Webウイルス「Nine-Ball」が依然猛威、3万サイト以上で確認
米ウェブセンスが詳細を解析、「2回目以降は正規サイトへ誘導」
http://itpro.nikkeibp.co.jp/article/NEWS/20090624/332513/?ST=security
JPCERT/CC WEEKLY REPORT 2009-06-24
http://www.jpcert.or.jp/wr/2009/wr092401.html
JVNDB-2009-000043: Movable Type におけるアクセス制限回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000043.html
JVNDB-2009-000042: Movable Type におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000042.html
JVNDB-2009-001310: Microsoft Office PowerPoint における PowerPoint ファイルの処理に関するバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001310.html
JVNDB-2009-001309: Microsoft Office PowerPoint における PowerPoint 95 形式のファイル処理に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001309.html
JVNDB-2009-001308: Microsoft Office PowerPoint における PowerPoint ファイル処理に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001308.html
JVNDB-2009-001307: Microsoft Office PowerPoint における Notes コンテナの処理に関するバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001307.html
JVNDB-2009-001306: Microsoft Office PowerPoint における PowerPoint ファイルの処理に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001306.html
JVNDB-2009-001305: Microsoft Office PowerPoint におけるサウンドデータの処理に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001305.html
JVNDB-2009-001304: Microsoft Office PowerPoint の PowerPoint 95 インポーターにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001304.html
JVNDB-2009-001303: Microsoft Office PowerPoint における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001303.html
JVNDB-2009-001302: Microsoft Office PowerPoint の PowerPoint 4.2 変換フィルタにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001302.html
JVNDB-2009-001301: Microsoft Office PowerPoint の PowerPoint 4.2 変換フィルタにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001301.html
JVNDB-2009-001300: Microsoft Office PowerPoint におけるサウンドデータの処理に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001300.html
JVNDB-2009-001299: Microsoft Office PowerPoint におけるサウンドデータの処理に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001299.html
JVNDB-2009-001298: Microsoft Office PowerPoint の PowerPoint 4.0 インポーターにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001298.html
JVNDB-2009-001183: Linux kernel の skfp_ioctl 関数におけるドライバの統計情報をリセットされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001183.html
JVNDB-2009-001153: OpenSSL におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001153.html
JVNDB-2009-001152: OpenSSL の CMS_verify 関数における不正な署名を正当なものとして処理する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001152.html
JVNDB-2008-001973: Linux kernel におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001973.html
JVNDB-2007-000503: Microsoft .NET Framework の ASP.NET における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000503.html
JVNDB-2007-000502: Microsoft .NET Framework の PE ローダにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000502.html
JVNDB-2006-000525: Sendmail の メールヘッダ処理におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000525.html
JVN#86472161: Movable Type におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN86472161/index.html
JVN#08369659: Movable Type におけるアクセス制限回避の脆弱性
http://jvn.jp/jp/JVN08369659/index.html
DirectAdmin Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35525/
SureThing CD/DVD Labeler Playlist Processing Buffer Overflow
http://secunia.com/advisories/35361/
Security Update available for Shockwave Player
http://www.adobe.com/support/security/bulletins/apsb09-08.html
NetBSD OpenPAM passwd(1) May Let Certain Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/Jun/1022432.html
NetBSD proplib Null Pointer Dereference in Processing XML Data Lets Local Users Deny Service
http://securitytracker.com/alerts/2009/Jun/1022431.html
Google Chrome Buffer Overflow in Processing HTTP Responses Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Jun/1022429.html
+ Apache HTTP DoS tool mitigation
http://isc.sans.org/diary.html?storyid=6613
+ suhosin-patch-5.2.10-0.9.7 released
http://www.hardened-php.net/suhosin/download.html
[ANNOUNCE] JMeter 2.3.4 r785646
http://jakarta.apache.org/jmeter/
[ANN] Apache Incubator Shindig 1.0 Released
http://incubator.apache.org/shindig
[ANNOUNCE] pgDay San Jose Registration Open, Schedule Up
http://wiki.postgresql.org/wiki/PgDaySanJose2009
5 Reasons Android Is Changing The Smartphone Game
http://www.linux.org/news/2009/06/23/0002.html
Mandriva Linux 2010 Alpha 1 released
http://www.linux.org/news/2009/06/23/0001.html
Linux touchscreen advances
