MySQL 5.1.35 (Not yet released)
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-35.html
MySQL 5.1.36 (Not yet released)
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-36.html
+ Solution 259989: Security Vulnerability in Solaris libpng(3) May Allow Denial of Service (DoS) or Privilege Escalation
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1
+ [Security-announce] VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues
http://lists.vmware.com/pipermail/security-announce/2009/000057.html
複数のCisco Systems製品におけるセキュリティ上の弱点(脆弱性)の注意喚起
http://www.ipa.go.jp/security/vuln/documents/2009/200905_cisco.html
「DirectX」にぜい弱性,QuickTime再生で遠隔コード実行の恐れ
http://itpro.nikkeibp.co.jp/article/NEWS/20090529/330925/?ST=security
JVN#70836284 MT312 製写メール掲示板 IMG-BBS におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN70836284/index.html
JVN#01115659 MT312 製携帯対応掲示板 REP-BBS におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN01115659/index.html
JVN#62527913 複数の Cisco Systems 製品におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN62527913/index.html
JVNDB-2009-000034 MT312 製写メール掲示板 IMG-BBS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000034.html
JVNDB-2009-000033 MT312 製携帯対応掲示板 REP-BBS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000033.html
JVNDB-2009-000032 複数の Cisco Systems 製品におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html
JVNDB-2009-001277 複数の Mozilla 製品における javascript: URI をブロックしない脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001277.html
JVNDB-2009-001276 複数の Mozilla 製品における内部 URI の Content-Disposition ヘッダが無視される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001276.html
JVNDB-2009-001275 複数の Mozilla 製品における同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001275.html
JVNDB-2009-001274 複数の Mozilla 製品の view-source: URI 実装における同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001274.html
JVNDB-2009-001273 複数の Mozilla 製品の JavaScript エンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001273.html
JVNDB-2009-001272 複数の Mozilla 製品の JavaScript エンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001272.html
JVNDB-2009-001271 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001271.html
JVNDB-2009-001270 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001270.html
JVNDB-2009-001104 libpng が適切にエレメントポインタを初期化しない脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001104.html
JVNDB-2007-001166 MySQL の MyISAM テーブルにおける権限チェック回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001166.html
Microsoft DirectShow QuickTime Parsing Arbitrary Code Execution
http://secunia.com/advisories/35268/
Mastering the Metasploit Framework
http://blog.metasploit.com/2009/05/mastering-metasploit-framework.html
+ HPSBUX02429 SSRT090058 rev.1 - Javaを実行するHP-UX、任意コードのリモート実行およびその他の脆弱性
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c01755624-1
+ libpng 1.2.36 released
http://www.libpng.org/pub/png/libpng.html
http://www.libpng.org/pub/png/src/libpng-1.2.36-README.txt
+ J2SE JDK/JRE 1.6.0_14 released
http://java.sun.com/javase/6/webnotes/6u14.html
+ Microsoft Security Advisory (971778): Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/971778.mspx
[ANNOUNCE] Apache Portals Jetspeed 2.2.0, Pluto 2.0.0, Applications 1.0 releases
http://portals.apache.org/
http://portals.apache.org/jetspeed-2
http://portals.apache.org/pluto
http://portals.apache.org/applications
[ANNOUNCE] Apache Archiva 1.2.1 Released!
