本日をもって、2009年の活動を終了いたします。
2010年は1月4日から活動を開始します。
それでは、良いお年をお迎えください。
2009年12月25日金曜日
25日 金曜日、友引
Timekeeping best practices for Linux guests
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1006427&sliceId=1&docTypeID=DT_KB_1_1
経済産業省、年末年始に向けてセキュリティ管理の注意喚起
http://itpro.nikkeibp.co.jp/article/NEWS/20091225/342668/?ST=security
JVNDB-2009-002358 富士通 Interstage および Systemwalker 関連製品における SSL セキュリティの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002358.html
JVNDB-2009-002357 Adobe Photoshop Elements における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002357.html
JVNDB-2009-002356 Apache Tomcat の Windows インストーラにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002356.html
JVNDB-2009-002184 IBM WebSphere Application Server におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002184.html
JVNDB-2009-002183 IBM WebSphere Application Server における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002183.html
JVNDB-2009-002182 IBM WebSphere Application Server の Eclipse Help におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002182.html
JVNDB-2009-001884 Apache HTTP Server の mod_proxy におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001884.html
JVNDB-2009-001296 IBM Lotus Domino のサーバ内 IMAP タスクにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001296.html
JVNDB-2009-001130 Autonomy KeyView SDK の wp6sr.dll における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001130.html
Did any digital nasties show up under your tree this year?
http://isc.sans.org/diary.html?storyid=7813
CastRipper (.M3U) Stack BOF WinXP SP2
http://www.exploit-db.com/exploits/10646
- Directory Proxy Server Provided with Directory Server Enterprise Edition 6 is Subject to Denial of Service (DoS) and May Allow Unauthorized Access to Certain Data
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270789-1
- HPSBUX02498 SSRT090264 rev.1 - Apacheを実行するHP-UX、リモートでの未許可データ注入、サービス拒否(DoS)
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c01964199
Linux kernel 2.6.33-rc2 released
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc2
Linux kernel 2.6.33-rc1-git4 released
http://www.kernel.org/pub/linux/kernel//v2.6/snapshots/patch-2.6.33-rc1-git4.bz2
相次ぐ「Webウイルス」に緊急警告、Adobe ReaderやFlashを最新版に
国内サイトが次々と改ざん、JR東日本のWebページにも「わな」
http://itpro.nikkeibp.co.jp/article/NEWS/20091224/342678/?ST=security
ウェブサイト管理者へ:ウェブサイト改ざんに関する注意喚起
一般利用者へ:改ざんされたウェブサイトからのウイルス感染に関する注意喚起
http://www.ipa.go.jp/security/topics/20091224.html
Adobe Reader 及び Acrobat の未修正の脆弱性に関する注意喚起
http://www.jpcert.or.jp/at/2009/at090027.txt
Microsoft IIS File Parsing Extension Vulnerability
http://isc.sans.org/diary.html?storyid=7810
APC Network Management Card Devices Input Validation Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks
http://securitytracker.com/alerts/2009/Dec/1023388.html
Microsoft Internet Information Services (IIS) Filename Extension Parsing Flaw May Let Users Bypass Security Controls
http://securitytracker.com/alerts/2009/Dec/1023387.html
Drupal FAQ Module Script Insertion Vulnerability
http://secunia.com/advisories/37923/
Jax Guestbook guestbook.admin.php Security Bypass
http://secunia.com/advisories/37921/
Kolab Server Web Client Image Upload Form Vulnerability
http://secunia.com/advisories/37918/
Fedora update for wireshark
http://secunia.com/advisories/37916/
OpenX Authentication Bypass Security Issue
http://secunia.com/advisories/37914/
Debian update for unbound
http://secunia.com/advisories/37913/
MyBB MYPS Plugin "username" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37910/
Auto-Surf Traffic Exchange Script "rid" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/37894/
Joomla Car Manager Component "msg" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37882/
Drupal Automated Logout Module Script Insertion Vulnerability
http://secunia.com/advisories/37878/
Red Hat update for java-1.6.0-ibm
http://secunia.com/advisories/37841/
Microsoft IIS ASP Multiple Extensions Security Bypass
http://secunia.com/advisories/37831/
APC NMC Products Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/37744/
Exploit Easy RM to MP3 2.7.3.700 - Ruby
http://www.exploit-db.com/exploits/10642
CastRipper 2.50.70 (.pls) Stack buffer Overflow Exploit WinXP SP3
http://www.exploit-db.com/exploits/10628
Microsoft IIS File Extension Processing Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3634
Automated Logout for Drupal Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/3633
FAQ Module for Drupal Unspecified Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/3632
APC Switched Rack PDU 'login1' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37338
Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36377
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
http://www.securityfocus.com/bid/37370
Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37361
Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/37367
Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37366
Mozilla Firefox 'window.opener' Property Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37365
Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37363
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Apache mod_proxy_ftp Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/36254
Apache 'mod_deflate' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35623
Joomla! 'com_schools' Component 'schoolid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37469
Woltlab Burning Board Kleinanzeigenmarkt Plugin 'catID' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37468
Pragyan CMS 'search.php' Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/37467
Jax Guestbook 'guestbook.admin.php' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37466
MyBB 'myps.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37464
Polipo Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/37463
Drupal Automated Logout Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37462
2009年12月24日木曜日
24日 木曜日、先勝
[ANNOUNCE] PostgreSQL PHP Generator 9.12 released
http://www.sqlmaestro.com/products/postgresql/phpgenerator/
[ANNOUNCE] PostERP 2.6 released
http://www.sitig.com/
[ANNOUNCE] PostgreSQL Live CD for 8.4.2 released
http://www.pglivecd.org/
[ANNOUNCE] PostgreSQL 8.5alpha3 Now Available
http://developer.postgresql.org/pgdocs/postgres/release-8-5.html
[ANNOUNCE] ANN: MicroOLAP PostgresDAC 2.5.4 released!
http://microolap.com/products/connectivity/postgresdac/download/
[ANNOUNCE] PostERP 2.6 released
http://www.sitig.com/
【障害情報】IBM HTTP ServerにおけるTLS/SSL脆弱性(CVE-2009-3555)の影響について (WAS-09-00L)
http://www-06.ibm.com/jp/domino01/mkt/cnpages1.nsf/page/default-WAS-09-00L
オバマ政権、サイバーセキュリティ調整官に元Microsoft幹部を任命
http://itpro.nikkeibp.co.jp/article/NEWS/20091224/342567/?ST=security
Web サイト経由でのマルウエア感染拡大に関する注意喚起
http://www.jpcert.or.jp/at/2009/at090023.txt
JPCERT/CC WEEKLY REPORT 2009-12-24
http://www.jpcert.or.jp/wr/2009/wr094901.html
JVN#00152874 P forum におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN00152874/index.html
JVN#85821104 Active! mail 2003 におけるセッション ID 漏えいの脆弱性
http://jvn.jp/jp/JVN85821104/index.html
JVN#49083120 Active! mail 2003 におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN49083120/index.html
JVN#36207497 Active! mail 2003 における Cookie 漏えいの脆弱性
http://jvn.jp/jp/JVN36207497/index.html
JVNDB-2009-002355 Sun Java SE の Java Web Start 実装における署名された JAR ファイルと JNLP アプリケーション処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002355.html
JVNDB-2009-002354 Sun Java SE および OpenJDK の TimeZone.getTimeZone メソッドにおけるローカルファイルの存在を知られる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002354.html
JVNDB-2009-002353 Sun Java SE および OpenJDK の Windows Pluggable Look and Feel (PL&F) における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002353.html
JVNDB-2009-002352 Sun Java SE および OpenJDK の Swing 実装における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002352.html
JVNDB-2009-002188 Apache HTTP Server の mod_proxy_ftp モジュールにおけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002188.html
JVNDB-2009-002187 Apache HTTP Server の ap_proxy_ftp_handler 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002187.html
JVNDB-2009-002132 Apple Mac OS の ColorSync における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002132.html
JVNDB-2009-001892 Apache httpd の mod_deflate モジュールにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001892.html
JVNDB-2007-001166 MySQL の MyISAM テーブルにおける権限チェック回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001166.html
F5 BIG-IP ASM and PSM Remote Buffer Overflow
http://isc.sans.org/diary.html?storyid=7807
BIG-IP ASM and PSM bd Daemon Buffer Overflow Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Dec/1023386.html
IBM DB2 Flaws Let Remote and Local Users Deny Service
http://securitytracker.com/alerts/2009/Dec/1023376.html
XFS ACL 'setfacl' and 'getfacl' Symbolic Link Handling Security Bypass Vulnerability
http://www.securityfocus.com/bid/37455
http://www.sqlmaestro.com/products/postgresql/phpgenerator/
[ANNOUNCE] PostERP 2.6 released
http://www.sitig.com/
[ANNOUNCE] PostgreSQL Live CD for 8.4.2 released
http://www.pglivecd.org/
[ANNOUNCE] PostgreSQL 8.5alpha3 Now Available
http://developer.postgresql.org/pgdocs/postgres/release-8-5.html
[ANNOUNCE] ANN: MicroOLAP PostgresDAC 2.5.4 released!
