NTP 4.2.4p7-RC1 Release
http://archive.ntp.org/ntp4/ChangeLog-stable-rc
+ [Announce] GnuPG 2.0.11 released
http://lists.gnupg.org/pipermail/gnupg-announce/2009q1/000287.html
Secure Design Patterns
http://www.cert.org/archive/pdf/09tr010.pdf
SSA:2009-086-02: glib2
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28801
SSA:2009-086-01: mozilla-firefox
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28800
GLSA 200903-40: Analog: Denial of Service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28807
DSA 1756-1: New xulrunner packages fix multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28809
US-CERT Technical Cyber Security Alert TA09-088A: Conficker Worm Targets Microsoft Windows Systems
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28797
Check Point-SA-03/30/2009: Firewall-1 PKI Web Service HTTP Header Remote Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28796
DSA 1757-1: New auth2db packages fix SQL injection
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28810
Adobe Reader および Acrobat の脆弱性について
http://www.ipa.go.jp/security/ciadr/vul/20090311-adobe.html
重要インフラの制御システムセキュリティとITサービス継続に関する調査報告書
http://www.ipa.go.jp/security/fy20/reports/ics-sec/index.html
+ Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00256.html
[SECURITY] [DSA 1757-1] New auth2db packages fix SQL injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00261.html
[ MDVSA-2009:082 ] krb5
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00263.html
CVE-2009-0790: ISAKMP DPD Remote Vulnerability with Openswan & Strongswan IPsec
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00262.html
Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00264.html
Family Connections 1.8.1 Multiple Remote Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00265.html
[USN-749-1] libsndfile vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00267.html
DeepSec 2009 - Call for Papers is open
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00266.html
US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems
http://www.derkeiler.com/Mailing-Lists/Cert/2009-03/msg00002.html
Community CMS 0.5 Multiple SQL Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00268.html
Nmap 4.85BETA5 Released to Scan for Conficker Worm
http://insecure.org/
Watch your Internet routers!
http://isc.sans.org/diary.html?storyid=6100
Locate Conficker infected hosts with a network scan!
http://isc.sans.org/diary.html?storyid=6097
IBM Tivoli Storage Manager Administrative Command Line Bug Has Unspecified Impact
http://securitytracker.com/alerts/2009/Mar/1021945.html
IBM Tivoli Storage Manager Can Be Crashed By a Remote Port Scan
http://securitytracker.com/alerts/2009/Mar/1021946.html
IBM Tivoli Storage Manager Lets Local Users Monitor Server Activities
http://securitytracker.com/alerts/2009/Mar/1021947.html
+ Check Point FireWall-1 Buffer Overflow in PKI Web Service Has Unspecified Impact
http://securitytracker.com/alerts/2009/Mar/1021948.html
Abee Chm Maker Project File Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/0878
Simply Classified "category_id" Parameter SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/0879
PHP Petition Signing Script Remote SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2009/0880
PADL nss_ldap '/etc/nss_ldapd.conf' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34211
+ Check Point FireWall-1 PKI Web Service Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34286
Diskos CMS Manager Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34289
Xlight FTP Server 'user' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34288
Nokia Siemens Networks Flexi ISN GGSN Multiple Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34299
Trend Micro Internet Security 2008/9 IOCTL Request Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34304
gedit 'PySys_SetArgv' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/33445
GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100
Mozilla Firefox '_moveToEdgeShift' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34181
Openswan and strongSwan DPD Packet Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34296
Openswan IPsec Livetest Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/31243
Opera XML Parser Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34298
pam-krb5 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33740
iWare Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34282
W3C Amaya HTML 'script' Tag Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34295
Google Chrome Arbitrary File Download Vulnerability
http://www.securityfocus.com/bid/31000
bzip2 Unspecified File Handling Vulnerability
http://www.securityfocus.com/bid/28286
phpBB Account Re-Activation Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/32842
Drupal Printer, e-mail and PDF versions Module Flood Control API Open Email Relay Vulnerability
http://www.securityfocus.com/bid/34173
HP OpenView Network Node Manager 'OvOSLocale' Cookie Parameter Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34294
Sun Java Applet Font.createFont Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/17981
libsndfile CAF Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33963
Haudenschilt Family Connections Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/29722
XM Easy Personal FTP Server 'NLST' Command Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31739
Wireshark PN-DCP Data Format String Vulnerability
http://www.securityfocus.com/bid/34291
Auth2DB Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/34287
MIT Kerberos 'NegTokenInit' Token Handling Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34257
Abee CHM Maker and CHM eBook Creator 'FileName' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34279
Arcadwy Arcade Script 'user' Cookie Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34284
PowerCHM '.HHP' File Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34263
Apple Safari Unspecified Remote Code Execution Variant Vulnerability
http://www.securityfocus.com/bid/34179
VLC Media Player Web Interface 'input' Parameter Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34126
KarjaSoft Sami HTTP Server Request Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/23445
Adobe Flash Player Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/33890
Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/33880
+ Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34205
Sun Solaris Kerberos Incremental Propagation Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34139
Sun Solaris UFS File System Multiple Local Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/34137
Mozilla Firefox XSL Parsing 'root' XML Tag Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34235
IBM Tivoli Storage Manager Multiple Vulnerabilities
http://www.securityfocus.com/bid/34285
Community CMS 'index.php' and 'view.php' SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34303
X-Forum 'cookie_username' Cookie Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34302
Multiple Gravy Media Applications Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34301
JobHut 'browse.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34300
Family Connections Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34297
Frog CMS Multiple Remote Vulnerabilities and Weaknesses
http://www.securityfocus.com/bid/34293
BandSite CMS 'members.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34292
AtomixMP3 Malformed 'm3u' Playlist File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34290
Postfix 2.6 non-production release
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.6-20090330-nonprod.RELEASE_NOTES
Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco IOS Software Session Initiation Protocol and Crafted UDP Vulnerabilities
http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a90428.html
Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco IOS Software Crafted TCP Sequence and IP Sockets Vulnerabilities
http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a904a2.html
ServerProtect (Windows版) 用Critical Patch公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1233
Solution 256048 : An Issue with the Nvidia Gigabit Ethernet Driver May Cause Intermittent Network Failures
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256048-1
Solution 256189 : SUN ALERT WEEKLY SUMMARY REPORT - Week of 22-Mar-2009 to 28-Mar-2009
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256189-1
「メモ帳」を改ざんし,リムーバブル・ドライブ経由で感染するウイルス
http://itpro.nikkeibp.co.jp/article/COLUMN/20090329/327211/?ST=security
JP1/VERITAS NetBackup の Communications Setup に特権昇格の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS09-006/index.html
http://www.symantec.com/region/jp/avcenter/security/content/2009.02.17.html
JP1/VERITAS Backup Exec Authentication Bypass and Buffer Overflow Vulnerabilities
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-001/index.html
Vulnerabilities in Microsoft GDI+ (MS08-052) in JP1/VERITAS Backup Exec for Windows Servers
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-002/index.html
Access Control Vulnerabilities When Using Groupmax World Wide Web Desktop Version 6 in a Load Balancing Environment
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-003/index.html
DoS vulnerability in JP1/Cm2/Network Node Manager
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-004/index.html
Multiple Vulnerabilities in uCosminexus Portal Framework
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-005/index.html
Installing and uninstalling the VMware vCenter Server Heartbeat packet filter driver
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009567&sliceId=1&docTypeID=DT_KB_1_1
Using the nfpktfltr command line options
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009541&sliceId=1&docTypeID=DT_KB_1_1
Testing the packet filter and NIC compatibility
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009533&sliceId=1&docTypeID=DT_KB_1_1
JVNDB-2009-000016 futomi's CGI Cafe 製高機能アクセス解析CGI Professional 版における管理者権限奪取の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000016.html
JVNDB-2009-001112 Mozilla Firefox におけるガベージコレクション処理に関連する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001112.html
JVNDB-2009-001111 複数の Mozilla 製品の JavaScript エンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001111.html
JVNDB-2009-001110 複数の Mozilla 製品の JavaScript エンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001110.html
JVNDB-2009-001109 複数の Mozilla 製品のレイアウトエンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001109.html
JVNDB-2009-001108 複数の Mozilla 製品のレイアウトエンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001108.html
JVNDB-2008-002252 Linux Kernel の WAN サブシステムにおけるケーパビリティ制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002252.html
JVNDB-2008-001925 Linux Kernel の fs/open.c における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001925.html
JVNDB-2008-001743 Linux Kernel の vfs 実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001743.html
JVNDB-2008-001720 libpng の PNG ファイル処理における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001720.html
JVNDB-2008-001580 Linux kernel の tty オペレーションにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001580.html
JVNDB-2008-001574 Linux Kernel の ipip6_rcv 関数における SIT トンネルインターフェースに関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001574.html
JVNDB-2008-001470 Linux Kernel における未初期化メモリの読み取りの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001470.html
JVNDB-2007-001126 Linux Kernel の isdn_net.c におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001126.html
2009年3月30日月曜日
月曜日、赤口
+ JK-1.2.28 released
http://tomcat.apache.org/connectors-doc/news/20090301.html#22%20March%20-%20JK-1.2.28%20released
http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html
Changes in MySQL 5.1.34 (Not yet released)
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-34.html
スパイウェア検索エンジン 6.2 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1231
RHSA-2009:0398-1 Critical: seamonkey security update
http://rhn.redhat.com/errata/RHSA-2009-0398.html
RHSA-2009:0360-01: Important: kernel-rt security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28785
Aurora-SA-03/27/2009: Aurora Nutritive Analysis Module Multiple XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28792
Novell-SA-03/27/2009: Novell Netstorage Multiple Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28791
Failure due to malformed request to the server when enabling NTP Client
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009364&sliceId=1&docTypeID=DT_KB_1_1
View client keyboard and mouse do not work with SMS remote control
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009435&sliceId=1&docTypeID=DT_KB_1_1
Fonts are distorted in Windows virtual machine
