定期サーバメンテナンスのお知らせ(2010年6月11日)
http://www.trendmicro.co.jp/support/news.asp?id=1418
「Trend Micro InterScan WebManager 6.5」サポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1414
JPCERT/CC WEEKLY REPORT 2010-06-02
http://www.jpcert.or.jp/wr/2010/wr102001.html
JVN#36925871 e-Pares におけるセッション固定の脆弱性
http://jvn.jp/jp/JVN36925871/index.html
JVN#82465391 e-Pares におけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN82465391/index.html
JVN#58439007 e-Pares におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN58439007/index.html
JVNDB-2010-000023 e-Pares におけるセッション固定の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000023.html
JVNDB-2010-000022 e-Pares におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000022.html
JVNDB-2010-000021 e-Pares におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000021.html
JVNDB-2010-001493 Adobe ColdFusion における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001493.html
JVNDB-2010-001492 Adobe ColdFusion の Administrator ページにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001492.html
JVNDB-2010-001491 Adobe ColdFusion におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001491.html
JVNDB-2010-001490 Adobe Shockwave Player の pami RIFF chunk 構文解析における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001490.html
JVNDB-2010-001489 Adobe Shockwave Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001489.html
JVNDB-2010-001488 Adobe Shockwave Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001488.html
JVNDB-2010-001229 OpenSSL における複数の関数に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001229.html
一太郎シリーズの脆弱性を悪用した標的型攻撃について
http://www.ipa.go.jp/security/topics/alert20100602.html
一太郎シリーズの脆弱性を悪用した標的型攻撃について
http://www.ipa.go.jp/security/topics/alert20100419.html
実例から分かる標的型攻撃メールの「違和感に気付くポイント」と「違和感に気付いた後の対策ポイント」
~「脆弱性を狙った脅威の分析と対策について Vol.3」の公開~
http://www.ipa.go.jp/security/vuln/report/newthreat201006.html
プレス発表
「一太郎シリーズ」におけるセキュリティ上の弱点(脆弱性)の注意喚起
http://www.ipa.go.jp/about/press/20100601.html
SPAM pretending to be from Habitat for Humanity
http://isc.sans.org/diary.html?storyid=8887
CompleteFTP Server Two Vulnerabilities
http://secunia.com/advisories/39852/
+ OpenSSL 0.9.8.o, 1.0.0a released
http://www.openssl.org/news/
http://www.openssl.org/news/changelog.html
+ Invalid ASN1 module definition for CMS.
http://www.openssl.org/news/secadv_20100601.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0742
+ Linux Kernel release: 2.6.32.15
http://www.linux.org/news/2010/06/01/0001.html
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.15
+ RHSA-2010:0449-1: Moderate: rhn-client-tools security update
http://rhn.redhat.com/errata/RHSA-2010-0449.html
http://www.securitytracker.com/id?1024049
http://www.securityfocus.com/bid/40492
+? Microsoft Internet Explorer CSS 'expression' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40487
++ HPSBUX02524 SSRT100089 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02122104
- Invalid Return value check in pkey_rsa_verifyrecover
http://www.openssl.org/news/secadv_20100601.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1633
- sudo 1.6.9p23, 1.7.2p7 released
http://www.sudo.ws/sudo/dist/?M=D
Postfix 2.7.1 stable release candidate 1
http://mirror.postfix.jp/postfix-release/official/postfix-2.7.1-RC1.HISTORY
Postfix 2.8 Snapshot 20100601
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.8-20100601.HISTORY
ウイルスバスター2010 および ウイルスバスター2009 プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1416
「一太郎」に新たな脆弱性、ファイルを開くだけで被害の恐れ
悪用ファイルが既に出現、アップデートモジュールの適用を
http://itpro.nikkeibp.co.jp/article/NEWS/20100602/348681/?ST=security
「緊急!社内のウイルス調査です」――新手のウイルスメールにご用心
添付された「マニュアル」がウイルス、展開・実行すると感染
http://itpro.nikkeibp.co.jp/article/NEWS/20100602/348748/?ST=security
JPCERT/CC Alert : 社内 PC のマルウエア感染調査を騙るマルウエア添付メールに関する注意喚起
http://www.jpcert.or.jp/at/2010/at100013.txt
JVN#17293765 一太郎シリーズにおける任意のコードが実行される脆弱性
http://jvn.jp/jp/JVN17293765/index.html
[Bkis-02-2010] Multiple Vulnerabilities in CMS Made Simple - Bkis
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00005.html
Applicure dotDefender 4.0 administrative interface cross site scripting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00025.html
ZDI-10-090: Novell ZENworks Configuration Management Preboot Service Remote Code Execution V
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00020.html
[ GLSA 201006-09 ] sudo: Privilege escalation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00023.html
[ GLSA 201006-08 ] nano: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00022.html
[ GLSA 201006-07 ] SILC: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00021.html
[ GLSA 201006-06 ] Transmission: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00018.html
[ GLSA 201006-05 ] Wireshark: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00019.html
[ GLSA 201006-04 ] xine-lib: User-assisted execution of arbitrary code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00017.html
