OpenLDAP 2.4.21 available
http://www.openldap.org/software/download/
IM Security for Microsoft Office Communications Server サポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1336
Trend Micro PortalProtect 1.8 サポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1344
Downloading VMware products and troubleshooting issues with downloads
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1012245&sliceId=1&docTypeID=DT_KB_1_1
簡単な操作でWindowsのセキュリティ設定をチェックできる「MyJVN セキュリティ設定チェッカ」を公開
~ ウイルスから個人情報や機密情報を守るため、USBメモリ自動実行機能を無効にしましょう ~
http://www.ipa.go.jp/security/vuln/documents/2009/200912_myjvn_cc.html
JVNDB-2009-002346 JDK および JRE の Sun Java SE にある Deployment Toolkit プラグインにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002346.html
JVNDB-2009-002345 Hitachi Storage Command Suite 製品における StartTLS が有効にならない脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002345.html
JVNDB-2009-002344 CUPS の cupsd におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002344.html
JVNDB-2009-002016 APR ライブラリおよび APR-util ライブラリにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002016.html
JVNDB-2009-001990 Sun Java SE における任意のファイルを改ざんされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001990.html
JVNDB-2009-001988 Sun JRE で使用している Apache Xerces2 Java におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001988.html
JVNDB-2009-001987 Sun JRE の unpack200 ユーティリティにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001987.html
JVNDB-2009-001986 Sun JRE の Sun Java Web Start における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001986.html
JVNDB-2009-001985 Sun JRE のプロキシ機構実装におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001985.html
JVNDB-2009-001984 Sun JRE のプロキシ機構実装における Web セッションを乗っ取られる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001984.html
JVNDB-2009-001983 Sun JRE の SOCKS プロキシ実装における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001983.html
JVNDB-2009-001982 Sun JRE のオーディオシステムにおける重要な情報が取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001982.html
JVNDB-2009-001911 XML 署名の検証において認証回避が可能な問題
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001911.html
PHP-Calendar Include File Bug in 'configfile' Parameter Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Dec/1023375.html
+ Linux kernel 2.6.27.42/2.6.31.9/2.6.32.2 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.42
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.9
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.2
http://www.linux.org/news/2009/12/18/0003.html
http://www.linux.org/news/2009/12/18/0002.html
http://www.linux.org/news/2009/12/18/0001.html
+ OpenLDAP 2.4.21 released
http://www.openldap.org/software/release/announce.html
http://www.openldap.org/software/release/changes.html
- PHP 'htmlspecialcharacters()' Malformed Multibyte Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37389/exploit
- Apache Tomcat Native SSL Session Renegotiation Plaintext Injection
http://www.vupen.com/english/advisories/2009/3587
MySQL Workbench 5.2.11 Beta 3 Available
http://dev.mysql.com/downloads/workbench/
Security Vulnerability in the Timeout Mechanism of Solaris sshd(1M) may Lead to a Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272629-1
APSB09-18: Security update available for Flash Media Server
http://www.adobe.com/support/security/bulletins/apsb09-18.html
CTX123359: Transport Layer Security Renegotiation Vulnerability
http://support.citrix.com/article/CTX123359
Package: Courier: latest development snapshot: 20091218 (18-Dec-2009)
https://sourceforge.net/projects/courier/files/courier-devel/20091218/courier-0.63.0.20091218.tar.bz2/download
Package: Courier authentication library: latest development snapshot: 20091218 (18-Dec-2009)
https://sourceforge.net/projects/courier/files/authlib-devel/20091218/courier-authlib-0.62.4.20091218.tar.bz2/download
NTP 4.2.6p1-RC1 released
http://archive.ntp.org/ntp4/ChangeLog-stable-rc
NTP 4.2.7p2 Development released
http://archive.ntp.org/ntp4/ChangeLog-dev
cisco-sa-20091109-tls: Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml
Document ID: 339328: Replace track alignment registry setting for "OPEN-V" arrays from sector offset 96 to sector offset 128.
http://seer.entsupport.symantec.com/docs/339328.htm
Document ID: 339268: The installation of Storage Foundation 5.1 for Windows Service Pack 1 (SFW 5.1 SP1) into a Windows 2008 Server Core R2 environment does not allow for the installation of Symantec Dynamic Multipathing (DMP) software.
