The latest prepatch for the stable Linux kernel tree is: 2.6.30-rc4
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.30-rc4
「ゼロデイ攻撃を防御、パターン不要」――純国産の対策ソフト発表
フォティーンフォティ技術研究所が開発、振る舞いからウイルスを検出
http://itpro.nikkeibp.co.jp/article/NEWS/20090430/329335/?ST=security
「豚インフルエンザ」便乗の迷惑メール出現、“便乗ドメイン”も続々
バイアグラの販売サイトなどに誘導、悪質サイトが出現する恐れもある
http://itpro.nikkeibp.co.jp/article/NEWS/20090430/329314/?ST=security
JVNDB-2009-001186 IBM DB2 における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001186.html
JVNDB-2009-001185 Microsoft Office PowerPoint に任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001185.html
JVNDB-2008-001954 Windows 上で動作する Mozilla Firefox/SeaMonkey における .url ショートカットファイルに関する同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001954.html
JVNDB-2008-001953 Mozilla Firefox における file: URI にクローム特権を割り当てる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001953.html
JVNDB-2008-001952 複数の Mozilla 製品における Canvas 要素と HTTP リダイレクト処理に関する同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001952.html
JVNDB-2008-001949 Mozilla Firefox/SeaMonkey における Flash モジュールのチェックに関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001949.html
JVNDB-2008-001948 複数の Mozilla 製品における window.__proto__.__proto__ オブジェクトの改ざんに関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001948.html
JVNDB-2008-001782 Mozilla Thunderbird/SeaMonkey における news 記事のヘッダ処理に関するヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001782.html
JVNDB-2008-001760 Mozilla Firefox/SeaMonkey における XBM イメージファイルの処理に関する情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001760.html
JVNDB-2008-001758 複数の Mozilla 製品におけるディレクトリトラバーサルシーケンスの処理に関するディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001758.html
JVNDB-2008-001757 Linux 上の複数の Mozilla 製品における ".." 文字および URL エンコードされた "/" 文字の処理に関するディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001757.html
JVNDB-2008-001756 Mozilla Firefox における下位サロゲート文字の処理に関するクロスサイトスクリプティング防止機構を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001756.html
JVNDB-2008-001755 複数の Mozilla 製品における BOM 文字の処理に関するクロスサイトスクリプティング防止機構を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001755.html
54130 : Adobe Reader for Linux getAnnots() JavaScript Method PDF Handling Memory Corruption
http://osvdb.org/show/osvdb/54130
54129 : Adobe Reader for Linux customDictionaryOpen() JavaScript Method PDF Handling Memory
http://osvdb.org/show/osvdb/54129
54128 : WebSPELL picture.php id Parameter Traversal Arbitrary File Access
http://osvdb.org/show/osvdb/54128
54127 : Memcached / MemcacheDB stats maps Command Remote Information Disclosure
http://osvdb.org/show/osvdb/54127
54126 : @mail webadmin/admin.php Multiple Parameter XSS
http://osvdb.org/show/osvdb/54126
JBC Explorer Auth.Inc.PHP Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/26332
HPSBMA02400 SSRT080144 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01646081-2
+ Solution 241646 : Security Vulnerability in GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-241646-1
+ Solution 257708 : Security Vulnerabilities in DTrace (dtrace(1M)) ioctl(2) Handlers May Lead to a Denial of Service (DoS) Condition
http://sunsolve.sun.com/search/document.do?assetkey=1-66-257708-1
- RHSA-2009:0451-2 Important: kernel-rt security and bug fix update
https://rhn.redhat.com/errata/RHSA-2009-0451.html
+ Linux Kernel Bug in exit_notify() Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/Apr/1022141.html
+ Multiple Trend Micro Products RAR/ZIP/CAB Files Scan Evasion Vulnerability
http://www.securityfocus.com/bid/34763
Postfix 2.7 Snapshot 20090428
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.7-20090428.HISTORY
Rakudo Perl 6 development release #16
http://use.perl.org/articles/09/04/29/1649217.shtml
DBD::Oracle 1.23 released
http://www.cpan.org/modules/by-module/DBD/DBD-Oracle-1.23.readme
NTP 4.2.4p7-RC4 released
http://archive.ntp.org/ntp4/ChangeLog-stable-rc
NTP 4.2.5p168 development released
http://archive.ntp.org/ntp4/ChangeLog-dev
Solution 257868 : SUN ALERT WEEKLY SUMMARY REPORT - Week of 19-Apr-2009 to 25-Apr-2009
http://sunsolve.sun.com/search/document.do?assetkey=1-66-257868-1
Cross-Site Scripting Vulnerability in Citrix Web Interface
http://support.citrix.com/article/CTX120697
Security Update to Citrix License Server
http://support.citrix.com/article/CTX120742
DSA 1781-1: New ffmpeg-debian packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29127
DSA 1782-1: New mplayer packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29128
DSA 1783-1: New mysql-dfsg-5.0 packages fix multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29129
RHSA-2009:0451-02: Important: kernel-rt security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29130
SEC Consult Security Advisory <>: Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29134
SSA:2009-118-01: mozilla-firefox
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29125
Vendor Security Advisories
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29136
TZO-17-2009: Trendmicro multiple bypass/evasions
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29137
Addendum: TZO-17-2009: Trendmicro multiple bypass/evasions
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29138
DSA 1780-1: New libdbd-pg-perl packages fix potential code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29126
HPSBUX02366 SSRT080120 rev.1: HPUX Running useradd(1M), Local Unauthorized Access
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29139
iDefense Security Advisory 04.28.09: TIBCO SmartSockets Stack Buffer Overflow Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29132
MIM:InfiniX-SA-04/28/2009: MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003--->
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29140
MDVSA-2009:101: xpdf
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29124
Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29133
OpenView-SA-04/28/2009: HP OpenView Network Node Manager "ovalarmsrv" Integer Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29119
Errata: TZO-13-2009: Avira Antivir generic CAB evasion / bypass
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29131
ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29135
DDIVRT-2009-24: Precidia Ether232 Memory Corruption
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29118
HPSBMA02424 SSRT080125 rev.1: HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29120
EZ-blog-SA-04/27/2009: SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2-->
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29123
MDVSA-2009:098: krb5
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29108
MDVSA-2009:099: openafs
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29109
RHSA-2009:0449-01: Critical: firefox security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29113
TZO-13-2009: Avira Antivir generic CAB evasion / bypass
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29114
TZO-14-2009: Comodo Antivirus RAR evasion
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29115
TZO-15-2009: Aladdin eSafe generic bypass - Forced release
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29116
USN-761-2: PHP vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29110
USN-766-1: acpid vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29111
USN-767-1: FreeType vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29112
人間を使う「画像認証」破りサービス、1000件当たり1ドルで解読
もはや一つのビジネス、Googleのスポンサーリンクにも表示
http://itpro.nikkeibp.co.jp/article/NEWS/20090428/329293/?ST=security
PUBLIC ADVISORY: 04.29.09 Symantec System Center Alert Management System Console Arbitrary Program Execution Design Error Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=786
PUBLIC ADVISORY: 04.28.09 TIBCO SmartSockets Stack Buffer Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785
[security bulletin] HPSBMA02400 SSRT080144 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00289.html
iDefense Security Advisory 04.29.09: Symantec System Center Alert Management System Console Arbitrary Program Execution Design Error Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00283.html
SQL INJECTION (SQLi) VULNERABILITY--ProjectCMS v1.0 Beta Final-->
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00286.html
Addendum: [TZO-17-2009]Trendmicro multiple bypass/evasions
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00284.html
[TZO-17-2009]Trendmicro multiple bypass/evasions
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00288.html
[TZO-16-2009] Nod32 CAB bypass/evasion
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00287.html
Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00282.html
[SECURITY] [DSA 1783-1] New mysql-dfsg-5.0 packages fix multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00281.html
[SECURITY] [DSA 1782-1] New mplayer packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00280.html
[SECURITY] [DSA 1781-1] New ffmpeg-debian packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00278.html
[ MDVA-2009:057 ] usermode
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00277.html
[ MDVSA-2009:101 ] xpdf
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00276.html
ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00285.html
Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00279.html
iDefense Security Advisory 04.28.09: TIBCO SmartSockets Stack Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00273.html
[USN-765-1] Firefox and Xulrunner vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00272.html
[SECURITY] [DSA 1780-1] New libdbd-pg-perl packages fix potential code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00275.html
Errata: [TZO-13-2009] Avira Antivir generic CAB evasion / bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00261.html
MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003--->
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00270.html
one shot remote root for linux?
