制御システムセキュリティの信頼性とセキュリティへの取組み強化への提言 ~「制御システムセキュリティの推進施策に関する調査報告書」の公開~
http://www.ipa.go.jp/security/fy21/reports/ics_sec/index.html
セミナー開催のお知らせ 「情報セキュリティ対策の自動化 SCAP」
http://www.ipa.go.jp/security/vuln/seminar/lab_semi_scap_2010.html
+ Courier-IMAP 4.8.0 released
http://www.courier-mta.org/download.php#imap
http://www.courier-mta.org/imap/changelog.html
+ GNU Glibc mntent Newline Processing Error Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/May/1024043.html
- VMSA-2010-0009 ESXi utilities and ESX Service Console third party updates
http://lists.vmware.com/pipermail/security-announce/2010/000093.html
UPDATE: MS10-020 - 緊急: SMB クライアントの脆弱性により、リモートでコードが実行される (980232)
http://www.microsoft.com/japan/technet/security/bulletin/MS10-020.mspx
Firefox 3.6.4 release candidate available for download and testing
http://developer.mozilla.org/devnews/index.php/2010/05/28/firefox-3-6-4-release-candidate-available-for-download-and-testing/
Squid 3.1.4 released
http://www.squid-cache.org/Versions/v3/3.1/RELEASENOTES.html
Linux Kernel release: 2.6.35-rc1
http://www.linux.org/news/2010/05/30/0001.html
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.35-rc1
Samba Team Blog #4
Web sites, Conferences and Coding
http://news.samba.org/
DBI-1.611_90 DEVELOPER RELEASE
http://search.cpan.org/~timb/DBI-1.611_90/
Groones Simple Contact Form (abspath) Remote File Inclusion Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00282.html
SQL injection vulnerability in ImpressPages CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00280.html
SQL injection vulnerability in ImpressPages CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00279.html
SQL injection vulnerability in ImpressPages CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00283.html
Re[2]: DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00277.html
CVE-2010-2020: FreeBSD kernel NFS client local vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00273.html
Administrivia: Real domain names in PoC/exploit examples
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00272.html
[Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00266.html
SQL injection in OSCommerce Add-On Visitor Web Stats
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00270.html
VMSA-2010-0009 ESXi ntp and ESX Service Console third party updates
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00269.html
[USN-945-1] ClamAV vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00268.html
Independent Researcher : SQL injection in OSCommerce Add-On Visitor Web Stats
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32726
MustLive : DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32724
VMware : ESXi ntp and ESX Service Console third party updates
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32723
ウイルス対策ソフト「Security Essentials」をかたる偽ソフト出現
偽警告でユーザーをだます、別のウイルスをダウンロードする機能も
http://itpro.nikkeibp.co.jp/article/NEWS/20100531/348636/?ST=security
JVNDB-2010-001476 Adobe Shockwave Player における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001476.html
JVNDB-2010-001475 Adobe Shockwave Player における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001475.html
JVNDB-2010-001474 Adobe Shockwave Player および Adobe Director における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001474.html
JVNDB-2010-001473 Adobe Shockwave Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001473.html
JVNDB-2010-001472 複数の Microsoft 製品の VBE6.DLL における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001472.html
JVNDB-2010-001471 複数の Microsoft 製品の inetcomm.dll における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001471.html
JVNDB-2009-002541 複数の日立製品におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002541.html
VMware ESX/ESXi Updates
http://isc.sans.org/diary.html?storyid=8872
How Do I Report Malicious Websites? Part 3
http://isc.sans.org/diary.html?storyid=8875
Rogue AV Indictment
http://isc.sans.org/diary.html?storyid=8869
Wireshark SMB file extraction plug-in
http://isc.sans.org/diary.html?storyid=8866
VMware vMA ISC BIND DNSSEC CNAME / DNAME and NXDOMAIN Cache Poisoning
http://secunia.com/advisories/39978/
VMware ESX gzip "unlzw()" Integer Underflow Vulnerability
http://secunia.com/advisories/39975/
VMware vMA Multiple krb5 Vulnerabilities
http://secunia.com/advisories/39977/
VMware vMA kernel Multiple Vulnerabilities
http://secunia.com/advisories/39920/
VMware ESXi update for ntp
http://secunia.com/advisories/39971/
VMware ESXi ntp Mode 7 Request Denial of Service
http://secunia.com/advisories/39972/
VMware ESX Multiple krb5 Vulnerabilities
http://secunia.com/advisories/39973/
VMware ESX GCC libtool Search Path Privilege Escalation Security Issue
http://secunia.com/advisories/39974/
VMware vMA OpenSSL "CRYPTO_free_all_ex_data()" Memory Leak Vulnerability
http://secunia.com/advisories/39976/
VMware vMA GCC libtool Search Path Privilege Escalation Security Issue
http://secunia.com/advisories/39979/
VMware vMA gzip "unlzw()" Integer Underflow Vulnerability
http://secunia.com/advisories/39980/
VMware vMA sudo Privilege Escalation Security Issues
http://secunia.com/advisories/39981/
MediaWiki Cross-Site Scripting and Cross-Site Request Forgery
http://secunia.com/advisories/39922/
Joomla Medi-QnA Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/39965/
Ubuntu update for clamav
http://secunia.com/advisories/39910/
Heimdal GSS-API and kdc NULL Pointer Dereferences Denial of Service
http://secunia.com/advisories/39953/
Core FTP Server / SFTP Server Directory Traversal Vulnerability
http://secunia.com/advisories/39921/
GNU Glibc ELF Header Validation Flaw Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/May/1024044.html
MySQL COM_FIELD_LIST Packet Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/May/1024033.html
MySQL Large Packet Processing Flaw in my_net_skip_rest() Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/May/1024032.html
MySQL COM_FIELD_LIST Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/May/1024031.html
GnuTLS Invalid Hash Algorithm Null Pointer Dereference Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/May/1024020.html
Adobe Photoshop CS4 Extended 11.0 ASL File Handling Remote Buffer Overflow PoC
http://securityreason.com/securityalert/7462
Microsoft Outlook Web Access (OWA) v8.2.254.0 Information Disclosure
http://securityreason.com/securityalert/7461
Orbit Downloader metalink "name" Directory Traversal
http://securityreason.com/securityalert/7460
Multiplatform View State Tampering Vulnerabilities
http://securityreason.com/securityalert/7459
RhinoSoft.com Serv-U 9.0.0.5 WebClient Remote Buffer Overflow
http://securityreason.com/securityalert/7458
Joomla Component com_konsultasi (sid) SQL Injection Vulnerability
http://securityreason.com/securityalert/7457
Joomla Component MS Comment 0.8.0 LFI Vulnerability
http://securityreason.com/securityalert/7456
DBCart (article.php) SQL Injection Vulnerability
http://securityreason.com/securityalert/7455
Joomla Component ActiveHelper LiveHelp 2.0.3 XSS Vulnerabilities
http://securityreason.com/securityalert/7454
Joomla Component FDione Form Wizard lfi vulnerability
http://securityreason.com/securityalert/7453
magnoware datatrack_system 3.5.8019.4 multiple vulns
http://securityreason.com/securityalert/7452
ECShop Search.php 2.7.2 SQL Injection Exploit
http://securityreason.com/securityalert/7451
Nginx 0.8.35 Space Character Remote Source Disclosure
http://www.exploit-db.com/exploits/12810
nginx [engine x] http server <= 0.6.36 Path Draversal http://www.exploit-db.com/exploits/12804
IP2location.dll v1.0.0.1 Function Initialize() Buffer Overflow
http://www.exploit-db.com/exploits/12803
FreeBSD Security Update Fixes nfsclient Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2010/1261
FreeBSD Security Update Fixes OPIE Off-by-one Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1260
OPIE "__opiereadrec()" Function Off-by-one Stack Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1259
Mandriva Security Update Fixes ClamAV Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/1258
Mandriva Security Update Fixes GTK+ Screensaver Bypass Weakness
http://www.vupen.com/english/advisories/2010/1257
Ubuntu Security Update Fixes ClamAV Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/1256
POE-Component-IRC '\r' Command Injection Vulnerability
http://www.securityfocus.com/bid/40114
Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
http://www.securityfocus.com/bid/39538
Core FTP Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/40422
Home FTP Server 'SITE INDEX' Command Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37033
nginx Directory Traversal Vulnerability
http://www.securityfocus.com/bid/40420
Ghostscript './Encoding/' Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40369
Home FTP Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/40419
GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37128
GNU gzip LZW Compression Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37886
GNU Tar and GNU Cpio Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38628
ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37865
ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118
MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities
http://www.securityfocus.com/bid/37749
pam_krb5 Existing/Non-Existing Username Enumeration Weakness
http://www.securityfocus.com/bid/35112
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/34256
OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31692
OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35174
OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35417
OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35138
OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/35001
Linux Kernel 2.4 and 2.6 Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36304
Linux e1000e Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/37523
Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/26943
Linux Kernel '/drivers/net/r8169.c' Out-of-IOMMU Error Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36706
Linux Kernel Do_Coredump Security Bypass Vulnerability
http://www.securityfocus.com/bid/21591
Red Hat Linux Kernel 'qla2xxx' DriverSecurity Bypass Vulnerability
http://www.securityfocus.com/bid/37876
Linux Kernel 'drivers/firewire/ohci.c' NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/37339
Linux kernel 'O_EXCL' NFSv4 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36472
Linux e1000 Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/37519
Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37068
Linux Kernel 'megaraid_sas' Driver Insecure File Permission Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37019
Red Hat Linux Kernel Routing Implementation Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/37875
NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37255
Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36936
Linux Kernel 64-bit Kernel Register Memory Leak Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36576
Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36639
Linux Kernel with SELinux 'mmap_min_addr' Low Memory NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36051
Linux Kernel 'fasync_helper()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37806
Linux Kernel RTL8169 NIC 'RxMaxSize' Frame Size Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37521
Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/36824
Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36901
Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723
Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36827
Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37069
MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40235
ImpressPages CMS 'admin.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/40431
My Car component for Joomla! Cross-Site Scripting and SQL-Injection Vulnerabilities
http://www.securityfocus.com/bid/40430
Reservations Joomla! Component 'namser' Parameter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/40429
VLC Media Player Multiple Media File Formats Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40428
Ghostscript Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/40426
osCommerce Visitor Web Stats Add-On 'Accept-Language' Header SQL Injection Vulnerability
http://www.securityfocus.com/bid/40425
MediaWiki CSS Input Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40423
Toronja CMS Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/40421
2010年5月31日月曜日
2010年5月28日金曜日
28日 金曜日、赤口
サーバメンテナンスのお知らせ(2010年5月29日)
http://www.trendmicro.co.jp/support/news.asp?id=1419
米下院議員がGoogleに質問状、Street View撮影車両のデータ収集問題で
http://itpro.nikkeibp.co.jp/article/NEWS/20100528/348585/?ST=security
Defacements Statistics 2008 - 2009 - 2010 First quarter
