[ MDVSA-2010:070-1 ] firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00186.html
JPCERT/CC WEEKLY REPORT 2010-04-21
http://www.jpcert.or.jp/wr/2010/wr101501.html
Kerberos KDC Double Free in process_tgs_req() May Let Remote Authenticated Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Apr/1023904.html
+ zlib 1.2.5 released
http://www.zlib.net/
http://www.zlib.net/ChangeLog.txt
+ RHSA-2010:0360-1: Moderate: wireshark security update
http://rhn.redhat.com/errata/RHSA-2010-0360.html
+ RHSA-2010:0361-1: Moderate: sudo security update
http://rhn.redhat.com/errata/RHSA-2010-0361.html
- HPSBUX02508 SSRT100007 rev.2 - HP-UX Running sendmail with STARTTLS Enabled, Remote Unauthorized Access
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02009860
Firefox 3.6.4 beta available for download and testing
http://developer.mozilla.org/devnews/index.php/2010/04/20/firefox-3-6-4-beta-available-for-download-and-testing/
HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02029444
Corelan Security Team : HP Operations Manager for Windows, Remote Execution of Code (srcvw4.dll and srcvw32.dll)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32381
Mandriva : emacs
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32375
Apple : Apple iPhone 3.1.2 (7D11) Model MB702LL Mobile Safari Denial-of-Service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32380
JVNDB-2010-001299 複数の Mozilla 製品の XMLDocument::load 関数におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001299.html
JVNDB-2010-001298 Mozilla Firefox/SeaMonkey におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001298.html
JVNDB-2010-001297 Mozilla Firefox/SeaMonkey における任意の JavaScript を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001297.html
JVNDB-2010-001296 Mozilla Firefox/SeaMonkey における任意の JavaScript を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001296.html
JVNDB-2010-001295 Mozilla Firefox/SeaMonkey における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001295.html
JVNDB-2010-001294 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001294.html
JVNDB-2010-001293 複数の Mozilla 製品 の nsTreeSelection の実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001293.html
JVNDB-2010-001292 複数の Mozilla 製品 のブラウザエンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001292.html
JVNDB-2010-001291 複数の Mozilla 製品 のブラウザエンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001291.html
SYM10-007: Security Advisories Relating to Symantec Products - Symantec Altiris Deployment Solution dbmanager Denial of Service
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100420_00
MITKRB5-SA-2010-004 [CVE-2010-1320] double free in KDC
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00178.html
CSRF in e107
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00177.html
Vbulletin - Two-Step External Link XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00180.html
[ MDVSA-2010:076-1 ] openssl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00176.html
[USN-931-1] FFmpeg vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00179.html
Are You Ready for a Transportation Collapse...?
http://isc.sans.org/diary.html?storyid=8653
HP-UX semctl(2)/semop(2) Lets Local Users Deny Service
http://securitytracker.com/alerts/2010/Apr/1023905.html
IBM Cognos 8 Business Intelligence Unspecified Flaw Has Unspecified Impact
http://securitytracker.com/alerts/2010/Apr/1023903.html
mod_auth_shadow Race Condition Lets Remote Users Bypass Access Controls
http://securitytracker.com/alerts/2010/Apr/1023898.html
MusicBox "id" SQL Injection Vulnerability
http://secunia.com/advisories/39476/
Joomla BeeHeard Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/39475/
DotNetNuke System Messages Information Disclosure Weakness
http://secunia.com/advisories/39466/
RJ-iTop Network Vulnerabilities Scan System "id" SQL Injection Vulnerability
http://secunia.com/advisories/39404/
mod_auth_shadow "wait()" Race Condition Security Bypass
http://secunia.com/advisories/39502/
IBM Cognos 8 Business Intelligence Unspecified Vulnerability
http://secunia.com/advisories/39451/
Joomla Online News Paper Manager Two SQL Injection Vulnerabilities
http://secunia.com/advisories/39536/
CMS Ariadna SQL Injection Vulnerabilities
http://secunia.com/advisories/39486/
HP Operations Manager SourceView ActiveX Control Buffer Overflow
http://secunia.com/advisories/39538/
Joomla! iNetLanka Multiple root Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/39531/
Joomla! iNetLanka Multiple map Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/39530/
Kleophatra CMS "module" Cross-Site Scripting and File Enumeration
http://secunia.com/advisories/39515/
Cybozu Products Login Security Bypass Vulnerability
http://secunia.com/advisories/39508/
openMairie openReglement File Inclusion Vulnerabilities 95 views
http://secunia.com/advisories/39494/
Joomla GBU Facebook Component "face_id" SQL Injection Vulnerability
http://secunia.com/advisories/39487/
Ubuntu update for ffmpeg
http://secunia.com/advisories/39482/
Ubuntu update for kdebase-workspace
http://secunia.com/advisories/39481/
Red Hat update for java-1.6.0-sun
http://secunia.com/advisories/39402/
EasyFTP Server <= 1.7.0.2 CWD Buffer Overflow (Metasploit) http://www.exploit-db.com/exploits/12312
Acritum Femitter v1.03 Directory Traversal Exploit
http://www.exploit-db.com/exploits/12310
Mongoose Web Server v2.8 Multiple Directory Traversal Exploits
http://www.exploit-db.com/exploits/12309
MultiThreaded HTTP Server v1.1 Source Disclosure
http://www.exploit-db.com/exploits/12308
MultiThreaded HTTP Server v1.1 Directory Traversal
http://www.exploit-db.com/exploits/12304
HP-UX Security Update Fixes Local Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/0948