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00269.html
[security bulletin] HPSBUX02366 SSRT080120 rev.1 - HPUX Running useradd(1M), Local Unauthorized
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00262.html
security tools list
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00263.html
Secunia Research: HP OpenView Network Node Manager "ovalarmsrv" Integer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00264.html
[ MDVSA-2009:099 ] openafs
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00259.html
[USN-767-1] FreeType vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00266.html
[USN-766-1] acpid vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00271.html
[USN-761-2] PHP vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00267.html
RHBA-2009:0454-1 hts bug fix update
http://rhn.redhat.com/errata/RHBA-2009-0454.html
Vulnerability Note VU#970180 Adobe Reader and Acrobat customDictionaryOpen() and getAnnots() JavaScript vulnerabilities
http://www.kb.cert.org/vuls/id/970180
Citrix Licensing License Server Unspecified Vulnerabilities
http://secunia.com/advisories/34937/
+ Symantec Log Viewer Script Insertion Vulnerabilities
http://secunia.com/advisories/34936/
+ Symantec Products Reporting Server URL Handling Weakness
http://secunia.com/advisories/34935/
Ubuntu update for php5
http://secunia.com/advisories/34933/
MemcacheDB "stats maps" Information Disclosure Weakness
http://secunia.com/advisories/34932/
HP-UX "useradd" Unauthorised Access
http://secunia.com/advisories/34931/
LevelOne AMG-2000 Proxy "Host:" Security Bypass
http://secunia.com/advisories/34926/
WebSPELL "picture.php" Information Disclosure
http://secunia.com/advisories/34921/
Red Hat update for kernel-rt
http://secunia.com/advisories/34917/
memcached "'stats maps" Information Disclosure Weakness
http://secunia.com/advisories/34915/
TIBCO SmartSockets Buffer Overflow Vulnerability
http://secunia.com/advisories/34911/
Ubuntu update for firefox-3.0 and xulrunner-1.9
http://secunia.com/advisories/34910/
Debian update for ffmpeg
http://secunia.com/advisories/34905/
Citrix Web Interface Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/34868/
+ Symantec Products Alert Management System 2 Multiple Vulnerabilities
http://secunia.com/advisories/34856/
Slackware update for mozilla-firefox
http://secunia.com/advisories/34851/
Debian update for mplayer
http://secunia.com/advisories/34845/
Sun Solaris DTrace ioctl Handlers Denial of Service
http://secunia.com/advisories/34836/
@mail "admin.php" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/34403/
Fedora update for libmodplug
http://secunia.com/advisories/34930/
Fedora update for prewikka
http://secunia.com/advisories/34928/
libmodplug "PATinst()" Buffer Overflow Vulnerability
http://secunia.com/advisories/34927/
Adobe Reader for Linux JavaScript Methods Memory Corruption
http://secunia.com/advisories/34924/
MataChat "nickname" and "color" Script Insertion Vulnerabilities
http://secunia.com/advisories/34922/
Red Hat update for firefox
http://secunia.com/advisories/34919/
Citrix Web Interface Input Validation Hole Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id?1022145
Citrix License Server Unspecified Bugs in Licensing Management Console Have Unspecified Impact
http://www.securitytracker.com/id?1022144
Solaris DTrace ioctl Hanlder Flaws Let Local Users Deny Service
http://www.securitytracker.com/id?1022143
Linux Kernel Bug in exit_notify() Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id?1022141
memcached Discloses Application Memory Contents and Information to Remote Users
http://www.securitytracker.com/id?1022140
Adobe Reader Bugs in getAnnots() and spell.customDictionaryOpen() Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id?1022139
Symantec Endpoint Protection Bug in Reporting Server Lets Remote Users Display Arbitrary Messages
http://securitytracker.com/alerts/2009/Apr/1022138.html
Symantec Client Security Bug in Reporting Server Lets Remote Users Display Arbitrary Messages
http://securitytracker.com/alerts/2009/Apr/1022137.html
Symantec Anti Virus Corporate Edition Bug in Reporting Server Lets Remote Users Display Arbitrary Messages
http://securitytracker.com/alerts/2009/Apr/1022136.html
+ Security Advisories Relating to Symantec Products - Symantec Reporting Server Improper URL Handling Exposure
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00
Symantec Endpoint Protection Input Validation Flaw in Log Viewer Permits Remote HTML Injection Attacks
http://securitytracker.com/alerts/2009/Apr/1022135.html
+ Security Advisories Relating to Symantec Products - Symantec Log Viewer JavaScript Injection Vulnerabilities
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_01
Symantec Anti Virus Input Validation Flaw in Log Viewer Permits Remote HTML Injection Attacks
http://www.securitytracker.com/id?1022134
Norton Internet Security Input Validation Flaw in Log Viewer Permits Remote HTML Injection Attacks
http://www.securitytracker.com/id?1022133
Symantec Endpoint Protection Bugs in Alert Management System 2 Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id?1022132
+ Security Advisories Relating to Symantec Products - Symantec Alert Management System 2 multiple vulnerabilities
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02
Symantec Client Security Bugs in Alert Management System 2 Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id?1022131
Symantec Anti Virus Corporate Edition Bugs in Alert Management System 2 Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id?1022130
TIBCO SmartSockets Stack Overflow in RTserver Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id?1022129
HP-UX Bug in 'useradd' Command Lets Local Users Gain Access to Files and Directories
http://www.securitytracker.com/id?1022128
Citrix License Server Management Console Unspecified Vulnerability
http://www.vupen.com/english/advisories/2009/1207
Citrix Web Interface Unspecified Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/1206
HP-UX "useradd" Command Local Unauthorized Access Vulnerability
http://www.vupen.com/english/advisories/2009/1205
Symantec Products Alert Management System 2 Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2009/1204
Symantec Products Log Viewer Feature Script Injection Vulnerabilities
http://www.vupen.com/english/advisories/2009/1203
Symantec Products Reporting Server Message Manipulation Weakness
http://www.vupen.com/english/advisories/2009/1202
Juniper Netscreen ScreenOS Information Disclosure Weakness
http://www.vupen.com/english/advisories/2009/1201
Libmodplug "PATinst()" Instrument Name Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1200
Sun Solaris DTrace IOCTL Handlers Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/1199
TIBCO SmartSockets UDP Remote Stack Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1198
MemcacheDB "stats maps" Remote Information Disclosure Weakness
http://www.vupen.com/english/advisories/2009/1197
Memcached "stats maps" Remote Information Disclosure Weakness
http://www.vupen.com/english/advisories/2009/1196
Adobe Reader and Acrobat JavaScript Memory Corruption Vulnerabilities
http://www.vupen.com/english/advisories/2009/1189
IBM Tivoli Workload Scheduler Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/1188
HP OpenView NNM "ovalarmsrv" Remote Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1187
Sumatra PDF MuPDF "loadexponentialfunc()" Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1186
MuPDF "loadexponentialfunc()" Function Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1185
Mozilla Firefox "nsTextFrame::ClearTextRun()" Memory Corruption Issue
http://www.vupen.com/english/advisories/2009/1180
IBM Tivoli Continuous Data Protection for Files Insecure Default Permissions Vulnerability
http://www.securityfocus.com/bid/26293
doop Index.php Local File Include Vulnerability
http://www.securityfocus.com/bid/26075
Kaspersky Online Scanner KAVWebScan.DLL ActiveX Control Format String Vulnerability
http://www.securityfocus.com/bid/26004
NVClock Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/25052
Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/24524
Linux Kernel CPUSet Tasks Memory Leak Information Disclosure Vulnerability
http://www.securityfocus.com/bid/24389
+ Sun Java Web Start Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/23728
Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/23412
Microsoft Windows Vista Neighbor Discovery Spoofing Vulnerability
http://www.securityfocus.com/bid/23293
Adobe Acrobat and Reader Unspecified Remote Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34768
Cisco IOS Multiple Features UDP Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/34245
Linux Kernel 'do_splice_from()' Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/31903
Cisco IOS NAT Skinny Call Control Protocol Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/31359
Cisco IOS AIC HTTP Transit Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31354
ProjectCMS 'sn' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34767
HP Enterprise Discovery Unspecified Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/30865
HP OpenView Network Node Manager HTTP Request Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/33147
Samba Group Mappings File Insecure Permissions Local Security Vulnerability
http://www.securityfocus.com/bid/30837
Ruby REXML Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/30802
JBoss Enterprise Application Platform Information Disclosure Vulnerability
http://www.securityfocus.com/bid/30540
Apple Safari Automatic File Launch Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/29835
Multiple ESET Products CAB File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/34764
GNU Tar Invalid Headers Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/16764
LevelOne AMG-2000 Security Bypass Vulnerability
http://www.securityfocus.com/bid/34760
Linux Kernel RLIMIT_CPU Zero Limit Handling Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/29004
Linksys WRT54G Wireless-G Router Multiple Remote Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/28381
JBC Explorer Auth.Inc.PHP Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/26332
TorrentTrader 'msg' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/28082
GFL SDK Library Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/27514
TikiWiki CMS 'tiki-listmovies.php' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/27008
2009年4月28日火曜日
火曜日、先勝
脆弱性対策情報データベースJVN iPediaの登録状況
[2009年第1四半期(1月~3月)]
http://www.ipa.go.jp/security/vuln/report/JVNiPedia2009q1.html
製品開発者の発信する脆弱性対策情報の自動収集の試行について
http://www.ipa.go.jp/security/vuln/jvnrss.html
54097 : CGI Rescue FORM2MAIL Unspecified Arbitrary Email Relaying
http://osvdb.org/show/osvdb/54097
54096 : CGI Rescue MiniBBS2 Unspecified Arbitrary Email Relaying
http://osvdb.org/show/osvdb/54096
54095 : CGI Rescue MiniBBS Unspecified XSS
http://osvdb.org/show/osvdb/54095
54094 : CGI Rescue Web Mailer Unspecified XSS
http://osvdb.org/show/osvdb/54094
54091 : AXIGEN Mail Server Web Interface Email Message XSS
http://osvdb.org/show/osvdb/54091
JVNDB-2009-001184 Linux kernel の sock_getsockopt 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001184.html
JVNDB-2009-001183 Linux kernel の skfp_ioctl 関数におけるドライバの統計情報をリセットされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001183.html
JVNDB-2009-001182 Linux kernel の eCryptfs サブシステムにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001182.html
JVNDB-2009-001181 Linux kernel の clone システムコールにおける親プロセスへ任意のシグナルを送信可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001181.html
JVNDB-2009-001180 Sun Solaris の dircmp スクリプトにおける競合状態の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001180.html
JVNDB-2008-001759 Mozilla Firefox/SeaMonkey における onmousedown アクションの処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001759.html
JVNDB-2008-001754 複数の Mozilla 製品の nsXMLDocument::OnChannelRedirect 関数における任意の JavaScript を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001754.html
JVNDB-2008-001753 Mozilla Firefox の feedWriter における任意のスクリプトを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001753.html
JVNDB-2008-001752 Mozilla Firefox/SeaMonkey における URL 構文解析実装に関するスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001752.html
JVNDB-2008-001751 複数の Mozilla 製品の MathML コンポーネントにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001751.html
JVNDB-2008-001750 Mozilla Firefox におけるグラフィックレンダリングに関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001750.html
JVNDB-2008-001749 Mozilla Firefox におけるレイアウトエンジンに関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001749.html
JVNDB-2008-001748 複数の Mozilla 製品における JavaScript エンジンに関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001748.html
JVNDB-2008-001747 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001747.html
JVNDB-2008-001746 Mozilla Firefox の XPConnect コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001746.html
JVNDB-2008-001745 複数の Mozilla 製品 の XPConnect コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001745.html
file "cdf_read_sat()" Buffer Overflow Vulnerability
http://secunia.com/advisories/34881/
Mozilla Firefox Bug in nsTextFrame::ClearTextRun() May Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Apr/1022126.html
HP OpenView Network Node Manager Unspecified Bug Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Apr/1022125.html
RHBA-2009:0448-1 caching-nameserver bug fix update
http://rhn.redhat.com/errata/RHBA-2009-0448.html
+ Linux kernel 2.6.29.2 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.2
Troubleshooting the boot failure of a Linux virtual machine converted from a physical computer
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1010241&sliceId=1&docTypeID=DT_KB_1_1
RHSA-2009:0449-1 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2009-0449.html
DSA 1779-1 : New apt packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29104
SSA:2009-116-01: slackware-security cups
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29102
SSA:2009-116-02: bitchx EOLed in Slackware
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29103
Photo-Rigma.BiZ: REMOTE SQL INJECTION (SQLi) VULNERABILITY-- Photo-Rigma.BiZ v30--
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29105
AID-42309 : Management User Authentication Bypass Vulnerability When Using Public Key Based SSH Authentication
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29107
MDVSA-2009:095: ghostscript
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29099
MDVSA-2009:096: MDVSA-2009:096 printer-drivers
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29100
MDVSA-2009:097: MDVSA-2009:097 clamav
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29101
[security bulletin] HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00258.html
DDIVRT-2009-24 Precidia Ether232 Memory Corruption
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00256.html
[ MDVSA-2009:096-1 ] printer-drivers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00255.html
[ MDVSA-2009:098 ] krb5
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00257.html
[TZO-15-2009] Aladdin eSafe generic bypass - Forced release
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00251.html
[TZO-14-2009] Comodo Antivirus RAR evasion
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00254.html
[TZO-13-2009] Avira Antivir generic CAB evasion / bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00250.html
T209: Call for Papers 2009 (Helsinki / Finland)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00248.html
SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2-->
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00252.html
Remote iodinetd DoS vulnerability on Debian Lenny
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00247.html
[SECURITY] [DSA 1779-1] New apt packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00253.html
MataChat Cross-Site Scripting Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00249.html
[ MDVSA-2009:097 ] clamav
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00246.html
[ MDVSA-2009:097 ] clamav
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00245.html
[ MDVSA-2009:096 ] printer-drivers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00243.html
