:: IT Security Neophyte Investigator's MEMO ::: 15日火曜日、友引

2009年12月15日火曜日

15日火曜日、友引

Zimbra Collaboration Suite 6.0.3 GA Release
http://files.zimbra.com/website/docs/Zimbra%20OS%20Release%20Notes%206.0.3.pdf

JVNVU#228561 Indeo コーデックに複数の脆弱性
http://jvn.jp/cert/JVNVU228561/index.html

JVN#00152874 P forum におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN00152874/index.html

JVNDB-2009-000084 P forum におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000084.html

JVNDB-2009-002325 Apple Mac OS X の Certificate Assistant における X.509 証明書の処理に関する任意の SSL サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002325.html

JVNDB-2009-002324 Apple Mac OS X の Apple Type Services (ATS) におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002324.html

JVNDB-2009-002323 Apple Mac OS X の Apache Web サーバにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002323.html

JVNDB-2009-002322 Mac OS X Server の Adaptive Firewall におけるブルートフォース攻撃をされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002322.html

JVNDB-2009-002321 Apple Mac OS X の AFP クライアントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002321.html

JVNDB-2009-002320 Apache HTTP Server 用 mod_perl の Status.pm におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002320.html

JVNDB-2009-002117 Apple QuickTime の H.264 動画ファイルの処理におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002117.html

JVNDB-2009-002114 Apple QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002114.html

JVNDB-2009-001845 Apache APR-util の apr_brigade_vprintf 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001845.html

JVNDB-2009-001844 Apache APR-util の XML パーサにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001844.html

JVNDB-2009-001843 Apache APR-util の apr_strmatch_precompile 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001843.html

JVNDB-2009-001562 Apache HTTP Server における AllowOverride ディレクティブの処理に関する権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001562.html

JVNDB-2009-001282 Apache HTTP Server の mod_proxy_ajp モジュールにおける情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001282.html

New Adobe Reader and Acrobat Vulnerability
http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4324

PostgreSQL NULL Character Flaw in Certificate Processing Lets Remote Users Spoof Certficiates
http://securitytracker.com/alerts/2009/Dec/1023325.html

TANDBERG MXP Videoconferencing Systems Flaw in Processing RAS URQ Requests Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Dec/1023324.html

HP OpenView NNM snmpviewer.exe CGI Host Header Stack Overflow Vulnerability
http://www.securiteam.com/unixfocus/6W00B15QAE.html

eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35850

Poppler 'create_surface_from_thumbnail_data()' Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36718

Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703

Nicecoder iDesk 'download.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/36348

HP-UX VERITAS File System and VERITAS Oracle Disk Manager Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34226

SAP AG SAPgui 'sapirrfc.dll' ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35256

Docutils 'rst.el' Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/37316

HP OpenView Network Node Manager 'ovsessionmgr.exe ' Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37330

HP OpenView Data Protector Application Recovery Manager Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37250

Multiple Vendor Browser 'HTMLSelectElement' Denial of Service Vulnerability
http://www.securityfocus.com/bid/35446

Google Chrome DNS Pre-Fetching Proxy Cache Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37326

Intel Indeo Codec Media Content Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/37251

Microsoft Protected Extensible Authentication Protocol Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37198

Microsoft Protected Extensible Authentication Protocol Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37197

Savant Web Server Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/12429

Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37085

Microsoft Internet Explorer (CVE-2009-3671) Uninitialized Memory Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37188

Microsoft Internet Explorer CSS Race Condition Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37212

+ PostgreSQL 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, 7.4.27 released
http://www.postgresql.org/about/news.1170
http://www.postgresql.org/docs/current/static/release-8-4-2.html
http://www.postgresql.org/docs/current/static/release-8-3-9.html
http://www.postgresql.org/docs/current/static/release-8-2-15.html
http://www.postgresql.org/docs/current/static/release-8-1-19.html
http://www.postgresql.org/docs/current/static/release-8-0-23.html
http://www.postgresql.org/docs/current/static/release-7-4-27.html