http://seer.entsupport.symantec.com/docs/339268.htm
RHBA-2009:1684-1: vixie-cron bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1684.html
RHBA-2009:1685-1: openCryptoki bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1685.html
MDVSA-2009:336: koffice
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31295
ファイルを「魚介類の画像」で上書き、「タコイカウイルス」に注意
ファイル共有ソフト経由で侵入、ユーザー情報などを盗む“機能”も
http://itpro.nikkeibp.co.jp/article/NEWS/20091221/342456/?ST=security
アプリケーション配布機能を強化,MOTEXが「LanScope Cat6」の新版を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20091218/342388/?ST=security
Frustrations of ISP Abuse Handling
http://isc.sans.org/diary.html?storyid=7780
Educationing Our Communities
http://isc.sans.org/diary.html?storyid=7783
Twitter outage via DNS hijacking
http://isc.sans.org/diary.html?storyid=7774
Wireshark Buffer Overflow in Daintree SNA Parser and Bugs in SMB, SMB2, and IPMI Dissectors Let Remote Users Execute Arbitrary Code and Deny Service
http://securitytracker.com/alerts/2009/Dec/1023374.html
PHP Session Function Corruption Flaw May Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Dec/1023373.html
PHP Input Validation Flaw in htmlspecialchars() Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/Dec/1023372.html
wnpa-sec-2009-09: Multiple vulnerabilities in Wireshark version 0.9.0 to 1.2.4
http://www.wireshark.org/security/wnpa-sec-2009-09.html
Fedora update for gtk2
http://secunia.com/advisories/37862/
Fedora update for httpd
http://secunia.com/advisories/37861/
Fedora update for coreutils
http://secunia.com/advisories/37860/
Fedora update for tomcat-native
http://secunia.com/advisories/37859/
Fedora update for seamonkey
http://secunia.com/advisories/37858/
Fedora update for drupal
http://secunia.com/advisories/37857/
Fedora update for xulrunner
http://secunia.com/advisories/37856/
Fedora update for firefox
http://secunia.com/advisories/37855/
Fedora update for postgresql
http://secunia.com/advisories/37854/
Fedora update for rubygem-actionpack
http://secunia.com/advisories/37853/
GTK+ "gdk_window_begin_implicit_paint()" Foreign Windows Weakness
http://secunia.com/advisories/37852/
Ghostscript "errprintf()" Buffer Overflow Vulnerability
http://secunia.com/advisories/37851/
Ganeti "iallocator" Names Arbitrary Command Execution Vulnerability
http://secunia.com/advisories/37849/
phpLDAPadmin "cmd" Local File Inclusion Vulnerability
http://secunia.com/advisories/37848/
Serv-U File Server Information Disclosure Vulnerability
http://secunia.com/advisories/37847/
HP Storage Data Protector Buffer Overflow Vulnerabilities
http://secunia.com/advisories/37845/
IBM WebSphere Application Server Feature Pack for CEA Hijacking Vulnerability
http://secunia.com/advisories/37843/
Wireshark Multiple Vulnerabilities
http://secunia.com/advisories/37842/
Rumba XML "index.php" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37840/
Joomla JoomPortfolio Component "secid" SQL Injection Vulnerability
http://secunia.com/advisories/37838/
Max's Photo Album Arbitrary File Upload Vulnerability
http://secunia.com/advisories/37835/
IBM AIX "qosmod" and "qoslist" Buffer Overflow Vulnerabilities
http://secunia.com/advisories/37833/
Matrimony Script Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/37829/
jCore Server "search" Cross-Site Scripting and Script Insertion Vulnerability
http://secunia.com/advisories/37818/
Pre Multi-Vendor Ecommerce Solution "search" Cross-Site-Scripting-Vulnerability
http://secunia.com/advisories/37801/
WP-Forum Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/37794/
D-Link DIR-615 "apply.cgi" Security Bypass Vulnerability
http://secunia.com/advisories/37777/
Pre Jobo.NET "TextBox1" and "TextBox2" SQL Injection Vulnerability
http://secunia.com/advisories/37776/
Sitecore Staging Module Authentication Security Bypass
http://secunia.com/advisories/37763/
Ez News Manager Cross-Site Request Forgery
http://secunia.com/advisories/37757/
VideoCache vccleaner Insecure Logfile Access Security Issue
http://secunia.com/advisories/37733/
OSSIM Multiple Vulnerabilities
http://secunia.com/advisories/37727/
IBM AIX "qoslist" and "qosmod" Commands Buffer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2009/3600
Ganeti iallocator Names Processing Command Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3599
IBM WebSphere Application Server Feature Pack for CEA Vulnerability
http://www.vupen.com/english/advisories/2009/3598
Ghostscript "errprintf()" Data Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3597
Wireshark Buffer Overflow and Multiple Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/3596
Serv-U Security Update Fixes Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2009/3595
hP OpenView Storage Data Protector Buffer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2009/3594
PHP Security Update Fixes Security Bypass and DoS Vulnerabilities
http://www.vupen.com/english/advisories/2009/3593
Apache Tomcat Native SSL Session Renegotiation Plaintext Injection
http://www.vupen.com/english/advisories/2009/3587
TFTP SERVER Buffer Overflow remote exploit
http://www.exploit-db.com/exploits/10542
PlayMeNow Malformed M3U Playlist WinXP Universal BOF
http://www.exploit-db.com/exploits/10563
- PHP 5.2.12/5.3.1 symlink() open_basedir bypass
