2010年5月31日月曜日

31日 月曜日、先負

制御システムセキュリティの信頼性とセキュリティへの取組み強化への提言 ~「制御システムセキュリティの推進施策に関する調査報告書」の公開~
http://www.ipa.go.jp/security/fy21/reports/ics_sec/index.html

セミナー開催のお知らせ 「情報セキュリティ対策の自動化 SCAP」
http://www.ipa.go.jp/security/vuln/seminar/lab_semi_scap_2010.html




+ Courier-IMAP 4.8.0 released
http://www.courier-mta.org/download.php#imap
http://www.courier-mta.org/imap/changelog.html

+ GNU Glibc mntent Newline Processing Error Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/May/1024043.html

- VMSA-2010-0009 ESXi utilities and ESX Service Console third party updates
http://lists.vmware.com/pipermail/security-announce/2010/000093.html

UPDATE: MS10-020 - 緊急: SMB クライアントの脆弱性により、リモートでコードが実行される (980232)
http://www.microsoft.com/japan/technet/security/bulletin/MS10-020.mspx

Firefox 3.6.4 release candidate available for download and testing
http://developer.mozilla.org/devnews/index.php/2010/05/28/firefox-3-6-4-release-candidate-available-for-download-and-testing/

Squid 3.1.4 released
http://www.squid-cache.org/Versions/v3/3.1/RELEASENOTES.html

Linux Kernel release: 2.6.35-rc1
http://www.linux.org/news/2010/05/30/0001.html
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.35-rc1

Samba Team Blog #4
Web sites, Conferences and Coding
http://news.samba.org/

DBI-1.611_90 DEVELOPER RELEASE
http://search.cpan.org/~timb/DBI-1.611_90/

Groones Simple Contact Form (abspath) Remote File Inclusion Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00282.html

SQL injection vulnerability in ImpressPages CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00280.html

SQL injection vulnerability in ImpressPages CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00279.html

SQL injection vulnerability in ImpressPages CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00283.html

Re[2]: DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00277.html

CVE-2010-2020: FreeBSD kernel NFS client local vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00273.html

Administrivia: Real domain names in PoC/exploit examples
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00272.html

[Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00266.html

SQL injection in OSCommerce Add-On Visitor Web Stats
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00270.html

VMSA-2010-0009 ESXi ntp and ESX Service Console third party updates
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00269.html

[USN-945-1] ClamAV vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00268.html

Independent Researcher : SQL injection in OSCommerce Add-On Visitor Web Stats
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32726

MustLive : DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32724

VMware : ESXi ntp and ESX Service Console third party updates
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32723

ウイルス対策ソフト「Security Essentials」をかたる偽ソフト出現
偽警告でユーザーをだます、別のウイルスをダウンロードする機能も
http://itpro.nikkeibp.co.jp/article/NEWS/20100531/348636/?ST=security

JVNDB-2010-001476 Adobe Shockwave Player における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001476.html

JVNDB-2010-001475 Adobe Shockwave Player における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001475.html

JVNDB-2010-001474 Adobe Shockwave Player および Adobe Director における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001474.html

JVNDB-2010-001473 Adobe Shockwave Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001473.html

JVNDB-2010-001472 複数の Microsoft 製品の VBE6.DLL における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001472.html

JVNDB-2010-001471 複数の Microsoft 製品の inetcomm.dll における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001471.html

JVNDB-2009-002541 複数の日立製品におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002541.html

VMware ESX/ESXi Updates
http://isc.sans.org/diary.html?storyid=8872

How Do I Report Malicious Websites? Part 3
http://isc.sans.org/diary.html?storyid=8875

Rogue AV Indictment
http://isc.sans.org/diary.html?storyid=8869

Wireshark SMB file extraction plug-in
http://isc.sans.org/diary.html?storyid=8866

VMware vMA ISC BIND DNSSEC CNAME / DNAME and NXDOMAIN Cache Poisoning
http://secunia.com/advisories/39978/

VMware ESX gzip "unlzw()" Integer Underflow Vulnerability
http://secunia.com/advisories/39975/

VMware vMA Multiple krb5 Vulnerabilities
http://secunia.com/advisories/39977/

VMware vMA kernel Multiple Vulnerabilities
http://secunia.com/advisories/39920/

VMware ESXi update for ntp
http://secunia.com/advisories/39971/

VMware ESXi ntp Mode 7 Request Denial of Service
http://secunia.com/advisories/39972/

VMware ESX Multiple krb5 Vulnerabilities
http://secunia.com/advisories/39973/

VMware ESX GCC libtool Search Path Privilege Escalation Security Issue
http://secunia.com/advisories/39974/

VMware vMA OpenSSL "CRYPTO_free_all_ex_data()" Memory Leak Vulnerability
http://secunia.com/advisories/39976/

VMware vMA GCC libtool Search Path Privilege Escalation Security Issue
http://secunia.com/advisories/39979/

VMware vMA gzip "unlzw()" Integer Underflow Vulnerability
http://secunia.com/advisories/39980/

VMware vMA sudo Privilege Escalation Security Issues
http://secunia.com/advisories/39981/

MediaWiki Cross-Site Scripting and Cross-Site Request Forgery
http://secunia.com/advisories/39922/

Joomla Medi-QnA Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/39965/

Ubuntu update for clamav
http://secunia.com/advisories/39910/

Heimdal GSS-API and kdc NULL Pointer Dereferences Denial of Service
http://secunia.com/advisories/39953/

Core FTP Server / SFTP Server Directory Traversal Vulnerability
http://secunia.com/advisories/39921/

