+ MySQL 5.0.87 released
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-87.html
海外情報セキュリティ関連文書の翻訳・調査研究(NIST文書など)
http://www.ipa.go.jp/security/publications/nist/index.html
JPCERT/CC WEEKLY REPORT
http://www.jpcert.or.jp/wr/2009/wr094001.html
JVNDB-2009-002124 Apple iPhone OS の WebKit コンポーネントにおける情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002124.html
JVNDB-2009-002123 Apple iPhone OS の UIKit コンポーネントにおける情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002123.html
JVNDB-2009-002122 Apple iPhone OS の Telephony コンポーネントにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002122.html
JVNDB-2009-002121 Apple iPhone OS のリカバリモードコンポーネントにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002121.html
JVNDB-2009-002120 Apple iPhone OS の MobileMail コンポーネントにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002120.html
JVNDB-2009-002119 Apple iPhone OS の Exchange サポートコンポーネントにおける Microsoft Exchange 制限を回避可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002119.html
JVNDB-2009-002118 Apple iPhone OS の CoreAudio コンポーネントにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002118.html
WordPress Hardening
http://isc.sans.org/diary.html?storyid=7414
WASC 2008 Statistics
http://isc.sans.org/diary.html?storyid=7411
FormMax Import File Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/36943/
Oracle PeopleSoft Enterprise Human Capital Management CVE-2009-3409 Remote Vulnerability
http://www.securityfocus.com/bid/36776
Oracle Communications Order and Service Management CVE-2009-1998 Remote Vulnerability
http://www.securityfocus.com/bid/36775
Oracle PeopleSoft PeopleTools & Enterprise Portal CVE-2009-3404 Remote Vulnerability
http://www.securityfocus.com/bid/36773
Oracle JD Edwards Tools CVE-2009-3405 Remote JD Edwards Tools Vulnerability
http://www.securityfocus.com/bid/36772
Oracle WebLogic Portal CVE-2009-2002 Remote Unspecified Vulnerability
http://www.securityfocus.com/bid/36774
Oracle Weblogic Server CVE-2009-3399 Remote WebLogic Server Vulnerability
http://www.securityfocus.com/bid/36769
Oracle E-Business Suite CVE-2009-3400 Oracle Advanced Benefits Unspecified Vulnerability
http://www.securityfocus.com/bid/36767
Oracle WebLogic Server CVE-2009-3396 Remote WebLogic Server Vulnerability
http://www.securityfocus.com/bid/36766
Oracle Database CVE-2009-1018 Workspace Manager Unspecified Vulnerability
http://www.securityfocus.com/bid/36765
Oracle Database CVE-2009-1972 Remote Auditing Vulnerability
http://www.securityfocus.com/bid/36758
Oracle E-Business Suite CVE-2009-3408 Remote Oracle Application Object Library Vulnerability
http://www.securityfocus.com/bid/36763
Oracle E-Business Suite CVE-2009-3402 Remote Oracle Applications Framework Vulnerability
http://www.securityfocus.com/bid/36764
RETIRED: Oracle October 2009 Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/36711
Oracle Database CVE-2009-1971 Remote Data Pump Vulnerability
http://www.securityfocus.com/bid/36754
Oracle E-Business Suite CVE-2009-3397 Remote Oracle Application Object Library Vulnerability
http://www.securityfocus.com/bid/36762
Oracle E-Business Suite CVE-2009-3395 Remote AutoVue Vulnerability
http://www.securityfocus.com/bid/36761
Oracle E-Business Suite CVE-2009-3393 Remote Oracle Application Object Library Vulnerability
http://www.securityfocus.com/bid/36757
Oracle Database CVE-2009-1007 Remote Data Mining Vulnerability
http://www.securityfocus.com/bid/36750
Oracle Database CVE-2009-1993 Application Express Unspecified Vulnerability
http://www.securityfocus.com/bid/36759
Oracle Database CVE-2009-1964 Remote Workspace Manager Vulnerability
http://www.securityfocus.com/bid/36755
Oracle Database CVE-2009-2000 Remote Authentication Vulnerability
http://www.securityfocus.com/bid/36756
Oracle Application Server CVE-2009-3407 Remote Portal Vulnerability
http://www.securityfocus.com/bid/36753
+ ProFTPD 1.3.2b released
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2b
+ Oracle Critical Patch Update Advisory - October 2009
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html
Apache MINA 2.0.0-RC1 released
https://issues.apache.org/jira/secure/IssueNavigator.jspa?reset=true&pid=10670&fixfor=12313865
ISC BIND 9.7.0b1 is now available
http://ftp.isc.org/isc/bind9/9.7.0b1/9.7.0b1
[ProFTPD-announce] ProFTPD 1.3.2b released
ftp://ftp.proftpd.org/distrib/source
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2b
[ProFTPD-announce] ProFTPD 1.3.3rc2 released
ftp://ftp.proftpd.org/distrib/source
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.3rc2
SUN ALERT WEEKLY SUMMARY REPORT - Week of 11-Oct-2009 to 17-Oct-2009
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270489-1
PGDay.EU 2009 - approaching fast!
