サーバメンテナンスのお知らせ(2010年5月29日)
http://www.trendmicro.co.jp/support/news.asp?id=1419
米下院議員がGoogleに質問状、Street View撮影車両のデータ収集問題で
http://itpro.nikkeibp.co.jp/article/NEWS/20100528/348585/?ST=security
Defacements Statistics 2008 - 2009 - 2010 First quarter
http://www.zone-h.org/news/id/4735
+ FreeBSD-SA-10:04.jail: Insufficient environment sanitization in jail(8)
http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc
http://www.securitytracker.com/id?1024038
http://www.vupen.com/english/advisories/2010/1247
http://www.securityfocus.com/bid/40399
+ FreeBSD-SA-10:05.opie: OPIE off-by-one stack overflow
http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
http://secunia.com/advisories/39963/
http://securityreason.com/securityalert/7450
http://www.securitytracker.com/id?1024040
http://www.securityfocus.com/bid/40403
+ FreeBSD-SA-10:06.nfsclient: Unvalidated input in nfsclient
http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc
http://www.securitytracker.com/id?1024039
+- Linux Kernel 'knfsd' 'current->mm' Modifier Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/40377
Thunderbird 3.1 release candidate now available for download
http://www.mozillamessaging.com/en-US/about/press/archive/2010-05-27-01
http://www.mozillamessaging.com/en-US/thunderbird/3.1rc1/releasenotes/
Apache Tomcat Track at ApacheCon North America 2010
http://na.apachecon.com/c/acna2010/
jetty-7.1.3 released
http://svn.codehaus.org/jetty/jetty/branches/jetty-7/VERSION.txt
RHBA-2010:0445-1: nspluginwrapper bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0445.html
RHEA-2010:0444-1: Openswan enhancement update
http://rhn.redhat.com/errata/RHEA-2010-0444.html
RHBA-2010:0446-1: autofs bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0446.html
RHBA-2010:0447-1: gnupg bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0447.html
FreeBSD : jail
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32705
FreeBSD : opie
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32706
FreeBSD : nfsclient
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32707
FreeBSD : opie
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32708
Maksymilian Arciemowicz : libopie __readrec() off-by one (FreeBSD ftpd remote PoC)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32709
Cisco : Multiple Vulnerabilities in Cisco Network Building Mediator
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32704
EMC : EMC Avamar Denial Of Service Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32716
Hewlett-Packard : HP TestDirector for Quality Center running on AIX, Linux and Solaris, Remote Unauthorized Access
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32717
Hewlett-Packard : HP Business Availability Center Running Apache, Remote Cross Site Scripting (XSS), Cross Site Reques
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32718
JVNDB-2010-001470 TeX Live 2009 および teTeX の dvips における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001470.html
JVNDB-2007-001203 teTeX および TeXlive 2007 の hpc.c における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001203.html
JVNDB-2010-001469 dvipng および teTeX の set.c における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001469.html
JVNDB-2010-001363 IBM WebSphere Application Server における KeyRingPassword のパスワード情報が漏えいする脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001363.html
JVNDB-2010-001362 IBM WebSphere Application Server の管理コンソールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001362.html
JVNDB-2010-001361 IBM WebSphere Application Server におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001361.html
JVNDB-2010-001159 Apache HTTP Server の mod_isapi における脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001159.html
JVNDB-2009-001730 IBM WebSphere Application Server (WAS) の Administrative Console コンポーネントにおける WAS セッションの内容を読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001730.html
[ MDVSA-2010:110 ] clamav
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00263.html
[ MDVSA-2010:109 ] gtk+2.0
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00264.html
EUSecWest 2010 MiniCFP (conf Jun 16/17) and PacSec 2010 CFP (conf Nov 10/11, deadline July 30)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00262.html
Cross Site URL Hijacking by using Error Object in Mozilla Firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00261.html
FreeBSD Security Advisory FreeBSD-SA-10:06.nfsclient
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00260.html
FreeBSD Security Advisory FreeBSD-SA-10:05.opie
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00259.html
FreeBSD Security Advisory FreeBSD-SA-10:04.jail
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00258.html
Static analysis tool exposition (SATE) 2010 Call for participation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00255.html
Sasfis Propagation
http://isc.sans.org/diary.html?storyid=8860
How Do I Report Malicious Websites? Take 2
http://isc.sans.org/diary.html?storyid=8863
Brekeke PBX Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39952/
FreeBSD OPIE "__opiereadrec()" Off-by-One Vulnerability
http://secunia.com/advisories/39963/
OPIE "__opiereadrec()" Off-by-One Vulnerability
http://secunia.com/advisories/39966/
ZoneCheck CGI "ns" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39940/
Pacific Timesheet Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39951/
Cisco Network Building Mediator Products Multiple Vulnerabilities
http://secunia.com/advisories/39904/
MultiShop CMS SQL Injection Vulnerabilities
http://secunia.com/advisories/39958/
Drupal AddonChat Module Security Bypass and Script Insertion Vulnerabilities
http://secunia.com/advisories/39969/
Home FTP Server Web Interface Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/39950/
Drupal Scheduler Module Script Insertion Vulnerability
http://secunia.com/advisories/39947/
Fedora update for libprelude
http://secunia.com/advisories/39968/
libprelude libtool Search Path Privilege Escalation Security Issue
http://secunia.com/advisories/39924/
EMC Avamar TCP Packet Processing Denial of Service
http://secunia.com/advisories/39919/
Mozilla Firefox Error Handling Information Disclosure Vulnerability
http://secunia.com/advisories/39925/
Adobe Photoshop CS4 Multiple Vulnerabilities
http://secunia.com/advisories/39934/
