ALERT WEEKLY SUMMARY REPORT
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275470-1
侵入防御ファイアウォール 1.2 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1388
テキストログ監視にてエラー「0x80070005」が出力される
http://www.say-tech.co.jp/support/bom-for-windows/0x80070005/index.shtml
セキュリティ製品のファイアウォール機能による通信遮断について
http://www.say-tech.co.jp/support/bom-for-windows/post-45/index.shtml
チベットやインドを監視するスパイ・ネット、政府機関やダライ・ラマ事務所のPCを攻撃
http://itpro.nikkeibp.co.jp/article/NEWS/20100407/346764/?ST=security
JPCERT/CC WEEKLY REPORT 2010-04-07
http://www.jpcert.or.jp/wr/2010/wr101301.html
JVNVU#902793 IntelliCom NetBiter デバイスにおけるデフォルトパスワードの問題
http://jvn.jp/cert/JVNVU902793/index.html
JVN#49467403 Internet Explorer における情報漏えいの脆弱性
http://jvn.jp/jp/JVN49467403/index.html
JVNDB-2010-000011 Internet Explorer における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000011.html
JVNDB-2010-001218 Cisco IOS における SCCP メッセージの処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001218.html
JVNDB-2010-001217 Cisco IOS における SCCP メッセージの処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001217.html
JVNDB-2010-001216 Cisco IOS における TCP セグメントの処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001216.html
JVNDB-2010-001215 複数の Mozilla 製品のブラウザエンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001215.html
JVNDB-2010-001214 Mac OS X 上で稼働する Mozilla Firefox の gfxTextRun::SanitizeGlyphRuns 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001214.html
JVNDB-2010-001213 Mozilla Firefox の TraceRecorder::traverseScopeChain 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001213.html
The Many Paths to Security Awareness
http://isc.sans.org/diary.html?storyid=8581
CA XOsoft SOAP Interface Discloses Potentially Sensitive Information to Remote Users
http://securitytracker.com/alerts/2010/Apr/1023827.html
CA XOsoft SOAP Interface Discloses Valid Usernames to Remote Users
http://securitytracker.com/alerts/2010/Apr/1023826.html
CA XOsoft Buffer Overflows Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Apr/1023824.html
Linux Kernel SCTP Processing Flaw Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/Apr/1023823.html
Oracle Java SE and Java for Business CVE-2010-0089 Remote Java Web Start Vulnerability
http://www.securityfocus.com/bid/39095
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
+ RHSA-2010:0343-1: Important: krb5 security and bug fix update
http://rhn.redhat.com/errata/RHSA-2010-0343.html
- Microsoft Office Communicator SIP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39221
[ANNOUNCE] Postgres-XC V.0.9 is now available
https://sourceforge.net/projects/postgres-xc/
[ANNOUNCE] py-postgresql v1.0 released
http://python.projects.postgresql.org/docs/1.0/changes.html
[ANNOUNCE] ODBC-Link 1.0 for PostgreSQL released
http://www.cybertec.at/en/postgresql_downloads
[ANNOUNCE] Apache Directory Studio 1.5.3 released
http://directory.apache.org/studio/downloads.html
phpMyAdmin 3.3.2-rc1 is released
http://sourceforge.net/news/?group_id=23067&id=285057
Corelan Security Team : Jzip (.zip) Unicode bof Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32237
Independent Researcher : Miranda TLS MitM with XMPP/Jabber protocol
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32235
Debian : New xpdf packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32220
Debian : New imlib2 packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32221
「ガンブラー」の被害が止まらない、サイト管理者は注意
IPAが注意喚起、「サイト更新用パソコンのアクセス制御を」
http://itpro.nikkeibp.co.jp/article/NEWS/20100407/346755/?ST=security
JVNVU#570177 Foxit Reader に任意のコード実行が可能な脆弱性
http://jvn.jp/cert/JVNVU570177/index.html
JVNVU#507652 Oracle Sun Java が Java アプレットの署名を正しく検証しない脆弱性
http://jvn.jp/cert/JVNVU507652/index.html
ZDI-10-067: Apple QuickTime Pict BkPixPat Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00061.html
[SECURITY] [DSA 2030-1] New mahara packages fix sql injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00060.html
ZDI-10-066: CA XOsoft Control Service entry_point.aspx Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00059.html
MITKRB5-SA-2010-003 [CVE-2010-0629] denial of service in kadmind in older krb5 r
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00058.html
ZDI-10-065: CA XOsoft xosoapapi.asmx Multiple Remote Code Execution Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00057.html
CA20100406-01: Security Notice for CA XOsoft
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00056.html
Hack.lu 2010 CfP
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00054.html
Miranda TLS MitM with XMPP/Jabber protocol
