:: IT Security Neophyte Investigator's MEMO ::: 2月 2010

2010年2月26日金曜日

26日金曜日、先勝

- HS10-002: Problem with file permissions in JP1/Cm2/Network Node Manager Remote Console
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-002/index.html
- HS10-002: JP1/Cm2/Network Node Managerのリモートコンソールにおけるファイルパーミッションの問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-002/index.html

Sendmail 8.14.5.Alpha0 is available for testing
http://www.sendmail.org/

Trend Micro Data Loss Prevention/Virtual Appliance 5.2 公開とサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1371

HS10-001: Cross-site Scripting Vulnerability in uCosminexus Portal Framework
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-001/index.html

【障害情報】WebSphere関連製品におけるTLS/SSL脆弱性(CVE-2009-3555)の影響について (WAS-10-00B)
http://www-06.ibm.com/ibm/jp/security/info/websphere/si20100225a.html

2009年はPDF関連の脅威が急増、新たな脆弱性発見は11％減少
http://itpro.nikkeibp.co.jp/article/Research/20100226/345124/?ST=security

Microsoft、ボットネット「Waledac」の通信遮断で「大きな成果」
http://itpro.nikkeibp.co.jp/article/NEWS/20100226/345119/?ST=security

「500台のPCが感染、復旧までに1週間」――ウイルス退治の舞台裏
猛威を振るい続ける「ダウンアド」ウイルス、トレンドが実態を報告
http://itpro.nikkeibp.co.jp/article/NEWS/20100225/345117/?ST=security

「パスワードの使い回しを防ぐ方法教えます」――米セキュリティ企業
「サービスごとに異なる文字列挿入」や「パスワード管理ソフト」が効果的
http://itpro.nikkeibp.co.jp/article/NEWS/20100225/345116/?ST=security

JVNVU#166739 APC Network Management Card のウェブインターフェースに複数の脆弱性
http://jvn.jp/cert/JVNVU166739/index.html

JVNDB-2010-001088 uCosminexus Portal Framework におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001088.html

JVNDB-2010-001087 Linux カーネルの IPv6 jumbogram 処理に脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001087.html

JVNDB-2010-001086 gzip の huft_build 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001086.html

JVNDB-2009-001949 Microsoft Visual Studio の ATL におけるオブジェクトのインスタンス化処理に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001949.html

JVNDB-2009-001911 XML 署名の検証において認証回避が可能な問題
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001911.html

JVNDB-2006-000532 複数の RSA 実装において署名が正しく検証されない脆弱性
http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000532.html

New version of dnsmap
http://isc.sans.org/diary.html?storyid=8302

Asterisk Access Control Parsing Error May Let Remote Users Bypass Access Controls
http://securitytracker.com/alerts/2010/Feb/1023657.html

[ANNOUNCE] Release of Lucene Java 3.0.1 and 2.9.2
http://lucene.apache.org/java/3_0_1/changes/Changes.html
http://lucene.apache.org/java/2_9_2/changes/Changes.html

+ OpenSSL 0.9.8m released
http://www.openssl.org/source/

+ Windows API Bug Lets Local Users Deny Service
http://securitytracker.com/alerts/2010/Feb/1023656.html
+ Microsoft Windows Unspecified Denial of Service Vulnerability
http://www.securityfocus.com/bid/38420

[ANNOUNCEMENT] Commons Daemon 1.0.2 released
http://commons.apache.org/daemon/

Security Vulnerability in the Sun Java System Directory Server May Allow Crafted LDAP Search Requests To Cause A Denial Of Service (DoS) Condition
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275711-1

Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Affects Multiple Server Products in the Sun Java Enterprise System Suite
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1

Thunderbird 3.0.2 update is now available for download
http://www.mozillamessaging.com/en-US/about/press/archive/-01
http://www.mozillamessaging.com/en-US/thunderbird/3.0.2/releasenotes/

（参考）WCM のログインページにおける XSS に関する脆弱性の問題（WebSphere Portal や Lotus Quickr services for WebSphere Portal にも影響あり）
http://www-06.ibm.com/jp/domino04/lotus/support/faqs/faqs.nsf/all/733903

Ariko-Security : SQL injection vulnerability in WebAdministrator Lite CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31864

Hacktics : XSS in IBM WebSphere Portal & Lotus WCM
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31863

Independent Researcher : XSS vulnerability in RedBanc.cl (interbank network)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31865

Nikolas Sotiriu : DATEV ActiveX Control remote command execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31862

US-CERT : Malicious Activity Associated with "Aurora" Internet Explorer Exploit
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31860

Ariko-Security : SQL injection vulnerability in LiveChatNow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31866

iDEFENSE : Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31861

Form-based HTTP Authentication Proof of Concept
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00227.html

[ MDVSA-2010:048 ] roundcubemail
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00226.html

SQL injection vulnerability in WebAdministrator Lite CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00228.html

Hacktics Advisory Feb10: XSS in IBM WebSphere Portal & Lotus WCM
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00224.html

NSOADV-2010-003: DATEV ActiveX Control remote command execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00225.html

Microsoft, restraining orders, and how a big botnet (waledec) ate curb.
http://isc.sans.org/diary.html?storyid=8299

Softbiz Link Directory Script "sbcat_id" SQL Injection Vulnerability
http://secunia.com/advisories/38703/

Joomla HD FLV Player Component "id" SQL Injection Vulnerability
http://secunia.com/advisories/38691/

tDiary Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38742/

GNU M4 "make dist" Insecure Directory Permissions
http://secunia.com/advisories/38707/

Drupal Weekly Archive by Node Type Module Information Disclosure
http://secunia.com/advisories/38717/

Datev DVBSExeCall ActiveX Control "ExecuteExe()" Vulnerability
http://secunia.com/advisories/38716/

Symantec Altiris Deployment Solution dbmanager.exe Denial of Service
http://secunia.com/advisories/38719/

Drupal Facebook-style Statuses (Microblog) Module Status Manipulation
http://secunia.com/advisories/38750/

rbot "reaction" Plugin rbot Command Execution Security Issue
http://secunia.com/advisories/38738/

