[ANNOUNCE] PostgreSQL 8.4 Beta 2 now available
http://wiki.postgresql.org/wiki/84Beta2Changes
http://www.postgresql.org/about/news.1086
Intel's Moblin Accelerates OS Battle for Netbooks
http://www.linux.org/news/2009/05/20/0004.html
Strange Bedfellows: Microsoft and Linux Foundation
http://www.linux.org/news/2009/05/20/0003.html
Solution 258068: Cross-Site Scripting (XSS) Vulnerability in Sun Java System Communications Express
http://sunsolve.sun.com/search/document.do?assetkey=1-66-258068-1
+ Solution 201294: Third-party Applications Using GSS-API May Be Vulnerable to Compromise
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201294-1
次期Officeの「Office 2010」流出、その多くにウイルスが仕込まれる
2009年7月公開予定のテクニカルプレビュー版、「正式公開を待って」
http://itpro.nikkeibp.co.jp/article/NEWS/20090521/330407/?ST=security
RSAセキュリティがリスクベース認証ソフトを機能強化,携帯電話対応に
http://itpro.nikkeibp.co.jp/article/NEWS/20090521/330352/?ST=security
JVNVU#878044 SNMPv3 実装の不適切な HMAC 処理による認証回避の脆弱性
http://jvn.jp/cert/JVNVU878044/index.html
JVNTA09-133A Apple 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA09-133A/index.html
JVNVU#853097 ntpd autokey におけるバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU853097/index.html
JVNTA09-133B Adobe Reader および Acrobat における脆弱性
http://jvn.jp/cert/JVNTA09-133B/index.html
JVN#42927215 アップルップル製 a-News におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN42927215/index.html
JVNVU#787932 Microsoft IIS 6.0 WebDAV における認証回避の脆弱性
http://jvn.jp/cert/JVNVU787932/index.html
JVNDB-2009-000030 アップルップル製 a-News におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000030.html
Apple CFNetwork Heap Based Buffer Overflow
http://www.securiteam.com/securitynews/5UP0L00R5U.html
CiscoWorks TFTP Directory Traversal Vulnerability
http://www.securiteam.com/securitynews/5ZP0Q00R5S.html
Apple OS X ATSServer Compact Font Format Parsing Memory Corruption Vulnerability
http://www.securiteam.com/securitynews/5VP0M00R5M.html
Apple Safari Malformed SVGList Parsing Code Execution Vulnerability
http://www.securiteam.com/securitynews/5WP0N00R5E.html
Asterisk Multiple Vulnerabilities
http://www.securiteam.com/unixfocus/5XP0O00R5C.html
HP OpenView Network Node Manager (OV NNM) Execution of Arbitrary Code
http://www.securiteam.com/securitynews/5BP0S00R5S.html
Bitdefender Generic Evasion of Heuristics Using PDF Container
http://www.securiteam.com/securitynews/5YP0P00R5O.html
Mac OS X Java applet Remote Deserialization Remote PoC (updated)
http://www.milw0rm.com/exploits/8753
Drupal HTML Injection and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/34779
Linksys WVC54GCA Wireless-G Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34714
Linksys WVC54GCA Wireless-G 'SetupWizard.exe' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34596
Linksys WVC54GCA Wireless-G '/img/main.cgi' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34629
HP Multiple LaserJet Printers Unspecified Directory Traversal Vulnerability
http://www.securityfocus.com/bid/33611
Linux Kernel 'seccomp' System Call Security Bypass Vulnerability
http://www.securityfocus.com/bid/33948
AGTC MyShop Insecure Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34808
Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34205
Linux Kernel '/ipc/shm.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34020
Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
http://www.securityfocus.com/bid/33951
Linux Kernel Frame Size Integer Overflow Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34654
Linux Kernel CIFS Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34453
Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34405
Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34993
cTorrent and dTorrent Torrent File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34584
IBM AIX 'MALLOCDEBUG' File Overwrite Vulnerability
http://www.securityfocus.com/bid/35034
BluSky CMS 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34811
Graugon PHP Article Publisher SQL Injection and Cookie Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/33952
libsndfile VOC and AIFF Processing Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34978
IPplan 'grp' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35037
Memcached and MemcacheDB ASLR Information Disclosure Weakness
http://www.securityfocus.com/bid/34756
Gowon Designs Leap Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/34787
MuPDF PDF File Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34746
LimeSurvey '/admin/remotecontrol' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34785
PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34090
WebKit SVGList Objects Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34924
TemaTres SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34830
Adobe Reader 'getAnnots()' JavaScript Function Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34736
Adobe Reader 'spell.customDictionaryOpen()' JavaScript Function Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34740
Steam 'steam://' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35036
VidsharePro SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/35033
DM FileManager 'Username' and 'Password' SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/35035
NSD 'packet.c' Off-By-One Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35029
VidsharePro Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/35024
NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35017
MyPic 'dir' Parameter Directory Traversal Vulnerability
