+ Security Vulnerability in BIND DNS Software Shipped With Solaris May Allow DNS Cache Poisoning
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273169-1
マイクロソフト セキュリティ アドバイザリ (983438): Microsoft SharePoint の脆弱性により、特権が昇格される
http://www.microsoft.com/japan/technet/security/advisory/983438.mspx
Microsoft Security Advisory (983438): Vulnerability in Microsoft SharePoint Could Allow Elevation of Privilege
http://www.microsoft.com/technet/security/advisory/983438.mspx
UPDATE: Microsoft Security Bulletin Summary for April 2010
http://www.microsoft.com/technet/security/bulletin/MS10-apr.mspx?pubDate=2010-04-27
Linux Kernel release: 2.6.34-rc6
http://www.linux.org/news/2010/04/30/0001.html
TeamPostgreSQL 1.05: PostgreSQL web administration
http://www.postgresql.org/about/news.1197
JVNDB-2010-001360 Adobe Reader および Acrobat の custom heap management system におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001360.html
JVNDB-2010-001359 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001359.html
JVNDB-2010-001358 Adobe Reader および Acrobat におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001358.html
JVNDB-2010-001357 Adobe Reader および Acrobat におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001357.html
JVNDB-2010-001356 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001356.html
JVNDB-2010-001355 Adobe Reader および Acrobat におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001355.html
JVNDB-2010-001354 Adobe Reader および Acrobat におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001354.html
Microsoft Office SharePoint Input Validation Flaw in 'help.aspx' Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Apr/1023932.html
VMWare vMA and ESX Service Console Expat Buffer Over-read Vulnerabilities
http://www.securiteam.com/securitynews/5PP3H2K15Y.html
VMWare vMA and ESX Service Console Expat Buffer Over-read Vulnerabilities
http://www.securiteam.com/securitynews/5OP3G2K15W.html
Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39776
+ Multiple Security Vulnerabilities in BIND DNSSEC Software Shipped With Solaris May Cause Bogus NXDOMAIN Responses
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275890-1
+ DBI 1.611 released
http://search.cpan.org/~timb/DBI-1.611/
http://search.cpan.org/~timb/DBI/Changes#Changes_in_DBI_1.611_%28svn_r13935%29_29th_April_2010
+ GCC 4.4.4 released
http://gcc.gnu.org/gcc-4.4/changes.html
http://gcc.gnu.org/gcc-4.4/changes.html#4.4.4
+ Linux Kernel for PowerPC KGDB '_PAGE_USER' Test Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39798
+ Linux Kernel 'sctp_process_unk_param()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39794
-+ RHSA-2010:0382-1: Important: xorg-x11-server security update
https://rhn.redhat.com/errata/RHSA-2010-0382.html
jetty@codehaus 7.1.0.RC0 released
http://svn.codehaus.org/jetty/jetty/branches/jetty-7/VERSION.txt
Linux kernel 2.6.34-rc5 released
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.34-rc5
Justin C. Klein Keane : TaskFreak 0.6.2 SQL Injection Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32456
Ubuntu Security Notice : PostgreSQL vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32453
Independent Researcher : Impossible to Maintain Secure Session With Twitter.com Web Interface
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32455
Independent Researcher : Adobe viewer plugin can be made to crash IE or FF
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32457
Mandriva : java-1.6.0-openjdk
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32444
Mandriva : gimp
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32450
Mandriva : sudo
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32451
Mandriva : pidgin
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32452
Red Hat : Important: xorg-x11-server security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32445
ZDI : Realnetworks Helix Server NTLM Authentication Invalid Base64 Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32454
Hewlett-Packard : HP System Insight Manager Running on HP-UX, Linux, and Windows , Remote Cross Site Scripting (XSS),
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32449
ガンブラー攻撃に新手口、感染パソコンをDDoS攻撃の踏み台に
JPCERT/CCが報告、Webアクセスで「攻撃用ウイルス」に感染の恐れ
http://itpro.nikkeibp.co.jp/article/NEWS/20100429/347662/?ST=security
[ MDVSA-2010:087 ] poppler
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00261.html
Vulnerabilities in CCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00264.html
[ MDVSA-2010:086 ] kdegraphics
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00265.html
vBulletin - Insecure Custom BBCode Tags
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00260.html
Apache ActiveMQ XSS Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00263.html
[USN-933-1] PostgreSQL vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00253.html
CONFidence 2010, 25-26th May - Call For Participation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00258.html
[ MDVSA-2009:332-1 ] gimp
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00251.html
[ MDVSA-2010:085 ] pidgin
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00250.html
[ MDVSA-2010:078-1 ] sudo
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00249.html
ZDI-10-079: Realnetworks Helix Server NTLM Authentication Invalid Base64 Remote Code Executi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00248.html
XSS in Microsoft SharePoint Server 2007
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00246.html
[ MDVSA-2010:084 ] java-1.6.0-openjdk
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00242.html
Adobe viewer plugin can be made to crash IE or FF
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00245.html
Who needs exploits when you have social engineering?
http://isc.sans.org/diary.html?storyid=8710
RHEA-2010:0381-1: tzdata enhancement update
http://rhn.redhat.com/errata/RHEA-2010-0381.html
X.org Xserver mod() Calculation Error Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Apr/1023929.html
Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code and Conduct Bypass Same-Origin Restrictions
http://securitytracker.com/alerts/2010/Apr/1023928.html
iScripts SocialWare Script Insertion and Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/39653/
gpEasy CMS Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39643/
Ubuntu update for postgresql
http://secunia.com/advisories/39566/
Red Hat update for xorg-x11-server
http://secunia.com/advisories/39650/
Tele Data Contact Management Server "User Name" SQL Injection Vulnerability
http://secunia.com/advisories/39633/
Drupal Privatemsg Module Security Bypass Security Issue
http://secunia.com/advisories/39565/
Drupal Decisions Module Information Disclosure Security Issue
http://secunia.com/advisories/39561/
Modelbook "adnum" SQL Injection Vulnerability
http://secunia.com/advisories/39646/
Video Battle Script "cat" SQL Injection Vulnerability
http://secunia.com/advisories/39647/
2daybiz Advanced Poll Script Multiple Vulnerabilities
http://secunia.com/advisories/39622/
HTC Touch Pro2 / HD2 SMS Preview Script Execution Vulnerability
http://secunia.com/advisories/39564/
Portaneo Open Source Homepage FCKeditor File Upload Security Issue
http://secunia.com/advisories/39617/
Joomla NoticeBoard Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/39600/
CCMS Gaming Cross-Site Scripting and Arbitrary File Upload Vulnerabilities
http://secunia.com/advisories/39640/
Help Center Live "file" Local File Inclusion Vulnerability
http://secunia.com/advisories/39615/
Joomla SmartSite Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/39592/
Joomla ABC Component "sectionid" SQL Injection Vulnerability
http://secunia.com/advisories/39588/
Joomla Graphics Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/39585/
Acoustica CD/DVD Label Maker .M3U Playlist Import Buffer Overflow
http://secunia.com/advisories/39630/
HP Systems Insight Manager Multiple Vulnerabilities
http://secunia.com/advisories/39645/
SUSE update for Multiple Packages
http://secunia.com/advisories/39656/
Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/39651/
CLScript "hpId" SQL Injection Vulnerability
http://secunia.com/advisories/39612/
2daybiz Auction Script "username" SQL Injection Vulnerability
http://secunia.com/advisories/39621/
1024 CMS SQL Injection and Multiple Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1036
SoftBB Remote File Inclusion and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1035
Piwigo "login" and "mail_address" Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1034
NovaBoard Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1033
My Little Forum Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1032
Docmint Local File Inclusion and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1031
gpEasy Admin Interface Cross Site Request Forgery Vulnerability
http://www.vupen.com/english/advisories/2010/1030
GeneShop "folder" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1029
Modelbook "adnum" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1028
PHP Video Battle "cat" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1027
Redhat Security Update Fixes xorg-x11-server Vulnerability
http://www.vupen.com/english/advisories/2010/1026
Privatemsg Module for Drupal Unauthorized Access Vulnerability
http://www.vupen.com/english/advisories/2010/1025
Decisions Module for Drupal Unauthorized Access Vulnerability
http://www.vupen.com/english/advisories/2010/1024
Fedora Security Update Fixes OpenDCHub Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1023
Ubuntu Security Update Fixes PostgreSQL Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1022
Mandriva Security Update Fixes GIMP Integer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/1021
Mandriva Security Update Fixes Pidgin Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1020
Mandriva Security Update Fixes Sudo Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2010/1019
Mandriva Security Update Fixes Java Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1018
HP System Insight Manager Privilege Escalation and Input Validation
http://www.vupen.com/english/advisories/2010/1017
Google Chrome Memory Corruption and Cross-Origin Bypass Issues
http://www.vupen.com/english/advisories/2010/1016
2daybiz Auction Script "username" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1015
Infocus Real Estate Login Credentials Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1014
PHP-Quick-Arcade SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1013
SudBox Boutique Admin Interface Cross Site Request Forgery Issue
http://www.vupen.com/english/advisories/2010/1012
Portaneo Open Source Homepage Arbitrary File Upload Vulnerability
http://www.vupen.com/english/advisories/2010/1011
CLScript Classifieds Script "hpId" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1010
Help Center Live "file" Parameter Local File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/1009
Ultimate Portfolio for Joomla "controller" Local File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/1008
Noticeboard for Joomla "controller" Local File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/1007
SmartSite for Joomla "controller" Local File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/1006