Article Friendly Multiple Vulnerabilities
http://secunia.com/advisories/38676/

Newbie CMS Authentication Security Bypass
http://secunia.com/advisories/38743/

WikyBlog "which" Cross-Site Scripting Vulnerabillity
http://secunia.com/advisories/38699/

Ubuntu update for squid
http://secunia.com/advisories/38686/

Windows API Bug Lets Local Users Deny Service
http://securitytracker.com/alerts/2010/Feb/1023656.html

Google Picasa Integer Overflow in Processing JPEG Images Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Feb/1023652.html

Rbot Reaction Plugin Remote Command Execution Vulnerability
http://www.vupen.com/english/advisories/2010/0469

WikyBlog "which" Parameter Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/0468

Todd Miller Sudo 'sudoedit' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38362

Mozilla Firefox and SeaMonkey 'showModalDialog' method Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/38289

NOS getPlus Downloader Domain Validation Arbitrary File Download Vulnerability
http://www.securityfocus.com/bid/38313

APC Network Management Card Cross Site Request Forgery and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/37338

OpenInferno OI.Blogs Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/38402

Symantec Altiris Deployment Solution 'dbmanager.exe' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38410

Sun Java System Directory Server LDAP Search Request Denial of Service Vulnerability
http://www.securityfocus.com/bid/37899

Multiple Vendors Email Clients DNS prefetching Domain Name Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38046

GNU Automake Insecure Directory Permissions Vulnerability
http://www.securityfocus.com/bid/37378

Multiple IBM Products Login Page Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38412

Symantec AntiVirus and Symantec Endpoint Protection Scan Evasion Vulnerability
http://www.securityfocus.com/bid/38219

Mozilla Firefox and SeaMonkey Web Workers Array Data Type Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38285

Mozilla Firefox/Thunderbird/SeaMonkey HTML Parser Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38287

Mozilla Firefox CVE-2010-0159 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/38286

Mozilla Firefox and SeaMonkey SVG Document Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/38288

Multiple Adobe Products Unspecified Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/38198

Adobe Flash Player and AIR (CVE-2010-0187) Unspecified Denial of Service Vulnerability
http://www.securityfocus.com/bid/38200

Linux Kernel 'azx_position_ok()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38348

Linux e1000e Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/37523

Linux Kernel 'drivers/connector/connector.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38058

Linux Kernel 'do_pages_move()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38144

Pidgin Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38294

VKPlayer '.mid' File Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38423

Entry Level CMS 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38422

Newbie CMS Insecure Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/38421

Microsoft Windows Unspecified Denial of Service Vulnerability
http://www.securityfocus.com/bid/38420

Softbiz Recipes Portal and Link Directory Script 'showcats.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38418

JSK Internet WebAdministrator 'download.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38416

DateV 'DVBSExeCall.ocx' ActiveX Control Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/38415

GameScript 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38414

tDiary TrackBack Transmission Plugin Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/38413

Article Friendly Security Bypass Vulnerability
http://www.securityfocus.com/bid/38409

2010年2月25日木曜日

25日木曜日、赤口

sk42723: Check Point response to Sockstress TCP DoS attacks (CVE-2008-4609)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk42723&src=securityAlerts

Restarting the Management agents on an ESX or ESXi Server
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1003490&sliceId=1&docTypeID=DT_KB_1_1

脆弱性対策情報データベースのソフトウェアインタフェースを公開
http://www.ipa.go.jp/security/vuln/press/201002_myjvn_api.html

セキュリティ設定共通化手順SCAP概説
http://www.ipa.go.jp/security/vuln/SCAP.html

JVN#73331060 tDiary 付属のプラグイン tb-send.rb におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN73331060/index.html

JVNTA10-021A Internet Explorer に複数の脆弱性
http://jvn.jp/cert/JVNTA10-021A/index.html

JVNDB-2010-000005 tDiary 付属のプラグイン tb-send.rb におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000005.html

JVNDB-2003-000401 Sun ONE/iPlanet Web Server における HTTP リクエストを非表示にされる脆弱性
http://jvndb.jvn.jp/ja/contents/2003/JVNDB-2003-000401.html

JVNDB-2003-000400 Sun ONE/iPlanet Web Server におけるログファイルに任意のテキストを挿入される脆弱性
http://jvndb.jvn.jp/ja/contents/2003/JVNDB-2003-000400.html

JVNDB-2010-001085 IBM WebSphere Application Server の Single Sign-on 機能における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001085.html

JVNDB-2010-001060 GNU gzip における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001060.html

JVNDB-2010-001006 Linux kernel の e1000e ドライバにおけるイーサネットフレームの処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001006.html

JVNDB-2009-002473 PHP の htmlspecialchars 関数におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002473.html

JVNDB-2009-002447 GNU Libtool の libltdl における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002447.html

JVNDB-2009-002396 Apple Safari の WebKit における任意の Web サイトにリクエストされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002396.html

JVNDB-2009-002395 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002395.html

JVNDB-2009-001505 Linux kernel の icmp_send 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001505.html

JVNDB-2009-001292 Linux Kernel の audit_syscall_entry 関数におけるシステムコール監査設定を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001292.html

US-CERT Technical Cyber Security Alert TA10-055A -- Malicious Activity Associated with "Aurora" Internet Explorer Exploit
http://www.derkeiler.com/Mailing-Lists/Cert/2010-02/msg00001.html

Pass The Hash
http://isc.sans.org/diary.html?storyid=8296

Vulnerability Note VU#166739: APC Network Management Card web interface vulnerable to cross-site scripting and cross-site request forgery
http://www.kb.cert.org/vuls/id/166739

TIBCO Administrator Unspecified Flaw Lets Remote Authenticated Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Feb/1023653.html

WebKit Style Tag Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38398

OpenInferno OI.Blogs Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/38402

Softbiz Auktios Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/38399

+ sudo "sudoedit" Privilege Escalation Security Issue
http://secunia.com/advisories/38659/
+ Todd Miller Sudo 'sudoedit' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38362
+ Sudo "sudoedit" Command Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2010/0450
+ Sudoedit may allow users to run any command
http://www.sudo.ws/sudo/alerts/sudoedit_escalate.html

