2009年10月31日土曜日
2009年10月30日金曜日
30日 金曜日、先負
- Sun Java SE Advance Notification of Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36881
[ANN] Apache Source-Release Assembly Descriptor 1.0.1 Released
http://maven.apache.org/apache-resource-bundles/apache-source-release-assembly-descriptor/
Ubuntu 9.10 released
http://www.ubuntu.com/products/whatisubuntu/910features
InterScan Messaging Hosted Security のサーバメンテナンスのお知らせ(10月30日)
http://www.trendmicro.co.jp/support/news.asp?id=1315
Slackware Linux : xpdf
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30764
Slackware Linux : poppler
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30765
RHBA-2009:1533-1: gcc bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1533.html
RHEA-2009:1532-1: tzdata enhancement update
http://rhn.redhat.com/errata/RHEA-2009-1532.html
RHSA-2009:1535-1: Moderate: pidgin security update
http://rhn.redhat.com/errata/RHSA-2009-1535.html
RHSA-2009:1536-1: Moderate: pidgin security update
http://rhn.redhat.com/errata/RHSA-2009-1536.html
JVNTA09-294A Oracle 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA09-294A/index.html
2wire Remote Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00293.html
[ MDVSA-2009:290 ] firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00290.html
[SECURITY] [DSA 1922-1] New xulrunner packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00284.html
ZDI-09-074: Multiple Vendor Hummingbird STR Service Stack Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00279.html
iDefense Security Advisory 10.28.09: Mozilla Firefox GIF Color Map Parsing Buffer Overflow Vulnerabi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00285.html
Fwd: Wowd search client multiple variable xss
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00276.html
=?us-ascii?Q?Hijacking_Operas_Native_Page_using_malicious_RSS_payloads?=
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00289.html
Cyber Security Awareness Month - Day 29 - dns port 53
http://isc.sans.org/diary.html?storyid=7483
Drupal Workflow Module Script Insertion Vulnerabilities
http://secunia.com/advisories/37203/
Drupal Storm Module Security Bypass Vulnerability
http://secunia.com/advisories/37202/
Drupal FAQ Ask Module Multiple Vulnerabilities
http://secunia.com/advisories/37201/
Drupal OpenSocial Shindig-Integrator Script Insertion Vulnerability
http://secunia.com/advisories/37200/
Drupal Insert Node Module Script Insertion Vulnerability
http://secunia.com/advisories/37199/
Drupal LDAP Integration Module Multiple Vulnerabilities
http://secunia.com/advisories/37198/
Fedora update for firefox
http://secunia.com/advisories/37196/
Fedora update for xulrunner
http://secunia.com/advisories/37195/
Debian update for expat
http://secunia.com/advisories/37193/
F-Secure Products PDF Handling Security Bypass
http://secunia.com/advisories/37192/
Documentum eRoom Hummingbird STR Service Buffer Overflow
http://secunia.com/advisories/37191/
OpenBSD "ip_ctloutput()" and "ip6_ctloutput()" NULL Pointer Dereference
http://secunia.com/advisories/37190/
Open Text Search Server Hummingbird STR Service Buffer Overflow
http://secunia.com/advisories/37189/
Cherokee Directory Traversal Vulnerability
http://secunia.com/advisories/37183/
Oscailt CMS "obj_id" Local File Inclusion Vulnerability
http://secunia.com/advisories/37180/
Slackware update for xpdf
http://secunia.com/advisories/37176/
PunBB Attachment Plugin "secure_str" SQL Injection Vulnerability
http://secunia.com/advisories/37174/
Debian update for xulrunner
http://secunia.com/advisories/36957/
Oscailt CMS "obj_id" Parameter Local File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2009/3096
Attachment Module for PunBB "secure_str" SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3095
F-Secure Products PDF Document Handling Security Bypass Issue
http://www.vupen.com/english/advisories/2009/3094
Open Text Search Server Hummingbird STR Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3093
EMC Documentum eRoom Hummingbird STR Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3092
Cherokee Web Server Remote Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2009/3091
Drupal Storm Access Bypass Node Title Disclosure Weakness
http://www.vupen.com/english/advisories/2009/3090
Drupal Workflow Module Multiple Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/3089
Drupal FAQ Ask Cross Site Scripting and Request Forgery Vulnerabilities
http://www.vupen.com/english/advisories/2009/3088
Drupal OpenSocial Shindig-Integrator Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/3087
Drupal Insert Node Data Handling Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/3086
Drupal LDAP Integration Multiple Information Disclosure Vulnerabilities
http://www.vupen.com/english/advisories/2009/3085
Drupal CCK Comment Reference Access Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3084
Jetty Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/34800
Multiple 2Wire DSL Routers 'xslt' HTTP Request Denial of Service Vulnerability
http://www.securityfocus.com/bid/32211
Multiple Vendor Hummingbird STR Service Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36868
F-Secure Products PDF Files Scan Evasion Vulnerability
http://www.securityfocus.com/bid/36876
Pidgin OSCAR Plugin Invalid Memory Access Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36719
Cherokee Directory Traversal Vulnerability
http://www.securityfocus.com/bid/36874
Pidgin Libpurple Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/36277
OpenBSD 'getsockopt(2)' NULL Pointer Dereference Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36859
Pegasus Mail POP3 Response Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36797
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
PunBB 'pun_attachment' extension SQL Injection Vulnerability
http://www.securityfocus.com/bid/36865
Mozilla Firefox 'document.getSelect' Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36858
Opera Web Browser prior to 10.01 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36850
Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36855
Mozilla Firefox XPCOM Utility Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36857
Mozilla Firefox CVE-2009-3382 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36866
Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
http://www.securityfocus.com/bid/36867
Mozilla Firefox and SeaMonkey Proxy Auto-Configuration File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36856
Mozilla Firefox CVE-2009-3380 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36871
Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
http://www.securityfocus.com/bid/36851
Mozilla Firefox Form History Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36853
Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36852
Drupal Storm Module 'storminvoiceitem' Security Bypass Vulnerability
http://www.securityfocus.com/bid/36879
Drupal Workflow Module Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/36878
Drupal FAQ Ask Module URI Redirection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/36877
Drupal CCK Comment Reference Module Node Title Security Bypass Vulnerability
http://www.securityfocus.com/bid/36863
Drupal OpenSocial Shindig-Integrator Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/36862
Microsoft Internet Explorer 'writing-mode' Uninitialized Memory Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36616
Mozilla Firefox CVE-2009-3378 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36873
Mozilla Firefox CVE-2009-3377 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36872
Mozilla Firefox CVE-2009-3381 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36870
Mozilla Firefox CVE-2009-3383 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36869
Mozilla Firefox CVE-2009-3379 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36875
RETIRED: Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36843
Sun Java SE Advance Notification of Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36881
http://www.securityfocus.com/bid/36881
[ANN] Apache Source-Release Assembly Descriptor 1.0.1 Released
http://maven.apache.org/apache-resource-bundles/apache-source-release-assembly-descriptor/
Ubuntu 9.10 released
http://www.ubuntu.com/products/whatisubuntu/910features
InterScan Messaging Hosted Security のサーバメンテナンスのお知らせ(10月30日)
http://www.trendmicro.co.jp/support/news.asp?id=1315
Slackware Linux : xpdf
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30764
Slackware Linux : poppler
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30765
RHBA-2009:1533-1: gcc bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1533.html
RHEA-2009:1532-1: tzdata enhancement update
http://rhn.redhat.com/errata/RHEA-2009-1532.html
RHSA-2009:1535-1: Moderate: pidgin security update
http://rhn.redhat.com/errata/RHSA-2009-1535.html
RHSA-2009:1536-1: Moderate: pidgin security update
http://rhn.redhat.com/errata/RHSA-2009-1536.html
JVNTA09-294A Oracle 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA09-294A/index.html
2wire Remote Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00293.html
[ MDVSA-2009:290 ] firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00290.html
[SECURITY] [DSA 1922-1] New xulrunner packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00284.html
ZDI-09-074: Multiple Vendor Hummingbird STR Service Stack Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00279.html
iDefense Security Advisory 10.28.09: Mozilla Firefox GIF Color Map Parsing Buffer Overflow Vulnerabi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00285.html
Fwd: Wowd search client multiple variable xss
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00276.html
=?us-ascii?Q?Hijacking_Operas_Native_Page_using_malicious_RSS_payloads?=
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00289.html
Cyber Security Awareness Month - Day 29 - dns port 53
http://isc.sans.org/diary.html?storyid=7483
Drupal Workflow Module Script Insertion Vulnerabilities
http://secunia.com/advisories/37203/
Drupal Storm Module Security Bypass Vulnerability
http://secunia.com/advisories/37202/
Drupal FAQ Ask Module Multiple Vulnerabilities
http://secunia.com/advisories/37201/
Drupal OpenSocial Shindig-Integrator Script Insertion Vulnerability
http://secunia.com/advisories/37200/
Drupal Insert Node Module Script Insertion Vulnerability
http://secunia.com/advisories/37199/
Drupal LDAP Integration Module Multiple Vulnerabilities
http://secunia.com/advisories/37198/
Fedora update for firefox
http://secunia.com/advisories/37196/
Fedora update for xulrunner
http://secunia.com/advisories/37195/
Debian update for expat
http://secunia.com/advisories/37193/
F-Secure Products PDF Handling Security Bypass
http://secunia.com/advisories/37192/
Documentum eRoom Hummingbird STR Service Buffer Overflow
http://secunia.com/advisories/37191/
OpenBSD "ip_ctloutput()" and "ip6_ctloutput()" NULL Pointer Dereference
http://secunia.com/advisories/37190/
Open Text Search Server Hummingbird STR Service Buffer Overflow
http://secunia.com/advisories/37189/
Cherokee Directory Traversal Vulnerability
http://secunia.com/advisories/37183/
Oscailt CMS "obj_id" Local File Inclusion Vulnerability
http://secunia.com/advisories/37180/
Slackware update for xpdf
http://secunia.com/advisories/37176/
PunBB Attachment Plugin "secure_str" SQL Injection Vulnerability
http://secunia.com/advisories/37174/
Debian update for xulrunner
http://secunia.com/advisories/36957/
Oscailt CMS "obj_id" Parameter Local File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2009/3096
Attachment Module for PunBB "secure_str" SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3095
F-Secure Products PDF Document Handling Security Bypass Issue
http://www.vupen.com/english/advisories/2009/3094
Open Text Search Server Hummingbird STR Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3093
EMC Documentum eRoom Hummingbird STR Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3092
Cherokee Web Server Remote Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2009/3091
Drupal Storm Access Bypass Node Title Disclosure Weakness
http://www.vupen.com/english/advisories/2009/3090
Drupal Workflow Module Multiple Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/3089
Drupal FAQ Ask Cross Site Scripting and Request Forgery Vulnerabilities
http://www.vupen.com/english/advisories/2009/3088
Drupal OpenSocial Shindig-Integrator Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/3087
Drupal Insert Node Data Handling Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/3086
Drupal LDAP Integration Multiple Information Disclosure Vulnerabilities
http://www.vupen.com/english/advisories/2009/3085
Drupal CCK Comment Reference Access Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3084
Jetty Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/34800
