+ 「NTP プロトコルに関する脆弱性」のご報告
http://www.hitachi.co.jp/Prod/comp/network/notice/ntp568372.html
+ 「TCP プロトコルに関する脆弱性」のご報告
http://www.hitachi.co.jp/Prod/comp/network/notice/tcp723308.html
YAPC Europe Foundation financial reports published
http://use.perl.org/article.pl?sid=10/01/06/1040257&from=rss
PHPRunner 5.2 released with PostgreSQL support
http://www.postgresql.org/about/news.1175
Bucardo rpms for fedora, centos and rhel linux
http://www.postgresql.org/about/news.1174
Database .NET 3.0 released
http://www.postgresql.org/about/news.1173
Trend Micro Control Manager 5.0 Patch 4 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1348
2010年のサイバー脅威、FacebookやTwitterが標的に---米マカフィー予測
http://itpro.nikkeibp.co.jp/article/NEWS/20100107/342914/?ST=security
JVNDB-2009-002396 Apple Safari の WebKit における任意の Web サイトにリクエストされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002396.html
JVNDB-2009-002395 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002395.html
JVNDB-2009-002394 WebKit におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002394.html
JVNDB-2009-002393 Apple Safari におけるローカル HTML ファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002393.html
RHBA-2010:0012-1: ruby bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0012.html
RHBA-2010:0013-1: selinux-policy bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0013.html
Static analysis of malicious PDFs
http://isc.sans.org/diary.html?storyid=7903
Red Hat JBoss Enterprise Web Server Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2010/Jan/1023411.html
PowerDNS Recursor Unspecified Bug Lets Remote Users Spoof the DNS
http://securitytracker.com/alerts/2010/Jan/1023404.html
PowerDNS Recursor Buffer Overflow May Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jan/1023403.html
MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jan/1023402.html
HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37396
Joomla! DM Orders Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37655
+ FreeBSD-SA-10:01.bind: BIND named(8) cache poisoning with DNSSEC validation
http://security.freebsd.org/advisories/FreeBSD-SA-10:01.bind.asc
+ FreeBSD-SA-10:02.ntpd: ntpd mode 7 denial of service
http://security.freebsd.org/advisories/FreeBSD-SA-10:02.ntpd.asc
+ FreeBSD-SA-10:03.zfs: ZFS ZIL playback with insecure permissions
http://security.freebsd.org/advisories/FreeBSD-SA-10:03.zfs.asc
+ PSN-2010-01-621: Crafted RSVP Path Object Overloads the RPD Process
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-01-621&viewMode=view
+ PSN-2010-01-622: as-path-prepend and specific length AS_PATH we can cause a Juniper to send corrupted update packets to eBGP neighbors
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-01-622&viewMode=view
+ PSN-2010-01-623: JUNOS kernel cores when it receives an crafted TCP option.
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-01-623&viewMode=view
+ PSN-2010-01-624: Unauthorized user can obtain root access using cli
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-01-624&viewMode=view
+ PSN-2010-01-625: Invalid RSVP packet causes RPD process busy loop and router becomes unresponsive
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-01-625&viewMode=view
+ PSN-2010-01-626: BGP Malformed AS-4 Byte Transitive Attributes Drop BGP Sessions
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-01-626&viewMode=view
+ PSN-2010-01-627: RPD cores when injected with malformed PIM messages
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-01-627&viewMode=view
+ Linux kernel 2.6.27.43, 2.6.31.10, 2.6.32.3 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.43
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.10
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.3
+ MySQL 5.0.51a Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37640
- FreeBSD-EN-10:01.freebsd: Various FreeBSD 8.0-RELEASE improvements
http://security.freebsd.org/advisories/FreeBSD-EN-10:01.freebsd.asc
- Security Vulnerability May Prevent OpenSolaris "hald" Daemon From Correctly Writing Audit Records
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274830-1
[ANNOUNCE] pgfincore 0.4 released
http://villemain.org/projects/pgfincore
Support for WebSphere MQ V7.0.1 multi-instance queue managers on i5/OS and Solaris
http://www-01.ibm.com/support/docview.wss?rs=171&context=SSFKSJ&context=SSEP7X&dc=D600&uid=swg21398427&loc=en_US&cs=UTF-8&lang=en
RHBA-2010:0010-1: xen bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0010.html
Ubuntu Security Notice : Kerberos vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31373
Aditya K Sood : Link Injection Redirection Attacks - Exploiting Google Chrome Design Flaw
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31379
Gentoo Linux : PHP: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31378
Independent Researcher : Multiple vulnerabilities in LineWeb 1.0.5
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31380
Mandriva : davfs
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31372
Protek Research Lab : {PRL} Novell Netware CIFS And AFP Remote Memory Consumption DoS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31381
REWTERZ : Ofilter Player Local Denial of Service (DoS) Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31375
REWTERZ : n.player Local Heap Overflow Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31376
REWTERZ : Nemesis Player (NSP) Local Denial of Service (DoS) Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31377
