2009年4月30日木曜日

木曜日、先負

The latest prepatch for the stable Linux kernel tree is: 2.6.30-rc4
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.30-rc4

「ゼロデイ攻撃を防御、パターン不要」――純国産の対策ソフト発表
フォティーンフォティ技術研究所が開発、振る舞いからウイルスを検出
http://itpro.nikkeibp.co.jp/article/NEWS/20090430/329335/?ST=security

「豚インフルエンザ」便乗の迷惑メール出現、“便乗ドメイン”も続々
バイアグラの販売サイトなどに誘導、悪質サイトが出現する恐れもある
http://itpro.nikkeibp.co.jp/article/NEWS/20090430/329314/?ST=security

JVNDB-2009-001186 IBM DB2 における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001186.html

JVNDB-2009-001185 Microsoft Office PowerPoint に任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001185.html

JVNDB-2008-001954 Windows 上で動作する Mozilla Firefox/SeaMonkey における .url ショートカットファイルに関する同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001954.html

JVNDB-2008-001953 Mozilla Firefox における file: URI にクローム特権を割り当てる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001953.html

JVNDB-2008-001952 複数の Mozilla 製品における Canvas 要素と HTTP リダイレクト処理に関する同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001952.html

JVNDB-2008-001949 Mozilla Firefox/SeaMonkey における Flash モジュールのチェックに関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001949.html

JVNDB-2008-001948 複数の Mozilla 製品における window.__proto__.__proto__ オブジェクトの改ざんに関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001948.html

JVNDB-2008-001782 Mozilla Thunderbird/SeaMonkey における news 記事のヘッダ処理に関するヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001782.html

JVNDB-2008-001760 Mozilla Firefox/SeaMonkey における XBM イメージファイルの処理に関する情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001760.html

JVNDB-2008-001758 複数の Mozilla 製品におけるディレクトリトラバーサルシーケンスの処理に関するディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001758.html

JVNDB-2008-001757 Linux 上の複数の Mozilla 製品における ".." 文字および URL エンコードされた "/" 文字の処理に関するディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001757.html

JVNDB-2008-001756 Mozilla Firefox における下位サロゲート文字の処理に関するクロスサイトスクリプティング防止機構を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001756.html

JVNDB-2008-001755 複数の Mozilla 製品における BOM 文字の処理に関するクロスサイトスクリプティング防止機構を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001755.html

54130 : Adobe Reader for Linux getAnnots() JavaScript Method PDF Handling Memory Corruption
http://osvdb.org/show/osvdb/54130

54129 : Adobe Reader for Linux customDictionaryOpen() JavaScript Method PDF Handling Memory
http://osvdb.org/show/osvdb/54129

54128 : WebSPELL picture.php id Parameter Traversal Arbitrary File Access
http://osvdb.org/show/osvdb/54128

54127 : Memcached / MemcacheDB stats maps Command Remote Information Disclosure
http://osvdb.org/show/osvdb/54127

54126 : @mail webadmin/admin.php Multiple Parameter XSS
http://osvdb.org/show/osvdb/54126

JBC Explorer Auth.Inc.PHP Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/26332



HPSBMA02400 SSRT080144 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01646081-2

+ Solution 241646 : Security Vulnerability in GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-241646-1

+ Solution 257708 : Security Vulnerabilities in DTrace (dtrace(1M)) ioctl(2) Handlers May Lead to a Denial of Service (DoS) Condition
http://sunsolve.sun.com/search/document.do?assetkey=1-66-257708-1

- RHSA-2009:0451-2 Important: kernel-rt security and bug fix update
https://rhn.redhat.com/errata/RHSA-2009-0451.html

+ Linux Kernel Bug in exit_notify() Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/Apr/1022141.html

+ Multiple Trend Micro Products RAR/ZIP/CAB Files Scan Evasion Vulnerability
http://www.securityfocus.com/bid/34763

Postfix 2.7 Snapshot 20090428
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.7-20090428.HISTORY

Rakudo Perl 6 development release #16
http://use.perl.org/articles/09/04/29/1649217.shtml

DBD::Oracle 1.23 released
http://www.cpan.org/modules/by-module/DBD/DBD-Oracle-1.23.readme

NTP 4.2.4p7-RC4 released
http://archive.ntp.org/ntp4/ChangeLog-stable-rc

NTP 4.2.5p168 development released
http://archive.ntp.org/ntp4/ChangeLog-dev

Solution 257868 : SUN ALERT WEEKLY SUMMARY REPORT - Week of 19-Apr-2009 to 25-Apr-2009
http://sunsolve.sun.com/search/document.do?assetkey=1-66-257868-1