「見た目がシンプルすぎる?」マイクロソフト謹製ソフトをかたるボット
インストール画面にはスペルミスや文法上の誤り、だまされないように注意
http://itpro.nikkeibp.co.jp/article/NEWS/20090427/329263/?ST=security
CGI Rescue MiniBBS Cross-Site Scripting Vulnerability
http://secunia.com/advisories/34887/
SDP Downloader ASX Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/34883/
CGI Rescue MiniBBS2 Security Bypass Vulnerability
http://secunia.com/advisories/34875/
Debian update for apt
http://secunia.com/advisories/34874/
OrangeHRM Cross-Site Scripting and Security Bypass
http://secunia.com/advisories/34873/
Slackware bitchx Multiple Vulnerabilities
http://secunia.com/advisories/34870/
CGI Rescue FORM2MAIL Security Bypass Vulnerability
http://secunia.com/advisories/34869/
Aruba Mobility Controller Public Key SSH Authentication Security Bypass
http://secunia.com/advisories/34864/
CGI Rescue Web Mailer HTTP Header Injection Vulnerability
http://secunia.com/advisories/34862/
Fedora update for glib2
http://secunia.com/advisories/34854/
Fedora update for firefox and xulrunner
http://secunia.com/advisories/34849/
Linksys WRT54GC "administration.cgi" Security Bypass Vulnerability
http://secunia.com/advisories/34805/
Linksys WVC54GCA Multiple Vulnerabilities
http://secunia.com/advisories/34767/
Apache ActiveMQ Web Console Script Insertion Vulnerabilities
http://secunia.com/advisories/34745/
AXIGEN Mail Server Script Insertion Vulnerability
http://secunia.com/advisories/34402/
Aruba Mobility Controller Public Key-based SSH Authentication Bug Lets Remote Users Access the System
http://securitytracker.com/alerts/2009/Apr/1022124.html
Juniper NetScreen ScreenOS Discloses Firmware Version Information to Remote Users
http://securitytracker.com/alerts/2009/Apr/1022123.html
VooDoo cIRCle Security Update Fixes OpenSSL Security Bypass Issues
http://www.vupen.com/english/advisories/2009/1175
Aruba Mobility Controller Key SSH Authentication Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/1174
Linkys WVC54GCA Security Bypass and Information Disclosure
http://www.vupen.com/english/advisories/2009/1173
Linksys WRT54GC "administration.cgi" Password Manipulation Issue
http://www.vupen.com/english/advisories/2009/1172
SDP Downloader ASX File Handling Heap Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1171
Popcorn POP3 Reponse Processing Remote Heap Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1170
Cisco ASA WebVPN Clientless Mode Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/1169
Movable Type Uspecified Data Handling Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/1168
+ HPSBUX02366 SSRT080120 rev.1 - HPUX Running useradd(1M), Local Unauthorized Access
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01539431-1
OpenAFS Error Codes Remote Denial of Service Vulnerabiliy
http://www.securityfocus.com/bid/34404
OpenAFS Unix Cache Manager Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34407
FreeType Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34550
PHP 5.2.8 and Prior Versions Multiple Vulnerabilities
http://www.securityfocus.com/bid/33927
acpid Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34692
Multiple China-on-site.com Products Username and Password SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/32810
Invision Power Board Multiple HTML-Injection and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/34725
Axigen Mail Server HTML Injection Vulnerability
http://www.securityfocus.com/bid/34716
OrangeHRM Multiple Cross Site Scripting and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/34715
HP OpenView Network Node Manager Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34738
PHP-Nuke Sections Module 'artid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/27958
SDP Downloader 'ASX' File Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34712
Zoom Player Malformed ZPL File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/27007
chuggnutt.com HTML to Plain Text Conversion Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/32799
LightBlog Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/31851
Adobe Reader 'getAnnots()' Javascript Function Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34736
Belkin Bulldog Plus Web Service Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34033
Multiple Avira AntiVir Products CAB File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/34723
MIT Kerberos SPNEGO and ASN.1 Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/34408
MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34409
COMTREND CT-536 and HG-536 Routers Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/32975
libvirt 'libvirt_proxy.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33724
Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34184
Ghostscript 'CCITTFax' Decoding Filter Denial of Service Vulnerability
http://www.securityfocus.com/bid/34337
Xpdf JBIG2 Processing Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34568
BitchX IRC MODE Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/25462
BitchX Hook.C Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/24579
BitchX E_HOSTNAME Function Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/26326
Scorpio Framework 'baseAdminSite' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34702
Absolute Form Processor XE 'userid' Parameter Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34706
Pragyan CMS Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34707
Photo-Rigma.BiZ SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34709
Aruba Mobility Controller Public Key Based SSH Authentication Security Bypass Vulnerability
http://www.securityfocus.com/bid/34711
Juniper Networks ScreenOS 'about.html' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34710
PuterJam's Blog PJBlog3 'action.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34701
Popcorn POP3 Response Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34699
Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34698
OCS Inventory NG Server Prior to 1.02 Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/34694
CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/34571
CUPS Insufficient 'Host' Header Validation Weakness
http://www.securityfocus.com/bid/34665
FormShield 'CAPTCHA' Replay Security Bypass Vulnerability
http://www.securityfocus.com/bid/34708
Movable Type Prior to Version 4.25 Unspecified Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/34703
RETIRED: Absolute File Send .Net Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/32002
SunGard Banner Student 'twbkwbis.P_SecurityQuestion' HTML Injection Vulnerability
http://www.securityfocus.com/bid/34620
CS Whois Lookup 'ip' Parameter Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/34700
GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100
RealNetworks RealPlayer MP3 File Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34719
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32608
CGI Rescue FORM2MAIL and MiniBBS2 Security Bypass Vulnerability
http://www.securityfocus.com/bid/34717
CGI Rescue MiniBBS Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34718
Linksys WVC54GCA Wireless-G Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34714
Linksys WVC54GCA Wireless-G 'adm/file.cgi' Multiple Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/34713
Mozilla Firefox International Domain Name Subdomain URI Spoofing Vulnerability
http://www.securityfocus.com/bid/33837
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -14 through -22 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/34656
Debian apt Repository Signature Verification Vulnerability
http://www.securityfocus.com/bid/34630
Multiple Samsung Devices SMS Provisioning Messages Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34705
Mozilla Firefox 'nsTextFrame::ClearTextRun()' Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34743
Multiple Precidia Devices Unspecified Memory Corruption and Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34742
Thickbox Gallery 'index.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/34741