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00055.html
ZDI-10-063: Mozilla Firefox Cross Document DOM Node Moving Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00052.html
Vulnerabilities in TAK cms
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00051.html
ZDI-10-062: Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Remote Code Execution Vulne
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00050.html
[SECURITY] [DSA 2029-1] New imlib2 packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00053.html
JVNDB-2010-001212 Mozilla Firefox の非同期認証プロンプト実装における信頼できる認証ダイアログになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001212.html
JVNDB-2010-001211 複数の Mozilla 製品の CSSLoaderImpl::DoSheetComplete 関数におけるウェブページのレンダリングを中断される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001211.html
JVNDB-2010-001210 Mozilla Firefox の nsDocument::MaybePreLoadImage 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001210.html
JVNDB-2010-001209 Mozilla Firefox の imgContainer::InternalAddFrameHelper 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001209.html
Application Logs
http://isc.sans.org/diary.html?storyid=8578
JAMWiki "message" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39335/
Sun Java System Web Server WebDAV Locking File Disclosure
http://secunia.com/advisories/39235/
Joomla! Shoutbox Pro Component "controller" Local File Inclusion Vulnerability
http://secunia.com/advisories/39352/
Miranda TLS "STARTTLS" Security Bypass Security Issue
http://secunia.com/advisories/39346/
Wolf CMS Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39323/
PhotoPost vBGallery Two SQL Injection Vulnerabilities
http://secunia.com/advisories/39152/
FreePHPBlogSoftware "phpincdir" File Inclusion Vulnerability
http://secunia.com/advisories/39321/
FlatPress lastcomments Plugin Script Insertion Vulnerability
http://secunia.com/advisories/39328/
Debian update for imlib2
http://secunia.com/advisories/39340/
Debian update for xpdf
http://secunia.com/advisories/39327/
Joomla! JInventory Component "controller" Local File Inclusion Vulnerability
http://secunia.com/advisories/39351/
Vulnerability Note VU#902793: IntelliCom NetBiter devices have default HICP passwords
http://www.kb.cert.org/vuls/id/902793
Kerberos kadmind Memory Error Lets Remote Authenticated Users Deny Service
http://securitytracker.com/alerts/2010/Apr/1023821.html
Sun Java System Web Server Discloses Contents of Arbitrary Files to Remote Users
http://securitytracker.com/alerts/2010/Apr/1023820.html
Foxit Reader Launch Action Command Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Apr/1023819.html
Sun Java System Web Server "LOCK" File Disclosure Vulnerability
http://www.vupen.com/english/advisories/2010/0813
Miranda IM "STARTTLS" SSL Encryption Security Bypass Issue
http://www.vupen.com/english/advisories/2010/0812
JInventory for Joomla "controller" Parameter File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/0811
ilchClan "cid" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0810
SVMap for Joomla "controller" Parameter File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/0809
LoginBox Pro for Joomla "view" Local File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/0808
BCA RSS Syndicator for Joomla "controller" File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/0807
Magic Updater for Joomla "controller" Local File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/0806
Turbolinux Security Update Fixes CUPS Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/0805
Turbolinux Security Update Fixes Webnavi Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/0804
Debian Security Update Fixes imlib2 Multiple Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/0803
Debian Security Update Fixes Xpdf Multiple Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/0802
Internal Information Disclosure in McAfee Email Gateway (formerly IronMail)
http://www.exploit-db.com/exploits/12091
Local Privilege Escalation in McAfee Email Gateway (formerly IronMail)
http://www.exploit-db.com/exploits/12090
OpenSSL 'bn_wexpend()' Error Handling Unspecified Vulnerability
http://www.securityfocus.com/bid/38562
Apple QuickTime PICT File Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39140
XTerm Window Title Reporting Escape Sequence Command Execution Vulnerability
http://www.securityfocus.com/bid/6940
Microsoft Internet Explorer Uninitialized Memory (CVE-2010-0267) Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39023