[ GLSA 201006-03 ] ImageMagick: User-assisted execution of arbitrary code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00015.html
[ GLSA 201006-02 ] CamlImages: User-assisted execution of arbitrary code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00014.html
[ GLSA 201006-01 ] FreeType 1: User-assisted execution of arbitrary code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00011.html
SQL injection vulnerability in Ecomat CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00007.html
XSS vulnerability in Ecomat CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00008.html
Onapsis Research Labs: Onapsis Bizploit - The opensource ERP Penetration Testing framework
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00016.html
DoS vulnerability in Internet Explorer
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00006.html
PuTTY private key passphrase stealing attack
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00009.html
EnableSecurity : Applicure dotDefender 4.0 administrative interface cross site scripting
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32732
Independent Researcher : PuTTY private key passphrase stealing attack
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32731
Independent Researcher : Winamp v5.571 malicious AVI file handling DoS Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32733
Independent Researcher : DM Database Server Memory Corruption Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32740
Inj3ct0r Team : GR Board v1.8.6. (theme) Local File Inclusion Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32742
Icy Silence : Netgear WG602v4 Saved Pass Stack Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32729
Independent Researcher : Websense Enterprise 6.3.3 Policy Bypass
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32728
Inj3ct0r Team : GR Board v1.8.6.1 stab (page.php?theme) Remote File Inclusion Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32741
Securitylab.ir : Nginx 0.8.35 Space Character Remote Source Disclosure
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32737
MustLive : Vulnerability in ArtDesign CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32730
Census Labs : FreeBSD kernel NFS client local vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32734
Hewlett-Packard : HP-UX Running ONCplus rpc.pcnfsd, DoS, Increase in Privilege
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32738
High-Tech Bridge SA : SQL injection vulnerability in ImpressPages CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32735
Vulnerability Note VU#245081: Accoria Rock Web Server contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/245081
Red Hat Network Client Tools Lets Local Users Obtain RHN Access Password
http://securitytracker.com/alerts/2010/Jun/1024049.html
Websense 'Via:' Header Lets Remote Users Bypass Filtering and Monitoring
http://securitytracker.com/alerts/2010/Jun/1024048.html
SugarCRM Request Validation Flaw Permits Cross-Site Request Forgery Attacks
http://securitytracker.com/alerts/2010/Jun/1024047.html
Graviton Mediatech Visitor Logger "VL_include_path" Local File Inclusion
http://secunia.com/advisories/39999/
sblim-sfcb "Content-Length" Processing Two Vulnerabilities
http://secunia.com/advisories/40018/
Fedora update for liboggz
http://secunia.com/advisories/39989/
JustSystems Ichitaro Character Attributes Processing Vulnerability
http://secunia.com/advisories/40008/
Microsoft Internet Explorer TIME2 Behavior Remote Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5TP2X0A1PC.html
Employee Timeclock Software SQL Injection Vulnerabilities
http://www.securiteam.com/windowsntfocus/5RP2V0A1PQ.html
MIT krb5 SPNEGO Denial of Service Vulnerability
http://www.securiteam.com/unixfocus/5UP2Y0A1PA.html
Deliver Mail Delivery Multiple Race Condition Vulnerabilities
http://www.securiteam.com/unixfocus/5GP300A1PU.html
Apple Quicktime PICT Handling Heap Overflow Vulnerability
http://www.securiteam.com/securitynews/5SP2W0A1PE.html
e107 Multiple Remote File Inclusion and Cross Site Scripting Issues
http://www.vupen.com/english/advisories/2010/1297
Visitor Logger "VL_include_path" Remote File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/1296
MusicBox "id" and "start" Remote SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2010/1295
ImpressPages CMS Multiple Remote SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2010/1294
ArtDesign CMS "id" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1293
Speedy-Shop "idp" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1292
Groone Contact Form "abspath" Parameter File inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/1291
Quran Component for Joomla "surano" SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1290
Zeeways eBay Clone Auction "msg" Cross Site Sscripting Vulnerability
