- IBM Lotus Domino Heap Overflow May Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jan/1023456.html
MySQL 5.5.1 (Not yet released)
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-1.html
「Gmail」のデフォルト通信方式がHTTPSに、暗号化でメールを保護
http://itpro.nikkeibp.co.jp/article/NEWS/20100114/343201/?ST=security
JPCERT/CC WEEKLY REPORT 2010-01-14
http://www.jpcert.or.jp/wr/2010/wr100101.html
JVNTA10-013A Adobe Reader および Acrobat における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA10-013A/index.html
JVNVU#508357 Adobe Reader および Acrobat における解放済みメモリを使用する脆弱性
http://jvn.jp/cert/JVNVU508357/index.html
JVN#50837839 Oracle Application Server におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN50837839/index.html
JVNDB-2010-000004 Oracle Application Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000004.html
JVNDB-2009-002409 libc における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002409.html
JVNDB-2009-002408 Microsoft Internet Explorer に脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002408.html
JVNDB-2009-002407 Sun Java SE の java.lang パッケージにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002407.html
JVNDB-2009-002406 Sun Java SE の Provider クラスにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002406.html
Novell ZENworks Asset Management Input Validation Flaw Lets Remote Users Inject SQL Commands
http://securitytracker.com/alerts/2010/Jan/1023459.html
HP Web Jetadmin Unprotected SQL Server Connection Lets Remote Users Access Data and Deny Service
http://securitytracker.com/alerts/2010/Jan/1023457.html
+ Integer Overflow Security Vulnerability in AES and RC4 Decryption in the Solaris Kerberos Crypto Library May Lead to Execution of Arbitrary Code or a Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1
+ J2SE JDK/JRE 1.6.0_18 released
http://java.sun.com/javase/6/webnotes/6u18.html
+ RHSA-2010:0039-1: Moderate: gcc and gcc4 security update
http://rhn.redhat.com/errata/RHSA-2010-0039.html
+ RHSA-2010:0040-1: Moderate: php security update
http://rhn.redhat.com/errata/RHSA-2010-0040.html
+ Linux Kernel ebtables Security Bypass
http://secunia.com/advisories/38133/
http://www.vupen.com/english/advisories/2010/0109
http://www.securityfocus.com/bid/37762
SUN ALERT WEEKLY SUMMARY REPORT - Week of 03-Jan-2010 to 09-Jan-2010
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275470-1
Corelan Security Team : TurboFTP Server 1.00.712 remote DoS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31438
Debian : New krb5 packages fix denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31432
Independent Researcher : Udisk FTP Basic Edition Remote pre-auth DOS Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31437
Windows XP同こんの「FLASH PLAYER」に脆弱性、最新版への更新を
Web閲覧で被害の恐れ、更新しない場合にはアンインストールを
http://itpro.nikkeibp.co.jp/article/NEWS/20100114/343199/?ST=security
ADOBE READERとACROBATの新版公開、「ガンブラー」悪用の脆弱性を修正
2009年末以降「ゼロデイ攻撃」が相次ぐ、できるだけ早急にアップデートを
http://itpro.nikkeibp.co.jp/article/NEWS/20100114/343183/?ST=security
Windows 2000に「緊急」の脆弱性、2010年7月のサポート終了にも注意
文書ファイルやWebページを開くだけで被害の恐れ、攻撃は未確認
http://itpro.nikkeibp.co.jp/article/NEWS/20100114/343198/?ST=security
Timekeeping best practices for Linux guests
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1006427&sliceId=1&docTypeID=DT_KB_1_1
US-CERT Technical Cyber Security Alert TA10-013A -- Adobe Reader and Acrobat Vulnera
http://www.derkeiler.com/Mailing-Lists/Cert/2010-01/msg00001.html
[security bulletin] HPSBPI02500 SSRT090263 rev.1 - HP Web Jetadmin, Remote Unauthorized Access t
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00084.html
[CORE-2009-1209] Google SketchUp lib3ds 3DS Importer Memory Corruption
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00083.html
[SECURITY] [DSA-1970-1] New openssl packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00085.html
[ MDVSA-2010:004 ] bash
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00082.html
Cross Site Identification (CSID) attack. Description and demonstration.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00074.html
[USN-883-1] network-manager-applet vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00081.html
[USN-882-1] PHP vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00077.html
Yoono Firefox Extension - Privileged Code Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00080.html
iDefense Security Advisory 01.12.10: Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerabil
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00075.html
ZDI-10-002: Oracle Secure Backup observiced.exe Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00071.html
[SECURITY] [DSA-1969-1] New krb5 packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00078.html
[USN-881-1] Kerberos vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00079.html
[CORELAN-10-004] TurboFTP Server 1.00.712 remote DoS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00073.html
Secunia Research: Microsoft Windows Flash Player Movie Unloading Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00072.html
MITKRB5-SA-2009-004 [CVE-2009-4212] integer underflow in AES and RC4 decryption
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00070.html
[ MDVSA-2010:003 ] sendmail
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00076.html
SMS Donations Advertised via Twitter
http://isc.sans.org/diary.html?storyid=7972
Adobe Reader and Acrobat patches are available
http://isc.sans.org/diary.html?storyid=7975