http://www.securityfocus.com/bid/35030
NetDecision TFTP Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/35002
Multiple Avira AntiVir Products PDF File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/35008
Multiple BitDefender Security Products PDF File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/35010
Namad 'SecureDownloads.aspx' Arbitrary File Download Vulnerability
http://www.securityfocus.com/bid/35026
Microsoft Windows NTLM Credential Reflection Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34439
AOL Radio AmpX ActiveX Control 'ConvertFile()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35028
BSD passwd buffer overflow Vulnerability
http://www.securityfocus.com/bid/4
PAD Site Scripts Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35027
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32608
IPsec-Tools Prior to 0.7.2 Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/34765
Microsoft PowerPoint Invalid Record Type Integer Overflow Vulnerability
http://www.securityfocus.com/bid/34835
Dog Pedigree Online Database Authentication Bypass and Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/35032
Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34673
+ RHSA-2009-1055: Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2009-1055.html
http://secunia.com/advisories/35174/
+ Red Hat Enterprise Linux 4.8 Now Available
http://press.redhat.com/2009/05/18/red-hat-enterprise-linux-4-8-now-available/
+ OpenSSHに深刻な脆弱性--英ロンドン大が詳細を公表
http://www.cpni.gov.uk/docs/vulnerability_advisory_ssh.txt
http://japan.cnet.com/news/sec/story/0,2000056024,20393408,00.htm
http://japan.zdnet.com/news/sec/story/0,2000056194,20393408,00.htm
http://www.yomiuri.co.jp/net/news/cnet/20090520-OYT8T00564.htm
* OpenSSL DTLS Denial of Service Vulnerabilities
http://secunia.com/advisories/35128/
* Java 2 Platform Standard Edition Development Kit 5.0 Update 19 (JDK 5.0 Update 19)
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_19
[ANNOUNCE] Apache JDO : 2.3 "early access" release
http://db.apache.org/jdo/releases/release-2.3-ea.cgi
HPSBPI02398 SSRT080166 rev.3 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01623905-3
DCBSDCon Videos Posted
http://www.freebsd.org/news/newsflash.html#event20090421:01
Cisco Security Advisory: CiscoWorks TFTP Directory Traversal Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml
DSA 1804-1: New ipsec-tools packages fix denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29311
RHSA-2009:1055-02: Important: kernel security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29312
DSA 1801-1: New ntp packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29309
DSA 1802-1: New squirrelmail packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29310
Drupal-SA-05/19/2009: Drupal 6.12 (core) User Module XSS Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29313
Steam-SA-05/19/2009: STEAM (Valve) - Phishing and Cross-site Scripting in internal browser
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29314
Dog Pedigree Online-SA-05/19/2009: (GET var 'id') BLIND SQL INJECTION EXPLOIT --Dog Pedigree Online Database v1.0.1-Beta -->
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29318
Dog Pedigree Online-SA-05/19/2009: INSECURE COOKIE HANDLING VULNERABILITIES --Dog Pedigree Online Database v1.0.1-Beta-->
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29319
Namad-SA-05/19/2009: Namad Cms Remote File Download
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29320
MDVSA-2009:117: ntp
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29305
MDVSA-2009:118: kernel
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29306
MDVSA-2009:119: kernel
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29307
rPSA-2009-0086-1: postgresql postgresql-contrib postgresql-server
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29315
USN-777-1: Ntp vulnerabilities
ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution Vulnerability
ZDI-09-023: Apple OS X ATSServer Compact Font Format Parsing Memory Corruption Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29317
HPSBMA02428 SSRT090048 rev.1: HP System Management Homepage (SMH) Remote Cross Site Scripting (XSS)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29321
The vSphere Client overview performance charts use zeroes to denote missing data samples
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1010972&sliceId=1&docTypeID=DT_KB_1_1
After uninstalling and reinstalling the vSphere Client, previously installed and ignored certificates do not result in a security warning
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1010955&sliceId=1&docTypeID=DT_KB_1_1
vCenter 4.0 Update Manager port requirements
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1010952&sliceId=1&docTypeID=DT_KB_1_1
Installing vCenter 4.0 Update Manager best practices
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1010947&sliceId=1&docTypeID=DT_KB_1_1
"URB timed out - USB device may not respond" message appears during reboot of ESXi Installable from a USB drive
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1010940&sliceId=1&docTypeID=DT_KB_1_1
Linux Bridge module cannot handle packets larger than the maximum transmission unit
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1010939&sliceId=1&docTypeID=DT_KB_1_1
Read permission is required on the root drive of the directory where vCenter Server is installed
