Microsoft Security Advisory (973811): Extended Protection for Authentication
http://www.microsoft.com/technet/security/advisory/973811.mspx
JVN#23108985 複数のサイボウズ製品におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN23108985/index.html
JVNTA09-286A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA09-286A/index.html
JVNTA09-286B Adobe Reader および Acrobat における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA09-286B/index.html
Cisco Unified Presence Can Be Affected By TCP Flooding Attacks
http://securitytracker.com/alerts/2009/Oct/1023018.html
JVNDB-2009-000067 複数のサイボウズ製品におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000067.html
JVNDB-2009-002098 Adobe RoboHelp Server における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002098.html
JVNDB-2009-002097 Sun Solaris の xscreensaver におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002097.html
JVNDB-2009-002096 Sun Solaris の xscreensaver におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002096.html
JVNDB-2009-002095 fetchmail における任意の SSL サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002095.html
+ Solution 267031: Heap Overflow in a Regular Expression Parser in Network Security Services (NSS) may Affect SSL Clients (CVE-2009-2404)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-267031-1
http://secunia.com/advisories/37032/
http://www.vupen.com/english/advisories/2009/2908
+ Xpdf 3.02pl4 was released
http://www.foolabs.com/xpdf/CHANGES
+ Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36379
[ntp:announce] NTP 4.2.5p232-RC Released
http://www.ntp.org/downloads.html
PSN-2009-10-552: Juniper Security Advisory: Steel-Belted Radius EAP-FAST Authentication Succeeds with Incorrect Password
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2009-10-552&viewMode=view
Solution 200196: Security Vulnerability in RSA Signature Verification Impacting Multiple SUN Products
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200196-1
Solution 269008: Multiple Security Vulnerabilities in the JBIG2 Decoder in the OpenSolaris GNOME PDF Viewer may Lead to Execution of Arbitrary Code
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269008-1
Solution 268448: Multiple Security Vulnerabilities in Firefox Versions Before 3.5.3 May Allow Execution of Arbitrary Code, Access to Unauthorized Data, or Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-268448-1
Aqua Data Studio 8.0 released
http://www.postgresql.org/about/news.1148
Lightning Admin for PostgreSQL version 1.5 build 121 released
http://www.postgresql.org/about/news.1146
Jitterbit 3.0 GA Now Available
http://www.postgresql.org/about/news.1147
pgDesigner 1.2.16 Released
http://www.postgresql.org/about/news.1145
PostgresDAC: Delphi/C++Builder 2010 (Weaver) support added!
http://www.postgresql.org/about/news.1143
MySQL 5.1.40 (Not yet released)
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-40.html
Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20091014-cup.shtml
Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco Unified Presence Denial of Service Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-amb-20091014-cup.shtml
Debian : New samba packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30627
Fortinet : Multiple Vulnerabilities in Adobe Acrobat / Reader
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30647
Independent Researcher : Everfocus EDSR remote authentication bypass
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30648
Independent Researcher : Windows GDI+ TIFF memory corruption
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30653
Independent Researcher : Windows Media Audio Voice remote code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30654
Mandriva : samba
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30625
Red Hat : Critical: acroread security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30628
Red Hat : Moderate: java-1.4.2-ibm security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30629
Secunia : Microsoft Office BMP Image Colour Handling Integer Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30649
Ubuntu Security Notice : Zope vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30626
Bonsai : XSS in Achievo - Customized XSS payload included
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30633
Bonsai : SQL Injection in Achievo
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30634
MSが「緊急」パッチを多数公開、すべてのWindowsユーザーが対象
セキュリティ情報は「過去最大級」の13件、ゼロデイ攻撃対処のパッチも
http://itpro.nikkeibp.co.jp/article/NEWS/20091015/338851/?ST=security
Adobe ReaderやAcrobatに危険な脆弱性が多数、すぐにアップデートを
最新版では脆弱性を29件修正、すべてのプラットフォームが対象
http://itpro.nikkeibp.co.jp/article/NEWS/20091015/338857/?ST=security
Adobe Reader 及び Acrobat の脆弱性に関する注意喚起
http://www.jpcert.or.jp/at/2009/at090021.txt
JVNTA09-286B Adobe Reader および Acrobat における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA09-286B/index.html
JVNTA09-286A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA09-286A/index.html
[ MDVSA-2009:278 ] compiz-fusion-plugins-main
