Linux Kernel release: 2.6.34-rc7
http://www.linux.org/news/2010/05/10/0001.html
Trend Micro Portable Security 1.0 サポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1400
Trend Micro Network VirusWall Enforcer 1200 Service Pack 1 Patch 1 モジュール入れ替えのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1405
定期サーバメンテナンスのお知らせ(2010年5月14日)
http://www.trendmicro.co.jp/support/news.asp?id=1402
パーソナルメディア、ログ機能で消去記録を保存できるデータ消去ソフト
http://itpro.nikkeibp.co.jp/article/NEWS/20100510/347834/?ST=security
Yahoo! Messengerを狙ったワームの亜種、Skypeも攻撃対象に
http://itpro.nikkeibp.co.jp/article/NEWS/20100510/347840/?ST=security
RHBA-2010:0395-1: iptables bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0395.html
Joomla! 'com_articleman' Component Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/40026
- MOPS-2010-018: EFront ask_chat chatrooms_ID SQL Injection Vulnerability
http://php-security.org/2010/05/09/mops-2010-018-efront-ask_chat-chatrooms_id-sql-injection-vulnerability/index.html
+ MOPS-2010-017: PHP preg_quote() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/09/mops-2010-017-php-preg_quote-interruption-information-leak-vulnerability/index.html
MOPS Submission 04 ? Generating Unpredictable Session IDs and Hashes
http://php-security.org/2010/05/09/mops-submission-04-generating-unpredictable-session-ids-and-hashes/index.html
+ MOPS-2010-016: PHP ZEND_SR Opcode Interruption Address Information Leak Vulnerability
http://php-security.org/2010/05/08/mops-2010-016-php-zend_sr-opcode-interruption-address-information-leak-vulnerability/index.html
+ MOPS-2010-015: PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability
http://php-security.org/2010/05/08/mops-2010-015-php-zend_sl-opcode-interruption-address-information-leak-vulnerability/index.html
+ MOPS-2010-014: PHP ZEND_BW_XOR Opcode Interruption Address Information Leak Vulnerability
http://php-security.org/2010/05/08/mops-2010-014-php-zend_bw_xor-opcode-interruption-address-information-leak-vulnerability/index.html
- MOPS-2010-013: PHP sqlite_array_query() Uninitialized Memory Usage Vulnerability
http://php-security.org/2010/05/07/mops-2010-013-php-sqlite_array_query-uninitialized-memory-usage-vulnerability/index.html
- MOPS-2010-012: PHP sqlite_single_query() Uninitialized Memory Usage Vulnerability
http://php-security.org/2010/05/07/mops-2010-012-php-sqlite_single_query-uninitialized-memory-usage-vulnerability/index.html
- MOPS Submission 03 ? sqlite_single_query(), sqlite_array_query() Uninitialized Memory Usage
http://php-security.org/2010/05/07/mops-submission-03-sqlite_single_query-sqlite_array_query-uninitialized-memory-usage/index.html
- MOPS-2010-011: DeluxeBB newthread SQL Injection Vulnerability
http://php-security.org/2010/05/06/mops-2010-011-deluxebb-newthread-sql-injection-vulnerability/index.html
+ MOPS-2010-010: PHP html_entity_decode() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/06/mops-2010-010-php-html_entity_decode-interruption-information-leak-vulnerability/index.html
+ MOPS-2010-009: PHP shm_put_var() Already Freed Resource Access Vulnerability
