■[Dovecot-news] v1.1.13 and v1.2.beta3 released
http://www.dovecot.org/list/dovecot-news/2009-March/000104.html
■Solaris Daylight Saving Time (DST) Update (Aug 2008, Oct 2008, Mar 2009)http://sunsolve.sun.com/search/document.do?assetkey=1-66-234461-1
Summary:Daylight Saving Time (DST) and time zone definition changes occur in different countries around the world on a regular basis. This Sun Alert will be used to track ongoing daylight saving and timezone changes for Solaris.
□ECHO_ADV_107$2009: FubarForum <= 1.6 Critical File Disclosure Vulnerability http://www.criticalwatch.com/support/security-advisories.aspx?AID=28702
□ECHO_ADV_106$2009: FireAnt <= 1.3 Critical File Disclosure Vulnerability http://www.criticalwatch.com/support/security-advisories.aspx?AID=28701
□ECHO_ADV_105$2009: chaozzDB <= 1.2 Critical File Disclosure Vulnerability http://www.criticalwatch.com/support/security-advisories.aspx?AID=28700
□DSA 1743-1: New libtk-img packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28679
□PHPRunner-SA-03/17/2009: PHPRunner SQL Injection
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28699
■pcAynwhere-SA-03/18/2009: Layered Defense Research Advisory: Format String Vulnerablity in Symantec PcAnywhere v10-12.5
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28696
□DSA 1744-1: New weechat packages fix denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28693
□[SECURITY] [DSA 1744-1] New weechat packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-03/msg00183.html
□PHPRunner "SearchField" Parameter Remote SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2009/0750
□GDL (Gdl Digital Library) "node" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/0751
□fMoblog Plugin for WordPress "id" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/0752
□Sitecore CMS Web Service Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/0753
□HP Printers and Digital Senders Cross Site Request Forgery Vulnerability
http://www.vupen.com/english/advisories/2009/0754
□Symantec pcAnywhere Format String Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/0755
□Autonomy KeyView SDK "wp6sr.dll" Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/0756
□IBM Lotus Notes File Viewer for WordPerfect Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/0757
□Adobe Security Bulletin Adobe Reader and Acrobat
http://isc.sans.org/diary.html?storyid=6034
□DeluxeBB 'misc.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34174
□Pivot 'refkey' Arbitrary File Deletion Vulnerability
http://www.securityfocus.com/bid/34160
□Tasklist Drupal Module Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/34171
□Tasklist Drupal Module Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34170
□Chasys Media Player Playlist File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34165
□Autonomy KeyView Module 'wp6sr.dll' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34086
□Icarus 'PGN' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34167
□Drupal Printer, e-mail and PDF versions Module Flood Control API Open Email Relay Vulnerability
http://www.securityfocus.com/bid/34173
□Drupal Plus 1 Module Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/34168
□Adobe Acrobat and Reader 8.1.2 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32100
□Adobe Acrobat and Reader Unspecified JavaScript Method Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34169
□Umbraco CMS Administrative Pages Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34166
□Adobe Acrobat Reader Unspecified Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/29420
□Adobe Acrobat and Reader PDF File Handling JBIG2 Image Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/33751
□CDex 'ogg' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34164
□Sitecore CMS Security Databases Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34162
□system-config-printer Package Romanian Translation Insecure Configuration Weakness
http://www.securityfocus.com/bid/34161
□AWStats 'awstats.pl' Multiple Path Disclosure Vulnerability
http://www.securityfocus.com/bid/34159
□WeeChat IRC Message Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34148
□JustSystems Ichitaro Unspecified Code Execution Vulnerability
http://www.securityfocus.com/bid/34138
□OpenTTD Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/30525
□phpMyRealty Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/30862
□Mega File Hosting Script 'cross.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/34157
□IETF RFC 3279 X.509 Certificate MD5 Signature Collision Vulnerability
http://www.securityfocus.com/bid/33065
□MTCMS WYSIWYG Editor 'install.cgi' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34151
□libcdaudio 'cddb.c' Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/32122
■OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
http://www.securityfocus.com/bid/33150
□F5 BIG-IP Web Management Interface 'NEW_VALUE' Parameter Remote Code Injection Vulnerability
http://www.securityfocus.com/bid/28639
□Joomla! and Mambo myContent Component 'id' Parameter SQL Injection VulnerabilitY
http://www.securityfocus.com/bid/29468
□IBM Rational AppScan Enterprise Exported Report Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34163
□Symantec pcAnywhere Local Format String Vulnerability
http://www.securityfocus.com/bid/33845
□Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32608
□Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/32892
□Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/32620
□GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100
□GNOME Evolution S/MIME Email Signature Verification Vulnerability
http://www.securityfocus.com/bid/33720
□Evolution Data Server 'ntlm_challenge()' Memory Contents Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34109
□YABSoft Advanced Image Hosting Script 'gallery_list.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34176
□Content Construction Kit (CCK) Drupal Module User and Node References HTML Injection Vulnerability
http://www.securityfocus.com/bid/34172
□JVNVU#817940 NetBSD の MLD query パケット処理にサービス運用妨害(DoS)の脆弱性http://jvn.jp/cert/JVNVU817940/
□JVN#88935101 X.Org Foundation 製 X サーバにおけるバッファオーバーフローの脆弱性http://jvn.jp/jp/JVN88935101/
□Adobe Reader 及び Acrobat の脆弱性に関する注意喚起
http://www.jpcert.or.jp/at/2009/at090006.txt
□JVNDB-2009-001087 富士通 Enhanced Support Facility の HRM-S におけるハード・ソフト情報リクエストを発行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001087.html
□JVNDB-2009-001086 GE Fanuc Proficy HMI/SCADA iFIX の認証機能における脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001086.html
□JVNDB-2009-001085 Apple Mac OS の XTerm における書き込み可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001085.html
□JVNDB-2009-001084 Apple Mac OS の SMB コンポーネントにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001084.html
□JVNDB-2008-001929 IMAP Toolkit および Alpine、Pand IMAP における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001929.html
□PostgreSQL Encoding Conversion Error Lets Remote Authenticated Users Deny Service
http://securitytracker.com/alerts/2009/Mar/1021860.html
□Adobe Reader JavaScript Input Valdation Flaw Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Mar/1021861.html
■Velocity Engine 1.6.2 released
http://velocity.apache.org/news.html#engine162
□seamonkeyのセキュリティフィックス
http://www.miraclelinux.com/support/?q=node/99&errata_id=1686&ML30
0 件のコメント:
コメントを投稿