GNU Glibc ELF Header Validation Flaw Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/May/1024044.html

MySQL COM_FIELD_LIST Packet Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/May/1024033.html

MySQL Large Packet Processing Flaw in my_net_skip_rest() Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/May/1024032.html

MySQL COM_FIELD_LIST Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/May/1024031.html

GnuTLS Invalid Hash Algorithm Null Pointer Dereference Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/May/1024020.html

Adobe Photoshop CS4 Extended 11.0 ASL File Handling Remote Buffer Overflow PoC
http://securityreason.com/securityalert/7462

Microsoft Outlook Web Access (OWA) v8.2.254.0 Information Disclosure
http://securityreason.com/securityalert/7461

Orbit Downloader metalink "name" Directory Traversal
http://securityreason.com/securityalert/7460

Multiplatform View State Tampering Vulnerabilities
http://securityreason.com/securityalert/7459

RhinoSoft.com Serv-U 9.0.0.5 WebClient Remote Buffer Overflow
http://securityreason.com/securityalert/7458

Joomla Component com_konsultasi (sid) SQL Injection Vulnerability
http://securityreason.com/securityalert/7457

Joomla Component MS Comment 0.8.0 LFI Vulnerability
http://securityreason.com/securityalert/7456

DBCart (article.php) SQL Injection Vulnerability
http://securityreason.com/securityalert/7455

Joomla Component ActiveHelper LiveHelp 2.0.3 XSS Vulnerabilities
http://securityreason.com/securityalert/7454

Joomla Component FDione Form Wizard lfi vulnerability
http://securityreason.com/securityalert/7453

magnoware datatrack_system 3.5.8019.4 multiple vulns
http://securityreason.com/securityalert/7452

ECShop Search.php 2.7.2 SQL Injection Exploit
http://securityreason.com/securityalert/7451

Nginx 0.8.35 Space Character Remote Source Disclosure
http://www.exploit-db.com/exploits/12810

nginx [engine x] http server <= 0.6.36 Path Draversal http://www.exploit-db.com/exploits/12804

IP2location.dll v1.0.0.1 Function Initialize() Buffer Overflow
http://www.exploit-db.com/exploits/12803

FreeBSD Security Update Fixes nfsclient Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2010/1261

FreeBSD Security Update Fixes OPIE Off-by-one Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1260

OPIE "__opiereadrec()" Function Off-by-one Stack Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1259

Mandriva Security Update Fixes ClamAV Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/1258

Mandriva Security Update Fixes GTK+ Screensaver Bypass Weakness
http://www.vupen.com/english/advisories/2010/1257

Ubuntu Security Update Fixes ClamAV Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/1256

POE-Component-IRC '\r' Command Injection Vulnerability
http://www.securityfocus.com/bid/40114

Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
http://www.securityfocus.com/bid/39538

Core FTP Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/40422

Home FTP Server 'SITE INDEX' Command Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37033

nginx Directory Traversal Vulnerability
http://www.securityfocus.com/bid/40420

Ghostscript './Encoding/' Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40369

Home FTP Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/40419

GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37128

GNU gzip LZW Compression Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37886

GNU Tar and GNU Cpio Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38628

ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37865

ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118

MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities
http://www.securityfocus.com/bid/37749

pam_krb5 Existing/Non-Existing Username Enumeration Weakness
http://www.securityfocus.com/bid/35112

OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/34256

OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31692

OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35174

OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35417

OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35138

OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/35001

Linux Kernel 2.4 and 2.6 Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36304

Linux e1000e Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/37523

Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/26943

Linux Kernel '/drivers/net/r8169.c' Out-of-IOMMU Error Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36706

Linux Kernel Do_Coredump Security Bypass Vulnerability
http://www.securityfocus.com/bid/21591

Red Hat Linux Kernel 'qla2xxx' DriverSecurity Bypass Vulnerability
http://www.securityfocus.com/bid/37876

Linux Kernel 'drivers/firewire/ohci.c' NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/37339

Linux kernel 'O_EXCL' NFSv4 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36472

Linux e1000 Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/37519

Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37068

Linux Kernel 'megaraid_sas' Driver Insecure File Permission Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37019

Red Hat Linux Kernel Routing Implementation Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/37875

NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37255

Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36936

Linux Kernel 64-bit Kernel Register Memory Leak Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36576

Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36639

Linux Kernel with SELinux 'mmap_min_addr' Low Memory NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36051

Linux Kernel 'fasync_helper()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37806

Linux Kernel RTL8169 NIC 'RxMaxSize' Frame Size Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37521

Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/36824

Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36901

Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723

Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36827

Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37069

MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40235

ImpressPages CMS 'admin.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/40431

My Car component for Joomla! Cross-Site Scripting and SQL-Injection Vulnerabilities
http://www.securityfocus.com/bid/40430

Reservations Joomla! Component 'namser' Parameter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/40429

VLC Media Player Multiple Media File Formats Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40428

Ghostscript Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/40426

osCommerce Visitor Web Stats Add-On 'Accept-Language' Header SQL Injection Vulnerability
http://www.securityfocus.com/bid/40425

MediaWiki CSS Input Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40423

Toronja CMS Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/40421

2010年5月28日金曜日

28日 金曜日、赤口

サーバメンテナンスのお知らせ(2010年5月29日)
http://www.trendmicro.co.jp/support/news.asp?id=1419

米下院議員がGoogleに質問状、Street View撮影車両のデータ収集問題で
http://itpro.nikkeibp.co.jp/article/NEWS/20100528/348585/?ST=security

Defacements Statistics 2008 - 2009 - 2010 First quarter
http://www.zone-h.org/news/id/4735




