:: IT Security Neophyte Investigator's MEMO ::

2012年2月17日金曜日

17日金曜日、友引

+ HS12-007: Multiple vulnerabilities have been found in Cosminexus.
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-007/index.html
+ HS12-007: Cosminexusに複数の脆弱性が存在します。
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-007/index.html

FTC、アプリ配信ストアに子どものプライバシー保護強化を勧告
http://itpro.nikkeibp.co.jp/article/NEWS/20120217/381934/?ST=security

UPDATE: JVNVU#542123 複数の DNS ネームサーバの実装に問題
http://jvn.jp/cert/JVNVU542123/index.html

JVNDB-2012-001472 Hulihan Amethyst の admin/update_user におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001472.html

JVNDB-2012-001471 e107 の CSRF 保護メカニズムにおける管理者認証をハイジャックされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001471.html

JVNDB-2012-001470 PHP-Nuke 用 Web_Links module における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001470.html

JVNDB-2012-001469 TYPO3 用 Post data records to facebook エクステンションにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001469.html

JVNDB-2012-001468 TYPO3 用 UrlTool エクステンションにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001468.html

JVNDB-2012-001467 TYPO3 用 BE User Switch エクステンションにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001467.html

JVNDB-2012-001466 TYPO3 用 BE User Switch エクステンションにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001466.html

JVNDB-2012-001465 TYPO3 用 Terminal PHP Shell エクステンションにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001465.html

JVNDB-2012-001464 TYPO3 用 Terminal PHP Shell エクステンションにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001464.html

JVNDB-2012-001463 TYPO3 用 Yet another Google search エクステンションにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001463.html

JVNDB-2012-001462 TYPO3 用 Euro Calculator エクステンションにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001462.html

JVNDB-2012-001461 TYPO3 用 Webservices for TYPO3 エクステンションにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001461.html

JVNDB-2012-001460 TYPO3 用 System Utilities エクステンションにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001460.html

JVNDB-2012-001459 TYPO3 用 Post data records to Facebook エクステンションにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001459.html

JVNDB-2012-001458 TYPO3 用 Documents download エクステンションにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001458.html

JVNDB-2012-001457 TYPO3 用 Documents download エクステンションにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001457.html

JVNDB-2012-001456 TYPO3 用 White Papers エクステンションにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001456.html

JVNDB-2012-001455 TYPO3 用 Category-System エクステンションにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001455.html

JVNDB-2012-001454 TYPO3 用 Category-System エクステンションにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001454.html

JVNDB-2012-001453 TYPO3 用 Kitchen recipe エクステンションにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001453.html

JVNDB-2012-001452 TYPO3 用 Modern FAQ エクステンションにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001452.html

JVNDB-2012-001451 TYPO3 用 Additional TCA Forms エクステンションにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001451.html

JVNDB-2012-001450 NetSarang の Xlpd および Xmanager Enterprise におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001450.html

JVNDB-2012-001449 lknSupport の module/kb/search_word におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001449.html

JVNDB-2012-001448 WordPress 用 WP-RecentComments プラグインの rc_ajax 関数におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001448.html

JVNDB-2012-001447 WordPress 用 WP-RecentComments プラグインにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001447.html

JVNDB-2012-001446 SmartyCMS の template モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001446.html

JVNDB-2012-001445 2X ApplicationServer の TuxScripting.dll における任意のファイルを作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001445.html

JVNDB-2012-001444 (JVNTA12-045A) Microsoft .NET Framework における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001444.html

JVNDB-2012-001443 (JVNTA12-045A) Microsoft .NET Framework および Silverlight における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001443.html

JVNDB-2012-001442 (JVNTA12-045A) Microsoft Visio Viewer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001442.html

JVNDB-2012-001441 (JVNTA12-045A) Microsoft Visio Viewer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001441.html

JVNDB-2012-001440 (JVNTA12-045A) Microsoft Visio Viewer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001440.html

JVNDB-2012-001439 (JVNTA12-045A) Microsoft Visio Viewer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001439.html

JVNDB-2012-001438 (JVNTA12-045A) Microsoft Visio Viewer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001438.html

JVNDB-2010-002884 (JVNTA12-045A) Microsoft Windows XP で利用される Indeo コーデックにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002884.html

JVNDB-2012-001437 (JVNTA12-045A) Microsoft Windows の msvcrt.dll におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001437.html

JVNDB-2012-001073 (JVNTA12-045A) Microsoft Windows Server 2008 の colorcpl.exe における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001073.html

JVNDB-2012-001436 (JVNTA12-045A) Microsoft Office SharePoint の wizardlist.aspx におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001436.html

JVNDB-2012-001435 (JVNTA12-045A) Microsoft Office SharePoint の themeweb.aspx におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001435.html

JVNDB-2012-001434 (JVNTA12-045A) Microsoft SharePoint Foundation 2010 におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001434.html

JVNDB-2012-001433 (JVNTA12-045A) Microsoft Internet Explorer 9 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001433.html

