「5分でできる!情報セキュリティポイント学習」ツールを公開
~事例で学ぶ中小企業のためのセキュリティ対策~
http://www.ipa.go.jp/security/vuln/documents/2009/200910_5mins_point.html
プレス発表
「中小企業における情報セキュリティ対策の実施状況等調査」報告書を公開
http://www.ipa.go.jp/about/press/20091027.html
JVNVU#943657 複数の TCP の実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU943657/index.html
JVN#75368899 IPv6 を実装した複数の製品にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN75368899/index.html
JVNDB-2009-002150 Oracle Application Server の Oracle Internet Directory コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002150.html
JVNDB-2009-002149 Oracle Application Server の Oracle JDeveloper コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002149.html
JVNDB-2009-002148 Oracle Application Server および E-Business Suite の Oracle Forms コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002148.html
JVNDB-2009-002147 Oracle Application Server の Oracle BPEL Worklist Application コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002147.html
JVNDB-2009-002146 Oracle Application Server および E-Business Suite における Oracle Jinitiato コンポーネントに関連する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002146.html
JVNDB-2009-002079 Linux kernel の execve 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002079.html
JVNDB-2009-002078 Linux kernel の do_sigaltstack 関数における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002078.html
JVNDB-2009-002147 Oracle Application Server の Oracle BPEL Worklist Application コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002147.html
JVNDB-2009-002146 Oracle Application Server および E-Business Suite における Oracle Jinitiato コンポーネントに関連する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002146.html
JVNDB-2009-002079 Linux kernel の execve 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002079.html
JVNDB-2009-002078 Linux kernel の do_sigaltstack 関数における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002078.html
JVNDB-2009-001172 SystemTap における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001172.html
JVNDB-2009-001129 PostgreSQL のエラーメッセージの変換処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001129.html
JVNDB-2008-000018 Namazu におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000018.html
Social Engineering in Real-World Computer Attacks
http://isc.sans.org/diary.html?storyid=7465
Asterisk SIP INVITE ACL Can Be Bypassed By Remote Users
http://securitytracker.com/alerts/2009/Oct/1023080.html
squidGuard Buffer Overflow Lets Remote Users Bypass URL Filtering
http://securitytracker.com/alerts/2009/Oct/1023079.html
Novell eDirectory Buffer Overflow in 'dhost' Lets Remote Authenticated Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Oct/1023078.html
Perl UTF-8 Regex Processing Bug Lets Users Deny Service
http://securitytracker.com/alerts/2009/Oct/1023077.html
AST-2009-007: ACL not respected on SIP INVITE
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00239.html
+ Perl UTF-8 Denial of Service Vulnerability
http://secunia.com/advisories/37144/
http://www.vupen.com/english/advisories/2009/3023
http://www.securityfocus.com/bid/36812
[ANNOUNCE] PostgreSQL 8.5alpha2 Now Available
http://www.postgresql.org/about/news.1152
http://www.postgresql.org/ftp/source/8.5alpha2/
[ntp:announce] NTP 4.2.5p237-RC Released
http://www.ntp.org/downloads.html
SuSE : acroread, acroread_ja
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30725
SuSE : Apache and libapr
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30726
Debian : New phpmyadmin packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30730
Debian : New smarty packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30731
Gentoo Linux : Adobe Reader: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30732
Debian : New kdelibs packages fix SSL certificate verification weakness
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30727
Debian : New mimetex packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30728
Independent Researcher : 6.x and 7.x Multiple Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30737
Debian : New Linux 2.6.26 packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30723
Debian : New advi packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30729
Independent Researcher : Weak password Obfuscation
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30733
Mandriva : Proftpd
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30724
[SECURITY] [DSA-1920-1] New nginx packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00234.html
squidGuard 1.3 & 1.4 : buffer overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00213.html
[DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00222.html
SharePoint 2007 ASP.NET Source Code Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00201.html
[ GLSA 200910-03 ] Adobe Reader: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00220.html
[SECURITY] [DSA 1919-1] New smarty packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00219.html
[SECURITY] [DSA 1918-1] New phpmyadmin packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00218.html
Jetty 6.x and 7.x Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00214.html
RunCms v.2M1 /modules/forum/post.php - forum remote semi-blind SQL Injection Exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00197.html
Novell eDirectory 8.8 SP5 for Windows - Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00195.html