http://php-security.org/2010/05/05/mops-2010-009-php-shm_put_var-already-freed-resource-access-vulnerability/index.html
MOPS Submission 02 ? Context-aware HTML escaping
http://php-security.org/2010/05/05/mops-submission-02-context-aware-html-escaping/index.html
Winners of the “CFP Spread the Word” Drawing
http://php-security.org/2010/05/04/winners-of-the-cfp-spread-the-word-drawing/index.html
- MOPS-2010-008: PHP chunk_split() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/04/mops-2010-008-php-chunk_split-interruption-information-leak-vulnerability/index.html
- MOPS-2010-007: ClanTiger Shoutbox Module s_email SQL Injection vulnerability
http://php-security.org/2010/05/04/mops-2010-007-clantiger-shoutbox-module-s_email-sql-injection-vulnerability/index.html
- MOPS-2010-006: PHP addcslashes() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/03/mops-2010-006-php-addcslashes-interruption-information-leak-vulnerability/index.html
MOPS Submission 01 ? A New Open Source Tool: OWASP ESAPI for PHP
http://php-security.org/2010/05/03/mops-submission-01-a-new-open-source-tool-owasp-esapi-for-php/index.html
- MOPS-2010-005: ClanSphere MySQL Driver Generic SQL Injection Vulnerability
http://php-security.org/2010/05/03/mops-2010-005-clansphere-mysql-driver-generic-sql-injection-vulnerability/index.html
- MOPS-2010-004: ClanSphere Captcha Generator Blind SQL Injection Vulnerability
http://php-security.org/2010/05/03/mops-2010-004-clansphere-captcha-generator-blind-sql-injection-vulnerability/index.html
- MOPS-2010-003: PHP dechunk Filter Signed Comparison Vulnerability
http://php-security.org/2010/05/02/mops-2010-003-php-dechunk-filter-signed-comparison-vulnerability/index.html
- MOPS-2010-002: Campsite TinyMCE Article Attachment SQL Injection Vulnerability
http://php-security.org/2010/05/01/mops-2010-002-campsite-tinymce-article-attachment-sql-injection-vulnerability/index.html
- MOPS-2010-001: PHP hash_update_file() Already Freed Resource Access Vulnerability
http://php-security.org/2010/05/01/mops-2010-001-php-hash_update_file-already-freed-resource-access-vulnerability/index.html
+- gawk 3.1.8 released
http://ftp.gnu.org/gnu/gawk/?C=M;O=D
+ Apache Ant 1.8.1 Released
http://ant.apache.org/antnews.html
+ libpng 1.4.2 released
http://www.libpng.org/pub/png/libpng.html
http://www.libpng.org/pub/png/src/libpng-1.4.2-README.txt
+ Zimbra Collaboration Suite 6.0.6.1 released
http://www.zimbra.com/downloads/os-downloads.html
http://files2.zimbra.com/website/docs/Zimbra%20OS%20Release%20Notes%206.0.6.1.pdf
+ PHP 'sqlite_single_query()' and 'sqlite_array_query()' Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/40013
ALERT WEEKLY SUMMARY REPORT
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275470-1
Dovecot 2.0.beta5 released
http://www.dovecot.org/list/dovecot-news/2010-May/000155.html
Document ID: 351936: If a network cable is disconnected from a node where Exchange 2010 service groups are online, the service group fails over to the next target node. However, once the network cable is reconnected and failback is initiated, the Exchange 2010 DataBase (DB) resource may fault after initially reporting as online.
