InterScan for Microsoft Exchange 10.0 公開とサポートサービス開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1399
ソフトウェア等の脆弱性関連情報に関する届出状況
[2010年第1四半期(1月~3月)]
http://www.ipa.go.jp/security/vuln/report/vuln2010q1.html
McAfee、Windows XP破壊問題で家庭/ホームオフィスユーザーの復旧費用を補償
http://itpro.nikkeibp.co.jp/article/NEWS/20100427/347533/?ST=security
JVNDB-2010-001345 IntelliCom NetBiter デバイスにおけるデフォルトパスワードの問題
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001345.html
JVNDB-2010-001344 MIT Kerberos の kadmind におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001344.html
JVNDB-2010-001343 Foxit Reader に任意のコード実行が可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001343.html
JVNDB-2010-001342 Windows 7 上で稼働する Mozilla Firefox における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001342.html
JVNDB-2010-001341 Broadcom NetXtreme 管理用ファームウェアにバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001341.html
JVNDB-2010-001340 AirPort Utility におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001340.html
JVNDB-2010-001180 Apple Safari の ColorSync における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001180.html
JVNDB-2010-001171 Microsoft Internet Explorer における解放済みメモリを使用する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001171.html
JVNDB-2010-001081 Squid の lib/rfc1035.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001081.html
JVNDB-2009-002340 Apple Mac OS X の QuickDraw Manager におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002340.html
JVNDB-2009-002319 SSL および TLS プロトコルに脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002319.html
JVNDB-2009-002318 OpenLDAP における任意の SSL サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002318.html
JVNDB-2009-002198 Squid の strListGetItem 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002198.html
JVNDB-2009-001925 libtiff の LZWDecodeCompat 関数におけるバッファアンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001925.html
JVNDB-2007-000330 Red Hat および MIRACLE LINUX の sendmail におけるメール送信元を偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000330.html
PulledPork v0.4.1 is released!
http://isc.sans.org/diary.html?storyid=8698
VMWare vMA and ESX Service Console NTPD Packet Reply Loop Vulnerability
http://www.securiteam.com/securitynews/5SP3G1P15S.html
JBoss Enterprise Application Platform Bugs Let Remote Users Bypass Authentication and Access Potentially Sensitive Information
http://securitytracker.com/alerts/2010/Apr/1023918.html
JBoss Application Server Web Console Flaw Lets Remote Users Bypass Authentication
http://www.securitytracker.com/id?1023917
AlstraSoft EPay Enterprise Input Validation Flaw in 'cid' Parameter Lets Remote Users Inject SQL Commands
http://securitytracker.com/alerts/2010/Apr/1023916.html
HTML Purifier Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39613/
Red Hat JBoss Enterprise Application Platform Three Security Issues
http://secunia.com/advisories/39563/
NetBSD update for ntp
http://secunia.com/advisories/39593/
Slackware update for irssi
http://secunia.com/advisories/39620/
+ Linux kernel 2.6.33.3, 2.6.32.12 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33.3
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.12
+ Apache Tomcat Web Application Manager / Host Manager Cross-Site Request Forgery
http://secunia.com/advisories/39261/
+? Widnows XP TCP/IP Stack Security Issue (ARP for non RFC 1918 addresses)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00228.html
- Internet Explorer XSS Filter Cross-Site Scripting Weakness
http://secunia.com/advisories/39578/
HPSBMA02488 SSRT100013 rev.2 - HP ProLiant Support Pack 8.30 for Windows, Remote Code Execution, Information Disclosure
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01997644
Announcing phpMyAdmin's GSoC 2010 projects
http://sourceforge.net/news/?group_id=23067&id=285909
Velocity Engine 1.7-beta1 released
http://velocity.apache.org/news.html#engine17beta1
Linux Kernel release: 2.6.33.3
http://www.linux.org/news/2010/04/26/0002.html
Linux Kernel release: 2.6.32.12
http://www.linux.org/news/2010/04/26/0001.html
Downloading VMware products and troubleshooting issues with downloads
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1012245&sliceId=1&docTypeID=DT_KB_1_1
Slackware Linux : slackware-security irssi
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32423
Ubuntu Security Notice : FFmpeg regression
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32422
Corelan Security Team : Easyzip 2000 .zip Stack BOF
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32431
Independent Researcher : HP System Management Homepage(SMH) URL Redirection Abuse
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32430
Independent Researcher : phpegasus 'config.php' Arbitrary File Upload Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32434
Corelan Security Team : ZipWrangler 1.2 .zip Stack Buffer Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32429
Independent Researcher : A XSS in User_ChkLogin.asp of PowerEasy 2006
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32433
Independent Researcher : SmodCMS 'config.php' Arbitrary File Upload Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32435
Corelan Security Team : CommView Network Monitor And Analyzer v6.1 b644 - cv2k1.sys DoS (BSOD)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32427
Debian : New cacti packages fix missing input sanitising
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32425
Independent Researcher : In-portal 5.0.3 Remote Arbitrary File Upload Exploit
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32432
MustLive : Vulnerability in Referer for DataLife Engine
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32428
New vulnerabilities in CMS SiteLogic
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00232.html
Conference on Cyber Conflict: speakers selected!
