+ RHSA-2010:0143-1: Moderate: cpio security update
http://rhn.redhat.com/errata/RHSA-2010-0143.html
http://www.securityfocus.com/bid/38628
+ RHSA-2010:0144-1: Moderate: cpio security update
http://rhn.redhat.com/errata/RHSA-2010-0144.html
http://www.securityfocus.com/bid/26445
http://www.securityfocus.com/bid/38628
+ RHSA-2010:0145-1: Moderate: cpio security update
http://rhn.redhat.com/errata/RHSA-2010-0145.html
http://www.securityfocus.com/bid/16057
http://www.securityfocus.com/bid/38628
Trend Micro Control Manager の管理下にある ServerProtect for Windows 5.8 のサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1385
ウイルスバスター2010 アップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1374
JVNDB-2010-001155 IBM Lotus Domino Web Access におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001155.html
JVNDB-2010-001154 IBM Lotus Domino Web Access におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001154.html
JVNDB-2010-001153 IBM Lotus Domino Web Access の UltraLite 機能における脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001153.html
JVNDB-2010-001152 IBM Lotus Domino Web Access の ActiveX コントロールにおけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001152.html
JVNDB-2010-001151 SystemTap の _get_argv および _get_compat_argv 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001151.html
JVNDB-2010-001150 SystemTap の stap-server における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001150.html
JVNDB-2010-001116 KVM の x86 エミュレータにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001116.html
JVNDB-2010-001115 QEMU の usb_host_handle_control 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001115.html
JVNDB-2009-002356 Apache Tomcat の Windows インストーラにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002356.html
Pango GDEF Array Indexing Error in Font Library Lets Users Deny Service
http://securitytracker.com/alerts/2010/Mar/1023711.html
HP Small Form Factor or Microtower PC Flaw in Broadcom NIC Firmware Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Mar/1023710.html
GNU TAR and CPIO safer_name_suffix Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/26445
CPIO File Size Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/16057
GNU Tar and GNU Cpio Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38628
+ [Zlib-announce] zlib 1.2.4 released
http://zlib.net/
http://zlib.net/ChangeLog.txt
+ PostgreSQL 7.4.28, 8.0.24, 8.1.20, 8.2.16, 8.3.10, 8.4.3 released
http://www.postgresql.org/about/news.1188
http://www.postgresql.org/docs/current/static/release-7-4-28.html
http://www.postgresql.org/docs/current/static/release-8-0-24.html
http://www.postgresql.org/docs/current/static/release-8-1-20.html
http://www.postgresql.org/docs/current/static/release-8-2-16.html
http://www.postgresql.org/docs/current/static/release-8-3-10.html
http://www.postgresql.org/docs/current/static/release-8-4-3.html
+ Linux kernel 2.6.32.10, 2.6.33.1 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.10
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33.1
+ RHSA-2010:0140-1: Moderate: pango security update
http://rhn.redhat.com/errata/RHSA-2010-0140.html
+ RHSA-2010:0141-1: Moderate: tar security update
http://rhn.redhat.com/errata/RHSA-2010-0141.html
[ANNOUNCE] pgAdmin III v1.10.2 released
http://www.pgadmin.org/download/
[ANNOUNCE] PostgreSQL Cumulative Bug-Fix Release
http://www.postgresql.org/docs/current/static/release.html
HPSBGN02511 SSRT100022 rev.1 - HP Small Form Factor or Microtower PC with Broadcom Integrated NIC Firmware, Remote Execution of Arbitrary Code
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02048471
Linux Kernel release: 2.6.33.1
http://www.linux.org/news/2010/03/15/0002.html
Linux Kernel release: 2.6.32.10
http://www.linux.org/news/2010/03/15/0001.html
MustLive : Vulnerability in phpAdsNew, OpenAds and OpenX
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32001
Debian : New drupal6 packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32000
トレンドマイクロ、ニュース番組形式でセキュリティを解説するサイトをオープン
http://itpro.nikkeibp.co.jp/article/NEWS/20100316/345817/?ST=security
Twitter、不正リンクを検出するフィッシング対策機能を導入
http://itpro.nikkeibp.co.jp/article/NEWS/20100311/345664/?ST=security
IEにパッチ未公開の危険な脆弱性、悪用した攻撃が既に出現
IE8は影響を受けない、「IE6/7ユーザーにはアップグレードを推奨」
http://itpro.nikkeibp.co.jp/article/NEWS/20100311/345676/?ST=security
Excelやムービーメーカーに脆弱性、ファイルを開くと被害の恐れ
深刻度「重要」のセキュリティ情報が2件、対策は修正パッチの適用
http://itpro.nikkeibp.co.jp/article/NEWS/20100311/345635/?ST=security
Windows 2000 Professionalの“延命”ソフトを発売、フォティーンフォティ技術研究所
http://itpro.nikkeibp.co.jp/article/NEWS/20100310/345623/?ST=security
QuickZip 0day detailed write-up
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00134.html
ZDI-10-029: Apple WebKit innerHTML element Substitution Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00133.html
Multiple DOM-Based XSS in Dojo Toolkit SDK
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00131.html
PlumberCon 10 - Call for Papers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00127.html
ZoneAlarm 9 (ForceField) Security Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00129.html
SyScan10 CFP
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00120.html
Zigurrat CMS SQL Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00126.html
Pars CMS SQL Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00125.html
[Tool] sqlmap 0.8 released
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00122.html
Vulnerability in phpAdsNew, OpenAds and OpenX
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00117.html
