Last Security News

[shakhe.bizhat.com]

March 29, 2005
Securiteam has reported that the Nortel VPN Client stores user and group passwords unencrypted in local memory, making it easy to retrieve them by dumping the memory of the client.

The VPN client uses the unencrypted password in the memory of the process "Extranet.exe" for accessing the VPN. Therefore, it is possible to retrieve the password by dumping the process memory to a file, which can be done using a PMDump type utility or by causing the system to crash to obtain a physical memory dump.

This allows both the user password and group password, if group authentication is used, to be recovered. In the memory dump, passwords appear near the associated user name or group name in plain-text, which makes it easy to locate them.

More information at
http://www.securiteam.com/windowsntf...RP0O15F5M.html

[shakhe.bizhat.com]

Security updates for Cisco products
March 31, 2005- Cisco has published two security bulletins informing of security problems that could allow a remote user to launch denial of service attacks.
The first problem lies in Cisco Catalyst 6500 Series Switch devices and Cisco 7600 Series Internet Router devices. These products could be affected by a denial of service attack on receiving a malformed IKE (Internet Key Exchange) packet. It is important to point out that this problem only affects Cisco devices with IOS software and Crypto support.

Cisco VPN 3000 series concentrators are affected by a denial of service problem on receiving a malicious SSL packet, which could cause the device to reload or drop user connections.

Cisco has released fixes for both of these problems. The bulletins published by Cisco are available at:
http://www.cisco.com/warp/public/707...30-vpn3k.shtml
and http://www.cisco.com/warp/public/707...08-vpnsm.shtml

[shakhe.bizhat.com]

April 21st, 2005
PandaLabs has detected the mass mailing of spam that contains the new and dangerous CG variant of the Mitglieder Trojan (also known as Bagle.bn by other security companies). Data collected by the international PandaLabs network shows that this new malicious code is starting to spread rapidly across several countries.

The email messages in which this new Trojan has been detected have a blank subject and message body and include an attached file called work.zip. However, users should be careful, as this Trojan is being spammed out manually or through zombi computers and therefore, the characteristics of the email message carrying Mitglieder.CG could be totally different.

If the user runs the file containing Mitglieder.CG, the Notepad application will be opened, displaying the word 'Sorry'. At the same time, a file called winshost.exe is created in the Windows system directory on the affected computer. When the computer restarts, this file will be run and create another file called wiwhost.exe. This file will modify the host file so that the user will not be able to access certain websites; mainly websites related to antivirus programs and IT security.

In addition, the Trojan deletes files and Registry entries and stops processes related to security applications that could be installed on the computer.

According to Luis Corrons: "the aim of Mitglieder.CG is to download malware to the computer. It does this by connecting to a large number of Internet addresses and trying to download files, which could predictably contain other malware, such as backdoors, spyware, adware, bots, etc. This allows the authors of these malicious code to create networks of infected computers in order to launch attacks on other computers or collect hundreds of thousands of email address to send spam to."

[shakhe.bizhat.com]

In This Week's SecurityTracker Vulnerability Summary
=====================================
1. Php

Vendor: PHP Group

iDEFENSE reported a vulnerability in PHP in getimagesize(). A
user can cause denial of service conditions.

Impact: Denial of service via local system

Alert: http://securitytracker.com/alerts/2005/Mar/1013619.html


2. Microsoft Jet

Vendor: Microsoft

A vulnerability was reported in the Microsoft Jet database. A
remote user can cause arbitrary code to be executed.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013618.html


3. MaxWebPortal

Vendor: Yuan, Max

Zinho of Hackers Center Security Group reported some input
validation vulnerabilities in MaxWebPortal. A remote user can
inject SQL commands and conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013617.html


4. Linux Kernel

Vendor: kernel.org

A vulnerability was reported in the LInux kernel futex
functions. A local user can cause the kernel to crash.

Impact: Denial of service via local system

Alert: http://securitytracker.com/alerts/2005/Mar/1013616.html


5. Samsung ADSL Router

Vendor: Samsung

A vulnerability was reported in a Samsung ADSL Router. A
remote user can view arbitrary files on the device. The device
also uses common default accounts and passwords.

