=================================================
Security Corporation - Weekly Summary - Issue #30 - 2003-11-16
http://www.security-corporation.com
=================================================
This free weekly newsletter is delivered to you by Security-Corporation.
Visit Security-Corporation for the latest security news.
http://www.security-corporation.com
Read newsletter archive :
http://www.security-corporation.com/newsletter.html
Put Security-Corporation Vulnerability Alerts on Your Web Site for Free!
For more information: http://www.security-corporation.com/backend/
ADVISORIES
=================================================
As always, if you've found a vulnerability, let us know by e-mail at:
vuln@security-corporation.com
Security advisories of the week :
-------------
2003-11-16
-------------
- PostMaster Proxy Server Cross Site Scripting vulnerability
» http://www.security-corporation.com/articl...031116-005.html
- Monopd remote denial of service vulnerability
» http://www.security-corporation.com/articl...031116-004.html
- Quagga/GNU Zebra remote denial of service vulnerability
» http://www.security-corporation.com/articl...031116-003.html
- PHPlist file injection vulnerability
» http://www.security-corporation.com/articl...031116-002.html
- Webwasher Classic Error-Message Cross Site Scripting Vulnerability
» http://www.security-corporation.com/articl...031116-001.html
- Symantec pcAnywhere privelege escalation vulnerability
» http://www.security-corporation.com/articl...031116-000.html
-------------
2003-11-13
-------------
- PeopleSoft PeopleBooks Search CGI multiple argument issues
» http://www.security-corporation.com/articl...031113-005.html
- PeopleSoft IScript Cross Site Scripting issue
» http://www.security-corporation.com/articl...031113-004.html
- PeopleSoft Gateway Administration servlet path disclosure issue
» http://www.security-corporation.com/articl...031113-003.html
- Gaim IRC Local Account Information Leakage
» http://www.security-corporation.com/articl...031113-002.html
- HP-UX Software Distributor Buffer Overflow Vulnerability
» http://www.security-corporation.com/articl...031113-001.html
- HP-UX libc NLSPATH Environment Variable Privilege Elevation Vulnerability
» http://www.security-corporation.com/articl...031113-000.html
-------------
2003-11-12
-------------
- Opera Skinned : Arbitrary File Dropping And Execution
» http://www.security-corporation.com/articl...031112-008.html
- Opera Web Browser Directory Traversal in Internal URI Protocol
» http://www.security-corporation.com/articl...031112-007.html
- Nokia IPSO Script Injection Vulnerability
» http://www.security-corporation.com/articl...031112-006.html
- PHP-Coolfile 1.4 unauthorized access
» http://www.security-corporation.com/articl...031112-005.html
- Clam AntiVirus remote Denial of Service
» http://www.security-corporation.com/articl...031112-004.html
- UnixWare and Open UNIX local privilege escalation vulnerability
» http://www.security-corporation.com/articl...031112-003.html
- Buffer Overflow in Windows Workstation Service
» http://www.security-corporation.com/articl...031112-002.html
- Windows Workstation Service Remote Buffer Overflow
» http://www.security-corporation.com/articl...031112-001.html
- Frontpage Extensions Remote Command Execution
» http://www.security-corporation.com/articl...031112-000.html
-------------
2003-11-11
-------------
- Symbol Technologies Default WEP KEYS Vulnerability
» http://www.security-corporation.com/articl...031111-002.html
- tsworks "Expand the Attachment" Buffer Overflow Vulnerability
» http://www.security-corporation.com/articl...031111-001.html
- Eudora "Reply-To-All" Buffer Overflow Vulnerabilty
» http://www.security-corporation.com/articl...031111-000.html
-------------
2003-11-10
-------------
- Ganglia Denial of Service Vulnerability
» http://www.security-corporation.com/articl...031110-002.html
- Directory traversal in The TelCondex SimpleWebserver
» http://www.security-corporation.com/articl...031110-001.html
- Bugzilla information leak vulnerability
» http://www.security-corporation.com/articl...031110-000.html
EXPLOITS
=================================================
Security exploits of the week :
-------------
2003-11-16
-------------
- MyServer 0.5 Remote denial of service exploit
» http://www.security-corporation.com/exploi...031116-003.html
- Local exploit for unace v2.2
» http://www.security-corporation.com/exploi...031116-002.html
- Microsoft Workstation Service WKSSVC Remote Exploit (MS03-049)
» http://www.security-corporation.com/exploi...031116-001.html
- pServ 2.0.x beta:webserver remote buffer overflow exploit
» http://www.security-corporation.com/exploi...031116-000.html
-------------
2003-11-15
-------------
- local ListBox/ComboBox exploit for Win32 (MS03-045)
» http://www.security-corporation.com/exploi...031115-001.html
- Microsoft Messenger Service Heap Overflow Exploit (MS03-043)
» http://www.security-corporation.com/exploi...031115-000.html
-------------