http://www.vupen.com/english/advisories/2010/1289
CMScout "search" Parameter Handling Cross Site Sscripting Vulnerability
http://www.vupen.com/english/advisories/2010/1288
Creato Script "id" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1287
Symphony CMS "mode" Parameter Local File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/1286
Nucleus Plugin NP_Gallery File inclusion and SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2010/1285
Nucleus Plugin NP_Twitter "DIR_PLUGINS" File inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/1284
JustSystems Ichitaro File Processing Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/1283
Joomla! Administrative Interface Multiple Cross Site Scripting Issues
http://www.vupen.com/english/advisories/2010/1282
IBM Lotus Connections Information Disclosure and Security Bypass
http://www.vupen.com/english/advisories/2010/1281
IBM DB2 Security Bypass and Information Disclosure Vulnerabilities
http://www.vupen.com/english/advisories/2010/1280
Fedora Security Update Fixes Kernel Two Local Vulnerabilities
http://www.vupen.com/english/advisories/2010/1279
Fedora Security Update Fixes httpd "mod_proxy_ajp" Vulnerabilities
http://www.vupen.com/english/advisories/2010/1278
Fedora Security Update Fixes LibOggz Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1277
OS X EvoCam Web Server Buffer Overflow Exploit 3.6.6 and 3.6.7
http://www.exploit-db.com/exploits/12835
Linux Kernel 'drivers/connector/connector.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38058
Red Hat Xen MMIO Instruction Decoder Local Guest Denial Of Service Vulnerability
http://www.securityfocus.com/bid/39979
Linux Kernel 'azx_position_ok()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38348
Linux Kernel 64bit Personality Handling Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38027
Linux Kernel 'dvb_net_ule()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38479
Ghostscript 'gs_init.ps' With '-P-' Flag Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40467
Todd Miller Sudo 'sudoedit' Path Resolution Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39468
GNU nano Multiple Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/39502
SILC Toolkit HTTP Server Format String Vulnerability
http://www.securityfocus.com/bid/36194
SILC Toolkit Encoded OID Format String Vulnerability
http://www.securityfocus.com/bid/36192
SILC Toolkit 'command.c' Multiple Format String Vulnerabilities
http://www.securityfocus.com/bid/36193
SILC Client Format String Vulnerability
http://www.securityfocus.com/bid/35940
Transmission Magnet Link Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38814
Wireshark DOCSIS Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/39950
Wireshark 0.9.0 through 1.2.4 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37407
xine-lib MP3 Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/32505
xine-lib 1.1.15 and Prior Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/30797
xine-lib 1.1.14 Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/30698
xine-lib STTS QuickTime Atom Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34384
xine-lib OGG Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/30699
FFmpeg 'libavformat/4xm.c' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/33502
ImageMagick TIFF File Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35111
FreeType LWFN Files Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/18034
FreeType TT_Load_Simple_Glyph() TTF File Integer Overflow Vulnerability
http://www.securityfocus.com/bid/24074
CamlImages JPEG Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36713
CamlImages PNG Image Parsing Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35556
CamlImages Image Parsing Multiple Heap Overflow Vulnerabilities
http://www.securityfocus.com/bid/35999
nginx Space String Remote Source Code Disclosure Vulnerability
http://www.securityfocus.com/bid/40434
JustSystems Ichitaro Character Attributes Processing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40472
Microsoft Windows Media Service Transport Information Packet Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39356
Accoria Rock Web Server Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/40498
Red Hat Client Tools 'loginAuth.pkl' Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/40492
ECOMAT 'index.php' SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/40491
EvoCam HTTP GET Request Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40489
Microsoft Internet Explorer CSS 'expression' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40487
dotDefender Log Viewer Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40484
CMS Made Simple Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/40483
Xftp 'LIST' Response Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40470
0 件のコメント:
コメントを投稿