「安全なSQLの呼び出し方」を公開
http://www.ipa.go.jp/security/vuln/press/201003_websecurity_sql.html
JVNDB-2010-001162 Samba の smbd におけるファイルパーミッションを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001162.html
JVNDB-2010-001161 IBM AIX および VIOS の qosmod におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001161.html
JVNDB-2010-001160 IBM AIX および VIOS の qoslist におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001160.html
Dojo Toolkit SDK Multiple DOM-Based XSS Vulnerabilities
http://www.securiteam.com/windowsntfocus/5QP3E200UI.html
Apple WebKit CSS Run-in Attribute Rendering Vulnerability
http://www.securiteam.com/unixfocus/5MP3A200UA.html
Skype URI Processing Arbitrary XML File Deletion Vulnerability
http://www.securiteam.com/securitynews/5OP3C200UE.html
Skype Protocol Handler Datapath Argument Injection Credential Disclosure Vulnerability
http://www.securiteam.com/securitynews/5NP3B200UC.html
SugarCRM Online Document Cross-Site Scripting (XSS) Vulnerability
http://www.securiteam.com/securitynews/5PP3D200UG.html
+ RHSA-2010:0146-1: Important: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2010-0146.html
+ MySQL Community Server 5.1.45 has been released
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-45.html
RHBA-2010:0151-1: cyrus-sasl bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0151.html
RHBA-2010:0134-1: device-mapper bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0134.html
RHBA-2010:0150-1: lvm2 bug-fix update
http://rhn.redhat.com/errata/RHBA-2010-0150.html
RHSA-2010:0154-2: Moderate: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2010-0154.html
Independent Researcher : Miranda IM silent TLS failure
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32031
Red Hat : Important: kernel security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32023
Red Hat : Important: kernel security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32024
Red Hat : Important: kernel security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32025
Red Hat : Important: kernel security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32026
Ubuntu Security Notice : Linux kernel vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32021
Core Security Technologies : Virtual PC Hypervisor Memory Protection Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32030
相次ぐWeb改ざん、手口は「SQLインジェクション」から「ウイルス」に
ラックが2009年のセキュリティ動向、「PCとWebサイトの両方で対策を」
http://itpro.nikkeibp.co.jp/article/NEWS/20100318/345934/?ST=security
ポリシーテンプレートを150以上用意、RSAセキュリティが情報漏えいソリューション
http://itpro.nikkeibp.co.jp/article/NEWS/20100317/345914/?ST=security
Sahana 0.6.2.2 Authentication Bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00153.html
Secunia Research: Quicksilver Forums Cross-Site Request Forgery Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00151.html
Secunia Research: Quicksilver Forums Backup Information Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00150.html
Secunia Research: Quicksilver Forums "mysqldump" Password Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00152.html
Miranda IM silent TLS failure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00154.html
Vulnerabilities in VXDate for Joomla
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00149.html
[CORELAN-10-13] - Windisc Local Stack BOF
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00148.html
[security bulletin] HPSBGN02511 SSRT100022 rev.2 - HP Small Form Factor or Microtower PC with Br
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00147.html
CORE-2010-0311 - eFront-learning PHP file inclusion vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00146.html
CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00145.html
Trojan outbreak on a College Campus
http://isc.sans.org/diary.html?storyid=8443
Spam was killing us! Here is what we did to help!
