【入札公告】「重要インフラ制御システムの脆弱性低減と普及施策に関する調査」に係る一般競争入札
http://www.ipa.go.jp/security/kobo/21fy/cip/index.html
【入札公告】「国内外の自動車の情報セキュリティ動向と意識向上策に関する調査」に係る一般競争入札
http://www.ipa.go.jp/security/kobo/21fy/emb_sec/index.html
+ Postfix 2.6.5, 2.5.9, 2.4.13, 2.3.19 released
http://mirror.postfix.jp/postfix-release/index.html
http://mirror.postfix.jp/postfix-release/official/postfix-2.6.5.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.5.9.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.4.13.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.3.19.HISTORY
http://www.postfix.org/announcements/postfix-2.6.5.html
http://www.postfix.org/announcements/postfix-2.5.9.html
Linux kernel: next-20090828 released
http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=summary
Linux kernel: snapshot: 2.6.31-rc8-git1 released
http://www.kernel.org/diff/diffview.cgi?file=/pub/linux/kernel//v2.6/snapshots/patch-2.6.31-rc8-git1.bz2
Linux kernel: mainline: 2.6.31-rc8 released
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc8
Slackware Linux 13 released
http://www.linux.org/news/2009/08/28/0007.html
Aussies give open source golden crumbs from Microsoft table
http://www.linux.org/news/2009/08/28/0006.html
Sony explains PS3 Slim's loss of Linux option
http://www.linux.org/news/2009/08/28/0005.html
10 Common Mistakes Made by New Linux Administrators
http://www.linux.org/news/2009/08/28/0004.html
Novell's Linux revenue soars 22 percent, while everything else tanks
http://www.linux.org/news/2009/08/28/0003.html
Is the Linux Desktop Too Much Like Windows, Mac OS X?
http://www.linux.org/news/2009/08/28/0002.html
MySQL 5.1.38 (Not yet released)
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-38.html
MySQL 6.0.12 (Not yet released)
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-12.html
Refresh Pack 7.0.1.0 for WebSphere MQ V7.0
http://www-01.ibm.com/support/docview.wss?rs=171&context=SSFKSJ&context=SSEP7X&dc=D600&uid=swg21395926&loc=en_US&cs=UTF-8&lang=en
Solution 266429: A Security Vulnerability in the Sun Java System Web Server Related to Handling of Dynamic Content May Lead to Unauthorized Information Disclosure
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266429-1
Solution 255308: A Security Vulnerability May Allow Popup Windows to Appear Through the Solaris XScreenSaver Program
http://sunsolve.sun.com/search/document.do?assetkey=1-66-255308-1
Red Hat : Critical: java-1.5.0-ibm security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30260
SuSE : security-announce SUSE Security Announcement: Linux kernel
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30258
史上初の「盗聴ウイルス」が出現、Skypeユーザーを狙う
PC上で暗号化前と復号後の音声データを記録、広くは出回っていない
http://itpro.nikkeibp.co.jp/article/NEWS/20090828/336200/?ST=security
RSAセキュリティがフィッシング対策の新サービス,トロイの木馬対策を国内提供
http://itpro.nikkeibp.co.jp/article/NEWS/20090828/336180/?ST=security
Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00253.html
[ MDVSA-2009:222 ] squirrelmail
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00254.html
Team SHATTER Security Advisory: Buffer Overflow in Resource Manager of Oracle Database - Plan na
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00252.html
SUSE update for kernel
http://secunia.com/advisories/36510/
Red Hat update for java-1.5.0-ibm
http://secunia.com/advisories/36507/
Ubuntu update for mono
http://secunia.com/advisories/36494/
Uiga Church Portal "year" and "month" SQL Injection Vulnerabilities
http://secunia.com/advisories/36479/
Joomla DigiFolio Component "id" SQL Injection Vulnerability
http://secunia.com/advisories/36478/
FreeBSD ftpd chroot Security Bypass Security Issue
http://secunia.com/advisories/36353/
How do I recover from.....?
http://isc.sans.org/diary.html?storyid=7036
Immunet Protect - Cloud and Community Malware Protection
http://isc.sans.org/diary.html?storyid=7033
QuarkMail "tf" Parameter Processing Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2009/2460
Danneo CMS "comtitle" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2459
Uiga Church Portal "year" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2458
DigiFolio for Joomla "id" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2457
WP-Syntax for WordPress "test_filter[wp_head]" Code Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2456
Linux Kernel "*_getname()" Functions Memory Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/2455
IBM Tivoli Access Manager for Enterprise Single Sign-On Vulnerability
http://www.vupen.com/english/advisories/2009/2454
Drupal Go - url redirects Code Execution and Cross Site Scripting Issues
http://www.vupen.com/english/advisories/2009/2453
Drupal Ajax Table Module Access Bypass and Cross Site Scripting
http://www.vupen.com/english/advisories/2009/2452
libmikmod Multiple Sound Channel Media Playback Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/33235
libmikmod '.XM' File Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/33240
Adobe ColdFusion Double-Encoded NULL Character Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36096
Adobe JRun Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/36050
Sun VirtualBox Host Operating System Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35960
Adobe JRun 'logviewer.jsp' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/36047
Microsoft Internet Explorer 8 Denial of Service Vulnerability
http://www.securityfocus.com/bid/35941
SAP Business One 2005 License Manager 'NT_Naming_Service.exe' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35933
eAccelerator 'encoder.php' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35917
Arab Portal 'forum.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/35914
Oracle Config Management CVE-2009-1967 Multiple SQL-injection Vulnerabilities
http://www.securityfocus.com/bid/35692
Oracle Config Management CVE-2009-1966 SQL-injection Vulnerability
http://www.securityfocus.com/bid/35676
Multiple Browser HTTP Resource in HTTPS Context Security Bypass Vulnerability
http://www.securityfocus.com/bid/35403
OpenSC 'pkcs11-tool' Insecure Key Generation Vulnerability
http://www.securityfocus.com/bid/34884
Sun Solaris XScreenSaver Popup Windows Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35964
Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36097
Audacity 'lib-src/allegro/strparse.cpp' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33090
Compface '.xbm' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35863
GnuTLS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35952
Agares Media Arcadem Pro 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/36069
OpenAutoClassifieds 'paycalc.php' Path Disclosure Vulnerability
http://www.securityfocus.com/bid/36175
OpenAutoClassifieds Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/36174
OpenAutoClassifieds SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/36173
Autonomy KeyView Module Excel Document Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36042
WordPress 'cat' Parameter Directory Traversal Vulnerability
http://www.securityfocus.com/bid/28845
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35888
Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/25316
Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35891
Sun Java Runtime Environment Audio System Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35939
Sun Java Runtime Environment Proxy Mechanism Implementation Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/35943
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
Sun Java Runtime Environment Unpack200 JAR Unpacking Utility Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35944
Oracle April 2009 Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/34461
Sun Java System Web Server '.jsp' File Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35577
Xerox WorkCentre Web Services Extensible Interface Platform Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/36177
Kaspersky Products URI Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/36084
Sun ONE/iPlanet Web Server HTTP TRACE Credential Theft Vulnerability
http://www.securityfocus.com/bid/9561
Linux Kernel 'udp_sendmsg()' MSG_MORE Flag Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36108
Linux Kernel Multiple Protocols Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36176
2009年8月31日月曜日
2009年8月28日金曜日
28日 金曜日、先負
[Announce] Release of Apache MyFaces Trinidad 1.2.12
http://myfaces.apache.org/trinidad/download.html
JVNDB-2008-002419 Python における複数のモジュールに関する整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002419.html
JVNDB-2009-001944 Squid における不正なリクエストに関するサービス運用妨害 (DoS) 脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001944.html
JVNDB-2009-001943 Squid におけるバウンドチェックの処理に関するサービス運用妨害 (DoS) 脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001943.html
JVNDB-2009-001942 Sun Solaris の Solaris Auditing サブシステムにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001942.html
JVNDB-2008-001663 LibTIFF の tif_lzw.c におけるバッファアンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001663.html
Kernel release: 2.6.31-rc8
http://www.linux.org/news/2009/08/28/0001.html
Solaris sockfs HTTP Request Processing Bug Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Aug/1022784.html
+ Solution 265888: Security Vulnerability in Solaris sockfs Related to HTTP Request Handling May Allow Remote Users to Panic Web Servers Resulting in a Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265888-1
http://secunia.com/advisories/36436/
http://www.vupen.com/english/advisories/2009/2447
http://www.securityfocus.com/bid/36169
+ RHSA-2009:1233-1: Important: kernel security update
http://rhn.redhat.com/errata/RHSA-2009-1233.html
+ Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35929
- Support for WebSphere MQ V7.0.1 multi-instance queue managers on i5/OS and Solaris
http://www-01.ibm.com/support/docview.wss?rs=171&context=SSFKSJ&context=SSEP7X&dc=D600&uid=swg21398427&loc=en_US&cs=UTF-8&lang=en
Solution 200171: Sun ONE/iPlanet Web Server Enable HTTP TRACE Method by Default
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200171-1
NHIN code-a-thon may change government attitude toward open source
http://www.linux.org/news/2009/08/27/0005.html
Why do Linux and open source lovers give Apple a free ride?
http://www.linux.org/news/2009/08/27/0004.html
linux-for-education.org = a huge resource
http://www.linux.org/news/2009/08/27/0003.html
Windows Loses Money, Linux Nears the $1 Billion Mark
http://www.linux.org/news/2009/08/27/0002.html
Nokia ‘in new bid to take on iPhone by using Linux’
http://www.linux.org/news/2009/08/27/0001.html
Why Linux and open source matters for small businesses and schools
http://www.linux.org/news/2009/08/26/0002.html
SCO vs. Linux: Former chief US district judge appointed as trustee
http://www.linux.org/news/2009/08/26/0001.html
New trial means Unix ownership still up for debate
http://www.linux.org/news/2009/08/25/0002.html
SCO wins Unix copyright appeal. Trouble for Linux?
http://www.linux.org/news/2009/08/25/0001.html
Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20090818-bgp.shtml
Document ID: 330329: Filesystem corruption is seen on volumes after performing a 'Disk Evacuate' or 'Hot Relocation' operation in Storage Foundation for Windows (SFW) 5.1.
http://support.veritas.com/docs/330329
Document ID: 330262: When replicating data using the VVR option in SFW 5.0 RP1a, a server crash (BSOD) or hang can occur when replication attempts to reinitialize following an outage. This is normally seen immediately following an import of the Diskgroup or after the cluster software (SFW-HA / MSCS) starts and brings the VVR resources online.
