MySQL 5.1.35 (Not yet released)
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-35.html
MySQL 5.1.36 (Not yet released)
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-36.html
+ Solution 259989: Security Vulnerability in Solaris libpng(3) May Allow Denial of Service (DoS) or Privilege Escalation
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1
+ [Security-announce] VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues
http://lists.vmware.com/pipermail/security-announce/2009/000057.html
複数のCisco Systems製品におけるセキュリティ上の弱点(脆弱性)の注意喚起
http://www.ipa.go.jp/security/vuln/documents/2009/200905_cisco.html
「DirectX」にぜい弱性,QuickTime再生で遠隔コード実行の恐れ
http://itpro.nikkeibp.co.jp/article/NEWS/20090529/330925/?ST=security
JVN#70836284 MT312 製写メール掲示板 IMG-BBS におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN70836284/index.html
JVN#01115659 MT312 製携帯対応掲示板 REP-BBS におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN01115659/index.html
JVN#62527913 複数の Cisco Systems 製品におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN62527913/index.html
JVNDB-2009-000034 MT312 製写メール掲示板 IMG-BBS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000034.html
JVNDB-2009-000033 MT312 製携帯対応掲示板 REP-BBS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000033.html
JVNDB-2009-000032 複数の Cisco Systems 製品におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html
JVNDB-2009-001277 複数の Mozilla 製品における javascript: URI をブロックしない脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001277.html
JVNDB-2009-001276 複数の Mozilla 製品における内部 URI の Content-Disposition ヘッダが無視される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001276.html
JVNDB-2009-001275 複数の Mozilla 製品における同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001275.html
JVNDB-2009-001274 複数の Mozilla 製品の view-source: URI 実装における同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001274.html
JVNDB-2009-001273 複数の Mozilla 製品の JavaScript エンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001273.html
JVNDB-2009-001272 複数の Mozilla 製品の JavaScript エンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001272.html
JVNDB-2009-001271 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001271.html
JVNDB-2009-001270 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001270.html
JVNDB-2009-001104 libpng が適切にエレメントポインタを初期化しない脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001104.html
JVNDB-2007-001166 MySQL の MyISAM テーブルにおける権限チェック回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001166.html
Microsoft DirectShow QuickTime Parsing Arbitrary Code Execution
http://secunia.com/advisories/35268/
Mastering the Metasploit Framework
http://blog.metasploit.com/2009/05/mastering-metasploit-framework.html
+ HPSBUX02429 SSRT090058 rev.1 - Javaを実行するHP-UX、任意コードのリモート実行およびその他の脆弱性
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c01755624-1
+ libpng 1.2.36 released
http://www.libpng.org/pub/png/libpng.html
http://www.libpng.org/pub/png/src/libpng-1.2.36-README.txt
+ J2SE JDK/JRE 1.6.0_14 released
http://java.sun.com/javase/6/webnotes/6u14.html
+ Microsoft Security Advisory (971778): Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/971778.mspx
[ANNOUNCE] Apache Portals Jetspeed 2.2.0, Pluto 2.0.0, Applications 1.0 releases
http://portals.apache.org/
http://portals.apache.org/jetspeed-2
http://portals.apache.org/pluto
http://portals.apache.org/applications
[ANNOUNCE] Apache Archiva 1.2.1 Released!
http://archiva.apache.org/
Harvard study: Linux will not supplant Windows
http://www.linux.org/news/2009/05/28/0002.html
GNU/Linux Eclipses Windows – for Eclipse Users
http://www.linux.org/news/2009/05/28/0001.html
Rakudo Perl 6 development release #17
http://use.perl.org/articles/09/05/28/2252256.shtml
Postfix 2.6.2 stable release candidate 1
http://mirror.postfix.jp/postfix-release/official/postfix-2.6.2-RC1.HISTORY
Postfix 2.7 Snapshot 20090528
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.7-20090528.HISTORY
Vulnerability in Citrix Password Manager could result in information disclosure
http://support.citrix.com/article/CTX120743
Bkis-09-2009 : XSS vulnerability in 'Monitor_Bandwidth' - PRTG Traffic Grapher
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29395
Drupal-SA-05/28/2009: Drupal Embedded Media Field Module Multiple XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29400
TZO-27-2009: Firefox Denial of Service (Keygen)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29394
GLSA 200905-09: libsndfile: User-assisted execution of arbitrary code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29393
HPSBUX02429 SSRT090058 rev.1: HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29403
PHP Nuke-SA-05/27/2009: PHP Nuke v.8.0 (referer) SQL Injection
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29401
Vanilla-SA-05/27/2009: Vanilla v.1.1.7 Cross-Site Scripting
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29402
InterNOT-SA-05/27/2009: InterN0T AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29404
MDVSA-2009:123: opensc
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29391
RHSA-2009:1075-01: Moderate: httpd security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29392
rPSA-2009-0091-1: cyrus-sasl cyrus-sasl-server
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29397
rPSA-2009-0092-1: ntp ntp-utils
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29398
rPSA-2009-0095-1: tshark wireshark
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29399
[InterN0T] Achievo 1.3.4 - XSS Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00284.html
Novell Groupwise fails to properly sanitize emails.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00282.html
CORE-2009-0401 - StoneTrip S3DPlayers remote command injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00283.html
Re[2]: [TZO-27-2009] Firefox Denial of Service (Keygen)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00278.html
ecshop 2.6.2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00271.html
Survey: "MIME/Content-Type-Sniffing" Issues in Image Uploads in Forum Scripts
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00273.html
[Bkis-09-2009] XSS vulnerability in Monitor_Bandwidth - PRTG Traffic Grapher
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00268.html
[TZO-27-2009] Firefox Denial of Service (Keygen)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00277.html
=?WINDOWS-1252?Q?Call_For_Papers_=96_ACM_CCS_2009_Workshops?=
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00279.html
ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00276.html
rPSA-2009-0095-1 tshark wireshark
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00269.html
MULTIPLE REMOTE VULNERABILITIES --Small Pirates v-2.1-->
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00267.html
rPSA-2009-0092-1 ntp ntp-utils
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00270.html
rPSA-2009-0091-1 cyrus-sasl cyrus-sasl-server
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00272.html
最も危険な検索語は「free music downloads」、結果の2割にウイルス
米マカフィーが調査、「word unscrambler」「lyrics」「myspace」も危険
http://itpro.nikkeibp.co.jp/article/NEWS/20090528/330920/?ST=security
多数のパスワードがネットで検索可能な状態に、原因はウイルス
「偽インスタントメッセンジャー」に注意、パスワードを盗んで送信
http://itpro.nikkeibp.co.jp/article/NEWS/20090528/330919/?ST=security
トレンドマイクロ、クライアントとスマートフォン向けセキュリティ製品
http://itpro.nikkeibp.co.jp/article/NEWS/20090528/330854/?ST=security
CPNI-957037 SSH 通信において一部データが漏えいする可能性
http://jvn.jp/niscc/CPNI-957037/index.html
Simple Machines Forum BMP Uploads Cross-Site Scripting
http://secunia.com/advisories/35267/
libsndfile Multiple Division by Zero Denial of Service Vulnerabilities
http://secunia.com/advisories/35266/
Easy Px 41 CMS "fiche" Information Disclosure Vulnerability
http://secunia.com/advisories/35252/
PRTG Traffic Grapher Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35249/
rPath update for tshark and wireshark
http://secunia.com/advisories/35248/
Gentoo update for libsndfile
http://secunia.com/advisories/35247/
rPath update for ntp
http://secunia.com/advisories/35243/
rPath update for cyrus-sasl
http://secunia.com/advisories/35239/
Vanilla "RequestName" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35234/
Fedora update for freetype1
http://secunia.com/advisories/35233/
Drupal Ajax Session Module Cross-Site Scripting and Request Forgery
http://secunia.com/advisories/35232/
Fedora update for acpid
http://secunia.com/advisories/35230/
pam_krb5 Password Prompt User Enumeration Security Issue
http://secunia.com/advisories/35230/
Citrix Password Manager Secondary Password Information Disclosure
http://secunia.com/advisories/35229/
Fedora update for php-Smarty
http://secunia.com/advisories/35219/
Fedora update for kernel
http://secunia.com/advisories/35217/
Avaya CMS Solaris "sadmind" Two Vulnerabilities
http://secunia.com/advisories/35191/
Fedora update for libwmf
http://secunia.com/advisories/35190/
Fedora update for eggdrop
http://secunia.com/advisories/35158/
ATutor Documentation Frameset "p" Phishing Vulnerability
http://secunia.com/advisories/35043/
Oh dear, spammers gave us a good laugh!