Domains being registered about the Haiti Earthquakes already
http://isc.sans.org/diary.html?storyid=7978
Sun Java JRE 6 Update 18 Released
http://isc.sans.org/diary.html?storyid=7981
TYPO3 powermail Extension SQL Injection Vulnerability
http://secunia.com/advisories/38167/
TYPO3 Unit Converter Extension Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38166/
TYPO3 KJ: Imagelightbox Extension Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38165/
TYPO3 Developer Log Extension Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38164/
SSSD Kerberos Authentication Security Bypass
http://secunia.com/advisories/38160/
IBM OS/400 TLS Session Renegotiation Plaintext Injection
http://secunia.com/advisories/38157/
LayoutCMS "id" SQL Injection Vulnerability
http://secunia.com/advisories/38150/
Docmint "id" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38149/
SBD Directory Software Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38148/
Novell ZENWorks Asset Management SQL Injection Vulnerability
http://secunia.com/advisories/38147/
TurboFTP Server Denial of Service Vulnerability
http://secunia.com/advisories/38145/
Debian update for krb5
http://secunia.com/advisories/38140/
Adobe Reader/Acrobat 7 Multiple Vulnerabilities
http://secunia.com/advisories/38138/
NetBSD update for openssl
http://secunia.com/advisories/38134/
Linux Kernel ebtables Security Bypass
http://secunia.com/advisories/38133/
Adobe getPlus DLM Multiple Vulnerabilities
http://secunia.com/advisories/38131/
Sun Java System Identity Manager Security Bypass
http://secunia.com/advisories/38130/
Sun Solaris Trusted Extensions Privilege Escalation
http://secunia.com/advisories/38129/
Oracle Secure Backup Buffer Overflow Vulnerability
http://secunia.com/advisories/38128/
Ubuntu update for krb5
http://secunia.com/advisories/38126/
Red Hat update for krb5
http://secunia.com/advisories/38108/
Kerberos KDC RC4 and AES Decryption Integer Underflow Vulnerabilities
http://secunia.com/advisories/38080/
Oracle JRockit Multiple Vulnerabilities
http://secunia.com/advisories/38059/
Oracle E-Business Suite Multiple Vulnerabilities
http://secunia.com/advisories/38058/
Oracle Primavera Products Denial of Service Vulnerability
http://secunia.com/advisories/38044/
Oracle PeopleSoft Enterprise HCM eProfile Vulnerability
http://secunia.com/advisories/38037/
Oracle Application Server Multiple Vulnerabilities
http://secunia.com/advisories/38034/
Oracle Database Multiple Vulnerabilities
http://secunia.com/advisories/38027/
Oracle BEA WebLogic Server Multiple Vulnerabilities
http://secunia.com/advisories/38023/
Zope "standard_error_message" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38007/
Fedora update for openttd
http://secunia.com/advisories/37984/
Fedora update for transmission
http://secunia.com/advisories/37964/
Fedora update for sssd
http://secunia.com/advisories/37962/
Fedora update for pidgin
http://secunia.com/advisories/37961/
Fedora update for GraphicsMagick
http://secunia.com/advisories/37959/
Fedora update for DevIL
http://secunia.com/advisories/37955/
Fedora update for trac
http://secunia.com/advisories/37952/
SUSE update for java-1_6_0-ibm
http://secunia.com/advisories/37945/
SUSE update for java-1_4_2-ibm
http://secunia.com/advisories/37941/
Visualization Library Unspecified Vulnerabilities
http://secunia.com/advisories/37940/
MaxDB Information Disclosure and Denial of Service
http://secunia.com/advisories/37734/
Solaris Trusted Extensions Missing Libraries Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Jan/1023448.html
Sun Java System Identity Manager Flaw Grants Remote Users Administrative Access
http://securitytracker.com/alerts/2010/Jan/1023447.html
BEA JRockit Flaw Lets Remote Users Take Full Control of the Target System
http://securitytracker.com/alerts/2010/Jan/1023443.html
Twitter and Baidu hijacked by "Iranian Cyber Army"
http://www.zone-h.org/news/id/4733
Linux Kernel Local ebtables Rules Manipulation Vulnerability
http://www.vupen.com/english/advisories/2010/0109
Sun Java System Identity Manager Unauthorized Access Vulnerability
http://www.vupen.com/english/advisories/2010/0108
Sun Solaris Trusted Extensions Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2010/0107
IBM OS/400 TLS/SSL Session Renegotiation Plaintext Injection Issue
http://www.vupen.com/english/advisories/2010/0106
Novell ZENworks Asset Management SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0105
Zope "standard_error_message" Template Cross Site Scripting Issue
http://www.vupen.com/english/advisories/2010/0104
Adobe Reader and Acrobat Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/0103
Oracle Products Code Execution and Information Disclosure Vulnerabilities
http://www.vupen.com/english/advisories/2010/0102
Microsoft Windows XP Flash Player Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/0101
Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/0096
Oracle Database CVE-2009-1996 Remote Logical Standby Vulnerability
http://www.securityfocus.com/bid/37740
Oracle Application Express CVE-2010-0076 Remote Application Express Application Builder Vulnerabilit
http://www.securityfocus.com/bid/37735
Oracle Database and Application Server CVE-2009-3412 Local Unzip Vulnerability
http://www.securityfocus.com/bid/37731
GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37128
PHP Versions Prior to 5.3.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37079
PHP 5.2.10 and Prior Versions Multiple Vulnerabilities