Adobe Reader 'spell.customDictionaryOpen()' JavaScript Function Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34740
IceWarp Merak Mail Server 'Base64FileEncode()' Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34739
Comodo Internet Security RAR File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/34737
Multiple Teraway Products Unauthorized Access and Cookie Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34735
Flatchat 'pmscript.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/34734
ECShop 'user.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34733
Dew-NewPHPLinks 'index.php' Local File Include and Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34732
iodine 'iodined' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34731
LightBlog PHP Code Injection And Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34730
EZ-Blog 'public/specific.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34729
Aladdin eSafe Unspecified Archive File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/34726
OpenCart 'index.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/34724
MataChat 'input.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34722
DWebPro Directory Traversal Vulnerability and Arbitrary File Disclosure Vulnerability
http://www.securityfocus.com/bid/34721
Destiny Media Player '.rdl' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34720
[2009年第1四半期(1月~3月)]
http://www.ipa.go.jp/security/vuln/report/JVNiPedia2009q1.html
製品開発者の発信する脆弱性対策情報の自動収集の試行について
http://www.ipa.go.jp/security/vuln/jvnrss.html
54097 : CGI Rescue FORM2MAIL Unspecified Arbitrary Email Relaying
http://osvdb.org/show/osvdb/54097
54096 : CGI Rescue MiniBBS2 Unspecified Arbitrary Email Relaying
http://osvdb.org/show/osvdb/54096
54095 : CGI Rescue MiniBBS Unspecified XSS
http://osvdb.org/show/osvdb/54095
54094 : CGI Rescue Web Mailer Unspecified XSS
http://osvdb.org/show/osvdb/54094
54091 : AXIGEN Mail Server Web Interface Email Message XSS
http://osvdb.org/show/osvdb/54091
JVNDB-2009-001184 Linux kernel の sock_getsockopt 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001184.html
JVNDB-2009-001183 Linux kernel の skfp_ioctl 関数におけるドライバの統計情報をリセットされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001183.html
JVNDB-2009-001182 Linux kernel の eCryptfs サブシステムにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001182.html
JVNDB-2009-001181 Linux kernel の clone システムコールにおける親プロセスへ任意のシグナルを送信可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001181.html
JVNDB-2009-001180 Sun Solaris の dircmp スクリプトにおける競合状態の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001180.html
JVNDB-2008-001759 Mozilla Firefox/SeaMonkey における onmousedown アクションの処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001759.html
JVNDB-2008-001754 複数の Mozilla 製品の nsXMLDocument::OnChannelRedirect 関数における任意の JavaScript を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001754.html
JVNDB-2008-001753 Mozilla Firefox の feedWriter における任意のスクリプトを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001753.html
JVNDB-2008-001752 Mozilla Firefox/SeaMonkey における URL 構文解析実装に関するスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001752.html
JVNDB-2008-001751 複数の Mozilla 製品の MathML コンポーネントにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001751.html
JVNDB-2008-001750 Mozilla Firefox におけるグラフィックレンダリングに関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001750.html
JVNDB-2008-001749 Mozilla Firefox におけるレイアウトエンジンに関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001749.html
JVNDB-2008-001748 複数の Mozilla 製品における JavaScript エンジンに関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001748.html
JVNDB-2008-001747 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001747.html
JVNDB-2008-001746 Mozilla Firefox の XPConnect コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001746.html
JVNDB-2008-001745 複数の Mozilla 製品 の XPConnect コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001745.html
file "cdf_read_sat()" Buffer Overflow Vulnerability
http://secunia.com/advisories/34881/
Mozilla Firefox Bug in nsTextFrame::ClearTextRun() May Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Apr/1022126.html
HP OpenView Network Node Manager Unspecified Bug Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Apr/1022125.html
RHBA-2009:0448-1 caching-nameserver bug fix update
http://rhn.redhat.com/errata/RHBA-2009-0448.html
+ Linux kernel 2.6.29.2 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.2
Troubleshooting the boot failure of a Linux virtual machine converted from a physical computer
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1010241&sliceId=1&docTypeID=DT_KB_1_1
RHSA-2009:0449-1 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2009-0449.html
DSA 1779-1 : New apt packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29104
SSA:2009-116-01: slackware-security cups
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29102
SSA:2009-116-02: bitchx EOLed in Slackware
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29103
Photo-Rigma.BiZ: REMOTE SQL INJECTION (SQLi) VULNERABILITY-- Photo-Rigma.BiZ v30--
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29105
AID-42309 : Management User Authentication Bypass Vulnerability When Using Public Key Based SSH Authentication
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29107
MDVSA-2009:095: ghostscript
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29099
MDVSA-2009:096: MDVSA-2009:096 printer-drivers
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29100
MDVSA-2009:097: MDVSA-2009:097 clamav
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29101
[security bulletin] HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00258.html
DDIVRT-2009-24 Precidia Ether232 Memory Corruption
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00256.html
[ MDVSA-2009:096-1 ] printer-drivers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00255.html
[ MDVSA-2009:098 ] krb5
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00257.html
[TZO-15-2009] Aladdin eSafe generic bypass - Forced release
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00251.html
[TZO-14-2009] Comodo Antivirus RAR evasion
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00254.html
[TZO-13-2009] Avira Antivir generic CAB evasion / bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00250.html
T209: Call for Papers 2009 (Helsinki / Finland)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00248.html
SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2-->
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00252.html
Remote iodinetd DoS vulnerability on Debian Lenny
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00247.html
[SECURITY] [DSA 1779-1] New apt packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00253.html
MataChat Cross-Site Scripting Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00249.html
[ MDVSA-2009:097 ] clamav
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00246.html
[ MDVSA-2009:097 ] clamav
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00245.html
[ MDVSA-2009:096 ] printer-drivers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00243.html
「見た目がシンプルすぎる?」マイクロソフト謹製ソフトをかたるボット
インストール画面にはスペルミスや文法上の誤り、だまされないように注意
http://itpro.nikkeibp.co.jp/article/NEWS/20090427/329263/?ST=security
CGI Rescue MiniBBS Cross-Site Scripting Vulnerability
http://secunia.com/advisories/34887/
SDP Downloader ASX Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/34883/
CGI Rescue MiniBBS2 Security Bypass Vulnerability
http://secunia.com/advisories/34875/
Debian update for apt
http://secunia.com/advisories/34874/
OrangeHRM Cross-Site Scripting and Security Bypass
http://secunia.com/advisories/34873/
Slackware bitchx Multiple Vulnerabilities
http://secunia.com/advisories/34870/
CGI Rescue FORM2MAIL Security Bypass Vulnerability
http://secunia.com/advisories/34869/
Aruba Mobility Controller Public Key SSH Authentication Security Bypass
http://secunia.com/advisories/34864/
CGI Rescue Web Mailer HTTP Header Injection Vulnerability
http://secunia.com/advisories/34862/
Fedora update for glib2
http://secunia.com/advisories/34854/
Fedora update for firefox and xulrunner
