+ MySQL 5.1.46 released
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-46.html
MySQL 5.1.47 (Not yet released)
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html
InterScan WebManager Lite Service Pack 2 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1396
XSS and Content Injection in HTC Windows Mobile SMS Preview PopUp
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00211.html
Don't Be Fooled by Twitter Spam in Your Inboxhttp://isc.sans.org/diary.html?storyid=8674
In-Portal 'config.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/39652
+ Low: Information disclosure in authentication headers CVE-2010-1157
http://tomcat.apache.org/security-5.html#Fixed_in_subversion_for_Apache_Tomcat_5.5.x
http://tomcat.apache.org/security-6.html#Fixed_in_subversion_for_Apache_Tomcat_6.0.x
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32410
http://www.exploit-db.com/exploits/12343
http://www.securityfocus.com/bid/39635
+ Windows 2000/XP/2003 win32k.sys SfnINSTRING local kernel Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00207.html
http://www.securityfocus.com/bid/39631
+ Windows 2000/XP/2003 win32k.sys SfnLOGONNOTIFY local kernel Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00206.html
http://www.securityfocus.com/bid/39630
+ OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39013/
- A Security Vulnerability Relating to Certificate Handling in sendmail(1M) Versions Prior to 8.14.4 May Allow Server Identification Forgery
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275870-1
GCC 4.4.4 Release Candidate available from gcc.gnu.org
http://gcc.gnu.org/ml/gcc/2010-04/msg00527.html
HPSBUX02514 SSRT100010 rev.1 - 有効なAudFilterルールを実行するHP-UX、ローカルサービス拒否 (DoS)
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02104563&docLocale=ja_JP&admit=109447627+1271985136184+28353475
HPSBUX02509 SSRT100032 rev.1 - NFS/ONCplusを実行するHP-UX、自動的に有効化されるNFS
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02104562
- HPSBUX02508 SSRT100007 rev.2 - STARTTLSが有効なsendmailを実行するHP-UX、リモート不正アクセス
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02104561
- HPSBUX02503 SSRT100019 rev.1 - Javaを実行するHP-UX、リモートからの権限拡大、サービス拒否およびその他の脆弱性
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02104560
- HPSBUX02479 SSRT090212 rev.1 - HP CIFS Server (Samba) を実行するHP-UX、リモート不正アクセス
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02104559
Linux Kernel release: 2.6.33.3-rc1
http://www.linux.org/news/2010/04/22/0002.html
Linux Kernel release: 2.6.32.12-rc1
http://www.linux.org/news/2010/04/22/0001.html
DBI-1.610_91 Development released
http://search.cpan.org/~timb/DBI-1.610_91/
Independent Researcher : Amiro CMS SQL Injection
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32407
Apache Project : Apache Tomcat information disclosure vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32410
Cisco : Video Surveillance Cameras and 4-Port Gigabit Security Routers Authentication Bypass Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32402
Core Security Technologies : User Invoices Persistent XSS Vulnerability in CactuShop
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32404
Corelan Security Team : ZipGenius v6.3.1.2552 zgtips.dll Stack Buffer Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32405
RHBA-2010:0368-1: lvm2 bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0368.html
Apache ActiveMQ is prone to source code disclosure vulnerability.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00209.html
[security bulletin] HPSBMA02494 SSRT090168 rev.1 - HP Virtual Machine Manager (VMM) for Windows,
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00200.html
[security bulletin] HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage (SMH) for Linux
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00205.html
Windows 2000/XP/2003 win32k.sys SfnINSTRING local kernel Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00207.html
Windows 2000/XP/2003 win32k.sys SfnLOGONNOTIFY local kernel Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00206.html
CfP: GameSec 2010 - Deadline is 3 weeks away!
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00202.html
[security bulletin] HPSBUX02519 SSRT100004 rev.1 - HP-UX Running BIND, Remote Compromise of
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00208.html
Security-Assessment.com WhitePaper/Addendum: Cross Context Scripting with Firefox & Exploiti
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00201.html
[SECURITY] CVE-2010-1157: Apache Tomcat information disclosure vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00203.html
Vulnerabilities in NovaBoard
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00210.html
JVNDB-2010-001320 複数の Oracle 製品の Java 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001320.html
JVNDB-2010-001319 複数の Oracle 製品の Sound コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001319.html
JVNDB-2010-001318 複数の Oracle 製品の Sound コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001318.html
JVNDB-2010-001317 複数の Oracle 製品の HotSpot Server コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001317.html
JVNDB-2010-001316 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001316.html
JVNDB-2010-001315 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001315.html
JVNDB-2010-001314 複数の Oracle 製品の HotSpot Server コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001314.html
JVNDB-2010-001313 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001313.html
JVNDB-2010-001312 複数の Oracle 製品の Java Web Start または Java Plug-in コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001312.html
JVNDB-2010-001311 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001311.html
JVNDB-2010-001310 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001310.html
JVNDB-2010-001309 複数の Oracle 製品の Java Web Start または Java Plug-in コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001309.html
JVNDB-2010-001308 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001308.html
HP Virtual Machine Manager for Windows Lets Remote Authenticated Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Apr/1023913.html
Rising Antivirus 'RsAssist.sys' IOCTL Processing Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Apr/1023912.html
VLC Media Player Buffer Overflows Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Apr/1023911.html
WB News Two Script Insertion Vulnerabilities
http://secunia.com/advisories/39516/
LightNEasy File Manager Plugin Local File Inclusion and File Disclosure Vulnerabilities
