http://www.dovecot.org/list/dovecot-news/2009-July/000122.html
+ Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Jul/1022529.html
Hitachi Business Logic - ContainerおよびHitachi Business Logic - Container 2におけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS09-011/index.html
IBM,画面上の機密情報を選択的に隠すセキュリティ技術
http://itpro.nikkeibp.co.jp/article/NEWS/20090710/333597/?ST=security
Verizon,企業アプリのセキュリティ評価プログラムを発表
http://itpro.nikkeibp.co.jp/article/NEWS/20090710/333583/?ST=security
SNSサイトのTagged.com,不正メール大量送信でNY州が提訴へ
http://itpro.nikkeibp.co.jp/article/NEWS/20090710/333580/?ST=security
Microsoftの7月定例アップデート予告,DirectXの「緊急」対策など計6件
http://itpro.nikkeibp.co.jp/article/NEWS/20090710/333579/?ST=security
JVNDB-2009-001741 Hitachi Web Server の SSL クライアント認証における脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001741.html
JVNDB-2009-001740 Hitachi Web Server のリバースプロキシにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001740.html
JVNDB-2009-001739 Sun Solaris の Kerberos における証明書キャッシュを正しく管理しない脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001739.html
JVNDB-2009-001738 Sun Java System Web Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001738.html
JVNDB-2009-001737 Apache Tomcat における Web アプリケーションに関連するファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001737.html
JVNDB-2009-001736 Apache Tomcat における有効なユーザ名を列挙される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001736.html
MySQL Format String Bug in dispatch_command() Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Jul/1022533.html
IBM AIX syscall Buffer Overflow Has Unspecified Impact
http://securitytracker.com/alerts/2009/Jul/1022530.html
WordPress Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
http://securitytracker.com/alerts/2009/Jul/1022528.html
Apple Safari WebKit Bug in Procesing Numeric Character References Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Jul/1022526.html
Apple Safari Flaw in WebKit in Processing Parent and Top Objects Lets Remote Users Conduct Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/Jul/1022525.html
+ Solution 262908: Security Vulnerability in the SNMP daemon (snmpd(1M)) May Lead to a Denial of Service (DoS) Condition
http://sunsolve.sun.com/search/document.do?assetkey=1-66-262908-1
+ MySQL-SA-07/08/2009: MySQL <= 5.0.45 post auth format string vulnerability http://www.criticalwatch.com/support/security-advisories.aspx?AID=29766
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00044.html
http://www.securityfocus.com/bid/35609
http://www.milw0rm.com/exploits/9085
+ MySQL "dispatch_command()" Denial of Service Vulnerability
http://secunia.com/advisories/35767/
- Oracle Critical Patch Update Pre-Release Announcement - July 2009
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html
http://www.securityfocus.com/bid/35618
- Microsoft Security Bulletin Advance Notification for July 2009
http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx
http://www.securityfocus.com/bid/35617
2009 PHP TestFest
http://www.php.net/archive/2009.php#id2009-07-09-1
Continuent Launches Tungsten for PostgreSQL 8.4
http://www.postgresql.org/about/news.1110
RHSA-2009:1148-1: Important: httpd security update
http://rhn.redhat.com/errata/RHSA-2009-1148.html
Disk objects have no properties
http://seer.entsupport.symantec.com/docs/327567.htm
Array Settings Wizard does not complete on Itanium platform
http://seer.entsupport.symantec.com/docs/327562.htm
Solution 262428: Cross-site Scripting (XSS) Security Vulnerability in Sun Java Web Console May Allow Execution of Arbitrary Code
http://sunsolve.sun.com/search/document.do?assetkey=1-66-262428-1
SOS-09-004: Lotus_Sametime_User_Enumeration Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29763
TZO-27-2009: Update: Firefox Denial of Service (Keygen)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29767
APPLE-SA-2009-07-08-1: Safari 4.0.2
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29762
CORE-2009-0519: Awingsoft Awakening Winds3D Viewer remote command execution vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29764
CORE-2009-01515: WordPress Privileges Unchecked in admin.php and Multiple Information
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29765
MySQL-SA-07/08/2009: MySQL <= 5.0.45 post auth format string vulnerability http://www.criticalwatch.com/support/security-advisories.aspx?AID=29766
[ MDVSA-2009:149 ] apache
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00048.html
[ MDVSA-2009:149 ] apache
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00047.html
