+ GNU Patch 2.6 released
http://ftp.gnu.org/gnu/patch/
InterScan Messaging Security Suite 7.0 Solaris 版 Service Pack1 Patch1 リパック版公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1325
ソフマップ、見ている前で完全破壊する「ハードディスク破壊サービス」開始
http://itpro.nikkeibp.co.jp/article/NEWS/20091130/341261/?ST=security
「1カ月120ドルでボットネット構築を支援」、新手のサービスが出現
RSAセキュリティが報告、「ボットのアップデートもサポート」
http://itpro.nikkeibp.co.jp/article/NEWS/20091130/341276/?ST=security
JVNDB-2009-002279 Oracle Database の Auditing コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002279.html
JVNDB-2009-002278 Oracle Database の Data Pump コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002278.html
JVNDB-2009-002277 Oracle Database の Oracle Text コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002277.html
JVNDB-2009-002276 Oracle Database の Advanced Queuing コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002276.html
JVNDB-2009-002275 Oracle Database の Authentication コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002275.html
JVNDB-2009-002274 Oracle Database の Authentication コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002274.html
簡単な操作で製品のバージョンをチェックできる
「MyJVNバージョンチェッカ」を公開
http://www.ipa.go.jp/security/vuln/documents/2009/200911_myjvn_vc.html
セキュリティ検査言語OVAL概説
http://www.ipa.go.jp/security/vuln/OVAL.html
Distributed Wordpress admin account cracking
http://isc.sans.org/diary.html?storyid=7663
+ OpenLDAP 2.4.20 available
http://www.openldap.org/software/download/
http://www.openldap.org/software/release/
HPSBUX02482 SSRT090249 rev.1 - OpenSSLを実行するHP-UX、リモート未許可データ注入、サービス拒否(DoS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c01946041-1
FreeBSD 8.0-RELEASE Announcement
http://www.freebsd.org/releases/8.0R/pressrelease.html
Document ID: 333481: Resize Volume error : Error V-76-58645-614 The Shrink Volume operation does not support NTFS volumes greater than 2TB
http://seer.entsupport.symantec.com/docs/333481.htm
YouTubeに「詐欺動画」出現、警告に見せかけて特定サイトへ誘導
「このビデオは表示できません」、動画中に偽警告を表示
http://itpro.nikkeibp.co.jp/article/NEWS/20091127/341202/?ST=security
A Cloudy Weekend
http://isc.sans.org/diary.html?storyid=7660
Joomla LyftenBloggie Component "author" SQL Injection Vulnerability
http://secunia.com/advisories/37499/
Ubuntu update for php5
http://secunia.com/advisories/37498/
Gentoo update for PEAR-Net_Traceroute
http://secunia.com/advisories/37497/
DotNetNuke Cross-Site Scripting and Information Disclosure
http://secunia.com/advisories/37480/
RADIO istek scripti Information Disclosure Security Issue
http://secunia.com/advisories/37478/
Joomla GCalendar Component "gcid" SQL Injection
http://secunia.com/advisories/37476/
XM Easy Personal FTP Server Denial of Service Vulnerability
http://secunia.com/advisories/37473/
Robo-FTP Response Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/37452/
Sun Java Runtime Environment Deployment Toolkit Plugin Launch Method Flaw Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Nov/1023244.html
IBM DB2 dasauto Command Lets Local Users Deny Service
http://securitytracker.com/alerts/2009/Nov/1023242.html
RHBA-2009:1614-1: curl bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1614.html
Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
http://www.securityfocus.com/bid/35196
Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35263
Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
http://www.securityfocus.com/bid/35193
Apache Tomcat XML Parser Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35416
ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
http://www.securityfocus.com/bid/35848
ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118
PHP 'proc_open()' 'safe_mode_protected_env_var' Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/37138
KDE Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/36845
PHP Versions Prior to 5.3.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37079
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
TrackerCam Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/12592
phpBazar 'classified.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/37144
Robo-FTP Client Server Response Handling Unspecified Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37143
Ruby on Rails 'strip_tags()' Non-Printable Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37142
GCalendar Joomla! Component 'gcid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37141
LyftenBloggie Joomla! Component 'pid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37140
2009年11月30日月曜日
2009年11月27日金曜日
27日 金曜日、友引
サーバメンテナンスのお知らせ(2009年11月30日)
http://www.trendmicro.co.jp/support/news.asp?id=1329
EUの情報セキュリティ機関,電子IDカードに関する報告書を公開
http://itpro.nikkeibp.co.jp/article/NEWS/20091127/341172/?ST=security
JVNDB-2009-002273 Oracle Database の Net Foundation Layer コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002273.html
JVNDB-2009-002272 Oracle Database の Workspace Manager コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002272.html
JVNDB-2009-002271 Oracle Database の Workspace Manager コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002271.html
JVNDB-2009-002270 Oracle Database の Application Express コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002270.html
JVNDB-2009-002269 Oracle Database の PL/SQL コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002269.html
TrackerCam Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/12592
+ FreeBSD 8.0-RELEASE released
http://www.freebsd.org/releases/8.0R/announce.html
+ Microsoft Security Advisory (977981): Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/977981.mspx
+ PHP 'proc_open()' 'safe_mode_protected_env_var' Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/37138
[ANNOUNCE] Apache Lucene Java 3.0.0 released
http://lucene.apache.org/java/3_0_0/changes/Changes.html
[FreeBSD-Announce] FreeBSD 8.0-RELEASE Available
http://www.freebsd.org/releases/8.0R/relnotes.html
http://www.freebsd.org/releases/8.0R/errata.html
Samba 3.5.0pre1 Available for Download
http://news.samba.org/releases/3.5.0pre1/
Document ID: 337830: Veritas Storage Foundation and High Availability Solutions Version 5.1 SP1 for Windows Server 2003/2008 Getting Started Guide
http://seer.entsupport.symantec.com/docs/337830.htm
Document ID: 337683: Hardware Compatibility List (HCL) for Veritas Storage Foundation and High Availability Solutions 5.1 Service Pack 1 (SP1) for Windows
http://seer.entsupport.symantec.com/docs/337683.htm
Document ID: 337599: VxPAL and/or VxATd may display a crash after upgrading from a previous version of Storage Foundation High Availability for Windows (SFW HA) to SFW HA 5.1 Service Pack 1 (SP1)
VxPAL and/or VxATd may display a crash after upgrading from a previous version of Storage Foundation High Availability for Windows (SFW HA) to SFW HA 5.1 Service Pack 1 (SP1)
セキュアブレイン、無料ウイルス対策ソフトの日本語版を公開
ウイルス検査はネット上のサーバーで、他社製品の検出状況も収集
http://itpro.nikkeibp.co.jp/article/NEWS/20091126/341166/?ST=security
What Are You Thankful For?
http://isc.sans.org/diary.html?storyid=7651
Microsoft Security Advisory (977981)
http://isc.sans.org/diary.html?storyid=7654
RHBA-2009:1610-1: metacity bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1610.html
RHBA-2009:1611-1: xterm bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1611.html
RHBA-2009:1612-1: openswan bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1612.html
RHBA-2009:1613-1: system-config-lvm bug-fix update
http://rhn.redhat.com/errata/RHBA-2009-1613.html
OpenBSD Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023243.html
Sun Solaris 8 LDAP Client Configuration Cache Daemon Denial of Service
http://secunia.com/advisories/37506/
Sun Solaris LDAP Client Configuration Cache Daemon Denial of Service
http://secunia.com/advisories/37505/
Ingate Firewall and SIParator Multiple Vulnerabilities
http://secunia.com/advisories/37504/
Fedora update for php-pear-Net-Traceroute
http://secunia.com/advisories/37503/
Fedora update for php-pear-Net-Ping
http://secunia.com/advisories/37502/
HP-UX update for OpenSSL
http://secunia.com/advisories/37501/
Sun Solaris BIND DNS Cache Poisoning Vulnerability
http://secunia.com/advisories/37491/
Debian update for poppler
http://secunia.com/advisories/37488/
Debian update for php5
http://secunia.com/advisories/37482/
Serenity "MplayInputFile()" M3U Playlist Buffer Overflow
http://secunia.com/advisories/37472/
SugarCRM Multiple Vulnerabilities
http://secunia.com/advisories/37464/
Gentoo update for dstat
http://secunia.com/advisories/37457/
IBM DB2 "DASAUTO" Command Privilege Escalation
http://secunia.com/advisories/37454/
Dstat Insecure Plugin Search Path Security Issue
http://secunia.com/advisories/37445/
Gentoo update for wireshark
http://secunia.com/advisories/37409/
IBM DB2 "DASAUTO" Command Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2009/3340
GlobalSCAPE Secure FTP Server Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/13454
PHP 'proc_open()' 'safe_mode_protected_env_var' Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/37138
PHP 'tempname()' 'safe_mode' Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/36555
PHP 5.2.10 and Prior Versions Multiple Vulnerabilities
http://www.securityfocus.com/bid/36449
PHP Versions Prior to 5.3.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37079
Citrix XenCenterWeb Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/35592
MS Index Server and Indexing Service ISAPI Extension Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/2880
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
PEAR Net_Traceroute 'traceroute()' Function Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37094
Poppler 'ABWOutputDev.cc' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36976
Poppler Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33749
Poppler 'create_surface_from_thumbnail_data()' Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36718
strongSwan Crafted X.509 Certificate Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/35452
ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118
SugarCRM Versions 5.2.0j and 5.5.0.RC2 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/37136
Borland InterBase IBServer.EXE Remote Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/25048
Multiple Oracle XDB FTP / HTTP Services Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/8375
Winamp Ultravox Streaming Metadata Multiple Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/27344
PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35440
PHP 'ini_restore()' Memory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36009
Novell eDirectory iMonitor HTTPSTK Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/20655
America Online ICQ ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/20930
Hewlett-Packard OpenView OVTrace Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/25255
Cacti 'Linux - Get Memory Usage' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/37137
Cacti Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37109
IBM DB2 Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/36540
Mozilla Firefox Form History Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36853
Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36852
Mozilla Firefox and SeaMonkey Proxy Auto-Configuration File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36856
Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36855
Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
http://www.securityfocus.com/bid/36851
Mozilla Firefox XPCOM Utility Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36857
Mozilla Firefox JavaScript Web-Workers Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36854
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Joomla! Google Calendar Component 'gcid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37134
CA BrightStor 'AddColumn()' ListCtrl.ocx ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/28268
CA eTrust PestPatrol Anti-Spyware 'ppctl.dl' ActiveX Control Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37133
phpBazar 'admin/admin.php' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37132
Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37085
Microsoft Internet Explorer 8 Cross-Site Scripting Filter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37135
TrackerCam Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/12592
http://www.trendmicro.co.jp/support/news.asp?id=1329
EUの情報セキュリティ機関,電子IDカードに関する報告書を公開
http://itpro.nikkeibp.co.jp/article/NEWS/20091127/341172/?ST=security
JVNDB-2009-002273 Oracle Database の Net Foundation Layer コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002273.html
JVNDB-2009-002272 Oracle Database の Workspace Manager コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002272.html
JVNDB-2009-002271 Oracle Database の Workspace Manager コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002271.html
JVNDB-2009-002270 Oracle Database の Application Express コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002270.html
JVNDB-2009-002269 Oracle Database の PL/SQL コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002269.html
TrackerCam Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/12592
+ FreeBSD 8.0-RELEASE released
http://www.freebsd.org/releases/8.0R/announce.html
+ Microsoft Security Advisory (977981): Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/977981.mspx
+ PHP 'proc_open()' 'safe_mode_protected_env_var' Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/37138
[ANNOUNCE] Apache Lucene Java 3.0.0 released
http://lucene.apache.org/java/3_0_0/changes/Changes.html
[FreeBSD-Announce] FreeBSD 8.0-RELEASE Available
http://www.freebsd.org/releases/8.0R/relnotes.html
http://www.freebsd.org/releases/8.0R/errata.html
Samba 3.5.0pre1 Available for Download
http://news.samba.org/releases/3.5.0pre1/
Document ID: 337830: Veritas Storage Foundation and High Availability Solutions Version 5.1 SP1 for Windows Server 2003/2008 Getting Started Guide
http://seer.entsupport.symantec.com/docs/337830.htm
Document ID: 337683: Hardware Compatibility List (HCL) for Veritas Storage Foundation and High Availability Solutions 5.1 Service Pack 1 (SP1) for Windows
http://seer.entsupport.symantec.com/docs/337683.htm
Document ID: 337599: VxPAL and/or VxATd may display a crash after upgrading from a previous version of Storage Foundation High Availability for Windows (SFW HA) to SFW HA 5.1 Service Pack 1 (SP1)
VxPAL and/or VxATd may display a crash after upgrading from a previous version of Storage Foundation High Availability for Windows (SFW HA) to SFW HA 5.1 Service Pack 1 (SP1)
セキュアブレイン、無料ウイルス対策ソフトの日本語版を公開
ウイルス検査はネット上のサーバーで、他社製品の検出状況も収集
http://itpro.nikkeibp.co.jp/article/NEWS/20091126/341166/?ST=security
What Are You Thankful For?