http://secunia.com/advisories/34849/
Linksys WRT54GC "administration.cgi" Security Bypass Vulnerability
http://secunia.com/advisories/34805/
Linksys WVC54GCA Multiple Vulnerabilities
http://secunia.com/advisories/34767/
Apache ActiveMQ Web Console Script Insertion Vulnerabilities
http://secunia.com/advisories/34745/
AXIGEN Mail Server Script Insertion Vulnerability
http://secunia.com/advisories/34402/
Aruba Mobility Controller Public Key-based SSH Authentication Bug Lets Remote Users Access the System
http://securitytracker.com/alerts/2009/Apr/1022124.html
Juniper NetScreen ScreenOS Discloses Firmware Version Information to Remote Users
http://securitytracker.com/alerts/2009/Apr/1022123.html
VooDoo cIRCle Security Update Fixes OpenSSL Security Bypass Issues
http://www.vupen.com/english/advisories/2009/1175
Aruba Mobility Controller Key SSH Authentication Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/1174
Linkys WVC54GCA Security Bypass and Information Disclosure
http://www.vupen.com/english/advisories/2009/1173
Linksys WRT54GC "administration.cgi" Password Manipulation Issue
http://www.vupen.com/english/advisories/2009/1172
SDP Downloader ASX File Handling Heap Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1171
Popcorn POP3 Reponse Processing Remote Heap Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1170
Cisco ASA WebVPN Clientless Mode Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/1169
Movable Type Uspecified Data Handling Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/1168
+ HPSBUX02366 SSRT080120 rev.1 - HPUX Running useradd(1M), Local Unauthorized Access
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01539431-1
OpenAFS Error Codes Remote Denial of Service Vulnerabiliy
http://www.securityfocus.com/bid/34404
OpenAFS Unix Cache Manager Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34407
FreeType Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34550
PHP 5.2.8 and Prior Versions Multiple Vulnerabilities
http://www.securityfocus.com/bid/33927
acpid Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34692
Multiple China-on-site.com Products Username and Password SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/32810
Invision Power Board Multiple HTML-Injection and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/34725
Axigen Mail Server HTML Injection Vulnerability
http://www.securityfocus.com/bid/34716
OrangeHRM Multiple Cross Site Scripting and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/34715
HP OpenView Network Node Manager Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34738
PHP-Nuke Sections Module 'artid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/27958
SDP Downloader 'ASX' File Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34712
Zoom Player Malformed ZPL File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/27007
chuggnutt.com HTML to Plain Text Conversion Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/32799
LightBlog Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/31851
Adobe Reader 'getAnnots()' Javascript Function Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34736
Belkin Bulldog Plus Web Service Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34033
Multiple Avira AntiVir Products CAB File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/34723
MIT Kerberos SPNEGO and ASN.1 Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/34408
MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34409
COMTREND CT-536 and HG-536 Routers Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/32975
libvirt 'libvirt_proxy.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33724
Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34184
Ghostscript 'CCITTFax' Decoding Filter Denial of Service Vulnerability
http://www.securityfocus.com/bid/34337
Xpdf JBIG2 Processing Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34568
BitchX IRC MODE Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/25462
BitchX Hook.C Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/24579
BitchX E_HOSTNAME Function Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/26326
Scorpio Framework 'baseAdminSite' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34702
Absolute Form Processor XE 'userid' Parameter Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34706
Pragyan CMS Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34707
Photo-Rigma.BiZ SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34709
Aruba Mobility Controller Public Key Based SSH Authentication Security Bypass Vulnerability
http://www.securityfocus.com/bid/34711
Juniper Networks ScreenOS 'about.html' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34710
PuterJam's Blog PJBlog3 'action.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34701
Popcorn POP3 Response Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34699
Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34698
OCS Inventory NG Server Prior to 1.02 Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/34694
CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/34571
CUPS Insufficient 'Host' Header Validation Weakness
http://www.securityfocus.com/bid/34665
FormShield 'CAPTCHA' Replay Security Bypass Vulnerability
http://www.securityfocus.com/bid/34708
Movable Type Prior to Version 4.25 Unspecified Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/34703
RETIRED: Absolute File Send .Net Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/32002
SunGard Banner Student 'twbkwbis.P_SecurityQuestion' HTML Injection Vulnerability
http://www.securityfocus.com/bid/34620
CS Whois Lookup 'ip' Parameter Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/34700
GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100
RealNetworks RealPlayer MP3 File Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34719
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32608
CGI Rescue FORM2MAIL and MiniBBS2 Security Bypass Vulnerability
http://www.securityfocus.com/bid/34717
CGI Rescue MiniBBS Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34718
Linksys WVC54GCA Wireless-G Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34714
Linksys WVC54GCA Wireless-G 'adm/file.cgi' Multiple Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/34713
Mozilla Firefox International Domain Name Subdomain URI Spoofing Vulnerability
http://www.securityfocus.com/bid/33837
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -14 through -22 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/34656
Debian apt Repository Signature Verification Vulnerability
http://www.securityfocus.com/bid/34630
Multiple Samsung Devices SMS Provisioning Messages Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34705
Mozilla Firefox 'nsTextFrame::ClearTextRun()' Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34743
Multiple Precidia Devices Unspecified Memory Corruption and Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34742
Thickbox Gallery 'index.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/34741
Adobe Reader 'spell.customDictionaryOpen()' JavaScript Function Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34740
IceWarp Merak Mail Server 'Base64FileEncode()' Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34739
Comodo Internet Security RAR File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/34737
Multiple Teraway Products Unauthorized Access and Cookie Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34735
Flatchat 'pmscript.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/34734
ECShop 'user.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34733
Dew-NewPHPLinks 'index.php' Local File Include and Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34732
iodine 'iodined' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34731
LightBlog PHP Code Injection And Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34730
EZ-Blog 'public/specific.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34729
Aladdin eSafe Unspecified Archive File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/34726
OpenCart 'index.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/34724