http://microolap.com/products/connectivity/postgresdac/download/
[ANNOUNCE] PostERP 2.6 released
http://www.sitig.com/
【障害情報】IBM HTTP ServerにおけるTLS/SSL脆弱性(CVE-2009-3555)の影響について (WAS-09-00L)
http://www-06.ibm.com/jp/domino01/mkt/cnpages1.nsf/page/default-WAS-09-00L
オバマ政権、サイバーセキュリティ調整官に元Microsoft幹部を任命
http://itpro.nikkeibp.co.jp/article/NEWS/20091224/342567/?ST=security
Web サイト経由でのマルウエア感染拡大に関する注意喚起
http://www.jpcert.or.jp/at/2009/at090023.txt
JPCERT/CC WEEKLY REPORT 2009-12-24
http://www.jpcert.or.jp/wr/2009/wr094901.html
JVN#00152874 P forum におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN00152874/index.html
JVN#85821104 Active! mail 2003 におけるセッション ID 漏えいの脆弱性
http://jvn.jp/jp/JVN85821104/index.html
JVN#49083120 Active! mail 2003 におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN49083120/index.html
JVN#36207497 Active! mail 2003 における Cookie 漏えいの脆弱性
http://jvn.jp/jp/JVN36207497/index.html
JVNDB-2009-002355 Sun Java SE の Java Web Start 実装における署名された JAR ファイルと JNLP アプリケーション処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002355.html
JVNDB-2009-002354 Sun Java SE および OpenJDK の TimeZone.getTimeZone メソッドにおけるローカルファイルの存在を知られる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002354.html
JVNDB-2009-002353 Sun Java SE および OpenJDK の Windows Pluggable Look and Feel (PL&F) における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002353.html
JVNDB-2009-002352 Sun Java SE および OpenJDK の Swing 実装における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002352.html
JVNDB-2009-002188 Apache HTTP Server の mod_proxy_ftp モジュールにおけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002188.html
JVNDB-2009-002187 Apache HTTP Server の ap_proxy_ftp_handler 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002187.html
JVNDB-2009-002132 Apple Mac OS の ColorSync における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002132.html
JVNDB-2009-001892 Apache httpd の mod_deflate モジュールにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001892.html
JVNDB-2007-001166 MySQL の MyISAM テーブルにおける権限チェック回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001166.html
F5 BIG-IP ASM and PSM Remote Buffer Overflow
http://isc.sans.org/diary.html?storyid=7807
BIG-IP ASM and PSM bd Daemon Buffer Overflow Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Dec/1023386.html
IBM DB2 Flaws Let Remote and Local Users Deny Service
http://securitytracker.com/alerts/2009/Dec/1023376.html
XFS ACL 'setfacl' and 'getfacl' Symbolic Link Handling Security Bypass Vulnerability
http://www.securityfocus.com/bid/37455
+ HS09-019: Cosminexus, Processing Kit for XML, Hitachi Developer's Kit for Javaにおけるバッファオーバーフローの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS09-019/index.html
+ Apache Velocity 1.6.3 released
http://velocity.apache.org/news.html#engine163
+ Microsoft IIS Malformed Local Filename Security Bypass Vulnerability
http://www.securityfocus.com/bid/37460
- Linux Kernel 'fuse_ioctl_copy_user()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37453
- Security Vulnerability in the Sun Ray Server Software Authentication Manager May Allow a Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-267548-1
- Security Vulnerability in the OSCAR Protocol Plugin for pidgin(1) may Lead to a Denial of Service (DoS) Condition
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272489-1
MySQL Connector/Net 6.2.2 GA has been released
http://dev.mysql.com/downloads/connector/net/6.2.html
[FreeBSD-Announce] FreeBSD Mall now shipping 8.0
http://www.freebsdmall.com/
SUN ALERT WEEKLY SUMMARY REPORT - Week of 13-Dec-2009 to 19-Dec-2009
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274750-1
Perl 5.11.3 now available
http://use.perl.org/article.pl?sid=09/12/22/199226&from=rss
libnetfilter_conntrack 0.0.101 released
http://www.iptables.org/projects/libnetfilter_conntrack/downloads.html#libnetfilter_conntrack-0.0.101
UPDATE: Cisco Security Advisory: Multiple Cisco WebEx WRF Player Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20091216-webex.shtml
Debian : New bind9 packages fix cache poisoning
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31325
Debian : New kvm packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31326
Independent Researcher : XSS in WebMathematica
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31329
Hewlett-Packard : HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31331
Independent Researcher : XSS vulnerabilities in 8 millions flash files
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31317
Independent Researcher : Bug in RealPlayer Plus 11
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31327
Independent Researcher : XSS Vulnerability in JpGraph 3.0.6
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31328
Independent Researcher : Remote Buffer Overflow Exploit (TFTP Daemon Version 1.9) by Socket_0x03
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31332
Mandriva : proftpd
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31312
Mandriva : firefox
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31322
Mandriva : firefox
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31323
Red Hat : Moderate: condor security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31315
Red Hat : Moderate: condor security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31316
SuSE : Flash Player
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31313
SuSE : Mozilla Firefox
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31314
SuSE : Linux kernel
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31324
Independent Researcher : ClarkConnect XSS vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31330
Restarting the Management agents on an ESX or ESXi Server
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1003490&sliceId=1&docTypeID=DT_KB_1_1
[SECURITY] [DSA-1962-1] New kvm packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00289.html
[SECURITY] [DSA 1961-1] New bind9 packages fix cache poisoning
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00290.html
XSS Vulnerability in JpGraph 3.0.6
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00291.html
[ MDVSA-2009:339 ] firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00288.html
[ MDVSA-2009:338 ] firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00287.html
[security bulletin] HPSBUX02498 SSRT090264 rev.1 - HP-UX Running Apache, Remote Unauthorized
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00282.html
[ MDVSA-2009:337 ] proftpd
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00284.html
Remote Buffer Overflow Exploit (TFTP Daemon Version 1.9) by Socket_0x03
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00285.html
ClarkConnect XSS vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00281.html
RHBA-2009:1691-1: xorg-x11-server bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1691.html
RHBA-2009:1693-1: mysql bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1693.html
WordPress Woopra Analytics Plugin Arbitrary File Creation Vulnerability
http://secunia.com/advisories/37911/
SUSE update for kernel
http://secunia.com/advisories/37909/
Debian update for kvm
http://secunia.com/advisories/37908/
XFS Acl Recursive Symlink Processing Security Issue
http://secunia.com/advisories/37907/
webMathematica Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37905/
Debian update for bind9
http://secunia.com/advisories/37904/
Open Flash Chart Arbitrary File Creation Vulnerability
http://secunia.com/advisories/37903/
SUSE update for flash-player
http://secunia.com/advisories/37902/
weenCompany "moduleid" SQL Injection Vulnerability
http://secunia.com/advisories/37895/
SUSE update for MozillaFirefox
http://secunia.com/advisories/37881/
The Uploader "filename" Information Disclosure Vulnerability
http://secunia.com/advisories/37873/
Joomla JEEMA Article Collection Component "catid" SQL Injection
http://secunia.com/advisories/37865/
Active Business Directory "search" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37863/
ClarkConnect "url" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37850/
JpGraph "GetURLArguments()" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37832/
F5 BIG-IP ASM / PSM Buffer Overflow Vulnerability
http://secunia.com/advisories/37805/
Fedora update for trac
http://secunia.com/advisories/37901/
Intel Trusted Execution Technology SINIT Security Bypass
http://secunia.com/advisories/37900/
VideoCMS "v" SQL Injection Vulnerability
http://secunia.com/advisories/37889/
Absolute Shopping Cart "prod_id" SQL Injection Vulnerability
http://secunia.com/advisories/37887/
Social Web CMS Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/37886/
Ultimate Uploader for PHP Arbitrary File Upload Vulnerability
http://secunia.com/advisories/37880/
SQL-Ledger Multiple Vulnerabilities
http://secunia.com/advisories/37877/
Pre Hotels & Resorts Management System SQL Injection Vulnerabilities
http://secunia.com/advisories/37870/
Hitachi Products Secure LDAP Information Disclosure
http://secunia.com/advisories/37869/
Serendipity Arbitrary File Upload Security Issue
http://secunia.com/advisories/37830/
Fedora update for mysql
http://secunia.com/advisories/37827/
Fedora update for asterisk
http://secunia.com/advisories/37812/
Trac Reports Alternate Formats Information Disclosure Vulnerability
http://secunia.com/advisories/37807/
Fedora update for libtool
http://secunia.com/advisories/37806/
Red Hat update for condor
http://secunia.com/advisories/37803/
HP-UX update for Apache
http://secunia.com/advisories/37800/
Condor Job Management Security Bypass Vulnerability
http://secunia.com/advisories/37766/
Intel SINIT Authenticated Code Module Flaw Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/Dec/1023382.html
Condor Job Management Flaw Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/Dec/1023378.html
Winamp 5.571 Released (5.57 revised, build 2810)
http://forums.winamp.com/showthread.php?threadid=315355
GNU Libtool 2.2.6b released
http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html
Metasploit 3.3.3 Released!