http://support.veritas.com/docs/330262
Document ID: 330044: How to manually remove Veritas Volume Shadow Copy provider installed by Storage Foundation for Windows 4.3 (SFW)
http://support.veritas.com/docs/330044
Document ID: 329924: Filesystem corruption is seen on volumes after performing a 'Disk Evacuate' or 'Hot Relocation' operation in Storage Foundation for Windows (SFW) 5.1.
http://support.veritas.com/docs/329924
[SECURITY] [DSA 1871-2] New wordpress packages fix regression
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00251.html
信頼できるWebサイトに専用マーク,ベリサインが2010年に新サービス
http://itpro.nikkeibp.co.jp/article/NEWS/20090827/336122/?ST=security
Debian : New wordpress packages fix regression
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30253
Debian : New xulrunner packages fix spoofing vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30254
Debian : New nss packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30255
Independent Researcher : Multiple security issues in Open Auto Classifieds version <= 1.5.9 http://www.criticalwatch.com/support/security-advisories.aspx?AID=30257
RHBA-2009:1234-1: new package: v7
http://rhn.redhat.com/errata/RHBA-2009-1234.html
Drupal Go - url redirects Module Multiple Vulnerabilities
http://secunia.com/advisories/36503/
Symantec Altiris Deployment Solution Multiple Vulnerabilities
http://secunia.com/advisories/36502/
Fedora update for kernel
http://secunia.com/advisories/36501/
Cisco Unified Communications Manager Denial of Service Vulnerabilities
http://secunia.com/advisories/36499/
Cisco Unified Communications Manager Denial of Service Vulnerabilities
http://secunia.com/advisories/36498/
Drupal Ajax Table Module Cross-Site Scripting and Security Bypass
http://secunia.com/advisories/36497/
Red Hat update for gnutls
http://secunia.com/advisories/36496/
Cisco Unified Communications Manager SIP Header Denial of Service
http://secunia.com/advisories/36495/
Symantec Products Internet Email Scanning Denial of Service
http://secunia.com/advisories/36493/
Back In Time Backup Removal Insecure File Permissions
http://secunia.com/advisories/36492/
Affiliate Master "search" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/36491/
Auction RSS Content Script "id" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/36490/
DigiOz Guestbook "search_term" Cross-Site Scripting
http://secunia.com/advisories/36489/
Pirates of The Caribbean "x" and "y" SQL Injection Vulnerabilities
http://secunia.com/advisories/36488/
LinkorCMS "searchstr" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/36487/
IBM Tivoli Access Manager for Enterprise Single Sign-On Information Disclosure
http://secunia.com/advisories/36486/
JCE-Tech PHP Calendars "search" Cross-Site Scripting
http://secunia.com/advisories/36484/
PHP Video Script "key" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/36483/
JCE-Tech SearchFeed Script "search" Cross-Site Scripting
http://secunia.com/advisories/36482/
Stand Alone Arcade "cat" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/36481/
VideoGirls Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/36480/
RASH Quote Management System SQL Injection Vulnerabilities
http://secunia.com/advisories/36477/
phpSANE "file_save" File Inclusion Vulnerability
http://secunia.com/advisories/36476/
bingo!CMS Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/36458/
OpenAutoClassifieds Multiple Vulnerabilities
http://secunia.com/advisories/36455/
TFTPUtil GET Request Denial of Service Vulnerability
http://secunia.com/advisories/36447/
Linux Kernel ".getname" Information Disclosure
http://secunia.com/advisories/36438/
Sun Solaris "sockfs" Module HTTP Requests Denial of Service
http://secunia.com/advisories/36436/
Debian update for xulrunner
http://secunia.com/advisories/36435/
Debian update for nss
http://secunia.com/advisories/36434/
Wap-motor "image" File Disclosure Vulnerability
http://secunia.com/advisories/36416/
SmartyPaginate "next" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/36364/
Symantec Client Security E-mail Processing Flaw Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Aug/1022783.html
Symantec Anti Virus E-mail Processing Flaw Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Aug/1022782.html
Norton Internet Security E-mail Processing Flaw Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Aug/1022781.html
Norton Anti-Virus E-mail Processing Flaw Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Aug/1022780.html
Microsoft Office Web Components 2000 Buffer Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/5SP0L20S0C.html
Cisco Unified Communications Manager Denial of Service Vulnerabilities
http://www.securiteam.com/unixfocus/5TP0M20S0A.html
Autonomy KeyView Excel File SST Parsing Integer Overflow Vulnerability
http://www.securiteam.com/unixfocus/5UP0N20S0Y.html
Open Auto Classifieds SQL Injection XSS and Filepath Disclosure
http://www.securiteam.com/unixfocus/5VP0O20S0A.html
Adobe Flex 3.3 SDK DOM-Based XSS
http://www.securiteam.com/securitynews/5WP0P20S0C.html
Symantec Altiris Deployment Solution Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2009/2450
Symantec Products Email Message Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/2449
Cisco Unified Communications Manager Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/2448
Sun Solaris "sockfs" HTTP Request Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/2447
RASH Quote Management System (RQMS) SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2446
JCE-Tech Affiliate Master Script "search" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2445
JCE-Tech Auction RSS Content Script "id" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2444
DigiOz Guestbook "search_term" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2443
Pirates of The Caribbean "y" and "x" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2442
JCE-Tech PHP Calendars Script "search" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2441
JCE-Tech PHP Video Script "key" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2440
JCE-Tech SearchFeed Script "search" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2439
Stand Alone Arcade "cat" Parameter Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2438
VideoGirls BiZ Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/2437
phpSANE "file_save" Parameter Remote File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2009/2436
Allomani 2007 "cat" Parameter Parameter SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2435
PAD Site Scripts SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/2434
Open Auto Classifieds File Upload and SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2009/2433
Discuz! Plugin Crazy Star "fmid" Parameter SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2432
TotalCalendar SQL Injection and Local File Inclusion Vulnerabilities
http://www.vupen.com/english/advisories/2009/2431
Moa Gallery Remote File Inclusion and File Disclosure Vulnerabilities
http://www.vupen.com/english/advisories/2009/2430
TFTPUtil Request Processing Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/2429
Sun Java System Access Manager Debug Files Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35963
Sun Java System Access Manager CDCServlet Component Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35961
Apple GarageBand Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35926
Thunderstone TEXIS Path Disclosure Vulnerability
http://www.securityfocus.com/bid/4035
Thunderstone TEXIS 'texis.exe' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/7105
Bugzilla 'show_bug.cgi' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35916
Google SketchUp '.skp' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35911
Mobilelib Gold Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/35910
Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36038
IBM Tivoli Identity Manager Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/35566
Linux Kernel 'udp_sendmsg()' MSG_MORE Flag Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36108
Mozilla Firefox 'nsViewManager.cpp' Denial of Service Vulnerability
http://www.securityfocus.com/bid/35413
Multiple Browsers Web Proxy Redirect Handling Man In The Middle Vulnerability
http://www.securityfocus.com/bid/35412
Mozilla Firefox and SeaMonkey Address Bar URI Spoofing Vulnerability
http://www.securityfocus.com/bid/35388
Mozilla Firefox/Thunderbird/SeaMonkey 'file://' URI Security Bypass Vulnerability
http://www.securityfocus.com/bid/35386
Mozilla Firefox and SeaMonkey JavaScript Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35373
Mozilla Firefox 'NPObject' Access Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35360
Mozilla Firefox Large GIF File Background Denial of Service Vulnerability
http://www.securityfocus.com/bid/35280
Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34663
Linux Kernel 'clear_child_tid()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/35930
Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35929
Linux Kernel with SELinux 'mmap_min_addr' Low Memory NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36051
Linux Kernel 'fs/proc/base.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36019
Sphider 'conf.php' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/36170
PHP-Fusion Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36171
PHP-Fusion 'downloads.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/36167
TurnkeyForms Web Hosting Directory Login SQL Injection Vulnerability
http://www.securityfocus.com/bid/36166
WordPress Plugin WP-Syntax Remote PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/36040
Joomla! DigiFolio Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36172
VideoGirls Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/36168
Sun Solaris 'sockfs' Kernel Module Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36169
http://myfaces.apache.org/trinidad/download.html
JVNDB-2008-002419 Python における複数のモジュールに関する整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002419.html
JVNDB-2009-001944 Squid における不正なリクエストに関するサービス運用妨害 (DoS) 脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001944.html
JVNDB-2009-001943 Squid におけるバウンドチェックの処理に関するサービス運用妨害 (DoS) 脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001943.html
JVNDB-2009-001942 Sun Solaris の Solaris Auditing サブシステムにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001942.html
JVNDB-2008-001663 LibTIFF の tif_lzw.c におけるバッファアンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001663.html
Kernel release: 2.6.31-rc8
http://www.linux.org/news/2009/08/28/0001.html
Solaris sockfs HTTP Request Processing Bug Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Aug/1022784.html
+ Solution 265888: Security Vulnerability in Solaris sockfs Related to HTTP Request Handling May Allow Remote Users to Panic Web Servers Resulting in a Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265888-1
http://secunia.com/advisories/36436/
http://www.vupen.com/english/advisories/2009/2447
http://www.securityfocus.com/bid/36169
+ RHSA-2009:1233-1: Important: kernel security update
http://rhn.redhat.com/errata/RHSA-2009-1233.html
+ Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35929
- Support for WebSphere MQ V7.0.1 multi-instance queue managers on i5/OS and Solaris
http://www-01.ibm.com/support/docview.wss?rs=171&context=SSFKSJ&context=SSEP7X&dc=D600&uid=swg21398427&loc=en_US&cs=UTF-8&lang=en
Solution 200171: Sun ONE/iPlanet Web Server Enable HTTP TRACE Method by Default
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200171-1
NHIN code-a-thon may change government attitude toward open source
http://www.linux.org/news/2009/08/27/0005.html
Why do Linux and open source lovers give Apple a free ride?
http://www.linux.org/news/2009/08/27/0004.html
linux-for-education.org = a huge resource
http://www.linux.org/news/2009/08/27/0003.html
Windows Loses Money, Linux Nears the $1 Billion Mark
http://www.linux.org/news/2009/08/27/0002.html
Nokia ‘in new bid to take on iPhone by using Linux’
http://www.linux.org/news/2009/08/27/0001.html
Why Linux and open source matters for small businesses and schools
http://www.linux.org/news/2009/08/26/0002.html
SCO vs. Linux: Former chief US district judge appointed as trustee
http://www.linux.org/news/2009/08/26/0001.html
New trial means Unix ownership still up for debate
http://www.linux.org/news/2009/08/25/0002.html
SCO wins Unix copyright appeal. Trouble for Linux?