http://secunia.com/advisories/39517/
Joomla! Portfolio Component Command Injection and File Enumeration
http://secunia.com/advisories/39512/
Cacti Command Injection Vulnerabilities
http://secunia.com/advisories/39570/
Cacti "export_item_id" SQL Injection Vulnerability
http://secunia.com/advisories/39568/
Huawei HG520 Two Vulnerabilities
http://secunia.com/advisories/39491/
Joomla! Webmoney WMI Component "controller" Local File Inclusion Vulnerability
http://secunia.com/advisories/39539/
Joomla MMS Blog Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/39533/
Xftp Long Command Buffer Overflow Vulnerability
http://secunia.com/advisories/39554/
ZipGenius "zgtips.dll" Buffer Overflow Vulnerability
http://secunia.com/advisories/39497/
VLC Media Player Multiple Vulnerabilities
http://secunia.com/advisories/39558/
Cisco Small Business Video Surveillance and Security Routers Security Bypass
http://secunia.com/advisories/39510/
Rising Antivirus 2010 RsAssist.sys Privilege Escalation Vulnerability
http://secunia.com/advisories/39557/
SUSE update for acroread
http://secunia.com/advisories/39560/
Fedora update for seamonkey
http://secunia.com/advisories/39549/
Fedora update for krb5
http://secunia.com/advisories/39548/
: Metasploit 3.4 Coming in May
http://www.metasploit.com/
: Metasploit Express Announced!
http://www.metasploit.com/
FuturCMS SQL Injection and Multiple Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/0971
Ebay Clone Script SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/0970
AzDGDatingMedium Multiple Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/0969
Xftp Response Processing Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0968
VLC Media Player Data Processing Memory Corruption Vulnerabilities
http://www.vupen.com/english/advisories/2010/0967
ZipGenius "zgtips.dll" Filename Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0966
Cisco Small Business Video Surveillance Cameras Vulnerability
http://www.vupen.com/english/advisories/2010/0965
Rising Antivirus 2010 "RsAssist.sys" Privilege Escalation Vulnerabilities
http://www.vupen.com/english/advisories/2010/0964
Fedora Security Update Fixes krb5 Double-Free Vulnerability
http://www.vupen.com/english/advisories/2010/0963
Fedora Security Update Fixes Seamonkey Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/0962
SuSE Security Update Fixes Acroread Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/0961
Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure vulnerability
http://www.exploit-db.com/exploits/12343
Xftp client 3.0 PWD Remote Exploit
http://www.exploit-db.com/exploits/12332
EDraw Flowchart ActiveX Control 2.3 (.edd parsing) Remote Buffer Overflow PoC
http://www.exploit-db.com/exploits/12342
AlphaUserPoints Joomla! Component 'view' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39393
Multi-Venue Restaurant Menu Manager Joomla! Component 'mid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39382
Joomla! 'com_properties' Component 'aid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39374
Gadget Factory Joomla! Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39547
PHP 'mbstring' Extension Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/32948
OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35174
OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/35001
Namazu 'namazu.cgi' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/28380
libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/32326
OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35138
ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37865
Microsoft Publisher File Conversion Textbox Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39347
Microsoft Windows Kernel Registry Key Symbolic Link Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39323
VLC Media Player 1.0.5 And Prior Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/39629
Xftp 'PWD' Response Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39628
OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39013
MIT Kerberos 'src/kdc/do_tgs_req.c' Ticket Renewal Double Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39599
Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37366
Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
http://www.securityfocus.com/bid/36851
Mozilla Firefox and Thunderbird Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35769
Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
http://www.securityfocus.com/bid/36867
Mozilla Firefox MFSA 2009-47, -48, -49, -50, -51 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36343
Mozilla Thunderbird Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38831
Mozilla SeaMonkey Scriptable Plugin Content Security Bypass Vulnerability
http://www.securityfocus.com/bid/38830
Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/37543
Huawei EchoLife HG520c 'AutoRestart.html' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/39650
FlashCard 'id' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39648
Huawei EchoLife HG520 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39646
JCaptcha Sound File CAPTCHA Security Bypass Vulnerability
http://www.securityfocus.com/bid/39643
EDraw Flowchart ActiveX Control '.edd' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39642
EDraw Flowchart ActiveX Control 'OpenDocument()' Method Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39641
HTC Touch SMS Preview Popup HTML Injection Vulnerability
http://www.securityfocus.com/bid/39640
Cacti Multiple Input Validation Security Vulnerabilities
http://www.securityfocus.com/bid/39639
HP Virtual Machine Manager for Windows Unspecified Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39637
Apache ActiveMQ Source Code Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39636
Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39635
SimpleCaddy Component for Joomla! Unspecified Security Vulnerability
http://www.securityfocus.com/bid/39634
HP System Management Homepage CVE-2010-1034 Unspecified Remote Vulnerability
http://www.securityfocus.com/bid/39632
Microsoft Windows 'SfnINSTRING' Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/39631
Microsoft Windows 'SfnLOGONNOTIFY' Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/39630
Rising Antivirus 2010 'RsAssist.sys' Driver IOCTL Handling Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39627
Thank you, but there are unfortunately links...
返信削除