2009年8月5日水曜日

5日 水曜日、友引

JVNDB-2009-000053 FreeNAS におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000053.html

JVNDB-2009-000052 FreeNAS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000052.html

JVNDB-2009-001846 IBM WebSphere Application Server における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001846.html
JVNDB-2009-001845 Apache APR-util の apr_brigade_vprintf 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001845.html

JVNDB-2009-001844 Apache APR-util の XML パーサにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001844.html

JVNDB-2009-001843 Apache APR-util の apr_strmatch_precompile 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001843.html

JVNDB-2009-001842 Xen の hypervisor_callback 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001842.html

JVNDB-2008-002285 PHP の imageRotate 関数における任意のメモリ内容を読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002285.html

JVNDB-2008-002260 PHP の ext/mbstring/libmbfl/filters/mbfilter_htmlent.c における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002260.html

JVNDB-2008-002259 PHP の ZipArchive::extractTo 関数における ZIP ファイルの処理に関するディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002259.html

JVNDB-2008-002258 PHP における safe_mode に関する任意のファイルを書込まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002258.html

JVNDB-2008-002257 PHP におけるグローバル変数の初期化処理に関する safe_mode の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002257.html

JVNDB-2008-002168 PHP の FastCGI モジュールにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002168.html

JVNDB-2008-002167 PHP の chdir 関数および ftok 関数におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002167.html

JVNDB-2008-002166 PHP の posix_access 関数におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002166.html

JVNDB-2008-001815 PCRE ライブラリにおける正規表現の処理に関するバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001815.html

JVNDB-2008-001734 PHP の memnstr 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001734.html

JVNDB-2008-001660 Apache の UTF-7 でエンコードされた URL 処理におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001660.html

JVNDB-2008-001570 PHP の php_imap.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001570.html

JVNDB-2008-001335 PHP の init_request_info() 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001335.html

JVNDB-2008-001030 Apache の mod_proxy_ftp における UTF-7 エンコードに関するクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001030.html

JVNDB-2007-001022 Apache の mod_autoindex.c における UTF-7 エンコードに関するクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001022.html

InterScan Messaging Security Suite 7.0 Solaris版 Service Pack 1 Patch 1 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1284

「FreeNAS」におけるセキュリティ上の弱点(脆弱性)の注意喚起
http://www.ipa.go.jp/security/vuln/documents/2009/200908_freenas.html

コンピュータウイルス・不正アクセスの届出状況[7月分]について
http://www.ipa.go.jp/security/txt/2009/08outline.html

JPCERT/CC WEEKLY REPORT 2009-08-05
http://www.jpcert.or.jp/wr/2009/wr093001.html

JVN#15267895 FreeNAS におけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN15267895/index.html

JVN#89791790 FreeNAS におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN89791790/index.html

Ubuntu update for nspr
http://secunia.com/advisories/36157/

IBM Tivoli Key Lifecycle Manager Unspecified Vulnerability
http://secunia.com/advisories/36157/

Firefox 3.5.2 リリース
http://mozilla.jp/firefox/3.5.2/releasenotes/

Firefox 3.0.13 リリース
http://mozilla.jp/firefox/3.0.13/releasenotes/

Java Runtime Environment (JRE) Integer Overflow in Processing JPEG Images Lets Remote Users Access Files and Gain Privileges on the Target System
http://securitytracker.com/alerts/2009/Aug/1022660.html

Java Runtime Environment Proxy Mechanism Flaws Let Remote Applets Obtain Elevated Privileges
http://www.securitytracker.com/id?1022659

Java Runtime Environment Audio System Bug Lets Remote Users Access Java System Properties
http://www.securitytracker.com/id?1022658

Java JNLPAppletLauncher Flaw Lets Remote Users Write Arbitrary Files
http://www.securitytracker.com/id?1022657

Java Runtime Environment (JRE) Integer Overflow in Unpack200 Lets Remote Users Access Files and Gain Privileges on the Target System
http://www.securitytracker.com/id?1022656

SAP Business One Stack Overflow in 'NT_Naming_Service.exe' Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id?1022655

Palm webOS E-mail Notification and Calendar Event Filtering Flaws Let Remote Users Execute Arbitrary HTML Code
http://www.securitytracker.com/id?1022654

IBM AIX ibC _LIB_INIT_DBG File Creation Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id?1022652

Mozilla Firefox Memory Corruption Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id?1022651

Bugzilla Discloses Product Names to Remote Authenticated Users
http://www.securitytracker.com/id?1022650

Apple GarageBand Flaw Lets Remote Users Modify Safari Cookie Preferences
http://www.securitytracker.com/id?1022649





