- HS10-002: Problem with file permissions in JP1/Cm2/Network Node Manager Remote Console
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-002/index.html
- HS10-002: JP1/Cm2/Network Node Managerのリモートコンソールにおけるファイルパーミッションの問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-002/index.html
Sendmail 8.14.5.Alpha0 is available for testing
http://www.sendmail.org/
Trend Micro Data Loss Prevention/Virtual Appliance 5.2 公開とサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1371
HS10-001: Cross-site Scripting Vulnerability in uCosminexus Portal Framework
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-001/index.html
【障害情報】WebSphere関連製品におけるTLS/SSL脆弱性(CVE-2009-3555)の影響について (WAS-10-00B)
http://www-06.ibm.com/ibm/jp/security/info/websphere/si20100225a.html
2009年はPDF関連の脅威が急増、新たな脆弱性発見は11%減少
http://itpro.nikkeibp.co.jp/article/Research/20100226/345124/?ST=security
Microsoft、ボットネット「Waledac」の通信遮断で「大きな成果」
http://itpro.nikkeibp.co.jp/article/NEWS/20100226/345119/?ST=security
「500台のPCが感染、復旧までに1週間」――ウイルス退治の舞台裏
猛威を振るい続ける「ダウンアド」ウイルス、トレンドが実態を報告
http://itpro.nikkeibp.co.jp/article/NEWS/20100225/345117/?ST=security
「パスワードの使い回しを防ぐ方法教えます」――米セキュリティ企業
「サービスごとに異なる文字列挿入」や「パスワード管理ソフト」が効果的
http://itpro.nikkeibp.co.jp/article/NEWS/20100225/345116/?ST=security
JVNVU#166739 APC Network Management Card のウェブインターフェースに複数の脆弱性
http://jvn.jp/cert/JVNVU166739/index.html
JVNDB-2010-001088 uCosminexus Portal Framework におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001088.html
JVNDB-2010-001087 Linux カーネルの IPv6 jumbogram 処理に脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001087.html
JVNDB-2010-001086 gzip の huft_build 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001086.html
JVNDB-2009-001949 Microsoft Visual Studio の ATL におけるオブジェクトのインスタンス化処理に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001949.html
JVNDB-2009-001911 XML 署名の検証において認証回避が可能な問題
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001911.html
JVNDB-2006-000532 複数の RSA 実装において署名が正しく検証されない脆弱性
http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000532.html
New version of dnsmap
http://isc.sans.org/diary.html?storyid=8302
Asterisk Access Control Parsing Error May Let Remote Users Bypass Access Controls
http://securitytracker.com/alerts/2010/Feb/1023657.html
[ANNOUNCE] Release of Lucene Java 3.0.1 and 2.9.2
http://lucene.apache.org/java/3_0_1/changes/Changes.html
http://lucene.apache.org/java/2_9_2/changes/Changes.html
+ OpenSSL 0.9.8m released
http://www.openssl.org/source/
+ Windows API Bug Lets Local Users Deny Service
http://securitytracker.com/alerts/2010/Feb/1023656.html
+ Microsoft Windows Unspecified Denial of Service Vulnerability
http://www.securityfocus.com/bid/38420
[ANNOUNCEMENT] Commons Daemon 1.0.2 released
http://commons.apache.org/daemon/
Security Vulnerability in the Sun Java System Directory Server May Allow Crafted LDAP Search Requests To Cause A Denial Of Service (DoS) Condition
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275711-1
Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Affects Multiple Server Products in the Sun Java Enterprise System Suite
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1
Thunderbird 3.0.2 update is now available for download
http://www.mozillamessaging.com/en-US/about/press/archive/-01
http://www.mozillamessaging.com/en-US/thunderbird/3.0.2/releasenotes/
(参考)WCM のログインページにおける XSS に関する脆弱性の問題(WebSphere Portal や Lotus Quickr services for WebSphere Portal にも影響あり)
http://www-06.ibm.com/jp/domino04/lotus/support/faqs/faqs.nsf/all/733903
Ariko-Security : SQL injection vulnerability in WebAdministrator Lite CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31864
Hacktics : XSS in IBM WebSphere Portal & Lotus WCM
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31863
Independent Researcher : XSS vulnerability in RedBanc.cl (interbank network)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31865
Nikolas Sotiriu : DATEV ActiveX Control remote command execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31862
US-CERT : Malicious Activity Associated with "Aurora" Internet Explorer Exploit
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31860
Ariko-Security : SQL injection vulnerability in LiveChatNow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31866
iDEFENSE : Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31861
Form-based HTTP Authentication Proof of Concept
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00227.html
[ MDVSA-2010:048 ] roundcubemail
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00226.html
SQL injection vulnerability in WebAdministrator Lite CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00228.html
Hacktics Advisory Feb10: XSS in IBM WebSphere Portal & Lotus WCM
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00224.html
NSOADV-2010-003: DATEV ActiveX Control remote command execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00225.html
Microsoft, restraining orders, and how a big botnet (waledec) ate curb.
