Dovecot 2.0.beta1 released
http://www.dovecot.org/list/dovecot-news/2009-December/000144.html
InterScan Messaging Hosted Securityの機能追加およびライセンスシステムの更新について
http://www.trendmicro.co.jp/support/news.asp?id=1320
対策のしおり
- ウイルス対策、スパイウェア対策、ボット対策、不正アクセス対策、情報漏えい対策、インターネット利用時の危険対策 -
http://www.ipa.go.jp/security/antivirus/shiori.html
JVNDB-2009-002319 SSL および TLS プロトコルに脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002319.html
JVNDB-2009-002318 OpenLDAP における任意の SSL サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002318.html
JVNDB-2009-002317 Linux kernel における競合状態の脆弱性http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002317.html
JVNDB-2007-000464 Apache mod_perl の PerlRun.pm および RegistryCooker.pm におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000464.html
HP NNM 7.53 ovalarm.exe CGI Pre Authentication Remote Buffer Overflow
http://www.exploit-db.com/exploits/10394
Sunbird 0.9 Array Overrun (code execution) 0day
http://www.exploit-db.com/exploits/10380
Mozilla Codesighs Memory Corruption PoC
http://www.exploit-db.com/exploits/10396
Millenium MP3 Studio 2.0 (PLS File) Universal Stack Overflow (meta)
http://www.exploit-db.com/exploits/10392
+ NTP 4.2.6 Released
http://www.ntp.org/
http://archive.ntp.org/ntp4/ChangeLog-stable
+ Multiple Security Vulnerabilities in the Solaris GNOME PDF Rendering Libraries May Lead to a Denial of Service (DoS) or Execution of Arbitrary Code
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
+ HPSBUX02409 SSRT080171 rev.3 - HP-UX Running VERITAS File System (VRTSvxfs) or VERITAS Oracle Disk Manager (VRTSodm), Local Escalation of Privilege
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01674733
- Multiple Security Vulnerabilities in Solaris TCP (see tcp(7P)) Implementation May Lead to a Denial of Service (DoS) Condition
http://sunsolve.sun.com/search/document.do?assetkey=1-66-267088-1
- Vulnerability in Sun Ray Server Software due to Logout Failure
http://sunsolve.sun.com/search/document.do?assetkey=1-66-268228-1
- A Security Vulnerability in the Java Runtime Environment (JRE) Bundled With Sun GlassFish Enterprise Server v2.1 / Sun Java System Application Server 8.x While Parsing XML Data May Cause a Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1
- FreeBSD 'execl()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37154
[ANNOUNCE] Apache JempBox 1.0.0. released
http://pdfbox.apache.org/download.html#jempbox
[ANNOUNCEMENT] HttpComponents HttpClient 4.0.1 (GA) Released
http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES.txt
[ANNOUNCEMENT] HttpComponents HttpClient 4.1-alpha1 Released
http://hc.apache.org/downloads.cgi
http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES.txt
[Announce] Libgcrypt 1.4.5 released
http://www.gnupg.org/download/mirrors.html
http://lists.gnupg.org/pipermail/gnupg-announce/2009q4/000295.html
ISC BIND 9.7.0rc1 is now available
http://ftp.isc.org/isc/bind9/9.7.0rc1/9.7.0rc1
[ANNOUNCE] Apache Jackrabbit 2.0 beta4 released
http://jackrabbit.apache.org/downloads.html
NTP 4.2.7p0 Development released
http://archive.ntp.org/ntp4/ChangeLog-dev
Frozen Perl 2010 Call for Speakers
http://use.perl.org/article.pl?sid=09/12/12/1853257&from=rss
Document ID: 337115: Security Advisory SYM09-017 with Symantec Veritas products that contain the VRTSweb component
http://support.veritas.com/docs/337115
VMotion CPU Compatibility Requirements for Intel Processors
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1991&sliceId=1&docTypeID=DT_KB_1_1
RHBA-2009:1664-1: vsftpd bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1664.html
Independent Researcher : kaspersky Portugal Vulnerable to blind SQLi
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31221
Mandriva : gimp
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31211
Ubuntu Security Notice : PyGreSQL vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31212
Ubuntu Security Notice : KDE vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31213
Ubuntu Security Notice : KDE 4 vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31214
Ubuntu Security Notice : KDE 4 Runtime vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31215
CYBSEC : SAP sapstartsrv Denial of Service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31216
Hewlett-Packard : HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31225
Hewlett-Packard : HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31226
[ MDVSA-2009:259-1 ] snort
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00204.html
[ MDVSA-2009:296-1 ] gimp
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00201.html
[security bulletin] HPSBMA02483 SSRT090257 rev.2 - HP OpenView Network Node Manager (OV NNM), Re
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00200.html
[security bulletin] HPSBPI02472 SSRT090196 rev.2 - Certain HP Color LaserJet Printers, Remote Un
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00199.html
[security bulletin] HPSBMA02425 SSRT080091 rev.2 - HP OpenView Network Node Manager (OV NNM), Re
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00198.html
[security bulletin] HPSBMA02424 SSRT080125 rev.2 - HP OpenView Network Node Manager (OV NNM), Re
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00197.html
phpCollegeExchange 0.1.5c Multiple SQL Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00196.html
[security bulletin] HPSBMA02400 SSRT080144 rev.3 - HP OpenView Network Node Manager (OV NNM), Re
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00195.html
[ MDVSA-2009:332 ] gimp
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00194.html
[USN-872-1] KDE 4 Runtime vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00192.html
Digital Scribe 1.4.1 Multiple SQL Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00191.html
E-Store SQL Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00190.html
[USN-871-2] KDE 4 vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00189.html
[USN-871-1] KDE vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00188.html
[USN-870-1] PyGreSQL vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00187.html
Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00202.html
Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00203.html
Metrics and SPAM
http://isc.sans.org/diary.html?storyid=7738
Microsoft Update providing 403 error code?
