:: IT Security Neophyte Investigator's MEMO ::: 2日木曜日、友引

2009年7月2日木曜日

2日木曜日、友引

JVNDB-2009-001556: SquirrelMail における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001556.html

JVNDB-2009-001555: SquirrelMail におけるユーザインターフェースを偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001555.html

JVNDB-2009-001554: SquirrelMail におけるセッション固定の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001554.html

JVNDB-2009-001553: SquirrelMail における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001553.html

JVNDB-2009-001552: SquirrelMail におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001552.html

JVNDB-2009-001186: IBM DB2 における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001186.html

JVNDB-2009-001104: libpng が適切にエレメントポインタを初期化しない脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001104.html

JVNDB-2008-001807: OpenSSL の zlib_stateful_init 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001807.html

JVNDB-2007-001151: libpng の pngset.c における一つずれエラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001151.html

JVNDB-2007-001150: libpng の pngset.c における一つずれエラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001150.html

JVNDB-2007-000910: libpng の複数のチャンクハンドラにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000910.html

JVNDB-2007-000909: libpng の pngrtran.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000909.html

PostgreSQL User Survey
http://www.postgresql.org/about/news.1109

2009年Q2のスパム件数は前年同期比53％増，悪質ISP遮断の効果は一時的
http://itpro.nikkeibp.co.jp/article/NEWS/20090702/333104/?ST=security

トレンドマイクロ、Mac OS用セキュリティ対策ソフトを2009年秋に提供
製品版の発売に先駆けてベータ版を用意、登録ユーザーを対象に配付
http://itpro.nikkeibp.co.jp/article/NEWS/20090702/333099/?ST=security

VMware ESX Security Update Fixes Kerberos Code Execution Vulnerability
http://www.vupen.com/english/advisories/2009/1750

Pidgin ICQ Web Message Handling Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/1749

+ HPSBUX02440 SSRT090106 rev.1 - HP-UX Running NFS/ONCplus, Local Denial of Service (DoS)
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01793493-1

+ VMSA-2009-0008: ESX Service Console update for krb5
http://www.vmware.com/security/advisories/VMSA-2009-0008.html
http://lists.vmware.com/pipermail/security-announce/2009/000059.html

+ Dovecot v1.2.0 released
http://www.dovecot.org/list/dovecot-news/2009-July/000119.html

+ MySQL 5.1.36 released
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-36.html

+ PostgreSQL 8.4 Release Now Available
http://www.postgresql.org/about/news.1108
http://www.postgresql.org/docs/8.4/static/release-8-4.html

+ Solution 262048: A patch regression in Solaris Kernel udp(7p) may Cause Certain Trusted Configurations of Solaris to Panic or Become Vulnerable to Triggered Panics Resulting in a Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-262048-1

+ Solution 262668: Security Vulnerability in the Solaris Network File System Version 4 (NFSv4) 'nfs_portmon' Tunable May Allow Unauthorized Network Access
http://sunsolve.sun.com/search/document.do?assetkey=1-66-262668-1

[ANNOUNCE] pgAdmin v1.10.0 now available!
http://www.pgadmin.org/download

[ANN] Maven 2.2.0 Released
http://maven.apache.org/

[ANN] Maven Wagon 1.0-beta-6 Released
http://maven.apache.org/wagon/

HPSBUX02431 SSRT090085 rev.1 - Apache Web Server Suiteを実行するHP-UX、リモートサービス拒否(DoS)、任意コードの実行
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01795611-1&docLocale=ja_JP&admit=109447626+1246499502920+28353475

Kernel release: 2.6.27.26-rc2
http://www.linux.org/news/2009/07/01/0004.html

Kernel release: 2.6.30.1-rc2
http://www.linux.org/news/2009/07/01/0003.html

Canonical offers tech support for clouds
http://www.linux.org/news/2009/07/01/0002.html

Red Hat To Certify Linux Apps For Amazon's EC2
http://www.linux.org/news/2009/07/01/0001.html

phion-SA-07/01/2009: phion airlock Web Application Firewall:
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29711

AppWall-SA-07/01/2009: radware AppWall Web Application Firewall: Source code disclosure
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29712

Hyberguard-SA-07/01/2009: Artofdefence Hyperguard Web Application Firewall: Remote Denial of Service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29713

VMSA-2009-0008: ESX Service Console update for krb5
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29714

VMSA-2009-0008 ESX Service Console update for krb5
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00004.html

radware AppWall Web Application Firewall: Source code disclosure on management interface
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00003.html

phion airlock Web Application Firewall: Remote Denial of Service via Management Interface (unauthenticated) and Command Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00002.html

Artofdefence Hyperguard Web Application Firewall: Remote Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00001.html