JVNDB-2012-001432 (JVNTA12-045A) Microsoft Internet Explorer 9 におけるデータを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001432.html

JVNDB-2012-001431 (JVNTA12-045A) Microsoft Internet Explorer 7 から 9 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001431.html

JVNDB-2012-001430 (JVNTA12-045A) Microsoft Internet Explorer 6 から 9 におけるコンテンツを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001430.html

JVNDB-2012-001429 (JVNTA12-045A) Microsoft Windows Server 2003 の afd.sys における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001429.html

JVNDB-2012-001428 (JVNTA12-045A) Microsoft Windows の afd.sys における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001428.html

JVNDB-2012-001427 (JVNTA12-045A) Microsoft Windows のカーネルモードドライバにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001427.html

JVNDB-2011-003599 (JVNTA12-045A) Microsoft Windows 7 Professional 64-bit におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003599.html

JVNDB-2012-001426 Adobe RoboHelp for Word におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001426.html

JVNDB-2012-001425 Adobe Shockwave Player の Shockwave 3D Asset コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001425.html

JVNDB-2012-001424 Adobe Shockwave Player の Shockwave 3D Asset コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001424.html

JVNDB-2012-001423 Adobe Shockwave Player の Shockwave 3D Asset コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001423.html

JVNDB-2012-001422 Adobe Shockwave Player の Shockwave 3D Asset コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001422.html

JVNDB-2012-001421 Adobe Shockwave Player の Shockwave 3D Asset コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001421.html

JVNDB-2012-001420 Adobe Shockwave Player の Shockwave 3D Asset コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001420.html

JVNDB-2012-001419 Adobe Shockwave Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001419.html

JVNDB-2012-001418 Adobe Shockwave Player におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001418.html

JVNDB-2012-001417 Adobe Shockwave Player の Shockwave 3D Asset コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001417.html

Intersting Facebook SPAM
http://isc.sans.edu/diary.html?storyid=12607

Jenkins Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52055

WampServer 'lang' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52054

+ RHSA-2012:0143 Critical: xulrunner security update
http://rhn.redhat.com/errata/RHSA-2012-0143.html

+ RHSA-2012:0142 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2012-0142.html

+ Dovecot 2.1.0 released
http://www.dovecot.org/list/dovecot-news/2012-February/000213.html

+ SA48026: libpng "png_decompress_chunk()" Integer Overflow Vulnerability
http://secunia.com/advisories/48026/
http://www.securityfocus.com/bid/52049

[ANNOUNCE] Apache Sqoop 1.4.1-incubating released
http://www.apache.org/dyn/closer.cgi/incubator/sqoop/

[ANNOUNCE] The Apache Software Foundation Announces Apache Deltacloud as a Top-Level Project
http://s.apache.org/my

CentOS alert CESA-2012:0137 (texlive)
http://lwn.net/Alerts/481971/

Stable Channel Update for Chromebooks
http://googlechromereleases.blogspot.com/2012/02/stable-channel-update-for-chromebooks.html

RHSA-2012:0140 Critical: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2012-0140.html

RHSA-2012:0143 Critical: xulrunner security update
http://rhn.redhat.com/errata/RHSA-2012-0143.html

定期サーバメンテナンスのお知らせ（2012年2月24日）
http://www.trendmicro.co.jp/support/news.asp?id=1736

RHSA-2012:0141 Critical: seamonkey security update
http://rhn.redhat.com/errata/RHSA-2012-0141.html

PostgreSQL Data Sync 12.2 released
http://www.postgresql.org/about/news/1376/
http://www.sqlmaestro.com/products/postgresql/datasync/

Flash Playerに新たな脆弱性、悪用したメール攻撃が出現
リンクをクリックするだけでWebサービスを悪用される恐れ
http://itpro.nikkeibp.co.jp/article/NEWS/20120216/381902/?ST=security

[PRE-SA-2012-01] Denial-of-service vulnerability in java.util.zip
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00084.html

Hackito Ergo sum // HES2012 Final CFP // Call for Hackers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00086.html

2012 Honeynet Project Security Workshop
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00083.html

[SECURITY] [DSA 2410-1] libpng security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00082.html

Cisco Security Advisory: Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00081.html

Adobe Flash Player Update
http://isc.sans.edu/diary/Adobe+Flash+Player+Update/12601

Java Update for February
http://isc.sans.edu/diary.html?storyid=12604

Citrix XenServer Multiple Flaws in Web Self Service Have Unspecified Impact
http://www.securitytracker.com/id/1026695

Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1026694

Ubuntu update for devscripts
http://secunia.com/advisories/48039/

Debian update for devscripts
http://secunia.com/advisories/47955/

Debian update for libpng
http://secunia.com/advisories/47923/

libpng "png_decompress_chunk()" Integer Overflow Vulnerability
http://secunia.com/advisories/48026/

Drupal CDN Module Source Code Disclosure Vulnerability
http://secunia.com/advisories/48032/