http://isc.sans.org/diary.html?storyid=7735
Another good reason to update to Thunderbird 3.0
http://isc.sans.org/diary.html?storyid=7732
Ubuntu update for kde4libs
http://secunia.com/advisories/37689/
Fedora update for kernel
http://secunia.com/advisories/37686/
HP-UX update for VRTSweb
http://secunia.com/advisories/37685/
SAP Products "sapstartsrv" Denial of Service
http://secunia.com/advisories/37684/
pfSense update for openssl and rtld
http://secunia.com/advisories/37679/
PHP Inventory Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/37672/
Red Hat update for JBoss Enterprise Application Platform
http://secunia.com/advisories/37671/
ZeeJobsite "title" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37667/
Nuggetz CMS "pagevalue" PHP Code Injection
http://secunia.com/advisories/37664/
Ubuntu update for kdelibs
http://secunia.com/advisories/37662/
oBlog Multiple Vulnerabilities
http://secunia.com/advisories/37661/
InterSystems Caché and Ensemble CSP Gateway Buffer Overflow Vulnerability
http://secunia.com/advisories/37657/
Ubuntu update for pygresql
http://secunia.com/advisories/37654/
Kingsoft Internet Security CAB and ARJ Archive Processing Denial of Service
http://secunia.com/advisories/37652/
TestLink Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/37651/
Ubuntu update for kdebase-runtime
http://secunia.com/advisories/37650/
ProFTPD TLS Session Renegotiation Plaintext Injection Vulnerability
http://secunia.com/advisories/37640/
Sun Ray Server Software Multiple Vulnerabilities
http://secunia.com/advisories/37627/
KDE 3.5 KHTML "XMLHttpRequest" Security Bypass
http://secunia.com/advisories/37617/
KDE KHTML "XMLHttpRequest" Security Bypass
http://secunia.com/advisories/37605/
JBoss Web Console Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/35680/
Piwik Cookie Unserialize Vulnerability
http://www.securiteam.com/securitynews/6H00B0AQAS.html
Ruby Heap Overflow in rb_str_justify() May Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Dec/1023322.html
Sun Ray Server Software Authentication Manager Flaw Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Dec/1023321.html
Sun Ray Server Software Key Generation Weakness Lets Remote Users Obtain Potentially Sensitive Information
http://securitytracker.com/alerts/2009/Dec/1023320.html
SAP sapstartsrv Bug Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Dec/1023319.html
HP-UX Buffer Overflow in VRTSweb Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Dec/1023318.html
TestLink Multiple Remote SQL Injection and Cross Site Scripting
http://www.vupen.com/english/advisories/2009/3485
ProFTPD Security Update Fixes SSL/TLS Plaintext Injection Issue
http://www.vupen.com/english/advisories/2009/3484
HP-UX Security Update Fixes VRTSweb Code Execution Vulnerability
http://www.vupen.com/english/advisories/2009/3483
Symantec Veritas VRTSweb Incoming Data Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37012
HP OpenView Network Node Manager 'Oid' Parameter Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37299
HP OpenView Network Node Manager 'nnmRptConfig.exe' 'strcat()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37298
HP OpenView Network Node Manager 'nnmRptConfig.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37296
HP OpenView Network Node Manager 'ovlogin.exe' Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/37295
HP OpenView Network Node Manager Unspecified Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37294
HP OpenView Network Node Manager 'ovalarmsrv.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34738
HP OpenView Network Node Manager HTTP Request Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/33147
HP OpenView Network Node Manager Perl CGI Executables Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37300
HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/37261
Xpdf JBIG2 Processing Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34568
KDE KSSL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36229
Microsoft Protected Extensible Authentication Protocol Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37198
Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35828
Multiple Vendor Browser 'HTMLSelectElement' Denial of Service Vulnerability
http://www.securityfocus.com/bid/35446
Joomla! JS Jobs Component Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37281
Microsoft Internet Explorer 'CAttrArray' Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37213
Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37085
Joomla! 'com_jphoto' Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37279
Microsoft Internet Explorer (CVE-2009-3671) Uninitialized Memory Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37188
Joomla! Mamboleto Component 'mamboleto.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/37280
Microsoft Internet Explorer CSS Race Condition Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37212
Microsoft Protected Extensible Authentication Protocol Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37197
Adobe Flash Player and AIR JPEG File Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37266
Adobe Flash Player and AIR Data Injection Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37270
Adobe Flash Player and AIR (CVE-2009-3797) Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37273
Adobe Flash Player ActiveX Control Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37272
Adobe Flash Player and AIR 'exception_count' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37267