+ FreeBSD-SA-10:04.jail: Insufficient environment sanitization in jail(8)
http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc
http://www.securitytracker.com/id?1024038
http://www.vupen.com/english/advisories/2010/1247
http://www.securityfocus.com/bid/40399

+ FreeBSD-SA-10:05.opie: OPIE off-by-one stack overflow
http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
http://secunia.com/advisories/39963/
http://securityreason.com/securityalert/7450
http://www.securitytracker.com/id?1024040
http://www.securityfocus.com/bid/40403

+ FreeBSD-SA-10:06.nfsclient: Unvalidated input in nfsclient
http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc
http://www.securitytracker.com/id?1024039

+- Linux Kernel 'knfsd' 'current->mm' Modifier Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/40377

Thunderbird 3.1 release candidate now available for download
http://www.mozillamessaging.com/en-US/about/press/archive/2010-05-27-01
http://www.mozillamessaging.com/en-US/thunderbird/3.1rc1/releasenotes/

Apache Tomcat Track at ApacheCon North America 2010
http://na.apachecon.com/c/acna2010/

jetty-7.1.3 released
http://svn.codehaus.org/jetty/jetty/branches/jetty-7/VERSION.txt

RHBA-2010:0445-1: nspluginwrapper bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0445.html

RHEA-2010:0444-1: Openswan enhancement update
http://rhn.redhat.com/errata/RHEA-2010-0444.html

RHBA-2010:0446-1: autofs bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0446.html

RHBA-2010:0447-1: gnupg bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0447.html

FreeBSD : jail
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32705

FreeBSD : opie
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32706

FreeBSD : nfsclient
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32707

FreeBSD : opie
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32708

Maksymilian Arciemowicz : libopie __readrec() off-by one (FreeBSD ftpd remote PoC)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32709

Cisco : Multiple Vulnerabilities in Cisco Network Building Mediator
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32704

EMC : EMC Avamar Denial Of Service Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32716

Hewlett-Packard : HP TestDirector for Quality Center running on AIX, Linux and Solaris, Remote Unauthorized Access
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32717

Hewlett-Packard : HP Business Availability Center Running Apache, Remote Cross Site Scripting (XSS), Cross Site Reques
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32718

JVNDB-2010-001470 TeX Live 2009 および teTeX の dvips における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001470.html

JVNDB-2007-001203 teTeX および TeXlive 2007 の hpc.c における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001203.html

JVNDB-2010-001469 dvipng および teTeX の set.c における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001469.html

JVNDB-2010-001363 IBM WebSphere Application Server における KeyRingPassword のパスワード情報が漏えいする脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001363.html

JVNDB-2010-001362 IBM WebSphere Application Server の管理コンソールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001362.html

JVNDB-2010-001361 IBM WebSphere Application Server におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001361.html

JVNDB-2010-001159 Apache HTTP Server の mod_isapi における脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001159.html

JVNDB-2009-001730 IBM WebSphere Application Server (WAS) の Administrative Console コンポーネントにおける WAS セッションの内容を読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001730.html

[ MDVSA-2010:110 ] clamav
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00263.html

[ MDVSA-2010:109 ] gtk+2.0
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00264.html

EUSecWest 2010 MiniCFP (conf Jun 16/17) and PacSec 2010 CFP (conf Nov 10/11, deadline July 30)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00262.html

Cross Site URL Hijacking by using Error Object in Mozilla Firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00261.html

FreeBSD Security Advisory FreeBSD-SA-10:06.nfsclient
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00260.html

FreeBSD Security Advisory FreeBSD-SA-10:05.opie
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00259.html

FreeBSD Security Advisory FreeBSD-SA-10:04.jail
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00258.html

Static analysis tool exposition (SATE) 2010 Call for participation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00255.html

Sasfis Propagation
http://isc.sans.org/diary.html?storyid=8860

How Do I Report Malicious Websites? Take 2
http://isc.sans.org/diary.html?storyid=8863

Brekeke PBX Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39952/

FreeBSD OPIE "__opiereadrec()" Off-by-One Vulnerability
http://secunia.com/advisories/39963/

OPIE "__opiereadrec()" Off-by-One Vulnerability
http://secunia.com/advisories/39966/

ZoneCheck CGI "ns" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39940/

Pacific Timesheet Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39951/

Cisco Network Building Mediator Products Multiple Vulnerabilities
http://secunia.com/advisories/39904/

MultiShop CMS SQL Injection Vulnerabilities
http://secunia.com/advisories/39958/

Drupal AddonChat Module Security Bypass and Script Insertion Vulnerabilities
http://secunia.com/advisories/39969/

Home FTP Server Web Interface Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39950/

Drupal Scheduler Module Script Insertion Vulnerability
http://secunia.com/advisories/39947/

Fedora update for libprelude
http://secunia.com/advisories/39968/

libprelude libtool Search Path Privilege Escalation Security Issue
http://secunia.com/advisories/39924/

EMC Avamar TCP Packet Processing Denial of Service
http://secunia.com/advisories/39919/

Mozilla Firefox Error Handling Information Disclosure Vulnerability
http://secunia.com/advisories/39925/

Adobe Photoshop CS4 Multiple Vulnerabilities
http://secunia.com/advisories/39934/

Red Hat update for mysql
http://secunia.com/advisories/39915/

Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/39882/

Fedora update for kdenetwork
http://secunia.com/advisories/39917/

libopie __readrec() off-by one (FreeBSD ftpd remote PoC)
http://securityreason.com/securityalert/7450

Adobe Photoshop ASL, ABR, and GRD File Processing Flaws Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/May/1024042.html

OPIE Off-by-One Buffer Overflow Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/May/1024040.html

