- FreeBSD Kernel nfs_mount() Exploit
http://www.exploit-db.com/exploits/14002/
- UPDATE: MS10-033 - Critical Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)
http://www.microsoft.com/technet/security/bulletin/MS10-033.mspx?pubDate=2010-06-23
- UPDATE: MS10-016 - Important Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)
http://www.microsoft.com/technet/security/bulletin/MS10-016.mspx?pubDate=2010-06-23
TestFest 2010
http://www.php.net/archive/2010.php#id2010-06-23-1
PHP 5.2.14RC1, 5.3.3RC1 released
http://qa.php.net/
Samba 3.5.4が出ました。バグフィックスです(リリースノート)
http://samba.org/samba/history/samba-3.5.4.html
ServerProtect for Linux 3.0 (CentOS/SUSE11対応版) 公開とサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1436
InterScan for Lotus Domino 5.0 Windows版 公開とサポートサービス開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1432
Trend Micro ビジネスセキュリティ 6.0 Service Pack 2 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1435
UPDATE: JVNVU#545953 複数のアンチウィルス製品に脆弱性
http://jvn.jp/cert/JVNVU545953/index.html
JVNDB-2010-001563 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001563.html
JVNDB-2010-001562 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001562.html
JVNDB-2010-001561 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001561.html
JVNDB-2010-001560 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001560.html
JVNDB-2010-001558 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001558.html
JVNDB-2010-001557 Apple Safari の WebKit の Cascading Style Sheets 実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001557.html
UFO: Alien Invasion v2.2.1 Remote Arbitrary Code Execution Vulnerability
http://www.exploit-db.com/exploits/14013/
+ Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects OpenSSL
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1
+ HPSBUX02544 SSRT100107 rev.1 - HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02257427
+ Samba 3.5.4 released
http://news.samba.org/releases/3.5.4/
http://samba.org/samba/history/samba-3.5.4.html
+ Microsoft-SA-06/23/2010: Microsoft Help Files (.CHM): 'Locked File' Feature Bypass
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32962
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00215.html
- Security Vulnerability in BIND DNS Software Shipped With Solaris May Allow DNS Cache Poisoning
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1
- Linux Kernel 'time/clocksource.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/41079
対象名:Linux kernel 2.6.34
- Linux Kernel 'pppol2tp_xmit' Null Pointer Deference Denial of Service Vulnerability
http://www.securityfocus.com/bid/41077
対象名:Linux kernel 2.6.29 以降
- Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
http://www.securityfocus.com/bid/41076
対象名:Apache Axis2/Java
InterScan Gateway Security Appliance 1.5 Patch 2 (ビルド 1240) 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1426
ウイルスバスター コーポレートエディション 10.0 Service Pack 1 適用済版 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1433
Document ID: 355955: vxio driver consumes high Non Paged Pool memory during Flash Snap activities
http://seer.entsupport.symantec.com/docs/355955.htm
Icy Silence : Linksys WAP54Gv3 debug.cgi Cross-Site Scripting
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32961
Security-Assessment.com : Microsoft Help Files (.CHM): 'Locked File' Feature Bypass
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32962
Hewlett-Packard : HP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary File
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32964
Mandriva : pango
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32956
Mandriva : fastjar
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32957
Red Hat : Critical: seamonkey security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32958
Red Hat : Critical: firefox security, bug fix, and enhancement update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32959
Red Hat : Critical: firefox security, bug fix, and enhancement update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32960
scip : Skype Client for Mac Chat Unicode Denial of Service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32963
ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00219.html
[ MDVSA-2010:123 ] libneon0.27
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00218.html
Apache Axis Session Fixation Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00216.html
[security bulletin] HPSBMA02439 SSRT080082 rev.2 - HP OpenView SNMP Emanate Master Agent Running
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00214.html
Weborf DCA-00012 Vulnerability Report
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00213.html
IS-2010-003 - Linksys WAP54Gv3 debug.cgi Cross-Site Scripting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00212.html