REMINDER : HITBSecConf2009 - Malaysia: Call for Papers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00000.html

Sun Solaris Network File System "nfs_portmon" Tunable Vulnerability
http://secunia.com/advisories/35672/

NetBSD update for ssh
http://secunia.com/advisories/35670/

Joomla! Cross-Site Scripting and Information Disclosure
http://secunia.com/advisories/35668/

VMware ESX Server update for krb5
http://secunia.com/advisories/35667/

Simple Machines Forum Member Awards Mod SQL Injection Vulnerability
http://secunia.com/advisories/35661/

phpMyBlockchecker Insecure Cookie Handling Vulnerability
http://secunia.com/advisories/35660/

Pidgin ICQ Web Message Denial of Service Weakness
http://secunia.com/advisories/35652/

phpMyAdmin SQL Bookmark Script Insertion Vulnerability
http://secunia.com/advisories/35649/

Gentoo update for wireshark
http://secunia.com/advisories/35648/

hyperguard "Content-Length" Denial of Service Vulnerability
http://secunia.com/advisories/35645/

BIGACE Web CMS "cmd" Local File Inclusion Vulnerability
http://secunia.com/advisories/35643/

4images Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35639/

Red Hat update for seamonkey
http://secunia.com/advisories/35633/

NetBSD hack Privilege Escalation Vulnerabilities
http://secunia.com/advisories/35631/

NetBSD update for ntp
http://secunia.com/advisories/35630/

Trillian MSN SSL Certificate Validation Security Issue
http://secunia.com/advisories/35620/

TFM MMPlayer Playlist Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/35605/

PunBB DB Management Plugin Cross-Site Request Forgery
http://secunia.com/advisories/35595/

Virtue Online Test Generator Multiple Vulnerabilities
http://secunia.com/advisories/35591/

Sun Solaris Trusted Extensions UDP Handling Denial of Service
http://secunia.com/advisories/35579/

Maarch LetterBox Multiple Security Issues
http://secunia.com/advisories/35562/

HP-UX NFS/ONCplus Unspecified Bug Lets Local Users Deny Service
http://securitytracker.com/alerts/2009/Jul/1022493.html

Solaris 'nfs_portmon' Tunable Flaw May Let Remote Users Access Files on the Target System
http://securitytracker.com/alerts/2009/Jul/1022492.html

Solaris UDP Processing Bug on Certain Solaris Trusted Extensions Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Jul/1022491.html

cPanel Input Validation Flaw in 'lastvisit.html' Lets Remote Users View Files
http://securitytracker.com/alerts/2009/Jul/1022490.html

BIGACE Include File Bug Lets Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Jul/1022489.html

NetBSD hack(6) Buffer Overflows Let Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/Jul/1022485.html

ARD-9808 DVR Card Security Camera Arbitrary Config Disclosure Vuln
http://www.milw0rm.com/exploits/9066

Green Dam Remote Change System Time Exploit
http://www.milw0rm.com/exploits/9065

AudioPLUS 2.00.215 (.pls) Local Buffer Overflow Exploit (SEH)
http://www.milw0rm.com/exploits/9070

AudioPLUS 2.00.215 (.lst & .m3u File) Local buffer Overflow (seh)
http://www.milw0rm.com/exploits/9064

MP3-Nator 2.0 (plf File) Universal Buffer Overflow Exploit (SEH)
http://www.milw0rm.com/exploits/9060

Sun Solaris NFSv4 "nfs_portmon" Unauthorized Network Access Issue
http://www.vupen.com/english/advisories/2009/1747

Sun Java System Access Manager Cross-Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/1746

Adobe Reader and Acrobat JBIG Segments 'Text Region' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35303

Adobe Reader and Acrobat Huffman-encoded JBIG2 Text Heap Overflow Vulnerability
http://www.securityfocus.com/bid/35302

Adobe Reader and Acrobat JBIG2 Filter Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35298

Adobe Reader and Acrobat Multiple Unspecified Remote Heap Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35295

Adobe Reader & Acrobat JBIG Pattern Dictionary Allocation Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35300

Adobe Reader and Acrobat JBIG 'Pattern Dictionary' Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35299

Adobe Reader and Acrobat Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35289

Adobe Reader and Acrobat TrueType Font Handling Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35296

Adobe Reader and Acrobat FlateDecode Filter Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35294

Adobe Reader and Acrobat JBIG 'Halftone Region' Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35293

Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/35274

Adobe Reader and Acrobat U3D Model Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35282

OpenSSH CBC Mode Information Disclosure Vulnerability
http://www.securityfocus.com/bid/32319

MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34409

NTP 'ntpq' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34481

NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35017

Drupal Cross-Site Scripting, Code Injection and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/35548

HP-UX NFS/ONCplus Unspecified Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35547

Joomla! Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/35544

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)