http://www.postgresql.org/about/news.1151
PgDAC 6.90 released with Support of Embarcadero RAD Studio 2010
http://www.postgresql.org/about/news.1150
Independent Researcher : Boxalino - Directory Traversal Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30690
Mandriva : cups
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30686
Mandriva : cups
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30687
Mandriva : cups
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30688
RHBA-2009:1516-1: cman bug-fix update
http://rhn.redhat.com/errata/RHBA-2009-1516.html
NSOADV-2009-003: Websense Email Security Cross Site Scripting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00152.html
NSOADV-2009-002: Websense Email Security Web Administrator DoS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00151.html
[ MDVSA-2009:284 ] gd
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00150.html
South River Technologies WebDrive Service Bad Security Descriptor Local Elevation Of Privileges
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00149.html
EMC RepliStor Server (rep_serv.exe) 6.3.1.3 remote denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00147.html
[CVE-2009-1479] Boxalino - Directory Traversal Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00146.html
Overland Guardian OS CLI command line bug - let you get uid 0 shell
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00142.html
[ MDVSA-2009:283 ] cups
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00143.html
[ MDVSA-2009:282 ] cups
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00148.html
[ MDVSA-2009:281 ] cups
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00145.html
[ MDVSA-2009:280 ] cups
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00144.html
猛威を振るう「偽ソフト」、1年間の報告件数は4300万件以上
米シマンテックがレポートを公表、「今までに250種類以上を検出」
http://itpro.nikkeibp.co.jp/article/NEWS/20091021/339164/?ST=security
マイクロソフト社を騙るマルウエア添付メールに関する注意喚起
http://www.jpcert.or.jp/at/2009/at090022.txt
Cyber Security Awareness Month - Day 20 - Ports 5060 & 5061 - SIP (VoIP)
http://isc.sans.org/diary.html?storyid=7405
Oracle Critical Patch Update (CPU) - October 2009
http://isc.sans.org/diary.html?storyid=7408
TYPO3 Random Images Extension Command Execution Vulnerability
http://secunia.com/advisories/37095/
TYPO3 freeCap CAPTCHA Extension Unspecified Session Handling Security Issue
http://secunia.com/advisories/37094/
IBM Rational AppScan Help Pages Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37093/
TYPO3 phpMyAdmin Extension Script Insertion and SQL Injection
http://secunia.com/advisories/37089/
Joomla AjaxChat Component File Inclusion Vulnerability
http://secunia.com/advisories/37087/
Piwik Arbitrary File Creation Vulnerability
http://secunia.com/advisories/37078/
EMC Documentum ApplicationXtender Admin Agent Two Vulnerabilities
http://secunia.com/advisories/37070/
ACCESSGUARDIAN Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37045/
Blue Coat ProxySG TCP Implementation Denial of Service Vulnerabilities
http://secunia.com/advisories/37044/
Pentaho BI Server "outputType" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37024/
Blue Coat Director TCP Implementation Denial of Service Vulnerability
http://secunia.com/advisories/35493/
Oracle BEA WebLogic Server and Portal Bugs Let Remote Authenticated Users Modify Data
http://securitytracker.com/alerts/2009/Oct/1023062.html
Oracle PeopleSoft PeopleTools Bugs Let Remote Authenticated Users Access and Modify Data and Cause Denial of Service Conditions
http://securitytracker.com/alerts/2009/Oct/1023061.html
Oracle Communications Order and Service Management Bug Lets Remote Authenticated Users Access and Modify Data
http://securitytracker.com/alerts/2009/Oct/1023060.html
Oracle E-Business Suite Bugs Let Remote Users Access and Modify Data and Cause Denial of Service Conditions
http://securitytracker.com/alerts/2009/Oct/1023059.html
Oracle Application Server Bugs Let Remote Users Modify Data and Let Local Users Access Data
http://securitytracker.com/alerts/2009/Oct/1023058.html
Oracle Database Flaws Let Remote Users Take Fully Control of the Database or System
http://securitytracker.com/alerts/2009/Oct/1023057.html
3Com OfficeConnect Router Default User Accounts Let Remote Users Execute Commands
http://securitytracker.com/alerts/2009/Oct/1023051.html
McKesson Horizon Products Use Hardcoded Database Passwords That May Allow Remote Users to Access the System
