Security Corporation - Weekly Summary


Help - Search - Member List - Calendar Full Version: Security Corporation - Weekly Summary GovernmentSecurity.org > The Archives > Exploit Articles GaLiaRePt Oct 18 2003, 01:04 PM ================================================= Security Corporation - Weekly Summary - Issue #28 - 2003-10-18 http://www.security-corporation.com ================================================= Visit Security-Corporation for the latest security news. http://www.security-corporation.com Read newsletter archive : http://www.security-corporation.com/newsletter.html Put Security-Corporation Vulnerability Alerts on Your Web Site for Free! For more information: http://www.security-corporation.com/backend/ ADVERTISEMENT ================================================= HACK IN THE BOX SECURITY CONFERENCE 2003 Kuala Lumpur, Malaysia, December 12th - 14th, 2003 The main aim of HITBSecConf2003 is to enable the dissemination, discussion and sharing of network security information. Presented by respected members of both the mainstream network security arena as well as the underground or blackhat community, this years conference promises to deliver a look at several new attack methods that have not been seen or discussed in public before. Current speaker list includes: LSD, Nitesh Dhanjani, Job De Haas, Shreeraj Shah and many more.. For further details, kindly visit http://conference.hackinthebox.org ADVISORIES ================================================= As always, if you've found a vulnerability, let us know by e-mail at: vuln@security-corporation.com Security advisories of the week : ------------- 2003-10-18 ------------- - Script execution Vulnerability in Vivísimo Clustering EngineT » http://www.security-corporation.com/articl...031018-006.html - Cross-Site Scripting Vulnerability in Bajie HTTP JServer » http://www.security-corporation.com/articl...031018-005.html - Cross-Site Scripting Vulnerability in Wrensoft Zoom Search Engine » http://www.security-corporation.com/articl...031018-004.html - Microsoft Listbox And Combobox Control Buffer Overflow » http://www.security-corporation.com/articl...031018-003.html - Microsoft Hotmail Vulnerability » http://www.security-corporation.com/articl...031018-002.html - Microsoft Local Troubleshooter ActiveX control buffer overflow » http://www.security-corporation.com/articl...031018-001.html - Microsoft PCHealth Buffer Overflow Vulnerability » http://www.security-corporation.com/articl...031018-000.html ------------- 2003-10-16 ------------- - Cross-Site Scripting Vulnerability in Exchange Server 5.5 Outlook Web Access » http://www.security-corporation.com/articl...031016-001.html - Vulnerability in Exchange Server Could Allow Arbitrary Code Execution » http://www.security-corporation.com/articl...031016-000.html ------------- 2003-10-15 ------------- - ListBox and Combox Control Buffer Overrun Could Allow Code Execution » http://www.security-corporation.com/articl...031015-004.html - Buffer Overflow in Windows TAC Could Allow Code Execution » http://www.security-corporation.com/articl...031015-003.html - Vulnerability in Authenticode Verification Could Allow Remote Code Execution » http://www.security-corporation.com/articl...031015-002.html - Buffer Overrun in Windows HSC Could Lead to System Compromise » http://www.security-corporation.com/articl...031015-001.html - Buffer Overrun in Messenger Service Could Allow Code Execution » http://www.security-corporation.com/articl...031015-000.html ------------- 2003-10-14 ------------- - Mirc - Buffer overflow in "IRC" protocol » http://www.security-corporation.com/articl...031014-000.html ------------- 2003-10-13 ------------- - Buffer overflow in IRCD software » http://www.security-corporation.com/articl...031013-001.html - myPHPCalendar Informations Disclosure and File Include Vulnerability » http://www.security-corporation.com/articl...031013-000.html ------------- 2003-10-12 ------------- - Gallery 1.4 including file vulnerability » http://www.security-corporation.com/articl...031012-001.html - TRACKtheCLICK Script Injection Vulnerabilities » http://www.security-corporation.com/articl...031012-000.html ------------- 2003-10-10 ------------- - JBoss 3.2.1 Remote Command Injection Vulnerability » http://www.security-corporation.com/articl...031010-001.html - File inclusion vulnerability in PayPal Store Front » http://www.security-corporation.com/articl...031010-000.html ------------- 2003-10-08 ------------- - Openoffice 1.1.0 Denial Of Service Vulnerability » http://www.security-corporation.com/articl...031008-006.html - Microsoft Internet Explorer 6 XML Patch Bypass » http://www.security-corporation.com/articl...031008-005.html - Microsoft Windows Server 2003 "Shell Folders" Directory Traversal Vulnerability » http://www.security-corporation.com/articl...031008-004.html - HPUX dtprintinfo buffer overflow vulnerability » http://www.security-corporation.com/articl...031008-003.html - Medieval Total War 1.1 broadcast Connection expired » http://www.security-corporation.com/articl...031008-002.html - Medieval Total War 1.1 broadcast crash » http://www.security-corporation.com/articl...031008-001.html - PerlEdit Remote Buffer Overflow Vulnerability » http://www.security-corporation.com/articl...031008-000.html