Dovecot 1.2.rc6 released
http://www.dovecot.org/list/dovecot-news/2009-June/000116.html
Benetl 2.8 out
http://www.postgresql.org/about/news.1103
「EV SSL証明書の発行数が1万件超,市場シェアは74%に」とVeriSign
http://itpro.nikkeibp.co.jp/article/NEWS/20090622/332322/?ST=security
LibTIFF "LZWDecodeCompat()" Buffer Underflow Vulnerability
http://secunia.com/advisories/35515/
libpurple MSN Protocol SLP Message Heap Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/5GP0D2KRFS.html
phpMyAdmin Code Injection
http://www.securiteam.com/unixfocus/5IP0F2KRFS.html
Webmedia Explorer Cross Site Scripting Vulnerability
http://www.securiteam.com/unixfocus/5JP0G2KRFS.html
Pantha transLucid Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securiteam.com/unixfocus/5HP0E2KRFS.html
Kaspersky PDF Evasion All Products
http://www.securiteam.com/securitynews/5FP0C2KRFS.html
Ikarus Multiple Generic Evasions Using CAB ZIP or RAR Files
http://www.securiteam.com/securitynews/5EP0B2KRFS.html
One sided hacktivism
http://www.zone-h.org/news/id/4713
Cyrus SASL 'sasl_encode64()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34961
+ lm-sensors 3.1.1 Released
http://www.lm-sensors.org/browser/lm-sensors/tags/V3-1-0/CHANGES
+ Solution 256728: Multiple Security Vulnerabilities in the Solaris Kerberos 'Mech' Libraries May Lead To Execution of Arbitrary Code, Unauthorized Access to Data or a Denial of Service (DoS) Condition
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256728-1
+ Solution 257008: Security Vulnerability with the Solaris TCP/IP Networking Stack Involving the Cassini Gigabit-Ethernet Device Driver and Jumbo Frames
http://sunsolve.sun.com/search/document.do?assetkey=1-66-257008-1
+ Solution 258828: A Memory Leak in the Solaris Ultra-SPARC T2 crypto provider device driver (n2cp(7D)) may Result in Denial of Service (DoS) to the System as a Whole
http://sunsolve.sun.com/search/document.do?assetkey=1-66-258828-1
+ Solution 260449 : Two Race Condition Vulnerabilities in the Solaris Event Port API May Allow Local Users to Panic the System, Causing a Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-260449-1
+ PHP-SA-06/16/2009: PHP safe_mode bypass with exec/system/passthru Once again
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29631
+ PHP "exif_read_data()" Denial of Service
http://secunia.com/advisories/35441/
+ DBD-mysql 4.012 released
http://www.cpan.org/modules/by-module/DBD/DBD-mysql-4.012.readme
- Cisco Security Advisory: IOS HTTP Server Command Injection Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a008059e470.shtml
Apache FtpServer 1.0.2 released
http://mina.apache.org/ftpserver/downloads.html
MySQL Workbench 5.1.14 RC2 Availabe
http://dev.mysql.com/downloads/workbench/5.1.html
Apache JMeter 2.3.4 released
http://jakarta.apache.org/jmeter/index.html
PHP 5.3.0RC4 Release Announcements
http://cvs.php.net/viewvc.cgi/php-src/UPGRADING?revision=PHP_5_3
Postfix 2.7-20090619-nonprod non-production release
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.7-20090619-nonprod.HISTORY
Perl 6 Design Minutes for 06 June 2009
http://use.perl.org/articles/09/06/21/143213.shtml
WebSphere MQ 6.0.1.2 for HP OpenVMS Alpha and Itanium is available
http://www-01.ibm.com/support/docview.wss?rs=171&context=SSFKSJ&context=SSEP7X&dc=D600&uid=swg21375373&loc=en_US&cs=UTF-8&lang=en
偽のセキュリティ警告メールに注意、MSをかたってウイルスを配付
「今すぐ適用してください」、Outlookなどのパッチに見せかける
http://itpro.nikkeibp.co.jp/article/NEWS/20090622/332336/?ST=security
「デジカメやSDカードも感染する」――「USBウイルス」を徹底解説
JPCERTが54ページの調査報告書を公表、感染状況・機能や対策を詳述
http://itpro.nikkeibp.co.jp/article/NEWS/20090622/332335/?ST=security
「標的型攻撃」対策には“予防接種”が効果的、JPCERTが2600人で実証
14社にダミーの攻撃メールを2回送信、「開封率」は45.4%から14%に減少
http://itpro.nikkeibp.co.jp/article/Research/20090619/332277/?ST=security
JVNDB-2008-002163: Java Runtime Environment (JRE) における Kerberos 認証に関するサービス運用妨害の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002163.html
JVNDB-2008-002161: Java Runtime Environment (JRE) の ZIP ファイル処理における任意のメモリを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002161.html
JVNDB-2008-002160: Java Runtime Environment (JRE) における任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002160.html
JVNDB-2008-002159: Java Runtime Environment (JRE) における JAR ファイルに書き込み可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002159.html
JVNDB-2008-002158: Java Runtime Environment (JRE) における画像処理に関するバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002158.html
JVNDB-2008-002153: Java Runtime Environment (JRE) における JAR ファイルの処理に関するバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002153.html
JVNDB-2008-002152: Java Runtime Environment (JRE) における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002152.html
JVNDB-2008-002150: Java Runtime Environment (JRE) における防御メカニズムの回避が容易となる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002150.html
JVNDB-2008-002149: Java Runtime Environment (JRE) における操作中のユーザのディレクトリの内容をリストされる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002149.html
