- UPDATE: マイクロソフト セキュリティ アドバイザリ (2219475): Windows のヘルプとサポート センターの脆弱性により、リモートでコードが実行される
http://www.microsoft.com/japan/technet/security/advisory/2219475.mspx
- HP-UX running AudFilter rules enabled Local Denial of Service Vulnerability
http://www.securiteam.com/unixfocus/5VP36001PO.html
- Redhat Security Update Fixes Flash Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1432
http://secunia.com/advisories/40225/
Mozilla Developer Preview (1.9.3 alpha) Alpha 5 released
http://www.mozilla.org/projects/devpreview/releasenotes/
Debian : New cacti packages fix SQL injection
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32884
Independent Researcher : Yahoomail Dom Based XSS Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32887
Independent Researcher : UnrealIRCd 3.2.8.1 backdoored on official ftp and site: ABunreal.py
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32890
Kingcope : Remote Poison null byte Zero-Day
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32889
CERT : Adobe Flash and AIR Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32886
High-Tech Bridge SA : SQL injection vulnerability in MODx CMS and Application Framework
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32888
Independent Researcher : httpd Timeout detection flaw (mod_proxy_http)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32882
「ワールドカップを無料配信中!」――アクセスしたらワンクリ詐欺
日本語の迷惑メールで誘導、ウイルスを使って画面上に料金請求
http://itpro.nikkeibp.co.jp/article/NEWS/20100615/349171/?ST=security
JVNDB-2010-001330 Oracle Sun Java が Java アプレットの署名を正しく検証しない脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001330.html
JVNDB-2010-001326 複数の Oracle 製品の Pack200 コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001326.html
JVNDB-2010-001324 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001324.html
JVNDB-2010-001321 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001321.html
JVNDB-2010-001316 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001316.html
JVNDB-2010-001313 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001313.html
JVNDB-2010-001311 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001311.html
JVNDB-2010-001310 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001310.html
JVNDB-2010-001309 複数の Oracle 製品の Java Web Start または Java Plug-in コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001309.html
JVNDB-2010-001308 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001308.html
JVNDB-2010-001520 Groupmax World Wide Web Desktop におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001520.html
JVNDB-2010-001519 Hitachi Web Server の SSL クライアント認証における CRL 失効確認不可の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001519.html
JVNDB-2010-001518 TP1/Message Control におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001518.html
JVNDB-2010-001517 CA XOsoft におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001517.html
JVNDB-2010-001516 CA XOsoft における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001516.html
JVNDB-2010-001515 CA XOsoft におけるユーザ名を列挙される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001515.html
Python on a microcontroller?
http://isc.sans.edu/diary.html?storyid=8980
Small lot of Olympus Stylus Tough 6010 shipped with malware
http://isc.sans.edu/diary.html?storyid=8983
Rogue facebook application acting like a worm
http://isc.sans.edu/diary.html?storyid=8986
CubeCart PHP Free & Commercial Shopping Cart Application SQL Injection
http://securityreason.com/securityalert/7496
Apache mod_proxy_http May Return Results for a Different Request
http://securitytracker.com/alerts/2010/Jun/1024096.html
Apple QuickTime genl Atom Code Execution Vulnerability
http://www.securiteam.com/securitynews/5GP3A001PU.html
Mozilla Firefox Web Worker Array Code Execution Vulnerability
http://www.securiteam.com/securitynews/5IP3C001PW.html
Microsoft IE Tabular Data Control ActiveX Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5YP39001PM.html
HP-UX running AudFilter rules enabled Local Denial of Service Vulnerability
http://www.securiteam.com/unixfocus/5VP36001PO.html
Apache CouchDB Timing Attack Vulnerability
http://www.securiteam.com/securitynews/5WP37001PE.html
Sun Java JDK JRE AWT Library Invalid Pointer Vulnerability
http://www.securiteam.com/securitynews/5XP38001PC.html
Apple Safari ColorSync Profile Integer Overflow Vulnerability
http://www.securiteam.com/securitynews/5KP3E001PK.html
Mozilla Firefox nsTreeContentView Dangling Pointer Code Execution Vulnerability
http://www.securiteam.com/securitynews/5JP3D001PG.html
Apple OS X Internet Enabled Disk Image Code Execution Vulnerability
http://www.securiteam.com/securitynews/5HP3B001PK.html
Site para Restaurante - Chef - Gastronomia SQL Injection and Inclusion
http://www.vupen.com/english/advisories/2010/1445
ardeaCore "pathForArdeaCore" Remote File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/1444
Development Site Professional Liberal SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1443
Site to Store Automobile - Motorcycle - Boat SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1442
Site for Real Estate "imovelfor_id" and "id" SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2010/1441
Parallels System Automation "locale" Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2010/1440
IBM Java Security Update Fixes Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1439
Sourcefire 3D Sensor and Defense Center Static SSL Keys Vulnerability
http://www.vupen.com/english/advisories/2010/1438
UnrealIRCd "DEBUG3_DOLOG_SYSTEM" Command Execution
http://www.vupen.com/english/advisories/2010/1437
Apache "mod_proxy_http" Timeout Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2010/1436
LibTIFF Security Update Fixes Multiple Integer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/1435
SuSE Security Update Fixes Flash Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1434
Debian Security Update Fixes Cacti SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1433