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009451&sliceId=1&docTypeID=DT_KB_1_1
VMware SQL Server Plug-in Automatic Filter Discovery
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009519&sliceId=1&docTypeID=DT_KB_1_1
Aurora Nutritive Analysis Module Multiple XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00248.html
Novell Netstorage Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00253.html
Moodle: Sensitive File Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00249.html
Solution 254611: Multiple Security Vulnerabilities in Java Plug-in May Allow Privileges to be Escalated
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1
52956 : Acute Control Panel index.php username Parameter SQL Injection
http://osvdb.org/show/osvdb/52956
52955 : Acute Control Panel themes/header.php theme_directory Parameter Remote File Inclusion
http://osvdb.org/show/osvdb/52955
RHSA-2009:0398-1 Critical: seamonkey security update
http://rhn.redhat.com/errata/RHSA-2009-0398.html
Critical Path Memova Input Validation Hole Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/Mar/1021938.html
Mozilla Firefox XML Stylesheet Transformation Bug Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Mar/1021939.html
RHSA-2009:0398-1 Critical: seamonkey security update
http://rhn.redhat.com/errata/RHSA-2009-0398.html
RHSA-2009:0397-1 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2009-0397.html
bzip2 Unspecified File Handling Vulnerability
http://www.securityfocus.com/bid/28286
Mozilla Firefox XSL Parsing 'root' XML Tag Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34235
Mozilla Firefox '_moveToEdgeShift' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34181
Apple Safari Unspecified Remote Code Execution Variant Vulnerability
http://www.securityfocus.com/bid/34179
Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34205
phpBB Account Re-Activation Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/32842
VLC Media Player Web Interface 'input' Parameter Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34126
Drupal Printer, e-mail and PDF versions Module Flood Control API Open Email Relay Vulnerability
http://www.securityfocus.com/bid/34173
XM Easy Personal FTP Server 'NLST' Command Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31739
My Simple Forum Local File Include and Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34280
Abee CHM Maker 'FileName' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34279
PowerCHM '.HHP' File Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34263
GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100
Squid Proxy Cache ICAP Adaptation Denial of Service Vulnerability
http://www.securityfocus.com/bid/34277
Arcadwy 'register.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/34275
iJoomla Archive Component 'catid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34011
DHCart Multiple Cross Site Scripting And HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/32117
Scripts Den Dating Website Script 'searchmatch.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/33746
RETIRED: iJoomla News Portal Component 'Itemid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/29604
YAP Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34274
freeSSHd SFTP 'rename' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31872
Free PHP Petition Signing Script Login Page SQL Injection Vulnerability
http://www.securityfocus.com/bid/34273
Simply Classified 'adverts.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34271
XWork 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability
http://www.securityfocus.com/bid/32101
Critical Path Presentation Server HTML Injection Vulnerability
http://www.securityfocus.com/bid/34270
Netatalk Printing Request Arbitrary Command Injection Vulnerability
http://www.securityfocus.com/bid/32925
RETIRED: Joomla! and Mambo DigiStore Component 'pid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/33953
Aurora FoodPro Nutritive Analysis Module Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34269
Forte Agent XML File Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34268
Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33846
Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33428
Linux Kernel 'readlink' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33412
Linux Kernel 'keyctl_join_session_keyring()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/33339
Adobe Acrobat and Reader PDF File Handling JBIG2 Image Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/33751
Adobe Acrobat and Reader Collab 'getIcon()' JavaScript Method Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34169
Adobe Acrobat and Reader JBIG2 Image Processing Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/34229
FFmpeg 'libavformat/4xm.c' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/33502
Drupal Feed Element Mapper Module Content Title Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34266
Microsoft GDI+ EMF 'GpFont.SetData()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34250
Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
http://www.securityfocus.com/bid/34265
XAMPP for Windows 'adodb.php' Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/31472
Serv-U FTP Server 'MKD' Command Directory Traversal Vulnerability
http://www.securityfocus.com/bid/34125
WordPress MU 'wp-includes/wpmu-functions.php' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/34075
SystemTap Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34260
PhotoStand BASE64 Administrator Nickname Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34262
OpenSolaris Module Debugger Process Cross Zone Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34272
CCCP Community Clan Portal Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34264
Blogplus Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/34261
eZip Wizard Zip File Stack Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34044
phpMyAdmin BLOB Streaming Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/34253
phpMyAdmin 'export page' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34251
phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
http://www.securityfocus.com/bid/34236
Novell NetStorage Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/34267
Moodle TeX Filter Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/34278
「WORM_DOWNAD」(ダウンアド)ファミリ発症日:2009年4月1日を控えたセキュリティ対策確認に関する注意喚起
http://www.trendmicro.co.jp/support/news.asp?id=1235
US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems
http://www.derkeiler.com/Mailing-Lists/Cert/2009-03/msg00001.html
Mozillaが「Firefox 3.0.8」公開,緊急のセキュリティ・ホール2件を修正
http://itpro.nikkeibp.co.jp/article/NEWS/20090330/327435/?ST=security
JVNDB-2008-001647 Jasmine の WebLink テンプレート実行時における複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001647.html
JVNDB-2007-000217 Apache Tomcat の Apache HTTP Server との組合せによるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000217.html
JVNDB-2005-000866 Apache Tomcat における HTTP Request Smuggling の脆弱性
http://jvndb.jvn.jp/ja/contents/2005/JVNDB-2005-000866.html
Devel-NYTProf-2.09
http://cpansearch.perl.org/src/TIMB/Devel-NYTProf-2.09/README
欧州における情報セキュリティ関連動向調査報告書
http://www.ipa.go.jp/security/fy20/reports/fraunhofer/index.html
イスラエルにおける情報セキュリティ関連動向調査報告書
http://www.ipa.go.jp/security/fy20/reports/israel/index.html
2008年度第2回 情報セキュリティに関する脅威に対する意識調査の報告書公開
~ 認知されていない、USBメモリ利用時の危険性 ~
http://www.ipa.go.jp/security/fy20/reports/ishiki02/press.html
重要インフラの制御システムセキュリティとITサービス継続に関する調査報告書
http://www.ipa.go.jp/security/fy20/reports/ics-sec/index.html
世界規模のスパイ・ネットワーク「GhostNet」,トロント大学らが報告
http://itpro.nikkeibp.co.jp/article/NEWS/20090330/327420/?ST=security
JVNDB-2008-002301 Drupal におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002301.html
JVNDB-2008-002300 Drupal のアップデート機能におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002300.html
JVNDB-2009-001107 Vim の netrw.vim における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001107.html
JVNDB-2009-001106 Vim の shellescape 関数における ZIP アーカイブファイル名に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001106.html
JVNDB-2009-001105 Vim の shellescape 関数における tar アーカイブファイル名に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001105.html
JVNDB-2009-001104 libpng が適切にエレメントポインタを初期化しない脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001104.html
http://tomcat.apache.org/connectors-doc/news/20090301.html#22%20March%20-%20JK-1.2.28%20released
http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html
Changes in MySQL 5.1.34 (Not yet released)
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-34.html
スパイウェア検索エンジン 6.2 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1231
RHSA-2009:0398-1 Critical: seamonkey security update
http://rhn.redhat.com/errata/RHSA-2009-0398.html
RHSA-2009:0360-01: Important: kernel-rt security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28785
Aurora-SA-03/27/2009: Aurora Nutritive Analysis Module Multiple XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28792
Novell-SA-03/27/2009: Novell Netstorage Multiple Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28791
Failure due to malformed request to the server when enabling NTP Client
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009364&sliceId=1&docTypeID=DT_KB_1_1
View client keyboard and mouse do not work with SMS remote control
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009435&sliceId=1&docTypeID=DT_KB_1_1
Fonts are distorted in Windows virtual machine
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009451&sliceId=1&docTypeID=DT_KB_1_1
VMware SQL Server Plug-in Automatic Filter Discovery
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009519&sliceId=1&docTypeID=DT_KB_1_1
Aurora Nutritive Analysis Module Multiple XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00248.html
Novell Netstorage Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00253.html
Moodle: Sensitive File Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00249.html
Solution 254611: Multiple Security Vulnerabilities in Java Plug-in May Allow Privileges to be Escalated
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1
52956 : Acute Control Panel index.php username Parameter SQL Injection
http://osvdb.org/show/osvdb/52956
52955 : Acute Control Panel themes/header.php theme_directory Parameter Remote File Inclusion
http://osvdb.org/show/osvdb/52955
RHSA-2009:0398-1 Critical: seamonkey security update
http://rhn.redhat.com/errata/RHSA-2009-0398.html
Critical Path Memova Input Validation Hole Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/Mar/1021938.html
Mozilla Firefox XML Stylesheet Transformation Bug Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Mar/1021939.html
RHSA-2009:0398-1 Critical: seamonkey security update
http://rhn.redhat.com/errata/RHSA-2009-0398.html
RHSA-2009:0397-1 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2009-0397.html
bzip2 Unspecified File Handling Vulnerability
http://www.securityfocus.com/bid/28286
Mozilla Firefox XSL Parsing 'root' XML Tag Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34235
Mozilla Firefox '_moveToEdgeShift' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34181
Apple Safari Unspecified Remote Code Execution Variant Vulnerability
http://www.securityfocus.com/bid/34179
Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34205
phpBB Account Re-Activation Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/32842
VLC Media Player Web Interface 'input' Parameter Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34126
Drupal Printer, e-mail and PDF versions Module Flood Control API Open Email Relay Vulnerability
http://www.securityfocus.com/bid/34173
XM Easy Personal FTP Server 'NLST' Command Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31739
My Simple Forum Local File Include and Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34280
Abee CHM Maker 'FileName' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34279
PowerCHM '.HHP' File Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34263
GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100
Squid Proxy Cache ICAP Adaptation Denial of Service Vulnerability
http://www.securityfocus.com/bid/34277
Arcadwy 'register.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/34275
iJoomla Archive Component 'catid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34011
DHCart Multiple Cross Site Scripting And HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/32117
Scripts Den Dating Website Script 'searchmatch.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/33746
RETIRED: iJoomla News Portal Component 'Itemid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/29604
YAP Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34274
freeSSHd SFTP 'rename' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31872
