:: IT Security Neophyte Investigator's MEMO ::: 21日金曜日、大安

2010年5月21日金曜日

21日金曜日、大安

+ Multiple Vendor 'rpc.pcnfsd' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40248
http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html

- HPSBUX02519 SSRT100004 rev.1 - BINDを実行するHP-UX、NXDOMAIN応答のリモート侵害
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02177073

- HPSBUX02518 SSRT100051 rev.1 - HP-UX、ローカルサービス拒否 (DoS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02177072

HPSBUX02517 SSRT100058 rev.2 － OpenSSLを実行するHP-UX、不正なリモート情報開示、不正なデータ変更、サービス拒否 (DoS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02177070

Java Runtime Environment Remote Denial of Service (DoS) Vulnerability
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000579.1-1

Rumba FTP Client FTPSFtp.dll v4.2.0.0 OpenSession() Buffer Overflow
http://www.exploit-db.com/exploits/12677

+ glibc 2.11.2 released
http://ftp.gnu.org/gnu/glibc/?C=M;O=D

+ MySQL 5.1.47 released
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html

+ MySQL mi_delete_table() Symlink Flaw Lets Remote Authenticated Users Delete Data and Index Files
http://securitytracker.com/alerts/2010/May/1024004.html
http://bugs.mysql.com/bug.php?id=40980

+ iptables 1.4.8 released
http://www.iptables.org/news.html#2010-05-20
http://www.iptables.org/projects/iptables/files/changes-iptables-1.4.8.txt

+ PostgreSQL 'RESET ALL' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/40304

Justin C. Klein Keane : Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32644

Mandriva : clamav
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32632

Ubuntu Security Notice : MoinMoin vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32637

XSS bug in US Robotics firmware USR5463-v0_06.bin
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00174.html

[ MDVSA-2010:082-1 ] clamav
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00176.html

[USN-941-1] MoinMoin vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00173.html

[HITB-Announce] HITBSecConf2010 - Malaysia Call for Papers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00172.html

[ MDVSA-2010:102 ] ghostscript
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00167.html

Linux Mint 8 mintUpdate Insecure Temporary File Creation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00165.html

[Suspected Spam][USN-940-1] Kerberos vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00169.html

Bind patches are out
http://isc.sans.org/diary.html?storyid=8821

Is this version of PuTTY legit?
http://isc.sans.org/diary.html?storyid=8824

JVNDB-2009-002537 Wireshark の Infiniband 解析部におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002537.html

JVNDB-2009-002536 Wireshark の AFS 解析部におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002536.html

JVNDB-2009-002535 Wireshark の解析部におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002535.html

JVNDB-2009-001024 RealVNC VNC Viewer コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001024.html

Novell Access Manager TLS Session Renegotiation Plaintext Injection Vulnerability
http://secunia.com/advisories/39850/

DBCart "id" SQL Injection Vulnerability
http://secunia.com/advisories/39867/

Drupal Wordpress Import Module Arbitrary File Upload Vulnerability
http://secunia.com/advisories/39894/

DotNetNuke Information Disclosure and Script Insertion
http://secunia.com/advisories/39874/

Joomla ActiveHelper LiveHelp Component "DOMAINID" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39870/

Drupal Panels Module PHP Code Execution Vulnerability
http://secunia.com/advisories/39885/

Drupal Chaos Tool Suite Module Multiple Vulnerabilities
http://secunia.com/advisories/39884/

Drupal Simplenews Module Security Bypass Security Issue
http://secunia.com/advisories/39890/

Drupal User Queue Module Cross-Site Request Forgery
http://secunia.com/advisories/39886/

SyncBack Profile Import Buffer Overflow Vulnerability
http://secunia.com/advisories/39865/

IBM WebSphere Application Server File Disclosure Vulnerability
http://secunia.com/advisories/39838/

Drupal External Link Page Module Script Insertion
http://secunia.com/advisories/39888/

Drupal Rotor Banner Module Script Insertion Vulnerabilities
http://secunia.com/advisories/39883/

Drupal Heartbeat Module Script Insertion Vulnerabilities
http://secunia.com/advisories/39893/

Drupal CAPTCHA Module Script Insertion Vulnerability
http://secunia.com/advisories/39892/

Caucho Resin Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/39839/

Fedora update for krb5
http://secunia.com/advisories/39818/

Ubuntu update for krb5
http://secunia.com/advisories/39784/

Red Hat update for postgresql84
http://secunia.com/advisories/39898/

Red Hat update for postgresql
http://secunia.com/advisories/39820/

Java on Mac OS X Window Drawing Signedness Error Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/May/1024012.html

Java on Mac OS X Has Memory Access Error in Processing mediaLibImage Objects That Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/May/1024011.html

Ghostscript Stack Overflow in Parser Function Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/May/1024003.html

Novell Access Manager TLS/SSL Session Renegotiation Vulnerability
http://www.vupen.com/english/advisories/2010/1205

Cacti Multiple Parameter SQL and Command Injection Vulnerabilities
http://www.vupen.com/english/advisories/2010/1204

Cacti Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1203

PHP-Calendar "description" and "lastaction" Cross Site Scripting Issues
http://www.vupen.com/english/advisories/2010/1202

Caucho Resin Data Handling Cross Site Sripting Vulnerability
http://www.vupen.com/english/advisories/2010/1201

IBM WebSphere Application Server Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2010/1200

HP-UX NFS / ONCplus Unspecified Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/1199

Redhat Security Update Fixes PostgreSQL84 Two Vulnerabilities
http://www.vupen.com/english/advisories/2010/1198

Redhat Security Update Fixes PostgreSQL Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1197

Fedora Security Update Fixes krb5 Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1196

Mandriva Security Update Fixes Ghostscript Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1195

Mandriva Security Update Fixes MySQL Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/1194

Mandriva Security Update Fixes krb5 Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1193

Ubuntu Security Update Fixes krb5 Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/1192

ComponentOne VSFlexGrid v. 7 & 8 "Archive()" method Remote Buffer Overflow Exploit
http://www.exploit-db.com/exploits/12673

PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/40215

PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37973

gdomap Arbitrary Configuration File Line Count 'load_iface()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40062

gdomap Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/40005

Oracle Sun Ray Server Software CVE-2010-0888 Remote Device Services Vulnerability
http://www.securityfocus.com/bid/39420

IBM WebSphere Application Server Long Filename Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40277

Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935

MoinMoin Hierarchical ACL Security Bypass Vulnerability
http://www.securityfocus.com/bid/35277

ClamAV Security Bypass And Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/39262

Entry Level CMS 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38422

PostgreSQL 'RESET ALL' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/40304

Renista CMS 'Default.aspx' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40299

3Com Intelligent Management Center Multiple Vulnerabilities
http://www.securityfocus.com/bid/40298

Spaw Editor 'spawfm' Module Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/40295

Horde IMP Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40294

U.S.Robotics USR5463 Firmware 'setup_ddns.exe' HTML Injection Vulnerability
http://www.securityfocus.com/bid/40292

SquirrelMail 'mail_fetch' Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40291

Panels Module For Drupal Arbitrary PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/40286

Snipe Gallery 'cfg_admin_path' Parameter Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/40279

1 件のコメント:

Bouno Tokyo2010年6月1日 16:19
What's mean?
返信削除
返信

コメントを追加

登録: コメントの投稿 (Atom)