2009年4月27日月曜日

月曜日、赤口

MySQL Enterprise 5.0.80 [MRU] (Not yet released)
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-80.html

ウイルスバスター2008 の Microsoft Windows Vista Service Pack 2 への対応について
http://www.trendmicro.co.jp/support/news.asp?id=1247

Trend Micro InterScan Web Security Virtual Appliance 3.1 公開とサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1197

ゴールデンウィーク期間の問合せ窓口体制
http://www.trendmicro.co.jp/support/news.asp?id=1243

「プレステ3」での詐欺・有害サイト閲覧を防止、トレンドが提供開始
それぞれ年額1980円で提供、システムソフトのアップデートが必要
http://itpro.nikkeibp.co.jp/article/NEWS/20090427/329203/?ST=security

ウイルスプログラムに「ハムレット」の一節、狙いは対策ソフトの回避
作者はシェイクスピアのファン? テキストの挿入で“特徴”を変える
http://itpro.nikkeibp.co.jp/article/NEWS/20090427/329204/?ST=security

JVN#28020230 CGI RESCUE 製 Webメーラーにおける HTTP ヘッダインジェクションの脆弱性
http://jvn.jp/jp/JVN28020230/index.html

JVN#76370393 CGI RESCUE 製フォームメールにおけるメールの不正送信が可能な脆弱性
http://jvn.jp/jp/JVN76370393/index.html

JVN#11396739 CGI RESCUE 製簡易BBS におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN11396739/index.html

JVN#36982346 CGI RESCUE 製簡易BBS22 におけるメールの不正送信が可能な脆弱性
http://jvn.jp/jp/JVN36982346/index.html

JVNDB-2009-000024 CGI RESCUE 製 Webメーラーにおける HTTP ヘッダインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000024.html

JVNDB-2009-000023 CGI RESCUE 製フォームメールにおけるメールの不正送信が可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000023.html

JVNDB-2009-000022 CGI RESCUE 製簡易BBS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000022.html

JVNDB-2009-000021 CGI RESCUE 製簡易BBS22 におけるメールの不正送信が可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000021.html

JVNDB-2009-001179 IBM WebSphere Application Server (WAS) の Web Services Security コンポーネントにおける XML デジタル署名仕様に関連した脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001179.html

JVNDB-2009-001178 IBM WebSphere Application Server (WAS) におけるファイル改ざんが可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001178.html

JVNDB-2009-001177 IBM WebSphere Application Server (WAS) における UsernameToken オブジェクトに関連する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001177.html

JVNDB-2009-001176 IBM WebSphere Application Server (WAS) の administrative console におけるセッションハイジャックの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001176.html

JVNDB-2009-001175 Symantec Veritas NetBackup Server / Enterprise Server の Veritas network daemon における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001175.html

JVNDB-2008-001567 Mozilla Firefox における任意のローカルファイルを読み取られる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001567.html

JVNDB-2008-001566 複数の Mozilla 製品の CSSValue 配列データ構造に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001566.html

JVNDB-2008-001511 複数の Mozilla 製品における偽サイトの SSL 証明書を受け入れてしまう脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001511.html

JVNDB-2008-001510 Mozilla Firefox/SeaMonkey の file:// URL におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001510.html

JVNDB-2008-001509 Mozilla Firefox/SeaMonkey の .properties ファイルに関するメモリ領域の情報が漏えいする脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001509.html

JVNDB-2008-001507 Mozilla Firefox/SeaMonkey における任意のローカルファイルのアップロードを強制される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001507.html

JVNDB-2008-001506 Mozilla Firefox/SeaMonkey の JAR 署名処理における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001506.html

JVNDB-2008-001493 Mozilla Firefox/SeaMonkey の同一生成元ポリシーを回避されることによるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001493.html

JVNDB-2008-001492 複数の Mozilla 製品の画像処理における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001492.html

JVNDB-2008-001491 複数の Mozilla 製品の mozIJSSubScriptLoader.LoadScript() 関数における任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001491.html

JVNDB-2008-001490 複数の Mozilla 製品の XUL ドキュメント処理における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001490.html







+ MySQL Community Server 5.0.81 released
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-81.html

The latest snapshot for the stable Linux kernel tree is: 2.6.30-rc3-git1
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=summary

FreeBSD 7.2-RC1 Available
http://lists.freebsd.org/pipermail/freebsd-stable/2009-April/049464.html

Disk or diskgroup cannot be imported as a cluster disk group because it is not on a shared bus.
http://seer.entsupport.symantec.com/docs/323692.htm

NTP 4.2.5p167 Development release
http://archive.ntp.org/ntp4/ChangeLog-dev

MSL-2009-001: Samsung Missing Provisioning Authentication
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29095

CVE-2009-1190: Spring Framework Remote Denial of Service Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29096

Pragyan CMS: Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29098

SUSE-SA:2009:026: glib2
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29091

GLSA 200904-20: CUPS: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29094

RHSA-2009:0445-01: Critical: java-1.4.2-ibm security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29092

- RHSA-2009:0446-01: Important: mod_jk security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29093

Insider Threat Workshop
http://www.sei.cmu.edu/products/courses/p76.html

[ MDVSA-2009:096 ] printer-drivers
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29093