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1010938&sliceId=1&docTypeID=DT_KB_1_1
VMFS volume open without Filesystem Journal
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1010931&sliceId=1&docTypeID=DT_KB_1_1
IBM X3650 fails to boot from SAN disk when local disk is present
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1010909&sliceId=1&docTypeID=DT_KB_1_1
アカマイがクラウド型のWebセキュリティ、PCI DSS準拠を支援
http://itpro.nikkeibp.co.jp/article/NEWS/20090520/330371/?ST=security
住商情報がBIG-IP WAF装置の導入支援サービスをメニュー化
http://itpro.nikkeibp.co.jp/article/NEWS/20090520/330336/?ST=security
セキュリティ団体TCG,ネットワーク・セキュリティ仕様の対象範囲を拡大
http://itpro.nikkeibp.co.jp/article/NEWS/20090520/330333/?ST=security
大手セキュリティ3団体がマルウエア撲滅に向けて団結
http://itpro.nikkeibp.co.jp/article/NEWS/20090520/330321/?ST=security
JVNTA09-133B Adobe Reader および Acrobat における脆弱性
http://jvn.jp/cert/JVNTA09-133B/index.html
JVNVU#970180 Adobe Reader および Acrobat における customDictionaryOpen() と getAnnots() に脆弱性
http://jvn.jp/cert/JVNVU970180/index.html
JVN#02331156 HP System Management Homepage におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN02331156/index.html
PUBLIC ADVISORY: 05.20.09: IBM AIX libc MALLOCDEBUG File Overwrite Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=802
iDefense Security Advisory 05.20.09: IBM AIX libc MALLOCDEBUG File Overwrite Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00209.html
CORE-2009-0109 - Multiple XSS in Sun Communications Express
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00206.html
(GET vars x & y) ADMIN FUNCTION EXECUTION--Jorp v-1.3.05.09-->
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00208.html
[security bulletin] HPSBPI02398 SSRT080166 rev.3 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00207.html
Cisco Security Advisory: CiscoWorks TFTP Directory Traversal Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00198.html
[SECURITY] [DSA 1803-1] New nsd packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00197.html
[SECURITY] [DSA 1804-1] New ipsec-tools packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00199.html
Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00204.html
DMXReady Registration Manager Arbitrary File Upload Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00203.html
Shakacon Security Conference - Trainers and Speakers Finalized
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00201.html
[USN-777-1] Ntp vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00200.html
Avaya CMS Solaris OpenSSL "ASN1_STRING_print_ex()" Denial of Service
http://secunia.com/advisories/35181/
Fedora update for nsd
http://secunia.com/advisories/35176/
Fedora update for memcached
http://secunia.com/advisories/35175/
Red Hat update for kernel
http://secunia.com/advisories/35174/
Debian update for ntp
http://secunia.com/advisories/35169/
DM FileManager "username" SQL Injection Vulnerability
http://secunia.com/advisories/35167/
PAD Site Scripts "authuser" Insecure Cookie Handling Vulnerability
http://secunia.com/advisories/35155/
VidShare Pro SQL Injection and Cross-Site Scripting
http://secunia.com/advisories/35149/
IBM AIX libc MALLOCDEBUG Privilege Escalation Vulnerability
http://secunia.com/advisories/35146/
Debian update for squirrelmail
http://secunia.com/advisories/35140/
Ubuntu update for ntp
http://secunia.com/advisories/35137/
Avaya CMS Solaris DTrace ioctl Handlers Denial of Service
http://secunia.com/advisories/35098/
IPplan Cross-Site Scripting and Cross-Site Request Forgery
http://secunia.com/advisories/34985/
Vulnerability Note VU#710316 NSD vulnerable to one-byte overflow
http://www.kb.cert.org/vuls/id/710316
CiscoWorks Bug in TFTP Service Lets Remote Users Traverse the Directory
http://www.securitytracker.com/id?1022263
IBM AIX libc MALLOCDEBUG File Overwrite Bug Lets Local Users Gain Root Privileges
http://www.securitytracker.com/id?1022261
Util-linux Input Validation Flaw Lets Remote Users Inject Data into the Log Files
http://www.securitytracker.com/id?1022256
Confidence 2009 in Cracovia
http://www.zone-h.org/news/id/4709
IBM AIX "libc.a" MALLOCDEBUG Local File Overwrite Vulnerability
http://www.vupen.com/english/advisories/2009/1380
Avaya Products Solaris OpenSSL Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/1379
Avaya Products Solaris DTrace Local Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/1378
OpenSSL DTLS Data Handling Remote Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/1377
NSD Query Section Parsing Off-by-one Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1369
Linux Kernel Frame Size Integer Overflow Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34654
Linux Kernel 'seccomp' System Call Security Bypass Vulnerability
http://www.securityfocus.com/bid/33948
NSD 'packet.c' Off-By-One Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35029
Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33113
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/34256
Sun Solaris DTrace Handler IOCTL Request Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/34753
Dog Pedigree Online Database Authentication Bypass and Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/35032
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32608
Memcached and MemcacheDB ASLR Information Disclosure Weakness
http://www.securityfocus.com/bid/34756
Kingsoft WebShield Cross Site scripting and Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/35038
IPplan 'grp' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35037
0 件のコメント:
コメントを投稿