2003-11-13
-------------
- Microsoft Frontpage Server Extensions fp30reg.dll Overflow Exploit
(MS03-051)
» http://www.security-corporation.com/exploi...031113-007.html
- UID man Proof of concept exploit
» http://www.security-corporation.com/exploi...031113-006.html
- Windows Workstation ms03-049 remote exploit for w2k&fat
» http://www.security-corporation.com/exploi...031113-005.html
- ms03-049 wkksvc.dll buffer overflow exploit
» http://www.security-corporation.com/exploi...031113-004.html
- TerminatorX V.3.81 local root exploit (by Li0n7)
» http://www.security-corporation.com/exploi...031113-003.html
- TerminatorX v3.81 local exploit
» http://www.security-corporation.com/exploi...031113-002.html
- /sbin/iwconfig local root exploit
» http://www.security-corporation.com/exploi...031113-001.html
- Eudora 6.0.1 attachment spoof
» http://www.security-corporation.com/exploi...031113-000.html
-------------
2003-11-12
-------------
- Opera Skinned & Opera Directory Traversal Proof of concept exploit
» http://www.security-corporation.com/exploi...031112-001.html
- Windows Workstation Service overflow Proof of concept exploit
» http://www.security-corporation.com/exploi...031112-000.html
-------------
2003-11-11
-------------
- AOL Instant Messenger 5.x remote buffer overflow exploit
» http://www.security-corporation.com/exploi...031111-001.html
- Unace v2.2 local exploit
» http://www.security-corporation.com/exploi...031111-000.html
-------------
2003-11-10
-------------
- 0verkill v0.16 local Proof of Concept Exploit
» http://www.security-corporation.com/exploi...031110-003.html
- Wmapm v3.1 local exploit
» http://www.security-corporation.com/exploi...031110-002.html
- Serious Sam Remote Denial of Service Exploit
» http://www.security-corporation.com/exploi...031110-001.html
- OpenBSD ibcs2 Kernel local Exploit
» http://www.security-corporation.com/exploi...031110-000.html
SECURITY NEWS
=================================================
- Live Security News :
» http://www.security-corporation.com/allzenews.html
- Security news of the week :
-------------
2003-11-16
-------------
- Spammers now clogging blogs, IM
» http://www.msnbc.com/news/993186.asp
- Keeping Watch for Interstellar Computer Viruses
» http://www.space.com/scienceastronomy/spac...ers_031111.html
- Cracking the hacker underground
» http://news.bbc.co.uk/1/hi/technology/3246375.stm
- New worm variant targets identity data
» http://www.gcn.com/vol1_no1/daily-updates/24176-1.html
-------------
2003-11-13
-------------
- Trojan hides in fake Citibank e-mail
» http://zdnet.com.com/2100-1105_2-5106793.html
- ATM fraud prevention tips from FNB
» http://www.itweb.co.za/sections/business/2003/0311131111.asp
- Another Microsoft Security Problem...
» http://www.gnutellanews.com/article/8947
- Mobile users face virus fears as bluejacking craze causes panic
» http://www.sophos.com/virusinfo/articles/bluejack.html
-------------
2003-11-12
-------------
- Worm warning
» http://www.bangkokpost.com/121103_Database...003_data11.html
- Did hackers expose N-Gage games?
» http://zdnet.com.com/2100-1103_2-5105986.html
- Top Security Officers Form Think Tank
» http://www.eweek.com/article2/0,3959,1379626,00.asp
- Security professionals form CSO council
» http://www.infoworld.com/article/03/11/11/...ocouncil_1.html
-------------
2003-11-11
-------------
- 20th Anniversary Of Computer Viruses Commemorated
» http://slashdot.org/article.pl?sid=03/11/10/1920218
- Network Security Roundup for November 10, 2003
» http://www.ecommercetimes.com/perl/story/32093.html
- Cisco Enables 'Clientless' Corporate Security
» http://www.newsfactor.com/perl/story/22657.html
- Cybercrime - it's the outsiders wot's to blame
» http://www.theregister.co.uk/content/55/33892.html
-------------
2003-11-10
-------------
- Good things come in small packages
» http://www.fcw.com/fcw/articles/2003/1110/...ew-11-10-03.asp
- IPSec Tunneling with ISA Server
»
http://www.winnetmag.com/WindowsSecurity/A...578/WindowsSecu
rity_40578.html
- US-listed firms face IT security audits
» http://news.zdnet.co.uk/business/0,39020645,39117721,00.htm
- E-mail policies that prevent viruses
» http://itpapers.zdnet.com/abstract.aspx?&s...276&docid=67256
UNSUBSCRIBE
=================================================
If you want to unsubscribe from Security Corporation's Newsletter, then
go to the following link :
» http://www.security-corporation.com/unsubscribe.html
DISLAIMER
=================================================
The information within this paper may change without notice. Use of
this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information. In no event
shall the author be liable for any damages whatsoever arising out of
or in connection with the use or spread of this information. Any use
of this information is at the user's own risk.
FEEDBACK
=================================================
Please send suggestions, updates, and comments to:
Security Corporation
http://www.security-corporation.com
info@security-corporation.com