http://www.zone-h.org/news/id/4711
Government website of Jordan used for phishing
http://www.zone-h.org/news/id/4710
Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities
http://www.securiteam.com/windowsntfocus/5SP0M1FR5G.html
Sun Solaris Integer Overflow Vulnerability
http://www.securiteam.com/unixfocus/5TP0N1FR5O.html
IBM AIX libc MALLOCDEBUG File Overwrite Vulnerability
http://www.securiteam.com/unixfocus/5XP0R1FR5Y.html
Armorlogic Profense Web Application Firewall Multiple Vulnerabilities
http://www.securiteam.com/securitynews/5RP0L1FR5W.html
Sun Communications Express Multiple XSS
http://www.securiteam.com/securitynews/5UP0O1FR5O.html
Android Improper Package Verification
http://www.securiteam.com/securitynews/5VP0P1FR5Q.html
HP Printers and HP Digital Senders Unauthorized Access to Files
http://www.securiteam.com/securitynews/5WP0Q1FR5E.html
Apache "Options" and "AllowOverride" Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/1444
After a desktop is checked out, a printer added to the host might not be visible in the guest (1011420)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011420&sliceId=1&docTypeID=DT_KB_1_1
Mutiple replicas are created when the MasterVM has a mapping to a non-existent ISO image file (1011418)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011418&sliceId=1&docTypeID=DT_KB_1_1
ADAM installation fails with error 28037 (1011410)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011410&sliceId=1&docTypeID=DT_KB_1_1
View Composer might crash during its operations if you are using Oracle version 10.2.0.3 (1011396)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011396&sliceId=1&docTypeID=DT_KB_1_1
On rare occasion, View Administrator might display IllegalStateException errors (1011392)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011392&sliceId=1&docTypeID=DT_KB_1_1
The VirtualCenter message of the day keeps reappearing (1011391)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011391&sliceId=1&docTypeID=DT_KB_1_1
During Daylight Savings Time, View Administrator displays the last backup time as one hour earlier t... (1011390)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011390&sliceId=1&docTypeID=DT_KB_1_1
A View Composer desktop that is cloned and then used as a Parent VM might not be customized correctl... (1011378)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011378&sliceId=1&docTypeID=DT_KB_1_1
Cannot launch vSphere Client after installing in Windows 7 (1011329)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011329&sliceId=1&docTypeID=DT_KB_1_1
Ston3D S3DPlayer Web and Standalone 'system.openURL()' Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/35105
Novell GroupWise WebAccess Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/35066
Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35139
Apple Mac OS X PICT Image Handling Integer Overflow Vulnerability
http://www.securityfocus.com/bid/34938
OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35138
IBM WebSphere Partner Gateway 'bcgarchive' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35136
Pinnacle Hollywood FX '.hfz' File Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35137
Linux Kernel CIFS 'decode_unicode_ssetup()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34612
Linux Kernel CIFS Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34453
libwmf WMF Image File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34792
Eggdrop 'ctcpbuf' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34985
acpid Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34692
PRTG Traffic Grapher 'Monitor_Bandwidth' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35128
Smarty Template Engine 'function.math.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34918
libsndfile Audio Data Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/35126
Phorum 'image/bmp' MIME Type HTML Injection Vulnerability
http://www.securityfocus.com/bid/35134
Woltlab Burning Board 'image/bmp' MIME Type HTML-Injection Vulnerability
http://www.securityfocus.com/bid/35135
Simple Machines Forum 'image/bmp' MIME Type HTML Injection Vulnerability
http://www.securityfocus.com/bid/35130
Citrix Password Manager Secondary Credentials Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35133
Mozilla Firefox 'keygen' HTML Tag Denial of Service Vulnerability
http://www.securityfocus.com/bid/35132
ATutor 'documentation/index.php' URL Handling Phishing Vulnerability
http://www.securityfocus.com/bid/35129
HP Data Protector Express Local Unspecified Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34955
Drupal Embedded Media Field Module Create Content Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/35131
FreeType TT_Load_Simple_Glyph() TTF File Integer Overflow Vulnerability
http://www.securityfocus.com/bid/24074
Lussumo Vanilla 'ajax/updatecheck.php' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/35114
FreeType LWFN Files Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/18034
Sun Solaris 'sadmind' Daemon Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35083
Lussumo Vanilla 'updatecheck.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35124
phpBugTracker 'include.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/35125
Achievo Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/35140
2009年5月29日金曜日
2009年5月28日木曜日
Microsoft Windows Vista SP2 Install MEMO
Microsoft Windows Vista SP2 がリリースされたので、インストールしてみた。
1. ダウンロードした x86版の実行ファイルをクリックすると、セキュリティ警告が表示される。
2. [実行]ボタンをクリックすると、Service Pack インストールの初期画面が表示される。
3. [次へ]ボタンをクリックすると、「ソフトウァアライセンス条項」が表示される。
4. よく読んで、「ライセンス条項に同意します」のラジオボタンをチェックして、[次へ」ボタンをクリックすると、コンピュータの状況確認が開始される。
5. しばらくすると、インストール開始画面が表示される。
6. [インストール]ボタンをクリックすると、インストールが開始される。
7. インストール状況画面や1回再起動して、インストールの終了画面が表示される。
8. 同時にタスクトレイに「新しい更新プログラムを利用できます」というバルーンが表示される。
9. バルーンをクリックすると、Windows Update の画面が表示される。
10. [更新プログラムのインストール]ボタンをクリックすると、更新プログラムのインストールが開始される。
11. 「更新プログラムは正常にインストールされました」と表示される。
12. システム状況を確認すると、"Service Pack 2" の表示を確認できる。
今回は、Sony VAIO type P で実施したところ、すべて完了するまで約1時間を要した。
1. ダウンロードした x86版の実行ファイルをクリックすると、セキュリティ警告が表示される。
2. [実行]ボタンをクリックすると、Service Pack インストールの初期画面が表示される。
3. [次へ]ボタンをクリックすると、「ソフトウァアライセンス条項」が表示される。
4. よく読んで、「ライセンス条項に同意します」のラジオボタンをチェックして、[次へ」ボタンをクリックすると、コンピュータの状況確認が開始される。
5. しばらくすると、インストール開始画面が表示される。
6. [インストール]ボタンをクリックすると、インストールが開始される。
7. インストール状況画面や1回再起動して、インストールの終了画面が表示される。
8. 同時にタスクトレイに「新しい更新プログラムを利用できます」というバルーンが表示される。
9. バルーンをクリックすると、Windows Update の画面が表示される。
10. [更新プログラムのインストール]ボタンをクリックすると、更新プログラムのインストールが開始される。
11. 「更新プログラムは正常にインストールされました」と表示される。
12. システム状況を確認すると、"Service Pack 2" の表示を確認できる。
今回は、Sony VAIO type P で実施したところ、すべて完了するまで約1時間を要した。
28日 木曜日、先負
DreamCoder for PostgreSQL ver 2.0 is now available
http://www.postgresql.org/about/news.1089
vsftpd-2.1.1 released
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.1.1/Changelog
日立と仏エヴィディアンが指静脈認証関連で提携
http://itpro.nikkeibp.co.jp/article/NEWS/20090528/330835/?ST=security
JVNDB-2009-001269 JBIG2 デコーダにおける SplashBitmap に関連する整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001269.html
JVNDB-2009-001268 JBIG2 デコーダにおける CairoOutputDev に関連する整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001268.html
JVNDB-2009-001267 JBIG2 MMR デコーダにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001267.html
JVNDB-2009-001266 JBIG2 MMR デコーダにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001266.html
JVNDB-2009-001265 JBIG2 デコーダにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001265.html
JVNDB-2009-001264 JBIG2 デコーダにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001264.html
JVNDB-2009-001263 JBIG2 デコーダにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001263.html
JVNDB-2009-001262 JBIG2 デコーダにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001262.html
JVNDB-2009-001261 JBIG2 デコーダにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001261.html
JVNDB-2009-001143 libvirt の proxyReadClientSocket 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001143.html
JVNDB-2009-001137 ICC Format ライブラリにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001137.html
JVNDB-2009-001136 ICC Format ライブラリにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001136.html
JVNDB-2009-001024 RealVNC VNC Viewer コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001024.html
JVNDB-2008-002307 libvirt におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002307.html
Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
http://securitytracker.com/alerts/2009/May/1022296.html
BlackBerry Enterprise Server Bug in PDF Distiller Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/May/1022295.html
+ MySQL Community Server 5.0.82 has been released
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-82.html
+ Apache HTTP Server AllowOverride Options Security Bypass
http://secunia.com/advisories/35261/
http://www.securityfocus.com/bid/35115
+ Microsoft Windows 'win32k.sys' Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35121
[ANNOUNCE] Apache Qpid 0.5 Released
http://qpid.apache.org/
Q&A: Revamped Linux for Netbooks
http://www.linux.org/news/2009/05/27/0004.html
ASUS Linux insult will be Intel and Dell's gain
http://www.linux.org/news/2009/05/27/0003.html
Linux Mint 7 released
http://www.linux.org/news/2009/05/27/0002.html
Has ASUS all but given up on Linux?
