Solution 256968 : SUN ALERT WEEKLY SUMMARY REPORT - Week of 05-Apr-2009 to 11-Apr-2009
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256968-1
+ Solution 256788 : Multiple Security Vulnerabilities in Adobe Reader for Solaris 10 May Allow Execution of Arbitrary Code or Cause a Denial of Service (DoS) (Adobe Security Bulletin APSB09-04)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1
- ESX system fail to boot or purple screen error after power outage
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009929&sliceId=1&docTypeID=DT_KB_1_1
日本CA,大規模環境向け機能を拡充したアクセス管理ソフトの新版を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20090414/328365/?ST=security
RSAがデータ漏えい対策製品の新版「RSA DLP 7.0 Suite」を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20090414/328340/?ST=security
JVNDB-2009-001138 Sun Solaris の keysock kernel モジュールにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001138.html
JVNDB-2009-001137 ICC Format ライブラリにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001137.html
JVNDB-2009-001136 ICC Format ライブラリにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001136.html
JVNDB-2009-001135 富士通 Jasmine の WebLink テンプレート実行における HTTP レスポンス分割の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001135.html
JVNDB-2008-002287 Linux kernel の __qdisc_run 関数におけるサービス運用妨害 (DoS)の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002287.html
JVNDB-2008-002284 Linux Kernel の inotify における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002284.html
JVNDB-2008-002283 Linux Kernel の ATM サブシステムにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002283.html
JVNDB-2008-002276 Linux Kernel の hfs_cat_find_brec 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002276.html
JVNDB-2008-002273 Linux Kernel の hfsplus_block_allocate 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002273.html
JVNDB-2008-002272 Linux Kernel の hfsplus_find_cat 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002272.html
53608 : OpenBSD Packet Filter (pf) IP Packet Handling Remote DoS
http://osvdb.org/show/osvdb/53608
w3bcms Book Module "spam_id" SQL Injection Vulnerability
http://secunia.com/advisories/34650/
PGP Desktop IOCTL Validation Flaws in Pgpdisk.sys and Pgpwded.sys Let Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/Apr/1022034.html
- ntp Buffer Overflow in ntpq cookedprint() Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Apr/1022033.html
OpenBSD pf Bug in pf_test() Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Apr/1022032.html
Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20080924-cucm.shtml
Linux Forensics Tools Repository
http://www.cert.org/forensics/tools/
MDVSA-2009:091: mod_perl
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28944
BMSA 2009-04 : Remote DoS in Internet Explorer
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28950
DSA 1769-1 : New openjdk-6 packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28946
ftpdmin-SA-04/11/2009: v. 0.96 RNFR remote buffer overflow exploit
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28948
HP-SA-04/11/2009: Deskjet 6800 XSS in Web Interface
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28949
DSA 1768-1: New openafs packages potential code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28947
DSECRG-09-036 : Chance-i Techno Vision Security System - Directory Traversal File Download
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28952
DSECRG-09-035 : Chance-i DiViS DVR ActiveX - Heap Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28955
[ MDVSA-2009:092 ] ntp
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00124.html
[USN-756-1] ClamAV vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00123.html
OpenBSD 4.3 up to OpenBSD-current: PF null pointer dereference - remote DoS (kernel panic)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00122.html
[Suspected Spam][Positive Technologies SA 2009-01] PGP Desktop Pgpdisk.sys And Pgpwded.sys Multi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00121.html
[SECURITY] [DSA 1770-1] New imp4 packages fix cross-site scripting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00120.html
Hacker Space Fest 2009 CFP: Call For Paper
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00118.html
[ MDVSA-2009:091 ] mod_perl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00117.html
「Arcstar IP-VPN」などの監視ネット内でウイルス感染、数社に影響
http://itpro.nikkeibp.co.jp/article/NEWS/20090413/328327/?ST=security
「ゾンビ」の1割以上はブラジルに、欧州・中東・アフリカで4割以上
ボット感染パソコンの所在地をシマンテックが調査、迷惑メールの発信源に
http://itpro.nikkeibp.co.jp/article/NEWS/20090413/328279/?ST=security
「1日に8万通の迷惑メール、偽ソフトも売り込む」、Conficker観察日記
カスペルスキーが最新の亜種を報告、ボット「Waledac」にも感染させる
