制御システムセキュリティの信頼性とセキュリティへの取組み強化への提言 ~「制御システムセキュリティの推進施策に関する調査報告書」の公開~
http://www.ipa.go.jp/security/fy21/reports/ics_sec/index.html
セミナー開催のお知らせ 「情報セキュリティ対策の自動化 SCAP」
http://www.ipa.go.jp/security/vuln/seminar/lab_semi_scap_2010.html
+ Courier-IMAP 4.8.0 released
http://www.courier-mta.org/download.php#imap
http://www.courier-mta.org/imap/changelog.html
+ GNU Glibc mntent Newline Processing Error Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/May/1024043.html
- VMSA-2010-0009 ESXi utilities and ESX Service Console third party updates
http://lists.vmware.com/pipermail/security-announce/2010/000093.html
UPDATE: MS10-020 - 緊急: SMB クライアントの脆弱性により、リモートでコードが実行される (980232)
http://www.microsoft.com/japan/technet/security/bulletin/MS10-020.mspx
Firefox 3.6.4 release candidate available for download and testing
http://developer.mozilla.org/devnews/index.php/2010/05/28/firefox-3-6-4-release-candidate-available-for-download-and-testing/
Squid 3.1.4 released
http://www.squid-cache.org/Versions/v3/3.1/RELEASENOTES.html
Linux Kernel release: 2.6.35-rc1
http://www.linux.org/news/2010/05/30/0001.html
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.35-rc1
Samba Team Blog #4
Web sites, Conferences and Coding
http://news.samba.org/
DBI-1.611_90 DEVELOPER RELEASE
http://search.cpan.org/~timb/DBI-1.611_90/
Groones Simple Contact Form (abspath) Remote File Inclusion Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00282.html
SQL injection vulnerability in ImpressPages CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00280.html
SQL injection vulnerability in ImpressPages CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00279.html
SQL injection vulnerability in ImpressPages CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00283.html
Re[2]: DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00277.html
CVE-2010-2020: FreeBSD kernel NFS client local vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00273.html
Administrivia: Real domain names in PoC/exploit examples
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00272.html
[Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00266.html
SQL injection in OSCommerce Add-On Visitor Web Stats
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00270.html
VMSA-2010-0009 ESXi ntp and ESX Service Console third party updates
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00269.html
[USN-945-1] ClamAV vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00268.html
Independent Researcher : SQL injection in OSCommerce Add-On Visitor Web Stats
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32726
MustLive : DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32724
VMware : ESXi ntp and ESX Service Console third party updates
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32723
ウイルス対策ソフト「Security Essentials」をかたる偽ソフト出現
偽警告でユーザーをだます、別のウイルスをダウンロードする機能も
http://itpro.nikkeibp.co.jp/article/NEWS/20100531/348636/?ST=security
JVNDB-2010-001476 Adobe Shockwave Player における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001476.html
JVNDB-2010-001475 Adobe Shockwave Player における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001475.html
JVNDB-2010-001474 Adobe Shockwave Player および Adobe Director における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001474.html
JVNDB-2010-001473 Adobe Shockwave Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001473.html
JVNDB-2010-001472 複数の Microsoft 製品の VBE6.DLL における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001472.html
JVNDB-2010-001471 複数の Microsoft 製品の inetcomm.dll における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001471.html
JVNDB-2009-002541 複数の日立製品におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002541.html
VMware ESX/ESXi Updates
http://isc.sans.org/diary.html?storyid=8872
How Do I Report Malicious Websites? Part 3
http://isc.sans.org/diary.html?storyid=8875
Rogue AV Indictment
http://isc.sans.org/diary.html?storyid=8869
Wireshark SMB file extraction plug-in
http://isc.sans.org/diary.html?storyid=8866
VMware vMA ISC BIND DNSSEC CNAME / DNAME and NXDOMAIN Cache Poisoning
http://secunia.com/advisories/39978/
VMware ESX gzip "unlzw()" Integer Underflow Vulnerability
http://secunia.com/advisories/39975/
VMware vMA Multiple krb5 Vulnerabilities
http://secunia.com/advisories/39977/
VMware vMA kernel Multiple Vulnerabilities
http://secunia.com/advisories/39920/
VMware ESXi update for ntp
http://secunia.com/advisories/39971/
VMware ESXi ntp Mode 7 Request Denial of Service
http://secunia.com/advisories/39972/
VMware ESX Multiple krb5 Vulnerabilities
http://secunia.com/advisories/39973/
VMware ESX GCC libtool Search Path Privilege Escalation Security Issue
http://secunia.com/advisories/39974/
VMware vMA OpenSSL "CRYPTO_free_all_ex_data()" Memory Leak Vulnerability
http://secunia.com/advisories/39976/
VMware vMA GCC libtool Search Path Privilege Escalation Security Issue
http://secunia.com/advisories/39979/
VMware vMA gzip "unlzw()" Integer Underflow Vulnerability
http://secunia.com/advisories/39980/
VMware vMA sudo Privilege Escalation Security Issues
http://secunia.com/advisories/39981/
MediaWiki Cross-Site Scripting and Cross-Site Request Forgery
http://secunia.com/advisories/39922/
Joomla Medi-QnA Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/39965/
Ubuntu update for clamav
http://secunia.com/advisories/39910/
Heimdal GSS-API and kdc NULL Pointer Dereferences Denial of Service
http://secunia.com/advisories/39953/
Core FTP Server / SFTP Server Directory Traversal Vulnerability
http://secunia.com/advisories/39921/
GNU Glibc ELF Header Validation Flaw Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/May/1024044.html
MySQL COM_FIELD_LIST Packet Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/May/1024033.html
MySQL Large Packet Processing Flaw in my_net_skip_rest() Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/May/1024032.html
MySQL COM_FIELD_LIST Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/May/1024031.html
GnuTLS Invalid Hash Algorithm Null Pointer Dereference Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/May/1024020.html
Adobe Photoshop CS4 Extended 11.0 ASL File Handling Remote Buffer Overflow PoC
http://securityreason.com/securityalert/7462
Microsoft Outlook Web Access (OWA) v8.2.254.0 Information Disclosure
