+ Dovecot 1.2.8 released
http://www.dovecot.org/list/dovecot-news/2009-November/000143.html
CTX123359: Transport Layer Security Renegotiation Vulnerability
http://support.citrix.com/article/CTX123359
Kernel release: 2.6.32-rc8
http://www.linux.org/news/2009/11/19/0001.html
ウイルスバスター2009
プログラムバージョン17.10 ビルド1365 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1323
JVNDB-2009-002256 Adobe Reader および Acrobat におけるソーシャルエンジニアリング攻撃を誘導される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002256.html
JVNDB-2009-002255 Adobe Reader および Acrobat における Trust Manager の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002255.html
JVNDB-2009-002254 Adobe Reader および Acrobat の ActiveX コントロールにおける入力値検証の処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002254.html
JVNDB-2009-002253 Adobe Reader および Acrobat における入力値検証の処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002253.html
JVNDB-2009-002252 Windows 上で稼働する Adobe Reader および Acrobat の ActiveX コントロールにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002252.html
JVNDB-2009-002251 Adobe Reader および Acrobat における XMP-XML エンティティ拡張の処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002251.html
JVNDB-2009-002250 Adobe Reader および Acrobat におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002250.html
JVNDB-2009-002249 NOS Microsystems getPlus Download Manager for Adobe における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002249.html
MySQL Client Fails to Check Server Certificates in Certain Cases
http://securitytracker.com/alerts/2009/Nov/1023220.html
Cisco Content Switching Module Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023219.html
Content Services Switch Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023218.html
Cisco Video Surveillance Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023217.html
Cisco Firewall Services Module Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023216.html
Cisco NX-OS Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023215.html
Cisco Digital Media Media Player and Digital Media Manager Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023213.html
Cisco Telepresence Recording Server Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023212.html
Cisco Application Velocity System Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023211.html
CiscoWorks Common Services Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023210.html
Cisco Secure Access Control Server Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023209.html
Cisco Wireless LAN Controller Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023208.html
Cisco Wireless Control System Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023207.html
CiscoWorks Wireless LAN Solution Engine (WLSE) Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023206.html
Cisco Application Control Engine Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023205.html
Cisco ASA Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023204.html
HP Color LaserJet M3530 and CP3525 Flaw Lets Remote Users Access Data and Deny Service
http://securitytracker.com/alerts/2009/Nov/1023201.html
RhinoSoft Serv-U FTP Server 'rnto' Command Directory Traversal Vulnerability
http://www.securityfocus.com/bid/31563
RhinoSoft Serv-U Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33180
RhinoSoft Serv-U 'SMNT' Command Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/34127
RhinoSoft Serv-U FTP Server 'MKD' Command Directory Traversal Vulnerability
http://www.securityfocus.com/bid/34125
RhinoSoft Serv-U 'SITE SET TRANSFERPROGRESS ON' Command Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36585
RhinoSoft Serv-U Web Client HTTP Request Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36895
MySQL OpenSSL Server Certificate yaSSL Security Bypass Vulnerability
http://www.securityfocus.com/bid/37076
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
+ PHP 5.3.1 Released
http://www.php.net/releases/5_3_1.php
http://www.php.net/ChangeLog-5.php#5.3.1
+ Linux Kernel "gdth_read_event()" Array Indexing Vulnerability
http://secunia.com/advisories/37435/
http://www.securityfocus.com/bid/37068
+ MySQL MyISAM Table Symbolic Link Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37075
+ Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37069
+ MySQL OpenSSL Server Certificate yaSSL Security Bypass Vulnerability
http://www.securityfocus.com/bid/37076
- Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml
HPSBUX02476 SSRT090250 rev.1 - Javaを実行するHP-UX、リモートでの特権拡大、サービス拒否およびその他の脆弱性
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c01937690-1
Linux kernel 2.6.32-rc8
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8
Document ID: 336626: Vxassist queries the Windows Registry to return the product version
http://seer.entsupport.symantec.com/docs/336626.htm
Document ID: 335320: Microsoft Cluster "maintenance mode" cannot bet set for Volume Manager Disk Group resources
http://seer.entsupport.symantec.com/docs/335320.htm
BugsNotHugs : AssetsSoSimple supplier_admin.php Supplier Field XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30941
BugsNotHugs : Auto Manager admin.cgi Multiple Field XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30942
Independent Researcher : Foxit Reader vulnerability has been fixed
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30943
Ubuntu Security Notice : Apache vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30938
Core Security Technologies : IBM SolidDB invalid error code vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30940
[security bulletin] HPSBPI02472 SSRT090196 rev.1 - Certain HP Color LaserJet Printers, Remote Un
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00140.html
[security bulletin] HPSBMA02477 SSRT090177 rev.2 - HP OpenView Network Node Manager (OV NNM), Re
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00136.html
Auto Manager admin.cgi Multiple Field XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00137.html
AssetsSoSimple supplier_admin.php Supplier Field XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00138.html
[USN-860-1] Apache vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00135.html
NSA Iraqi Computer Attacks And U.S. Defense
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00139.html
JVNVU#817433 複数の XML ライブラリの実装に脆弱性
http://jvn.jp/cert/JVNVU817433/index.html
Fedora to allow the installation of packages, without root privileges?
