+ OpenSSH 5.5/5.5p1 released
http://www.openssh.com/txt/release-5.5
マイクロソフト セキュリティ情報 MS10-019 - 緊急: Windows の脆弱性により、リモートでコードが実行される (981210)
http://www.microsoft.com/japan/technet/security/bulletin/MS10-019.mspxコ
Oracle Sun Java Deployment Toolkit の脆弱性について
http://www.ipa.go.jp/security/ciadr/vul/20100416-java.html
ウェブサイト管理者へ:ウェブサイト改ざんに関する注意喚起一般利用者へ:改ざんされたウェブサイトからのウイルス感染に関する注意喚起
http://www.ipa.go.jp/security/topics/20091224.html
セキュア・プログラミング講座
http://www.ipa.go.jp/security/awareness/vendor/programming/index.html
Oracle Sun JDK および JRE の脆弱性に関する注意喚起
http://www.jpcert.or.jp/at/2010/at100010.txt
JVNVU#886582 Oracle Sun Java Deployment Toolkit に引数の検証処理に問題
http://jvn.jp/cert/JVNVU886582/index.html
GNU nano Race Condition Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Apr/1023891.html
Ubuntu update for sudo
http://secunia.com/advisories/39474/
GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37128
+ J2SE JDK/JRE 1.6.0_20 released
http://java.sun.com/javase/6/webnotes/6u20.html
+- Oracle Security Alert CVE-2010-0886
http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html
- Security Vulnerability in the Sun Java System Directory Server May Allow Crafted LDAP Search Requests To Cause A Denial Of Service (DoS) Condition
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275711-1
- This Alert covers the Address Book component of the Sun Java System Communications Express product.
http://sunsolve.sun.com/search/document.do?assetkey=1-66-276630-1
- This Alert covers CVE-2010-0897 for the Sun Java System Directory Server product.
http://sunsolve.sun.com/search/document.do?assetkey=1-66-276210-1
Document ID: 350324: When installing Storage Foundation for Windows or Storage Foundation for Windows with High Availability, proceeding with the installation while not using a License Key causes the installation wizard to close unexpectedly.
http://seer.entsupport.symantec.com/docs/350324.htm
Document ID: 347056: V-16-1-53006 "Unable to connect to VCS engine securely" or "Unable to authenticate logged in user %USERNAME% of domain %DOMAIN% for host %HOSTNAME%" appears when trying to connect to the cluster or start the cluster engine
http://seer.entsupport.symantec.com/docs/347056.htm
ZDI : Apple Preview libFontParser SpecialEncoding Remote Code Execution Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32326
Apple : Security Update 2010-003
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32321
Cisco : Cisco Secure Desktop ActiveX Control Code Execution Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32323
Independent Researcher : xprobe2-ng patch
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32324
Independent Researcher : Micropoint Proactive Denfense Mp110013.sys <= 1.3.10123.0 Local Privilege Escalation Exploit http://www.criticalwatch.com/support/security-advisories.aspx?AID=32328
Mandriva : cups
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32318
Mandriva : cups
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32319
Mandriva : cups
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32320
Vulnerability in CB Captcha for Joomla and Mambo
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00135.html
Ziggurat CMS Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00127.html
[DSECRG-09-049] IBM BladeCenter Management Module - DoS vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00133.html
[DSecRG-09-053] VMware Remoute Console - format string
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00132.html
[CVE-2010-0432] Apache OFBiz Multiple XSS Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00136.html
VUPEN Security Research - Adobe Acrobat and Reader PNG Data Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00130.html
VUPEN Security Research - Adobe Acrobat and Reader JPEG Data Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00137.html
VUPEN Security Research - Adobe Acrobat and Reader BMP Data Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00131.html
VUPEN Web Security Research - WebAsyst Shop-Script Multiple Input Validation Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00129.html
[ MDVSA-2010:073-1 ] cups
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00126.html
[ MDVSA-2010:073 ] cups
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00128.html
Cisco Security Advisory: Cisco Secure Desktop ActiveX Control Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00134.html
JVNDB-2010-001272 Apple Mac OS X の QuickTime におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001272.html
JVNDB-2010-001271 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001271.html
JVNDB-2010-001270 Apple Mac OS X の QuickTime におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001270.html
JVNDB-2010-001269 Apple Mac OS X の PS Normalizer におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001269.html
JVNDB-2010-001268 Apple Mac OS X の アカウント環境設定の実装におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001268.html
JVNDB-2010-001267 Apple Mac OS X の Podcast プロデューサーにおけるワークフローにアクセスされる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001267.html
JVNDB-2008-002430 Perl の rmtree 関数における任意のファイルを削除される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002430.html
JVNDB-2008-002429 Perl の rmtree 関数における任意の setuid バイナリを作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002429.html
JVNDB-2010-001266 Apple Mac OS X のパスワードサーバにおけるログインアクセスを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001266.html
JVNDB-2010-001265 Apple Mac OS X の SFLServer における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001265.html
JVNDB-2009-002525 MySQL の sql/sql_table.cc におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002525.html
JVNDB-2008-002428 Mailman における複数のクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002428.html
JVNDB-2010-001264 Apple Mac OS X の Mail における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001264.html
