+ PSN-2009-11-573: SSL/TLS Vulnerability
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2009-11-573&viewMode=view
マイクロソフト セキュリティ情報の事前通知 - 2009 年 11 月
http://www.microsoft.com/japan/technet/security/bulletin/ms09-nov.mspx
Postfix 2.7-20091105-nonprod non-production release
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.7-20091105-nonprod.HISTORY
JVNDB-2009-002191 IBM DB2 における SETSESSIONUSER 権限を必要としない脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002191.html
JVNDB-2009-002190 IBM DB2 におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002190.html
JVNDB-2009-002189 IBM DB2 におけるテーブル関数の削除を実行しないことに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002189.html
JVNDB-2009-002188 Apache HTTP Server の mod_proxy_ftp モジュールにおけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002188.html
JVNDB-2009-002187 Apache HTTP Server の ap_proxy_ftp_handler 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002187.html
JVNDB-2009-002186 Sun Solaris の Common Desktop Environment (CDE) における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002186.html
JVNDB-2009-002185 newt におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002185.html
JVNDB-2009-002016 APR ライブラリおよび APR-util ライブラリにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002016.html
JVNDB-2008-002162 Java Runtime Environment (JRE) における内部クラスへのアクセスに関する権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002162.html
JVNDB-2008-002156 Java Runtime Environment (JRE) における TrueType フォントファイルの処理に関する整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002156.html
JVNDB-2008-002155 Java Runtime Environment (JRE) における TrueType フォントファイルの処理に関するバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002155.html
JVNDB-2008-002154 Java Runtime Environment (JRE) 用の "Java Update" 機能における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002154.html
JVNDB-2008-002153 Java Runtime Environment (JRE) における JAR ファイルの処理に関するバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002153.html
JVNDB-2008-002152 Java Runtime Environment (JRE) における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002152.html
JVNDB-2008-002151 Java Runtime Environment (JRE) における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002151.html
JVNDB-2008-002150 Java Runtime Environment (JRE) における防御メカニズムの回避が容易となる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002150.html
JVNDB-2008-002141 Sun Java Web Start および Java Plug-in における jnlp ファイルの処理に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002141.html
Firefox 3.5.5 released
https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status1.9.1%3A.5-fixed
+ OpenSSL 0.9.8l is now available
http://www.openssl.org/source/
+ Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36936
- Security Vulnerability in Solaris SCTP (Stream Control Transmission Protocol (see sctp(7P)) and SDP (Sockets Direct Protocol driver (see sdp(7D)) sockets May Allow Unprivileged Users to Cause a Denial of Service (DoS) Condition
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266388-1
http://www.securityfocus.com/bid/36938
- HPSBMA02474 SSRT090107 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01905743-1
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00045.html
http://www.securitytracker.com/id?1023140
http://secunia.com/advisories/37276/
http://www.vupen.com/english/advisories/2009/3154
http://www.securityfocus.com/bid/36933
- HPSBUX02355 SSRT080023 rev.2 - HP-UX Using libc, Remote Denial of Service (DoS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01520421-2
- Microsoft November 2009 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/36940
- Microsoft Security Bulletin Advance Notification for November 2009
http://www.microsoft.com/technet/security/bulletin/ms09-nov.mspx
patch-2.5.9-124-g87f54e8 Apha release
http://alpha.gnu.org/gnu/patch/patch-2.5.9-124-g87f54e8.tar.gz
Document ID: 334995: V-16-10051-3008 "Failed to register Virtual server name to Netbios (error_type:2, error_code:0x000000842)" is reported when a Lanman resource faults
http://seer.entsupport.symantec.com/docs/334995.htm
Bkis : eoCMS SQL injection vulnerability - Bkis Report
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30816
Asterisk : SIP responses expose valid usernames
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30813
Asterisk : Cross-site AJAX request vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30814
Context Information Security : Context IS Advisory - Autocomplete Data Theft in Mozilla Firefox
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30815
Debian : New TYPO3 packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30812
「偽ソフト」の報告数が1年ぶりに激増、ワンクリ詐欺の相談は過去最多
IPAが注意喚起、「会社PCでアダルトサイトを見ていたら被害」の相談も
http://itpro.nikkeibp.co.jp/article/Research/20091105/340148/?ST=security
[USN-855-1] libhtml-parser-perl vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00049.html
[USN-854-1] GD library vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00048.html
ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulne
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00047.html
CORE-2009-0912: Blender .blend Project Arbitrary Command Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00046.html
[security bulletin] HPSBMA02474 SSRT090107 rev.1 - HP Power Manager, Remote Execution of Arbitra
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00045.html
[SECURITY] [DSA 1927-1] New Linux 2.6.26 packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00050.html
[SECURITY] [DSA 1926-1] New TYPO3 packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00034.html
[Bkis-12-2009] eoCMS SQL injection vulnerability - Bkis Report
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00044.html
CONFidence 2.0 schedule online - last time to register
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00043.html
AST-2009-009: Cross-site AJAX request vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00035.html
AST-2009-008: SIP responses expose valid usernames
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00037.html
ZDI-09-080: Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00039.html
ZDI-09-079: Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00038.html
ZDI-09-078: Sun Java Runtime AWT setDifflCM Stack Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00041.html
ZDI-09-077: Sun Java Web Start Arbitrary Command Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00040.html
ZDI-09-076: Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00036.html
Legacy systems
http://isc.sans.org/diary.html?storyid=7528
Insider threat: The snapnames case
http://isc.sans.org/diary.html?storyid=7531
TLS Man-in-the-middle on renegotiation vulnerability made public
http://isc.sans.org/diary.html?storyid=7534
RIM fixes random code execution vulnerability
