar/1013615.html
6. ASP-DEV Discussion Forum
Vendor: asp-dev.com
Zinho from Hackers Center Security Group reported a
vulnerability in ASP-DEv XM Forum. A remote user can conduct
cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013614.html
7. TCP/IP Stack Implementation
Vendor: OpenBSD
A vulnerability was reported in OpenBSD in the TCP stack
implementation. A remote user can cause the system to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013611.html
8. Mailreader.com
Vendor: Mailreader.com
An input validation vulnerability was reported in Mailreader.
A remote user can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013610.html
9. Cisco VPN 3000 Concentrator
Vendor: Cisco
A vulnerability was reported in the Cisco VPN 3000 in the
processing of SSL connections. A remote user can cause denial of
service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013609.html
10. Kerio Personal Firewall
Vendor: Kerio Technologies
A vulnerability was reported in Kerio Personal Firewall. A
local user can bypass network access rules.
Impact: Host/resource access via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013607.html
11. mtftpd
Vendor: mtftpd.sourceforge.net
darkeagle from uKt Research reported a format string
vulnerability in mtftpd. A remote authenticated user can execute
arbitrary code on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013606.html
12. Invision Power Board
Vendor: Invision Power Services
An input validation vulnerability was reported in Invision
Power Board in the user signatures. A remote user can conduct
cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013605.html
13. Chatness
Vendor: chatness.us
A vulnerability was reported in Chatness. A remote user can
conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013604.html
14. Ublog Reload
Vendor: Uapplication
A vulnerability was reported in Ublog Reload. A remote user
can access the underlying database. A remote user can also conduct
cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013603.html
15. Linux Kernel
Vendor: kernel.org
A vulnerability was reported in the Linux kernel ELF loader. A
local user can cause denial of service conditions.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2005/Mar/1013602.html
16. cdrtools
Vendor: Schilling, J.
A temporary file vulnerability was reported in cdrtools. A
local user may be able to obtain elevated privileges.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2005/Mar/1013600.html
17. WackoWiki
Vendor: wackowiki.com
Some input validation vulnerabilities were reported in
WackoWiki. A remote user can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013599.html
18. WebAPP
Vendor: web-app.org
A vulnerability was reported in WebAPP. A remote user can
access 'dat' files.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Mar/1013598.html
19. Squirrelcart
Vendor: Lighthouse Development
Diabolic Crab reported an input validation vulnerability in
Squirrelcart. A remote user can inject SQL commands.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Mar/1013597.html
20. FastStone 4in1 Browser
Vendor: FastStone Soft
Donato Ferrante reported a directory traversal vulnerability in
the FastStone 4in1 Browser. A remote user can view files on the
target system.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Mar/1013596.html
21. Horde Application Framework
Vendor: Horde Project
A vulnerability was reported in the Horde Application
Framework. A remote user can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013594.html
22. Toshiba BIOS
Vendor: Toshiba
Paul Docherty of Portcullis Security reported a vulnerability
in the ACPI BIOS as implemented on the Toshiba Satellite Pro A60
workstation. A local user can modify the BIOS configuration to
cause denial of service conditions.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2005/Mar/1013593.html
23. phpCOIN
Vendor: phpcoin.com
Some vulnerabilities were reported in phpCOIN. A remote user
can execute arbitrary files located on the target system. A remote
user can also inject SQL commands.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Mar/1013592.html
24. PortalApp
Vendor: Iatek
Diabolic Crab reported an input validation vulnerability in
PortalApp. A remote user can inject SQL commands and conduct
cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013591.html
25. E-Data
Vendor: Adventia
An input validation vulnerability was reported in E-Data. A
remote user can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013589.html
26. Adventia Chat Server
Vendor: Adventia
A vulnerability was reported in Adventia Chat. A remote user
can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013588.html
27. Norton Anti-Virus
Vendor: Symantec
Two vulnerabilities were reported in Symantec's Norton
AntiVirus in the AutoProtect feature. A user can create a file or
modify a filename to cause the target system to crash.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2005/Mar/1013587.html
28. Norton Internet Security
Vendor: Symantec
Two vulnerabilities were reported in Symantec's Norton Internet
Security in the AutoProtect feature. A user can create a file or
modify a filename to cause the target system to crash.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2005/Mar/1013586.html
29. Norton System Works
Vendor: Symantec
Two vulnerabilities were reported in Symantec's Norton System
Works in the AutoProtect feature. A user can create a file or
modify a filename to cause the target system to crash.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2005/Mar/1013585.html
30. ACS Blog
Vendor: ASPPress.com
An input validation vulnerability was reported in ACS Blog. A
remote user can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013584.html
31. Microsoft Office
Vendor: Microsoft
Juha-Matti Laurio reported a vulnerability in the Microsoft
Outlook Connector for IBM Lotus Domino. A user can choose to store
passwords locally in violation of Group Policy.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013583.html
32. TKai's Shoutbox
Vendor: Teekai
A vulnerability was reported in TKai's Shoutbox. A remote user
can cause arbitrary HTML to be displayed in the context of the
target web site.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013582.html
33. PhotoPost PHP Pro
Vendor: All Enthusiast, Inc.