Redhat Security Update Fixes Flash Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1432
MODx "id" SQL Injection Vulnerability
http://secunia.com/advisories/40227/
MODx "a" SQL Injection Vulnerability
http://secunia.com/advisories/40222/
Avaya CallPilot Unified Messaging NMWebInst ActiveX "InstallFrom()" Vulnerability
http://secunia.com/advisories/40184/
VU Web Visitor Analyst "password" SQL Injection
http://secunia.com/advisories/40176/
Debian update for cacti
http://secunia.com/advisories/40164/
Yamamah "download" File Disclosure Vulnerability
http://secunia.com/advisories/40150/
Kodak Ofoto Upload Manager ActiveX Buffer Overflow Vulnerabilities
http://secunia.com/advisories/40119/
Kodak Gallery Easy Upload ActiveX Unspecified Vulnerability
http://secunia.com/advisories/40071/
Power Tab Editor Power Tab Score File Processing Vulnerability
http://secunia.com/advisories/40216/
VideoWhisper PHP 2 Way Video Chat "r" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/40193/
IBM Java Multiple Vulnerabilities
http://secunia.com/advisories/40057/
Email Image Upload Arbitrary File Upload Vulnerability
http://secunia.com/advisories/40201/
Sourcefire 3D SSL Keys Security Issue
http://secunia.com/advisories/40143/
Collabtive Multiple Vulnerabilities
http://secunia.com/advisories/40178/
Zincksoft Property Listing Script "PID" SQL Injection Vulnerability
http://secunia.com/advisories/40203/
Parallels System Automation "locale" Local File Inclusion
http://secunia.com/advisories/40191/
DaLogin SQL Injection and Script Insertion Vulnerabilities
http://secunia.com/advisories/40204/
LiteSpeed Web Server Script Source Code Information Disclosure
http://secunia.com/advisories/40128/
Document Library "intGroupID" SQL Injection Vulnerability
http://secunia.com/advisories/40160/
SUSE update for flash-player
http://secunia.com/advisories/40226/
Red Hat update for flash-plugin
http://secunia.com/advisories/40225/
LibTIFF Integer Overflow Vulnerabilities
http://secunia.com/advisories/40181/
Apache httpd mod_proxy_http Timeout Handling Information Disclosure
http://secunia.com/advisories/40206/
[MajorSecurity SA-073]Subdreamer CMS - SQL injection vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00150.html
Cherokee Web Server 0.5.3 Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00145.html
[ MDVSA-2010:116 ] perl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00147.html
HLstatsX CE 'hlstats.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40368
Joomla! 'com_videowhisper_2wvc' Component Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40828
DJ Studio Pro '.pls' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40144
UnrealIRCd Backdoor Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/40820
Microsoft Windows Help And Support Center Trusted Document Whitelist Bypass Vulnerability
http://www.securityfocus.com/bid/40725
Yamamah 'calbums' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39690
Perl 'rmdir()' Local Race Condition Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/12767
Perl Safe Module 'reval()' and 'rdo()' CVE-2010-1447 Restriction-Bypass Vulnerabilities
http://www.securityfocus.com/bid/40305
Perl Safe Module 'reval()' and 'rdo()' Restriction-Bypass Vulnerabilities
http://www.securityfocus.com/bid/40302
Digital Interchange Document Library 'view_group.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40819
WebKit SVG Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40657
VUNET Mass Mailer 'default.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/26522
VUNET Case Manager 'default.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/26523
Impact PDF Reader For The iPhone/iPod Touch 'POST' Method Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40858
QuickOffice Malformed HTTP Request Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40857
Joke Website Script 'search.php' Input Validation Vulnerability
http://www.securityfocus.com/bid/40855
Membership Site Script 'view.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40854
E-Book Store 'search.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40853
XnView MBM File Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40852
Daily Inspirational Quotes Script SQL Injection Vulnerability
http://www.securityfocus.com/bid/40850
Subdreamer CMS 'admin/pages.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40849
pyftpd Log File Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/40842
MODx 'index.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/40841
pyftpd Remote Default Account Vulnerabilities
http://www.securityfocus.com/bid/40839
W3M NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/40837
UTStats Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/40836
VideoWhisper PHP 2 Way Video Chat 'r' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40832
Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40831
Yamamah Photo Gallery 'download.php' Local File Disclosure Vulnerability
http://www.securityfocus.com/bid/40834
Real-time ASP Calendar 'calendar.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40830
Digital Interchange Calendar 'index.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40829
Pre Classified Listings 'siteid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/40817
LiteSpeed Web Server Source Code Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40815
PHP Planner SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/40846
BrightSuite Groupware 'contact_list_mail_form.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40845
Yamamah Photo Gallery SQL Injection and Source Code Disclosure Vulnerabilities
http://www.securityfocus.com/bid/40835
CP3 Studio '.cp3' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40833
SolarWinds TFTP Server Write Request Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40824
Media Player Classic '.mpcpl' File Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40821
Collabtive 'uid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/40818
by the way ...
返信削除