http://www.securityfocus.com/bid/36449
PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35440
PHP 'htmlspecialcharacters()' Malformed Multibyte Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37389
GD Graphics Library '_gdGetColors' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36712
Zope 'standard_error_message' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37765
OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31692
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
bash-doc Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/32733
Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
http://www.securityfocus.com/bid/35251
Adobe Reader and Acrobat DLL Loading in 3D Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37761
Adobe Reader and Acrobat Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/37763
Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37757
Adobe Reader and Acrobat U3D Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37758
Adobe Reader and Acrobat 'newplayer()' JavaScript Method Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37331
Adobe Reader and Acrobat U3D Support Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37756
Adobe Flash Player 6 Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/37753
Linux Kernel 'ebtables' Security Bypass Vulnerability
http://www.securityfocus.com/bid/37762
Sun Java System Identity Manager Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37755
PHP 'session.save_path()' Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/37390
PHP 'ini_restore()' Memory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36009
Sun Solaris Trusted Extensions Missing Libraries Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37754
NetworkManager Security Bypass and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/37580
NOS Microsystems getPlus Help ActiveX Control Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/37759
Adobe Reader and Acrobat Null Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/37760
RETIRED: Adobe Acrobat and Reader January 2010 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/37667
MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities
http://www.securityfocus.com/bid/37749
Transmission Arbitrary File Overwrite Vulnerability
http://www.securityfocus.com/bid/37659
Trac Alternate Formats Policy Check Bypass Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37441
Public Media Manager Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37797
TYPO3 Majordomo Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37796
TYPO3 VD / Geomap Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37795
TYPO3 Tip many friends Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37794
TYPO3 Powermail Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/37793
TYPO3 zak_store_management Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/37792
TYPO3 Vote rank for news Extension Cross-Site Scripting and SQL-Injection Vulnerabilities
http://www.securityfocus.com/bid/37791
TYPO3 KJ: Imagelightbox Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37790
TYPO3 Unit Converter Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37789
Drupal Own Term Module 'term description' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/37788
HP Web Jetadmin Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37787
TYPO3 Developer Log Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37786
TYPO3 Clan Users List (pb_clanlist) Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/37785
TYPO3 Reports for Job (job_reports) Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/37784
TYPO3 BB Simple Jobs (bb_simplejobs) Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/37783
Drupal Node Block Module 'Title' HTML Injection Vulnerability
http://www.securityfocus.com/bid/37782
TYPO3 MJS Event Pro (mjseventpro) Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/37781
Mozilla Firefox Yoono Extension 'img' Tag DOM Event Handler Remote Code Injection Vulnerability
http://www.securityfocus.com/bid/37780
TYPO3 Helpdesk (mg_help) Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/37779
TYPO3 TV21 Talkshow Extension Unspecified Cross-Site Scripting and SQL-Injection Vulnerabilities
http://www.securityfocus.com/bid/37778
TYPO3 User Links (vm19_userlinks) Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/37777
GNU Bash 'ls' Control Character Command Injection Vulnerability
http://www.securityfocus.com/bid/37776
TYPO3 TT_Products editor (ttpedit) Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/37775
TYPO3 tt_news Mail alert (dl3_tt_news_alerts) Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/37774
TYPO3 Google Maps for tt_news Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/37773
TYPO3 SB Folderdownload Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37772
TYPO3 Customer Reference List Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/37771
TYPO3 kiddog_mysqldumper Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37770
TYPO3 Photo Book Unspecified Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37769
TYPO3 MK-AnydropdownMenu Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/37768
NetBSD VFS Filesystem Autoloading Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37767
SAP MaxDB Unspecified Information Disclosure and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/37766
0 件のコメント:
コメントを投稿