http://www.metasploit.com/redmine/projects/framework/wiki/Release_Notes_333
Merry Festivus: Commence the "Airing of Infosec Grievaces"
http://isc.sans.org/diary.html?storyid=7804
Tell us about your Christmas Family Emergency Kit
http://isc.sans.org/diary.html?storyid=7795
Blackberry Outage
http://isc.sans.org/diary.html?storyid=7798
Howard Schmidt named as new Cybersecurity Coordinator
http://isc.sans.org/diary.html?storyid=7792
F5 BIG-IP ASM and PSM Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3627
Serendipity File Extension Processing Arbitrary File Upload Vulnerability
http://www.vupen.com/english/advisories/2009/3626
SQL-Ledger Multiple SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/3625
Intel SINIT Authenticated Code Module Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2009/3618
Hitachi Products LDAP StartTLS Feature Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3617
Trac Security Update Fixes Multiple Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2009/3615
HP-UX Security Update Fixes Apache SSL Plaintext Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3614
CoreHTTP Arbitrary Command Execution Vulnerability
http://www.exploit-db.com/exploits/10610
Exploit for against Easy RM to MP3 2.7.3.700
http://www.exploit-db.com/exploits/10620
Easy RM to MP3 27.3.700 local BOF xp sp2
http://www.exploit-db.com/exploits/10619
Adobe Reader and Acrobat (CVE-2009-4324) Exploit
http://www.exploit-db.com/exploits/10618
Printoxx Local Buffer Overflow
http://www.exploit-db.com/exploits/10617
2.6.18-20 2009 Local Root Exploit
http://www.exploit-db.com/exploits/10613
CoolPlayer 2.18 M3U Playlist Buffer Overflow Exploit
http://www.exploit-db.com/exploits/10595
PlayMeNow Malformed (M3U) Universal XP Seh BoF
http://www.exploit-db.com/exploits/10596
Easy RM to MP3 27.3.700 WinXP SP3
http://www.exploit-db.com/exploits/10602
Wireshark 0.9.0 through 1.2.4 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37407
Linux Kernel 'fuse_ioctl_copy_user()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37453
XFS ACL 'setfacl' and 'getfacl' Symbolic Link Handling Security Bypass Vulnerability
http://www.securityfocus.com/bid/37455
PHP-Calendar Multiple Remote And Local File Include Vulnerabilities
http://www.securityfocus.com/bid/37450
Simple PHP Blog 'blog_language1' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/37434
Cisco WebEx WRF File Handling Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/37352
IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35671
Sun Java SE November 2009 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36881
Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36097
Wget NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36205
Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36936
Expat Unspecified XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37203
Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36639
Red Hat acpid '/var/log/acpid' Log File Permissions Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37249
Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36827
Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723
Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36901
Linux kernel 'O_EXCL' NFSv4 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36472
Linux Kernel with SELinux 'mmap_min_addr' Low Memory NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36051
Linux Kernel 2.4 and 2.6 Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36304
Linux Kernel '/drivers/net/r8169.c' Out-of-IOMMU Error Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36706
Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/36824
Linux Kernel KVM Large SMP Instruction Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37130
Linux Kernel KVM 'handle_dr()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37221
Linux Kernel KVM 'kvm_dev_ioctl_get_supported_cpuid()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/36803
Linux Kernel Prior to 2.6.24.2 'vmsplice_to_pipe()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/27801
ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118
Webformatique Car Manager Joomla! Component 'msg' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37458
OpenX Administrative Interface Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37457
Drupal FAQ Module Unspecified HTML Injection Vulnerability
http://www.securityfocus.com/bid/37456
CoreHTTP CGI Support Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/37454
F5 BIG-IP ASM and PSM Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37452
webMathematica 'MSP' Script Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37451
Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37368
Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37364
Mozilla Firefox and SeaMonkey 'liboggplay' Media Library Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37369
Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
http://www.securityfocus.com/bid/37360
Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/37367
RETIRED: Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37349
Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37363
Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37361
Mozilla Firefox 'window.opener' Property Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37365
Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37366
Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
http://www.securityfocus.com/bid/37370
Mozilla Firefox CVE-2009-3980 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37362
Active PHP Bookmarks 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/30757
Nullsoft Winamp M3U File Denial of Service Vulnerability
http://www.securityfocus.com/bid/25152
CoolPlayer M3U File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/30418
Allied Telesyn AT-TFTP Server Filename Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/21320
Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36379
Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37069
Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37068
Linux Kernel 'hfc_usb.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37036
Linux Kernel 'megaraid_sas' Driver Insecure File Permission Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37019
Intel BIOS SINIT Authenticated Code Module Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37430
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Horde Application Framework Administration Interface 'PHP_SELF' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37351
Adobe Flash Player and AIR (CVE-2009-3798) Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37275
Adobe Flash Player and AIR Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/37269
Adobe Flash Player and AIR (CVE-2009-3797) Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37273
Adobe Flash Player and AIR (CVE-2009-3797) Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37273
Adobe Flash Player and AIR 'exception_count' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37267
Adobe Flash Player and AIR Data Injection Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37270
Adobe Flash Player and AIR JPEG File Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37266
Adobe Flash Player ActiveX Control Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37272
Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37153
MySQL OpenSSL Server Certificate yaSSL Security Bypass Vulnerability
http://www.securityfocus.com/bid/37076
MySQL Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/37297
Adobe Reader and Acrobat 'newplayer()' JavaScript Method Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37331
GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37128
Joomla! JEEMA Article Collection Component 'catid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37449
DeluxeBB Multiple Vulnerabilities
http://www.securityfocus.com/bid/37448
PHPOpenChat Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37447
ClarkConnect Linux 'proxy.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37446
Hitachi Multiple Storage Command Suite Products 'StartTLS' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37445
paFileDB URI Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/37444
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS09-019/index.html
+ Apache Velocity 1.6.3 released
http://velocity.apache.org/news.html#engine163
+ Microsoft IIS Malformed Local Filename Security Bypass Vulnerability
http://www.securityfocus.com/bid/37460
- Linux Kernel 'fuse_ioctl_copy_user()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37453
- Security Vulnerability in the Sun Ray Server Software Authentication Manager May Allow a Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-267548-1
- Security Vulnerability in the OSCAR Protocol Plugin for pidgin(1) may Lead to a Denial of Service (DoS) Condition
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272489-1
MySQL Connector/Net 6.2.2 GA has been released
http://dev.mysql.com/downloads/connector/net/6.2.html
[FreeBSD-Announce] FreeBSD Mall now shipping 8.0
http://www.freebsdmall.com/
SUN ALERT WEEKLY SUMMARY REPORT - Week of 13-Dec-2009 to 19-Dec-2009
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274750-1
Perl 5.11.3 now available
http://use.perl.org/article.pl?sid=09/12/22/199226&from=rss
libnetfilter_conntrack 0.0.101 released
http://www.iptables.org/projects/libnetfilter_conntrack/downloads.html#libnetfilter_conntrack-0.0.101
UPDATE: Cisco Security Advisory: Multiple Cisco WebEx WRF Player Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20091216-webex.shtml
Debian : New bind9 packages fix cache poisoning
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31325
Debian : New kvm packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31326
Independent Researcher : XSS in WebMathematica
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31329
Hewlett-Packard : HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31331
Independent Researcher : XSS vulnerabilities in 8 millions flash files
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31317
Independent Researcher : Bug in RealPlayer Plus 11
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31327
Independent Researcher : XSS Vulnerability in JpGraph 3.0.6
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31328
Independent Researcher : Remote Buffer Overflow Exploit (TFTP Daemon Version 1.9) by Socket_0x03
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31332
Mandriva : proftpd
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31312
Mandriva : firefox
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31322
Mandriva : firefox
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31323
Red Hat : Moderate: condor security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31315
Red Hat : Moderate: condor security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31316
SuSE : Flash Player
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31313
SuSE : Mozilla Firefox
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31314
SuSE : Linux kernel
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31324
Independent Researcher : ClarkConnect XSS vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31330
Restarting the Management agents on an ESX or ESXi Server
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1003490&sliceId=1&docTypeID=DT_KB_1_1
[SECURITY] [DSA-1962-1] New kvm packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00289.html
[SECURITY] [DSA 1961-1] New bind9 packages fix cache poisoning
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00290.html
XSS Vulnerability in JpGraph 3.0.6
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00291.html
[ MDVSA-2009:339 ] firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00288.html
[ MDVSA-2009:338 ] firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00287.html
[security bulletin] HPSBUX02498 SSRT090264 rev.1 - HP-UX Running Apache, Remote Unauthorized
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00282.html
[ MDVSA-2009:337 ] proftpd
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00284.html
Remote Buffer Overflow Exploit (TFTP Daemon Version 1.9) by Socket_0x03
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00285.html
ClarkConnect XSS vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00281.html
RHBA-2009:1691-1: xorg-x11-server bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1691.html
RHBA-2009:1693-1: mysql bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1693.html
WordPress Woopra Analytics Plugin Arbitrary File Creation Vulnerability
http://secunia.com/advisories/37911/
SUSE update for kernel
http://secunia.com/advisories/37909/
Debian update for kvm
http://secunia.com/advisories/37908/
XFS Acl Recursive Symlink Processing Security Issue
http://secunia.com/advisories/37907/
webMathematica Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37905/
Debian update for bind9
http://secunia.com/advisories/37904/
Open Flash Chart Arbitrary File Creation Vulnerability
http://secunia.com/advisories/37903/
SUSE update for flash-player
http://secunia.com/advisories/37902/
weenCompany "moduleid" SQL Injection Vulnerability
http://secunia.com/advisories/37895/
SUSE update for MozillaFirefox
http://secunia.com/advisories/37881/
The Uploader "filename" Information Disclosure Vulnerability
http://secunia.com/advisories/37873/
Joomla JEEMA Article Collection Component "catid" SQL Injection
http://secunia.com/advisories/37865/
Active Business Directory "search" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37863/
ClarkConnect "url" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37850/
JpGraph "GetURLArguments()" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37832/
F5 BIG-IP ASM / PSM Buffer Overflow Vulnerability
http://secunia.com/advisories/37805/
Fedora update for trac
http://secunia.com/advisories/37901/
Intel Trusted Execution Technology SINIT Security Bypass
http://secunia.com/advisories/37900/
VideoCMS "v" SQL Injection Vulnerability
http://secunia.com/advisories/37889/
Absolute Shopping Cart "prod_id" SQL Injection Vulnerability
http://secunia.com/advisories/37887/
Social Web CMS Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/37886/
Ultimate Uploader for PHP Arbitrary File Upload Vulnerability
http://secunia.com/advisories/37880/
SQL-Ledger Multiple Vulnerabilities
http://secunia.com/advisories/37877/
Pre Hotels & Resorts Management System SQL Injection Vulnerabilities
http://secunia.com/advisories/37870/
Hitachi Products Secure LDAP Information Disclosure
http://secunia.com/advisories/37869/
Serendipity Arbitrary File Upload Security Issue
http://secunia.com/advisories/37830/
Fedora update for mysql
http://secunia.com/advisories/37827/
Fedora update for asterisk
http://secunia.com/advisories/37812/
Trac Reports Alternate Formats Information Disclosure Vulnerability
http://secunia.com/advisories/37807/
Fedora update for libtool
http://secunia.com/advisories/37806/
Red Hat update for condor
http://secunia.com/advisories/37803/
HP-UX update for Apache
http://secunia.com/advisories/37800/
Condor Job Management Security Bypass Vulnerability
http://secunia.com/advisories/37766/
Intel SINIT Authenticated Code Module Flaw Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/Dec/1023382.html
Condor Job Management Flaw Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/Dec/1023378.html
Winamp 5.571 Released (5.57 revised, build 2810)
http://forums.winamp.com/showthread.php?threadid=315355
GNU Libtool 2.2.6b released
http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html
Metasploit 3.3.3 Released!