Multiple 2Wire DSL Routers 'xslt' HTTP Request Denial of Service Vulnerability
http://www.securityfocus.com/bid/32211
Multiple Vendor Hummingbird STR Service Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36868
F-Secure Products PDF Files Scan Evasion Vulnerability
http://www.securityfocus.com/bid/36876
Pidgin OSCAR Plugin Invalid Memory Access Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36719
Cherokee Directory Traversal Vulnerability
http://www.securityfocus.com/bid/36874
Pidgin Libpurple Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/36277
OpenBSD 'getsockopt(2)' NULL Pointer Dereference Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36859
Pegasus Mail POP3 Response Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36797
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
PunBB 'pun_attachment' extension SQL Injection Vulnerability
http://www.securityfocus.com/bid/36865
Mozilla Firefox 'document.getSelect' Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36858
Opera Web Browser prior to 10.01 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36850
Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36855
Mozilla Firefox XPCOM Utility Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36857
Mozilla Firefox CVE-2009-3382 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36866
Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
http://www.securityfocus.com/bid/36867
Mozilla Firefox and SeaMonkey Proxy Auto-Configuration File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36856
Mozilla Firefox CVE-2009-3380 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36871
Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
http://www.securityfocus.com/bid/36851
Mozilla Firefox Form History Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36853
Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36852
Drupal Storm Module 'storminvoiceitem' Security Bypass Vulnerability
http://www.securityfocus.com/bid/36879
Drupal Workflow Module Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/36878
Drupal FAQ Ask Module URI Redirection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/36877
Drupal CCK Comment Reference Module Node Title Security Bypass Vulnerability
http://www.securityfocus.com/bid/36863
Drupal OpenSocial Shindig-Integrator Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/36862
Microsoft Internet Explorer 'writing-mode' Uninitialized Memory Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36616
Mozilla Firefox CVE-2009-3378 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36873
Mozilla Firefox CVE-2009-3377 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36872
Mozilla Firefox CVE-2009-3381 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36870
Mozilla Firefox CVE-2009-3383 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36869
Mozilla Firefox CVE-2009-3379 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36875
RETIRED: Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36843
Sun Java SE Advance Notification of Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36881
2009年10月29日木曜日
29日 木曜日、友引
JVNDB-2009-002160 Cisco IOS の Cisco Unified Border Element 機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002160.html
JVNDB-2009-002159 Cisco IOS におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002159.html
JVNDB-2009-002158 Cisco IOS の Firewall 認証プロキシ機能における認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002158.html
JVNDB-2009-002157 Cisco IOS における SIP 検査機能に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002157.html
JVNDB-2009-002156 Cisco IOS における NTPv4 パケットの処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002156.html
JVNDB-2009-001956 複数の Mozilla 製品 における任意の SSL サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001956.html
JVNDB-2009-001955 Mozilla NSS の正規表現の解析における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001955.html
JVNDB-2009-001296 IBM Lotus Domino のサーバ内 IMAP タスクにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001296.html
JVNDB-2004-000030 Apache HTTP Server の mod_digest モジュールにおける不完全な認証の脆弱性
http://jvndb.jvn.jp/ja/contents/2004/JVNDB-2004-000030.html
[Clamav-announce] announcing ClamAV 0.95.3
http://lurker.clamav.net/thread/20091028.204922.5b470633.en.html
More on the E2-Labs scam
http://www.zone-h.org/news/id/4717
Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36852
Mozilla Firefox JavaScript Web-Workers Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36854
+ Security Vulnerability in Mozilla Thunderbird Related to SSL Certificates May Cause Arbitrary Code Execution
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269468-1
+ [GSEC-47-2009] - Symantec generic PDF bypass
http://www.g-sec.lu/symantec-pdf-bypass.html
+ Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36827
Sun SPARC Enterprise M4000/5000/8000/9000 Servers With Patch 127127-11 May Experience Random Panics
http://sunsolve.sun.com/search/document.do?assetkey=1-66-239647-1
FreeBSD 8.0-RC2 Available
http://lists.freebsd.org/pipermail/freebsd-stable/2009-October/052544.html
Debian : New expat packages fix denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30747
Independent Researcher : Hijacking Opera's Native Page using malicious RSS payloads
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30757
Secunia : Secunia Research: Mozilla Firefox Floating Point Memory Allocation Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30763
G-SEC : Symantec generic PDF detection bypass
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30754
G-SEC : F-SECURE - Generic PDF detection bypass
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30755
G-SEC : McAfee generic PDF detection bypass
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30756
Google Security Team : Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30752
Independent Researcher : Adobe Acrobat Reader up to 9.1.1 ONLY Linux integer overflow to heap overflow.
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30760
Mandriva : kernel
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30746
oCERT : KDE multiple issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30762
Protek Research Lab : {PRL} Rising Firewall 2009 Privilege Escalation
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30759
Red Hat : Moderate: samba security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30748
Red Hat : Moderate: samba security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30749
Red Hat : Critical: firefox security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30750
Red Hat : Critical: seamonkey security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30751
ShineShadow : Rising Multiple Products Local Privilege Escalation Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30758
VMware : VMware hosted products and ESX patches resolve two security issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30753
Aruba Networks : Malformed 802.11 Association Request frame causes Denial of Service condition on an Access Point
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30761
PHP168 v6.0 rc
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00259.html
[SECURITY] [DSA 1921-1] New expat packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00270.html
Secunia Research: Mozilla Firefox Floating Point Memory Allocation Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00266.html
[G-SEC 49-2009] McAfee generic PDF detection bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00268.html
[G-SEC 48-2009] F-SECURE - Generic PDF detection bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00275.html
[G-SEC 47-2009] Symantec generic PDF detection bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00264.html
Mariposa Botnet C&C decryption plugin for wireshark
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00262.html
[oCERT-2009-015] KDE multiple issues
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00261.html
[ MDVSA-2009:289 ] kernel
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00260.html
VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00273.html
Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00274.html
PUBLIC ADVISORY: 10.28.09: Mozilla Firefox GIF Color Map Parsing Buffer Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=830
Cyber Security Awareness Month - Day 28 - ntp (123/udp)
http://isc.sans.org/diary.html?storyid=7478
Aruba Access Point 802.11 Association Request Processing Flaw Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Oct/1023100.html
Mozilla Firefox Proxy Auto-configuration regexp Parsing Flaw Lets Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Oct/1023099.html
Mozilla Firefox Download Files Containing RTL Override Characters May Be Used to Spoof the Download Filename
http://securitytracker.com/alerts/2009/Oct/1023098.html
Mozilla Firefox Lets Remote Users Bypass Cross-Domain Restrictions
http://securitytracker.com/alerts/2009/Oct/1023097.html
SEIL Routers IPv6 Denial of Service Vulnerability
http://secunia.com/advisories/37188/
Red Hat update for samba
http://secunia.com/advisories/37187/
VMware Products Directory Traversal File Disclosure Vulnerability
http://secunia.com/advisories/37186/
Bftpd Denial of Service Vulnerability
http://secunia.com/advisories/37185/
Sun Solaris Trusted Extensions Policy Security Bypass
http://secunia.com/advisories/37184/
Opera Multiple Vulnerabilities
http://secunia.com/advisories/37182/
Rising Products Insecure Default Directory Permissions
http://secunia.com/advisories/37181/
McAfee Products PDF and TAR Handling Security Bypass
http://secunia.com/advisories/37179/
Red Hat update for samba
http://secunia.com/advisories/37177/
Wireshark Denial of Service Vulnerabilities
http://secunia.com/advisories/37175/
Mozilla SeaMonkey Multiple Vulnerabilities
http://secunia.com/advisories/37173/
VMware Products Guest Privilege Escalation Vulnerability
http://secunia.com/advisories/37172/
Right Hemisphere Products U3D Parsing Array Indexing Vulnerability
http://secunia.com/advisories/37165/
SEIL Routers Denial of Service and Buffer Overflow Vulnerabilities
http://secunia.com/advisories/37154/
Red Hat update for seamonkey
http://secunia.com/advisories/37153/
Red Hat update for firefox
http://secunia.com/advisories/37148/
AOL AIM SIPFoundry sipXtapi Buffer Overflow Vulnerabilities
http://secunia.com/advisories/37143/
Mozilla Firefox Multiple Vulnerabilities
http://secunia.com/advisories/36711/
myPhile "myuser" Parameter Authentication Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3077
Collabtive Arbitrary File and Folder Deletion Vulnerability
http://www.vupen.com/english/advisories/2009/3076
Right Hemisphere Deep Exploration U3D Memory Corruption Issue
http://www.vupen.com/english/advisories/2009/3075
jCore User Permissions Handling Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2009/3074
Opera Browser Remote Code Execution and Spoofing Vulnerabilities
http://www.vupen.com/english/advisories/2009/3073
Rising Products Multiple Local Privilege Escalation Vulnerabilities
http://www.vupen.com/english/advisories/2009/3072
Wowd "index.html" Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/3071
Sun Solaris Trusted Extensions Policy Code Execution Vulnerability
http://www.vupen.com/english/advisories/2009/3070
McAfee Products TAR and PDF Handling Security Bypass Issues
http://www.vupen.com/english/advisories/2009/3069
Drupal Insert Node Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/36861
Drupal LDAP Integration Cross Site Scripting and Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/36860
OpenBSD 'getsockopt(2)' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36859
Microsoft GDI+ TIFF File Processing 'BitsPerSample' Tag Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36646
Microsoft GDI+ CCITT G4 TIFF File Processing Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36647
Microsoft GDI+ .NET Framework Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36648
Microsoft GDI+ PNG File Processing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36645
Microsoft GDI+ PNG File Integer Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36649
Microsoft GDI+ WMF File Processing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36619
Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36855
Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36843
Mozilla Firefox Form History Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36853
Mozilla FireFox Download Manager World Writable File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36852
nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36839
Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36639
TFTgallery 'album' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36833
GD Graphics Library '_gdGetColors' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36712