http://www.linux.org/news/2009/06/22/0002.html
Database Designer for PostgreSQL with native Wine support is out
http://www.postgresql.org/about/news.1104
DSA 1822-1: New mahara packages fix cross-site scripting
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29648
MDVSA-2009:138: tomcat5
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29646
n.runs-SA-2009.005: Apple Safari - Information disclosure
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29649
n.runs-SA-2009.006: Apple Safari - Null pointer dereference
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29650
DSA 1821-1: New amule packages fix insufficient input sanitising
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29647
acajoom-SA-06/22/2009: Back door trojan in acajoom-3.2.6 for joomla
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29654
MDVSA-2009:136: tomcat5
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29645
Authentication Bypas in BASE version 1.2.4 and prior
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00211.html
n.runs-SA-2009.005 - Apple Safari - Information disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00210.html
n.runs-SA-2009.006 - Apple Safari - Null pointer dereference
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00209.html
[SECURITY] [DSA 1822-1] New mahara packages fix cross-site scripting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00208.html
CFP: ISOI 7 - Sept 17, 18 - San Diego
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00207.html
[ MDVSA-2009:138 ] tomcat5
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00206.html
[SECURITY] [DSA 1821-1] New amule packages fix insufficient input sanitising
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00205.html
[ MDVSA-2009:136 ] tomcat5
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00204.html
NetBSD proplib Undefined XML Element Denial of Service
http://secunia.com/advisories/35556/
NetBSD update for tcpdump
http://secunia.com/advisories/35555/
Debian update for mahara
http://secunia.com/advisories/35554/
NetBSD OpenPAM Security Bypass Weakness
http://secunia.com/advisories/35553/
Softbiz Banner Ad Management Script "size_id" SQL Injection
http://secunia.com/advisories/35549/
Google Chrome HTTP Response Buffer Overflow Vulnerability
http://secunia.com/advisories/35548/
Nagios "statuswml.cgi" Command Injection Vulnerability
http://secunia.com/advisories/35543/
Debian update for amule
http://secunia.com/advisories/35538/
SourceBans sb-callback.php Insecure Request Handling Vulnerability
http://secunia.com/advisories/35528/
Kasseler CMS "file" File Disclosure Vulnerability
http://secunia.com/advisories/35523/
Gravy Media Photo Host "file" Local File Disclosure Vulnerability
http://secunia.com/advisories/35518/
MyBB "birthdayprivacy" SQL Injection Vulnerability
http://secunia.com/advisories/35517/
Bopup Communication Server Buffer Overflow Vulnerability
http://secunia.com/advisories/35516/
AWScripts Gallery Search Engine Insecure Cookie Handling Vulnerability
http://secunia.com/advisories/35513/
Mahara Cross-Site Scripting and Information Disclosure
http://secunia.com/advisories/35510/
Devel::NYTProf 2.10 released
http://cpansearch.perl.org/src/TIMB/Devel-NYTProf-2.10/Changes
Microsoft Security Essentials Beta
http://www.microsoft.com/security_essentials/market.aspx
RS-CMS "key" Parameter Processing Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/1658
Tickets Component for Joomla "id" Parameter SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/1657
Google Chrome HTTP Response Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1656
Nagios "statuswml.cgi" Remote Command Injection Vulnerability
http://www.vupen.com/english/advisories/2009/1655
SourceBans "ChangeEmail()" Function Email Manipulation Vulnerability
http://www.vupen.com/english/advisories/2009/1654
MyBB "birthdayprivacy" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/1653
Kasseler CMS File Disclosure and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/1652
Gravy Media Photo Host "file" Parameter File Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/1651
Campsite "g_campsiteDir" Remote and Local File Inclusion Vulnerabilities
http://www.vupen.com/english/advisories/2009/1650
AWScripts Gallery Search Engine Authentication Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/1649
phpDatingClub SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/1648