[TZO-27-2009] Firefox Denial of Service (Keygen)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00046.html
Pwnie Awards 2009
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00045.html
MySQL <= 5.0.45 post auth format string vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00044.html
「鍵マークが出ても過信は禁物」、SSLサイト悪用のフィッシングが急増
既存のSSL対応サイトを乗っ取って偽ページを設置、偽のメールで誘導する
http://itpro.nikkeibp.co.jp/article/NEWS/20090709/333576/?ST=security
クリアスウィフト,メール/Webセキュリティ製品で仮想化対応などの強化を実施
http://itpro.nikkeibp.co.jp/article/NEWS/20090709/333546/?ST=security
Latest Updates on Ongoing DDoS on Governmental/Commercial Websites in USA and S. Korea
http://isc.sans.org/diary.html?storyid=6757
OpenSSH 0day FUD
http://isc.sans.org/diary.html?storyid=6760
Debian update for ocsinventory-agent
http://secunia.com/advisories/35768/
MySQL "dispatch_command()" Denial of Service Vulnerability
http://secunia.com/advisories/35767/
Winds3D Viewer "GetURL()" Command Execution Vulnerability
http://secunia.com/advisories/35764/
Online Guestbook Pro "search_choice" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35762/
JNM Guestbook "page" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35760/
Apple Safari Two WebKit Component Vulnerabilities
http://secunia.com/advisories/35758/
eBay Enhanced Picture Services ActiveX Control Vulnerability
http://secunia.com/advisories/35757/
Drupal Nodequeue Module Information Disclosure
http://secunia.com/advisories/35755/
IBM AIX "syscall" Buffer Overflow Vulnerability
http://secunia.com/advisories/35754/
Rentventory "username" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35749/
Adobe ColdFusion FCKeditor "CurrentFolder" Vulnerability
http://secunia.com/advisories/35747/
Linea 21 "search" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35745/
ClanSphere "text" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35744/
Alibaba Clone "SellerID" and "IndustryID" SQL Injection Vulnerabilities
http://secunia.com/advisories/35741/
Astaro update for IPsec
http://secunia.com/advisories/35740/
Bugzilla "canconfirm" Security Bypass Vulnerability
http://secunia.com/advisories/35739/
Joomla Acajoom GPL Component Backdoor Security Issue
http://secunia.com/advisories/35732/
OCS Inventory Unified Agent Insecure Module Search Path
http://secunia.com/advisories/35727/
Bugzilla Unauthorized Bug Status Modification Security Weakness
http://www.vupen.com/english/advisories/2009/1840
Acajoom GPL for Joomla Backdoor Remote Command Execution Issue
http://www.vupen.com/english/advisories/2009/1839
Alibaba Clone "SellerID" and "IndustryID" SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2009/1838
Linea 21 "search" Parameter Handling Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/1837
ClanSphere "text" Parameter Handling Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/1836
Rentventory "username" Parameter Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/1835
Awingsoft Awakening Winds3D Viewer Code Execution Vulnerability
http://www.vupen.com/english/advisories/2009/1834
WordPress Multiple Security Bypass and Information Disclosure Issues
http://www.vupen.com/english/advisories/2009/1833
DB Top Sites "u" Parameter Handling Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/1832
JNM Guestbook "page" Parameter Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/1831
Online Guestbook Pro "entry" Parameter Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/1830
Astaro Security Gateway IPsec Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/1829
xscreensaver 5.01 Arbitrary File Disclosure Symlink Attack Vulnerability
http://www.milw0rm.com/exploits/9097
Sun One WebServer 6.1 JSP Source Viewing Vulnerability
http://www.milw0rm.com/exploits/9096
Linux Kernel <= 2.6.28.3 set_selection() UTF-8 Off By One Local Exploit http://www.milw0rm.com/exploits/9083
FreeBSD 7.0/7.1 vfs.usermount Local Privilege Escalation Exploit
http://www.milw0rm.com/exploits/9082
Sun Solaris Cassini Gigabit-Ethernet Device Driver Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35439
Sun Solaris Ultra-SPARC T2 Crypto Provider Device Driver Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35438
OCS Inventory NG Agent 'Backend.pm' Perl Module Handling Code Execution Vulnerability
http://www.securityfocus.com/bid/35593
Microsoft Windows 'MPEG2TuneRequest' ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35558
MySQL 'sql_parse.cc' Multiple Format String Vulnerabilities
http://www.securityfocus.com/bid/35609
Multiple HTTP Proxy HTTP Host Header Incorrect Relay Behavior Vulnerability