http://www.linux.org/news/2009/05/27/0001.html
HP snubs Moblin, rolls out Mi Linux-Atom netbook
http://www.linux.org/news/2009/05/26/0007.html
VelocityTools 2.0-beta4 released
http://velocity.apache.org/news.html#tools20beta4
SSH Option Certificates Exercised for Share Subscription
http://www.ssh.com/company/news/2009/english/all/article/1011/
SSA:2009-146-01: pidgin
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29377
GLSA 200905-08: NTP: Remote execution of arbitrary code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29386
Lighttpd-SA-05/26/2009: FYI Lighttpd 1.4.23 /kernel (trailing '/' on regular file symlink) vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29380
Joomla-SA-05/26/2009: Backdoor in com_rsgallery2 gallery extension for joomla
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29388
ATEN-SA-05/26/2009: Multiple vulnerabilities in several ATEN IP KVM Switches
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29389
jetCast-SA-05/26/2009: COWON America jetCast 2.0.4.1109 (.mp3) local heap buffer overlow exploit
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29390
Drupal-SA-05/26/2009: Drupal 6 Content Access Module XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29387
RHSA-2009:1066-01: Important: squirrelmail security upda
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29378
RHSA-2009:1067-01: Moderate: Red Hat Application Stack v2.3 security and enhancement update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29379
SEC Consult SA-20090525-0: Nortel Contact Center Manager Server Authentication Bypass Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29381
SEC Consult SA-20090525-1: Nortel Contact Center Manager Server Password Disclosure Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29382
SEC Consult SA-20090525-2: SonicWALL Global Security Client Local Privilege Escalation Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29383
SEC Consult SA-20090525-3: SonicWALL Global VPN Client Local Privilege Escalation Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29384
SEC Consult SA-20090525-4: SonicOS Format String Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29385
NRIがファイル共有の簡便さとセキュリティの両立を狙う文書管理ソフトを販売
http://itpro.nikkeibp.co.jp/article/NEWS/20090527/330769/?ST=security
JVN#57036470 アドシステムズ製Web会議室予約 フリー(無料)版 leger におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN57036470/index.html
New paper: Understanding Microsofts KB971492 IIS WebDAV Vuln
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00266.html
[InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00265.html
[ MDVSA-2009:123 ] opensc
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00264.html
Re[2]: [Full-disclosure] [TZO-26-2009] Firefox (all?) Denial of Service through unclamp
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00263.html
Re[2]: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00262.html
Re[2]: [Full-disclosure] Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00260.html
[ GLSA 200905-09 ] libsndfile: User-assisted execution of arbitrary code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00259.html
[security bulletin] HPSBUX02429 SSRT090058 rev.1 - HP-UX Running Java, Remote Execution of A
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00257.html
Vanilla v.1.1.7 Cross-Site Scripting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00256.html
PHP Nuke v.8.0 (referer) SQL Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00255.html
W3af ninja training class in NYC
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00253.html
[IMF 2009] 3rd Call - Deadline Extended
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00252.html
Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00251.html
RHBA-2009:1068-1: vsftpd bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1068.html
RHBA-2009:1069-1: net-snmp bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1069.html
RHSA-2009:1075-1: Moderate: httpd security update
http://rhn.redhat.com/errata/RHSA-2009-1075.html
Red Hat update for httpd
http://secunia.com/advisories/35264/
Red Hat update for rhpki-ra
http://secunia.com/advisories/35263/
Apache HTTP Server AllowOverride Options Security Bypass
http://secunia.com/advisories/35261/
ArcaBit ArcaVir ps_drv.sys Privilege Escalation Vulnerability
http://secunia.com/advisories/35260/
Red Hat update for squirrelmail
http://secunia.com/advisories/35259/
HP-UX update for JRE / JDK
http://secunia.com/advisories/35255/
BlackBerry Products PDF Distiller Unspecified Vulnerabilities
http://secunia.com/advisories/35254/
Gentoo update for ntp
http://secunia.com/advisories/35253/
Mole Group Adult Portal Script "user_id" SQL Injection Vulnerability
http://secunia.com/advisories/35246/
cpCommerce "GLOBALS[prefix]" File Inclusion Vulnerability
http://secunia.com/advisories/35245/
Wordpress WP-Lytebox Plugin "pg" Local File Inclusion
http://secunia.com/advisories/35244/
Dogtag Certificate System Agent Group Security Bypass
http://secunia.com/advisories/35242/
eZoneScripts.com Hot Or Not Script Multiple Vulnerabilities
http://secunia.com/advisories/35240/
RoomPHPlanning Multiple Vulnerabilities
http://secunia.com/advisories/35237/
WebMember "formID" SQL Injection Vulnerability
http://secunia.com/advisories/35227/
DokuWiki "config_cascade" File Inclusion Vulnerability
http://secunia.com/advisories/35218/
ImageMagick "XMakeImage()" Integer Overflow Vulnerability
http://secunia.com/advisories/35216/
Zeeways PhotoVideoTube Multiple Vulnerabilities
http://secunia.com/advisories/35208/
jetAudio jetCast MP3 Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/35195/
Serena Dimensions CM Certificate Validation Vulnerability
http://secunia.com/advisories/35189/
phpBugTracker "username" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/1432
ZeeCareers Admin Interface Missing Authentication Vulnerability
http://www.vupen.com/english/advisories/2009/1431
WebMember "formID" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/1430
BlackBerry Products Attachment Service PDF Distiller Vulnerabilities
http://www.vupen.com/english/advisories/2009/1429
ArcaBit ArcaVir Products "ps_drv.sys" Privilege Escalation Vulnerabilities
http://www.vupen.com/english/advisories/2009/1428
Soulseek Search Request Handling Buffer Overflow Vulnerablity
http://www.vupen.com/english/advisories/2009/1427
HP-UX Security Update Fixes Java Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2009/1426
Wireshark PCNFSD Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/35081
Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33846
Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
http://www.securityfocus.com/bid/33906
Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
http://www.securityfocus.com/bid/33951
Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34673
Linux Kernel 'ptrace_attach()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34799
Linux Kernel CIFS Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34453
Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34405
Linux Kernel 'kill_something_info()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34558
Linux Kernel 'EFER_LME' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34331
Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34205
NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35017
Cyrus SASL 'sasl_encode64()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34961
libsndfile VOC and AIFF Processing Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34978
OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31692
OpenSC 'pkcs11-tool' Inseure Key Generation Vulnerability
http://www.securityfocus.com/bid/34884
SiteX 'THEME_FOLDER' Parameter Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/35122
AgoraGroups Joomla! Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35118
Vanillla 'ajax/updatecheck.php' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/35114
Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34993
Drupal Ajax Session Module Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/35123
Easy PX 41 CMS 'fiche' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/35119
RSGallery2 Component for Mambo/Joomla! Backdoor Vulnerability
http://www.securityfocus.com/bid/35106
PHP-Nuke 'main/tracking/userLog.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/35117
pam_krb5 Existing/Non-Existing Username Enumeration Weakness
http://www.securityfocus.com/bid/35112
Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
http://www.securityfocus.com/bid/35115
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
Apple Mac OS X PICT Image Handling Integer Overflow Vulnerability
http://www.securityfocus.com/bid/34938
IBM Hardware Management Console (HMC) Shared Memory Unspecified Vulnerability
http://www.securityfocus.com/bid/35113
Microsoft Windows Desktop Wall Paper System Parameter Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35120
Pidgin Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35067
ImageMagick TIFF File Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35111
Dokuwiki 'doku.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/35095
RoomPHPlanning Multiple Vulnerabilities
http://www.securityfocus.com/bid/35110
ProFTPD CIDR Access Control Rule Bypass Vulnerability
http://www.securityfocus.com/bid/10252
Jetty Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/34800
SquirrelMail Prior to 1.4.18 Multiple Vulnerabilities
http://www.securityfocus.com/bid/34916
http://www.postgresql.org/about/news.1089
vsftpd-2.1.1 released
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.1.1/Changelog
日立と仏エヴィディアンが指静脈認証関連で提携
http://itpro.nikkeibp.co.jp/article/NEWS/20090528/330835/?ST=security
JVNDB-2009-001269 JBIG2 デコーダにおける SplashBitmap に関連する整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001269.html
JVNDB-2009-001268 JBIG2 デコーダにおける CairoOutputDev に関連する整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001268.html
JVNDB-2009-001267 JBIG2 MMR デコーダにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001267.html
JVNDB-2009-001266 JBIG2 MMR デコーダにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001266.html
JVNDB-2009-001265 JBIG2 デコーダにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001265.html
JVNDB-2009-001264 JBIG2 デコーダにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001264.html
JVNDB-2009-001263 JBIG2 デコーダにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001263.html
JVNDB-2009-001262 JBIG2 デコーダにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001262.html
JVNDB-2009-001261 JBIG2 デコーダにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001261.html
JVNDB-2009-001143 libvirt の proxyReadClientSocket 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001143.html
JVNDB-2009-001137 ICC Format ライブラリにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001137.html
JVNDB-2009-001136 ICC Format ライブラリにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001136.html
JVNDB-2009-001024 RealVNC VNC Viewer コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001024.html
JVNDB-2008-002307 libvirt におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002307.html
Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
http://securitytracker.com/alerts/2009/May/1022296.html
BlackBerry Enterprise Server Bug in PDF Distiller Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/May/1022295.html
+ MySQL Community Server 5.0.82 has been released
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-82.html
+ Apache HTTP Server AllowOverride Options Security Bypass
http://secunia.com/advisories/35261/
http://www.securityfocus.com/bid/35115
+ Microsoft Windows 'win32k.sys' Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35121
[ANNOUNCE] Apache Qpid 0.5 Released
http://qpid.apache.org/
Q&A: Revamped Linux for Netbooks
http://www.linux.org/news/2009/05/27/0004.html
ASUS Linux insult will be Intel and Dell's gain
http://www.linux.org/news/2009/05/27/0003.html
Linux Mint 7 released
http://www.linux.org/news/2009/05/27/0002.html
Has ASUS all but given up on Linux?