Airiny ABC for Joomla "sectionid" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1005
Graphics Component for Joomla "controller" File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/1004
OpenMairie Opencourrier Multiple File Inclusion Vulnerabilities
http://www.vupen.com/english/advisories/2010/1003
Uiga Personal Portal "exhort" Parameter SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1002
SuSE Security Update Fixes Code Execution and Security Bypass Issues
http://www.vupen.com/english/advisories/2010/1001
Redhat Security Update Fixes Kernel Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/1000
NIBE heat pump LFI exploit
http://www.exploit-db.com/exploits/12434
NIBE heat pump RCE exploit
http://www.exploit-db.com/exploits/12433
Retired: Google Chrome prior to 4.1.249.1064 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/39750
Xpdf JBIG2 Processing Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34568
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
CUPS and Xpdf JBIG2 Symbol Dictionary Processing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34791
ABC Joomla Extension com_abc 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/39741
NetworkManager Security Bypass and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/37580
Oracle Java SE and Java for Business CVE-2010-0845 Remote HotSpot Server Vulnerability
http://www.securityfocus.com/bid/39089
Oracle Java SE and Java for Business CVE-2010-0093 Remote Vulnerability
http://www.securityfocus.com/bid/39088
Oracle Java SE and Java for Business CVE-2010-0095 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/39086
Sun Java SE November 2009 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36881
Oracle Java SE and Java for Business CVE-2010-0088 Remote Java Runtime Environme Vulnerability
http://www.securityfocus.com/bid/39081
Oracle Java SE and Java for Business CVE-2010-0082 HotSpot Server Remote Vulnerability
http://www.securityfocus.com/bid/39085
Oracle Java SE and Java for Business CVE-2010-0094 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/39075
Oracle Java SE and Java for Business CVE-2010-0847 Remote Java 2D Vulnerability
http://www.securityfocus.com/bid/39071
Oracle Java SE and Java for Business 'readMabCurveData()' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39069
Oracle Java SE and Java for Business CVE-2010-0848 Remote Java 2D Vulnerability
http://www.securityfocus.com/bid/39078
Oracle Java SE and Java for Business CVE-2010-0837 Remote Vulnerability
http://www.securityfocus.com/bid/39072
Oracle Java SE and Java for Business JRE Trusted Method Chaining Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39065
ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118
ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37865
Open DC Hub 'MyInfo' Message Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39129
PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37973
Softbiz Dating Script Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/18605
Softbiz Web Host Directory Script Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15561
GIMP PSD Image Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37040
Pligg 'id' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/28681
Pidgin Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38294
Libpurple MSN-SLP Emoticon Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37524
Pidgin OSCAR Plugin Invalid Memory Access Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36719
Todd Miller Sudo 'sudoedit' Path Resolution Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39468
RealNetworks Helix and Helix Mobile Server NTLM Authentication Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39490
Novell ZENworks Configuration Management Remote Execution Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39114
Oracle Java SE and Java for Business CVE-2010-0084 Remote Vulnerability
http://www.securityfocus.com/bid/39093
Oracle Java SE and Java for Business CVE-2010-0092 Remote Vulnerability
http://www.securityfocus.com/bid/39090
Oracle Java SE and Java for Business CVE-2010-0085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/39094
Oracle Java SE and Java for Business CVE-2010-0091 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/39096
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
CompleteFTP Directory Traversal Vulnerability
http://www.securityfocus.com/bid/39802
Apple Safari CSS 'img' Data Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/39801
Linux Kernel for PowerPC KGDB '_PAGE_USER' Test Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39798
Your Articles Directory Login Option SQL Injection Vulnerability
http://www.securityfocus.com/bid/39796
iScripts VisualCaster 'playVideo.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/39795
Linux Kernel 'sctp_process_unk_param()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39794
TaskFreak! Tirzen Framework 'LoadByKey()' SQL Injection Vulnerability
http://www.securityfocus.com/bid/39793
GeneShop 'folder' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39790
iScripts SocialWare Arbitrary File Upload and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/39787
Tr Forum SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/39786
deV!L'z Clanportal 'thumbgen.php' Local File Disclosure Vulnerability
http://www.securityfocus.com/bid/39785
deV!L'z Clanportal Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/39784
Tele Data's Contact Management Server 'username' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39799
Rocky.nu PHP Video Battle 'browse.html' SQL Injection Vulnerability
http://www.securityfocus.com/bid/39791
Rocky.nu Modelbook 'casting_view.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/39788
Mini Web Server Cross Site Scripting and Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/39780
velBox Insecure Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/39778
Drupal Privatemsg Module Notification Template Settings Security Bypass Vulnerability
http://www.securityfocus.com/bid/39777
Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39776
Wap4Joomla Joomla! Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39774
Drupal Decisions Module Node Listing Security Bypass Vulnerability
http://www.securityfocus.com/bid/39773
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39771
WebMoney Advisor 'wmadvisor.dll' ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39770
Serenity Audio Player '.m3u' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39768
Zyke CMS Multiple Administrative Scripts Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/39765
Portaneo Open Source Homepage 'fckeditor' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/39764
NIBE Heat Pump Web Interface 'exec.cgi' Script Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39763
Zyke CMS 'admin/controlpanel.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/39761
WAFP Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/39760
NIBE Heat Pump 'read.cgi' Local File Include Vulnerability
http://www.securityfocus.com/bid/39759
X.Org X Server RENDER Extension 'mod()' Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39758
Joomla! JE Property Finder Component Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/39754
2010年4月30日金曜日
2010年4月28日水曜日
28日 水曜日、大安
- Solaris Daylight Saving Time (DST) Update (Jan through Apr 2010)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-276190-1
- HS10-005: CA ARCserve Backupに関するセキュリティ問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-005/index.html
CA20100318-01 : CA ARCserve Backupセキュリティに関するお知らせ
http://www.casupport.jp/resources/info/CA20100318-01.htm
ALERT WEEKLY SUMMARY REPORT
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275470-1
UPDATED: HS10-003: EUR Form 製品,およびEUR 製品におけるセキュリティ問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-003/index.html
いわゆる Gumblar ウイルスによってダウンロードされる DDoS 攻撃を行うマルウエアに関する注意喚起
http://www.jpcert.or.jp/at/2010/at100011.txt
JPCERT/CC WEEKLY REPORT 2010-04-28
http://www.jpcert.or.jp/wr/2010/wr101601.html
JVNDB-2010-001353 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001353.html
JVNDB-2010-001352 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001352.html
JVNDB-2010-001351 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001351.html
JVNDB-2010-001350 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001350.html
JVNDB-2010-001349 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001349.html
JVNDB-2010-001348 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001348.html
JVNDB-2010-001347 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001347.html
JVNDB-2010-001346 Adobe Reader および Acrobat におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001346.html
JVNDB-2010-001159 Apache HTTP Server の mod_isapi における脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001159.html
JVNDB-2010-001005 Linux kernel の r8169 ドライバにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001005.html
JVNDB-2009-002187 Apache HTTP Server の ap_proxy_ftp_handler 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002187.html
JVNDB-2009-002016 APR ライブラリおよび APR-util ライブラリにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002016.html
JVNDB-2009-001892 Apache httpd の mod_deflate モジュールにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001892.html
JVNDB-2009-001845 Apache APR-util の apr_brigade_vprintf 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001845.html
JVNDB-2009-001844 Apache APR-util の XML パーサにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001844.html
JVNDB-2009-001843 Apache APR-util の apr_strmatch_precompile 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001843.html
JVNDB-2008-001610 Apache の mod_proxy_ftp モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001610.html
JVNDB-2008-001453 Apache HTTP Server の ap_proxy_http_process_response() 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001453.html
JVNDB-2008-001030 Apache の mod_proxy_ftp における UTF-7 エンコードに関するクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001030.html
Layer 2 Security - L2TPv3 for Disaster Recovery Sites
http://isc.sans.org/diary.html?storyid=8704
HP System Insight Manager Flaws Let Remote Authenticated Users Gain Elevated Privileges and Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks
http://securitytracker.com/alerts/2010/Apr/1023927.html
+ Linux Kernel 'gfs2_quota' Structure Write Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39715
+ Linux Kernel VM/VFS 'invalidatepage()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39569
++ Linux Kernel Bluetooth Sysfs File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38898
- Linux Kernel 'find_keyring_by_name()' Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39719
- Linux Kernel 'tcp_rcv_state_process()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39016
HPSBMA02525 SSRT100083 rev.1 - HP System Insight Manager Running on HP-UX, Linux, and Windows , Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Privilege Elevation
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02027185
Apache HTTP Server Track at ApacheCon North America 2010
http://na.apachecon.com/c/acna2010/
ASTERIA Developer Network へようこそ!