FreeBSD Parameter Validation Flaw in nfsclient Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/May/1024039.html

FreeBSD jail() Lets Local Users Access Restricted Files
http://securitytracker.com/alerts/2010/May/1024038.html

Google Chrome Multiple Flaws Let Remote Users Spoof URLs, Cause Memory Errors, Bypass the Plugin Blocker Whitelist, and Execute Javascript With Elevated Privileges
http://securitytracker.com/alerts/2010/May/1024037.html

Cisco Network Building Mediator Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/1255

Google Chrome Memory Corruption and Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/1254

EMC Avamar TCP Packets Processing Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1253

Adobe Photoshop CS Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1252

Python "audioop" Module Multiple Integer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/1251

Python "rgbimg" Module Multiple Buffer and Integer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/1250

Redhat Security Update Fixes MySQL Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/1249

Fedora Security Update Fixes KDE KGet Two Vulnerabilities
http://www.vupen.com/english/advisories/2010/1248

FreeBSD Security Update Fixes "jail" Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/1247

Ubuntu Security Update Fixes GNU C Library Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1246

Mandriva Security Update Fixes Kolab Unspecified Vulnerability
http://www.vupen.com/english/advisories/2010/1245

Microsoft Internet Explorer Uninitialized Memory (CVE-2010-0267) Memory Corruption Vulnerability
2010-05-27
http://www.securityfocus.com/bid/39023

ClamAV 'parseicon()' Denial Of Service Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40318

ClamAV 'cli_pdf()' PDF File Processing Denial Of Service Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40317

gnome-screensaver Unlock Dialog Race Condition Lock Bypass Vulnerability
2010-05-27
http://www.securityfocus.com/bid/38211

Ghostscript './Encoding/' Search Path Local Privilege Escalation Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40369

GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
2010-05-27
http://www.securityfocus.com/bid/37128

BackLinkSpider Multiple Cross Site Scripting Vulnerabilities
2010-05-27
http://www.securityfocus.com/bid/40400

Medi-QnA Joomla! Component 'controller' Parameter Local File Include Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40412

FreeBSD OPIE '__opiereadrec()' Off By One Heap Memory Corruption Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40403

Mozilla Firefox Error Handling Information Disclosure Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40401

FreeBSD jail(8) Local Security Bypass Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40399

BackLinkSpider 'cat_id' Parameter SQL Injection Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40398

KDE KGet Security Bypass and Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/40141

Adobe Photoshop Multiple File Types Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/40389

IBM Communications Server for AIX Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40372

Oracle MySQL DROP TABLE MyISAM Symbolic Link Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/40257

Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40106

Oracle MySQL 'COM_FIELD_LIST' Command Packet Security Bypass Vulnerability
http://www.securityfocus.com/bid/40109

HP OpenView Network Node Manager 'getnnmdata.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40070

HP OpenView Network Node Manager 'getnnmdata.exe' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40071

Kolab Groupware Server Image Upload Form Unspecified Vulnerability
http://www.securityfocus.com/bid/37465

Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/26838

Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/27234

Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/30560

Apache 'mod_proxy_balancer' Multiple Vulnerabilities
http://www.securityfocus.com/bid/27236

Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/27237

Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
http://www.securityfocus.com/bid/29653

Brekeke PBX 'pbx/gate' Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/40407

Home FTP Server Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/40405

ZoneCheck 'zc.cgi' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40404

MultiShopCMS Multi Vendor Mall Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/40402

Drupal AddonChat Module Privilege Escalation and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/40393

Drupal Scheduler Module Description HTML Injection Vulnerability
http://www.securityfocus.com/bid/40392

EMC Avamar 'gsan' Service Denial of Service Vulnerability
http://www.securityfocus.com/bid/40390

Multi Shop CMS 'pages.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40388

Cisco Network Building Mediator CVE-2010-0597 Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40386

Cisco Network Building Mediator XML RPC Communication Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40385

Cisco Network Building Mediator System Configuration File Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40384

Cisco Network Building Mediator CVE-2010-0596 Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40383

Cisco Network Building Mediator HTTP Communication Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40382

md5 Encryption Decryption PHP Script 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40381

Cisco Network Building Mediator Default Credentials Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/40380

Linux Kernel 'knfsd' 'current->mm' Modifier Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/40377

2010年5月27日木曜日

27日 木曜日、大安

+ FreeBSD-SA-10:04.jail: Insufficient environment sanitization in jail(8)
http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc

+ FreeBSD-SA-10:05.opie: OPIE off-by-one stack overflow
http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc

+ FreeBSD-SA-10:06.nfsclient: Unvalidated input in nfsclient
http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc

Microsoft Security Bulletin MS10-020 - Critical: Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232) Version: 1.1
http://www.microsoft.com/technet/security/bulletin/MS10-020.mspx?pubDate=2010-05-26

Fedora 13: Rock It!
http://docs.fedoraproject.org/ja-JP/Fedora/13/html/Release_Notes/index.html

VMware Player 3.1 released
http://www.vmware.com/support/player31/doc/releasenotes_player31.html

Linux Kernel release: 2.6.33.5
http://www.linux.org/news/2010/05/26/0003.html

Linux Kernel release: 2.6.32.14
http://www.linux.org/news/2010/05/26/0002.html

Linux Kernel release: 2.6.27.47
http://www.linux.org/news/2010/05/26/0001.html

「Trend Micro InterScan WebManager SCC」サポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1415

Google、Web解析サービスのプライバシー保護機能を強化
http://itpro.nikkeibp.co.jp/article/NEWS/20100527/348541/?ST=security