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00234.html
[USN-931-2] FFmpeg regression
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00223.html
[security bulletin] HPSBUX02508 SSRT100007 rev.2 - HP-UX Running sendmail with STARTTLS Enab
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00227.html
NovaStor NovaNet <= 13.0 issues http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00229.html
t210: Call for Papers 2010 (Helsinki / Finland)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00226.html
phpegasus config.php Arbitrary File Upload Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00224.html
Widnows XP TCP/IP Stack Security Issue (ARP for non RFC 1918 addresses)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00228.html
SmodCMS config.php Arbitrary File Upload Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00225.html
Madirish Webmail 2.01 (basedir) RFI/LFI Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00230.html
hashdays 2010 - Call for Papers (#days CFP)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00221.html
A XSS in User_ChkLogin.asp of PowerEasy 2006
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00222.html
[SECURITY] [DSA 2039-1] New cacti packages fix missing input sanitising
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00220.html
JVNDB-2010-001339 Windows 上で稼働する Apple iTunes のインストールパッケージにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001339.html
JVNDB-2010-001338 Apple iTunes におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001338.html
JVNDB-2010-001337 Windows 上で稼働する Apple QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001337.html
JVNDB-2010-001336 Windows 上で稼働する Apple QuickTime の QuickTime.qts における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001336.html
JVNDB-2010-001335 Windows 上で稼働する Apple QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001335.html
JVNDB-2010-001334 Apple QuickTime における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001334.html
JVNDB-2010-001071 Apache Tomcat におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001071.html
JVNDB-2010-001070 Apache Tomcat におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001070.html
JVNDB-2010-001069 Apache Tomcat の autodeployment プロセスにおける意図された認証要件を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001069.html
JVNDB-2009-002257 libpng における初期化されていないメモリ内の情報の一部を読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002257.html
JVNDB-2009-001883 Ruby の BigDecimal ライブラリにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001883.html
JVNDB-2009-001637 Vim の Python インターフェースの src/if_python.c における信頼性のない検索パスの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001637.html
JVNDB-2009-001115 Apache Tomcat のサンプル用 calendar アプリケーションにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001115.html
JVNDB-2008-001822 Vim におけるエスケープ文字を適切に処理しないことに関する任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001822.html
JVNDB-2008-001821 Vim における適切に入力をサニタイズしないことに関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001821.html
JVNDB-2008-001181 UnZip の NEEDBITS マクロにおける無効なバッファ領域を参照してしまう問題
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001181.html
JVNDB-2002-000124 xterm にエスケープシーケンスによりウィンドウタイトルを改変される脆弱性
http://jvndb.jvn.jp/ja/contents/2002/JVNDB-2002-000124.html
New VRT Rulepack Changes (all Snort Users should read)
http://isc.sans.org/diary.html?storyid=8692
Snort 2.8.6 is released!