http://archiva.apache.org/
Harvard study: Linux will not supplant Windows
http://www.linux.org/news/2009/05/28/0002.html
GNU/Linux Eclipses Windows – for Eclipse Users
http://www.linux.org/news/2009/05/28/0001.html
Rakudo Perl 6 development release #17
http://use.perl.org/articles/09/05/28/2252256.shtml
Postfix 2.6.2 stable release candidate 1
http://mirror.postfix.jp/postfix-release/official/postfix-2.6.2-RC1.HISTORY
Postfix 2.7 Snapshot 20090528
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.7-20090528.HISTORY
Vulnerability in Citrix Password Manager could result in information disclosure
http://support.citrix.com/article/CTX120743
Bkis-09-2009 : XSS vulnerability in 'Monitor_Bandwidth' - PRTG Traffic Grapher
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29395
Drupal-SA-05/28/2009: Drupal Embedded Media Field Module Multiple XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29400
TZO-27-2009: Firefox Denial of Service (Keygen)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29394
GLSA 200905-09: libsndfile: User-assisted execution of arbitrary code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29393
HPSBUX02429 SSRT090058 rev.1: HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29403
PHP Nuke-SA-05/27/2009: PHP Nuke v.8.0 (referer) SQL Injection
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29401
Vanilla-SA-05/27/2009: Vanilla v.1.1.7 Cross-Site Scripting
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29402
InterNOT-SA-05/27/2009: InterN0T AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29404
MDVSA-2009:123: opensc
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29391
RHSA-2009:1075-01: Moderate: httpd security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29392
rPSA-2009-0091-1: cyrus-sasl cyrus-sasl-server
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29397
rPSA-2009-0092-1: ntp ntp-utils
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29398
rPSA-2009-0095-1: tshark wireshark
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29399
[InterN0T] Achievo 1.3.4 - XSS Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00284.html
Novell Groupwise fails to properly sanitize emails.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00282.html
CORE-2009-0401 - StoneTrip S3DPlayers remote command injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00283.html
Re[2]: [TZO-27-2009] Firefox Denial of Service (Keygen)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00278.html
ecshop 2.6.2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00271.html
Survey: "MIME/Content-Type-Sniffing" Issues in Image Uploads in Forum Scripts
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00273.html
[Bkis-09-2009] XSS vulnerability in Monitor_Bandwidth - PRTG Traffic Grapher
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00268.html
[TZO-27-2009] Firefox Denial of Service (Keygen)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00277.html
=?WINDOWS-1252?Q?Call_For_Papers_=96_ACM_CCS_2009_Workshops?=
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00279.html
ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00276.html
rPSA-2009-0095-1 tshark wireshark
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00269.html
MULTIPLE REMOTE VULNERABILITIES --Small Pirates v-2.1-->
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00267.html
rPSA-2009-0092-1 ntp ntp-utils
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00270.html
rPSA-2009-0091-1 cyrus-sasl cyrus-sasl-server
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00272.html
最も危険な検索語は「free music downloads」、結果の2割にウイルス
米マカフィーが調査、「word unscrambler」「lyrics」「myspace」も危険
http://itpro.nikkeibp.co.jp/article/NEWS/20090528/330920/?ST=security
多数のパスワードがネットで検索可能な状態に、原因はウイルス
「偽インスタントメッセンジャー」に注意、パスワードを盗んで送信
http://itpro.nikkeibp.co.jp/article/NEWS/20090528/330919/?ST=security
トレンドマイクロ、クライアントとスマートフォン向けセキュリティ製品
http://itpro.nikkeibp.co.jp/article/NEWS/20090528/330854/?ST=security
CPNI-957037 SSH 通信において一部データが漏えいする可能性
http://jvn.jp/niscc/CPNI-957037/index.html
Simple Machines Forum BMP Uploads Cross-Site Scripting
http://secunia.com/advisories/35267/
libsndfile Multiple Division by Zero Denial of Service Vulnerabilities
http://secunia.com/advisories/35266/
Easy Px 41 CMS "fiche" Information Disclosure Vulnerability
http://secunia.com/advisories/35252/
PRTG Traffic Grapher Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35249/
rPath update for tshark and wireshark
http://secunia.com/advisories/35248/
Gentoo update for libsndfile
http://secunia.com/advisories/35247/
rPath update for ntp
http://secunia.com/advisories/35243/
rPath update for cyrus-sasl
http://secunia.com/advisories/35239/
Vanilla "RequestName" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35234/
Fedora update for freetype1
http://secunia.com/advisories/35233/
Drupal Ajax Session Module Cross-Site Scripting and Request Forgery
http://secunia.com/advisories/35232/
Fedora update for acpid
http://secunia.com/advisories/35230/
pam_krb5 Password Prompt User Enumeration Security Issue
http://secunia.com/advisories/35230/
Citrix Password Manager Secondary Password Information Disclosure
http://secunia.com/advisories/35229/
Fedora update for php-Smarty
http://secunia.com/advisories/35219/
Fedora update for kernel
http://secunia.com/advisories/35217/
Avaya CMS Solaris "sadmind" Two Vulnerabilities
http://secunia.com/advisories/35191/
Fedora update for libwmf
http://secunia.com/advisories/35190/
Fedora update for eggdrop
http://secunia.com/advisories/35158/
ATutor Documentation Frameset "p" Phishing Vulnerability
http://secunia.com/advisories/35043/
Oh dear, spammers gave us a good laugh!
