+ RHSA-2010:0501-1: Critical: firefox security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2010-0501.html
+ RHSA-2010:0499-1: Critical: seamonkey security update
http://rhn.redhat.com/errata/RHSA-2010-0499.html
+ RHSA-2010:0500-1: Critical: firefox security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2010-0500.html
Firefox 3.6.4 with Crash Protection Now Available
http://developer.mozilla.org/devnews/index.php/2010/06/22/firefox-3-6-4-with-crash-protection-now-available/
MFSA 2010-33 User tracking across sites using Math.random()
http://www.mozilla.org/security/announce/2010/mfsa2010-33.html
MFSA 2010-32 Content-Disposition: attachment ignored if Content-Type: multipart also present
http://www.mozilla.org/security/announce/2010/mfsa2010-32.html
MFSA 2010-31 focus() behavior can be used to inject or steal keystrokes
http://www.mozilla.org/security/announce/2010/mfsa2010-31.html
MFSA 2010-30 Integer Overflow in XSLT Node Sorting
http://www.mozilla.org/security/announce/2010/mfsa2010-30.html
MFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
http://www.mozilla.org/security/announce/2010/mfsa2010-29.html
MFSA 2010-28 Freed object reuse across plugin instances
http://www.mozilla.org/security/announce/2010/mfsa2010-28.html
MFSA 2010-27 Use-after-free error in nsCycleCollector::MarkRoots()
http://www.mozilla.org/security/announce/2010/mfsa2010-27.html
MFSA 2010-26 Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10)
http://www.mozilla.org/security/announce/2010/mfsa2010-26.html
HPSBUX02531 SSRT100108 rev.1 - HP-UX Apache-based Web Server、リモートサービス拒否 (DoS)、不正アクセス
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02257797&docLocale=ja_JP&admit=109447626+1277251110621+28353475
HPSBUX02524 SSRT100089 rev.1 - Javaを実行するHP-UX、任意コードのリモート実行、情報開示、その他の脆弱性
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02257796
HPSBUX02523 SSRT100036 rev.2 - ONCplus rpc.pcnfsdを実行するHP-UX、リモートサービス拒否 (DoS)、権限昇格
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02257795
HPSBUX02541 SSRT100145 rev.1 - HP-UX Tomcat Servlet Engine、権限のリモート昇格、任意ファイルの変更
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02256253
POI 3.7 beta 1 available
http://www.apache.org/dist/poi/release/bin/RELEASE-NOTES.txt
http://poi.apache.org/changes.html
Apple : iOS 4
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32945
High-Tech Bridge SA : XSS vulnerability in Scribe CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32951
High-Tech Bridge SA : Stored XSS vulnerability in synType CMS comment text field
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32952
High-Tech Bridge SA : XSS vulnerability in the search module of synType CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32953
Independent Researcher : Sysax Multi Server "open", "unlink", "mkdir", "scp_get" Commands DoS Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32954
Mandriva : squirrelmail
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32939
redteam : CSRF in PHPWCMS 1.4.5
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32955
Trend Micro : Wing FTP Server PORT Command DoS Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32950
Ubuntu Security Notice : CUPS vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32940
Ubuntu Security Notice : fastjar vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32941
Ubuntu Security Notice : tiff vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32942
Ubuntu Security Notice : OPIE vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32943
Ubuntu Security Notice : libpam-opie vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32944
ZDI : Adobe Flash Player LocalConnection Memory Corruption Remote Code Execution Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32946
ZDI : Novell Access Manager Arbitrary File Upload Remote Code Execution Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32947
MajorSecurity : CMS RedAks 2.0 - SQL injection vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32948
JVNDB-2010-001550 Apple Safari の WebKit における任意のキー操作を強制される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001550.html
JVNDB-2010-001549 Apple Safari の WebKit におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001549.html
JVNDB-2010-001548 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001548.html
JVNDB-2010-001547 Apple Safari の Cascading Style Sheet 実装 における重要な URL の情報を見破られる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001547.html
JVNDB-2010-001546 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001546.html
JVNDB-2010-001545 JP1/ServerConductor/Deployment Manager における不正にシャットダウンまたはリブートを実行する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001545.html
[ MDVSA-2010:122 ] fastjar
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00211.html
[security bulletin] HPSBUX02541 SSRT100145 rev.1 - HP-UX Running Tomcat Servlet Engine, Remo
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00210.html
[ MDVSA-2010:121 ] pango
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00209.html