http://www.metasploit.com/redmine/projects/framework/wiki/Release_Notes_333
Merry Festivus: Commence the "Airing of Infosec Grievaces"
http://isc.sans.org/diary.html?storyid=7804
Tell us about your Christmas Family Emergency Kit
http://isc.sans.org/diary.html?storyid=7795
Blackberry Outage
http://isc.sans.org/diary.html?storyid=7798
Howard Schmidt named as new Cybersecurity Coordinator
http://isc.sans.org/diary.html?storyid=7792
F5 BIG-IP ASM and PSM Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3627
Serendipity File Extension Processing Arbitrary File Upload Vulnerability
http://www.vupen.com/english/advisories/2009/3626
SQL-Ledger Multiple SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/3625
Intel SINIT Authenticated Code Module Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2009/3618
Hitachi Products LDAP StartTLS Feature Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3617
Trac Security Update Fixes Multiple Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2009/3615
HP-UX Security Update Fixes Apache SSL Plaintext Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3614
CoreHTTP Arbitrary Command Execution Vulnerability
http://www.exploit-db.com/exploits/10610
Exploit for against Easy RM to MP3 2.7.3.700
http://www.exploit-db.com/exploits/10620
Easy RM to MP3 27.3.700 local BOF xp sp2
http://www.exploit-db.com/exploits/10619
Adobe Reader and Acrobat (CVE-2009-4324) Exploit
http://www.exploit-db.com/exploits/10618
Printoxx Local Buffer Overflow
http://www.exploit-db.com/exploits/10617
2.6.18-20 2009 Local Root Exploit
http://www.exploit-db.com/exploits/10613
CoolPlayer 2.18 M3U Playlist Buffer Overflow Exploit
http://www.exploit-db.com/exploits/10595
PlayMeNow Malformed (M3U) Universal XP Seh BoF
http://www.exploit-db.com/exploits/10596
Easy RM to MP3 27.3.700 WinXP SP3
http://www.exploit-db.com/exploits/10602
Wireshark 0.9.0 through 1.2.4 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37407
Linux Kernel 'fuse_ioctl_copy_user()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37453
XFS ACL 'setfacl' and 'getfacl' Symbolic Link Handling Security Bypass Vulnerability
http://www.securityfocus.com/bid/37455
PHP-Calendar Multiple Remote And Local File Include Vulnerabilities
http://www.securityfocus.com/bid/37450
Simple PHP Blog 'blog_language1' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/37434
Cisco WebEx WRF File Handling Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/37352
IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35671
Sun Java SE November 2009 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36881
Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36097
Wget NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36205
Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36936
Expat Unspecified XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37203
Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36639
Red Hat acpid '/var/log/acpid' Log File Permissions Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37249
Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36827
Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723
Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36901
Linux kernel 'O_EXCL' NFSv4 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36472
Linux Kernel with SELinux 'mmap_min_addr' Low Memory NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36051
Linux Kernel 2.4 and 2.6 Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36304
Linux Kernel '/drivers/net/r8169.c' Out-of-IOMMU Error Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36706
Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/36824
Linux Kernel KVM Large SMP Instruction Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37130
Linux Kernel KVM 'handle_dr()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37221
Linux Kernel KVM 'kvm_dev_ioctl_get_supported_cpuid()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/36803
Linux Kernel Prior to 2.6.24.2 'vmsplice_to_pipe()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/27801
ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118
Webformatique Car Manager Joomla! Component 'msg' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37458
OpenX Administrative Interface Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37457
Drupal FAQ Module Unspecified HTML Injection Vulnerability
http://www.securityfocus.com/bid/37456
CoreHTTP CGI Support Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/37454
F5 BIG-IP ASM and PSM Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37452
webMathematica 'MSP' Script Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37451
Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37368
Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37364
Mozilla Firefox and SeaMonkey 'liboggplay' Media Library Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37369
Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
http://www.securityfocus.com/bid/37360
Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/37367
RETIRED: Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37349
Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37363
Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37361
Mozilla Firefox 'window.opener' Property Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37365
Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37366
Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
http://www.securityfocus.com/bid/37370
Mozilla Firefox CVE-2009-3980 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37362
Active PHP Bookmarks 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/30757
Nullsoft Winamp M3U File Denial of Service Vulnerability
http://www.securityfocus.com/bid/25152
CoolPlayer M3U File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/30418
Allied Telesyn AT-TFTP Server Filename Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/21320
Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36379
Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37069
Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37068
Linux Kernel 'hfc_usb.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37036
Linux Kernel 'megaraid_sas' Driver Insecure File Permission Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37019
Intel BIOS SINIT Authenticated Code Module Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37430
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Horde Application Framework Administration Interface 'PHP_SELF' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37351
Adobe Flash Player and AIR (CVE-2009-3798) Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37275
Adobe Flash Player and AIR Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/37269
Adobe Flash Player and AIR (CVE-2009-3797) Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37273
Adobe Flash Player and AIR (CVE-2009-3797) Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37273
Adobe Flash Player and AIR 'exception_count' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37267
Adobe Flash Player and AIR Data Injection Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37270
Adobe Flash Player and AIR JPEG File Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37266
Adobe Flash Player ActiveX Control Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37272
Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37153
MySQL OpenSSL Server Certificate yaSSL Security Bypass Vulnerability
http://www.securityfocus.com/bid/37076
MySQL Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/37297
Adobe Reader and Acrobat 'newplayer()' JavaScript Method Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37331
GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37128
Joomla! JEEMA Article Collection Component 'catid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37449
DeluxeBB Multiple Vulnerabilities
http://www.securityfocus.com/bid/37448
PHPOpenChat Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37447
ClarkConnect Linux 'proxy.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37446
Hitachi Multiple Storage Command Suite Products 'StartTLS' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37445
paFileDB URI Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/37444
2009年12月22日火曜日
22日 火曜日、大安
+ HS09-019: Cosminexus, Processing Kit for XML, Hitachi Developer's Kit for Javaにおけるバッファオーバーフローの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS09-019/index.html
PostgreSQL 8.5alpha3 Now Available
http://www.postgresql.org/about/news.1172
PostgreSQL PHP Generator 9.12 released
http://www.postgresql.org/about/news.1171
[Announce] GnuPG 2.0.14 released
http://lists.gnupg.org/pipermail/gnupg-announce/2009q4/000296.html
ServerProtect for Windows 5.8 公開とサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1314
Trend Micro Security (for Mac) 1.5 公開およびサポートサービス開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1345
HS09-018: The StartTLS function is not enabled in Hitachi Storage Command Suite products
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-018/index.html
JVNDB-2009-002351 Sun Java SE および OpenJDK における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002351.html
JVNDB-2009-002350 Sun Java SE および OpenJDK の Abstract Window Toolkit (AWT) における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002350.html
JVNDB-2009-002349 Sun Java SE および OpenJDK の X11 および Win32GraphicsDevice サブシステムにおける getConfigurations 関数による配列の複製に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002349.html
JVNDB-2009-002348 Sun Java SE の TrueType フォント解析機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002348.html
JVNDB-2009-002347 Sun Java SE および OpenJDK の Java Runtime Environment (JRE) における ディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002347.html
JVNDB-2009-002200 Samba の smbd におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002200.html
JVNDB-2009-002199 Samba の mount.cifs における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002199.html
+ [Announce] GnuPG 2.0.14 released
http://www.gnupg.org/download/
+ MySQL Community Server 5.0.89 has been released
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-89.html
+ HPSBUX02498 SSRT090264 rev.1 - HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of Service (DoS)
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01963123
- PHP 'symlink()' 'open_basedir' Restriction Bypass Vulnerability
http://www.securityfocus.com/bid/37032
http://www.exploit-db.com/exploits/10557
redteam : TLS Renegotiation Vulnerability: Proof of Concept Code (Python)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31304
Gentoo Linux : Ruby on Rails: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31306
Debian : New ganeti packages fix arbitrary command execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31307
Debian : New acpid packages fix weak file permissions
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31308
Slackware Linux : seamonkey
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31305
ISecAuditors : PHP-Calendar <= v1.1 'configfile' Remote and Local File Inclusion vulnerability http://www.criticalwatch.com/support/security-advisories.aspx?AID=31302
ISecAuditors : Simple PHP Blog <= 0.5.1 Local File Include vulnerability http://www.criticalwatch.com/support/security-advisories.aspx?AID=31303
「USBウイルス対策してますか?」ブラウザーで確認できるツール
USBメモリーの自動実行機能をチェック、IPAが公開
http://itpro.nikkeibp.co.jp/article/NEWS/20091222/342540/?ST=security
JVN#75368899 IPv6 を実装した複数の製品にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN75368899/index.html
RHBA-2009:1686-1: ksh bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1686.html
SQL-Ledger =?utf-8?Q?=E2=80=93_severa?= =?utf-8?Q?l?= vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00280.html
TLS Renegotiation Vulnerability: Proof of Concept Code (Python)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00279.html
pragmaMx CMS Blind SQL/XPath Injection vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00278.html
phpPollScript - 1.3 Remote File Include
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00277.html
[ GLSA 200912-02 ] Ruby on Rails: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00276.html
[SECURITY] [DSA 1960-1] New acpid packages fix weak file permissions
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00274.html
[SECURITY] [DSA-1959-1] New ganeti packages fix arbitrary command execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00275.html
[USN-874-1] Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00273.html
[USN-873-1] Firefox 3.0 and Xulrunner 1.9 vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00272.html
SMF (Simple Machine Forum) 1.1.11 XSS - Discovered by : Khashayar Fereidani
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00271.html
[USN-875-1] Red Hat Cluster Suite vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00269.html
[ISecAuditors Security Advisories] PHP-Calendar <= v1.1 configfile Remote and Local File Inclusi http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00270.html
[ISecAuditors Security Advisories] Simple PHP Blog <= 0.5.1 Local File Include vulnerability http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00268.html
[ MDVSA-2009:336 ] koffice
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00266.html
TPTI-09-15: HP OpenView Data Protector Cell Manager Heap Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00265.html
ZDI-09-099: Hewlett-Packard OpenView Data Protector Backup Client Service Buffer Overflo
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00264.html
iPhone Botnet Analysis
http://isc.sans.org/diary.html?storyid=7786
There is no such thing as a free lunch .