Cisco Nexus 5000 Series Switches IP Stack Processing Denial of Service Vulnerability
http://secunia.com/advisories/47959/

Cisco Nexus Series Switches IP Stack Processing Denial of Service Vulnerability
http://secunia.com/advisories/47917/

Citrix XenServer Web Self Service Multiple Unspecified Vulnerabilities
http://secunia.com/advisories/48007/

Drupal Faster Permissions Module Security Bypass Vulnerability
http://secunia.com/advisories/48019/

Drupal Link checker Module Security Bypass Security Issue
http://secunia.com/advisories/48022/

LEPTON CMS Multiple Vulnerabilities
http://secunia.com/advisories/47981/

11in1 Cross-Site Request Forgery and File Inclusion Vulnerabilities
http://secunia.com/advisories/47997/

ACDSee BMP Image Processing Integer Overflow Vulnerability
http://secunia.com/advisories/47450/

389 Directory Server "acllas__handle_group_entry()" Denial of Service Vulnerability
http://secunia.com/advisories/48035/

Piwik Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/48010/

Adobe Flash Player Multiple Vulnerabilities
http://secunia.com/advisories/48033/

Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/48016/

REMOTE: Java MixerSequencer Object GM_Song Structure Handling Vulnerability
http://www.exploit-db.com/exploits/18485

DoS/PoC: XnView ＜= 1.98.5 Multiple Vulnerabilities
http://www.exploit-db.com/exploits/18491

DoS/PoX: Novell GroupWise Messenger Client ＜= 2.1.0 Unicode Stack Overflow
http://www.exploit-db.com/exploits/18490

DoS/PoC: Novell GroupWise Messenger ＜= 2.1.0 Memory Corruption
http://www.exploit-db.com/exploits/18489

DoS/PoC: Novell GroupWise Messenger ＜= 2.1.0 Arbitrary Memory Corruption
http://www.exploit-db.com/exploits/18488

XRay CMS 'username' and 'password' SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/51870

Oracle Java SE CVE-2012-0497 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52009

libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52049

Google Chrome Prior to 17.0.963.56 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52031

Oracle Java SE CVE-2012-0498 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52019

Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017

Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018

Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012

Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014

Oracle Java SE CVE-2012-0500 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52015

Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013

Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194

Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011

Oracle Virtual Desktop Infrastructure (VDI) CVE-2011-3571 Remote Vulnerability
http://www.securityfocus.com/bid/51467

Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51706

Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407

Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
http://www.securityfocus.com/bid/50802

Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50494

Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51705

TYPO3 Category System Extension Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/51834

TYPO3 'bc_post2facebook' Extension Unspecified Cross-Site Scripting and SQL-Injection Vulnerability
http://www.securityfocus.com/bid/51846

TYPO3 Yet another Google search Extension Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51851

TYPO3 BE User Switch Extension Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/51852

TYPO3 UrlTool Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51855

TYPO3 Modern FAQ Extension Open-Redirection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/51845

TYPO3 Terminal PHP Shell Cross Site Request Forgery and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/51849

2X ApplicationServer TuxSystem ActiveX Control 'ExportSettings()' Insecure Method Vulnerability
http://www.securityfocus.com/bid/51856

TYPO3 Additional TCA Forms Extension Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51854

TYPO3 Euro Calculator Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51848

WordPress WP-RecentComments Plugin 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/51859

TYPO3 Documents Download Extension Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/51838

TYPO3 Kitchen recipe Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/51825

WordPress WP-RecentComments Plugin '/trunk/core.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/49734

SmartyCMS 'template' Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/51805

iknSupport 'search' Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51803

TYPO3 System Utilities (sysutils) Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51844

TYPO3 Webservices Extension Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51843

TYPO3 White Papers Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/51837

NetSarang Xlpd Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51821

Microsoft Visio Viewer VSD File Format CVE-2012-0138 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51908

Mozilla Firefox/Thunderbird/SeaMonkey 'ReadPrototypeBindings()' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51975

Mozilla Firefox/Thunderbird/SeaMonkey Ogg Vorbis Files Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51753

Evince AFM Font File Parser Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47168

t1lib Type 1 Font Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46941

t1lib Type 1 Font Parsing Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/47169

Evince Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/45678

Advantech WebAccess Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52051

Citrix XenServer Web Self Service Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/52050

FreePBX 'gen_amp_conf.php' Credentials Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52048

ACDSee BMP Image File Handling Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52047

Tube Ace 'q' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52046

Piwik Cross Site Request Forgery and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52045

2012年2月16日木曜日

16日木曜日、先勝

Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120215-nxos

Apple、連絡先情報の無断収集問題でソフトを修正へ、下院議員の指摘受け
http://itpro.nikkeibp.co.jp/article/NEWS/20120216/381805/?ST=security

Adobe Flash Player の脆弱性に関する注意喚起
http://www.jpcert.or.jp/at/2012/at120006.html

Adobe Flash Player Update
http://isc.sans.edu/diary.html?storyid=12601

+ RHSA-2012:0136 Important: libvorbis security update
http://rhn.redhat.com/errata/RHSA-2012-0136.html