Facebook、新たなプライバシー設定を実装開始
http://itpro.nikkeibp.co.jp/article/NEWS/20100527/348540/?ST=security

EMC Avamar Unspecified Flaw in gsan Service Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/May/1024036.html




+ Linux kernel 2.6.33.5, 2.6.32.14, 2.6.27.47 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33.5
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.14
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.47

+ RHSA-2010:0442-1: Important: mysql security update
http://rhn.redhat.com/errata/RHSA-2010-0442.html

+ HS10-010: Cosminexusにおける画像処理やTLS/SSL通信の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-010/index.html

+ MOPS-2010-041: PHP strip_tags() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/26/mops-2010-041-php-strip_tags-interruption-information-leak-vulnerability/index.html

+ MOPS-2010-042: PHP setcookie() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/26/mops-2010-042-php-setcookie-interruption-information-leak-vulnerability/index.html

+ MOPS-2010-043: PHP strtok() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/26/mops-2010-043-php-strtok-interruption-information-leak-vulnerability/index.html

+ MOPS-2010-044: PHP wordwrap() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/26/mops-2010-044-php-wordwrap-interruption-information-leak-vulnerability/index.html

+ MOPS-2010-045: PHP str_word_count() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/26/mops-2010-045-php-str_word_count-interruption-information-leak-vulnerability/index.html

+ MOPS-2010-046: PHP str_pad() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/26/mops-2010-046-php-str_pad-interruption-information-leak-vulnerability/index.html

+? Firefox, Internet Explorer, Chrome, Opera and other browsers DoS vulnerabilities
http://securityreason.com/securityalert/7425

- NetVault Backup 8.5.1 released
http://www.bakbone.co.jp/products/nvbu851.html

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Network Building Mediator
http://www.cisco.com/warp/public/707/cisco-sa-20100526-mediator.shtml

Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Network Building Mediator
http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b2dd05.html

APSB10-13: Security update available for Adobe Photoshop CS4
http://www.adobe.com/support/security/bulletins/apsb10-13.html

ALERT WEEKLY SUMMARY REPORT
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275470-1

ウイルス検索エンジン VSAPI 9.120 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1384

UPDATE: HS09-019: Buffer Overflow Vulnerability in Cosminexus, Processing Kit for XML, and Hitachi Developer's Kit for Java
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-019/index.html

HS10-012: CA ARCserve Replicationに関するセキュリティ問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-012/index.html

HS10-011: Groupmax World Wide Web Desktopにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-011/index.html

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Network Building Mediator
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00252.html

[ MDVSA-2010:108 ] kolab-horde-framework
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00248.html

[ MDVSA-2010:108 ] kolab-horde-framework
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00250.html

ESA-2010-007: EMC Avamar Denial Of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00251.html

[security bulletin] HPSBMA02442 SSRT090108 rev.1 - HP Business Availability Center Running Apach
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00249.html

=?us-ascii?Q?Cyberoam_SSL_VPN_Client_-_Plain-text_Storage_of_Username_and?= =?us-asc
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00246.html

CfP: GameSec 2010 - 5 days left to the deadline
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00244.html

[Suspected Spam][USN-944-1] GNU C Library vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00241.html

[ MDVSA-2010:107 ] mysql
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00240.html

Flock web browser v2.5.6 (Remote Memory Corrupt) Crash Exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00239.html

XSS vulnerability in RuubikCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00235.html

SQL injection vulnerability in 360 Web Manager
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00238.html

XSS vulnerability in GetSimple CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00234.html

XSS vulnerability in razorCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00233.html

XSS vulnerability in 360 Web Manager
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00237.html

SQL injection vulnerability in 360 Web Manager
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00236.html

Informatica64 : Bypassing Google Chrome 4 Javascript Filter
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32690

フィッシング詐欺の新手口――「開いているタブが偽サイトに」
研究者がデモを公開、バックグラウンドでタブの内容を変更
http://itpro.nikkeibp.co.jp/article/NEWS/20100527/348511/?ST=security

JPCERT/CC WEEKLY REPORT 2010-05-26
http://www.jpcert.or.jp/wr/2010/wr101901.html

JVNDB-2010-001468 TeX Live 2009 および teTeX の dvipsk/dospecial.c における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001468.html

JVNDB-2010-001467 TeX Live および teTeX の predospecial 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001467.html

JVNDB-2010-001466 RHEL の MMIO 命令デコーダにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001466.html

JVNDB-2010-001465 Linux kernel の drivers/connector/connector.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001465.html

JVNDB-2010-001464 Adobe Photoshop CS4 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001464.html

JVNDB-2010-001463 Microsoft SharePoint Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001463.html

JVNDB-2009-002263 Xpdf および Poppler の ImageStream::ImageStream 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002263.html

JVNDB-2009-002262 Xpdf および Poppler の ObjectStream::ObjectStream 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002262.html

JVNDB-2009-001734 CUPS の pdftops フィルタにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001734.html

JVNDB-2009-001285 Xpdf および CUPS におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001285.html

JVNDB-2009-001267 JBIG2 MMR デコーダにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001267.html

JVNDB-2009-001266 JBIG2 MMR デコーダにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001266.html

JVNDB-2009-001265 JBIG2 デコーダにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001265.html

JVNDB-2009-001264 JBIG2 デコーダにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001264.html

JVNDB-2009-001263 JBIG2 デコーダにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001263.html

JVNDB-2009-001262 JBIG2 デコーダにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001262.html

JVNDB-2009-001261 JBIG2 デコーダにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001261.html

Malware modularization and AV detection evasion
http://isc.sans.org/diary.html?storyid=8857