Diabolic Crab reported some input validation vulnerabilities in
PhotoPost PHP Pro. A remote user can inject SQL commands and
conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013581.html
34. Telnet
Vendor: [Multiple Authors/Vendors]
iDEFENSE reported two buffer overflow vulnerabilities in
Telnet, affecting several vendor implementations. A remote server
can execute arbitrary code on a connected target user's client.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013575.html
35. TinCat
Vendor: Instance Four
Luigi Auriemma reported a vulnerability in TinCat. A remote
user can execute arbitrary code on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013574.html
36. CPG Dragonfly
Vendor: CPG-Nuke
A vulnerability was reported in CPG Dragonfly. A remote user
can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013573.html
37. Nuke Bookmarks
Vendor: nukebookmarks.sourceforge.net
Gerardo 'Astharot' Di Giacomo of Zone-h reported several
vulnerabilities in Nuke Bookmarks. A remote user can inject SQL
commands, conduct cross-site scripting attacks, and determine the
installation path.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013572.html
38. AS/400 LDAP Server
Vendor: IBM
A vulnerability was reported in the AS/400 LDAP Server
configuration. A remote authenticated user can determine valid
user account names on the target system.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Mar/1013571.html
39. WD Guestbook
Vendor: Webmasters-Debutants
An0nym0uS from hackisknowledge.org reported a vulnerability in
WD Guestbook. A remote user can add an administrative user account
or suppress messages on the target application.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2005/Mar/1013570.html
40. EncapsBB
Vendor: PowerDev Team
Frank 'brOmstar' Reissner from [In]Security Research reported
an include file vulnerability in EncapsBB. A remote user can
execute arbitrary commands on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Mar/1013569.html
41. E-Store Kit-2
Vendor: MagicScripts
Diabolic Crab reported a vulnerability in E-Store Kit-2 PayPal
Edition. A remote user can execute HTML code on the target system.
A remote user can also conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013568.html
42. Linux Kernel
Vendor: kernel.org
A vulnerability was reported in the Linux kernel in the
Bluetooth socket code. A local user can gain root privileges.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2005/Mar/1013567.html
43. exoops
Vendor: exoops.info
Diabolic Crab reported some input validation vulnerabilities in
exoops. A remote user can inject SQL commands. A remote user can
also conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013566.html
44. Valdersoft Shopping Cart
Vendor: Valdersoft
Diabolic Crab reported some vulnerabilities in the Valdersoft
Shopping Cart software. A remote user can inject SQL commands. A
remote user can also conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Mar/1013565.html
45. Smail
Vendor: Woods, Greg A.
A heap overflow vulnerability was reported in Smail. A remote
user can execute arbitrary code with root privileges.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2005/Mar/1013564.html
46. paBugs
Vendor: PHP Arena
A vulnerability was reported in paBugs. A remote authenticated
user can execute arbitrary commands on the target system.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Apr/1013624.html
47. BlueSoleil
Vendor: IVT Corporation
A vulnerability was reported in BlueSoleil. A remote user can
traverse the directory when sending files to the target device.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2005/Apr/1013623.html
48. IRC Services
Vendor: Church, Andrew
A vulnerability was reported in IRC Services. A remote user
can view a list of links for a target user's nickname.