Impact: Disclosure of system information

Alert: http://securitytracker.com/alerts/2005/Mar/1013615.html


6. ASP-DEV Discussion Forum

Vendor: asp-dev.com

Zinho from Hackers Center Security Group reported a
vulnerability in ASP-DEv XM Forum. A remote user can conduct
cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013614.html


7. TCP/IP Stack Implementation

Vendor: OpenBSD

A vulnerability was reported in OpenBSD in the TCP stack
implementation. A remote user can cause the system to crash.

Impact: Denial of service via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013611.html


8. Mailreader.com

Vendor: Mailreader.com

An input validation vulnerability was reported in Mailreader.
A remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013610.html


9. Cisco VPN 3000 Concentrator

Vendor: Cisco

A vulnerability was reported in the Cisco VPN 3000 in the
processing of SSL connections. A remote user can cause denial of
service conditions.

Impact: Denial of service via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013609.html


10. Kerio Personal Firewall

Vendor: Kerio Technologies

A vulnerability was reported in Kerio Personal Firewall. A
local user can bypass network access rules.

Impact: Host/resource access via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013607.html


11. mtftpd

Vendor: mtftpd.sourceforge.net

darkeagle from uKt Research reported a format string
vulnerability in mtftpd. A remote authenticated user can execute
arbitrary code on the target system.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013606.html


12. Invision Power Board

Vendor: Invision Power Services

An input validation vulnerability was reported in Invision
Power Board in the user signatures. A remote user can conduct
cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013605.html


13. Chatness

Vendor: chatness.us

A vulnerability was reported in Chatness. A remote user can
conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013604.html


14. Ublog Reload

Vendor: Uapplication

A vulnerability was reported in Ublog Reload. A remote user
can access the underlying database. A remote user can also conduct
cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013603.html


15. Linux Kernel

Vendor: kernel.org

A vulnerability was reported in the Linux kernel ELF loader. A
local user can cause denial of service conditions.

Impact: Denial of service via local system

Alert: http://securitytracker.com/alerts/2005/Mar/1013602.html


16. cdrtools

Vendor: Schilling, J.

A temporary file vulnerability was reported in cdrtools. A
local user may be able to obtain elevated privileges.

Impact: Modification of system information

Alert: http://securitytracker.com/alerts/2005/Mar/1013600.html


17. WackoWiki

Vendor: wackowiki.com

Some input validation vulnerabilities were reported in
WackoWiki. A remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013599.html


18. WebAPP

Vendor: web-app.org

A vulnerability was reported in WebAPP. A remote user can
access 'dat' files.

Impact: Disclosure of system information

Alert: http://securitytracker.com/alerts/2005/Mar/1013598.html


19. Squirrelcart

Vendor: Lighthouse Development

Diabolic Crab reported an input validation vulnerability in
Squirrelcart. A remote user can inject SQL commands.

Impact: Disclosure of system information

Alert: http://securitytracker.com/alerts/2005/Mar/1013597.html


20. FastStone 4in1 Browser

Vendor: FastStone Soft

Donato Ferrante reported a directory traversal vulnerability in
the FastStone 4in1 Browser. A remote user can view files on the
target system.

Impact: Disclosure of system information

Alert: http://securitytracker.com/alerts/2005/Mar/1013596.html


21. Horde Application Framework

Vendor: Horde Project

A vulnerability was reported in the Horde Application
Framework. A remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013594.html


22. Toshiba BIOS

Vendor: Toshiba

Paul Docherty of Portcullis Security reported a vulnerability
in the ACPI BIOS as implemented on the Toshiba Satellite Pro A60
workstation. A local user can modify the BIOS configuration to
cause denial of service conditions.

Impact: Denial of service via local system

Alert: http://securitytracker.com/alerts/2005/Mar/1013593.html


23. phpCOIN

Vendor: phpcoin.com

Some vulnerabilities were reported in phpCOIN. A remote user
can execute arbitrary files located on the target system. A remote
user can also inject SQL commands.

