+ OpenSSH 5.4 released
http://www.openssh.com/txt/release-5.4
フィッシング被害報告は全体的に減少傾向、ただし的を絞った攻撃が増加
http://itpro.nikkeibp.co.jp/article/Research/20100308/345500/?ST=security
JVNDB-2008-002427 MySQL における特定の権限チェックを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002427.html
JVNDB-2009-002511 MySQL の mysqld におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002511.html
JVNDB-2009-002510 NetworkManager の nm-connection-editor における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002510.html
JVNDB-2009-002509 NetworkManager における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002509.html
JVNDB-2010-001126 Squid の htcpHandleTstRequest 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001126.html
JVNDB-2009-002319 SSL および TLS プロトコルに脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002319.html
Samurai WTF 0.8
http://isc.sans.org/diary.html?storyid=8377
Windowsのセキュリティ機能「DEP」を回避する新手法が公開される
「攻撃の成功率が高まる」とセキュリティ研究者が予測
http://www.computerworld.jp/topics/vs/175929.html?RSS
+ [Announce] Apache HTTP Server (httpd) 2.2.15 Released
http://www.apache.org/dist/httpd/Announcement2.2.html
http://www.apache.org/dist/httpd/CHANGES_2.2.15
+ Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
http://www.exploit-db.com/exploits/11650
+ FreeBSD and OpenBSD 'ftpd' NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38559
Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Affects Multiple Server Products in the Sun Java Enterprise System Suite
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1
sk44289: Crash on machine running SecurePlatform and using IPv6
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk44289&src=securityAlerts
Postfix 2.8 Snapshot 20100306
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.8-20100306.HISTORY
DbWrench Database Design & Synchronization v1.6.3
http://www.postgresql.org/about/news.1186
Document ID: 346817: After a SnapShot volume is created using the FlashSnap process within Storage Foundation for Windows (SFW), the snapped volume cannot be manipulated properly.
http://seer.entsupport.symantec.com/docs/346817.htm
Document ID: 346500: Addition of thin provisioning support for the HDS USP-V, HDS-AMS2000, and IBM XIV storage arrays.
http://seer.entsupport.symantec.com/docs/346500.htm
Document ID: 340736: Upgrading from Storage Foundation for Windows (SFW) or SFW and High Availability (SFW-HA) 4.3 MP2 to 5.1 SP1 fails during the validation process.
http://seer.entsupport.symantec.com/docs/340736.htm
Ariko-Security : SQL injection and XSS vulnerability in NATYCHMIAST CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31929
iDEFENSE : Autonomy KeyView OLE Document Integer Overflow Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31928
Independent Researcher : Juniper SA Series Cross Site Scripting Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31934
「OpenPNE」におけるセキュリティ上の弱点(脆弱性)の注意喚起
http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html
US-CERT Technical Cyber Security Alert -- New US-CERT PGP Key
http://www.derkeiler.com/Mailing-Lists/Cert/2010-03/msg00000.html
Call for Papers: EC2ND 2010
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00055.html
ncpfs, Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00054.html
[ MDVSA-2010:055 ] poppler
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00056.html
Juniper SA Series Cross Site Scripting Issue
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00050.html
SQL injection vulnerability in Natychmiast CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00053.html
iDefense Security Advisory 03.04.10: Autonomy KeyView OLE Document Integer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00052.html
CA20100304-01: Security Notice for CA SiteMinder
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00047.html
Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00043.html
[ MDVSA-2010:054 ] pam_krb5
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00049.html
Unspecified EMC Documentum Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00044.html
NSOADV-2010-006: Authentium Command Free Scan ActiveX Control buffer overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00039.html
Open redirection vulnerability in the Drupal API function drupal_goto (Drupal 6.15 and 5.21)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00046.html
マカフィー、セキュリティ機能を搭載した暗号化USBメモリー
http://itpro.nikkeibp.co.jp/article/NEWS/20100306/345457/?ST=security
不正アクセスの検挙件数が過去最多に、フィッシング詐欺は2000件超
2009年のサイバー犯罪検挙状況、目的の多くはオークション詐欺
http://itpro.nikkeibp.co.jp/article/NEWS/20100306/345456/?ST=security
JVN#06874657 OpenPNE におけるアクセス制限回避の脆弱性
http://jvn.jp/jp/JVN06874657/index.html
DHS issues Cybersecurity challenge
http://isc.sans.org/diary.html?storyid=8371
Integration and the Security of New Technologies
http://isc.sans.org/diary.html?storyid=8368
Unpatched Opera 10.50 and below code execution vulnerability
http://isc.sans.org/diary.html?storyid=8356
Javascript obfuscators used in the wild
http://isc.sans.org/diary.html?storyid=8359
What is your firewall log telling you - responses
http://isc.sans.org/diary.html?storyid=8362
False scare email proclaiming North Korea nuclear launch against Japan
http://isc.sans.org/diary.html?storyid=8365
OpenPNE Security Bypass Security Issue
http://secunia.com/advisories/38857/
J. River Media Jukebox MP3 Processing Buffer Overflow
http://secunia.com/advisories/38854/
VLC Media Player Bookmark Handling Memory Corruption
http://secunia.com/advisories/38853/
BBSXP Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38855/