http://www.zone-h.org/news/id/4735
+ FreeBSD-SA-10:04.jail: Insufficient environment sanitization in jail(8)
http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc
http://www.securitytracker.com/id?1024038
http://www.vupen.com/english/advisories/2010/1247
http://www.securityfocus.com/bid/40399
+ FreeBSD-SA-10:05.opie: OPIE off-by-one stack overflow
http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
http://secunia.com/advisories/39963/
http://securityreason.com/securityalert/7450
http://www.securitytracker.com/id?1024040
http://www.securityfocus.com/bid/40403
+ FreeBSD-SA-10:06.nfsclient: Unvalidated input in nfsclient
http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc
http://www.securitytracker.com/id?1024039
+- Linux Kernel 'knfsd' 'current->mm' Modifier Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/40377
Thunderbird 3.1 release candidate now available for download
http://www.mozillamessaging.com/en-US/about/press/archive/2010-05-27-01
http://www.mozillamessaging.com/en-US/thunderbird/3.1rc1/releasenotes/
Apache Tomcat Track at ApacheCon North America 2010
http://na.apachecon.com/c/acna2010/
jetty-7.1.3 released
http://svn.codehaus.org/jetty/jetty/branches/jetty-7/VERSION.txt
RHBA-2010:0445-1: nspluginwrapper bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0445.html
RHEA-2010:0444-1: Openswan enhancement update
http://rhn.redhat.com/errata/RHEA-2010-0444.html
RHBA-2010:0446-1: autofs bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0446.html
RHBA-2010:0447-1: gnupg bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0447.html
FreeBSD : jail
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32705
FreeBSD : opie
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32706
FreeBSD : nfsclient
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32707
FreeBSD : opie
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32708
Maksymilian Arciemowicz : libopie __readrec() off-by one (FreeBSD ftpd remote PoC)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32709
Cisco : Multiple Vulnerabilities in Cisco Network Building Mediator
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32704
EMC : EMC Avamar Denial Of Service Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32716
Hewlett-Packard : HP TestDirector for Quality Center running on AIX, Linux and Solaris, Remote Unauthorized Access
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32717
Hewlett-Packard : HP Business Availability Center Running Apache, Remote Cross Site Scripting (XSS), Cross Site Reques
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32718
JVNDB-2010-001470 TeX Live 2009 および teTeX の dvips における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001470.html
JVNDB-2007-001203 teTeX および TeXlive 2007 の hpc.c における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001203.html
JVNDB-2010-001469 dvipng および teTeX の set.c における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001469.html
JVNDB-2010-001363 IBM WebSphere Application Server における KeyRingPassword のパスワード情報が漏えいする脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001363.html
JVNDB-2010-001362 IBM WebSphere Application Server の管理コンソールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001362.html
JVNDB-2010-001361 IBM WebSphere Application Server におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001361.html
JVNDB-2010-001159 Apache HTTP Server の mod_isapi における脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001159.html
JVNDB-2009-001730 IBM WebSphere Application Server (WAS) の Administrative Console コンポーネントにおける WAS セッションの内容を読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001730.html
[ MDVSA-2010:110 ] clamav
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00263.html
[ MDVSA-2010:109 ] gtk+2.0
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00264.html
EUSecWest 2010 MiniCFP (conf Jun 16/17) and PacSec 2010 CFP (conf Nov 10/11, deadline July 30)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00262.html
Cross Site URL Hijacking by using Error Object in Mozilla Firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00261.html
FreeBSD Security Advisory FreeBSD-SA-10:06.nfsclient
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00260.html
FreeBSD Security Advisory FreeBSD-SA-10:05.opie
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00259.html
FreeBSD Security Advisory FreeBSD-SA-10:04.jail
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00258.html
Static analysis tool exposition (SATE) 2010 Call for participation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00255.html
Sasfis Propagation
http://isc.sans.org/diary.html?storyid=8860
How Do I Report Malicious Websites? Take 2
http://isc.sans.org/diary.html?storyid=8863
Brekeke PBX Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39952/
FreeBSD OPIE "__opiereadrec()" Off-by-One Vulnerability
http://secunia.com/advisories/39963/
OPIE "__opiereadrec()" Off-by-One Vulnerability
http://secunia.com/advisories/39966/
ZoneCheck CGI "ns" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39940/
Pacific Timesheet Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39951/
Cisco Network Building Mediator Products Multiple Vulnerabilities
http://secunia.com/advisories/39904/
MultiShop CMS SQL Injection Vulnerabilities
http://secunia.com/advisories/39958/
Drupal AddonChat Module Security Bypass and Script Insertion Vulnerabilities
http://secunia.com/advisories/39969/
Home FTP Server Web Interface Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39950/
Drupal Scheduler Module Script Insertion Vulnerability
http://secunia.com/advisories/39947/
Fedora update for libprelude
http://secunia.com/advisories/39968/
libprelude libtool Search Path Privilege Escalation Security Issue
http://secunia.com/advisories/39924/
EMC Avamar TCP Packet Processing Denial of Service
http://secunia.com/advisories/39919/
Mozilla Firefox Error Handling Information Disclosure Vulnerability
http://secunia.com/advisories/39925/
Adobe Photoshop CS4 Multiple Vulnerabilities
http://secunia.com/advisories/39934/
Red Hat update for mysql
http://secunia.com/advisories/39915/
Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/39882/
Fedora update for kdenetwork
http://secunia.com/advisories/39917/
libopie __readrec() off-by one (FreeBSD ftpd remote PoC)
http://securityreason.com/securityalert/7450
Adobe Photoshop ASL, ABR, and GRD File Processing Flaws Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/May/1024042.html
OPIE Off-by-One Buffer Overflow Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/May/1024040.html
FreeBSD Parameter Validation Flaw in nfsclient Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/May/1024039.html
FreeBSD jail() Lets Local Users Access Restricted Files
http://securitytracker.com/alerts/2010/May/1024038.html
Google Chrome Multiple Flaws Let Remote Users Spoof URLs, Cause Memory Errors, Bypass the Plugin Blocker Whitelist, and Execute Javascript With Elevated Privileges
http://securitytracker.com/alerts/2010/May/1024037.html
Cisco Network Building Mediator Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/1255
Google Chrome Memory Corruption and Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/1254
EMC Avamar TCP Packets Processing Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1253
Adobe Photoshop CS Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1252
Python "audioop" Module Multiple Integer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/1251
Python "rgbimg" Module Multiple Buffer and Integer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/1250
Redhat Security Update Fixes MySQL Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/1249
Fedora Security Update Fixes KDE KGet Two Vulnerabilities
http://www.vupen.com/english/advisories/2010/1248
FreeBSD Security Update Fixes "jail" Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/1247
Ubuntu Security Update Fixes GNU C Library Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1246
Mandriva Security Update Fixes Kolab Unspecified Vulnerability
http://www.vupen.com/english/advisories/2010/1245
Microsoft Internet Explorer Uninitialized Memory (CVE-2010-0267) Memory Corruption Vulnerability
2010-05-27
http://www.securityfocus.com/bid/39023
ClamAV 'parseicon()' Denial Of Service Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40318
ClamAV 'cli_pdf()' PDF File Processing Denial Of Service Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40317
gnome-screensaver Unlock Dialog Race Condition Lock Bypass Vulnerability
2010-05-27
http://www.securityfocus.com/bid/38211
Ghostscript './Encoding/' Search Path Local Privilege Escalation Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40369
GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
2010-05-27
http://www.securityfocus.com/bid/37128
BackLinkSpider Multiple Cross Site Scripting Vulnerabilities
2010-05-27
http://www.securityfocus.com/bid/40400
Medi-QnA Joomla! Component 'controller' Parameter Local File Include Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40412
FreeBSD OPIE '__opiereadrec()' Off By One Heap Memory Corruption Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40403
Mozilla Firefox Error Handling Information Disclosure Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40401
FreeBSD jail(8) Local Security Bypass Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40399
BackLinkSpider 'cat_id' Parameter SQL Injection Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40398
KDE KGet Security Bypass and Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/40141
Adobe Photoshop Multiple File Types Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/40389
IBM Communications Server for AIX Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40372
Oracle MySQL DROP TABLE MyISAM Symbolic Link Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/40257
Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40106
Oracle MySQL 'COM_FIELD_LIST' Command Packet Security Bypass Vulnerability
http://www.securityfocus.com/bid/40109
HP OpenView Network Node Manager 'getnnmdata.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40070
HP OpenView Network Node Manager 'getnnmdata.exe' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40071
Kolab Groupware Server Image Upload Form Unspecified Vulnerability
http://www.securityfocus.com/bid/37465
Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/26838
Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/27234
Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/30560
Apache 'mod_proxy_balancer' Multiple Vulnerabilities
http://www.securityfocus.com/bid/27236
Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/27237
Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
http://www.securityfocus.com/bid/29653
Brekeke PBX 'pbx/gate' Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/40407
Home FTP Server Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/40405
ZoneCheck 'zc.cgi' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40404
MultiShopCMS Multi Vendor Mall Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/40402
Drupal AddonChat Module Privilege Escalation and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/40393
Drupal Scheduler Module Description HTML Injection Vulnerability
http://www.securityfocus.com/bid/40392
EMC Avamar 'gsan' Service Denial of Service Vulnerability
http://www.securityfocus.com/bid/40390
Multi Shop CMS 'pages.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40388
Cisco Network Building Mediator CVE-2010-0597 Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40386
Cisco Network Building Mediator XML RPC Communication Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40385
Cisco Network Building Mediator System Configuration File Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40384
Cisco Network Building Mediator CVE-2010-0596 Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40383
Cisco Network Building Mediator HTTP Communication Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40382
md5 Encryption Decryption PHP Script 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40381
Cisco Network Building Mediator Default Credentials Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/40380
Linux Kernel 'knfsd' 'current->mm' Modifier Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/40377
http://www.trendmicro.co.jp/support/news.asp?id=1419
米下院議員がGoogleに質問状、Street View撮影車両のデータ収集問題で
http://itpro.nikkeibp.co.jp/article/NEWS/20100528/348585/?ST=security
Defacements Statistics 2008 - 2009 - 2010 First quarter
http://www.zone-h.org/news/id/4735
+ FreeBSD-SA-10:04.jail: Insufficient environment sanitization in jail(8)
http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc
http://www.securitytracker.com/id?1024038
http://www.vupen.com/english/advisories/2010/1247
http://www.securityfocus.com/bid/40399
+ FreeBSD-SA-10:05.opie: OPIE off-by-one stack overflow
http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
http://secunia.com/advisories/39963/
http://securityreason.com/securityalert/7450
http://www.securitytracker.com/id?1024040
http://www.securityfocus.com/bid/40403
+ FreeBSD-SA-10:06.nfsclient: Unvalidated input in nfsclient
http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc
http://www.securitytracker.com/id?1024039
+- Linux Kernel 'knfsd' 'current->mm' Modifier Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/40377
Thunderbird 3.1 release candidate now available for download
http://www.mozillamessaging.com/en-US/about/press/archive/2010-05-27-01
http://www.mozillamessaging.com/en-US/thunderbird/3.1rc1/releasenotes/
Apache Tomcat Track at ApacheCon North America 2010
http://na.apachecon.com/c/acna2010/
jetty-7.1.3 released
http://svn.codehaus.org/jetty/jetty/branches/jetty-7/VERSION.txt
RHBA-2010:0445-1: nspluginwrapper bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0445.html
RHEA-2010:0444-1: Openswan enhancement update
http://rhn.redhat.com/errata/RHEA-2010-0444.html
RHBA-2010:0446-1: autofs bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0446.html
RHBA-2010:0447-1: gnupg bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0447.html
FreeBSD : jail
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32705
FreeBSD : opie
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32706
FreeBSD : nfsclient
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32707
FreeBSD : opie
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32708
Maksymilian Arciemowicz : libopie __readrec() off-by one (FreeBSD ftpd remote PoC)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32709
Cisco : Multiple Vulnerabilities in Cisco Network Building Mediator
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32704
EMC : EMC Avamar Denial Of Service Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32716
Hewlett-Packard : HP TestDirector for Quality Center running on AIX, Linux and Solaris, Remote Unauthorized Access
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32717
Hewlett-Packard : HP Business Availability Center Running Apache, Remote Cross Site Scripting (XSS), Cross Site Reques
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32718
JVNDB-2010-001470 TeX Live 2009 および teTeX の dvips における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001470.html
JVNDB-2007-001203 teTeX および TeXlive 2007 の hpc.c における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001203.html
JVNDB-2010-001469 dvipng および teTeX の set.c における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001469.html
JVNDB-2010-001363 IBM WebSphere Application Server における KeyRingPassword のパスワード情報が漏えいする脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001363.html
JVNDB-2010-001362 IBM WebSphere Application Server の管理コンソールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001362.html
JVNDB-2010-001361 IBM WebSphere Application Server におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001361.html
JVNDB-2010-001159 Apache HTTP Server の mod_isapi における脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001159.html
JVNDB-2009-001730 IBM WebSphere Application Server (WAS) の Administrative Console コンポーネントにおける WAS セッションの内容を読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001730.html
[ MDVSA-2010:110 ] clamav
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00263.html
[ MDVSA-2010:109 ] gtk+2.0
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00264.html
EUSecWest 2010 MiniCFP (conf Jun 16/17) and PacSec 2010 CFP (conf Nov 10/11, deadline July 30)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00262.html
Cross Site URL Hijacking by using Error Object in Mozilla Firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00261.html
FreeBSD Security Advisory FreeBSD-SA-10:06.nfsclient
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00260.html
FreeBSD Security Advisory FreeBSD-SA-10:05.opie
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00259.html
FreeBSD Security Advisory FreeBSD-SA-10:04.jail
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00258.html
Static analysis tool exposition (SATE) 2010 Call for participation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00255.html
Sasfis Propagation
http://isc.sans.org/diary.html?storyid=8860
How Do I Report Malicious Websites? Take 2
http://isc.sans.org/diary.html?storyid=8863
Brekeke PBX Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39952/
FreeBSD OPIE "__opiereadrec()" Off-by-One Vulnerability
http://secunia.com/advisories/39963/
OPIE "__opiereadrec()" Off-by-One Vulnerability
http://secunia.com/advisories/39966/
ZoneCheck CGI "ns" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39940/
Pacific Timesheet Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39951/
Cisco Network Building Mediator Products Multiple Vulnerabilities
http://secunia.com/advisories/39904/
MultiShop CMS SQL Injection Vulnerabilities
http://secunia.com/advisories/39958/
Drupal AddonChat Module Security Bypass and Script Insertion Vulnerabilities
http://secunia.com/advisories/39969/
Home FTP Server Web Interface Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39950/
Drupal Scheduler Module Script Insertion Vulnerability
http://secunia.com/advisories/39947/
Fedora update for libprelude
http://secunia.com/advisories/39968/
libprelude libtool Search Path Privilege Escalation Security Issue
http://secunia.com/advisories/39924/
EMC Avamar TCP Packet Processing Denial of Service
http://secunia.com/advisories/39919/
Mozilla Firefox Error Handling Information Disclosure Vulnerability
http://secunia.com/advisories/39925/
Adobe Photoshop CS4 Multiple Vulnerabilities
http://secunia.com/advisories/39934/
Red Hat update for mysql
http://secunia.com/advisories/39915/
Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/39882/
Fedora update for kdenetwork
http://secunia.com/advisories/39917/
libopie __readrec() off-by one (FreeBSD ftpd remote PoC)
http://securityreason.com/securityalert/7450
Adobe Photoshop ASL, ABR, and GRD File Processing Flaws Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/May/1024042.html
OPIE Off-by-One Buffer Overflow Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/May/1024040.html
FreeBSD Parameter Validation Flaw in nfsclient Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/May/1024039.html
FreeBSD jail() Lets Local Users Access Restricted Files
http://securitytracker.com/alerts/2010/May/1024038.html
Google Chrome Multiple Flaws Let Remote Users Spoof URLs, Cause Memory Errors, Bypass the Plugin Blocker Whitelist, and Execute Javascript With Elevated Privileges
http://securitytracker.com/alerts/2010/May/1024037.html
Cisco Network Building Mediator Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/1255
Google Chrome Memory Corruption and Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/1254
EMC Avamar TCP Packets Processing Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1253
Adobe Photoshop CS Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1252
Python "audioop" Module Multiple Integer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/1251
Python "rgbimg" Module Multiple Buffer and Integer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/1250
Redhat Security Update Fixes MySQL Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/1249
Fedora Security Update Fixes KDE KGet Two Vulnerabilities
http://www.vupen.com/english/advisories/2010/1248
FreeBSD Security Update Fixes "jail" Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/1247
Ubuntu Security Update Fixes GNU C Library Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1246
Mandriva Security Update Fixes Kolab Unspecified Vulnerability
http://www.vupen.com/english/advisories/2010/1245
Microsoft Internet Explorer Uninitialized Memory (CVE-2010-0267) Memory Corruption Vulnerability
2010-05-27
http://www.securityfocus.com/bid/39023
ClamAV 'parseicon()' Denial Of Service Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40318
ClamAV 'cli_pdf()' PDF File Processing Denial Of Service Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40317
gnome-screensaver Unlock Dialog Race Condition Lock Bypass Vulnerability
2010-05-27
http://www.securityfocus.com/bid/38211
Ghostscript './Encoding/' Search Path Local Privilege Escalation Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40369
GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
2010-05-27
http://www.securityfocus.com/bid/37128
BackLinkSpider Multiple Cross Site Scripting Vulnerabilities
2010-05-27
http://www.securityfocus.com/bid/40400
Medi-QnA Joomla! Component 'controller' Parameter Local File Include Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40412
FreeBSD OPIE '__opiereadrec()' Off By One Heap Memory Corruption Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40403
Mozilla Firefox Error Handling Information Disclosure Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40401
FreeBSD jail(8) Local Security Bypass Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40399
BackLinkSpider 'cat_id' Parameter SQL Injection Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40398
KDE KGet Security Bypass and Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/40141
Adobe Photoshop Multiple File Types Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/40389
IBM Communications Server for AIX Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40372
Oracle MySQL DROP TABLE MyISAM Symbolic Link Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/40257
Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40106
Oracle MySQL 'COM_FIELD_LIST' Command Packet Security Bypass Vulnerability
http://www.securityfocus.com/bid/40109
HP OpenView Network Node Manager 'getnnmdata.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40070
HP OpenView Network Node Manager 'getnnmdata.exe' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40071
Kolab Groupware Server Image Upload Form Unspecified Vulnerability
http://www.securityfocus.com/bid/37465
Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/26838
Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/27234
Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/30560
Apache 'mod_proxy_balancer' Multiple Vulnerabilities
http://www.securityfocus.com/bid/27236
Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/27237
Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
http://www.securityfocus.com/bid/29653
Brekeke PBX 'pbx/gate' Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/40407
Home FTP Server Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/40405
ZoneCheck 'zc.cgi' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40404
MultiShopCMS Multi Vendor Mall Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/40402
Drupal AddonChat Module Privilege Escalation and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/40393
Drupal Scheduler Module Description HTML Injection Vulnerability
http://www.securityfocus.com/bid/40392
EMC Avamar 'gsan' Service Denial of Service Vulnerability
http://www.securityfocus.com/bid/40390
Multi Shop CMS 'pages.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40388
Cisco Network Building Mediator CVE-2010-0597 Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40386
Cisco Network Building Mediator XML RPC Communication Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40385
Cisco Network Building Mediator System Configuration File Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40384
Cisco Network Building Mediator CVE-2010-0596 Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40383
Cisco Network Building Mediator HTTP Communication Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40382
md5 Encryption Decryption PHP Script 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40381
Cisco Network Building Mediator Default Credentials Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/40380
Linux Kernel 'knfsd' 'current->mm' Modifier Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/40377
2010年5月27日木曜日
27日 木曜日、大安
+ FreeBSD-SA-10:04.jail: Insufficient environment sanitization in jail(8)
http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc
+ FreeBSD-SA-10:05.opie: OPIE off-by-one stack overflow
http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
+ FreeBSD-SA-10:06.nfsclient: Unvalidated input in nfsclient
http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc
Microsoft Security Bulletin MS10-020 - Critical: Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232) Version: 1.1
http://www.microsoft.com/technet/security/bulletin/MS10-020.mspx?pubDate=2010-05-26
Fedora 13: Rock It!