Adobe Flash Player and AIR (CVE-2009-3798) Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37275
Adobe Flash Player and AIR Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/37269
Ruby 'rb_str_justify()' Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37278
Novell eDirectory 'NDS Verb 0x1' Request Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37184
Motorola Timbuktu Pro 'PlughNTCommand' Named Pipe Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35496
Ruby on Rails 'redirect_to()' HTTP Header Injection Vulnerability
http://www.securityfocus.com/bid/32359
Ruby on Rails 'strip_tags()' Non-Printable Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37142
Ruby on Rails Form Helpers Unicode String Handling Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36278
JBoss Enterprise Application Platform Multiple Vulnerabilities
http://www.securityfocus.com/bid/37276
TestLink Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37258
Snort Time To Live Fragment Reassembly Security Bypass Weakness
http://www.securityfocus.com/bid/29327
MySQL 'sql_parse.cc' Multiple Format String Vulnerabilities
http://www.securityfocus.com/bid/35609
IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35671
Memcached and MemcacheDB ASLR Information Disclosure Weakness
http://www.securityfocus.com/bid/34756
Memcached Multiple Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35989
RT Session Fixation Vulnerability
http://www.securityfocus.com/bid/37162
Asterisk IAX2 Authentication Response Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33174
Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37153
NTP 'ntpq' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34481
Drupal Randomizer Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/37274
OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
http://www.securityfocus.com/bid/33150
NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35017
NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37255
NetArt Media Real Estate Portal 'Username' Field SQL Injection Vulnerability
http://www.securityfocus.com/bid/37265
Notepad++ 'C' and 'CPP' File Handling Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36426
libsamplerate 'src_sinc.c' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37264
Moodle Forum Unspecified Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/33615
Moodle 'spell-check-logic.cgi' Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/32402
Moodle TeX Filter Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/34278
Snoopy '_httpsrequest()' Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/31887
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
FreeBSD 'execl()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37154
Invision Power Board '.txt' File MIME-Type Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37263
Joomla! You!Hostit! Template Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37260
Webmin and Usermin Unspecified Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37259
GIMP BMP Image Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37006
Sendmail check_relay Access Bypassing Vulnerability
http://www.securityfocus.com/bid/6548
GIMP PSD Image Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37040
Multiple BSD Distributions 'gdtoa/misc.c' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35510
BigAnt IM Server HTTP GET Request Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36407
Sun Ray Server Authentication Manager Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37284
Multiple HP LaserJet Printers Unauthorized Access and Denial of Service Vulnerability
http://www.securityfocus.com/bid/37070
Sun Solaris AnswerBook2 Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/12746
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
Sun Java SE November 2009 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36881
Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36260
Apache mod_proxy_ftp Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/36254
Linux Kernel KVM Large SMP Instruction Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37130
Linux Kernel 'ip_frag_reasm() ' Null Pointer Deference Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37231
Linux Kernel 'net/mac80211/' Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/37170
Linux Kernel Ext4 'move extents' ioctl Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37277
Multiple Symantec Altiris Products 'RunCmd()' ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37092
KDE Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/36845
Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
http://www.securityfocus.com/bid/36851
ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118
DevIL DICOM File Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37207
Expat Unspecified XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37203
GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37128
Multiple BSD Platforms 'strfmon()' Function Integer Overflow Weakness
http://www.securityfocus.com/bid/28479
CUPS File Descriptors Handling Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37048
GNU Coreutils Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/37256
OpenLDAP X.509 Certificate NULL Character Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36844
SEIL/B1 PPP Access Concentrator Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37293
Digital Scribe Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37292
E-Store 'SearchResults.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/37291
0 件のコメント:
コメントを投稿