JVNDB-2008-002147: Sun Java Web Start および Java Plug-in における任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002147.html
JVNDB-2008-002146: Sun Java Web Start および Java Plug-in における HTTP セッションをハイジャックされる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002146.html
JVNDB-2008-002145: Sun Java Web Start および Java Plug-in 用 BasicService におけるローカルファイルの内容が別のシステムに送信される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002145.html
JVNDB-2008-002143: Sun Java Web Start および Java Plug-in におけるローカルファイルまたはアプリケーションへのアクセス権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002143.html
JVNDB-2008-002142: Sun Java Web Start および Java Plug-in における認証されていないホストへのネットーワーク接続をされる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002142.html
JVNDB-2008-002141: Sun Java Web Start および Java Plug-in における jnlp ファイルの処理に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002141.html
[ MDVSA-2009:137 ] java-1.6.0-openjdk
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00195.html
MULTIPLE LOCAL FILE INCLUSION VULNERABILITIES --FretsWeb 1.2-->
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00194.html
PhpPortal v1 Insecure Cookie Handling Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00193.html
Vulnerability Note VU#251793: Foxit Reader contains multiple vulnerabilities in the processing of JPX data
http://www.kb.cert.org/vuls/id/251793
Fedora update for pcsc-lite
http://secunia.com/advisories/35508/
Sun Solaris TCP/IP Networking Stack Denial of Service
http://secunia.com/advisories/35507/
PukiWikiMod Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35504/
PCSC-Lite Insecure Directory Permissions
http://secunia.com/advisories/35500/
Red Hat update for cyrus-imapd
http://secunia.com/advisories/35497/
WebNMS "type" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35495/
Fedora update for openssl
http://secunia.com/advisories/35461/
Debian update for vlc
http://secunia.com/advisories/35460/
Debian update for gforge
http://secunia.com/advisories/35458/
Debian update for xulrunner
http://secunia.com/advisories/35446/
PHP "exif_read_data()" Denial of Service
http://secunia.com/advisories/35441/
Sun Solaris Ultra-SPARC T2 Crypto Provider Device Driver Vulnerability
http://secunia.com/advisories/35403/
xcftools "flattenIncrementally()" Buffer Overflow Vulnerability
http://secunia.com/advisories/35397/
Sun Solaris Event Port API Race Condition Vulnerabilities
http://secunia.com/advisories/35279/
Solaris Bug in Cassini Gigabit-Ethernet Device Driver Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Jun/1022424.html
Solaris Memory Leak in Ultra-SPARC T2 Crypto Provider Device Driver Lets Local and Remote Users Deny Service
http://securitytracker.com/alerts/2009/Jun/1022423.html
Solaris Event Port API Race Condition Lets Local Users Deny Service
http://securitytracker.com/alerts/2009/Jun/1022422.html
Citrix Secure Gateway Bug Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Jun/1022420.html
IBM AIX Buffer Overflow in ToolTalk Library Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Jun/1022419.html
McAfee ePolicy Orchestrator 'naPolicyManager.dll' ActiveX Control Lets Remote Overwrite Files
http://securitytracker.com/alerts/2009/Jun/1022413.html
Cisco IOS HTTP Service HTML Injection Vulnerability
http://www.securityfocus.com/bid/15602
Cisco IOS HTTP Server Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/33260
Apple iPhone and iPod touch Safari Search History Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35448
Apple iPhone and iPod touch Untrusted Certificate Exception Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35447
RETIRED: Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities
http://www.securityfocus.com/bid/35414
Apple iPhone and iPod touch MPEG-4 Video Codec Denial of Service Vulnerability
http://www.securityfocus.com/bid/35433
Xen 'hypervisor_callback()' Guest Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34957
NTP 'ntpq' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34481
SAP AG SAPgui 'sapirrfc.dll' ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35256
Apple iPhone and iPod touch ICMP Echo Request Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35445
Apple iPhone and iPod touch 'HTMLSelectElement' Denial of Service Vulnerability
http://www.securityfocus.com/bid/35446
Sun Java Applet Font.createFont Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/17981
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
'nfs-utils' Package for Red Hat Enterprise Linux 5 TCP Wrappers Security Bypass Vulnerability
http://www.securityfocus.com/bid/30466
util-linux-ng 'login' Remote Log Injection Weakness
http://www.securityfocus.com/bid/28983
Drupal Views Module Multiple Security Bypass and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/35304
'Compress::Raw::Zlib' Perl Module Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35307