http://docs.fedoraproject.org/ja-JP/Fedora/13/html/Release_Notes/index.html
VMware Player 3.1 released
http://www.vmware.com/support/player31/doc/releasenotes_player31.html
Linux Kernel release: 2.6.33.5
http://www.linux.org/news/2010/05/26/0003.html
Linux Kernel release: 2.6.32.14
http://www.linux.org/news/2010/05/26/0002.html
Linux Kernel release: 2.6.27.47
http://www.linux.org/news/2010/05/26/0001.html
「Trend Micro InterScan WebManager SCC」サポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1415
Google、Web解析サービスのプライバシー保護機能を強化
http://itpro.nikkeibp.co.jp/article/NEWS/20100527/348541/?ST=security
Facebook、新たなプライバシー設定を実装開始
http://itpro.nikkeibp.co.jp/article/NEWS/20100527/348540/?ST=security
EMC Avamar Unspecified Flaw in gsan Service Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/May/1024036.html
+ Linux kernel 2.6.33.5, 2.6.32.14, 2.6.27.47 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33.5
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.14
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.47
+ RHSA-2010:0442-1: Important: mysql security update
http://rhn.redhat.com/errata/RHSA-2010-0442.html
+ HS10-010: Cosminexusにおける画像処理やTLS/SSL通信の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-010/index.html
+ MOPS-2010-041: PHP strip_tags() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/26/mops-2010-041-php-strip_tags-interruption-information-leak-vulnerability/index.html
+ MOPS-2010-042: PHP setcookie() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/26/mops-2010-042-php-setcookie-interruption-information-leak-vulnerability/index.html
+ MOPS-2010-043: PHP strtok() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/26/mops-2010-043-php-strtok-interruption-information-leak-vulnerability/index.html
+ MOPS-2010-044: PHP wordwrap() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/26/mops-2010-044-php-wordwrap-interruption-information-leak-vulnerability/index.html
+ MOPS-2010-045: PHP str_word_count() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/26/mops-2010-045-php-str_word_count-interruption-information-leak-vulnerability/index.html
+ MOPS-2010-046: PHP str_pad() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/26/mops-2010-046-php-str_pad-interruption-information-leak-vulnerability/index.html
+? Firefox, Internet Explorer, Chrome, Opera and other browsers DoS vulnerabilities
http://securityreason.com/securityalert/7425
- NetVault Backup 8.5.1 released
http://www.bakbone.co.jp/products/nvbu851.html
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Network Building Mediator
http://www.cisco.com/warp/public/707/cisco-sa-20100526-mediator.shtml
Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Network Building Mediator
http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b2dd05.html
APSB10-13: Security update available for Adobe Photoshop CS4
http://www.adobe.com/support/security/bulletins/apsb10-13.html
ALERT WEEKLY SUMMARY REPORT
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275470-1
ウイルス検索エンジン VSAPI 9.120 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1384
UPDATE: HS09-019: Buffer Overflow Vulnerability in Cosminexus, Processing Kit for XML, and Hitachi Developer's Kit for Java
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-019/index.html
HS10-012: CA ARCserve Replicationに関するセキュリティ問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-012/index.html
HS10-011: Groupmax World Wide Web Desktopにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-011/index.html
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Network Building Mediator
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00252.html
[ MDVSA-2010:108 ] kolab-horde-framework
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00248.html
[ MDVSA-2010:108 ] kolab-horde-framework
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00250.html
ESA-2010-007: EMC Avamar Denial Of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00251.html
[security bulletin] HPSBMA02442 SSRT090108 rev.1 - HP Business Availability Center Running Apach
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00249.html
=?us-ascii?Q?Cyberoam_SSL_VPN_Client_-_Plain-text_Storage_of_Username_and?= =?us-asc
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00246.html
CfP: GameSec 2010 - 5 days left to the deadline
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00244.html
[Suspected Spam][USN-944-1] GNU C Library vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00241.html
[ MDVSA-2010:107 ] mysql
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00240.html
Flock web browser v2.5.6 (Remote Memory Corrupt) Crash Exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00239.html
XSS vulnerability in RuubikCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00235.html
SQL injection vulnerability in 360 Web Manager
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00238.html
XSS vulnerability in GetSimple CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00234.html
XSS vulnerability in razorCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00233.html
XSS vulnerability in 360 Web Manager
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00237.html
SQL injection vulnerability in 360 Web Manager
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00236.html
Informatica64 : Bypassing Google Chrome 4 Javascript Filter
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32690
フィッシング詐欺の新手口――「開いているタブが偽サイトに」
研究者がデモを公開、バックグラウンドでタブの内容を変更
http://itpro.nikkeibp.co.jp/article/NEWS/20100527/348511/?ST=security
JPCERT/CC WEEKLY REPORT 2010-05-26
http://www.jpcert.or.jp/wr/2010/wr101901.html
JVNDB-2010-001468 TeX Live 2009 および teTeX の dvipsk/dospecial.c における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001468.html
JVNDB-2010-001467 TeX Live および teTeX の predospecial 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001467.html
JVNDB-2010-001466 RHEL の MMIO 命令デコーダにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001466.html
JVNDB-2010-001465 Linux kernel の drivers/connector/connector.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001465.html
JVNDB-2010-001464 Adobe Photoshop CS4 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001464.html
JVNDB-2010-001463 Microsoft SharePoint Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001463.html
JVNDB-2009-002263 Xpdf および Poppler の ImageStream::ImageStream 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002263.html
JVNDB-2009-002262 Xpdf および Poppler の ObjectStream::ObjectStream 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002262.html
JVNDB-2009-001734 CUPS の pdftops フィルタにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001734.html
JVNDB-2009-001285 Xpdf および CUPS におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001285.html
JVNDB-2009-001267 JBIG2 MMR デコーダにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001267.html
JVNDB-2009-001266 JBIG2 MMR デコーダにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001266.html
JVNDB-2009-001265 JBIG2 デコーダにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001265.html
JVNDB-2009-001264 JBIG2 デコーダにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001264.html
JVNDB-2009-001263 JBIG2 デコーダにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001263.html
JVNDB-2009-001262 JBIG2 デコーダにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001262.html
JVNDB-2009-001261 JBIG2 デコーダにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001261.html
Malware modularization and AV detection evasion
http://isc.sans.org/diary.html?storyid=8857
Cisco Network Building Mediator Lets Remote Users Login and Remote Authenticated Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/May/1024027.html
HP TestDirector for Quality Center Lets Remote Users Gain Unauthorized Access
http://securitytracker.com/alerts/2010/May/1024025.html
CuteSITE CMS Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39864/
razorCMS "content" Script Insertion Vulnerability
http://secunia.com/advisories/39961/
Specialized Data Systems Parent Connect SQL Injection Vulnerabilities
http://secunia.com/advisories/39905/
Ubuntu update for glibc and eglibc
http://secunia.com/advisories/39900/
HP Business Availability Center Multiple Vulnerabilities
http://secunia.com/advisories/39944/
IBM Communications Server for AIX APPC Denial of Service
http://secunia.com/advisories/39909/
HP TestDirector for Quality Center Unspecified Unauthorised Access Vulnerability
http://secunia.com/advisories/39943/
Python audioop Module Integer Overflow Vulnerabilities
http://secunia.com/advisories/39937/
SUSE update for Multiple Packages
http://secunia.com/advisories/39967/
Fedora update for html2ps
http://secunia.com/advisories/39957/
Fedora update for cacti
http://secunia.com/advisories/39954/
Fedora update for openssl
http://secunia.com/advisories/39956/
Joomla Component Percha Gallery 1.6 Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7449
Joomla Component Percha Fields Attach 1.0 Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7448
Shopzilla Affiliate search.php cross-site scripting
http://securityreason.com/securityalert/7447
PHP-Calendar "description" and "lastaction" Cross Site Scripting Vulnerabilities
http://securityreason.com/securityalert/7446
gpEasy <= 1.6.1 CSRF Remote Add Admin Exploit http://securityreason.com/securityalert/7445
Joomla Component Percha Downloads Attach 1.1 Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7444
gpEasy CMS XSS vulnerability
http://securityreason.com/securityalert/7443
Joomla Component Percha Image Attach 1.1 Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7442
The iceberg 'Content Management System' SQL Injection Vulnerability
http://securityreason.com/securityalert/7441
Caucho Technology Resin digest.php Cross Site Scripting Vulnerability