IBM Cognos Business Intelligence Unspecified Security Vulnerability
http://www.vupen.com/english/advisories/2010/0947
HP Operations Manager ActiveX Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0946
OpenMairie openReglement Multiple File Inclusion Vulnerabilities
http://www.vupen.com/english/advisories/2010/0945
GBU Facebook "face_id" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0944
CMS Ariadna "tipodoc_id" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0943
Redaxo "REX[INCLUDE_PATH]" Remote File Inclusion Vulnerabilities
http://www.vupen.com/english/advisories/2010/0942
OpenMairie openScrutin Remote and Local File Inclusion Vulnerabilities
http://www.vupen.com/english/advisories/2010/0941
Archery Scores for Joomla "controller" Local File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/0940
dl_stats Remote SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/0939
TweakFS Zip Utility for FSX Archive Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0938
Huawei EchoLife HG520 Series Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2010/0937
Redhat Security Update Fixes Java Argument Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0936
Ubuntu Security Update Fixes FFmpeg Memory Corruption Vulnerabilities
http://www.vupen.com/english/advisories/2010/0935
Ubuntu Security Update Fixes KDE Display Manager Vulnerability
http://www.vupen.com/english/advisories/2010/0934
Mandriva Security Update Fixes OpenSSL Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/0933
Mozilla Firefox CVE-2010-1122 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39293
Mozilla Firefox/Thunderbird/SeaMonkey 'nsIContentPolicy' Security Bypass Vulnerability
http://www.securityfocus.com/bid/39479
Mozilla Firefox/Thunderbird/Seamonkey CVE-2010-0167 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/38944
Mozilla Firefox 'TraceRecorder::traverseScopeChain()' Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38939
Mozilla Firefox Asynchronous HTTP Authorization Prompt Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38920
Mozilla Firefox Image Preloading Content-Policy Check Security Bypass Vulnerability
http://www.securityfocus.com/bid/38927
Mozilla Firefox 'multipart/x-mixed-replace' Image Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38921
Mozilla Firefox 'window.location' Same Origin Policy Security Bypass Vulnerability
http://www.securityfocus.com/bid/38919
KDE KDM Insecure File Permission Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39467
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Todd Miller Sudo 'sudoedit' Path Resolution Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39468
Todd Miller Sudo 'sudoedit' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38362
GnuTLS X.509 Certificate Serial Number Decoding Remote Security Vulnerability
http://www.securityfocus.com/bid/38959
Mongoose HTTP Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/34510
Symantec Altiris Deployment Solution 'dbmanager.exe' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38410
Microsoft Internet Explorer 8 Cross-Site Scripting Filter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37135
iSCSI Enterprise Target and tgt Multiple Format String Vulnerabilities
http://www.securityfocus.com/bid/39127
Wireshark 1.2.2 and 1.0.9 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36846
Wireshark Dissector LWRES Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/37985
Wireshark 0.9.0 through 1.2.4 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37407
Wireshark 1.2.0 Multiple Vulnerabilities
http://www.securityfocus.com/bid/35748
Wireshark ERF File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36591
Joomla! AWD Wall Component 'cbuser' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/38194
gource Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/39529
Oracle Java SE and Java for Business Unspecified Vulnerabilities
http://www.securityfocus.com/bid/39492
GNU Emacs Email Helper Insecure File Creation Vulnerability
http://www.securityfocus.com/bid/39039
Libnids 'ip_fragment.c' Null Pointer Deference Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39142
MIT Kerberos kadmind 'server_stubs.c' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/39247
ClamAV Security Bypass And Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/39262
CUPS 'lppasswd' Tool Localized Message String Security Weakness
http://www.securityfocus.com/bid/38524
QEMU Virtio Networking Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37201
MIT Kerberos 'src/kdc/do_tgs_req.c' Ticket Renewal Double Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39599
Trellian FTP 'PASV' Command Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39598
vBulletin Two-Step External Link Module 'externalredirect.php' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/39597
Uploader 0.7 Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/39595
Acritum Femitter Server URI Directory Traversal Vulnerability
http://www.securityfocus.com/bid/39594
dl_stats Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39592
HTTP 1.1 GET Request Directory Traversal Vulnerability
http://www.securityfocus.com/bid/39590
CactuShop '_invoice.asp' Script HTML Injection Vulnerability
http://www.securityfocus.com/bid/39587
DotNetNuke System Message Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39586
JTM Reseller Joomla! Component 'author' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39584
Joomla! Online News Paper Manager Component Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39582
Musicbox 'genre_artists.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/39581
0 件のコメント:
コメントを投稿