米国防総省、米軍サイバー対策を統括する司令部を設立
http://itpro.nikkeibp.co.jp/article/NEWS/20100524/348338/?ST=security
+ MOPS-2010-036: PHP htmlentities() and htmlspecialchars() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/21/mops-2010-036-php-htmlentities-and-htmlspecialchars-interruption-information-leak-vulnerability/
+ MOPS-2010-037: PHP str_getcsv() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/21/mops-2010-037-php-str_getcsv-interruption-information-leak-vulnerability/
+ MOPS-2010-038: PHP http_build_query() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/21/mops-2010-038-php-http_build_query-interruption-information-leak-vulnerability/
+ MOPS-2010-039: PHP strpbrk() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/21/mops-2010-039-php-strpbrk-interruption-information-leak-vulnerability/
+ MOPS-2010-040: PHP strtr() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/21/mops-2010-040-php-strtr-interruption-information-leak-vulnerability/
+ GCC 4.3.5 has been released.
http://gcc.gnu.org/ml/gcc/2010-05/msg00435.html
http://gcc.gnu.org/gcc-4.3/changes.html#4.3.5
+ Multiple Vendor 'rpc.pcnfsd' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40248
http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html
+ Sun Solaris 'in.ftpd' Long Command Handling Security Vulnerability
http://www.securityfocus.com/bid/40320
+ Sun Solaris Nested Directory Tree Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/40319
++ Sun Solaris Multiple libc Numeric Conversion Functions Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40329
- jetty-7.1.2 released
http://svn.codehaus.org/jetty/jetty/branches/jetty-7/VERSION.txt
- Sysstat 9.1.2 released (development version)
http://pagesperso-orange.fr/sebastien.godard/
- Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/40327
DA-SOFT AnyDAC 3.0.1 released
http://www.postgresql.org/about/news.1207
RHBA-2010:0431-1: device-mapper bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0431.html
RHBA-2010:0433-1: lvm2 bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0433.html
Document ID: 354616: Why do we have to enter credentials after selecting "Connect Using: Logged On User on this computer"
http://seer.entsupport.symantec.com/docs/354616.htm
Document ID: 354615: Procedures for testing the new Symantec EMEA ftp server, ftpemea.symantec.com -- Automated Perl script -- zip format
http://seer.entsupport.symantec.com/docs/354615.htm
Document ID: 354609: Procedures for testing the new Symantec EMEA ftp server, ftpemea.symantec.com -- Testing procedure
http://seer.entsupport.symantec.com/docs/354609.htm
Document ID: 354607: Procedures for testing the new Symantec EMEA ftp server, ftpemea.symantec.com -- Automated Perl script -- gz format
http://seer.entsupport.symantec.com/docs/354607.htm
Document ID: 354495: Procedures for testing the new Symantec EMEA ftp server, ftpemea.symantec.com
http://seer.entsupport.symantec.com/docs/354495.htm
Mandriva : dovecot
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32651
Independent Researcher : XSS bug in US Robotics firmware USR5463-v0_06.bin
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32652
「不審なメールが届きました」、偽の報告でウイルスサイトに誘導
金融機関のセキュリティ担当者を狙った新たな攻撃が米国で確認
http://itpro.nikkeibp.co.jp/article/NEWS/20100524/348336/?ST=security
JVN#90248889 Interstage Application Server におけるリクエスト処理に関する脆弱性
http://jvn.jp/jp/JVN90248889/index.html
JVN#92854093 Movable Type におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN92854093/index.html
JVN#82749282 CapsSuite Small Edition PatchMeister におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN82749282/index.html
JVNVU#545953 複数のアンチウィルス製品に脆弱性
http://jvn.jp/cert/JVNVU545953/index.html
JVN#90872372 WebSAM DeploymentManager におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN90872372/index.html
JVNDB-2010-001301 Linux Kernel の gfs2_lock または gfs_lock 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001301.html
JVNDB-2010-001300 Linux kernel の net/ipv4/tcp_input.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001300.html
JVNDB-2010-001148 sudo における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001148.html
JVNDB-2009-002530 Linux kernel の ext4_fill_flex_info 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002530.html