[scip_Advisory 4142] Skype Client for Mac Chat Unicode Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00208.html
Twitterで大規模なアカウント乗っ取り、1000ユーザー以上が被害
手口は不明、被害者の多くはイスラエルのユーザー
http://itpro.nikkeibp.co.jp/article/NEWS/20100623/349513/?ST=security
デジタル署名への過信は禁物、「署名付きウイルス」が多数出現
エフセキュアでは2万件以上を確認、署名付与の手口はいろいろ
http://itpro.nikkeibp.co.jp/article/NEWS/20100623/349488/?ST=security
「新たなセキュリティ脅威には多層的な対策を」---iTRの舘野氏が1点集中防御の限界を指摘
http://itpro.nikkeibp.co.jp/article/NEWS/20100622/349519/?ST=security
Problems With Lenovo Support
http://isc.sans.edu/diary.html?storyid=9049
Subtitle Translation Wizard Buffer Overflow Vulnerability
http://secunia.com/advisories/40303/
Ultimate PHP Board Security Bypass and File Disclosure
http://secunia.com/advisories/40249/
Femtolayer Planet Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/40232/
Ubuntu update for tiff
http://secunia.com/advisories/40253/
LibTIFF "SubjectDistance" Tag Buffer Overflow Vulnerability
http://secunia.com/advisories/40241/
Sysax Multi Server Multiple SCP Buffer Overflow Vulnerabilities
http://secunia.com/advisories/40313/
2daybiz Social Community Software SQL Injection Vulnerabilities
http://secunia.com/advisories/40288/
Ubuntu update for fastjar
http://secunia.com/advisories/40261/
Joomla Picasa2Gallery Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/40297/
UFO: Alien Invasion IRC Buffer Overflow Vulnerabilities
http://secunia.com/advisories/40321/
IBM WebSphere ILOG JRules Cross-Site Scripting Vulnerability
http://secunia.com/advisories/40275/
Interstage Products Cross-Site Scripting Vulnerability
http://secunia.com/advisories/40325/
2daybiz Video Community Portal Script "videoid" Cross-Site Scripting
http://secunia.com/advisories/40280/
Apple iOS Multiple Vulnerabilities
http://secunia.com/advisories/40257/
Groupmax World Wide Web Desktop Products Cross-Site Scripting Vulnerability
http://secunia.com/advisories/40310/
phpwcms Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/40319/
Explzsh LHA Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/40324/
Getaphpsite Top Sites Script "cat" SQL Injection Vulnerability
http://secunia.com/advisories/40287/
Fedora update for beanstalkd
http://secunia.com/advisories/40315/
2daybiz Job Search Engine Script "keyword" SQL Injection Vulnerability
http://secunia.com/advisories/40290/
Fedora update for drupal-views
http://secunia.com/advisories/40316/
Ubuntu update for cups
http://secunia.com/advisories/40271/
Fedora update for drupal-cck
http://secunia.com/advisories/40318/
Ubuntu update for opie and libpam-opie
http://secunia.com/advisories/40255/
Getaphpsite Job Search "topic" SQL Injection Vulnerability
http://secunia.com/advisories/40276/
SquirrelMail Mail Fetch Plugin Weakness
http://secunia.com/advisories/40307/
Fedora update for openssl
http://secunia.com/advisories/40317/
Apple iPhone Multiple Bugs Let Remote Users Execute Arbitrary Code and Physically Local Users Access the Device
http://securitytracker.com/alerts/2010/Jun/1024135.html
Groupmax World Wide Web Desktop Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/1550
Apple iPhone and iPod touch iOS Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1549
Fedora Security Update Fixes OpenSSL CMS Vulnerability
http://www.vupen.com/english/advisories/2010/1548
Fedora Security Update Fixes Beanstalkd Command Injection Issue
http://www.vupen.com/english/advisories/2010/1547
Fedora Security Update Fixes Drupal-CCK Information Disclosure
http://www.vupen.com/english/advisories/2010/1546
Fedora Security Update Fixes Drupal-views Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1545
Fedora Security Update Fixes Irssi Security Bypass and DoS Issues
http://www.vupen.com/english/advisories/2010/1544
Fedora Security Update Fixes Sudo Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/1543
Fedora Security Update Fixes ZNC Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1542
Fedora Security Update Fixes Sendmail Certificate Spoofing Vulnerability
http://www.vupen.com/english/advisories/2010/1541
Ubuntu Security Update Fixes LibTIFF Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1540
Ubuntu Security Update Fixes OPIE Off-by-one Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1539
Ubuntu Security Update Fixes fastjar Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2010/1538
Ubuntu Security Update Fixes CUPS Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1537
Mandriva Security Update Fixes SquirrelMail Mail Fetch Weakness
http://www.vupen.com/english/advisories/2010/1536
SquirrelMail Mail Fetch Plugin Port Scanning Security Weakness
http://www.vupen.com/english/advisories/2010/1535
Norex v1.3.2.0 Argument Heap-Overflow
http://www.exploit-db.com/exploits/13994/
K-Search SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15588
FastJar 'extract_jar()' Archive Extraction Directory Traversal Vulnerability
http://www.securityfocus.com/bid/41006
Wing FTP Server 'PORT' Command Denial Of Service Vulnerability
http://www.securityfocus.com/bid/41015