Impact: Disclosure of system information

Alert: http://securitytracker.com/alerts/2005/Mar/1013592.html


24. PortalApp

Vendor: Iatek

Diabolic Crab reported an input validation vulnerability in
PortalApp. A remote user can inject SQL commands and conduct
cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013591.html


25. E-Data

Vendor: Adventia

An input validation vulnerability was reported in E-Data. A
remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013589.html


26. Adventia Chat Server

Vendor: Adventia

A vulnerability was reported in Adventia Chat. A remote user
can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013588.html


27. Norton Anti-Virus

Vendor: Symantec

Two vulnerabilities were reported in Symantec's Norton
AntiVirus in the AutoProtect feature. A user can create a file or
modify a filename to cause the target system to crash.

Impact: Denial of service via local system

Alert: http://securitytracker.com/alerts/2005/Mar/1013587.html


28. Norton Internet Security

Vendor: Symantec

Two vulnerabilities were reported in Symantec's Norton Internet
Security in the AutoProtect feature. A user can create a file or
modify a filename to cause the target system to crash.

Impact: Denial of service via local system

Alert: http://securitytracker.com/alerts/2005/Mar/1013586.html


29. Norton System Works

Vendor: Symantec

Two vulnerabilities were reported in Symantec's Norton System
Works in the AutoProtect feature. A user can create a file or
modify a filename to cause the target system to crash.

Impact: Denial of service via local system

Alert: http://securitytracker.com/alerts/2005/Mar/1013585.html


30. ACS Blog

Vendor: ASPPress.com

An input validation vulnerability was reported in ACS Blog. A
remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013584.html


31. Microsoft Office

Vendor: Microsoft

Juha-Matti Laurio reported a vulnerability in the Microsoft
Outlook Connector for IBM Lotus Domino. A user can choose to store
passwords locally in violation of Group Policy.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013583.html


32. TKai's Shoutbox

Vendor: Teekai

A vulnerability was reported in TKai's Shoutbox. A remote user
can cause arbitrary HTML to be displayed in the context of the
target web site.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013582.html


33. PhotoPost PHP Pro

Vendor: All Enthusiast, Inc.

Diabolic Crab reported some input validation vulnerabilities in
PhotoPost PHP Pro. A remote user can inject SQL commands and
conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013581.html


34. Telnet

Vendor: [Multiple Authors/Vendors]

iDEFENSE reported two buffer overflow vulnerabilities in
Telnet, affecting several vendor implementations. A remote server
can execute arbitrary code on a connected target user's client.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013575.html


35. TinCat

Vendor: Instance Four

Luigi Auriemma reported a vulnerability in TinCat. A remote
user can execute arbitrary code on the target system.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013574.html


36. CPG Dragonfly

Vendor: CPG-Nuke

A vulnerability was reported in CPG Dragonfly. A remote user
can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013573.html


37. Nuke Bookmarks

Vendor: nukebookmarks.sourceforge.net

Gerardo 'Astharot' Di Giacomo of Zone-h reported several
vulnerabilities in Nuke Bookmarks. A remote user can inject SQL
commands, conduct cross-site scripting attacks, and determine the
installation path.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013572.html


38. AS/400 LDAP Server

Vendor: IBM

A vulnerability was reported in the AS/400 LDAP Server
configuration. A remote authenticated user can determine valid
user account names on the target system.

Impact: Disclosure of system information

Alert: http://securitytracker.com/alerts/2005/Mar/1013571.html


39. WD Guestbook

Vendor: Webmasters-Debutants

An0nym0uS from hackisknowledge.org reported a vulnerability in
WD Guestbook. A remote user can add an administrative user account
or suppress messages on the target application.

Impact: Modification of system information

Alert: http://securitytracker.com/alerts/2005/Mar/1013570.html


40. EncapsBB

Vendor: PowerDev Team

Frank 'brOmstar' Reissner from [In]Security Research reported
an include file vulnerability in EncapsBB. A remote user can
execute arbitrary commands on the target system.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Mar/1013569.html


41. E-Store Kit-2

Vendor: MagicScripts

Diabolic Crab reported a vulnerability in E-Store Kit-2 PayPal
Edition. A remote user can execute HTML code on the target system.
A remote user can also conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013568.html


42. Linux Kernel

Vendor: kernel.org

A vulnerability was reported in the Linux kernel in the
Bluetooth socket code. A local user can gain root privileges.