JVNDB-2009-002529 Linux kernel の mac80211 サブシステムにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002529.html
JVNDB-2010-001452 sudo における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001452.html
JVNDB-2010-001451 Linux SCSI target framework および iSCSI Enterprise Target におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001451.html
JVNDB-2010-001450 Wireshark の LWRES 解析部におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001450.html
JVNDB-2009-002539 Wireshark の SMB および SMB2 解析部におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002539.html
JVNDB-2009-002538 Wireshark の DCERPC/NT 解析部におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002538.html
[USN-942-1] PostgreSQL vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00188.html
PR10-03: Authenticated Cross-Site Scripting (XSS) within the Apache Axis2 administration con
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00193.html
[ MDVSA-2010:104 ] dovecot
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00183.html
Month of PHP Security - Summary - 11st May - 21th
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00189.html
Cacti Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00184.html
PHP-Calendar "description" and "lastaction" Cross Site Scripting Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00187.html
HP-UX, IBM AIX, SGI IRIX Remote Vulnerability - CVE-2010-1039
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00194.html
[ MDVSA-2010:103 ] postgresql
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00190.html
Microsoft Outlook Web Access (OWA) v8.2.254.0 "id" parameter Information Disclosure Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00191.html
OSSTMM 3 based Home Security Vacation Guide v.2!
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00192.html
XSS vulnerability in LiSK CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00182.html
Mastering Trust in Security Assessments
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00186.html
XSRF (CSRF) in NPDS REvolution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00197.html
SQL injection vulnerability in LiSK CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00198.html
SQL injection vulnerability in LiSK CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00196.html
XSS vulnerability in gpEasy CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00195.html
XSRF (CSRF) in ocPortal
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00181.html
Vulnerability in widget Flash Tag Cloud for Blogsa and other ASP.NET engines
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00180.html
XSS vulnerability in LiSK CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00179.html
Multiple vulnerabilities within 3Com* iMC (Intelligent Management Center)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00178.html
e-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.
http://isc.sans.org/diary.html?storyid=8842
Oracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability
http://isc.sans.org/diary.html?storyid=8845
SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
http://isc.sans.org/diary.html?storyid=8839
IBM distributes malware at AusCERT!
http://isc.sans.org/diary.html?storyid=8827
2010 Digital Forensics and Incident Response Summit
http://isc.sans.org/diary.html?storyid=8830
Clam AntiVirus PDF File Processing Error Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/May/1024017.html
IBM AIX Integer Overflow in rpc.pcnfsd Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/May/1024016.html
Microsoft Windows Movie Maker and Microsoft Producer IsValidWMToolsStream() Heap Overflow
http://www.securiteam.com/windowsntfocus/5WP3J0A1FA.html
Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability
http://www.securiteam.com/windowsntfocus/5XP3K0A1FC.html
Microsoft Office Excel Record Processing Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5YP3L0A1FE.html
Cisco Digital Media Manager Privilege Escalation Vulnerability
http://www.securiteam.com/securitynews/5TP3G0A1FQ.html
Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability
http://www.securiteam.com/securitynews/5UP3H0A1FE.html
Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability
http://www.securiteam.com/securitynews/5VP3I0A1FC.html
ClamAV PDF Processing Denial of Service Vulnerability
http://secunia.com/advisories/39895/