http://www.securityfocus.com/bid/33858
Winds3D Viewer 'GetURL()' Arbitrary File Download Vulnerability
http://www.securityfocus.com/bid/35595
WordPress Multiple Existing/Non-Existing Username Enumeration Weaknesses
http://www.securityfocus.com/bid/35581
WordPress 'wp-admin/admin.php' Module Configuration Security Bypass Vulnerability
http://www.securityfocus.com/bid/35584
NullLogic Groupware Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/35606
Apache 'mod_proxy' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35565
HP OpenView Network Node Manager 'rping' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35267
EveryAuction Auction.PL Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/15824
Oracle July 2009 Advance Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/35618
Citrix XenCenterWeb Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/35592
Jinzora 'name' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/34224
Mozilla Firefox 'keygen' HTML Tag Denial of Service Vulnerability
http://www.securityfocus.com/bid/35132
strongSwan Crafted X.509 Certificate Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/35452
FCKeditor 'CurrentFolder' Parameter Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/31812
phpMyAdmin SQL bookmark HTML Injection Vulnerability
http://www.securityfocus.com/bid/35543
NetGear DG632 Router Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/35376
cPanel 'lastvisit.html' Arbitrary File Disclosure Vulnerability
http://www.securityfocus.com/bid/35518
Adobe Shockwave Player Director File Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35469
PHP Address Book Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/35511
Symbian S60 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/35590
Drupal Nodequeue Module Node Title Security Bypass Vulnerability
http://www.securityfocus.com/bid/35602
ClanSphere 'text' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35605
Bugzilla Bug Status Modification Security Bypass Vulnerability
http://www.securityfocus.com/bid/35604
Siteframe 'phpinfo.php' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35598
Siteframe 'document.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/35597
ADbNewsSender 'path_to_lang' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/35596
Acajoom Component for Mambo/Joomla! Backdoor Vulnerability
http://www.securityfocus.com/bid/35459
OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/35001
OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35174
OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35138
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/34256
OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31692
IBM Lotus Sametime Username Enumeration Weakness
http://www.securityfocus.com/bid/35614
Eggdrop Server Module Message Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/24070
Green Dam Youth Escort Change System Time Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/35557
ASP Inline Corporate Calendar Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/35054
Perl IO::Socket::SSL 'verify_hostname_of_cert()' Security Bypass Vulnerability
http://www.securityfocus.com/bid/35587
Microsoft July 2009 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/35617
CMME 'admin.php' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35578
Avax Vector 'avPreview.ocx' ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35583
Dillo 'Png_datainfo_callback()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35575
Sun Java Web Console Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35513
Sun Java System Access Manager Cross-Domain Controller (CDC) Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35527
Sun Solaris Kernel 'udp(7p)' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35545
Sun Solaris Network File System Version 4 (NFSv4) Unauthorized Network Access Vulnerability
http://www.securityfocus.com/bid/35546
RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/35213
RETIRED: Ocsinventory-Agent Perl Module Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35612
IBM AIX 'syscall' Unspecified Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35615
WebKit 'parent/top' Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/35441
WebKit Numeric Character References Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35607
IBM WebSphere Application Server JAX-RPC WS-Security Security Bypass Vulnerability
http://www.securityfocus.com/bid/35610
0 件のコメント:
コメントを投稿