+ Postfix 2.6.4, 2.5.8, 2.4.12, 2.3.18 released
http://mirror.postfix.jp/postfix-release/official/postfix-2.6.4.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.5.8.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.4.12.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.3.18.HISTORY
JVNDB-2009-001936 Mozilla Firefox/Thunderbird の JavaScript エンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001936.html
JVNDB-2009-001935 Mozilla Firefox/Thunderbird におけるダブルフレームコンストラクションにより任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001935.html
JVNDB-2009-001934 Mozilla Firefox/Thunderbird における RDF ファイルのロードに関連した任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001934.html
JVNDB-2009-001933 Mozilla Firefox/Thunderbird の base64 デコード関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001933.html
JVNDB-2009-001932 Mozilla Firefox/Thunderbird のブラウザエンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001932.html
JVNDB-2009-001931 Hitachi Device Manager サーバにおけるアクセス制限が無効となる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001931.html
JVNDB-2009-001930 Groupmax Scheduler Server におけるアクセス権の設定が無効となる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001930.html
JVNDB-2009-001191 MIT Kerberos の asn1buf_imbed 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001191.html
JVNDB-2009-001190 MIT Kerberos の asn1_decode_generaltime 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001190.html
[ANN] Maven Filtering 1.0-beta-3 Released
http://maven.apache.org/shared/maven-filtering/
[ANN] Maven Resoures Plugin 2.4 Released
http://maven.apache.org/plugins/maven-resources-plugin/
マイクロソフト セキュリティ情報 MS09-029 - 緊急: Embedded OpenType フォント エンジンの脆弱性により、リモートでコードが実行される (961371)
http://www.microsoft.com/japan/technet/security/bulletin/MS09-029.mspx
マイクロソフト セキュリティ情報 MS09-044 - 緊急: リモート デスクトップ接続の脆弱性により、リモートでコードが実行される (970927)
http://www.microsoft.com/japan/technet/security/bulletin/MS09-044.mspx
DBD::Wire10 1.03 released
http://www.cpan.org/modules/by-module/DBD/DBD-Wire10-1.03.readme
(参考)Lotus Notes の Microsoft Excel ファイルビューアーにおけるバッファーオーバーフローの潜在的な脆弱性の問題
http://www-06.ibm.com/jp/domino04/lotus/support/faqs/faqs.nsf/all/733141
「半導体デバイス品質向上と模造品対策の決め手」ワークショップの講演資料を掲載しました。
http://www.ipa.go.jp/security/vuln/index.html#seminar
ジャストシステム、未知の不適切ページをブロックするWebフィルター
http://itpro.nikkeibp.co.jp/article/NEWS/20090826/336005/?ST=security
「Google Chrome 2」のセキュリティ修正版,遠隔コード実行などに対策
http://itpro.nikkeibp.co.jp/article/NEWS/20090826/336028/?ST=security
JPCERT/CC WEEKLY REPORT 2009-08-26
http://www.jpcert.or.jp/wr/2009/wr093301.html
JVN#31035930 SugarCRM における SQL インジェクションの脆弱性
http://jvn.jp/jp/JVN31035930/index.html
WSUS 3.0 SP2 released
http://isc.sans.org/diary.html?storyid=7018
Cisco over-the-air-provisioning skyjacking exploit
http://isc.sans.org/diary.html?storyid=7021
IBM Lotus Notes Buffer Overflow in Processing Excel Attachments Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Aug/1022769.html
Xerox WorkCentre LPD Queue Name Processing Flaw Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Aug/1022768.html
Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability
http://www.securityfocus.com/bid/35186
Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35187
マイクロソフト セキュリティ アドバイザリ (973882): Microsoft ATL (Active Template Library) の脆弱性により、リモートでコードが実行される
http://www.microsoft.com/japan/technet/security/advisory/973882.mspx
マイクロソフト セキュリティ アドバイザリ (967940): Windows Autorun (自動実行) 用の更新プログラム
http://www.microsoft.com/japan/technet/security/advisory/967940.mspx
+ Perl 5.10.1 released
http://use.perl.org/articles/09/08/25/0556226.shtml
+ ActivePerl 5.10.1.1006 released
http://docs.activestate.com/activeperl/5.10/changes.html
+ Solution 248386: Security vulnerability in Solaris Related to the Apache 1.3 mod_perl(3) Module Component "PerlRun.pm" may Lead to Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-248386-1
+ Linux Kernel Privilege Escalation and Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/2370
+ Linux Kernel 'net/llc/af_llc.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36126
- Oracle 11g (11.1.0.6) Password Policy and Compliance
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00242.html
- Oracle PL/SQL Injection Flaw in REPCAT_RPC.VALIDATE_REMOTE_RC
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00239.html
- Potential security issue with Lotus Notes file viewer for Microsoft Excel
http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21396492
http://secunia.com/advisories/36474/
http://secunia.com/advisories/36472/
[ANN] Apache Felix Configuration Admin Service version 1.2.0 Released
http://felix.apache.org/site/apache-felix-configuration-admin-service.html
Solution 266268: SUN ALERT WEEKLY SUMMARY REPORT - Week of 16-Aug-2009 to 22-Aug-2009
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266268-1
Solution 265688: Solaris 10 BIND Patches, T-patches and IDRs may Fail to Install in Deferred-Activation Patching (DAP) Context as a Result of Having Malformed pkgmap Files Caused by a pkgmk(1) Regression
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265688-1
New trial means Unix ownership still up for debate
http://www.linux.org/news/2009/08/25/0002.html
SCO wins Unix copyright appeal. Trouble for Linux?