[SECURITY] [DSA 1917-1] New mimetex packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00194.html
[SECURITY] [DSA 1916-1] New kdelibs packages fix SSL certificate verification weakness
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00193.html
[SECURITY] [DSA 1912-2] New advi packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00192.html
[ MDVSA-2009:288 ] proftpd
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00190.html
JVNDB-2009-002144 Apple Xsan におけるユーザ名およびパスワードを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002144.html
HTML-Parser "decode_entities()" Denial of Service
http://secunia.com/advisories/37155/
SUSE update for apache2 and libapr1
http://secunia.com/advisories/37152/
SUSE Update for Multiple Packages
http://secunia.com/advisories/37151/
Debian update for advi
http://secunia.com/advisories/37150/
SUSE update for acroread and acroread_ja
http://secunia.com/advisories/37149/
Debian update for mimetex
http://secunia.com/advisories/37146/
Debian update for kdelibs
http://secunia.com/advisories/37145/
Perl UTF-8 Denial of Service Vulnerability
http://secunia.com/advisories/37144/
Gentoo update for acroread
http://secunia.com/advisories/37141/
Debian update for smarty
http://secunia.com/advisories/37140/
Debian update for phpmyadmin
http://secunia.com/advisories/37139/
RunCms "pid" SQL Injection Vulnerability
http://secunia.com/advisories/37137/
Pegasus Mail POP3 Error Buffer Overflow Vulnerability
http://secunia.com/advisories/37134/
Eureka Email POP3 Error Buffer Overflow Vulnerability
http://secunia.com/advisories/37132/
ProFTPD SSL Certificate NULL Character Processing Security Issue
http://secunia.com/advisories/37131/
Debian update for linux-2.6
http://secunia.com/advisories/37121/
Sun Java System Web Server Unspecified Buffer Overflow
http://secunia.com/advisories/37115/
vBulletin Cross Site Scripting Vulnerability
http://www.securiteam.com/unixfocus/6Y00O1PPPU.html
Poppler and Xpdf Integer Overflow Vulnerability
http://www.securiteam.com/unixfocus/6W00M1PPPQ.html
Avast! Local Privilege Escalation and DoS Vulnerabilities
http://www.securiteam.com/unixfocus/6V00L1PPPO.html
OSSIM Multiple Vulnerabilities
http://www.securiteam.com/unixfocus/6V00L1PPPO.html
Snort 2.8.5.1 Release
http://vrt-sourcefire.blogspot.com/2009/10/snort-2851-release.html
Web honeypot Update
http://isc.sans.org/diary.html?storyid=7456
Today: ISC Login bugfix day. If you have issues logging in using OpenID, please email a copy of your OpenID URL to jullrich\at\sans.edu
http://isc.sans.org/diary.html?storyid=7459
Cyber Security Awareness Month - Day 26 port1433/1434 MSSQL
http://isc.sans.org/diary.html?storyid=7462
ComicMaster Unspecified Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3036
Bftpd Packets Processing Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3032
Nebula3 Remote SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/3031
MetaForum Ajax Handling Security Bypass and Information Disclosure
http://www.vupen.com/english/advisories/2009/3030
urlShort Remote SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/3029
Tin Can Jukebox Unspecified Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3028
RunCms "pid" and "forum" Parameters SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2009/3027
Pegasus Mail POP3 Error Message Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3026
Eureka Email POP3 Error Message Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3025
Sun Java System Web Server Unspecified Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3024
Perl UTF-8 Regular Expression Evaluation Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3023
HTML-Parser "decode_entities()" Function Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3022
RHBA-2009:1523-1: evolution28-gtk2 bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1523.html
RHBA-2009:1524-1: device-mapper-multipath bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1524.html
IBM Rational AppScan Help Pages Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36734
Citrix XenCenterWeb Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/35592
phpMyAdmin SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/36658
NOS getPlus Download Manager Insecure File Permissions Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35740
Adobe Reader and Acrobat Compact Font Format Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36667
Adobe Reader and Acrobat (CVE-2009-2992) ActiveX Control Denial of Service Vulnerability
http://www.securityfocus.com/bid/36695
Adobe Reader and Acrobat (CVE-2009-2994) Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36689
Adobe Reader and Acrobat COM Objects Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36668
Adobe Reader and Acrobat Malformed U3D Data Pointer Dereference Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36678
Adobe Reader and Acrobat JavaScript Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36683
Adobe Acrobat Integer Overflow Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36694
Adobe Reader and Acrobat Certificate Modification Vulnerability
http://www.securityfocus.com/bid/36688
Adobe Acrobat Stack Exhaustion Denial of Service Vulnerability
http://www.securityfocus.com/bid/35148
Adobe Acrobat Reader Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36600
Adobe Reader and Acrobat Malformed U3D Data Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36671
