+ FreeBSD rtld Lets Local Users Gain Root Privileges
http://securitytracker.com/alerts/2009/Dec/1023250.html
+ ANNOUNCE: [FreeBSD-Announce] Upcoming FreeBSD Security Advisory
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1651
+ FreeBSD Run-Time Link-Editor Local r00t Zeroday
http://www.exploit-db.com/exploits/10255
+ FreeBSD 'execl()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37154
JVNDB-2009-002284 BEA Product Suite の WebLogic Server コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002284.html
JVNDB-2009-002283 BEA Product Suite の WebLogic Server コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002283.html
JVNDB-2009-002282 Oracle Application Server の Business Intelligence Enterprise Edition コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002282.html
JVNDB-2009-002281 Oracle Application Server の Portal コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002281.html
JVNDB-2009-002280 Oracle Application Server の Business Intelligence Enterprise Edition コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002280.html
Cisco ASA Clientless SSL VPN Feature Lets Remote Users Bypass Web Browser Same-Origin Policy Restrictions
http://securitytracker.com/alerts/2009/Dec/1023255.html
Asterisk RTP Comfort Noise Payload Processing Error Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Nov/1023249.html
Dstat Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/Nov/1023247.html
XM Easy Professional FTP Server 5.8.0 Denial Of Service
http://www.exploit-db.com/exploits/10257
WP-Polls 2.x Incorrect Flood Filter
http://www.exploit-db.com/exploits/10256
Xxasp 3.3.2 SQL Injection
http://www.exploit-db.com/exploits/10254
Eshopbuilde CMS SQL Injection Vulnerability
http://www.exploit-db.com/exploits/10253
Haihaisoft Universal Player 'URL' Property ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37151
Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37153
Multiple Vendor Clientless SSL VPN Products Same Origin Policy Bypass Vulnerability
http://www.securityfocus.com/bid/37152
Power Phlogger Cross-site Scripting Vulnerability
http://www.securityfocus.com/bid/37150
Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36260
Apache mod_proxy_ftp Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/36254
Apache 'mod_deflate' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35623
GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37128
Cacti 'Linux - Get Memory Usage' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/37137
Oracle Database Text Component 'ctxsys.drvxtabc.create_tables' Remote SQL Injection Vulnerability
http://www.securityfocus.com/bid/36748
+ Vulnerability Note VU#261869: Clientless SSL VPN products break web browser domain-based security models
http://www.kb.cert.org/vuls/id/261869
http://www.securityfocus.com/bid/37152
+ GNU Patch 2.6 released
http://ftp.gnu.org/gnu/patch/
- Linux Kernel 'drivers/char/n_tty.c' NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/37147
- Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37084
[ANNOUNCE] MyFaces Core v2.0.0-alpha Release
http://myfaces.apache.org/download.html
ISC BIND 9.7.0b3 is now available
http://ftp.isc.org/isc/bind9/9.7.0b3/9.7.0b3
http://ftp.isc.org/isc/bind9/9.7.0b3/bind-9.7.0b3.tar.gz
- PSN-2009-11-580: VU#261869 - Clientless SSL VPN products break web browser's domain-based security models
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2009-11-580&viewMode=view
Blue Moon : Backdoor in PyForum
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30999
Debian : New wireshark packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30992
Mandriva : dovecot
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30987
Mandriva : php
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30988
Mandriva : php
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30989
Independent Researcher : Oracle exploit for CTXSYS.DRVXTABC.CREATE_TABLES and others
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31000
Independent Researcher : MuPDF pdf_shade4.c multiple stack-based buffer overflows
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31001
Mandriva : php
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30990
Gentoo Linux : PEAR Net_Traceroute: Command injection
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30997
Independent Researcher : Cacti 0.8.7e: Multiple security issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31002
Mandriva : bind
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30991
Ubuntu Security Notice : PHP vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30995
Debian : New poppler packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30993
Debian : New php5 packages fix several issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30994
RHSA-2009:1615-1: Moderate: xerces-j2 security update
http://rhn.redhat.com/errata/RHSA-2009-1615.html
RHSA-2009:1619-1: Moderate: dstat security update
http://rhn.redhat.com/errata/RHSA-2009-1619.html
RHSA-2009:1620-1: Moderate: bind security update
http://rhn.redhat.com/errata/RHSA-2009-1620.html
“情報漏えい元が一目で分かる”追跡システム、早大や日立などが開発
http://itpro.nikkeibp.co.jp/article/NEWS/20091130/341319/?ST=security
最も狙われるパスワードは「password」、「p@$$w0rd」でも危ない
米マイクロソフトが「パスワード破り攻撃」を観測、結果を公表
http://itpro.nikkeibp.co.jp/article/NEWS/20091130/341309/?ST=security
Some more details on IE STYLE zero-day
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00183.html
Remote Command Execution in dotDefender Site Management
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00182.html
TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00188.html
[BMSA-2009-07] Backdoor in PyForum
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00186.html
Announce: RFIDIOt-1.0a released - November 2009
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00190.html
Xxasp v3.3.2 Sql injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00187.html
Eureka Mail Client Remote Buffer Overflow Exploit XP SP3 English Egghunter Edition
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00189.html
[SECURITY] [DSA 1942-1] New wireshark packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00004.html
