2010年3月10日水曜日

10日 水曜日、先勝

- マイクロソフト セキュリティ アドバイザリ (981374): Internet Explorer の脆弱性により、リモートでコードが実行される
http://www.microsoft.com/japan/technet/security/advisory/981374.mspx

What's My Firewall Telling Me? (Part 4)
http://isc.sans.org/diary.html?storyid=8395

Microsoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7
http://isc.sans.org/diary.html?storyid=8398

Microsoft Internet Explorer Invalid Pointer Reference Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Mar/1023699.html

InterScan Web Security Suite 3.1 Windows版 Patch 1 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1373

JPCERT/CC WEEKLY REPORT 2010-03-10
http://www.jpcert.or.jp/wr/2010/wr100901.html

JVNVU#744549 Microsoft Internet Explorer における解放済みメモリを使用する脆弱性
http://jvn.jp/cert/JVNVU744549/index.html

JVNTA10-068A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA10-068A/index.html

JVNDB-2010-001140 複数の Cisco 製品におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001140.html

JVNDB-2010-001139 複数の Cisco 製品におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001139.html

JVNDB-2010-001138 Cisco Adaptive Security Appliance におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001138.html

JVNDB-2010-001137 Cisco Adaptive Security Appliance におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001137.html

JVNDB-2010-001136 Cisco Firewall Services Module におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001136.html

JVNDB-2010-001135 複数の Cisco 製品におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001135.html

JVNDB-2010-001134 複数の Cisco 製品におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001134.html

JVNDB-2010-001133 複数の Cisco 製品におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001133.html




+ マイクロソフト セキュリティ情報 2010 年 3 月のセキュリティ情報
http://www.microsoft.com/japan/technet/security/bulletin/ms10-mar.mspx

+ MS10-016 - 重要: Windows ムービー メーカーの脆弱性により、リモートでコードが実行される (975561)
http://www.microsoft.com/japan/technet/security/bulletin/ms10-016.mspx
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31953
http://www.securitytracker.com/id?1023697
http://secunia.com/advisories/38791/
http://www.vupen.com/english/advisories/2010/0565
http://www.securityfocus.com/bid/38515

+ MS10-017 - 重要: Microsoft Office Excel の脆弱性により、リモートでコードが実行される (980150)
http://www.microsoft.com/japan/technet/security/bulletin/ms10-017.mspx
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31954
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00079.html
http://www.securitytracker.com/id?1023698
http://secunia.com/advisories/38805/
http://www.vupen.com/english/advisories/2010/0566
http://www.securityfocus.com/bid/38555
http://www.securityfocus.com/bid/38554
http://www.securityfocus.com/bid/38553
http://www.securityfocus.com/bid/38552
http://www.securityfocus.com/bid/38551
http://www.securityfocus.com/bid/38550
http://www.securityfocus.com/bid/38547

+ [Announce] GnuPG 2.0.15 released
http://lists.gnupg.org/pipermail/gnupg-announce/2010q1/000299.html

+ Security Vulnerability in the Apache 1.3 "mod_perl" Module Component "Status.pm" May Lead to Unauthorized Access to Data
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274110-1

+- SA38804: Samba "CAP_DAC_OVERRIDE" File Permissions Security Bypass
http://secunia.com/advisories/38804/
http://www.vupen.com/english/advisories/2010/0560
http://www.securityfocus.com/bid/38606

+ SA38863: Linux Kernel Video Output Status Denial of Service
http://secunia.com/advisories/38863/

+ Microsoft Security Advisory (981374): Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/981374.mspx
http://www.kb.cert.org/vuls/id/744549
http://www.vupen.com/english/advisories/2010/0567
http://www.securityfocus.com/bid/38615

- SA38881: Dovecot Mailbox Large Header Denial of Service
http://secunia.com/advisories/38881/

Document ID: 346656: Windows Server Failover Cluster will not offline Volume Manager Disk Group resource (VMDg) configured with a volume Dirty Region Log (DRL) enabled
http://seer.entsupport.symantec.com/docs/346656.htm

Independent Researcher : Ubisoft DDoS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31949

Microsoft : Vulnerability in Windows Movie Maker Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31953

Microsoft : Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31954

Debian : New typo3-src packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31948