Cisco Network Building Mediator Lets Remote Users Login and Remote Authenticated Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/May/1024027.html

HP TestDirector for Quality Center Lets Remote Users Gain Unauthorized Access
http://securitytracker.com/alerts/2010/May/1024025.html

CuteSITE CMS Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39864/

razorCMS "content" Script Insertion Vulnerability
http://secunia.com/advisories/39961/

Specialized Data Systems Parent Connect SQL Injection Vulnerabilities
http://secunia.com/advisories/39905/

Ubuntu update for glibc and eglibc
http://secunia.com/advisories/39900/

HP Business Availability Center Multiple Vulnerabilities
http://secunia.com/advisories/39944/

IBM Communications Server for AIX APPC Denial of Service
http://secunia.com/advisories/39909/

HP TestDirector for Quality Center Unspecified Unauthorised Access Vulnerability
http://secunia.com/advisories/39943/

Python audioop Module Integer Overflow Vulnerabilities
http://secunia.com/advisories/39937/

SUSE update for Multiple Packages
http://secunia.com/advisories/39967/

Fedora update for html2ps
http://secunia.com/advisories/39957/

Fedora update for cacti
http://secunia.com/advisories/39954/

Fedora update for openssl
http://secunia.com/advisories/39956/

Joomla Component Percha Gallery 1.6 Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7449

Joomla Component Percha Fields Attach 1.0 Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7448

Shopzilla Affiliate search.php cross-site scripting
http://securityreason.com/securityalert/7447

PHP-Calendar "description" and "lastaction" Cross Site Scripting Vulnerabilities
http://securityreason.com/securityalert/7446

gpEasy <= 1.6.1 CSRF Remote Add Admin Exploit http://securityreason.com/securityalert/7445

Joomla Component Percha Downloads Attach 1.1 Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7444

gpEasy CMS XSS vulnerability
http://securityreason.com/securityalert/7443

Joomla Component Percha Image Attach 1.1 Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7442

The iceberg 'Content Management System' SQL Injection Vulnerability
http://securityreason.com/securityalert/7441

Caucho Technology Resin digest.php Cross Site Scripting Vulnerability
http://securityreason.com/securityalert/7440

LiSK CMS XSS vulnerability
http://securityreason.com/securityalert/7439

Lokomedia CMS Two Vulnerabilities
http://securityreason.com/securityalert/7438

Mathematica on Linux /tmp/MathLink vulnerability
http://securityreason.com/securityalert/7437

Lokomedia CMS (sukaCMS) Local File Disclosure Vulnerability
http://securityreason.com/securityalert/7436

Joomla Component Percha Categories 0.6 Tree Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7435

Advanced Poll 2.08 XSS vulnerability
http://securityreason.com/securityalert/7434

DataLife Engine 8.3 RFI Vulnerability
http://securityreason.com/securityalert/7433

LetoDMS (MyDMS) Local file inclusion/execution and multiple CSRF
http://securityreason.com/securityalert/7432

BS.Player v2.51 build 1022 (Media Library) Remote Buffer Overflow Vulnerability
http://securityreason.com/securityalert/7431

MigasCMS 1.0 SQL Injection
http://securityreason.com/securityalert/7430

Opencatalogue 1.024 Local File Include Vulnerability
http://securityreason.com/securityalert/7429

Saurus CMS 4.7.0 cross site scripting
http://securityreason.com/securityalert/7428

TomatoCMS Script Insertion Vulnerabilities
http://securityreason.com/securityalert/7427

TomatoCMS "q" SQL Injection Vulnerability
http://securityreason.com/securityalert/7426

Firefox, Internet Explorer, Chrome, Opera and other browsers DoS vulnerabilities
http://securityreason.com/securityalert/7425

Joomla Component redTWITTER Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7424

IBM Communications Server for AIX APPC Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1244

HP Business Availability Center Multiple Apache Vulnerabilities
http://www.vupen.com/english/advisories/2010/1243

HP TestDirector for Quality Center Unauthorized Access Vulnerability
http://www.vupen.com/english/advisories/2010/1242

TELE DATA Contact Management Server Directory Traversal Issue
http://www.vupen.com/english/advisories/2010/1241

Zabbix "nav_time" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1240

McAfee Email Gateway Web Access Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/1239

Sun Solaris FTP Server Long Command Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1238

Fedora Security Update Fixes OpenSSL Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1237

Fedora Security Update Fixes html2ps Arbitrary File Disclosure Issue
http://www.vupen.com/english/advisories/2010/1236

Fedora Security Update Fixes Cacti Multiple Input Validation Vulnerabilities
http://www.vupen.com/english/advisories/2010/1235

Redhat Security Update Fixes OpenSSL Two Vulnerabilities
http://www.vupen.com/english/advisories/2010/1234

Redhat Security Update Fixes Kernel Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1233

SuSE Security Update Fixes Code Execution and Security Bypass
http://www.vupen.com/english/advisories/2010/1232

Mandriva Security Update MySQL Buffer Overflow and Security Bypass
http://www.vupen.com/english/advisories/2010/1231


REMARK: SecurityFocus Web site did not response...