http://asteria.jp/news/20100428-000000.html
Document ID: 351342: The Newest Release Patches from Veritas Operations Services ( VOS )
http://seer.entsupport.symantec.com/docs/351342.htm
Restarting the Management agents on an ESX or ESXi Server
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1003490&sliceId=1&docTypeID=DT_KB_1_1
Independent Researcher : PoC for ZDI-10-078
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32440
Red Hat : Important: kernel security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32438
SuSE : SUSE Security Summary Report
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32436
Debian : New spamass-milter packages fix regression
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32437
Independent Researcher : NovaStor NovaNet <= 13.0 issues http://www.criticalwatch.com/support/security-advisories.aspx?AID=32442
[security bulletin] HPSBMA02525 SSRT100083 rev.1 - HP System Insight Manager Running on HP-UX, Linux, and Windows , Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Privilege Elevation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00241.html
XSS vulnerability in Zikula Application Framework
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00235.html
XSS vulnerability in Zikula Application Framework
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00237.html
[security bulletin] HPSBMA02488 SSRT100013 rev.2 - HP ProLiant Support Pack 8.30 for Windows, Remote Code Execution, Information Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00240.html
Zikula Application Framework Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/39614/
Infocus Real Estate Enterprise Edition Two SQL Injection Vulnerabilities
http://secunia.com/advisories/39625/
PowerEasy SiteWeaver "ComeUrl" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39627/
Opera Content Writing Uninitialised Memory Vulnerability
http://secunia.com/advisories/39590/
Amiro.CMS Multiple Vulnerabilities
http://secunia.com/advisories/39457/
gitolite Security Bypass Weaknesses
http://secunia.com/advisories/39587/
Kasseler CMS Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39591/
G5-Scripts Auto-Img-Gallery "user" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39599/
Wing FTP Server HTTP Directory Traversal Vulnerability
http://secunia.com/advisories/39629/
Wing FTP Server Information Disclosure Vulnerabilities
http://secunia.com/advisories/39586/
Webessence CMS Security Issue and Vulnerability
http://secunia.com/advisories/39550/
Webessence CMS "id" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39540/
iNetScripts Free Upload Script File Upload Vulnerability
http://secunia.com/advisories/39584/
SmodCMS FCKeditor File Upload Security Issue
http://secunia.com/advisories/39595/
IDEAL Migration Ideal Project File Parsing Buffer Overflow Vulnerability
http://secunia.com/advisories/39598/
IDEAL Administration 2010 Ideal Project File Parsing Buffer Overflow
http://secunia.com/advisories/39594/
CMScout "album" SQL Injection Vulnerability
http://secunia.com/advisories/39602/
Alstrasoft EPay Enterprise "cid" SQL Injection
http://secunia.com/advisories/39611/
Joomla Password Reset Weakness and Session Fixation Vulnerability
http://secunia.com/advisories/39616/
HTML Purifier Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39613/
Red Hat JBoss Enterprise Application Platform Three Security Issues
http://secunia.com/advisories/39563/
NetBSD update for ntp
http://secunia.com/advisories/39593/
Slackware update for irssi
http://secunia.com/advisories/39620/
Bigant Messenger <= v2.52 - (AntCore.dll) RegisterCom() Remote 0day Heap Overflow Exploit http://www.exploit-db.com/exploits/12417
Opera Browser "document.write()" Uninitialized Memory Vulnerability
http://www.vupen.com/english/advisories/2010/0999
CMScout "album" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0998
IDEAL Migration 2009 Project File Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0997
IDEAL Administration 2010 Project File Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0996
Apache Tomcat Web Application Manager / Host Manager Vulnerability
http://www.vupen.com/english/advisories/2010/0995
IBM WebSphere Application Server for z/OS Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/0994
NetBSD Security Update Fixes NTP Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/0993
Redhat Security Update Fixes JBoss EAP Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/0992
Turbolinux Security Update Fixes Sudo Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2010/0991
Turbolinux Security Update Fixes Cpio Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0990
Turbolinux Security Update Fixes Tar Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0989
Namazu 'namazu.cgi' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/28380
Amiro.CMS 'forum_sign' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39633
Free Realty 'agentadmin.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39712
Gitolite Security Bypass Vulnerability
http://www.securityfocus.com/bid/39711
JBoss Enterprise Application Platform Multiple Vulnerabilities
http://www.securityfocus.com/bid/39710
Linux Kernel RTL8169 NIC 'RxMaxSize' Frame Size Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37521
MIT Kerberos 'src/kdc/do_tgs_req.c' Ticket Renewal Double Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39599
MediaWiki 'CSS validation' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38621
MediaWiki 'thumb.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/38617
Apache Subrequest Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38580
SystemTap '__get_argv()' and '__get_compat_argv()' Local Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/38120
ClamAV Security Bypass And Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/39262
Avast! Home/Professional Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/28502
Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37966
SystemTap 'stat-server' Remote Arbitrary Command Injection Vulnerability
http://www.securityfocus.com/bid/37842
GNOME GLib Symbolic Link Arbitrary File Access Vulnerability
http://www.securityfocus.com/bid/36313
Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38491
Linux Kernel 'tcp_rcv_state_process()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39016
Linux Kernel 'net/mac80211/' Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/37170
Linux Kernel GFS/GFS2 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39101
CommView 'cv2k1.sys' Driver Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39705
Microsoft Visual Studio Active Template Library NULL String Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35830
Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35828
Microsoft Visual Studio ATL 'VariantClear()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35832
Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39303
SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability
http://www.securityfocus.com/bid/38578
GNU nano Multiple Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/39502
Linux Kernel Bluetooth Sysfs File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38898
Linux Kernel VM/VFS 'invalidatepage()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39569
Linux Kernel USB interface Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39042
Linux Kernel ReiserFS Security Bypass Vulnerability
http://www.securityfocus.com/bid/39344
NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37255
Joomla Graphics Joomla! Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39743
NoticeBoard Joomla! Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39742
ABC Joomla Extension com_abc 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/39741
SmartSite Joomla! Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39740
Ultimate Portfolio Joomla! Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39739
Acoustica CD/DVD Label Maker '.m3u' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39738
CLScript Classifieds Script 'hpId' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39737
HP Systems Insight Manager Unspecified Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/39736
HP Systems Insight Manager Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39735
HP Systems Insight Manager Unspecified Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39734
PHP-Quick-Arcade Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/39733
Help Center Live 'file' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39732
Infocus Real Estate Script 'system_member_login.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39731
Pointdev IDEAL Migration & IDEAL Administration '.ipj' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39729
2daybiz Auction Script 'index.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39728
Wing FTP Server Versions Prior to 3.4.1 Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/39727
Webessence CMS SQL Injection and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/39726
i-Net Online Community Site Script SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/39725
Amiro.CMS Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/39724
Ramaas Software CMS Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39723
BigAnt Office Messenger 'AntCore.dll' ActiveX Control Multiple Heap Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/39721
EasyZip ZIP Archive Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39720
Linux Kernel 'find_keyring_by_name()' Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39719
Linux Kernel 'gfs2_quota' Structure Write Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39715
Auto-Img-Gallery 'upload.cgi' Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/39714
PostNuke modload Module 'sid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39713
http://sunsolve.sun.com/search/document.do?assetkey=1-66-276190-1
- HS10-005: CA ARCserve Backupに関するセキュリティ問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-005/index.html
CA20100318-01 : CA ARCserve Backupセキュリティに関するお知らせ
http://www.casupport.jp/resources/info/CA20100318-01.htm
ALERT WEEKLY SUMMARY REPORT
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275470-1
UPDATED: HS10-003: EUR Form 製品,およびEUR 製品におけるセキュリティ問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-003/index.html
いわゆる Gumblar ウイルスによってダウンロードされる DDoS 攻撃を行うマルウエアに関する注意喚起
http://www.jpcert.or.jp/at/2010/at100011.txt
JPCERT/CC WEEKLY REPORT 2010-04-28
http://www.jpcert.or.jp/wr/2010/wr101601.html
JVNDB-2010-001353 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001353.html
JVNDB-2010-001352 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001352.html
JVNDB-2010-001351 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001351.html
JVNDB-2010-001350 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001350.html
JVNDB-2010-001349 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001349.html
JVNDB-2010-001348 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001348.html
JVNDB-2010-001347 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001347.html
JVNDB-2010-001346 Adobe Reader および Acrobat におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001346.html
JVNDB-2010-001159 Apache HTTP Server の mod_isapi における脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001159.html
JVNDB-2010-001005 Linux kernel の r8169 ドライバにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001005.html
JVNDB-2009-002187 Apache HTTP Server の ap_proxy_ftp_handler 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002187.html
JVNDB-2009-002016 APR ライブラリおよび APR-util ライブラリにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002016.html
JVNDB-2009-001892 Apache httpd の mod_deflate モジュールにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001892.html
JVNDB-2009-001845 Apache APR-util の apr_brigade_vprintf 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001845.html
JVNDB-2009-001844 Apache APR-util の XML パーサにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001844.html
JVNDB-2009-001843 Apache APR-util の apr_strmatch_precompile 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001843.html
JVNDB-2008-001610 Apache の mod_proxy_ftp モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001610.html
JVNDB-2008-001453 Apache HTTP Server の ap_proxy_http_process_response() 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001453.html
JVNDB-2008-001030 Apache の mod_proxy_ftp における UTF-7 エンコードに関するクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001030.html
Layer 2 Security - L2TPv3 for Disaster Recovery Sites
http://isc.sans.org/diary.html?storyid=8704
HP System Insight Manager Flaws Let Remote Authenticated Users Gain Elevated Privileges and Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks
http://securitytracker.com/alerts/2010/Apr/1023927.html
+ Linux Kernel 'gfs2_quota' Structure Write Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39715
+ Linux Kernel VM/VFS 'invalidatepage()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39569
++ Linux Kernel Bluetooth Sysfs File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38898
- Linux Kernel 'find_keyring_by_name()' Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39719
- Linux Kernel 'tcp_rcv_state_process()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39016
HPSBMA02525 SSRT100083 rev.1 - HP System Insight Manager Running on HP-UX, Linux, and Windows , Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Privilege Elevation
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02027185
Apache HTTP Server Track at ApacheCon North America 2010
http://na.apachecon.com/c/acna2010/
ASTERIA Developer Network へようこそ!