- SA47945: Zimbra Collaboration Suite Multiple Vulnerabilities
http://secunia.com/advisories/47945/
http://www.securityfocus.com/bid/52028

MySQL Cluster 7.2 GA has been released
http://dev.mysql.com/tech-resources/articles/mysql-cluster-7.2-ga.html

MySQL Connector/Net 6.5.2 RC1 has been released
http://dev.mysql.com/downloads/connector/net/#downloads

RHSA-2012:0137 Moderate: texlive security update
http://rhn.redhat.com/errata/RHSA-2012-0137.html

Google Chrome 17.0.963.56 released
http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html

nginx-1.1.15 development version released
http://nginx.org/en/CHANGES

APSB12-03: Security update available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb12-03.html

CentOS alert CESA-2012:0136 (libvorbis)
http://lwn.net/Alerts/481731/
http://lwn.net/Alerts/481727/
http://lwn.net/Alerts/481730/

CentOS alert CESA-2012:0135 (java-1.6.0-openjdk)
http://lwn.net/Alerts/481732/

WindowsやIEに危険な脆弱性、Webアクセスで被害の恐れ
セキュリティ情報が9件、パッチで修正される脆弱性は21件
http://itpro.nikkeibp.co.jp/article/NEWS/20120216/381801/?ST=security

ジャストシステムがセキュリティ市場に“再参入”、無料ソフトを公開
http://itpro.nikkeibp.co.jp/article/NEWS/20120215/381754/?ST=security

JVNTA12-045A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA12-045A/index.html

JVNDB-2008-001576 Fujitsu Interstage Application Server の Interstage 管理コンソールにおける任意のファイル読込/削除の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001576.html

JVNDB-2011-001892 (JVNVU#819894) libpng における sCAL チャンクの処理に脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001892.html

JVNDB-2011-002172 (JVNVU#405811) (JVNTR-2011-05) Apache HTTPD サーバにサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002172.html

JVNDB-2010-001999 (JVNVU#707943) (JVNTA10-238A) (JVNTR-2010-23) Windows プログラムの DLL 読み込みに脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001999.html

JVNDB-2012-001416 TYPO3 用 Modern FAQ エクステンションにおけるオープンリダイレクトの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001416.html

JVNDB-2012-001415 PHP のタイムゾーン機能におけるサービス運用妨害 (メモリ破損) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001415.html

JVNDB-2012-001414 PHP の PDORow 実装におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001414.html

JVNDB-2012-001413 ManageEngine Applications Manager における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001413.html

JVNDB-2012-001412 ManageEngine Applications Manager におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001412.html

JVNDB-2012-001411 GForge Advanced Server における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001411.html

JVNDB-2012-001410 Drupal 用 Revisioning モジュールの revisioning_theme.inc におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001410.html

JVNDB-2012-001409 OSCommerce Online Merchant の shirt モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001409.html

JVNDB-2012-001408 Flyspray におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001408.html

JVNDB-2012-001407 Drupal 用 Forward モジュールのクリックスルートラッキング機能におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001407.html

JVNDB-2012-001406 Drupal 用 Forward モジュールにおけるノードタイトルを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001406.html

JVNDB-2012-001405 PhotoLine におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001405.html

JVNDB-2012-001404 Mibew Messenger におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001404.html

JVNDB-2012-001403 Cisco IronPort Encryption Appliance の管理インターフェースにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001403.html

JVNDB-2012-000013 (JVN#35256978) cforms II におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000013.html

JVNDB-2012-001402 Ing. Punzenberger COPA-DATA zenon の ZenSysSrv.exe におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001402.html

JVNDB-2012-001401 Ing. Punzenberger COPA-DATA zenon の zenAdminSrv.exe におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001401.html

JVNDB-2012-001400 Invensys Wonderware HMI Reports における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001400.html

JVNDB-2012-001399 Invensys Wonderware HMI Reports におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001399.html

JVNDB-2012-001398 IvanView におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001398.html

JVNDB-2012-001397 XnView の JPEG2000 プラグインにある Xjp2.dll におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001397.html

JVNDB-2012-001396 Mathopd におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001396.html

JVNDB-2012-001395 ManageEngine ADManager Plus におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001395.html

JVNDB-2012-001394 eFront Community++ におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001394.html

JVNDB-2012-001393 Cyberoam Central Console におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001393.html

JVNDB-2012-001392 Symphony CMS における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001392.html

JVNDB-2012-001391 Symphony CMS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001391.html

JVNDB-2012-001390 phpLDAPadmin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001390.html

JVNDB-2012-001389 複数の Mozilla 製品におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001389.html

JVNDB-2012-001388 PHP における SQL インジェクション攻撃を行われる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001388.html

JVNDB-2012-001387 IBM Cognos TM1 の TM1 Web におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001387.html

JVNDB-2012-001386 Apache Portable Runtime ライブラリの apr_hash.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001386.html