http://www.linux.org/news/2009/05/27/0001.html
HP snubs Moblin, rolls out Mi Linux-Atom netbook
http://www.linux.org/news/2009/05/26/0007.html
VelocityTools 2.0-beta4 released
http://velocity.apache.org/news.html#tools20beta4
SSH Option Certificates Exercised for Share Subscription
http://www.ssh.com/company/news/2009/english/all/article/1011/
SSA:2009-146-01: pidgin
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29377
GLSA 200905-08: NTP: Remote execution of arbitrary code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29386
Lighttpd-SA-05/26/2009: FYI Lighttpd 1.4.23 /kernel (trailing '/' on regular file symlink) vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29380
Joomla-SA-05/26/2009: Backdoor in com_rsgallery2 gallery extension for joomla
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29388
ATEN-SA-05/26/2009: Multiple vulnerabilities in several ATEN IP KVM Switches
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29389
jetCast-SA-05/26/2009: COWON America jetCast 2.0.4.1109 (.mp3) local heap buffer overlow exploit
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29390
Drupal-SA-05/26/2009: Drupal 6 Content Access Module XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29387
RHSA-2009:1066-01: Important: squirrelmail security upda
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29378
RHSA-2009:1067-01: Moderate: Red Hat Application Stack v2.3 security and enhancement update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29379
SEC Consult SA-20090525-0: Nortel Contact Center Manager Server Authentication Bypass Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29381
SEC Consult SA-20090525-1: Nortel Contact Center Manager Server Password Disclosure Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29382
SEC Consult SA-20090525-2: SonicWALL Global Security Client Local Privilege Escalation Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29383
SEC Consult SA-20090525-3: SonicWALL Global VPN Client Local Privilege Escalation Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29384
SEC Consult SA-20090525-4: SonicOS Format String Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29385
NRIがファイル共有の簡便さとセキュリティの両立を狙う文書管理ソフトを販売
http://itpro.nikkeibp.co.jp/article/NEWS/20090527/330769/?ST=security
JVN#57036470 アドシステムズ製Web会議室予約 フリー(無料)版 leger におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN57036470/index.html
New paper: Understanding Microsofts KB971492 IIS WebDAV Vuln
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00266.html
[InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00265.html
[ MDVSA-2009:123 ] opensc
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00264.html
Re[2]: [Full-disclosure] [TZO-26-2009] Firefox (all?) Denial of Service through unclamp
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00263.html
Re[2]: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00262.html
Re[2]: [Full-disclosure] Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00260.html
[ GLSA 200905-09 ] libsndfile: User-assisted execution of arbitrary code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00259.html
[security bulletin] HPSBUX02429 SSRT090058 rev.1 - HP-UX Running Java, Remote Execution of A
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00257.html
Vanilla v.1.1.7 Cross-Site Scripting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00256.html
PHP Nuke v.8.0 (referer) SQL Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00255.html
W3af ninja training class in NYC
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00253.html
[IMF 2009] 3rd Call - Deadline Extended
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00252.html
Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00251.html
RHBA-2009:1068-1: vsftpd bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1068.html
RHBA-2009:1069-1: net-snmp bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1069.html
RHSA-2009:1075-1: Moderate: httpd security update
http://rhn.redhat.com/errata/RHSA-2009-1075.html
Red Hat update for httpd
http://secunia.com/advisories/35264/
Red Hat update for rhpki-ra
http://secunia.com/advisories/35263/
Apache HTTP Server AllowOverride Options Security Bypass
http://secunia.com/advisories/35261/
ArcaBit ArcaVir ps_drv.sys Privilege Escalation Vulnerability
http://secunia.com/advisories/35260/
Red Hat update for squirrelmail
http://secunia.com/advisories/35259/
HP-UX update for JRE / JDK
http://secunia.com/advisories/35255/
BlackBerry Products PDF Distiller Unspecified Vulnerabilities
http://secunia.com/advisories/35254/
Gentoo update for ntp
http://secunia.com/advisories/35253/
Mole Group Adult Portal Script "user_id" SQL Injection Vulnerability
http://secunia.com/advisories/35246/
cpCommerce "GLOBALS[prefix]" File Inclusion Vulnerability
http://secunia.com/advisories/35245/
Wordpress WP-Lytebox Plugin "pg" Local File Inclusion
http://secunia.com/advisories/35244/
Dogtag Certificate System Agent Group Security Bypass
http://secunia.com/advisories/35242/
eZoneScripts.com Hot Or Not Script Multiple Vulnerabilities
http://secunia.com/advisories/35240/
RoomPHPlanning Multiple Vulnerabilities
http://secunia.com/advisories/35237/
WebMember "formID" SQL Injection Vulnerability
http://secunia.com/advisories/35227/
DokuWiki "config_cascade" File Inclusion Vulnerability
http://secunia.com/advisories/35218/
ImageMagick "XMakeImage()" Integer Overflow Vulnerability
http://secunia.com/advisories/35216/
Zeeways PhotoVideoTube Multiple Vulnerabilities
http://secunia.com/advisories/35208/
jetAudio jetCast MP3 Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/35195/
Serena Dimensions CM Certificate Validation Vulnerability
http://secunia.com/advisories/35189/
phpBugTracker "username" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/1432
ZeeCareers Admin Interface Missing Authentication Vulnerability
http://www.vupen.com/english/advisories/2009/1431
WebMember "formID" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/1430
BlackBerry Products Attachment Service PDF Distiller Vulnerabilities
http://www.vupen.com/english/advisories/2009/1429
ArcaBit ArcaVir Products "ps_drv.sys" Privilege Escalation Vulnerabilities
http://www.vupen.com/english/advisories/2009/1428
Soulseek Search Request Handling Buffer Overflow Vulnerablity
http://www.vupen.com/english/advisories/2009/1427
HP-UX Security Update Fixes Java Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2009/1426
Wireshark PCNFSD Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/35081
Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33846
Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
http://www.securityfocus.com/bid/33906
Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
http://www.securityfocus.com/bid/33951
Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34673
Linux Kernel 'ptrace_attach()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34799
Linux Kernel CIFS Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34453
Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34405
Linux Kernel 'kill_something_info()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34558
Linux Kernel 'EFER_LME' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34331
Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34205
NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35017
Cyrus SASL 'sasl_encode64()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34961
libsndfile VOC and AIFF Processing Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34978
OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31692
OpenSC 'pkcs11-tool' Inseure Key Generation Vulnerability
http://www.securityfocus.com/bid/34884
SiteX 'THEME_FOLDER' Parameter Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/35122
AgoraGroups Joomla! Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35118
Vanillla 'ajax/updatecheck.php' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/35114
Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34993
Drupal Ajax Session Module Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/35123
Easy PX 41 CMS 'fiche' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/35119
RSGallery2 Component for Mambo/Joomla! Backdoor Vulnerability
http://www.securityfocus.com/bid/35106
PHP-Nuke 'main/tracking/userLog.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/35117
pam_krb5 Existing/Non-Existing Username Enumeration Weakness
http://www.securityfocus.com/bid/35112
Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
http://www.securityfocus.com/bid/35115
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
Apple Mac OS X PICT Image Handling Integer Overflow Vulnerability
http://www.securityfocus.com/bid/34938
IBM Hardware Management Console (HMC) Shared Memory Unspecified Vulnerability
http://www.securityfocus.com/bid/35113
Microsoft Windows Desktop Wall Paper System Parameter Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35120
Pidgin Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35067
ImageMagick TIFF File Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35111
Dokuwiki 'doku.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/35095
RoomPHPlanning Multiple Vulnerabilities
http://www.securityfocus.com/bid/35110
ProFTPD CIDR Access Control Rule Bypass Vulnerability
http://www.securityfocus.com/bid/10252
Jetty Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/34800
SquirrelMail Prior to 1.4.18 Multiple Vulnerabilities
http://www.securityfocus.com/bid/34916
2009年5月27日水曜日
27日 水曜日、友引
[ANN][Rampart/C] Apache Rampart/C 1.3.0 Released
http://ws.apache.org/rampart/c/download.cgi
Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the CiscoWorks TFTP Directory Traversal Vulnerability
http://www.cisco.com/warp/public/707/cisco-amb-20090520-cw.shtml
Solution 259848: SUN ALERT WEEKLY SUMMARY REPORT - Week of 17-May-2009 to 23-May-2009
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259848-1
「50ドルで他人のパスワードを破ります」――怪しいサービスにご用心 利用は禁物、サービス提供サイトの前歴はウイルスサイトに詐欺サイト
http://itpro.nikkeibp.co.jp/article/NEWS/20090527/330742/?ST=security
JPCERT/CC WEEKLY REPORT 2009-05-27
http://www.jpcert.or.jp/wr/2009/wr092001.html
JVNDB-2009-001260 Xpdf および CUPS の JBIG2 デコーダーにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001260.html
JVNDB-2009-001259 Xpdf および CUPS の JBIG2 デコーダーにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001259.html
JVNDB-2009-001258 Xpdf および CUPS の JBIG2 デコーダーにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001258.html
JVNDB-2009-001257 CUPS の TIFF イメージデコーディングルーチンにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001257.html
JVNDB-2009-001256 udev における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001256.html
JVNDB-2008-001963 SSH 通信において一部データが漏えいする可能性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001963.html
JVNDB-2005-000650 libungif ライブラリにおける不正な GIF ファイルによる out-of-bounds が発生する脆弱性
http://jvndb.jvn.jp/ja/contents/2005/JVNDB-2005-000650.html
JVNDB-2005-000648 libungif ライブラリにおける不正な GIF ファイルによる Null ポインタデリファレンスの脆弱性
http://jvndb.jvn.jp/ja/contents/2005/JVNDB-2005-000648.html
SonicWALL Global Security Client System Tray Icon Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/May/1022283.html
SonicWALL Global VPN Client Folder Permissions Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/May/1022282.html
SonicWALL Global VPN Client Format String Bug Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/May/1022281.html
Red Hat Certificate System Bug in Registration Authority Lets Remote Authenticated Users Bypass Access Controls
http://securitytracker.com/alerts/2009/May/1022278.html
aMember Input Validation Flaws Permit Cross-Site Scripting and SQL Injection Attacks
http://securitytracker.com/alerts/2009/May/1022277.html
Nortel Contact Center Manager Administration Password Disclosure Vulnerability
http://www.securityfocus.com/bid/34964
Multiple ATEN IP KVM Switches Multiple Remote Vulnerabilities and Weakness
http://www.securityfocus.com/bid/35108
+ HPSBUX02429 SSRT090058 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01745133-1
+ ActivePerl 5.8.9.826 Released
http://www.activestate.com/activeperl/features/
http://docs.activestate.com/activeperl/5.8/release.html
http://docs.activestate.com/activeperl/5.8/changes-58.html
http://www.activestate.com/activeperl/downloads/
InfiBand Makes Gains, Thanks to Linux
http://www.linux.org/news/2009/05/26/0006.html
Invisible Linux: The Details
http://www.linux.org/news/2009/05/26/0005.html
Sooner (Linux Mint 7), Later (Fedora 11) and Now (ooVoo 2.1)
http://www.linux.org/news/2009/05/26/0004.html
First look: Intel's Moblin 2.0 Linux desktop for netbooks
http://www.linux.org/news/2009/05/26/0003.html
Four Linux Apps Worth Downloading
http://www.linux.org/news/2009/05/26/0002.html
Do we need our own Linux?