http://www.linux.org/news/2009/08/25/0001.html
Microsoft Security Advisory (967940): Update for Windows Autorun
http://www.microsoft.com/technet/security/advisory/967940.mspx
Effectiveness of the Vulnerability Response Decision Assistance (VRDA) Framework
http://www.cert.org/archive/pdf/VRDA_Effectiveness.pdf
Debian : New Linux 2.6.18 packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30232
H4RDW4RE presentations updated
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00240.html
Oracle 11g (11.1.0.6) Password Policy and Compliance
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00242.html
Bypassing DBMS_ASSERT in certain situations
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00241.html
Oracle PL/SQL Injection Flaw in REPCAT_RPC.VALIDATE_REMOTE_RC
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00239.html
iDefense Security Advisory 08.25.09: Autonomy KeyView Excel File SST Parsing Integer Overflow Vulner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00238.html
[SECURITY] [DSA 1833-2] New dhcp3 packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00237.html
[security bulletin] HPSBTU02453 SSRT091037 rev.2 - HP Tru64 UNIX or HP Tru64 Internet Express Ru
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00235.html
HyperVM File Permissions Local Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00236.html
EesySec Personal Firewall Remote Buffer Overflow Exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00232.html
Xerox WorkCentre multiple models Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00230.html
[ MDVSA-2009:221 ] libneon0.27
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00228.html
CONFidence 2009, November, CfP
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00229.html
PUBLIC ADVISORY: 08.25.09: Autonomy KeyView Excel File SST Parsing Integer Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=823
rPath update for curl
http://secunia.com/advisories/36475/
Lotus Notes Keyview XLS Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/36474/
rPath update for apr-util
http://secunia.com/advisories/36473/
Lotus Notes 6 Keyview XLS Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/36472/
Fedora update for ctorrent
http://secunia.com/advisories/36471/
Fedora update for xerces-c
http://secunia.com/advisories/36470/
Fedora update for xerces-c27
http://secunia.com/advisories/36469/
Xerox WorkCentre LPD Implementation Denial of Service Vulnerability
http://secunia.com/advisories/36465/
Ubuntu update for libvorbis
http://secunia.com/advisories/36463/
Ubuntu update for php5
http://secunia.com/advisories/36462/
Ubuntu update for kdegraphics
http://secunia.com/advisories/36461/
Ubuntu update for kde4libs and kdelibs
http://secunia.com/advisories/36460/
Debian update for linux-2.6
http://secunia.com/advisories/36459/
Ed Charkow's SuperCharged Linking "id" SQL Injection Vulnerability
http://secunia.com/advisories/36450/
Moa Gallery "gallery_id" SQL Injection Vulnerability
http://secunia.com/advisories/36449/
Arcade Trade Script Cookie Security Bypass
http://secunia.com/advisories/36448/
Faslo Player M3U Playlist Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/36444/
avast! Home/Professional "aswMon" Privilege Escalation
http://secunia.com/advisories/36442/
Fat Player WAV File Processing Buffer Overflow
http://secunia.com/advisories/36441/
ITechBids Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/36437/
Netgear WNR2000 Information Disclosure and Security Bypass
http://secunia.com/advisories/36398/
ZTE ZXDSL 831 II Modem Security Bypass
http://secunia.com/advisories/36348/
WordPress WP-Syntax Plugin Code Execution Vulnerability
http://secunia.com/advisories/36304/
CA Internet Security Suite vetmonnt.sys Denial Of Service
http://www.securiteam.com/unixfocus/5RP0P1FS0Y.html
Pidgin and Adium Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability
http://www.securiteam.com/unixfocus/5TP0R1FS0I.html
JRun Management Console Directory Traversal vulnerability
http://www.securiteam.com/unixfocus/5PP0N1FS0I.html
HP Network Node Manager Local Execution of Arbitrary Code and Denial of Service
http://www.securiteam.com/unixfocus/5QP0O1FS0I.html
Linux NULL Pointer proto_ops Local Privilege Escalation
http://www.securiteam.com/unixfocus/5NP0L1FS0S.html
Vtiger CRM Multiple Vulnerabilities
http://www.securiteam.com/unixfocus/5OP0M1FS0Y.html
CA Host-Based Intrusion Prevention System Denial of Service
http://www.securiteam.com/securitynews/5SP0Q1FS0I.html
ProFTP 2.9 (welcome message) Remote Buffer Overflow Exploit (meta)
http://www.milw0rm.com/exploits/9508
HyperVM File Permissions Local Vulnerability
http://www.milw0rm.com/exploits/9520
ProShow Producer / Gold 4.0.2549 (.psh) Universal BOF Exploit (SEH)
http://www.milw0rm.com/exploits/9519
Linux Kernel <= 2.6.31-rc7 AF_LLC getsockname 5-Byte Stack Disclosure http://www.milw0rm.com/exploits/9513
Media Jukebox 8 ( .M3U) Universal Local Buffer Exploit (SEH)
http://www.milw0rm.com/exploits/9509
Labtam ProFTP Greeting Message Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2414
IP.Board "search.php" and "lostpass.php" SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2009/2413
Xerox WorkCentre LPD Daemon Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/2412
TYPO3 Multiple Extensions Remote SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2009/2411
T3M E-Mail Marketing Tool for TYPO3 SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2410
Commerce Extension for TYPO3 Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2409
Turnkey Arcade Script "sid" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2408
Siirler for Joomla "sid" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2407
NinjaMonials for Joomla "testimID" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2406
jTips for Joomla "season" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2405
ITechBids "productid" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2404
humanCMS Username and Password Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2403