+ sudo 1.6.9p21, 1.7.2p4 released
http://www.sudo.ws/sudo/news.html
http://www.ring.gr.jp/archives/misc/sudo/?C=M;O=D

+ ProFTPD 1.3.2e, 1.3.3 released
http://www.proftpd.org/
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2e
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.3

+ Samba 3.4.6 Available for Download
http://news.samba.org/releases/3.4.6/
http://samba.org/samba/history/samba-3.4.6.html

+ Linux kernerl 2.6.33 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33
http://www.linux.org/news/2010/02/24/0001.html

+- RHSA-2009:1455-3: Moderate: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2009-1455.html

+ Linux Kernel TSB I-TLB Load Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38393

Package: Courier 0.64.1 released
https://sourceforge.net/projects/courier/files/courier/0.64.1/courier-0.64.1.tar.bz2/download

Package: maildrop 2.4.2 released
https://sourceforge.net/projects/courier/files/maildrop/2.4.2/maildrop-2.4.2.tar.bz2/download

Security Risk with Fix Available: Web Content Management login page vulnerable to cross site scripting attacks, also affects WebSphere Portal and Quickr services for WebSphere Portal
http://www-01.ibm.com/support/docview.wss?uid=swg21421469

Installing VMware Tools
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=340&sliceId=2&docTypeID=DT_KB_1_1

RHBA-2010:0120-1: coreutils bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0120.html

RHBA-2010:0121-2: dump bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0121.html

Independent Researcher : Rbot Owner Reaction Command Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31855

Ubuntu Security Notice : OpenOffice.org vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31851

VUPEN Security : Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31858

プレス発表
官民連携による「情報セキュリティ啓発活動」の実施について
http://www.ipa.go.jp/about/press/20100224.html

ESA-2010-003: EMC HomeBase Server Arbitrary File Upload Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00223.html

iDefense Security Advisory 02.23.10: Multiple Vendor NOS Microsystems getPlus Downloader Input Valid
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00219.html

[USN-904-1] Squid vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00220.html

SQL injection vulnerability in LiveChatNow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00221.html

Rbot Owner Reaction Command Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00222.html

大学生を狙ったフィッシング詐欺が増加中
RSAセキュリティが警告、米大学のポータルなどに見せかける
http://itpro.nikkeibp.co.jp/article/NEWS/20100225/345032/?ST=security

「画像をゆがめて、件名は空白に」――新たな「画像スパム」出現
目的は迷惑メール対策ソフトの回避、編集部でも多数確認
http://itpro.nikkeibp.co.jp/article/NEWS/20100225/345039/?ST=security

PUBLIC ADVISORY: 02.23.10: Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856

Joomla SQL Reports Component "user_id" SQL Injection Vulnerability
http://secunia.com/advisories/38678/

SilverStripe Multiple Vulnerabilities
http://secunia.com/advisories/38697/

Fedora update for cronie
http://secunia.com/advisories/38741/

cronie "crontab" Race Condition Security Issue
http://secunia.com/advisories/38700/

Ubuntu update for openoffice.org
http://secunia.com/advisories/38695/

WorkSimple Multiple Security Issues
http://secunia.com/advisories/38725/

Avaya Products Multiple Vulnerabilities
http://secunia.com/advisories/38696/

Avaya CMS Solaris Python Multiple Vulnerabilities
http://secunia.com/advisories/38675/

Sawmill Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38730/

Blue Coat Products TLS Session Renegotiation Plaintext Injection
http://secunia.com/advisories/38728/

TIBCO Administrator Unspecified Security Bypass Vulnerability
http://secunia.com/advisories/38732/

Softbiz Jobs and Recruitment Script Cross-Site Scripting and Request Forgery
http://secunia.com/advisories/38693/

OI.Blogs Multiple Local File Inclusion Vulnerabilities
http://secunia.com/advisories/38726/

TYPO3 Multiple Vulnerabilities
http://secunia.com/advisories/38668/

CA eHealth Performance Manager Cross-Site Scripting Weakness
http://secunia.com/advisories/38694/

Adobe getPlus DLM Unauthorised Installation Vulnerability
http://secunia.com/advisories/38729/

Red Hat update for JBoss Enterprise Web Server
http://secunia.com/advisories/38687/

EMC HomeBase Server Directory Traversal Vulnerability
http://secunia.com/advisories/38660/

Google Picasa JPEG Processing Integer Overflow Vulnerability
http://secunia.com/advisories/38435/

Adobe Download Manager Flaw Lets Remote Users Download and Install Arbitrary Software
http://securitytracker.com/alerts/2010/Feb/1023651.html

CA eHealth Performance Manager Input Validation Hole Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Feb/1023648.html

EMC HomeBase Server Directory Traversal Flaw Lets Remote Users Upload Arbitrary Files
http://securitytracker.com/alerts/2010/Feb/1023647.html

TIBCO Administrator "tibreposerver5.jar" Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/0463

TYPO3 Multiple Cross-Site Scripting and Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/0462

Google Picasa JPEG Image Processing Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0461

CA eHealth Performance Manager Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/0460

MediaCoder v0.7.3.4605 Local Buffer Overflow Exploit
http://www.exploit-db.com/exploits/11573

Mozilla Firefox v3.6 URL Spoofing Vulnerability
http://www.exploit-db.com/exploits/11561

NOS getPlus Downloader Domain Validation Arbitrary File Download Vulnerability
http://www.securityfocus.com/bid/38313

EMC HomeBase Server Directory Traversal Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38380

SavySoda WiFiFTP 'APPE' Command Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38365

IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35671

OpenOffice VBA Macro Restrictions Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/38245

OpenOffice Prior to 3.2 Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/38218

Squid Web Proxy Cache HTCP Request Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38212

WikyBlog Multiple Remote Input Validation Vulnerabilities
http://www.securityfocus.com/bid/38386