Independent Researcher : ZoneAlarm Security Circumvention
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31952

Slackware Linux : httpd
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31947

SuSE : security-announce SUSE Security Announcement: Linux kernel
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31939

US-CERT Technical Cyber Security Alert TA10-068A -- Microsoft Updates for Multiple V
http://www.derkeiler.com/Mailing-Lists/Cert/2010-03/msg00001.html

ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00079.html

[security bulletin] HPSBMA02489 SSRT090065 rev.1 - HP Performance Insight , Remote Execution of
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00078.html

SQL injection vulnerability in wILD CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00075.html

IBM ENOVIA SmarTeam v5 Cross Site Scripting Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00076.html

Croogo CMS 1.2 Cross Site Scripting Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00073.html

[SECURITY] [DSA 2008-1] New typo3-src packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00077.html

「ボット埋め込みや偽ソフト感染も」――ガンブラーの真の脅威
「パスワードを盗まれるだけではすまない」、シマンテックが解説
http://itpro.nikkeibp.co.jp/article/NEWS/20100310/345586/?ST=security

チェック・ポイント、仮想デスクトップとVPNを搭載した暗号化USBメモリー「Abra」を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20100309/345554/?ST=security

March 2010 - Microsoft Patch Tuesday Diary
http://isc.sans.org/diary.html?storyid=8392

Vodafone Android Phone: Complete with Mariposa Malware
http://isc.sans.org/diary.html?storyid=8389

Vulnerability Note VU#744549: Microsoft Internet Explorer iepeers.dll use-after-free vulnerability
http://www.kb.cert.org/vuls/id/744549

Microsoft Office Excel Bugs Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Mar/1023698.html

Windows Movie Maker Buffer Overflow Lets Remote Users Cause Arbitrary Code to Be Executed
http://securitytracker.com/alerts/2010/Mar/1023697.html

SSH Tectia Audit Player Multiple Vulnerabilities
http://secunia.com/advisories/38858/

Internet Explorer Unspecified Code Execution Vulnerability
http://secunia.com/advisories/38860/

Microsoft Office Excel Multiple Vulnerabilities
http://secunia.com/advisories/38805/

Microsoft Producer Project File Parsing Buffer Overflow
http://secunia.com/advisories/38845/

Microsoft Windows Movie Maker Buffer Overflow Vulnerability
http://secunia.com/advisories/38791/

bbsmax "action" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38873/

MediaWiki Multiple Vulnerabilities
http://secunia.com/advisories/38856/

lshell Command and Path Restriction Bypass Security Issues
http://secunia.com/advisories/38879/

TikiWiki CMS/Groupware Multiple Vulnerabilities
http://secunia.com/advisories/38896/

DZ Auktionshaus "V4.rgo" "id" SQL Injection Vulnerability
http://secunia.com/advisories/38886/

TikiWiki CMS/Groupware Multiple Vulnerabilities
http://secunia.com/advisories/38882/

eGroupWare Cross-Site Scripting and Arbitrary Command Execution Vulnerabilities
http://secunia.com/advisories/38859/

Dovecot Mailbox Large Header Denial of Service
http://secunia.com/advisories/38881/

HP Performance Insight Arbitrary Command Execution Vulnerability
http://secunia.com/advisories/38899/

eclime Multiple Vulnerabilities
http://secunia.com/advisories/38307/

Debian update for typo3-src
http://secunia.com/advisories/38892/

Samba "CAP_DAC_OVERRIDE" File Permissions Security Bypass
http://secunia.com/advisories/38804/

Eshbel Priority Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38787/

Juniper Networks Secure Access "row" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38841/

SpamAssassin Milter Plugin Shell Command Injection
http://secunia.com/advisories/38840/

Linux Kernel Video Output Status Denial of Service
http://secunia.com/advisories/38863/

Fedora update for bournal
http://secunia.com/advisories/38814/

Fedora update for curl
http://secunia.com/advisories/38843/

Easy FTP Server v1.7.0.2 CWD Remote BoF - MSF Module
http://www.exploit-db.com/exploits/11668

Apache Spamassassin Milter Plugin Remote Root Command Execution
http://www.exploit-db.com/exploits/11662