Impact: Disclosure of user information
Alert: http://securitytracker.com/alerts/2005/Apr/1013622.html
49. MX Kart
Vendor: InterAKT
Diabolic Crab reported some input validation vulnerabilities in
MX Kart. A remote user can inject SQL commands.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Apr/1013621.html
50. MX Shop
Vendor: InterAKT
Diabolic Crab reported an input validation vulnerability in MX
Shop. A remote user can inject SQL commands.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Apr/1013620.html
-
- Update for Realplayer Enterprise -
- Update for Realplayer Enterprise -
April 22, 2005 - RealNetworks has announced, at http://www.service.real.com/help/faq...ity041905.html, the availability of a security update for its multimedia player Realplayer Enterprise. This update corrects a critical vulnerability that could compromise affected computers.
This security flaw is a buffer overflow vulnerability in the handling of specially crafted RAM files (Real Audio files). An attacker could exploit this vulnerability to run remote arbitrary code if the victim opens a malicious RAM file with a vulnerable version of Realplayer.
The affected versions of Realplayer Enterprise are 1.1, 1.2, 1.5, 1.6 and 1.7. As well as the automatic update option, RealNetworks has also provided an address from which the new DLL that fixes the problem can be downloaded. This address is http://docs.real.com/docs/pnen3260.dll
-
April 24, 2005
This week's report on viruses and intruders includes several new threats that have emerged this week; two variants of the Mytob worm, a variant of the Mitglieder Trojan and a new version of the Bancos Trojan.
The new variants of Mytob -Mytob.BC and Mytob.BD- open backdoors in affected computers. This action allows the BC variant to connect to a web server and the BD variant to connect to an IRC server, where they wait for commands from a malicious user. What's more, they modify the system HOSTS file so that the user cannot access the websites of certain antivirus companies. These worms spread via email, across networks protected with weak passwords and by exploiting the LSASS vulnerability. They also download other malware, such as the Faribot.A worm.
The Bancos.FC Trojan has also appeared this week. This malicious code goes memory resident and has keylogger functions. Bancos.FC waits for a dialup modem connection to be established (it only affects this type of connection). When this happens, it checks if the websites visited coincide with the address of any of the banking entities included in its code. If it finds any matches, it collects the information entered through the keyboard and sends it to an Internet server. Bancos.FC cannot spread alone, it needs external intervention to do so.
Finally, Mitglieder.CG is a Trojan that aims to disable certain security tools (antivirus and firewalls), which could be installed on the computers it affects. To do this, it can delete files and Registry entries or end the processes running in memory. What's more, it modifies the system HOSTS file so that the user cannot access the websites of certain antivirus companies.
Mitglieder.CG seems to have been mass-mailed, either manually or through zombi computers, and tries to download other malware from different websites.
-
SecurityTracker Monday Morning Vulnerability Summary - Apr 25 2005
============================================
1. ASP Nuke
Vendor: aspnuke.com
Diabolic Crab reported several vulnerabilities in ASP Nuke. A
remote user can inject SQL commands. A remote user can also
conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Apr/1013788.html
2. MailEnable
Vendor: MailEnable Pty. Ltd.
A vulnerability was reported in MailEnable in the HTTPMail
Connector. The impact was not specified.
Impact: Not specified
Alert: http://securitytracker.com/alerts/2005/Apr/1013786.html
3. KDE
Vendor: KDE.org
A vulnerability was reported in KDE kimgio. A remote user can
cause arbitrary code to be executed.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Apr/1013785.html
4. KDE
Vendor: KDE.org
A vulnerability was reported in KDE Kommander. A user may be
able to cause arbitrary code to be executed.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2005/Apr/1013784.html
5. xine
Vendor: xinehq.de
Two vulnerabilities were reported in Xine in the processing of
MMST streams and RealMedia RTSP streams. A remote user can execute
arbitrary code on a connected player.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Apr/1013783.html
6. OneWorldStore
Vendor: OneWorldNet.com
Lostmon reported a vulnerability in OneWorldStore. A remote
user can cause denial of service condition.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Apr/1013782.html
7. Yawcam
Vendor: Yawcam.com
Donato Ferrante reported a vulnerability in Yawcam. A remote
user can obtain files on the target system that are located outside
of the web document directory.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Apr/1013781.html
8. E-Cart Mod
Vendor: Pixy Softwares
Inaki Cormenzana of SoulBlack Security Research reported a
vulnerability in E-Cart Mod. A remote user can execute arbitrary
commands on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Apr/1013780.html
9. phpBB Auction Mod
Vendor: phpbb-auction.com
sNKenjoi reported a vulnerability in phpBB Auction Mod. A
remote user can inject SQL commands. A remote user can also
determine the installation path.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Apr/1013779.html
10. LG Electronics Phone
Vendor: LG Electronics
A vulnerability was reported in LG Electronics LG U8120 phone.