Linux Kernel KVM 'kvm_dev_ioctl_get_supported_cpuid()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/36803
phpMyAdmin SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/36658
HTML-Parser Invalid HTML Entity Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36807
Basic Analysis and Security Engine Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/36830
python-markdown2 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36829
eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35850
PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36314
FreeType Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34550
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
Poppler 'create_surface_from_thumbnail_data()' Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36718
BackupPC 'ClientNameAlias()' Security Bypass Vulnerability
http://www.securityfocus.com/bid/36575
Samba Format String And Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/35472
Samba Misconfigured '/etc/passwd' File Security Bypass Vulnerability
http://www.securityfocus.com/bid/36363
Samba Oplock Break Notification Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36573
Samba setuid 'mount.cifs' Verbose Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36572
Linux Kernel eCryptfs 'parse_tag_11()' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35851
Linux Kernel KVM 'kvm_emulate_hypercall()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36512
Linux Kernel 'PER_CLEAR_ON_SETID' Incomplete Personality List Access Validation Weakness
http://www.securityfocus.com/bid/35647
Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36379
Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35929
Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36827
Linux Kernel 'net/ax25/af_ax25.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36635
Linux Kernel 64-bit Kernel Register Memory Leak Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36576
Multiple Rising Products Insecure Program File Permissions Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36836
Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
http://www.securityfocus.com/bid/36851
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
OpenLDAP X.509 Certificate NULL Character Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36844
Opera Web Browser prior to 10.01 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36850
KDE Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/36845
Wireshark 1.2.2 and 1.0.9 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36846
AOL AIM 'sipXtapi.dll' Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36849
McAfee Products TAR and PDF Files Scan Evasion Vulnerabilities
http://www.securityfocus.com/bid/36848
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002160.html
JVNDB-2009-002159 Cisco IOS におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002159.html
JVNDB-2009-002158 Cisco IOS の Firewall 認証プロキシ機能における認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002158.html
JVNDB-2009-002157 Cisco IOS における SIP 検査機能に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002157.html
JVNDB-2009-002156 Cisco IOS における NTPv4 パケットの処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002156.html
JVNDB-2009-001956 複数の Mozilla 製品 における任意の SSL サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001956.html
JVNDB-2009-001955 Mozilla NSS の正規表現の解析における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001955.html
JVNDB-2009-001296 IBM Lotus Domino のサーバ内 IMAP タスクにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001296.html
JVNDB-2004-000030 Apache HTTP Server の mod_digest モジュールにおける不完全な認証の脆弱性
http://jvndb.jvn.jp/ja/contents/2004/JVNDB-2004-000030.html
[Clamav-announce] announcing ClamAV 0.95.3
http://lurker.clamav.net/thread/20091028.204922.5b470633.en.html
More on the E2-Labs scam
http://www.zone-h.org/news/id/4717
Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36852
Mozilla Firefox JavaScript Web-Workers Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36854
+ Security Vulnerability in Mozilla Thunderbird Related to SSL Certificates May Cause Arbitrary Code Execution
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269468-1
+ [GSEC-47-2009] - Symantec generic PDF bypass
http://www.g-sec.lu/symantec-pdf-bypass.html
+ Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36827
Sun SPARC Enterprise M4000/5000/8000/9000 Servers With Patch 127127-11 May Experience Random Panics
http://sunsolve.sun.com/search/document.do?assetkey=1-66-239647-1
FreeBSD 8.0-RC2 Available
http://lists.freebsd.org/pipermail/freebsd-stable/2009-October/052544.html
Debian : New expat packages fix denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30747
Independent Researcher : Hijacking Opera's Native Page using malicious RSS payloads
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30757
Secunia : Secunia Research: Mozilla Firefox Floating Point Memory Allocation Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30763
G-SEC : Symantec generic PDF detection bypass
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30754
G-SEC : F-SECURE - Generic PDF detection bypass
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30755
G-SEC : McAfee generic PDF detection bypass
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30756
Google Security Team : Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30752
Independent Researcher : Adobe Acrobat Reader up to 9.1.1 ONLY Linux integer overflow to heap overflow.
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30760
Mandriva : kernel
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30746
oCERT : KDE multiple issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30762
Protek Research Lab : {PRL} Rising Firewall 2009 Privilege Escalation
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30759
Red Hat : Moderate: samba security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30748
Red Hat : Moderate: samba security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30749
Red Hat : Critical: firefox security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30750
Red Hat : Critical: seamonkey security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30751
ShineShadow : Rising Multiple Products Local Privilege Escalation Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30758
VMware : VMware hosted products and ESX patches resolve two security issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30753
Aruba Networks : Malformed 802.11 Association Request frame causes Denial of Service condition on an Access Point
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30761
PHP168 v6.0 rc
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00259.html
[SECURITY] [DSA 1921-1] New expat packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00270.html
Secunia Research: Mozilla Firefox Floating Point Memory Allocation Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00266.html
[G-SEC 49-2009] McAfee generic PDF detection bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00268.html
[G-SEC 48-2009] F-SECURE - Generic PDF detection bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00275.html
[G-SEC 47-2009] Symantec generic PDF detection bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00264.html
Mariposa Botnet C&C decryption plugin for wireshark
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00262.html
[oCERT-2009-015] KDE multiple issues
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00261.html
[ MDVSA-2009:289 ] kernel
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00260.html
VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00273.html
Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00274.html
PUBLIC ADVISORY: 10.28.09: Mozilla Firefox GIF Color Map Parsing Buffer Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=830
Cyber Security Awareness Month - Day 28 - ntp (123/udp)
http://isc.sans.org/diary.html?storyid=7478
Aruba Access Point 802.11 Association Request Processing Flaw Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Oct/1023100.html
Mozilla Firefox Proxy Auto-configuration regexp Parsing Flaw Lets Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Oct/1023099.html
Mozilla Firefox Download Files Containing RTL Override Characters May Be Used to Spoof the Download Filename
http://securitytracker.com/alerts/2009/Oct/1023098.html
Mozilla Firefox Lets Remote Users Bypass Cross-Domain Restrictions
http://securitytracker.com/alerts/2009/Oct/1023097.html
SEIL Routers IPv6 Denial of Service Vulnerability
http://secunia.com/advisories/37188/
Red Hat update for samba
http://secunia.com/advisories/37187/
VMware Products Directory Traversal File Disclosure Vulnerability
http://secunia.com/advisories/37186/
Bftpd Denial of Service Vulnerability
http://secunia.com/advisories/37185/
Sun Solaris Trusted Extensions Policy Security Bypass
http://secunia.com/advisories/37184/
Opera Multiple Vulnerabilities
http://secunia.com/advisories/37182/
Rising Products Insecure Default Directory Permissions
http://secunia.com/advisories/37181/
McAfee Products PDF and TAR Handling Security Bypass
http://secunia.com/advisories/37179/
Red Hat update for samba
http://secunia.com/advisories/37177/
Wireshark Denial of Service Vulnerabilities
http://secunia.com/advisories/37175/
Mozilla SeaMonkey Multiple Vulnerabilities
http://secunia.com/advisories/37173/
VMware Products Guest Privilege Escalation Vulnerability
http://secunia.com/advisories/37172/
Right Hemisphere Products U3D Parsing Array Indexing Vulnerability
http://secunia.com/advisories/37165/
SEIL Routers Denial of Service and Buffer Overflow Vulnerabilities
http://secunia.com/advisories/37154/
Red Hat update for seamonkey
http://secunia.com/advisories/37153/
Red Hat update for firefox
http://secunia.com/advisories/37148/
AOL AIM SIPFoundry sipXtapi Buffer Overflow Vulnerabilities
http://secunia.com/advisories/37143/
Mozilla Firefox Multiple Vulnerabilities
http://secunia.com/advisories/36711/
myPhile "myuser" Parameter Authentication Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3077
Collabtive Arbitrary File and Folder Deletion Vulnerability
http://www.vupen.com/english/advisories/2009/3076
Right Hemisphere Deep Exploration U3D Memory Corruption Issue
http://www.vupen.com/english/advisories/2009/3075
jCore User Permissions Handling Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2009/3074
Opera Browser Remote Code Execution and Spoofing Vulnerabilities
http://www.vupen.com/english/advisories/2009/3073
Rising Products Multiple Local Privilege Escalation Vulnerabilities
http://www.vupen.com/english/advisories/2009/3072
Wowd "index.html" Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/3071
Sun Solaris Trusted Extensions Policy Code Execution Vulnerability
http://www.vupen.com/english/advisories/2009/3070
McAfee Products TAR and PDF Handling Security Bypass Issues
http://www.vupen.com/english/advisories/2009/3069
Drupal Insert Node Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/36861
Drupal LDAP Integration Cross Site Scripting and Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/36860
OpenBSD 'getsockopt(2)' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36859
Microsoft GDI+ TIFF File Processing 'BitsPerSample' Tag Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36646
Microsoft GDI+ CCITT G4 TIFF File Processing Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36647
Microsoft GDI+ .NET Framework Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36648
Microsoft GDI+ PNG File Processing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36645
Microsoft GDI+ PNG File Integer Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36649
Microsoft GDI+ WMF File Processing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36619
Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36855
Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36843
Mozilla Firefox Form History Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36853
Mozilla FireFox Download Manager World Writable File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36852
nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36839
Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36639
TFTgallery 'album' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36833
GD Graphics Library '_gdGetColors' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36712
Linux Kernel KVM 'kvm_dev_ioctl_get_supported_cpuid()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/36803
phpMyAdmin SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/36658
HTML-Parser Invalid HTML Entity Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36807
Basic Analysis and Security Engine Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/36830
python-markdown2 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36829
eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35850
PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36314
FreeType Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34550
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
Poppler 'create_surface_from_thumbnail_data()' Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36718
BackupPC 'ClientNameAlias()' Security Bypass Vulnerability
http://www.securityfocus.com/bid/36575
Samba Format String And Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/35472
Samba Misconfigured '/etc/passwd' File Security Bypass Vulnerability
http://www.securityfocus.com/bid/36363
Samba Oplock Break Notification Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36573
Samba setuid 'mount.cifs' Verbose Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36572
Linux Kernel eCryptfs 'parse_tag_11()' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35851
Linux Kernel KVM 'kvm_emulate_hypercall()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36512
Linux Kernel 'PER_CLEAR_ON_SETID' Incomplete Personality List Access Validation Weakness
http://www.securityfocus.com/bid/35647
Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36379
Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35929
Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36827
Linux Kernel 'net/ax25/af_ax25.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36635
Linux Kernel 64-bit Kernel Register Memory Leak Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36576
Multiple Rising Products Insecure Program File Permissions Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36836
Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
http://www.securityfocus.com/bid/36851
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
OpenLDAP X.509 Certificate NULL Character Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36844
Opera Web Browser prior to 10.01 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36850
KDE Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/36845
Wireshark 1.2.2 and 1.0.9 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36846
AOL AIM 'sipXtapi.dll' Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36849
McAfee Products TAR and PDF Files Scan Evasion Vulnerabilities
http://www.securityfocus.com/bid/36848
2009年10月28日水曜日
28日 水曜日、先勝
VMSA-2009-0015: VMware hosted products and ESX patches resolve two security issues
http://www.vmware.com/security/advisories/VMSA-2009-0015.html
Installing the Performance Overview Plug-In in VirtualCenter 2.5 Update 4 and above
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1008296&sliceId=1&docTypeID=DT_KB_1_1
Web サイト経由でのマルウエア感染拡大に関する注意喚起
http://www.jpcert.or.jp/at/2009/at090023.txt
JPCERT/CC WEEKLY REPORT 2009-10-28
http://www.jpcert.or.jp/wr/2009/wr094101.html
JVN#13011682 SEIL/X シリーズおよび SEIL/B1 におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN13011682/index.html
JVN#06362164 SEIL/X シリーズおよび SEIL/B1 におけるバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN06362164/index.html
JVNDB-2009-000070 SEIL/X シリーズおよび SEIL/B1 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000070.html
JVNDB-2009-000069 SEIL/X シリーズおよび SEIL/B1 におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000069.html
JVNDB-2009-002155 Apple iTunes におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002155.html
JVNDB-2009-002154 PostgreSQL の core server コンポーネントにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002154.html
JVNDB-2009-002153 FreeRADIUS における Tunnel-Password 属性値の処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002153.html
JVNDB-2009-002152 Nginx ngx_http_parse_complex_uri() にバッファアンダーランの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002152.html
JVNDB-2009-002151 Linux kernel の z90crypt ドライバにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002151.html
Sniffing SSL: RFC 4366 and TLS Extensions
http://isc.sans.org/diary.html?storyid=7477
Mozilla Firefox Lets Local Users Modify Downloaded Files in Certain Cases
http://securitytracker.com/alerts/2009/Oct/1023096.html
Cherokee Web Server GET AUX Request Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Oct/1023095.html
Mozilla Firefox May Disclose Form History to Remote Users
http://securitytracker.com/alerts/2009/Oct/1023094.html
Mozilla Firefox Media Libraries Contain Flaws That Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Oct/1023091.html
Mozilla Firefox Bugs in JavaScript Engine, Browser Engine, and Other Components Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Oct/1023090.html
VMware ESX/ESXi Directory Traversal Flaw Lets Remote Users Obtain Arbitrary Files
http://securitytracker.com/alerts/2009/Oct/1023089.html
VMware Server Directory Traversal Flaw Lets Remote Users Obtain Arbitrary Files
http://securitytracker.com/alerts/2009/Oct/1023088.html
VMware ESX Page Fault Exception Handling Flaw Lets Local Users on a Guest OS Gain Elevated Privileges on the Guest OS
http://securitytracker.com/alerts/2009/Oct/1023083.html
VMware Page Fault Exception Handling Flaw Lets Local Users on a Guest OS Gain Elevated Privileges on the Guest OS
http://securitytracker.com/alerts/2009/Oct/1023082.html
Firefox 3.5.4 / 3.0.15 リリース
http://mozilla.jp/firefox/3.5.4/releasenotes/
http://mozilla.jp/firefox/3.0.15/releasenotes/
Mozilla SeaMonkey Code Execution and Spoofing Vulnerabilities
http://www.vupen.com/english/advisories/2009/3064
Mozilla Firefox Code Execution and Information Disclosure Vulnerabilities
http://www.vupen.com/english/advisories/2009/3063
VMware Directory Traversal and Privilege Escalation Vulnerabilities
http://www.vupen.com/english/advisories/2009/3062
Wireshark Multiple Protocol Dissector Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/3061
Adobe Reader and Acrobat (CVE-2009-2994) U3D 'CLODMeshDeclaration' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36689
+ Multiple Integer Overflow Vulnerabilities in the FreeType 2 Font Engine May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1
+ Security Vulnerabilities in PostgreSQL Shipped with Solaris may Allow a Denial of Service (DoS) or Privilege Escalation
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1
http://www.securityfocus.com/bid/36314
+ A Security Weakness in Solaris Trusted Extensions May Facilitate Privilege Escalation
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270969-1
http://www.securityfocus.com/bid/36840
+ Security Vulnerability in Mozilla Thunderbird Related to SSL Certificates May Cause Arbitrary Code Execution
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269468-1
+ RHSA-2009:1528-1: Moderate: samba security and bug fix update
http://rhn.redhat.com/errata/RHSA-2009-1528.html
+ RHSA-2009:1529-1: Moderate: samba security update
http://rhn.redhat.com/errata/RHSA-2009-1529.html
+ [Security-announce] VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues
http://lists.vmware.com/pipermail/security-announce/2009/000069.html
http://www.securityfocus.com/bid/36841
+ Linux Kernel connector Security Bypass
http://secunia.com/advisories/37113/
http://www.vupen.com/english/advisories/2009/3050
http://www.securityfocus.com/bid/36834
+ OpenLDAP NULL Character Handling Certificate Spoofing Vulnerability
http://www.vupen.com/english/advisories/2009/3056
- Multiple Security Vulnerabilities in Adobe Reader for Solaris 10 May Allow Execution of Arbitrary Code or Cause Denial of Service (DoS) - Adobe Security Bulletin APSB09-15
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270669-1
SUN ALERT WEEKLY SUMMARY REPORT - Week of 18-Oct-2009 to 24-Oct-2009
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270929-1
Asterisk : ACL not respected on SIP INVITE
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30740
Debian : New nginx packages fix denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30738
DSecRG : Oracle 10g CTXSYS.DRVXTABC - plsql injection
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30745
Independent Researcher : squidGuard 1.3 & 1.4 : buffer overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30739
Independent Researcher : Cherokee Web Server 0.5.4 Denial Of Service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30741
NGSSoftware : SharePoint 2007 ASP.NET Source Code Disclosure
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30744
RHBA-2009:1525-1: libuser bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1525.html
RHBA-2009:1527-1: nss_ldap bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1527.html
RHSA-2009:1530-1: Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2009-1530.html
RHSA-2009:1531-1: Critical: seamonkey security update
http://rhn.redhat.com/errata/RHSA-2009-1531.html
{PRL} Rising Antivirus 2009 Privilege Escalation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00249.html
{PRL} Rising Firewall 2009 Privilege Escalation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00247.html
Rising Multiple Products Local Privilege Escalation Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00246.html
Adobe Acrobat Reader up to 9.1.1 ONLY Linux integer overflow to heap overflow.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00248.html
Aruba Networks Advisory ID: AID-102609 - Malformed 802.11 Association Request frame causes
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00258.html
Cyber Security Awareness Month - Day 27 - Active Directory Ports
http://isc.sans.org/diary.html?storyid=7468
New VMware Desktop Products Released (Workstation, Fusion, ACE)
http://isc.sans.org/diary.html?storyid=7471
VMware Security Advisory: VMSA-2009-0015
http://isc.sans.org/diary.html?storyid=7474
FURUKAWA ELECTRIC FITELnet-F Series IPv6 Neighbor Discovery Protocol Denial of Service
http://secunia.com/advisories/37171/
Yamaha RT Series Routers IPv6 Neighbor Discovery Protocol Denial of Service
http://secunia.com/advisories/37170/
Fedora update for systemtap
http://secunia.com/advisories/37167/
Fedora update for python-markdown2
http://secunia.com/advisories/37166/
Fedora update for jasper
http://secunia.com/advisories/37164/
Fedora update for kernel
http://secunia.com/advisories/37163/
Fedora update for wordpress
http://secunia.com/advisories/37162/
Fedora update for BackupPC
http://secunia.com/advisories/37161/
Fedora update for sahana
http://secunia.com/advisories/37160/
Fedora update for poppler
http://secunia.com/advisories/37159/
TFT Gallery "album" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37156/
Basic Analysis And Security Engine Multiple Vulnerabilities
http://secunia.com/advisories/37147/
python-markdown2 Script Insertion Vulnerabilities
http://secunia.com/advisories/37142/
Linux Kernel connector Security Bypass
http://secunia.com/advisories/37113/
Debian update for nginx
http://secunia.com/advisories/37110/
IBM Lotus Connections Mobile Activities Cross-Site Scripting
http://secunia.com/advisories/37106/
Aruba Mobility Controller 802.11 Association Request Denial of Service
http://secunia.com/advisories/37085/
Asterisk SIP INVITE ACL Security Bypass
http://secunia.com/advisories/37056/
Zone-H statement on security trainings offered by E2-labs.com
http://www.zone-h.org/news/id/4716
KDE Request Injection and Directory Traversal Vulnerabilities
http://www.vupen.com/english/advisories/2009/3060
Jetty Servlets Cross Site Scripting and Information Disclosure Issues
http://www.vupen.com/english/advisories/2009/3059
TFT Gallery "album" Parameter Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/3058
Novell eDirectory HTTP Request Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3057
OpenLDAP NULL Character Handling Certificate Spoofing Vulnerability
http://www.vupen.com/english/advisories/2009/3056
Mutt SSL NULL Character Handling Certificate Spoofing Vulnerability
http://www.vupen.com/english/advisories/2009/3055
Basic Analysis and Security Engine Multiple Remote Vulnerabilities
http://www.vupen.com/english/advisories/2009/3054
FURUKAWA ELECTRIC FITELnet-F Series IPv6 DoS Vulnerability
http://www.vupen.com/english/advisories/2009/3053
Yamaha RT IPv6 Neighbor Discovery Protocol DoS Vulnerability
http://www.vupen.com/english/advisories/2009/3052
Aruba Networks ArubaOS 802.11 Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3051
Linux Kernel Connectors Multiple Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2009/3050
Asterisk SIP INVITE Handling ACL Check Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3049
IBM Lotus Connections Mobile Activities Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/3048
Python-markdown2 Image Reference and MD5 Script Injection Issues
http://www.vupen.com/english/advisories/2009/3041
Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36843
Sahana 'mod' Parameter Local File Disclosure Vulnerability
http://www.securityfocus.com/bid/36826
JasPer 1.900.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/31470