http://isc.sans.org/diary.html?storyid=7651
Microsoft Security Advisory (977981)
http://isc.sans.org/diary.html?storyid=7654
RHBA-2009:1610-1: metacity bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1610.html
RHBA-2009:1611-1: xterm bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1611.html
RHBA-2009:1612-1: openswan bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1612.html
RHBA-2009:1613-1: system-config-lvm bug-fix update
http://rhn.redhat.com/errata/RHBA-2009-1613.html
OpenBSD Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023243.html
Sun Solaris 8 LDAP Client Configuration Cache Daemon Denial of Service
http://secunia.com/advisories/37506/
Sun Solaris LDAP Client Configuration Cache Daemon Denial of Service
http://secunia.com/advisories/37505/
Ingate Firewall and SIParator Multiple Vulnerabilities
http://secunia.com/advisories/37504/
Fedora update for php-pear-Net-Traceroute
http://secunia.com/advisories/37503/
Fedora update for php-pear-Net-Ping
http://secunia.com/advisories/37502/
HP-UX update for OpenSSL
http://secunia.com/advisories/37501/
Sun Solaris BIND DNS Cache Poisoning Vulnerability
http://secunia.com/advisories/37491/
Debian update for poppler
http://secunia.com/advisories/37488/
Debian update for php5
http://secunia.com/advisories/37482/
Serenity "MplayInputFile()" M3U Playlist Buffer Overflow
http://secunia.com/advisories/37472/
SugarCRM Multiple Vulnerabilities
http://secunia.com/advisories/37464/
Gentoo update for dstat
http://secunia.com/advisories/37457/
IBM DB2 "DASAUTO" Command Privilege Escalation
http://secunia.com/advisories/37454/
Dstat Insecure Plugin Search Path Security Issue
http://secunia.com/advisories/37445/
Gentoo update for wireshark
http://secunia.com/advisories/37409/
IBM DB2 "DASAUTO" Command Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2009/3340
GlobalSCAPE Secure FTP Server Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/13454
PHP 'proc_open()' 'safe_mode_protected_env_var' Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/37138
PHP 'tempname()' 'safe_mode' Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/36555
PHP 5.2.10 and Prior Versions Multiple Vulnerabilities
http://www.securityfocus.com/bid/36449
PHP Versions Prior to 5.3.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37079
Citrix XenCenterWeb Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/35592
MS Index Server and Indexing Service ISAPI Extension Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/2880
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
PEAR Net_Traceroute 'traceroute()' Function Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37094
Poppler 'ABWOutputDev.cc' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36976
Poppler Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33749
Poppler 'create_surface_from_thumbnail_data()' Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36718
strongSwan Crafted X.509 Certificate Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/35452
ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118
SugarCRM Versions 5.2.0j and 5.5.0.RC2 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/37136
Borland InterBase IBServer.EXE Remote Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/25048
Multiple Oracle XDB FTP / HTTP Services Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/8375
Winamp Ultravox Streaming Metadata Multiple Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/27344
PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35440
PHP 'ini_restore()' Memory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36009
Novell eDirectory iMonitor HTTPSTK Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/20655
America Online ICQ ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/20930
Hewlett-Packard OpenView OVTrace Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/25255
Cacti 'Linux - Get Memory Usage' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/37137
Cacti Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37109
IBM DB2 Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/36540
Mozilla Firefox Form History Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36853
Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36852
Mozilla Firefox and SeaMonkey Proxy Auto-Configuration File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36856
Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36855
Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
http://www.securityfocus.com/bid/36851
Mozilla Firefox XPCOM Utility Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36857
Mozilla Firefox JavaScript Web-Workers Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36854
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Joomla! Google Calendar Component 'gcid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37134
CA BrightStor 'AddColumn()' ListCtrl.ocx ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/28268
CA eTrust PestPatrol Anti-Spyware 'ppctl.dl' ActiveX Control Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37133
phpBazar 'admin/admin.php' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37132
Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37085
Microsoft Internet Explorer 8 Cross-Site Scripting Filter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37135
TrackerCam Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/12592
2009年11月26日木曜日
26日 木曜日、先勝
JVNVU#515749 Microsoft Internet Explorer に脆弱性
http://jvn.jp/cert/JVNVU515749/index.html
JVNDB-2009-002268 Oracle Database の Oracle Spatial コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002268.html
JVNDB-2009-002267 Oracle Database の Data Mining コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002267.html
JVNDB-2009-002266 Oracle Database の Network Authentication コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002266.html
JVNDB-2009-002265 Oracle Database の Network Authentication コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002265.html
JVNDB-2009-002264 Oracle Database の Core RDBMS コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002264.html
Solaris ldap_cachemgr() Flaws Let Local Users Deny Service
http://securitytracker.com/alerts/2009/Nov/1023239.html
Sun Solaris ldap_cachemgr Local Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/3336
Sun Solaris BIND DNSSEC Validation DNS Cache Poisoning
http://www.vupen.com/english/advisories/2009/3335
Sun OpenSolaris Security Update Fixes Firefox Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2009/3334
Sun Solaris Timeout Mechanism Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3333
Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37085
Mozilla Firefox 'document.getSelect' Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36858
Mozilla Firefox CVE-2009-3380 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36871
Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
http://www.securityfocus.com/bid/36867
Mozilla Firefox CVE-2009-3379 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36875
Mozilla Firefox CVE-2009-3382 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36866
Mozilla Firefox CVE-2009-3377 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36872
Mozilla Firefox CVE-2009-3378 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36873
+ Security Vulnerability in BIND DNS Software Shipped With Solaris May Allow DNS Cache Poisoning
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273169-1
+ Denial of Service Vulnerabilities in ldap_cachemgr(1M) Daemon
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231402-1
http://www.securityfocus.com/bid/37129
+ HPSBUX02482 SSRT090249 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01945686-1
+ Internet Explorer PDF Export Information Disclosure
http://secunia.com/advisories/37362/
+ Linux Kernel KVM Large SMP Instruction Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37130
[ANNOUNCE] MyJSQLView Version 3.05 Released
http://dandymadeproductions.com/projects/MyJSQLView/index.html
[ANNOUNCE] Apache Jackrabbit 2.0 beta3 released
http://jackrabbit.apache.org/downloads.html
[ANNOUNCE] PostgreSQL RPM packages for Fedora-12 released
http://yum.pgsqlrpms.org/howtoyum.php
Multiple Security Vulnerabilities in Firefox Versions Before 3.5.5 May Allow Execution of Arbitrary Code or Unauthorized Access to Certain Data
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272909-1
A Solaris Kernel Change Stops Sun Cluster Using "zpool.cachefiles" to Import zpools Resulting in ZFS pool Import Performance Degradation or Failure to Import the zpools
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272669-1
Gentoo Linux : UW IMAP toolkit: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30983
Gentoo Linux : dstat: Untrusted search path
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30984
Red Hat : Critical: kdelibs security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30978
Debian : New libvorbis packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30977
[ GLSA 200911-05 ] Wireshark: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00176.html
[resent] [ GLSA 200911-04 ] dstat: Untrusted search path
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00175.html
[ GLSA 200911-03 ] UW IMAP toolkit: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00174.html
rPSA-2009-0156-1 sun-jdk sun-jre
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00172.html
rPSA-2009-0155-1 httpd mod_ssl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00170.html
rPSA-2009-0154-1 httpd mod_ssl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00171.html
[SECURITY] [DSA 1939-1] New libvorbis packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00169.html
Vulnerabilities in WP-Cumulus for WordPress
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00168.html
[security bulletin] HPSBMA02417 SSRT090031 rev.2 - HP Data Protector Express and HP Data Protect
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00167.html
Microsoft Updates requiring reboot
http://isc.sans.org/diary.html?storyid=7645
Updates to my GREM Gold scripts and a new script
http://isc.sans.org/diary.html?storyid=7648
libtool libltdl Library Search Path Privilege Escalation Security Issue
http://secunia.com/advisories/37489/
Gentoo update for uw-imap and c-client
http://secunia.com/advisories/37487/
rPath update for httpd and mod_ssl
http://secunia.com/advisories/37486/
rPath update for sun-jdk and sun-jre
http://secunia.com/advisories/37485/
OpenX Arbitrary File Upload Vulnerability
http://secunia.com/advisories/37475/
Firefox Yoono Extension Cross-Context Scripting Vulnerability
http://secunia.com/advisories/37468/
Debian update for libvorbis
http://secunia.com/advisories/37463/
Symantec Altiris ConsoleUtilities ActiveX Control "RunCmd()" Buffer Overflow
http://secunia.com/advisories/37462/
Red Hat update for kdelibs
http://secunia.com/advisories/37461/
ISC BIND DNSSEC Cache Poisoning Vulnerability
http://secunia.com/advisories/37426/
Sun Solaris sshd Timeout Mechanism Denial of Service
http://secunia.com/advisories/37424/
Quick.CMS "admin.php" Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/37421/
libtool libltdl Library Search Path Privilege Escalation Security Issue
http://secunia.com/advisories/37414/
Ubuntu update for libvorbis
http://secunia.com/advisories/37411/
Internet Explorer PDF Export Information Disclosure
http://secunia.com/advisories/37362/
HP Operations Manager for Windows Unauthorized Access
http://www.securiteam.com/unixfocus/6G00L1FQ0E.html
PHP Multipart/Form-data Denial of Service Attack
http://www.securiteam.com/unixfocus/6H00M1FQ0G.html
KDE KDELibs Remote Array Overrun with Arbitrary Code Execution
http://www.securiteam.com/securitynews/6I00N1FQ0S.html
HP Color LaserJet Printers Unauthorized Access to Data and DoS
http://www.securiteam.com/securitynews/6J00O1FQ0G.html
Mozilla Firefox CVE-2009-3381 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36870
Mozilla Firefox CVE-2009-3383 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36869
Wireshark 1.2.2 and 1.0.9 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36846
Wireshark ERF File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36591
Wireshark 1.2.0 Multiple Vulnerabilities
http://www.securityfocus.com/bid/35748
Home FTP Server 'MKD' Command Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37041
PHP Versions Prior to 5.3.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37079
Wireshark 1.2.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36408
University of Washington IMAP c-client Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/32958
University of Washington IMAP 'smtp.c' Null Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/32280
University of Washington IMAP 'tmail' and 'dmail' Local Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/32072
PEAR Net_Ping 'ping()' Function Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37093
PEAR Net_Traceroute 'traceroute()' Function Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37094
Python 'Imageop' Module Argument Validation Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31932
RETIRED: Python Imageop Module 'imageop.crop()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31976
HP Data Protector Express 'dpwinsup.dll' Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34955
Mozilla Firefox 3.5.1/3.0.12 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/35927
libvorbis OGG Vorbis Processing Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36018
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Apache mod_proxy_ftp Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/36254
Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36260
Apache 'mod_deflate' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35623
Sun Java SE November 2009 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36881
Multiple BSD Distributions 'gdtoa/misc.c' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35510
Opera Web Browser prior to 10.01 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36850
Quick.Cart and Quick.CMS Delete Function Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/37115
TYPSoft FTP Server 'APPE' and 'DELE' Commands Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37114
Dag Wieers Dstat 'sys.path' Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37131
XM Easy Personal FTP Server File/Folder Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37112
Subscribe to Comments Prior to 2.1 Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/37111
klinza professional cms 'menulast.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/37127
WordPress WP-Cumulus Plugin 'tagcloud.swf' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37100
ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118
Sun Solaris LDAP Client Configuration Cache Daemon Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37129
Linux Kernel KVM Large SMP Instruction Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37130
Mozilla Firefox Form History Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36853
Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36852
Multiple Symantec Altiris Products 'RunCmd()' ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37092
Mozilla Firefox and SeaMonkey Proxy Auto-Configuration File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36856
Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36855
Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
http://www.securityfocus.com/bid/36851
Mozilla Firefox JavaScript Web-Workers Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36854
Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37085
Mozilla Firefox XPCOM Utility Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36857
Mozilla Firefox 'document.getSelect' Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36858
Mozilla Firefox CVE-2009-3380 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36871
Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
http://www.securityfocus.com/bid/36867
Mozilla Firefox CVE-2009-3379 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36875
Mozilla Firefox CVE-2009-3377 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36872
Mozilla Firefox CVE-2009-3382 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36866
Mozilla Firefox CVE-2009-3378 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36873
GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37128