Lanai Core "f" Parameter Remote File Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/2402
PHP Dir Submit "aid" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2401
Arcade Trade Script Cookie Handling Authentication Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/2400
Moa Gallery "gallery_id" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2399
Ed Charkow Supercharged Linking "id" SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2398
AiO (All into One) Flash Mixer ".afp" Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2397
FLIP Flash Album Deluxe ".fft" File Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2396
Faslo Player Playlist Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2395
Fat Player File or Playlist Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2394
KSP 2006 Playlist Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2393
Radix Antirootkit "SDTHLPR.sys" Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2009/2392
Netgear WNR2000 Information Disclosure and Security Bypass Issues
http://www.vupen.com/english/advisories/2009/2391
avast! "aswMon.sys" Driver Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2009/2390
IBM Lotus Notes File Viewer for Excel Code Execution Vulnerability
http://www.vupen.com/english/advisories/2009/2389
Linux Kernel Privilege Escalation and Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/2370
ISC DHCP Server Host Definition Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35669
ISC DHCP 'dhclient' 'script_write_params()' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35668
Oracle Advanced Replication 'REPCAT_RPC.VALIDATE_REMOTE_RC()' Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35685
IBM AIX '_LIB_INIT_DBG' and '_LIB_INIT_DBG_FILE' File Creation Vulnerability
http://www.securityfocus.com/bid/35934
Autonomy KeyView Module Excel Document Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36042
Oracle April 2009 Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/34461
Exodus URI Handler Command Line Parameter Injection Vulnerability
http://www.securityfocus.com/bid/32330
MauryCMS Unspecified Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/32439
FreeNAS Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36146
Nokia Lotus Notes Connector 'lnresobject.dll' Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36144
Oracle DBMS_Assert SQL Injection Vulnerability
http://www.securityfocus.com/bid/19203
Cisco Lightweight Access Point Over The Air Manipulation Denial of Service Vulnerability
http://www.securityfocus.com/bid/36145
Lxlabs Kloxo Hosting Platform and HyperVM Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36142
Five Star Review Script Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/18390
ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
http://www.securityfocus.com/bid/35848
TYPO3 AJAX Chat Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36141
TYPO3 T3M E-Mail Marketing Tool Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36140
TYPO3 AST ZipCodeSearch Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36135
TYPO3 t3m_affiliate Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36138
TYPO3 Commerce Extension Unspecified HTML Injection Vulnerability
http://www.securityfocus.com/bid/36133
TYPO3 Event Registration Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36136
RETIRED: IBM Lotus Notes Keyview XLS File Viewer Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36124
TYPO3 Solidbase Bannermanagement Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36137
TYPO3 Car Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36131
TYPO3 AIRware Lexicon Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/36130
WebKit SVGList Objects Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34924
WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35318
WebKit DOM Event Handler Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35271
WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35309
WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35334
Neon 'ne_xml*' expat XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/36080
Neon NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36079
cTorrent and dTorrent Torrent File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34584
Xerces-C++ Nested DTD Structure XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35986
Novell Client ActiveX Control 'nwsetup.dll' Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36139
Cerberus FTP Server 'ALLO' Command Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36134
Turnkey Arcade Script 'id' Parameter Browse SQL Injection Vulnerability
http://www.securityfocus.com/bid/36129
ProFTP 'Welcome Message' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36128
Xerox WorkCentre LPD Requests Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36125
Audacity '.aup' Project File Parsing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33160
Audacity 'lib-src/allegro/strparse.cpp' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33090
Linux Kernel 'net/llc/af_llc.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36126
Joomla! Siirler Bileseni Component 'sid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36127
IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35671
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35888
Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36038
Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35929
Linux Kernel 'clear_child_tid()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/35930
Joomla! 'com_ninjamonial' Component 'testimID' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36122
Joomla! jTips ('com_jtips') Component 'season' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36123
Pidgin UPnP and Jabber Protocols Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/29985
Kaspersky Products URI Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/36084
0 件のコメント:
コメントを投稿