[ANNOUNCE] MyFaces Core v1.2.8 Release
http://myfaces.apache.org/download.html
Trend Micro Threat Discovery Appliance / Threat Discovery Virtual Appliance 2.5 R2 および、Trend Micro Threat Mitigator 2.5 の公開およびサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1324
水道・ガス・電力等の重要インフラ制御システムのセキュリティ向上に関する報告書を翻訳・公開
・重要インフラ制御システムにおけるウイルスや不正アクセス等への39の対策項目を紹介
http://www.ipa.go.jp/security/fy21/reports/scada/index.html
無線LANでのクッキー乗っ取りが急増中,オンライン・ショッピングで要注意
http://itpro.nikkeibp.co.jp/article/NEWS/20091125/341035/?ST=security
JVNVU#515749 Microsoft Internet Explorer に脆弱性
http://jvn.jp/cert/JVNVU515749/
JVNDB-2007-001200 Webmin および Usermin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001200.html
JVNDB-2009-002263 Xpdf および Poppler の ImageStream::ImageStream 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002263.html
JVNDB-2009-002262 Xpdf および Poppler の ObjectStream::ObjectStream 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002262.html
JVNDB-2009-002261 Xpdf および Poppler の PSOutputDev::doImageL1Sep 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002261.html
JVNDB-2009-002260 Xpdf および Poppler の Splash::drawImage 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002260.html
JVNDB-2009-002259 Xpdf および Poppler の SplashBitmap::SplashBitmap 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002259.html
Tool updates
http://isc.sans.org/diary.html?storyid=7642
Symantec Altiris Deployment Solution and Notification Server ActiveX Control RunCmd Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Nov/1023238.html
BIND DNSSEC Validation Flaw Lets Remote Servers Add to the Cache
http://securitytracker.com/alerts/2009/Nov/1023237.html
Solaris sshd Timeout Mechanism Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Nov/1023235.html
TYPSoft FTP Server APPE and DELE Command Processing Flaw Lets Remote Authenticated Users Deny Service
http://securitytracker.com/alerts/2009/Nov/1023234.html
Symantec Products AeXNSConsoleUtilities Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3328
ISC BIND DNSSEC Additional Section Cache Poisoning Vulnerability
http://www.vupen.com/english/advisories/2009/3327
Yoono Extension for Firefox "onLoad" Script Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3326
Cacti Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/3325
Sage Extension for Firefox RSS Feed Script Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3324
InfoRSS Extension for Firefox RSS Feed Script Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3323
WP-Cumulus Plugin for WordPress Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/3322
PEAR Net_Traceroute "traceroute()" Command Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3321
PEAR Net_Ping "ping()" Remote Command Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3320
Samba Oplock Break Notification Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36573
PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35440
Samba Misconfigured '/etc/passwd' File Security Bypass Vulnerability
http://www.securityfocus.com/bid/36363
Samba setuid 'mount.cifs' Verbose Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36572
Newt Text Box Content Processing Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36515
Ruby on Rails Form Helpers Unicode String Handling Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36278
RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/36940
Subscribe to Comments WordPress Plugin Multiple Unspecified Input Validation Vulnerabilities
http://www.securityfocus.com/bid/37113
+ マイクロソフト セキュリティ アドバイザリ(977981) Internet Explorer の脆弱性により、リモートでコードが実行される
http://www.microsoft.com/japan/technet/security/advisory/977981.mspx
http://www.microsoft.com/technet/security/advisory/977981.mspx
http://www.kb.cert.org/vuls/id/515749
http://www.securityfocus.com/bid/37085
+ ISC BIND 9.6.1-P2/9.5.2-P1/9.4.3-P4 is now available
https://www.isc.org/node/509
https://www.isc.org/node/507
https://www.isc.org/node/506
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30968
+ BIND 9 Cache Update from Additional Section
https://www.isc.org/node/504
http://www.securityfocus.com/bid/37118
+ Security Vulnerability in the Timeout Mechanism of Solaris sshd(1M) may Lead to a Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272629-1
http://www.securityfocus.com/bid/37116
+ RHSA-2009:1601-1: Critical: kdelibs security update
http://rhn.redhat.com/errata/RHSA-2009-1601.html
+ Microsoft Internet Explorer PDF Generation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37117
+ Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37069
MySQL Connector/MXJ 5.0.11 released
http://dev.mysql.com/downloads/connector/mxj/5.0.html
Tomcat Native 1.1.18 Released
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html
Document ID: 337694: When adding a Storage Foundation for Windows (SFW) 5.1 Service Pack 1 (SP1) basic disk to a Logical Disk Management (LDM) dynamic disk group, or creating LDM dynamic disk group from those disks, this error might occur: Warning V-40-32775-87, Invalid arguments.