Slackware Linux : slackware-security mozilla-firefox
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31374
「すべてのファイルが『イカ』に!」、破壊型ウイルスの相談相次ぐ
データの復旧は困難、「ファイル共有ソフトの危険性を認識すべき」
http://itpro.nikkeibp.co.jp/article/NEWS/20100107/342939/?ST=security
「ユーザーに気付かれないように感染」、巧妙なウイルスが猛威
IPAが2009年のウイルス感染事例を総括、「ガンブラー」の被害が続出
http://itpro.nikkeibp.co.jp/article/NEWS/20100107/342933/?ST=security
JVN#09872874 Movable Type におけるアクセス制限回避の脆弱性
http://jvn.jp/jp/JVN09872874/index.html
[SECURITY] [DSA-1965-1] New phpldapadmin packages fix remote file inclusion
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00033.html
Critical PowerDNS Recursor Security Vulnerabilities: please upgrade ASAP to 3.1.7.2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00029.html
[USN-879-1] Kerberos vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00027.html
HTTP Digest Integrity: Another look, in light of recent attacks
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00032.html
[TOOL RELEASE] Microsoft SQL Server Fingerprint Too BETA-3l!!!
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00030.html
Secure USB Flaw Exposed
http://isc.sans.org/diary.html?storyid=7894
Firefox update available
http://isc.sans.org/diary.html?storyid=7897
Possible new MySQL 0day
http://isc.sans.org/diary.html?storyid=7900
LightOpenCMS "cwd" File Inclusion Vulnerability
http://secunia.com/advisories/38116/
Novell NetWare AFP Implementation Denial of Service Vulnerability
http://secunia.com/advisories/38114/
Joomla jEmbed-Embed Anything Component "catid" SQL Injection
http://secunia.com/advisories/38112/
Obsession-Design Image-Gallery "folder" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38107/
LineWeb File Inclusion and Security Bypass
http://secunia.com/advisories/38105/
Ubuntu update for krb5
http://secunia.com/advisories/38104/
Movable Type Unspecified Security Bypass
http://secunia.com/advisories/38093/
Gentoo update for php
http://secunia.com/advisories/38090/
Slackware update for mozilla-firefox
http://secunia.com/advisories/38089/
Liferay Portal "p_p_id" Script Insertion Vulnerability
http://secunia.com/advisories/38088/
Fedora update for krb5
http://secunia.com/advisories/38073/
F5 Products NTP Mode 7 Request Denial of Service
http://secunia.com/advisories/38038/
Snitz Forums 2000 "X-Forwarded-For" SQL Injection Vulnerability
http://secunia.com/advisories/37822/
Liferay Enterprise Portal Input Validation Flaw in Plugins Configuration Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Jan/1023401.html
netsniff-ng "netsniff-ng.c" File Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0051
Visualization Library Security Update Fixes Unspecified Vulnerabilities
http://www.vupen.com/english/advisories/2010/0050
jProjects for Joomla "project" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0049
Obsession-Design Image-Gallery "folder" Cross Site Scripting Issue
http://www.vupen.com/english/advisories/2010/0048
jEmbed-Embed Anything for Joomla "catid" SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0047
Magento Multiple Fields Processing Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/0046
LineWeb Remote SQL Injection and Local File Inclusion Vulnerabilities
http://www.vupen.com/english/advisories/2010/0045
F5 Products NTP Mode 7 Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/0044
Snitz Forums 2000 "X-Forwarded-For" SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0043
Movable Type Unspecified Access Restriction Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/0042
Novell Netware AFP Protocol Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/0041
F5 Data Manager Multiple Directory Traversal Vulnerabilities
http://www.vupen.com/english/advisories/2010/0040
S2 Security Linear eMerge Factory Reset Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/0039
Liferay Portal "p_p_id" Parameter Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/0038
D-LINK DKVM-IP8 XSS Vulnerability
http://www.exploit-db.com/exploits/11030
Apple QuickTime 7.2/7.3 RTSP BOF (Perl)
http://www.exploit-db.com/exploits/11027
Novell eDirectory 8.8 SP5 (Post Auth) Remote BOF Exploit
http://www.exploit-db.com/exploits/11022
Flashget 3.x IEHelper Remote Exec 0day PoC
http://www.exploit-db.com/exploits/11021
DirectAdmin <= 1.33.6 Symlink Permission Bypass http://www.exploit-db.com/exploits/11029
PlayMeNow v7.3 and 7.4 Buffer Overflow (meta)
http://www.exploit-db.com/exploits/11010
Movable Type Unspecified Security Bypass Vulnerability
http://www.securityfocus.com/bid/37638
PHP 5.2.10 and Prior Versions Multiple Vulnerabilities
http://www.securityfocus.com/bid/36449
phpLDAPadmin 'cmd.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/37327
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Apache mod_proxy_ftp Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/36254
Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36260
Apple QuickTime RTSP Response Header Content-Type Remote Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/26549
LineWeb 1.0.5 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/37613
Novell eDirectory '/dhost/httpstk' Multiple Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/37042
Adobe Flash Player and AIR 'exception_count' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37267
Adobe Flash Player and AIR (CVE-2009-3798) Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37275