http://isc.sans.org/diary.html?storyid=7789
Adobe Flash Media Server Bugs Let Remote Users Execute Arbitrary Code and Deny Service
http://securitytracker.com/alerts/2009/Dec/1023377.html
Ubuntu update for Firefox and Xulrunner
http://secunia.com/advisories/37893/
Ubuntu update for redhat-cluster
http://secunia.com/advisories/37892/
Adobe Flash Media Server Two Vulnerabilities
http://secunia.com/advisories/37891/
Ubuntu update for Firefox and Xulrunner
http://secunia.com/advisories/37890/
Debian update for acpid
http://secunia.com/advisories/37885/
Debian update for ganeti
http://secunia.com/advisories/37884/
Gentoo update for rails
http://secunia.com/advisories/37876/
IBM SDK for Java TLS Session Renegotiation Plaintext Injection
http://secunia.com/advisories/37875/
t-prot Unspecified Denial of Service Vulnerability
http://secunia.com/advisories/37874/
Nortel CS1000 NTP Mode 7 Request Denial of Service
http://secunia.com/advisories/37871/
Ampache Unspecified Security Bypass Vulnerabilities
http://secunia.com/advisories/37867/
8pixel.net Blog Database Disclosure Security Issue
http://secunia.com/advisories/37846/
PacketFence "username" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37844/
Pandora FMS "id_agente" SQL Injection Vulnerability
http://secunia.com/advisories/37837/
Ignition "blog" Local File Inclusion Vulnerabilities
http://secunia.com/advisories/37836/
Saurus CMS File Inclusion Vulnerabilities
http://secunia.com/advisories/37828/
cPanel "fileop" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37826/
Joomla DigiStore Component "pid[]" and "cid[]" SQL Injection Vulnerabilities
http://secunia.com/advisories/37756/
angelo-emlak Information Disclosure Security Issue
http://secunia.com/advisories/37724/
Joomla Event Manager Compoment "id" SQL Injection Vulnerability
http://secunia.com/advisories/37687/
IBM SDK for Java TLS Session Renegotiation Plaintext Injection Issue
http://www.vupen.com/english/advisories/2009/3609
cPanel "fileop" Parameter Handling Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/3608
Nortel CS1000 NTP Mode 7 Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3607
Adobe Flash Media Server Directory Traversal and DoS Vulnerabilities
http://www.vupen.com/english/advisories/2009/3606
TLS Renegotiation Vulnerability PoC Exploit
http://www.exploit-db.com/exploits/10579
PlayMeNow Malformed M3U Playlist Buffer Overflow(SEH
http://www.exploit-db.com/exploits/10577
Intel Indeo Codec Media Content Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/37251
Adobe Illustrator Encapsulated Postscript File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37192
HP Operations Manager Remote Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/37086
HP OpenView Network Node Manager 'ovalarm.exe' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37347
Adobe Reader and Acrobat 'newplayer()' JavaScript Method Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37331
IBM Access Support ActiveX Control 'GetXMLValue()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34228
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
PHP 'symlink()' 'open_basedir' Restriction Bypass Vulnerability
http://www.securityfocus.com/bid/37032
IBM Tivoli Storage Manager Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/36916
IBM Tivoli Storage Manager Multiple Vulnerabilities
http://www.securityfocus.com/bid/34803
Ruby on Rails 'strip_tags()' Non-Printable Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37142
Ruby on Rails Session Fixation Vulnerability
http://www.securityfocus.com/bid/26598
Ruby on Rails Multiple Vulnerabilities
http://www.securityfocus.com/bid/26096
Ruby on Rails ':offset' And ':limit' Parameters SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/31176
Ruby on Rails Form Helpers Unicode String Handling Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36278
Ruby on Rails 'http_authentication.rb' Nil Credentials Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35579
Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
http://www.securityfocus.com/bid/37370
Mozilla Firefox and SeaMonkey 'liboggplay' Media Library Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37369
Mozilla Firefox 'window.opener' Property Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37365
Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37364
Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37368
Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37366
Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/37367
Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37363
Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37361
Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
http://www.securityfocus.com/bid/37360
Mozilla Firefox CVE-2009-3980 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37362
Joomla! JCal Pro Component 'mosConfig_absolute_path' Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/37438
PHPPhotoalbum 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/37436
Kasseler CMS Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/37435
Simple PHP Blog 'blog_language1' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/37434
Joomla! DigiStore Component Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37433
SQL-Ledger Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/37431
Intel BIOS SINIT Authenticated Code Module Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37430
4homepages 4images 'search_user' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37429
Joomla Event Manager Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37426
Simplicity oF Upload 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/37424
JBC Explorer 'arbre.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37423
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS09-019/index.html
PostgreSQL 8.5alpha3 Now Available
http://www.postgresql.org/about/news.1172
PostgreSQL PHP Generator 9.12 released
http://www.postgresql.org/about/news.1171
[Announce] GnuPG 2.0.14 released
http://lists.gnupg.org/pipermail/gnupg-announce/2009q4/000296.html
ServerProtect for Windows 5.8 公開とサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1314
Trend Micro Security (for Mac) 1.5 公開およびサポートサービス開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1345
HS09-018: The StartTLS function is not enabled in Hitachi Storage Command Suite products
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-018/index.html
JVNDB-2009-002351 Sun Java SE および OpenJDK における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002351.html
JVNDB-2009-002350 Sun Java SE および OpenJDK の Abstract Window Toolkit (AWT) における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002350.html
JVNDB-2009-002349 Sun Java SE および OpenJDK の X11 および Win32GraphicsDevice サブシステムにおける getConfigurations 関数による配列の複製に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002349.html
JVNDB-2009-002348 Sun Java SE の TrueType フォント解析機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002348.html
JVNDB-2009-002347 Sun Java SE および OpenJDK の Java Runtime Environment (JRE) における ディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002347.html
JVNDB-2009-002200 Samba の smbd におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002200.html
JVNDB-2009-002199 Samba の mount.cifs における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002199.html
+ [Announce] GnuPG 2.0.14 released
http://www.gnupg.org/download/
+ MySQL Community Server 5.0.89 has been released
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-89.html
+ HPSBUX02498 SSRT090264 rev.1 - HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of Service (DoS)
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01963123
- PHP 'symlink()' 'open_basedir' Restriction Bypass Vulnerability
http://www.securityfocus.com/bid/37032
http://www.exploit-db.com/exploits/10557
redteam : TLS Renegotiation Vulnerability: Proof of Concept Code (Python)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31304
Gentoo Linux : Ruby on Rails: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31306
Debian : New ganeti packages fix arbitrary command execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31307
Debian : New acpid packages fix weak file permissions
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31308
Slackware Linux : seamonkey
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31305
ISecAuditors : PHP-Calendar <= v1.1 'configfile' Remote and Local File Inclusion vulnerability http://www.criticalwatch.com/support/security-advisories.aspx?AID=31302
ISecAuditors : Simple PHP Blog <= 0.5.1 Local File Include vulnerability http://www.criticalwatch.com/support/security-advisories.aspx?AID=31303
「USBウイルス対策してますか?」ブラウザーで確認できるツール
USBメモリーの自動実行機能をチェック、IPAが公開
http://itpro.nikkeibp.co.jp/article/NEWS/20091222/342540/?ST=security
JVN#75368899 IPv6 を実装した複数の製品にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN75368899/index.html
RHBA-2009:1686-1: ksh bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1686.html
SQL-Ledger =?utf-8?Q?=E2=80=93_severa?= =?utf-8?Q?l?= vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00280.html
TLS Renegotiation Vulnerability: Proof of Concept Code (Python)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00279.html
pragmaMx CMS Blind SQL/XPath Injection vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00278.html
phpPollScript - 1.3 Remote File Include
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00277.html
[ GLSA 200912-02 ] Ruby on Rails: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00276.html
[SECURITY] [DSA 1960-1] New acpid packages fix weak file permissions
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00274.html
[SECURITY] [DSA-1959-1] New ganeti packages fix arbitrary command execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00275.html
[USN-874-1] Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00273.html
[USN-873-1] Firefox 3.0 and Xulrunner 1.9 vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00272.html
SMF (Simple Machine Forum) 1.1.11 XSS - Discovered by : Khashayar Fereidani
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00271.html
[USN-875-1] Red Hat Cluster Suite vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00269.html
[ISecAuditors Security Advisories] PHP-Calendar <= v1.1 configfile Remote and Local File Inclusi http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00270.html
[ISecAuditors Security Advisories] Simple PHP Blog <= 0.5.1 Local File Include vulnerability http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00268.html
[ MDVSA-2009:336 ] koffice
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00266.html
TPTI-09-15: HP OpenView Data Protector Cell Manager Heap Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00265.html
ZDI-09-099: Hewlett-Packard OpenView Data Protector Backup Client Service Buffer Overflo
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00264.html
iPhone Botnet Analysis
http://isc.sans.org/diary.html?storyid=7786
There is no such thing as a free lunch .
