SUN ALERT WEEKLY SUMMARY REPORT - Week of 31-Jan-2010 to 06-Feb-2010
http://sunsolve.sun.com/search/document.do?assetkey=1-66-277050-1
Postfix 2.7.0 stable release candidate 2
http://mirror.postfix.jp/postfix-release/official/postfix-2.7.0-RC2.HISTORY
Postfix 2.8 Snapshot 20100208
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.8-20100208.HISTORY
Trend Micro Mobile Security 5.1 Patch 1 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1364
JVNDB-2010-001011 Microsoft Windows XP で提供される Adobe Flash Player 6 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001011.html
JVNDB-2010-001010 Microsoft Windows の Embedded OpenType フォントエンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001010.html
JVNDB-2009-002496 Adobe Acrobat におけるファイル拡張子の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002496.html
JVNDB-2009-002495 Adobe Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002495.html
JVNDB-2009-002494 Adobe Acrobat におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002494.html
JVNDB-2009-002493 Adobe Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002493.html
JVNDB-2009-002492 Adobe Acrobat の画像デコーダにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002492.html
JVNDB-2009-002418 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002418.html
JVNDB-2009-002417 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002417.html
JVNDB-2009-002416 Adobe Flash Player および Adobe AIR におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002416.html
JVNDB-2009-002411 BIND 9 の DNSSEC 検証処理における脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002411.html
JVNDB-2009-002344 CUPS の cupsd におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002344.html
JVNDB-2009-001957 Mozilla NSS における X.509 証明書を偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001957.html
When is a 0day not a 0day? Samba symlink bad default config
http://isc.sans.org/diary.html?storyid=8188
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
+ [ANN] Release of Ant 1.8.0
http://ant.apache.org/
http://ant.apache.org/bindownload.cgi
+ HPSBUX02503 SSRT100019 rev.1 - HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01997760
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00083.html
- Linux Kernel "do_pages_move()" Information Disclosure and Denial of Service
http://secunia.com/advisories/38502/
http://securitytracker.com/alerts/2010/Feb/1023554.html
http://www.securityfocus.com/bid/38144
- HPSBMA02487 SSRT100024 rev.1 - HP Operations Agent Running on Solaris 10, Remote Unauthorized Access
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c02002298
[ANNOUNCE] Apache Tuscany SCA Java 1.6 released
http://tuscany.apache.org/sca-java-releases.html
Enhanced VMotion Compatibility (EVC) processor support
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1003212&sliceId=1&docTypeID=DT_KB_1_1
Independent Researcher : JDownloader Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31688
MustLive : Vulnerability in Tagcloud for DataLife Engine
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31689
MustLive : Suspected SpamVulnerability in Tagcloud for DataLife Engine
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31694
Core Security Technologies : Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31687
[security bulletin] HPSBUX02503 SSRT100019 rev.1 - HP-UX Running Java, Remote Increase in Pr
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00083.html
[security bulletin] HPSBMA02487 SSRT100024 rev.1 - HP Operations Agent Running on Solaris 10, Re
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00082.html
[ MDVSA-2010:034 ] kernel
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00081.html
CORELAN-10-010 - GeFest Web HomeServer v1.0 Remote Directory Traversal Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00069.html
[DSECRG-09-065] TVUPlayer PlayerOcx.ocx ActiveX - Insecure method
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00070.html
mongoose Space Character Remote File Disclosure Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00074.html
[Suspected Spam]Vulnerability in Tagcloud for DataLife Engine
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00068.html
[MajorSecurity Advisory #65]Motorola Milestone Smartphone Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00076.html
LDF (Default.asp) Sql Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00075.html
シマンテックが情報漏洩対策ソフトの新版、他社製暗号化ソフトとの連携が可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20100208/344362/?ST=security
When is a 0day not a 0day? Fake OpenSSh exploit, again.