Microsoft Help Files (.CHM): Locked File Feature Bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00215.html
Windows Update実行後にフリーズ――原因は古い対策ソフト
Windowsのモジュールをウイルスだと誤検出、警告が表示される場合も
http://itpro.nikkeibp.co.jp/article/NEWS/20100624/349585/?ST=security
国内企業を狙ったゼロデイ攻撃、Adobe Readerの脆弱性を悪用
政府機関をかたるメールにPDFファイル、開くとウイルスに感染
http://itpro.nikkeibp.co.jp/article/NEWS/20100624/349584/?ST=security
ブルーコートが情報漏えい対策アプライアンス、1日で導入可能
http://itpro.nikkeibp.co.jp/article/NEWS/20100623/349565/?ST=security
JPCERT/CC WEEKLY REPORT
http://www.jpcert.or.jp/wr/2010/wr102301.html
JVNDB-2010-001556 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001556.html
JVNDB-2010-001555 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001555.html
JVNDB-2010-001554 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001554.html
JVNDB-2010-001553 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001553.html
JVNDB-2010-001552 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001552.html
JVNDB-2010-001551 Apple Safari の WebKit におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001551.html
Mozilla Firefox Updates
http://isc.sans.edu/diary.html?storyid=9052
Opera Browser Update
http://isc.sans.edu/diary.html?storyid=9055
IPv6 Support in iOS 4
http://isc.sans.edu/diary.html?storyid=9058
Microsoft Non-Security Updates
http://isc.sans.edu/diary.html?storyid=9061
phpBazarPicLib "cat" Information Disclosure Vulnerability
http://secunia.com/advisories/40273/
Jamroom "post_id" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/40259/
Trend Micro InterScan Web Security Virtual Appliance Multiple Vulnerabilities
http://secunia.com/advisories/40328/
Site2Nite Boat Classifieds "ID" SQL Injection Vulnerabilities
http://secunia.com/advisories/40263/
Joomla DOCman Component File Disclosure Vulnerability
http://secunia.com/advisories/40291/
F-Secure Policy Manager "Expect" Header Cross-Site Scripting
http://secunia.com/advisories/40256/
Red Hat update for seamonkey
http://secunia.com/advisories/40320/
Red Hat update for firefox
http://secunia.com/advisories/40312/
Mozilla SeaMonkey Multiple Vulnerabilities
http://secunia.com/advisories/40326/
Mozilla Thunderbird Multiple Vulnerabilities
http://secunia.com/advisories/40323/
Weborf Header Processing Denial of Service Vulnerability
http://secunia.com/advisories/40322/
Mozilla Firefox Multiple Vulnerabilities
http://secunia.com/advisories/40309/
HP-UX update for Tomcat Servlet Engine
http://secunia.com/advisories/40330/
Fedora update for squirrelmail
http://secunia.com/advisories/40332/
Fedora update for gnutls
http://secunia.com/advisories/40331/
F-Secure Policy Manager Input Validation Bug Permits Cross-Site Scripting Attacks Via the Expect Header
http://securitytracker.com/alerts/2010/Jun/1024144.html
Mozilla Thunderbird Multiple Flaws Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jun/1024139.html
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Access Keystrokes, and Conduct Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Jun/1024138.html
Red Hat Virtual Desktop Server Manager Lets Local Users Obtain Potentially Sensitive Information From Deleted Virtual Machines
http://securitytracker.com/alerts/2010/Jun/1024137.html
Nakid CMS 0.5.2 Remote Include Exploit
http://securityreason.com/securityalert/7530
eWebquiz 'QuizType' Parameter SQL Injection Vulnerability
http://securityreason.com/securityalert/7529
eLMS Pro SQLi and XSS Vulnerability
http://securityreason.com/securityalert/7528
SAP J2EE Telnet Administration Security Check Bypass
http://securityreason.com/securityalert/7527
Spring Framework 3.0.2 execution of arbitrary code
http://securityreason.com/securityalert/7526
PHP E-Mall "id" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1568
Easybe Music Store "AlbumID" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1567
Gcms "lang" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1566
Ultimate PHP Board "admin_restore.php" File Download Vulnerability
http://www.vupen.com/english/advisories/2010/1565
phpwcms Admin Interface Cross Site Request Forgery Vulnerability
http://www.vupen.com/english/advisories/2010/1564
Alpin CMS "id" Parameter Remote SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2010/1563
Linker IMG "cook_lan" Parameter Local File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/1562
osCmax Multiple Parameter Handling Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1561
Elite Gaming Ladders "ladder[id]" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1560
HP-UX Security Update Fixes Tomcat Servlet Engine Vulnerabilities
http://www.vupen.com/english/advisories/2010/1559
IBM WebSphere ILOG JRules Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/1558