Free PHP Petition Signing Script Login Page SQL Injection Vulnerability
http://www.securityfocus.com/bid/34273
Simply Classified 'adverts.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34271
XWork 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability
http://www.securityfocus.com/bid/32101
Critical Path Presentation Server HTML Injection Vulnerability
http://www.securityfocus.com/bid/34270
Netatalk Printing Request Arbitrary Command Injection Vulnerability
http://www.securityfocus.com/bid/32925
RETIRED: Joomla! and Mambo DigiStore Component 'pid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/33953
Aurora FoodPro Nutritive Analysis Module Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34269
Forte Agent XML File Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34268
Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33846
Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33428
Linux Kernel 'readlink' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33412
Linux Kernel 'keyctl_join_session_keyring()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/33339
Adobe Acrobat and Reader PDF File Handling JBIG2 Image Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/33751
Adobe Acrobat and Reader Collab 'getIcon()' JavaScript Method Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34169
Adobe Acrobat and Reader JBIG2 Image Processing Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/34229
FFmpeg 'libavformat/4xm.c' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/33502
Drupal Feed Element Mapper Module Content Title Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34266
Microsoft GDI+ EMF 'GpFont.SetData()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34250
Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
http://www.securityfocus.com/bid/34265
XAMPP for Windows 'adodb.php' Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/31472
Serv-U FTP Server 'MKD' Command Directory Traversal Vulnerability
http://www.securityfocus.com/bid/34125
WordPress MU 'wp-includes/wpmu-functions.php' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/34075
SystemTap Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34260
PhotoStand BASE64 Administrator Nickname Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34262
OpenSolaris Module Debugger Process Cross Zone Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34272
CCCP Community Clan Portal Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34264
Blogplus Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/34261
eZip Wizard Zip File Stack Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34044
phpMyAdmin BLOB Streaming Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/34253
phpMyAdmin 'export page' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34251
phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
http://www.securityfocus.com/bid/34236
Novell NetStorage Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/34267
Moodle TeX Filter Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/34278
「WORM_DOWNAD」(ダウンアド)ファミリ発症日:2009年4月1日を控えたセキュリティ対策確認に関する注意喚起
http://www.trendmicro.co.jp/support/news.asp?id=1235
US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems
http://www.derkeiler.com/Mailing-Lists/Cert/2009-03/msg00001.html
Mozillaが「Firefox 3.0.8」公開,緊急のセキュリティ・ホール2件を修正
http://itpro.nikkeibp.co.jp/article/NEWS/20090330/327435/?ST=security
JVNDB-2008-001647 Jasmine の WebLink テンプレート実行時における複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001647.html
JVNDB-2007-000217 Apache Tomcat の Apache HTTP Server との組合せによるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000217.html
JVNDB-2005-000866 Apache Tomcat における HTTP Request Smuggling の脆弱性
http://jvndb.jvn.jp/ja/contents/2005/JVNDB-2005-000866.html
Devel-NYTProf-2.09
http://cpansearch.perl.org/src/TIMB/Devel-NYTProf-2.09/README
欧州における情報セキュリティ関連動向調査報告書
http://www.ipa.go.jp/security/fy20/reports/fraunhofer/index.html
イスラエルにおける情報セキュリティ関連動向調査報告書
http://www.ipa.go.jp/security/fy20/reports/israel/index.html
2008年度第2回 情報セキュリティに関する脅威に対する意識調査の報告書公開
~ 認知されていない、USBメモリ利用時の危険性 ~
http://www.ipa.go.jp/security/fy20/reports/ishiki02/press.html
重要インフラの制御システムセキュリティとITサービス継続に関する調査報告書
http://www.ipa.go.jp/security/fy20/reports/ics-sec/index.html
世界規模のスパイ・ネットワーク「GhostNet」,トロント大学らが報告
http://itpro.nikkeibp.co.jp/article/NEWS/20090330/327420/?ST=security
JVNDB-2008-002301 Drupal におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002301.html
JVNDB-2008-002300 Drupal のアップデート機能におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002300.html
JVNDB-2009-001107 Vim の netrw.vim における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001107.html
JVNDB-2009-001106 Vim の shellescape 関数における ZIP アーカイブファイル名に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001106.html
JVNDB-2009-001105 Vim の shellescape 関数における tar アーカイブファイル名に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001105.html
JVNDB-2009-001104 libpng が適切にエレメントポインタを初期化しない脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001104.html
2009年3月27日金曜日
金曜日、先負
+ Solution 252767: A Security Vulnerability in the Solaris Kerberos PAM Module May Allow Use of a User Specified Kerberos Configuration File, Leading to Escalation of Privileges
http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1
+ RHSA-2009:0295-1 Moderate: net-snmp security update
http://rhn.redhat.com/errata/RHSA-2009-0295.html
Bkis-05-2009: PowerCHM Stack-based Buffer Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28775
Frog CMS-SA-03/26/2009: Frog CMS Multiple Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28776
Sun Java Runtine Environment (JRE) Type1 Font Parsing Integer Signedness Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=777
Sun Java Web Start (JWS) GIF Decoding Heap Corruption Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=778
Sun Java Runtine Environment (JRE) GIF Decoding Heap Corruption Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=779
Sun Java Web Start (JWS ) PNG Decoding Integer Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=780
Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=781
[Bkis-05-2009] PowerCHM Stack-based Buffer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00240.html
Java Plug-in Bugs Lets Remote Users Gain Privileges
http://securitytracker.com/alerts/2009/Mar/1021920.html
Java Runtime Environment (JRE) Virtual Machine Lets Remote Users Read/Write Files and Execute Local Applications
http://securitytracker.com/alerts/2009/Mar/1021919.html
Java Runtime Environment (JRE) HTTP Server Bug Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Mar/1021918.html
Java Runtime Environment (JRE) Flaws in Storing and Processing Temporary Font Files Let Remote Users Deny Service
http://securitytracker.com/alerts/2009/Mar/1021917.html
Java Runtime Environment (JRE) Buffer Overflow in Processing Image Files and Fonts Lets Remote Users Gain Privileges on the Target System
http://securitytracker.com/alerts/2009/Mar/1021913.html
RHSA-2009:0373-1 Moderate: systemtap security update
http://rhn.redhat.com/errata/RHSA-2009-0373.html
IBM WebSphere Application Server Insecure Permissions Vulnerability
http://www.vupen.com/english/advisories/2009/0854
Mozilla Firefox and Seamonkey XSLT Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2009/0853
Sun Java JDK/JRE Code Execution and Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2009/0852
Cisco IOS Multiple Denial of Service and Privilege Escalation Issues
http://www.vupen.com/english/advisories/2009/0851
OpenSSL Multiple Denial of Service and Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2009/0850
Microsoft Windows Gzip Libraries Code Execution Vulnerability
http://www.vupen.com/english/advisories/2009/0849
PowerCHM HTML Help Project File Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/0848
Kerberos "spnego_gss_accept_sec_context()" Denial of Service Issue
http://www.vupen.com/english/advisories/2009/0847
ldns "ldns_rr_new_frm_str_internal()" Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/0846
Compiz Fusion 'Expo' Plugin Security Bypass Vulnerability
http://www.securityfocus.com/bid/32712
PHPizabi 'modules/interact/file.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/34255
WeBid 'upldgallery.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/34254
pam-krb5 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33740
pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33741
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
International Components for Unicode Invalid ISO Character Handling Vulnerability
http://www.securityfocus.com/bid/29488
Microsoft GDI+ EMF 'GpFont.SetData()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34250
FFmpeg 'libavformat/4xm.c' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/33502
Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34184
Drupal Token Authentication Module Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34252
Drupal Wikitools Module Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34249
Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/33604
Squid Proxy Cache Update Reply Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/26687
Squid Web Proxy Cache 'arrayShrink()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/28693
Lua Unspecified Bytecode Verifier Security Vulnerability
http://www.securityfocus.com/bid/34237
ldns 'rr.c' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34233
Comparison Engine Power 'product.comparision.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34232
+ PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34090
NetworkManager Permission Enforcement Multiple Local Vulnrabilities
http://www.securityfocus.com/bid/33966
IncrediMail Script Execution Vulnerabilities
http://www.securityfocus.com/bid/34231
XAMPP for Windows 'adodb.php' Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/31472
Foxit Reader PDF Handling Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/34035
Serv-U FTP Server 'MKD' Command Directory Traversal Vulnerability
http://www.securityfocus.com/bid/34125
Net-SNMP 'snmpUDPDomain.c' Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33755
WordPress MU 'wp-includes/wpmu-functions.php' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/34075
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/34256
SystemTap Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34260
MIT Kerberos 'NegTokenInit' Token Handling Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34257
IBM WebSphere Application Server for z/OS Multiple Vulnerabilities
http://www.securityfocus.com/bid/34259
Microsoft Windows Services for UNIX / Subsystem for UNIX-based Applications Multiple Vulnerabilities
http://www.securityfocus.com/bid/34258
eZip Wizard Zip File Stack Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34044
phpMyAdmin BLOB Streaming Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/34253
phpMyAdmin 'export page' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34251
phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
http://www.securityfocus.com/bid/34236
Drupal Feed Element Mapper Module Content Title Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34266
Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
http://www.securityfocus.com/bid/34265
CCCP Community Clan Portal Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34264
PowerCHM '.HHP' File Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34263
PhotoStand BASE64 Administrator Nickname Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34262
Blogplus Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/34261
RHSA-2009:0373-1 Moderate: systemtap security update
http://rhn.redhat.com/errata/RHSA-2009-0373.html
JVNDB-2007-001196 複数の CA 製品における coffFiles フィールド値に関するバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001196.html
JVNDB-2007-001195 複数の CA 製品におけるファイル名の処理に関するバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001195.html
JVNDB-2009-001103 Microsoft Windows Vista における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001103.html
JVNDB-2009-001102 Adobe RoboHelp および RoboHelp Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001102.html
JVNDB-2009-001101 Adobe RoboHelp Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001101.html
JVNDB-2009-001037 Mozilla Firefox における INPUT 要素の処理に関連する任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001037.html
JVNDB-2009-001035 複数の Mozilla 製品における JavaScript エンジンに関連するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001035.html
JVNDB-2009-001034 複数の Mozilla 製品におけるレイアウトエンジンに関連するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001034.html
JVNDB-2008-002285 PHP の imageRotate 関数における任意のメモリ内容を読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002285.html