TELUS Security Labs VR - Oracle Java Web Start Command Argument Injection Remote Code Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00080.html

[SECURITY] [DSA 2409-1] devscripts security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00079.html

Multiple vulnerabilities in LEPTON
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00078.html

Multiple vulnerabilities in 11in1
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00077.html

[ MDVSA-2012:020 ] phpldapadmin
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00076.html

FreePBX Remote Exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00074.html

[CAL-2011-0071]Adobe Shockwave Player Parsing cupt atom heap overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00075.html

[CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00073.html

Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1026692

ISC Feature of the Week: XML Feeds
http://isc.sans.edu/diary.html?storyid=12595

Zimbra Collaboration Suite Multiple Vulnerabilities
http://secunia.com/advisories/47945/

Sonexis ConferenceManager Access Restrictions Security Bypass Vulnerability
http://secunia.com/advisories/47888/

Mumble Database File Insecure Permissions
http://secunia.com/advisories/47951/

Lenovo ThinkManagement Console Web Services Two Vulnerabilities
http://secunia.com/advisories/47666/

SUSE update for MozillaFirefox
http://secunia.com/advisories/47977/

WordPress cformsII Plugin "rs" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/47984/

Red Hat update for libvorbis
http://secunia.com/advisories/47985/

Red Hat update for java-1.6.0-openjdk
http://secunia.com/advisories/48011/

Oracle Java SE Multiple Vulnerabilities
http://secunia.com/advisories/48009/

OpenVZ update for kernel
http://secunia.com/advisories/47953/

Adobe Flash Player CVE-2012-0756 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/52036

Adobe Flash Player CVE-2012-0755 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/52035

Adobe Flash Player CVE-2012-0753 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52033

Adobe Flash Player CVE-2012-0754 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52034

Adobe Flash Player CVE-2012-0752 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52032

Schneider Electric Modicon Quantum Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51605

QEMU KVM CVE-2012-0029 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51642

PHP Calendar Extension 'SdnToJulian()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/46967

Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013

Mathopd Directory Traversal Vulnerability
http://www.securityfocus.com/bid/51872

Ruby Random Number Values Security Weakness
http://www.securityfocus.com/bid/49126

Ruby Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51198

PHP Exif Extension 'exif_read_data()' Function Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46365

PHP CVE-2011-2202 Security Bypass Vulnerability
http://www.securityfocus.com/bid/48259

PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49241

PHP Web Form Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51193

PHP 'exif_process_IFD_TAG()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50907

OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/51281

t1lib Type 1 Font Parsing Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/47169

Evince AFM Font File Parser Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47168

Evince Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/45678

t1lib Type 1 Font Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46941

CVS CVE-2012-0804 'proxy_connect()' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51943

Microsoft Windows 'Msvcrt.dll' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51913

Windows Server 2008 Color Control Panel DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/44157

Microsoft Silverlight & .NET Framework Heap Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51940

Microsoft Silverlight & .NET Framework Unmanaged Objects Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51938

Microsoft Internet Explorer CVE-2012-0155 VML Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51935

Microsoft Internet Explorer CVE-2012-0011 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51933

Microsoft Internet Explorer Null Byte Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51932

Microsoft Internet Explorer CVE-2012-0010 Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51931

Microsoft Windows Ancillary Function Driver CVE-2012-0148 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51930

Microsoft Windows Ancillary Function Driver CVE-2012-0149 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51936

Microsoft Windows Kernel 'Win32k.sys' Keyboard Layout Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51920

Microsoft Windows 'win32k.sys' Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51122

cformsII Plugin for WordPress 'lib_ajax.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/44587

Rockwell Automation ControlLogix Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/51603

Koyo ECOM100 Ethernet Module Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51634

Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012

Oracle Java SE CVE-2012-0497 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52009

Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011

Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018

Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017

Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014

Red Hat Linux Kernel CVE-2011-3347 VLAN Packets Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50312

phpLDAPadmin 'base' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51793

Linux Kernel CVE-2012-0056 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51625

Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51176

Linux Kernel CVE-2011-4110 NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/50755

Linux Kernel 'ext4_ext_insert_extent()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50322

Linux Kernel '/proc//' Permissions Handling Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/46567

Linux Kernel 'm_stop()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51361

Mozilla Firefox/Thunderbird/SeaMonkey Ogg Vorbis Files Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51753

Oracle Virtual Desktop Infrastructure (VDI) CVE-2011-3571 Remote Vulnerability
http://www.securityfocus.com/bid/51467

Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194

Adobe Shockwave Player CVE-2012-0758 DIR File Handling Remote Heap Overflow Vulnerability
http://www.securityfocus.com/bid/52007

Adobe Shockwave Player CVE-2012-0759 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52006

Adobe Flash Player CVE-2012-0767 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52040

Drupal Faster Permissions Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/52039

Drupal Link Checker Security Bypass Vulnerability
http://www.securityfocus.com/bid/52038

Adobe Flash Player CVE-2012-0751 Remote ActiveX Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52037