http://www.linux.org/news/2009/08/25/0001.html
Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20090818-bgp.shtml
Document ID: 330329: Filesystem corruption is seen on volumes after performing a 'Disk Evacuate' or 'Hot Relocation' operation in Storage Foundation for Windows (SFW) 5.1.
http://support.veritas.com/docs/330329
Document ID: 330262: When replicating data using the VVR option in SFW 5.0 RP1a, a server crash (BSOD) or hang can occur when replication attempts to reinitialize following an outage. This is normally seen immediately following an import of the Diskgroup or after the cluster software (SFW-HA / MSCS) starts and brings the VVR resources online.
http://support.veritas.com/docs/330262
Document ID: 330044: How to manually remove Veritas Volume Shadow Copy provider installed by Storage Foundation for Windows 4.3 (SFW)
http://support.veritas.com/docs/330044
Document ID: 329924: Filesystem corruption is seen on volumes after performing a 'Disk Evacuate' or 'Hot Relocation' operation in Storage Foundation for Windows (SFW) 5.1.
http://support.veritas.com/docs/329924
[SECURITY] [DSA 1871-2] New wordpress packages fix regression
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00251.html
信頼できるWebサイトに専用マーク,ベリサインが2010年に新サービス
http://itpro.nikkeibp.co.jp/article/NEWS/20090827/336122/?ST=security
Debian : New wordpress packages fix regression
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30253
Debian : New xulrunner packages fix spoofing vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30254
Debian : New nss packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30255
Independent Researcher : Multiple security issues in Open Auto Classifieds version <= 1.5.9 http://www.criticalwatch.com/support/security-advisories.aspx?AID=30257
RHBA-2009:1234-1: new package: v7
http://rhn.redhat.com/errata/RHBA-2009-1234.html
Drupal Go - url redirects Module Multiple Vulnerabilities
http://secunia.com/advisories/36503/
Symantec Altiris Deployment Solution Multiple Vulnerabilities
http://secunia.com/advisories/36502/
Fedora update for kernel
http://secunia.com/advisories/36501/
Cisco Unified Communications Manager Denial of Service Vulnerabilities
http://secunia.com/advisories/36499/
Cisco Unified Communications Manager Denial of Service Vulnerabilities
http://secunia.com/advisories/36498/
Drupal Ajax Table Module Cross-Site Scripting and Security Bypass
http://secunia.com/advisories/36497/
Red Hat update for gnutls
http://secunia.com/advisories/36496/
Cisco Unified Communications Manager SIP Header Denial of Service
http://secunia.com/advisories/36495/
Symantec Products Internet Email Scanning Denial of Service
http://secunia.com/advisories/36493/
Back In Time Backup Removal Insecure File Permissions
http://secunia.com/advisories/36492/
Affiliate Master "search" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/36491/
Auction RSS Content Script "id" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/36490/
DigiOz Guestbook "search_term" Cross-Site Scripting
http://secunia.com/advisories/36489/
Pirates of The Caribbean "x" and "y" SQL Injection Vulnerabilities
http://secunia.com/advisories/36488/
LinkorCMS "searchstr" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/36487/
IBM Tivoli Access Manager for Enterprise Single Sign-On Information Disclosure
http://secunia.com/advisories/36486/
JCE-Tech PHP Calendars "search" Cross-Site Scripting
http://secunia.com/advisories/36484/
PHP Video Script "key" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/36483/
JCE-Tech SearchFeed Script "search" Cross-Site Scripting
http://secunia.com/advisories/36482/
Stand Alone Arcade "cat" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/36481/
VideoGirls Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/36480/
RASH Quote Management System SQL Injection Vulnerabilities
http://secunia.com/advisories/36477/
phpSANE "file_save" File Inclusion Vulnerability
http://secunia.com/advisories/36476/
bingo!CMS Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/36458/
OpenAutoClassifieds Multiple Vulnerabilities
http://secunia.com/advisories/36455/
TFTPUtil GET Request Denial of Service Vulnerability
http://secunia.com/advisories/36447/
Linux Kernel ".getname" Information Disclosure
http://secunia.com/advisories/36438/
Sun Solaris "sockfs" Module HTTP Requests Denial of Service
http://secunia.com/advisories/36436/
Debian update for xulrunner
http://secunia.com/advisories/36435/
Debian update for nss
http://secunia.com/advisories/36434/
Wap-motor "image" File Disclosure Vulnerability
http://secunia.com/advisories/36416/
SmartyPaginate "next" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/36364/
Symantec Client Security E-mail Processing Flaw Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Aug/1022783.html
Symantec Anti Virus E-mail Processing Flaw Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Aug/1022782.html
Norton Internet Security E-mail Processing Flaw Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Aug/1022781.html
Norton Anti-Virus E-mail Processing Flaw Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Aug/1022780.html
Microsoft Office Web Components 2000 Buffer Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/5SP0L20S0C.html
Cisco Unified Communications Manager Denial of Service Vulnerabilities
http://www.securiteam.com/unixfocus/5TP0M20S0A.html
Autonomy KeyView Excel File SST Parsing Integer Overflow Vulnerability
http://www.securiteam.com/unixfocus/5UP0N20S0Y.html
Open Auto Classifieds SQL Injection XSS and Filepath Disclosure
http://www.securiteam.com/unixfocus/5VP0O20S0A.html
Adobe Flex 3.3 SDK DOM-Based XSS
http://www.securiteam.com/securitynews/5WP0P20S0C.html
Symantec Altiris Deployment Solution Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2009/2450
Symantec Products Email Message Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/2449
Cisco Unified Communications Manager Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/2448
Sun Solaris "sockfs" HTTP Request Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/2447
RASH Quote Management System (RQMS) SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2446
JCE-Tech Affiliate Master Script "search" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2445
JCE-Tech Auction RSS Content Script "id" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2444
DigiOz Guestbook "search_term" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2443
Pirates of The Caribbean "y" and "x" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2442
JCE-Tech PHP Calendars Script "search" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2441
JCE-Tech PHP Video Script "key" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2440
JCE-Tech SearchFeed Script "search" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2439
Stand Alone Arcade "cat" Parameter Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2438
VideoGirls BiZ Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/2437
phpSANE "file_save" Parameter Remote File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2009/2436
Allomani 2007 "cat" Parameter Parameter SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2435
PAD Site Scripts SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/2434
Open Auto Classifieds File Upload and SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2009/2433
Discuz! Plugin Crazy Star "fmid" Parameter SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2432
TotalCalendar SQL Injection and Local File Inclusion Vulnerabilities
http://www.vupen.com/english/advisories/2009/2431
Moa Gallery Remote File Inclusion and File Disclosure Vulnerabilities
http://www.vupen.com/english/advisories/2009/2430
TFTPUtil Request Processing Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/2429
Sun Java System Access Manager Debug Files Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35963
Sun Java System Access Manager CDCServlet Component Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35961
Apple GarageBand Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35926
Thunderstone TEXIS Path Disclosure Vulnerability
http://www.securityfocus.com/bid/4035
Thunderstone TEXIS 'texis.exe' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/7105
Bugzilla 'show_bug.cgi' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35916
Google SketchUp '.skp' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35911
Mobilelib Gold Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/35910
Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36038
IBM Tivoli Identity Manager Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/35566
Linux Kernel 'udp_sendmsg()' MSG_MORE Flag Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36108
Mozilla Firefox 'nsViewManager.cpp' Denial of Service Vulnerability
http://www.securityfocus.com/bid/35413
Multiple Browsers Web Proxy Redirect Handling Man In The Middle Vulnerability
http://www.securityfocus.com/bid/35412
Mozilla Firefox and SeaMonkey Address Bar URI Spoofing Vulnerability
http://www.securityfocus.com/bid/35388
Mozilla Firefox/Thunderbird/SeaMonkey 'file://' URI Security Bypass Vulnerability
http://www.securityfocus.com/bid/35386
Mozilla Firefox and SeaMonkey JavaScript Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35373
Mozilla Firefox 'NPObject' Access Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35360
Mozilla Firefox Large GIF File Background Denial of Service Vulnerability
http://www.securityfocus.com/bid/35280
Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34663
Linux Kernel 'clear_child_tid()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/35930
Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35929
Linux Kernel with SELinux 'mmap_min_addr' Low Memory NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36051
Linux Kernel 'fs/proc/base.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36019
Sphider 'conf.php' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/36170
PHP-Fusion Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36171
PHP-Fusion 'downloads.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/36167
TurnkeyForms Web Hosting Directory Login SQL Injection Vulnerability
http://www.securityfocus.com/bid/36166
WordPress Plugin WP-Syntax Remote PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/36040
Joomla! DigiFolio Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36172
VideoGirls Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/36168
Sun Solaris 'sockfs' Kernel Module Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36169
2009年8月27日木曜日
27日 木曜日、友引
JVNDB-2009-000058 bingo!CMS core および bingo!CMS におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000058.html
JVNDB-2009-001941 Adobe Flash に脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001941.html
JVNDB-2009-001940 Mozilla Firefox の XPCCrossOriginWrapper の処理におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001940.html
JVNDB-2009-001939 Mozilla Firefox の Flash オブジェクトの処理における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001939.html
JVNDB-2009-001938 Mozilla Firefox の setTimeout 関数における任意の JavaScript を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001938.html
JVNDB-2009-001937 Mozilla Firefox の SVG 要素の処理における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001937.html
once:radix release 1.5
http://www.postgresql.org/about/news.1126