Red Hat update for mysql
http://secunia.com/advisories/39915/
Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/39882/
Fedora update for kdenetwork
http://secunia.com/advisories/39917/
libopie __readrec() off-by one (FreeBSD ftpd remote PoC)
http://securityreason.com/securityalert/7450
Adobe Photoshop ASL, ABR, and GRD File Processing Flaws Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/May/1024042.html
OPIE Off-by-One Buffer Overflow Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/May/1024040.html
FreeBSD Parameter Validation Flaw in nfsclient Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/May/1024039.html
FreeBSD jail() Lets Local Users Access Restricted Files
http://securitytracker.com/alerts/2010/May/1024038.html
Google Chrome Multiple Flaws Let Remote Users Spoof URLs, Cause Memory Errors, Bypass the Plugin Blocker Whitelist, and Execute Javascript With Elevated Privileges
http://securitytracker.com/alerts/2010/May/1024037.html
Cisco Network Building Mediator Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/1255
Google Chrome Memory Corruption and Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/1254
EMC Avamar TCP Packets Processing Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1253
Adobe Photoshop CS Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1252
Python "audioop" Module Multiple Integer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/1251
Python "rgbimg" Module Multiple Buffer and Integer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/1250
Redhat Security Update Fixes MySQL Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/1249
Fedora Security Update Fixes KDE KGet Two Vulnerabilities
http://www.vupen.com/english/advisories/2010/1248
FreeBSD Security Update Fixes "jail" Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/1247
Ubuntu Security Update Fixes GNU C Library Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1246
Mandriva Security Update Fixes Kolab Unspecified Vulnerability
http://www.vupen.com/english/advisories/2010/1245
Microsoft Internet Explorer Uninitialized Memory (CVE-2010-0267) Memory Corruption Vulnerability
2010-05-27
http://www.securityfocus.com/bid/39023
ClamAV 'parseicon()' Denial Of Service Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40318
ClamAV 'cli_pdf()' PDF File Processing Denial Of Service Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40317
gnome-screensaver Unlock Dialog Race Condition Lock Bypass Vulnerability
2010-05-27
http://www.securityfocus.com/bid/38211
Ghostscript './Encoding/' Search Path Local Privilege Escalation Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40369
GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
2010-05-27
http://www.securityfocus.com/bid/37128
BackLinkSpider Multiple Cross Site Scripting Vulnerabilities
2010-05-27
http://www.securityfocus.com/bid/40400
Medi-QnA Joomla! Component 'controller' Parameter Local File Include Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40412
FreeBSD OPIE '__opiereadrec()' Off By One Heap Memory Corruption Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40403
Mozilla Firefox Error Handling Information Disclosure Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40401
FreeBSD jail(8) Local Security Bypass Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40399
BackLinkSpider 'cat_id' Parameter SQL Injection Vulnerability
2010-05-27
http://www.securityfocus.com/bid/40398
KDE KGet Security Bypass and Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/40141
Adobe Photoshop Multiple File Types Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/40389
IBM Communications Server for AIX Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40372
Oracle MySQL DROP TABLE MyISAM Symbolic Link Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/40257
Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40106
Oracle MySQL 'COM_FIELD_LIST' Command Packet Security Bypass Vulnerability
http://www.securityfocus.com/bid/40109
HP OpenView Network Node Manager 'getnnmdata.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40070
HP OpenView Network Node Manager 'getnnmdata.exe' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40071
Kolab Groupware Server Image Upload Form Unspecified Vulnerability
http://www.securityfocus.com/bid/37465
Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/26838
Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/27234
Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/30560
Apache 'mod_proxy_balancer' Multiple Vulnerabilities
http://www.securityfocus.com/bid/27236
Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/27237
Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
http://www.securityfocus.com/bid/29653
Brekeke PBX 'pbx/gate' Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/40407
Home FTP Server Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/40405
ZoneCheck 'zc.cgi' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40404
MultiShopCMS Multi Vendor Mall Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/40402
Drupal AddonChat Module Privilege Escalation and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/40393
Drupal Scheduler Module Description HTML Injection Vulnerability
http://www.securityfocus.com/bid/40392
EMC Avamar 'gsan' Service Denial of Service Vulnerability
http://www.securityfocus.com/bid/40390
Multi Shop CMS 'pages.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40388
Cisco Network Building Mediator CVE-2010-0597 Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40386
Cisco Network Building Mediator XML RPC Communication Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40385
Cisco Network Building Mediator System Configuration File Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40384
Cisco Network Building Mediator CVE-2010-0596 Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40383
Cisco Network Building Mediator HTTP Communication Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40382
md5 Encryption Decryption PHP Script 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40381
Cisco Network Building Mediator Default Credentials Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/40380
Linux Kernel 'knfsd' 'current->mm' Modifier Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/40377
What's mean?
返信削除