MySmartBB Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/38385

phpCOIN Multiple Remote Input Validation Vulnerabilities
http://www.securityfocus.com/bid/12686

GNU gzip LZW Compression Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37886

Google Picasa JPEG Image Processing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/38384

Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935

shortCMS 'printview.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38403

OpenInferno OI.Blogs Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/38402

HD FLV Player Component for Joomla! 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/38401

PHP F1 Max's Photo Album 'admin.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/38400

Softbiz Auktios Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/38399

Apple Safari Style Tag Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38398

Weekly Archive by Node Type Module Weekly Summary Security Bypass Vulnerability
http://www.securityfocus.com/bid/38397

TIBCO Administrator 'TIBRepoServer5.jar' Security Bypass Vulnerability
http://www.securityfocus.com/bid/38396

Kojoney 'urllib.urlopen()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38395

SilverStripe Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/38394

Linux Kernel TSB I-TLB Load Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38393

Bispage Content Manager Admin Page SQL Injection Vulnerability
http://www.securityfocus.com/bid/38392

cronie 'crontab' Symbolic Link Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38391

Softbiz Jobs 'moredetails.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38390

Zhang Boyang FTP Server Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38389

Sawmill Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38387

2010年2月24日水曜日

24日水曜日、大安

+ sudo "sudoedit" Privilege Escalation Security Issue
http://secunia.com/advisories/38659/
+ Todd Miller Sudo 'sudoedit' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38362
+ Sudo "sudoedit" Command Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2010/0450
+ Sudoedit may allow users to run any command
http://www.sudo.ws/sudo/alerts/sudoedit_escalate.html

+ sudo 1.6.9p21, 1.7.2p4 released
http://www.sudo.ws/sudo/stable.html
http://www.ring.gr.jp/archives/misc/sudo/?C=M;O=D

【日本Sambaユーザー会】公式Samba3ノウハウ集日本語版を公開
http://cgi.samba.gr.jp/pipermail/samba-jp/2010-February/002280.html

PostgreSQL 9.0 Alpha 4 Available Now
http://www.postgresql.org/about/news.1183

ウイルスバスターコーポレートエディション 10.0 Service Pack 1 Critical Patch (ビルド 1872) 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1372

Trend Micro Network VirusWall Enforcer 1500i / 3500i 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1370

PtoPネットワークでの個人情報流出をFTCが検出、約100組織に通知
http://itpro.nikkeibp.co.jp/article/NEWS/20100224/344973/?ST=security

JPCERT/CC WEEKLY REPORT 2010-02-24
http://www.jpcert.or.jp/wr/2010/wr100701.html

VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00216.html

ZDI-10-021: Novell NetStorage xsrvd Long Pathname Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00214.html

Kojoney (SSH honeypot) remote DoS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00211.html

ZDI-10-020: EMC HomeBase SSL Service Arbitrary File Upload Remote Code Execution Vulnerabili
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00217.html

CA20100223-01: Security Notice for CA eHealth Performance Manager
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00212.html

[ MDVSA-2010:047 ] fuse
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00213.html

[ MDVSA-2010:046 ] ncpfs
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00218.html

[TKADV2010-003] avast! 4.8 and 5.0 aavmker4.sys Kernel Memory Corruption
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00210.html

[ MDVSA-2010:045 ] php
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00209.html

JVNDB-2010-001084 Cisco Secure Desktop の +CSCOT+/translation におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001084.html

JVNDB-2010-001083 Microsoft Internet Explorer におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001083.html

JVNDB-2009-002508 HP ECMT におけるデータベースにアクセスされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002508.html

JVNDB-2009-002507 Linux kernel の collect_rx_frame 関数における脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002507.html

JVNDB-2010-001082 Apple iPhone OS のリカバリモードにおける任意のデータを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001082.html

JVNDB-2010-001081 Squid の lib/rfc1035.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001081.html

JVNDB-2009-002506 Sun Java SE におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002506.html

JVNDB-2009-002505 JDK および JRE の Java Update 機能における古いバージョンの脆弱性を利用される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002505.html

JVNDB-2010-001080 Adobe ColdFusion のデフォルト設定におけるコレクションのメタデータを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001080.html

JVNDB-2010-001079 Apache HTTP Server の ap_proxy_send_fb 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001079.html

JVNDB-2009-002504 MySQL で使用される yaSSL における複数のスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002504.html

JVNDB-2009-002376 JDK、JRE および SDK におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002376.html

JVNDB-2009-002375 JDK、JRE および SDK におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002375.html

JVNDB-2009-002374 JDK、JRE および SDK の MessageDigest.isEqual 関数における HMAC ベースのデジタル署名の偽装および認証回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002374.html

JVNDB-2009-002373 JDK、JRE および SDK の JPEGImageReader 実装における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002373.html

JVNDB-2009-002372 JDK、JRE および SDK の JPEG Image Writer における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002372.html

JVNDB-2009-002371 JDK、JRE および SDK の JPEG JFIF Decoder における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002371.html

JVNDB-2009-002370 JDK、JRE および SDK の setBytePixels 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002370.html

JVNDB-2009-002369 JDK、JRE および SDK の setDiffICM 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002369.html

JVNDB-2009-002368 JDK、JRE および SDK における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002368.html

JVNDB-2009-002367 JDK、JRE および SDK の HsbParser.getSoundBank 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002367.html

What is your firewall telling you and what is TCP249?
http://isc.sans.org/diary.html?storyid=8293

Linux Kernel NETLINK_CONNECTOR Error Lets Local Users Deny Service
http://securitytracker.com/alerts/2010/Feb/1023646.html

Adobe Download Manager File Download and Execution Vulnerability
http://www.vupen.com/english/advisories/2010/0459

EMC HomeBase SSL Service File Upload Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/0458

Blue Coat Products TLS/SSL Session Renegotiation Vulnerability
http://www.vupen.com/english/advisories/2010/0457

CA Service Desk Tomcat Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/0451

Sudo "sudoedit" Command Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2010/0450

WordPress Trashed Posts Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38368