MataChat 'input.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34722
DWebPro Directory Traversal Vulnerability and Arbitrary File Disclosure Vulnerability
http://www.securityfocus.com/bid/34721
Destiny Media Player '.rdl' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34720
2009年4月27日月曜日
月曜日、赤口
MySQL Enterprise 5.0.80 [MRU] (Not yet released)
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-80.html
ウイルスバスター2008 の Microsoft Windows Vista Service Pack 2 への対応について
http://www.trendmicro.co.jp/support/news.asp?id=1247
Trend Micro InterScan Web Security Virtual Appliance 3.1 公開とサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1197
ゴールデンウィーク期間の問合せ窓口体制
http://www.trendmicro.co.jp/support/news.asp?id=1243
「プレステ3」での詐欺・有害サイト閲覧を防止、トレンドが提供開始
それぞれ年額1980円で提供、システムソフトのアップデートが必要
http://itpro.nikkeibp.co.jp/article/NEWS/20090427/329203/?ST=security
ウイルスプログラムに「ハムレット」の一節、狙いは対策ソフトの回避
作者はシェイクスピアのファン? テキストの挿入で“特徴”を変える
http://itpro.nikkeibp.co.jp/article/NEWS/20090427/329204/?ST=security
JVN#28020230 CGI RESCUE 製 Webメーラーにおける HTTP ヘッダインジェクションの脆弱性
http://jvn.jp/jp/JVN28020230/index.html
JVN#76370393 CGI RESCUE 製フォームメールにおけるメールの不正送信が可能な脆弱性
http://jvn.jp/jp/JVN76370393/index.html
JVN#11396739 CGI RESCUE 製簡易BBS におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN11396739/index.html
JVN#36982346 CGI RESCUE 製簡易BBS22 におけるメールの不正送信が可能な脆弱性
http://jvn.jp/jp/JVN36982346/index.html
JVNDB-2009-000024 CGI RESCUE 製 Webメーラーにおける HTTP ヘッダインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000024.html
JVNDB-2009-000023 CGI RESCUE 製フォームメールにおけるメールの不正送信が可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000023.html
JVNDB-2009-000022 CGI RESCUE 製簡易BBS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000022.html
JVNDB-2009-000021 CGI RESCUE 製簡易BBS22 におけるメールの不正送信が可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000021.html
JVNDB-2009-001179 IBM WebSphere Application Server (WAS) の Web Services Security コンポーネントにおける XML デジタル署名仕様に関連した脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001179.html
JVNDB-2009-001178 IBM WebSphere Application Server (WAS) におけるファイル改ざんが可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001178.html
JVNDB-2009-001177 IBM WebSphere Application Server (WAS) における UsernameToken オブジェクトに関連する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001177.html
JVNDB-2009-001176 IBM WebSphere Application Server (WAS) の administrative console におけるセッションハイジャックの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001176.html
JVNDB-2009-001175 Symantec Veritas NetBackup Server / Enterprise Server の Veritas network daemon における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001175.html
JVNDB-2008-001567 Mozilla Firefox における任意のローカルファイルを読み取られる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001567.html
JVNDB-2008-001566 複数の Mozilla 製品の CSSValue 配列データ構造に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001566.html
JVNDB-2008-001511 複数の Mozilla 製品における偽サイトの SSL 証明書を受け入れてしまう脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001511.html
JVNDB-2008-001510 Mozilla Firefox/SeaMonkey の file:// URL におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001510.html
JVNDB-2008-001509 Mozilla Firefox/SeaMonkey の .properties ファイルに関するメモリ領域の情報が漏えいする脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001509.html
JVNDB-2008-001507 Mozilla Firefox/SeaMonkey における任意のローカルファイルのアップロードを強制される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001507.html
JVNDB-2008-001506 Mozilla Firefox/SeaMonkey の JAR 署名処理における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001506.html
JVNDB-2008-001493 Mozilla Firefox/SeaMonkey の同一生成元ポリシーを回避されることによるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001493.html
JVNDB-2008-001492 複数の Mozilla 製品の画像処理における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001492.html
JVNDB-2008-001491 複数の Mozilla 製品の mozIJSSubScriptLoader.LoadScript() 関数における任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001491.html
JVNDB-2008-001490 複数の Mozilla 製品の XUL ドキュメント処理における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001490.html
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-80.html
ウイルスバスター2008 の Microsoft Windows Vista Service Pack 2 への対応について
http://www.trendmicro.co.jp/support/news.asp?id=1247
Trend Micro InterScan Web Security Virtual Appliance 3.1 公開とサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1197
ゴールデンウィーク期間の問合せ窓口体制
http://www.trendmicro.co.jp/support/news.asp?id=1243
「プレステ3」での詐欺・有害サイト閲覧を防止、トレンドが提供開始
それぞれ年額1980円で提供、システムソフトのアップデートが必要
http://itpro.nikkeibp.co.jp/article/NEWS/20090427/329203/?ST=security
ウイルスプログラムに「ハムレット」の一節、狙いは対策ソフトの回避
作者はシェイクスピアのファン? テキストの挿入で“特徴”を変える
http://itpro.nikkeibp.co.jp/article/NEWS/20090427/329204/?ST=security
JVN#28020230 CGI RESCUE 製 Webメーラーにおける HTTP ヘッダインジェクションの脆弱性
http://jvn.jp/jp/JVN28020230/index.html
JVN#76370393 CGI RESCUE 製フォームメールにおけるメールの不正送信が可能な脆弱性
http://jvn.jp/jp/JVN76370393/index.html
JVN#11396739 CGI RESCUE 製簡易BBS におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN11396739/index.html
JVN#36982346 CGI RESCUE 製簡易BBS22 におけるメールの不正送信が可能な脆弱性
http://jvn.jp/jp/JVN36982346/index.html
JVNDB-2009-000024 CGI RESCUE 製 Webメーラーにおける HTTP ヘッダインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000024.html
JVNDB-2009-000023 CGI RESCUE 製フォームメールにおけるメールの不正送信が可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000023.html
JVNDB-2009-000022 CGI RESCUE 製簡易BBS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000022.html
JVNDB-2009-000021 CGI RESCUE 製簡易BBS22 におけるメールの不正送信が可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000021.html
JVNDB-2009-001179 IBM WebSphere Application Server (WAS) の Web Services Security コンポーネントにおける XML デジタル署名仕様に関連した脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001179.html
JVNDB-2009-001178 IBM WebSphere Application Server (WAS) におけるファイル改ざんが可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001178.html
JVNDB-2009-001177 IBM WebSphere Application Server (WAS) における UsernameToken オブジェクトに関連する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001177.html
JVNDB-2009-001176 IBM WebSphere Application Server (WAS) の administrative console におけるセッションハイジャックの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001176.html
JVNDB-2009-001175 Symantec Veritas NetBackup Server / Enterprise Server の Veritas network daemon における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001175.html
JVNDB-2008-001567 Mozilla Firefox における任意のローカルファイルを読み取られる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001567.html
JVNDB-2008-001566 複数の Mozilla 製品の CSSValue 配列データ構造に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001566.html
JVNDB-2008-001511 複数の Mozilla 製品における偽サイトの SSL 証明書を受け入れてしまう脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001511.html
JVNDB-2008-001510 Mozilla Firefox/SeaMonkey の file:// URL におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001510.html
JVNDB-2008-001509 Mozilla Firefox/SeaMonkey の .properties ファイルに関するメモリ領域の情報が漏えいする脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001509.html
JVNDB-2008-001507 Mozilla Firefox/SeaMonkey における任意のローカルファイルのアップロードを強制される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001507.html
JVNDB-2008-001506 Mozilla Firefox/SeaMonkey の JAR 署名処理における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001506.html
JVNDB-2008-001493 Mozilla Firefox/SeaMonkey の同一生成元ポリシーを回避されることによるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001493.html
JVNDB-2008-001492 複数の Mozilla 製品の画像処理における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001492.html
JVNDB-2008-001491 複数の Mozilla 製品の mozIJSSubScriptLoader.LoadScript() 関数における任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001491.html
JVNDB-2008-001490 複数の Mozilla 製品の XUL ドキュメント処理における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001490.html
+ MySQL Community Server 5.0.81 released
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-81.html
The latest snapshot for the stable Linux kernel tree is: 2.6.30-rc3-git1
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=summary
FreeBSD 7.2-RC1 Available
http://lists.freebsd.org/pipermail/freebsd-stable/2009-April/049464.html
Disk or diskgroup cannot be imported as a cluster disk group because it is not on a shared bus.