SYM09-012: Security Advisories Relating to Symantec Products - Norton AntiVirus and Symantec Client Security Email Denial of Service Vulnerability
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_01
SYM09-011: Security Advisories Relating to Symantec Products - Symantec Altiris Deployment Solution Multiple Vulnerabilities
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00
参考)Lotus Notes の Microsoft Excel ファイルビューアーにおけるバッファーオーバーフローの潜在的な脆弱性の問題
http://www-06.ibm.com/ibm/jp/security/info/lotus/si20090826a.html
JVN#68640473 bingo!CMS core および bingo!CMS におけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN68640473/index.html
Symantec Altiris Deployment Solution Multiple Flaws Let Remote Users Modify the Configuration, Execute Arbitrary Commands, and Deny Service
http://securitytracker.com/alerts/2009/Aug/1022779.html
GnuTLS NULL Character Flaw in Common Name Field Lets Remote Users Spoof Certficiates
http://securitytracker.com/alerts/2009/Aug/1022777.html
Solaris Print Service Lets Remote and Local Users Deny Service
http://securitytracker.com/alerts/2009/Aug/1022776.html
Cisco Unified Communications Manager SIP and SCCP Processing Bugs Let Remote Users Deny Service
http://securitytracker.com/alerts/2009/Aug/1022775.html
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000058.html
JVNDB-2009-001941 Adobe Flash に脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001941.html
JVNDB-2009-001940 Mozilla Firefox の XPCCrossOriginWrapper の処理におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001940.html
JVNDB-2009-001939 Mozilla Firefox の Flash オブジェクトの処理における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001939.html
JVNDB-2009-001938 Mozilla Firefox の setTimeout 関数における任意の JavaScript を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001938.html
JVNDB-2009-001937 Mozilla Firefox の SVG 要素の処理における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001937.html
once:radix release 1.5
http://www.postgresql.org/about/news.1126
SYM09-012: Security Advisories Relating to Symantec Products - Norton AntiVirus and Symantec Client Security Email Denial of Service Vulnerability
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_01
SYM09-011: Security Advisories Relating to Symantec Products - Symantec Altiris Deployment Solution Multiple Vulnerabilities
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00
参考)Lotus Notes の Microsoft Excel ファイルビューアーにおけるバッファーオーバーフローの潜在的な脆弱性の問題
http://www-06.ibm.com/ibm/jp/security/info/lotus/si20090826a.html
JVN#68640473 bingo!CMS core および bingo!CMS におけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN68640473/index.html
Symantec Altiris Deployment Solution Multiple Flaws Let Remote Users Modify the Configuration, Execute Arbitrary Commands, and Deny Service
http://securitytracker.com/alerts/2009/Aug/1022779.html
GnuTLS NULL Character Flaw in Common Name Field Lets Remote Users Spoof Certficiates
http://securitytracker.com/alerts/2009/Aug/1022777.html
Solaris Print Service Lets Remote and Local Users Deny Service
http://securitytracker.com/alerts/2009/Aug/1022776.html
Cisco Unified Communications Manager SIP and SCCP Processing Bugs Let Remote Users Deny Service
http://securitytracker.com/alerts/2009/Aug/1022775.html
+ Postfix 2.6.4, 2.5.8, 2.4.12, 2.3.18 released
http://mirror.postfix.jp/postfix-release/index.html
http://mirror.postfix.jp/postfix-release/official/postfix-2.6.4.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.5.8.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.4.12.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.3.18.HISTORY
+ Solution 264608: A Security Vulnerability in the Solaris Print Service (in.lpd(1M)) May Lead to a Denial of Service (DoS) Condition
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264608-1
http://secunia.com/advisories/36445/
http://www.vupen.com/english/advisories/2009/2417
http://www.securityfocus.com/bid/36148
+ Multiple Symantec Products Email Handling Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34670
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_01
+ Linux Kernel 'net/appletalk/ddp.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36150
[ANNOUNCE] Apache Mina SSHD 0.2.0 released
http://mina.apache.org/sshd/sshd-020.html
[ANNOUNCE] Apache Jackrabbit 2.0 alpha9 released
http://jackrabbit.apache.org/downloads.html
[ANNOUNCE] Apache Derby 10.5.3.0 released
http://db.apache.org/derby/derby_downloads.html
Solution 265688: Solaris 10 BIND Patches, T-patches and IDRs may Fail to Install in Deferred-Activation Patching (DAP) Context as a Result of Having Malformed pkgmap Files Caused by a pkgmk(1) Regression
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265688-1
Solution 247746: HIPER - S0C4 Abends May Occur After Running Consolidate/Export by VTV or Export by Management Class if Patch 132510-01 (L1H13WK) or Patch 132512-01 (L1H13WL) Are Applied
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247746-1
The latest Linux Next version of the Linux kernel is: next-20090826
http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=summary
The latest snapshot 2.6 version of the Linux kernel is: 2.6.31-rc7-git4
http://www.kernel.org/pub/linux/kernel//v2.6/snapshots/patch-2.6.31-rc7-git4.bz2
Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml
Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco Unified Communications Manager Denial of Service Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-amb-20090826-cucm.shtml
Document ID: 330268: Harddisks in failing status and mirror won't resynchronize.
http://seer.entsupport.symantec.com/docs/330268.htm
Microsoft : Microsoft Security Bulletin Major Revisions
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30242
Positive Technologies : CA Internet Security Suite Denial of Service Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30247
Debian : New dhcp3 packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30243
Hewlett-Packard : HP Tru64 UNIX or HP Tru64 Internet Express Running BIND Server, Denial of Service (DoS)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30250
iDEFENSE : Autonomy KeyView Excel File SST Parsing Integer Overflow Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30244
Independent Researcher : EesySec Personal Firewall Remote Buffer Overflow Exploit
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30249
Independent Researcher : HyperVM File Permissions Local Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30251
Louhi Networks Oy : Xerox WorkCentre multiple models Denial of Service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30248
NGSSoftware : Oracle PL/SQL Injection Flaw in REPCAT_RPC.VALIDATE_REMOTE_RC
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30245
NGSSoftware : Oracle 11g (11.1.0.6) Password Policy and Compliance
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30246
「15万台が感染、国内でも被害多数」、ウイルスツール「Zeus」の脅威
アンダーグラウンドで“大人気”、個人情報を盗むウイルスを簡単作成
http://itpro.nikkeibp.co.jp/article/NEWS/20090827/336060/?ST=security
[USN-826-1] Mono vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00250.html
[SECURITY] [DSA 1874-1] New nss packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00249.html
[SECURITY] [DSA 1873-1] New xulrunner packages fix spoofing vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00248.html
[MORNINGSTAR-2009-01] Multiple security issues in Open Auto Classifieds version <= 1.5.9 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00247.html
Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00246.html
[PT-2009-05] CA Internet Security Suite Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00244.html
RHSA-2009:1232-1: Moderate: gnutls security update
http://rhn.redhat.com/errata/RHSA-2009-1232.html
RHBA-2009:1231-1: system-config-lvm bug-fix update
http://rhn.redhat.com/errata/RHBA-2009-1231.html
Malicious CD ROMs mailed to banks
http://isc.sans.org/diary.html?storyid=7024
Oracle Secure Backup Administration Server Multiple Command Injection Vulnerabilities
http://www.securiteam.com/unixfocus/5XP0L1PS0K.html
Cisco Firewall Services Module Denial of Serevice Vulnerability
http://www.securiteam.com/unixfocus/5ZP0N1PS0O.html
VMware libpng and Apache HTTP Server Arbitrary Code and DOS vulnerability
http://www.securiteam.com/unixfocus/5YP0M1PS0M.html
Radvision Scopia Cross Site Scripting Vulnerabilities
http://www.securiteam.com/securitynews/5BP0P1PS0S.html
ScribeFire Firefox Extension Code Injection Vulnerability
http://www.securiteam.com/securitynews/5AP0O1PS0Q.html
Cisco Access Points Disclose Potentially Sensitive Information and May Let Remote Users Hijack APs
http://securitytracker.com/alerts/2009/Aug/1022774.html
Google Chrome Javascript Memory Access Error Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Aug/1022773.html
Symantec Data Loss Prevention Buffer Overflow in Autonomy KeyView Module Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Aug/1022772.html
Symantec Mail Security Buffer Overflow in Autonomy KeyView Module Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Aug/1022771.html
Symantec Brightmail Appliance Buffer Overflow in Autonomy KeyView Module Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Aug/1022770.html
ProShow Producer PSH Parsing Buffer Overflow Vulnerability
http://secunia.com/advisories/36466/
EMO Breeder Manager "idd" SQL Injection Vulnerability
http://secunia.com/advisories/36464/
Fedora update for dhcp
http://secunia.com/advisories/36457/
Cerberus FTP Server Command Processing Denial of Service
http://secunia.com/advisories/36456/
IBM Java Active Template Library Vulnerabilities
http://secunia.com/advisories/36453/
IBM Java 6 Multiple Vulnerabilities
http://secunia.com/advisories/36452/
IBM Java Multiple Vulnerabilities
http://secunia.com/advisories/36451/
ProFTP FTP Messages Buffer Overflow Vulnerability
http://secunia.com/advisories/36446/
Sun Solaris Print Service Denial of Service
http://secunia.com/advisories/36445/
Autonomy KeyView SDK XLS Processing Buffer Overflow
http://secunia.com/advisories/36422/
Symantec Products KeyView XLS Processing Buffer Overflow
http://secunia.com/advisories/36421/
Radvision SCOPIA "page" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/36420/
Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/36417/
Linux Kernel <= 2.6.30 atalk_getname() 8-bytes Stack Disclosure Exploit http://www.milw0rm.com/exploits/9521
IBM Java Multiple Code Execution and Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2009/2423
EMO Breader Manager "idd" Parameter SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2422
ProShow Producer "psh" File Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2421
Google Chrome V8 Javascript Engine Memory Read Vulnerability
http://www.vupen.com/english/advisories/2009/2420
Cisco Lightweight Access Points Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/2419
Sun Solaris Print Service Unspecified Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/2417
Symantec Products KeyView XLS Handling Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2416
Autonomy KeyView SDK XLS Handling Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2415
OpenSC PKCS#11 Implementation Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/33922
'mod_auth_mysql' Package Multibyte Character Encoding SQL Injection Vulnerability
http://www.securityfocus.com/bid/33392
Microsoft OWC ActiveX Control 'BorderAround()' Heap Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35991
Drupal Go - url redirects Multiple HTML Injection and Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/36164