JVNDB-2008-002282 Dovecot の ACL プラグインにおけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002282.html
JVNDB-2008-002281 dovecot における ssl_key_password パラメータ値を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002281.html
JVNDB-2008-002260 PHP の ext/mbstring/libmbfl/filters/mbfilter_htmlent.c における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002260.html
JVNDB-2008-002259 PHP の ZipArchive::extractTo 関数における ZIP ファイルの処理に関するディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002259.html
JVNDB-2008-002258 PHP における safe_mode に関する任意のファイルを書込まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002258.html
JVNDB-2008-002257 PHP におけるグローバル変数の初期化処理に関する safe_mode の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002257.html
JVNDB-2008-001970 Adobe Flash Media Server (FMS) のデフォルト設定におけるビデオコンテンツをコピーされる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001970.html
JVNDB-2008-001607 Apache Tomcat の HttpServletResponse.sendError メソッドに関するクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001607.html
JVNDB-2008-001606 Apache Tomcat の RequestDispatcher に関するディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001606.html
JVNDB-2008-001420 Apache Tomcat の host-manager におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001420.html
52887 : Forte Agent Address Book XML File Handling Overflow
http://osvdb.org/show/osvdb/52887
Linux Kernel 'keyctl_join_session_keyring()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/33339
http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1
+ RHSA-2009:0295-1 Moderate: net-snmp security update
http://rhn.redhat.com/errata/RHSA-2009-0295.html
Bkis-05-2009: PowerCHM Stack-based Buffer Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28775
Frog CMS-SA-03/26/2009: Frog CMS Multiple Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28776
Sun Java Runtine Environment (JRE) Type1 Font Parsing Integer Signedness Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=777
Sun Java Web Start (JWS) GIF Decoding Heap Corruption Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=778
Sun Java Runtine Environment (JRE) GIF Decoding Heap Corruption Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=779
Sun Java Web Start (JWS ) PNG Decoding Integer Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=780
Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=781
[Bkis-05-2009] PowerCHM Stack-based Buffer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00240.html
Java Plug-in Bugs Lets Remote Users Gain Privileges
http://securitytracker.com/alerts/2009/Mar/1021920.html
Java Runtime Environment (JRE) Virtual Machine Lets Remote Users Read/Write Files and Execute Local Applications
http://securitytracker.com/alerts/2009/Mar/1021919.html
Java Runtime Environment (JRE) HTTP Server Bug Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Mar/1021918.html
Java Runtime Environment (JRE) Flaws in Storing and Processing Temporary Font Files Let Remote Users Deny Service
http://securitytracker.com/alerts/2009/Mar/1021917.html
Java Runtime Environment (JRE) Buffer Overflow in Processing Image Files and Fonts Lets Remote Users Gain Privileges on the Target System
http://securitytracker.com/alerts/2009/Mar/1021913.html
RHSA-2009:0373-1 Moderate: systemtap security update
http://rhn.redhat.com/errata/RHSA-2009-0373.html
IBM WebSphere Application Server Insecure Permissions Vulnerability
http://www.vupen.com/english/advisories/2009/0854
Mozilla Firefox and Seamonkey XSLT Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2009/0853
Sun Java JDK/JRE Code Execution and Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2009/0852
Cisco IOS Multiple Denial of Service and Privilege Escalation Issues
http://www.vupen.com/english/advisories/2009/0851
OpenSSL Multiple Denial of Service and Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2009/0850
Microsoft Windows Gzip Libraries Code Execution Vulnerability
http://www.vupen.com/english/advisories/2009/0849
PowerCHM HTML Help Project File Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/0848
Kerberos "spnego_gss_accept_sec_context()" Denial of Service Issue
http://www.vupen.com/english/advisories/2009/0847
ldns "ldns_rr_new_frm_str_internal()" Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/0846
Compiz Fusion 'Expo' Plugin Security Bypass Vulnerability
http://www.securityfocus.com/bid/32712
PHPizabi 'modules/interact/file.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/34255
WeBid 'upldgallery.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/34254
pam-krb5 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33740
pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33741
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
International Components for Unicode Invalid ISO Character Handling Vulnerability
http://www.securityfocus.com/bid/29488
Microsoft GDI+ EMF 'GpFont.SetData()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34250
FFmpeg 'libavformat/4xm.c' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/33502
Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34184
Drupal Token Authentication Module Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34252
Drupal Wikitools Module Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34249
Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/33604
Squid Proxy Cache Update Reply Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/26687
Squid Web Proxy Cache 'arrayShrink()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/28693
Lua Unspecified Bytecode Verifier Security Vulnerability
http://www.securityfocus.com/bid/34237
ldns 'rr.c' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34233
Comparison Engine Power 'product.comparision.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34232
+ PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34090
NetworkManager Permission Enforcement Multiple Local Vulnrabilities
http://www.securityfocus.com/bid/33966
IncrediMail Script Execution Vulnerabilities
http://www.securityfocus.com/bid/34231
XAMPP for Windows 'adodb.php' Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/31472
Foxit Reader PDF Handling Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/34035
Serv-U FTP Server 'MKD' Command Directory Traversal Vulnerability
http://www.securityfocus.com/bid/34125
Net-SNMP 'snmpUDPDomain.c' Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33755
WordPress MU 'wp-includes/wpmu-functions.php' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/34075
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/34256
SystemTap Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34260
MIT Kerberos 'NegTokenInit' Token Handling Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34257
IBM WebSphere Application Server for z/OS Multiple Vulnerabilities
http://www.securityfocus.com/bid/34259
Microsoft Windows Services for UNIX / Subsystem for UNIX-based Applications Multiple Vulnerabilities
http://www.securityfocus.com/bid/34258
eZip Wizard Zip File Stack Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34044
phpMyAdmin BLOB Streaming Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/34253
phpMyAdmin 'export page' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34251
phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
http://www.securityfocus.com/bid/34236
Drupal Feed Element Mapper Module Content Title Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34266
Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
http://www.securityfocus.com/bid/34265
CCCP Community Clan Portal Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34264
PowerCHM '.HHP' File Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34263
PhotoStand BASE64 Administrator Nickname Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34262
Blogplus Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/34261
RHSA-2009:0373-1 Moderate: systemtap security update
http://rhn.redhat.com/errata/RHSA-2009-0373.html
JVNDB-2007-001196 複数の CA 製品における coffFiles フィールド値に関するバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001196.html
JVNDB-2007-001195 複数の CA 製品におけるファイル名の処理に関するバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001195.html
JVNDB-2009-001103 Microsoft Windows Vista における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001103.html
JVNDB-2009-001102 Adobe RoboHelp および RoboHelp Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001102.html
JVNDB-2009-001101 Adobe RoboHelp Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001101.html
JVNDB-2009-001037 Mozilla Firefox における INPUT 要素の処理に関連する任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001037.html
JVNDB-2009-001035 複数の Mozilla 製品における JavaScript エンジンに関連するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001035.html
JVNDB-2009-001034 複数の Mozilla 製品におけるレイアウトエンジンに関連するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001034.html
JVNDB-2008-002285 PHP の imageRotate 関数における任意のメモリ内容を読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002285.html
JVNDB-2008-002282 Dovecot の ACL プラグインにおけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002282.html
JVNDB-2008-002281 dovecot における ssl_key_password パラメータ値を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002281.html
JVNDB-2008-002260 PHP の ext/mbstring/libmbfl/filters/mbfilter_htmlent.c における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002260.html
JVNDB-2008-002259 PHP の ZipArchive::extractTo 関数における ZIP ファイルの処理に関するディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002259.html
JVNDB-2008-002258 PHP における safe_mode に関する任意のファイルを書込まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002258.html
JVNDB-2008-002257 PHP におけるグローバル変数の初期化処理に関する safe_mode の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002257.html
JVNDB-2008-001970 Adobe Flash Media Server (FMS) のデフォルト設定におけるビデオコンテンツをコピーされる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001970.html
JVNDB-2008-001607 Apache Tomcat の HttpServletResponse.sendError メソッドに関するクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001607.html
JVNDB-2008-001606 Apache Tomcat の RequestDispatcher に関するディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001606.html
JVNDB-2008-001420 Apache Tomcat の host-manager におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001420.html
52887 : Forte Agent Address Book XML File Handling Overflow
http://osvdb.org/show/osvdb/52887
Linux Kernel 'keyctl_join_session_keyring()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/33339
2009年3月26日木曜日
木曜日、先勝
[Dovecot-news] v1.2.beta4 released
http://www.dovecot.org/list/dovecot-news/2009-March/000106.html
PHP 5.3.0RC1 Release Announcement
http://www.php.net/archive/2009.php#id2009-03-24-1
+ OpenSSL Security Advisory [25-Mar-2009]
http://www.openssl.org/news/secadv_20090325.txt
+ OpenSSL 0.9.8k is now available, including important bug fixes
http://www.openssl.org/source/
+ Cisco Security Advisory: Cisco IOS cTCP Denial of Service Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90459.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-ctcp.shtml
+ Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c0.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-sip.shtml
+ Cisco Security Advisory: Cisco IOS Software Secure Copy Privilege Escalation Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c8.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-scp.shtml
+ Cisco Security Advisory: Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a9042f.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml
Cisco Security Advisory: Cisco IOS Software WebVPN and SSLVPN Vulnerabilities
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90424.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-webvpn.shtml
+ Cisco Security Advisory: Cisco IOS Software Multiple Features IP Sockets Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c6.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-ip.shtml
+ Cisco Security Advisory: Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904cb.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-tcp.shtml
+ Cisco Security Advisory: Cisco IOS Software Multiple Features Crafted UDP Packet Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90426.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-udp.shtml
A Solaris Kernel Security Vulnerability on Systems Using the Sun UltraSPARC T2 and T2+ Processors May Allow Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-250066-1
+ Security Vulnerabilities in the Java Runtime Environment (JRE) LDAP Implementation may Allow a Denial of Service (DoS) and Malicious Code to be Executed
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254569-1
+ A Security Vulnerability in the Java Runtime Environment (JRE) Virtual Machine With Code Generation May Allow Escalation of Privileges
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1