Microsoft Windows Media Components ISATAP URL Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/32654
Microsoft Windows Media Components 'Service Principle Name' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/32653
http://jvn.jp/cert/JVNVU515749/index.html
JVNDB-2009-002268 Oracle Database の Oracle Spatial コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002268.html
JVNDB-2009-002267 Oracle Database の Data Mining コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002267.html
JVNDB-2009-002266 Oracle Database の Network Authentication コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002266.html
JVNDB-2009-002265 Oracle Database の Network Authentication コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002265.html
JVNDB-2009-002264 Oracle Database の Core RDBMS コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002264.html
Solaris ldap_cachemgr() Flaws Let Local Users Deny Service
http://securitytracker.com/alerts/2009/Nov/1023239.html
Sun Solaris ldap_cachemgr Local Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/3336
Sun Solaris BIND DNSSEC Validation DNS Cache Poisoning
http://www.vupen.com/english/advisories/2009/3335
Sun OpenSolaris Security Update Fixes Firefox Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2009/3334
Sun Solaris Timeout Mechanism Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3333
Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37085
Mozilla Firefox 'document.getSelect' Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36858
Mozilla Firefox CVE-2009-3380 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36871
Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
http://www.securityfocus.com/bid/36867
Mozilla Firefox CVE-2009-3379 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36875
Mozilla Firefox CVE-2009-3382 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36866
Mozilla Firefox CVE-2009-3377 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36872
Mozilla Firefox CVE-2009-3378 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36873
+ Security Vulnerability in BIND DNS Software Shipped With Solaris May Allow DNS Cache Poisoning
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273169-1
+ Denial of Service Vulnerabilities in ldap_cachemgr(1M) Daemon
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231402-1
http://www.securityfocus.com/bid/37129
+ HPSBUX02482 SSRT090249 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01945686-1
+ Internet Explorer PDF Export Information Disclosure
http://secunia.com/advisories/37362/
+ Linux Kernel KVM Large SMP Instruction Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37130
[ANNOUNCE] MyJSQLView Version 3.05 Released
http://dandymadeproductions.com/projects/MyJSQLView/index.html
[ANNOUNCE] Apache Jackrabbit 2.0 beta3 released
http://jackrabbit.apache.org/downloads.html
[ANNOUNCE] PostgreSQL RPM packages for Fedora-12 released
http://yum.pgsqlrpms.org/howtoyum.php
Multiple Security Vulnerabilities in Firefox Versions Before 3.5.5 May Allow Execution of Arbitrary Code or Unauthorized Access to Certain Data
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272909-1
A Solaris Kernel Change Stops Sun Cluster Using "zpool.cachefiles" to Import zpools Resulting in ZFS pool Import Performance Degradation or Failure to Import the zpools
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272669-1
Gentoo Linux : UW IMAP toolkit: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30983
Gentoo Linux : dstat: Untrusted search path
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30984
Red Hat : Critical: kdelibs security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30978
Debian : New libvorbis packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30977
[ GLSA 200911-05 ] Wireshark: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00176.html
[resent] [ GLSA 200911-04 ] dstat: Untrusted search path
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00175.html
[ GLSA 200911-03 ] UW IMAP toolkit: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00174.html
rPSA-2009-0156-1 sun-jdk sun-jre
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00172.html
rPSA-2009-0155-1 httpd mod_ssl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00170.html
rPSA-2009-0154-1 httpd mod_ssl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00171.html
[SECURITY] [DSA 1939-1] New libvorbis packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00169.html
Vulnerabilities in WP-Cumulus for WordPress
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00168.html
[security bulletin] HPSBMA02417 SSRT090031 rev.2 - HP Data Protector Express and HP Data Protect
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00167.html
Microsoft Updates requiring reboot
http://isc.sans.org/diary.html?storyid=7645
Updates to my GREM Gold scripts and a new script
http://isc.sans.org/diary.html?storyid=7648
libtool libltdl Library Search Path Privilege Escalation Security Issue
http://secunia.com/advisories/37489/
Gentoo update for uw-imap and c-client
http://secunia.com/advisories/37487/
rPath update for httpd and mod_ssl
http://secunia.com/advisories/37486/
rPath update for sun-jdk and sun-jre
http://secunia.com/advisories/37485/
OpenX Arbitrary File Upload Vulnerability
http://secunia.com/advisories/37475/
Firefox Yoono Extension Cross-Context Scripting Vulnerability
http://secunia.com/advisories/37468/
Debian update for libvorbis
http://secunia.com/advisories/37463/
Symantec Altiris ConsoleUtilities ActiveX Control "RunCmd()" Buffer Overflow
http://secunia.com/advisories/37462/
Red Hat update for kdelibs
http://secunia.com/advisories/37461/
ISC BIND DNSSEC Cache Poisoning Vulnerability
http://secunia.com/advisories/37426/
Sun Solaris sshd Timeout Mechanism Denial of Service
http://secunia.com/advisories/37424/
Quick.CMS "admin.php" Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/37421/
libtool libltdl Library Search Path Privilege Escalation Security Issue
http://secunia.com/advisories/37414/
Ubuntu update for libvorbis
http://secunia.com/advisories/37411/
Internet Explorer PDF Export Information Disclosure
http://secunia.com/advisories/37362/
HP Operations Manager for Windows Unauthorized Access
http://www.securiteam.com/unixfocus/6G00L1FQ0E.html
PHP Multipart/Form-data Denial of Service Attack
http://www.securiteam.com/unixfocus/6H00M1FQ0G.html
KDE KDELibs Remote Array Overrun with Arbitrary Code Execution
http://www.securiteam.com/securitynews/6I00N1FQ0S.html
HP Color LaserJet Printers Unauthorized Access to Data and DoS
http://www.securiteam.com/securitynews/6J00O1FQ0G.html
Mozilla Firefox CVE-2009-3381 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36870
Mozilla Firefox CVE-2009-3383 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36869
Wireshark 1.2.2 and 1.0.9 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36846
Wireshark ERF File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36591
Wireshark 1.2.0 Multiple Vulnerabilities
http://www.securityfocus.com/bid/35748
Home FTP Server 'MKD' Command Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37041
PHP Versions Prior to 5.3.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37079
Wireshark 1.2.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36408
University of Washington IMAP c-client Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/32958
University of Washington IMAP 'smtp.c' Null Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/32280
University of Washington IMAP 'tmail' and 'dmail' Local Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/32072
PEAR Net_Ping 'ping()' Function Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37093
PEAR Net_Traceroute 'traceroute()' Function Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37094
Python 'Imageop' Module Argument Validation Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31932
RETIRED: Python Imageop Module 'imageop.crop()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31976
HP Data Protector Express 'dpwinsup.dll' Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34955
Mozilla Firefox 3.5.1/3.0.12 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/35927
libvorbis OGG Vorbis Processing Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36018
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Apache mod_proxy_ftp Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/36254
Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36260
Apache 'mod_deflate' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35623
Sun Java SE November 2009 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36881
Multiple BSD Distributions 'gdtoa/misc.c' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35510
Opera Web Browser prior to 10.01 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36850
Quick.Cart and Quick.CMS Delete Function Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/37115
TYPSoft FTP Server 'APPE' and 'DELE' Commands Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37114
Dag Wieers Dstat 'sys.path' Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37131
XM Easy Personal FTP Server File/Folder Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37112
Subscribe to Comments Prior to 2.1 Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/37111
klinza professional cms 'menulast.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/37127
WordPress WP-Cumulus Plugin 'tagcloud.swf' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37100
ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118
Sun Solaris LDAP Client Configuration Cache Daemon Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37129
Linux Kernel KVM Large SMP Instruction Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37130
Mozilla Firefox Form History Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36853
Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36852
Multiple Symantec Altiris Products 'RunCmd()' ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37092
Mozilla Firefox and SeaMonkey Proxy Auto-Configuration File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36856
Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36855
Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
http://www.securityfocus.com/bid/36851
Mozilla Firefox JavaScript Web-Workers Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36854
Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37085
Mozilla Firefox XPCOM Utility Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36857
Mozilla Firefox 'document.getSelect' Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36858
Mozilla Firefox CVE-2009-3380 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36871
Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
http://www.securityfocus.com/bid/36867
Mozilla Firefox CVE-2009-3379 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36875
Mozilla Firefox CVE-2009-3377 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36872
Mozilla Firefox CVE-2009-3382 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36866
Mozilla Firefox CVE-2009-3378 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36873
GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37128
Microsoft Windows Media Components ISATAP URL Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/32654
Microsoft Windows Media Components 'Service Principle Name' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/32653
2009年11月25日水曜日
25日 水曜日、赤口
[ANNOUNCE] MyFaces Core v1.2.8 Release
http://myfaces.apache.org/download.html
Trend Micro Threat Discovery Appliance / Threat Discovery Virtual Appliance 2.5 R2 および、Trend Micro Threat Mitigator 2.5 の公開およびサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1324
水道・ガス・電力等の重要インフラ制御システムのセキュリティ向上に関する報告書を翻訳・公開
・重要インフラ制御システムにおけるウイルスや不正アクセス等への39の対策項目を紹介
http://www.ipa.go.jp/security/fy21/reports/scada/index.html
無線LANでのクッキー乗っ取りが急増中,オンライン・ショッピングで要注意
http://itpro.nikkeibp.co.jp/article/NEWS/20091125/341035/?ST=security
JVNVU#515749 Microsoft Internet Explorer に脆弱性
http://jvn.jp/cert/JVNVU515749/
JVNDB-2007-001200 Webmin および Usermin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001200.html
JVNDB-2009-002263 Xpdf および Poppler の ImageStream::ImageStream 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002263.html
JVNDB-2009-002262 Xpdf および Poppler の ObjectStream::ObjectStream 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002262.html
JVNDB-2009-002261 Xpdf および Poppler の PSOutputDev::doImageL1Sep 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002261.html
JVNDB-2009-002260 Xpdf および Poppler の Splash::drawImage 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002260.html
JVNDB-2009-002259 Xpdf および Poppler の SplashBitmap::SplashBitmap 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002259.html
Tool updates
http://isc.sans.org/diary.html?storyid=7642
Symantec Altiris Deployment Solution and Notification Server ActiveX Control RunCmd Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Nov/1023238.html
BIND DNSSEC Validation Flaw Lets Remote Servers Add to the Cache
http://securitytracker.com/alerts/2009/Nov/1023237.html
Solaris sshd Timeout Mechanism Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Nov/1023235.html
TYPSoft FTP Server APPE and DELE Command Processing Flaw Lets Remote Authenticated Users Deny Service
http://securitytracker.com/alerts/2009/Nov/1023234.html
Symantec Products AeXNSConsoleUtilities Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3328
ISC BIND DNSSEC Additional Section Cache Poisoning Vulnerability
http://www.vupen.com/english/advisories/2009/3327
Yoono Extension for Firefox "onLoad" Script Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3326
Cacti Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/3325
Sage Extension for Firefox RSS Feed Script Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3324
InfoRSS Extension for Firefox RSS Feed Script Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3323
WP-Cumulus Plugin for WordPress Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/3322
PEAR Net_Traceroute "traceroute()" Command Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3321
PEAR Net_Ping "ping()" Remote Command Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3320
Samba Oplock Break Notification Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36573
PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35440
Samba Misconfigured '/etc/passwd' File Security Bypass Vulnerability
http://www.securityfocus.com/bid/36363
Samba setuid 'mount.cifs' Verbose Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36572
Newt Text Box Content Processing Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36515
Ruby on Rails Form Helpers Unicode String Handling Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36278
RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/36940
Subscribe to Comments WordPress Plugin Multiple Unspecified Input Validation Vulnerabilities
http://www.securityfocus.com/bid/37113
+ マイクロソフト セキュリティ アドバイザリ(977981) Internet Explorer の脆弱性により、リモートでコードが実行される
http://www.microsoft.com/japan/technet/security/advisory/977981.mspx
http://www.microsoft.com/technet/security/advisory/977981.mspx
http://www.kb.cert.org/vuls/id/515749
http://www.securityfocus.com/bid/37085
+ ISC BIND 9.6.1-P2/9.5.2-P1/9.4.3-P4 is now available
https://www.isc.org/node/509
https://www.isc.org/node/507
https://www.isc.org/node/506
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30968
+ BIND 9 Cache Update from Additional Section
https://www.isc.org/node/504
http://www.securityfocus.com/bid/37118
+ Security Vulnerability in the Timeout Mechanism of Solaris sshd(1M) may Lead to a Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272629-1
http://www.securityfocus.com/bid/37116
+ RHSA-2009:1601-1: Critical: kdelibs security update
http://rhn.redhat.com/errata/RHSA-2009-1601.html
+ Microsoft Internet Explorer PDF Generation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37117
+ Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37069
MySQL Connector/MXJ 5.0.11 released
http://dev.mysql.com/downloads/connector/mxj/5.0.html
Tomcat Native 1.1.18 Released
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html
Document ID: 337694: When adding a Storage Foundation for Windows (SFW) 5.1 Service Pack 1 (SP1) basic disk to a Logical Disk Management (LDM) dynamic disk group, or creating LDM dynamic disk group from those disks, this error might occur: Warning V-40-32775-87, Invalid arguments.