http://www.linux.org/news/2009/05/26/0001.html
Wii Fit board speaks to Linux
http://www.linux.org/news/2009/05/25/0001.html
CompareData 1.5.0 is released
http://www.postgresql.org/about/news.1087
White Camel Awards 2009
http://use.perl.org/article.pl?sid=09/05/26/1415215&from=rss
TZO : Firefox (all?) Denial of Service through unclamped loop (SVG)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29368
Gentoo Linux : Pidgin: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29362
Independent Researcher : Soulseek * P2P Remote Distributed Search Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29366
Independent Researcher : Arcade Trade Script XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29367
Independent Researcher : MULTIPLE SQL INJECTION VULNERABILITIES --Joomla Component 'Boy Scout Advancement'
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29374
Independent Researcher : Arcade Trade Script XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29375
SuSE : IBM Java 5
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29353
Debian : New cscope packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29355
Gentoo Linux : Cscope: User-assisted execution of arbitrary code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29357
Gentoo Linux : IPSec Tools: Denial of Service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29358
Gentoo Linux : GnuTLS: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29359
Gentoo Linux : FreeType: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29360
Gentoo Linux : acpid: Denial of Service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29361
Independent Researcher : BASE - Persistent and Reflective XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29365
Independent Researcher : InterN0T AMember 3.1.7 - Multiple Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29376
Mandriva : squirrelmail
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29352
Secunia : Sun Solaris "sadmind" Integer Overflow Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29363
Secunia : Sun Solaris "sadmind" Buffer Overflow Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29364
Debian : New pidgin packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29354
Independent Researcher : IPFilter (ippool) 4.1.31 lib/load_http.c buffer overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29356
Independent Researcher : DotNetNuke ErrorPage.aspx Cross-Site Scripting Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29369
Independent Researcher : Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29370
Independent Researcher : Serena Dimensions CM Desktop Client does not validate the server SSL certificate
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29371
Independent Researcher : MULTIPLE REMOTE VULNERABILITIES --MiniTwitter<=v0.3-Beta-->
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29373
oCERT : Android improper package verification when using shared uids
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29372
クラウド・セキュリティの評価ポイントは事後対策にあり---IPAX2009パネルより
http://itpro.nikkeibp.co.jp/article/NEWS/20090526/330736/?ST=security
「姿を変えて検出回避」「攻撃サイトは閉鎖」、最新Webウイルスの詳細
シマンテックが緊急説明会、「別の攻撃サイトが出現する恐れあり」
http://itpro.nikkeibp.co.jp/article/NEWS/20090526/330708/?ST=security
[ GLSA 200905-08 ] NTP: Remote execution of arbitrary code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00250.html
SEC Consult SA-20090525-4 :: SonicOS Format String Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00249.html
SEC Consult SA-20090525-3 :: SonicWALL Global VPN Client Local Privilege Escalation Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00248.html
SEC Consult SA-20090525-2 :: SonicWALL Global Security Client Local Privilege Escalation Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00247.html
SEC Consult SA-20090525-1 :: Nortel Contact Center Manager Server Password Disclosure Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00244.html
SEC Consult SA-20090525-0 :: Nortel Contact Center Manager Server Authentication Bypass Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00243.html
[TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00241.html
Multiple vulnerabilities in several ATEN IP KVM Switches
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00242.html
COWON America jetCast 2.0.4.1109 (.mp3) local heap buffer overlow exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00246.html
Backdoor in com_rsgallery2 gallery extension for joomla
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00240.html
[ GLSA 200905-07 ] Pidgin: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00245.html
Overview of Pluggable Storage Architecture (PSA)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011308&sliceId=1&docTypeID=DT_KB_1_1
Orchestrator security overview
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011305&sliceId=1&docTypeID=DT_KB_1_1
Stopping or starting VMware vCenter Orchestrator
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011303&sliceId=1&docTypeID=DT_KB_1_1
VMotion stops working after upgrading to vSphere 4 with a Licensing server is not configured error
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011296&sliceId=1&docTypeID=DT_KB_1_1
VMotion stops working after upgrading to vSphere 4.0
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011294&sliceId=1&docTypeID=DT_KB_1_1
vSphere support for View Manager
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011292&sliceId=1&docTypeID=DT_KB_1_1
View 3.1 Agent must be installed last and uninstalled first to avoid losing third-party registry entries
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011279&sliceId=1&docTypeID=DT_KB_1_1
Cannot add a template to a configuration
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011278&sliceId=1&docTypeID=DT_KB_1_1
vCenter Service Status and vCenter Hardware Status plug-ins fail
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011274&sliceId=1&docTypeID=DT_KB_1_1
VMware Data Recovery fails to connect when invoked from a linked vCenter
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011236&sliceId=2&docTypeID=DT_KB_1_1
RHSA-2009:1066-1: Important: squirrelmail security update
http://rhn.redhat.com/errata/RHSA-2009-1066.html
Windows Server 2008 Service Pack 2 および Windows Vista Service Pack 2 (5 言語用スタンドアロン版) (KB948465)
http://www.microsoft.com/downloads/details.aspx?FamilyID=a4dd31d5-f907-4406-9012-a5c3199ea2b3&DisplayLang=ja
x64 ベース システム用の Windows Server 2008 Service Pack 2 および Windows Vista Service Pack 2 (5 言語用スタンドアロン版) (KB948465)
http://www.microsoft.com/downloads/details.aspx?FamilyID=656c9d4a-55ec-4972-a0d7-b1a6fedf51a7&DisplayLang=ja
Windows Server 2008 Service Pack 2 および Windows Vista Service Pack 2 (5 言語用スタンドアロン版) DVD ISO (KB948465)
http://www.microsoft.com/downloads/details.aspx?FamilyID=9f073285-b6ef-4297-85ce-f4463d06d6cb&DisplayLang=ja
Fedora update for kernel
http://secunia.com/advisories/35226/
Fedora update for jetty
http://secunia.com/advisories/35225/
Fedora update for wireshark
http://secunia.com/advisories/35224/
Basic Analysis And Security Engine Multiple Vulnerabilities
http://secunia.com/advisories/35222/
Arcade Trade Script "q" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35197/
IPcelerate IPsession SQL Injection Vulnerability
http://secunia.com/advisories/35196/
Gentoo update for pidgin
http://secunia.com/advisories/35188/
Soulseek Search Message Buffer Overflow Vulnerability
http://secunia.com/advisories/35186/
aMember Multiple Vulnerabilities
http://secunia.com/advisories/35182/
DotNetNuke ErrorPage.aspx Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35178/
Jetty Multiple Vulnerabilities
http://secunia.com/advisories/35143/
MiniTwitter SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/1420
Safari RSS feed:// Buffer Overflow via libxml2 Exploit PoC
http://www.milw0rm.com/exploits/8798