EMC RepliStor Server 'rep_serv.exe' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36738
TBmnetCMS 'content' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36733
Opial Multiple Vulnerabilities
http://www.securityfocus.com/bid/35641
VMware Products Page Fault Exception Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36841
VMware Products Directory Traversal Vulnerability
http://www.securityfocus.com/bid/36842
Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36814
Linux Kernel eCryptfs 'parse_tag_11()' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35851
Linux Kernel KVM 'kvm_emulate_hypercall()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36512
Linux Kernel 'PER_CLEAR_ON_SETID' Incomplete Personality List Access Validation Weakness
http://www.securityfocus.com/bid/35647
Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36639
eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35850
Websense Email Security Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/36741
Websense Email Security and Email Manager 'STEMWADM.EXE' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36740
Asterisk Missing ACL Check Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/36821
Aruba Mobility Controller 802.11 Association Request Frame Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36832
Achievo 'debugger.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/36822
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35888
Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35891
Computer Associates SiteMinder Web Agent Smpwservices.FCC Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/26375
Sun Solaris Trusted Extensions Policy Configuration Remote Privilege Escalation Weakness
http://www.securityfocus.com/bid/36840
Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/36824
Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723
Gpg4win Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36811
Smarty Template Engine 'Smarty_Compiler.class.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/31862
FreeType Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34550
Smarty Template Engine 'function.math.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34918
Bftpd Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36820
RunCMS 'forum' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36816
SystemTap Unprivileged Mode Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/36778
RunCMS 'pid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36825
Perl UTF-8 Regular Expression Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36812
PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36314
Samba Format String And Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/35472
Samba Oplock Break Notification Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36573
Samba Misconfigured '/etc/passwd' File Security Bypass Vulnerability
http://www.securityfocus.com/bid/36363
Samba setuid 'mount.cifs' Verbose Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36572
Adobe Reader and Acrobat (CVE-2009-2994) U3D 'CLODMeshDeclaration' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36689
Linux Kernel Netlink Packets Security Bypass Vulnerability
http://www.securityfocus.com/bid/36834
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
Multiple Vendors IPv6 Implementation Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36835
IBM Lotus Connections Mobile Activities Pages Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36831
Poppler 'create_surface_from_thumbnail_data()' Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36718
BackupPC 'ClientNameAlias()' Security Bypass Vulnerability
http://www.securityfocus.com/bid/36575
Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36379
Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35929
Linux Kernel 'net/ax25/af_ax25.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36635
Linux Kernel 64-bit Kernel Register Memory Leak Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36576
KDE Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/36845
nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36839
Multiple Rising Products Insecure Program File Permissions Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36836
python-markdown2 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36829
http://www.vmware.com/security/advisories/VMSA-2009-0015.html
Installing the Performance Overview Plug-In in VirtualCenter 2.5 Update 4 and above
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1008296&sliceId=1&docTypeID=DT_KB_1_1
Web サイト経由でのマルウエア感染拡大に関する注意喚起
http://www.jpcert.or.jp/at/2009/at090023.txt
JPCERT/CC WEEKLY REPORT 2009-10-28
http://www.jpcert.or.jp/wr/2009/wr094101.html
JVN#13011682 SEIL/X シリーズおよび SEIL/B1 におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN13011682/index.html
JVN#06362164 SEIL/X シリーズおよび SEIL/B1 におけるバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN06362164/index.html
JVNDB-2009-000070 SEIL/X シリーズおよび SEIL/B1 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000070.html
JVNDB-2009-000069 SEIL/X シリーズおよび SEIL/B1 におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000069.html
JVNDB-2009-002155 Apple iTunes におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002155.html
JVNDB-2009-002154 PostgreSQL の core server コンポーネントにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002154.html
JVNDB-2009-002153 FreeRADIUS における Tunnel-Password 属性値の処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002153.html
JVNDB-2009-002152 Nginx ngx_http_parse_complex_uri() にバッファアンダーランの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002152.html
JVNDB-2009-002151 Linux kernel の z90crypt ドライバにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002151.html
Sniffing SSL: RFC 4366 and TLS Extensions
http://isc.sans.org/diary.html?storyid=7477
Mozilla Firefox Lets Local Users Modify Downloaded Files in Certain Cases
http://securitytracker.com/alerts/2009/Oct/1023096.html
Cherokee Web Server GET AUX Request Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Oct/1023095.html
Mozilla Firefox May Disclose Form History to Remote Users
http://securitytracker.com/alerts/2009/Oct/1023094.html
Mozilla Firefox Media Libraries Contain Flaws That Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Oct/1023091.html
Mozilla Firefox Bugs in JavaScript Engine, Browser Engine, and Other Components Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Oct/1023090.html
VMware ESX/ESXi Directory Traversal Flaw Lets Remote Users Obtain Arbitrary Files
http://securitytracker.com/alerts/2009/Oct/1023089.html
VMware Server Directory Traversal Flaw Lets Remote Users Obtain Arbitrary Files
http://securitytracker.com/alerts/2009/Oct/1023088.html
VMware ESX Page Fault Exception Handling Flaw Lets Local Users on a Guest OS Gain Elevated Privileges on the Guest OS
http://securitytracker.com/alerts/2009/Oct/1023083.html
VMware Page Fault Exception Handling Flaw Lets Local Users on a Guest OS Gain Elevated Privileges on the Guest OS
http://securitytracker.com/alerts/2009/Oct/1023082.html
Firefox 3.5.4 / 3.0.15 リリース
http://mozilla.jp/firefox/3.5.4/releasenotes/
http://mozilla.jp/firefox/3.0.15/releasenotes/
Mozilla SeaMonkey Code Execution and Spoofing Vulnerabilities
http://www.vupen.com/english/advisories/2009/3064
Mozilla Firefox Code Execution and Information Disclosure Vulnerabilities
http://www.vupen.com/english/advisories/2009/3063
VMware Directory Traversal and Privilege Escalation Vulnerabilities
http://www.vupen.com/english/advisories/2009/3062
Wireshark Multiple Protocol Dissector Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/3061
Adobe Reader and Acrobat (CVE-2009-2994) U3D 'CLODMeshDeclaration' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36689
+ Multiple Integer Overflow Vulnerabilities in the FreeType 2 Font Engine May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1
+ Security Vulnerabilities in PostgreSQL Shipped with Solaris may Allow a Denial of Service (DoS) or Privilege Escalation
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1
http://www.securityfocus.com/bid/36314
+ A Security Weakness in Solaris Trusted Extensions May Facilitate Privilege Escalation
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270969-1
http://www.securityfocus.com/bid/36840
+ Security Vulnerability in Mozilla Thunderbird Related to SSL Certificates May Cause Arbitrary Code Execution
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269468-1
+ RHSA-2009:1528-1: Moderate: samba security and bug fix update
http://rhn.redhat.com/errata/RHSA-2009-1528.html
+ RHSA-2009:1529-1: Moderate: samba security update
http://rhn.redhat.com/errata/RHSA-2009-1529.html
+ [Security-announce] VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues
http://lists.vmware.com/pipermail/security-announce/2009/000069.html
http://www.securityfocus.com/bid/36841
+ Linux Kernel connector Security Bypass
http://secunia.com/advisories/37113/
http://www.vupen.com/english/advisories/2009/3050
http://www.securityfocus.com/bid/36834
+ OpenLDAP NULL Character Handling Certificate Spoofing Vulnerability
http://www.vupen.com/english/advisories/2009/3056
- Multiple Security Vulnerabilities in Adobe Reader for Solaris 10 May Allow Execution of Arbitrary Code or Cause Denial of Service (DoS) - Adobe Security Bulletin APSB09-15
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270669-1
SUN ALERT WEEKLY SUMMARY REPORT - Week of 18-Oct-2009 to 24-Oct-2009
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270929-1
Asterisk : ACL not respected on SIP INVITE
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30740
Debian : New nginx packages fix denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30738
DSecRG : Oracle 10g CTXSYS.DRVXTABC - plsql injection
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30745
Independent Researcher : squidGuard 1.3 & 1.4 : buffer overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30739
Independent Researcher : Cherokee Web Server 0.5.4 Denial Of Service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30741
NGSSoftware : SharePoint 2007 ASP.NET Source Code Disclosure
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30744
RHBA-2009:1525-1: libuser bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1525.html
RHBA-2009:1527-1: nss_ldap bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1527.html
RHSA-2009:1530-1: Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2009-1530.html
RHSA-2009:1531-1: Critical: seamonkey security update
http://rhn.redhat.com/errata/RHSA-2009-1531.html
{PRL} Rising Antivirus 2009 Privilege Escalation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00249.html
{PRL} Rising Firewall 2009 Privilege Escalation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00247.html
Rising Multiple Products Local Privilege Escalation Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00246.html
Adobe Acrobat Reader up to 9.1.1 ONLY Linux integer overflow to heap overflow.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00248.html
Aruba Networks Advisory ID: AID-102609 - Malformed 802.11 Association Request frame causes
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00258.html
Cyber Security Awareness Month - Day 27 - Active Directory Ports
http://isc.sans.org/diary.html?storyid=7468
New VMware Desktop Products Released (Workstation, Fusion, ACE)
http://isc.sans.org/diary.html?storyid=7471
VMware Security Advisory: VMSA-2009-0015
http://isc.sans.org/diary.html?storyid=7474
FURUKAWA ELECTRIC FITELnet-F Series IPv6 Neighbor Discovery Protocol Denial of Service
http://secunia.com/advisories/37171/
Yamaha RT Series Routers IPv6 Neighbor Discovery Protocol Denial of Service
http://secunia.com/advisories/37170/
Fedora update for systemtap
http://secunia.com/advisories/37167/
Fedora update for python-markdown2
http://secunia.com/advisories/37166/
Fedora update for jasper
http://secunia.com/advisories/37164/
Fedora update for kernel
http://secunia.com/advisories/37163/
Fedora update for wordpress
http://secunia.com/advisories/37162/
Fedora update for BackupPC
http://secunia.com/advisories/37161/
Fedora update for sahana
http://secunia.com/advisories/37160/
Fedora update for poppler
http://secunia.com/advisories/37159/
TFT Gallery "album" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37156/
Basic Analysis And Security Engine Multiple Vulnerabilities
http://secunia.com/advisories/37147/
python-markdown2 Script Insertion Vulnerabilities
http://secunia.com/advisories/37142/
Linux Kernel connector Security Bypass
http://secunia.com/advisories/37113/
Debian update for nginx
http://secunia.com/advisories/37110/
IBM Lotus Connections Mobile Activities Cross-Site Scripting
http://secunia.com/advisories/37106/
Aruba Mobility Controller 802.11 Association Request Denial of Service
http://secunia.com/advisories/37085/