[ MDVSA-2009:306 ] dovecot
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00181.html
[ MDVSA-2009:304 ] php
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00000.html
[ MDVSA-2009:303 ] php
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00179.html
Oracle exploit for CTXSYS.DRVXTABC.CREATE_TABLES and others
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00001.html
Windows packages for BIND9 contain vulnerable MSVC runtime components
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00191.html
Eshopbuilde CMS SQL Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00003.html
[USN-862-1] PHP vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00180.html
[ MDVSA-2009:304 ] bind
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00002.html
[ GLSA 200911-06 ] PEAR Net_Traceroute: Command injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00192.html
Cacti 0.8.7e: Multiple security issues
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00185.html
[security bulletin] HPSBUX02482 SSRT090249 rev.1 - HP-UX Running OpenSSL, Remote Unauthorize
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00184.html
[SECURITY] [DSA 1941-1] New poppler packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00178.html
[SECURITY] [DSA-1940-1] New php5 packages fix several issues
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00177.html
Ruby on Rails Input Validation Flaw in strip_tags() Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/Nov/1023245.html
SumatraPDF Shading Pattern Processing Buffer Overflow Vulnerabilities
http://secunia.com/advisories/37513/
Haihaisoft Universal Player ActiveX Control Buffer Overflow
http://secunia.com/advisories/37509/
Fedora update for bind
http://secunia.com/advisories/37496/
MuPDF Shading Pattern Processing Buffer Overflow Vulnerabilities
http://secunia.com/advisories/37494/
Fedora update for tomcat6
http://secunia.com/advisories/37490/
Debian update for wireshark
http://secunia.com/advisories/37477/
Ruby on Rails "strip_tags" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37446/
Joomla Component Quick News SQL Injection Vulnerability
http://www.exploit-db.com/exploits/10252
XOOPS SmartMedia 0.85 Module XSS
http://www.exploit-db.com/exploits/10251
Joomla Component MusicGallery SQL Injection Vulnerability
http://www.exploit-db.com/exploits/10250
HP Operations Dashboard Portal Default Manager Account Remote Security Vulnerability
http://www.securityfocus.com/bid/36258
HP Operations Manager Default Manager Account Remote Security Vulnerability
http://www.securityfocus.com/bid/36253
Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37149
ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118
Microsoft Internet Explorer HTML Component Handling Memory Corruption Vulnerability
http://www.securityfocus.com/bid/30612
Dag Wieers Dstat 'sys.path' Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37131
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37085
Linux Kernel 'drivers/char/n_tty.c' NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/37147
Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34412
Joomla! 404 Error Page Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37148
Oracle Database Text Component 'ctxsys.drvxtabc.create_tables' Remote SQL Injection Vulnerability
http://www.securityfocus.com/bid/36748
Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/27706
Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
http://www.securityfocus.com/bid/35193
Apache Tomcat XML Parser Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35416
Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
http://www.securityfocus.com/bid/35196
Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35263
MusicGallery Joomla! Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37146
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
Joomla! ProofReader Component Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37145
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/33698
Wireshark ERF File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36591
Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37084
Wireshark 1.2.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36408
Wireshark 1.2.0 Multiple Vulnerabilities
http://www.securityfocus.com/bid/35748
Wireshark Prior to 1.0.7 Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/34457
Wireshark 1.2.2 and 1.0.9 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36846
Cacti 'Linux - Get Memory Usage' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/37137
GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37128
Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36260
Apache mod_proxy_ftp Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/36254
Apache 'mod_deflate' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35623
PHP Versions Prior to 5.3.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37079
PHP 'tempname()' 'safe_mode' Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/36555
PHP 'proc_open()' 'safe_mode_protected_env_var' Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/37138
Robo-FTP Client Server Response Handling Unspecified Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37143
Ruby on Rails 'strip_tags()' Non-Printable Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37142
GCalendar Joomla! Component 'gcid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37141
ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
http://www.securityfocus.com/bid/35848
KDE Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/36845
DotNetNuke Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/37139
LyftenBloggie Joomla! Component 'pid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37140
phpBazar 'classified.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/37144
Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37153
Multiple Vendor Clientless SSL VPN Products Same Origin Policy Bypass Vulnerability
http://www.securityfocus.com/bid/37152
Haihaisoft Universal Player 'URL' Property ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37151
0 件のコメント:
コメントを投稿