http://seer.entsupport.symantec.com/docs/351936.htm
Document ID: 350624: Veritas Storage Foundation and High Availability Solutions (SFW HA) 5.1 Service Pack 1 (SP1) Application Pack 1 (AP1) for Windows
http://seer.entsupport.symantec.com/docs/350624.htm
VMSA-2010-0008: VMware View 3.1.3 addresses an important cross-site scripting vulnerability
http://www.vmware.com/security/advisories/VMSA-2010-0008.html
Hanno Boeck : persistent cross site scripting (XSS), CVE-2010-1481
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32508
Hanno Boeck : CMS Made Simple: backend cross site scripting (XSS), CVE-2010-1482
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32509
「ツイートにわな、安易なフォローは禁物」――Twitterの悪用に注意
IPAが注意喚起、ウイルスサイトなどに誘導される危険性
http://itpro.nikkeibp.co.jp/article/NEWS/20100510/347819/?ST=security
CMS Made Simple: backend cross site scripting (XSS), CVE-2010-1482
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00047.html
pmwiki: persistent cross site scripting (XSS), CVE-2010-1481
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00046.html
[Wintercore Research] Consona Products - Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00045.html
XSS vulnerability in Jaws
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00044.html
Injection of ECShop apps.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00043.html
REZERVI (root) Remote Command Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00040.html
Vulnerability with Cisco ACE. A2 3.0 (probably all version)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00038.html
[ MDVSA-2010:092 ] cacti
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00039.html
JVNDB-2009-002533 VMware Authorization Service の VMware Authentication Daemon におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002533.html
JVNDB-2010-001370 VMnc メディアコーデックおよびムービーデコーダにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001370.html
JVNDB-2010-001369 VMnc メディアコーデックおよびムービーデコーダにおけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001369.html
JVNDB-2010-001368 VMware Remote Console の vmware-vmrc.exe build 158248 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001368.html
JVNDB-2010-001367 複数の VMware 製品の vmrun における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001367.html
JVNDB-2010-001366 複数の VMware 製品の仮想ネットワークスタックにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001366.html
JVNDB-2010-001365 複数の VMware 製品の VMware Tools における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001365.html
JVNDB-2010-001364 複数の VMware 製品の VMware Tools における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001364.html
JVNDB-2010-001200 Linux Kernel の SCTP 実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001200.html
JVNDB-2010-001196 GNU tar および GNU cpio の rmt_read__ 関数におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001196.html
JVNDB-2010-001157 CUPS の cupsd におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001157.html
JVNDB-2010-001002 sendmail における X.509 証明書の処理に関する任意の SSL-based SMTP サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001002.html
JVNDB-2009-002344 CUPS の cupsd におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002344.html
JVNDB-2009-001733 CUPS の ippReadIO 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001733.html
JVNDB-2009-001260 Xpdf および CUPS の JBIG2 デコーダーにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001260.html
JVNDB-2009-001259 Xpdf および CUPS の JBIG2 デコーダーにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001259.html
JVNDB-2009-001258 Xpdf および CUPS の JBIG2 デコーダーにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001258.html
JVNDB-2009-001257 CUPS の TIFF イメージデコーディングルーチンにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001257.html
JVNDB-2005-000872 GNU cpio における大きなサイズのファイル処理によるバッファーオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2005/JVNDB-2005-000872.html
Microsoft Patch Tuesday May 2010 Pre-Release
http://isc.sans.org/diary.html?storyid=8764
Wireshark DOCSIS Dissector DoS Vulnerability
http://isc.sans.org/diary.html?storyid=8767
Stock market "wipe out" may be due to computer error
http://isc.sans.org/diary.html?storyid=8761
Apple Safari Popup Window Memory Corruption Error Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/May/1023958.html
PmWiki "width" Script Insertion Vulnerability
http://secunia.com/advisories/39698/
Apple Safari "parent.close()" Code Execution Vulnerability
http://secunia.com/advisories/39670/
Red Hat update for kernel
http://secunia.com/advisories/39649/
Consona CRM Suite Repair Service Privilege Escalation Vulnerability
http://secunia.com/advisories/39752/
Consona SdcUser.TgConCtl ActiveX Control Multiple Vulnerabilities
http://secunia.com/advisories/39751/
Consona CRM Suite Password Reset and Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/39740/
My Little Forum Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/39702/
Jaws "url" Script Insertion Vulnerability
