:: IT Security Neophyte Investigator's MEMO ::: 23日木曜日、先勝

2009年7月23日木曜日

23日木曜日、先勝

JVNDB-2009-001799 Microsoft Office Word における Word ドキュメントの処理に関するバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001799.html

JVNDB-2009-001798 Microsoft Office Word におけるタグの処理に関するバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001798.html

JVNDB-2009-001797 Microsoft Windows の Windows 印刷スプーラーにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001797.html

JVNDB-2009-001796 Microsoft Windows の Windows 印刷サービスにおける任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001796.html

JVNDB-2009-001795 Microsoft Windows の Windows 印刷スプーラーにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001795.html

JVNDB-2008-002156 Java Runtime Environment (JRE) における TrueType フォントファイルの処理に関する整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002156.html

JVNDB-2008-002155 Java Runtime Environment (JRE) における TrueType フォントファイルの処理に関するバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002155.html

JVNDB-2008-002151 Java Runtime Environment (JRE) における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002151.html

JVNDB-2008-002144 Sun Java Web Start および Java Plug-in における JWS キャッシュのパス名およびアプリケーションのユーザ名を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002144.html

JVNDB-2008-001941 GnuTLS libgnutls の _gnutls_x509_verify_certificate 関数における証明書の DN を偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001941.html

Thunderbird 3 Beta 3 released
http://www.mozillamessaging.com/en-US/thunderbird/early_releases/downloads/

The latest prepatch for the stable Linux kernel tree is: 2.6.31-rc4
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc4
http://www.linux.org/news/2009/07/23/0001.html

JPCERT/CC WEEKLY REPORT 2009-07-23
http://www.jpcert.or.jp/wr/2009/wr092801.html

大量データの検索処理性能を画期的に向上させる「Sybase IQ 15.1」をベースとしたDWHソリューションの共同展開
http://www.sybase.jp/detail?id=1064967

+ GCC 4.4.1 released
http://gcc.gnu.org/gcc-4.4/
http://gcc.gnu.org/gcc-4.4/changes.html#4.4.1

- Linux Kernel 'tun_chr_pool()' NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/35724

[ANNOUNCE] Open Source Database Magazine Issue One Released!!
http://www.osdbzine.net/

[ANNOUNCE] psqlODBC 08.04.0100 Release
http://psqlodbc.projects.postgresql.org/release.html

Beijing Perl Workshop, September 19th, 2009
http://use.perl.org/article.pl?sid=09/07/20/100231&from=rss

Testing needed for all-new Strawberry July Release Candidate
http://use.perl.org/articles/09/07/17/1912238.shtml

Major update to perldoc.perl.org
http://use.perl.org/articles/09/07/17/1910212.shtml

Three or more snapshots scheduled to start simultaneously created with the Storage Foundation for Windows (SFW) 5.1 VSS Snapshot Scheduler Wizard fail to execute.
http://seer.entsupport.symantec.com/docs/328449.htm

Solution 264328: SUN ALERT WEEKLY SUMMARY REPORT - Week of 12-Jul-2009 to 18-Jul-2009
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264328-1

Debian : New evolution-data-server packages fix regression
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29864

Red Hat : Critical: firefox security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29865

Red Hat : Critical: seamonkey security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29866

Red Hat : Important: tomcat security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29867

Foundstone : mChek 3.4 Information Disclosure
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29869

Akamai Technologies Security Advisory 2009-0001 (Download Manager)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00165.html

Phorum : Permanent Cross-Site Scripting Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00164.html

[USN-798-1] Firefox and Xulrunner vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00163.html

[security bulletin] HPSBUX02437 SSRT090038 rev.1 - HP-UX Running XNTP, Remote Execution of Arbitrary Code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00158.html

Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00156.html

Need information, for MPlayer demux_open_vqf TwinVQ File Handling Buffer Overflow CVE-2008-5616
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00159.html

RainbowCrack 1.4 is released - The Time-Memory Tradeoff Hash Cracker
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00154.html

Re[8]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00155.html

Re[6]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00162.html

Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-07/msg00160.html

「PDFウイルスは簡単に作れる」、ユーザーはAdobe Readerの更新を
ウイルス作成ツールが流通、悪用される脆弱性は2008年2月に報告済み
http://itpro.nikkeibp.co.jp/article/NEWS/20090723/334269/?ST=security

RHBA-2009:1165-1: ksh bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1165.html

PUBLIC ADVISORY: 07.22.09: Akamai Download Manager Stack Buffer Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=813

YA0D (Yet Another 0-Day) in Adobe Flash player
http://isc.sans.org/diary.html?storyid=6847

Vulnerability in dhclient - Check Your Vendor For Patches
http://isc.sans.org/diary.html?storyid=6850

DD-WRT Vulnerability
http://isc.sans.org/diary.html?storyid=6853

Vulnerability Note VU#259425: Adobe Flash Player vulnerability
http://www.kb.cert.org/vuls/id/259425

Red Hat update for seamonkey
http://secunia.com/advisories/35947/

WordPress Comment Author Script Insertion Vulnerability
http://secunia.com/advisories/35946/

HP-UX XNTP Multiple Vulnerabilities
http://secunia.com/advisories/35945/

Red Hat update for firefox
http://secunia.com/advisories/35944/

Mozilla Thunderbird Multiple Vulnerabilities
http://secunia.com/advisories/35943/