Google Chrome Prior to 17.0.963.56 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52031

Cisco IronPort Encryption Appliance Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52030

Debian devscripts 'debdiff' Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/52029

Zimbra Collaboration Suite Unspecified Security Vulnerability
http://www.securityfocus.com/bid/52028

Multiple Cisco Nexus Devices IP Stack Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52027

LEPTON Cross Site Scripting, SQL Injection, HTML Injection and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/52026

11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/52025

Mumble '.mumble.sqlite' Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/52024

Lenovo ThinkManagement Console Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/52023

2012年2月15日水曜日

15日水曜日、赤口

+ RHSA-2012:0136 Important: libvorbis security update
http://rhn.redhat.com/errata/RHSA-2012-0136.html

UPDATE: 2269637: セキュリティで保護されていないライブラリのロードにより、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2269637

[ANN] Apache Commons Daemon 1.0.9 released
http://commons.apache.org/daemon/download_daemon.cgi

RHSA-2012:0135 Critical: java-1.6.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2012-0135.html

APSB12-02 Security update available for Adobe Shockwave Player
http://www.adobe.com/support/security/bulletins/apsb12-02.html

APSB12-04 Security update available for RoboHelp for Word
http://www.adobe.com/support/security/bulletins/apsb12-04.html

CentOS alert CESA-2012:0125 (glibc)
http://lwn.net/Alerts/481435/

CentOS alert CESA-2012:0126 (glibc)
http://lwn.net/Alerts/481436/

CentOS alert CESA-2012:0127 (mysql)
http://lwn.net/Alerts/481438/

CentOS alert CESA-2012:0128 (httpd)
http://lwn.net/Alerts/481448/

phpMyAdmin 3.4.10 is released
http://sourceforge.net/news/?group_id=23067&id=306177
http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.10/phpMyAdmin-3.4.10-notes.html/view

Java SE 1.7.0_03 released
http://www.oracle.com/technetwork/java/javase/7u3-relnotes-1481928.html

InterScan Messaging Security Suite 7.1 Windows 版 Patch2 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1733

Dovecot 2.1-RC7 released
http://www.dovecot.org/list/dovecot-news/2012-February/000212.html

DDoS対策ASIC搭載の負荷分散装置ミッドレンジモデル、A10ネットワークスが発売
http://itpro.nikkeibp.co.jp/article/NEWS/20120215/381733/?ST=security

JVN#35256978 cforms II におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN35256978/index.html

JVNTA12-045A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA12-045A/index.html

2012年2月 Microsoft セキュリティ情報 (緊急 4件含) に関する注意喚起
http://www.jpcert.or.jp/at/2012/at120005.html

Mandriva : [MDVSA-2012:018] Mozilla - Thunderbird - Use-After-Free Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37625

Ubuntu Security Notice : [USN-1359-1] Tomcat - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37624

Debian : [DSA-2408-1] php5 - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37626

Mandriva : [MDVSA-2012:017] Firefox - Use-After-Free Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37623

Microsoft : [MS12-008] Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37634

Microsoft : [MS12-010] Cumulative Security Update for Internet Explorer
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37635

Microsoft : [MS12-013] Vulnerability in C Run-Time Library Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37623

Microsoft : [MS12-016] Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execu
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37637

Microsoft : [MS12-009] Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37638

Microsoft : [MS12-011] Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37639

Microsoft : [MS12-012] Vulnerability in Color Control Panel Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37640

Microsoft : [MS12-014] Vulnerability in Indeo Codec Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37641

Microsoft : [MS12-015] Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37642

Netragard : [NETRAGARD-20120201] Sonexis ConferenceManager - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37628

YGN Ethical Hacker Group : CubeCart - Open URL Redirection Issue

Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017

Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018

Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014

Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012

Oracle Java SE CVE-2012-0502 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52011

Oracle Virtual Desktop Infrastructure (VDI) CVE-2011-3571 Remote Vulnerability
http://www.securityfocus.com/bid/51467

Oracle Java SE CVE-2012-0497 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52009

Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194

Adobe Shockwave Player CVE-2012-0758 DIR File Handling Remote Heap Overflow Vulnerability
http://www.securityfocus.com/bid/52007

Adobe Shockwave Player CVE-2012-0759 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52006

+ マイクロソフトセキュリティ情報 2012 年 2 月のセキュリティ情報
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-feb

+ MS12-008: Windows カーネルモードドライバーの脆弱性により、リモートでコードが実行される (2660465)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-008

+ MS12-009: Ancillary Function ドライバーの脆弱性により、特権が昇格される (2645640)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-009

+ MS12-010: Internet Explorer 用の累積的なセキュリティ更新プログラム (2647516)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-010

+ MS12-012: カラーコントロールパネルの脆弱性により、リモートでコードが実行される (2643719)
http://technet.microsoft.com/ja-jp/security/bulletin/MS12-012

+ MS12-013: C ランタイムライブラリの脆弱性により、リモートでコードが実行される (2654428)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-013