Hitachi TP1/Message Control Denial of Service Vulnerability
http://secunia.com/advisories/39897/
Lisk CMS Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/39912/
SnugServer FTP Directory Traversal Vulnerability
http://secunia.com/advisories/39866/
FileCOPA Directory Traversal Vulnerability
http://secunia.com/advisories/39843/
Joomla Percha Multicategory Article Component "controller" File Inclusion
http://secunia.com/advisories/39843/
3Com Intelligent Management Center Multiple Vulnerabilities
http://secunia.com/advisories/39891/
TeamViewer Denial of Service Vulnerability
http://secunia.com/advisories/39869/
IBM AIX "rpc.pcnfsd" Integer Overflow Vulnerability
http://secunia.com/advisories/39911/
Ubuntu update for moin
http://secunia.com/advisories/39887/
Fedora update for gnustep-base
http://secunia.com/advisories/39846/
3Com Intelligent Management Center (IMC) Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1210
Fedora Security Update Fixes GNUstep Base "gdomap" Vulnerabilities
http://www.vupen.com/english/advisories/2010/1209
Ubuntu Security Update Fixes MoinMoin Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/1208
Mandriva Security Update Fixes PostgreSQL Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1207
Mandriva Security Update Fixes ClamAV Two Vulnerabilities
http://www.vupen.com/english/advisories/2010/1206
Kingsoft WebShield KAVSafe.sys <= 2010.4.14.609(2010.5.23) Kernel Mode Local Priv. Escalation http://www.exploit-db.com/exploits/12710
W3C Amaya HTML 'script' Tag Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34295
Oracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39077
PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/40215
Triburom 'forum.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40316
Horde IMP Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40294
SquirrelMail 'mail_fetch' Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40291
Snipe Gallery 'cfg_admin_path' Parameter Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/40279
Multiple Vendor 'rpc.pcnfsd' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40248
ConPresso CMS 'firma.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40335
PHP-Calendar Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/40334
SolarWinds TFTP Server 'Read' Request (Opcode 0x01) Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40333
Cacti Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/40332
Sun Solaris Multiple libc Numeric Conversion Functions Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40329
Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/40327
Specialized Data Systems Parent Connect Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/40324
Sun Solaris 'in.ftpd' Long Command Handling Security Vulnerability
http://www.securityfocus.com/bid/40320
Sun Solaris Nested Directory Tree Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/40319
SnugServer FTP Directory Traversal Vulnerability
http://www.securityfocus.com/bid/40313
FileCOPA FTP Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/40312
Rumba FTP Client 'FTPSFtp.dll' ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40309
Joomla Component BeeHeard Lite Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7413
Joomla Component Gadget Factory Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7412
Joomla Component Love Factory Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7411
GSS-API lib null pointer deref
http://securityreason.com/securityalert/7410
Joomla Component Deluxe Blog Factory Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7409
Opencimetiere 2.01 Multiple Remote File Include Vulnerability
http://securityreason.com/securityalert/7408
aria2 metalink "name" Directory Traversal Vulnerability
http://securityreason.com/securityalert/7407
KDE KGet Insecure File Operation Vulnerability
http://securityreason.com/securityalert/7406
KDE KGet metalink "name" Directory Traversal Vulnerability
http://securityreason.com/securityalert/7405
Free Download Manager metalink "name" Directory Traversal
http://securityreason.com/securityalert/7404
Free Download Manager Four Buffer Overflow Vulnerabilities
http://securityreason.com/securityalert/7403
HP Insight Control Server Remote Cross Site Scripting (XSS)