EXPLOITS ================================================= Security exploits of the week : ------------- 2003-10-18 ------------- - mah-jong 1.6 Remote DoS exploit » http://www.security-corporation.com/exploi...031018-001.html - Local exploit for Oracle Release 2 Patch Set 3 Version 9.2.0.4.0 for Linux x86 » http://www.security-corporation.com/exploi...031018-000.html ------------- 2003-10-14 ------------- - WinSyslog 4.21 System Freeze exploit » http://www.security-corporation.com/exploi...031014-000.html ------------- 2003-10-13 ------------- - ProFTPd 1.2.7 - 1.2.9rc2 remote r00t exploit » http://www.security-corporation.com/exploi...031013-001.html - irc2.10.3p3 remote Denial Of Service proof of concept exploit » http://www.security-corporation.com/exploi...031013-000.html ------------- 2003-10-12 ------------- - slocate buffer overflow proof of concept exploit » http://www.security-corporation.com/exploi...031012-000.html ------------- 2003-10-08 ------------- - Windows RPC universal exploit (rpcdcom3) » http://www.security-corporation.com/exploi...031008-000.html SECURITY NEWS ================================================= Security news of the week : ------------- 2003-10-18 ------------- - Rudy Giuliani, the anti-hacker » http://money.cnn.com/2003/10/17/news/compa....reut/index.htm - Feds admit error in hacking conviction » http://zdnet.com.com/2100-1105_2-5092697.html - Put a Finger on Your Password » http://www.wired.com/news/business/0,1367,...tw=wn_bizhead_6 - Teen hacker is not guilty » http://www.theregister.co.uk/content/55/33451.html ------------- 2003-10-17 ------------- - Worm turns: Telstra to pay for email delay » http://afr.com/articles/2003/10/17/1066364484483.html - IT's biggest worry--employee blunders » http://zdnet.com.com/2100-1105_2-5093065.html - RSA forecast fails to impress analysts » http://www.siliconvalley.com/mld/siliconva...ial/7039083.htm ------------- 2003-10-16 ------------- - Barracuda Attacks Spam, Viruses With New ... » http://www.securitypipeline.com/news/showA...icleId=15500101 - Network Associates outlines security product strategy » http://www.nwfusion.com/news/2003/1017naistrategy.html - Flights inspected after 'challenge' to security measures » http://www.kobtv.com/index.cfm?viewer=stor...at=NMTOPSTORIES - Oracle Ships Security Software » http://www.securitypipeline.com/news/showA...icleId=15500046 ------------- 2003-10-14 ------------- - Microsoft Windows RPCSS Variant Attack Vulnerability » http://securityresponse.symantec.com/avcen...ntent/8811.html - 'Hackers' don't appreciate 'crackers' » http://www.jsonline.com/bym/tech/news/oct03/176895.asp - Instant messaging falls prey to hackers » http://www.vnunet.com/News/1144318 - T-Mobile works to tighten Wi-Fi security » http://zdnet.com.com/2100-1104_2-5090391.html ------------- 2003-10-13 ------------- - Security firm removes details of unpatched IE holes » http://www.smh.com.au/articles/2003/10/13/...5917330323.html - Windows security update planned » http://www.msnbc.com/news/978374.asp?cp1=1 - One Too Many Viruses » http://www.linuxjournal.com/article.php?sid=7189 - Red-Alert rides herd on wireless devices » http://www.fcw.com/fcw/articles/2003/1013/...rt-10-13-03.asp ------------- 2003-10-12 ------------- - Microsoft wants to make Wi-Fi hotspots more secure » http://www.silicon.com/news/170/1/6376.html - BEA jumps on security bandwagon » http://news.com.com/2100-1012_3-5090022.html - Army transformation changes direction » http://www.fcw.com/fcw/articles/2003/1013/...my-10-13-03.asp ------------- 2003-10-10 ------------- - Microsoft plans free security upgrades for Windows users » http://www.adn.com/24hour/technology/story...p-7185061c.html - Parents sue school district for Wi-Fi use » http://zdnet.com.com/2100-1105_2-5089202.html - Security Group Names Top 10 Vulnerabilities... » http://www.securitypipeline.com/news/showA...icleId=15202023 ------------- 2003-10-09 ------------- - Teen hacked TD Waterhouse account » http://money.cnn.com/2003/10/09/technology....reut/index.htm - Microsoft Gets Serious About Security » http://www.pcworld.com/news/article/0,aid,...d,112870,00.asp - Suspected Trojan-horse conman arrested » http://news.zdnet.co.uk/0,39020330,39117052,00.htm ------------- 2003-10-08 ------------- - Game's source code stolen in hacking » http://rss.com.com/2100-7349_3-5087698.htm...=feed&subj=news - How does Skype get through Firewalls and NAT Routers? » http://www.theregister.co.uk/content/5/33278.html - 11,000 IP addresses found on accused hacker's PC » http://news.zdnet.co.uk/0,39020330,39117005,00.htm UNSUBSCRIBE ================================================= If you want to unsubscribe from Security Corporation's Newsletter, then go to the following link : » http://www.security-corporation.com/unsubscribe.html DISLAIMER ================================================= The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. FEEDBACK ================================================= Please send suggestions, updates, and comments to: Security Corporation http://www.security-corporation.com info@security-corporation.com This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.

Invision Power Board © 2001-2005 Invision Power Services, Inc.