+ Solution 265030: Multiple Security Vulnerabilities in libtiff(3) Handling of CODE_CLEAR Code
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265030-1
http://secunia.com/advisories/36092/
http://www.vupen.com/english/advisories/2009/2143

+ ActivePerl 5.8.9.826 released
http://www.activestate.com/activeperl/features/
http://docs.activestate.com/activeperl/5.8/release.html

- GCC 4.3.4 released
http://gcc.gnu.org/gcc-4.3/
http://gcc.gnu.org/ml/gcc/2009-08/msg00066.html

+ J2SE 1.6.0_15, 1.5.0_20, 1.3.1_26 released
http://java.sun.com/javase/6/webnotes/6u15.html
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20
http://java.sun.com/j2se/1.3/ReleaseNotes.html#131_26

+ RHSA-2009:1193-01: Important: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2009-1193.html
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29990

+ Linux Kernel "sigaltstack()" Information Disclosure
http://secunia.com/advisories/36136/
http://www.vupen.com/english/advisories/2009/2139

+ Linux Kernel "clear_child_tid" Memory Corruption
http://secunia.com/advisories/35983/
http://www.vupen.com/english/advisories/2009/2140

Solution 265168: SUN ALERT WEEKLY SUMMARY REPORT - Week of 26-Jul-2009 to 01-Aug-2009
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265168-1

Cost-Effective Data Modeling Tool Supporting PostgreSQL Released by ModelRight, Inc.
http://www.postgresql.org/about/news.1122

定期サーバメンテナンスのお知らせ(2009年8月14日)
http://www.trendmicro.co.jp/support/news.asp?id=1287

Debian : New libmodplug packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29989

Red Hat : Important: kernel security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29990

Apple : GarageBand 5.1
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29988

シマンテック,専任IT管理者がいない中小企業での利用に特化した新製品を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20090804/335140/?ST=security

[BONSAI] SQL Injection in CS-Cart
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00022.html

[SECURITY] [DSA 1850-1] New libmodplug packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00019.html

SAP Business One 2005 Remote Buffer Overflow Vulnerability.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00020.html

Palm Pre WebOS 1.0.4 Remote execution of arbitrary HTML code vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00021.html

Team SHATTER Security Advisory: Multiple SQL Injection vulnerabilities in Oracle Enterprise Manager
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00018.html

Fedora update for Django
http://secunia.com/advisories/36153/

Fedora update for irssi
http://secunia.com/advisories/36152/

Django Development Service Arbitrary File Access
http://secunia.com/advisories/36137/

Linux Kernel "sigaltstack()" Information Disclosure
http://secunia.com/advisories/36136/

AW-BannerAd "index.asp" SQL Injection Vulnerability
http://secunia.com/advisories/36135/

Ajax Short Url "username" SQL Injection Vulnerability
http://secunia.com/advisories/36132/

QuickDev 4 PHP "file" Information Disclosure Vulnerability
http://secunia.com/advisories/36130/

TT Web Site Manager "tt_name" SQL Injection Vulnerability
http://secunia.com/advisories/36129/

SimpleSiteAdministration "username" SQL Injection Vulnerability
http://secunia.com/advisories/36128/

Apple GarageBand Web Activity Tracking Disclosure
http://secunia.com/advisories/36114/

Multi Website "Browse" SQL Injection Vulnerability
http://secunia.com/advisories/36107/

RadAsm ".mnu" Processing Memory Corruption
http://secunia.com/advisories/36099/

Sun Solaris libtiff LZW Decoder Buffer Underflow Vulnerability
http://secunia.com/advisories/36092/

Linux Kernel "clear_child_tid" Memory Corruption
http://secunia.com/advisories/35983/

Firefox Updates
http://isc.sans.org/diary.html?storyid=6913

Java Security Update
http://isc.sans.org/diary.html?storyid=6916

Asterisk Open Source Crash Vulnerability in RTP stack
http://www.securiteam.com/securitynews/5WP0215S0S.html

Adobe Flash Player Integer Overflow Code Execution
http://www.securiteam.com/securitynews/5VP0115S0G.html

IBM Tivoli Key Lifecycle Manager Unspecified Password Vulnerability
http://www.vupen.com/english/advisories/2009/2144

Sun Solaris LibTIFF LZW Data Decoding Buffer Underflow Vulnerability
http://www.vupen.com/english/advisories/2009/2143

Mozilla Firefox Code Execution and Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2009/2142

Apple GarageBand Web Activity Tracking Information Disclosure Issue
http://www.vupen.com/english/advisories/2009/2141

Linux Kernel "clear_child_tid" Local Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2009/2140

Linux Kernel "do_sigaltstack()" Local Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/2139

RadASM TbrCreate Menu File Handling Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2009/2138

PPScript (PaymentProcessorScript) "cid" SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2137