Asterisk SIP INVITE ACL Security Bypass
http://secunia.com/advisories/37056/
Zone-H statement on security trainings offered by E2-labs.com
http://www.zone-h.org/news/id/4716
KDE Request Injection and Directory Traversal Vulnerabilities
http://www.vupen.com/english/advisories/2009/3060
Jetty Servlets Cross Site Scripting and Information Disclosure Issues
http://www.vupen.com/english/advisories/2009/3059
TFT Gallery "album" Parameter Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/3058
Novell eDirectory HTTP Request Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3057
OpenLDAP NULL Character Handling Certificate Spoofing Vulnerability
http://www.vupen.com/english/advisories/2009/3056
Mutt SSL NULL Character Handling Certificate Spoofing Vulnerability
http://www.vupen.com/english/advisories/2009/3055
Basic Analysis and Security Engine Multiple Remote Vulnerabilities
http://www.vupen.com/english/advisories/2009/3054
FURUKAWA ELECTRIC FITELnet-F Series IPv6 DoS Vulnerability
http://www.vupen.com/english/advisories/2009/3053
Yamaha RT IPv6 Neighbor Discovery Protocol DoS Vulnerability
http://www.vupen.com/english/advisories/2009/3052
Aruba Networks ArubaOS 802.11 Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3051
Linux Kernel Connectors Multiple Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2009/3050
Asterisk SIP INVITE Handling ACL Check Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3049
IBM Lotus Connections Mobile Activities Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/3048
Python-markdown2 Image Reference and MD5 Script Injection Issues
http://www.vupen.com/english/advisories/2009/3041
Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36843
Sahana 'mod' Parameter Local File Disclosure Vulnerability
http://www.securityfocus.com/bid/36826
JasPer 1.900.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/31470
EMC RepliStor Server 'rep_serv.exe' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36738
TBmnetCMS 'content' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36733
Opial Multiple Vulnerabilities
http://www.securityfocus.com/bid/35641
VMware Products Page Fault Exception Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36841
VMware Products Directory Traversal Vulnerability
http://www.securityfocus.com/bid/36842
Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36814
Linux Kernel eCryptfs 'parse_tag_11()' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35851
Linux Kernel KVM 'kvm_emulate_hypercall()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36512
Linux Kernel 'PER_CLEAR_ON_SETID' Incomplete Personality List Access Validation Weakness
http://www.securityfocus.com/bid/35647
Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36639
eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35850
Websense Email Security Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/36741
Websense Email Security and Email Manager 'STEMWADM.EXE' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36740
Asterisk Missing ACL Check Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/36821
Aruba Mobility Controller 802.11 Association Request Frame Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36832
Achievo 'debugger.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/36822
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35888
Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35891
Computer Associates SiteMinder Web Agent Smpwservices.FCC Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/26375
Sun Solaris Trusted Extensions Policy Configuration Remote Privilege Escalation Weakness
http://www.securityfocus.com/bid/36840
Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/36824
Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723
Gpg4win Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36811
Smarty Template Engine 'Smarty_Compiler.class.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/31862
FreeType Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34550
Smarty Template Engine 'function.math.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34918
Bftpd Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36820
RunCMS 'forum' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36816
SystemTap Unprivileged Mode Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/36778
RunCMS 'pid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36825
Perl UTF-8 Regular Expression Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36812
PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36314
Samba Format String And Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/35472
Samba Oplock Break Notification Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36573
Samba Misconfigured '/etc/passwd' File Security Bypass Vulnerability
http://www.securityfocus.com/bid/36363
Samba setuid 'mount.cifs' Verbose Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36572
Adobe Reader and Acrobat (CVE-2009-2994) U3D 'CLODMeshDeclaration' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36689
Linux Kernel Netlink Packets Security Bypass Vulnerability
http://www.securityfocus.com/bid/36834
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
Multiple Vendors IPv6 Implementation Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36835
IBM Lotus Connections Mobile Activities Pages Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36831
Poppler 'create_surface_from_thumbnail_data()' Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36718
BackupPC 'ClientNameAlias()' Security Bypass Vulnerability
http://www.securityfocus.com/bid/36575
Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36379
Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35929
Linux Kernel 'net/ax25/af_ax25.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36635
Linux Kernel 64-bit Kernel Register Memory Leak Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36576
KDE Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/36845
nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36839
Multiple Rising Products Insecure Program File Permissions Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36836
python-markdown2 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36829
2009年10月27日火曜日
27日 火曜日、赤口
「5分でできる!情報セキュリティポイント学習」ツールを公開
~事例で学ぶ中小企業のためのセキュリティ対策~
http://www.ipa.go.jp/security/vuln/documents/2009/200910_5mins_point.html
プレス発表
「中小企業における情報セキュリティ対策の実施状況等調査」報告書を公開
http://www.ipa.go.jp/about/press/20091027.html
JVNVU#943657 複数の TCP の実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU943657/index.html
JVN#75368899 IPv6 を実装した複数の製品にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN75368899/index.html
JVNDB-2009-002150 Oracle Application Server の Oracle Internet Directory コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002150.html
JVNDB-2009-002149 Oracle Application Server の Oracle JDeveloper コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002149.html
JVNDB-2009-002148 Oracle Application Server および E-Business Suite の Oracle Forms コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002148.html
JVNDB-2009-002147 Oracle Application Server の Oracle BPEL Worklist Application コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002147.html
JVNDB-2009-002146 Oracle Application Server および E-Business Suite における Oracle Jinitiato コンポーネントに関連する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002146.html
JVNDB-2009-002079 Linux kernel の execve 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002079.html
JVNDB-2009-002078 Linux kernel の do_sigaltstack 関数における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002078.html
JVNDB-2009-002147 Oracle Application Server の Oracle BPEL Worklist Application コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002147.html
JVNDB-2009-002146 Oracle Application Server および E-Business Suite における Oracle Jinitiato コンポーネントに関連する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002146.html
JVNDB-2009-002079 Linux kernel の execve 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002079.html
JVNDB-2009-002078 Linux kernel の do_sigaltstack 関数における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002078.html
JVNDB-2009-001172 SystemTap における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001172.html
JVNDB-2009-001129 PostgreSQL のエラーメッセージの変換処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001129.html
JVNDB-2008-000018 Namazu におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000018.html
Social Engineering in Real-World Computer Attacks
http://isc.sans.org/diary.html?storyid=7465
Asterisk SIP INVITE ACL Can Be Bypassed By Remote Users
http://securitytracker.com/alerts/2009/Oct/1023080.html
squidGuard Buffer Overflow Lets Remote Users Bypass URL Filtering
http://securitytracker.com/alerts/2009/Oct/1023079.html
Novell eDirectory Buffer Overflow in 'dhost' Lets Remote Authenticated Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Oct/1023078.html
Perl UTF-8 Regex Processing Bug Lets Users Deny Service
http://securitytracker.com/alerts/2009/Oct/1023077.html
AST-2009-007: ACL not respected on SIP INVITE
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00239.html
+ Perl UTF-8 Denial of Service Vulnerability
http://secunia.com/advisories/37144/
http://www.vupen.com/english/advisories/2009/3023
http://www.securityfocus.com/bid/36812
[ANNOUNCE] PostgreSQL 8.5alpha2 Now Available
http://www.postgresql.org/about/news.1152
http://www.postgresql.org/ftp/source/8.5alpha2/
[ntp:announce] NTP 4.2.5p237-RC Released
http://www.ntp.org/downloads.html
SuSE : acroread, acroread_ja
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30725
SuSE : Apache and libapr
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30726
Debian : New phpmyadmin packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30730
Debian : New smarty packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30731
Gentoo Linux : Adobe Reader: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30732
Debian : New kdelibs packages fix SSL certificate verification weakness
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30727
Debian : New mimetex packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30728
Independent Researcher : 6.x and 7.x Multiple Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30737
Debian : New Linux 2.6.26 packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30723
Debian : New advi packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30729
Independent Researcher : Weak password Obfuscation
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30733
Mandriva : Proftpd
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30724
[SECURITY] [DSA-1920-1] New nginx packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00234.html
squidGuard 1.3 & 1.4 : buffer overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00213.html
[DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00222.html
SharePoint 2007 ASP.NET Source Code Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00201.html
[ GLSA 200910-03 ] Adobe Reader: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00220.html
[SECURITY] [DSA 1919-1] New smarty packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00219.html
[SECURITY] [DSA 1918-1] New phpmyadmin packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00218.html
Jetty 6.x and 7.x Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00214.html
RunCms v.2M1 /modules/forum/post.php - forum remote semi-blind SQL Injection Exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00197.html
Novell eDirectory 8.8 SP5 for Windows - Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00195.html
[SECURITY] [DSA 1917-1] New mimetex packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00194.html
[SECURITY] [DSA 1916-1] New kdelibs packages fix SSL certificate verification weakness
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00193.html
[SECURITY] [DSA 1912-2] New advi packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00192.html
[ MDVSA-2009:288 ] proftpd
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00190.html
JVNDB-2009-002144 Apple Xsan におけるユーザ名およびパスワードを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002144.html
HTML-Parser "decode_entities()" Denial of Service
http://secunia.com/advisories/37155/
SUSE update for apache2 and libapr1
http://secunia.com/advisories/37152/
SUSE Update for Multiple Packages
http://secunia.com/advisories/37151/
Debian update for advi
http://secunia.com/advisories/37150/
SUSE update for acroread and acroread_ja
http://secunia.com/advisories/37149/
Debian update for mimetex
http://secunia.com/advisories/37146/
Debian update for kdelibs
http://secunia.com/advisories/37145/
Perl UTF-8 Denial of Service Vulnerability
http://secunia.com/advisories/37144/
Gentoo update for acroread
http://secunia.com/advisories/37141/
Debian update for smarty