http://www.zone-h.org/news/id/4711
Government website of Jordan used for phishing
http://www.zone-h.org/news/id/4710
Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities
http://www.securiteam.com/windowsntfocus/5SP0M1FR5G.html
Sun Solaris Integer Overflow Vulnerability
http://www.securiteam.com/unixfocus/5TP0N1FR5O.html
IBM AIX libc MALLOCDEBUG File Overwrite Vulnerability
http://www.securiteam.com/unixfocus/5XP0R1FR5Y.html
Armorlogic Profense Web Application Firewall Multiple Vulnerabilities
http://www.securiteam.com/securitynews/5RP0L1FR5W.html
Sun Communications Express Multiple XSS
http://www.securiteam.com/securitynews/5UP0O1FR5O.html
Android Improper Package Verification
http://www.securiteam.com/securitynews/5VP0P1FR5Q.html
HP Printers and HP Digital Senders Unauthorized Access to Files
http://www.securiteam.com/securitynews/5WP0Q1FR5E.html
Apache "Options" and "AllowOverride" Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/1444
After a desktop is checked out, a printer added to the host might not be visible in the guest (1011420)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011420&sliceId=1&docTypeID=DT_KB_1_1
Mutiple replicas are created when the MasterVM has a mapping to a non-existent ISO image file (1011418)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011418&sliceId=1&docTypeID=DT_KB_1_1
ADAM installation fails with error 28037 (1011410)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011410&sliceId=1&docTypeID=DT_KB_1_1
View Composer might crash during its operations if you are using Oracle version 10.2.0.3 (1011396)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011396&sliceId=1&docTypeID=DT_KB_1_1
On rare occasion, View Administrator might display IllegalStateException errors (1011392)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011392&sliceId=1&docTypeID=DT_KB_1_1
The VirtualCenter message of the day keeps reappearing (1011391)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011391&sliceId=1&docTypeID=DT_KB_1_1
During Daylight Savings Time, View Administrator displays the last backup time as one hour earlier t... (1011390)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011390&sliceId=1&docTypeID=DT_KB_1_1
A View Composer desktop that is cloned and then used as a Parent VM might not be customized correctl... (1011378)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011378&sliceId=1&docTypeID=DT_KB_1_1
Cannot launch vSphere Client after installing in Windows 7 (1011329)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011329&sliceId=1&docTypeID=DT_KB_1_1
Ston3D S3DPlayer Web and Standalone 'system.openURL()' Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/35105
Novell GroupWise WebAccess Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/35066
Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35139
Apple Mac OS X PICT Image Handling Integer Overflow Vulnerability
http://www.securityfocus.com/bid/34938
OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35138
IBM WebSphere Partner Gateway 'bcgarchive' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35136
Pinnacle Hollywood FX '.hfz' File Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35137
Linux Kernel CIFS 'decode_unicode_ssetup()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34612
Linux Kernel CIFS Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34453
libwmf WMF Image File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34792
Eggdrop 'ctcpbuf' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34985
acpid Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34692
PRTG Traffic Grapher 'Monitor_Bandwidth' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35128
Smarty Template Engine 'function.math.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34918
libsndfile Audio Data Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/35126
Phorum 'image/bmp' MIME Type HTML Injection Vulnerability
http://www.securityfocus.com/bid/35134
Woltlab Burning Board 'image/bmp' MIME Type HTML-Injection Vulnerability
http://www.securityfocus.com/bid/35135
Simple Machines Forum 'image/bmp' MIME Type HTML Injection Vulnerability
http://www.securityfocus.com/bid/35130
Citrix Password Manager Secondary Credentials Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35133
Mozilla Firefox 'keygen' HTML Tag Denial of Service Vulnerability
http://www.securityfocus.com/bid/35132
ATutor 'documentation/index.php' URL Handling Phishing Vulnerability
http://www.securityfocus.com/bid/35129
HP Data Protector Express Local Unspecified Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34955
Drupal Embedded Media Field Module Create Content Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/35131
FreeType TT_Load_Simple_Glyph() TTF File Integer Overflow Vulnerability
http://www.securityfocus.com/bid/24074
Lussumo Vanilla 'ajax/updatecheck.php' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/35114
FreeType LWFN Files Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/18034
Sun Solaris 'sadmind' Daemon Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35083
Lussumo Vanilla 'updatecheck.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35124
phpBugTracker 'include.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/35125
Achievo Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/35140
0 件のコメント:
コメントを投稿