http://isc.sans.org/diary.html?storyid=8299
Softbiz Link Directory Script "sbcat_id" SQL Injection Vulnerability
http://secunia.com/advisories/38703/
Joomla HD FLV Player Component "id" SQL Injection Vulnerability
http://secunia.com/advisories/38691/
tDiary Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38742/
GNU M4 "make dist" Insecure Directory Permissions
http://secunia.com/advisories/38707/
Drupal Weekly Archive by Node Type Module Information Disclosure
http://secunia.com/advisories/38717/
Datev DVBSExeCall ActiveX Control "ExecuteExe()" Vulnerability
http://secunia.com/advisories/38716/
Symantec Altiris Deployment Solution dbmanager.exe Denial of Service
http://secunia.com/advisories/38719/
Drupal Facebook-style Statuses (Microblog) Module Status Manipulation
http://secunia.com/advisories/38750/
rbot "reaction" Plugin rbot Command Execution Security Issue
http://secunia.com/advisories/38738/
Article Friendly Multiple Vulnerabilities
http://secunia.com/advisories/38676/
Newbie CMS Authentication Security Bypass
http://secunia.com/advisories/38743/
WikyBlog "which" Cross-Site Scripting Vulnerabillity
http://secunia.com/advisories/38699/
Ubuntu update for squid
http://secunia.com/advisories/38686/
Windows API Bug Lets Local Users Deny Service
http://securitytracker.com/alerts/2010/Feb/1023656.html
Google Picasa Integer Overflow in Processing JPEG Images Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Feb/1023652.html
Rbot Reaction Plugin Remote Command Execution Vulnerability
http://www.vupen.com/english/advisories/2010/0469
WikyBlog "which" Parameter Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/0468
Todd Miller Sudo 'sudoedit' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38362
Mozilla Firefox and SeaMonkey 'showModalDialog' method Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/38289
NOS getPlus Downloader Domain Validation Arbitrary File Download Vulnerability
http://www.securityfocus.com/bid/38313
APC Network Management Card Cross Site Request Forgery and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/37338
OpenInferno OI.Blogs Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/38402
Symantec Altiris Deployment Solution 'dbmanager.exe' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38410
Sun Java System Directory Server LDAP Search Request Denial of Service Vulnerability
http://www.securityfocus.com/bid/37899
Multiple Vendors Email Clients DNS prefetching Domain Name Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38046
GNU Automake Insecure Directory Permissions Vulnerability
http://www.securityfocus.com/bid/37378
Multiple IBM Products Login Page Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38412
Symantec AntiVirus and Symantec Endpoint Protection Scan Evasion Vulnerability
http://www.securityfocus.com/bid/38219
Mozilla Firefox and SeaMonkey Web Workers Array Data Type Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38285
Mozilla Firefox/Thunderbird/SeaMonkey HTML Parser Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38287
Mozilla Firefox CVE-2010-0159 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/38286
Mozilla Firefox and SeaMonkey SVG Document Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/38288
Multiple Adobe Products Unspecified Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/38198
Adobe Flash Player and AIR (CVE-2010-0187) Unspecified Denial of Service Vulnerability
http://www.securityfocus.com/bid/38200
Linux Kernel 'azx_position_ok()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38348
Linux e1000e Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/37523
Linux Kernel 'drivers/connector/connector.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38058
Linux Kernel 'do_pages_move()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38144
Pidgin Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38294
VKPlayer '.mid' File Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38423
Entry Level CMS 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38422
Newbie CMS Insecure Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/38421
Microsoft Windows Unspecified Denial of Service Vulnerability
http://www.securityfocus.com/bid/38420
Softbiz Recipes Portal and Link Directory Script 'showcats.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38418
JSK Internet WebAdministrator 'download.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38416
DateV 'DVBSExeCall.ocx' ActiveX Control Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/38415
GameScript 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38414
tDiary TrackBack Transmission Plugin Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/38413
Article Friendly Security Bypass Vulnerability
http://www.securityfocus.com/bid/38409
0 件のコメント:
コメントを投稿