pc4 Uploader "file" Parameter Remote File Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/1647
MIDAS Cookie Handling Authentication Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/1646
Bopup Communication Server Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1645
Zen Cart 1.3.8 Remote SQL Execution Exploit
http://www.milw0rm.com/exploits/9005
Zen Cart 1.3.8 Remote Code Execution Exploit
http://www.milw0rm.com/exploits/9004
phpCollegeExchange 0.1.5c (RFI/LFI/XSS) Multiple Vulnerabilities
http://www.milw0rm.com/exploits/9008
HP Data Protector 4.00-SP1b43064 Remote Memory Leak/Dos (meta)
http://www.milw0rm.com/exploits/9007
HP Data Protector 4.00-SP1b43064 Remote Memory Leak/Dos Exploit
http://www.milw0rm.com/exploits/9006
MyBB 'birthdayprivacy' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35458
Kasseler CMS Arbitrary File Disclosure Vulnerability and Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35457
Campsite Multiple Remote Input Validation Vulnerabilities
http://www.securityfocus.com/bid/35456
CMS Buzz Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/35431
Zen Cart 'admin/sqlpatch.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/35468
Zen Cart 'record_company.php' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35467
Joomla! and Mambo Tickets Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35460
Xen 'hypervisor_callback()' Guest Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34957
TYPO3 Modern Guestbook / Commenting System Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35397
TYPO3 Virtual Civil Services Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/35395
FreeType LWFN Files Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/18034
Adobe Shockwave Player Unspecified Security Vulnerability
http://www.securityfocus.com/bid/35469
FreeType TT_Load_Simple_Glyph() TTF File Integer Overflow Vulnerability
http://www.securityfocus.com/bid/24074
FreeType Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34550
aMule 'wxExecute()' Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/34683
HP Data Protector Express 'dpwinsup.dll' Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34955
tcpdump RSVP Decoding Routines Denial Of Service Vulnerability
http://www.securityfocus.com/bid/13390
tcpdump LDP Decoding Routines Denial Of Service Vulnerability
http://www.securityfocus.com/bid/13389
tcpdump BGP Decoding Routines Denial Of Service Vulnerability
http://www.securityfocus.com/bid/13906
tcpdump ISIS Decoding Routines Denial Of Service Vulnerability
http://www.securityfocus.com/bid/13392
tcpdump IEEE802.11 Printer Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/22772
tcpdump Print-bgp.C Remote Integer Underflow Vulnerability
http://www.securityfocus.com/bid/24965
Linux Kernel NFS 'MAY_EXEC' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34934
Linux Kernel CIFS Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34453
Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34205
NetBSD 'pam_unix' Root Password Change Local Security Bypass Weakness
http://www.securityfocus.com/bid/35465
NetBSD 'proplib' Library XML Processing Null Pointer Exception Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35466
Microsoft Excel Record Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35241
Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35263
Apache Tomcat XML Parser Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35416
Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
http://www.securityfocus.com/bid/35196
Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
http://www.securityfocus.com/bid/35193
Mozilla Firefox and SeaMonkey JavaScript Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35373
Mozilla Thudnerbird/Seamonkey Multipart Alternative Message Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35461
Nagios 'statuswml.cgi' Remote Arbitrary Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/35464
Google Chrome SSL renegotiation Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35463
Google Chrome HTTP Response Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35462
IBM AIX 'rpc.ttdbserver' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35419
Mahara User Profile Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34677
Basic Analysis And Security Engine 'readRoleCookie()' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35470
0 件のコメント:
コメントを投稿