[HITB-Announce] HITBSecConf2010 - Dubai Agenda Released
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00119.html
[SECURITY] [DSA 2016-1] New drupal6 packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00123.html
Ananta Gazelle SQL Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00121.html
...because you cant get enough of clickjacking
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00124.html
Sun Java System Communication Express CSRF via HPP
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00118.html
CVE-2010-0188 Exploit Code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00132.html
JVNDB-2009-002515 Poppler における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002515.html
JVNDB-2005-000893 Linux kernel の smbfs に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2005/JVNDB-2005-000893.html
JVNDB-2005-000892 Linux kernel の selinux_parse_skb_ipv6 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2005/JVNDB-2005-000892.html
JVNDB-2010-001149 sudo における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001149.html
JVNDB-2010-001148 sudo における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001148.html
JVNDB-2003-000403 Sun ONE/iPlanet Web Server におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2003/JVNDB-2003-000403.html
JVNDB-2003-000402 Sun ONE/iPlanet Web Server におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2003/JVNDB-2003-000402.html
Spamassassin Milter Plugin Remote Root Attack
http://isc.sans.org/diary.html?storyid=8434
SUSE Update for Multiple Packages
http://secunia.com/advisories/38915/
MicroWorld eScan for Linux MWAdmin Command Injection Vulnerability
http://secunia.com/advisories/38910/
Joomla JuliaPortfolio Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/38959/
Chumby Arbitrary Command Injection Vulnerability
http://secunia.com/advisories/38972/
xbtit "order" SQL Injection Vulnerability
http://secunia.com/advisories/38951/
Joomla Ulti RPX Component "controller" Local File Inclusion
http://secunia.com/advisories/38934/
RogioBiz PHP File Manager Authentication Security Bypass
http://secunia.com/advisories/38937/
Joomla Ninja RSS Syndicator File Inclusion Vulnerability
http://secunia.com/advisories/38914/
Domain Verkaus & Auktions Portal "id" SQL Injection Vulnerability
http://secunia.com/advisories/38939/
Systemsoftware Community Black Forum "s_flaeche" SQL Injection Vulnerability
http://secunia.com/advisories/38960/
Joomla GCalendar Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/38925/
PHP Classifieds "bid" SQL Injection Vulnerability
http://secunia.com/advisories/38926/
deV!L'z Clanportal "basePath" File Inclusion Vulnerability
http://secunia.com/advisories/38902/
httpdx FTP "USER" and "PASS" Denial of Service Vulnerabilities
http://secunia.com/advisories/38933/
AdFreely "LANG_CODE" Local File Inclusion Vulnerability
http://secunia.com/advisories/38947/
Geekhelps ADMP "style" Local File Inclusion Vulnerabilities
http://secunia.com/advisories/38949/
DirectAdmin "name" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38975/
Debian update for drupal6
http://secunia.com/advisories/38950/
Fedora update for squid
http://secunia.com/advisories/38980/
Fedora update for cups
http://secunia.com/advisories/38979/
Fedora update for curl
http://secunia.com/advisories/38981/
Skype "skype-plugin:" URI Handling XML File Deletion Vulnerability
http://secunia.com/advisories/38875/
Domain Verkaus and Auktions Portal "id" SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0616
deV!Lz Clanportal "basePath" Parameter File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/0615
PhpMyLogon "username" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0614
Azeno CMS "id" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0613
Geekhelps ADMP SQL Injection and Local File Inclusion Vulnerabilities
http://www.vupen.com/english/advisories/2010/0612
AdFreely Ad Board Script "LANG_CODE" Local File Inclusion Issues
http://www.vupen.com/english/advisories/2010/0611
IBM AIX Security Update Fixes Sendmail Certificate Spoofing Vulnerability
http://www.vupen.com/english/advisories/2010/0610
IBM WebSphere Application Server for z/OS Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/0609
Skype "skype-plugin:" URI Arbitrary XML File Deletion Vulnerability
http://www.vupen.com/english/advisories/2010/0608
Fedora Security Update Fixes ViewVC Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/0607
Fedora Security Update Fixes Tar Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0606
Fedora Security Update Fixes Libpng Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/0605
Fedora Security Update Fixes CUPS Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/0604
Fedora Security Update Fixes Squid Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/0603
Fedora Security Update Fixes cURL Data Callback Excessive Length
http://www.vupen.com/english/advisories/2010/0602
Debian Security Update Fixes Drupal Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/0601
Debian Security Update Fixes Moin Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/0600
ArGoSoft FTP Server .NET v.1.0.2.1 Directory Traversal Vulnerability
http://www.exploit-db.com/exploits/11765
Liquid XML Studio 2010 <= v8.061970 - (LtXmlComHelp8.dll) OpenFile() Remote 0day Heap Overflow Exploit http://www.exploit-db.com/exploits/11750
Open & Compact FTPd 1.2 Pre-Authentication Buffer Overflow (meta)
http://www.exploit-db.com/exploits/11742