http://asteria.jp/news/20100428-000000.html
Document ID: 351342: The Newest Release Patches from Veritas Operations Services ( VOS )
http://seer.entsupport.symantec.com/docs/351342.htm
Restarting the Management agents on an ESX or ESXi Server
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1003490&sliceId=1&docTypeID=DT_KB_1_1
Independent Researcher : PoC for ZDI-10-078
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32440
Red Hat : Important: kernel security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32438
SuSE : SUSE Security Summary Report
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32436
Debian : New spamass-milter packages fix regression
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32437
Independent Researcher : NovaStor NovaNet <= 13.0 issues http://www.criticalwatch.com/support/security-advisories.aspx?AID=32442
[security bulletin] HPSBMA02525 SSRT100083 rev.1 - HP System Insight Manager Running on HP-UX, Linux, and Windows , Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Privilege Elevation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00241.html
XSS vulnerability in Zikula Application Framework
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00235.html
XSS vulnerability in Zikula Application Framework
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00237.html
[security bulletin] HPSBMA02488 SSRT100013 rev.2 - HP ProLiant Support Pack 8.30 for Windows, Remote Code Execution, Information Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00240.html
Zikula Application Framework Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/39614/
Infocus Real Estate Enterprise Edition Two SQL Injection Vulnerabilities
http://secunia.com/advisories/39625/
PowerEasy SiteWeaver "ComeUrl" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39627/
Opera Content Writing Uninitialised Memory Vulnerability
http://secunia.com/advisories/39590/
Amiro.CMS Multiple Vulnerabilities
http://secunia.com/advisories/39457/
gitolite Security Bypass Weaknesses
http://secunia.com/advisories/39587/
Kasseler CMS Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39591/
G5-Scripts Auto-Img-Gallery "user" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39599/
Wing FTP Server HTTP Directory Traversal Vulnerability
http://secunia.com/advisories/39629/
Wing FTP Server Information Disclosure Vulnerabilities
http://secunia.com/advisories/39586/
Webessence CMS Security Issue and Vulnerability
http://secunia.com/advisories/39550/
Webessence CMS "id" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39540/
iNetScripts Free Upload Script File Upload Vulnerability
http://secunia.com/advisories/39584/
SmodCMS FCKeditor File Upload Security Issue
http://secunia.com/advisories/39595/
IDEAL Migration Ideal Project File Parsing Buffer Overflow Vulnerability
http://secunia.com/advisories/39598/
IDEAL Administration 2010 Ideal Project File Parsing Buffer Overflow
http://secunia.com/advisories/39594/
CMScout "album" SQL Injection Vulnerability
http://secunia.com/advisories/39602/
Alstrasoft EPay Enterprise "cid" SQL Injection
http://secunia.com/advisories/39611/
Joomla Password Reset Weakness and Session Fixation Vulnerability
http://secunia.com/advisories/39616/
HTML Purifier Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39613/
Red Hat JBoss Enterprise Application Platform Three Security Issues
http://secunia.com/advisories/39563/
NetBSD update for ntp
http://secunia.com/advisories/39593/
Slackware update for irssi
http://secunia.com/advisories/39620/
Bigant Messenger <= v2.52 - (AntCore.dll) RegisterCom() Remote 0day Heap Overflow Exploit http://www.exploit-db.com/exploits/12417
Opera Browser "document.write()" Uninitialized Memory Vulnerability
http://www.vupen.com/english/advisories/2010/0999
CMScout "album" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0998
IDEAL Migration 2009 Project File Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0997
IDEAL Administration 2010 Project File Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0996
Apache Tomcat Web Application Manager / Host Manager Vulnerability
http://www.vupen.com/english/advisories/2010/0995
IBM WebSphere Application Server for z/OS Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/0994
NetBSD Security Update Fixes NTP Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/0993
Redhat Security Update Fixes JBoss EAP Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/0992
Turbolinux Security Update Fixes Sudo Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2010/0991
Turbolinux Security Update Fixes Cpio Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0990
Turbolinux Security Update Fixes Tar Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0989
Namazu 'namazu.cgi' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/28380
Amiro.CMS 'forum_sign' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39633
Free Realty 'agentadmin.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39712
Gitolite Security Bypass Vulnerability
http://www.securityfocus.com/bid/39711
JBoss Enterprise Application Platform Multiple Vulnerabilities
http://www.securityfocus.com/bid/39710
Linux Kernel RTL8169 NIC 'RxMaxSize' Frame Size Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37521
MIT Kerberos 'src/kdc/do_tgs_req.c' Ticket Renewal Double Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39599
MediaWiki 'CSS validation' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38621
MediaWiki 'thumb.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/38617
Apache Subrequest Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38580
SystemTap '__get_argv()' and '__get_compat_argv()' Local Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/38120
ClamAV Security Bypass And Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/39262
Avast! Home/Professional Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/28502
Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37966
SystemTap 'stat-server' Remote Arbitrary Command Injection Vulnerability
http://www.securityfocus.com/bid/37842
GNOME GLib Symbolic Link Arbitrary File Access Vulnerability
http://www.securityfocus.com/bid/36313
Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38491
Linux Kernel 'tcp_rcv_state_process()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39016
Linux Kernel 'net/mac80211/' Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/37170
Linux Kernel GFS/GFS2 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39101
CommView 'cv2k1.sys' Driver Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39705
Microsoft Visual Studio Active Template Library NULL String Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35830
Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35828
Microsoft Visual Studio ATL 'VariantClear()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35832
Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39303
SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability
http://www.securityfocus.com/bid/38578
GNU nano Multiple Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/39502
Linux Kernel Bluetooth Sysfs File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38898
Linux Kernel VM/VFS 'invalidatepage()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39569
Linux Kernel USB interface Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39042
Linux Kernel ReiserFS Security Bypass Vulnerability
http://www.securityfocus.com/bid/39344
NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37255
Joomla Graphics Joomla! Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39743
NoticeBoard Joomla! Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39742
ABC Joomla Extension com_abc 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/39741
SmartSite Joomla! Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39740
Ultimate Portfolio Joomla! Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39739
Acoustica CD/DVD Label Maker '.m3u' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39738
CLScript Classifieds Script 'hpId' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39737
HP Systems Insight Manager Unspecified Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/39736
HP Systems Insight Manager Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39735
HP Systems Insight Manager Unspecified Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39734
PHP-Quick-Arcade Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/39733
Help Center Live 'file' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39732
Infocus Real Estate Script 'system_member_login.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39731
Pointdev IDEAL Migration & IDEAL Administration '.ipj' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39729
2daybiz Auction Script 'index.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39728
Wing FTP Server Versions Prior to 3.4.1 Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/39727
Webessence CMS SQL Injection and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/39726
i-Net Online Community Site Script SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/39725
Amiro.CMS Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/39724
Ramaas Software CMS Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39723
BigAnt Office Messenger 'AntCore.dll' ActiveX Control Multiple Heap Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/39721
EasyZip ZIP Archive Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39720
Linux Kernel 'find_keyring_by_name()' Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39719
Linux Kernel 'gfs2_quota' Structure Write Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39715
Auto-Img-Gallery 'upload.cgi' Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/39714
PostNuke modload Module 'sid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39713
2010年4月27日火曜日
27日 火曜日、仏滅
InterScan for Microsoft Exchange 10.0 公開とサポートサービス開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1399
ソフトウェア等の脆弱性関連情報に関する届出状況
[2010年第1四半期(1月~3月)]
http://www.ipa.go.jp/security/vuln/report/vuln2010q1.html
McAfee、Windows XP破壊問題で家庭/ホームオフィスユーザーの復旧費用を補償
http://itpro.nikkeibp.co.jp/article/NEWS/20100427/347533/?ST=security
JVNDB-2010-001345 IntelliCom NetBiter デバイスにおけるデフォルトパスワードの問題
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001345.html
JVNDB-2010-001344 MIT Kerberos の kadmind におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001344.html
JVNDB-2010-001343 Foxit Reader に任意のコード実行が可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001343.html
JVNDB-2010-001342 Windows 7 上で稼働する Mozilla Firefox における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001342.html
JVNDB-2010-001341 Broadcom NetXtreme 管理用ファームウェアにバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001341.html
JVNDB-2010-001340 AirPort Utility におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001340.html
JVNDB-2010-001180 Apple Safari の ColorSync における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001180.html
JVNDB-2010-001171 Microsoft Internet Explorer における解放済みメモリを使用する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001171.html
JVNDB-2010-001081 Squid の lib/rfc1035.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001081.html
JVNDB-2009-002340 Apple Mac OS X の QuickDraw Manager におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002340.html
JVNDB-2009-002319 SSL および TLS プロトコルに脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002319.html
JVNDB-2009-002318 OpenLDAP における任意の SSL サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002318.html
JVNDB-2009-002198 Squid の strListGetItem 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002198.html
JVNDB-2009-001925 libtiff の LZWDecodeCompat 関数におけるバッファアンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001925.html
JVNDB-2007-000330 Red Hat および MIRACLE LINUX の sendmail におけるメール送信元を偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000330.html
PulledPork v0.4.1 is released!