http://seer.entsupport.symantec.com/docs/323692.htm
NTP 4.2.5p167 Development release
http://archive.ntp.org/ntp4/ChangeLog-dev
MSL-2009-001: Samsung Missing Provisioning Authentication
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29095
CVE-2009-1190: Spring Framework Remote Denial of Service Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29096
Pragyan CMS: Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29098
SUSE-SA:2009:026: glib2
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29091
GLSA 200904-20: CUPS: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29094
RHSA-2009:0445-01: Critical: java-1.4.2-ibm security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29092
- RHSA-2009:0446-01: Important: mod_jk security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29093
Insider Threat Workshop
http://www.sei.cmu.edu/products/courses/p76.html
[ MDVSA-2009:096 ] printer-drivers
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29093
[ MDVSA-2009:095 ] ghostscript
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00241.html
Aruba Advisory ID: AID-42309 Management User Authentication Bypass Vulnerability When Using Publ
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00244.html
Juniper Advisory
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00240.html
MSL-2009-001 - Samsung Missing Provisioning Authentication
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00242.html
REMOTE SQL INJECTION (SQLi) VULNERABILITY--Photo-Rigma.BiZ v30-->
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00239.html
Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00238.html
Formshield Captcha - Older Version vulnerable to replay attacks
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00236.html
CVE-2009-1190: Spring Framework Remote Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00235.html
WOOT09 call for papers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00234.html
[ GLSA 200904-20 ] CUPS: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00233.html
Google Chrome "ChromeHTML" URI Handler Vulnerability
http://secunia.com/advisories/34900/
CS DNS Lookup "ip" Command Injection Vulnerability
http://secunia.com/advisories/34899/
PJBlog3 "action.asp" SQL Injection Vulnerability
http://secunia.com/advisories/34897/
Spring Framework Regular Expressions Denial of Service Vulnerability
http://secunia.com/advisories/34892/
Gentoo update for cups
http://secunia.com/advisories/34891/
SUSE update for glib2
http://secunia.com/advisories/34890/
Red Hat update for java-1.4.2-ibm
http://secunia.com/advisories/34889/
Scorpio Framework "baseAdminSite" View Action Security Bypass
http://secunia.com/advisories/34888/
Movable Type Cross-Site Scripting Vulnerability
http://secunia.com/advisories/34886/
Symantec Brightmail Gateway Control Center Multiple Vulnerabilities
http://secunia.com/advisories/34885/
CS Whois Lookup "ip" Command Injection Vulnerability
http://secunia.com/advisories/34884/
DirectAdmin Database Backup and Restore Vulnerabilities // 229 views
http://secunia.com/advisories/34861/
Cisco ASA Input Validation Flaw in Clientless SSL VPN Feature Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/Apr/1022122.html
Movable Type Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id?1022121
Symantec Ghost EasySetup Wizard Lets Remote Users Deny Service
http://www.securitytracker.com/id?1022120
Google Chrome "ChromeHTML" URI Information Vulnerability
http://www.vupen.com/english/advisories/2009/1160
Debian apt Repository Signature Verification Vulnerability
http://www.securityfocus.com/bid/34630
Recover Data for Novell Netware '.SAV' File Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34693
FOWLCMS Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34690
GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100
SAP AG SAPgui KWEdit ActiveX Control Insecure Method Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34524
X10Media Automatic MP3 Search Engine 'admin/admin.php' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34489
AbleSpace Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/34512
HP Deskjet 6840 'refresh_rate.htm' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34480
ClamAV RAR File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/34344
Linksys WVC54GCA Wireless-G Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34714
ClamAV Prior to 0.95.1 Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/34446
ClamAV Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/34357
Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34184
Ghostscript 'CCITTFax' Decoding Filter Denial of Service Vulnerability
http://www.securityfocus.com/bid/34337
Ghostscript 'gdevpdtb.c' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34340
Ghostscript 'jbig2dec' JBIG2 Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34445
TYPO3 JobControl Extension Unspecified Cross-Site Scripting and SQL-Injection Vulnerabilities
http://www.securityfocus.com/bid/29828
TYPO3 CoolURI Extension SQL Injection Vulnerability
http://www.securityfocus.com/bid/29821
TYPO3 DCD GoogleMap Extension Unspecified Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/29815
TYPO3 nepa-design.de Spam Protection Extension Unspecified Setting Manipulation Vulnerability
http://www.securityfocus.com/bid/29833
Mod_Perl Path_Info Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/23192
acpid Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34692
Acritum Femitter Server Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/34689
Flat Calendar 'add.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/34688
aMule 'wxExecute()' Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/34683
Mani's Admin Plugin Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34685
RSMonials Joomla! Component Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/34684
Multiple Samsung Devices SMS Provisioning Messages Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34705
Xitami HTTP Server Multiple Socket HEAD Request Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34681
WebPortal CMS Multiple Remote and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/34687
New5starRating 'admin/control_panel_sample.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34680
Mahara User Profile Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34677
Elkagroup Image Gallery 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/34679
010 Editor File Parsing Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34662
Plone PlonePAS Unspecified Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34664
Microsoft Internet Explorer File Download Denial of Service Vulnerability
http://www.securityfocus.com/bid/34478
Google Chrome 'chromehtml:' Protocol Handler Same Origin Policy Bypass Vulnerability
http://www.securityfocus.com/bid/34704
Cisco ASA Appliance WebVPN Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34307
CS Whois Lookup 'ip' Parameter Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/34700
DSP Downloader 'ASX' File Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34712
Aruba Mobility Controller Public Key Based SSH Authentication Security Bypass Vulnerability
http://www.securityfocus.com/bid/34711
+ Juniper Networks ScreenOS 'about.html' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34710
Photo-Rigma.BiZ SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34709
FormShield 'CAPTCHA' Replay Security Bypass Vulnerability
http://www.securityfocus.com/bid/34708
Pragyan CMS Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34707
Absolute Form Processor XE 'userid' Parameter Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34706
PuterJam's Blog PJBlog3 'action.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34701
2009年4月24日金曜日
CentOS 5.3 Upgrade Install MEMO
CentOS 5.2 から CentOS 5.3 へのアップグレードインストールのメモです。
1. CentOS 5.3 DVD からブート
2. インストール方法選択
ENTER でグラフィック install/upgrade を選択
3. メディアチェック
[SKIP] を選択
4. CentOS インストール画面
[NEXT] をクリック
5. 言語選択
[Japanese (日本語)] を選択して、[NEXT] をクリック
6. 言語選択(日本語)
[次] をクリック
7. インストール方法の選択
[既存インストールをアップグレード] を選択、インストール済ファイルシステムを確認、[次] をクリック
8. ブートローダ関連の選択
[ブートローダ設定の更新] を選択、[次] をクリック
9. アップグレード開始
[次] をクリック
10. アップグレード実行中
11. アップグレード終了
[再起動] をクリック
12. ログイン画面
1. CentOS 5.3 DVD からブート
2. インストール方法選択
ENTER でグラフィック install/upgrade を選択
3. メディアチェック
[SKIP] を選択
4. CentOS インストール画面
[NEXT] をクリック
5. 言語選択
[Japanese (日本語)] を選択して、[NEXT] をクリック
6. 言語選択(日本語)
[次] をクリック
7. インストール方法の選択
[既存インストールをアップグレード] を選択、インストール済ファイルシステムを確認、[次] をクリック
8. ブートローダ関連の選択
[ブートローダ設定の更新] を選択、[次] をクリック
9. アップグレード開始
[次] をクリック
10. アップグレード実行中
11. アップグレード終了
[再起動] をクリック
12. ログイン画面
登録:
投稿 (Atom)