QuickZip 4.60.019 Stack BOF - XP SP3
http://www.exploit-db.com/exploits/11764
Sun Java System Communications Express Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/34083
QuickZip ZIP File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38602
ATutor Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/38656
WebKit Nested HTML Tags Use-After-Free Error Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38685
Oracle 11gR2 Multiple Remote Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/38115
Qualiteam X-Cart 'cart.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38205
CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/34571
CUPS File Descriptors Handling Use-After-Free Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38510
CUPS Insufficient 'Host' Header Validation Weakness
http://www.securityfocus.com/bid/34665
CUPS File Descriptors Handling Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37048
GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37128
Todd Miller Sudo 'sudoedit' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38362
Todd Miller Sudo 'runas_default' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38432
Pidgin Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38294
Adobe Flash Player and AIR (CVE-2010-0187) Unspecified Denial of Service Vulnerability
http://www.securityfocus.com/bid/38200
GNOME Evolution S/MIME Email Signature Verification Vulnerability
http://www.securityfocus.com/bid/33720
Gnome GMIME_UUENCODE_LEN() Macro Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38078
Netpbm XPM File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38164
Adobe Acrobat and Reader CVE-2010-0188 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38195
Multiple Adobe Products Unspecified Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/38198
Libpurple MSN-SLP Emoticon Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37524
Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/37543
Ruby on Rails 'protect_from_forgery' Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/37322
Ruby on Rails 'strip_tags()' Non-Printable Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37142
Drupal Prior to 6.16 and 5.22 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/38545
GNU Tar and GNU Cpio Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38628
Libpng 'png_decompress_chunk()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/38478
ViewVC 'lib/viewvc.py' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38650
cURL/libcURL CURLOPT_ENCODING Option Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38162
Squid Header-Only Packets Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37522
Yahoo! Player Playlist Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38581
Phpkobo Address Book Script 'LANG_CODE' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/38753
Stack Ideas 'com_sectionex' Component for Joomla! Local File Include Vulnerability
http://www.securityfocus.com/bid/38751
Multiple MicroWorld eScan Products Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/38750
Joomla! 'com_ganalytics' Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/38749
Joomla! 'com_linkr' Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/38747
Joomla! 'com_janews' Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/38746
Subdreamer CMS Image Gallery Remote File Upload Vulnerability
http://www.securityfocus.com/bid/38744
Ulti Joomla Ulti RPX Joomla! Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/38743
G4J GCalendar Suite Joomla! Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/38742
Joomla! RokDownloads Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/38741
Systemsoftware Community Forum 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38740
Dojo Versions Prior to 1.4.2 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/38739
osDate 'config['forum_installed']' Parameter Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/38738
Domain Verkaus & Auktions Portal 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38737
Joomla! 'com_org' Component 'letter' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/38736
Andromeda 's' Parameter Cross Site Scripting and Session Fixation Vulnerabilities
http://www.securityfocus.com/bid/38735
Pars CMS 'RP' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/38734
K-Lite Mega Codec AVI File Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38733
Multiple Products 'banner.swf' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/38732
Phpkobo AdFreely 'LANG_CODE' Parameter Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/38731
Anantasoft Gazelle CMS 'forgot.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38730
DeltaScripts PHP Classifieds 'ad_click.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38729
DesktopOnNet 'don3_lang' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/38728
PHP-Nuke 'name' and 'file' Parameters Local File Include Vulnerability
http://www.securityfocus.com/bid/38727
Joomla! 'com_org' Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/38726
Joomla! 'com_nfnaddressbook' Component 'record_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/38724
Gretech GOM Player '.avi' File Denial of Service Vulnerability
http://www.securityfocus.com/bid/38722
deV!L'z Clanportal 'inc/config.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/38720
Zigurrat Farsi CMS 'manager/textbox.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38719
0 件のコメント:
コメントを投稿