[ MDVSA-2009:095 ] ghostscript
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00241.html

Aruba Advisory ID: AID-42309 Management User Authentication Bypass Vulnerability When Using Publ
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00244.html

Juniper Advisory
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00240.html

MSL-2009-001 - Samsung Missing Provisioning Authentication
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00242.html

REMOTE SQL INJECTION (SQLi) VULNERABILITY--Photo-Rigma.BiZ v30-->
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00239.html

Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00238.html

Formshield Captcha - Older Version vulnerable to replay attacks
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00236.html

CVE-2009-1190: Spring Framework Remote Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00235.html

WOOT09 call for papers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00234.html

[ GLSA 200904-20 ] CUPS: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00233.html

Google Chrome "ChromeHTML" URI Handler Vulnerability
http://secunia.com/advisories/34900/

CS DNS Lookup "ip" Command Injection Vulnerability
http://secunia.com/advisories/34899/

PJBlog3 "action.asp" SQL Injection Vulnerability
http://secunia.com/advisories/34897/

Spring Framework Regular Expressions Denial of Service Vulnerability
http://secunia.com/advisories/34892/

Gentoo update for cups
http://secunia.com/advisories/34891/

SUSE update for glib2
http://secunia.com/advisories/34890/

Red Hat update for java-1.4.2-ibm
http://secunia.com/advisories/34889/

Scorpio Framework "baseAdminSite" View Action Security Bypass
http://secunia.com/advisories/34888/

Movable Type Cross-Site Scripting Vulnerability
http://secunia.com/advisories/34886/

Symantec Brightmail Gateway Control Center Multiple Vulnerabilities
http://secunia.com/advisories/34885/

CS Whois Lookup "ip" Command Injection Vulnerability
http://secunia.com/advisories/34884/

DirectAdmin Database Backup and Restore Vulnerabilities // 229 views
http://secunia.com/advisories/34861/

Cisco ASA Input Validation Flaw in Clientless SSL VPN Feature Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/Apr/1022122.html

Movable Type Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id?1022121

Symantec Ghost EasySetup Wizard Lets Remote Users Deny Service
http://www.securitytracker.com/id?1022120

Google Chrome "ChromeHTML" URI Information Vulnerability
http://www.vupen.com/english/advisories/2009/1160

Debian apt Repository Signature Verification Vulnerability
http://www.securityfocus.com/bid/34630

Recover Data for Novell Netware '.SAV' File Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34693

FOWLCMS Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34690

GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100

SAP AG SAPgui KWEdit ActiveX Control Insecure Method Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34524

X10Media Automatic MP3 Search Engine 'admin/admin.php' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34489

AbleSpace Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/34512

HP Deskjet 6840 'refresh_rate.htm' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34480

ClamAV RAR File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/34344

Linksys WVC54GCA Wireless-G Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34714

ClamAV Prior to 0.95.1 Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/34446

ClamAV Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/34357

Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34184

Ghostscript 'CCITTFax' Decoding Filter Denial of Service Vulnerability
http://www.securityfocus.com/bid/34337

Ghostscript 'gdevpdtb.c' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34340

Ghostscript 'jbig2dec' JBIG2 Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34445

TYPO3 JobControl Extension Unspecified Cross-Site Scripting and SQL-Injection Vulnerabilities
http://www.securityfocus.com/bid/29828

TYPO3 CoolURI Extension SQL Injection Vulnerability
http://www.securityfocus.com/bid/29821

TYPO3 DCD GoogleMap Extension Unspecified Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/29815

TYPO3 nepa-design.de Spam Protection Extension Unspecified Setting Manipulation Vulnerability
http://www.securityfocus.com/bid/29833

Mod_Perl Path_Info Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/23192

acpid Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34692

Acritum Femitter Server Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/34689

Flat Calendar 'add.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/34688

aMule 'wxExecute()' Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/34683

Mani's Admin Plugin Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34685

RSMonials Joomla! Component Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/34684

Multiple Samsung Devices SMS Provisioning Messages Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34705

Xitami HTTP Server Multiple Socket HEAD Request Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34681

WebPortal CMS Multiple Remote and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/34687

New5starRating 'admin/control_panel_sample.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34680

Mahara User Profile Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34677

Elkagroup Image Gallery 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/34679

010 Editor File Parsing Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34662

Plone PlonePAS Unspecified Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34664

Microsoft Internet Explorer File Download Denial of Service Vulnerability
http://www.securityfocus.com/bid/34478

Google Chrome 'chromehtml:' Protocol Handler Same Origin Policy Bypass Vulnerability
http://www.securityfocus.com/bid/34704

Cisco ASA Appliance WebVPN Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34307

CS Whois Lookup 'ip' Parameter Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/34700

DSP Downloader 'ASX' File Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34712

Aruba Mobility Controller Public Key Based SSH Authentication Security Bypass Vulnerability
http://www.securityfocus.com/bid/34711

+ Juniper Networks ScreenOS 'about.html' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34710

Photo-Rigma.BiZ SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34709

FormShield 'CAPTCHA' Replay Security Bypass Vulnerability
http://www.securityfocus.com/bid/34708

Pragyan CMS Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/34707

Absolute Form Processor XE 'userid' Parameter Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34706

PuterJam's Blog PJBlog3 'action.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34701

0 件のコメント:

コメントを投稿