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00117.html
[USN-848-1] Zope vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00116.html
Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00115.html
Secunia Research: Microsoft Office BMP Image Colour Handling Integer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00112.html
[ MDVSA-2009:277 ] samba
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00113.html
Windows GDI+ TIFF memory corruption
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00107.html
Windows Media Audio Voice remote code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00109.html
[SECURITY] [DSA 1908-1] New samba packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00108.html
[AntiSnatchOr] Eclipse BIRT <= 2.2.1 Reflected XSS http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00111.html
[AntiSnatchOr] Pentaho Bi-server multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00110.html
Cyber Security Awareness Month - Day 14 - port 514 - syslog
http://isc.sans.org/diary.html?storyid=7351
Odd Apache/MSIE issue with downloads from ISC
http://isc.sans.org/diary.html?storyid=7354
New variation of SSL Spam
http://isc.sans.org/diary.html?storyid=7357
Check your email servers - blackholes.us DNSBL is dead
http://isc.sans.org/diary.html?storyid=7360
KonaKart "__report" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37036/
Achievo Script Insertion and SQL Injection Vulnerabilities
http://secunia.com/advisories/37035/
Sun Solaris and Java Enterprise System Network Security Services Vulnerability
http://secunia.com/advisories/37032/
SUSE Update for Multiple Packages
http://secunia.com/advisories/37031/
Fedora update for dopewars
http://secunia.com/advisories/37030/
Fedora update for drupal-service_links
http://secunia.com/advisories/37029/
Debian update for samba
http://secunia.com/advisories/37026/
Eclipse BIRT "__report" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37025/
Fedora update for dnsmasq
http://secunia.com/advisories/37022/
phpMyAdmin Script Insertion and SQL Injection Vulnerabilities
http://secunia.com/advisories/37016/
Achievo Flaws Permit Cross-Site Scripting, SQL Injection, and Include File Attacks
http://securitytracker.com/alerts/2009/Oct/1023017.html
Skype Unspecified Flaw in Extras Manager Has Unspecified Impact
http://securitytracker.com/alerts/2009/Oct/1023016.html
Sun Solaris and JES Network Security Services Buffer Overflow Issue
http://www.vupen.com/english/advisories/2009/2908
phpMyAdmin SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/2899
RHBA-2009:1498-1: v7 bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1498.html
Adobe Acrobat Integer Overflow Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36694
Adobe Reader and Acrobat 'annots.api' Denial of Service Vulnerability
http://www.securityfocus.com/bid/36682
Adobe Acrobat Integer Overflow Vulnerability
http://www.securityfocus.com/bid/36693
Adobe Reader and Acrobat Trust Manager Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/36692
Adobe Reader and Acrobat Multiple Unspecified Heap-Based Overflow Vulnerabilities
http://www.securityfocus.com/bid/36690
Adobe Acrobat Image Decoder Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36691
Adobe Reader and Acrobat (CVE-2009-2994) Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36689
Adobe Reader and Acrobat Certificate Modification Vulnerability
http://www.securityfocus.com/bid/36688
Adobe Reader and Acrobat XMP-XML Entity Expansion Denial of Service Vulnerability
http://www.securityfocus.com/bid/36686
Adobe Reader and Acrobat 'AcroPDF.dll' ActiveX Control Denial of Service Vulnerability
http://www.securityfocus.com/bid/36680
Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36379
Microsoft GDI+ CCITT G4 TIFF File Processing Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36647
Microsoft GDI+ PNG File Integer Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36649
Microsoft GDI+ PNG File Processing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36645
Microsoft GDI+ TIFF File Processing 'BitsPerSample' Tag Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36646
Microsoft GDI+ .NET Framework Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36648
Adobe Reader and Acrobat Unspecified Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36687
Microsoft GDI+ WMF File Processing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36619
Adobe Reader and Acrobat U3D File Invalid Array Index Remote Vulnerability
http://www.securityfocus.com/bid/36665
RETIRED: Adobe Reader and Acrobat October 2009 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/36638
Adobe Reader and Acrobat Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/36664
RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/36633
Adobe Reader and Acrobat Malformed U3D Data Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36671
Adobe Acrobat Reader Firefox Plugin Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36669
Adobe Reader and Acrobat U3D File Pointer Overwrite Remote Vulnerability