Winamp 5.551 MAKI Parsing Integer Overflow Exploit
http://www.milw0rm.com/exploits/8783
ArcaVir 2009
http://www.milw0rm.com/exploits/8782
Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (pl)
http://www.milw0rm.com/exploits/8806
Soulseek 157 NS Remote Buffer Overflow Exploit (SEH)
http://www.milw0rm.com/exploits/8804
Lighttpd 1.4.23 Source Code Disclosure Vulnerability (FreeBSD/OSX bug)
http://www.milw0rm.com/exploits/8786
PHP <= 5.2.9 Local Safemod Bypass Exploit (win32) http://www.milw0rm.com/exploits/8799
Slayer 2.4 (skin) Universal Buffer Overflow Exploit (SEH)
http://www.milw0rm.com/exploits/8789
COWON America jetCast 2.0.4.1109 (.mp3) Local Overflow Exploit
http://www.milw0rm.com/exploits/8780
ZEECAREERS and SHAADICLONE 'admin/addadminmembercode.php' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35107
Graphiks MyForum Login Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/35096
RSGallery2 Component for Mambo/Joomla! Backdoor Vulnerability
http://www.securityfocus.com/bid/35106
DBD::Pg BYTEA Values Memory Leak Denial of Service Vulnerability
http://www.securityfocus.com/bid/34757
MySQL MyISAM Table Privileges Secuity Bypass Vulnerability
http://www.securityfocus.com/bid/29106
PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34090
DBD::Pg 'pg_getline()' and 'getline()' Heap Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34755
MySQL Empty Binary String Literal Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/31081
Multiple ArcaBit ArcaVir Products Multiple IOCTL Request Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/35100
phpBugTracker 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/35101
cpCommerce 'GLOBALS[prefix]' Local/Remote File Include Vulnerability
http://www.securityfocus.com/bid/35103
NTP 'ntpq' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34481
NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35017
vbPlaza 'name' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35099
BlackBerry Attachment Service PDF Distiller Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/35102
Gallarific Cross Site Scripting and Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/28163
Red Hat Certificate System Agent Group Security Bypass Vulnerability
http://www.securityfocus.com/bid/35104
WP-Lytebox 'main.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/35098
SquirrelMail Prior to 1.4.18 Multiple Vulnerabilities
http://www.securityfocus.com/bid/34916
libxml XML Entity Name Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31126
Multiple SlySoft Products Driver IOCTL Request Multiple Local Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34103
FreeBSD 'telnetd' Daemon Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/33777
Lighttpd Trailing Slash Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35097
Soulseek Distributed File Search Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35091
Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34993
Dokuwiki 'doku.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/35095
Nullsoft Winamp 'gen_ff.dll' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35052
SonicWALL Global VPN Client 'RampartSvc' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35092
SonicWALL Global Security Client Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35094
SonicWALL Global VPN Client Log File Remote Format String Vulnerability
http://www.securityfocus.com/bid/35093
SAP AG SAPgui EAI WebViewer3D ActiveX Control Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34310
Microsoft PowerPoint Paragraph Data Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34833
IBM Director CIM Server Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34065
Nortel Contact Center Manager Administration Password Disclosure Vulnerability
http://www.securityfocus.com/bid/34964
Nortel Networks Contact Center Administration CCMA Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34966
Wireshark Prior to 1.0.7 Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/34457
Jetty Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/34800
Wireshark PCNFSD Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/35081
Wireshark PN-DCP Data Format String Vulnerability
http://www.securityfocus.com/bid/34291
Linux Kernel CIFS 'decode_unicode_ssetup()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34612
Linux Kernel CIFS Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34453
Linux Kernel 'EFER_LME' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34331
Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34405
Multiple ATEN IP KVM Switches Multiple Remote Vulnerabilities and Weakness
http://www.securityfocus.com/bid/35108
http://ws.apache.org/rampart/c/download.cgi
Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the CiscoWorks TFTP Directory Traversal Vulnerability
http://www.cisco.com/warp/public/707/cisco-amb-20090520-cw.shtml
Solution 259848: SUN ALERT WEEKLY SUMMARY REPORT - Week of 17-May-2009 to 23-May-2009
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259848-1
「50ドルで他人のパスワードを破ります」――怪しいサービスにご用心 利用は禁物、サービス提供サイトの前歴はウイルスサイトに詐欺サイト
http://itpro.nikkeibp.co.jp/article/NEWS/20090527/330742/?ST=security
JPCERT/CC WEEKLY REPORT 2009-05-27
http://www.jpcert.or.jp/wr/2009/wr092001.html
JVNDB-2009-001260 Xpdf および CUPS の JBIG2 デコーダーにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001260.html
JVNDB-2009-001259 Xpdf および CUPS の JBIG2 デコーダーにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001259.html
JVNDB-2009-001258 Xpdf および CUPS の JBIG2 デコーダーにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001258.html
JVNDB-2009-001257 CUPS の TIFF イメージデコーディングルーチンにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001257.html
JVNDB-2009-001256 udev における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001256.html
JVNDB-2008-001963 SSH 通信において一部データが漏えいする可能性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001963.html
JVNDB-2005-000650 libungif ライブラリにおける不正な GIF ファイルによる out-of-bounds が発生する脆弱性
http://jvndb.jvn.jp/ja/contents/2005/JVNDB-2005-000650.html
JVNDB-2005-000648 libungif ライブラリにおける不正な GIF ファイルによる Null ポインタデリファレンスの脆弱性
http://jvndb.jvn.jp/ja/contents/2005/JVNDB-2005-000648.html
SonicWALL Global Security Client System Tray Icon Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/May/1022283.html
SonicWALL Global VPN Client Folder Permissions Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/May/1022282.html
SonicWALL Global VPN Client Format String Bug Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/May/1022281.html
Red Hat Certificate System Bug in Registration Authority Lets Remote Authenticated Users Bypass Access Controls
http://securitytracker.com/alerts/2009/May/1022278.html
aMember Input Validation Flaws Permit Cross-Site Scripting and SQL Injection Attacks
http://securitytracker.com/alerts/2009/May/1022277.html
Nortel Contact Center Manager Administration Password Disclosure Vulnerability
http://www.securityfocus.com/bid/34964
Multiple ATEN IP KVM Switches Multiple Remote Vulnerabilities and Weakness
http://www.securityfocus.com/bid/35108
+ HPSBUX02429 SSRT090058 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01745133-1
+ ActivePerl 5.8.9.826 Released
http://www.activestate.com/activeperl/features/
http://docs.activestate.com/activeperl/5.8/release.html
http://docs.activestate.com/activeperl/5.8/changes-58.html
http://www.activestate.com/activeperl/downloads/
InfiBand Makes Gains, Thanks to Linux
http://www.linux.org/news/2009/05/26/0006.html
Invisible Linux: The Details
http://www.linux.org/news/2009/05/26/0005.html
Sooner (Linux Mint 7), Later (Fedora 11) and Now (ooVoo 2.1)
http://www.linux.org/news/2009/05/26/0004.html
First look: Intel's Moblin 2.0 Linux desktop for netbooks
http://www.linux.org/news/2009/05/26/0003.html
Four Linux Apps Worth Downloading
http://www.linux.org/news/2009/05/26/0002.html
Do we need our own Linux?