+ A Security Vulnerability in the Java Runtime Environment (JRE) HTTP Server Implementation May Allow a Denial of Service (DoS) Condition on a JAX-WS Service Endpoint
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254609-1
+ Buffer Overflow Vulnerabilities in the Java Runtime Environment (JRE) with Processing Image Files and Fonts may Allow Privileges to be Escalated
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254571-1
+ Security Vulnerabilities in the Java Runtime Environment (JRE) With Storing and Processing Font Files May Allow Denial of Service (DOS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254608-1
+ Integer and Buffer Overflow Vulnerabilities in the Java Runtime Environment (JRE) "unpack200" JAR Unpacking Utility May Lead to Escalation of Privileges
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254570-1
+ Multiple Security Vulnerabilities in Java Plug-in May Allow Privileges to be Escalated
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1
Adobe-SA-03/25/2009: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28759
RHSA-2009:0376-01: Critical: acroread security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28754
RHSA-2009:0361-01: Moderate: NetworkManager security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28753
+ RHSA-2009:0362-01: Moderate: NetworkManager security update
http://rhn.redhat.com/errata/RHSA-2009-0362.html
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28752
IVIZ-09-001: Adobe Acrobat Reader Memory Corruption Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28758
DSA 1745-2: New lcms packages fix regression
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28751
Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00227.html
[SECURITY] [DSA 1745-2] New lcms packages fix regression
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00228.html
[SECURITY] [DSA 1755-1] New systemtap packages fix local privilege escalation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00238.html
JVNDB-2009-001092 CUPS の WriteProlog 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001092.html
JVNDB-2009-001093 Adobe Reader および Acrobat におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001093.html
JVNDB-2009-001094 透過型プロキシサーバが HTTP の Host ヘッダに依存して接続を行う問題
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001094.html
JVNDB-2009-001095 Microsoft Office Excel における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001095.html
Microsoft GDI+ EMF 'GpFont.SetData()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34250
Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability
http://www.securityfocus.com/bid/31019
Jinzora 'name' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/34224
PHPCMS2008 'ask/search_ajax.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34225
eXeScope File Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34219
pam-krb5 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33740
pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33741
BlogEngine.NET 'search.aspx' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34227
SurfMyTv Script 'view.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34230
Acritum Femitter Server 'RETR' Command Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/28973
Cisco IOS Secure Copy Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34247
Cisco IOS Multiple Features UDP Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/34245
Blogator-script 'init_pass2.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/28636
ClanSphere Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/31293
6rbScript 'section.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/31299
IETF RFC 3279 X.509 Certificate MD5 Signature Collision Vulnerability
http://www.securityfocus.com/bid/33065
Muttprint Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/32743
Cisco IOS Cisco Tunneling Control Protocol Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34246
Cisco IOS Multiple Features IP Sockets Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34242
Zinf Multiple Playlist Files Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33482
Cisco IOS Multiple Features TCP Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/34238
Cisco IOS Session Initiation Protocol Denial of Service Vulnerability
http://www.securityfocus.com/bid/34243
phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
http://www.securityfocus.com/bid/34236
Cisco IOS Mobile IP/Mobile IPv6 Multiple Denial of Service Vulnerablities
http://www.securityfocus.com/bid/34241
Cisco IOS WebVPN/SSLVPN Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/34239
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
Sysax Multi Server FTP 'DELE' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/34209
Syzygy CMS SQL Injection and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/34210
Mozilla Firefox XSL Parsing 'root' XML Tag Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34235
Little CMS Memory Leak and Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/34185
Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/32892
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32608
Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/32620
GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and -11 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/33990
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/33598
Adobe Flash Player Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/33890
Adobe Flash Player Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33889
NetworkManager Permission Enforcement Multiple Local Vulnrabilities
http://www.securityfocus.com/bid/33966
Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/33880
Adobe Acrobat and Reader JBIG2 Image Processing Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/34229
PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34090
Squid Proxy Cache Update Reply Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/26687
Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/33604
Squid Web Proxy Cache 'arrayShrink()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/28693
phpMyAdmin BLOB Streaming Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/34253
Drupal Token Authentication Module Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34252
phpMyAdmin 'export page' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34251
Drupal Wikitools Module Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34249
Lua Unspecified Bytecode Verifier Security Vulnerability
http://www.securityfocus.com/bid/34237
Comparison Engine Power 'product.comparision.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34232
52858 : Jinzora index.php name Parameter Traversal Local File Inclusion
http://osvdb.org/show/osvdb/52858
PostgreSQL 8.4devel Release 8.4
http://developer.postgresql.org/pgdocs/postgres/release-8-4.html
JVNDB-2009-001100 Adobe Flash Player における任意の URL に誘導可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001100.html
JVNDB-2009-001099 Adobe Flash Player における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001099.html
JVNDB-2009-001098 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001098.html
JVNDB-2009-001097 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001097.html
JVNDB-2009-001096 Adobe Flash Player の 設定マネージャにおける任意の URL に誘導可能な脆弱
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001096.html
JVNDB-2008-002277 Linux Kernel における sendmsg 関数の呼び出しに関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002277.html
JVNDB-2008-002274 Linux Kernel の __scm_destroy 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002274.html
http://www.dovecot.org/list/dovecot-news/2009-March/000106.html
PHP 5.3.0RC1 Release Announcement
http://www.php.net/archive/2009.php#id2009-03-24-1
+ OpenSSL Security Advisory [25-Mar-2009]
http://www.openssl.org/news/secadv_20090325.txt
+ OpenSSL 0.9.8k is now available, including important bug fixes
http://www.openssl.org/source/
+ Cisco Security Advisory: Cisco IOS cTCP Denial of Service Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90459.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-ctcp.shtml
+ Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c0.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-sip.shtml
+ Cisco Security Advisory: Cisco IOS Software Secure Copy Privilege Escalation Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c8.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-scp.shtml
+ Cisco Security Advisory: Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a9042f.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml
Cisco Security Advisory: Cisco IOS Software WebVPN and SSLVPN Vulnerabilities
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90424.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-webvpn.shtml
+ Cisco Security Advisory: Cisco IOS Software Multiple Features IP Sockets Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c6.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-ip.shtml
+ Cisco Security Advisory: Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904cb.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-tcp.shtml
+ Cisco Security Advisory: Cisco IOS Software Multiple Features Crafted UDP Packet Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90426.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-udp.shtml
A Solaris Kernel Security Vulnerability on Systems Using the Sun UltraSPARC T2 and T2+ Processors May Allow Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-250066-1
+ Security Vulnerabilities in the Java Runtime Environment (JRE) LDAP Implementation may Allow a Denial of Service (DoS) and Malicious Code to be Executed
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254569-1
+ A Security Vulnerability in the Java Runtime Environment (JRE) Virtual Machine With Code Generation May Allow Escalation of Privileges
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1
+ A Security Vulnerability in the Java Runtime Environment (JRE) HTTP Server Implementation May Allow a Denial of Service (DoS) Condition on a JAX-WS Service Endpoint
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254609-1
+ Buffer Overflow Vulnerabilities in the Java Runtime Environment (JRE) with Processing Image Files and Fonts may Allow Privileges to be Escalated
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254571-1
+ Security Vulnerabilities in the Java Runtime Environment (JRE) With Storing and Processing Font Files May Allow Denial of Service (DOS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254608-1
+ Integer and Buffer Overflow Vulnerabilities in the Java Runtime Environment (JRE) "unpack200" JAR Unpacking Utility May Lead to Escalation of Privileges
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254570-1
+ Multiple Security Vulnerabilities in Java Plug-in May Allow Privileges to be Escalated
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1
Adobe-SA-03/25/2009: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28759
RHSA-2009:0376-01: Critical: acroread security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28754
RHSA-2009:0361-01: Moderate: NetworkManager security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28753
+ RHSA-2009:0362-01: Moderate: NetworkManager security update
http://rhn.redhat.com/errata/RHSA-2009-0362.html
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28752
IVIZ-09-001: Adobe Acrobat Reader Memory Corruption Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28758
DSA 1745-2: New lcms packages fix regression
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28751
Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00227.html
[SECURITY] [DSA 1745-2] New lcms packages fix regression
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00228.html
[SECURITY] [DSA 1755-1] New systemtap packages fix local privilege escalation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00238.html
JVNDB-2009-001092 CUPS の WriteProlog 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001092.html
JVNDB-2009-001093 Adobe Reader および Acrobat におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001093.html
JVNDB-2009-001094 透過型プロキシサーバが HTTP の Host ヘッダに依存して接続を行う問題
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001094.html
JVNDB-2009-001095 Microsoft Office Excel における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001095.html
Microsoft GDI+ EMF 'GpFont.SetData()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34250
Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability
http://www.securityfocus.com/bid/31019
Jinzora 'name' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/34224
PHPCMS2008 'ask/search_ajax.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34225
eXeScope File Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34219
pam-krb5 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33740
pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33741
BlogEngine.NET 'search.aspx' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34227
SurfMyTv Script 'view.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34230
Acritum Femitter Server 'RETR' Command Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/28973
Cisco IOS Secure Copy Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34247
Cisco IOS Multiple Features UDP Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/34245
Blogator-script 'init_pass2.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/28636
ClanSphere Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/31293
6rbScript 'section.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/31299
IETF RFC 3279 X.509 Certificate MD5 Signature Collision Vulnerability
http://www.securityfocus.com/bid/33065
Muttprint Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/32743
Cisco IOS Cisco Tunneling Control Protocol Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34246
Cisco IOS Multiple Features IP Sockets Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34242
Zinf Multiple Playlist Files Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33482
Cisco IOS Multiple Features TCP Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/34238
Cisco IOS Session Initiation Protocol Denial of Service Vulnerability
http://www.securityfocus.com/bid/34243
phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
http://www.securityfocus.com/bid/34236
Cisco IOS Mobile IP/Mobile IPv6 Multiple Denial of Service Vulnerablities
http://www.securityfocus.com/bid/34241
Cisco IOS WebVPN/SSLVPN Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/34239
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
Sysax Multi Server FTP 'DELE' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/34209
Syzygy CMS SQL Injection and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/34210
Mozilla Firefox XSL Parsing 'root' XML Tag Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34235
Little CMS Memory Leak and Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/34185
Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/32892
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32608
Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/32620
GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and -11 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/33990
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/33598
Adobe Flash Player Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/33890
Adobe Flash Player Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33889
NetworkManager Permission Enforcement Multiple Local Vulnrabilities
http://www.securityfocus.com/bid/33966
Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/33880
Adobe Acrobat and Reader JBIG2 Image Processing Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/34229
PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34090
Squid Proxy Cache Update Reply Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/26687
Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/33604
Squid Web Proxy Cache 'arrayShrink()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/28693
phpMyAdmin BLOB Streaming Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/34253
Drupal Token Authentication Module Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34252
phpMyAdmin 'export page' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34251
Drupal Wikitools Module Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34249
Lua Unspecified Bytecode Verifier Security Vulnerability
http://www.securityfocus.com/bid/34237
Comparison Engine Power 'product.comparision.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34232
52858 : Jinzora index.php name Parameter Traversal Local File Inclusion
http://osvdb.org/show/osvdb/52858
PostgreSQL 8.4devel Release 8.4
http://developer.postgresql.org/pgdocs/postgres/release-8-4.html
JVNDB-2009-001100 Adobe Flash Player における任意の URL に誘導可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001100.html
JVNDB-2009-001099 Adobe Flash Player における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001099.html
JVNDB-2009-001098 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001098.html
JVNDB-2009-001097 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001097.html
JVNDB-2009-001096 Adobe Flash Player の 設定マネージャにおける任意の URL に誘導可能な脆弱
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001096.html
JVNDB-2008-002277 Linux Kernel における sendmsg 関数の呼び出しに関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002277.html
JVNDB-2008-002274 Linux Kernel の __scm_destroy 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002274.html
2009年3月25日水曜日
水曜日、赤口
Java 2 Standard Edition Version 1.3.1_25 Released
http://java.sun.com/j2se/1.3/ReleaseNotes.html#131_25
+ Java 2 SDK, Standard Edition Version 1.4.2_19 Released
http://java.sun.com/j2se/1.4.2/ReleaseNotes.html#142_19
+ Java 2 Platform Standard Edition Development Kit 5.0 Update 18 Released
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_18
+ JavaTM SE 6 Released
http://java.sun.com/javase/6/webnotes/6u13.html
Devel-NYTProf-2.08_91 DEVELOPER RELEASE
http://search.cpan.org/~timb/Devel-NYTProf-2.08_91/
+ iptables 1.4.3.1 released
http://www.iptables.org/news.html#2009-03-24
+ RHSA-2009:0336-01: Moderate: glib2 security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28739
RHSA-2009:0258-01: Moderate: thunderbird security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28738
Idea cellular-SA-03/24/2009: Idea cellular (ideacellular.com) SQL Injection vulnerability in Corporate Account Login
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28741
Adobe Reader and Acrobat JBIG2 Encoded Stream Heap Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=776
[ GLSA 200903-35 ] Muttprint: Insecure temporary file usage
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00217.html
[ GLSA 200903-36 ] MLDonkey: Information disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00218.html
[ GLSA 200903-37 ] Ghostscript: User-assisted execution of arbitrary code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00219.html
PHPizabi v0.848b C1 HFP1 proc.inc.php remote privilege escalation (php.ini independent)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00220.html
[security bulletin] HPSBMA02416 SSRT090008 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00221.html
ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00222.html
[security bulletin] HPSBUX02409 SSRT080171 rev.1 - HP-UX Running VERITAS File System (VRTSvxfs) or VERITAS Oracle Disk Manager (VRTSodm), Local Escalation of Privilege
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00223.html
iDefense Security Advisory 03.24.09: Adobe Reader and Acrobat JBIG2 Encoded Stream Heap Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00224.html
[SECURITY] [DSA 1753-1] End-of-life announcement for Iceweasel in oldstable
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00225.html
VU#340420 IBM Access Support ActiveX control stack buffer overflow
http://www.kb.cert.org/vuls/id/340420
Yamaha RT Series Routers MD5 Collision Security Issue
http://secunia.com/advisories/34446/
HP-UX VRTSvxfs and VRTSodm Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2009/0823
Autonomy KeyView Word Perfect File Parsing Buffer Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/5WP0M15QKO.html
Adobe Acrobat and Reader JBIG2 Image Processing Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/34229
Adobe Acrobat and Reader PDF File Handling JBIG2 Image Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/33751
Acritum Femitter Server 'RETR' Command Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/28973
Tor Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33713
IBM Access Support ActiveX Control 'GetXMLValue()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34228
PADL nss_ldap '/etc/nss_ldapd.conf' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34211
Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability
http://www.securityfocus.com/bid/31019
Free Arcade Script SQL Injection and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/34212
Codice CMS 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34208
Pluck 'module_pages_site.php' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/34207
Nucleus CMS Media Manager Unspecified Directory Traversal Vulnerability
http://www.securityfocus.com/bid/34040
Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34184
Horde IMP Webmail Client Cross Site Scripting And HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/33492
Horde XSS Filter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/33367
Horde IMP and Groupware Webmail Edition Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/27223
Horde Products Local File Include and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/33491
Moodle Forum Unspecified Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/33615
Moodle Calendar Export Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33612
Moodle 'Login As' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/33617
Moodle Log Table HTML Injection Vulnerability
http://www.securityfocus.com/bid/33610
Linux Kernel 'inotify_read()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/33624
Opera Web Browser prior to 9.64 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/33961
Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
http://www.securityfocus.com/bid/29653
Little CMS Memory Leak and Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/34185
Netrw Vim Script Multiple Command Execution Vulnerabilities
http://www.securityfocus.com/bid/30115
Netrw Vim Script Information Disclosure Vulnerability
http://www.securityfocus.com/bid/30670
Vim Vim Script Multiple Command Execution Vulnerabilities
http://www.securityfocus.com/bid/29715
Adobe Acrobat and Reader Collab 'getIcon()' JavaScript Method Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34169
Vim 'zip.vim' Plugin Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/32463
Vim 'tar.vim' Plugin Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/32462
HP-UX VERITAS File System and VERITAS Oracle Disk Manager Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34226
RETIRED: Apple Mac OS X 2008-007 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/31681
Blogator-script 'init_pass2.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/28636
Rittal CMC-TC Processing Unit II Cross Site Scripting And HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/34215
Rittal CMC-TC Processing Unit II Administrator Session ID Security Bypass Vulnerability
http://www.securityfocus.com/bid/34217
ClanSphere Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/31293
PHPizabi 'notepad_body' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34223
PHPizabi 'modules/chat/dac.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/34213
6rbScript 'section.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/31299
MLdonkey HTTP Request Arbitrary File Download Vulnerability
http://www.securityfocus.com/bid/33865
PHP Classifieds Arbitrary File Upload and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34222
GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100
POP Peeper 'From' Mail Header Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34192
PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34090
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and -11 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/33990
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/33598
IETF RFC 3279 X.509 Certificate MD5 Signature Collision Vulnerability
http://www.securityfocus.com/bid/33065
ZyXEL G570S Crafted HTTP Requests Multiple Vulnerabilities
http://www.securityfocus.com/bid/34221
Siemens Gigaset SE461 WiMAX router Request Denial of Service Vulnerability
http://www.securityfocus.com/bid/34220
Sun Solaris Keysock Kernel Module Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34118
Sun Solaris NFS Daemon (nfsd(1M)) Security Bypass Vulnerability
http://www.securityfocus.com/bid/34062
Sun Solaris Crypto Driver Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34000
SurfMyTv Script 'view.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34230
Jinzora 'name' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/34224
RHSA-2009:0258-1 Moderate: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2009-0258.html
ModSecurity Denial of Service
http://www.securiteam.com/unixfocus/5VP0L15QKS.html
Autonomy KeyView Word Perfect File Parsing Buffer Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/5WP0M15QKO.html
RHSA-2009:0258 Moderate: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2009-0258.html
