2009年11月20日金曜日

20日 金曜日、先勝

+ Dovecot 1.2.8 released
http://www.dovecot.org/list/dovecot-news/2009-November/000143.html

CTX123359: Transport Layer Security Renegotiation Vulnerability
http://support.citrix.com/article/CTX123359

Kernel release: 2.6.32-rc8
http://www.linux.org/news/2009/11/19/0001.html

ウイルスバスター2009
プログラムバージョン17.10 ビルド1365 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1323

JVNDB-2009-002256 Adobe Reader および Acrobat におけるソーシャルエンジニアリング攻撃を誘導される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002256.html

JVNDB-2009-002255 Adobe Reader および Acrobat における Trust Manager の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002255.html

JVNDB-2009-002254 Adobe Reader および Acrobat の ActiveX コントロールにおける入力値検証の処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002254.html

JVNDB-2009-002253 Adobe Reader および Acrobat における入力値検証の処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002253.html

JVNDB-2009-002252 Windows 上で稼働する Adobe Reader および Acrobat の ActiveX コントロールにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002252.html

JVNDB-2009-002251 Adobe Reader および Acrobat における XMP-XML エンティティ拡張の処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002251.html

JVNDB-2009-002250 Adobe Reader および Acrobat におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002250.html

JVNDB-2009-002249 NOS Microsystems getPlus Download Manager for Adobe における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002249.html

MySQL Client Fails to Check Server Certificates in Certain Cases
http://securitytracker.com/alerts/2009/Nov/1023220.html

Cisco Content Switching Module Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023219.html

Content Services Switch Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023218.html

Cisco Video Surveillance Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023217.html

Cisco Firewall Services Module Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023216.html

Cisco NX-OS Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023215.html

Cisco Digital Media Media Player and Digital Media Manager Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023213.html

Cisco Telepresence Recording Server Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023212.html

Cisco Application Velocity System Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023211.html

CiscoWorks Common Services Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023210.html

Cisco Secure Access Control Server Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023209.html

Cisco Wireless LAN Controller Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023208.html

Cisco Wireless Control System Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023207.html

CiscoWorks Wireless LAN Solution Engine (WLSE) Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023206.html

Cisco Application Control Engine Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023205.html

Cisco ASA Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023204.html

HP Color LaserJet M3530 and CP3525 Flaw Lets Remote Users Access Data and Deny Service
http://securitytracker.com/alerts/2009/Nov/1023201.html

RhinoSoft Serv-U FTP Server 'rnto' Command Directory Traversal Vulnerability
http://www.securityfocus.com/bid/31563

RhinoSoft Serv-U Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33180

RhinoSoft Serv-U 'SMNT' Command Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/34127

RhinoSoft Serv-U FTP Server 'MKD' Command Directory Traversal Vulnerability
http://www.securityfocus.com/bid/34125

RhinoSoft Serv-U 'SITE SET TRANSFERPROGRESS ON' Command Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36585

RhinoSoft Serv-U Web Client HTTP Request Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36895

MySQL OpenSSL Server Certificate yaSSL Security Bypass Vulnerability
http://www.securityfocus.com/bid/37076

Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935




+ PHP 5.3.1 Released
http://www.php.net/releases/5_3_1.php
http://www.php.net/ChangeLog-5.php#5.3.1

+ Linux Kernel "gdth_read_event()" Array Indexing Vulnerability
http://secunia.com/advisories/37435/
http://www.securityfocus.com/bid/37068

+ MySQL MyISAM Table Symbolic Link Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37075

+ Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37069

+ MySQL OpenSSL Server Certificate yaSSL Security Bypass Vulnerability
http://www.securityfocus.com/bid/37076

- Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml

HPSBUX02476 SSRT090250 rev.1 - Javaを実行するHP-UX、リモートでの特権拡大、サービス拒否およびその他の脆弱性
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c01937690-1

Linux kernel 2.6.32-rc8
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8

Document ID: 336626: Vxassist queries the Windows Registry to return the product version
http://seer.entsupport.symantec.com/docs/336626.htm

Document ID: 335320: Microsoft Cluster "maintenance mode" cannot bet set for Volume Manager Disk Group resources
http://seer.entsupport.symantec.com/docs/335320.htm

BugsNotHugs : AssetsSoSimple supplier_admin.php Supplier Field XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30941

BugsNotHugs : Auto Manager admin.cgi Multiple Field XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30942

Independent Researcher : Foxit Reader vulnerability has been fixed
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30943

Ubuntu Security Notice : Apache vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30938

Core Security Technologies : IBM SolidDB invalid error code vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30940

[security bulletin] HPSBPI02472 SSRT090196 rev.1 - Certain HP Color LaserJet Printers, Remote Un
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00140.html

[security bulletin] HPSBMA02477 SSRT090177 rev.2 - HP OpenView Network Node Manager (OV NNM), Re
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00136.html

Auto Manager admin.cgi Multiple Field XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00137.html

AssetsSoSimple supplier_admin.php Supplier Field XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00138.html

[USN-860-1] Apache vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00135.html

NSA Iraqi Computer Attacks And U.S. Defense
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00139.html

JVNVU#817433 複数の XML ライブラリの実装に脆弱性
http://jvn.jp/cert/JVNVU817433/index.html

Fedora to allow the installation of packages, without root privileges?
http://isc.sans.org/diary.html?storyid=7612

Drupal Printfriendly Module Script Insertion Vulnerabilities
http://secunia.com/advisories/37441/

Drupal Ubercart Module Multiple Vulnerabilities
http://secunia.com/advisories/37440/