http://securitytracker.com/alerts/2009/Oct/1023050.html
IBM Rational AppScan Help Pages Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2974
ACCESSGUARDIAN Unspecified Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2973
Pentaho BI Server "outputType" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2972
PHPCMS2008 "f" Parameter Arbitrary File Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/2971
JD-WordPress for Joomla "mosConfig_absolute_path" Inclusion Issue
http://www.vupen.com/english/advisories/2009/2970
BookLibrary for Joomla "mosConfig_absolute_path" Inclusion Vulnerability
http://www.vupen.com/english/advisories/2009/2969
Ajax Chat for Joomla "mosConfig_absolute_path" Inclusion Vulnerability
http://www.vupen.com/english/advisories/2009/2968
AMIRO CMS Multiple Parameter and Tag Cross Site Scripting Issues
http://www.vupen.com/english/advisories/2009/2967
Piwik "ofc_upload_image.php" Arbitrary File Creation Vulnerability
http://www.vupen.com/english/advisories/2009/2966
3Com OfficeConnect Command Injection and Default Credentials Issues
http://www.vupen.com/english/advisories/2009/2965
Oracle Database CVE-2009-1991 Remote Oracle Text Vulnerability
http://www.securityfocus.com/bid/36748
Oracle Network Authentication CVE-2009-1979 Unspecified Security Vulnerability
http://www.securityfocus.com/bid/36747
Oracle Database CVE-2009-1995 Remote Advanced Queuing Vulnerability
http://www.securityfocus.com/bid/36752
Oracle Database CVE-2009-1997 Remote Authentication Vulnerability
http://www.securityfocus.com/bid/36751
Oracle Database CVE-2009-1985 Remote Network Authentication Vulnerability
http://www.securityfocus.com/bid/36745
Oracle Business Intelligence Enterprise Edition CVE-2009-1999 Remote Vulnerability
http://www.securityfocus.com/bid/36746
Oracle Database CVE-2009-1994 Remote Oracle Spatial Vulnerability
http://www.securityfocus.com/bid/36744
RETIRED: Oracle October 2009 Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/36711
Oracle Database CVE-2009-1992 Remote Core RDBMS Vulnerability
http://www.securityfocus.com/bid/36742
Oracle Database CVE-2009-2001 Remote PL/SQL Vulnerability
http://www.securityfocus.com/bid/36743
Oracle Agile Engineering Data Management CVE-2009-3392 Remote Vulnerability
http://www.securityfocus.com/bid/36770
Oracle JD Edwards EnterpriseOne CVE-2009-3406 JD Edwards Tools Unspecified Vulnerability
http://www.securityfocus.com/bid/36771
Oracle Database CVE-2009-1965 Remote Net Foundation Layer Vulnerability
http://www.securityfocus.com/bid/36760
Oracle E-Business Suite CVE-2009-3401 Local Oracle Applications Technology Stack Vulnerability
http://www.securityfocus.com/bid/36768
Oracle Business Intelligence Enterprise Edition CVE-2009-1990 Vulnerability
http://www.securityfocus.com/bid/36749
GD Graphics Library '_gdGetColors' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36712
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35671
Sun Java Runtime Environment Unpack200 JAR Unpacking Utility Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35944
Sun Java Runtime Environment Audio System Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35939
Sun Java Runtime Environment Proxy Mechanism Implementation Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/35943
JNLPAppletLauncher Arbitrary File Creation Vulnerability
http://www.securityfocus.com/bid/35946
Sun Java Runtime Environment JPEG Image Handling Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35942
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35888
Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35891
Mozilla Firefox MFSA 2009-47, -48, -49, -50, -51 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36343
Mozilla Firefox Error Page Address Bar URI Spoofing Vulnerability
http://www.securityfocus.com/bid/35803
Mozilla Firefox 3.5.1/3.0.12 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/35927
Wget NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36205
libvorbis OGG Vorbis Processing Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36018
Websense Email Security and Email Manager 'STEMWADM.EXE' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36740
Overland Storage Snap Server 410 'less' Command Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36739
EMC RepliStor Server 'rep_serv.exe' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36738