http://isc.sans.org/diary.html?storyid=8698
VMWare vMA and ESX Service Console NTPD Packet Reply Loop Vulnerability
http://www.securiteam.com/securitynews/5SP3G1P15S.html
JBoss Enterprise Application Platform Bugs Let Remote Users Bypass Authentication and Access Potentially Sensitive Information
http://securitytracker.com/alerts/2010/Apr/1023918.html
JBoss Application Server Web Console Flaw Lets Remote Users Bypass Authentication
http://www.securitytracker.com/id?1023917
AlstraSoft EPay Enterprise Input Validation Flaw in 'cid' Parameter Lets Remote Users Inject SQL Commands
http://securitytracker.com/alerts/2010/Apr/1023916.html
HTML Purifier Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39613/
Red Hat JBoss Enterprise Application Platform Three Security Issues
http://secunia.com/advisories/39563/
NetBSD update for ntp
http://secunia.com/advisories/39593/
Slackware update for irssi
http://secunia.com/advisories/39620/
+ Linux kernel 2.6.33.3, 2.6.32.12 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33.3
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.12
+ Apache Tomcat Web Application Manager / Host Manager Cross-Site Request Forgery
http://secunia.com/advisories/39261/
+? Widnows XP TCP/IP Stack Security Issue (ARP for non RFC 1918 addresses)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00228.html
- Internet Explorer XSS Filter Cross-Site Scripting Weakness
http://secunia.com/advisories/39578/
HPSBMA02488 SSRT100013 rev.2 - HP ProLiant Support Pack 8.30 for Windows, Remote Code Execution, Information Disclosure
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01997644
Announcing phpMyAdmin's GSoC 2010 projects
http://sourceforge.net/news/?group_id=23067&id=285909
Velocity Engine 1.7-beta1 released
http://velocity.apache.org/news.html#engine17beta1
Linux Kernel release: 2.6.33.3
http://www.linux.org/news/2010/04/26/0002.html
Linux Kernel release: 2.6.32.12
http://www.linux.org/news/2010/04/26/0001.html
Downloading VMware products and troubleshooting issues with downloads
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1012245&sliceId=1&docTypeID=DT_KB_1_1
Slackware Linux : slackware-security irssi
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32423
Ubuntu Security Notice : FFmpeg regression
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32422
Corelan Security Team : Easyzip 2000 .zip Stack BOF
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32431
Independent Researcher : HP System Management Homepage(SMH) URL Redirection Abuse
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32430
Independent Researcher : phpegasus 'config.php' Arbitrary File Upload Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32434
Corelan Security Team : ZipWrangler 1.2 .zip Stack Buffer Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32429
Independent Researcher : A XSS in User_ChkLogin.asp of PowerEasy 2006
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32433
Independent Researcher : SmodCMS 'config.php' Arbitrary File Upload Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32435
Corelan Security Team : CommView Network Monitor And Analyzer v6.1 b644 - cv2k1.sys DoS (BSOD)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32427
Debian : New cacti packages fix missing input sanitising
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32425
Independent Researcher : In-portal 5.0.3 Remote Arbitrary File Upload Exploit
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32432
MustLive : Vulnerability in Referer for DataLife Engine
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32428
New vulnerabilities in CMS SiteLogic
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00232.html
Conference on Cyber Conflict: speakers selected!
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00234.html
[USN-931-2] FFmpeg regression
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00223.html
[security bulletin] HPSBUX02508 SSRT100007 rev.2 - HP-UX Running sendmail with STARTTLS Enab
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00227.html
NovaStor NovaNet <= 13.0 issues http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00229.html
t210: Call for Papers 2010 (Helsinki / Finland)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00226.html
phpegasus config.php Arbitrary File Upload Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00224.html
Widnows XP TCP/IP Stack Security Issue (ARP for non RFC 1918 addresses)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00228.html
SmodCMS config.php Arbitrary File Upload Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00225.html
Madirish Webmail 2.01 (basedir) RFI/LFI Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00230.html
hashdays 2010 - Call for Papers (#days CFP)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00221.html
A XSS in User_ChkLogin.asp of PowerEasy 2006
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00222.html
[SECURITY] [DSA 2039-1] New cacti packages fix missing input sanitising
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00220.html
JVNDB-2010-001339 Windows 上で稼働する Apple iTunes のインストールパッケージにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001339.html
JVNDB-2010-001338 Apple iTunes におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001338.html
JVNDB-2010-001337 Windows 上で稼働する Apple QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001337.html
JVNDB-2010-001336 Windows 上で稼働する Apple QuickTime の QuickTime.qts における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001336.html
JVNDB-2010-001335 Windows 上で稼働する Apple QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001335.html
JVNDB-2010-001334 Apple QuickTime における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001334.html
JVNDB-2010-001071 Apache Tomcat におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001071.html
JVNDB-2010-001070 Apache Tomcat におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001070.html
JVNDB-2010-001069 Apache Tomcat の autodeployment プロセスにおける意図された認証要件を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001069.html
JVNDB-2009-002257 libpng における初期化されていないメモリ内の情報の一部を読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002257.html
JVNDB-2009-001883 Ruby の BigDecimal ライブラリにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001883.html
JVNDB-2009-001637 Vim の Python インターフェースの src/if_python.c における信頼性のない検索パスの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001637.html
JVNDB-2009-001115 Apache Tomcat のサンプル用 calendar アプリケーションにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001115.html
JVNDB-2008-001822 Vim におけるエスケープ文字を適切に処理しないことに関する任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001822.html
JVNDB-2008-001821 Vim における適切に入力をサニタイズしないことに関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001821.html
JVNDB-2008-001181 UnZip の NEEDBITS マクロにおける無効なバッファ領域を参照してしまう問題
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001181.html
JVNDB-2002-000124 xterm にエスケープシーケンスによりウィンドウタイトルを改変される脆弱性
http://jvndb.jvn.jp/ja/contents/2002/JVNDB-2002-000124.html
New VRT Rulepack Changes (all Snort Users should read)
http://isc.sans.org/diary.html?storyid=8692
Snort 2.8.6 is released!
http://isc.sans.org/diary.html?storyid=8695
Vulnerable Sites Database
http://isc.sans.org/diary.html?storyid=8701
Palm Pre WebOS Input Validation Flaw Lets Remote Users Inject Commands
http://securitytracker.com/alerts/2010/Apr/1023915.html
CommView cv2k1.sys Denial of Service Vulnerability
http://secunia.com/advisories/39569/
IBM WebSphere Application Server for z/OS Multiple Vulnerabilities
http://secunia.com/advisories/39628/
openMairie openComInterne "dsn[phptype]" Local File Inclusion Vulnerability
http://secunia.com/advisories/39623/
openMairie openCourrier File Inclusion Vulnerabilities
http://secunia.com/advisories/39624/
DataLife Engine Referer Module Script Insertion Vulnerability
http://secunia.com/advisories/39571/
Apache Tomcat Web Application Manager / Host Manager Cross-Site Request Forgery
http://secunia.com/advisories/39261/
HP-UX Unspecified Denial of Service Vulnerability
http://secunia.com/advisories/39537/
NCT Jobs Portal Script SQL Injection Vulnerabilities
http://secunia.com/advisories/39601/
NKInFoWeb "id_sp" SQL Injection Vulnerability
http://secunia.com/advisories/39609/
ZipWrangler ZIP Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/39575/
G5-Scripts Guestbook PHP Script Insertion Vulnerabilities
http://secunia.com/advisories/39596/
Rumba FTP Client Directory Listing Buffer Overflow
http://secunia.com/advisories/39589/
openMairie openPlanning File Inclusion Vulnerabilities
http://secunia.com/advisories/39606/
openMairie openPresse "dsn[phptype]" Local File Inclusion Vulnerability
http://secunia.com/advisories/39605/
openMairie openFoncier File Inclusion Vulnerabilities
http://secunia.com/advisories/39607/
Sethi Family Guestbook Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/39597/
Ektron CMS400.NET Multiple Vulnerabilities
http://secunia.com/advisories/39547/
Palm Pre WebOS SMS Client Script Execution Vulnerability
http://secunia.com/advisories/39518/
Internet Explorer XSS Filter Cross-Site Scripting Weakness
http://secunia.com/advisories/39578/
Avast! 4.7 aavmker4.sys privilege escalation
http://www.exploit-db.com/exploits/12406
IDEAL Migration 2009 v4.5.1 Local Buffer Overflow Exploit
http://www.exploit-db.com/exploits/12404
IDEAL Administration 2010 v10.2 Local Buffer Overflow Exploit
http://www.exploit-db.com/exploits/12403
MDaemon Message and Email Handling Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/0988
Slackware Security Update Fixes Irssi Security Bypass and DoS Issues
http://www.vupen.com/english/advisories/2010/0987
Debian Security Update Fixes Cacti SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0986
Fedora Security Update Fixes aMSN Improper SSL Validation Issue
http://www.vupen.com/english/advisories/2010/0985
Mandriva Security Update Fixes Thunderbird Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/0984
Apache Subrequest Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38580
Apache 'mod_isapi' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38494
Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38491
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Oracle Database Change Data Capture Remote SQL Injection Vulnerability
http://www.securityfocus.com/bid/39422
HTC Touch SMS Preview Popup Script Injection Vulnerability
http://www.securityfocus.com/bid/39640
Palm WebOS SMS Script Injection Vulnerability
http://www.securityfocus.com/bid/39678
AlstraSoft EPay Enterprise Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39680
openMairie openRegistreCIL Local and Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/39611
Ektron CMS400.NET Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/39679
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/29732
HP System Management Homepage 'RedirectUrl' Parameter URI Redirection Vulnerability
http://www.securityfocus.com/bid/39676
Irssi Denial of Service and SSL Hostname Verification Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/39377
aMSN SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35507
CommView 'cv2k1.sys' Driver Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39705
Kasseler CMS 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39703
Zip Wrangler ZIP File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39700
Uiga Personal Portal 'view' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39699
NCT Jobs Portal Script Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39694
NovaStor NovaNET Multiple Code Execution, Denial of Service, Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/39693
ALPHA CMS 'Absolute_Path' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39691
PHPegasus 'connectors/php/config.php' Remote File Upload Vulnerability
http://www.securityfocus.com/bid/39686
Sethi Family Guestbook Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/39684
Rumba FTP Client File Name Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39683
iNetScripts Arbitrary File Upload Vulnerability
2010-04-25
http://www.securityfocus.com/bid/39706
PowerEasy 'ComeUrl' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39696
G5-Scripts Guestbook PHP 'guestbook.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/39687
WHMCS 'deptid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39681
http://www.trendmicro.co.jp/support/news.asp?id=1399
ソフトウェア等の脆弱性関連情報に関する届出状況
[2010年第1四半期(1月~3月)]
http://www.ipa.go.jp/security/vuln/report/vuln2010q1.html
McAfee、Windows XP破壊問題で家庭/ホームオフィスユーザーの復旧費用を補償
http://itpro.nikkeibp.co.jp/article/NEWS/20100427/347533/?ST=security
JVNDB-2010-001345 IntelliCom NetBiter デバイスにおけるデフォルトパスワードの問題
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001345.html
JVNDB-2010-001344 MIT Kerberos の kadmind におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001344.html
JVNDB-2010-001343 Foxit Reader に任意のコード実行が可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001343.html
JVNDB-2010-001342 Windows 7 上で稼働する Mozilla Firefox における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001342.html
JVNDB-2010-001341 Broadcom NetXtreme 管理用ファームウェアにバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001341.html
JVNDB-2010-001340 AirPort Utility におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001340.html
JVNDB-2010-001180 Apple Safari の ColorSync における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001180.html
JVNDB-2010-001171 Microsoft Internet Explorer における解放済みメモリを使用する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001171.html
JVNDB-2010-001081 Squid の lib/rfc1035.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001081.html
JVNDB-2009-002340 Apple Mac OS X の QuickDraw Manager におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002340.html
JVNDB-2009-002319 SSL および TLS プロトコルに脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002319.html
JVNDB-2009-002318 OpenLDAP における任意の SSL サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002318.html
JVNDB-2009-002198 Squid の strListGetItem 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002198.html
JVNDB-2009-001925 libtiff の LZWDecodeCompat 関数におけるバッファアンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001925.html
JVNDB-2007-000330 Red Hat および MIRACLE LINUX の sendmail におけるメール送信元を偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000330.html
PulledPork v0.4.1 is released!