SAP GUI version 7.10 WebViewer3D Active-X JIT-Spray Exploit
http://www.exploit-db.com/exploits/11661

Lenovo Hotkey Driver <= v5.33 Privilege Escalation http://www.exploit-db.com/exploits/11663

Microsoft Internet Explorer Use-after-free Code Execution Vulnerability (0day)
http://www.vupen.com/english/advisories/2010/0567

Microsoft Office Excel Multiple Code Execution Vulnerabilities (MS10-017)
http://www.vupen.com/english/advisories/2010/0566

Microsoft Windows Movie Maker Code Execution Vulnerability (MS10-016)
http://www.vupen.com/english/advisories/2010/0565

Samba "CAP_DAC_OVERRIDE" Capability Security Bypass Issue
http://www.vupen.com/english/advisories/2010/0560

Milter Plugin for SpamAssassin "mlfi_envrcpt()" Shell Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0559

Juniper Networks Secure Access "row" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/0558

IBM AIX "qosmod" Command Buffer Overflow Privilege Escalation Issue
http://www.vupen.com/english/advisories/2010/0557

IBM AIX "qoslist" Command Buffer Overflow Privilege Escalation Issue
http://www.vupen.com/english/advisories/2010/0556

HP Performance Insight Remote Command Execution Vulnerability
http://www.vupen.com/english/advisories/2010/0555

Apache "mod_isapi" Module Unloading Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/0554

RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/38540

Microsoft Excel DbOrParamQry Record Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38555

Microsoft Windows Movie Maker and Producer '.mswmm' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38515

Microsoft Internet Explorer 'iepeers.dll' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38615

OpenLDAP X.509 Certificate NULL Character Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36844

HP Performance Insight Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/38611

Microsoft Excel XLSX File Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38554

Opera Web Browser 'Content-Length' Header Integer Overflow Vulnerability
http://www.securityfocus.com/bid/38519

Multiple Apple Wireless Products FTP Port Forward Security Bypass Vulnerability
http://www.securityfocus.com/bid/38543

Microsoft Virtual PC and Virtual Server Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35601

Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34383

IBM Informix Dynamic Server 'librpc.dll' Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/38471

Symantec Client Proxy ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38222

Mozilla Firefox and SeaMonkey SVG Document Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/38288

Mozilla Firefox and SeaMonkey Web Workers Array Data Type Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38285

Mozilla Firefox and SeaMonkey 'showModalDialog' method Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/38289

Mozilla Firefox/Thunderbird/SeaMonkey HTML Parser Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38287

Mozilla Firefox CVE-2010-0159 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/38286

Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935

Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38491

Apache 'mod_isapi' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38494

cURL/libcURL CURLOPT_ENCODING Option Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38162

Orbital Viewer '.orb' File Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38436

TYPO3 Core Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/38366

EasyMail Objects EMSMTP.DLL ActiveX Control Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/25467

Bournal ccrypt Utility Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38352

Bournal Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/38353

Adobe Acrobat and Reader CVE-2010-0188 Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38195

Todd Miller Sudo 'sudoedit' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38362

SAP AG SAPgui EAI WebViewer3D ActiveX Control Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34310

MH Products kleinanzeigenmarkt 'search.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38622

MediaWiki 'CSS validation' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38621

NUs 'Nus.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38620

Joomla! 'com_hezacontent' Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/38618

MediaWiki 'thumb.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/38617

Limited Shell Multiple Local Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/38616

Php Toys Micro Upload 'microUpload.php' Remote File Upload Vulnerability
http://www.securityfocus.com/bid/38614

WILD CMS 'page.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38613

IBM ENOVIA SmarTeam 'LoginPage.aspx' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38612

eGroupware Cross Site Scripting and Remote Command Execution Vulnerabilities
http://www.securityfocus.com/bid/38609

TikiWiki Versions Prior to 4.2 Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/38608

Samba 'CAP_DAC_OVERRIDE' File Permissions Security Bypass Vulnerability
http://www.securityfocus.com/bid/38606

Microsoft Excel FNGROUPNAME Record Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38553

Microsoft Excel MDXSET Record Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38552

Microsoft Excel MDXTUPLE Record Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38551

Microsoft Excel Object Type Confusion Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38550

Microsoft Excel Document Parsing (CVE-2010-0257) Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38547

0 件のコメント:

コメントを投稿