Changes in MySQL 5.1.33 (Not yet released)
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-33.html
Thinking about Row Level Security, part 1
http://it.toolbox.com/blogs/database-soup/thinking-about-row-level-security-part-1-30732?rss=1
Changes in MySQL 5.0.80 (Not yet released)
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-80.html
Trend Micro Client/Server Security 2.0サポート終了に伴う後継製品へのアップグレードのお願い
http://www.trendmicro.co.jp/support/news.asp?id=1230
http://java.sun.com/j2se/1.3/ReleaseNotes.html#131_25
+ Java 2 SDK, Standard Edition Version 1.4.2_19 Released
http://java.sun.com/j2se/1.4.2/ReleaseNotes.html#142_19
+ Java 2 Platform Standard Edition Development Kit 5.0 Update 18 Released
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_18
+ JavaTM SE 6 Released
http://java.sun.com/javase/6/webnotes/6u13.html
Devel-NYTProf-2.08_91 DEVELOPER RELEASE
http://search.cpan.org/~timb/Devel-NYTProf-2.08_91/
+ iptables 1.4.3.1 released
http://www.iptables.org/news.html#2009-03-24
+ RHSA-2009:0336-01: Moderate: glib2 security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28739
RHSA-2009:0258-01: Moderate: thunderbird security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28738
Idea cellular-SA-03/24/2009: Idea cellular (ideacellular.com) SQL Injection vulnerability in Corporate Account Login
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28741
Adobe Reader and Acrobat JBIG2 Encoded Stream Heap Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=776
[ GLSA 200903-35 ] Muttprint: Insecure temporary file usage
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00217.html
[ GLSA 200903-36 ] MLDonkey: Information disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00218.html
[ GLSA 200903-37 ] Ghostscript: User-assisted execution of arbitrary code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00219.html
PHPizabi v0.848b C1 HFP1 proc.inc.php remote privilege escalation (php.ini independent)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00220.html
[security bulletin] HPSBMA02416 SSRT090008 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00221.html
ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00222.html
[security bulletin] HPSBUX02409 SSRT080171 rev.1 - HP-UX Running VERITAS File System (VRTSvxfs) or VERITAS Oracle Disk Manager (VRTSodm), Local Escalation of Privilege
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00223.html
iDefense Security Advisory 03.24.09: Adobe Reader and Acrobat JBIG2 Encoded Stream Heap Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00224.html
[SECURITY] [DSA 1753-1] End-of-life announcement for Iceweasel in oldstable
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00225.html
VU#340420 IBM Access Support ActiveX control stack buffer overflow
http://www.kb.cert.org/vuls/id/340420
Yamaha RT Series Routers MD5 Collision Security Issue
http://secunia.com/advisories/34446/
HP-UX VRTSvxfs and VRTSodm Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2009/0823
Autonomy KeyView Word Perfect File Parsing Buffer Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/5WP0M15QKO.html
Adobe Acrobat and Reader JBIG2 Image Processing Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/34229
Adobe Acrobat and Reader PDF File Handling JBIG2 Image Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/33751
Acritum Femitter Server 'RETR' Command Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/28973
Tor Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33713
IBM Access Support ActiveX Control 'GetXMLValue()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34228
PADL nss_ldap '/etc/nss_ldapd.conf' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34211
Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability
http://www.securityfocus.com/bid/31019
Free Arcade Script SQL Injection and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/34212
Codice CMS 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34208
Pluck 'module_pages_site.php' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/34207
Nucleus CMS Media Manager Unspecified Directory Traversal Vulnerability
http://www.securityfocus.com/bid/34040
Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34184
Horde IMP Webmail Client Cross Site Scripting And HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/33492
Horde XSS Filter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/33367
Horde IMP and Groupware Webmail Edition Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/27223
Horde Products Local File Include and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/33491
Moodle Forum Unspecified Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/33615
Moodle Calendar Export Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33612
Moodle 'Login As' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/33617
Moodle Log Table HTML Injection Vulnerability
http://www.securityfocus.com/bid/33610
Linux Kernel 'inotify_read()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/33624
Opera Web Browser prior to 9.64 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/33961
Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
http://www.securityfocus.com/bid/29653
Little CMS Memory Leak and Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/34185
Netrw Vim Script Multiple Command Execution Vulnerabilities
http://www.securityfocus.com/bid/30115
Netrw Vim Script Information Disclosure Vulnerability
http://www.securityfocus.com/bid/30670
Vim Vim Script Multiple Command Execution Vulnerabilities
http://www.securityfocus.com/bid/29715
Adobe Acrobat and Reader Collab 'getIcon()' JavaScript Method Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34169
Vim 'zip.vim' Plugin Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/32463
Vim 'tar.vim' Plugin Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/32462
HP-UX VERITAS File System and VERITAS Oracle Disk Manager Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34226
RETIRED: Apple Mac OS X 2008-007 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/31681
Blogator-script 'init_pass2.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/28636
Rittal CMC-TC Processing Unit II Cross Site Scripting And HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/34215
Rittal CMC-TC Processing Unit II Administrator Session ID Security Bypass Vulnerability
http://www.securityfocus.com/bid/34217
ClanSphere Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/31293
PHPizabi 'notepad_body' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34223
PHPizabi 'modules/chat/dac.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/34213
6rbScript 'section.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/31299
MLdonkey HTTP Request Arbitrary File Download Vulnerability
http://www.securityfocus.com/bid/33865
PHP Classifieds Arbitrary File Upload and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34222
GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100
POP Peeper 'From' Mail Header Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34192
PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34090
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and -11 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/33990
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/33598
IETF RFC 3279 X.509 Certificate MD5 Signature Collision Vulnerability
http://www.securityfocus.com/bid/33065
ZyXEL G570S Crafted HTTP Requests Multiple Vulnerabilities
http://www.securityfocus.com/bid/34221
Siemens Gigaset SE461 WiMAX router Request Denial of Service Vulnerability
http://www.securityfocus.com/bid/34220
Sun Solaris Keysock Kernel Module Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34118
Sun Solaris NFS Daemon (nfsd(1M)) Security Bypass Vulnerability
http://www.securityfocus.com/bid/34062
Sun Solaris Crypto Driver Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34000
SurfMyTv Script 'view.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34230
Jinzora 'name' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/34224
RHSA-2009:0258-1 Moderate: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2009-0258.html
ModSecurity Denial of Service
http://www.securiteam.com/unixfocus/5VP0L15QKS.html
Autonomy KeyView Word Perfect File Parsing Buffer Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/5WP0M15QKO.html
RHSA-2009:0258 Moderate: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2009-0258.html
Changes in MySQL 5.1.33 (Not yet released)
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-33.html
Thinking about Row Level Security, part 1
http://it.toolbox.com/blogs/database-soup/thinking-about-row-level-security-part-1-30732?rss=1
Changes in MySQL 5.0.80 (Not yet released)
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-80.html
Trend Micro Client/Server Security 2.0サポート終了に伴う後継製品へのアップグレードのお願い
http://www.trendmicro.co.jp/support/news.asp?id=1230
2009年3月24日火曜日
火曜日、大安
+ The latest stable version of the Linux kernel is: 2.6.29
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29
+ iptables 1.4.3 released
http://www.netfilter.org/projects/iptables/files/changes-iptables-1.4.3.txt
FreeBSD-SA-09:06.ktimer: ktimer
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28726
「情報セキュリティ技術動向調査タスクグループ報告書(2008 年下期)」を公開しました。
http://www.ipa.go.jp/security/fy20/reports/tech1-tg/index2.html
ExpressionEngine Persistent Cross-Site Scripting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00207.html
FreeBSD Security Advisory FreeBSD-SA-09:06.ktimer
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00210.html
Rittal CMC-TC Processing Unit II multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00206.html
[ MDVSA-2009:078 ] evolution-data-server
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00213.html
CORE-2009-0122: HP OpenView Buffer Overflows
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00211.html
[ MDVSA-2009:079 ] postgresql
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00214.html
[SECURITY] [DSA 1752-1] New webcit packages fix potential remote code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00212.html
[USN-743-1] Ghostscript vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00215.html
[USN-744-1] LittleCMS vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00216.html
bind 9.4.3-P2, 9.5.1-P2 リリース
http://www2.ns-labs.com/cgi-bin/security_detail_2.cgi?os=unix&id=49&p=
Apple Safari にリモートコード実行の脆弱性
http://www2.ns-labs.com/cgi-bin/security_detail_2.cgi?os=unix&id=50&p=
Mozilla Firefox にリモートコード実行の脆弱性
http://www2.ns-labs.com/cgi-bin/security_detail_2.cgi?os=unix&id=51&p=
Sun Java System Identity Manager に複数の脆弱性
http://www2.ns-labs.com/cgi-bin/security_detail_2.cgi?os=unix&id=52&p=
52840 : PHCDownload search.php string Parameter Arbitrary PHP Code Execution
http://osvdb.org/show/osvdb/52840
Sun Java System Identity Manager Code Execution and Security Bypass
http://www.vupen.com/english/advisories/2009/0797
Avaya Products Solaris NFS Server Unauthorized Access Vulnerability
http://www.vupen.com/english/advisories/2009/0798
PHPCMS2008 "q" Parameter Handling Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/0799
BS.Player Playlist Processing Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/0800
SlySoft Products ElbyCD Driver Privilege Escalation Vulnerabilities
http://www.vupen.com/english/advisories/2009/0801
+ Linux Kernel Security Bypass and Information Disclosure Vulnerabilities
http://www.vupen.com/english/advisories/2009/0802
Telnet-FTP Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/21339
Telnet-FTP Server Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/21340
Pivot 'refkey' Arbitrary File Deletion Vulnerability
http://www.securityfocus.com/bid/34160
PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34090
POP Peeper 'From' Mail Header Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34192
Foxit Reader PDF Handling Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/34035
Muttprint Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/32743
Evolution Data Server 'ntlm_challenge()' Memory Contents Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34109
GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100
GNOME Evolution S/MIME Email Signature Verification Vulnerability
http://www.securityfocus.com/bid/33720
Zinf Multiple Playlist Files Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33482
WebCit Mini_Calendar Component Format String Vulnerability
http://www.securityfocus.com/bid/34206
Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34184
Piwik 'archive.sh' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34204
Little CMS Memory Leak and Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/34185
Orbit Downloader ActiveX Control 'download()' Method Arbitrary File Delete Vulnerability