http://securityreason.com/securityalert/7440
LiSK CMS XSS vulnerability
http://securityreason.com/securityalert/7439
Lokomedia CMS Two Vulnerabilities
http://securityreason.com/securityalert/7438
Mathematica on Linux /tmp/MathLink vulnerability
http://securityreason.com/securityalert/7437
Lokomedia CMS (sukaCMS) Local File Disclosure Vulnerability
http://securityreason.com/securityalert/7436
Joomla Component Percha Categories 0.6 Tree Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7435
Advanced Poll 2.08 XSS vulnerability
http://securityreason.com/securityalert/7434
DataLife Engine 8.3 RFI Vulnerability
http://securityreason.com/securityalert/7433
LetoDMS (MyDMS) Local file inclusion/execution and multiple CSRF
http://securityreason.com/securityalert/7432
BS.Player v2.51 build 1022 (Media Library) Remote Buffer Overflow Vulnerability
http://securityreason.com/securityalert/7431
MigasCMS 1.0 SQL Injection
http://securityreason.com/securityalert/7430
Opencatalogue 1.024 Local File Include Vulnerability
http://securityreason.com/securityalert/7429
Saurus CMS 4.7.0 cross site scripting
http://securityreason.com/securityalert/7428
TomatoCMS Script Insertion Vulnerabilities
http://securityreason.com/securityalert/7427
TomatoCMS "q" SQL Injection Vulnerability
http://securityreason.com/securityalert/7426
Firefox, Internet Explorer, Chrome, Opera and other browsers DoS vulnerabilities
http://securityreason.com/securityalert/7425
Joomla Component redTWITTER Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7424
IBM Communications Server for AIX APPC Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1244
HP Business Availability Center Multiple Apache Vulnerabilities
http://www.vupen.com/english/advisories/2010/1243
HP TestDirector for Quality Center Unauthorized Access Vulnerability
http://www.vupen.com/english/advisories/2010/1242
TELE DATA Contact Management Server Directory Traversal Issue
http://www.vupen.com/english/advisories/2010/1241
Zabbix "nav_time" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1240
McAfee Email Gateway Web Access Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/1239
Sun Solaris FTP Server Long Command Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1238
Fedora Security Update Fixes OpenSSL Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1237
Fedora Security Update Fixes html2ps Arbitrary File Disclosure Issue
http://www.vupen.com/english/advisories/2010/1236
Fedora Security Update Fixes Cacti Multiple Input Validation Vulnerabilities
http://www.vupen.com/english/advisories/2010/1235
Redhat Security Update Fixes OpenSSL Two Vulnerabilities
http://www.vupen.com/english/advisories/2010/1234
Redhat Security Update Fixes Kernel Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1233
SuSE Security Update Fixes Code Execution and Security Bypass
http://www.vupen.com/english/advisories/2010/1232
Mandriva Security Update MySQL Buffer Overflow and Security Bypass
http://www.vupen.com/english/advisories/2010/1231
REMARK: SecurityFocus Web site did not response...
http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc
+ FreeBSD-SA-10:05.opie: OPIE off-by-one stack overflow
http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
+ FreeBSD-SA-10:06.nfsclient: Unvalidated input in nfsclient
http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc
Microsoft Security Bulletin MS10-020 - Critical: Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232) Version: 1.1
http://www.microsoft.com/technet/security/bulletin/MS10-020.mspx?pubDate=2010-05-26
Fedora 13: Rock It!
http://docs.fedoraproject.org/ja-JP/Fedora/13/html/Release_Notes/index.html
VMware Player 3.1 released
http://www.vmware.com/support/player31/doc/releasenotes_player31.html
Linux Kernel release: 2.6.33.5
http://www.linux.org/news/2010/05/26/0003.html
Linux Kernel release: 2.6.32.14
http://www.linux.org/news/2010/05/26/0002.html
Linux Kernel release: 2.6.27.47
http://www.linux.org/news/2010/05/26/0001.html
「Trend Micro InterScan WebManager SCC」サポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1415
Google、Web解析サービスのプライバシー保護機能を強化
http://itpro.nikkeibp.co.jp/article/NEWS/20100527/348541/?ST=security
Facebook、新たなプライバシー設定を実装開始
http://itpro.nikkeibp.co.jp/article/NEWS/20100527/348540/?ST=security
EMC Avamar Unspecified Flaw in gsan Service Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/May/1024036.html
+ Linux kernel 2.6.33.5, 2.6.32.14, 2.6.27.47 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33.5
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.14
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.47
+ RHSA-2010:0442-1: Important: mysql security update
http://rhn.redhat.com/errata/RHSA-2010-0442.html
+ HS10-010: Cosminexusにおける画像処理やTLS/SSL通信の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-010/index.html
+ MOPS-2010-041: PHP strip_tags() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/26/mops-2010-041-php-strip_tags-interruption-information-leak-vulnerability/index.html
+ MOPS-2010-042: PHP setcookie() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/26/mops-2010-042-php-setcookie-interruption-information-leak-vulnerability/index.html
+ MOPS-2010-043: PHP strtok() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/26/mops-2010-043-php-strtok-interruption-information-leak-vulnerability/index.html
+ MOPS-2010-044: PHP wordwrap() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/26/mops-2010-044-php-wordwrap-interruption-information-leak-vulnerability/index.html
+ MOPS-2010-045: PHP str_word_count() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/26/mops-2010-045-php-str_word_count-interruption-information-leak-vulnerability/index.html
+ MOPS-2010-046: PHP str_pad() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/26/mops-2010-046-php-str_pad-interruption-information-leak-vulnerability/index.html
+? Firefox, Internet Explorer, Chrome, Opera and other browsers DoS vulnerabilities
http://securityreason.com/securityalert/7425
- NetVault Backup 8.5.1 released
http://www.bakbone.co.jp/products/nvbu851.html
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Network Building Mediator
http://www.cisco.com/warp/public/707/cisco-sa-20100526-mediator.shtml
Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Network Building Mediator
http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b2dd05.html
APSB10-13: Security update available for Adobe Photoshop CS4
http://www.adobe.com/support/security/bulletins/apsb10-13.html
ALERT WEEKLY SUMMARY REPORT
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275470-1
ウイルス検索エンジン VSAPI 9.120 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1384
UPDATE: HS09-019: Buffer Overflow Vulnerability in Cosminexus, Processing Kit for XML, and Hitachi Developer's Kit for Java
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-019/index.html
HS10-012: CA ARCserve Replicationに関するセキュリティ問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-012/index.html
HS10-011: Groupmax World Wide Web Desktopにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-011/index.html
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Network Building Mediator
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00252.html
[ MDVSA-2010:108 ] kolab-horde-framework
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00248.html
[ MDVSA-2010:108 ] kolab-horde-framework
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00250.html
ESA-2010-007: EMC Avamar Denial Of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00251.html
[security bulletin] HPSBMA02442 SSRT090108 rev.1 - HP Business Availability Center Running Apach
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00249.html
=?us-ascii?Q?Cyberoam_SSL_VPN_Client_-_Plain-text_Storage_of_Username_and?= =?us-asc
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00246.html
CfP: GameSec 2010 - 5 days left to the deadline
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00244.html
[Suspected Spam][USN-944-1] GNU C Library vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00241.html
[ MDVSA-2010:107 ] mysql
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00240.html
Flock web browser v2.5.6 (Remote Memory Corrupt) Crash Exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00239.html
XSS vulnerability in RuubikCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00235.html
SQL injection vulnerability in 360 Web Manager
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00238.html
XSS vulnerability in GetSimple CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00234.html
XSS vulnerability in razorCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00233.html
XSS vulnerability in 360 Web Manager
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00237.html
SQL injection vulnerability in 360 Web Manager
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00236.html
Informatica64 : Bypassing Google Chrome 4 Javascript Filter
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32690
フィッシング詐欺の新手口――「開いているタブが偽サイトに」
研究者がデモを公開、バックグラウンドでタブの内容を変更
http://itpro.nikkeibp.co.jp/article/NEWS/20100527/348511/?ST=security
JPCERT/CC WEEKLY REPORT 2010-05-26
http://www.jpcert.or.jp/wr/2010/wr101901.html
JVNDB-2010-001468 TeX Live 2009 および teTeX の dvipsk/dospecial.c における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001468.html
JVNDB-2010-001467 TeX Live および teTeX の predospecial 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001467.html
JVNDB-2010-001466 RHEL の MMIO 命令デコーダにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001466.html
JVNDB-2010-001465 Linux kernel の drivers/connector/connector.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001465.html
JVNDB-2010-001464 Adobe Photoshop CS4 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001464.html