http://isc.sans.org/diary.html?storyid=8698
VMWare vMA and ESX Service Console NTPD Packet Reply Loop Vulnerability
http://www.securiteam.com/securitynews/5SP3G1P15S.html
JBoss Enterprise Application Platform Bugs Let Remote Users Bypass Authentication and Access Potentially Sensitive Information
http://securitytracker.com/alerts/2010/Apr/1023918.html
JBoss Application Server Web Console Flaw Lets Remote Users Bypass Authentication
http://www.securitytracker.com/id?1023917
AlstraSoft EPay Enterprise Input Validation Flaw in 'cid' Parameter Lets Remote Users Inject SQL Commands
http://securitytracker.com/alerts/2010/Apr/1023916.html
HTML Purifier Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39613/
Red Hat JBoss Enterprise Application Platform Three Security Issues
http://secunia.com/advisories/39563/
NetBSD update for ntp
http://secunia.com/advisories/39593/
Slackware update for irssi
http://secunia.com/advisories/39620/
+ Linux kernel 2.6.33.3, 2.6.32.12 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33.3
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.12
+ Apache Tomcat Web Application Manager / Host Manager Cross-Site Request Forgery
http://secunia.com/advisories/39261/
+? Widnows XP TCP/IP Stack Security Issue (ARP for non RFC 1918 addresses)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00228.html
- Internet Explorer XSS Filter Cross-Site Scripting Weakness
http://secunia.com/advisories/39578/
HPSBMA02488 SSRT100013 rev.2 - HP ProLiant Support Pack 8.30 for Windows, Remote Code Execution, Information Disclosure
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01997644
Announcing phpMyAdmin's GSoC 2010 projects
http://sourceforge.net/news/?group_id=23067&id=285909
Velocity Engine 1.7-beta1 released
http://velocity.apache.org/news.html#engine17beta1
Linux Kernel release: 2.6.33.3
http://www.linux.org/news/2010/04/26/0002.html
Linux Kernel release: 2.6.32.12
http://www.linux.org/news/2010/04/26/0001.html
Downloading VMware products and troubleshooting issues with downloads
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1012245&sliceId=1&docTypeID=DT_KB_1_1
Slackware Linux : slackware-security irssi
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32423
Ubuntu Security Notice : FFmpeg regression
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32422
Corelan Security Team : Easyzip 2000 .zip Stack BOF
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32431
Independent Researcher : HP System Management Homepage(SMH) URL Redirection Abuse
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32430
Independent Researcher : phpegasus 'config.php' Arbitrary File Upload Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32434
Corelan Security Team : ZipWrangler 1.2 .zip Stack Buffer Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32429
Independent Researcher : A XSS in User_ChkLogin.asp of PowerEasy 2006
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32433
Independent Researcher : SmodCMS 'config.php' Arbitrary File Upload Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32435
Corelan Security Team : CommView Network Monitor And Analyzer v6.1 b644 - cv2k1.sys DoS (BSOD)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32427
Debian : New cacti packages fix missing input sanitising
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32425
Independent Researcher : In-portal 5.0.3 Remote Arbitrary File Upload Exploit
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32432
MustLive : Vulnerability in Referer for DataLife Engine
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32428
New vulnerabilities in CMS SiteLogic
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00232.html
Conference on Cyber Conflict: speakers selected!
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00234.html
[USN-931-2] FFmpeg regression
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00223.html
[security bulletin] HPSBUX02508 SSRT100007 rev.2 - HP-UX Running sendmail with STARTTLS Enab
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00227.html
NovaStor NovaNet <= 13.0 issues http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00229.html
t210: Call for Papers 2010 (Helsinki / Finland)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00226.html
phpegasus config.php Arbitrary File Upload Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00224.html
Widnows XP TCP/IP Stack Security Issue (ARP for non RFC 1918 addresses)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00228.html
SmodCMS config.php Arbitrary File Upload Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00225.html
Madirish Webmail 2.01 (basedir) RFI/LFI Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00230.html
hashdays 2010 - Call for Papers (#days CFP)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00221.html
A XSS in User_ChkLogin.asp of PowerEasy 2006
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00222.html
[SECURITY] [DSA 2039-1] New cacti packages fix missing input sanitising
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00220.html
JVNDB-2010-001339 Windows 上で稼働する Apple iTunes のインストールパッケージにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001339.html
JVNDB-2010-001338 Apple iTunes におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001338.html
JVNDB-2010-001337 Windows 上で稼働する Apple QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001337.html
JVNDB-2010-001336 Windows 上で稼働する Apple QuickTime の QuickTime.qts における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001336.html
JVNDB-2010-001335 Windows 上で稼働する Apple QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001335.html
JVNDB-2010-001334 Apple QuickTime における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001334.html
JVNDB-2010-001071 Apache Tomcat におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001071.html
JVNDB-2010-001070 Apache Tomcat におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001070.html
JVNDB-2010-001069 Apache Tomcat の autodeployment プロセスにおける意図された認証要件を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001069.html
JVNDB-2009-002257 libpng における初期化されていないメモリ内の情報の一部を読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002257.html
JVNDB-2009-001883 Ruby の BigDecimal ライブラリにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001883.html
JVNDB-2009-001637 Vim の Python インターフェースの src/if_python.c における信頼性のない検索パスの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001637.html
JVNDB-2009-001115 Apache Tomcat のサンプル用 calendar アプリケーションにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001115.html
JVNDB-2008-001822 Vim におけるエスケープ文字を適切に処理しないことに関する任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001822.html
JVNDB-2008-001821 Vim における適切に入力をサニタイズしないことに関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001821.html
JVNDB-2008-001181 UnZip の NEEDBITS マクロにおける無効なバッファ領域を参照してしまう問題
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001181.html
JVNDB-2002-000124 xterm にエスケープシーケンスによりウィンドウタイトルを改変される脆弱性
http://jvndb.jvn.jp/ja/contents/2002/JVNDB-2002-000124.html
New VRT Rulepack Changes (all Snort Users should read)
http://isc.sans.org/diary.html?storyid=8692
Snort 2.8.6 is released!