Adobe Reader and Acrobat 'annots.api' Denial of Service Vulnerability
http://www.securityfocus.com/bid/36682
Adobe Reader and Acrobat U3D File Pointer Overwrite Remote Vulnerability
http://www.securityfocus.com/bid/36677
Adobe Acrobat Integer Overflow Vulnerability
http://www.securityfocus.com/bid/36693
Adobe Reader and Acrobat U3D File Invalid Array Index Remote Vulnerability
http://www.securityfocus.com/bid/36665
Adobe Reader and Acrobat Unspecified Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36687
Adobe Reader and Acrobat Trust Manager Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/36692
Adobe Reader and Acrobat JavaScript Collab Object Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36681
Adobe Reader Plugin Open Parameters Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/21858
Adobe Reader and Acrobat 'AcroPDF.dll' ActiveX Control Denial of Service Vulnerability
http://www.securityfocus.com/bid/36680
Adobe Acrobat Image Decoder Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36691
Adobe Reader and Acrobat File Extension Controls Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/36697
Adobe Acrobat Reader Firefox Plugin Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36669
Adobe Reader and Acrobat Multiple Unspecified Heap-Based Overflow Vulnerabilities
http://www.securityfocus.com/bid/36690
Adobe Reader and Acrobat for Unix Debug Mode Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36696
squidGuard Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/36800
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36314
PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35440
Newt Text Box Content Processing Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36515
Ruby on Rails Form Helpers Unicode String Handling Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36278
EMC RepliStor Server 'rep_serv.exe' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36738
TBmnetCMS 'content' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36733
Opial Multiple Vulnerabilities
http://www.securityfocus.com/bid/35641
Websense Email Security Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/36741
Websense Email Security and Email Manager 'STEMWADM.EXE' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36740
Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723
mimeTeX Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36632
mimeTeX Multiple Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36631
KDE KSSL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36229
ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36804
CamlImages JPEG Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36713
CamlImages Image Parsing Multiple Heap Overflow Vulnerabilities
http://www.securityfocus.com/bid/35999
Smarty Template Engine 'function.math.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34918
Smarty Template Engine 'Smarty_Compiler.class.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/31862
Joomla! 'com_photoblog' Component 'category' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36809
Joomla! 'com_jshop' Component 'pid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36808
Oracle Database Text Component 'ctxsys.drvxtabc.create_tables' Remote SQL Injection Vulnerability
http://www.securityfocus.com/bid/36748
Sun OpenSolaris Kernel Panic Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36819
Samba setuid 'mount.cifs' Verbose Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36572
Samba Oplock Break Notification Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36573
Samba Misconfigured '/etc/passwd' File Security Bypass Vulnerability
http://www.securityfocus.com/bid/36363
Novell eDirectory '/dhost/modules?L:' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36815
Snort Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/36795
Sun OpenSolaris Unspecified Local Security Vulnerability
http://www.securityfocus.com/bid/36818
Adobe Reader and Acrobat Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/36664
Adobe Reader and Acrobat XMP-XML Entity Expansion Denial of Service Vulnerability
http://www.securityfocus.com/bid/36686
Apache 'mod_proxy' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35565
Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35949
Microsoft Windows Media Runtime 'wmspdmod.dll' Speech Codec Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36614
Microsoft SharePoint Team Services Download Feature Source Code Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36817
Apache 'mod_deflate' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35623
Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
http://www.securityfocus.com/bid/35115
Apache mod_proxy_ftp Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/36254
Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36260
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32608
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
Sun Java System Web Server Unspecified Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36813
Asterisk Missing ACL Check Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/36821
RunCMS 'forum' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36816
Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36814
Perl UTF-8 Regular Expression Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36812
0 件のコメント:
コメントを投稿