+ PostgreSQL: Protect against indirect security threats caused by index functions changing session-local state
http://www.postgresql.org/support/security
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4136

+ PostgreSQL: Reject SSL certificates containing an embedded null byte in the common name (CN) field
http://www.postgresql.org/support/security
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4034

+ Linux kernel 2.6.32.1, 2.6.31.8 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.1
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.8
http://www.linux.org/news/2009/12/14/0002.html
http://www.linux.org/news/2009/12/14/0001.html

+ HPSBUX02482 SSRT090249 rev.2 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS)
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01945686

[ANNOUNCE] Alerce 1.0.0 released (sync dbapi for Python)
http://pgfoundry.org/projects/pyreplica/

[ANNOUNCE] pg_rman - PostgreSQL Recovery Manger released
http://code.google.com/p/pg-rman/

[ANN] Thrift 0.2.0 released
http://incubator.apache.org/thrift/download/

[ANN] Apache Log4PHP (incubating) 2.0.0 Released.
http://incubator.apache.org/log4php/download.html

[ANNOUNCE] Apache Directory Studio 1.5.2 released
http://directory.apache.org/studio/downloads.html

[ANNOUNCE] Apache ZooKeeper 3.1.2
http://hadoop.apache.org/zookeeper/docs/r3.1.2/releasenotes.html

[ANNOUNCE] Apache ZooKeeper 3.2.2
http://hadoop.apache.org/zookeeper/docs/r3.2.2/releasenotes.html

PostgreSQL Security Update
http://www.postgresql.org/about/news.1170

Document ID: 337628: Veritas ClusterDGs and SecondaryDGs under Active/Active DMP DSM control are taking offline when restarting one of the controller in HP StorageWorks Enterpirse Virtual Array.
http://seer.entsupport.symantec.com/docs/337628.htm

Document ID: 336246: Security Advisory SYM09-017 Symantec VRTSweb, a shared component shipped with many Symantec Veritas products, is susceptible to a remote code execution vulnerability.
http://seer.entsupport.symantec.com/docs/336246.htm

Document ID: 334769: MountV resource hangs during offline process
http://seer.entsupport.symantec.com/docs/334769.htm

Document ID: 330236: Not able to perform SnapShot of a replicated volume.
http://seer.entsupport.symantec.com/docs/330236.htm

Independent Researcher : Oracle eBusiness Suite - Multiple Vulnerabilities Allow Remote Takeover
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31234

Independent Researcher : Cross-Site Scripting vulnerabilities in Invision Power Board
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31233

Nicob : Zabbix Server: Multiple remote vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31232

Debian : New php-net-ping packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31228

Debian : New webkit packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31229

Independent Researcher : gif2png long filename Buffer Overrun
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31231

Salvatore "drosophila" Fresta : Miniweb 2.0 Full Path Disclosure
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31240

Slackware Linux : gimp
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31227

Hewlett-Packard : HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31237

Hewlett-Packard : HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31238

Hewlett-Packard : Certain HP Color LaserJet Printers, Remote Unauthorized Access to Data, Denial of Service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31239

Snow Leopardに対応したフルディスク暗号化製品，チェックポイントがリリース
http://itpro.nikkeibp.co.jp/article/NEWS/20091214/342090/?ST=security

Exposing HMS HICP Protocol + Intellicom NetBiterConfig.exe Remote Buffer Overflow (Not patched)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00221.html

[security bulletin] HPSBUX02409 SSRT080171 rev.3 - HP-UX Running VERITAS File System (VRTSvx
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00220.html

DC4420 - London DEFCON - Christmas drinks - Wednesday 16th December
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00219.html

Hacktics Advisory Dec09: Oracle eBusiness Suite - Multiple Vulnerabilities Allow Remote Takeover
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00205.html

Monkey HTTPd improper input validation vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00217.html