Adobe Download Manager Unspecified Arbitrary File Download Vulnerability
http://www.securityfocus.com/bid/38313

uplusware UplusFtp Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/38102

Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935

Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37945

Apache Tomcat WAR File Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37944

RETIRED: Easy FTP Server Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/38262

Novell NetStorage Remote Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38087

FUSE 'fusermount' Race Condition Vulnerability
http://www.securityfocus.com/bid/37983

Avast! Antivirus 'aavmKer4.sys' Driver IOCTL Handling Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38363

+ Linux kernel 2.6.32.9 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.9
http://www.linux.org/news/2010/02/23/0001.html

- Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Affects Multiple Server Products in the Sun Java Enterprise System Suite
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1

- Linux Kernel wake_futex_pi() State Error Lets Local Users Deny Service
http://securitytracker.com/alerts/2010/Feb/1023643.html

SUN ALERT WEEKLY SUMMARY REPORT - Week of 14-Feb-2010 to 20-Feb-2010
http://sunsolve.sun.com/search/document.do?assetkey=1-66-277690-1

APSB10-08: Security update available for Adobe Download Manager
http://www.adobe.com/support/security/bulletins/apsb10-08.html

The Apache Software Foundation Announces the 15th Anniversary of the Apache HTTP Web Server
https://blogs.apache.org/foundation/entry/the_apache_software_foundation_announces2

Debian : New Linux 2.6.18 packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31844

Mandriva : php
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31841

SuSE : SUSE Security Summary Report
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31843

Computer Associates : Security Notice for CA Service Desk
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31846

[SECURITY] [DSA 2003-1] New Linux 2.6.18 packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00198.html

CA20100222-01: Security Notice for CA Service Desk
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00190.html

[USN-902-1] Pidgin vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00194.html

Secunia Research: Bournal Insecure Temporary Files Security Issue
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00192.html

Secunia Research: Bournal ccrypt Information Disclosure Security Issue
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00193.html

London DEFCON February meet - DC4420 - Wed 24th Feb 2010
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00204.html

Chuck Norris Botnet and Broadband Routers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00208.html

Hacktics Advisory Feb10: Persistent XSS in Microsoft SharePoint Portal
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00197.html

SEC Consult SA-20100208-0 :: Backdoor and Vulnerabilities in Xerox WorkCentre Printers Web I
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00191.html

Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00196.html

jQuery Validate 1.6.0 Demo Code Advisory
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00202.html

Official Portal 2007 Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00207.html

Easy FTP Server 1.7.0.2 Remote BoF
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00201.html

Request for feedback on TCP security (IETF effort)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00205.html

[ MDVSA-2010:044 ] mysql
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00195.html

[ MDVSA-2010:043 ] libtheora
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00206.html

ZDI-10-019: Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00200.html

[DSECRG-09-039] Symantec Antivirus 10.0 ActiveX - buffer Overflow.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00203.html

RHBA-2010:0118-1: glibc bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0118.html

IBM WebSphere Portal Input Validation Flaw Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Feb/1023645.html

avast! 'aavmker4.sys' IOCTL Processing Bug Lets Local Users Deny Service
http://securitytracker.com/alerts/2010/Feb/1023644.html

Php Auktion Pro "id" SQL Injection Vulnerability
http://secunia.com/advisories/38679/

CA Service Desk Tomcat Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37606/

Debian update for linux-2.6
http://secunia.com/advisories/38673/

SUSE Update for Multiple Packages
http://secunia.com/advisories/38669/

Entry Level CMS "subj" SQL Injection Vulnerability
http://secunia.com/advisories/38688/

avast! Home/Professional "aavmker4.sys" Memory Corruption Vulnerability
http://secunia.com/advisories/38689/

avast! Antivirus "aavmker4.sys" Memory Corruption Vulnerability
http://secunia.com/advisories/38677/

sudo "sudoedit" Privilege Escalation Security Issue
http://secunia.com/advisories/38659/

IBM WebSphere Portal Portlet Palette Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38574/

Ero Auktion "id" SQL Injection Vulnerability
http://secunia.com/advisories/38666/

Ubuntu update for pidgin
http://secunia.com/advisories/38658/

avast! Products "aavmker4.sys" Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2010/0449

IBM WebSphere Portal Portlet Palette Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/0448

Todd Miller Sudo 'sudoedit' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38362

Easy FTP Server (AKA UplusFTP) 'Path' Parameter Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38321

Joomla! Core Design Scriptegrator Component Local File Include Vulnerability
http://www.securityfocus.com/bid/38296

PHP 'session.save_path()' Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/37390

Google Chrome prior to 4.0.249.78 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/37948

Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37068

Linux e1000 Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/37519

Linux Kernel 'hfc_usb.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37036

Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37069

Linux Kernel 'ebtables' Security Bypass Vulnerability
http://www.securityfocus.com/bid/37762

Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36936

Linux Kernel PI Futex Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38165

Linux Kernel 'do_pages_move()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38144

Linux Kernel 'drivers/connector/connector.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38058

PHP 'htmlspecialcharacters()' Malformed Multibyte Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37389

PHP Versions Prior to 5.3.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37079

Expat Unspecified XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37203

PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35440

PHP 'ini_restore()' Memory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36009

MIT Kerberos KDC 'handle_tgt_authdata()' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38260

Fetchmail SSL Certificate Printing Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38088

PHP SAPI 'php_getuid()' Safe Mode Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/32688

Unbound DNS Server NSEC3 Signature Verification DNS Spoofing Vulnerability
http://www.securityfocus.com/bid/37459

GD Graphics Library '_gdGetColors' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36712

PHP 'error_log' Safe Mode Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/32383

Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958

Ruby on Rails 'strip_tags()' Non-Printable Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37142

Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935

IBM WebSphere Portal Portlet Palette Search HTML Injection Vulnerability
http://www.securityfocus.com/bid/38360

Joomla! Ice Gallery Component 'catid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/33008

Microsoft Internet Explorer URI Validation Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37884

Microsoft Windows SMB Client Race Condition Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38100

Microsoft Windows SMB Client Pool Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38093

Pre Multi-Vendor E-Commerce Solution 'detail.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38377