Cross-Site Scripting Vulnerability in Citrix Web Interface
http://support.citrix.com/article/CTX120697

Security Update to Citrix License Server
http://support.citrix.com/article/CTX120742

DSA 1781-1: New ffmpeg-debian packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29127

DSA 1782-1: New mplayer packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29128

DSA 1783-1: New mysql-dfsg-5.0 packages fix multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29129

RHSA-2009:0451-02: Important: kernel-rt security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29130

SEC Consult Security Advisory <>: Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29134

SSA:2009-118-01: mozilla-firefox
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29125

Vendor Security Advisories
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29136

TZO-17-2009: Trendmicro multiple bypass/evasions
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29137

Addendum: TZO-17-2009: Trendmicro multiple bypass/evasions
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29138

DSA 1780-1: New libdbd-pg-perl packages fix potential code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29126

HPSBUX02366 SSRT080120 rev.1: HPUX Running useradd(1M), Local Unauthorized Access
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29139

iDefense Security Advisory 04.28.09: TIBCO SmartSockets Stack Buffer Overflow Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29132

MIM:InfiniX-SA-04/28/2009: MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003--->
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29140

MDVSA-2009:101: xpdf
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29124

Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29133

OpenView-SA-04/28/2009: HP OpenView Network Node Manager "ovalarmsrv" Integer Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29119

Errata: TZO-13-2009: Avira Antivir generic CAB evasion / bypass
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29131

ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29135

DDIVRT-2009-24: Precidia Ether232 Memory Corruption
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29118

HPSBMA02424 SSRT080125 rev.1: HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29120

EZ-blog-SA-04/27/2009: SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2-->
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29123

MDVSA-2009:098: krb5
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29108

MDVSA-2009:099: openafs
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29109

RHSA-2009:0449-01: Critical: firefox security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29113

TZO-13-2009: Avira Antivir generic CAB evasion / bypass
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29114

TZO-14-2009: Comodo Antivirus RAR evasion
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29115

TZO-15-2009: Aladdin eSafe generic bypass - Forced release
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29116

USN-761-2: PHP vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29110

USN-766-1: acpid vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29111

USN-767-1: FreeType vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29112

人間を使う「画像認証」破りサービス、1000件当たり1ドルで解読
もはや一つのビジネス、Googleのスポンサーリンクにも表示
http://itpro.nikkeibp.co.jp/article/NEWS/20090428/329293/?ST=security

PUBLIC ADVISORY: 04.29.09 Symantec System Center Alert Management System Console Arbitrary Program Execution Design Error Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=786

PUBLIC ADVISORY: 04.28.09 TIBCO SmartSockets Stack Buffer Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785

[security bulletin] HPSBMA02400 SSRT080144 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00289.html

iDefense Security Advisory 04.29.09: Symantec System Center Alert Management System Console Arbitrary Program Execution Design Error Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00283.html

SQL INJECTION (SQLi) VULNERABILITY--ProjectCMS v1.0 Beta Final-->
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00286.html

Addendum: [TZO-17-2009]Trendmicro multiple bypass/evasions
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00284.html

[TZO-17-2009]Trendmicro multiple bypass/evasions
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00288.html

[TZO-16-2009] Nod32 CAB bypass/evasion
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00287.html

Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00282.html

[SECURITY] [DSA 1783-1] New mysql-dfsg-5.0 packages fix multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00281.html

[SECURITY] [DSA 1782-1] New mplayer packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00280.html

[SECURITY] [DSA 1781-1] New ffmpeg-debian packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00278.html

[ MDVA-2009:057 ] usermode
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00277.html

[ MDVSA-2009:101 ] xpdf
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00276.html

ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00285.html

Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00279.html

iDefense Security Advisory 04.28.09: TIBCO SmartSockets Stack Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00273.html

[USN-765-1] Firefox and Xulrunner vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00272.html

[SECURITY] [DSA 1780-1] New libdbd-pg-perl packages fix potential code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00275.html

Errata: [TZO-13-2009] Avira Antivir generic CAB evasion / bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00261.html

MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003--->
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00270.html

one shot remote root for linux?
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00269.html

[security bulletin] HPSBUX02366 SSRT080120 rev.1 - HPUX Running useradd(1M), Local Unauthorized
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00262.html

security tools list
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00263.html