EEGshop v1.2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00215.html

Cross-Site Scripting vulnerabilities in Invision Power Board
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00214.html

Zabbix Server : Multiple remote vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00210.html

Zabbix Agent : Bypass of EnableRemoteCommands=0
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00216.html

WX Guest Book 1.1.208 (SQL/XSS) Multiple Remote Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00211.html

Loggix Project <= 9.4.5 Multiple Remote File Inclusion Vulnerabilities http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00209.html

[SECURITY] [DSA-1950-1] New webkit packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00218.html

[SECURITY] [DSA 1949-1] New php-net-ping packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00206.html

Miniweb 2.0 Full Path Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00207.html

B2C Booking Centre Systems - SQL Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-12/msg00213.html

Anti-forensics, COFEE vs. DECAF
http://isc.sans.org/diary.html?storyid=7741

PostgreSQL 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23 and 7.4.27 have security fixes
http://isc.sans.org/diary.html?storyid=7744

Vulnerability Note VU#228561: Microsoft Indeo Directshow codecs contain multiple vulnerabilities
http://www.kb.cert.org/vuls/id/228561

Sun Solaris Gnome PDF Viewer Multiple Vulnerabilities
http://secunia.com/advisories/37755/

Sun Multiple Products XML Parsing Denial of Service
http://secunia.com/advisories/37754/

eoCMS "BBCODE_path" File Inclusion Vulnerability
http://secunia.com/advisories/37749/

Sun Ray Server Software Desktop Session Handling Security Issue
http://secunia.com/advisories/37747/

Debian update for webkit
http://secunia.com/advisories/37746/

Debian update for php-net-ping
http://secunia.com/advisories/37745/

ZeeLyrics "keyword" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37742/

ZABBIX Multiple Vulnerabilities
http://secunia.com/advisories/37740/

Fedora update for memcached
http://secunia.com/advisories/37729/

Fedora update for rt3
http://secunia.com/advisories/37728/

Arctic "matchings[id]" SQL Injection Vulnerability
http://secunia.com/advisories/37723/

Fedora update for ntp
http://secunia.com/advisories/37722/

Fedora update for kernel
http://secunia.com/advisories/37720/

Fedora update for mysql
http://secunia.com/advisories/37717/

The Next Generation of Genealogy Sitebuilding "msg" Cross-Site Scripting
http://secunia.com/advisories/37711/

Fedora update for asterisk
http://secunia.com/advisories/37708/

Fedora update for moodle
http://secunia.com/advisories/37707/

Fedora update for ruby
http://secunia.com/advisories/37705/

Flash Video E-Cards "video" Cross-Site Scripting and Script Insertion
http://secunia.com/advisories/37702/

Million Pixel Script "pa" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37700/

Acc Autos Cross-Site Scripting and Security Issue
http://secunia.com/advisories/37698/

ArticleMS "c[]" SQL Injection Vulnerability
http://secunia.com/advisories/37697/

Acc Statistics Cross-Site Request Forgery
http://secunia.com/advisories/37694/

ScriptsEz Ez Cart "sid" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37693/

Sunbird Floating Point Parsing Memory Corruption Vulnerability
http://secunia.com/advisories/37683/

Mozilla Thunderbird Floating Point Parsing Memory Corruption
http://secunia.com/advisories/37682/

Piwigo Cross-Site Request Forgery
http://secunia.com/advisories/37681/

F5 Products TLS Session Renegotiation Plaintext Injection Vulnerability
http://secunia.com/advisories/37675/

Acc PHP eMail Cross-Site Request Forgery
http://secunia.com/advisories/37666/

F5 Products TLS Session Renegotiation Plaintext Injection Vulnerability
http://secunia.com/advisories/37656/

network-manager-applet Certificate File Handling Security Issue
http://secunia.com/advisories/37647/

TANDBERG MXP FIPS140RAS URQ Request Denial of Service
http://secunia.com/advisories/37611/