+ MS12-014: Indeo コーデックの脆弱性により、リモートでコードが実行される (2661637)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-014

+ MS12-016: .NET Framework および Microsoft Silverlight の脆弱性により、リモートでコードが実行される (2651026)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-016

+ Oracle Java SE Critical Patch Update Advisory - February 2012
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
http://www.securitytracker.com/id/1026687

+ J2SE 1.6.0_31 released
http://www.oracle.com/technetwork/java/javase/6u31-relnotes-1482342.html

! Microsoft Windows Indeo Filter 'iacenc.dll' DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/42730

! Microsoft Windows 'Msvcrt.dll' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51913

! Microsoft Windows 'win32k.sys' Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51122

! Windows Server 2008 Color Control Panel DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/44157

- MS12-011: Microsoft SharePoint の脆弱性により、特権が昇格される (2663841)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-011

- MS12-015: Microsoft Visio Viewer 2010 の脆弱性により、リモートでコードが実行される (2663510)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-015

? Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407

[ANNOUNCE] PostgreSQL Data Sync 12.2 released
http://www.sqlmaestro.com/products/postgresql/datasync/

「脆弱性対策の標準仕様SCAPの仕組み」セミナー開催のお知らせ
～MyJVNバージョンチェッカのカスタマイズ入門～
http://www.ipa.go.jp/security/vuln/seminar/lab_semi_scap_2011_4.html

[ MDVSA-2012:019 ] apr
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00072.html

Adobe Shockwave Player and RoboHelp for Word Patches
http://isc.sans.edu/diary.html?storyid=12583

February 2012 Microsoft Black Tuesday
http://isc.sans.edu/diary.html?storyid=12586

Oracle Java SE Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service
http://www.securitytracker.com/id/1026687

Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1026686

Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1026685

Microsoft Visio Viewer Multiple Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026684

Windows XP Indeo Codec DLL Loading Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026683

Windows Color Control Panel DLL Loading Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026682

Microsoft Silverlight Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026681

Microsoft .NET Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026680

Windows Kernel Keyboard Layout Use-After-Free Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1026679

Windows C Runtime Library Buffer Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026678

Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1026677

Adobe RoboHelp for Word Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1026676

Adobe Shockwave Player Multiple Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026675

Cisco IronPort Encryption Appliance Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1026669

Microsoft Internet Explorer Multiple Vulnerabilities
http://secunia.com/advisories/48028/

Microsoft Internet Explorer Copy and Paste Security Bypass Vulnerability
http://secunia.com/advisories/48031/

Microsoft SharePoint Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/48029/

Microsoft .NET Framework / Silverlight Two Vulnerabilities
http://secunia.com/advisories/48030/

Microsoft Windows C Run-Time Library Buffer Overflow Vulnerability
http://secunia.com/advisories/47949/

Microsoft Visio Viewer Multiple Vulnerabilities
http://secunia.com/advisories/47946/

Windows Ancillary Function Driver Two Privilege Escalation Vulnerabilities
http://secunia.com/advisories/47911/

Fork CMS "report" and "error" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/47937/

Semantic MediaWiki Halo Extension "target" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/47968/

IBM Telelogic / Rational License Server License Manager JRE Information Disclosure Vulnerability
http://secunia.com/advisories/47899/

IBM Rational License Key Server JRE Information Disclosure Vulnerability
http://secunia.com/advisories/47929/

Adobe RoboHelp for Word Generated Output Cross-Site Scripting Vulnerability
http://secunia.com/advisories/47936/

Adobe Shockwave Player Multiple Vulnerabilities
http://secunia.com/advisories/47932/

Red Hat update for httpd
http://secunia.com/advisories/47961/

WordPress Relocate Upload Plugin "abspath" File Inclusion Vulnerability
http://secunia.com/advisories/47976/

Ubuntu update for linux-ti-omap4
http://secunia.com/advisories/47974/

Red Hat update for glibc
http://secunia.com/advisories/47962/

Ubuntu update for kernel
http://secunia.com/advisories/48015/

Ubuntu update for kernel
http://secunia.com/advisories/48018/

Python SimpleXMLRPCServer Request Processing Denial of Service Vulnerability
http://secunia.com/advisories/47810/

WordPress s2Member Pro Plugin "Coupon Code" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/47954/

Red Hat update for mysql
http://secunia.com/advisories/47960/

Debian update for php5
http://secunia.com/advisories/47890/

Red Hat update for glibc
http://secunia.com/advisories/47970/

Ubuntu update for firefox
http://secunia.com/advisories/47993/

Ubuntu update for tomcat6
http://secunia.com/advisories/47996/

Mozilla Firefox/Thunderbird/SeaMonkey 'ReadPrototypeBindings()' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51975

RETIRED: Oracle Java SE Critical Patch Update February 2012 Advance Notification
http://www.securityfocus.com/bid/51949

Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194

Oracle Virtual Desktop Infrastructure (VDI) CVE-2011-3571 Remote Vulnerability
http://www.securityfocus.com/bid/51467

Microsoft Windows Indeo Filter 'iacenc.dll' DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/42730