http://isc.sans.org/diary.html?storyid=7789
Adobe Flash Media Server Bugs Let Remote Users Execute Arbitrary Code and Deny Service
http://securitytracker.com/alerts/2009/Dec/1023377.html
Ubuntu update for Firefox and Xulrunner
http://secunia.com/advisories/37893/
Ubuntu update for redhat-cluster
http://secunia.com/advisories/37892/
Adobe Flash Media Server Two Vulnerabilities
http://secunia.com/advisories/37891/
Ubuntu update for Firefox and Xulrunner
http://secunia.com/advisories/37890/
Debian update for acpid
http://secunia.com/advisories/37885/
Debian update for ganeti
http://secunia.com/advisories/37884/
Gentoo update for rails
http://secunia.com/advisories/37876/
IBM SDK for Java TLS Session Renegotiation Plaintext Injection
http://secunia.com/advisories/37875/
t-prot Unspecified Denial of Service Vulnerability
http://secunia.com/advisories/37874/
Nortel CS1000 NTP Mode 7 Request Denial of Service
http://secunia.com/advisories/37871/
Ampache Unspecified Security Bypass Vulnerabilities
http://secunia.com/advisories/37867/
8pixel.net Blog Database Disclosure Security Issue
http://secunia.com/advisories/37846/
PacketFence "username" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37844/
Pandora FMS "id_agente" SQL Injection Vulnerability
http://secunia.com/advisories/37837/
Ignition "blog" Local File Inclusion Vulnerabilities
http://secunia.com/advisories/37836/
Saurus CMS File Inclusion Vulnerabilities
http://secunia.com/advisories/37828/
cPanel "fileop" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37826/
Joomla DigiStore Component "pid[]" and "cid[]" SQL Injection Vulnerabilities
http://secunia.com/advisories/37756/
angelo-emlak Information Disclosure Security Issue
http://secunia.com/advisories/37724/
Joomla Event Manager Compoment "id" SQL Injection Vulnerability
http://secunia.com/advisories/37687/
IBM SDK for Java TLS Session Renegotiation Plaintext Injection Issue
http://www.vupen.com/english/advisories/2009/3609
cPanel "fileop" Parameter Handling Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/3608
Nortel CS1000 NTP Mode 7 Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3607
Adobe Flash Media Server Directory Traversal and DoS Vulnerabilities
http://www.vupen.com/english/advisories/2009/3606
TLS Renegotiation Vulnerability PoC Exploit
http://www.exploit-db.com/exploits/10579
PlayMeNow Malformed M3U Playlist Buffer Overflow(SEH
http://www.exploit-db.com/exploits/10577
Intel Indeo Codec Media Content Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/37251
Adobe Illustrator Encapsulated Postscript File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37192
HP Operations Manager Remote Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/37086
HP OpenView Network Node Manager 'ovalarm.exe' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37347
Adobe Reader and Acrobat 'newplayer()' JavaScript Method Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37331
IBM Access Support ActiveX Control 'GetXMLValue()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34228
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
PHP 'symlink()' 'open_basedir' Restriction Bypass Vulnerability
http://www.securityfocus.com/bid/37032
IBM Tivoli Storage Manager Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/36916
IBM Tivoli Storage Manager Multiple Vulnerabilities
http://www.securityfocus.com/bid/34803
Ruby on Rails 'strip_tags()' Non-Printable Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37142
Ruby on Rails Session Fixation Vulnerability
http://www.securityfocus.com/bid/26598
Ruby on Rails Multiple Vulnerabilities
http://www.securityfocus.com/bid/26096
Ruby on Rails ':offset' And ':limit' Parameters SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/31176
Ruby on Rails Form Helpers Unicode String Handling Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36278
Ruby on Rails 'http_authentication.rb' Nil Credentials Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35579
Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
http://www.securityfocus.com/bid/37370
Mozilla Firefox and SeaMonkey 'liboggplay' Media Library Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37369
Mozilla Firefox 'window.opener' Property Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37365
Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37364
Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37368
Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37366
Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/37367
Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37363
Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37361
Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
http://www.securityfocus.com/bid/37360
Mozilla Firefox CVE-2009-3980 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37362
Joomla! JCal Pro Component 'mosConfig_absolute_path' Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/37438
PHPPhotoalbum 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/37436
Kasseler CMS Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/37435
Simple PHP Blog 'blog_language1' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/37434
Joomla! DigiStore Component Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37433
SQL-Ledger Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/37431
Intel BIOS SINIT Authenticated Code Module Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37430
4homepages 4images 'search_user' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37429
Joomla Event Manager Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37426
Simplicity oF Upload 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/37424
JBC Explorer 'arbre.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37423
2009年12月21日月曜日
21日 月曜日、仏滅
OpenLDAP 2.4.21 available
http://www.openldap.org/software/download/
IM Security for Microsoft Office Communications Server サポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1336
Trend Micro PortalProtect 1.8 サポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1344
Downloading VMware products and troubleshooting issues with downloads
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1012245&sliceId=1&docTypeID=DT_KB_1_1
簡単な操作でWindowsのセキュリティ設定をチェックできる「MyJVN セキュリティ設定チェッカ」を公開
~ ウイルスから個人情報や機密情報を守るため、USBメモリ自動実行機能を無効にしましょう ~
http://www.ipa.go.jp/security/vuln/documents/2009/200912_myjvn_cc.html
JVNDB-2009-002346 JDK および JRE の Sun Java SE にある Deployment Toolkit プラグインにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002346.html
JVNDB-2009-002345 Hitachi Storage Command Suite 製品における StartTLS が有効にならない脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002345.html
JVNDB-2009-002344 CUPS の cupsd におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002344.html
JVNDB-2009-002016 APR ライブラリおよび APR-util ライブラリにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002016.html
JVNDB-2009-001990 Sun Java SE における任意のファイルを改ざんされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001990.html
JVNDB-2009-001988 Sun JRE で使用している Apache Xerces2 Java におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001988.html
JVNDB-2009-001987 Sun JRE の unpack200 ユーティリティにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001987.html
JVNDB-2009-001986 Sun JRE の Sun Java Web Start における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001986.html
JVNDB-2009-001985 Sun JRE のプロキシ機構実装におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001985.html
JVNDB-2009-001984 Sun JRE のプロキシ機構実装における Web セッションを乗っ取られる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001984.html
JVNDB-2009-001983 Sun JRE の SOCKS プロキシ実装における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001983.html
JVNDB-2009-001982 Sun JRE のオーディオシステムにおける重要な情報が取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001982.html
JVNDB-2009-001911 XML 署名の検証において認証回避が可能な問題
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001911.html
PHP-Calendar Include File Bug in 'configfile' Parameter Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Dec/1023375.html
+ Linux kernel 2.6.27.42/2.6.31.9/2.6.32.2 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.42
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.9
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.2
http://www.linux.org/news/2009/12/18/0003.html
http://www.linux.org/news/2009/12/18/0002.html
http://www.linux.org/news/2009/12/18/0001.html
+ OpenLDAP 2.4.21 released
http://www.openldap.org/software/release/announce.html
http://www.openldap.org/software/release/changes.html
- PHP 'htmlspecialcharacters()' Malformed Multibyte Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37389/exploit
- Apache Tomcat Native SSL Session Renegotiation Plaintext Injection
http://www.vupen.com/english/advisories/2009/3587
MySQL Workbench 5.2.11 Beta 3 Available
http://dev.mysql.com/downloads/workbench/
Security Vulnerability in the Timeout Mechanism of Solaris sshd(1M) may Lead to a Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272629-1
APSB09-18: Security update available for Flash Media Server
http://www.adobe.com/support/security/bulletins/apsb09-18.html
CTX123359: Transport Layer Security Renegotiation Vulnerability
http://support.citrix.com/article/CTX123359
Package: Courier: latest development snapshot: 20091218 (18-Dec-2009)
https://sourceforge.net/projects/courier/files/courier-devel/20091218/courier-0.63.0.20091218.tar.bz2/download
Package: Courier authentication library: latest development snapshot: 20091218 (18-Dec-2009)
https://sourceforge.net/projects/courier/files/authlib-devel/20091218/courier-authlib-0.62.4.20091218.tar.bz2/download
NTP 4.2.6p1-RC1 released
http://archive.ntp.org/ntp4/ChangeLog-stable-rc
NTP 4.2.7p2 Development released
http://archive.ntp.org/ntp4/ChangeLog-dev
cisco-sa-20091109-tls: Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml
Document ID: 339328: Replace track alignment registry setting for "OPEN-V" arrays from sector offset 96 to sector offset 128.
http://seer.entsupport.symantec.com/docs/339328.htm
Document ID: 339268: The installation of Storage Foundation 5.1 for Windows Service Pack 1 (SFW 5.1 SP1) into a Windows 2008 Server Core R2 environment does not allow for the installation of Symantec Dynamic Multipathing (DMP) software.
