- Solaris Daylight Saving Time (DST) Update (Jan through Apr 2010)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-276190-1
- HS10-005: CA ARCserve Backupに関するセキュリティ問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-005/index.html
CA20100318-01 : CA ARCserve Backupセキュリティに関するお知らせ
http://www.casupport.jp/resources/info/CA20100318-01.htm
ALERT WEEKLY SUMMARY REPORT
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275470-1
UPDATED: HS10-003: EUR Form 製品,およびEUR 製品におけるセキュリティ問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-003/index.html
いわゆる Gumblar ウイルスによってダウンロードされる DDoS 攻撃を行うマルウエアに関する注意喚起
http://www.jpcert.or.jp/at/2010/at100011.txt
JPCERT/CC WEEKLY REPORT 2010-04-28
http://www.jpcert.or.jp/wr/2010/wr101601.html
JVNDB-2010-001353 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001353.html
JVNDB-2010-001352 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001352.html
JVNDB-2010-001351 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001351.html
JVNDB-2010-001350 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001350.html
JVNDB-2010-001349 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001349.html
JVNDB-2010-001348 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001348.html
JVNDB-2010-001347 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001347.html
JVNDB-2010-001346 Adobe Reader および Acrobat におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001346.html
JVNDB-2010-001159 Apache HTTP Server の mod_isapi における脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001159.html
JVNDB-2010-001005 Linux kernel の r8169 ドライバにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001005.html
JVNDB-2009-002187 Apache HTTP Server の ap_proxy_ftp_handler 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002187.html
JVNDB-2009-002016 APR ライブラリおよび APR-util ライブラリにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002016.html
JVNDB-2009-001892 Apache httpd の mod_deflate モジュールにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001892.html
JVNDB-2009-001845 Apache APR-util の apr_brigade_vprintf 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001845.html
JVNDB-2009-001844 Apache APR-util の XML パーサにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001844.html
JVNDB-2009-001843 Apache APR-util の apr_strmatch_precompile 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001843.html
JVNDB-2008-001610 Apache の mod_proxy_ftp モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001610.html
JVNDB-2008-001453 Apache HTTP Server の ap_proxy_http_process_response() 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001453.html
JVNDB-2008-001030 Apache の mod_proxy_ftp における UTF-7 エンコードに関するクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001030.html
Layer 2 Security - L2TPv3 for Disaster Recovery Sites
http://isc.sans.org/diary.html?storyid=8704
HP System Insight Manager Flaws Let Remote Authenticated Users Gain Elevated Privileges and Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks
http://securitytracker.com/alerts/2010/Apr/1023927.html
+ Linux Kernel 'gfs2_quota' Structure Write Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39715
+ Linux Kernel VM/VFS 'invalidatepage()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39569
++ Linux Kernel Bluetooth Sysfs File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38898
- Linux Kernel 'find_keyring_by_name()' Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39719
- Linux Kernel 'tcp_rcv_state_process()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39016
HPSBMA02525 SSRT100083 rev.1 - HP System Insight Manager Running on HP-UX, Linux, and Windows , Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Privilege Elevation
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02027185
Apache HTTP Server Track at ApacheCon North America 2010
http://na.apachecon.com/c/acna2010/
ASTERIA Developer Network へようこそ!
http://asteria.jp/news/20100428-000000.html
Document ID: 351342: The Newest Release Patches from Veritas Operations Services ( VOS )
http://seer.entsupport.symantec.com/docs/351342.htm
Restarting the Management agents on an ESX or ESXi Server
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1003490&sliceId=1&docTypeID=DT_KB_1_1
Independent Researcher : PoC for ZDI-10-078
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32440
Red Hat : Important: kernel security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32438
SuSE : SUSE Security Summary Report
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32436
Debian : New spamass-milter packages fix regression
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32437
Independent Researcher : NovaStor NovaNet <= 13.0 issues http://www.criticalwatch.com/support/security-advisories.aspx?AID=32442
[security bulletin] HPSBMA02525 SSRT100083 rev.1 - HP System Insight Manager Running on HP-UX, Linux, and Windows , Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Privilege Elevation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00241.html
XSS vulnerability in Zikula Application Framework
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00235.html
XSS vulnerability in Zikula Application Framework
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00237.html
[security bulletin] HPSBMA02488 SSRT100013 rev.2 - HP ProLiant Support Pack 8.30 for Windows, Remote Code Execution, Information Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00240.html
Zikula Application Framework Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/39614/
Infocus Real Estate Enterprise Edition Two SQL Injection Vulnerabilities
http://secunia.com/advisories/39625/
PowerEasy SiteWeaver "ComeUrl" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39627/
Opera Content Writing Uninitialised Memory Vulnerability
http://secunia.com/advisories/39590/
Amiro.CMS Multiple Vulnerabilities
http://secunia.com/advisories/39457/
gitolite Security Bypass Weaknesses
http://secunia.com/advisories/39587/
Kasseler CMS Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39591/
G5-Scripts Auto-Img-Gallery "user" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39599/
Wing FTP Server HTTP Directory Traversal Vulnerability
http://secunia.com/advisories/39629/
Wing FTP Server Information Disclosure Vulnerabilities
http://secunia.com/advisories/39586/
Webessence CMS Security Issue and Vulnerability
http://secunia.com/advisories/39550/
Webessence CMS "id" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39540/
iNetScripts Free Upload Script File Upload Vulnerability
http://secunia.com/advisories/39584/
SmodCMS FCKeditor File Upload Security Issue
http://secunia.com/advisories/39595/
IDEAL Migration Ideal Project File Parsing Buffer Overflow Vulnerability
http://secunia.com/advisories/39598/
IDEAL Administration 2010 Ideal Project File Parsing Buffer Overflow
http://secunia.com/advisories/39594/
CMScout "album" SQL Injection Vulnerability