http://seer.entsupport.symantec.com/docs/337694.htm
Document ID: 337684: Software Compatibility List (SCL) for Veritas Cluster Server 5.1 Service Pack 1 (SP1) for Windows
http://seer.entsupport.symantec.com/docs/337684.htm
Document ID: 337682: Software Compatibility List (SCL) for Veritas Storage Foundation and High Availability Solutions 5.1 Service Pack (SP1) for Windows
http://seer.entsupport.symantec.com/docs/337682.htm
Document ID: 337545: Veritas Enterprise Administrator (VEA) may give an error message while trying to resize a volume
http://seer.entsupport.symantec.com/docs/337545.htm
Document ID: 336859: Veritas (TM) Cluster Server 5.1 Service Pack 1 (SP1) for Windows Application Note: Disaster Recovery for VMware VirtualCenter 4.0 templates
http://seer.entsupport.symantec.com/docs/336859.htm
Independent Researcher : Remote DoS condition in harbour.pl
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30974
ISC : ISC BIND 9.6.1-P2 is now available
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30968
Moritz Naumann IT Consulting & Services : Executing arbitrary PHP code on OpenX <= 2.8.1 http://www.criticalwatch.com/support/security-advisories.aspx?AID=30972
Ubuntu Security Notice : libvorbis vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30967
SYM09-016: Security Advisories Relating to Symantec Products - Symantec’s Altiris Deployment and Notification Management Web Console RunCmd Vulnerability
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091124_00
BOM5.0による代理監視で使用するポートについて
http://www.say-tech.co.jp/support/bom-for-windows/bom50-3/index.shtml
IE6とIE7にパッチ未公開の危険な脆弱性、攻撃コードが既に出現
Webアクセスで被害の恐れ、IE8への移行やスクリプトの無効化が回避策
http://itpro.nikkeibp.co.jp/article/NEWS/20091125/341020/?ST=security
“脱獄iPhone”を狙うウイルス再び、感染すると乗っ取られる
より悪質な「iPhoneウイルス」、iPhoneをボットネットの一部に
http://itpro.nikkeibp.co.jp/article/NEWS/20091125/340992/?ST=security
クリアスウィフト,Webセキュリティ・アプライアンスにキャッシュ機能を統合
http://itpro.nikkeibp.co.jp/article/NEWS/20091124/340912/?ST=security
[USN-861-1] libvorbis vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00166.html
New Paper: MitM Attacks against the chipTAN comfort Online Banking System
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00165.html
Executing arbitrary PHP code on OpenX <= 2.8.1 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00164.html
XM Easy Personal FTP Server Remote DoS Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00163.html
TYPSoft FTP Server APPE and DELE Commands Remote DoS Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00162.html
BIND Security Advisory (DNSSEC only)
http://isc.sans.org/diary.html?storyid=7636
Vulnerability Note VU#515749: Microsoft Internet Explorer CSS style element vulnerability
http://www.kb.cert.org/vuls/id/515749
RHBA-2009:1600-1: kexec-tools bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1600.html
WordPress WP-Cumulus Plugin "tagcloud" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37483/
Cacti Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/37481/
Fedora update for asterisk
http://secunia.com/advisories/37479/
SUSE Update for Multiple Packages
http://secunia.com/advisories/37474/
Firefox Sage Extension Cross-Context Scripting Vulnerability
http://secunia.com/advisories/37466/
Debian update for php-mail
http://secunia.com/advisories/37458/
PEAR Net_Ping Command Injection Vulnerability
http://secunia.com/advisories/37451/
Fedora update for snort
http://secunia.com/advisories/37449/
Opera Unspecified Flaw Has Unspecified Impact
http://securitytracker.com/alerts/2009/Nov/1023232.html
E2-labs' project Ethan dissected. Anatomy of a franchise proposal based on non-existing partenships
http://www.zone-h.org/news/id/4731
OpenX Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/37110
Ruby on Rails Form Helpers Unicode String Handling Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36278
Philippe Jounin Tftpd32 Long Filename Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37119
Joomla! 'com_mygallery' Component 'cid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37121
Philippe Jounin Tftpd32 Connect Frame Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37122
Cacti Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37109
Multiple Symantec Altiris Products 'RunCmd()' ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37092
Mozilla Firefox CVE-2009-3379 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36875
GNU glibc 'strfmon()' Function Integer Overflow Weakness
http://www.securityfocus.com/bid/36443
Opera Web Browser prior to 10.01 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36850
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
Qt NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36203
Opera Unspecified Security Bypass Vulnerability
http://www.securityfocus.com/bid/36418
QEMU VNC Client Disconnect Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36716
Snort Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/36795
GIMP PSD Image Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37040
Jetty Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/34800
Bugzilla Bug Alias Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37062
Prototype JavaScript Framework Cross-Site Ajax Request Vulnerability
http://www.securityfocus.com/bid/36926
Mozilla Firefox Sage Extension RSS Feeds Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/37120
Mozilla Firefox Yoono Extension DOM Event Handler Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/37123
ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118
libxml2 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36010
ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
http://www.securityfocus.com/bid/35848
cURL / libcURL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36032
eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35850
NTP 'ntpq' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34481
JNLPAppletLauncher Arbitrary File Creation Vulnerability
http://www.securityfocus.com/bid/35946
Python Imageop Module 'imageop.crop()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31976
Python Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/30491
Python 'Imageop' Module Argument Validation Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31932
Python ImageOP Module Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/25696
Python 'expandtabs' Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/33187
Python 'stringobject.c' Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/28749
Python zlib Module Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/28715
Sun Solaris 'sshd(1M)' Timeout Mechanism Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37116
Python PyLocale_strxfrm Function Remote Information Leak Vulnerability
http://www.securityfocus.com/bid/23887
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
Sun Java SE Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/35922
Sun Java Runtime Environment Unpack200 JAR Unpacking Utility Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35944
Sun Java Runtime Environment Proxy Mechanism Implementation Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/35943
Sun Java Runtime Environment Audio System Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35939
Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36379
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36936
Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36038
Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723
Linux Kernel KVM 'kvm_dev_ioctl_get_supported_cpuid()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/36803
Linux Kernel 'clear_child_tid()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/35930
Linux Kernel 'PER_CLEAR_ON_SETID' Incomplete Personality List Access Validation Weakness
http://www.securityfocus.com/bid/35647
Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35929
Linux Kernel eCryptfs 'parse_tag_11()' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35851
Linux Kernel 'udp_sendmsg()' MSG_MORE Flag Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36108
Linux Kernel RTL8169 NIC Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35281
Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35185
Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34673
Linux Kernel 'make_indexed_dir()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/33618
Linux Kernel 'ptrace_start()' And 'do_coredump()' Deadlock Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/35559
Linux Kernel NFS 'MAY_EXEC' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34934
Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
http://www.securityfocus.com/bid/33951
Linux Kernel 'hrtimers' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/26880
Linux Kernel CIFS 'decode_unicode_ssetup()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34612
Linux Kernel CIFS Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34453
Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34205
Linux Kernel 'NFS filename' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34390
Microsoft Internet Explorer PDF Generation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37117
Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34405
Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33846
Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33428
Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
http://www.securityfocus.com/bid/33906
Linux Kernel 'ecryptfs_write_metadata_to_contents()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34216
Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability
http://www.securityfocus.com/bid/33237
Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37069
Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37068
WordPress Multiple Plugins Captcha Bypass Vulnerabilities
http://www.securityfocus.com/bid/37108
Mozilla Firefox 'libpr0n' GIF File Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/37107
PHP Versions Prior to 5.3.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37079
PHP Live! 'DOCUMENT_ROOT' Parameter Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/37106
Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37085
Quick.Cart and Quick.CMS Delete Function Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/37115
TYPSoft FTP Server 'APPE' and 'DELE' Commands Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37114
XM Easy Personal FTP Server File/Folder Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37112
http://myfaces.apache.org/download.html
Trend Micro Threat Discovery Appliance / Threat Discovery Virtual Appliance 2.5 R2 および、Trend Micro Threat Mitigator 2.5 の公開およびサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1324
水道・ガス・電力等の重要インフラ制御システムのセキュリティ向上に関する報告書を翻訳・公開
・重要インフラ制御システムにおけるウイルスや不正アクセス等への39の対策項目を紹介
http://www.ipa.go.jp/security/fy21/reports/scada/index.html
無線LANでのクッキー乗っ取りが急増中,オンライン・ショッピングで要注意
http://itpro.nikkeibp.co.jp/article/NEWS/20091125/341035/?ST=security
JVNVU#515749 Microsoft Internet Explorer に脆弱性
http://jvn.jp/cert/JVNVU515749/
JVNDB-2007-001200 Webmin および Usermin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001200.html
JVNDB-2009-002263 Xpdf および Poppler の ImageStream::ImageStream 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002263.html
JVNDB-2009-002262 Xpdf および Poppler の ObjectStream::ObjectStream 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002262.html
JVNDB-2009-002261 Xpdf および Poppler の PSOutputDev::doImageL1Sep 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002261.html
JVNDB-2009-002260 Xpdf および Poppler の Splash::drawImage 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002260.html
JVNDB-2009-002259 Xpdf および Poppler の SplashBitmap::SplashBitmap 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002259.html
Tool updates
http://isc.sans.org/diary.html?storyid=7642
Symantec Altiris Deployment Solution and Notification Server ActiveX Control RunCmd Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Nov/1023238.html
BIND DNSSEC Validation Flaw Lets Remote Servers Add to the Cache
http://securitytracker.com/alerts/2009/Nov/1023237.html
Solaris sshd Timeout Mechanism Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Nov/1023235.html
TYPSoft FTP Server APPE and DELE Command Processing Flaw Lets Remote Authenticated Users Deny Service
http://securitytracker.com/alerts/2009/Nov/1023234.html
Symantec Products AeXNSConsoleUtilities Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3328
ISC BIND DNSSEC Additional Section Cache Poisoning Vulnerability
http://www.vupen.com/english/advisories/2009/3327
Yoono Extension for Firefox "onLoad" Script Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3326
Cacti Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/3325
Sage Extension for Firefox RSS Feed Script Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3324
InfoRSS Extension for Firefox RSS Feed Script Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3323
WP-Cumulus Plugin for WordPress Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/3322
PEAR Net_Traceroute "traceroute()" Command Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3321
PEAR Net_Ping "ping()" Remote Command Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3320
Samba Oplock Break Notification Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36573
PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35440
Samba Misconfigured '/etc/passwd' File Security Bypass Vulnerability
http://www.securityfocus.com/bid/36363
Samba setuid 'mount.cifs' Verbose Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36572
Newt Text Box Content Processing Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36515
Ruby on Rails Form Helpers Unicode String Handling Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36278
RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/36940
Subscribe to Comments WordPress Plugin Multiple Unspecified Input Validation Vulnerabilities
http://www.securityfocus.com/bid/37113
+ マイクロソフト セキュリティ アドバイザリ(977981) Internet Explorer の脆弱性により、リモートでコードが実行される
http://www.microsoft.com/japan/technet/security/advisory/977981.mspx
http://www.microsoft.com/technet/security/advisory/977981.mspx
http://www.kb.cert.org/vuls/id/515749
http://www.securityfocus.com/bid/37085
+ ISC BIND 9.6.1-P2/9.5.2-P1/9.4.3-P4 is now available
https://www.isc.org/node/509
https://www.isc.org/node/507
https://www.isc.org/node/506
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30968
+ BIND 9 Cache Update from Additional Section
https://www.isc.org/node/504
http://www.securityfocus.com/bid/37118
+ Security Vulnerability in the Timeout Mechanism of Solaris sshd(1M) may Lead to a Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272629-1
http://www.securityfocus.com/bid/37116
+ RHSA-2009:1601-1: Critical: kdelibs security update
http://rhn.redhat.com/errata/RHSA-2009-1601.html
+ Microsoft Internet Explorer PDF Generation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37117
+ Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37069
MySQL Connector/MXJ 5.0.11 released
http://dev.mysql.com/downloads/connector/mxj/5.0.html
Tomcat Native 1.1.18 Released
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html
Document ID: 337694: When adding a Storage Foundation for Windows (SFW) 5.1 Service Pack 1 (SP1) basic disk to a Logical Disk Management (LDM) dynamic disk group, or creating LDM dynamic disk group from those disks, this error might occur: Warning V-40-32775-87, Invalid arguments.