http://isc.sans.org/diary.html?storyid=8446
Debian update for pulseaudio
http://secunia.com/advisories/38991/
Red Hat update for thunderbird
http://secunia.com/advisories/38935/
ikiwiki "data:image/svg+xml" URI Script Insertion Vulnerability
http://secunia.com/advisories/38983/
TYPO3 Security - Salted user password hashes Extension Security Bypass
http://secunia.com/advisories/38992/
SugarCRM Document Name Script Insertion Vulnerability
http://secunia.com/advisories/38962/
phpMyVisites Unspecified Vulnerability
http://secunia.com/advisories/38862/
BarnOwl "CC:" Handling Buffer Overflow Vulnerability
http://secunia.com/advisories/38966/
TYPO3 Quixplorer Extension Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38993/
TYPO3 UserTask Center, Recent Extension Cross Site Scripting Vulnerability
http://secunia.com/advisories/38985/
QSF Portal Multiple Vulnerabilities
http://secunia.com/advisories/38783/
PowerDNS Administrator Multiple Vulnerabilities
http://secunia.com/advisories/38736/
Quicksilver Forums Multiple Vulnerabilities
http://secunia.com/advisories/38735/
TYPO3 Diocese of Portsmouth Database Extension SQL Injection Vulnerability
http://secunia.com/advisories/38996/
TYPO3 SAV Filter Alphabetic Extension SQL Injection Vulnerability
http://secunia.com/advisories/38995/
TYPO3 SAV Filter Months Extension SQL Injection Vulnerability
http://secunia.com/advisories/38994/
F5 FirePass OpenSSL "EVP_VerifyFinal()" Spoofing Vulnerability
http://secunia.com/advisories/39005/
F5 FirePass Active Template Library Vulnerabilities
http://secunia.com/advisories/39004/
Joomla CKForms Component Multiple Vulnerabilities
http://secunia.com/advisories/38976/
Red Hat update for pango and evolution28-pango
http://secunia.com/advisories/38946/
Dojo Toolkit Redirection Weaknesses and Cross-Site Scripting
http://secunia.com/advisories/38964/
eFront "langname" Local File Inclusion Vulnerability
http://secunia.com/advisories/38973/
PhpKobo Short URL "LANG_CODE" File Inclusion Vulnerabilities
http://secunia.com/advisories/38968/
Debian update for drbd8
http://secunia.com/advisories/38919/
TR-069 Remote Management SQL Injection Vulnerability
http://secunia.com/advisories/38861/
Novell eDirectory DHost Predictable Session Identifier
http://secunia.com/advisories/38808/
chillyCMS Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/38961/
Windisc Banzhaf Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/38928/
Red Hat update for kernel
http://secunia.com/advisories/39012/
Red Hat update for kernel
http://secunia.com/advisories/38957/
ClanTiger Clan CMS Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/38958/
PhpKobo Real Estate Contact Form "LANG_CODE" Local File Inclusion
http://secunia.com/advisories/38967/
Ubuntu update for linux and linux-source-2.6.15
http://secunia.com/advisories/38922/
OSSIM Multiple Vulnerabilities
http://secunia.com/advisories/38969/
MaxDB Handshake Packet Buffer Overflow Vulnerability
http://secunia.com/advisories/38955/
Multi Auktions Komplett System "id_auk" SQL Injection Vulnerability
http://secunia.com/advisories/38971/
SUSE update for OpenOffice_org
http://secunia.com/advisories/38921/
Ubuntu update for libpng
http://secunia.com/advisories/38940/
Ubuntu update for audiofile
http://secunia.com/advisories/38945/
Fedora update for cpio
http://secunia.com/advisories/38988/
Fedora update for tar
http://secunia.com/advisories/38989/
SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5DP38200UI.html
Apple WebKit HTML Element Use After Free Vulnerability
http://www.securiteam.com/unixfocus/5BP36200UE.html
Microsoft Virtual PC Hypervisor Memory Protection Vulnerability
http://www.securiteam.com/unixfocus/5CP37200UG.html
Apple Webkit Blink Event Dangling Pointer Remote Code Execution Vulnerability
http://www.securiteam.com/unixfocus/5EP39200UK.html
SugarCRM Input Validation Flaw in Document Name Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Mar/1023722.html
Microsoft Virtual PC/Server Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Mar/1023720.html
F5 BIG-IP SAM Active Template Library Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/0645
F5 FirePass Active Template Library Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/0644
SAP MaxDB Handshake Request Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0643
Windisc Banzhaf File Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0642
Redhat Security Update Fixes Kernel Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/0641
Fedora Security Update Fixes Cpio Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0640
Fedora Security Update Fixes Tar Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0639
Ubuntu Security Update Fixes Kernel Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/0638
Ubuntu Security Update Fixes Libpng Memory Disclosure and DoS
http://www.vupen.com/english/advisories/2010/0637
Ubuntu Security Update Fixes Audio File Library Buffer Overflow Issue
http://www.vupen.com/english/advisories/2010/0636
SuSE Security Update Fixes OpenOffice Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/0635
VariCAD 2010-2.05 EN Local buffer overflow
http://www.exploit-db.com/exploits/11789
Adobe Reader PDF LibTiff Integer Overflow Code Execution
http://www.exploit-db.com/exploits/11787
Virtual PC Hypervisor Memory Protection Vulnerability
http://www.exploit-db.com/exploits/11786
Microsoft Windows Movie Maker and Producer '.mswmm' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38515
ActiveCampaign 1-2-All Broadcast Email Admin Control Panel Username SQL Injection Vulnerability
http://www.securityfocus.com/bid/15400
TYPO3 myDashboard (mydashboard) Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38795
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37361
Mozilla Firefox CVE-2010-0159 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/38286