Computer Associates eHealth Performance Manager Web Interface Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/38376

WebKit 'window.open()' method Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/38375

Php Auktion Pro 'news.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38371

WorkSimple 'uploader.php' Remote File Upload Vulnerability
http://www.securityfocus.com/bid/38370

TYPO3 Core Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/38366

SavySoda WiFiFTP 'APPE' Command Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38365

Joomla! 'com_sqlreport' Component SQL Injection Vulnerability
http://www.securityfocus.com/bid/38361

2010年2月23日火曜日

JVNDB-2010-001078 ISC BIND における処理範囲外のデータ処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001078.html

JVNDB-2010-001077 Sun Java System Web Server の WebDAV 実装におけるフォーマットストリングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001077.html

JVNDB-2010-001076 Sun Java System Web Server における複数のヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001076.html

JVNDB-2010-001075 Sun Java System Web Server の WebDAV 実装におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001075.html

JVNDB-2010-001074 Sun Java System Web Server におけるヒープ領域のメモリ格納場所を上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001074.html

JVNDB-2010-001073 Sun Java System Web Server における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001073.html

JVNDB-2010-001072 Sun Java System Web Server におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001072.html

JVNDB-2010-001071 Apache Tomcat におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001071.html

JVNDB-2010-001070 Apache Tomcat におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001070.html

JVNDB-2010-001069 Apache Tomcat の autodeployment プロセスにおける意図された認証要件を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001069.html

JVNDB-2009-002355 Sun Java SE の Java Web Start 実装における署名された JAR ファイルと JNLP アプリケーション処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002355.html

JVNDB-2009-002354 Sun Java SE および OpenJDK の TimeZone.getTimeZone メソッドにおけるローカルファイルの存在を知られる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002354.html

JVNDB-2009-002353 Sun Java SE および OpenJDK の Windows Pluggable Look and Feel (PL&F) における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002353.html

JVNDB-2009-002352 Sun Java SE および OpenJDK の Swing 実装における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002352.html

JVNDB-2009-002351 Sun Java SE および OpenJDK における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002351.html

JVNDB-2009-002350 Sun Java SE および OpenJDK の Abstract Window Toolkit (AWT) における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002350.html

JVNDB-2009-002349 Sun Java SE および OpenJDK の X11 および Win32GraphicsDevice サブシステムにおける getConfigurations 関数による配列の複製に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002349.html

JVNDB-2009-002348 Sun Java SE の TrueType フォント解析機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002348.html

JVNDB-2009-002347 Sun Java SE および OpenJDK の Java Runtime Environment (JRE) におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002347.html

Apache Tomcat Host Manager Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/29502

+ Linux Kernel hda-intel Divide By Zero Error Lets Local Users Deny Service
http://securitytracker.com/alerts/2010/Feb/1023640.html
+ SA38718: Linux Kernel hda-intel Driver "azx_position_ok()" Denial of Service
http://secunia.com/advisories/38718/

+ Linux Kernel Tunnels Initialization Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38303

+ Linux Kernel GRE Protocol Initialization Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38301

- Cisco Security Advisory: SNMP Version 3 Authentication Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml

- SA38594: Linux Kernel TCP RTO Calculation Denial of Service
http://secunia.com/advisories/38594/
- Linux Kernel RTO (Retransmission Timeouts) Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38355

Devel-NYTProf-3.01_92 released
http://search.cpan.org/~timb/Devel-NYTProf-3.01_92/

PostgreSQL-PLPerl-Call-1.005 released
http://search.cpan.org/~timb/PostgreSQL-PLPerl-Call-1.005/

サイベースが、2010年データウェアハウスDBMSマジック・クアドラントのリーダー・クアドラントに
http://www.sybase.jp/detail?id=1067302

サイベースが、TPC-H?ベンチマークでデータウェアハウスと分析機能の最高パフォーマンスを達成
HPシステム上のSybase IQが、1TBのスケールファクタで業界トップの成果を達成
http://www.sybase.jp/detail?id=1067303

サイベース、最新の異種DB間データ移動ミドルウェア「Sybase Replication Server Heterogeneous Edition 15.2」を出荷
Oracle Database 11gをサポートし、お客様の多様なデータ移動ニーズに対応
http://www.sybase.jp/detail?id=1067281

Hacktics : Persistent XSS in Microsoft SharePoint Portal
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31840

SEC-CONSULT : Backdoor and Vulnerabilities in Xerox WorkCentre Printers Web Interface
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31839

Security-Assessment.com : Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31838

New Risks in Penetration Testing
http://isc.sans.org/diary.html?storyid=8287

Not Every Cloud has a Silver Lining
http://isc.sans.org/diary.html?storyid=8290

KDE KRunner Race Condition Lets Physically Local Users Bypass the Screen Lock
http://securitytracker.com/alerts/2010/Feb/1023641.html

Bournal ccrypt Information Disclosure Security Issue
http://secunia.com/advisories/38723/

Bournal Insecure Temporary Files Security Issue
http://secunia.com/advisories/38554/

Joomla Community Polls Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/38692/

Employee Timeclock Software Cross-Site Request Forgery
http://secunia.com/advisories/38662/

Linux Kernel hda-intel Driver "azx_position_ok()" Denial of Service
http://secunia.com/advisories/38718/

WampServer "lang" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38706/

Wsc Cms "Password" SQL Injection Vulnerability
http://secunia.com/advisories/38698/

InDefero Source Access Security Bypass
http://secunia.com/advisories/38664/

Pulse CMS "f" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38650/

PortWise SSL VPN "reloadFrame" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38627/

Linux Kernel TCP RTO Calculation Denial of Service
http://secunia.com/advisories/38594/

Fedora update for konversation
http://secunia.com/advisories/38722/

Fedora update for pdfedit
http://secunia.com/advisories/38721/

PDFedit Xpdf Multiple Vulnerabilities
http://secunia.com/advisories/38713/

Konversation D-Bus Unicode Denial of Service Weakness
http://secunia.com/advisories/38711/