http://seer.entsupport.symantec.com/docs/337694.htm
Document ID: 337684: Software Compatibility List (SCL) for Veritas Cluster Server 5.1 Service Pack 1 (SP1) for Windows
http://seer.entsupport.symantec.com/docs/337684.htm
Document ID: 337682: Software Compatibility List (SCL) for Veritas Storage Foundation and High Availability Solutions 5.1 Service Pack (SP1) for Windows
http://seer.entsupport.symantec.com/docs/337682.htm
Document ID: 337545: Veritas Enterprise Administrator (VEA) may give an error message while trying to resize a volume
http://seer.entsupport.symantec.com/docs/337545.htm
Document ID: 336859: Veritas (TM) Cluster Server 5.1 Service Pack 1 (SP1) for Windows Application Note: Disaster Recovery for VMware VirtualCenter 4.0 templates
http://seer.entsupport.symantec.com/docs/336859.htm
Independent Researcher : Remote DoS condition in harbour.pl
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30974
ISC : ISC BIND 9.6.1-P2 is now available
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30968
Moritz Naumann IT Consulting & Services : Executing arbitrary PHP code on OpenX <= 2.8.1 http://www.criticalwatch.com/support/security-advisories.aspx?AID=30972
Ubuntu Security Notice : libvorbis vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30967
SYM09-016: Security Advisories Relating to Symantec Products - Symantec’s Altiris Deployment and Notification Management Web Console RunCmd Vulnerability
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091124_00
BOM5.0による代理監視で使用するポートについて
http://www.say-tech.co.jp/support/bom-for-windows/bom50-3/index.shtml
IE6とIE7にパッチ未公開の危険な脆弱性、攻撃コードが既に出現
Webアクセスで被害の恐れ、IE8への移行やスクリプトの無効化が回避策
http://itpro.nikkeibp.co.jp/article/NEWS/20091125/341020/?ST=security
“脱獄iPhone”を狙うウイルス再び、感染すると乗っ取られる
より悪質な「iPhoneウイルス」、iPhoneをボットネットの一部に
http://itpro.nikkeibp.co.jp/article/NEWS/20091125/340992/?ST=security
クリアスウィフト,Webセキュリティ・アプライアンスにキャッシュ機能を統合
http://itpro.nikkeibp.co.jp/article/NEWS/20091124/340912/?ST=security
[USN-861-1] libvorbis vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00166.html
New Paper: MitM Attacks against the chipTAN comfort Online Banking System
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00165.html
Executing arbitrary PHP code on OpenX <= 2.8.1 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00164.html
XM Easy Personal FTP Server Remote DoS Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00163.html
TYPSoft FTP Server APPE and DELE Commands Remote DoS Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00162.html
BIND Security Advisory (DNSSEC only)
http://isc.sans.org/diary.html?storyid=7636
Vulnerability Note VU#515749: Microsoft Internet Explorer CSS style element vulnerability
http://www.kb.cert.org/vuls/id/515749
RHBA-2009:1600-1: kexec-tools bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1600.html
WordPress WP-Cumulus Plugin "tagcloud" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37483/
Cacti Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/37481/
Fedora update for asterisk
http://secunia.com/advisories/37479/
SUSE Update for Multiple Packages
http://secunia.com/advisories/37474/
Firefox Sage Extension Cross-Context Scripting Vulnerability
http://secunia.com/advisories/37466/
Debian update for php-mail
http://secunia.com/advisories/37458/
PEAR Net_Ping Command Injection Vulnerability
http://secunia.com/advisories/37451/
Fedora update for snort
http://secunia.com/advisories/37449/
Opera Unspecified Flaw Has Unspecified Impact
http://securitytracker.com/alerts/2009/Nov/1023232.html
E2-labs' project Ethan dissected. Anatomy of a franchise proposal based on non-existing partenships
http://www.zone-h.org/news/id/4731
OpenX Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/37110
Ruby on Rails Form Helpers Unicode String Handling Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36278
Philippe Jounin Tftpd32 Long Filename Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37119
Joomla! 'com_mygallery' Component 'cid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37121
Philippe Jounin Tftpd32 Connect Frame Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37122
Cacti Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37109
Multiple Symantec Altiris Products 'RunCmd()' ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37092
Mozilla Firefox CVE-2009-3379 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36875
GNU glibc 'strfmon()' Function Integer Overflow Weakness
http://www.securityfocus.com/bid/36443
Opera Web Browser prior to 10.01 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36850
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
Qt NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36203
Opera Unspecified Security Bypass Vulnerability
http://www.securityfocus.com/bid/36418
QEMU VNC Client Disconnect Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36716
Snort Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/36795
GIMP PSD Image Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37040
Jetty Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/34800
Bugzilla Bug Alias Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37062
Prototype JavaScript Framework Cross-Site Ajax Request Vulnerability
http://www.securityfocus.com/bid/36926
Mozilla Firefox Sage Extension RSS Feeds Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/37120
Mozilla Firefox Yoono Extension DOM Event Handler Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/37123
ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118
libxml2 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36010
ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
http://www.securityfocus.com/bid/35848
cURL / libcURL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36032
eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35850
NTP 'ntpq' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34481
JNLPAppletLauncher Arbitrary File Creation Vulnerability
http://www.securityfocus.com/bid/35946
Python Imageop Module 'imageop.crop()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31976
Python Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/30491
Python 'Imageop' Module Argument Validation Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31932
Python ImageOP Module Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/25696
Python 'expandtabs' Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/33187
Python 'stringobject.c' Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/28749
Python zlib Module Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/28715
Sun Solaris 'sshd(1M)' Timeout Mechanism Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37116
Python PyLocale_strxfrm Function Remote Information Leak Vulnerability
http://www.securityfocus.com/bid/23887
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
Sun Java SE Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/35922
Sun Java Runtime Environment Unpack200 JAR Unpacking Utility Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35944
Sun Java Runtime Environment Proxy Mechanism Implementation Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/35943
Sun Java Runtime Environment Audio System Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35939
Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36379
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36936
Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36038
Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723
Linux Kernel KVM 'kvm_dev_ioctl_get_supported_cpuid()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/36803
Linux Kernel 'clear_child_tid()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/35930
Linux Kernel 'PER_CLEAR_ON_SETID' Incomplete Personality List Access Validation Weakness
http://www.securityfocus.com/bid/35647
Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35929
Linux Kernel eCryptfs 'parse_tag_11()' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35851
Linux Kernel 'udp_sendmsg()' MSG_MORE Flag Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36108
Linux Kernel RTL8169 NIC Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35281
Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35185
Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34673
Linux Kernel 'make_indexed_dir()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/33618
Linux Kernel 'ptrace_start()' And 'do_coredump()' Deadlock Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/35559
Linux Kernel NFS 'MAY_EXEC' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34934
Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
http://www.securityfocus.com/bid/33951
Linux Kernel 'hrtimers' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/26880
Linux Kernel CIFS 'decode_unicode_ssetup()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34612
Linux Kernel CIFS Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34453
Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34205
Linux Kernel 'NFS filename' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34390
Microsoft Internet Explorer PDF Generation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37117
Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34405
Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33846
Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33428
Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
http://www.securityfocus.com/bid/33906
Linux Kernel 'ecryptfs_write_metadata_to_contents()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34216
Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability
http://www.securityfocus.com/bid/33237
Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37069
Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37068
WordPress Multiple Plugins Captcha Bypass Vulnerabilities
http://www.securityfocus.com/bid/37108
Mozilla Firefox 'libpr0n' GIF File Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/37107
PHP Versions Prior to 5.3.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37079
PHP Live! 'DOCUMENT_ROOT' Parameter Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/37106
Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37085
Quick.Cart and Quick.CMS Delete Function Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/37115
TYPSoft FTP Server 'APPE' and 'DELE' Commands Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37114
XM Easy Personal FTP Server File/Folder Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37112
2009年11月24日火曜日
24日 火曜日、大安
JVNVU#817433 複数の XML ライブラリの実装に脆弱性
http://jvn.jp/cert/JVNVU817433/index.html
JVNVU#943657 複数の TCP の実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU943657/index.html
JVNDB-2009-002258 Sun Solaris の ZFS ファイルシステムにおける file_chown_self 権限の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002258.html
JVNDB-2009-002257 libpng における初期化されていないメモリ内の情報の一部を読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002257.html
Microsoft Security Advisory 977981 - IE 6 and IE 7
http://isc.sans.org/diary.html?storyid=7633
Microsoft Internet Explorer Discloses Local Path Names When Printing Local HTML Files to PDF Files
http://securitytracker.com/alerts/2009/Nov/1023233.html
Autodesk 3ds Max Application Callbacks Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Nov/1023230.html
Autodesk Softimage Scene Table of Contents XML File Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Nov/1023229.html
Autodesk Maya 'Script Nodes' Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Nov/1023228.html
+ Microsoft Security Advisory (977981) Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/977981.mspx
+ マイクロソフト セキュリティ アドバイザリ(977981) Internet Explorer の脆弱性により、リモートでコードが実行される
http://www.microsoft.com/japan/technet/security/advisory/977981.mspx
+ Dovecot 1.2.8 released
http://www.dovecot.org/list/dovecot-news/2009-November/000143.html
+ MySQL Community Server 5.0.88 has been released
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
+ Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects OpenSSL
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1
http://secunia.com/advisories/37453/
http://www.vupen.com/english/advisories/2009/3310
+ VMSA-2009-0016: VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components.