http://securityreason.com/securityalert/7461
Orbit Downloader metalink "name" Directory Traversal
http://securityreason.com/securityalert/7460
Multiplatform View State Tampering Vulnerabilities
http://securityreason.com/securityalert/7459
RhinoSoft.com Serv-U 9.0.0.5 WebClient Remote Buffer Overflow
http://securityreason.com/securityalert/7458
Joomla Component com_konsultasi (sid) SQL Injection Vulnerability
http://securityreason.com/securityalert/7457
Joomla Component MS Comment 0.8.0 LFI Vulnerability
http://securityreason.com/securityalert/7456
DBCart (article.php) SQL Injection Vulnerability
http://securityreason.com/securityalert/7455
Joomla Component ActiveHelper LiveHelp 2.0.3 XSS Vulnerabilities
http://securityreason.com/securityalert/7454
Joomla Component FDione Form Wizard lfi vulnerability
http://securityreason.com/securityalert/7453
magnoware datatrack_system 3.5.8019.4 multiple vulns
http://securityreason.com/securityalert/7452
ECShop Search.php 2.7.2 SQL Injection Exploit
http://securityreason.com/securityalert/7451
Nginx 0.8.35 Space Character Remote Source Disclosure
http://www.exploit-db.com/exploits/12810
nginx [engine x] http server <= 0.6.36 Path Draversal http://www.exploit-db.com/exploits/12804
IP2location.dll v1.0.0.1 Function Initialize() Buffer Overflow
http://www.exploit-db.com/exploits/12803
FreeBSD Security Update Fixes nfsclient Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2010/1261
FreeBSD Security Update Fixes OPIE Off-by-one Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1260
OPIE "__opiereadrec()" Function Off-by-one Stack Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1259
Mandriva Security Update Fixes ClamAV Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/1258
Mandriva Security Update Fixes GTK+ Screensaver Bypass Weakness
http://www.vupen.com/english/advisories/2010/1257
Ubuntu Security Update Fixes ClamAV Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/1256
POE-Component-IRC '\r' Command Injection Vulnerability
http://www.securityfocus.com/bid/40114
Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
http://www.securityfocus.com/bid/39538
Core FTP Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/40422
Home FTP Server 'SITE INDEX' Command Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37033
nginx Directory Traversal Vulnerability
http://www.securityfocus.com/bid/40420
Ghostscript './Encoding/' Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40369
Home FTP Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/40419
GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37128
GNU gzip LZW Compression Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37886
GNU Tar and GNU Cpio Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38628
ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37865
ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118
MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities
http://www.securityfocus.com/bid/37749
pam_krb5 Existing/Non-Existing Username Enumeration Weakness
http://www.securityfocus.com/bid/35112
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/34256
OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31692
OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35174
OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35417
OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35138
OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/35001
Linux Kernel 2.4 and 2.6 Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36304
Linux e1000e Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/37523
Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/26943
Linux Kernel '/drivers/net/r8169.c' Out-of-IOMMU Error Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36706
Linux Kernel Do_Coredump Security Bypass Vulnerability
http://www.securityfocus.com/bid/21591
Red Hat Linux Kernel 'qla2xxx' DriverSecurity Bypass Vulnerability
http://www.securityfocus.com/bid/37876
Linux Kernel 'drivers/firewire/ohci.c' NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/37339
Linux kernel 'O_EXCL' NFSv4 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36472
Linux e1000 Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/37519
Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37068
Linux Kernel 'megaraid_sas' Driver Insecure File Permission Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37019
Red Hat Linux Kernel Routing Implementation Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/37875
NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37255
Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36936
Linux Kernel 64-bit Kernel Register Memory Leak Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36576
Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36639
Linux Kernel with SELinux 'mmap_min_addr' Low Memory NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36051
Linux Kernel 'fasync_helper()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37806
Linux Kernel RTL8169 NIC 'RxMaxSize' Frame Size Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37521
Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/36824
Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36901
Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723
Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36827
Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37069
MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40235
ImpressPages CMS 'admin.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/40431
My Car component for Joomla! Cross-Site Scripting and SQL-Injection Vulnerabilities
http://www.securityfocus.com/bid/40430
Reservations Joomla! Component 'namser' Parameter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/40429
VLC Media Player Multiple Media File Formats Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40428
Ghostscript Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/40426
osCommerce Visitor Web Stats Add-On 'Accept-Language' Header SQL Injection Vulnerability
http://www.securityfocus.com/bid/40425
MediaWiki CSS Input Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40423
Toronja CMS Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/40421
0 件のコメント:
コメントを投稿