「一太郎シリーズ」におけるセキュリティ上の弱点(脆弱性)の注意喚起
http://www.ipa.go.jp/security/vuln/documents/2009/200904_ichitaro.html
ブロードバンドセキュリティ,PCI DSS準拠を総合的に支援するサービスを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20090407/327925/?ST=security
監視オプション for Oracle Ver.5.0で「ORA-02112」エラーが発生する
http://www.say-tech.co.jp/support/oracle/-for-oracle-ver50ora02112/index.shtml
GetFreeTablespaceMaxSize(最大空き容量)監視の不具合について
http://www.say-tech.co.jp/support/oracle/getfreetablespacemaxsize/index.shtml
JVNDB-2009-000018 一太郎シリーズにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000018.html
JVNDB-2009-001124 Microsoft Windows の WINS サーバにおける WPAD/ISATAP 機能をハイジャックされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001124.html
JVNDB-2009-001123 Microsoft Windows の Windows DNS サーバにおける WPAD 機能をハイジャックされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001123.html
JVNDB-2009-001122 Microsoft Windows の Windows DNS サーバにおけるキャッシュ汚染の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001122.html
JVNDB-2009-001121 Microsoft Windows の Windows DNS サーバにおけるキャッシュ汚染の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001121.html
JVNDB-2009-001120 Microsoft Windows の SChannel 認証コンポーネントにおけるなりすましの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001120.html
JVNDB-2009-001119 Microsoft Windows の Kernel におけるポインタ処理に関する権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001119.html
JVNDB-2009-001118 Microsoft Windows の Kernel におけるハンドルの検証に関する権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001118.html
JVNDB-2009-001117 Microsoft Windows の GDI 実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001117.html
JVNDB-2008-002163 Java Runtime Environment (JRE) における Kerberos 認証に関するサービス運用妨害の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002163.html
JVNDB-2008-002162 Java Runtime Environment (JRE) における内部クラスへのアクセスに関する権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002162.html
JVNDB-2008-002159 Java Runtime Environment (JRE) における JAR ファイルに書き込み可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002159.html
JVNDB-2008-002158 Java Runtime Environment (JRE) における画像処理に関するバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002158.html
JVNDB-2008-002157 Java Runtime Environment (JRE) における GIF ファイルの処理に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002157.html
JVNDB-2008-002156 Java Runtime Environment (JRE) における TrueType フォントファイルの処理に関する整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002156.html
JVNDB-2008-002155 Java Runtime Environment (JRE) における TrueType フォントファイルの処理に関するバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002155.html
JVNDB-2008-002153 Java Runtime Environment (JRE) における JAR ファイルの処理に関するバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002153.html
JVNDB-2008-002152 Java Runtime Environment (JRE) における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002152.html
JVNDB-2008-002150 Java Runtime Environment (JRE) における防御メカニズムの回避が容易となる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002150.html
JVNDB-2008-002149 Java Runtime Environment (JRE) における操作中のユーザのディレクトリの内容をリストされる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002149.html
PHP Lets Local Users Deny Service in Certain Cases
http://securitytracker.com/alerts/2009/Apr/1021979.html
Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33846
Linux Kernel Kprobe Memory Corruption Vulnerability
http://www.securityfocus.com/bid/33758
Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
http://www.securityfocus.com/bid/33906
Linux Kernel 'readlink' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33412
Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability
http://www.securityfocus.com/bid/33237
Linux Kernel '/ipc/shm.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34020
Linux Kernel Console Selection Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33672
Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33113
Linux Kernel SPARC 'mremap()' Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/33836
Linux Kernel 'keyctl_join_session_keyring()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/33339
Linux Kernel 'seccomp' System Call Security Bypass Vulnerability
http://www.securityfocus.com/bid/33948
Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33428
Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
http://www.securityfocus.com/bid/33951
+ iptables 1.4.3.2 released
http://www.iptables.org/projects/iptables/downloads.html#iptables-1.4.3.2
http://www.iptables.org/projects/iptables/files/changes-iptables-1.4.3.2.txt
Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco IOS Software Session Initiation Protocol and Crafted UDP Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-amb-20090325-sip-and-udp.shtml
Positive Technologies SA 2008-07 : VMware Multiple Products hcmon.sys Denial of Service Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28873
Positive Technologies SA 2008-05: VMware Multiple Products vmci.sys Privilege Escalation Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28874
GLSA 200904-05: ntp: Certificate validation error
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28877
GLSA 200904-04: WeeChat: Denial of Service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28878
MDVSA-2009:086: gstreamer-plugins
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28879