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://lists.vmware.com/pipermail/security-announce/2009/000070.html
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30957
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00148.html
http://secunia.com/advisories/37471/
http://secunia.com/advisories/37470/
http://secunia.com/advisories/37460/
http://www.vupen.com/english/advisories/2009/3316
+ PHP-SA-11/20/2009: PHP "multipart/form-data" denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30950
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00146.html
+ PHP Multiple Vulnerabilities
http://secunia.com/advisories/37412/
http://www.vupen.com/english/advisories/2009/3295
http://www.securityfocus.com/bid/37079
+ PHP Bugs Let Local Users Bypass safe_mode and open_basedir Security Controls
http://securitytracker.com/alerts/2009/Nov/1023223.html
+ MySQL Security Update Fixes SSL Certificate Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3311
+ MySQL Denial of Service and Client Certificate Verification Vulnerabilities
http://secunia.com/advisories/37372/
+ Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36827
+ Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36379
- Dovecot "base_dir" Insecure Permissions Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3306
http://www.securityfocus.com/bid/37084
- Vulnerability Note VU#723308: TCP may keep its offered receive window closed indefinitely (RFC 1122)
http://www.kb.cert.org/vuls/id/723308
- [Security-announce] UPDATED VMSA-2009-0002.2 VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
http://lists.vmware.com/pipermail/security-announce/2009/000072.html
- [Security-announce] UPDATED VMSA-2009-0014.1 VMware ESX patches for DHCP Service Console kernel and JRE resolve multiple security issues
http://lists.vmware.com/pipermail/security-announce/2009/000071.html
[ANNOUNCEMENT] Apache Commons Pool 1.5.4 Released
http://commons.apache.org/pool/download_pool.cgi
[ANNOUNCE] Apache Tika 0.5 Released
http://www.apache.org/dist/lucene/tika/CHANGES-0.5.txt
Package: Courier 20091122 (22-Nov-2009)
https://sourceforge.net/projects/courier/files/courier-devel/20091122/courier-0.63.0.20091122.tar.bz2/download
Package: Courier-IMAP 20091122 (22-Nov-2009)
https://sourceforge.net/projects/courier/files/imap-devel/20091122/courier-imap-4.6.0.20091122.tar.bz2/download
Package: SqWebMail 20091122 (22-Nov-2009)
https://sourceforge.net/projects/courier/files/webmail-devel/20091122/sqwebmail-5.3.2.20091122.tar.bz2/download
Package: maildrop 20091122 (22-Nov-2009)
https://sourceforge.net/projects/courier/files/maildrop-devel/20091122/maildrop-2.2.0.20091122.tar.bz2/download
Package: Cone 20091122 (22-Nov-2009)
https://sourceforge.net/projects/courier/files/cone-devel/20091122/cone-0.79.20091122.tar.bz2/download
Perl 5.11.2 released
http://use.perl.org/articles/09/11/23/1434246.shtml
Rakudo Perl 6 development release #23 ("Lisbon")
http://use.perl.org/articles/09/11/23/1431232.shtml
ウイルスバスター2009
プログラムバージョン17.10 ビルド1365 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1323
Document ID: 337257: Unable to access volume after SAN Volume Controller outage. VEA displays missing disk with status "Disconnected"
http://seer.entsupport.symantec.com/docs/337257.htm
Document ID: 336119: Unable to configure Cluster Shared Volumes (CSV) in Windows Server 2008 R2 using Storage Foundation for Windows dynamic volumes.
http://seer.entsupport.symantec.com/docs/336119.htm
Bkis : e107 Multiple Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30961
Debian : New php-mail packages fix insufficient input sanitising
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30956
Independent Researcher : Code to mitigate IE STYLE zero-day
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30966
Independent Researcher : Millions of PDF invisibly embedded with your internal disk paths
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30960
Debian : New gforge packages fix cross-site scripting
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30955
Independent Researcher : Vulnerabilities in plugins for WordPress
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30959
Mandriva : kernel
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30953
Mandriva : php
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30954
Hewlett-Packard : HP Operations Manager for Windows, Remote Unauthorized Access
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30965
Independent Researcher : PHP "multipart/form-data" denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30950
Independent Researcher : Firefox 3.5.3 Remote Array Overrun (UPDATE)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30962
SecurityReason.com : SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30946
SecurityReason.com : K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30947
SecurityReason.com : Opera 10.01 Remote Array Overrun (Arbitrary code execution)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30948
SecurityReason.com : KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30949
SecurityReason.com : SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30963
SecurityReason.com : K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30964
VMware : vCenter and ESX update release and vMA patch for multiple issues in third party components
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30957
ZDI : Hewlett-Packard Operations Manager Server Backdoor Account Code Execution Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30958
「パスワードを盗むウイルス」と「偽ソフト」が猛威、米MSが警告
ウイルス駆除ツールの成果を報告、“トップ25”の過半数を占める
http://itpro.nikkeibp.co.jp/article/NEWS/20091124/340936/?ST=security
Twitter悪用の迷惑メールが急増、つぶやき経由で怪しいサイトへ
アカウントが乗っ取られている恐れあり、安易なクリックは禁物
http://itpro.nikkeibp.co.jp/article/NEWS/20091120/340779/?ST=security
RHBA-2009:1598-1: cman bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1598.html
RHBA-2009:1599-1: bash bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1599.html
CORE-2009-0910: Autodesk Maya Script Nodes Arbitrary Command Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00160.html
CORE-2009-0909: Autodesk 3DS Max Application Callbacks Arbitrary Command Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00159.html
CORE-2009-0908: Autodesk SoftImage Scene TOC Arbitrary Command Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00158.html
Millions of PDF invisibly embedded with your internal disk paths
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00157.html
[SECURITY] [DSA 1938-1] New php-mail packages fix insufficient input sanitising
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00156.html
Code to mitigate IE STYLE zero-day
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00153.html
[Bkis-13-2009] e107 Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00152.html
Vulnerabilities in plugins for WordPress
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00150.html
[ MDVSA-2009:302 ] php
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00155.html
[SECURITY] [DSA 1937-1] New gforge packages fix cross-site scripting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00154.html
[ MDVSA-2009:301 ] kernel
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00151.html
ZDI-09-085: Hewlett-Packard Operations Manager Server Backdoor Account Code Execution Vu
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00149.html
VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00148.html
[security bulletin] HPSBMA02478 SSRT090251 rev.1 - HP Operations Manager for Windows, Remote Una
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00147.html
PHP "multipart/form-data" denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00146.html
Firefox 3.5.3 Remote Array Overrun (UPDATE)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00141.html
KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00145.html
Opera 10.01 Remote Array Overrun (Arbitrary code execution)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00143.html
SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00142.html
K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00144.html
Government Approaches to Cybersecurity - What are your tips?
http://isc.sans.org/diary.html?storyid=7627
New Nmap Beta Released
http://isc.sans.org/diary.html?storyid=7630
IE6 and IE7 0-Day Reported
http://isc.sans.org/diary.html?storyid=7624
What is making you vulnerable?
http://isc.sans.org/diary.html?storyid=7621
VMware ESX and vMA Update for Multiple Packages
http://secunia.com/advisories/37471/
VMware ESXi update for ntp
http://secunia.com/advisories/37470/
Opera Multiple Vulnerabilities
http://secunia.com/advisories/37469/
Firefox infoRSS Extension Cross-Context Scripting Vulnerability
http://secunia.com/advisories/37467/
VMware Products Update for Multiple Packages
http://secunia.com/advisories/37460/
PHP Traverser "GLOBALS[BASE]" File Inclusion Vulnerability
http://secunia.com/advisories/37455/
Sun Solaris OpenSSL TLS Session Renegotiation Plaintext Injection Vulnerability
http://secunia.com/advisories/37453/
Debian update for gforge
http://secunia.com/advisories/37450/
Internet Explorer Layout Handling Memory Corruption Vulnerability
http://secunia.com/advisories/37448/
Outreach Project Tool "CRM_path" File Inclusion Vulnerability
http://secunia.com/advisories/37447/
Magic Music Player Playlist Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/37427/
Betsy CMS "popup" Local File Inclusion Vulnerability
http://secunia.com/advisories/37422/
IP.Board SQL Injection Vulnerabilities
http://secunia.com/advisories/37416/
NaSMail Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/37415/
FMOD Ex Playlist Processing Multiple Vulnerabilities
http://secunia.com/advisories/37403/
MySQL Denial of Service and Client Certificate Verification Vulnerabilities
http://secunia.com/advisories/37372/
HP Operations Manager Undocumented Account
http://secunia.com/advisories/37444/
Dovecot Insecure Directory Permissions Security Issue
http://secunia.com/advisories/37443/
IBM Rational Products Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/37442/
KDE kdelibs Floating Point Number Processing Memory Corruption
http://secunia.com/advisories/37432/
Opera Floating Point Number Processing Memory Corruption
http://secunia.com/advisories/37431/
Cisco VPN Client "cvpnd" Service Local Denial of Service
http://secunia.com/advisories/37419/
PHP Multiple Vulnerabilities
http://secunia.com/advisories/37412/
PEAR Mail Sendmail "Mail::Send()" Argument Injection Vulnerability
http://secunia.com/advisories/37410/
SUSE update for java-1_6_0-sun
http://secunia.com/advisories/37239/
Opera May Disclose Scripting Error Messages to Remote Users
http://securitytracker.com/alerts/2009/Nov/1023227.html
Microsoft Internet Explorer Flaw in getElementsByTagName() Method Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Nov/1023226.html
Quick Heal Total Security Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/Nov/1023225.html
Solaris Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023224.html
PHP Bugs Let Local Users Bypass safe_mode and open_basedir Security Controls
http://securitytracker.com/alerts/2009/Nov/1023223.html
HP Operations Manager Hidden Account Lets Remote Users Access the System
http://securitytracker.com/alerts/2009/Nov/1023222.html
Cisco VPN Client StartServiceCtrlDispatcher() Function Lets Local Users Deny Service
http://securitytracker.com/alerts/2009/Nov/1023221.html
Cisco Wireless Location Appliance Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023214.html
Crypto message for E2-Labs
http://www.zone-h.org/news/id/4732
VMware Products Multiple Code Execution and Security Bypass Issues
http://www.vupen.com/english/advisories/2009/3316
NaSMail Security Update Fixes Multiple Input Validation Vulnerabilities
http://www.vupen.com/english/advisories/2009/3315
Betsy CMS "popup" Parameter Local File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2009/3314
Cisco Products Transport Layer Security Renegotiation Vulnerability
http://www.vupen.com/english/advisories/2009/3313
httpdx FTP Server "tolog()" Function Remote Format String Vulnerability
http://www.vupen.com/english/advisories/2009/3312
MySQL Security Update Fixes SSL Certificate Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3311
Sun Solaris OpenSSL Session Renegotiation Plaintext Injection Issue
http://www.vupen.com/english/advisories/2009/3310
Google Chrome Frame Cross Origin Protection Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3309
IBM Rational Products JSF Widget Library Runtime Vulnerabilities
http://www.vupen.com/english/advisories/2009/3309
HP OpenView Operations Default Account Code Execution Vulnerability
http://www.vupen.com/english/advisories/2009/3307
Dovecot "base_dir" Insecure Permissions Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3306
Microsoft Internet Explorer CSS Handling Code Execution Vulnerability (0day)
http://www.vupen.com/english/advisories/2009/3301
PEAR Mail "form" Parameter Sendmail Argument Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3300
K-Meleon Floating Point Numbers Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2009/3299
KDE kdelibs Floating Point Numbers Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2009/3298
Opera Floating Point Number Handling Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2009/3297
Cisco VPN Client "cvpnd.exe" Local Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3296
PHP Security Update Fixes Security Bypass and DoS Vulnerabilities
http://www.vupen.com/english/advisories/2009/3295
Linux Kernel "gdth_read_event()" Array Indexing Vulnerability
http://www.vupen.com/english/advisories/2009/3294
FireStats WordPress Plugin Multiple Cross Site Scripting and Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/37099
Fuctweb CapCC Plugin for WordPress CAPTCHA Security Bypass Vulnerability
http://www.securityfocus.com/bid/37103
WordPress 'press-this.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37014
WordPress WP-Cumulus Plugin Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37102
WordPress WP-Cumulus Plugin 'tagcloud.swf' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37100
WordPress Trashbin Plugin 'mtb_undelete' Parameter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37097
WordPress WP-PHPList Plugin 'unsubscribeemail' Parameter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37096
WP Contact Form WordPress Plugin Security Bypass and Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37101
WP Contact Form WordPress Plugin Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37098
Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37085
HP Operations Manager Remote Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/37086
Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36827
Linux Kernel 'readlink' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33412
Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36901
Microsoft Windows TCP/IP Orphaned Connection Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36269
PEAR Net_Traceroute 'traceroute()' Function Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37094
PEAR Net_Ping 'ping()' Function Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37093
TCP/IP Protocol Stack Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/31545
Autodesk Softimage Scene TOC File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36637
Autodesk 3ds Max Application Callbacks Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/36634
Autodesk Maya MEL Script Nodes Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/36636
GForge 'helpname' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37088
PEAR Sendmail 'From' Parameter Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37081
Outreach Project Tool 'CRM_path' Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/37090
Mozilla Firefox infoRSS Extension RSS Feeds Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/37091
e107 Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37087
Microsoft Windows Web Services on Devices API Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36919
Microsoft Excel 'FEATHEADER' Record Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36945
Microsoft Word Record Parsing Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36950
