NTP 4.2.7p9 Development released
http://archive.ntp.org/ntp4/ChangeLog-dev
ウイルスバスター2009 アップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1357
脆弱性対策情報データベースJVN iPediaの登録状況
[2009年第4四半期(10月~12月)]
http://www.ipa.go.jp/security/vuln/report/JVNiPedia2009q4.html
0day vulnerability Sogou input method to obtain system privileges
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00137.html
JVNDB-2009-002423 Linux kernel の tcf_fill_node 関数におけるカーネルメモリから重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002423.html
JVNDB-2009-002422 Windows 上で稼動する Adobe Flash Player および Adobe AIR の Flash Player の ActiveX コントロールにおけるローカルファイルのファイル名を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002422.html
JVNDB-2009-002421 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002421.html
JVNDB-2009-002420 Adobe Flash Player および Adobe AIR の Verifier::parseExceptionHandlers 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002420.html
JVNDB-2009-002419 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002419.html
JVNDB-2009-002418 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002418.html
JVNDB-2009-002417 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002417.html
JVNDB-2009-002416 Adobe Flash Player および Adobe AIR におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002416.html
JVNDB-2009-002154 PostgreSQL の core server コンポーネントにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002154.html
JVNDB-2009-001949 Microsoft Visual Studio の ATL におけるオブジェクトのインスタンス化処理に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001949.html
JVNDB-2009-001329 NTP の ntpq における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001329.html
JVNDB-2008-002294 Python における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002294.html
JVNDB-2008-002292 Python の zlib 拡張モジュールにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002292.html
JVNDB-2008-002291 Python の imageop.c における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002291.html
JVNDB-2007-001021 Python の imageop モジュールにおける複数の整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001021.html
Novatel Wireless MiFi Flaws Disclose the Configuration and Permit Cross-Site Request Forgery Attacks
http://securitytracker.com/alerts/2010/Jan/1023468.html
2010-01-18: RSA 2010 Party at Ruby Skye
http://www.metasploit.com/forms/rsarsvp.jsp
AOL 9.5 ActiveX Heap Overflow Vulnerability
http://www.exploit-db.com/exploits/11190
OpenOffice ".slk" File Parsing Null Pointer Vulnerability
http://www.exploit-db.com/exploits/11192
MP3 Studio v1.X (.m3u File) Local Stack Overflow
http://www.exploit-db.com/exploits/11191
+ Linux kernel 2.6.27.44, 2.6.31.12, 2.6.32.4 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.44
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.12
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.4
- DHCP 4.1.1 released
http://oldwww.isc.org/sw/dhcp/dhcp4_1_rel.php?noframes=1
- MySQL MyISAM Table Symbolic Link Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37075
[ANNOUNCE] Apache Jackrabbit 2.0 beta6 released
http://jackrabbit.apache.org/downloads.html
AFTR 1.0 released
ftp://ftp.isc.org/isc/aftr/aftr-1.0.tar.gz
Apache Ant 1.8.0RC1 is now available
http://ant.apache.org/bindownload.cgi
Linux Kernel release: 2.6.32.4
http://www.linux.org/news/2010/01/18/0003.html
Linux Kernel release: 2.6.31.12
http://www.linux.org/news/2010/01/18/0002.html
Linux Kernel release: 2.6.27.44
http://www.linux.org/news/2010/01/18/0001.html
Debian : New audiofile packages fix buffer overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31484
Mandriva : mysql
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31482
Mandriva : mysql
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31483
Adam Baldwin : Zenoss Multiple Admin CSRF
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31486
Mandriva : libthai
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31481
修正プログラム提供前の脆弱性を悪用したゼロデイ攻撃について
http://www.ipa.go.jp/security/virus/zda.html
情報詐取を目的として特定の組織に送られる不審なメールの相談窓口
「不審メール110番」
http://www.ipa.go.jp/security/virus/fushin110.html
Microsoft Internet Explorer の未修正の脆弱性に関する注意喚起
http://www.jpcert.or.jp/at/2010/at100004.txt
[ MDVSA-2010:014 ] transmission
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00132.html
[ MDVSA-2010:013 ] transmission
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00131.html
[USN-887-1] LibThai vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00134.html
[USN-886-1] Pidgin vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00123.html
[USN-885-1] LibThai vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00125.html
Reminder: Campus Party EU 2010 Call For Participants
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00127.html
AOL 9.5 ActiveX Heap Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00126.html
Code to mitigate IE event zero-day (CVE-2010-0249)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00114.html
[ MDVSA-2010:012 ] mysql
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00129.html
[ MDVSA-2010:011 ] mysql
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00130.html
[SECURITY] [DSA-1972-1] New audiofile packages fix buffer overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00135.html
GDT and LDT in Windows kernel vulnerability exploitation (paper)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00115.html
[ MDVSA-2010:010 ] libthai
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00118.html
Zenoss Multiple Admin CSRF
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00128.html
Browser Fuzzer 3
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00122.html
[ATHCON2010] CFP/1st Call for Papers - AthCon IT Security Conference
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00120.html
[ MDVSA-2010:009 ] php
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00119.html
[ MDVSA-2010:008 ] php
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00116.html
[ MDVSA-2010:007 ] php
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00113.html
Uplift in SSH brute forcing attacks
http://isc.sans.org/diary.html?storyid=8011
Debian update for audiofile
http://secunia.com/advisories/38277/
SUSE update for kernel
http://secunia.com/advisories/38276/
Fedora update for php-ZendFramework
http://secunia.com/advisories/38273/
Max's Site Protector "ShowLoginForm()" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38272/
Debian update for audiofile