EMC Documentum ApplicationXtender Admin Agent Multiple Vulnerabilities
http://www.securityfocus.com/bid/36735
TBmnetCMS 'content' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36733
phpMyAdmin SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/36658
PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36314
TCP/IP Protocol Stack Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/31545
Joomla! com_booklibrary Component 'releasenote.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/36732
Joomla! Ajax Chat Component 'ajcuser.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/36731
Joomla! JD-WordPress Component 'wp-feed.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/36730
TYPO3 Random Images Extension Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/36737
TYPO3 freeCap CAPTCHA Module Unspecified Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/36736
Xpdf JBIG2 Processing Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34568
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/34571
CUPS 'cups/ipp.c' NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35169
CUPS Scheduler Directory Services Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35194
CUPS and Xpdf JBIG2 Symbol Dictionary Processing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34791
CUPS PDF File Multiple Heap Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35195
Adobe Acrobat Reader Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36600
IBM Rational AppScan Help Pages Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36734
Cisco IOS Software Tunnels Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/36500
Cisco IOS Software Internet Key Exchange Resource Exhaustion Denial of Service Vulnerability
http://www.securityfocus.com/bid/36497
Cisco IOS Authentication Proxy for HTTP(S) Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/36491
Oracle PeopleSoft Enterprise Human Capital Management CVE-2009-3409 Remote Vulnerability
http://www.securityfocus.com/bid/36776
Oracle Communications Order and Service Management CVE-2009-1998 Remote Vulnerability
http://www.securityfocus.com/bid/36775
Oracle WebLogic Portal CVE-2009-2002 Remote Unspecified Vulnerability
http://www.securityfocus.com/bid/36774
Oracle PeopleSoft PeopleTools & Enterprise Portal CVE-2009-3404 Remote Vulnerability
http://www.securityfocus.com/bid/36773
Oracle JD Edwards Tools CVE-2009-3405 Remote JD Edwards Tools Vulnerability
http://www.securityfocus.com/bid/36772
Oracle Weblogic Server CVE-2009-3399 Remote WebLogic Server Vulnerability
http://www.securityfocus.com/bid/36769
Oracle E-Business Suite CVE-2009-3400 Oracle Advanced Benefits Unspecified Vulnerability
http://www.securityfocus.com/bid/36767
Oracle WebLogic Server CVE-2009-3396 Remote WebLogic Server Vulnerability
http://www.securityfocus.com/bid/36766
Oracle Database CVE-2009-1018 Workspace Manager Unspecified Vulnerability
http://www.securityfocus.com/bid/36765
Oracle E-Business Suite CVE-2009-3402 Remote Oracle Applications Framework Vulnerability
http://www.securityfocus.com/bid/36764
Oracle E-Business Suite CVE-2009-3408 Remote Oracle Application Object Library Vulnerability
http://www.securityfocus.com/bid/36763
Oracle E-Business Suite CVE-2009-3397 Remote Oracle Application Object Library Vulnerability
http://www.securityfocus.com/bid/36762
Oracle E-Business Suite CVE-2009-3395 Remote AutoVue Vulnerability
http://www.securityfocus.com/bid/36761
Oracle Database CVE-2009-1993 Application Express Unspecified Vulnerability
http://www.securityfocus.com/bid/36759
Oracle Database CVE-2009-1972 Remote Auditing Vulnerability
http://www.securityfocus.com/bid/36758
Oracle E-Business Suite CVE-2009-3393 Remote Oracle Application Object Library Vulnerability
http://www.securityfocus.com/bid/36757
Oracle Database CVE-2009-2000 Remote Authentication Vulnerability
http://www.securityfocus.com/bid/36756
Oracle Database CVE-2009-1964 Remote Workspace Manager Vulnerability
http://www.securityfocus.com/bid/36755
Oracle Database CVE-2009-1971 Remote Data Pump Vulnerability
http://www.securityfocus.com/bid/36754
Oracle Application Server CVE-2009-3407 Remote Portal Vulnerability
http://www.securityfocus.com/bid/36753
Oracle Database CVE-2009-1007 Remote Data Mining Vulnerability
http://www.securityfocus.com/bid/36750
Websense Email Security Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/36741
0 件のコメント:
コメントを投稿