Microsoft Windows 'Msvcrt.dll' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51913

GNU glibc Timezone Parsing Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50898

GNU glibc 'svc_run()' EMFILE Error Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/51439

GNU glibc 'addmntent()' Mount Helper Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/46740

GNU glibc 'ld.so' ELF Header Parsing Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40063

RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/51944

Microsoft Windows 'win32k.sys' Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51122

Windows Server 2008 Color Control Panel DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/44157

Oracle MySQL Server CVE-2012-0114 Local Security Vulnerability
http://www.securityfocus.com/bid/51520

Oracle MySQL Server CVE-2012-0102 Remote Security Vulnerability
http://www.securityfocus.com/bid/51502

Oracle MySQL Server CVE-2012-0101 Remote Security Vulnerability
http://www.securityfocus.com/bid/51505

Oracle MySQL Server CVE-2012-0484 Remote Security Vulnerability
http://www.securityfocus.com/bid/51515

Oracle MySQL Server CVE-2012-0490 Remote Security Vulnerability
http://www.securityfocus.com/bid/51524

Oracle MySQL CVE-2012-0075 Remote MySQL Server Vulnerability
http://www.securityfocus.com/bid/51526

Oracle MySQL Server CVE-2012-0087 Remote Security Vulnerability
http://www.securityfocus.com/bid/51509

Apache APR Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51917

Oracle Java SE CVE-2011-3547 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50243

phpLDAPadmin 'base' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51793

PHP Web Form Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51193

PHP 'php_register_variable_ex()' Function Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/51830

Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51706

'glibc' Library 'locale/programs/locale.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47370

GNU glibc 'fnmatch()' Function Stack Corruption Vulnerability
http://www.securityfocus.com/bid/46563

WordPress Relocate Upload Plugin 'abspath' Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/49693

Cyberoam Central Console 'file' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/51901

IBM Cognos TM1 Executive Viewer Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51905

eFront 'administrator.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51894

Linux Kernel 'ext4_ext_insert_extent()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50322

Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
http://www.securityfocus.com/bid/50802

Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50494

Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407

Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51705

Oracle Java SE CVE-2012-0504 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52020

Oracle Java SE CVE-2012-0498 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52019

Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018

Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017

Oracle Java SE CVE-2012-0499 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52016

Oracle Java SE CVE-2012-0500 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52015

Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014

Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012

Oracle Java SE CVE-2012-0502 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52011

Oracle JavaFX CVE-2012-0508 Remote Vulnerability
http://www.securityfocus.com/bid/52010

Oracle Java SE CVE-2012-0497 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52009

Adobe RoboHelp CVE-2012-0765 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52008

Adobe Shockwave Player CVE-2012-0758 Remote Heap Overflow Vulnerability
http://www.securityfocus.com/bid/52007

Adobe Shockwave Player CVE-2012-0759 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52006

Adobe Shockwave Player CVE-2012-0766 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52005

Adobe Shockwave Player CVE-2012-0764 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52004

Adobe Shockwave Player CVE-2012-0763 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52003

Adobe Shockwave Player CVE-2012-0762 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52002

Adobe Shockwave Player CVE-2012-0761 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52001

Adobe Shockwave Player CVE-2012-0760 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52000

Adobe Shockwave Player CVE-2012-0757 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51999

WordPress s2Member Pro Plugin 'Coupon Code' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/51997

Python SimpleXMLRPCServer Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51996

Sonexis ConferenceManager Multiple Information Disclosure and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/51994

Microsoft Silverlight & .NET Framework Heap Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51940

Microsoft Silverlight & .NET Framework Unmanaged Objects Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51938

Microsoft SharePoint 'wizardlist.aspx' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51937

Microsoft Windows Ancillary Function Driver CVE-2012-0149 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51936

Microsoft Internet Explorer CVE-2012-0155 VML Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51935

Microsoft SharePoint 'themeweb.aspx' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51934

Microsoft Internet Explorer CVE-2012-0011 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51933

Microsoft Internet Explorer Null Byte Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51932

Microsoft Internet Explorer CVE-2012-0010 Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51931

Microsoft Windows Ancillary Function Driver CVE-2012-0148 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51930

Microsoft SharePoint 'inplview.aspx' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51928

Microsoft Windows Kernel 'Win32k.sys' Keyboard Layout Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51920

Microsoft Visio Viewer VSD File Format CVE-2012-0138 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51908

Microsoft Visio Viewer VSD File Format CVE-2012-0137 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51907

Microsoft Visio Viewer VSD File Format CVE-2012-0136 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51906

Microsoft Visio Viewer VSD File Format CVE-2012-0020 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51904

Microsoft Visio Viewer VSD File Format CVE-2012-0019 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51903

登録: 投稿 (Atom)

2012年2月17日金曜日

17日 金曜日、友引

2012年2月16日木曜日

16日 木曜日、先勝

2012年2月15日水曜日

15日 水曜日、赤口

17日金曜日、友引

16日木曜日、先勝

15日水曜日、赤口