Redhat Security Update Fixes Firefox Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1557
Redhat Security Update Fixes Seamonkey Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1556
Fedora Security Update Fixes GnuTLS Plaintext Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1555
Fedora Security Update Fixes SquirrelMail Mail Fetch Weakness
http://www.vupen.com/english/advisories/2010/1554
Mandriva Security Update Fixes fastjar Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2010/1553
Mandriva Security Update Fixes Pango Array Indexing Vulnerability
http://www.vupen.com/english/advisories/2010/1552
Mozilla Products Code Execution and Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/1551
FreeBSD Kernel nfs_mount() Exploit
http://www.exploit-db.com/exploits/14002/
BlazeDVD v6 (.plf) SEH universale Buffer Overflow
http://www.exploit-db.com/exploits/13998/
RETIRED: Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2010-26/27/28/29/30/32 Remote Vulnerabilities
http://www.securityfocus.com/bid/41050
IBM WebSphere Application Server Administration Console Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39051
Moodle Multiple Vulnerabilities
http://www.securityfocus.com/bid/40944
Weborf HTTP Header Processing Denial Of Service Vulnerability
http://www.securityfocus.com/bid/41064
Apple iPhone/iPod touch Prior to iOS 4 Safari Security Bypass Vulnerability
http://www.securityfocus.com/bid/41065
RETIRED: Apple iPhone/iPod touch Prior to iOS 4 Multiple Vulnerabilities
http://www.securityfocus.com/bid/41016
DOCman Component Information Disclosure Vulnerability
http://www.securityfocus.com/bid/41069
Net-SNMP Remote Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/29623
Trend Micro InterScan Web Security Virtual Appliance Multiple Vulnerabilities
http://www.securityfocus.com/bid/41072
Apple iPhone/iPod touch Prior to iOS 4 Passcode Lock Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/41067
Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
http://www.securityfocus.com/bid/19661
Science Fair In A Box 'winners.php' Input Validation Vulnerability
http://www.securityfocus.com/bid/40743
Mozilla Firefox Cross Document DOM Node Movement Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38952
Mozilla Firefox/Thunderbird/SeaMonkey 'nsIContentPolicy' Security Bypass Vulnerability
http://www.securityfocus.com/bid/39479
Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33276
Mozilla Firefox Keyboard Focus Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40701
Mozilla Thunderbird Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38831
Multiple Image Upload Module For Drupal Security Bypass Vulnerability
http://www.securityfocus.com/bid/41104
Block Queue Module For Drupal Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/41101
Easy Translator Module For Drupal SQL Injection Vulnerability
http://www.securityfocus.com/bid/41098
2daybiz MLM Script 'viewnews.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41097
Drupal Masquerade Module Multiple Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/41089
LibTIFF Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/41088
IBM WebSphere Application Server Unspecified Link Injection Security Vulnerability
http://www.securityfocus.com/bid/41084
mlmmj Edit and Save Multiple Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/41080
Linux Kernel 'time/clocksource.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/41079
Axis Media Controller 'AxisMediaControlEmb.dll' ActiveX Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41078
Linux Kernel 'pppol2tp_xmit' Null Pointer Deference Denial of Service Vulnerability
http://www.securityfocus.com/bid/41077
Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
http://www.securityfocus.com/bid/41076
Avahi 'avahi-core/socket.c' Zero Size Packet Denial Of Service Vulnerability
http://www.securityfocus.com/bid/41075
Pre Projects Multi-Vendor Shopping Malls 'products.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41074
phpBazarPicLib 'cat' Parameter Directory Traversal Vulnerability
http://www.securityfocus.com/bid/41073
Simple File Manager 'filename' Parameter Directory Traversal Vulnerability
http://www.securityfocus.com/bid/41062
Linksys WAP54Gv3 Wireless Router 'debug.cgi' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/41061
Site2Nite Boat Classifieds 'printdetail.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41059
Joomla! JE Ajax Event Calendar Component 'view' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/41058
Novell iManager Long TREE Field Off-By-One Denial of Service Vulnerability
http://www.securityfocus.com/bid/40485
Novell iManager Schema Create Class Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40480
0 件のコメント:
コメントを投稿