PowerDNS Administrator "lang" File Inclusion Vulnerability
http://secunia.com/advisories/38671/

QSF Portal "lang" File Inclusion Vulnerability
http://secunia.com/advisories/38670/

vBulletin Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/38702/

Fedora update for firefox and xulrunner
http://secunia.com/advisories/38710/

Debian update for polipo
http://secunia.com/advisories/38647/

Debian update for php5
http://secunia.com/advisories/38648/

VideoSearchScript "q" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38701/

Fedora update for seamonkey
http://secunia.com/advisories/38714/

Fedora update for moin
http://secunia.com/advisories/38709/

Fedora update for pidgin
http://secunia.com/advisories/38712/

Galerie Dezign-Box File Upload and SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2010/0444

Arab Cart "id" SQL Injection and Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/0443

vBseo "vbseourl" Parameter Handling Local File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/0442

Article Friendly "username" and "password" SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0441

Sun OpenSolaris Security Update Fixes Pidgin File Disclosure Issue
http://www.vupen.com/english/advisories/2010/0440

Asterisk Dialplan Wildcard Pattern String Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0439

Symantec IM Manager Console Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/0438

Easy FTP Server v1.7.0.2 CWD Remote BoF
http://www.exploit-db.com/exploits/11539

uplusware UplusFtp Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/38102

Linux Kernel RTO (Retransmission Timeouts) Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38355

Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36097

WSC CMS 'Password' Field SQL Injection Vulnerability
http://www.securityfocus.com/bid/38335

Gretech GOM Player '.wav' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38342

Libpurple MSN-SLP Emoticon Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37524

Konversation Unicode IRC Message Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38340

Mozilla Firefox/Thunderbird/SeaMonkey HTML Parser Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38287

Net-SNMP Remote Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/29623

Mozilla Firefox CVE-2010-0159 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/38286

GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37128

Total Video Player '.wav' File Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38343

MoinMoin Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/38023

Xpdf JBIG2 Processing Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34568

Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703

Pidgin Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38294

Quicksilver Forums Local File Include and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/32452

Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
http://www.securityfocus.com/bid/38197

ASCET Interactive Huski CMS 'i' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/38126

ASCET Interactive Huski Retail Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/38129

MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities
http://www.securityfocus.com/bid/37749

Xerox WorkCentre Multiple Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/37921

Core Joomla Community Polls Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/38330

phpBugTracker 'filename' Parameter Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/38337

Linux Kernel Tunnels Initialization Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38303

Linux Kernel GRE Protocol Initialization Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38301

Mozilla Firefox and SeaMonkey SVG Document Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/38288

Mozilla Firefox and SeaMonkey 'showModalDialog' method Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/38289

Mozilla Firefox and SeaMonkey Web Workers Array Data Type Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38285

Pidgin OSCAR Plugin Invalid Memory Access Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36719

Pidgin 'msn_slplink_process_msg()' NULL Pointer Dereference Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36071

Pidgin Libpurple Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/36277

Pulse CMS 'view.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38356

VideoSearchScript 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38354

Bournal Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/38353

Bournal ccrypt Utility Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38352

Total Video Player '.avi' File Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38350

Galerie Dezign-Box Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/38347

Chasys Media Player '.mid' File Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38346

Softbiz Jobs 'news_desc.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38344

Article Friendly 'Username' Field Login SQL Injection Vulnerability
http://www.securityfocus.com/bid/38341

2010年2月22日月曜日

22日月曜日、先負

GCC 4.5 Status Report (2010-02-21)
http://gcc.gnu.org/ml/gcc/2010-02/msg00270.html
http://gcc.gnu.org/gcc-4.5/changes.html

JVNDB-2010-001068 Microsoft Internet Explorer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001068.html

JVNDB-2010-001067 Microsoft Internet Explorer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001067.html

JVNDB-2010-001066 Microsoft Internet Explorer の URL 検証における任意のローカルプログラムを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001066.html

JVNDB-2010-001065 Microsoft Internet Explorer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001065.html

JVNDB-2010-001064 Microsoft Internet Explorer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001064.html

JVNDB-2010-001063 Microsoft Internet Explorer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001063.html

JVNDB-2009-002503 Microsoft Internet Explorer の XSS フィルタにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002503.html

JVNDB-2010-001062 ISC BIND における DNS キャッシュ汚染の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001062.html

JVNDB-2010-001061 Microsoft Windows の kernel における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001061.html

Joomla! 'com_recipe' Component Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/38336

+ SA38558: ActivePerl UTF-8 Denial of Service Vulnerability
http://secunia.com/advisories/38558/
http://www.securityfocus.com/bid/36812

+ Samba 'client/mount.cifs.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38326

[ANNOUNCE] MyFaces Core v2.0.0-beta-2 Release
http://myfaces.apache.org/download.html

- A Security Vulnerability in Solaris Pidgin (see pidgin(1)) May Allow Remote Unprivileged Users to Access Arbitrary Files
http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1

Samba 3.5.0rc3 Available for Download
http://news.samba.org/releases/3.5.0rc3/

Samba 3.5.0RC3がリリースされました
http://samba.org/samba/ftp/rc/WHATSNEW-3-5-0rc3.txt

OSC 2010 Tokyo/Springにて、Samba活用テクニック＆Windows 7対応状況というセミナーを行います。
http://www.ospn.jp/osc2010-spring/modules/eguide/event.php?eid=26

Dovecot 2.0.beta3 released
http://www.dovecot.org/list/dovecot-news/2010-February/000151.html

Dovecot blog
http://www.dovecot.org/list/dovecot-news/2010-February/000150.html

Kernel release: 2.6.32.9-rc1
http://www.linux.org/news/2010/02/19/0001.html

Devel-NYTProf-3.01_91 released
http://search.cpan.org/~timb/Devel-NYTProf-3.01_91/

Ariko-Security : SQL injection vulnerability in Amelia CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31825

Debian : New php5 packages fix multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31820

Asterisk : Dialplan injection vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31824

Debian : New xulrunner packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31818

Debian : New ffmpeg packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31819

[ MDVSA-2010:042 ] firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00187.html