http://secunia.com/advisories/37140/
Debian update for phpmyadmin
http://secunia.com/advisories/37139/
RunCms "pid" SQL Injection Vulnerability
http://secunia.com/advisories/37137/
Pegasus Mail POP3 Error Buffer Overflow Vulnerability
http://secunia.com/advisories/37134/
Eureka Email POP3 Error Buffer Overflow Vulnerability
http://secunia.com/advisories/37132/
ProFTPD SSL Certificate NULL Character Processing Security Issue
http://secunia.com/advisories/37131/
Debian update for linux-2.6
http://secunia.com/advisories/37121/
Sun Java System Web Server Unspecified Buffer Overflow
http://secunia.com/advisories/37115/
vBulletin Cross Site Scripting Vulnerability
http://www.securiteam.com/unixfocus/6Y00O1PPPU.html
Poppler and Xpdf Integer Overflow Vulnerability
http://www.securiteam.com/unixfocus/6W00M1PPPQ.html
Avast! Local Privilege Escalation and DoS Vulnerabilities
http://www.securiteam.com/unixfocus/6V00L1PPPO.html
OSSIM Multiple Vulnerabilities
http://www.securiteam.com/unixfocus/6V00L1PPPO.html
Snort 2.8.5.1 Release
http://vrt-sourcefire.blogspot.com/2009/10/snort-2851-release.html
Web honeypot Update
http://isc.sans.org/diary.html?storyid=7456
Today: ISC Login bugfix day. If you have issues logging in using OpenID, please email a copy of your OpenID URL to jullrich\at\sans.edu
http://isc.sans.org/diary.html?storyid=7459
Cyber Security Awareness Month - Day 26 port1433/1434 MSSQL
http://isc.sans.org/diary.html?storyid=7462
ComicMaster Unspecified Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3036
Bftpd Packets Processing Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3032
Nebula3 Remote SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/3031
MetaForum Ajax Handling Security Bypass and Information Disclosure
http://www.vupen.com/english/advisories/2009/3030
urlShort Remote SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/3029
Tin Can Jukebox Unspecified Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3028
RunCms "pid" and "forum" Parameters SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2009/3027
Pegasus Mail POP3 Error Message Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3026
Eureka Email POP3 Error Message Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3025
Sun Java System Web Server Unspecified Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3024
Perl UTF-8 Regular Expression Evaluation Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3023
HTML-Parser "decode_entities()" Function Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3022
RHBA-2009:1523-1: evolution28-gtk2 bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1523.html
RHBA-2009:1524-1: device-mapper-multipath bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1524.html
IBM Rational AppScan Help Pages Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36734
Citrix XenCenterWeb Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/35592
phpMyAdmin SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/36658
NOS getPlus Download Manager Insecure File Permissions Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35740
Adobe Reader and Acrobat Compact Font Format Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36667
Adobe Reader and Acrobat (CVE-2009-2992) ActiveX Control Denial of Service Vulnerability
http://www.securityfocus.com/bid/36695
Adobe Reader and Acrobat (CVE-2009-2994) Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36689
Adobe Reader and Acrobat COM Objects Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36668
Adobe Reader and Acrobat Malformed U3D Data Pointer Dereference Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36678
Adobe Reader and Acrobat JavaScript Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36683
Adobe Acrobat Integer Overflow Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36694
Adobe Reader and Acrobat Certificate Modification Vulnerability
http://www.securityfocus.com/bid/36688
Adobe Acrobat Stack Exhaustion Denial of Service Vulnerability
http://www.securityfocus.com/bid/35148
Adobe Acrobat Reader Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36600
Adobe Reader and Acrobat Malformed U3D Data Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36671
Adobe Reader and Acrobat 'annots.api' Denial of Service Vulnerability
http://www.securityfocus.com/bid/36682
Adobe Reader and Acrobat U3D File Pointer Overwrite Remote Vulnerability
http://www.securityfocus.com/bid/36677
Adobe Acrobat Integer Overflow Vulnerability
http://www.securityfocus.com/bid/36693
Adobe Reader and Acrobat U3D File Invalid Array Index Remote Vulnerability
http://www.securityfocus.com/bid/36665
Adobe Reader and Acrobat Unspecified Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36687
Adobe Reader and Acrobat Trust Manager Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/36692
Adobe Reader and Acrobat JavaScript Collab Object Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36681
Adobe Reader Plugin Open Parameters Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/21858
Adobe Reader and Acrobat 'AcroPDF.dll' ActiveX Control Denial of Service Vulnerability
http://www.securityfocus.com/bid/36680
Adobe Acrobat Image Decoder Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36691
Adobe Reader and Acrobat File Extension Controls Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/36697
Adobe Acrobat Reader Firefox Plugin Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36669
Adobe Reader and Acrobat Multiple Unspecified Heap-Based Overflow Vulnerabilities
http://www.securityfocus.com/bid/36690
Adobe Reader and Acrobat for Unix Debug Mode Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36696
squidGuard Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/36800
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36314
PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35440
Newt Text Box Content Processing Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36515
Ruby on Rails Form Helpers Unicode String Handling Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36278
EMC RepliStor Server 'rep_serv.exe' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36738
TBmnetCMS 'content' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36733
Opial Multiple Vulnerabilities
http://www.securityfocus.com/bid/35641
Websense Email Security Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/36741
Websense Email Security and Email Manager 'STEMWADM.EXE' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36740
Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723
mimeTeX Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36632
mimeTeX Multiple Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36631
KDE KSSL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36229
ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36804
CamlImages JPEG Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36713
CamlImages Image Parsing Multiple Heap Overflow Vulnerabilities
http://www.securityfocus.com/bid/35999
Smarty Template Engine 'function.math.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34918
Smarty Template Engine 'Smarty_Compiler.class.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/31862
Joomla! 'com_photoblog' Component 'category' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36809
Joomla! 'com_jshop' Component 'pid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36808
Oracle Database Text Component 'ctxsys.drvxtabc.create_tables' Remote SQL Injection Vulnerability
http://www.securityfocus.com/bid/36748
Sun OpenSolaris Kernel Panic Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36819
Samba setuid 'mount.cifs' Verbose Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36572
Samba Oplock Break Notification Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36573
Samba Misconfigured '/etc/passwd' File Security Bypass Vulnerability
http://www.securityfocus.com/bid/36363
Novell eDirectory '/dhost/modules?L:' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36815
Snort Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/36795
Sun OpenSolaris Unspecified Local Security Vulnerability
http://www.securityfocus.com/bid/36818
Adobe Reader and Acrobat Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/36664
Adobe Reader and Acrobat XMP-XML Entity Expansion Denial of Service Vulnerability
http://www.securityfocus.com/bid/36686
Apache 'mod_proxy' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35565
Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35949
Microsoft Windows Media Runtime 'wmspdmod.dll' Speech Codec Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36614
Microsoft SharePoint Team Services Download Feature Source Code Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36817
Apache 'mod_deflate' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35623
Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
http://www.securityfocus.com/bid/35115
Apache mod_proxy_ftp Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/36254
Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36260
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32608
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
Sun Java System Web Server Unspecified Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36813
Asterisk Missing ACL Check Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/36821
RunCMS 'forum' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36816
Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36814
Perl UTF-8 Regular Expression Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36812
~事例で学ぶ中小企業のためのセキュリティ対策~
http://www.ipa.go.jp/security/vuln/documents/2009/200910_5mins_point.html
プレス発表
「中小企業における情報セキュリティ対策の実施状況等調査」報告書を公開
http://www.ipa.go.jp/about/press/20091027.html
JVNVU#943657 複数の TCP の実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU943657/index.html
JVN#75368899 IPv6 を実装した複数の製品にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN75368899/index.html
JVNDB-2009-002150 Oracle Application Server の Oracle Internet Directory コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002150.html
JVNDB-2009-002149 Oracle Application Server の Oracle JDeveloper コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002149.html
JVNDB-2009-002148 Oracle Application Server および E-Business Suite の Oracle Forms コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002148.html
JVNDB-2009-002147 Oracle Application Server の Oracle BPEL Worklist Application コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002147.html
JVNDB-2009-002146 Oracle Application Server および E-Business Suite における Oracle Jinitiato コンポーネントに関連する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002146.html
JVNDB-2009-002079 Linux kernel の execve 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002079.html
JVNDB-2009-002078 Linux kernel の do_sigaltstack 関数における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002078.html
JVNDB-2009-002147 Oracle Application Server の Oracle BPEL Worklist Application コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002147.html
JVNDB-2009-002146 Oracle Application Server および E-Business Suite における Oracle Jinitiato コンポーネントに関連する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002146.html
JVNDB-2009-002079 Linux kernel の execve 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002079.html
JVNDB-2009-002078 Linux kernel の do_sigaltstack 関数における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002078.html
JVNDB-2009-001172 SystemTap における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001172.html
JVNDB-2009-001129 PostgreSQL のエラーメッセージの変換処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001129.html
JVNDB-2008-000018 Namazu におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000018.html
Social Engineering in Real-World Computer Attacks
http://isc.sans.org/diary.html?storyid=7465
Asterisk SIP INVITE ACL Can Be Bypassed By Remote Users
http://securitytracker.com/alerts/2009/Oct/1023080.html
squidGuard Buffer Overflow Lets Remote Users Bypass URL Filtering
http://securitytracker.com/alerts/2009/Oct/1023079.html
Novell eDirectory Buffer Overflow in 'dhost' Lets Remote Authenticated Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Oct/1023078.html
Perl UTF-8 Regex Processing Bug Lets Users Deny Service
http://securitytracker.com/alerts/2009/Oct/1023077.html
AST-2009-007: ACL not respected on SIP INVITE
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00239.html
+ Perl UTF-8 Denial of Service Vulnerability
http://secunia.com/advisories/37144/
http://www.vupen.com/english/advisories/2009/3023
http://www.securityfocus.com/bid/36812
[ANNOUNCE] PostgreSQL 8.5alpha2 Now Available
http://www.postgresql.org/about/news.1152
http://www.postgresql.org/ftp/source/8.5alpha2/
[ntp:announce] NTP 4.2.5p237-RC Released
http://www.ntp.org/downloads.html
SuSE : acroread, acroread_ja