http://isc.sans.org/diary.html?storyid=8695
Vulnerable Sites Database
http://isc.sans.org/diary.html?storyid=8701
Palm Pre WebOS Input Validation Flaw Lets Remote Users Inject Commands
http://securitytracker.com/alerts/2010/Apr/1023915.html
CommView cv2k1.sys Denial of Service Vulnerability
http://secunia.com/advisories/39569/
IBM WebSphere Application Server for z/OS Multiple Vulnerabilities
http://secunia.com/advisories/39628/
openMairie openComInterne "dsn[phptype]" Local File Inclusion Vulnerability
http://secunia.com/advisories/39623/
openMairie openCourrier File Inclusion Vulnerabilities
http://secunia.com/advisories/39624/
DataLife Engine Referer Module Script Insertion Vulnerability
http://secunia.com/advisories/39571/
Apache Tomcat Web Application Manager / Host Manager Cross-Site Request Forgery
http://secunia.com/advisories/39261/
HP-UX Unspecified Denial of Service Vulnerability
http://secunia.com/advisories/39537/
NCT Jobs Portal Script SQL Injection Vulnerabilities
http://secunia.com/advisories/39601/
NKInFoWeb "id_sp" SQL Injection Vulnerability
http://secunia.com/advisories/39609/
ZipWrangler ZIP Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/39575/
G5-Scripts Guestbook PHP Script Insertion Vulnerabilities
http://secunia.com/advisories/39596/
Rumba FTP Client Directory Listing Buffer Overflow
http://secunia.com/advisories/39589/
openMairie openPlanning File Inclusion Vulnerabilities
http://secunia.com/advisories/39606/
openMairie openPresse "dsn[phptype]" Local File Inclusion Vulnerability
http://secunia.com/advisories/39605/
openMairie openFoncier File Inclusion Vulnerabilities
http://secunia.com/advisories/39607/
Sethi Family Guestbook Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/39597/
Ektron CMS400.NET Multiple Vulnerabilities
http://secunia.com/advisories/39547/
Palm Pre WebOS SMS Client Script Execution Vulnerability
http://secunia.com/advisories/39518/
Internet Explorer XSS Filter Cross-Site Scripting Weakness
http://secunia.com/advisories/39578/
Avast! 4.7 aavmker4.sys privilege escalation
http://www.exploit-db.com/exploits/12406
IDEAL Migration 2009 v4.5.1 Local Buffer Overflow Exploit
http://www.exploit-db.com/exploits/12404
IDEAL Administration 2010 v10.2 Local Buffer Overflow Exploit
http://www.exploit-db.com/exploits/12403
MDaemon Message and Email Handling Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/0988
Slackware Security Update Fixes Irssi Security Bypass and DoS Issues
http://www.vupen.com/english/advisories/2010/0987
Debian Security Update Fixes Cacti SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0986
Fedora Security Update Fixes aMSN Improper SSL Validation Issue
http://www.vupen.com/english/advisories/2010/0985
Mandriva Security Update Fixes Thunderbird Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/0984
Apache Subrequest Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38580
Apache 'mod_isapi' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38494
Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38491
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Oracle Database Change Data Capture Remote SQL Injection Vulnerability
http://www.securityfocus.com/bid/39422
HTC Touch SMS Preview Popup Script Injection Vulnerability
http://www.securityfocus.com/bid/39640
Palm WebOS SMS Script Injection Vulnerability
http://www.securityfocus.com/bid/39678
AlstraSoft EPay Enterprise Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39680
openMairie openRegistreCIL Local and Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/39611
Ektron CMS400.NET Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/39679
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/29732
HP System Management Homepage 'RedirectUrl' Parameter URI Redirection Vulnerability
http://www.securityfocus.com/bid/39676
Irssi Denial of Service and SSL Hostname Verification Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/39377
aMSN SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35507
CommView 'cv2k1.sys' Driver Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39705
Kasseler CMS 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39703
Zip Wrangler ZIP File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39700
Uiga Personal Portal 'view' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39699
NCT Jobs Portal Script Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39694
NovaStor NovaNET Multiple Code Execution, Denial of Service, Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/39693
ALPHA CMS 'Absolute_Path' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39691
PHPegasus 'connectors/php/config.php' Remote File Upload Vulnerability
http://www.securityfocus.com/bid/39686
Sethi Family Guestbook Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/39684
Rumba FTP Client File Name Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39683
iNetScripts Arbitrary File Upload Vulnerability
2010-04-25
http://www.securityfocus.com/bid/39706
PowerEasy 'ComeUrl' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39696
G5-Scripts Guestbook PHP 'guestbook.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/39687
WHMCS 'deptid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39681
0 件のコメント:
コメントを投稿