http://www.linux.org/news/2009/05/26/0001.html
Wii Fit board speaks to Linux
http://www.linux.org/news/2009/05/25/0001.html
CompareData 1.5.0 is released
http://www.postgresql.org/about/news.1087
White Camel Awards 2009
http://use.perl.org/article.pl?sid=09/05/26/1415215&from=rss
TZO : Firefox (all?) Denial of Service through unclamped loop (SVG)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29368
Gentoo Linux : Pidgin: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29362
Independent Researcher : Soulseek * P2P Remote Distributed Search Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29366
Independent Researcher : Arcade Trade Script XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29367
Independent Researcher : MULTIPLE SQL INJECTION VULNERABILITIES --Joomla Component 'Boy Scout Advancement'
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29374
Independent Researcher : Arcade Trade Script XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29375
SuSE : IBM Java 5
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29353
Debian : New cscope packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29355
Gentoo Linux : Cscope: User-assisted execution of arbitrary code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29357
Gentoo Linux : IPSec Tools: Denial of Service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29358
Gentoo Linux : GnuTLS: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29359
Gentoo Linux : FreeType: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29360
Gentoo Linux : acpid: Denial of Service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29361
Independent Researcher : BASE - Persistent and Reflective XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29365
Independent Researcher : InterN0T AMember 3.1.7 - Multiple Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29376
Mandriva : squirrelmail
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29352
Secunia : Sun Solaris "sadmind" Integer Overflow Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29363
Secunia : Sun Solaris "sadmind" Buffer Overflow Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29364
Debian : New pidgin packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29354
Independent Researcher : IPFilter (ippool) 4.1.31 lib/load_http.c buffer overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29356
Independent Researcher : DotNetNuke ErrorPage.aspx Cross-Site Scripting Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29369
Independent Researcher : Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29370
Independent Researcher : Serena Dimensions CM Desktop Client does not validate the server SSL certificate
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29371
Independent Researcher : MULTIPLE REMOTE VULNERABILITIES --MiniTwitter<=v0.3-Beta-->
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29373
oCERT : Android improper package verification when using shared uids
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29372
クラウド・セキュリティの評価ポイントは事後対策にあり---IPAX2009パネルより
http://itpro.nikkeibp.co.jp/article/NEWS/20090526/330736/?ST=security
「姿を変えて検出回避」「攻撃サイトは閉鎖」、最新Webウイルスの詳細
シマンテックが緊急説明会、「別の攻撃サイトが出現する恐れあり」
http://itpro.nikkeibp.co.jp/article/NEWS/20090526/330708/?ST=security
[ GLSA 200905-08 ] NTP: Remote execution of arbitrary code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00250.html
SEC Consult SA-20090525-4 :: SonicOS Format String Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00249.html
SEC Consult SA-20090525-3 :: SonicWALL Global VPN Client Local Privilege Escalation Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00248.html
SEC Consult SA-20090525-2 :: SonicWALL Global Security Client Local Privilege Escalation Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00247.html
SEC Consult SA-20090525-1 :: Nortel Contact Center Manager Server Password Disclosure Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00244.html
SEC Consult SA-20090525-0 :: Nortel Contact Center Manager Server Authentication Bypass Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00243.html
[TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00241.html
Multiple vulnerabilities in several ATEN IP KVM Switches
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00242.html
COWON America jetCast 2.0.4.1109 (.mp3) local heap buffer overlow exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00246.html
Backdoor in com_rsgallery2 gallery extension for joomla
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00240.html
[ GLSA 200905-07 ] Pidgin: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00245.html
Overview of Pluggable Storage Architecture (PSA)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011308&sliceId=1&docTypeID=DT_KB_1_1
Orchestrator security overview
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011305&sliceId=1&docTypeID=DT_KB_1_1
Stopping or starting VMware vCenter Orchestrator
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011303&sliceId=1&docTypeID=DT_KB_1_1
VMotion stops working after upgrading to vSphere 4 with a Licensing server is not configured error
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011296&sliceId=1&docTypeID=DT_KB_1_1
VMotion stops working after upgrading to vSphere 4.0
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011294&sliceId=1&docTypeID=DT_KB_1_1
vSphere support for View Manager
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011292&sliceId=1&docTypeID=DT_KB_1_1
View 3.1 Agent must be installed last and uninstalled first to avoid losing third-party registry entries
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011279&sliceId=1&docTypeID=DT_KB_1_1
Cannot add a template to a configuration
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011278&sliceId=1&docTypeID=DT_KB_1_1
vCenter Service Status and vCenter Hardware Status plug-ins fail
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011274&sliceId=1&docTypeID=DT_KB_1_1
VMware Data Recovery fails to connect when invoked from a linked vCenter
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011236&sliceId=2&docTypeID=DT_KB_1_1
RHSA-2009:1066-1: Important: squirrelmail security update
http://rhn.redhat.com/errata/RHSA-2009-1066.html
Windows Server 2008 Service Pack 2 および Windows Vista Service Pack 2 (5 言語用スタンドアロン版) (KB948465)
http://www.microsoft.com/downloads/details.aspx?FamilyID=a4dd31d5-f907-4406-9012-a5c3199ea2b3&DisplayLang=ja
x64 ベース システム用の Windows Server 2008 Service Pack 2 および Windows Vista Service Pack 2 (5 言語用スタンドアロン版) (KB948465)
http://www.microsoft.com/downloads/details.aspx?FamilyID=656c9d4a-55ec-4972-a0d7-b1a6fedf51a7&DisplayLang=ja
Windows Server 2008 Service Pack 2 および Windows Vista Service Pack 2 (5 言語用スタンドアロン版) DVD ISO (KB948465)
http://www.microsoft.com/downloads/details.aspx?FamilyID=9f073285-b6ef-4297-85ce-f4463d06d6cb&DisplayLang=ja
Fedora update for kernel
http://secunia.com/advisories/35226/
Fedora update for jetty
http://secunia.com/advisories/35225/
Fedora update for wireshark
http://secunia.com/advisories/35224/
Basic Analysis And Security Engine Multiple Vulnerabilities
http://secunia.com/advisories/35222/
Arcade Trade Script "q" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35197/
IPcelerate IPsession SQL Injection Vulnerability
http://secunia.com/advisories/35196/
Gentoo update for pidgin
http://secunia.com/advisories/35188/
Soulseek Search Message Buffer Overflow Vulnerability
http://secunia.com/advisories/35186/
aMember Multiple Vulnerabilities
http://secunia.com/advisories/35182/
DotNetNuke ErrorPage.aspx Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35178/
Jetty Multiple Vulnerabilities
http://secunia.com/advisories/35143/
MiniTwitter SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/1420
Safari RSS feed:// Buffer Overflow via libxml2 Exploit PoC
http://www.milw0rm.com/exploits/8798
Winamp 5.551 MAKI Parsing Integer Overflow Exploit
http://www.milw0rm.com/exploits/8783
ArcaVir 2009
http://www.milw0rm.com/exploits/8782
Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (pl)
http://www.milw0rm.com/exploits/8806
Soulseek 157 NS Remote Buffer Overflow Exploit (SEH)
http://www.milw0rm.com/exploits/8804
Lighttpd 1.4.23 Source Code Disclosure Vulnerability (FreeBSD/OSX bug)
http://www.milw0rm.com/exploits/8786
PHP <= 5.2.9 Local Safemod Bypass Exploit (win32) http://www.milw0rm.com/exploits/8799
Slayer 2.4 (skin) Universal Buffer Overflow Exploit (SEH)
http://www.milw0rm.com/exploits/8789
COWON America jetCast 2.0.4.1109 (.mp3) Local Overflow Exploit
http://www.milw0rm.com/exploits/8780
ZEECAREERS and SHAADICLONE 'admin/addadminmembercode.php' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35107
Graphiks MyForum Login Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/35096
RSGallery2 Component for Mambo/Joomla! Backdoor Vulnerability
http://www.securityfocus.com/bid/35106
DBD::Pg BYTEA Values Memory Leak Denial of Service Vulnerability
http://www.securityfocus.com/bid/34757
MySQL MyISAM Table Privileges Secuity Bypass Vulnerability
http://www.securityfocus.com/bid/29106
PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34090
DBD::Pg 'pg_getline()' and 'getline()' Heap Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34755
MySQL Empty Binary String Literal Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/31081
Multiple ArcaBit ArcaVir Products Multiple IOCTL Request Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/35100
phpBugTracker 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/35101
cpCommerce 'GLOBALS[prefix]' Local/Remote File Include Vulnerability
http://www.securityfocus.com/bid/35103
NTP 'ntpq' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34481
NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35017
vbPlaza 'name' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35099
BlackBerry Attachment Service PDF Distiller Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/35102
Gallarific Cross Site Scripting and Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/28163
Red Hat Certificate System Agent Group Security Bypass Vulnerability
http://www.securityfocus.com/bid/35104
WP-Lytebox 'main.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/35098
SquirrelMail Prior to 1.4.18 Multiple Vulnerabilities
http://www.securityfocus.com/bid/34916
libxml XML Entity Name Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31126
Multiple SlySoft Products Driver IOCTL Request Multiple Local Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34103
FreeBSD 'telnetd' Daemon Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/33777
Lighttpd Trailing Slash Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35097
Soulseek Distributed File Search Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35091
Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34993
Dokuwiki 'doku.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/35095
Nullsoft Winamp 'gen_ff.dll' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35052
SonicWALL Global VPN Client 'RampartSvc' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35092
SonicWALL Global Security Client Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35094
SonicWALL Global VPN Client Log File Remote Format String Vulnerability
http://www.securityfocus.com/bid/35093
SAP AG SAPgui EAI WebViewer3D ActiveX Control Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34310
Microsoft PowerPoint Paragraph Data Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34833
IBM Director CIM Server Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34065
Nortel Contact Center Manager Administration Password Disclosure Vulnerability
http://www.securityfocus.com/bid/34964
Nortel Networks Contact Center Administration CCMA Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34966
Wireshark Prior to 1.0.7 Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/34457
Jetty Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/34800
Wireshark PCNFSD Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/35081
Wireshark PN-DCP Data Format String Vulnerability
http://www.securityfocus.com/bid/34291
Linux Kernel CIFS 'decode_unicode_ssetup()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34612
Linux Kernel CIFS Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34453
Linux Kernel 'EFER_LME' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34331
Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34405
Multiple ATEN IP KVM Switches Multiple Remote Vulnerabilities and Weakness
http://www.securityfocus.com/bid/35108
2009年5月26日火曜日
26日 火曜日、先勝
The latest snapshot for the stable Linux kernel tree is: 2.6.30-rc7-git1
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=summary
VASCO,携帯電話を使った認証ソリューションの企業版を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20090526/330658/?ST=security
JVNDB-2009-001255 Ghostscript の big2_decode_symbol_dict 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001255.html
JVNDB-2009-001254 Ghostscript の BaseFont writer モジュールにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001254.html
JVNDB-2009-001253 Ghostscript の CCITTFax デコードフィルタにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001253.html
+ JVNDB-2008-002277 Linux Kernel における sendmsg 関数の呼び出しに関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002277.html
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.1
GroupWise Internet Agent Buffer Overflows in SMTP Service Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/May/1022276.html
sadmind Buffer Overflows Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/May/1022275.html
Wireshark PCNFSD Dissector Bug Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/May/1022274.html
Sun Java System Portal Server Input Validation Bug in Error Page Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/May/1022273.html