http://secunia.com/advisories/39602/
Alstrasoft EPay Enterprise "cid" SQL Injection
http://secunia.com/advisories/39611/
Joomla Password Reset Weakness and Session Fixation Vulnerability
http://secunia.com/advisories/39616/
HTML Purifier Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39613/
Red Hat JBoss Enterprise Application Platform Three Security Issues
http://secunia.com/advisories/39563/
NetBSD update for ntp
http://secunia.com/advisories/39593/
Slackware update for irssi
http://secunia.com/advisories/39620/
Bigant Messenger <= v2.52 - (AntCore.dll) RegisterCom() Remote 0day Heap Overflow Exploit http://www.exploit-db.com/exploits/12417
Opera Browser "document.write()" Uninitialized Memory Vulnerability
http://www.vupen.com/english/advisories/2010/0999
CMScout "album" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0998
IDEAL Migration 2009 Project File Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0997
IDEAL Administration 2010 Project File Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0996
Apache Tomcat Web Application Manager / Host Manager Vulnerability
http://www.vupen.com/english/advisories/2010/0995
IBM WebSphere Application Server for z/OS Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/0994
NetBSD Security Update Fixes NTP Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/0993
Redhat Security Update Fixes JBoss EAP Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/0992
Turbolinux Security Update Fixes Sudo Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2010/0991
Turbolinux Security Update Fixes Cpio Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0990
Turbolinux Security Update Fixes Tar Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0989
Namazu 'namazu.cgi' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/28380
Amiro.CMS 'forum_sign' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39633
Free Realty 'agentadmin.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39712
Gitolite Security Bypass Vulnerability
http://www.securityfocus.com/bid/39711
JBoss Enterprise Application Platform Multiple Vulnerabilities
http://www.securityfocus.com/bid/39710
Linux Kernel RTL8169 NIC 'RxMaxSize' Frame Size Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37521
MIT Kerberos 'src/kdc/do_tgs_req.c' Ticket Renewal Double Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39599
MediaWiki 'CSS validation' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38621
MediaWiki 'thumb.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/38617
Apache Subrequest Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38580
SystemTap '__get_argv()' and '__get_compat_argv()' Local Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/38120
ClamAV Security Bypass And Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/39262
Avast! Home/Professional Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/28502
Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37966
SystemTap 'stat-server' Remote Arbitrary Command Injection Vulnerability
http://www.securityfocus.com/bid/37842
GNOME GLib Symbolic Link Arbitrary File Access Vulnerability
http://www.securityfocus.com/bid/36313
Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38491
Linux Kernel 'tcp_rcv_state_process()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39016
Linux Kernel 'net/mac80211/' Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/37170
Linux Kernel GFS/GFS2 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39101
CommView 'cv2k1.sys' Driver Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39705
Microsoft Visual Studio Active Template Library NULL String Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35830
Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35828
Microsoft Visual Studio ATL 'VariantClear()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35832
Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39303
SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability
http://www.securityfocus.com/bid/38578
GNU nano Multiple Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/39502
Linux Kernel Bluetooth Sysfs File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38898
Linux Kernel VM/VFS 'invalidatepage()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39569
Linux Kernel USB interface Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39042
Linux Kernel ReiserFS Security Bypass Vulnerability
http://www.securityfocus.com/bid/39344
NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37255
Joomla Graphics Joomla! Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39743
NoticeBoard Joomla! Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39742
ABC Joomla Extension com_abc 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/39741
SmartSite Joomla! Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39740
Ultimate Portfolio Joomla! Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39739
Acoustica CD/DVD Label Maker '.m3u' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39738
CLScript Classifieds Script 'hpId' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39737
HP Systems Insight Manager Unspecified Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/39736
HP Systems Insight Manager Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39735
HP Systems Insight Manager Unspecified Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39734
PHP-Quick-Arcade Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/39733
Help Center Live 'file' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39732
Infocus Real Estate Script 'system_member_login.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39731
Pointdev IDEAL Migration & IDEAL Administration '.ipj' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39729
2daybiz Auction Script 'index.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39728
Wing FTP Server Versions Prior to 3.4.1 Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/39727
Webessence CMS SQL Injection and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/39726
i-Net Online Community Site Script SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/39725
Amiro.CMS Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/39724
Ramaas Software CMS Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/39723
BigAnt Office Messenger 'AntCore.dll' ActiveX Control Multiple Heap Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/39721
EasyZip ZIP Archive Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39720
Linux Kernel 'find_keyring_by_name()' Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39719
Linux Kernel 'gfs2_quota' Structure Write Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39715
Auto-Img-Gallery 'upload.cgi' Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/39714
PostNuke modload Module 'sid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39713
0 件のコメント:
コメントを投稿