http://seer.entsupport.symantec.com/docs/337694.htm
Document ID: 337684: Software Compatibility List (SCL) for Veritas Cluster Server 5.1 Service Pack 1 (SP1) for Windows
http://seer.entsupport.symantec.com/docs/337684.htm
Document ID: 337682: Software Compatibility List (SCL) for Veritas Storage Foundation and High Availability Solutions 5.1 Service Pack (SP1) for Windows
http://seer.entsupport.symantec.com/docs/337682.htm
Document ID: 337545: Veritas Enterprise Administrator (VEA) may give an error message while trying to resize a volume
http://seer.entsupport.symantec.com/docs/337545.htm
Document ID: 336859: Veritas (TM) Cluster Server 5.1 Service Pack 1 (SP1) for Windows Application Note: Disaster Recovery for VMware VirtualCenter 4.0 templates
http://seer.entsupport.symantec.com/docs/336859.htm
Independent Researcher : Remote DoS condition in harbour.pl
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30974
ISC : ISC BIND 9.6.1-P2 is now available
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30968
Moritz Naumann IT Consulting & Services : Executing arbitrary PHP code on OpenX <= 2.8.1 http://www.criticalwatch.com/support/security-advisories.aspx?AID=30972
Ubuntu Security Notice : libvorbis vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30967
SYM09-016: Security Advisories Relating to Symantec Products - Symantec’s Altiris Deployment and Notification Management Web Console RunCmd Vulnerability
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091124_00
BOM5.0による代理監視で使用するポートについて
http://www.say-tech.co.jp/support/bom-for-windows/bom50-3/index.shtml
IE6とIE7にパッチ未公開の危険な脆弱性、攻撃コードが既に出現
Webアクセスで被害の恐れ、IE8への移行やスクリプトの無効化が回避策
http://itpro.nikkeibp.co.jp/article/NEWS/20091125/341020/?ST=security
“脱獄iPhone”を狙うウイルス再び、感染すると乗っ取られる
より悪質な「iPhoneウイルス」、iPhoneをボットネットの一部に
http://itpro.nikkeibp.co.jp/article/NEWS/20091125/340992/?ST=security
クリアスウィフト,Webセキュリティ・アプライアンスにキャッシュ機能を統合
http://itpro.nikkeibp.co.jp/article/NEWS/20091124/340912/?ST=security
[USN-861-1] libvorbis vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00166.html
New Paper: MitM Attacks against the chipTAN comfort Online Banking System
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00165.html
Executing arbitrary PHP code on OpenX <= 2.8.1 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00164.html
XM Easy Personal FTP Server Remote DoS Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00163.html
TYPSoft FTP Server APPE and DELE Commands Remote DoS Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00162.html
BIND Security Advisory (DNSSEC only)
http://isc.sans.org/diary.html?storyid=7636
Vulnerability Note VU#515749: Microsoft Internet Explorer CSS style element vulnerability
http://www.kb.cert.org/vuls/id/515749
RHBA-2009:1600-1: kexec-tools bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1600.html
WordPress WP-Cumulus Plugin "tagcloud" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37483/
Cacti Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/37481/
Fedora update for asterisk
http://secunia.com/advisories/37479/
SUSE Update for Multiple Packages
http://secunia.com/advisories/37474/
Firefox Sage Extension Cross-Context Scripting Vulnerability
http://secunia.com/advisories/37466/
Debian update for php-mail
http://secunia.com/advisories/37458/
PEAR Net_Ping Command Injection Vulnerability
http://secunia.com/advisories/37451/
Fedora update for snort
http://secunia.com/advisories/37449/
Opera Unspecified Flaw Has Unspecified Impact
http://securitytracker.com/alerts/2009/Nov/1023232.html
E2-labs' project Ethan dissected. Anatomy of a franchise proposal based on non-existing partenships
http://www.zone-h.org/news/id/4731
OpenX Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/37110
Ruby on Rails Form Helpers Unicode String Handling Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36278
Philippe Jounin Tftpd32 Long Filename Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37119
Joomla! 'com_mygallery' Component 'cid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37121
Philippe Jounin Tftpd32 Connect Frame Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37122
Cacti Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37109
Multiple Symantec Altiris Products 'RunCmd()' ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37092
Mozilla Firefox CVE-2009-3379 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36875
GNU glibc 'strfmon()' Function Integer Overflow Weakness
http://www.securityfocus.com/bid/36443
Opera Web Browser prior to 10.01 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36850
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
Qt NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36203
Opera Unspecified Security Bypass Vulnerability
http://www.securityfocus.com/bid/36418
QEMU VNC Client Disconnect Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36716
Snort Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/36795
GIMP PSD Image Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37040
Jetty Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/34800
Bugzilla Bug Alias Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37062
Prototype JavaScript Framework Cross-Site Ajax Request Vulnerability
http://www.securityfocus.com/bid/36926