http://www.securityfocus.com/bid/34200
+ Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34205
X-BLC 'get_read.php' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34197
Drupal CCK Field Privacy Module Security Bypass Vulnerability
http://www.securityfocus.com/bid/34199
FreeBSD 'kenv' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34198
FreeBSD 'ktimer' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34196
SuperNews 'valor.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34195
WBB3 rGallery 'userID' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34194
ExpressionEngine Avtaar Name HTML Injection Vulnerability
http://www.securityfocus.com/bid/34193
HP OpenView Network Node Manager 'Accept-Language' HTTP Header Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34135
HP OpenView Network Node Manager 'OvAcceptLang' Parameter Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34134
Apple Mac OS X HFS Plus Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34203
Apple Mac OS X Kernel Memory Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/34202
Content Construction Kit (CCK) Drupal Module User and Node References HTML Injection Vulnerability
http://www.securityfocus.com/bid/34172
WeeChat IRC Message Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34148
Apple Mac OS X AppleTalk Zip-Notify Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34201
Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/33827
Racer Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/25297
Libpng Library 'png_handle_tEXt()' Memory Leak Denial of Service Vulnerability
http://www.securityfocus.com/bid/31920
Libpng Library Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/25956
Libpng Library Unknown Chunk Handler Vulnerability
http://www.securityfocus.com/bid/28770
Libpng Library Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/24000
Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33428
Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33846
Linux Kernel 'readlink' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33412
Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33275
Linux Kernel 'keyctl_join_session_keyring()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/33339
Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33113
Linux-PAM Configuration File Non-ASCII User Name Handling Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34010
VMware Server 1.0.5 and Workstation 6.0.3 Multiple Vulnerabilities
http://www.securityfocus.com/bid/28276
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and -11 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/33990
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/33598
Sun Solaris NFS Server (nfssec(5)) Security Modes Security Bypass Vulnerability
http://www.securityfocus.com/bid/34063
Rittal CMC-TC Processing Unit II Administrator Session ID Security Bypass Vulnerability
http://www.securityfocus.com/bid/34217
+ Linux Kernel 'ecryptfs_write_metadata_to_contents()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34216
PHPizabi 'modules/chat/dac.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/34213
Free Arcade Script SQL Injection and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/34212
Padl nss_ldap '/etc/nss_ldapd.conf' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34211
Syzygy CMS SQL Injection and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/34210
Sysax Multi Server FTP 'DELE' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/34209
Codice CMS 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34208
Pluck 'module_pages_site.php' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/34207
Sun Java System Identity Manager Security Vulnerabilities
http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1
「10大脅威 攻撃手法の『多様化』が進む」を公開
http://www.ipa.go.jp/security/vuln/10threats2009.html
JVNDB-2009-001091 IBM WebSphere Application Server におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001091.html
JVNDB-2009-001090 IBM WebSphere Application Server の IBM I/O ライブラリにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001090.html
JVNDB-2009-001089 IBM WebSphere Application Server における任意の Web サイトへリダイレクトされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001089.html
JVNDB-2009-001088 IBM WebSphere Application Server における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001088.html
+ Linux Kernel 'ecryptfs_write_metadata_to_contents()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34216
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29
+ iptables 1.4.3 released
http://www.netfilter.org/projects/iptables/files/changes-iptables-1.4.3.txt
FreeBSD-SA-09:06.ktimer: ktimer
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28726
「情報セキュリティ技術動向調査タスクグループ報告書(2008 年下期)」を公開しました。
http://www.ipa.go.jp/security/fy20/reports/tech1-tg/index2.html
ExpressionEngine Persistent Cross-Site Scripting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00207.html
FreeBSD Security Advisory FreeBSD-SA-09:06.ktimer
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00210.html
Rittal CMC-TC Processing Unit II multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00206.html
[ MDVSA-2009:078 ] evolution-data-server
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00213.html
CORE-2009-0122: HP OpenView Buffer Overflows
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00211.html
[ MDVSA-2009:079 ] postgresql
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00214.html
[SECURITY] [DSA 1752-1] New webcit packages fix potential remote code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00212.html
[USN-743-1] Ghostscript vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00215.html
[USN-744-1] LittleCMS vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00216.html
bind 9.4.3-P2, 9.5.1-P2 リリース
http://www2.ns-labs.com/cgi-bin/security_detail_2.cgi?os=unix&id=49&p=
Apple Safari にリモートコード実行の脆弱性
http://www2.ns-labs.com/cgi-bin/security_detail_2.cgi?os=unix&id=50&p=
Mozilla Firefox にリモートコード実行の脆弱性
http://www2.ns-labs.com/cgi-bin/security_detail_2.cgi?os=unix&id=51&p=
Sun Java System Identity Manager に複数の脆弱性
http://www2.ns-labs.com/cgi-bin/security_detail_2.cgi?os=unix&id=52&p=
52840 : PHCDownload search.php string Parameter Arbitrary PHP Code Execution
http://osvdb.org/show/osvdb/52840
Sun Java System Identity Manager Code Execution and Security Bypass
http://www.vupen.com/english/advisories/2009/0797
Avaya Products Solaris NFS Server Unauthorized Access Vulnerability
http://www.vupen.com/english/advisories/2009/0798
PHPCMS2008 "q" Parameter Handling Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/0799
BS.Player Playlist Processing Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/0800
SlySoft Products ElbyCD Driver Privilege Escalation Vulnerabilities
http://www.vupen.com/english/advisories/2009/0801
+ Linux Kernel Security Bypass and Information Disclosure Vulnerabilities
http://www.vupen.com/english/advisories/2009/0802
Telnet-FTP Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/21339
Telnet-FTP Server Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/21340
Pivot 'refkey' Arbitrary File Deletion Vulnerability
http://www.securityfocus.com/bid/34160
PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34090
POP Peeper 'From' Mail Header Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34192
Foxit Reader PDF Handling Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/34035
Muttprint Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/32743
Evolution Data Server 'ntlm_challenge()' Memory Contents Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34109
GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100
GNOME Evolution S/MIME Email Signature Verification Vulnerability
http://www.securityfocus.com/bid/33720
Zinf Multiple Playlist Files Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33482
WebCit Mini_Calendar Component Format String Vulnerability
http://www.securityfocus.com/bid/34206
Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34184
Piwik 'archive.sh' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34204
Little CMS Memory Leak and Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/34185
Orbit Downloader ActiveX Control 'download()' Method Arbitrary File Delete Vulnerability
http://www.securityfocus.com/bid/34200
+ Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34205
X-BLC 'get_read.php' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34197
Drupal CCK Field Privacy Module Security Bypass Vulnerability
http://www.securityfocus.com/bid/34199
FreeBSD 'kenv' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34198
FreeBSD 'ktimer' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34196
SuperNews 'valor.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34195
WBB3 rGallery 'userID' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34194
ExpressionEngine Avtaar Name HTML Injection Vulnerability
http://www.securityfocus.com/bid/34193
HP OpenView Network Node Manager 'Accept-Language' HTTP Header Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34135
HP OpenView Network Node Manager 'OvAcceptLang' Parameter Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34134
Apple Mac OS X HFS Plus Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34203
Apple Mac OS X Kernel Memory Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/34202
Content Construction Kit (CCK) Drupal Module User and Node References HTML Injection Vulnerability
http://www.securityfocus.com/bid/34172
WeeChat IRC Message Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34148
Apple Mac OS X AppleTalk Zip-Notify Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34201
Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/33827
Racer Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/25297
Libpng Library 'png_handle_tEXt()' Memory Leak Denial of Service Vulnerability
http://www.securityfocus.com/bid/31920
Libpng Library Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/25956
Libpng Library Unknown Chunk Handler Vulnerability
http://www.securityfocus.com/bid/28770
Libpng Library Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/24000
Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33428
Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33846
Linux Kernel 'readlink' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33412
Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33275
Linux Kernel 'keyctl_join_session_keyring()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/33339
Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33113
Linux-PAM Configuration File Non-ASCII User Name Handling Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34010
VMware Server 1.0.5 and Workstation 6.0.3 Multiple Vulnerabilities
http://www.securityfocus.com/bid/28276
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and -11 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/33990
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/33598
Sun Solaris NFS Server (nfssec(5)) Security Modes Security Bypass Vulnerability
http://www.securityfocus.com/bid/34063
Rittal CMC-TC Processing Unit II Administrator Session ID Security Bypass Vulnerability
http://www.securityfocus.com/bid/34217
+ Linux Kernel 'ecryptfs_write_metadata_to_contents()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34216
PHPizabi 'modules/chat/dac.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/34213
Free Arcade Script SQL Injection and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/34212
Padl nss_ldap '/etc/nss_ldapd.conf' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34211
Syzygy CMS SQL Injection and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/34210
Sysax Multi Server FTP 'DELE' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/34209
Codice CMS 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34208
Pluck 'module_pages_site.php' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/34207
Sun Java System Identity Manager Security Vulnerabilities
http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1
「10大脅威 攻撃手法の『多様化』が進む」を公開
http://www.ipa.go.jp/security/vuln/10threats2009.html
JVNDB-2009-001091 IBM WebSphere Application Server におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001091.html
JVNDB-2009-001090 IBM WebSphere Application Server の IBM I/O ライブラリにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001090.html
JVNDB-2009-001089 IBM WebSphere Application Server における任意の Web サイトへリダイレクトされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001089.html
JVNDB-2009-001088 IBM WebSphere Application Server における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001088.html
+ Linux Kernel 'ecryptfs_write_metadata_to_contents()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34216
登録:
投稿 (Atom)