Red Hat update for tomcat
http://secunia.com/advisories/35942/

phpDirectorySource SQL Injection and Cross-Site Scripting
http://secunia.com/advisories/35941/

Meta Search Engine Script File Disclosure Vulnerability
http://secunia.com/advisories/35939/

stftp "p_header()" Buffer Overflow Vulnerability
http://secunia.com/advisories/35934/

PDFedit Xpdf JBIG2 Processing Multiple Vulnerabilities
http://secunia.com/advisories/35920/

WinMod ".lst" Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/35917/

ZNC DCC Send Directory Traversal Vulnerability
http://secunia.com/advisories/35916/

Mozilla Firefox Multiple Vulnerabilities
http://secunia.com/advisories/35914/

Classified Linktrader Script "slctCategories" SQL Injection
http://secunia.com/advisories/35904/

Paypal Shopping Cart Script Two Vulnerabilities
http://secunia.com/advisories/35894/

Hutscripts PHP Website Script Cross-Site Scripting and SQL Injection
http://secunia.com/advisories/35893/

Hotscripts Type PHP Clone Script "msg" Cross-Site Scripting
http://secunia.com/advisories/35892/

S.T.A.L.K.E.R.: Clear Sky Nickname Processing Denial of Service
http://secunia.com/advisories/35890/

MyDLstore Pixel Ad Script "order_id" SQL Injection
http://secunia.com/advisories/35862/

CJ Dynamic Poll Pro Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35799/

Snitz Forums 2000 "Email" SQL Injection Vulnerability
http://secunia.com/advisories/35733/

phpGroupWare Multiple Vulnerabilities
http://secunia.com/advisories/35519/

RainbowCrack 1.4 is released
http://project-rainbowcrack.com/

WordPress Input Validation Flaw in Comment Author URLs Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/Jul/1022589.html

Mozilla Firefox Bugs in JavaScript Engine and Browser Engine Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Jul/1022585.html

Adobe Acrobat and Adobe Flash Remote Code Execution
http://www.iss.net/threats/336.html

Adobe Acrobat/Reader and Flash Player Code Execution Vulnerability
http://www.vupen.com/english/advisories/2009/1986

Akamai Download Manager Redswoosh Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1985

HP-UX Security Update Fixes XNTP Buffer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2009/1984

CJ Dynamic Poll URL Processing Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/1983

Meta Search Engine "url" Remote File Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/1982

Million Pixel Ad "order_id" Parameter Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/1981

Classified Linktrader "slctCategories" SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/1980

HotScripts Clone "msg" Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/1979

Hutscripts SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/1978

Shopping Cart Selling Script SQL Injection and Cross Site Scripting Issues
http://www.vupen.com/english/advisories/2009/1977

phpDirectorySource SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/1976

Mozilla Products Memory Corruption and Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2009/1972

WINMOD 1.4 (.lst) Universal Buffer Overflow Exploit (SEH) #2
http://www.milw0rm.com/exploits/9229

Mozilla Firefox Unicode Data Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35707

Mozilla Firefox 3.5 'TraceMonkey' Component Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35660

Mozilla Firefox and Thunderbird RDF File Handling Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35775

wxWidgets 'wxImage::Create()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35552

Mozilla Firefox/Thunderbird Double Frame Construction Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/35770

Mozilla Firefox 'setTimeout()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35766

Mozilla Firefox 'watch()' and ' __defineSetter__ ()' Functions Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35772

Mozilla Firefox 'XPCCrossOriginWrapper' Multiple Cross Domain Scripting Vulnerabilities
http://www.securityfocus.com/bid/35773

Adobe Acrobat, Reader, and Flash Player Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35759

RETIRED: Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities
http://www.securityfocus.com/bid/35758

Mozilla Firefox and Thunderbird Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35769

Mozilla Firefox Flash Player Unloading Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35767

Mozilla Firefox and Thunderbird Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/35765

Microsoft Publisher Object Handler Data Pointer Dereference Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35599

Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability
http://www.securityfocus.com/bid/35186

DD-WRT Web Management Interface Remote Arbitrary Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/35742

Perl IO::Socket::SSL 'verify_hostname_of_cert()' Security Bypass Vulnerability
http://www.securityfocus.com/bid/35587

Pango 'pango_glyph_string_set_size()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/34870

NetBSD 'hack(6)' Multiple Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/35542

NTP 'ntpq' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34481

NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35017

GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100

Evolution Data Server 'ntlm_challenge()' Memory Contents Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34109

GNOME Evolution S/MIME Email Signature Verification Vulnerability
http://www.securityfocus.com/bid/33720

Linux Kernel 'tun_chr_pool()' NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/35724

Xpdf JBIG2 Processing Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34568

Apache Tomcat XML Parser Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35416

Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
http://www.securityfocus.com/bid/35196

Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35263

Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/27706

Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
http://www.securityfocus.com/bid/35193

S.T.A.L.K.E.R. Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/29723

OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/35001

OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35138

Akamai Download Manager ActiveX Control Redswoosh Download Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35778

Phorum Multiple BBCode HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/35777

Snitz Forums 2000 'register.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/35764

Drupal Bubbletimer Create Timesheets HTML Injection Vulnerability
http://www.securityfocus.com/bid/35763

S.T.A.L.K.E.R. Clear Sky Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35762

phpGroupWare Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/35761

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)