http://isc.sans.org/diary.html?storyid=8695
Vulnerable Sites Database
http://isc.sans.org/diary.html?storyid=8701
Palm Pre WebOS Input Validation Flaw Lets Remote Users Inject Commands
http://securitytracker.com/alerts/2010/Apr/1023915.html
CommView cv2k1.sys Denial of Service Vulnerability
http://secunia.com/advisories/39569/
IBM WebSphere Application Server for z/OS Multiple Vulnerabilities
http://secunia.com/advisories/39628/
openMairie openComInterne "dsn[phptype]" Local File Inclusion Vulnerability
http://secunia.com/advisories/39623/
openMairie openCourrier File Inclusion Vulnerabilities
http://secunia.com/advisories/39624/
DataLife Engine Referer Module Script Insertion Vulnerability
http://secunia.com/advisories/39571/
Apache Tomcat Web Application Manager / Host Manager Cross-Site Request Forgery
http://secunia.com/advisories/39261/
HP-UX Unspecified Denial of Service Vulnerability
http://secunia.com/advisories/39537/
NCT Jobs Portal Script SQL Injection Vulnerabilities
http://secunia.com/advisories/39601/
NKInFoWeb "id_sp" SQL Injection Vulnerability
http://secunia.com/advisories/39609/
ZipWrangler ZIP Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/39575/
G5-Scripts Guestbook PHP Script Insertion Vulnerabilities
http://secunia.com/advisories/39596/
Rumba FTP Client Directory Listing Buffer Overflow
http://secunia.com/advisories/39589/
openMairie openPlanning File Inclusion Vulnerabilities
http://secunia.com/advisories/39606/
openMairie openPresse "dsn[phptype]" Local File Inclusion Vulnerability
http://secunia.com/advisories/39605/
openMairie openFoncier File Inclusion Vulnerabilities
http://secunia.com/advisories/39607/
Sethi Family Guestbook Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/39597/
Ektron CMS400.NET Multiple Vulnerabilities
http://secunia.com/advisories/39547/
Palm Pre WebOS SMS Client Script Execution Vulnerability
http://secunia.com/advisories/39518/
Internet Explorer XSS Filter Cross-Site Scripting Weakness
http://secunia.com/advisories/39578/
Avast! 4.7 aavmker4.sys privilege escalation
http://www.exploit-db.com/exploits/12406
IDEAL Migration 2009 v4.5.1 Local Buffer Overflow Exploit
http://www.exploit-db.com/exploits/12404
IDEAL Administration 2010 v10.2 Local Buffer Overflow Exploit
http://www.exploit-db.com/exploits/12403
MDaemon Message and Email Handling Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/0988
Slackware Security Update Fixes Irssi Security Bypass and DoS Issues
http://www.vupen.com/english/advisories/2010/0987
Debian Security Update Fixes Cacti SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0986
Fedora Security Update Fixes aMSN Improper SSL Validation Issue
http://www.vupen.com/english/advisories/2010/0985
Mandriva Security Update Fixes Thunderbird Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/0984
Apache Subrequest Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38580
Apache 'mod_isapi' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38494
Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38491
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Oracle Database Change Data Capture Remote SQL Injection Vulnerability
http://www.securityfocus.com/bid/39422
HTC Touch SMS Preview Popup Script Injection Vulnerability
http://www.securityfocus.com/bid/39640
Palm WebOS SMS Script Injection Vulnerability
http://www.securityfocus.com/bid/39678
AlstraSoft EPay Enterprise Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39680
openMairie openRegistreCIL Local and Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/39611
Ektron CMS400.NET Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/39679
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/29732
HP System Management Homepage 'RedirectUrl' Parameter URI Redirection Vulnerability
http://www.securityfocus.com/bid/39676
Irssi Denial of Service and SSL Hostname Verification Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/39377
aMSN SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35507
CommView 'cv2k1.sys' Driver Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39705
Kasseler CMS 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39703
Zip Wrangler ZIP File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39700
Uiga Personal Portal 'view' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39699
NCT Jobs Portal Script Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39694
NovaStor NovaNET Multiple Code Execution, Denial of Service, Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/39693
ALPHA CMS 'Absolute_Path' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39691
PHPegasus 'connectors/php/config.php' Remote File Upload Vulnerability
http://www.securityfocus.com/bid/39686
Sethi Family Guestbook Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/39684
Rumba FTP Client File Name Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39683
iNetScripts Arbitrary File Upload Vulnerability
2010-04-25
http://www.securityfocus.com/bid/39706
PowerEasy 'ComeUrl' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39696
G5-Scripts Guestbook PHP 'guestbook.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/39687
WHMCS 'deptid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39681
2010年4月26日月曜日
26日 月曜日、先負
ゴールデンウィーク期間の問合せ窓口体制
http://www.trendmicro.co.jp/support/news.asp?id=1397
Debian update for cacti
http://secunia.com/advisories/39572/
+ MySQL 5.1.46 released
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-46.html
+ OpenLDAP 2.4.22 Released
http://www.openldap.org/software/release/announce.html
http://www.openldap.org/software/release/changes.html
Anti-Virus updates issue with Endpoint Security Server
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk43593&src=securityAlerts
UTM-1 Edge W Embedded NGX 7.0.48x reflected XSS vulnerability (low severity)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk34520&src=securityAlerts
Linux Kernel release: 2.6.33.3-rc2
http://www.linux.org/news/2010/04/23/0002.html
Linux Kernel release: 2.6.32.12-rc2
http://www.linux.org/news/2010/04/23/0001.html
PostgreSQL Maestro 10.4 released
http://www.postgresql.org/about/news.1196
New Continuent Tungsten for PostgreSQL v. 1.3
http://www.postgresql.org/about/news.1195
ウイルスパターンファイル 7.115.80 7.115.00 7.115.50 における誤警告情報
http://www.trendmicro.co.jp/support/news.asp?id=1401
RHBA-2010:0375-: kexec-tools bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0375.html
SecurityReason.com : MacOS X 10.6.3 filesystem hfs Denial of Service Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32416
Bonsai : OS Command Injection in Cacti <= 0.8.7e http://www.criticalwatch.com/support/security-advisories.aspx?AID=32411
Hewlett-Packard : HP Virtual Machine Manager (VMM) for Windows, Unauthorized Access, Privilege Elevation
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32417
Hewlett-Packard : HP System Management Homepage, XSS, DoS, Execution of Arbitrary Code, Unauthorized Access
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32418
Hewlett-Packard : HP-UX Running BIND, Remote Compromise of NXDOMAIN Responses
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32420
Astaro Security Gateway、ネクスト・イットが24時間サポートを標準で提供
http://itpro.nikkeibp.co.jp/article/NEWS/20100423/347456/?ST=security
JVNDB-2010-001333 複数の Oracle 製品の ImageIO コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001333.html
JVNDB-2010-001332 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001332.html
JVNDB-2010-001331 複数の Oracle 製品の ImageIO コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001331.html
JVNDB-2010-001330 Oracle Sun Java が Java アプレットの署名を正しく検証しない脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001330.html
JVNDB-2010-001329 複数の Oracle 製品の Java 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001329.html
JVNDB-2010-001328 複数の Oracle 製品の Sound コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001328.html
JVNDB-2010-001327 複数の Oracle 製品の Java 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001327.html
JVNDB-2010-001326 複数の Oracle 製品の Pack200 コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001326.html
JVNDB-2010-001325 複数の Oracle 製品の Java 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001325.html
JVNDB-2010-001324 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001324.html
JVNDB-2010-001323 複数の Oracle 製品の Sound コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001323.html
JVNDB-2010-001322 複数の Oracle 製品の Java 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001322.html
JVNDB-2010-001321 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001321.html
JVNDB-2009-002474 PHP におけるスーパーグローバル配列 SESSION の割り込み領域が破壊される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002474.html
JVNDB-2009-002473 PHP の htmlspecialchars 関数におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002473.html
JVNDB-2009-002404 PHP における multipart/form-data POST リクエストの処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002404.html
JVNDB-2009-002200 Samba の smbd におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002200.html
JVNDB-2009-001737 Apache Tomcat における Web アプリケーションに関連するファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001737.html
JVNDB-2009-001736 Apache Tomcat における有効なユーザ名を列挙される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001736.html
JVNDB-2009-000037 Apache Tomcat におけるサービス運用妨害(DoS)の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000037.html
JVNDB-2009-000036 Apache Tomcat における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000036.html
Vulnerability in Referer for DataLife Engine
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00217.html
ZDI-10-078: Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vul
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00218.html
[ MDVSA-2010:071 ] mozilla-thunderbird
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00219.html
[HITB-Announce] HITBSecConf2010 - Dubai - Presentation Materials
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00212.html
In-portal 5.0.3 Remote Arbitrary File Upload Exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00214.html
[HITB-Announce] HITBSecConf2009 - Malaysia Videos Released!
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00216.html
IWD Group SQL Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00215.html
Novell ZENworks Configuration Management UploadServlet File Upload Bug Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Apr/1023914.html
Manual Verification of SSL/TLS Certificate Trust Chains using Openssl
http://isc.sans.org/diary.html?storyid=8686
Honey, my laptop is acting funny again
http://isc.sans.org/diary.html?storyid=8689
Shadowserver botnet rules
http://isc.sans.org/diary.html?storyid=8683
Data Redaction: You're Doing it Wrong
http://isc.sans.org/diary.html?storyid=8680
Memorial Web Site Script "id" SQL Injection Vulnerability
http://secunia.com/advisories/39579/
In-portal FCKeditor File Upload Security Issue
http://secunia.com/advisories/39559/
FlashCard "id" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39484/
GetSimple CMS Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/39464/
libESMTP Two Spoofing Vulnerabilities
http://secunia.com/advisories/39576/
Microsoft Windows "SfnLOGONNOTIFY()" and "SfnINSTRING()" Denial of Service
http://secunia.com/advisories/39456/
HP Insight Control Virtual Machine Manager Multiple Vulnerabilities
http://secunia.com/advisories/39583/
MDaemon Server Two Denial of Service Vulnerabilities
http://secunia.com/advisories/39542/
Intel C++ Compiler Professional Edition for Linux Privilege Escalation
http://secunia.com/advisories/39511/
HP-UX update for BIND
http://secunia.com/advisories/39582/
IBM DB2 Data Manipulation and Buffer Overflow Vulnerabilities
http://secunia.com/advisories/39500/
AJ Shopping Cart "maincatid" SQL Injection Vulnerability
http://secunia.com/advisories/39551/
3Com H3C SR6600 Series SNMP Denial of Service
http://secunia.com/advisories/39479/
Apache Tomcat Authentication Header Information Disclosure
http://secunia.com/advisories/39574/
Apache ActiveMQ Source Code Disclosure Vulnerability
http://secunia.com/advisories/39567/
Rumba ftp Client 4.2 PASV BoF (SEH)
http://www.exploit-db.com/exploits/12380
HP Digital Imaging (hpodio08.dll) Insecure Method Exploit
http://www.exploit-db.com/exploits/12367
WM Downloader v3.0.0.9 Buffer Overflow (Meta)
http://www.exploit-db.com/exploits/12388
Easyzip 2000 v3.5 (.zip) 0day stack buffer overflow PoC exploit
http://www.exploit-db.com/exploits/12379
ZipWrangler 1.20 (.zip) SEH 0day exploit
http://www.exploit-db.com/exploits/12368
HP Virtual Machine Manager Unauthorized Access Vulnerability
http://www.vupen.com/english/advisories/2010/0983
IBM DB2 REPEAT Buffer Overflow and TLS Renegotiation Vulnerabilities
http://www.vupen.com/english/advisories/2010/0982
HP-UX BIND Remote DNS Cache Poisoning Vulnerability