JVNDB-2010-001463 Microsoft SharePoint Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001463.html
JVNDB-2009-002263 Xpdf および Poppler の ImageStream::ImageStream 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002263.html
JVNDB-2009-002262 Xpdf および Poppler の ObjectStream::ObjectStream 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002262.html
JVNDB-2009-001734 CUPS の pdftops フィルタにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001734.html
JVNDB-2009-001285 Xpdf および CUPS におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001285.html
JVNDB-2009-001267 JBIG2 MMR デコーダにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001267.html
JVNDB-2009-001266 JBIG2 MMR デコーダにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001266.html
JVNDB-2009-001265 JBIG2 デコーダにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001265.html
JVNDB-2009-001264 JBIG2 デコーダにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001264.html
JVNDB-2009-001263 JBIG2 デコーダにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001263.html
JVNDB-2009-001262 JBIG2 デコーダにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001262.html
JVNDB-2009-001261 JBIG2 デコーダにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001261.html
Malware modularization and AV detection evasion
http://isc.sans.org/diary.html?storyid=8857
Cisco Network Building Mediator Lets Remote Users Login and Remote Authenticated Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/May/1024027.html
HP TestDirector for Quality Center Lets Remote Users Gain Unauthorized Access
http://securitytracker.com/alerts/2010/May/1024025.html
CuteSITE CMS Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39864/
razorCMS "content" Script Insertion Vulnerability
http://secunia.com/advisories/39961/
Specialized Data Systems Parent Connect SQL Injection Vulnerabilities
http://secunia.com/advisories/39905/
Ubuntu update for glibc and eglibc
http://secunia.com/advisories/39900/
HP Business Availability Center Multiple Vulnerabilities
http://secunia.com/advisories/39944/
IBM Communications Server for AIX APPC Denial of Service
http://secunia.com/advisories/39909/
HP TestDirector for Quality Center Unspecified Unauthorised Access Vulnerability
http://secunia.com/advisories/39943/
Python audioop Module Integer Overflow Vulnerabilities
http://secunia.com/advisories/39937/
SUSE update for Multiple Packages
http://secunia.com/advisories/39967/
Fedora update for html2ps
http://secunia.com/advisories/39957/
Fedora update for cacti
http://secunia.com/advisories/39954/
Fedora update for openssl
http://secunia.com/advisories/39956/
Joomla Component Percha Gallery 1.6 Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7449
Joomla Component Percha Fields Attach 1.0 Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7448
Shopzilla Affiliate search.php cross-site scripting
http://securityreason.com/securityalert/7447
PHP-Calendar "description" and "lastaction" Cross Site Scripting Vulnerabilities
http://securityreason.com/securityalert/7446
gpEasy <= 1.6.1 CSRF Remote Add Admin Exploit http://securityreason.com/securityalert/7445
Joomla Component Percha Downloads Attach 1.1 Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7444
gpEasy CMS XSS vulnerability
http://securityreason.com/securityalert/7443
Joomla Component Percha Image Attach 1.1 Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7442
The iceberg 'Content Management System' SQL Injection Vulnerability
http://securityreason.com/securityalert/7441
Caucho Technology Resin digest.php Cross Site Scripting Vulnerability
http://securityreason.com/securityalert/7440
LiSK CMS XSS vulnerability
http://securityreason.com/securityalert/7439
Lokomedia CMS Two Vulnerabilities
http://securityreason.com/securityalert/7438
Mathematica on Linux /tmp/MathLink vulnerability
http://securityreason.com/securityalert/7437
Lokomedia CMS (sukaCMS) Local File Disclosure Vulnerability
http://securityreason.com/securityalert/7436
Joomla Component Percha Categories 0.6 Tree Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7435
Advanced Poll 2.08 XSS vulnerability
http://securityreason.com/securityalert/7434
DataLife Engine 8.3 RFI Vulnerability
http://securityreason.com/securityalert/7433
LetoDMS (MyDMS) Local file inclusion/execution and multiple CSRF
http://securityreason.com/securityalert/7432
BS.Player v2.51 build 1022 (Media Library) Remote Buffer Overflow Vulnerability
http://securityreason.com/securityalert/7431
MigasCMS 1.0 SQL Injection
http://securityreason.com/securityalert/7430
Opencatalogue 1.024 Local File Include Vulnerability
http://securityreason.com/securityalert/7429
Saurus CMS 4.7.0 cross site scripting
http://securityreason.com/securityalert/7428
TomatoCMS Script Insertion Vulnerabilities
http://securityreason.com/securityalert/7427
TomatoCMS "q" SQL Injection Vulnerability
http://securityreason.com/securityalert/7426
Firefox, Internet Explorer, Chrome, Opera and other browsers DoS vulnerabilities
http://securityreason.com/securityalert/7425
Joomla Component redTWITTER Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7424
IBM Communications Server for AIX APPC Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1244
HP Business Availability Center Multiple Apache Vulnerabilities
http://www.vupen.com/english/advisories/2010/1243
HP TestDirector for Quality Center Unauthorized Access Vulnerability
http://www.vupen.com/english/advisories/2010/1242
TELE DATA Contact Management Server Directory Traversal Issue
http://www.vupen.com/english/advisories/2010/1241
Zabbix "nav_time" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1240
McAfee Email Gateway Web Access Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/1239
Sun Solaris FTP Server Long Command Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1238
Fedora Security Update Fixes OpenSSL Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1237
Fedora Security Update Fixes html2ps Arbitrary File Disclosure Issue
http://www.vupen.com/english/advisories/2010/1236
Fedora Security Update Fixes Cacti Multiple Input Validation Vulnerabilities
http://www.vupen.com/english/advisories/2010/1235
Redhat Security Update Fixes OpenSSL Two Vulnerabilities
http://www.vupen.com/english/advisories/2010/1234
Redhat Security Update Fixes Kernel Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1233
SuSE Security Update Fixes Code Execution and Security Bypass
http://www.vupen.com/english/advisories/2010/1232
Mandriva Security Update MySQL Buffer Overflow and Security Bypass
http://www.vupen.com/english/advisories/2010/1231
REMARK: SecurityFocus Web site did not response...
2010年5月26日水曜日
26日 水曜日、仏滅
+ GNU glibc 'ld.so' ELF Header Parsing Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40063
+ Linux Kernel 'tipc' Module Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39120
+ Linux Kernel 'release_one_tty()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39480
+ Linux Kernel GFS2 File Attribute Security Bypass Vulnerability
http://www.securityfocus.com/bid/40356
++ Linux Kernel NFS Automount 'symlinks' Denial of Service Vulnerability
http://www.securityfocus.com/bid/39044
On NAS OS 4.20, File Systems may Become OFFLINE After Disabling Checkpoint
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001053.1-1
HPSBMA02491 SSRT100060 rev.1 - Perl を実行する HP Tru64 UNIX、任意コードのリモート実行
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02186655
HPSBGN02315 SSRT071487 rev.1 - HP TestDirector for Quality Center running on AIX, Linux and Solaris, Remote Unauthorized Access
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01373684
HPSBMA02442 SSRT090108 rev.1 - HP Business Availability Center Running Apache, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Denial of Service (DoS)
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01800059
Linux Kernel release: 2.6.33.5-rc1
http://www.linux.org/news/2010/05/25/0004.html
Linux Kernel release: 2.6.32.14-rc1
http://www.linux.org/news/2010/05/25/0003.html
Linux Kernel release: 2.6.27.47-rc2
http://www.linux.org/news/2010/05/25/0002.html
Linux Kernel release: 2.6.27.47-rc1
http://www.linux.org/news/2010/05/25/0001.html
Document ID: 351291: "A cluster node is not available for this operation" when trying to move groups in MSCS after upgrade to 5.0 RP1a.
http://seer.entsupport.symantec.com/docs/351291.htm
Debian : New Linux 2.6.26 packages fix several issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32684
Dan Rosenberg : Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32686
David "skys" Guimaraes : SQL injection vulnerability in Zabbix <= 1.8.1
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32685
Debian : New kdegraphics packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32681
Debian : New postgresql-8.3 packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32682
Debian : New krb5 packages fix denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32683
Mandriva : aria2
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32680
ソフォス、セキュリティ対策ソフト最新版にクラウド型機能搭載
http://itpro.nikkeibp.co.jp/article/NEWS/20100525/348425/?ST=security
London DEFCON May meet - DC4420 - Wed 26th May 2010
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00224.html
Webby Webserver v1.01 - Buffer overflow vulnerability with overwritten structured exception hand
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00215.html
[SECURITY] [DSA 2053-1] New Linux 2.6.26 packages fix several issues
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00213.html
[SECURITY] [DSA 2052-1] New krb5 packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00211.html
[SECURITY] [DSA 2052-1] New krb5 packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00210.html
OSSTMM 3 STAR Released!