http://isc.sans.org/diary.html?storyid=7612
Drupal Printfriendly Module Script Insertion Vulnerabilities
http://secunia.com/advisories/37441/
Drupal Ubercart Module Multiple Vulnerabilities
http://secunia.com/advisories/37440/
Drupal Feed Element Mapper Module Script Insertion Vulnerabilities
http://secunia.com/advisories/37439/
Drupal Subgroups for Organic Groups Module Script Insertion Vulnerability
http://secunia.com/advisories/37438/
Drupal Agreement Module Script Insertion Vulnerabilities
http://secunia.com/advisories/37437/
Drupal Strongarm Module Script Insertion Vulnerability
http://secunia.com/advisories/37436/
Linux Kernel "gdth_read_event()" Array Indexing Vulnerability
http://secunia.com/advisories/37435/
Drupal PHPList Integration Module Cross-Site Request Forgery
http://secunia.com/advisories/37434/
HP Color LaserJet Printers Security Bypass and Denial of Service
http://secunia.com/advisories/37433/
Ubuntu update for apache2
http://secunia.com/advisories/37430/
Sun Solaris 9 Samba Information Disclosure and Denial of Service
http://secunia.com/advisories/37429/
Sun Solaris Samba Information Disclosure and Denial of Service
http://secunia.com/advisories/37428/
Drupal Gallery Assist Module Script Insertion Vulnerability
http://secunia.com/advisories/37425/
Bugzilla Alias Information Leak Weakness
http://secunia.com/advisories/37423/
Redmine Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/37420/
Plohni Shoutbox "input_name" and "input_text" Script Insertion Vulnerabilities
http://secunia.com/advisories/37418/
Telebid Auction Script "aid" SQL Injection Vulnerability
http://secunia.com/advisories/37417/
Kalimat News System "id" SQL Injection Vulnerability
http://secunia.com/advisories/37413/
Joomla iF Portfolio Nexus Component "id" SQL Injection Vulnerability
http://secunia.com/advisories/37408/
CubeCart "productId" SQL Injection Vulnerability
http://secunia.com/advisories/37402/
Nortel Alteon OS Script Insertion and Cross-Site Request Forgery
http://secunia.com/advisories/37395/
IBM solidDB Database Service Denial of Service
http://secunia.com/advisories/37380/
myPhile Empty Passwords Security Bypass Vulnerability
http://secunia.com/advisories/37322/
CUPS Input Validation Flaw in 'kerberos' Parameter Permits Cross-Site Scripting and Response Splitting Attacks
http://securitytracker.com/alerts/2009/Nov/1023193.html
Vulnerability Note VU#632633: Wyse Simple Imager (WSI) includes vulnerable versions of TFTPD32
http://www.kb.cert.org/vuls/id/632633
Redmine Cross Site Scripting and Request Forgery Vulnerabilities
http://www.vupen.com/english/advisories/2009/3291
CubeCart "productId" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3290
MyPhile Password Processing Authentication Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3289
Bugzilla "Depends On" and "Blocks" List Alias Disclosure Weakness
http://www.vupen.com/english/advisories/2009/3288
Nortel Alteon OS Cross Site Scripting and Request Forgery Vulnerabilities
http://www.vupen.com/english/advisories/2009/3287
Kaspersky Anti-Virus "kl1.sys" Local Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3286
Sun Solaris and OpenSolaris Samba Security Bypass and DoS Issues
http://www.vupen.com/english/advisories/2009/3285
IBM solidD Database Service Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3284
CUPS File Descriptor References Handling Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3278
MySQL MyISAM Table Symbolic Link Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37075
Multiple Citrix Products Unspecified SSL/TLS Certificate Spoofing Vulnerability
http://www.securityfocus.com/bid/37073
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
file CDF File Parsing Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/37074
Drupal Node Hierarchy Module Node Title HTML Injection Vulnerability
http://www.securityfocus.com/bid/37071
Drupal Temporary Invitation Module 'Name' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/37072
Sun Java SE November 2009 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36881
WebKit Preflight Request Same-Origin Policy Bypass Vulnerability
http://www.securityfocus.com/bid/36997
WebKit Multiple Remote Code Execution, Denial of Service, and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36995
Apache mod_proxy_ftp Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/36254
GIMP BMP Image Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37006
Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36260
Simplog Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/37063
Xerver HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/37064
Multiple HP LaserJet Printers Unauthorized Access and Denial of Service Vulnerability
http://www.securityfocus.com/bid/37070
CubeCart 'productId' SQL Injection Vulnerability
http://www.securityfocus.com/bid/37065
libexif 'exif-entry.c' Tag Format Conversion Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37022
Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37069
Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37068
Redmine Cross Site Scripting And Request Forgery Remote Vulnerabilities
http://www.securityfocus.com/bid/37066
Foxit Reader COM Objects Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36673
Bugzilla Bug Alias Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37062
Google Chrome Frame Same Origin Policy Bypass Vulnerability
http://www.securityfocus.com/bid/37067
Kaspersky Anti-Virus 'kl1.sys' Driver Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37044
Drupal Gallery Assist Module Node Title HTML Injection Vulnerability
http://www.securityfocus.com/bid/37061
Drupal Printfriendly Unspecified HTML Injection Vulnerability
http://www.securityfocus.com/bid/37059
Drupal Feed Element Mapper Module Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37060
MySQL OpenSSL Server Certificate yaSSL Security Bypass Vulnerability
http://www.securityfocus.com/bid/37076
Thanks a lot for such resourceful post. Soon i'll bookmark this so others can study this too. Penny Auction Script
返信削除