PunBB 'pun_user[language]' Parameter Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/32360
Sun Virtual Desktop Infrastructure (VDI) Secure LDAP Vulnerability
http://www.securityfocus.com/bid/36043
Linux Kernel 'cmp_ies()' Remote Null Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36052
PunBB Reputation Module 'poster' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35844
WordPress Comment Author URI Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/35755
Apple Mac OS X 2009-003 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/35954
Microsoft Office Web Components ActiveX Control 'msDataSourceObject()' Code Execution Vulnerability
http://www.securityfocus.com/bid/35642
WordPress Prior to Version 2.8.3 'wp-admin' Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/35935
Microsoft Office Web Components ActiveX Control Memory Allocation Code Execution Vulnerability
http://www.securityfocus.com/bid/35990
Cerberus FTP Server 'ALLO' Command Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36134
Mono 'System.Web' HTTP Header Injection Vulnerability
http://www.securityfocus.com/bid/30867
Mono Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/30471
Drupal Ajax Table Module Security Bypass and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/36165
IBM WebSphere Application Server 'CSIv2' Security Bypass Vulnerability
http://www.securityfocus.com/bid/36163
Multiple Symantec Products Email Handling Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34670
IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35671
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35888
Mozilla Firefox Error Page Address Bar URI Spoofing Vulnerability
http://www.securityfocus.com/bid/35803
Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35891
Simple CMS 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/36162
TotalCalendar SQL Injection and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/36161
Computer Associates Internet Security Suite 'vetmonnt.sys' Denial of Service Vulnerability
http://www.securityfocus.com/bid/36077
Sun OpenSSO Enterprise XML Document Processing Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35977
IBM WebSphere Application Server SCA Security Bypass Vulnerability
http://www.securityfocus.com/bid/36159
IBM WebSphere Application Server Single Sign On Security Bypass Vulnerability
http://www.securityfocus.com/bid/36158
IBM WebSphere Application Server Migration Component Trace Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36156
IBM WebSphere Application Server for z/OS File Permission Vulnerability
http://www.securityfocus.com/bid/36157
IBM WebSphere Application Server 'ibm-portlet-ext.xmi' Security Bypass Vulnerability
http://www.securityfocus.com/bid/36155
IBM WebSphere Application Server wsadmin Security Bypass Vulnerability
http://www.securityfocus.com/bid/36153
IBM Websphere Server Weak Password Obfuscation Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36154
Symantec Altiris Deployment Solution File Transfer Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/36113
Symantec Altiris Deployment Solution Authentication Handshake Race Condition Security Vulnerability
http://www.securityfocus.com/bid/36112
Symantec Altiris Deployment Solution 'Aclient' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36111
Symantec Altiris Deployment Solution 'DBManager' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/36110
Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/36152
IBM WebSphere Commerce Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36151
Linux Kernel 'net/appletalk/ddp.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36150
Sun Java Runtime Environment Audio System Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35939
Sun Java Runtime Environment JPEG Image Handling Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35942
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
Sun Java Runtime Environment Unpack200 JAR Unpacking Utility Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35944
Sun JRE/JDK Java Web Start ActiveX Control ATL Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35945
Sun Java Runtime Environment Proxy Mechanism Implementation Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/35943
JNLPAppletLauncher Arbitrary File Creation Vulnerability
http://www.securityfocus.com/bid/35946
GnuTLS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35952
Sun Solaris Print Service (in.lpd(1M)) Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36148
libxml2 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36010
Google Chrome V8 JavaScript Engine Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36149
http://mirror.postfix.jp/postfix-release/index.html
http://mirror.postfix.jp/postfix-release/official/postfix-2.6.4.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.5.8.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.4.12.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.3.18.HISTORY
+ Solution 264608: A Security Vulnerability in the Solaris Print Service (in.lpd(1M)) May Lead to a Denial of Service (DoS) Condition
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264608-1
http://secunia.com/advisories/36445/
http://www.vupen.com/english/advisories/2009/2417
http://www.securityfocus.com/bid/36148
+ Multiple Symantec Products Email Handling Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34670
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_01
+ Linux Kernel 'net/appletalk/ddp.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36150
[ANNOUNCE] Apache Mina SSHD 0.2.0 released
http://mina.apache.org/sshd/sshd-020.html
[ANNOUNCE] Apache Jackrabbit 2.0 alpha9 released
http://jackrabbit.apache.org/downloads.html
[ANNOUNCE] Apache Derby 10.5.3.0 released
http://db.apache.org/derby/derby_downloads.html
Solution 265688: Solaris 10 BIND Patches, T-patches and IDRs may Fail to Install in Deferred-Activation Patching (DAP) Context as a Result of Having Malformed pkgmap Files Caused by a pkgmk(1) Regression
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265688-1
Solution 247746: HIPER - S0C4 Abends May Occur After Running Consolidate/Export by VTV or Export by Management Class if Patch 132510-01 (L1H13WK) or Patch 132512-01 (L1H13WL) Are Applied
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247746-1
The latest Linux Next version of the Linux kernel is: next-20090826
http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=summary
The latest snapshot 2.6 version of the Linux kernel is: 2.6.31-rc7-git4
http://www.kernel.org/pub/linux/kernel//v2.6/snapshots/patch-2.6.31-rc7-git4.bz2
Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml
Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco Unified Communications Manager Denial of Service Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-amb-20090826-cucm.shtml
Document ID: 330268: Harddisks in failing status and mirror won't resynchronize.
http://seer.entsupport.symantec.com/docs/330268.htm
Microsoft : Microsoft Security Bulletin Major Revisions
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30242
Positive Technologies : CA Internet Security Suite Denial of Service Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30247
Debian : New dhcp3 packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30243
Hewlett-Packard : HP Tru64 UNIX or HP Tru64 Internet Express Running BIND Server, Denial of Service (DoS)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30250
iDEFENSE : Autonomy KeyView Excel File SST Parsing Integer Overflow Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30244
Independent Researcher : EesySec Personal Firewall Remote Buffer Overflow Exploit
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30249
Independent Researcher : HyperVM File Permissions Local Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30251
Louhi Networks Oy : Xerox WorkCentre multiple models Denial of Service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30248
NGSSoftware : Oracle PL/SQL Injection Flaw in REPCAT_RPC.VALIDATE_REMOTE_RC
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30245
NGSSoftware : Oracle 11g (11.1.0.6) Password Policy and Compliance
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30246
「15万台が感染、国内でも被害多数」、ウイルスツール「Zeus」の脅威
アンダーグラウンドで“大人気”、個人情報を盗むウイルスを簡単作成
http://itpro.nikkeibp.co.jp/article/NEWS/20090827/336060/?ST=security
[USN-826-1] Mono vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00250.html
[SECURITY] [DSA 1874-1] New nss packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00249.html
[SECURITY] [DSA 1873-1] New xulrunner packages fix spoofing vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00248.html
[MORNINGSTAR-2009-01] Multiple security issues in Open Auto Classifieds version <= 1.5.9 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00247.html
Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00246.html
[PT-2009-05] CA Internet Security Suite Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00244.html
RHSA-2009:1232-1: Moderate: gnutls security update
http://rhn.redhat.com/errata/RHSA-2009-1232.html
RHBA-2009:1231-1: system-config-lvm bug-fix update
http://rhn.redhat.com/errata/RHBA-2009-1231.html
Malicious CD ROMs mailed to banks
http://isc.sans.org/diary.html?storyid=7024
Oracle Secure Backup Administration Server Multiple Command Injection Vulnerabilities
http://www.securiteam.com/unixfocus/5XP0L1PS0K.html
Cisco Firewall Services Module Denial of Serevice Vulnerability
http://www.securiteam.com/unixfocus/5ZP0N1PS0O.html
VMware libpng and Apache HTTP Server Arbitrary Code and DOS vulnerability
http://www.securiteam.com/unixfocus/5YP0M1PS0M.html
Radvision Scopia Cross Site Scripting Vulnerabilities
http://www.securiteam.com/securitynews/5BP0P1PS0S.html
ScribeFire Firefox Extension Code Injection Vulnerability
http://www.securiteam.com/securitynews/5AP0O1PS0Q.html
Cisco Access Points Disclose Potentially Sensitive Information and May Let Remote Users Hijack APs
http://securitytracker.com/alerts/2009/Aug/1022774.html
Google Chrome Javascript Memory Access Error Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Aug/1022773.html
Symantec Data Loss Prevention Buffer Overflow in Autonomy KeyView Module Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Aug/1022772.html
Symantec Mail Security Buffer Overflow in Autonomy KeyView Module Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Aug/1022771.html
Symantec Brightmail Appliance Buffer Overflow in Autonomy KeyView Module Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Aug/1022770.html
ProShow Producer PSH Parsing Buffer Overflow Vulnerability
http://secunia.com/advisories/36466/
EMO Breeder Manager "idd" SQL Injection Vulnerability
http://secunia.com/advisories/36464/
Fedora update for dhcp
http://secunia.com/advisories/36457/
Cerberus FTP Server Command Processing Denial of Service
http://secunia.com/advisories/36456/
IBM Java Active Template Library Vulnerabilities
http://secunia.com/advisories/36453/
IBM Java 6 Multiple Vulnerabilities
http://secunia.com/advisories/36452/
IBM Java Multiple Vulnerabilities
http://secunia.com/advisories/36451/
ProFTP FTP Messages Buffer Overflow Vulnerability
http://secunia.com/advisories/36446/
Sun Solaris Print Service Denial of Service
http://secunia.com/advisories/36445/
Autonomy KeyView SDK XLS Processing Buffer Overflow
http://secunia.com/advisories/36422/