VMSA-2009-0005: VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28876
職員の募集について
http://www.ipa.go.jp/about/recruit/200904/index.html
2009年度IPA情報セキュリティセミナー
http://www.ipa.go.jp/security/event/2009/isec-semi/index.html
+ Solution 251006 : A Security Vulnerability in Solaris IPv6 Implementation (ip6(7p)) May Cause a System Panic
http://sunsolve.sun.com/search/document.do?assetkey=1-66-251006-1
+ Solution 247186 : A Security Vulnerability in Solaris Secure Shell (SSH) May Expose Some Plain Text From Encrypted Traffic
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
偽のアップローダーにウイルス、対策ソフトの検出率はわずか2割
「sendspace」に見せかけた悪質サイト、URLだけが書かれたメールで誘導
http://itpro.nikkeibp.co.jp/article/NEWS/20090406/327895/?ST=security
新しい脆弱性を突く「PowerPointウイルス」出現、国内でも報告例
パソコンを乗っ取られるおそれあり、ダミーの文書ファイルで気付かせない
http://itpro.nikkeibp.co.jp/article/NEWS/20090406/327840/?ST=security
[SECURITY] [DSA 1763-1] New openssl packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00046.html
Joomla Component com_bookjoomlas SQL Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00040.html
[ GLSA 200904-05 ] ntp: Certificate validation error
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00044.html
[ GLSA 200904-04 ] WeeChat: Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00042.html
[TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00045.html
[Aria-Security.com] vBulletin multiple XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00041.html
VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00038.html
Amaya 11.1 XHTML Parser Buffer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00043.html
[ MDVSA-2009:086 ] gstreamer-plugins
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00037.html
[ MDVSA-2009:087 ] openssl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00039.html
+ RHSA-2009:0337-1 - Moderate: php security update
http://rhn.redhat.com/errata/RHSA-2009-0337.html
Vulnerability Note VU#908801 Particle Software IntraLaunch Application Launcher ActiveX control fails to restrict access to dangerous methods
http://www.kb.cert.org/vuls/id/908801
Apache mod_perl "Apache::Status" / "Apache2::Status" Cross-Site Scripting
http://secunia.com/advisories/34597/
Autodesk IDrop ActiveX Control Heap Corruption Vulnerability
http://www.securiteam.com/windowsntfocus/5GP021PQUE.html
FortiClient Format String Vulnerability
http://www.securiteam.com/windowsntfocus/5HP031PQUI.html
VMware VirtualCenter VI Client May Let Certain Local Users Obtain Passwords
http://securitytracker.com/alerts/2009/Apr/1021978.html
VMware Bug in 'hcmon.sys' Lets Local Privileged Users Deny Service
http://securitytracker.com/alerts/2009/Apr/1021977.html
VMware Windows 'vmci.sys' Driver Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/Apr/1021976.html
VMware Host Guest File System Bug Lets Local Users Enable Certain Shared Folders
http://securitytracker.com/alerts/2009/Apr/1021975.html
VMware Heap Overflows in VNnc Codec Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Apr/1021974.html
VMware Guest Virtual Device Driver Bug Lets Local Users Deny Service
http://securitytracker.com/alerts/2009/Apr/1021973.html
Microsoft PowerPoint Remote Code Execution Vulnerability
http://www.iss.net/threats/322.html
PHP 'mbstring' Extension Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/32948
PHP 'imageRotate()' Uninitialized Memory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33002
PHP 'mbstring.func_overload' Webserver Denial Of Service Vulnerability
http://www.securityfocus.com/bid/33542
PHP Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/30649
PHP FastCGI Module File Extension Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/31612
Adobe Reader 'util.printf()' JavaScript Function Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/30035
phpMyAdmin 'export page' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34251
Drupal Deleted Input Format HTML Injection Vulnerability
http://www.securityfocus.com/bid/32778
Adobe Acrobat and Reader 8.1.2 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32100
Adobe Acrobat Reader Unspecified Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/29420
Sun Solaris IPv6 'ipsec_needs_processing_v6()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/33435
OpenSSH CBC Mode Information Disclosure Vulnerability
http://www.securityfocus.com/bid/32319
NOS Microsystems getPlus Download Manager ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/32105
QEMU Multiple Local Vulnerabilities
http://www.securityfocus.com/bid/23731
QEMU and KVM VNC Server Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/32910
QEMU VNC 'monitor.c' Insecure Password Vulnerability
http://www.securityfocus.com/bid/33020
QEMU Security Bypass Vulnerability
http://www.securityfocus.com/bid/30604
phpMyAdmin BLOB Streaming Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/34253
phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
http://www.securityfocus.com/bid/34236
Nokia Siemens Networks Flexi ISN Multiple Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34299
Pixie CMS SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34189
PPLive URI Handlers 'LoadModule' Parameter Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/34128
eog 'PySys_SetArgv' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/33443