MAXcms Remote File Inclusion and Disclosure Vulnerabilities
http://www.vupen.com/english/advisories/2009/2136

Discloser "more" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2135

Blink Blog Systems "nick" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2134

Arab Portal "module" Parameter Local File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2009/2133

Multi Website "Browse" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2132

Elvin SQL Injection and Multiple Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/2131

Questions Answered "username" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2130

simplePHPWeb Admin Interface Missing Authentication Vulnerability
http://www.vupen.com/english/advisories/2009/2129

SimpleLoginSys "username" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2128

TT Web Site Manager "tt_name" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2127

QuickDev "file" Parameter Remote File Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/2126

Netpet CMS "language" Parameter Local File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2009/2125

Ajax Short URL Script "username" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2124

ProjectButler "offset" Parameter Remote PHP File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2009/2123

AW-BannerAd "User" and "Password" SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2122

BlazeDVD 5.1/HDTV Player 6.0 (.PLF File) Universal BOF Exploit (SEH)
http://www.milw0rm.com/exploits/9360

MediaCoder 0.7.1.4486 (.lst) Universal Buffer Overflow Exploit (SEH)
http://www.milw0rm.com/exploits/9354

Linux Kernel <= 2.6.31-rc5 sigaltstack 4-Byte Stack Disclosure Exploit http://www.milw0rm.com/exploits/9352

BlazeVideo BlazeDVD Professional '.PLF' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35918

Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35891

Multiple Mozilla Products NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35888

Sun Java SE Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/35922

Adobe Flash Player and AIR 'intf_count' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35907

Multiple OrdaSoft Joomla! Components 'mosConfig_absolute_path' Remote File Include Vulnerability
http://www.securityfocus.com/bid/35269

COWON America jetAudio M3U File Processing Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/26069

Mozilla Firefox and Thunderbird Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/35765

RETIRED: Campsite Multiple Remote Input Validation Vulnerabilities
http://www.securityfocus.com/bid/35456

MIT Kerberos 'NegTokenInit' Token Handling Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34257

MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34409

MIT Kerberos SPNEGO and ASN.1 Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/34408

eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35850

Linux Kernel 'PER_CLEAR_ON_SETID' Incomplete Personality List Access Validation Weakness
http://www.securityfocus.com/bid/35647

Linux Kernel eCryptfs 'parse_tag_11()' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35851

Linux Kernel RTL8169 NIC Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35281

Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35185

Linux Kernel 'ptrace_start()' And 'do_coredump()' Deadlock Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/35559

Linux Kernel 'hrtimers' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/26880

libmodplug 's3m' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/30801

libmodplug 'load_pat.c' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34747

LibTIFF 'tif_lzw.c' Remote Buffer Underflow Vulnerability
http://www.securityfocus.com/bid/30832

Mozilla Firefox Error Page Address Bar URI Spoofing Vulnerability
http://www.securityfocus.com/bid/35803

Oracle Config Management CVE-2009-1966 SQL-injection Vulnerability
http://www.securityfocus.com/bid/35676

Oracle Config Management CVE-2009-1967 Multiple SQL-injection Vulnerabilities
http://www.securityfocus.com/bid/35692

ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
http://www.securityfocus.com/bid/35848

OpenEXR Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/35838

WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35309

WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35318

Wireshark 1.2.0 Multiple Vulnerabilities
http://www.securityfocus.com/bid/35748

Mozilla Firefox/Thunderbird JavaScript Engine Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/35776

Mozilla Firefox and Thunderbird Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35769

Mozilla Firefox/Thunderbird Double Frame Construction Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/35770

Mozilla Firefox and Thunderbird RDF File Handling Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35775

Mozilla Firefox 'XPCCrossOriginWrapper' Multiple Cross Domain Scripting Vulnerabilities
http://www.securityfocus.com/bid/35773

Mozilla Firefox 'watch()' and ' __defineSetter__ ()' Functions Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35772

Mozilla Firefox Flash Player Unloading Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35767

CoreGraphics Font Glyph Rendering Library Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35774

Mozilla Firefox 'setTimeout()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35766

Pango 'pango_glyph_string_set_size()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/34870

MPlayer and VLC Player Real Data Transport Remote Integer Underflow Vulnerability
http://www.securityfocus.com/bid/35821

LibTIFF Multiple Remote Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35652

Shopmaker Local File Include and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/35937

CS-Cart 'reward_points.post.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/35936

WordPress Prior to Version 2.8.3 'wp-admin' Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/35935

IBM AIX '_LIB_INIT_DBG' and '_LIB_INIT_DBG_FILE' File Creation Vulnerability
http://www.securityfocus.com/bid/35934

Palm WebOS Email Notification System 'FROM' Field Arbitrary Script Code Injection Vulnerability
http://www.securityfocus.com/bid/35932

0 件のコメント:

コメントを投稿