http://www.vupen.com/english/advisories/2010/0981
Apache Tomcat WWW-Authenticate Header Hostname Disclosure
http://www.vupen.com/english/advisories/2010/0980
Apache ActiveMQ Request Handling Source Disclosure Vulnerability
http://www.vupen.com/english/advisories/2010/0979
PhpTroubleTicket Multiple Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/0978
phpunity.newsmanager Multiple Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/0977
phpBugTracker Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/0976
PacerCMS Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/0975
more.groupware Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/0974
ATutor "course" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0973
Karra Multiple SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/0972
Cacti 'export_item_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39653
RETIRED: OnePound Shop 'id' Parameter Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/39570
Google Chrome 'chrome://net-internals' Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/39667
Apache 'mod_isapi' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38494
Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38491
Novell ZENworks Configuration Management Remote Execution Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39114
Archery Scores Component for Joomla! 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39545
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/34256
libESMTP X.509 Certificate 'match_component()' Domain Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/38538
libESMTP NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/38528
IBM DB2 'REPEAT()' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37976
Todd Miller Sudo 'sudoedit' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38362
Apache Subrequest Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38580
GetDLE Lab Group Perexody Module for DataLife Engine HTML Injection Vulnerability
http://www.securityfocus.com/bid/39670
Google Chrome 'chrome://downloads' Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/39669
Memorial Web Site Script 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39664
AJ Shopping Cart 'maincatid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39661
GetSimple CMS Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/39660
3Com H3C SR6600 SNMP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39659
Apple Mac OS X HFS Hard Links Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39658
In-Portal 'config.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/39652
http://www.trendmicro.co.jp/support/news.asp?id=1397
Debian update for cacti
http://secunia.com/advisories/39572/
+ MySQL 5.1.46 released
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-46.html
+ OpenLDAP 2.4.22 Released
http://www.openldap.org/software/release/announce.html
http://www.openldap.org/software/release/changes.html
Anti-Virus updates issue with Endpoint Security Server
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk43593&src=securityAlerts
UTM-1 Edge W Embedded NGX 7.0.48x reflected XSS vulnerability (low severity)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk34520&src=securityAlerts
Linux Kernel release: 2.6.33.3-rc2
http://www.linux.org/news/2010/04/23/0002.html
Linux Kernel release: 2.6.32.12-rc2
http://www.linux.org/news/2010/04/23/0001.html
PostgreSQL Maestro 10.4 released
http://www.postgresql.org/about/news.1196
New Continuent Tungsten for PostgreSQL v. 1.3
http://www.postgresql.org/about/news.1195
ウイルスパターンファイル 7.115.80 7.115.00 7.115.50 における誤警告情報
http://www.trendmicro.co.jp/support/news.asp?id=1401
RHBA-2010:0375-: kexec-tools bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0375.html
SecurityReason.com : MacOS X 10.6.3 filesystem hfs Denial of Service Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32416
Bonsai : OS Command Injection in Cacti <= 0.8.7e http://www.criticalwatch.com/support/security-advisories.aspx?AID=32411
Hewlett-Packard : HP Virtual Machine Manager (VMM) for Windows, Unauthorized Access, Privilege Elevation
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32417
Hewlett-Packard : HP System Management Homepage, XSS, DoS, Execution of Arbitrary Code, Unauthorized Access
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32418
Hewlett-Packard : HP-UX Running BIND, Remote Compromise of NXDOMAIN Responses
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32420
Astaro Security Gateway、ネクスト・イットが24時間サポートを標準で提供
http://itpro.nikkeibp.co.jp/article/NEWS/20100423/347456/?ST=security
JVNDB-2010-001333 複数の Oracle 製品の ImageIO コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001333.html
JVNDB-2010-001332 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001332.html
JVNDB-2010-001331 複数の Oracle 製品の ImageIO コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001331.html
JVNDB-2010-001330 Oracle Sun Java が Java アプレットの署名を正しく検証しない脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001330.html
JVNDB-2010-001329 複数の Oracle 製品の Java 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001329.html
JVNDB-2010-001328 複数の Oracle 製品の Sound コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001328.html
JVNDB-2010-001327 複数の Oracle 製品の Java 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001327.html
JVNDB-2010-001326 複数の Oracle 製品の Pack200 コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001326.html
JVNDB-2010-001325 複数の Oracle 製品の Java 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001325.html
JVNDB-2010-001324 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001324.html
JVNDB-2010-001323 複数の Oracle 製品の Sound コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001323.html
JVNDB-2010-001322 複数の Oracle 製品の Java 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001322.html
JVNDB-2010-001321 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001321.html
JVNDB-2009-002474 PHP におけるスーパーグローバル配列 SESSION の割り込み領域が破壊される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002474.html
JVNDB-2009-002473 PHP の htmlspecialchars 関数におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002473.html
JVNDB-2009-002404 PHP における multipart/form-data POST リクエストの処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002404.html
JVNDB-2009-002200 Samba の smbd におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002200.html
JVNDB-2009-001737 Apache Tomcat における Web アプリケーションに関連するファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001737.html
JVNDB-2009-001736 Apache Tomcat における有効なユーザ名を列挙される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001736.html
JVNDB-2009-000037 Apache Tomcat におけるサービス運用妨害(DoS)の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000037.html
JVNDB-2009-000036 Apache Tomcat における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000036.html
Vulnerability in Referer for DataLife Engine
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00217.html
ZDI-10-078: Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vul
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00218.html
[ MDVSA-2010:071 ] mozilla-thunderbird
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00219.html
[HITB-Announce] HITBSecConf2010 - Dubai - Presentation Materials
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00212.html
In-portal 5.0.3 Remote Arbitrary File Upload Exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00214.html
[HITB-Announce] HITBSecConf2009 - Malaysia Videos Released!
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00216.html
IWD Group SQL Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00215.html
Novell ZENworks Configuration Management UploadServlet File Upload Bug Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Apr/1023914.html
Manual Verification of SSL/TLS Certificate Trust Chains using Openssl
http://isc.sans.org/diary.html?storyid=8686
Honey, my laptop is acting funny again
http://isc.sans.org/diary.html?storyid=8689
Shadowserver botnet rules
http://isc.sans.org/diary.html?storyid=8683
Data Redaction: You're Doing it Wrong
http://isc.sans.org/diary.html?storyid=8680
Memorial Web Site Script "id" SQL Injection Vulnerability
http://secunia.com/advisories/39579/
In-portal FCKeditor File Upload Security Issue
http://secunia.com/advisories/39559/
FlashCard "id" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39484/
GetSimple CMS Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/39464/
libESMTP Two Spoofing Vulnerabilities
http://secunia.com/advisories/39576/
Microsoft Windows "SfnLOGONNOTIFY()" and "SfnINSTRING()" Denial of Service
http://secunia.com/advisories/39456/
HP Insight Control Virtual Machine Manager Multiple Vulnerabilities
http://secunia.com/advisories/39583/
MDaemon Server Two Denial of Service Vulnerabilities
http://secunia.com/advisories/39542/
Intel C++ Compiler Professional Edition for Linux Privilege Escalation
http://secunia.com/advisories/39511/
HP-UX update for BIND
http://secunia.com/advisories/39582/
IBM DB2 Data Manipulation and Buffer Overflow Vulnerabilities
http://secunia.com/advisories/39500/
AJ Shopping Cart "maincatid" SQL Injection Vulnerability
http://secunia.com/advisories/39551/
3Com H3C SR6600 Series SNMP Denial of Service
http://secunia.com/advisories/39479/
Apache Tomcat Authentication Header Information Disclosure
http://secunia.com/advisories/39574/
Apache ActiveMQ Source Code Disclosure Vulnerability
http://secunia.com/advisories/39567/
Rumba ftp Client 4.2 PASV BoF (SEH)
http://www.exploit-db.com/exploits/12380
HP Digital Imaging (hpodio08.dll) Insecure Method Exploit
http://www.exploit-db.com/exploits/12367
WM Downloader v3.0.0.9 Buffer Overflow (Meta)
http://www.exploit-db.com/exploits/12388
Easyzip 2000 v3.5 (.zip) 0day stack buffer overflow PoC exploit
http://www.exploit-db.com/exploits/12379
ZipWrangler 1.20 (.zip) SEH 0day exploit
http://www.exploit-db.com/exploits/12368
HP Virtual Machine Manager Unauthorized Access Vulnerability
http://www.vupen.com/english/advisories/2010/0983
IBM DB2 REPEAT Buffer Overflow and TLS Renegotiation Vulnerabilities
http://www.vupen.com/english/advisories/2010/0982
HP-UX BIND Remote DNS Cache Poisoning Vulnerability
http://www.vupen.com/english/advisories/2010/0981
Apache Tomcat WWW-Authenticate Header Hostname Disclosure
http://www.vupen.com/english/advisories/2010/0980
Apache ActiveMQ Request Handling Source Disclosure Vulnerability
http://www.vupen.com/english/advisories/2010/0979
PhpTroubleTicket Multiple Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/0978
phpunity.newsmanager Multiple Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/0977
phpBugTracker Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/0976
PacerCMS Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/0975
more.groupware Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/0974
ATutor "course" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0973
Karra Multiple SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/0972
Cacti 'export_item_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39653
RETIRED: OnePound Shop 'id' Parameter Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/39570
Google Chrome 'chrome://net-internals' Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/39667
Apache 'mod_isapi' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38494
Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38491
Novell ZENworks Configuration Management Remote Execution Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39114
Archery Scores Component for Joomla! 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39545
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/34256
libESMTP X.509 Certificate 'match_component()' Domain Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/38538
libESMTP NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/38528
IBM DB2 'REPEAT()' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37976
Todd Miller Sudo 'sudoedit' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38362
Apache Subrequest Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38580
GetDLE Lab Group Perexody Module for DataLife Engine HTML Injection Vulnerability
http://www.securityfocus.com/bid/39670
Google Chrome 'chrome://downloads' Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/39669
Memorial Web Site Script 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39664
AJ Shopping Cart 'maincatid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39661
GetSimple CMS Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/39660
3Com H3C SR6600 SNMP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39659
Apple Mac OS X HFS Hard Links Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39658
In-Portal 'config.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/39652
登録:
投稿 (Atom)