FormEncode 'chained_validators' Class Security Bypass Vulnerability
http://www.securityfocus.com/bid/30282
ldns 'rr.c' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34233
Destar Add User Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/28426
7-Zip Unspecified Archive Handling Vulnerability
http://www.securityfocus.com/bid/28285
D-Bus 'send_requested_reply' and 'receive_requested_reply' Security Bypass Vulnerability
http://www.securityfocus.com/bid/32674
GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100
Multiple ISecSoft Products Multiple IOCTL Request Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/32202
libsndfile CAF Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33963
UltraISO '.ui' ISO Project File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34398
Podcast Generator 'core/admin/delete.php' Arbitrary File Deletion Vulnerability
http://www.securityfocus.com/bid/34317
W3C Amaya HTML 'ParseCharsetAndContentType()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34389
Joomla! BookJoomlas Component 'gbid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34392
RETIRED: Check Point FireWall-1 PKI Web Service Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34286
SAP AG SAPgui EAI WebViewer3D ActiveX Control Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34310
FlexCMS 'ItemId' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34394
OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
http://www.securityfocus.com/bid/33150
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/34256
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
Linux Kernel 'NFS filename' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34390
mpg123 'store_id3_text()' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34381
KVM Block Device Backend Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/28001
Mozilla Firefox XSL Parsing 'root' XML Tag Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34235
Avaya SIP Enablement Services (SES) Server Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/28687
Microsoft Windows GDI 'CreateDIBPatternBrushPt' Function Heap Overflow Vulnerability
http://www.securityfocus.com/bid/28571
Adobe Acrobat and Reader Collab 'getIcon()' JavaScript Method Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34169
Microsoft Windows GDI 'EMR_COLORMATCHTOTARGETW' Stack Overflow Vulnerability
http://www.securityfocus.com/bid/28570
glFusion Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34377
XAMPP Phonebook.PHP Remote HTML Injection Vulnerability
http://www.securityfocus.com/bid/13127
glFusion 'SESS_getUserIdFromSession()' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34361
Gravity Board X Multiple SQL Injection Vulnerabilities and Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/34370
AdaptBB 'topic_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34371
xine-lib STTS QuickTime Atom Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34384
form2list 'page.php' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34366
XBMC Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34334
GStreamer QuickTime Media File Parsing Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/33405
ActiveKB 'Panel' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/34362
osCommerce 'oscid' Session Fixation Vulnerability
http://www.securityfocus.com/bid/34348
WeeChat IRC Message Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34148
Cisco IOS Session Initiation Protocol Denial of Service Vulnerability
http://www.securityfocus.com/bid/34243
+ Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34383
TYPO3 Directory Listing Unspecified Directory Traversal Vulnerability
http://www.securityfocus.com/bid/34387
TYPO3 Store Locator Extension SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34386
TYPO3 ClickStream Analyzer Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34385
TYPO3 Userdata Create/Edit Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34382
TYPO3 Visitor Tracking Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34380
TYPO3 Versatile Calendar Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/34379
TYPO3 ultraCards Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/34378
TYPO3 A21glossary Advanced Output Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/34376
TYPO3 Frontend User Registration Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34374
VMware Hosted Products VMSA-2009-0005 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/34373
Mozilla Firefox 'designMode' Null Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/33154
RETIRED: Mozilla Firefox 'DesignMode' Denial of Service Vulnerability
http://www.securityfocus.com/bid/34372
+ Apache Struts Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34399
iDB 'skin' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/34397
Unsniff Network Analyzer '.usnf' File Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34396
Particle Software IntraLaunch ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34395
vBulletin Admin Control Panel Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/34393
Web Help Desk Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/34391
ConnX 'frmLoginPwdReminderPopup.aspx' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34388
0 件のコメント:
コメントを投稿