Pre PHP Classifieds Listings SQL Injection Vulnerability
http://www.securityfocus.com/bid/23795
Apple iPhone and iPod touch Application Sandbox User Photo Library Security Bypass Vulnerability
http://www.securityfocus.com/bid/41047
Mozilla Firefox Keyboard Focus Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40701
Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33276
Mozilla Firefox CVE-2010-0159 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/38286
Mozilla Firefox and SeaMonkey SVG Document Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/38288
Mozilla Firefox and SeaMonkey 'showModalDialog' method Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/38289
Mozilla Firefox and SeaMonkey Web Workers Array Data Type Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38285
Mozilla Firefox/Thunderbird/SeaMonkey HTML Parser Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38287
SquirrelMail 'mail_fetch' Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40291
OpenSSL 'bn_wexpend()' Error Handling Unspecified Vulnerability
http://www.securityfocus.com/bid/38562
OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39013
OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35138
OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31692
OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/35001
OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38533
OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40502
Pango Glyph Definition Table Denial of Service Vulnerability
http://www.securityfocus.com/bid/38760
Softbiz Resource Repository Script SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15585
Linux Kernel 'dvb_net_ule()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38479
Linux Kernel USB interface Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39042
Red Hat Enterprise Linux 'ptrace()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38702
Linux Kernel 'azx_position_ok()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38348
Linux Kernel 'tcp_rcv_state_process()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39016
Microsoft Windows Kernel Symbolic Link Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/39309
TweakFS Zip Utility ZIP File Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/39565
Microsoft Excel 'DBQueryExt' ActiveX Data Object (ADO) Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40531
Beanstalk Job Data Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/40516
K-Search 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/41057
Mozilla Firefox 'about:blank' Document URI Spoofing Vulnerability
http://www.securityfocus.com/bid/41055
WebKit 'history.replaceState' Cross-Origin Information Disclosure Vulnerability
http://www.securityfocus.com/bid/41051
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2010-26/27/28/29/30/32 Remote Vulnerabilities
http://www.securityfocus.com/bid/41050
Apple iPhone/iPod touch Prior to iOS 4 URI Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41049
Site2Nite Boat Classifieds 'detail.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41046
Red Hat Enterprise Virtualization Manager Postzero Parameter Information Disclosure Vulnerability
http://www.securityfocus.com/bid/41045
Red Hat Enterprise Virtualization Hypervisor VDM Information Disclosure Vulnerability
http://www.securityfocus.com/bid/41044
SoftComplex PHP Event Calendar Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/41043
webConductor 'default.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41042
Trend Micro InterScan Web Security Virtual Appliance Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/41039
Multiple Fujitsu Interstage Products Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/41038
2daybiz Social Community Script Admin Login Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/41037
Pre Projects Multi-Vendor Shopping Malls 'detail.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41034
Joomla! YBG Gallery Component 'catid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/41033
Picasa2Gallery Joomla! Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/41031
Subtitle Translation Wizard '.srt' File Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41026
Explzsh LHA File Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41025
Online Classified Script 'categorysearch.php' SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/41024
getaphpsite.com Job Search 'content.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41023
2daybiz Video Community Portal Script SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/41022
getaphpsite.com Classifieds 'search.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41021
The Uploader 'download_launch.php' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/41020
Top Sites 'category.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41019
Job Search Engine 'show_search_result.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41018
I don't purchase any products ...
返信削除