http://isc.sans.org/diary.html?storyid=8185
JaxCMS "p" Local File Inclusion Vulnerability
http://secunia.com/advisories/38524/
OTRS SQL Injection Vulnerabilities
http://secunia.com/advisories/38507/
Testa OTMS Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/38505/
Linux Kernel "do_pages_move()" Information Disclosure and Denial of Service
http://secunia.com/advisories/38502/
Fedora update for chrony
http://secunia.com/advisories/38498/
AudiStat Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/38494/
odlican.net CMS Arbitrary File Upload Security Issue
http://secunia.com/advisories/38488/
httpdx "f_command()" FTP Command Format String Vulnerability
http://secunia.com/advisories/38486/
DA Mailing List System "adm_login" and "adm_password" SQL Injection
http://secunia.com/advisories/38482/
evalSMSI Multiple Vulnerabilities
http://secunia.com/advisories/38478/
Oracle WebLogic Server Node Manager Unspecified Vulnerability
http://secunia.com/advisories/38473/
Zen Time Tracking Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/38471/
Joomla Productbook Component "id" SQL Injection Vulnerability
http://secunia.com/advisories/38466/
Document Manager Unspecified Security Issue
http://secunia.com/advisories/38441/
Rostermain "userid" and "password" SQL Injection Vulnerabilities
http://secunia.com/advisories/38440/
Uiga Business Portal SQL Injection and Script Insertion Vulnerabilities
http://secunia.com/advisories/38430/
Oracle Database Two Security Issues
http://secunia.com/advisories/38353/
HP OpenView Operations Agent Blank 'opc_op' Password Lets Remote Users Access the System
http://securitytracker.com/alerts/2010/Feb/1023555.html
Linux Kernel Flaw in do_pages_move() Lets Local Users Obtain Kernel Memory and Deny Service
http://securitytracker.com/alerts/2010/Feb/1023554.html
Productbook for Joomla "id" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0322
Belkatalog CMS "lnk" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0321
Croogo Admin Interface Cross Site Request Forgery Vulnerabilities
http://www.vupen.com/english/advisories/2010/0320
Killmonster "isadmin" and "password" SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2010/0319
Rostermain "userid" and "password" SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2010/0318
Uiga Business Portal SQL Injection and Cross Site Scripting Issues
http://www.vupen.com/english/advisories/2010/0317
IBM WebSphere Application Server "Requires SSL" Bypass Issue
http://www.vupen.com/english/advisories/2010/0316
LANDesk Management Gateway Multiple Input Validation Vulnerabilities
http://www.vupen.com/english/advisories/2010/0315
Sun Java SE November 2009 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36881
Oracle 11gR2 Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/38115
Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37068
Linux Kernel 'hfc_usb.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37036
Joomla! 'com_photoblog' Component 'blog' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/38136
OpenBB Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/38134
OCS Inventory NG Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/38131
CounterPath X-Lite '.wav' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38130
odlican.net CMS 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/38128
Samba Symlink Directory Traversal Vulnerability
http://www.securityfocus.com/bid/38111
Linux Kernel 'fasync_helper()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37806
Linux e1000 Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/37519
Linux Kernel 'ipv6_hop_jumbo()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37810
Linux Kernel 'ebtables' Security Bypass Vulnerability
http://www.securityfocus.com/bid/37762
Linux Kernel 'print_fatal_signal()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37724
Linux e1000e Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/37523
Linux Kernel 'megaraid_sas' Driver Insecure File Permission Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37019
EncapsCMS 'common_foot.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/22319
Oracle WebLogic Server Node Manager 'beasvc.exe' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/37926
Wireshark Dissector LWRES Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/37985
Novell iPrint Client Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/37242
Chrony 1.23 and Prior Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38106
Sun Solaris 'CODE_GET_VERSION IOCTL' Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38016
Digital Arakan Infotech Mailing List System 'admloginchk.asp' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/38151
HP Operations Agent Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/38150
gnome-screensaver Monitor Removal Lock Bypass Vulnerability
http://www.securityfocus.com/bid/38149
Aflam Online 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38147
OTRS Core System Multiple Unspecified SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/38146
Mongoose Space String Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/38145
Linux Kernel 'do_pages_move()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38144
JDownloader 'JDExternInterface.java' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38143
Exponent CMS 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/38142
GeFest Web Home Server Remote Directory Traversal Vulnerability
http://www.securityfocus.com/bid/38141
Baal Systems 'adminlogin.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/38139
Joomla! 'com_productbook' Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/38137
Apple Safari Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38133
Mozilla Firefox and SeaMonkey Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38132
0 件のコメント:
コメントを投稿