CSS Web Installer ActiveX Control Buffer Overflow Vulnerabilities
http://secunia.com/advisories/38844/
Avaya Products Firefox Multiple Vulnerabilities
http://secunia.com/advisories/38815/
smartplugs "domain" SQL Injection Vulnerability
http://secunia.com/advisories/38819/
ePublisher WebWorks Help Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/38749/
CA SiteMinder WebWorks Help Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/38842/
SUSE update for MozillaFirefox and seamonkey
http://secunia.com/advisories/38847/
Lotus Notes OLE File Parsing Integer Overflow Vulnerability
http://secunia.com/advisories/38823/
Symantec Products OLE File Parsing Integer Overflow Vulnerability
http://secunia.com/advisories/38809/
Autonomy KeyView OLE File Parsing Integer Overflow Vulnerability
http://secunia.com/advisories/38797/
Vulnerability Note VU#154421: Energizer DUO USB battery charger software allows unauthorized remote system access
http://www.kb.cert.org/vuls/id/154421
Opera Integer Overflow in Processing HTTP 'Content-Length' Reponses Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Mar/1023690.html
Juniper Instant Virtual Extranet (IVE) Input Validation Hole in 'editbk.cgi' Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Mar/1023689.html
Novell iManager Stack Overflow in eDirectory Plugin Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Mar/1023675.html
Symantec Products Autonomy KeyView OLE Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0535
IBM Lotus Notes Autonomy KeyView OLE Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0534
Autonomy KeyView OLE Data Parsing Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0533
Cisco Digital Media Player Unauthorized Content Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0532
Cisco Digital Media Manager Security Bypass and Data Disclosure
http://www.vupen.com/english/advisories/2010/0531
Cisco Unified Communications Manager Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/0530
Opera Browser "Content-Length" Header Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0529
VMware Products Multiple Code Execution and Security Bypass Issues
http://www.vupen.com/english/advisories/2010/0528
CUPS "lppasswd" Utility Localization File Local Format String Issue
http://www.vupen.com/english/advisories/2010/0524
Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
http://www.exploit-db.com/exploits/11650
Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4
http://www.exploit-db.com/exploits/11651
Yahoo Player v1.0 (.m3u/.pls/.ypl) Buffer Overflow Exploit (SEH)
http://www.exploit-db.com/exploits/11647
Apache Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/38494
GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37128
OpenOffice Word Document Table Parsing Multiple Heap Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36200
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
http://www.securityfocus.com/bid/38197
WebKit Style Tag Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38398
Opera Web Browser 'Content-Length' Header Denial of Service Vulnerability
http://www.securityfocus.com/bid/38519
E-topbiz Link ADS 1 'out.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/29923
Xpdf JBIG2 Processing Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34568
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
Poppler 'ABWOutputDev.cc' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36976
Poppler 'create_surface_from_thumbnail_data()' Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36718
Multiple Sagem F@st Routers 'restoreinfo.cgi' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/33323
PHP 'proc_open()' 'safe_mode_protected_env_var' Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/37138
cronie 'crontab' Symbolic Link Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38391
Drupal Prior to 6.16 and 5.22 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/38545
Autonomy KeyView Module OLE Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38468
WebEx Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/30578
Ultra Office Control 'HttpUpload()' Method Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/30861
Chilkat Crypt ActiveX Control 'ChilkatCrypt2.dll' Arbitrary File Overwrite Vulnerability
http://www.securityfocus.com/bid/32073
Six Apart Vox 'search' Page Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38575
Saskia's Shopsystem 'id' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/38574
Spectrum Software WebManager CMS 'pojam' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38573
Nabernet Content Manager 'articles.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38572
Energizer DUO USB Battery Charger Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/38571
VLC Media Player Bookmark Creation Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38569
BS.Player '.mp3' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38568
AKoff MIDI Player '.mid' File Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38567
OpenPNE Login Security Bypass Vulnerability
http://www.securityfocus.com/bid/38564
ncpfs Multiple Local Vulnerabilities
http://www.securityfocus.com/bid/38563
Natychmiast CMS Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/38561
Juniper Networks Secure Access 'editbk.cgi' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38560
FreeBSD and OpenBSD 'ftpd' NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38559
BBSXP Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/38558
OneCMS 'user' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/38557
0 件のコメント:
コメントを投稿