Mutt 'mutt_ssl.c' X.509 Certificate Chain Security Bypass Vulnerability
http://www.securityfocus.com/bid/35288
Microchip MPLAB IDE '.mcp' File Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34897
EMC AlphaStor Server Agent Multiple Stack Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/29399
Coccinelle Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/34848
FireStats 'firestats-wordpress.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/35367
TBDEV.NET Multiple Cross Site Scripting And HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/35366
Webmedia Explorer Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/35368
TorrentTrader Classic Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/35369
Uebimiau Webmail 'admin/editor.php' Arbitrary File Overwrite Vulnerability
http://www.securityfocus.com/bid/35374
WordPress Photoracer Plugin 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35382
phPortal 'topicler.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/35387
Foxit Reader JPEG2000 Header Decoding Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35443
Foxit Reader JPEG2000 Negative Stream Offset Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35442
Little CMS Monochrome Profiles Null Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/34411
Little CMS Memory Leak and Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/34185
Pivot Multiple Cross Site Scripting And HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/35363
Joomla! 'com_jumi' Component 'fileid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35384
Podcast Generator Multiple Remote And Local File Include Vulnerabilities
http://www.securityfocus.com/bid/28038
Net-SNMP Remote Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/29623
Multiple IKARUS Products RAR/CAB/ZIP File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/35358
4homepages 4images 'global.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/35364
Rasterbar Software libtorrent Arbitrary File Overwrite Vulnerability
http://www.securityfocus.com/bid/35262
OpenSSL Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/29405
OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
http://www.securityfocus.com/bid/33150
OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35138
OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/35001
Serena Dimensions CM 'DOWNLOAD' Command Security Bypass Vulnerability
http://www.securityfocus.com/bid/35337
Apple Safari 'parent/top' Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/35441
Luottokunta Payment Security Bypass Vulnerability
http://www.securityfocus.com/bid/35191
Sun Solaris Cassini Gigabit-Ethernet Device Driver Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35439
Sun Solaris Event Port API Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/35437
Sun Solaris Ultra-SPARC T2 Crypto Provider Device Driver Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35438
Serena Dimensions CM SSL Certificate Signature Verification Vulnerability
http://www.securityfocus.com/bid/35073
Apple iPhone and iPod touch Configuration Profile Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35436
Apple iPhone and iPod touch Mail Client Information Disclosure Weakness
http://www.securityfocus.com/bid/35434
libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/32326
iJoomla RSS Feeder Component 'cat' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35379
phpWebThings 'fdown.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/35336
ClamAV CAB/RAR/ZIP File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/35426
Joomla! JVideo! Component 'user_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35146
JoomlaPraise Projectfork Joomla! Component 'section' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/35378
Multiple F-PROT Products RAR/ARJ/LHA/LZH File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/35427
vBulletin Radio and TV Player Add-On Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/35385
cTorrent and dTorrent Torrent File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34584
Cyrus SASL 'sasl_encode64()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34961
OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35417
MoinMoin Hierarchical ACL Security Bypass Vulnerability
http://www.securityfocus.com/bid/35277
MoinMoin 'AttachFile.py' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/33365
MoinMoin Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/27904
MoinMoin 'antispam.py' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/33479
DirectAdmin 'CMD_REDIRECT' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/35450
geccBBlite 'postatoda' Parameter Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/35449
PCSC-Lite Local Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/35444
0 件のコメント:
コメントを投稿