Impact: Execution of arbitrary code via local system

Alert: http://securitytracker.com/alerts/2005/Mar/1013567.html


43. exoops

Vendor: exoops.info

Diabolic Crab reported some input validation vulnerabilities in
exoops. A remote user can inject SQL commands. A remote user can
also conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013566.html


44. Valdersoft Shopping Cart

Vendor: Valdersoft

Diabolic Crab reported some vulnerabilities in the Valdersoft
Shopping Cart software. A remote user can inject SQL commands. A
remote user can also conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Mar/1013565.html


45. Smail

Vendor: Woods, Greg A.

A heap overflow vulnerability was reported in Smail. A remote
user can execute arbitrary code with root privileges.

Impact: Execution of arbitrary code via local system

Alert: http://securitytracker.com/alerts/2005/Mar/1013564.html


46. paBugs

Vendor: PHP Arena

A vulnerability was reported in paBugs. A remote authenticated
user can execute arbitrary commands on the target system.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Apr/1013624.html


47. BlueSoleil

Vendor: IVT Corporation

A vulnerability was reported in BlueSoleil. A remote user can
traverse the directory when sending files to the target device.

Impact: Modification of system information

Alert: http://securitytracker.com/alerts/2005/Apr/1013623.html


48. IRC Services

Vendor: Church, Andrew

A vulnerability was reported in IRC Services. A remote user
can view a list of links for a target user's nickname.

Impact: Disclosure of user information

Alert: http://securitytracker.com/alerts/2005/Apr/1013622.html


49. MX Kart

Vendor: InterAKT

Diabolic Crab reported some input validation vulnerabilities in
MX Kart. A remote user can inject SQL commands.

Impact: Disclosure of system information

Alert: http://securitytracker.com/alerts/2005/Apr/1013621.html


50. MX Shop

Vendor: InterAKT

Diabolic Crab reported an input validation vulnerability in MX
Shop. A remote user can inject SQL commands.

Impact: Disclosure of system information

Alert: http://securitytracker.com/alerts/2005/Apr/1013620.html

[shakhe.bizhat.com]

- Update for Realplayer Enterprise -
April 22, 2005 - RealNetworks has announced, at http://www.service.real.com/help/faq...ity041905.html, the availability of a security update for its multimedia player Realplayer Enterprise. This update corrects a critical vulnerability that could compromise affected computers.

This security flaw is a buffer overflow vulnerability in the handling of specially crafted RAM files (Real Audio files). An attacker could exploit this vulnerability to run remote arbitrary code if the victim opens a malicious RAM file with a vulnerable version of Realplayer.

The affected versions of Realplayer Enterprise are 1.1, 1.2, 1.5, 1.6 and 1.7. As well as the automatic update option, RealNetworks has also provided an address from which the new DLL that fixes the problem can be downloaded. This address is http://docs.real.com/docs/pnen3260.dll

[shakhe.bizhat.com]

April 24, 2005
This week's report on viruses and intruders includes several new threats that have emerged this week; two variants of the Mytob worm, a variant of the Mitglieder Trojan and a new version of the Bancos Trojan.

The new variants of Mytob -Mytob.BC and Mytob.BD- open backdoors in affected computers. This action allows the BC variant to connect to a web server and the BD variant to connect to an IRC server, where they wait for commands from a malicious user. What's more, they modify the system HOSTS file so that the user cannot access the websites of certain antivirus companies. These worms spread via email, across networks protected with weak passwords and by exploiting the LSASS vulnerability. They also download other malware, such as the Faribot.A worm.

The Bancos.FC Trojan has also appeared this week. This malicious code goes memory resident and has keylogger functions. Bancos.FC waits for a dialup modem connection to be established (it only affects this type of connection). When this happens, it checks if the websites visited coincide with the address of any of the banking entities included in its code. If it finds any matches, it collects the information entered through the keyboard and sends it to an Internet server. Bancos.FC cannot spread alone, it needs external intervention to do so.