Symantec Products KeyView XLS Processing Buffer Overflow
http://secunia.com/advisories/36421/
Radvision SCOPIA "page" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/36420/
Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/36417/
Linux Kernel <= 2.6.30 atalk_getname() 8-bytes Stack Disclosure Exploit http://www.milw0rm.com/exploits/9521
IBM Java Multiple Code Execution and Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2009/2423
EMO Breader Manager "idd" Parameter SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2422
ProShow Producer "psh" File Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2421
Google Chrome V8 Javascript Engine Memory Read Vulnerability
http://www.vupen.com/english/advisories/2009/2420
Cisco Lightweight Access Points Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/2419
Sun Solaris Print Service Unspecified Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/2417
Symantec Products KeyView XLS Handling Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2416
Autonomy KeyView SDK XLS Handling Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2415
OpenSC PKCS#11 Implementation Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/33922
'mod_auth_mysql' Package Multibyte Character Encoding SQL Injection Vulnerability
http://www.securityfocus.com/bid/33392
Microsoft OWC ActiveX Control 'BorderAround()' Heap Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35991
Drupal Go - url redirects Multiple HTML Injection and Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/36164
PunBB 'pun_user[language]' Parameter Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/32360
Sun Virtual Desktop Infrastructure (VDI) Secure LDAP Vulnerability
http://www.securityfocus.com/bid/36043
Linux Kernel 'cmp_ies()' Remote Null Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36052
PunBB Reputation Module 'poster' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35844
WordPress Comment Author URI Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/35755
Apple Mac OS X 2009-003 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/35954
Microsoft Office Web Components ActiveX Control 'msDataSourceObject()' Code Execution Vulnerability
http://www.securityfocus.com/bid/35642
WordPress Prior to Version 2.8.3 'wp-admin' Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/35935
Microsoft Office Web Components ActiveX Control Memory Allocation Code Execution Vulnerability
http://www.securityfocus.com/bid/35990
Cerberus FTP Server 'ALLO' Command Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36134
Mono 'System.Web' HTTP Header Injection Vulnerability
http://www.securityfocus.com/bid/30867
Mono Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/30471
Drupal Ajax Table Module Security Bypass and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/36165
IBM WebSphere Application Server 'CSIv2' Security Bypass Vulnerability
http://www.securityfocus.com/bid/36163
Multiple Symantec Products Email Handling Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34670
IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35671
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35888
Mozilla Firefox Error Page Address Bar URI Spoofing Vulnerability
http://www.securityfocus.com/bid/35803
Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35891
Simple CMS 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/36162
TotalCalendar SQL Injection and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/36161
Computer Associates Internet Security Suite 'vetmonnt.sys' Denial of Service Vulnerability
http://www.securityfocus.com/bid/36077
Sun OpenSSO Enterprise XML Document Processing Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35977
IBM WebSphere Application Server SCA Security Bypass Vulnerability
http://www.securityfocus.com/bid/36159
IBM WebSphere Application Server Single Sign On Security Bypass Vulnerability
http://www.securityfocus.com/bid/36158
IBM WebSphere Application Server Migration Component Trace Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36156
IBM WebSphere Application Server for z/OS File Permission Vulnerability
http://www.securityfocus.com/bid/36157
IBM WebSphere Application Server 'ibm-portlet-ext.xmi' Security Bypass Vulnerability
http://www.securityfocus.com/bid/36155
IBM WebSphere Application Server wsadmin Security Bypass Vulnerability
http://www.securityfocus.com/bid/36153
IBM Websphere Server Weak Password Obfuscation Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36154
Symantec Altiris Deployment Solution File Transfer Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/36113
Symantec Altiris Deployment Solution Authentication Handshake Race Condition Security Vulnerability
http://www.securityfocus.com/bid/36112
Symantec Altiris Deployment Solution 'Aclient' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36111
Symantec Altiris Deployment Solution 'DBManager' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/36110
Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/36152
IBM WebSphere Commerce Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36151
Linux Kernel 'net/appletalk/ddp.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36150
Sun Java Runtime Environment Audio System Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35939
Sun Java Runtime Environment JPEG Image Handling Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35942
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
Sun Java Runtime Environment Unpack200 JAR Unpacking Utility Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35944
Sun JRE/JDK Java Web Start ActiveX Control ATL Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35945
Sun Java Runtime Environment Proxy Mechanism Implementation Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/35943
JNLPAppletLauncher Arbitrary File Creation Vulnerability
http://www.securityfocus.com/bid/35946
GnuTLS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35952
Sun Solaris Print Service (in.lpd(1M)) Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36148
libxml2 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36010
Google Chrome V8 JavaScript Engine Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36149
2009年8月26日水曜日
26日 水曜日、先勝
+ Postfix 2.6.4, 2.5.8, 2.4.12, 2.3.18 released
http://mirror.postfix.jp/postfix-release/official/postfix-2.6.4.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.5.8.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.4.12.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.3.18.HISTORY
JVNDB-2009-001936 Mozilla Firefox/Thunderbird の JavaScript エンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001936.html
JVNDB-2009-001935 Mozilla Firefox/Thunderbird におけるダブルフレームコンストラクションにより任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001935.html
JVNDB-2009-001934 Mozilla Firefox/Thunderbird における RDF ファイルのロードに関連した任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001934.html
JVNDB-2009-001933 Mozilla Firefox/Thunderbird の base64 デコード関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001933.html
JVNDB-2009-001932 Mozilla Firefox/Thunderbird のブラウザエンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001932.html
JVNDB-2009-001931 Hitachi Device Manager サーバにおけるアクセス制限が無効となる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001931.html
JVNDB-2009-001930 Groupmax Scheduler Server におけるアクセス権の設定が無効となる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001930.html
JVNDB-2009-001191 MIT Kerberos の asn1buf_imbed 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001191.html
JVNDB-2009-001190 MIT Kerberos の asn1_decode_generaltime 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001190.html
[ANN] Maven Filtering 1.0-beta-3 Released
http://maven.apache.org/shared/maven-filtering/
[ANN] Maven Resoures Plugin 2.4 Released
http://maven.apache.org/plugins/maven-resources-plugin/
マイクロソフト セキュリティ情報 MS09-029 - 緊急: Embedded OpenType フォント エンジンの脆弱性により、リモートでコードが実行される (961371)
http://www.microsoft.com/japan/technet/security/bulletin/MS09-029.mspx
マイクロソフト セキュリティ情報 MS09-044 - 緊急: リモート デスクトップ接続の脆弱性により、リモートでコードが実行される (970927)
http://www.microsoft.com/japan/technet/security/bulletin/MS09-044.mspx
DBD::Wire10 1.03 released
http://www.cpan.org/modules/by-module/DBD/DBD-Wire10-1.03.readme
(参考)Lotus Notes の Microsoft Excel ファイルビューアーにおけるバッファーオーバーフローの潜在的な脆弱性の問題
http://www-06.ibm.com/jp/domino04/lotus/support/faqs/faqs.nsf/all/733141
「半導体デバイス品質向上と模造品対策の決め手」ワークショップの講演資料を掲載しました。
http://www.ipa.go.jp/security/vuln/index.html#seminar
ジャストシステム、未知の不適切ページをブロックするWebフィルター
http://itpro.nikkeibp.co.jp/article/NEWS/20090826/336005/?ST=security
「Google Chrome 2」のセキュリティ修正版,遠隔コード実行などに対策
http://itpro.nikkeibp.co.jp/article/NEWS/20090826/336028/?ST=security
JPCERT/CC WEEKLY REPORT 2009-08-26
http://www.jpcert.or.jp/wr/2009/wr093301.html
JVN#31035930 SugarCRM における SQL インジェクションの脆弱性
http://jvn.jp/jp/JVN31035930/index.html
WSUS 3.0 SP2 released
http://isc.sans.org/diary.html?storyid=7018
Cisco over-the-air-provisioning skyjacking exploit
http://isc.sans.org/diary.html?storyid=7021
IBM Lotus Notes Buffer Overflow in Processing Excel Attachments Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Aug/1022769.html
Xerox WorkCentre LPD Queue Name Processing Flaw Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Aug/1022768.html
Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability
http://www.securityfocus.com/bid/35186
Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35187
マイクロソフト セキュリティ アドバイザリ (973882): Microsoft ATL (Active Template Library) の脆弱性により、リモートでコードが実行される
http://www.microsoft.com/japan/technet/security/advisory/973882.mspx
マイクロソフト セキュリティ アドバイザリ (967940): Windows Autorun (自動実行) 用の更新プログラム
http://www.microsoft.com/japan/technet/security/advisory/967940.mspx
+ Perl 5.10.1 released
http://use.perl.org/articles/09/08/25/0556226.shtml
+ ActivePerl 5.10.1.1006 released
http://docs.activestate.com/activeperl/5.10/changes.html
+ Solution 248386: Security vulnerability in Solaris Related to the Apache 1.3 mod_perl(3) Module Component "PerlRun.pm" may Lead to Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-248386-1
+ Linux Kernel Privilege Escalation and Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/2370
+ Linux Kernel 'net/llc/af_llc.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36126
- Oracle 11g (11.1.0.6) Password Policy and Compliance
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00242.html
- Oracle PL/SQL Injection Flaw in REPCAT_RPC.VALIDATE_REMOTE_RC
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00239.html
- Potential security issue with Lotus Notes file viewer for Microsoft Excel
http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21396492
http://secunia.com/advisories/36474/
http://secunia.com/advisories/36472/
[ANN] Apache Felix Configuration Admin Service version 1.2.0 Released
http://felix.apache.org/site/apache-felix-configuration-admin-service.html
Solution 266268: SUN ALERT WEEKLY SUMMARY REPORT - Week of 16-Aug-2009 to 22-Aug-2009
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266268-1
Solution 265688: Solaris 10 BIND Patches, T-patches and IDRs may Fail to Install in Deferred-Activation Patching (DAP) Context as a Result of Having Malformed pkgmap Files Caused by a pkgmk(1) Regression
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265688-1
New trial means Unix ownership still up for debate
http://www.linux.org/news/2009/08/25/0002.html
SCO wins Unix copyright appeal. Trouble for Linux?