http://itpro.nikkeibp.co.jp/article/NEWS/20090413/328316/?ST=security
Squid 3.0 STABLE 14 リリース
http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE14-RELEASENOTES.html
Fedora update for pptp
http://secunia.com/advisories/34713/
Fedora update for xine-lib
http://secunia.com/advisories/34712/
Fedora update for argyllcms
http://secunia.com/advisories/34711/
Fedora update for device-mapper-multipath
http://secunia.com/advisories/34710/
PPTP Client "pptpsetup" Information Disclosure
http://secunia.com/advisories/34708/
HP ProCurve Manager Unauthorised Data Access Vulnerability
http://secunia.com/advisories/34705/
EMC RepliStor Message Parsing Integer Overflow
http://secunia.com/advisories/34699/
VMware Products Display Function Security Bypass Vulnerability
http://secunia.com/advisories/34697/
Debian update for multipath-tools
http://secunia.com/advisories/34694/
Rational ClearCase UCM-CQ Login Credential Disclosure
http://secunia.com/advisories/34689/
DotNetNuke PayPal IPN Cross-Site Scripting Vulnerability
http://secunia.com/advisories/34686/
Gentoo update for wicd
http://secunia.com/advisories/34685/
Debian update for openafs
http://secunia.com/advisories/34684/
Debian update for roundup
http://secunia.com/advisories/34683/
SUSE update for kernel
http://secunia.com/advisories/34680/
Geeklog "SEC_authenticate()" SQL Injection Vulnerability
http://secunia.com/advisories/34679/
OpenBSD Packet Filter Denial of Service Vulnerability
http://secunia.com/advisories/34676/
Debian update for openjdk-6
http://secunia.com/advisories/34675/
Solaris XScreenSaver PopUp Window Information Disclosure
http://secunia.com/advisories/34673/
Geeklog "SESS_updateSessionTime()" SQL Injection Vulnerability
http://secunia.com/advisories/34672/
BackendCMS "id" SQL Injection Vulnerability
http://secunia.com/advisories/34669/
Simbas CMS loginverify.asp SQL Injection Vulnerability
http://secunia.com/advisories/34668/
My Dealer Cms SQL Injection Vulnerability
http://secunia.com/advisories/34664/
net2ftp Cross-Site Scripting and Cross-Site Request Forgery
http://secunia.com/advisories/34661/
Xilisoft Video Converter CUE File Parsing Vulnerability
http://secunia.com/advisories/34660/
EMC RepliStor Buffer Overflow Vulnerability (ctrlservice.exe, rep_srv.exe)
http://www.securiteam.com/windowsntfocus/5CP0D0UQUW.html
Ghostscript jbig2dec JBIG2 Processing Buffer Overflow
http://www.securiteam.com/unixfocus/5AP0B0UQUG.html
Apache Tomcat mod_jk Information Disclosure Vulnerability
http://www.securiteam.com/unixfocus/5DP0E0UQUW.html
xine-lib Quicktime STTS Atom Integer Overflow
http://www.securiteam.com/unixfocus/5FP0G0UQUG.html
IBM BladeCenter Advanced Management Module Multiple vulnerabilities
http://www.securiteam.com/securitynews/5BP0C0UQUO.html
Microsoft Windows Services for UNIX / Subsystem for UNIX-based Applications Multiple Vulnerabilities
http://www.securityfocus.com/bid/34258
Microsoft GDI+ EMF 'GpFont.SetData()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34250
PHP cURL 'safe_mode' and 'open_basedir' Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/34475
Octopussy Versions Prior to 0.9.5.8 Unspecified Vulnerability
http://www.securityfocus.com/bid/34499
IBM WebSphere Application Server XML Digital Signature Unspecified Security Vulnerability
http://www.securityfocus.com/bid/34506
PrecisionID Data Matrix Barcode ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
http://www.securityfocus.com/bid/34322
IBM WebSphere Application Server 'UsernameToken' Unspecified Security Vulnerability
http://www.securityfocus.com/bid/34502
Multiple HTTP Proxy HTTP Host Header Incorrect Relay Behavior Vulnerability
http://www.securityfocus.com/bid/33858
Steamcast Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/33898
IBM WebSphere Application Server Forced Logout Session Hijacking Vulnerability
http://www.securityfocus.com/bid/34501
BulletProof FTP Client '.bps' File Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33024
TorK Multiple Privoxy Insecure Default Configuration Vulnerabilities
http://www.securityfocus.com/bid/26386
Nortel Networks Communication Server 1000 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/28691
Cisco PIX and ASA Multiple Denial of Service, ACL Bypass, and Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34429
NTP 'ntpq' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34481
ClamAV Prior to 0.95.1 Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/34446
Chance-i DiViS DVR System Web Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/34473
Dynamic Flash Forum Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34465