http://www.securityfocus.com/bid/36677
Adobe Reader and Acrobat Compact Font Format Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36667
Adobe Acrobat Reader Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36600
Adobe Reader and Acrobat Malformed U3D Data Pointer Dereference Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36678
Adobe Reader and Acrobat COM Objects Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36668
Adobe Acrobat Stack Exhaustion Denial of Service Vulnerability
http://www.securityfocus.com/bid/35148
Adobe Reader and Acrobat JavaScript Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36683
Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35263
Apache Tomcat XML Parser Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35416
Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
http://www.securityfocus.com/bid/35193
Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
http://www.securityfocus.com/bid/35196
Adobe Reader and Acrobat JavaScript Collab Object Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36681
Compiz Fusion 'Expo' Plugin Security Bypass Vulnerability
http://www.securityfocus.com/bid/32712
Cisco Unified Presence Track Network Connection Denial of Service Vulnerability
http://www.securityfocus.com/bid/36676
Cisco Unified Presence TimesTenD Process Denial of Service Vulnerability
http://www.securityfocus.com/bid/36675
Microsoft Windows LSASS NTLM Implementation Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36593
Microsoft GDI+ Malformed Office Object Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36650
Microsoft Windows Kernel NULL Pointer Dereference Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36624
Microsoft Windows Kernel Integer Underflow Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36623
Microsoft GDI+ Malformed Office BMP File Integer Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36651
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32608
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
Microsoft Internet Explorer 'writing-mode' Uninitialized Memory Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36616
Microsoft Windows Media Runtime 'wmspdmod.dll' Speech Codec Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36614
Zope Object Database ZEO Network Protocol Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/35987
Microsoft Internet Explorer 'Event' Object Copy Constructor Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36620
Microsoft Internet Explorer 'deflate' HTTP Content Encoding Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36622
Samba setuid 'mount.cifs' Verbose Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36572
Samba Misconfigured '/etc/passwd' File Security Bypass Vulnerability
http://www.securityfocus.com/bid/36363
Samba Oplock Break Notification Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36573
Microsoft Internet Explorer HTML Component Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36621
eEye Retina WiFi Scanner '.rws' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35624
Mozilla Firefox MFSA 2009-47, -48, -49, -50, -51 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36343
Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36299
GNU 'w(1)' Utility Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36369
IBM Informix Products Setnet32 Utility '.nfx' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36588
Microsoft Windows Media Runtime File Compression Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36602
Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35891
Xpdf JBIG2 Processing Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34568
FreeBSD 'devfs' and 'VFS' Interaction NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36587
Sun VirtualBox VBoxNetAdpCtl Configuration Tool Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36604
Zlib Compression Library Decompression Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/14340
Ruby on Rails Form Helpers Unicode String Handling Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36278
Drupal Service Links Component Content Type Names HTML Injection Vulnerability
http://www.securityfocus.com/bid/36584
Dnsmasq TFTP Service Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36121
Dnsmasq TFTP Service Remote NULL-Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36120
Dopewars Server 'REQUESTJET' Message Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36606
Drupal RealName Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/36699
Drupal Organic Groups Vocabulary Module Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/36685
Drupal Shibboleth Authentication Module Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/36684
Eclipse BIRT 'run?__report' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36674
Foxit Reader COM Objects Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36673
Pentaho BI Multiple Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36672
0 件のコメント:
コメントを投稿