Zabbix Remote Code Execution and Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/3514

Sun Solaris GNOME PDF Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2009/3513

Acc Autos Profile Description Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/3512

ArticleMS "c[]" Parameter Handling Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/3511

Scriptsez Ez Cart "sid" Parameter Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/3510

Acc Statistics HTTP Request Cross-Site Request Forgery Vulnerability
http://www.vupen.com/english/advisories/2009/3509

Acc PHP eMail Cross-Site Request Forgery Vulnerability
http://www.vupen.com/english/advisories/2009/3508

Real Estate Manager "lang" Parameter Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/3507

Piwigo Administrative Interface Cross Site Request Forgery Vulnerabilities
http://www.vupen.com/english/advisories/2009/3506

Ele Medios CMS "notiId" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3505

Mozilla Sunbird Floating Point Number Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2009/3504

Mozilla Thunderbird Floating Points Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2009/3503

InterSystems Caché and Ensemble Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3502

SAP Products "sapstartsrv" Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3501

Savant Web Server 3.1 Remote Buffer Overflow Exploit
http://www.exploit-db.com/exploits/10434

RM Downloader 3.0.2.1(.M3U File) Stack Overflow exploit
http://www.exploit-db.com/exploits/10423

Microsoft Internet Explorer 'CAttrArray' Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37213

Sun Java SE November 2009 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36881

Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35828

HP OpenView Network Node Manager 'Oid' Parameter Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37299

RETIRED: E-Store 'SearchResults.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/37291

HP OpenView Network Node Manager 'nnmRptConfig.exe' 'strcat()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37298

Oracle E-Business Suite Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/37305

WebKit Numeric Character References Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35607

WebKit Java Applet Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35350

WebKit Web Inspector Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35348

WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35318

WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability
http://www.securityfocus.com/bid/35340

WebKit Frame Transition Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/35328

WebKit SVGList Objects Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34924

WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35331

WebKit DOM Event Handler Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35271

WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35309

WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35310

WebKit Subframe Click Jacking Vulnerability
http://www.securityfocus.com/bid/35317

WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35322

WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/35270

WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/35315

PEAR Net_Ping 'ping()' Function Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37093

GIMP PSD Image Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37040

GIMP BMP Image Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37006

MySQL Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/37297

Snort Time To Live Fragment Reassembly Security Bypass Weakness
http://www.securityfocus.com/bid/29327

MySQL 'sql_parse.cc' Multiple Format String Vulnerabilities
http://www.securityfocus.com/bid/35609

Symantec Veritas VRTSweb Incoming Data Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37012

Memcached and MemcacheDB ASLR Information Disclosure Weakness
http://www.securityfocus.com/bid/34756

Memcached Multiple Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35989

Scripts For Sites EZ e-store 'searchresults.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/32039

Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37153

RT Session Fixation Vulnerability
http://www.securityfocus.com/bid/37162

Asterisk IAX2 Authentication Response Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33174

OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
http://www.securityfocus.com/bid/33150

NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37255

NTP 'ntpq' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34481

NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35017

Moodle 'spell-check-logic.cgi' Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/32402

Moodle Forum Unspecified Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/33615

Moodle TeX Filter Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/34278

Snoopy '_httpsrequest()' Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/31887

Mozilla Firefox JavaScript 'Prompted Message' Spoofing Vulnerability
http://www.securityfocus.com/bid/37230

FreeBSD 'execl()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37154

SEIL/B1 PPP Access Concentrator Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37293

Microsoft WordPad and Office Text Converters Word 97 File Parsing Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37216

Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958

Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935

Digital Scribe Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37292

Sun Ray Server Authentication Manager Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37284

Sun Solaris LDAP Client Configuration Cache Daemon Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37129

Multiple HP LaserJet Printers Unauthorized Access and Denial of Service Vulnerability
http://www.securityfocus.com/bid/37070

Multiple Symantec Altiris Products 'RunCmd()' ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37092

Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
http://www.securityfocus.com/bid/36851

