BIND 9.4-ESVb1 is now available
http://ftp.isc.org/isc/bind9/9.4-ESVb1/9.4-ESVb1
「ウイルス迷惑メール急増、偽ソフトも猛威」、2009年のセキュリティ
「ドライブ・バイ・ダウンロード」も増加、米シマンテックが公表
http://itpro.nikkeibp.co.jp/article/NEWS/20091119/340751/?ST=security
JVN#87341298 Redmine におけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN87341298/index.html
JVN#01245481 Redmine におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN01245481/index.html
JVNDB-2009-000074 Redmine におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000074.html
JVNDB-2009-000073 Redmine におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000073.html
JVNDB-2009-002248 Microsoft Windows の LSASS における整数アンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002248.html
JVNDB-2009-002247 Microsoft Windows の Kernel におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002247.html
JVNDB-2009-002246 Microsoft Windows の Kernel における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002246.html
JVNDB-2009-002245 Microsoft Windows の Kernel における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002245.html
JVNDB-2009-002244 Microsoft Windows のインデックスサービスにおける任意のプログラムを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002244.html
JVNDB-2009-002243 Microsoft Windows の CryptoAPI コンポーネントにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002243.html
JVNDB-2009-002242 Microsoft Windows の CryptoAPI コンポーネントにおける任意の SSL サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002242.html
JVNDB-2008-002419 Python における複数のモジュールに関する整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002419.html
JVNDB-2008-002293 Python の PyString_FromStringAndSize 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002293.html
FTP Serv-U Boundary Error in TEA Decoding Lets Remote Authenticated Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Nov/1023199.html
Kaspersky Anti-Virus 'kl1.sys' IOCTL Error Lets Local Users Deny Service
http://securitytracker.com/alerts/2009/Nov/1023198.html
CUPS Use After Free in cupsdDoSelect() Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Nov/1023194.html
IBM solidDB Server Database Bug Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Nov/1023192.html
Drupal Gallery Assist Module Node Title HTML Injection Vulnerability
http://www.securityfocus.com/bid/37061
Drupal Printfriendly Unspecified HTML Injection Vulnerability
http://www.securityfocus.com/bid/37059
Drupal Feed Element Mapper Module Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37060
Drupal Ubercart Cross Site Request Forgery and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/37058
Drupal Agreement Module Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37057
Drupal Subgroups For Organic Groups Node Title HTML Injection Vulnerability
http://www.securityfocus.com/bid/37056
+ Two Security Vulnerabilities in SAMBA(7) May Allow Unauthorized Access to the Remote Root Filesystem or May Lead to a Denial of Service (DoS) Condition
http://sunsolve.sun.com/search/document.do?assetkey=1-66-271069-1
+ MySQL 5.1.41 released
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
[ANN] Apache Mahout 0.2 Released
http://www.apache.org/dyn/closer.cgi/lucene/mahout
MySQL Workbench 5.2.8 Beta Released
http://dev.mysql.com/downloads/workbench/
Solaris 8 and Solaris 9 Systems may Hang After Installing Certain Kernel Patches
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264388-1
HPSBUX02451 SSRT090137 rev.2 - BINDを実行するHP-UX、リモートサービス拒否(DoS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c01937689-1
HPSBPI02472 SSRT090196 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access to Data, Denial of Service
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01886100-1
HPSBMA02477 SSRT090177 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01926980-2
RHSA-2009:1595-1: Moderate: cups security update
http://rhn.redhat.com/errata/RHSA-2009-1595.html
G-SEC : TLS / SSLv3 vulnerability explained (DRAFT)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30930
Red Hat : Moderate: cups security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30926
SuSE : openssl
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30922
Core Security Technologies : HP Openview NNM 7.53 Invalid DB Error Code vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30928
CORE-2009-1027: IBM SolidDB invalid error code vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00134.html
Announcement: Critical Internet Infrastructure WG is now open to public participation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00133.html
Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00132.html
[security bulletin] HPSBMI02473 SSRT080138 rev.1 - Cisco Catalyst Blade Switch 3020/3120, Remote
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00131.html
TLS / SSLv3 vulnerability explained (DRAFT)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00130.html
DEFCON London - DC4420 - NO MEETING this Thursday! 19th November 2009
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00129.html
[security bulletin] HPSBUX02409 SSRT080171 rev.2 - HP-UX Running VERITAS File System (VRTSvx
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00128.html
[ GLSA 200911-02 ] Sun JDK/JRE: Multiple vulnerabilites
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00127.html
CORE-2009-0814: HP Openview NNM 7.53 Invalid DB Error Code vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00126.html
Using a Cisco Router as a “Remote Collector” for tcpdump or Wireshark
http://isc.sans.org/diary.html?storyid=7609
HP OpenView Network Node Manager Bug in Database Service Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Nov/1023191.html
HP DDMI Execution of Arbitrary Code
http://www.securiteam.com/windowsntfocus/6T00C2AQ0Y.html
HP Power Manager Execution of Arbitrary Code
http://www.securiteam.com/unixfocus/6U00D2AQ0Q.html
Gimp PSD Image Parsing Integer Overflow Vulnerability
http://www.securiteam.com/unixfocus/6V00E2AQ0I.html
HP-UX Running BIND DoS
http://www.securiteam.com/unixfocus/6W00F2AQ0A.html
Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation
http://www.securiteam.com/securitynews/6X00G2AQ0S.html
WordPress Unrestricted File Upload Arbitrary PHP Code Execution
http://www.securiteam.com/securitynews/6S00B2AQ0Q.html