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00227.html
SQL injection vulnerability in Zabbix <= 1.8.1
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00228.html
Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00214.html
[ MDVSA-2010:106 ] aria2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00209.html
[SECURITY] [DSA 2051-1] New postgresql-8.3 packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00208.html
[SECURITY] [DSA 2050-1] New kdegraphics packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00204.html
Kingsoft WebShield KAVSafe.sys <= 2010.4.14.609(2010.5.23) Kernel Mode Local Privilege Escalation Vu
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00225.html
Denial of Dervice vulnerability in Helix Mobile Server (RealNetworks) (14.0.0.348) with long string
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00207.html
Secunia Research: Ziproxy Two Integer Overflow Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00206.html
CompleteFTP Server v 4.x "PORT" command Remote DOS exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00201.html
Arbitrary UNC file read in IE 8
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00226.html
[SECURITY] [DSA 2048-1] New dvipng packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00202.html
JV2 Folder Gallery 3.1.1 (popup_slideshow.php) Multiple Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00223.html
[Bkis-01-2010] Multiple Vulnerabilities in BigAce - Bkis
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00221.html
Kingsoft WebShield KAVSafe.sys <= 2010.4.14.609(2010.5.23) Kernel Mode Local Privilege Escalation Vu
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00222.html
[SECURITY] [DSA 2049-1] New barnowl packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00199.html
Vulnerabilities in DS-Syndicate for Joomla
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00220.html
Hustoj is HUST ACM OnlineJudge "fckeditor" file upload security issue
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00216.html
[Bkis-01-2010] Multiple Vulnerabilities in BigAce - Bkis
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00212.html
Ghostscript 8.64 executes random code at startup
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00218.html
[ MDVSA-2010:105 ] openoffice.org
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00200.html
Face book “joke” leads to firing.
http://isc.sans.org/diary.html?storyid=8848
Security people shouldn’t pay the "spam support system" for email lists to send SPAM
http://isc.sans.org/diary.html?storyid=8851
Tabnabbing new method for phishing.
http://isc.sans.org/diary.html?storyid=8854
3Com Intelligent Management Center Flaws Permit Cross-Site Scripting and Directory Traversal Attacks
http://securitytracker.com/alerts/2010/May/1024022.html
Solaris Command Splitting Flaw in 'in.ftpd' Permits Command Injection Attacks
http://securitytracker.com/alerts/2010/May/1024021.html
Authentium Command On Demand ActiveX Control Buffer Overflow Vulnerability
http://www.securiteam.com/securitynews/5MP3K151FW.html
Juniper Secure Access Cross Site Scripting Vulnerability
http://www.securiteam.com/securitynews/5NP3L151FQ.html
ncpfs Package ncpmount, ncpumount and ncplogin Multiple Vulnerabilities
http://www.securiteam.com/unixfocus/5OP3M151FU.html
Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities
http://securityreason.com/securityalert/7423
Ghostscript, multiple arbitrary code execution vulnerabilities
http://securityreason.com/securityalert/7422
SpringSource tc Server unauthenticated remote access to JMX interface
http://securityreason.com/securityalert/7421
Joomla Component Joomla Flickr Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7420
Joomla Component Fabrik Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7419
Joomla Component JA Voice LFI vulnerability
http://securityreason.com/securityalert/7418
HP-UX Running ONCPlus, Remote Denial of Service (DoS), PE
http://securityreason.com/securityalert/7417
Openregistrecil 1.02 (RFI/LFI) Multiple File Include Vulnerability
http://securityreason.com/securityalert/7416
60cycleCMS (DOCUMENT_ROOT) Multiple Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7415
Openfoncier 2.00 (RFI/LFI) Multiple File Include Vulnerability
http://securityreason.com/securityalert/7414
Fedora Security Update Pidgin Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1230
Fedora Security Update Fixes Aria2 Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2010/1229
Mandriva Security Update Fixes Aria2 Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2010/1228
Mandriva Security Update Fixes OpenOffice.org Vulnerabilities
http://www.vupen.com/english/advisories/2010/1227
Mandriva Security Update Fixes Dovecot Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1226
Ubuntu Security Update Fixes PostgreSQL Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1225
rPath Security Update Fixes OpenSSL Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/1224
Debian Security Update Fixes Kernel Security Bypass and DoS
http://www.vupen.com/english/advisories/2010/1223
Debian Security Update Fixes krb5 Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1222
Debian Security Update Fixes PostgreSQL Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1221
Debian Security Update Fixes kdegraphics Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1220
Debian Security Update Fixes dvipng Array Indexing Vulnerabilities
http://www.vupen.com/english/advisories/2010/1219
Debian Security Update Fixes BarnOwl Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1218
Debian Security Update Fixes Pidgin Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/1217
Debian update for linux-2.6
http://secunia.com/advisories/39830/
Sun Solaris FTP Server Long Command Processing Vulnerability
http://secunia.com/advisories/39856/
Debian update for krb5
http://secunia.com/advisories/39849/
The Uniform Server Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39913/
USR5463 802.11g Wireless Router Cross-Site Request Forgery
http://secunia.com/advisories/39889/
ManageEngine ADManager Plus "computerName" Cross-Site Scripting
http://secunia.com/advisories/39901/
Debian update for kdegraphics
http://secunia.com/advisories/39938/
Debian update for postgresql-8.3
http://secunia.com/advisories/39939/
GNU glibc 'ld.so' ELF Header Parsing Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40063
GNU glibc 'strfmon()' Function Integer Overflow Weakness
http://www.securityfocus.com/bid/36443
Oracle MySQL Malformed Packet Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40100
Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40106
Oracle MySQL 'COM_FIELD_LIST' Command Packet Security Bypass Vulnerability
http://www.securityfocus.com/bid/40109
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
OpenSSL 'bn_wexpend()' Error Handling Unspecified Vulnerability
http://www.securityfocus.com/bid/38562
OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38533
OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39013
OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31692
html2ps 'include file' Server Side Include Directive Directory Traversal Vulnerability
http://www.securityfocus.com/bid/36524
Cacti Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/40332
Cacti 'rra_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/40149
U.S.Robotics USR5463 Firmware '/cgi-bin/setup_ddns.exe' Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/40348
Cisco IronPort Desktop Flag Plug-in for Outlook Send Secure Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40061
Linux Kernel 'tcp_rcv_state_process()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39016
Computer Associates XOsoft Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/39238
dvipng '.dvi' File Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39969
Mono 'EnableViewStateMac' Cross-Site Scripting Weakness
http://www.securityfocus.com/bid/40351
TeX Live DVI Font Data Parsing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39981
TeX Live '.dvi' File Parsing Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39966
TeX Live 'dospecial.c' '.dvi' File Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/39500
memcached Memory Consumption Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39577
Pango Glyph Definition Table Denial of Service Vulnerability
http://www.securityfocus.com/bid/38760
PHP xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38708
Expat Unspecified XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37203
Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36097
GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100
ncpfs Multiple Local Vulnerabilities
http://www.securityfocus.com/bid/38563
GNOME Evolution S/MIME Email Signature Verification Vulnerability
http://www.securityfocus.com/bid/33720
Xen pygrub Local Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/36523
Libpng 'png_decompress_chunk()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/38478
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
SolarWinds TFTP Server 'Read' Request (Opcode 0x01) Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40333
Linux Kernel 'sctp_process_unk_param()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39794
Linux Kernel for PowerPC KGDB '_PAGE_USER' Test Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39798
Linux Kernel 'find_keyring_by_name()' Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39719
Linux Kernel GFS/GFS2 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39101
Linux Kernel 'tipc' Module Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39120
Linux Kernel Bluetooth Sysfs File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38898
Linux Kernel TSB I-TLB Load Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38393
Linux Kernel USB interface Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39042
Linux Kernel NFS Automount 'symlinks' Denial of Service Vulnerability
http://www.securityfocus.com/bid/39044
Linux Kernel VM/VFS 'invalidatepage()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39569
Linux Kernel 'release_one_tty()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39480
Linux Kernel 'dvb_net_ule()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38479
Linux Kernel RTL8169 NIC 'RxMaxSize' Frame Size Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37521
MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40235
Python 'audioop' Module Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40370
HLstatsX CE 'hlstats.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40368
Google Chrome prior to 5.0.375.55 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/40367
Open&Compact FTP Server Multiple Command Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/40366
Python 'rgbimg' RLE Decoder Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/40365
Python 'rgbimg' Module 'rv' Array Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40363
Python 'rgbimg' Module ZSIZE Value Buffer Underflow Vulnerability
http://www.securityfocus.com/bid/40361
Linux Kernel GFS2 File Attribute Security Bypass Vulnerability
http://www.securityfocus.com/bid/40356
ManageEngine ADManager Plus 'computerName' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40355
BigACE Cross Site Request Forgery and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/40354
Webby HTTP GET Request Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40353
NITRO Web Gallery 'PictureId' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/40350
WebAsyst Shop-Script 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40349
http://www.securityfocus.com/bid/40063
+ Linux Kernel 'tipc' Module Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39120
+ Linux Kernel 'release_one_tty()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39480
+ Linux Kernel GFS2 File Attribute Security Bypass Vulnerability
http://www.securityfocus.com/bid/40356
++ Linux Kernel NFS Automount 'symlinks' Denial of Service Vulnerability
http://www.securityfocus.com/bid/39044
On NAS OS 4.20, File Systems may Become OFFLINE After Disabling Checkpoint
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001053.1-1
HPSBMA02491 SSRT100060 rev.1 - Perl を実行する HP Tru64 UNIX、任意コードのリモート実行
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02186655
HPSBGN02315 SSRT071487 rev.1 - HP TestDirector for Quality Center running on AIX, Linux and Solaris, Remote Unauthorized Access
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01373684
HPSBMA02442 SSRT090108 rev.1 - HP Business Availability Center Running Apache, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Denial of Service (DoS)
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01800059
Linux Kernel release: 2.6.33.5-rc1
http://www.linux.org/news/2010/05/25/0004.html
Linux Kernel release: 2.6.32.14-rc1
http://www.linux.org/news/2010/05/25/0003.html
Linux Kernel release: 2.6.27.47-rc2
http://www.linux.org/news/2010/05/25/0002.html
Linux Kernel release: 2.6.27.47-rc1
http://www.linux.org/news/2010/05/25/0001.html
Document ID: 351291: "A cluster node is not available for this operation" when trying to move groups in MSCS after upgrade to 5.0 RP1a.
http://seer.entsupport.symantec.com/docs/351291.htm
Debian : New Linux 2.6.26 packages fix several issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32684
Dan Rosenberg : Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32686
David "skys" Guimaraes : SQL injection vulnerability in Zabbix <= 1.8.1
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32685
Debian : New kdegraphics packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32681
Debian : New postgresql-8.3 packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32682
Debian : New krb5 packages fix denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32683
Mandriva : aria2
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32680
ソフォス、セキュリティ対策ソフト最新版にクラウド型機能搭載
http://itpro.nikkeibp.co.jp/article/NEWS/20100525/348425/?ST=security
London DEFCON May meet - DC4420 - Wed 26th May 2010
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00224.html
Webby Webserver v1.01 - Buffer overflow vulnerability with overwritten structured exception hand
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00215.html
[SECURITY] [DSA 2053-1] New Linux 2.6.26 packages fix several issues
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00213.html
[SECURITY] [DSA 2052-1] New krb5 packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00211.html
[SECURITY] [DSA 2052-1] New krb5 packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00210.html
OSSTMM 3 STAR Released!