http://www.linux.org/news/2009/08/25/0001.html
Microsoft Security Advisory (967940): Update for Windows Autorun
http://www.microsoft.com/technet/security/advisory/967940.mspx
Effectiveness of the Vulnerability Response Decision Assistance (VRDA) Framework
http://www.cert.org/archive/pdf/VRDA_Effectiveness.pdf
Debian : New Linux 2.6.18 packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30232
H4RDW4RE presentations updated
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00240.html
Oracle 11g (11.1.0.6) Password Policy and Compliance
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00242.html
Bypassing DBMS_ASSERT in certain situations
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00241.html
Oracle PL/SQL Injection Flaw in REPCAT_RPC.VALIDATE_REMOTE_RC
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00239.html
iDefense Security Advisory 08.25.09: Autonomy KeyView Excel File SST Parsing Integer Overflow Vulner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00238.html
[SECURITY] [DSA 1833-2] New dhcp3 packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00237.html
[security bulletin] HPSBTU02453 SSRT091037 rev.2 - HP Tru64 UNIX or HP Tru64 Internet Express Ru
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00235.html
HyperVM File Permissions Local Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00236.html
EesySec Personal Firewall Remote Buffer Overflow Exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00232.html
Xerox WorkCentre multiple models Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00230.html
[ MDVSA-2009:221 ] libneon0.27
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00228.html
CONFidence 2009, November, CfP
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00229.html
PUBLIC ADVISORY: 08.25.09: Autonomy KeyView Excel File SST Parsing Integer Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=823
rPath update for curl
http://secunia.com/advisories/36475/
Lotus Notes Keyview XLS Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/36474/
rPath update for apr-util
http://secunia.com/advisories/36473/
Lotus Notes 6 Keyview XLS Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/36472/
Fedora update for ctorrent
http://secunia.com/advisories/36471/
Fedora update for xerces-c
http://secunia.com/advisories/36470/
Fedora update for xerces-c27
http://secunia.com/advisories/36469/
Xerox WorkCentre LPD Implementation Denial of Service Vulnerability
http://secunia.com/advisories/36465/
Ubuntu update for libvorbis
http://secunia.com/advisories/36463/
Ubuntu update for php5
http://secunia.com/advisories/36462/
Ubuntu update for kdegraphics
http://secunia.com/advisories/36461/
Ubuntu update for kde4libs and kdelibs
http://secunia.com/advisories/36460/
Debian update for linux-2.6
http://secunia.com/advisories/36459/
Ed Charkow's SuperCharged Linking "id" SQL Injection Vulnerability
http://secunia.com/advisories/36450/
Moa Gallery "gallery_id" SQL Injection Vulnerability
http://secunia.com/advisories/36449/
Arcade Trade Script Cookie Security Bypass
http://secunia.com/advisories/36448/
Faslo Player M3U Playlist Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/36444/
avast! Home/Professional "aswMon" Privilege Escalation
http://secunia.com/advisories/36442/
Fat Player WAV File Processing Buffer Overflow
http://secunia.com/advisories/36441/
ITechBids Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/36437/
Netgear WNR2000 Information Disclosure and Security Bypass
http://secunia.com/advisories/36398/
ZTE ZXDSL 831 II Modem Security Bypass
http://secunia.com/advisories/36348/
WordPress WP-Syntax Plugin Code Execution Vulnerability
http://secunia.com/advisories/36304/
CA Internet Security Suite vetmonnt.sys Denial Of Service
http://www.securiteam.com/unixfocus/5RP0P1FS0Y.html
Pidgin and Adium Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability
http://www.securiteam.com/unixfocus/5TP0R1FS0I.html
JRun Management Console Directory Traversal vulnerability
http://www.securiteam.com/unixfocus/5PP0N1FS0I.html
HP Network Node Manager Local Execution of Arbitrary Code and Denial of Service
http://www.securiteam.com/unixfocus/5QP0O1FS0I.html
Linux NULL Pointer proto_ops Local Privilege Escalation
http://www.securiteam.com/unixfocus/5NP0L1FS0S.html
Vtiger CRM Multiple Vulnerabilities
http://www.securiteam.com/unixfocus/5OP0M1FS0Y.html
CA Host-Based Intrusion Prevention System Denial of Service
http://www.securiteam.com/securitynews/5SP0Q1FS0I.html
ProFTP 2.9 (welcome message) Remote Buffer Overflow Exploit (meta)
http://www.milw0rm.com/exploits/9508
HyperVM File Permissions Local Vulnerability
http://www.milw0rm.com/exploits/9520
ProShow Producer / Gold 4.0.2549 (.psh) Universal BOF Exploit (SEH)
http://www.milw0rm.com/exploits/9519
Linux Kernel <= 2.6.31-rc7 AF_LLC getsockname 5-Byte Stack Disclosure http://www.milw0rm.com/exploits/9513
Media Jukebox 8 ( .M3U) Universal Local Buffer Exploit (SEH)
http://www.milw0rm.com/exploits/9509
Labtam ProFTP Greeting Message Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2414
IP.Board "search.php" and "lostpass.php" SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2009/2413
Xerox WorkCentre LPD Daemon Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/2412
TYPO3 Multiple Extensions Remote SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2009/2411
T3M E-Mail Marketing Tool for TYPO3 SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2410
Commerce Extension for TYPO3 Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2409
Turnkey Arcade Script "sid" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2408
Siirler for Joomla "sid" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2407
NinjaMonials for Joomla "testimID" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2406
jTips for Joomla "season" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2405
ITechBids "productid" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2404
humanCMS Username and Password Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2403
Lanai Core "f" Parameter Remote File Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/2402
PHP Dir Submit "aid" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2401
Arcade Trade Script Cookie Handling Authentication Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/2400
Moa Gallery "gallery_id" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2399
Ed Charkow Supercharged Linking "id" SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2398
AiO (All into One) Flash Mixer ".afp" Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2397
FLIP Flash Album Deluxe ".fft" File Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2396
Faslo Player Playlist Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2395
Fat Player File or Playlist Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2394
KSP 2006 Playlist Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2393
Radix Antirootkit "SDTHLPR.sys" Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2009/2392
Netgear WNR2000 Information Disclosure and Security Bypass Issues
http://www.vupen.com/english/advisories/2009/2391
avast! "aswMon.sys" Driver Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2009/2390
IBM Lotus Notes File Viewer for Excel Code Execution Vulnerability
http://www.vupen.com/english/advisories/2009/2389
Linux Kernel Privilege Escalation and Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/2370
ISC DHCP Server Host Definition Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35669
ISC DHCP 'dhclient' 'script_write_params()' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35668
Oracle Advanced Replication 'REPCAT_RPC.VALIDATE_REMOTE_RC()' Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35685
IBM AIX '_LIB_INIT_DBG' and '_LIB_INIT_DBG_FILE' File Creation Vulnerability
http://www.securityfocus.com/bid/35934
Autonomy KeyView Module Excel Document Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36042
Oracle April 2009 Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/34461
Exodus URI Handler Command Line Parameter Injection Vulnerability
http://www.securityfocus.com/bid/32330
MauryCMS Unspecified Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/32439
FreeNAS Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36146
Nokia Lotus Notes Connector 'lnresobject.dll' Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36144
Oracle DBMS_Assert SQL Injection Vulnerability
http://www.securityfocus.com/bid/19203
Cisco Lightweight Access Point Over The Air Manipulation Denial of Service Vulnerability
http://www.securityfocus.com/bid/36145
Lxlabs Kloxo Hosting Platform and HyperVM Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36142
Five Star Review Script Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/18390
ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
http://www.securityfocus.com/bid/35848
TYPO3 AJAX Chat Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36141
TYPO3 T3M E-Mail Marketing Tool Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36140
TYPO3 AST ZipCodeSearch Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36135
TYPO3 t3m_affiliate Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36138
TYPO3 Commerce Extension Unspecified HTML Injection Vulnerability
http://www.securityfocus.com/bid/36133
TYPO3 Event Registration Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36136
RETIRED: IBM Lotus Notes Keyview XLS File Viewer Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36124
TYPO3 Solidbase Bannermanagement Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36137
TYPO3 Car Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36131
TYPO3 AIRware Lexicon Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36130
WebKit SVGList Objects Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34924
WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35318
WebKit DOM Event Handler Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35271
WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35309
WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35334
Neon 'ne_xml*' expat XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/36080
Neon NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36079
cTorrent and dTorrent Torrent File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34584
Xerces-C++ Nested DTD Structure XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35986
Novell Client ActiveX Control 'nwsetup.dll' Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36139
Cerberus FTP Server 'ALLO' Command Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36134
Turnkey Arcade Script 'id' Parameter Browse SQL Injection Vulnerability
http://www.securityfocus.com/bid/36129
ProFTP 'Welcome Message' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36128
Xerox WorkCentre LPD Requests Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36125
Audacity '.aup' Project File Parsing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33160
Audacity 'lib-src/allegro/strparse.cpp' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33090
Linux Kernel 'net/llc/af_llc.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36126
Joomla! Siirler Bileseni Component 'sid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36127
IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35671
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35888
Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36038
Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35929
Linux Kernel 'clear_child_tid()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/35930
Joomla! 'com_ninjamonial' Component 'testimID' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36122
Joomla! jTips ('com_jtips') Component 'season' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36123
Pidgin UPnP and Jabber Protocols Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/29985
Kaspersky Products URI Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/36084
http://mirror.postfix.jp/postfix-release/official/postfix-2.6.4.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.5.8.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.4.12.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.3.18.HISTORY
JVNDB-2009-001936 Mozilla Firefox/Thunderbird の JavaScript エンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001936.html
JVNDB-2009-001935 Mozilla Firefox/Thunderbird におけるダブルフレームコンストラクションにより任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001935.html
JVNDB-2009-001934 Mozilla Firefox/Thunderbird における RDF ファイルのロードに関連した任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001934.html
JVNDB-2009-001933 Mozilla Firefox/Thunderbird の base64 デコード関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001933.html
JVNDB-2009-001932 Mozilla Firefox/Thunderbird のブラウザエンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001932.html
JVNDB-2009-001931 Hitachi Device Manager サーバにおけるアクセス制限が無効となる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001931.html
JVNDB-2009-001930 Groupmax Scheduler Server におけるアクセス権の設定が無効となる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001930.html
JVNDB-2009-001191 MIT Kerberos の asn1buf_imbed 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001191.html
JVNDB-2009-001190 MIT Kerberos の asn1_decode_generaltime 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001190.html
[ANN] Maven Filtering 1.0-beta-3 Released
http://maven.apache.org/shared/maven-filtering/
[ANN] Maven Resoures Plugin 2.4 Released
http://maven.apache.org/plugins/maven-resources-plugin/
マイクロソフト セキュリティ情報 MS09-029 - 緊急: Embedded OpenType フォント エンジンの脆弱性により、リモートでコードが実行される (961371)
http://www.microsoft.com/japan/technet/security/bulletin/MS09-029.mspx
マイクロソフト セキュリティ情報 MS09-044 - 緊急: リモート デスクトップ接続の脆弱性により、リモートでコードが実行される (970927)
http://www.microsoft.com/japan/technet/security/bulletin/MS09-044.mspx
DBD::Wire10 1.03 released
http://www.cpan.org/modules/by-module/DBD/DBD-Wire10-1.03.readme
(参考)Lotus Notes の Microsoft Excel ファイルビューアーにおけるバッファーオーバーフローの潜在的な脆弱性の問題
http://www-06.ibm.com/jp/domino04/lotus/support/faqs/faqs.nsf/all/733141
「半導体デバイス品質向上と模造品対策の決め手」ワークショップの講演資料を掲載しました。
http://www.ipa.go.jp/security/vuln/index.html#seminar
ジャストシステム、未知の不適切ページをブロックするWebフィルター
http://itpro.nikkeibp.co.jp/article/NEWS/20090826/336005/?ST=security
「Google Chrome 2」のセキュリティ修正版,遠隔コード実行などに対策
http://itpro.nikkeibp.co.jp/article/NEWS/20090826/336028/?ST=security
JPCERT/CC WEEKLY REPORT 2009-08-26
http://www.jpcert.or.jp/wr/2009/wr093301.html
JVN#31035930 SugarCRM における SQL インジェクションの脆弱性
http://jvn.jp/jp/JVN31035930/index.html
WSUS 3.0 SP2 released
http://isc.sans.org/diary.html?storyid=7018
Cisco over-the-air-provisioning skyjacking exploit
http://isc.sans.org/diary.html?storyid=7021
IBM Lotus Notes Buffer Overflow in Processing Excel Attachments Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Aug/1022769.html
Xerox WorkCentre LPD Queue Name Processing Flaw Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Aug/1022768.html
Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability
http://www.securityfocus.com/bid/35186
Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35187
マイクロソフト セキュリティ アドバイザリ (973882): Microsoft ATL (Active Template Library) の脆弱性により、リモートでコードが実行される
http://www.microsoft.com/japan/technet/security/advisory/973882.mspx
マイクロソフト セキュリティ アドバイザリ (967940): Windows Autorun (自動実行) 用の更新プログラム
http://www.microsoft.com/japan/technet/security/advisory/967940.mspx
+ Perl 5.10.1 released
http://use.perl.org/articles/09/08/25/0556226.shtml
+ ActivePerl 5.10.1.1006 released
http://docs.activestate.com/activeperl/5.10/changes.html
+ Solution 248386: Security vulnerability in Solaris Related to the Apache 1.3 mod_perl(3) Module Component "PerlRun.pm" may Lead to Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-248386-1
+ Linux Kernel Privilege Escalation and Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/2370
+ Linux Kernel 'net/llc/af_llc.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36126
- Oracle 11g (11.1.0.6) Password Policy and Compliance
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00242.html
- Oracle PL/SQL Injection Flaw in REPCAT_RPC.VALIDATE_REMOTE_RC
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00239.html
- Potential security issue with Lotus Notes file viewer for Microsoft Excel
http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21396492
http://secunia.com/advisories/36474/
http://secunia.com/advisories/36472/
[ANN] Apache Felix Configuration Admin Service version 1.2.0 Released
http://felix.apache.org/site/apache-felix-configuration-admin-service.html
Solution 266268: SUN ALERT WEEKLY SUMMARY REPORT - Week of 16-Aug-2009 to 22-Aug-2009
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266268-1
Solution 265688: Solaris 10 BIND Patches, T-patches and IDRs may Fail to Install in Deferred-Activation Patching (DAP) Context as a Result of Having Malformed pkgmap Files Caused by a pkgmk(1) Regression
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265688-1
New trial means Unix ownership still up for debate
http://www.linux.org/news/2009/08/25/0002.html
SCO wins Unix copyright appeal. Trouble for Linux?