Secunia Research: HP OpenView Network Node Manager "ovalarmsrv" Integer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00264.html

[ MDVSA-2009:099 ] openafs
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00259.html

[USN-767-1] FreeType vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00266.html

[USN-766-1] acpid vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00271.html

[USN-761-2] PHP vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00267.html

RHBA-2009:0454-1 hts bug fix update
http://rhn.redhat.com/errata/RHBA-2009-0454.html

Vulnerability Note VU#970180 Adobe Reader and Acrobat customDictionaryOpen() and getAnnots() JavaScript vulnerabilities
http://www.kb.cert.org/vuls/id/970180

Citrix Licensing License Server Unspecified Vulnerabilities
http://secunia.com/advisories/34937/

+ Symantec Log Viewer Script Insertion Vulnerabilities
http://secunia.com/advisories/34936/

+ Symantec Products Reporting Server URL Handling Weakness
http://secunia.com/advisories/34935/

Ubuntu update for php5
http://secunia.com/advisories/34933/

MemcacheDB "stats maps" Information Disclosure Weakness
http://secunia.com/advisories/34932/

HP-UX "useradd" Unauthorised Access
http://secunia.com/advisories/34931/

LevelOne AMG-2000 Proxy "Host:" Security Bypass
http://secunia.com/advisories/34926/

WebSPELL "picture.php" Information Disclosure
http://secunia.com/advisories/34921/

Red Hat update for kernel-rt
http://secunia.com/advisories/34917/

memcached "'stats maps" Information Disclosure Weakness
http://secunia.com/advisories/34915/

TIBCO SmartSockets Buffer Overflow Vulnerability
http://secunia.com/advisories/34911/

Ubuntu update for firefox-3.0 and xulrunner-1.9
http://secunia.com/advisories/34910/

Debian update for ffmpeg
http://secunia.com/advisories/34905/

Citrix Web Interface Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/34868/

+ Symantec Products Alert Management System 2 Multiple Vulnerabilities
http://secunia.com/advisories/34856/

Slackware update for mozilla-firefox
http://secunia.com/advisories/34851/

Debian update for mplayer
http://secunia.com/advisories/34845/

Sun Solaris DTrace ioctl Handlers Denial of Service
http://secunia.com/advisories/34836/

@mail "admin.php" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/34403/

Fedora update for libmodplug
http://secunia.com/advisories/34930/

Fedora update for prewikka
http://secunia.com/advisories/34928/

libmodplug "PATinst()" Buffer Overflow Vulnerability
http://secunia.com/advisories/34927/

Adobe Reader for Linux JavaScript Methods Memory Corruption
http://secunia.com/advisories/34924/

MataChat "nickname" and "color" Script Insertion Vulnerabilities
http://secunia.com/advisories/34922/

Red Hat update for firefox
http://secunia.com/advisories/34919/

Citrix Web Interface Input Validation Hole Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id?1022145

Citrix License Server Unspecified Bugs in Licensing Management Console Have Unspecified Impact
http://www.securitytracker.com/id?1022144

Solaris DTrace ioctl Hanlder Flaws Let Local Users Deny Service
http://www.securitytracker.com/id?1022143

Linux Kernel Bug in exit_notify() Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id?1022141

memcached Discloses Application Memory Contents and Information to Remote Users
http://www.securitytracker.com/id?1022140

Adobe Reader Bugs in getAnnots() and spell.customDictionaryOpen() Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id?1022139

Symantec Endpoint Protection Bug in Reporting Server Lets Remote Users Display Arbitrary Messages
http://securitytracker.com/alerts/2009/Apr/1022138.html

Symantec Client Security Bug in Reporting Server Lets Remote Users Display Arbitrary Messages
http://securitytracker.com/alerts/2009/Apr/1022137.html

Symantec Anti Virus Corporate Edition Bug in Reporting Server Lets Remote Users Display Arbitrary Messages
http://securitytracker.com/alerts/2009/Apr/1022136.html

+ Security Advisories Relating to Symantec Products - Symantec Reporting Server Improper URL Handling Exposure
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00

Symantec Endpoint Protection Input Validation Flaw in Log Viewer Permits Remote HTML Injection Attacks
http://securitytracker.com/alerts/2009/Apr/1022135.html

+ Security Advisories Relating to Symantec Products - Symantec Log Viewer JavaScript Injection Vulnerabilities
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_01

Symantec Anti Virus Input Validation Flaw in Log Viewer Permits Remote HTML Injection Attacks
http://www.securitytracker.com/id?1022134