JVNDB-2010-001183 Apple Safari の ImageIO における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001183.html
JVNDB-2009-002511 MySQL の mysqld におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002511.html
JVNDB-2009-002409 libc における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002409.html
JVNDB-2009-002403 PHP の posix_mkfifo 関数における open_basedir の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002403.html
JVNDB-2009-002402 PHP の tempnam 関数における safe_mode の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002402.html
JVNDB-2009-002399 MySQL における権限チェックを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002399.html
JVNDB-2009-002013 MySQL の dispatch_command 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002013.html
JVNDB-2008-002424 MySQL のコマンドラインクライアントにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002424.html
Javaの新しい脆弱性を突く攻撃出現、国内企業で被害を確認
Webアクセスで被害の恐れ、原因はブラウザーのプラグイン
http://itpro.nikkeibp.co.jp/article/NEWS/20100415/347163/?ST=security
「ウイルスセキュリティZERO」に不具合、PCが起動しなくなる恐れ
誤検知でドライバーソフトを削除、特定の環境のみに影響
http://itpro.nikkeibp.co.jp/article/NEWS/20100415/347161/?ST=security
JPCERT/CC WEEKLY REPORT 2010-04-14
http://www.jpcert.or.jp/wr/2010/wr101401.html
SIP Attacks on internet connected port5060 targeting Asterix servers
http://isc.sans.org/diary.html?storyid=8641
Joomla! Intellectual Property Component "id" SQL Injection Vulnerability
http://secunia.com/advisories/39427/
Joomla Deluxe Blog Factory Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/39473/
Joomla JA Comment Component "view" File Inclusion Vulnerability
http://secunia.com/advisories/39472/
Joomla Love Factory Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/39471/
Joomla MT Fire Eagle Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/39470/
Joomla Photo Battle Component "view" File Inclusion Vulnerability
http://secunia.com/advisories/39469/
Joomla S5 Clan Roster Component Two File Inclusion Vulnerabilities
http://secunia.com/advisories/39468/
Joomla wgPicasa Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/39467/
SecureSphere Web Application and Database Firewall Security Bypass
http://secunia.com/advisories/39463/
Apache OFBiz Cross-Site Scripting and Script Insertion Vulnerabilities
http://secunia.com/advisories/39460/
Momche YUI Image Upload Script Arbitrary File Upload Vulnerability
http://secunia.com/advisories/39458/
netKar Two Vulnerabilities
http://secunia.com/advisories/39387/
Media In Spot CMS "page" Local File Inclusion Vulnerability
http://secunia.com/advisories/39369/
Almnzm "id" SQL Injection Vulnerability
http://secunia.com/advisories/39452/
Tex Live "predospecial()" Integer Overflow Vulnerability
http://secunia.com/advisories/39390/
SUSE update for Mozilla Products
http://secunia.com/advisories/39465/
RPM Select / Elite "lfFaceName" Buffer Overflow Vulnerability
http://secunia.com/advisories/39418/
HP-UX update for OpenSSL
http://secunia.com/advisories/39448/
Cisco Secure Desktop CSDWebInstaller ActiveX Control Vulnerability
http://secunia.com/advisories/39459/
Helix Server and Helix Mobile Server Multiple Vulnerabilities
http://secunia.com/advisories/39279/
GNU nano Two Security Issues
http://secunia.com/advisories/39444/
Magneto Net Resource ActiveX v4.0.0.5 NetShareEnum Exploit (Universal)
http://www.exploit-db.com/exploits/12250
Magneto Net Resource ActiveX v4.0.0.5 NetConnectionEnum Exploit (Universal)
http://www.exploit-db.com/exploits/12248
Magneto Net Resource ActiveX v4.0.0.5 NetFileClose Exploit (Universal)
http://www.exploit-db.com/exploits/12247
OFBiz Input Validation Holes Permit Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Apr/1023886.html
HP-UX Security Update Fixes OpenSSL Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/0891
Cisco Secure Desktop ActiveX Control File Download Vulnerability
http://www.vupen.com/english/advisories/2010/0890
Helix Server and Mobile Server Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/0889
Mandriva Security Update Fixes CUPS Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/0888
Redhat Security Update Fixes Acroread Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/0887
Redhat Security Update Fixes KDE Display Manager Vulnerability
http://www.vupen.com/english/advisories/2010/0886
SuSE Security Update Fixes Code Execution and Security Bypass Issues
http://www.vupen.com/english/advisories/2010/0885
SuSE Security Update Fixes Mozilla Products Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/0884
Apple Mac OS X ATS Font Processing Invalid Index Vulnerability
http://www.vupen.com/english/advisories/2010/0883
WebAsyst Shop-Script FREE File Inclusion and SQL Injection Issues
http://www.vupen.com/english/advisories/2010/0882
sudo "sudoedit" Command Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2010/0881
Visualization Library DAT Processing Buffer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/0880
Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36097
KDE KDM Insecure File Permission Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39467
Todd Miller Sudo 'sudoedit' Path Resolution Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39468
Apple Mac OS X Apple Type Services Embedded Font Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38955
Oracle Java SE and Java for Business Unspecified Vulnerabilities
http://www.securityfocus.com/bid/39492
VMware Remote Console 'connect' Method Remote Format String Vulnerability
http://www.securityfocus.com/bid/39396
Oracle Sun Java System Communications Express CVE-2010-0885 Remote Address Book Vulnerability
http://www.securityfocus.com/bid/39461
Oracle Sun Java System Directory Server CVE-2010-0897 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/39453
RPM Configuration File Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39493
VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39395
Nice to meet you too....
返信削除