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30725
SuSE : Apache and libapr
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30726
Debian : New phpmyadmin packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30730
Debian : New smarty packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30731
Gentoo Linux : Adobe Reader: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30732
Debian : New kdelibs packages fix SSL certificate verification weakness
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30727
Debian : New mimetex packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30728
Independent Researcher : 6.x and 7.x Multiple Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30737
Debian : New Linux 2.6.26 packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30723
Debian : New advi packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30729
Independent Researcher : Weak password Obfuscation
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30733
Mandriva : Proftpd
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30724
[SECURITY] [DSA-1920-1] New nginx packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00234.html
squidGuard 1.3 & 1.4 : buffer overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00213.html
[DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00222.html
SharePoint 2007 ASP.NET Source Code Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00201.html
[ GLSA 200910-03 ] Adobe Reader: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00220.html
[SECURITY] [DSA 1919-1] New smarty packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00219.html
[SECURITY] [DSA 1918-1] New phpmyadmin packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00218.html
Jetty 6.x and 7.x Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00214.html
RunCms v.2M1 /modules/forum/post.php - forum remote semi-blind SQL Injection Exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00197.html
Novell eDirectory 8.8 SP5 for Windows - Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00195.html
[SECURITY] [DSA 1917-1] New mimetex packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00194.html
[SECURITY] [DSA 1916-1] New kdelibs packages fix SSL certificate verification weakness
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00193.html
[SECURITY] [DSA 1912-2] New advi packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00192.html
[ MDVSA-2009:288 ] proftpd
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00190.html
JVNDB-2009-002144 Apple Xsan におけるユーザ名およびパスワードを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002144.html
HTML-Parser "decode_entities()" Denial of Service
http://secunia.com/advisories/37155/
SUSE update for apache2 and libapr1
http://secunia.com/advisories/37152/
SUSE Update for Multiple Packages
http://secunia.com/advisories/37151/
Debian update for advi
http://secunia.com/advisories/37150/
SUSE update for acroread and acroread_ja
http://secunia.com/advisories/37149/
Debian update for mimetex
http://secunia.com/advisories/37146/
Debian update for kdelibs
http://secunia.com/advisories/37145/
Perl UTF-8 Denial of Service Vulnerability
http://secunia.com/advisories/37144/
Gentoo update for acroread
http://secunia.com/advisories/37141/
Debian update for smarty
http://secunia.com/advisories/37140/
Debian update for phpmyadmin
http://secunia.com/advisories/37139/
RunCms "pid" SQL Injection Vulnerability
http://secunia.com/advisories/37137/
Pegasus Mail POP3 Error Buffer Overflow Vulnerability
http://secunia.com/advisories/37134/
Eureka Email POP3 Error Buffer Overflow Vulnerability
http://secunia.com/advisories/37132/
ProFTPD SSL Certificate NULL Character Processing Security Issue
http://secunia.com/advisories/37131/
Debian update for linux-2.6
http://secunia.com/advisories/37121/
Sun Java System Web Server Unspecified Buffer Overflow
http://secunia.com/advisories/37115/
vBulletin Cross Site Scripting Vulnerability
http://www.securiteam.com/unixfocus/6Y00O1PPPU.html
Poppler and Xpdf Integer Overflow Vulnerability
http://www.securiteam.com/unixfocus/6W00M1PPPQ.html
Avast! Local Privilege Escalation and DoS Vulnerabilities
http://www.securiteam.com/unixfocus/6V00L1PPPO.html
OSSIM Multiple Vulnerabilities
http://www.securiteam.com/unixfocus/6V00L1PPPO.html
Snort 2.8.5.1 Release
http://vrt-sourcefire.blogspot.com/2009/10/snort-2851-release.html
Web honeypot Update
http://isc.sans.org/diary.html?storyid=7456
Today: ISC Login bugfix day. If you have issues logging in using OpenID, please email a copy of your OpenID URL to jullrich\at\sans.edu
http://isc.sans.org/diary.html?storyid=7459
Cyber Security Awareness Month - Day 26 port1433/1434 MSSQL
http://isc.sans.org/diary.html?storyid=7462
ComicMaster Unspecified Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3036
Bftpd Packets Processing Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3032
Nebula3 Remote SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/3031
MetaForum Ajax Handling Security Bypass and Information Disclosure
http://www.vupen.com/english/advisories/2009/3030
urlShort Remote SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/3029
Tin Can Jukebox Unspecified Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3028
RunCms "pid" and "forum" Parameters SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2009/3027
Pegasus Mail POP3 Error Message Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3026
Eureka Email POP3 Error Message Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3025
Sun Java System Web Server Unspecified Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3024
Perl UTF-8 Regular Expression Evaluation Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3023
HTML-Parser "decode_entities()" Function Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3022
RHBA-2009:1523-1: evolution28-gtk2 bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1523.html
RHBA-2009:1524-1: device-mapper-multipath bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1524.html
IBM Rational AppScan Help Pages Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36734
Citrix XenCenterWeb Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/35592
phpMyAdmin SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/36658
NOS getPlus Download Manager Insecure File Permissions Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35740
Adobe Reader and Acrobat Compact Font Format Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36667
Adobe Reader and Acrobat (CVE-2009-2992) ActiveX Control Denial of Service Vulnerability
http://www.securityfocus.com/bid/36695
Adobe Reader and Acrobat (CVE-2009-2994) Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36689
Adobe Reader and Acrobat COM Objects Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36668
Adobe Reader and Acrobat Malformed U3D Data Pointer Dereference Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36678
Adobe Reader and Acrobat JavaScript Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36683
Adobe Acrobat Integer Overflow Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36694
Adobe Reader and Acrobat Certificate Modification Vulnerability
http://www.securityfocus.com/bid/36688
Adobe Acrobat Stack Exhaustion Denial of Service Vulnerability
http://www.securityfocus.com/bid/35148
Adobe Acrobat Reader Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36600
Adobe Reader and Acrobat Malformed U3D Data Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36671
Adobe Reader and Acrobat 'annots.api' Denial of Service Vulnerability
http://www.securityfocus.com/bid/36682
Adobe Reader and Acrobat U3D File Pointer Overwrite Remote Vulnerability
http://www.securityfocus.com/bid/36677
Adobe Acrobat Integer Overflow Vulnerability
http://www.securityfocus.com/bid/36693
Adobe Reader and Acrobat U3D File Invalid Array Index Remote Vulnerability
http://www.securityfocus.com/bid/36665
Adobe Reader and Acrobat Unspecified Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36687
Adobe Reader and Acrobat Trust Manager Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/36692
Adobe Reader and Acrobat JavaScript Collab Object Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36681
Adobe Reader Plugin Open Parameters Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/21858
Adobe Reader and Acrobat 'AcroPDF.dll' ActiveX Control Denial of Service Vulnerability
http://www.securityfocus.com/bid/36680
Adobe Acrobat Image Decoder Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36691
Adobe Reader and Acrobat File Extension Controls Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/36697
Adobe Acrobat Reader Firefox Plugin Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36669
Adobe Reader and Acrobat Multiple Unspecified Heap-Based Overflow Vulnerabilities
http://www.securityfocus.com/bid/36690
Adobe Reader and Acrobat for Unix Debug Mode Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36696
squidGuard Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/36800
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36314
PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35440
Newt Text Box Content Processing Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36515
Ruby on Rails Form Helpers Unicode String Handling Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36278
EMC RepliStor Server 'rep_serv.exe' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36738
TBmnetCMS 'content' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36733
Opial Multiple Vulnerabilities
http://www.securityfocus.com/bid/35641
Websense Email Security Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/36741
Websense Email Security and Email Manager 'STEMWADM.EXE' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36740
Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723
mimeTeX Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36632
mimeTeX Multiple Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36631
KDE KSSL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36229
ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36804
CamlImages JPEG Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36713
CamlImages Image Parsing Multiple Heap Overflow Vulnerabilities
http://www.securityfocus.com/bid/35999
Smarty Template Engine 'function.math.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34918
Smarty Template Engine 'Smarty_Compiler.class.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/31862
Joomla! 'com_photoblog' Component 'category' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36809
Joomla! 'com_jshop' Component 'pid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36808
Oracle Database Text Component 'ctxsys.drvxtabc.create_tables' Remote SQL Injection Vulnerability
http://www.securityfocus.com/bid/36748
Sun OpenSolaris Kernel Panic Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36819
Samba setuid 'mount.cifs' Verbose Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36572
Samba Oplock Break Notification Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36573
Samba Misconfigured '/etc/passwd' File Security Bypass Vulnerability
http://www.securityfocus.com/bid/36363
Novell eDirectory '/dhost/modules?L:' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36815
Snort Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/36795
Sun OpenSolaris Unspecified Local Security Vulnerability
http://www.securityfocus.com/bid/36818
Adobe Reader and Acrobat Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/36664
Adobe Reader and Acrobat XMP-XML Entity Expansion Denial of Service Vulnerability
http://www.securityfocus.com/bid/36686
Apache 'mod_proxy' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35565
Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35949
Microsoft Windows Media Runtime 'wmspdmod.dll' Speech Codec Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36614
Microsoft SharePoint Team Services Download Feature Source Code Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36817
Apache 'mod_deflate' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35623
Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
http://www.securityfocus.com/bid/35115
Apache mod_proxy_ftp Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/36254
Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36260
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32608
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
Sun Java System Web Server Unspecified Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36813
Asterisk Missing ACL Check Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/36821
RunCMS 'forum' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36816
Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36814
Perl UTF-8 Regular Expression Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36812
登録:
投稿 (Atom)