Norton Internet Security Input Validation Flaw in Log Viewer Permits Remote HTML Injection Attacks
http://www.securitytracker.com/id?1022133

Symantec Endpoint Protection Bugs in Alert Management System 2 Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id?1022132

+ Security Advisories Relating to Symantec Products - Symantec Alert Management System 2 multiple vulnerabilities
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02

Symantec Client Security Bugs in Alert Management System 2 Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id?1022131

Symantec Anti Virus Corporate Edition Bugs in Alert Management System 2 Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id?1022130

TIBCO SmartSockets Stack Overflow in RTserver Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id?1022129

HP-UX Bug in 'useradd' Command Lets Local Users Gain Access to Files and Directories
http://www.securitytracker.com/id?1022128

Citrix License Server Management Console Unspecified Vulnerability
http://www.vupen.com/english/advisories/2009/1207

Citrix Web Interface Unspecified Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/1206

HP-UX "useradd" Command Local Unauthorized Access Vulnerability
http://www.vupen.com/english/advisories/2009/1205

Symantec Products Alert Management System 2 Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2009/1204

Symantec Products Log Viewer Feature Script Injection Vulnerabilities
http://www.vupen.com/english/advisories/2009/1203

Symantec Products Reporting Server Message Manipulation Weakness
http://www.vupen.com/english/advisories/2009/1202

Juniper Netscreen ScreenOS Information Disclosure Weakness
http://www.vupen.com/english/advisories/2009/1201

Libmodplug "PATinst()" Instrument Name Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1200

Sun Solaris DTrace IOCTL Handlers Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/1199

TIBCO SmartSockets UDP Remote Stack Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1198

MemcacheDB "stats maps" Remote Information Disclosure Weakness
http://www.vupen.com/english/advisories/2009/1197

Memcached "stats maps" Remote Information Disclosure Weakness
http://www.vupen.com/english/advisories/2009/1196

Adobe Reader and Acrobat JavaScript Memory Corruption Vulnerabilities
http://www.vupen.com/english/advisories/2009/1189

IBM Tivoli Workload Scheduler Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/1188

HP OpenView NNM "ovalarmsrv" Remote Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1187

Sumatra PDF MuPDF "loadexponentialfunc()" Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1186

MuPDF "loadexponentialfunc()" Function Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1185

Mozilla Firefox "nsTextFrame::ClearTextRun()" Memory Corruption Issue
http://www.vupen.com/english/advisories/2009/1180

IBM Tivoli Continuous Data Protection for Files Insecure Default Permissions Vulnerability
http://www.securityfocus.com/bid/26293

doop Index.php Local File Include Vulnerability
http://www.securityfocus.com/bid/26075

Kaspersky Online Scanner KAVWebScan.DLL ActiveX Control Format String Vulnerability
http://www.securityfocus.com/bid/26004

NVClock Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/25052

Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/24524

Linux Kernel CPUSet Tasks Memory Leak Information Disclosure Vulnerability
http://www.securityfocus.com/bid/24389

+ Sun Java Web Start Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/23728

Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/23412

Microsoft Windows Vista Neighbor Discovery Spoofing Vulnerability
http://www.securityfocus.com/bid/23293

Adobe Acrobat and Reader Unspecified Remote Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34768

Cisco IOS Multiple Features UDP Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/34245

Linux Kernel 'do_splice_from()' Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/31903

Cisco IOS NAT Skinny Call Control Protocol Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/31359

Cisco IOS AIC HTTP Transit Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31354

ProjectCMS 'sn' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34767

HP Enterprise Discovery Unspecified Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/30865

HP OpenView Network Node Manager HTTP Request Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/33147

Samba Group Mappings File Insecure Permissions Local Security Vulnerability
http://www.securityfocus.com/bid/30837

Ruby REXML Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/30802

JBoss Enterprise Application Platform Information Disclosure Vulnerability
http://www.securityfocus.com/bid/30540

Apple Safari Automatic File Launch Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/29835

Multiple ESET Products CAB File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/34764

GNU Tar Invalid Headers Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/16764

LevelOne AMG-2000 Security Bypass Vulnerability
http://www.securityfocus.com/bid/34760

Linux Kernel RLIMIT_CPU Zero Limit Handling Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/29004

Linksys WRT54G Wireless-G Router Multiple Remote Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/28381

JBC Explorer Auth.Inc.PHP Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/26332

TorrentTrader 'msg' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/28082

GFL SDK Library Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/27514

TikiWiki CMS 'tiki-listmovies.php' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/27008

0 件のコメント:

コメントを投稿