http://www.exploit-db.com/exploits/10557
PlayMeNow Malformed M3U Playlist File Buffer
http://www.exploit-db.com/exploits/10556
Mozilla Firefox Location Bar Spoofing Vulnerability
http://www.exploit-db.com/exploits/10544
GTK+ 'gdk/gdkwindow.c' Security Bypass Vulnerability
http://www.securityfocus.com/bid/37411
D-Link DIR-615 'apply.cgi' Security Bypass Vulnerability
http://www.securityfocus.com/bid/37415
Serv-U File Server User Directory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37414
Pre Projects E-Smart Cart 'embadmin/login.asp' SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37418
Ghostscript 'errprintf()' Function PDF Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37410
Wireshark 0.9.0 through 1.2.4 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37407
Pyrmont V2 WordPress Theme 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37409
F3Site 'GLOBALS[nlang]' Parameter Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/37408
Celerondude Uploader 'index.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/37406
Ampache 'login.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37417
eWebquiz 'QuizID' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37402
Active Auction House Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37401
Active Photo Gallery 'account.asp' SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37399
PEAR Sendmail 'Recipient' Parameter Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37395
Pre Job Board 'preview.php' SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37400
cPanel 'fileop' Parameter Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/37394
QuiXplorer 'lang' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/37393
ReVou Comment Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/37391
PHP 'session.save_path()' Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/37390
PHP 'htmlspecialcharacters()' Malformed Multibyte Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37389
Sitecore CMS Staging Service 'api.asmx' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37388
Joomla! 'com_joomportfolio' Component 'secid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37403
Joomla! 'com_personel' Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37404
NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37255
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Mozilla Firefox and SeaMonkey 'liboggplay' Media Library Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37369
Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37368
Mozilla Firefox CVE-2009-3980 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37362
Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37363
Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
http://www.securityfocus.com/bid/37370
Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/37367
Adobe Flash Media Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37420
Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37366
Mozilla Firefox 'window.opener' Property Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37365
Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37364
Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37361
Adobe Flash Media Server Resource Exhaustion Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37419
Sun Solaris 'sshd(1M)' Timeout Mechanism Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37116
TFTP Server Packet Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/28462
fence 'fence_manual' Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/37416
cman 'fence_egenera' Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/30898
Centreon Authentication Mechanism Security Bypass Vulnerability
http://www.securityfocus.com/bid/37383
Pluxml-Blog 'core/admin/auth.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37384
Family Connections Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/37379
RETIRED: WHMCS 'weblink_cat_list.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/37376
GNU Automake Insecure Directory Permissions Vulnerability
http://www.securityfocus.com/bid/37378
cluster Multiple Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/32179
fence 'fence_apc' and 'fence_apc_snmp' Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/31904
OSSIM 'repository_attachment.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/37377
Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35891
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35888
IBM AIX 'qoslist' Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37413
IBM AIX 'qosmod' Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37412
Ruby on Rails 'strip_tags()' Non-Printable Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37142
Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37372
PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/37334
PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37333
GNU Coreutils Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/37256
Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36260
Apache mod_proxy_ftp Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/36254
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
0 件のコメント:
コメントを投稿