Finally, Mitglieder.CG is a Trojan that aims to disable certain security tools (antivirus and firewalls), which could be installed on the computers it affects. To do this, it can delete files and Registry entries or end the processes running in memory. What's more, it modifies the system HOSTS file so that the user cannot access the websites of certain antivirus companies.

Mitglieder.CG seems to have been mass-mailed, either manually or through zombi computers, and tries to download other malware from different websites.

[shakhe.bizhat.com]

SecurityTracker Monday Morning Vulnerability Summary - Apr 25 2005
============================================
1. ASP Nuke

Vendor: aspnuke.com

Diabolic Crab reported several vulnerabilities in ASP Nuke. A
remote user can inject SQL commands. A remote user can also
conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Apr/1013788.html


2. MailEnable

Vendor: MailEnable Pty. Ltd.

A vulnerability was reported in MailEnable in the HTTPMail
Connector. The impact was not specified.

Impact: Not specified

Alert: http://securitytracker.com/alerts/2005/Apr/1013786.html


3. KDE

Vendor: KDE.org

A vulnerability was reported in KDE kimgio. A remote user can
cause arbitrary code to be executed.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Apr/1013785.html


4. KDE

Vendor: KDE.org

A vulnerability was reported in KDE Kommander. A user may be
able to cause arbitrary code to be executed.

Impact: Execution of arbitrary code via local system

Alert: http://securitytracker.com/alerts/2005/Apr/1013784.html


5. xine

Vendor: xinehq.de

Two vulnerabilities were reported in Xine in the processing of
MMST streams and RealMedia RTSP streams. A remote user can execute
arbitrary code on a connected player.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Apr/1013783.html


6. OneWorldStore

Vendor: OneWorldNet.com

Lostmon reported a vulnerability in OneWorldStore. A remote
user can cause denial of service condition.

Impact: Denial of service via network

Alert: http://securitytracker.com/alerts/2005/Apr/1013782.html


7. Yawcam

Vendor: Yawcam.com

Donato Ferrante reported a vulnerability in Yawcam. A remote
user can obtain files on the target system that are located outside
of the web document directory.

Impact: Disclosure of system information

Alert: http://securitytracker.com/alerts/2005/Apr/1013781.html


8. E-Cart Mod

Vendor: Pixy Softwares

Inaki Cormenzana of SoulBlack Security Research reported a
vulnerability in E-Cart Mod. A remote user can execute arbitrary
commands on the target system.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Apr/1013780.html


9. phpBB Auction Mod

Vendor: phpbb-auction.com

sNKenjoi reported a vulnerability in phpBB Auction Mod. A
remote user can inject SQL commands. A remote user can also
determine the installation path.

Impact: Disclosure of system information

Alert: http://securitytracker.com/alerts/2005/Apr/1013779.html


10. LG Electronics Phone

Vendor: LG Electronics

A vulnerability was reported in LG Electronics LG U8120 phone.
A remote user can cause denial of service conditions.

Impact: Denial of service via network

Alert: http://securitytracker.com/alerts/2005/Apr/1013777.html


11. Adobe Acrobat

Vendor: Adobe Systems Incorporated

White-Knight of the Alpha Hackers Digital Security Team
reported a vulnerability in Adobe Acrobat Reader. A remote user
may be able to cause arbitrary code to be executed.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Apr/1013774.html


12. MPlayer

Vendor: mplayerhq.hu

Two vulnerabilities were reported in MPlayer in the processing
of MMST streams and RealMedia RTSP streams. A remote user can
execute arbitrary code on a connected player.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Apr/1013771.html


13. RealPlayer Enterprise

Vendor: RealNetworks

A vulnerability was reported in RealPlayer Enterprise. A
remote user can cause arbitrary code to be executed on a target
user's system.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Apr/1013768.html


14. LogWatch

Vendor: Bauer, Kirk

A vulnerability was reported in LogWatch. A user may be able
to prevent LogWatch from detecting malicious activity.