Adobe Flash Player and AIR JPEG File Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37266
Adobe Flash Player and AIR (CVE-2009-3797) Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37273
Adobe Flash Player and AIR Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/37269
Adobe Flash Player and AIR Data Injection Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37270
NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37255
Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34383
TYPO3 vShoutbox Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37626
NTP 'ntpq' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34481
TYPO3 Document Directorys Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/37636
TYPO3 Diocese of Portsmouth Resources Database Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37634
TYPO3 Parish of the Holy Spirit Religious Art Gallery Multiple Vulnerabilities
http://www.securityfocus.com/bid/37628
TYPO3 Parish Administration Database Extension Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/37633
TYPO3 File list Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37632
TYPO3 vShoutbox Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37630
TYPO3 Diocese of Portsmouth Resources Database Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/37631
TYPO3 Random Prayer 2 Extension Unspecified Cross-Site Scripting and SQL-Injection Vulnerabilities
http://www.securityfocus.com/bid/37629
Joomla! jEmbed Component 'catid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37627
Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
http://www.securityfocus.com/bid/37370
Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/37367
Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37366
Mozilla Firefox 'window.opener' Property Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37365
Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37361
Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37363
Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37364
Mozilla Firefox CVE-2009-3980 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37362
Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
http://www.securityfocus.com/bid/37360
PHP 'posix_mkfifo()' 'open_basedir' Restriction Bypass Vulnerability
http://www.securityfocus.com/bid/36554
MIT Kerberos KDC Cross-Realm Referral NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37486
Mozilla Firefox and SeaMonkey 'liboggplay' Media Library Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37369
Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37368
Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/32710
PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35440
GD Graphics Library '_gdGetColors' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36712
PHP 'ini_restore()' Memory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36009
PHP 'mbstring' Extension Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/32948
PHP 5.2.8 and Prior Versions Multiple Vulnerabilities
http://www.securityfocus.com/bid/33927
PHP 'mbstring.func_overload' Webserver Denial Of Service Vulnerability
http://www.securityfocus.com/bid/33542
PHP 'session.save_path()' Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/37390
PHP SAPI 'php_getuid()' Safe Mode Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/32688
PHP 'htmlspecialcharacters()' Malformed Multibyte Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37389
PHP ZipArchive::extractTo() '.zip' Files Directory Traversal Vulnerability
http://www.securityfocus.com/bid/32625
PHP 'imageRotate()' Uninitialized Memory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33002
PHP 5.2.7 'magic_quotes_gpc' Security Bypass Weakness
http://www.securityfocus.com/bid/32673
University of Washington IMAP c-client Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/32958
PHP 'error_log' Safe Mode Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/32383
PHP Multiple Functions 'safe_mode_exec_dir' and 'open_basedir' Restriction Bypass Vulnerabilities
http://www.securityfocus.com/bid/31064
PowerDNS Recursor Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37653
MediaWiki 'ratelink.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/37652
PowerDNS Recurser Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37650
Drupal Currency Exchange Module 'watchdog' HTML Injection Vulnerability
http://www.securityfocus.com/bid/37649
Sun Java System Web Server Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37648
Drupal Wunderbar! Module 'username' HTML Injection Vulnerability
http://www.securityfocus.com/bid/37647
D-LINK DKVM-IP8 'auth.asp' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37646
'com_kk' Joomla! Component 'kat' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37645
Visualization Library Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/37644
Docebo 'modname' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/37643
Joomla! 'com_perchagallery' Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37642
Sun Java System Web Server Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37641
MySQL 5.0.51a Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37640
PHPDirector Game Edition Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/37639
Snitz Forums 2000 'X-Forwarded-For' SQL Injection Vulnerability
http://www.securityfocus.com/bid/37637
0 件のコメント:
コメントを投稿