http://secunia.com/advisories/38250/
FunkGallery "gll" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38239/
Hitmaaan Gallery "gall" and "levela" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/38234/
SemanticScuttle SQL Injection Vulnerability
http://secunia.com/advisories/38228/
BS.Player BSI File Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/38221/
Fedora update for systemtap
http://secunia.com/advisories/38216/
Zenoss Core SQL Injection and Cross-Site Request Forgery Vulnerabilities
http://secunia.com/advisories/38195/
SystemTap "stap-server" Shell Command Injection Vulnerability
http://secunia.com/advisories/38154/
PhPepperShop Webshop "darstellen" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38151/
Max's Image Uploader File Upload Security Issue
http://secunia.com/advisories/38018/
iTechScripts Alibaba Clone SQL Injection and Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/37951/
CloneBid B2B Marketplace Script SQL Injection and Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/37936/
phpMyAdmin Insecure Temporary Data and Unserialize Vulnerabilities
http://www.vupen.com/english/advisories/2010/0151
DokuWiki Information Disclosure and Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/0150
IBM Lotus Web Content Management Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/0149
BS.Player BSI File "Skin" Field Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0148
Zeus Web Server Unspecified Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0147
D-Link Routers HNAP Remote Authentication Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/0146
Exploit EFS Software Easy Chat Server v2.2
http://www.exploit-db.com/exploits/11179
Transmission Arbitrary File Overwrite Vulnerability
http://www.securityfocus.com/bid/37659
GD Graphics Library '_gdGetColors' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36712
Google SketchUp 3DS File Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37708
Oracle Internet Directory 'oidldapd' Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37833
VLC Media Player ASS File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37832
Zeus Web Server Unspecified Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37829
BS.Player '.bsl' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37831
Webservice-DIC yoyaku_41 Remote Arbitrary Command Injection Vulnerability
http://www.securityfocus.com/bid/36362
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
BigAnt IM Server 'USV' Request Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37520
Zend Framework Multiple Input Validation Vulnerabilities and Security Bypass Weakness
http://www.securityfocus.com/bid/37809
Ruby BigDecimal Library Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35278
Ruby WEBrick Terminal Escape Sequence in Logs Command Injection Vulnerability
http://www.securityfocus.com/bid/37710
Rosoft Media Player Track List Files Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/26920
MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities
http://www.securityfocus.com/bid/37749
MIT Kerberos KDC Cross-Realm Referral NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37486
OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31692
Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/37543
PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/37334
PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37333
SiteX 'THEME_FOLDER' Parameter Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/35122
Libpurple MSN-SLP Emoticon Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37524
Pidgin Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35067
Pidgin OSCAR Plugin Invalid Memory Access Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36719
TestLink Multiple Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/37824
Pidgin 'msn_slplink_process_msg()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/33414
Pidgin Libpurple Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/36277
Pidgin 'protocols/jabber/auth.c' JABBER Server XMPP Specifications Man In The Middle Vulnerability
http://www.securityfocus.com/bid/36368
Pidgin UPnP and Jabber Protocols Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/29985
LibThai Unspecified Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37822
Microsoft Windows Cursor And Icon ANI Format Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/23194
Internet Explorer CVE-2010-0249 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37815
Apple iTunes/QuickTime Malformed '.mov' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/32540
MySQL MyISAM Table Symbolic Link Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37075
MySQL Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/37297
MySQL OpenSSL Server Certificate yaSSL Security Bypass Vulnerability
http://www.securityfocus.com/bid/37076
PHP 'ini_restore()' Memory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36009
PHP 'htmlspecialcharacters()' Malformed Multibyte Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37389
Audio File Library (libaudiofile) 'msadpcm.c' WAV File Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33066
FreePBX Inbound Route Description HTML Injection Vulnerability
http://www.securityfocus.com/bid/37849
FreePBX 'admin/config.php' Password Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37848
FreePBX 'config.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/37847
SemanticScuttle 'tags.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/37845
SurgeFTP 'surgeftpmgr.cgi' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/37844
Zenoss Multiple Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/37843
Web Server Creator Web Portal Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/37841
Joomla! 'com_uploader' Component Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/37840
TestLink 'order_by_login_dir' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37839
RoseOnlineCMS 'username' Field Login SQL Injection Vulnerability
http://www.securityfocus.com/bid/37838
Php-residence 'template_data_dir' Parameter Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/37837
MediaMonkey '.mp3' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37836
Gracenote CDDBControl ActiveX Control 'ViewProfile' Method Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37834
0 件のコメント:
コメントを投稿