http://secunia.com/advisories/39689/
vBulletin BB Code Script Insertion Vulnerability
http://secunia.com/advisories/39662/
AV Arcade Pro "q" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39719/
X-Motor Racing Server Multiple Vulnerabilities
http://secunia.com/advisories/39747/
GetSimple CMS "file" File Disclosure Vulnerability
http://secunia.com/advisories/39720/
Factux Multiple File Inclusion Vulnerabilities
http://secunia.com/advisories/39717/
Avaya Products curl Excessive Data Length in Callback Function
http://secunia.com/advisories/39734/
Avaya Products Firefox Multiple Vulnerabilities
http://secunia.com/advisories/39737/
PCRE "compile_branch()" Buffer Overflow Vulnerability
http://secunia.com/advisories/39738/
AzDGDatingMedium Multiple Vulnerabilities
http://secunia.com/advisories/39716/
Ubuntu update for texlive-bin
http://secunia.com/advisories/39724/
Ubuntu update for dvipng
http://secunia.com/advisories/39725/
VMware View Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39727/
SUSE update for kernel
http://secunia.com/advisories/39742/
Debian update for iscsitarget
http://secunia.com/advisories/39726/
Fedora update for sahana
http://secunia.com/advisories/39641/
Red Hat update for tetex
http://secunia.com/advisories/39750/
Red Hat update for tetex
http://secunia.com/advisories/39749/
Red Hat update for tetex
http://secunia.com/advisories/39657/
Tex Live dvipng Array Indexing Vulnerabilities
http://secunia.com/advisories/39648/
Baofeng Storm Playlist Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/39721/
HP Mercury LoadRunner Agent Command Execution Vulnerability
http://secunia.com/advisories/39722/
IDEAL Migration v4.5.1 Buffer Overflow Exploit (Meta)
http://www.exploit-db.com/exploits/12540
AVCON H323Call Buffer Overflow
http://www.exploit-db.com/exploits/12528
IBM WebSphere MQ Channel Control Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1083
Lexmark Printers HTTP Header Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1082
Wireshark DOCSIS Dissector Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1081
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
OpenSSL 'bn_wexpend()' Error Handling Unspecified Vulnerability
http://www.securityfocus.com/bid/38562
OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38533
NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37255
Linux Kernel VM/VFS 'invalidatepage()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39569
gdomap Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/40005
MySQL UNINSTALL PLUGIN Security Bypass Vulnerability
http://www.securityfocus.com/bid/39543
xbtit 'functions.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/39372
joomla-flickr Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39251
Sahana 'stream.php' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/38863
Microsoft Windows SMB Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36989
REZERVI Belegungsplan und GA?stedatenbank 'include/mail.inc.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/37589
Lalim Compact Player '.mp3' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40014
PHP 'sqlite_single_query()' and 'sqlite_array_query()' Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/40013
Basml Okul Scripti 'banneryukle.asp' Remote File Upload Vulnerability
http://www.securityfocus.com/bid/40012
Multiple Consona Products 'SdcUser.TgConCtl' ActiveX Multiple Insecure Method Vulnerabilities
http://www.securityfocus.com/bid/40011
Multiple Consona Products Unspecified Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40010
Multiple Consona Products 'SdcUser.TgConCtl' ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40006
AzDGDatingMedium 'photos.php' Unspecified Security Vulnerability
http://www.securityfocus.com/bid/40004
Multiple Consona Products Password Reset Security Bypass Vulnerability
http://www.securityfocus.com/bid/40003
Cisco Application Control Engine (ACE) HTTP Parsing Security Weakness
http://www.securityfocus.com/bid/40002
ECShop 'category.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40001
AzDGDatingMedium Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/40000
Multiple Consona Products 'n6plugindestructor.asp' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39999
ESET Smart Security and NOD32 Antivirus Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39998
CMS Made Simple 'admin/editprefs.php' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/39997
Jaws 'edit profile' Module 'URL' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39996
my little forum 'index.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/39995
PmWiki Table Feature 'width' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/39994
PHP-Nuke 'FriendSend' module SQL Injection Vulnerability
http://www.securityfocus.com/bid/39992
Apple Safari 'window.parent.close()' Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39990
0 件のコメント:
コメントを投稿