Drupal Feed Element Mapper Module Script Insertion Vulnerabilities
http://secunia.com/advisories/37439/

Drupal Subgroups for Organic Groups Module Script Insertion Vulnerability
http://secunia.com/advisories/37438/

Drupal Agreement Module Script Insertion Vulnerabilities
http://secunia.com/advisories/37437/

Drupal Strongarm Module Script Insertion Vulnerability
http://secunia.com/advisories/37436/

Linux Kernel "gdth_read_event()" Array Indexing Vulnerability
http://secunia.com/advisories/37435/

Drupal PHPList Integration Module Cross-Site Request Forgery
http://secunia.com/advisories/37434/

HP Color LaserJet Printers Security Bypass and Denial of Service
http://secunia.com/advisories/37433/

Ubuntu update for apache2
http://secunia.com/advisories/37430/

Sun Solaris 9 Samba Information Disclosure and Denial of Service
http://secunia.com/advisories/37429/

Sun Solaris Samba Information Disclosure and Denial of Service
http://secunia.com/advisories/37428/

Drupal Gallery Assist Module Script Insertion Vulnerability
http://secunia.com/advisories/37425/

Bugzilla Alias Information Leak Weakness
http://secunia.com/advisories/37423/

Redmine Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/37420/

Plohni Shoutbox "input_name" and "input_text" Script Insertion Vulnerabilities
http://secunia.com/advisories/37418/

Telebid Auction Script "aid" SQL Injection Vulnerability
http://secunia.com/advisories/37417/

Kalimat News System "id" SQL Injection Vulnerability
http://secunia.com/advisories/37413/

Joomla iF Portfolio Nexus Component "id" SQL Injection Vulnerability
http://secunia.com/advisories/37408/

CubeCart "productId" SQL Injection Vulnerability
http://secunia.com/advisories/37402/

Nortel Alteon OS Script Insertion and Cross-Site Request Forgery
http://secunia.com/advisories/37395/

IBM solidDB Database Service Denial of Service
http://secunia.com/advisories/37380/

myPhile Empty Passwords Security Bypass Vulnerability
http://secunia.com/advisories/37322/

CUPS Input Validation Flaw in 'kerberos' Parameter Permits Cross-Site Scripting and Response Splitting Attacks
http://securitytracker.com/alerts/2009/Nov/1023193.html

Vulnerability Note VU#632633: Wyse Simple Imager (WSI) includes vulnerable versions of TFTPD32
http://www.kb.cert.org/vuls/id/632633

Redmine Cross Site Scripting and Request Forgery Vulnerabilities
http://www.vupen.com/english/advisories/2009/3291

CubeCart "productId" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3290

MyPhile Password Processing Authentication Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3289

Bugzilla "Depends On" and "Blocks" List Alias Disclosure Weakness
http://www.vupen.com/english/advisories/2009/3288

Nortel Alteon OS Cross Site Scripting and Request Forgery Vulnerabilities
http://www.vupen.com/english/advisories/2009/3287

Kaspersky Anti-Virus "kl1.sys" Local Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3286

Sun Solaris and OpenSolaris Samba Security Bypass and DoS Issues
http://www.vupen.com/english/advisories/2009/3285

IBM solidD Database Service Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3284

CUPS File Descriptor References Handling Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3278

MySQL MyISAM Table Symbolic Link Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37075

Multiple Citrix Products Unspecified SSL/TLS Certificate Spoofing Vulnerability
http://www.securityfocus.com/bid/37073

Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935

file CDF File Parsing Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/37074

Drupal Node Hierarchy Module Node Title HTML Injection Vulnerability
http://www.securityfocus.com/bid/37071

Drupal Temporary Invitation Module 'Name' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/37072

Sun Java SE November 2009 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36881

WebKit Preflight Request Same-Origin Policy Bypass Vulnerability
http://www.securityfocus.com/bid/36997

WebKit Multiple Remote Code Execution, Denial of Service, and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36995

Apache mod_proxy_ftp Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/36254

GIMP BMP Image Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37006

Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36260

Simplog Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/37063

Xerver HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/37064

Multiple HP LaserJet Printers Unauthorized Access and Denial of Service Vulnerability
http://www.securityfocus.com/bid/37070

CubeCart 'productId' SQL Injection Vulnerability
http://www.securityfocus.com/bid/37065

libexif 'exif-entry.c' Tag Format Conversion Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37022

Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37069

Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37068

Redmine Cross Site Scripting And Request Forgery Remote Vulnerabilities
http://www.securityfocus.com/bid/37066

Foxit Reader COM Objects Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36673

Bugzilla Bug Alias Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37062

Google Chrome Frame Same Origin Policy Bypass Vulnerability
http://www.securityfocus.com/bid/37067

Kaspersky Anti-Virus 'kl1.sys' Driver Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37044

Drupal Gallery Assist Module Node Title HTML Injection Vulnerability
http://www.securityfocus.com/bid/37061

Drupal Printfriendly Unspecified HTML Injection Vulnerability
http://www.securityfocus.com/bid/37059

Drupal Feed Element Mapper Module Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37060

MySQL OpenSSL Server Certificate yaSSL Security Bypass Vulnerability
http://www.securityfocus.com/bid/37076
ラベル:

1 件のコメント:

  1. Sheva2010年4月8日 19:44

    Thanks a lot for such resourceful post. Soon i'll bookmark this so others can study this too. Penny Auction Script

    返信削除

登録: コメントの投稿 (Atom)