http://seer.entsupport.symantec.com/docs/339268.htm
RHBA-2009:1684-1: vixie-cron bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1684.html
RHBA-2009:1685-1: openCryptoki bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1685.html
MDVSA-2009:336: koffice
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31295
ファイルを「魚介類の画像」で上書き、「タコイカウイルス」に注意
ファイル共有ソフト経由で侵入、ユーザー情報などを盗む“機能”も
http://itpro.nikkeibp.co.jp/article/NEWS/20091221/342456/?ST=security
アプリケーション配布機能を強化,MOTEXが「LanScope Cat6」の新版を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20091218/342388/?ST=security
Frustrations of ISP Abuse Handling
http://isc.sans.org/diary.html?storyid=7780
Educationing Our Communities
http://isc.sans.org/diary.html?storyid=7783
Twitter outage via DNS hijacking
http://isc.sans.org/diary.html?storyid=7774
Wireshark Buffer Overflow in Daintree SNA Parser and Bugs in SMB, SMB2, and IPMI Dissectors Let Remote Users Execute Arbitrary Code and Deny Service
http://securitytracker.com/alerts/2009/Dec/1023374.html
PHP Session Function Corruption Flaw May Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Dec/1023373.html
PHP Input Validation Flaw in htmlspecialchars() Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/Dec/1023372.html
wnpa-sec-2009-09: Multiple vulnerabilities in Wireshark version 0.9.0 to 1.2.4
http://www.wireshark.org/security/wnpa-sec-2009-09.html
Fedora update for gtk2
http://secunia.com/advisories/37862/
Fedora update for httpd
http://secunia.com/advisories/37861/
Fedora update for coreutils
http://secunia.com/advisories/37860/
Fedora update for tomcat-native
http://secunia.com/advisories/37859/
Fedora update for seamonkey
http://secunia.com/advisories/37858/
Fedora update for drupal
http://secunia.com/advisories/37857/
Fedora update for xulrunner
http://secunia.com/advisories/37856/
Fedora update for firefox
http://secunia.com/advisories/37855/
Fedora update for postgresql
http://secunia.com/advisories/37854/
Fedora update for rubygem-actionpack
http://secunia.com/advisories/37853/
GTK+ "gdk_window_begin_implicit_paint()" Foreign Windows Weakness
http://secunia.com/advisories/37852/
Ghostscript "errprintf()" Buffer Overflow Vulnerability
http://secunia.com/advisories/37851/
Ganeti "iallocator" Names Arbitrary Command Execution Vulnerability
http://secunia.com/advisories/37849/
phpLDAPadmin "cmd" Local File Inclusion Vulnerability
http://secunia.com/advisories/37848/
Serv-U File Server Information Disclosure Vulnerability
http://secunia.com/advisories/37847/
HP Storage Data Protector Buffer Overflow Vulnerabilities
http://secunia.com/advisories/37845/
IBM WebSphere Application Server Feature Pack for CEA Hijacking Vulnerability
http://secunia.com/advisories/37843/
Wireshark Multiple Vulnerabilities
http://secunia.com/advisories/37842/
Rumba XML "index.php" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37840/
Joomla JoomPortfolio Component "secid" SQL Injection Vulnerability
http://secunia.com/advisories/37838/
Max's Photo Album Arbitrary File Upload Vulnerability
http://secunia.com/advisories/37835/
IBM AIX "qosmod" and "qoslist" Buffer Overflow Vulnerabilities
http://secunia.com/advisories/37833/
Matrimony Script Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/37829/
jCore Server "search" Cross-Site Scripting and Script Insertion Vulnerability
http://secunia.com/advisories/37818/
Pre Multi-Vendor Ecommerce Solution "search" Cross-Site-Scripting-Vulnerability
http://secunia.com/advisories/37801/
WP-Forum Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/37794/
D-Link DIR-615 "apply.cgi" Security Bypass Vulnerability
http://secunia.com/advisories/37777/
Pre Jobo.NET "TextBox1" and "TextBox2" SQL Injection Vulnerability
http://secunia.com/advisories/37776/
Sitecore Staging Module Authentication Security Bypass
http://secunia.com/advisories/37763/
Ez News Manager Cross-Site Request Forgery
http://secunia.com/advisories/37757/
VideoCache vccleaner Insecure Logfile Access Security Issue
http://secunia.com/advisories/37733/
OSSIM Multiple Vulnerabilities
http://secunia.com/advisories/37727/
IBM AIX "qoslist" and "qosmod" Commands Buffer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2009/3600
Ganeti iallocator Names Processing Command Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3599
IBM WebSphere Application Server Feature Pack for CEA Vulnerability
http://www.vupen.com/english/advisories/2009/3598
Ghostscript "errprintf()" Data Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3597
Wireshark Buffer Overflow and Multiple Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/3596
Serv-U Security Update Fixes Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2009/3595
hP OpenView Storage Data Protector Buffer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2009/3594
PHP Security Update Fixes Security Bypass and DoS Vulnerabilities
http://www.vupen.com/english/advisories/2009/3593
Apache Tomcat Native SSL Session Renegotiation Plaintext Injection
http://www.vupen.com/english/advisories/2009/3587
TFTP SERVER Buffer Overflow remote exploit
http://www.exploit-db.com/exploits/10542
PlayMeNow Malformed M3U Playlist WinXP Universal BOF
http://www.exploit-db.com/exploits/10563
- PHP 5.2.12/5.3.1 symlink() open_basedir bypass
http://www.exploit-db.com/exploits/10557
PlayMeNow Malformed M3U Playlist File Buffer
http://www.exploit-db.com/exploits/10556
Mozilla Firefox Location Bar Spoofing Vulnerability
http://www.exploit-db.com/exploits/10544
GTK+ 'gdk/gdkwindow.c' Security Bypass Vulnerability
http://www.securityfocus.com/bid/37411
D-Link DIR-615 'apply.cgi' Security Bypass Vulnerability
http://www.securityfocus.com/bid/37415
Serv-U File Server User Directory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37414
Pre Projects E-Smart Cart 'embadmin/login.asp' SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37418
Ghostscript 'errprintf()' Function PDF Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37410
Wireshark 0.9.0 through 1.2.4 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37407
Pyrmont V2 WordPress Theme 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37409
F3Site 'GLOBALS[nlang]' Parameter Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/37408
Celerondude Uploader 'index.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/37406
Ampache 'login.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37417
eWebquiz 'QuizID' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37402
Active Auction House Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37401
Active Photo Gallery 'account.asp' SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37399
PEAR Sendmail 'Recipient' Parameter Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37395
Pre Job Board 'preview.php' SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37400
cPanel 'fileop' Parameter Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/37394
QuiXplorer 'lang' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/37393
ReVou Comment Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/37391
PHP 'session.save_path()' Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/37390
PHP 'htmlspecialcharacters()' Malformed Multibyte Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37389
Sitecore CMS Staging Service 'api.asmx' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37388
Joomla! 'com_joomportfolio' Component 'secid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37403
Joomla! 'com_personel' Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37404
NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37255
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Mozilla Firefox and SeaMonkey 'liboggplay' Media Library Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37369
Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37368
Mozilla Firefox CVE-2009-3980 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37362
Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37363
Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
http://www.securityfocus.com/bid/37370
Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/37367
Adobe Flash Media Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37420
Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37366
Mozilla Firefox 'window.opener' Property Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37365
Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37364
Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37361
Adobe Flash Media Server Resource Exhaustion Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37419
Sun Solaris 'sshd(1M)' Timeout Mechanism Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37116
TFTP Server Packet Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/28462
fence 'fence_manual' Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/37416
cman 'fence_egenera' Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/30898
Centreon Authentication Mechanism Security Bypass Vulnerability
http://www.securityfocus.com/bid/37383
Pluxml-Blog 'core/admin/auth.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37384
Family Connections Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/37379
RETIRED: WHMCS 'weblink_cat_list.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/37376
GNU Automake Insecure Directory Permissions Vulnerability
http://www.securityfocus.com/bid/37378
cluster Multiple Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/32179
fence 'fence_apc' and 'fence_apc_snmp' Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/31904
OSSIM 'repository_attachment.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/37377
Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35891
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35888
IBM AIX 'qoslist' Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37413
IBM AIX 'qosmod' Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37412
Ruby on Rails 'strip_tags()' Non-Printable Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37142
Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37372
PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/37334
PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37333
GNU Coreutils Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/37256
Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36260
Apache mod_proxy_ftp Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/36254
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
http://www.openldap.org/software/download/
IM Security for Microsoft Office Communications Server サポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1336
Trend Micro PortalProtect 1.8 サポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1344
Downloading VMware products and troubleshooting issues with downloads
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1012245&sliceId=1&docTypeID=DT_KB_1_1
簡単な操作でWindowsのセキュリティ設定をチェックできる「MyJVN セキュリティ設定チェッカ」を公開
~ ウイルスから個人情報や機密情報を守るため、USBメモリ自動実行機能を無効にしましょう ~
http://www.ipa.go.jp/security/vuln/documents/2009/200912_myjvn_cc.html
JVNDB-2009-002346 JDK および JRE の Sun Java SE にある Deployment Toolkit プラグインにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002346.html
JVNDB-2009-002345 Hitachi Storage Command Suite 製品における StartTLS が有効にならない脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002345.html
JVNDB-2009-002344 CUPS の cupsd におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002344.html
JVNDB-2009-002016 APR ライブラリおよび APR-util ライブラリにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002016.html
JVNDB-2009-001990 Sun Java SE における任意のファイルを改ざんされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001990.html
JVNDB-2009-001988 Sun JRE で使用している Apache Xerces2 Java におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001988.html
JVNDB-2009-001987 Sun JRE の unpack200 ユーティリティにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001987.html
JVNDB-2009-001986 Sun JRE の Sun Java Web Start における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001986.html
JVNDB-2009-001985 Sun JRE のプロキシ機構実装におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001985.html
JVNDB-2009-001984 Sun JRE のプロキシ機構実装における Web セッションを乗っ取られる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001984.html
JVNDB-2009-001983 Sun JRE の SOCKS プロキシ実装における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001983.html
JVNDB-2009-001982 Sun JRE のオーディオシステムにおける重要な情報が取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001982.html
JVNDB-2009-001911 XML 署名の検証において認証回避が可能な問題
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001911.html
PHP-Calendar Include File Bug in 'configfile' Parameter Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Dec/1023375.html
+ Linux kernel 2.6.27.42/2.6.31.9/2.6.32.2 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.42
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.9
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.2
http://www.linux.org/news/2009/12/18/0003.html
http://www.linux.org/news/2009/12/18/0002.html
http://www.linux.org/news/2009/12/18/0001.html
+ OpenLDAP 2.4.21 released
http://www.openldap.org/software/release/announce.html
http://www.openldap.org/software/release/changes.html
- PHP 'htmlspecialcharacters()' Malformed Multibyte Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37389/exploit
- Apache Tomcat Native SSL Session Renegotiation Plaintext Injection
http://www.vupen.com/english/advisories/2009/3587
MySQL Workbench 5.2.11 Beta 3 Available
http://dev.mysql.com/downloads/workbench/
Security Vulnerability in the Timeout Mechanism of Solaris sshd(1M) may Lead to a Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272629-1
APSB09-18: Security update available for Flash Media Server
http://www.adobe.com/support/security/bulletins/apsb09-18.html
CTX123359: Transport Layer Security Renegotiation Vulnerability
http://support.citrix.com/article/CTX123359
Package: Courier: latest development snapshot: 20091218 (18-Dec-2009)
https://sourceforge.net/projects/courier/files/courier-devel/20091218/courier-0.63.0.20091218.tar.bz2/download
Package: Courier authentication library: latest development snapshot: 20091218 (18-Dec-2009)
https://sourceforge.net/projects/courier/files/authlib-devel/20091218/courier-authlib-0.62.4.20091218.tar.bz2/download
NTP 4.2.6p1-RC1 released
http://archive.ntp.org/ntp4/ChangeLog-stable-rc
NTP 4.2.7p2 Development released
http://archive.ntp.org/ntp4/ChangeLog-dev
cisco-sa-20091109-tls: Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml
Document ID: 339328: Replace track alignment registry setting for "OPEN-V" arrays from sector offset 96 to sector offset 128.