Mozilla Firefox Sage Extension RSS Feeds Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/37120
Mozilla Firefox Yoono Extension DOM Event Handler Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/37123
ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118
libxml2 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36010
ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
http://www.securityfocus.com/bid/35848
cURL / libcURL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36032
eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35850
NTP 'ntpq' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34481
JNLPAppletLauncher Arbitrary File Creation Vulnerability
http://www.securityfocus.com/bid/35946
Python Imageop Module 'imageop.crop()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31976
Python Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/30491
Python 'Imageop' Module Argument Validation Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31932
Python ImageOP Module Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/25696
Python 'expandtabs' Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/33187
Python 'stringobject.c' Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/28749
Python zlib Module Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/28715
Sun Solaris 'sshd(1M)' Timeout Mechanism Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37116
Python PyLocale_strxfrm Function Remote Information Leak Vulnerability
http://www.securityfocus.com/bid/23887
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
Sun Java SE Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/35922
Sun Java Runtime Environment Unpack200 JAR Unpacking Utility Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35944
Sun Java Runtime Environment Proxy Mechanism Implementation Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/35943
Sun Java Runtime Environment Audio System Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35939
Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36379
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36936
Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36038
Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723
Linux Kernel KVM 'kvm_dev_ioctl_get_supported_cpuid()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/36803
Linux Kernel 'clear_child_tid()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/35930
Linux Kernel 'PER_CLEAR_ON_SETID' Incomplete Personality List Access Validation Weakness
http://www.securityfocus.com/bid/35647
Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35929
Linux Kernel eCryptfs 'parse_tag_11()' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35851
Linux Kernel 'udp_sendmsg()' MSG_MORE Flag Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36108
Linux Kernel RTL8169 NIC Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35281
Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35185
Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34673
Linux Kernel 'make_indexed_dir()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/33618
Linux Kernel 'ptrace_start()' And 'do_coredump()' Deadlock Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/35559
Linux Kernel NFS 'MAY_EXEC' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34934
Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
http://www.securityfocus.com/bid/33951
Linux Kernel 'hrtimers' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/26880
Linux Kernel CIFS 'decode_unicode_ssetup()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34612
Linux Kernel CIFS Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34453
Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34205
Linux Kernel 'NFS filename' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34390
Microsoft Internet Explorer PDF Generation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37117
Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34405
Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33846
Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33428
Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
http://www.securityfocus.com/bid/33906
Linux Kernel 'ecryptfs_write_metadata_to_contents()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34216
Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability
http://www.securityfocus.com/bid/33237
Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37069
Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37068
WordPress Multiple Plugins Captcha Bypass Vulnerabilities
http://www.securityfocus.com/bid/37108
Mozilla Firefox 'libpr0n' GIF File Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/37107
PHP Versions Prior to 5.3.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37079
PHP Live! 'DOCUMENT_ROOT' Parameter Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/37106
Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37085
Quick.Cart and Quick.CMS Delete Function Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/37115
TYPSoft FTP Server 'APPE' and 'DELE' Commands Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37114
XM Easy Personal FTP Server File/Folder Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37112
0 件のコメント:
コメントを投稿