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00227.html
SQL injection vulnerability in Zabbix <= 1.8.1
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00228.html
Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00214.html
[ MDVSA-2010:106 ] aria2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00209.html
[SECURITY] [DSA 2051-1] New postgresql-8.3 packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00208.html
[SECURITY] [DSA 2050-1] New kdegraphics packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00204.html
Kingsoft WebShield KAVSafe.sys <= 2010.4.14.609(2010.5.23) Kernel Mode Local Privilege Escalation Vu
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00225.html
Denial of Dervice vulnerability in Helix Mobile Server (RealNetworks) (14.0.0.348) with long string
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00207.html
Secunia Research: Ziproxy Two Integer Overflow Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00206.html
CompleteFTP Server v 4.x "PORT" command Remote DOS exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00201.html
Arbitrary UNC file read in IE 8
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00226.html
[SECURITY] [DSA 2048-1] New dvipng packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00202.html
JV2 Folder Gallery 3.1.1 (popup_slideshow.php) Multiple Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00223.html
[Bkis-01-2010] Multiple Vulnerabilities in BigAce - Bkis
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00221.html
Kingsoft WebShield KAVSafe.sys <= 2010.4.14.609(2010.5.23) Kernel Mode Local Privilege Escalation Vu
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00222.html
[SECURITY] [DSA 2049-1] New barnowl packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00199.html
Vulnerabilities in DS-Syndicate for Joomla
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00220.html
Hustoj is HUST ACM OnlineJudge "fckeditor" file upload security issue
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00216.html
[Bkis-01-2010] Multiple Vulnerabilities in BigAce - Bkis
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00212.html
Ghostscript 8.64 executes random code at startup
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00218.html
[ MDVSA-2010:105 ] openoffice.org
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00200.html
Face book “joke” leads to firing.
http://isc.sans.org/diary.html?storyid=8848
Security people shouldn’t pay the "spam support system" for email lists to send SPAM
http://isc.sans.org/diary.html?storyid=8851
Tabnabbing new method for phishing.
http://isc.sans.org/diary.html?storyid=8854
3Com Intelligent Management Center Flaws Permit Cross-Site Scripting and Directory Traversal Attacks
http://securitytracker.com/alerts/2010/May/1024022.html
Solaris Command Splitting Flaw in 'in.ftpd' Permits Command Injection Attacks
http://securitytracker.com/alerts/2010/May/1024021.html
Authentium Command On Demand ActiveX Control Buffer Overflow Vulnerability
http://www.securiteam.com/securitynews/5MP3K151FW.html
Juniper Secure Access Cross Site Scripting Vulnerability
http://www.securiteam.com/securitynews/5NP3L151FQ.html
ncpfs Package ncpmount, ncpumount and ncplogin Multiple Vulnerabilities
http://www.securiteam.com/unixfocus/5OP3M151FU.html
Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities
http://securityreason.com/securityalert/7423
Ghostscript, multiple arbitrary code execution vulnerabilities
http://securityreason.com/securityalert/7422
SpringSource tc Server unauthenticated remote access to JMX interface
http://securityreason.com/securityalert/7421
Joomla Component Joomla Flickr Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7420
Joomla Component Fabrik Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7419
Joomla Component JA Voice LFI vulnerability
http://securityreason.com/securityalert/7418
HP-UX Running ONCPlus, Remote Denial of Service (DoS), PE
http://securityreason.com/securityalert/7417
Openregistrecil 1.02 (RFI/LFI) Multiple File Include Vulnerability
http://securityreason.com/securityalert/7416
60cycleCMS (DOCUMENT_ROOT) Multiple Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7415
Openfoncier 2.00 (RFI/LFI) Multiple File Include Vulnerability
http://securityreason.com/securityalert/7414
Fedora Security Update Pidgin Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1230
Fedora Security Update Fixes Aria2 Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2010/1229
Mandriva Security Update Fixes Aria2 Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2010/1228
Mandriva Security Update Fixes OpenOffice.org Vulnerabilities
http://www.vupen.com/english/advisories/2010/1227
Mandriva Security Update Fixes Dovecot Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1226
Ubuntu Security Update Fixes PostgreSQL Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1225
rPath Security Update Fixes OpenSSL Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/1224
Debian Security Update Fixes Kernel Security Bypass and DoS
http://www.vupen.com/english/advisories/2010/1223
Debian Security Update Fixes krb5 Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1222
Debian Security Update Fixes PostgreSQL Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1221
Debian Security Update Fixes kdegraphics Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1220
Debian Security Update Fixes dvipng Array Indexing Vulnerabilities
http://www.vupen.com/english/advisories/2010/1219
Debian Security Update Fixes BarnOwl Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1218
Debian Security Update Fixes Pidgin Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/1217
Debian update for linux-2.6
http://secunia.com/advisories/39830/
Sun Solaris FTP Server Long Command Processing Vulnerability
http://secunia.com/advisories/39856/
Debian update for krb5
http://secunia.com/advisories/39849/
The Uniform Server Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39913/
USR5463 802.11g Wireless Router Cross-Site Request Forgery
http://secunia.com/advisories/39889/
ManageEngine ADManager Plus "computerName" Cross-Site Scripting
http://secunia.com/advisories/39901/
Debian update for kdegraphics
http://secunia.com/advisories/39938/
Debian update for postgresql-8.3
http://secunia.com/advisories/39939/
GNU glibc 'ld.so' ELF Header Parsing Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40063
GNU glibc 'strfmon()' Function Integer Overflow Weakness
http://www.securityfocus.com/bid/36443
Oracle MySQL Malformed Packet Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40100
Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40106
Oracle MySQL 'COM_FIELD_LIST' Command Packet Security Bypass Vulnerability
http://www.securityfocus.com/bid/40109
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
OpenSSL 'bn_wexpend()' Error Handling Unspecified Vulnerability
http://www.securityfocus.com/bid/38562
OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38533
OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39013
OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31692
html2ps 'include file' Server Side Include Directive Directory Traversal Vulnerability
http://www.securityfocus.com/bid/36524
Cacti Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/40332
Cacti 'rra_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/40149
U.S.Robotics USR5463 Firmware '/cgi-bin/setup_ddns.exe' Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/40348
Cisco IronPort Desktop Flag Plug-in for Outlook Send Secure Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40061
Linux Kernel 'tcp_rcv_state_process()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39016
Computer Associates XOsoft Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/39238
dvipng '.dvi' File Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39969
Mono 'EnableViewStateMac' Cross-Site Scripting Weakness
http://www.securityfocus.com/bid/40351
TeX Live DVI Font Data Parsing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39981
TeX Live '.dvi' File Parsing Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39966
TeX Live 'dospecial.c' '.dvi' File Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/39500
memcached Memory Consumption Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39577
Pango Glyph Definition Table Denial of Service Vulnerability
http://www.securityfocus.com/bid/38760
PHP xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38708
Expat Unspecified XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37203
Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36097
GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100
ncpfs Multiple Local Vulnerabilities
http://www.securityfocus.com/bid/38563
GNOME Evolution S/MIME Email Signature Verification Vulnerability
http://www.securityfocus.com/bid/33720
Xen pygrub Local Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/36523
Libpng 'png_decompress_chunk()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/38478
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
SolarWinds TFTP Server 'Read' Request (Opcode 0x01) Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40333
Linux Kernel 'sctp_process_unk_param()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39794
Linux Kernel for PowerPC KGDB '_PAGE_USER' Test Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39798
Linux Kernel 'find_keyring_by_name()' Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39719
Linux Kernel GFS/GFS2 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39101
Linux Kernel 'tipc' Module Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39120
Linux Kernel Bluetooth Sysfs File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38898
Linux Kernel TSB I-TLB Load Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38393
Linux Kernel USB interface Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39042
Linux Kernel NFS Automount 'symlinks' Denial of Service Vulnerability
http://www.securityfocus.com/bid/39044
Linux Kernel VM/VFS 'invalidatepage()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39569
Linux Kernel 'release_one_tty()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39480
Linux Kernel 'dvb_net_ule()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38479
Linux Kernel RTL8169 NIC 'RxMaxSize' Frame Size Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37521
MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40235
Python 'audioop' Module Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40370
HLstatsX CE 'hlstats.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40368
Google Chrome prior to 5.0.375.55 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/40367
Open&Compact FTP Server Multiple Command Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/40366
Python 'rgbimg' RLE Decoder Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/40365
Python 'rgbimg' Module 'rv' Array Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40363
Python 'rgbimg' Module ZSIZE Value Buffer Underflow Vulnerability
http://www.securityfocus.com/bid/40361
Linux Kernel GFS2 File Attribute Security Bypass Vulnerability
http://www.securityfocus.com/bid/40356
ManageEngine ADManager Plus 'computerName' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40355
BigACE Cross Site Request Forgery and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/40354
Webby HTTP GET Request Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40353
NITRO Web Gallery 'PictureId' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/40350
WebAsyst Shop-Script 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40349
登録:
投稿 (Atom)