KDE Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/36845

Zeeways ZeeJobsite 'basic_search_result.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37290

ManageEngine OpManager 'overview.do' SQL Injection Vulnerability
http://www.securityfocus.com/bid/37289

DevIL DICOM File Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37207

GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37128

Expat Unspecified XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37203

ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118

Multiple BSD Platforms 'strfmon()' Function Integer Overflow Weakness
http://www.securityfocus.com/bid/28479

HP OpenView Data Protector Application Recovery Manager Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37250

Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36379

Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723

Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36827

Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/36824

Linux Kernel 2.4 and 2.6 Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36304

Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36936

Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37069

Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37068

Linux Kernel 'hfc_usb.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37036

Linux Kernel 'megaraid_sas' Driver Insecure File Permission Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37019

CUPS File Descriptors Handling Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37048

GNU Coreutils Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/37256

OpenLDAP X.509 Certificate NULL Character Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36844

SAP Kernel 'sapstartsrv' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37286

TCP/IP Protocol Stack Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/31545

Zen Cart 'extras/curltest.php' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37283

Linux Kernel KVM 'kvm_emulate_hypercall()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36512

Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36901

HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/37261

Linux Kernel KVM Large SMP Instruction Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37130

Kiwi Syslog Server Information Disclosure Weakness and Vulnerability
http://www.securityfocus.com/bid/37282

Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36038

Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33113

eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35850

Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36639

Linux Kernel eCryptfs 'parse_tag_11()' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35851

Linux Kernel 'PER_CLEAR_ON_SETID' Incomplete Personality List Access Validation Weakness
http://www.securityfocus.com/bid/35647

Linux Kernel KVM 'kvm_dev_ioctl_get_supported_cpuid()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/36803

Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35929

Linux Kernel 'net/atm/proc.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/32676

Linux Kernel 'tun_chr_pool()' NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/35724

Poppler 'create_surface_from_thumbnail_data()' Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36718

Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703

Nicecoder iDesk 'download.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/36348

HP-UX VERITAS File System and VERITAS Oracle Disk Manager Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34226

Linux Kernel 'net/llc/af_llc.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36126

Linux Kernel Multiple Protocols Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36176

Microsoft Protected Extensible Authentication Protocol Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37197

Microsoft Protected Extensible Authentication Protocol Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37198

Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37085

Microsoft Internet Explorer (CVE-2009-3671) Uninitialized Memory Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37188

Microsoft Internet Explorer CSS Race Condition Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37212

SAP AG SAPgui 'sapirrfc.dll' ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35256

Multiple Vendor Browser 'HTMLSelectElement' Denial of Service Vulnerability
http://www.securityfocus.com/bid/35446

phpFaber CMS 'module.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37329

IntelliCom NetBiter webSCADA Multiple Default Password Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/37328

phpldapadmin 'cmd.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/37327

Google Chrome DNS Pre-Fetching Proxy Cache Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37326

Intellicom 'NetBiterConfig.exe' 'Hostname' Data Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37325

Smart PHP Subscriber Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/37324

Arctic Issue Tracker Search Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37323

Ruby on Rails 'protect_from_forgery' Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/37322

DigitalHive 'base.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/37320

Zeeways ZeeLyrics 'searchresults_main.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37319

VirtueMart 'product_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37317

Million Pixel 'pa' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37315

Open Flash Chart 'ofc_upload_image.php' Remote PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/37314

GNOME NetworkManager Applet SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/37313

Piwik 'unserialize()' PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/37312

Ez Cart 'sid' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37311

Invision Power Board Multiple File MIME-Type Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37310

ZABBIX Denial Of Service and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37309

ZABBIX 'process_trap()' NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37308

Monkey HTTP Daemon Invalid HTTP 'Connection' Header Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37307

ZABBIX 'NET_TCP_LISTEN()' Security Bypass Vulnerability
http://www.securityfocus.com/bid/37306

Codesighs 'sscanf()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37303

Docutils 'rst.el' Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/37316

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)