Mozilla Firefox/Thunderbird/SeaMonkey HTML Parser Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38287
Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
http://www.securityfocus.com/bid/36867
Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36852
Mozilla Firefox and Thunderbird Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35769
Mozilla Firefox/Thunderbird JavaScript Engine Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/35776
Mozilla Firefox MFSA 2009-47, -48, -49, -50, -51 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36343
Mozilla Firefox CVE-2009-3380 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36871
Mozilla Firefox and Thunderbird Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/35765
Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
http://www.securityfocus.com/bid/36851
Mozilla Firefox SOCKS5 Proxy Response Denial of Service Vulnerability
http://www.securityfocus.com/bid/35925
OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
http://www.securityfocus.com/bid/33150
HP Broadcom Integrated NIC Firmware Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38759
Linux Kernel 'do_pages_move()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38144
Linux Kernel KVM '/dev/port' Device Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38086
Linux Kernel 64bit Personality Handling Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38027
Linux Kernel 'drivers/connector/connector.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38058
Linux Kernel PI Futex Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38165
GNU Tar and GNU Cpio Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38628
Linux Kernel 'net/ipv6/ip6_output.c' NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/38185
Linux Kernel 'fasync_helper()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37806
Linux Kernel 'ebtables' Security Bypass Vulnerability
http://www.securityfocus.com/bid/37762
Linux Kernel 'print_fatal_signal()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37724
PHP-Nuke Downloads Module 'lid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/38826
TYPO3 mm_forum Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38825
phpMyVisites ClickHeat Plugin Unspecified Security Vulnerability
http://www.securityfocus.com/bid/38824
TYPO3 Reports Logfile View Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38823
Drupal Tag Order Taxonomy Vocabulary Name HTML Injection Vulnerability
http://www.securityfocus.com/bid/38822
Drupal Keys Module Key Delete Form Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/38821
Drupal Email Input Filter PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/38820
Quicksilver Forums Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/38819
TYPO3 Quixplorer Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38818
TYPO3 Sellector.com Widget Integration Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38816
VariCAD 2010 'DWB' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38815
Transmission Magnet Link Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38814
TYPO3 Diocese of Portsmouth Database Extension SQL Injection Vulnerability
http://www.securityfocus.com/bid/38812
TYPO3 Power Extension Manager Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38811
TYPO3 CleanDB Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/38810
BarnOwl 'owl_message_get_cc_without_recipient()' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38809
TYPO3 YATSE - Yet Another TYPO3 Search Engine Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/38808
Miranda IM 'Use TLS' Configuration Option Security Bypass Vulnerability
http://www.securityfocus.com/bid/38807
TYPO3 SAV Filter Months Extension SQL Injection Vulnerability
http://www.securityfocus.com/bid/38806
TYPO3 TGM-Newsletter (tgm_newsletter) Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/38805
TYPO3 SAV Filter Selectors Extension SQL Injection Vulnerability
http://www.securityfocus.com/bid/38804
TYPO3 Book Reviews Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/38803
TYPO3 Meet Travelmates (travelmate) Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/38802
TYPO3 SAV Filter Alphabetic Extension SQL Injection Vulnerability
http://www.securityfocus.com/bid/38801
TYPO3 CleanDB - DBAL (tmsw_cleandb) Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/38800
TYPO3 Security - Salted User Password Hashes Security Bypass Vulnerability
http://www.securityfocus.com/bid/38799
TYPO3 Brainstorming Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/38798
TYPO3 UserTask Center, Recent Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38797
TYPO3 Simple Gallery (sk_simplegallery) Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/38796
Multi Auktions Komplett System 'id_auk' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/38793
TYPO3 Wastebasket (mk_wastebasket) Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/38792
Microsoft Windows Media Player AVI File Colorspace Conversion Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38790
TYPO3 Educator (educator) Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/38789
VXDate Component for Joomla! Cross-Site Scripting and SQL-Injection Vulnerabilities
http://www.securityfocus.com/bid/38788
eFront 'langname' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/38787
PostNuke FormExpress Module 'form_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/38786
Joomla! 'com_ckforms' Component 'fid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/38785
Joomla! 'com_include' Component 'ID_NLE' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/38784
Joomla! 'com_ckforms' Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/38783
Microsoft Virtual PC Hypervisor Virtual Machine Monitor Security Bypass Vulnerability
http://www.securityfocus.com/bid/38764
Fine! Thanks! And you?
返信削除