Impact: Denial of service via local system

Alert: http://securitytracker.com/alerts/2005/Apr/1013763.html


15. Ocean12 Calendar Manager

Vendor: Ocean12 Technologies

Zinho from Hackers Center reported a vulnerability in Ocean12
Calendar Manager. A remote user can inject SQL commands.

Impact: Disclosure of system information

Alert: http://securitytracker.com/alerts/2005/Apr/1013762.html


16. Windows Explorer

Vendor: Microsoft

A vulnerability was reported in Microsoft Windows Explorer in
'webvw.dll'. A remote user can cause arbitrary scripting code to
be executed when a file is selected in Windows Explorer.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Apr/1013761.html


17. Solaris

Vendor: Sun

A vulnerability was reported in Sun Solaris. A local user may
be able to hijack certain non-privileged network ports.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Apr/1013760.html


18. CVS

Vendor: GNU [multiple authors]

Several vulnerabilities were reported in Concurrent Versions
System (CVS). A remote user may be able to execute arbitrary code
or cause denial of service conditions.

Impact: Denial of service via network

Alert: http://securitytracker.com/alerts/2005/Apr/1013759.html


19. WheresJames Webcam Publisher

Vendor: WheresJames Software

Miguel Tarasco Acuna from Haxorcitos.com reported a
vulnerability in WheresJames Webcam Publisher. A remote user can
execute arbitrary code.

Impact: Execution of arbitrary code via network

Alert: http://securitytracker.com/alerts/2005/Apr/1013757.html


20. proFile

Vendor: PHP Labs

sNKenjoi reported some input validation vulnerabilities in
proFile. A remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Apr/1013756.html


21. PortalApp

Vendor: Iatek

sNKenjoi reported input validation vulnerabilities in
PortalApp. A remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Apr/1013755.html


22. OneWorldStore

Vendor: OneWorldNet.com

Lostmon reported some input validation vulnerabilities in
OneWorldStore. A remote usre can conduct cross-site scripting
attacks. A remote user can also inject SQL commands.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Apr/1013754.html


23. webcamXP

Vendor: Darkwet Network

Some vulnerabilities were reported in WebcamXP. A remote user
can redirect chat users to arbitrary locations. A remote user can
also deny service to the chat feature.

Impact: Denial of service via network

Alert: http://securitytracker.com/alerts/2005/Apr/1013753.html


24. PHP LNKX

Vendor: CityPost

sNKenjoi reported an input validation vulnerability in
CityPost's PHP LNKX. A remote user can conduct cross-site
scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Apr/1013752.html


25. Image Cropper/Resizer

Vendor: CityPost

sNKenjoi reported an input validation vulnerability in
CityPost's Image Cropper/Resizer. A remote user can conduct
cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Apr/1013751.html


26. McAfee Internet Security Suite

Vendor: McAfee

iDEFENSE reported a file permission vulnerability in McAfee
Internet Security Suite. A local user can gain elevated privileges
or disable the security functions.

Impact: Execution of arbitrary code via local system

Alert: http://securitytracker.com/alerts/2005/Apr/1013750.html


27. Simple PHP Upload

Vendor: CityPost

sNKenjoi reported an input validation vulnerability in
CityPost's Simple PHP Upload. A remote user can conduct cross-site
scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Apr/1013749.html


28. Simple Web Server (PMSoftware)

Vendor: PMSoftware

A vulnerability was reported in PMSoftware's Simple Web Server.
A remote user can execute arbitrary code on the target system.

Impact: Denial of service via network

Alert: http://securitytracker.com/alerts/2005/Apr/1013748.html


29. Comersus

Vendor: Comersus Open Technologies

Lostmon reported an input validation vulnerability in Comersus
in the 'curPage' parameter. A remote user can conduct cross-site
scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2005/Apr/1013747.html

[shakhe.bizhat.com]

Net-Worm.Win32.Mytob, critical Windows vulnerabilities
www.shakhe.tk
Kaspersky Lab has raised its threat level to yellow, indicating a medium threat. This is for two reasons.