- Event ID: 8194 - VXVMASRS.exe Get configuration failed with 0xE515000A when backing up system state
http://seer.entsupport.symantec.com/docs/321931.htm
Arcade Trade Script XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00239.html
PAPER: Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00238.html
MULTIPLE SQL INJECTION VULNERABILITIES --Joomla Component Boy Scout Advancement <= v-0.3 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00235.html
[ GLSA 200905-06 ] acpid: Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00228.html
[ GLSA 200905-05 ] FreeType: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00234.html
Hardening OSX against CVE-2008-5353
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00237.html
[InterN0T] AMember 3.1.7 - Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00226.html
[ GLSA 200905-04 ] GnuTLS: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00229.html
[ GLSA 200905-03 ] IPSec Tools: Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00225.html
[ GLSA 200905-02 ] Cscope: User-assisted execution of arbitrary code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00230.html
[SECURITY] [DSA 1806-1] New cscope packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00233.html
[ MDVSA-2009:122 ] squirrelmail
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00231.html
Secunia Research: Sun Solaris "sadmind" Integer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00224.html
Secunia Research: Sun Solaris "sadmind" Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00236.html
MULTIPLE REMOTE VULNERABILITIES --MiniTwitter<=v0.3-Beta-->
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00227.html
[oCERT-2009-006] Android improper package verification when using shared uids
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00223.html
1カ月に出現するウイルスは70万種類以上、累計では1600万種類以上に
ドイツのウイルス検査機関が集計、増加傾向だが増加率は鈍化
http://itpro.nikkeibp.co.jp/article/NEWS/20090526/330619/?ST=security
SaaS型セキュリティの米ゼットスケーラーが日本に本格参入、国内データセンターも
http://itpro.nikkeibp.co.jp/article/NEWS/20090525/330635/?ST=security
SUSE update for IBM JDK 5
http://secunia.com/advisories/35223/
Sun Java System Portal Server Error Page Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35221/
Debian update for pidgin
http://secunia.com/advisories/35215/
Debian update for cscope
http://secunia.com/advisories/35214/
Gentoo update for cscope
http://secunia.com/advisories/35213/
Sun Java System Portal Server Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/1411
Sun OpenSolaris "sdhost" Local Kernel Memory corruption Vulnerability
http://www.vupen.com/english/advisories/2009/1410
Sun Solaris "sadmind" Daemon Heap and Integer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2009/1409
Wireshark PCNFSD Dissector Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/1408
Apple QuickTime PICT 0x77 Tag Parsing Heap Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1407
Pidgin Multiple Buffer Overflow and Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/1396
Soulseek Distributed File Search Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35091
Pidgin Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35067
Realty Web-Base 'list_list.php' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35043
NetDecision TFTP Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/35002
VidsharePro SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/35033
Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34993
CastRipper '.m3u' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34915
TCPDB 'user/index.php' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34866
Bitweaver Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/34910
Smarty Template Engine 'function.math.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34918
KVM Block Device Backend Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/28001
Microchip MPLAB IDE '.mcp' File Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34897
QEMU Security Bypass Vulnerability
http://www.securityfocus.com/bid/30604
QEMU Multiple Local Vulnerabilities
http://www.securityfocus.com/bid/23731
FUDforum Avatar Upload Arbitrary Script Upload Vulnerability
http://www.securityfocus.com/bid/14678
Open Handset Alliance Android Signature Validation Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35090
aMember Multiple Cross Site Scripting And HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/35089
NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35017
Cyrus SASL 'sasl_encode64()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34961
Xerox WorkCentre Webserver Unspecified Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/34984
Wireshark PCNFSD Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/35081
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
MiniTwitter SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/35088
OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/35001
Joomla! Boy Scout Advancement 'id' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/35087
Basic Analysis And Security Engine Cross Site Scripting And HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/35086
acpid Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34692
FreeType Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34550
Cute Editor for ASP.NET 'file' Parameter Directory Traversal Vulnerability
http://www.securityfocus.com/bid/35085
GnuTLS Prior to 2.6.6 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/34783
IPsec-Tools Prior to 0.7.2 Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/34765
Cscope Multiple Stack Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34805
Cscope 'find.c' Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34832
Saman Portal 'pageid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35084
SquirrelMail Prior to 1.4.18 Multiple Vulnerabilities
http://www.securityfocus.com/bid/34916
CiscoWorks Common Services TFTP Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/35040
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32608
Sun Solstice AdminSuite 'sadmind' 'adm_build_path()' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31751
Sun Solaris 'sadmind' Daemon Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35083
Sun Java System Portal Server Error Page Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35082
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=summary
VASCO,携帯電話を使った認証ソリューションの企業版を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20090526/330658/?ST=security
JVNDB-2009-001255 Ghostscript の big2_decode_symbol_dict 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001255.html
JVNDB-2009-001254 Ghostscript の BaseFont writer モジュールにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001254.html
JVNDB-2009-001253 Ghostscript の CCITTFax デコードフィルタにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001253.html
+ JVNDB-2008-002277 Linux Kernel における sendmsg 関数の呼び出しに関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002277.html
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.1
GroupWise Internet Agent Buffer Overflows in SMTP Service Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/May/1022276.html
sadmind Buffer Overflows Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/May/1022275.html
Wireshark PCNFSD Dissector Bug Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/May/1022274.html
Sun Java System Portal Server Input Validation Bug in Error Page Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/May/1022273.html
- Event ID: 8194 - VXVMASRS.exe Get configuration failed with 0xE515000A when backing up system state
http://seer.entsupport.symantec.com/docs/321931.htm
Arcade Trade Script XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00239.html
PAPER: Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00238.html
MULTIPLE SQL INJECTION VULNERABILITIES --Joomla Component Boy Scout Advancement <= v-0.3 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00235.html
[ GLSA 200905-06 ] acpid: Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00228.html
[ GLSA 200905-05 ] FreeType: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00234.html
Hardening OSX against CVE-2008-5353
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00237.html
[InterN0T] AMember 3.1.7 - Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00226.html
[ GLSA 200905-04 ] GnuTLS: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00229.html
[ GLSA 200905-03 ] IPSec Tools: Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00225.html
[ GLSA 200905-02 ] Cscope: User-assisted execution of arbitrary code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00230.html
[SECURITY] [DSA 1806-1] New cscope packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00233.html
[ MDVSA-2009:122 ] squirrelmail
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00231.html
Secunia Research: Sun Solaris "sadmind" Integer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00224.html
Secunia Research: Sun Solaris "sadmind" Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00236.html
MULTIPLE REMOTE VULNERABILITIES --MiniTwitter<=v0.3-Beta-->
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00227.html
[oCERT-2009-006] Android improper package verification when using shared uids
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00223.html
1カ月に出現するウイルスは70万種類以上、累計では1600万種類以上に
ドイツのウイルス検査機関が集計、増加傾向だが増加率は鈍化
http://itpro.nikkeibp.co.jp/article/NEWS/20090526/330619/?ST=security
SaaS型セキュリティの米ゼットスケーラーが日本に本格参入、国内データセンターも
http://itpro.nikkeibp.co.jp/article/NEWS/20090525/330635/?ST=security
SUSE update for IBM JDK 5
http://secunia.com/advisories/35223/
Sun Java System Portal Server Error Page Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35221/
Debian update for pidgin
http://secunia.com/advisories/35215/
Debian update for cscope
http://secunia.com/advisories/35214/
Gentoo update for cscope
http://secunia.com/advisories/35213/
Sun Java System Portal Server Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/1411
Sun OpenSolaris "sdhost" Local Kernel Memory corruption Vulnerability
http://www.vupen.com/english/advisories/2009/1410
Sun Solaris "sadmind" Daemon Heap and Integer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2009/1409
Wireshark PCNFSD Dissector Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/1408
Apple QuickTime PICT 0x77 Tag Parsing Heap Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1407
Pidgin Multiple Buffer Overflow and Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/1396
Soulseek Distributed File Search Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35091
Pidgin Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35067
Realty Web-Base 'list_list.php' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35043
NetDecision TFTP Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/35002
VidsharePro SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/35033
Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34993
CastRipper '.m3u' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34915
TCPDB 'user/index.php' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34866
Bitweaver Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/34910
Smarty Template Engine 'function.math.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34918
KVM Block Device Backend Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/28001
Microchip MPLAB IDE '.mcp' File Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34897
QEMU Security Bypass Vulnerability
http://www.securityfocus.com/bid/30604
QEMU Multiple Local Vulnerabilities
http://www.securityfocus.com/bid/23731
FUDforum Avatar Upload Arbitrary Script Upload Vulnerability
http://www.securityfocus.com/bid/14678
Open Handset Alliance Android Signature Validation Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35090
aMember Multiple Cross Site Scripting And HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/35089
NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35017
Cyrus SASL 'sasl_encode64()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34961
Xerox WorkCentre Webserver Unspecified Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/34984
Wireshark PCNFSD Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/35081
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
MiniTwitter SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/35088
OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/35001
Joomla! Boy Scout Advancement 'id' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/35087
Basic Analysis And Security Engine Cross Site Scripting And HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/35086
acpid Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34692
FreeType Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34550
Cute Editor for ASP.NET 'file' Parameter Directory Traversal Vulnerability
http://www.securityfocus.com/bid/35085
GnuTLS Prior to 2.6.6 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/34783
IPsec-Tools Prior to 0.7.2 Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/34765
Cscope Multiple Stack Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34805
Cscope 'find.c' Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34832
Saman Portal 'pageid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35084
SquirrelMail Prior to 1.4.18 Multiple Vulnerabilities
http://www.securityfocus.com/bid/34916
CiscoWorks Common Services TFTP Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/35040
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32608
Sun Solstice AdminSuite 'sadmind' 'adm_build_path()' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31751
Sun Solaris 'sadmind' Daemon Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35083
Sun Java System Portal Server Error Page Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35082
登録:
投稿 (Atom)