[SECURITY] [DSA-2002-1] New polipo packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00186.html

[SECURITY] [DSA-2001-1] New php5 packages fix multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00184.html

SQL injection vulnerability in Amelia CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00183.html

AST-2010-002: Dialplan injection vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00182.html

[USN-890-5] XML-RPC for C and C++ vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00181.html

[SECURITY] [DSA 2000-1] New ffmpeg packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00180.html

Looking for "more useful" malware information? Help develop the format.
http://isc.sans.org/diary.html?storyid=8275

TCP Port 12174 Request For Packets
http://isc.sans.org/diary.html?storyid=8281

Is "Green IT" Defeating Security?
http://isc.sans.org/diary.html?storyid=8269

Cyber Shockwave
http://isc.sans.org/diary.html?storyid=8272

phpAutoVideo Cross-Site Request Forgery
http://secunia.com/advisories/38646/

LiteSpeed Web Server Cross-Site Request Forgery
http://secunia.com/advisories/38645/

Asterisk Dialplan Wildcard Pattern Weakness
http://secunia.com/advisories/38641/

Kusaba X Cross-Site Request Forgery
http://secunia.com/advisories/38685/

Kusaba X "reportreason" Script Insertion Vulnerability
http://secunia.com/advisories/38674/

FileApp FTP Request Processing Denial of Service
http://secunia.com/advisories/38632/

OCS Inventory NG Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/38684/

OCS Inventory NG "login" SQL Injection Vulnerability
http://secunia.com/advisories/38665/

OCS Inventory NG Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/38615/

Ubuntu update for xmlrpc-c
http://secunia.com/advisories/38642/

Red Hat update for pidgin
http://secunia.com/advisories/38640/

Red Hat update for acroread
http://secunia.com/advisories/38639/

Huawei HG510 Security Bypass and Cross-Site Request Forgery Vulnerabilities
http://secunia.com/advisories/38591/

ActivePerl UTF-8 Denial of Service Vulnerability
http://secunia.com/advisories/38558/

Debian update for ffmpeg
http://secunia.com/advisories/38643/

Symantec IM Manager Script Insertion Vulnerability
http://secunia.com/advisories/38672/

Debian update for xulrunner
http://secunia.com/advisories/38644/

Fedora update for systemtap
http://secunia.com/advisories/38680/

SUSE update for kernel
http://secunia.com/advisories/38683/

Fedora update for krb5
http://secunia.com/advisories/38682/

Cisco Firewall Services Module SCCP Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/0418

Cisco PIX 500 Authentication Bypass and Denial of Service Issues
http://www.vupen.com/english/advisories/2010/0417

Cisco Security Agent SQL Injection and Directory Traversal Vulnerabilities
http://www.vupen.com/english/advisories/2010/0416

MySQL 'sql/sql_table.cc' CREATE TABLE Security Bypass Vulnerability
http://www.securityfocus.com/bid/38043

Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37368

Mozilla Firefox/Thunderbird/SeaMonkey HTML Parser Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38287

Mozilla Firefox CVE-2010-0159 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/38286

Mozilla Firefox and SeaMonkey SVG Document Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/38288

Mozilla Firefox and SeaMonkey 'showModalDialog' method Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/38289

Mozilla Firefox and SeaMonkey Web Workers Array Data Type Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38285

Polipo Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/37463

SoftArtisans XFile FileManager ActiveX Control Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/30826

PHP 'htmlspecialcharacters()' Malformed Multibyte Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37389

PHP 'session.save_path()' Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/37390

Symantec Client Proxy ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38222

LiteSpeed Web Server Cross Site Scripting and Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/38317

Linux e1000e Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/37523

Linux e1000 Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/37519

Linux Kernel KVM Multiple Privilege Escalation and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38158

Linux Kernel KVM '/dev/port' Device Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38086

Red Hat Linux Kernel Routing Implementation Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/37875

Linux Kernel RTL8169 NIC 'RxMaxSize' Frame Size Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37521

Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/26943

OCS Inventory NG Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/38315

SAP J2EE Engine Core Unspecified Phishing Vulnerability
http://www.securityfocus.com/bid/38183

Adobe Acrobat and Reader CVE-2010-0188 Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38195

Mozilla Firefox Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38298

FFmpeg Version 0.5 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/36465

Battery Life Toolkit 'bltk_sudo' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37996

MIT Kerberos KDC 'handle_tgt_authdata()' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38260

Perl UTF-8 Regular Expression Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36812

SystemTap 'stat-server' Remote Arbitrary Command Injection Vulnerability
http://www.securityfocus.com/bid/37842

SystemTap '__get_argv()' and '__get_compat_argv()' Local Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/38120

Coppermine Photo Gallery Multiple Remote Command Execution Vulnerabilities
http://www.securityfocus.com/bid/27512

New-CMS Multiple Local File Include and HTML-Injection Vulnerabilities
http://www.securityfocus.com/bid/38307

Infragistics NetAdvantage for Web Client Directory Traversal Vulnerability
http://www.securityfocus.com/bid/38333

IBM WebSphere Service Registry and Repository Configuration Property Security Bypass
http://www.securityfocus.com/bid/38332

Demo Auktionshaus 'news.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38331

Core Joomla Community Polls Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/38330

Social Web CMS 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38329

IBM WebSphere Commerce Encryption Key Remote Security Vulnerability
http://www.securityfocus.com/bid/38327

Samba 'client/mount.cifs.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38326

PHPKIT 'include.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38324

Fonality trixbox 'PhoneDirectory.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38323

Amelia CMS 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38322

Easy FTP Server 'Path' Parameter Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38321

登録: 投稿 (Atom)

2010年2月26日金曜日

26日 金曜日、先勝

2010年2月25日木曜日

25日 木曜日、赤口

2010年2月24日水曜日

24日 水曜日、大安

2010年2月23日火曜日

23日 火曜日、仏滅

2010年2月22日月曜日

22日 月曜日、先負

26日金曜日、先勝

25日木曜日、赤口

24日水曜日、大安

23日火曜日、仏滅

22日月曜日、先負