2010年5月26日水曜日

26日 水曜日、仏滅

+ GNU glibc 'ld.so' ELF Header Parsing Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40063

+ Linux Kernel 'tipc' Module Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39120

+ Linux Kernel 'release_one_tty()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39480

+ Linux Kernel GFS2 File Attribute Security Bypass Vulnerability
http://www.securityfocus.com/bid/40356

++ Linux Kernel NFS Automount 'symlinks' Denial of Service Vulnerability
http://www.securityfocus.com/bid/39044

On NAS OS 4.20, File Systems may Become OFFLINE After Disabling Checkpoint
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001053.1-1

HPSBMA02491 SSRT100060 rev.1 - Perl を実行する HP Tru64 UNIX、任意コードのリモート実行
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02186655

HPSBGN02315 SSRT071487 rev.1 - HP TestDirector for Quality Center running on AIX, Linux and Solaris, Remote Unauthorized Access
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01373684

HPSBMA02442 SSRT090108 rev.1 - HP Business Availability Center Running Apache, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Denial of Service (DoS)
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01800059

Linux Kernel release: 2.6.33.5-rc1
http://www.linux.org/news/2010/05/25/0004.html

Linux Kernel release: 2.6.32.14-rc1
http://www.linux.org/news/2010/05/25/0003.html

Linux Kernel release: 2.6.27.47-rc2
http://www.linux.org/news/2010/05/25/0002.html

Linux Kernel release: 2.6.27.47-rc1
http://www.linux.org/news/2010/05/25/0001.html

Document ID: 351291: "A cluster node is not available for this operation" when trying to move groups in MSCS after upgrade to 5.0 RP1a.
http://seer.entsupport.symantec.com/docs/351291.htm

Debian : New Linux 2.6.26 packages fix several issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32684

Dan Rosenberg : Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32686

David "skys" Guimaraes : SQL injection vulnerability in Zabbix <= 1.8.1
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32685

Debian : New kdegraphics packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32681

Debian : New postgresql-8.3 packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32682

Debian : New krb5 packages fix denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32683

Mandriva : aria2
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32680

ソフォス、セキュリティ対策ソフト最新版にクラウド型機能搭載
http://itpro.nikkeibp.co.jp/article/NEWS/20100525/348425/?ST=security

London DEFCON May meet - DC4420 - Wed 26th May 2010
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00224.html

Webby Webserver v1.01 - Buffer overflow vulnerability with overwritten structured exception hand
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00215.html

[SECURITY] [DSA 2053-1] New Linux 2.6.26 packages fix several issues
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00213.html

[SECURITY] [DSA 2052-1] New krb5 packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00211.html

[SECURITY] [DSA 2052-1] New krb5 packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00210.html

OSSTMM 3 STAR Released!
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00227.html

SQL injection vulnerability in Zabbix <= 1.8.1
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00228.html

Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00214.html

[ MDVSA-2010:106 ] aria2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00209.html

[SECURITY] [DSA 2051-1] New postgresql-8.3 packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00208.html

[SECURITY] [DSA 2050-1] New kdegraphics packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00204.html

Kingsoft WebShield KAVSafe.sys <= 2010.4.14.609(2010.5.23) Kernel Mode Local Privilege Escalation Vu
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00225.html

Denial of Dervice vulnerability in Helix Mobile Server (RealNetworks) (14.0.0.348) with long string
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00207.html

Secunia Research: Ziproxy Two Integer Overflow Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00206.html

CompleteFTP Server v 4.x "PORT" command Remote DOS exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00201.html

Arbitrary UNC file read in IE 8
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00226.html

[SECURITY] [DSA 2048-1] New dvipng packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00202.html

JV2 Folder Gallery 3.1.1 (popup_slideshow.php) Multiple Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00223.html

[Bkis-01-2010] Multiple Vulnerabilities in BigAce - Bkis
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00221.html

Kingsoft WebShield KAVSafe.sys <= 2010.4.14.609(2010.5.23) Kernel Mode Local Privilege Escalation Vu
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00222.html

[SECURITY] [DSA 2049-1] New barnowl packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00199.html

Vulnerabilities in DS-Syndicate for Joomla
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00220.html

Hustoj is HUST ACM OnlineJudge "fckeditor" file upload security issue
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00216.html

[Bkis-01-2010] Multiple Vulnerabilities in BigAce - Bkis
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00212.html

Ghostscript 8.64 executes random code at startup
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00218.html

[ MDVSA-2010:105 ] openoffice.org
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00200.html

Face book “joke” leads to firing.
http://isc.sans.org/diary.html?storyid=8848

Security people shouldn’t pay the "spam support system" for email lists to send SPAM
http://isc.sans.org/diary.html?storyid=8851

Tabnabbing new method for phishing.
http://isc.sans.org/diary.html?storyid=8854

3Com Intelligent Management Center Flaws Permit Cross-Site Scripting and Directory Traversal Attacks
http://securitytracker.com/alerts/2010/May/1024022.html

Solaris Command Splitting Flaw in 'in.ftpd' Permits Command Injection Attacks
http://securitytracker.com/alerts/2010/May/1024021.html

Authentium Command On Demand ActiveX Control Buffer Overflow Vulnerability
http://www.securiteam.com/securitynews/5MP3K151FW.html

Juniper Secure Access Cross Site Scripting Vulnerability
http://www.securiteam.com/securitynews/5NP3L151FQ.html

ncpfs Package ncpmount, ncpumount and ncplogin Multiple Vulnerabilities
http://www.securiteam.com/unixfocus/5OP3M151FU.html

Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities
http://securityreason.com/securityalert/7423

Ghostscript, multiple arbitrary code execution vulnerabilities
http://securityreason.com/securityalert/7422

SpringSource tc Server unauthenticated remote access to JMX interface
http://securityreason.com/securityalert/7421

Joomla Component Joomla Flickr Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7420

Joomla Component Fabrik Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7419

Joomla Component JA Voice LFI vulnerability
http://securityreason.com/securityalert/7418

HP-UX Running ONCPlus, Remote Denial of Service (DoS), PE
http://securityreason.com/securityalert/7417