The first reason is the continuing outbreak caused by the network worm Mytob. The first version of this worm was detected on 26th February 2005. The Mytob family is growing fast - according to our detections, there are now 25 versions of the worm, with 6 new versions being detected between the 9th and 11th April.

Net-Worm.Win32.Mytob.c, which was detected on 1st March, represents a particular threat. Over the past three weeks this worm has headed our virus statistics, making up approximately 30% of all mail traffic. Additionally, six or seven other variants from the Mytob family are present in our Virus Top Twenty, showing that these worms have propagating steadily, intensifying the outbreak.


Mytob is a modification of the Mydoom source code, but the author has added network worm funtionality. This means that the worm can propagate via the LSASS vulnerability. Mytob also has a bot function; this enables a remote malicious user to control infected computers via IRC channels, and to freely access files on the victim machines.


The second reason for the yellow alert is that Microsoft has released details of the latest patches for Windows vulnerabilities. Five of the latest vulnerabilities are rated critical, the highest security rating. If exploits for these vulnerabilities are published, this could lead to a global epidemic. It's extremely likely that virus writers are already researching these vulnerabilities with the aim of producing such malicious code.


All Windows users are strongly recommended to install the latest patches from Microsoft now. The patches can be downloaded from the Microsoft site, which also contains further information. :arrow:
http://www.microsoft.com/technet/sec.../ms05-apr.mspx

[shakhe.bizhat.com]

April 27 2005 - A vulnerability has been reported within the Adobe Reader and Acrobat web control. This vulnerability means that, under certain circumstances, the Internet Explorer ActiveX control can make it possible to discover the existence of local files by monitoring the behavior of certain methods.

Adobe Reader contains a Safe for Scripting method with the definition of "VARIANT_BOOL LoadFile([in] BSTR FileName)". A malicious user could take advantage of this if they get their victim to access the website controlled by the attacker. On the website, the attacker can call the LoadFile method, passing in a local file name on their victim's computer. In this way the attacker would be able to determine whether a certain file was present on the victim's system.

Although it is not possible to get the contents of the file, this method can be useful to attackers to know the path or presence of certain files. Although this does not allow attackers to take complete control of the system, it can be used as part of more complex attacks.

Adobe has reported this situation at http://www.adobe.com/support/techdocs/331465.html and recommended updating to version 7.0.1 of the product.
www.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tkwww.shakhe.tk

[shakhe.bizhat.com]

April 28, 2005 - PandaLabs reports the appearance of the NL variant of the Bancos Trojan, programmed to intercept the confidential data of the clients of over 2,500 banking portals. Panda Software has already informed law enforcement authorities of the appearance of this malicious code.

This Trojan cannot spread by itself, but needs to be distributed manually by third-parties. Bancos.NL can therefore be distributed through traditional channels (floppy disks, CD-ROM), or email messages, Internet downloads, FTP transfers, P2P networks, etc.

In the event that a user executes the file containing Bancos.NL, the Trojan will be installed on the system under the name MSCVC.EXE. It then starts monitoring the user's Internet activity, waiting for a connection to be established with one of the 2,500 Internet addresses listed in its code. When this happens, it registers all the information about bank account numbers, credit cards, passwords or any other information entered by the user. This information is sent to an Internet server where it can be collected by cyber criminals.

"Although this malicious code does not have any technical characteristics that make it stand out from other Trojans programmed to steal banking details, its danger lies in the large number of users that could be affected by Bancos.NL. In fact, the addresses of the banking portals listed in the Trojan's code belong to financial entities in 120 countries worldwide. These countries include Germany and Switzerland with over 200 addresses each," explains Luis Corrons, director of PandaLabs.

To prevent Bancos.NL or any other malicious code entering computers, Panda Software advises users to take precautions and to update their antivirus software. Panda Software has made the corresponding updates available to its clients to detect and disinfect this new malicious code.

Panda Software's clients can already access the updates for installing the new TruPrevent(tm) Technologies along with their antivirus protection, providing a preventive layer of protection against new malware. For users with a different antivirus program installed, Panda TruPrevent(tm) Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the new virus is still being studied and the corresponding update is incorporated into traditional antivirus programs, decreasing the risk of infection.
www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk www.shakhe.tk