Chance-i DiViS-Web DVR System ActiveX Control 'AddSiteEx()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34468
PHP 5.2.8 and Prior Versions Multiple Vulnerabilities
http://www.securityfocus.com/bid/33927
Loggix Project 'post.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34467
Wicd 'wicd.conf' Default Configuration Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33658
OpenAFS Error Codes Remote Denial of Service Vulnerabiliy
http://www.securityfocus.com/bid/34404
OpenAFS Unix Cache Manager Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34407
OpenSC PKCS#11 Implementation Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/33922
Access Analyzer CGI Unspecified Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34315
FreeBSD netgraph and bluetooth Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/32976
My Dealer CMS 'admin/login.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34464
Microsoft Windows Kernel GDI EMF/WMF Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34012
WebFileExplorer 'body.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34462
Maya Studio eo-video Playlist File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/30717
PGP Desktop 'PGPwded.sys' Local Code Execution Vulnerability
http://www.securityfocus.com/bid/32991
XIGLA Absolute Form Processor XE 'login.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34463
SWF Opener Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34459
BackendCMS 'main.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34455
EMC RepliStor Multiple Remote Heap Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34449
Horde IMP Webmail Client Cross Site Scripting And HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/33492
Horde Turba Contact Manager '/imp/test.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/31168
RETIRED: Nokia Siemens Networks Flexi ISN Multiple Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34299
Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34383
Sun Java Applet Font.createFont Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/17981
RETIRED: Intesync LLC Miniweb 2.0 'username' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/32819
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
RETIRED: Maian Music Joomla! Component 'category' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34432
HP Deskjet 6840 'refresh_rate.htm' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34480
RETIRED: Check Point FireWall-1 PKI Web Service Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34286
RETIRED: Joomla! 'com_mailto' Component 'article' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34433
IBM Rational ClearCase UCM-CQ Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34483
Microsoft Internet Explorer File Download Denial of Service Vulnerability
http://www.securityfocus.com/bid/34478
Microsoft Windows 'atapi.sys' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34466
FFmpeg 'libavformat/4xm.c' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/33502
xine-lib STTS QuickTime Atom Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34384
Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34184
multipath-tools 'multipathd' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34410
Banshee DAAP Extension 'apps/web/vs_diag.cgi' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34507
Revista Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/34505
ASP Product Catalog 'search.asp' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34504
FreznoShop 'product_details.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34496
e107 User Journals Plugin 'userjournals.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34495
Multiple Mini-stream Software Products '.m3u' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34494
Multiple XEngineSoft Products Login Parameters Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34493
Yellow Duck Weblog 'include/languages/check.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/34492
People-Trak Login SQL Injection Vulnerability
http://www.securityfocus.com/bid/34491
PGP Desktop 'pgpdisk.sys' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34490
X10Media Automatic MP3 Search Engine 'admin/admin.php' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34489
HTML Email Creator HTML Tags Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34487
Flatnuke 'level' Parameter Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34486
SilverStripe 'filename' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34485
Sun Java System Identiy Manager Users Enumeration
http://www.securiteam.com/exploits/5EP0F0UQUO.html
0 件のコメント:
コメントを投稿