http://securityreason.com/securityalert/7402
HP Systems Insight Manager Remote Unauthorized Access
http://securityreason.com/securityalert/7401
HP MFP Digital Sending Software Win Local Unauthorized Access
http://securityreason.com/securityalert/7400
HP OpenView Network Node Manager Arbitrary Code
http://securityreason.com/securityalert/7399
Adobe Shockwave Player 11.5.6.606 (DIR) Multiple Memory Vulnerabilities
http://securityreason.com/securityalert/7398
Openpresse 1.01 Local File Include Vulnerability
http://securityreason.com/securityalert/7397
OpenCominterne 1.01 Local File Include Vulnerability
http://securityreason.com/securityalert/7396
eFront ask_chat.php SQL Injection Vulnerability
http://securityreason.com/securityalert/7395
Openplanning 1.00 (RFI/LFI) Multiple File Include Vulnerability
http://securityreason.com/securityalert/7394
Openannuaire Openmairie Annuaire 2.00 (RFI/LFI) Multiple File Include Vulnerability
http://securityreason.com/securityalert/7393
CMS Made Simple backend cross site scripting (XSS)
http://securityreason.com/securityalert/7392
Web 2.0 Social Network Freunde Community System SQL Injection Vulnerability
http://securityreason.com/securityalert/7391
tekno.Portal v 0.1b (makale.php id) SQL Injection Vulnerability
http://securityreason.com/securityalert/7390
Opencourrier 2.03beta (RFI/LFI) Multiple File Include Vulnerability
http://securityreason.com/securityalert/7389
Consona Products - Multiple vulnerabilities
http://securityreason.com/securityalert/7388
pmwiki 2.2.15 persistent cross site scripting (XSS)
http://securityreason.com/securityalert/7387
Joomla Component OrgChart 1.0.0 Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7386
Joomla Component JTM Reseller SQL injection vulnerability
http://securityreason.com/securityalert/7385
Yahoo Answers Clone Remote XSS Vulnerabilities
http://securityreason.com/securityalert/7384
Hitron Soft Answer Me Version 1.0 Remote XSS Vulnerabilities
http://securityreason.com/securityalert/7383
Nasim Guest Book Version 1.2 Remote XSS Vulnerabilities
http://securityreason.com/securityalert/7382
FlashCard 3.0.1 XSS Vulnerability
http://securityreason.com/securityalert/7381
Joomla Component Jvehicles (aid) SQL Injection Vulnerability
http://securityreason.com/securityalert/7380
AJ Shopping Cart v1.0 (maincatid) SQL Injection Vulnerability
http://securityreason.com/securityalert/7379
Simple Search 1.0 Remote XSS Vulnerability
http://securityreason.com/securityalert/7378
SupportPRO SupportDesk 3.0 Remote XSS URI Vulnerabilities
http://securityreason.com/securityalert/7377
Directory Escort script (Search) Xss vulnerability
http://securityreason.com/securityalert/7376
Sun Solaris 10 libc/*convert (*cvt) buffer overflow
http://securityreason.com/securityalert/7375
Sun Solaris 10 filesystem rm(1),find(1),etc, Denial-of-service
http://securityreason.com/securityalert/7374
Sun Solaris 10 ftpd Cross-site request forgery
http://securityreason.com/securityalert/7373
Online Work Order Suite ASP 3.10 Remote XSS Vulnerabilities
http://securityreason.com/securityalert/7372
Joomla Component SMEStorage 1.0 Local File Inclusion
http://securityreason.com/securityalert/7371
Pay Per Watch & Bid Auktions System BLIND SQL Injection auktion.php (id_auk)
http://securityreason.com/securityalert/7370
RepairShop2 - cross site scripting ( XSS )
http://securityreason.com/securityalert/7369
PHP Photo Vote 1.3F Remote XSS Vulnerabilities
http://securityreason.com/securityalert/7368
scripts oldguy talkback 2.3.14 LFI
http://securityreason.com/securityalert/7367
PHP Easy Shopping Cart 3.1R Remote XSS Vulnerabilities
http://securityreason.com/securityalert/7366
openMairie Openregistrecil 1.02 (RFI/LFI) Multiple File Include Vulnerability
http://securityreason.com/securityalert/7365
60cycleCMS v2.5.2 (DOCUMENT_ROOT) Multiple Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7364
fetchmail Denial of service in debug mode w/ multichar locales
http://securityreason.com/securityalert/7363
ToutVirtual VirtualIQ Multiple Vulnerabilities
http://securityreason.com/securityalert/7362
Openfoncier 2.00 (RFI/LFI) Multiple File Include Vulnerability
http://securityreason.com/securityalert/7361
Drupal 6.16 with Context 6.x-2.0-rc3 XSS
http://securityreason.com/securityalert/7360
0 件のコメント:
コメントを投稿