Openregistrecil 1.02 (RFI/LFI) Multiple File Include Vulnerability
http://securityreason.com/securityalert/7416

60cycleCMS (DOCUMENT_ROOT) Multiple Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7415

Openfoncier 2.00 (RFI/LFI) Multiple File Include Vulnerability
http://securityreason.com/securityalert/7414

Fedora Security Update Pidgin Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1230

Fedora Security Update Fixes Aria2 Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2010/1229

Mandriva Security Update Fixes Aria2 Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2010/1228

Mandriva Security Update Fixes OpenOffice.org Vulnerabilities
http://www.vupen.com/english/advisories/2010/1227

Mandriva Security Update Fixes Dovecot Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1226

Ubuntu Security Update Fixes PostgreSQL Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1225

rPath Security Update Fixes OpenSSL Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/1224

Debian Security Update Fixes Kernel Security Bypass and DoS
http://www.vupen.com/english/advisories/2010/1223

Debian Security Update Fixes krb5 Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1222

Debian Security Update Fixes PostgreSQL Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1221

Debian Security Update Fixes kdegraphics Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1220

Debian Security Update Fixes dvipng Array Indexing Vulnerabilities
http://www.vupen.com/english/advisories/2010/1219

Debian Security Update Fixes BarnOwl Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1218

Debian Security Update Fixes Pidgin Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/1217

Debian update for linux-2.6
http://secunia.com/advisories/39830/

Sun Solaris FTP Server Long Command Processing Vulnerability
http://secunia.com/advisories/39856/

Debian update for krb5
http://secunia.com/advisories/39849/

The Uniform Server Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39913/

USR5463 802.11g Wireless Router Cross-Site Request Forgery
http://secunia.com/advisories/39889/

ManageEngine ADManager Plus "computerName" Cross-Site Scripting
http://secunia.com/advisories/39901/

Debian update for kdegraphics
http://secunia.com/advisories/39938/

Debian update for postgresql-8.3
http://secunia.com/advisories/39939/

GNU glibc 'ld.so' ELF Header Parsing Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40063

GNU glibc 'strfmon()' Function Integer Overflow Weakness
http://www.securityfocus.com/bid/36443

Oracle MySQL Malformed Packet Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40100

Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40106

Oracle MySQL 'COM_FIELD_LIST' Command Packet Security Bypass Vulnerability
http://www.securityfocus.com/bid/40109

Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935

OpenSSL 'bn_wexpend()' Error Handling Unspecified Vulnerability
http://www.securityfocus.com/bid/38562

OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38533

OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39013

OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31692

html2ps 'include file' Server Side Include Directive Directory Traversal Vulnerability
http://www.securityfocus.com/bid/36524

Cacti Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/40332

Cacti 'rra_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/40149

U.S.Robotics USR5463 Firmware '/cgi-bin/setup_ddns.exe' Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/40348

Cisco IronPort Desktop Flag Plug-in for Outlook Send Secure Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40061

Linux Kernel 'tcp_rcv_state_process()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39016

Computer Associates XOsoft Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/39238

dvipng '.dvi' File Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39969

Mono 'EnableViewStateMac' Cross-Site Scripting Weakness
http://www.securityfocus.com/bid/40351

TeX Live DVI Font Data Parsing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39981

TeX Live '.dvi' File Parsing Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39966

TeX Live 'dospecial.c' '.dvi' File Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/39500

memcached Memory Consumption Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39577

Pango Glyph Definition Table Denial of Service Vulnerability
http://www.securityfocus.com/bid/38760

PHP xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38708

Expat Unspecified XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37203

Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36097

GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100

ncpfs Multiple Local Vulnerabilities
http://www.securityfocus.com/bid/38563

GNOME Evolution S/MIME Email Signature Verification Vulnerability
http://www.securityfocus.com/bid/33720

Xen pygrub Local Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/36523

Libpng 'png_decompress_chunk()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/38478

Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958

SolarWinds TFTP Server 'Read' Request (Opcode 0x01) Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40333

Linux Kernel 'sctp_process_unk_param()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39794

Linux Kernel for PowerPC KGDB '_PAGE_USER' Test Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39798

Linux Kernel 'find_keyring_by_name()' Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39719

Linux Kernel GFS/GFS2 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39101

Linux Kernel 'tipc' Module Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39120

Linux Kernel Bluetooth Sysfs File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38898

Linux Kernel TSB I-TLB Load Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38393

Linux Kernel USB interface Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39042

Linux Kernel NFS Automount 'symlinks' Denial of Service Vulnerability
http://www.securityfocus.com/bid/39044

Linux Kernel VM/VFS 'invalidatepage()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39569

Linux Kernel 'release_one_tty()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39480

Linux Kernel 'dvb_net_ule()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38479

Linux Kernel RTL8169 NIC 'RxMaxSize' Frame Size Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37521

MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40235

Python 'audioop' Module Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40370

HLstatsX CE 'hlstats.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40368

Google Chrome prior to 5.0.375.55 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/40367

Open&Compact FTP Server Multiple Command Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/40366

Python 'rgbimg' RLE Decoder Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/40365

Python 'rgbimg' Module 'rv' Array Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40363

Python 'rgbimg' Module ZSIZE Value Buffer Underflow Vulnerability
http://www.securityfocus.com/bid/40361

Linux Kernel GFS2 File Attribute Security Bypass Vulnerability
http://www.securityfocus.com/bid/40356

ManageEngine ADManager Plus 'computerName' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40355

BigACE Cross Site Request Forgery and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/40354

Webby HTTP GET Request Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40353

NITRO Web Gallery 'PictureId' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/40350

WebAsyst Shop-Script 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40349