A remote user can cause denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Apr/1013777.html
11. Adobe Acrobat
Vendor: Adobe Systems Incorporated
White-Knight of the Alpha Hackers Digital Security Team
reported a vulnerability in Adobe Acrobat Reader. A remote user
may be able to cause arbitrary code to be executed.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Apr/1013774.html
12. MPlayer
Vendor: mplayerhq.hu
Two vulnerabilities were reported in MPlayer in the processing
of MMST streams and RealMedia RTSP streams. A remote user can
execute arbitrary code on a connected player.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Apr/1013771.html
13. RealPlayer Enterprise
Vendor: RealNetworks
A vulnerability was reported in RealPlayer Enterprise. A
remote user can cause arbitrary code to be executed on a target
user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Apr/1013768.html
14. LogWatch
Vendor: Bauer, Kirk
A vulnerability was reported in LogWatch. A user may be able
to prevent LogWatch from detecting malicious activity.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2005/Apr/1013763.html
15. Ocean12 Calendar Manager
Vendor: Ocean12 Technologies
Zinho from Hackers Center reported a vulnerability in Ocean12
Calendar Manager. A remote user can inject SQL commands.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Apr/1013762.html
16. Windows Explorer
Vendor: Microsoft
A vulnerability was reported in Microsoft Windows Explorer in
'webvw.dll'. A remote user can cause arbitrary scripting code to
be executed when a file is selected in Windows Explorer.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Apr/1013761.html
17. Solaris
Vendor: Sun
A vulnerability was reported in Sun Solaris. A local user may
be able to hijack certain non-privileged network ports.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Apr/1013760.html
18. CVS
Vendor: GNU [multiple authors]
Several vulnerabilities were reported in Concurrent Versions
System (CVS). A remote user may be able to execute arbitrary code
or cause denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Apr/1013759.html
19. WheresJames Webcam Publisher
Vendor: WheresJames Software
Miguel Tarasco Acuna from Haxorcitos.com reported a
vulnerability in WheresJames Webcam Publisher. A remote user can
execute arbitrary code.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Apr/1013757.html
20. proFile
Vendor: PHP Labs
sNKenjoi reported some input validation vulnerabilities in
proFile. A remote user can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Apr/1013756.html
21. PortalApp
Vendor: Iatek
sNKenjoi reported input validation vulnerabilities in
PortalApp. A remote user can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Apr/1013755.html
22. OneWorldStore
Vendor: OneWorldNet.com
Lostmon reported some input validation vulnerabilities in
OneWorldStore. A remote usre can conduct cross-site scripting
attacks. A remote user can also inject SQL commands.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Apr/1013754.html
23. webcamXP
Vendor: Darkwet Network
Some vulnerabilities were reported in WebcamXP. A remote user
can redirect chat users to arbitrary locations. A remote user can
also deny service to the chat feature.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Apr/1013753.html
24. PHP LNKX
Vendor: CityPost
sNKenjoi reported an input validation vulnerability in
CityPost's PHP LNKX. A remote user can conduct cross-site
scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Apr/1013752.html
25. Image Cropper/Resizer
Vendor: CityPost
sNKenjoi reported an input validation vulnerability in
CityPost's Image Cropper/Resizer. A remote user can conduct
cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Apr/1013751.html
26. McAfee Internet Security Suite
Vendor: McAfee
iDEFENSE reported a file permission vulnerability in McAfee
Internet Security Suite. A local user can gain elevated privileges
or disable the security functions.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2005/Apr/1013750.html
27. Simple PHP Upload
Vendor: CityPost
sNKenjoi reported an input validation vulnerability in
CityPost's Simple PHP Upload. A remote user can conduct cross-site
scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Apr/1013749.html
28. Simple Web Server (PMSoftware)
Vendor: PMSoftware
A vulnerability was reported in PMSoftware's Simple Web Server.
A remote user can execute arbitrary code on the target system.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Apr/1013748.html
29. Comersus
Vendor: Comersus Open Technologies
Lostmon reported an input validation vulnerability in Comersus
in the 'curPage' parameter. A remote user can conduct cross-site
scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Apr/1013747.html
-
Net-Worm.Win32.Mytob, critical Windows vulnerabilities
Net-Worm.Win32.Mytob, critical Windows vulnerabilities
www.shakhe.tk
Kaspersky Lab has raised its threat level to yellow, indicating a medium threat. This is for two reasons.