PHP Versions Prior to 5.3.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37079
Opera Web Browser 'dtoa()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37078
Opera Web Browser Security Bypass and Unspecified Vulnerabilities
http://www.securityfocus.com/bid/37089
Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723
Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36379
Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36936
Linux Kernel KVM 'kvm_dev_ioctl_get_supported_cpuid()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/36803
Adobe Reader and Acrobat U3D File Invalid Array Index Remote Vulnerability
http://www.securityfocus.com/bid/36665
Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36038
Linux Kernel 'clear_child_tid()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/35930
eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35850
Linux Kernel 'PER_CLEAR_ON_SETID' Incomplete Personality List Access Validation Weakness
http://www.securityfocus.com/bid/35647
Linux Kernel eCryptfs 'parse_tag_11()' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35851
Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35929
Linux Kernel 'udp_sendmsg()' MSG_MORE Flag Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36108
Linux Kernel 'make_indexed_dir()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/33618
Apache Tomcat WebDav Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/26070
Linux Kernel RTL8169 NIC Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35281
Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35185
Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34673
Linux Kernel 'ptrace_start()' And 'do_coredump()' Deadlock Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/35559
Linux Kernel 'hrtimers' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/26880
Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/27706
Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/30494
cURL / libcURL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36032
Linux Kernel NFS 'MAY_EXEC' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34934
Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
http://www.securityfocus.com/bid/27006
ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
http://www.securityfocus.com/bid/35848
libxml2 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36010
Linux Kernel CIFS 'decode_unicode_ssetup()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34612
Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
http://www.securityfocus.com/bid/35196
Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
http://www.securityfocus.com/bid/33951
Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34205
Linux Kernel CIFS Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34453
Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34405
Linux Kernel 'NFS filename' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34390
NTP 'ntpq' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34481
Linux Kernel 'ecryptfs_write_metadata_to_contents()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34216
Python 'expandtabs' Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/33187
Python Imageop Module 'imageop.crop()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31976
Python 'Imageop' Module Argument Validation Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31932
Python Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/30491
Apache Tomcat XML Parser Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35416
Python ImageOP Module Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/25696
Python 'stringobject.c' Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/28749
Python zlib Module Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/28715
Sun Java SE Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/35922
Python PyLocale_strxfrm Function Remote Information Leak Vulnerability
http://www.securityfocus.com/bid/23887
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
JNLPAppletLauncher Arbitrary File Creation Vulnerability
http://www.securityfocus.com/bid/35946
Sun Java Runtime Environment Proxy Mechanism Implementation Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/35943
Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/30496
Sun Java Runtime Environment Unpack200 JAR Unpacking Utility Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35944
Sun Java Runtime Environment Audio System Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35939
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
http://www.securityfocus.com/bid/35193
Apache Tomcat Host Manager Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/29502
Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33846
NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35017
Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35263
Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33428
Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
http://www.securityfocus.com/bid/33906
Linux Kernel '/proc/net/rt_cache' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34084
Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability
http://www.securityfocus.com/bid/33237
Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/27703
RhinoSoft Serv-U Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33180
RhinoSoft Serv-U FTP Server 'rnto' Command Directory Traversal Vulnerability
http://www.securityfocus.com/bid/31563
RhinoSoft Serv-U 'SMNT' Command Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/34127
RhinoSoft Serv-U FTP Server 'MKD' Command Directory Traversal Vulnerability
http://www.securityfocus.com/bid/34125
RhinoSoft Serv-U 'SITE SET TRANSFERPROGRESS ON' Command Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36585
RhinoSoft Serv-U Web Client HTTP Request Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36895
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
http://www.securityfocus.com/bid/36851
Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37084
KDE KDELibs 'dtoa()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37080
HP OpenView Network Node Manager 'ovdbrun.exe' Denial of Service Vulnerability
http://www.securityfocus.com/bid/37046
IBM Rational Products Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/37083
Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37077
http://jvn.jp/cert/JVNVU817433/index.html
JVNVU#943657 複数の TCP の実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU943657/index.html
JVNDB-2009-002258 Sun Solaris の ZFS ファイルシステムにおける file_chown_self 権限の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002258.html
JVNDB-2009-002257 libpng における初期化されていないメモリ内の情報の一部を読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002257.html
Microsoft Security Advisory 977981 - IE 6 and IE 7
http://isc.sans.org/diary.html?storyid=7633
Microsoft Internet Explorer Discloses Local Path Names When Printing Local HTML Files to PDF Files
http://securitytracker.com/alerts/2009/Nov/1023233.html
Autodesk 3ds Max Application Callbacks Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Nov/1023230.html
Autodesk Softimage Scene Table of Contents XML File Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Nov/1023229.html
Autodesk Maya 'Script Nodes' Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Nov/1023228.html
+ Microsoft Security Advisory (977981) Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/977981.mspx
+ マイクロソフト セキュリティ アドバイザリ(977981) Internet Explorer の脆弱性により、リモートでコードが実行される
http://www.microsoft.com/japan/technet/security/advisory/977981.mspx
+ Dovecot 1.2.8 released
http://www.dovecot.org/list/dovecot-news/2009-November/000143.html
+ MySQL Community Server 5.0.88 has been released
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
+ Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects OpenSSL
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1
http://secunia.com/advisories/37453/
http://www.vupen.com/english/advisories/2009/3310
+ VMSA-2009-0016: VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components.
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://lists.vmware.com/pipermail/security-announce/2009/000070.html
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30957
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00148.html
http://secunia.com/advisories/37471/
http://secunia.com/advisories/37470/
http://secunia.com/advisories/37460/
http://www.vupen.com/english/advisories/2009/3316
+ PHP-SA-11/20/2009: PHP "multipart/form-data" denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30950
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00146.html
+ PHP Multiple Vulnerabilities
http://secunia.com/advisories/37412/
http://www.vupen.com/english/advisories/2009/3295
http://www.securityfocus.com/bid/37079
+ PHP Bugs Let Local Users Bypass safe_mode and open_basedir Security Controls
http://securitytracker.com/alerts/2009/Nov/1023223.html
+ MySQL Security Update Fixes SSL Certificate Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3311
+ MySQL Denial of Service and Client Certificate Verification Vulnerabilities
http://secunia.com/advisories/37372/
+ Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36827
+ Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36379
- Dovecot "base_dir" Insecure Permissions Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3306
http://www.securityfocus.com/bid/37084
- Vulnerability Note VU#723308: TCP may keep its offered receive window closed indefinitely (RFC 1122)
http://www.kb.cert.org/vuls/id/723308
- [Security-announce] UPDATED VMSA-2009-0002.2 VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
http://lists.vmware.com/pipermail/security-announce/2009/000072.html
- [Security-announce] UPDATED VMSA-2009-0014.1 VMware ESX patches for DHCP Service Console kernel and JRE resolve multiple security issues
http://lists.vmware.com/pipermail/security-announce/2009/000071.html
[ANNOUNCEMENT] Apache Commons Pool 1.5.4 Released
http://commons.apache.org/pool/download_pool.cgi
[ANNOUNCE] Apache Tika 0.5 Released
http://www.apache.org/dist/lucene/tika/CHANGES-0.5.txt
Package: Courier 20091122 (22-Nov-2009)
https://sourceforge.net/projects/courier/files/courier-devel/20091122/courier-0.63.0.20091122.tar.bz2/download
Package: Courier-IMAP 20091122 (22-Nov-2009)
https://sourceforge.net/projects/courier/files/imap-devel/20091122/courier-imap-4.6.0.20091122.tar.bz2/download
Package: SqWebMail 20091122 (22-Nov-2009)
https://sourceforge.net/projects/courier/files/webmail-devel/20091122/sqwebmail-5.3.2.20091122.tar.bz2/download
Package: maildrop 20091122 (22-Nov-2009)
https://sourceforge.net/projects/courier/files/maildrop-devel/20091122/maildrop-2.2.0.20091122.tar.bz2/download
Package: Cone 20091122 (22-Nov-2009)
https://sourceforge.net/projects/courier/files/cone-devel/20091122/cone-0.79.20091122.tar.bz2/download
Perl 5.11.2 released
http://use.perl.org/articles/09/11/23/1434246.shtml
Rakudo Perl 6 development release #23 ("Lisbon")
http://use.perl.org/articles/09/11/23/1431232.shtml
ウイルスバスター2009
プログラムバージョン17.10 ビルド1365 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1323
Document ID: 337257: Unable to access volume after SAN Volume Controller outage. VEA displays missing disk with status "Disconnected"
http://seer.entsupport.symantec.com/docs/337257.htm
Document ID: 336119: Unable to configure Cluster Shared Volumes (CSV) in Windows Server 2008 R2 using Storage Foundation for Windows dynamic volumes.
http://seer.entsupport.symantec.com/docs/336119.htm
Bkis : e107 Multiple Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30961
Debian : New php-mail packages fix insufficient input sanitising
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30956
Independent Researcher : Code to mitigate IE STYLE zero-day
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30966
Independent Researcher : Millions of PDF invisibly embedded with your internal disk paths
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30960
Debian : New gforge packages fix cross-site scripting
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30955
Independent Researcher : Vulnerabilities in plugins for WordPress
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30959
Mandriva : kernel
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30953
Mandriva : php
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30954
Hewlett-Packard : HP Operations Manager for Windows, Remote Unauthorized Access
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30965
Independent Researcher : PHP "multipart/form-data" denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30950
Independent Researcher : Firefox 3.5.3 Remote Array Overrun (UPDATE)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30962
SecurityReason.com : SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30946
SecurityReason.com : K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30947
SecurityReason.com : Opera 10.01 Remote Array Overrun (Arbitrary code execution)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30948
SecurityReason.com : KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30949
SecurityReason.com : SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30963
SecurityReason.com : K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30964
VMware : vCenter and ESX update release and vMA patch for multiple issues in third party components
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30957
ZDI : Hewlett-Packard Operations Manager Server Backdoor Account Code Execution Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30958
「パスワードを盗むウイルス」と「偽ソフト」が猛威、米MSが警告
ウイルス駆除ツールの成果を報告、“トップ25”の過半数を占める
http://itpro.nikkeibp.co.jp/article/NEWS/20091124/340936/?ST=security
Twitter悪用の迷惑メールが急増、つぶやき経由で怪しいサイトへ
アカウントが乗っ取られている恐れあり、安易なクリックは禁物
http://itpro.nikkeibp.co.jp/article/NEWS/20091120/340779/?ST=security
RHBA-2009:1598-1: cman bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1598.html
RHBA-2009:1599-1: bash bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1599.html
CORE-2009-0910: Autodesk Maya Script Nodes Arbitrary Command Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00160.html
CORE-2009-0909: Autodesk 3DS Max Application Callbacks Arbitrary Command Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00159.html
CORE-2009-0908: Autodesk SoftImage Scene TOC Arbitrary Command Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00158.html
Millions of PDF invisibly embedded with your internal disk paths
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00157.html
[SECURITY] [DSA 1938-1] New php-mail packages fix insufficient input sanitising
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00156.html
Code to mitigate IE STYLE zero-day
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00153.html
[Bkis-13-2009] e107 Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00152.html
Vulnerabilities in plugins for WordPress
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00150.html
[ MDVSA-2009:302 ] php
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00155.html
[SECURITY] [DSA 1937-1] New gforge packages fix cross-site scripting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00154.html
[ MDVSA-2009:301 ] kernel
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00151.html
ZDI-09-085: Hewlett-Packard Operations Manager Server Backdoor Account Code Execution Vu
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00149.html
VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00148.html
[security bulletin] HPSBMA02478 SSRT090251 rev.1 - HP Operations Manager for Windows, Remote Una
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00147.html
PHP "multipart/form-data" denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00146.html
Firefox 3.5.3 Remote Array Overrun (UPDATE)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00141.html
KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00145.html
Opera 10.01 Remote Array Overrun (Arbitrary code execution)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00143.html
SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00142.html
K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00144.html
Government Approaches to Cybersecurity - What are your tips?