Microsoft Internet Explorer HTML Rendering Uninitialized Memory Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39024
Microsoft Internet Explorer (CVE-2010-0494) Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39047
Microsoft Internet Explorer 'iepeers.dll' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38615
Microsoft Internet Explorer Race Condition (CVE-2010-0489) Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39026
Microsoft Internet Explorer 'Tabular Data Control' ActiveX Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39025
Microsoft Internet Explorer Uninitialized Memory (CVE-2010-0490) Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39031
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Microsoft Internet Explorer Post Encoding Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39028
Microsoft Internet Explorer CTimeAction Object Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39030
Mozilla Firefox WOFF-Based Font Decoder Integer Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38298
Horde Turba Contact Manager '/imp/test.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/31168
Apple QuickTime H.264 Movie File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39159
RETIRED: IntelliCom NetBiter webSCADA Multiple Default Password Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/37328
Mozilla Firefox Cross Document DOM Node Movement Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38952
Python zlib Module Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/28715
Miranda IM Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39209
RETIRED: Simple Machines Forum Avatar Upload Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/39007
Oracle Java SE and Java for Business CVE-2010-0088 Remote Java Runtime Environme Vulnerability
http://www.securityfocus.com/bid/39081
Oracle Java SE and Java for Business CVE-2010-0092 Remote Vulnerability
http://www.securityfocus.com/bid/39090
Oracle Java SE and Java for Business CVE-2010-0093 Remote Vulnerability
http://www.securityfocus.com/bid/39088
Oracle Java SE and Java for Business CVE-2010-0091 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/39096
Oracle Java SE and Java for Business CVE-2010-0085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/39094
'imlib2' Library Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/31880
OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39013
Mahara Username Generation SQL Injection Vulnerability
http://www.securityfocus.com/bid/39253
NextGEN Gallery WordPress Plugin 'xml/media-rss.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39250
Computer Associates XOsoft Unspecified SOAP Request Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39249
JOOFORGE Jukebox Component for Joomla! 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39248
MIT Kerberos kadmind 'server_stubs.c' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/39247
Affiliate Feeds Component for Joomla! 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39246
Computer Associates XOsoft Username Enumeration Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39244
Joomla! J!WHMCS Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39243
McAfee Email Gateway Prior To 6.7.2 Hotfix 2 Multiple Vulnerabilities
http://www.securityfocus.com/bid/39242
Joomla! Highslide JS Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39239
Computer Associates XOsoft Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/39238
Joomla! Seber Cart Component 'view' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39237
FreePHPBlogSoftware 'default_theme.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/39233
JevonCMS Multiple Remote and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/39228
ilchClan 'cid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39226
JAMWiki 'message' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39225
LionWiki Remote File Upload Vulnerability
http://www.securityfocus.com/bid/39224
Foxit Reader 'Date()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/39223
Joomla! News Portal Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39222
Microsoft Office Communicator SIP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39221
Joomla! Freestyle FAQ Lite Component 'faqid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39220
Joomla! 'com_serie' Component 'spielerid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39217
Joomla! 'com_svmap' Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39214
You're welcome ...
返信削除