Red Hat update for kernel
http://secunia.com/advisories/37407/
Fedora update for proftpd
http://secunia.com/advisories/37406/
Fedora update for wordpress
http://secunia.com/advisories/37405/
Red Hat update for kernel
http://secunia.com/advisories/37404/
Kolab Server ClamAV Archive Handling Security Bypass
http://secunia.com/advisories/37401/
JoomClip "cat" SQL Injection Vulnerability
http://secunia.com/advisories/37400/
SUSE update for openssl
http://secunia.com/advisories/37399/
Kaspersky Anti-Virus 2010 kl1.sys Denial of Service Vulnerability
http://secunia.com/advisories/37398/
telepark.wiki Multiple Vulnerabilities
http://secunia.com/advisories/37391/
Warcraft III JASS Interpreter Arbitrary Code Execution
http://secunia.com/advisories/37390/
Gentoo updates for sun-jre-bin, sun-jdk, blackdown-jre, blackdown-jdk, and emul-linux-x86-java
http://secunia.com/advisories/37386/
HP OpenView Network Node Manager Database Service Denial of Service
http://secunia.com/advisories/37376/
Debian update for gnutls13 and gnutls26
http://secunia.com/advisories/37374/
CUPS "cupsdDoSelect()" Denial of Service Vulnerability
http://secunia.com/advisories/37364/
Red Hat update for cups
http://secunia.com/advisories/37360/
Debian update for libgd2
http://secunia.com/advisories/37350/
Serv-U TEA Decoding Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3277
HP OpenView Network Node Manager Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3276
Kolab Server ClamAV File Scanning Security Bypass Weakness
http://www.vupen.com/english/advisories/2009/3275
Hitachi Device Manager IPv6 Security Bypass Vulnerability
http://www.securityfocus.com/bid/36190
Hitachi Multiple Products GIF File Parsing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36309
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Sun Java Runtime Environment Font Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/30147
Sun Java SE Secure Static Versioning Applet Execution Weakness
http://www.securityfocus.com/bid/30142
Omni-NFS Multiple Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36608
Drupal Strongarm Module 'value' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/37055
Drupal PHPList Integration 'My Account' Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/37054
Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/32620
IBM Installation Manager 'iim://' URI Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36549
Sun Java Web Start Multiple Vulnerabilities
http://www.securityfocus.com/bid/30148
Sun Java Runtime Environment Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/30144
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
Hitachi Multiple Products Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/35589
Sun Java Runtime Environment Virtual Machine Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/30141
Sun Java SE Java Management Extensions (JMX) Unspecified Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/30146
Sun Java Runtime Environment XML Data Processing Multiple Vulnerabilities
http://www.securityfocus.com/bid/30143
Sun Java Runtime Environment Multiple Unspecified Same Origin Policy Violation Vulnerabilities
http://www.securityfocus.com/bid/30140
IBM SolidDB 'solid.exe' Denial of Service Vulnerability
http://www.securityfocus.com/bid/37053
Sun Java SE Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/35922
Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/32892
Serv-U Web Client HTTP Request Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36895
Warcraft III: The Frozen Throne JASS Interpreter Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/37052
RhinoSoft Serv-U FTP Server TEA Decoder Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37051
Sun Java Runtime Environment Audio System Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35939
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32608
Samba Oplock Break Notification Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36573
Samba Misconfigured '/etc/passwd' File Security Bypass Vulnerability
http://www.securityfocus.com/bid/36363
ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36804
TCP/IP Protocol Stack Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/31545
Joomla! iF Portfolio Nexus Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37050
ActiveWebSoftwares Active Bids 'default.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/37047
WordPress Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37014
WordPress 'wp-admin/includes/file.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/37005
Joomla! JoomClip Component 'cat' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37049
ClamAV Embedded Archive File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/35398
ClamAV Prior to 0.95.2 Multiple Scanner Bypass Vulnerabilities
http://www.securityfocus.com/bid/35410
ClamAV CAB/RAR/ZIP File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/35426
Avast! Antivirus 'aswRdr.sys' Driver Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37031
CUPS File Descriptors Handling Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37048
HP-UX VERITAS File System and VERITAS Oracle Disk Manager Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34226
CUPS 'kerberos' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36958
PHP Handicapper Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/15294
HP Discovery and Dependency Mapping Inventory Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37037
Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36901
Microsoft IIS FTPd NLST Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36189
Microsoft Windows SMB Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36989
Drupal Feed Element Mapper Module Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37060
Drupal Printfriendly Unspecified HTML Injection Vulnerability
http://www.securityfocus.com/bid/37059
Drupal Ubercart Cross Site Request Forgery and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/37058
Drupal Agreement Module Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37057
Drupal Subgroups For Organic Groups Node Title HTML Injection Vulnerability
http://www.securityfocus.com/bid/37056
0 件のコメント:
コメントを投稿