http://seer.entsupport.symantec.com/docs/339328.htm
Document ID: 339268: The installation of Storage Foundation 5.1 for Windows Service Pack 1 (SFW 5.1 SP1) into a Windows 2008 Server Core R2 environment does not allow for the installation of Symantec Dynamic Multipathing (DMP) software.
http://seer.entsupport.symantec.com/docs/339268.htm
RHBA-2009:1684-1: vixie-cron bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1684.html
RHBA-2009:1685-1: openCryptoki bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1685.html
MDVSA-2009:336: koffice
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31295
ファイルを「魚介類の画像」で上書き、「タコイカウイルス」に注意
ファイル共有ソフト経由で侵入、ユーザー情報などを盗む“機能”も
http://itpro.nikkeibp.co.jp/article/NEWS/20091221/342456/?ST=security
アプリケーション配布機能を強化,MOTEXが「LanScope Cat6」の新版を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20091218/342388/?ST=security
Frustrations of ISP Abuse Handling
http://isc.sans.org/diary.html?storyid=7780
Educationing Our Communities
http://isc.sans.org/diary.html?storyid=7783
Twitter outage via DNS hijacking
http://isc.sans.org/diary.html?storyid=7774
Wireshark Buffer Overflow in Daintree SNA Parser and Bugs in SMB, SMB2, and IPMI Dissectors Let Remote Users Execute Arbitrary Code and Deny Service
http://securitytracker.com/alerts/2009/Dec/1023374.html
PHP Session Function Corruption Flaw May Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Dec/1023373.html
PHP Input Validation Flaw in htmlspecialchars() Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/Dec/1023372.html
wnpa-sec-2009-09: Multiple vulnerabilities in Wireshark version 0.9.0 to 1.2.4
http://www.wireshark.org/security/wnpa-sec-2009-09.html
Fedora update for gtk2
http://secunia.com/advisories/37862/
Fedora update for httpd
http://secunia.com/advisories/37861/
Fedora update for coreutils
http://secunia.com/advisories/37860/
Fedora update for tomcat-native
http://secunia.com/advisories/37859/
Fedora update for seamonkey
http://secunia.com/advisories/37858/
Fedora update for drupal
http://secunia.com/advisories/37857/
Fedora update for xulrunner
http://secunia.com/advisories/37856/
Fedora update for firefox
http://secunia.com/advisories/37855/
Fedora update for postgresql
http://secunia.com/advisories/37854/
Fedora update for rubygem-actionpack
http://secunia.com/advisories/37853/
GTK+ "gdk_window_begin_implicit_paint()" Foreign Windows Weakness
http://secunia.com/advisories/37852/
Ghostscript "errprintf()" Buffer Overflow Vulnerability
http://secunia.com/advisories/37851/
Ganeti "iallocator" Names Arbitrary Command Execution Vulnerability
http://secunia.com/advisories/37849/
phpLDAPadmin "cmd" Local File Inclusion Vulnerability
http://secunia.com/advisories/37848/
Serv-U File Server Information Disclosure Vulnerability
http://secunia.com/advisories/37847/
HP Storage Data Protector Buffer Overflow Vulnerabilities
http://secunia.com/advisories/37845/
IBM WebSphere Application Server Feature Pack for CEA Hijacking Vulnerability
http://secunia.com/advisories/37843/
Wireshark Multiple Vulnerabilities
http://secunia.com/advisories/37842/
Rumba XML "index.php" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37840/
Joomla JoomPortfolio Component "secid" SQL Injection Vulnerability
http://secunia.com/advisories/37838/
Max's Photo Album Arbitrary File Upload Vulnerability
http://secunia.com/advisories/37835/
IBM AIX "qosmod" and "qoslist" Buffer Overflow Vulnerabilities
http://secunia.com/advisories/37833/
Matrimony Script Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/37829/
jCore Server "search" Cross-Site Scripting and Script Insertion Vulnerability
http://secunia.com/advisories/37818/
Pre Multi-Vendor Ecommerce Solution "search" Cross-Site-Scripting-Vulnerability
http://secunia.com/advisories/37801/
WP-Forum Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/37794/
D-Link DIR-615 "apply.cgi" Security Bypass Vulnerability
http://secunia.com/advisories/37777/
Pre Jobo.NET "TextBox1" and "TextBox2" SQL Injection Vulnerability
http://secunia.com/advisories/37776/
Sitecore Staging Module Authentication Security Bypass
http://secunia.com/advisories/37763/
Ez News Manager Cross-Site Request Forgery
http://secunia.com/advisories/37757/
VideoCache vccleaner Insecure Logfile Access Security Issue
http://secunia.com/advisories/37733/
OSSIM Multiple Vulnerabilities
http://secunia.com/advisories/37727/
IBM AIX "qoslist" and "qosmod" Commands Buffer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2009/3600
Ganeti iallocator Names Processing Command Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3599
IBM WebSphere Application Server Feature Pack for CEA Vulnerability
http://www.vupen.com/english/advisories/2009/3598
Ghostscript "errprintf()" Data Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3597
Wireshark Buffer Overflow and Multiple Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/3596
Serv-U Security Update Fixes Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2009/3595
hP OpenView Storage Data Protector Buffer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2009/3594
PHP Security Update Fixes Security Bypass and DoS Vulnerabilities
http://www.vupen.com/english/advisories/2009/3593
Apache Tomcat Native SSL Session Renegotiation Plaintext Injection
http://www.vupen.com/english/advisories/2009/3587
TFTP SERVER Buffer Overflow remote exploit
http://www.exploit-db.com/exploits/10542
PlayMeNow Malformed M3U Playlist WinXP Universal BOF
http://www.exploit-db.com/exploits/10563
- PHP 5.2.12/5.3.1 symlink() open_basedir bypass
http://www.exploit-db.com/exploits/10557
PlayMeNow Malformed M3U Playlist File Buffer
http://www.exploit-db.com/exploits/10556
Mozilla Firefox Location Bar Spoofing Vulnerability
http://www.exploit-db.com/exploits/10544
GTK+ 'gdk/gdkwindow.c' Security Bypass Vulnerability
http://www.securityfocus.com/bid/37411
D-Link DIR-615 'apply.cgi' Security Bypass Vulnerability
http://www.securityfocus.com/bid/37415
Serv-U File Server User Directory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37414
Pre Projects E-Smart Cart 'embadmin/login.asp' SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37418
Ghostscript 'errprintf()' Function PDF Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37410
Wireshark 0.9.0 through 1.2.4 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37407
Pyrmont V2 WordPress Theme 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37409
F3Site 'GLOBALS[nlang]' Parameter Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/37408
Celerondude Uploader 'index.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/37406
Ampache 'login.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37417
eWebquiz 'QuizID' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37402
Active Auction House Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37401
Active Photo Gallery 'account.asp' SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37399
PEAR Sendmail 'Recipient' Parameter Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37395
Pre Job Board 'preview.php' SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37400
cPanel 'fileop' Parameter Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/37394
QuiXplorer 'lang' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/37393
ReVou Comment Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/37391
PHP 'session.save_path()' Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/37390
PHP 'htmlspecialcharacters()' Malformed Multibyte Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37389
Sitecore CMS Staging Service 'api.asmx' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37388
Joomla! 'com_joomportfolio' Component 'secid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37403
Joomla! 'com_personel' Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37404
NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37255
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Mozilla Firefox and SeaMonkey 'liboggplay' Media Library Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37369
Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37368
Mozilla Firefox CVE-2009-3980 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37362
Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37363
Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
http://www.securityfocus.com/bid/37370
Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/37367
Adobe Flash Media Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37420
Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37366
Mozilla Firefox 'window.opener' Property Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37365
Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37364
Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37361
Adobe Flash Media Server Resource Exhaustion Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37419
Sun Solaris 'sshd(1M)' Timeout Mechanism Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37116
TFTP Server Packet Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/28462
fence 'fence_manual' Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/37416
cman 'fence_egenera' Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/30898
Centreon Authentication Mechanism Security Bypass Vulnerability
http://www.securityfocus.com/bid/37383
Pluxml-Blog 'core/admin/auth.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37384
Family Connections Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/37379
RETIRED: WHMCS 'weblink_cat_list.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/37376
GNU Automake Insecure Directory Permissions Vulnerability
http://www.securityfocus.com/bid/37378
cluster Multiple Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/32179
fence 'fence_apc' and 'fence_apc_snmp' Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/31904
OSSIM 'repository_attachment.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/37377
Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35891
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35888
IBM AIX 'qoslist' Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37413
IBM AIX 'qosmod' Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37412
Ruby on Rails 'strip_tags()' Non-Printable Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37142
Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37372
PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/37334
PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37333
GNU Coreutils Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/37256
Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36260
Apache mod_proxy_ftp Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/36254
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
登録:
投稿 (Atom)