http://isc.sans.org/diary.html?storyid=7627
New Nmap Beta Released
http://isc.sans.org/diary.html?storyid=7630
IE6 and IE7 0-Day Reported
http://isc.sans.org/diary.html?storyid=7624
What is making you vulnerable?
http://isc.sans.org/diary.html?storyid=7621
VMware ESX and vMA Update for Multiple Packages
http://secunia.com/advisories/37471/
VMware ESXi update for ntp
http://secunia.com/advisories/37470/
Opera Multiple Vulnerabilities
http://secunia.com/advisories/37469/
Firefox infoRSS Extension Cross-Context Scripting Vulnerability
http://secunia.com/advisories/37467/
VMware Products Update for Multiple Packages
http://secunia.com/advisories/37460/
PHP Traverser "GLOBALS[BASE]" File Inclusion Vulnerability
http://secunia.com/advisories/37455/
Sun Solaris OpenSSL TLS Session Renegotiation Plaintext Injection Vulnerability
http://secunia.com/advisories/37453/
Debian update for gforge
http://secunia.com/advisories/37450/
Internet Explorer Layout Handling Memory Corruption Vulnerability
http://secunia.com/advisories/37448/
Outreach Project Tool "CRM_path" File Inclusion Vulnerability
http://secunia.com/advisories/37447/
Magic Music Player Playlist Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/37427/
Betsy CMS "popup" Local File Inclusion Vulnerability
http://secunia.com/advisories/37422/
IP.Board SQL Injection Vulnerabilities
http://secunia.com/advisories/37416/
NaSMail Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/37415/
FMOD Ex Playlist Processing Multiple Vulnerabilities
http://secunia.com/advisories/37403/
MySQL Denial of Service and Client Certificate Verification Vulnerabilities
http://secunia.com/advisories/37372/
HP Operations Manager Undocumented Account
http://secunia.com/advisories/37444/
Dovecot Insecure Directory Permissions Security Issue
http://secunia.com/advisories/37443/
IBM Rational Products Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/37442/
KDE kdelibs Floating Point Number Processing Memory Corruption
http://secunia.com/advisories/37432/
Opera Floating Point Number Processing Memory Corruption
http://secunia.com/advisories/37431/
Cisco VPN Client "cvpnd" Service Local Denial of Service
http://secunia.com/advisories/37419/
PHP Multiple Vulnerabilities
http://secunia.com/advisories/37412/
PEAR Mail Sendmail "Mail::Send()" Argument Injection Vulnerability
http://secunia.com/advisories/37410/
SUSE update for java-1_6_0-sun
http://secunia.com/advisories/37239/
Opera May Disclose Scripting Error Messages to Remote Users
http://securitytracker.com/alerts/2009/Nov/1023227.html
Microsoft Internet Explorer Flaw in getElementsByTagName() Method Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Nov/1023226.html
Quick Heal Total Security Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/Nov/1023225.html
Solaris Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023224.html
PHP Bugs Let Local Users Bypass safe_mode and open_basedir Security Controls
http://securitytracker.com/alerts/2009/Nov/1023223.html
HP Operations Manager Hidden Account Lets Remote Users Access the System
http://securitytracker.com/alerts/2009/Nov/1023222.html
Cisco VPN Client StartServiceCtrlDispatcher() Function Lets Local Users Deny Service
http://securitytracker.com/alerts/2009/Nov/1023221.html
Cisco Wireless Location Appliance Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023214.html
Crypto message for E2-Labs
http://www.zone-h.org/news/id/4732
VMware Products Multiple Code Execution and Security Bypass Issues
http://www.vupen.com/english/advisories/2009/3316
NaSMail Security Update Fixes Multiple Input Validation Vulnerabilities
http://www.vupen.com/english/advisories/2009/3315
Betsy CMS "popup" Parameter Local File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2009/3314
Cisco Products Transport Layer Security Renegotiation Vulnerability
http://www.vupen.com/english/advisories/2009/3313
httpdx FTP Server "tolog()" Function Remote Format String Vulnerability
http://www.vupen.com/english/advisories/2009/3312
MySQL Security Update Fixes SSL Certificate Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3311
Sun Solaris OpenSSL Session Renegotiation Plaintext Injection Issue
http://www.vupen.com/english/advisories/2009/3310
Google Chrome Frame Cross Origin Protection Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3309
IBM Rational Products JSF Widget Library Runtime Vulnerabilities
http://www.vupen.com/english/advisories/2009/3309
HP OpenView Operations Default Account Code Execution Vulnerability
http://www.vupen.com/english/advisories/2009/3307
Dovecot "base_dir" Insecure Permissions Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3306
Microsoft Internet Explorer CSS Handling Code Execution Vulnerability (0day)
http://www.vupen.com/english/advisories/2009/3301
PEAR Mail "form" Parameter Sendmail Argument Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3300
K-Meleon Floating Point Numbers Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2009/3299
KDE kdelibs Floating Point Numbers Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2009/3298
Opera Floating Point Number Handling Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2009/3297
Cisco VPN Client "cvpnd.exe" Local Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3296
PHP Security Update Fixes Security Bypass and DoS Vulnerabilities
http://www.vupen.com/english/advisories/2009/3295
Linux Kernel "gdth_read_event()" Array Indexing Vulnerability
http://www.vupen.com/english/advisories/2009/3294
FireStats WordPress Plugin Multiple Cross Site Scripting and Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/37099
Fuctweb CapCC Plugin for WordPress CAPTCHA Security Bypass Vulnerability
http://www.securityfocus.com/bid/37103
WordPress 'press-this.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37014
WordPress WP-Cumulus Plugin Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37102
WordPress WP-Cumulus Plugin 'tagcloud.swf' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37100
WordPress Trashbin Plugin 'mtb_undelete' Parameter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37097
WordPress WP-PHPList Plugin 'unsubscribeemail' Parameter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37096
WP Contact Form WordPress Plugin Security Bypass and Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37101
WP Contact Form WordPress Plugin Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37098
Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37085
HP Operations Manager Remote Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/37086
Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36827
Linux Kernel 'readlink' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33412
Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36901
Microsoft Windows TCP/IP Orphaned Connection Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36269
PEAR Net_Traceroute 'traceroute()' Function Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37094
PEAR Net_Ping 'ping()' Function Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37093
TCP/IP Protocol Stack Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/31545
Autodesk Softimage Scene TOC File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36637
Autodesk 3ds Max Application Callbacks Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/36634
Autodesk Maya MEL Script Nodes Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/36636
GForge 'helpname' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37088
PEAR Sendmail 'From' Parameter Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37081
Outreach Project Tool 'CRM_path' Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/37090
Mozilla Firefox infoRSS Extension RSS Feeds Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/37091
e107 Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37087
Microsoft Windows Web Services on Devices API Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36919
Microsoft Excel 'FEATHEADER' Record Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36945
Microsoft Word Record Parsing Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36950
PHP Versions Prior to 5.3.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37079
Opera Web Browser 'dtoa()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37078
Opera Web Browser Security Bypass and Unspecified Vulnerabilities
http://www.securityfocus.com/bid/37089
Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723
Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36379
Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36936
Linux Kernel KVM 'kvm_dev_ioctl_get_supported_cpuid()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/36803
Adobe Reader and Acrobat U3D File Invalid Array Index Remote Vulnerability
http://www.securityfocus.com/bid/36665
Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36038
Linux Kernel 'clear_child_tid()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/35930
eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35850
Linux Kernel 'PER_CLEAR_ON_SETID' Incomplete Personality List Access Validation Weakness
http://www.securityfocus.com/bid/35647
Linux Kernel eCryptfs 'parse_tag_11()' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35851
Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35929
Linux Kernel 'udp_sendmsg()' MSG_MORE Flag Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36108
Linux Kernel 'make_indexed_dir()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/33618
Apache Tomcat WebDav Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/26070
Linux Kernel RTL8169 NIC Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35281
Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35185
Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34673
Linux Kernel 'ptrace_start()' And 'do_coredump()' Deadlock Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/35559
Linux Kernel 'hrtimers' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/26880
Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/27706
Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/30494
cURL / libcURL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36032
Linux Kernel NFS 'MAY_EXEC' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34934
Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
http://www.securityfocus.com/bid/27006
ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
http://www.securityfocus.com/bid/35848
libxml2 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36010
Linux Kernel CIFS 'decode_unicode_ssetup()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34612
Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
http://www.securityfocus.com/bid/35196
Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
http://www.securityfocus.com/bid/33951
Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34205
Linux Kernel CIFS Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34453
Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34405
Linux Kernel 'NFS filename' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34390
NTP 'ntpq' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34481
Linux Kernel 'ecryptfs_write_metadata_to_contents()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34216
Python 'expandtabs' Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/33187
Python Imageop Module 'imageop.crop()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31976
Python 'Imageop' Module Argument Validation Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31932
Python Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/30491
Apache Tomcat XML Parser Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35416
Python ImageOP Module Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/25696
Python 'stringobject.c' Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/28749
Python zlib Module Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/28715
Sun Java SE Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/35922
Python PyLocale_strxfrm Function Remote Information Leak Vulnerability
http://www.securityfocus.com/bid/23887
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
JNLPAppletLauncher Arbitrary File Creation Vulnerability
http://www.securityfocus.com/bid/35946
Sun Java Runtime Environment Proxy Mechanism Implementation Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/35943
Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/30496
Sun Java Runtime Environment Unpack200 JAR Unpacking Utility Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35944
Sun Java Runtime Environment Audio System Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35939
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
http://www.securityfocus.com/bid/35193
Apache Tomcat Host Manager Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/29502
Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33846
NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35017
Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35263
Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33428
Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
http://www.securityfocus.com/bid/33906
Linux Kernel '/proc/net/rt_cache' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34084
Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability
http://www.securityfocus.com/bid/33237
Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/27703
RhinoSoft Serv-U Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33180
RhinoSoft Serv-U FTP Server 'rnto' Command Directory Traversal Vulnerability
http://www.securityfocus.com/bid/31563
RhinoSoft Serv-U 'SMNT' Command Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/34127
RhinoSoft Serv-U FTP Server 'MKD' Command Directory Traversal Vulnerability
http://www.securityfocus.com/bid/34125
RhinoSoft Serv-U 'SITE SET TRANSFERPROGRESS ON' Command Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36585
RhinoSoft Serv-U Web Client HTTP Request Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36895
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
http://www.securityfocus.com/bid/36851
Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37084
KDE KDELibs 'dtoa()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37080
HP OpenView Network Node Manager 'ovdbrun.exe' Denial of Service Vulnerability
http://www.securityfocus.com/bid/37046
IBM Rational Products Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/37083
Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37077
登録:
投稿 (Atom)