http://www.linux.org/news/2009/08/25/0001.html
Microsoft Security Advisory (967940): Update for Windows Autorun
http://www.microsoft.com/technet/security/advisory/967940.mspx
Effectiveness of the Vulnerability Response Decision Assistance (VRDA) Framework
http://www.cert.org/archive/pdf/VRDA_Effectiveness.pdf
Debian : New Linux 2.6.18 packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30232
H4RDW4RE presentations updated
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00240.html
Oracle 11g (11.1.0.6) Password Policy and Compliance
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00242.html
Bypassing DBMS_ASSERT in certain situations
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00241.html
Oracle PL/SQL Injection Flaw in REPCAT_RPC.VALIDATE_REMOTE_RC
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00239.html
iDefense Security Advisory 08.25.09: Autonomy KeyView Excel File SST Parsing Integer Overflow Vulner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00238.html
[SECURITY] [DSA 1833-2] New dhcp3 packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00237.html
[security bulletin] HPSBTU02453 SSRT091037 rev.2 - HP Tru64 UNIX or HP Tru64 Internet Express Ru
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00235.html
HyperVM File Permissions Local Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00236.html
EesySec Personal Firewall Remote Buffer Overflow Exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00232.html
Xerox WorkCentre multiple models Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00230.html
[ MDVSA-2009:221 ] libneon0.27
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00228.html
CONFidence 2009, November, CfP
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00229.html
PUBLIC ADVISORY: 08.25.09: Autonomy KeyView Excel File SST Parsing Integer Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=823
rPath update for curl
http://secunia.com/advisories/36475/
Lotus Notes Keyview XLS Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/36474/
rPath update for apr-util
http://secunia.com/advisories/36473/
Lotus Notes 6 Keyview XLS Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/36472/
Fedora update for ctorrent
http://secunia.com/advisories/36471/
Fedora update for xerces-c
http://secunia.com/advisories/36470/
Fedora update for xerces-c27
http://secunia.com/advisories/36469/
Xerox WorkCentre LPD Implementation Denial of Service Vulnerability
http://secunia.com/advisories/36465/
Ubuntu update for libvorbis
http://secunia.com/advisories/36463/
Ubuntu update for php5
http://secunia.com/advisories/36462/
Ubuntu update for kdegraphics
http://secunia.com/advisories/36461/
Ubuntu update for kde4libs and kdelibs
http://secunia.com/advisories/36460/
Debian update for linux-2.6
http://secunia.com/advisories/36459/
Ed Charkow's SuperCharged Linking "id" SQL Injection Vulnerability
http://secunia.com/advisories/36450/
Moa Gallery "gallery_id" SQL Injection Vulnerability
http://secunia.com/advisories/36449/
Arcade Trade Script Cookie Security Bypass
http://secunia.com/advisories/36448/
Faslo Player M3U Playlist Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/36444/
avast! Home/Professional "aswMon" Privilege Escalation
http://secunia.com/advisories/36442/
Fat Player WAV File Processing Buffer Overflow
http://secunia.com/advisories/36441/
ITechBids Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/36437/
Netgear WNR2000 Information Disclosure and Security Bypass
http://secunia.com/advisories/36398/
ZTE ZXDSL 831 II Modem Security Bypass
http://secunia.com/advisories/36348/
WordPress WP-Syntax Plugin Code Execution Vulnerability
http://secunia.com/advisories/36304/
CA Internet Security Suite vetmonnt.sys Denial Of Service
http://www.securiteam.com/unixfocus/5RP0P1FS0Y.html
Pidgin and Adium Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability
http://www.securiteam.com/unixfocus/5TP0R1FS0I.html
JRun Management Console Directory Traversal vulnerability
http://www.securiteam.com/unixfocus/5PP0N1FS0I.html
HP Network Node Manager Local Execution of Arbitrary Code and Denial of Service
http://www.securiteam.com/unixfocus/5QP0O1FS0I.html
Linux NULL Pointer proto_ops Local Privilege Escalation
http://www.securiteam.com/unixfocus/5NP0L1FS0S.html
Vtiger CRM Multiple Vulnerabilities
http://www.securiteam.com/unixfocus/5OP0M1FS0Y.html
CA Host-Based Intrusion Prevention System Denial of Service
http://www.securiteam.com/securitynews/5SP0Q1FS0I.html
ProFTP 2.9 (welcome message) Remote Buffer Overflow Exploit (meta)
http://www.milw0rm.com/exploits/9508
HyperVM File Permissions Local Vulnerability
http://www.milw0rm.com/exploits/9520
ProShow Producer / Gold 4.0.2549 (.psh) Universal BOF Exploit (SEH)
http://www.milw0rm.com/exploits/9519
Linux Kernel <= 2.6.31-rc7 AF_LLC getsockname 5-Byte Stack Disclosure http://www.milw0rm.com/exploits/9513
Media Jukebox 8 ( .M3U) Universal Local Buffer Exploit (SEH)
http://www.milw0rm.com/exploits/9509
Labtam ProFTP Greeting Message Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2414
IP.Board "search.php" and "lostpass.php" SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2009/2413
Xerox WorkCentre LPD Daemon Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/2412
TYPO3 Multiple Extensions Remote SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2009/2411
T3M E-Mail Marketing Tool for TYPO3 SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2410
Commerce Extension for TYPO3 Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2409
Turnkey Arcade Script "sid" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2408
Siirler for Joomla "sid" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2407
NinjaMonials for Joomla "testimID" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2406
jTips for Joomla "season" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2405
ITechBids "productid" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2404
humanCMS Username and Password Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2403
Lanai Core "f" Parameter Remote File Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/2402
PHP Dir Submit "aid" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2401
Arcade Trade Script Cookie Handling Authentication Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/2400
Moa Gallery "gallery_id" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2399
Ed Charkow Supercharged Linking "id" SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2398
AiO (All into One) Flash Mixer ".afp" Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2397
FLIP Flash Album Deluxe ".fft" File Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2396
Faslo Player Playlist Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2395
Fat Player File or Playlist Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2394
KSP 2006 Playlist Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2393
Radix Antirootkit "SDTHLPR.sys" Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2009/2392
Netgear WNR2000 Information Disclosure and Security Bypass Issues
http://www.vupen.com/english/advisories/2009/2391
avast! "aswMon.sys" Driver Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2009/2390
IBM Lotus Notes File Viewer for Excel Code Execution Vulnerability
http://www.vupen.com/english/advisories/2009/2389
Linux Kernel Privilege Escalation and Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/2370
ISC DHCP Server Host Definition Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35669
ISC DHCP 'dhclient' 'script_write_params()' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35668
Oracle Advanced Replication 'REPCAT_RPC.VALIDATE_REMOTE_RC()' Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35685
IBM AIX '_LIB_INIT_DBG' and '_LIB_INIT_DBG_FILE' File Creation Vulnerability
http://www.securityfocus.com/bid/35934
Autonomy KeyView Module Excel Document Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36042
Oracle April 2009 Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/34461
Exodus URI Handler Command Line Parameter Injection Vulnerability
http://www.securityfocus.com/bid/32330
MauryCMS Unspecified Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/32439
FreeNAS Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36146
Nokia Lotus Notes Connector 'lnresobject.dll' Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36144
Oracle DBMS_Assert SQL Injection Vulnerability
http://www.securityfocus.com/bid/19203
Cisco Lightweight Access Point Over The Air Manipulation Denial of Service Vulnerability
http://www.securityfocus.com/bid/36145
Lxlabs Kloxo Hosting Platform and HyperVM Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36142
Five Star Review Script Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/18390
ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
http://www.securityfocus.com/bid/35848
TYPO3 AJAX Chat Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36141
TYPO3 T3M E-Mail Marketing Tool Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36140
TYPO3 AST ZipCodeSearch Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36135
TYPO3 t3m_affiliate Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36138
TYPO3 Commerce Extension Unspecified HTML Injection Vulnerability
http://www.securityfocus.com/bid/36133
TYPO3 Event Registration Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36136
RETIRED: IBM Lotus Notes Keyview XLS File Viewer Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36124
TYPO3 Solidbase Bannermanagement Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36137
TYPO3 Car Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36131
TYPO3 AIRware Lexicon Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36130
WebKit SVGList Objects Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34924
WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35318
WebKit DOM Event Handler Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35271
WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35309
WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35334
Neon 'ne_xml*' expat XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/36080
Neon NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36079
cTorrent and dTorrent Torrent File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34584
Xerces-C++ Nested DTD Structure XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35986
Novell Client ActiveX Control 'nwsetup.dll' Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36139
Cerberus FTP Server 'ALLO' Command Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36134
Turnkey Arcade Script 'id' Parameter Browse SQL Injection Vulnerability
http://www.securityfocus.com/bid/36129
ProFTP 'Welcome Message' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36128
Xerox WorkCentre LPD Requests Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36125
Audacity '.aup' Project File Parsing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33160
Audacity 'lib-src/allegro/strparse.cpp' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33090
Linux Kernel 'net/llc/af_llc.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36126
Joomla! Siirler Bileseni Component 'sid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36127
IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35671
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35888
Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36038
Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35929
Linux Kernel 'clear_child_tid()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/35930
Joomla! 'com_ninjamonial' Component 'testimID' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36122
Joomla! jTips ('com_jtips') Component 'season' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36123
Pidgin UPnP and Jabber Protocols Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/29985
Kaspersky Products URI Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/36084
登録:
投稿 (Atom)