http://isc.sans.org/diary.html?storyid=7537
HP Power Manager Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Nov/1023140.html
Drupal Organic Groups Vocabulary Module Script Insertion Vulnerability
http://secunia.com/advisories/37290/
Drupal Link Module Script Insertion Vulnerability
http://secunia.com/advisories/37289/
Drupal Smartqueue OG Module Security Bypass
http://secunia.com/advisories/37288/
Drupal NGP COO/CWP Integration Module Multiple Vulnerabilities
http://secunia.com/advisories/37287/
Drupal Temporary Invitation Module Script Insertion Vulnerability
http://secunia.com/advisories/37286/
Drupal S5 Presentation Player Module Script Insertion Vulnerability
http://secunia.com/advisories/37285/
Drupal Node Hierarchy Script Insertion Vulnerability
http://secunia.com/advisories/37284/
Drupal User Protect Module Cross-Site Request Forgery
http://secunia.com/advisories/37283/
HP Power Manager Arbitrary Code Execution Vulnerability
http://secunia.com/advisories/37276/
eoCMS SQL Injection Vulnerability
http://secunia.com/advisories/37272/
Sun Virtual Desktop Infrastructure VirtualBox Security Bypass
http://secunia.com/advisories/37268/
IBM AIX PowerHA Cluster Management Data Manipulation
http://secunia.com/advisories/37267/
Asterisk SIP REGISTER Response User Enumeration Weakness
http://secunia.com/advisories/37265/
Drupal Zoomify Module Script Insertion Vulnerability
http://secunia.com/advisories/37263/
Joomla! Article Manipulation and Version Information Disclosure
http://secunia.com/advisories/37262/
Debian update for typo3-src
http://secunia.com/advisories/37261/
Fedora update for rt3
http://secunia.com/advisories/37253/
Fedora update for python-4Suite-XML
http://secunia.com/advisories/37211/
Case study: are traditional financial fraud schemes applicable to the Indian IT educational market?
http://www.zone-h.org/news/id/4721
HP Power Manager Unspecified Remote Code Execution Vulnerability
http://www.vupen.com/english/advisories/2009/3154
IBM AIX PowerHA Cluster Management Config Manipulation Vulnerability
http://www.vupen.com/english/advisories/2009/3153
Sun Virtual Infrastructure Unauthorized Access Vulnerability
http://www.vupen.com/english/advisories/2009/3152
RoundCube Webmail Cross Site Request Forgery Vulnerabilities
http://www.vupen.com/english/advisories/2009/3151
Shibboleth Identity and Service Providers Cross Site Scripting Issues
http://www.vupen.com/english/advisories/2009/3150
Asterisk REGISTER Message Username Enumeration Weakness
http://www.vupen.com/english/advisories/2009/3149
Blender '.blend' file Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/36838
GD Graphics Library Multiple Vulnerabilities
http://www.securityfocus.com/bid/24651
GD Graphics Library '_gdGetColors' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36712
Prototype JavaScript Framework Cross-Site Ajax Request Vulnerability
http://www.securityfocus.com/bid/36926
eNdonesia 'mod' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/36932
Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/36824
Linux Kernel 'get_random_int' Random Number Generation Weakness
http://www.securityfocus.com/bid/36788
Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723
Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36901
Linux Kernel 2.4 and 2.6 Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36304
Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36827
Linux Kernel KVM 'kvm_dev_ioctl_get_supported_cpuid()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/36803
Mozilla Firefox CVE-2009-3380 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36871
Mozilla Firefox CVE-2009-3379 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36875
Mozilla Firefox CVE-2009-3378 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36873
Mozilla Firefox CVE-2009-3377 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36872
Mozilla Firefox CVE-2009-3381 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36870
Mozilla Firefox CVE-2009-3383 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36869
Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
http://www.securityfocus.com/bid/36867
Mozilla Firefox 'document.getSelect' Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36858
Mozilla Firefox XPCOM Utility Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36857
Mozilla Firefox and SeaMonkey Proxy Auto-Configuration File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36856
Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36855
Mozilla Firefox CVE-2009-3382 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36866
Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
http://www.securityfocus.com/bid/36851
Mozilla Firefox Form History Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36853
Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36852
Mozilla Firefox JavaScript Web-Workers Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36854
HP Power Manager Management Web Server Login Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36933
Serv-U Web Client HTTP Request Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36895
Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36097
Wireshark 1.2.2 and 1.0.9 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36846
Drupal Zoomify Module 'node title' HTML Injection Vulnerability
http://www.securityfocus.com/bid/36930
OpenSSH Buffer Mismanagement Vulnerabilities
http://www.securityfocus.com/bid/8628
Drupal Organic Groups Vocabulary Group Title HTML Injection Vulnerability
http://www.securityfocus.com/bid/36929
Drupal Link Module 'Link Title' HTML Injection Vulnerability
http://www.securityfocus.com/bid/36928
Microsoft November 2009 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/36940
Drupal NGP COO/CWP Integration Module Security Bypass and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/36927
Drupal Smartqueue OG Confirmation Message Security Bypass Vulnerability
http://www.securityfocus.com/bid/36925
TYPO3 Core Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36801
Pidgin OSCAR Plugin Invalid Memory Access Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36719
IBM PowerHA Cluster Management Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/36931
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32608
Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36936
Sun Java SE November 2009 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36881
Sun Solaris SCTP 'sctp(7P)' and SDP 'sdp(7D)' Sockets Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36938
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Pablo Software Solutions Baby Web Server Multiple Request Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36942
0 件のコメント:
コメントを投稿