The first reason is the continuing outbreak caused by the network worm Mytob. The first version of this worm was detected on 26th February 2005. The Mytob family is growing fast - according to our detections, there are now 25 versions of the worm, with 6 new versions being detected between the 9th and 11th April.
Net-Worm.Win32.Mytob.c, which was detected on 1st March, represents a particular threat. Over the past three weeks this worm has headed our virus statistics, making up approximately 30% of all mail traffic. Additionally, six or seven other variants from the Mytob family are present in our Virus Top Twenty, showing that these worms have propagating steadily, intensifying the outbreak.
Mytob is a modification of the Mydoom source code, but the author has added network worm funtionality. This means that the worm can propagate via the LSASS vulnerability. Mytob also has a bot function; this enables a remote malicious user to control infected computers via IRC channels, and to freely access files on the victim machines.
The second reason for the yellow alert is that Microsoft has released details of the latest patches for Windows vulnerabilities. Five of the latest vulnerabilities are rated critical, the highest security rating. If exploits for these vulnerabilities are published, this could lead to a global epidemic. It's extremely likely that virus writers are already researching these vulnerabilities with the aim of producing such malicious code.
All Windows users are strongly recommended to install the latest patches from Microsoft now. The patches can be downloaded from the Microsoft site, which also contains further information. :arrow:
http://www.microsoft.com/technet/sec.../ms05-apr.mspx
-
A vulnerability has been reported within the Adobe Reader an
April 27 2005 - A vulnerability has been reported within the Adobe Reader and Acrobat web control. This vulnerability means that, under certain circumstances, the Internet Explorer ActiveX control can make it possible to discover the existence of local files by monitoring the behavior of certain methods.
Adobe Reader contains a Safe for Scripting method with the definition of "VARIANT_BOOL LoadFile([in] BSTR FileName)". A malicious user could take advantage of this if they get their victim to access the website controlled by the attacker. On the website, the attacker can call the LoadFile method, passing in a local file name on their victim's computer. In this way the attacker would be able to determine whether a certain file was present on the victim's system.
Although it is not possible to get the contents of the file, this method can be useful to attackers to know the path or presence of certain files. Although this does not allow attackers to take complete control of the system, it can be used as part of more complex attacks.
Adobe has reported this situation at http://www.adobe.com/support/techdocs/331465.html and recommended updating to version 7.0.1 of the product.
www.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tk
-
A Trojan threatens the confidential data of the clients
April 28, 2005 - PandaLabs reports the appearance of the NL variant of the Bancos Trojan, programmed to intercept the confidential data of the clients of over 2,500 banking portals. Panda Software has already informed law enforcement authorities of the appearance of this malicious code.
This Trojan cannot spread by itself, but needs to be distributed manually by third-parties. Bancos.NL can therefore be distributed through traditional channels (floppy disks, CD-ROM), or email messages, Internet downloads, FTP transfers, P2P networks, etc.
In the event that a user executes the file containing Bancos.NL, the Trojan will be installed on the system under the name MSCVC.EXE. It then starts monitoring the user's Internet activity, waiting for a connection to be established with one of the 2,500 Internet addresses listed in its code. When this happens, it registers all the information about bank account numbers, credit cards, passwords or any other information entered by the user. This information is sent to an Internet server where it can be collected by cyber criminals.
"Although this malicious code does not have any technical characteristics that make it stand out from other Trojans programmed to steal banking details, its danger lies in the large number of users that could be affected by Bancos.NL. In fact, the addresses of the banking portals listed in the Trojan's code belong to financial entities in 120 countries worldwide. These countries include Germany and Switzerland with over 200 addresses each," explains Luis Corrons, director of PandaLabs.
To prevent Bancos.NL or any other malicious code entering computers, Panda Software advises users to take precautions and to update their antivirus software. Panda Software has made the corresponding updates available to its clients to detect and disinfect this new malicious code.
Panda Software's clients can already access the updates for installing the new TruPrevent(tm) Technologies along with their antivirus protection, providing a preventive layer of protection against new malware. For users with a different antivirus program installed, Panda TruPrevent(tm) Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the new virus is still being studied and the corresponding update is incorporated into traditional antivirus programs, decreasing the risk of infection.
www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Bookmarks