:: IT Security Neophyte Investigator's MEMO ::: 9日水曜日、赤口

2010年6月9日水曜日

9日水曜日、赤口

Stable release Postfix 2.7.1.
http://www.postfix.org/announcements/postfix-2.7.1.html

Legacy release Postfix 2.6.7.
http://www.postfix.org/announcements/postfix-2.6.7.html

US-CERT Technical Cyber Security Alert TA10-159A -- Adobe Flash, Reader, and Acrobat Vulnerability
http://www.derkeiler.com/Mailing-Lists/Cert/2010-06/msg00001.html

2010年6月 Microsoft セキュリティ情報 (緊急 3件含) に関する注意喚起
http://www.jpcert.or.jp/at/2010/at100014.txt

JPCERT/CC WEEKLY REPORT 2010-06-09
http://www.jpcert.or.jp/wr/2010/wr102101.html

「組込み・制御システムに情報セキュリティを」セミナー開催のお知らせ
～情報セキュリティ面でも安全な製品開発に向けて～
http://www.ipa.go.jp/security/vuln/seminar/lab_semi_embsys_2010.html

JVNTA10-159B Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA10-159B/index.html

JVNTA10-159A Adobe Reader、Acrobat および Flash Player に脆弱性
http://jvn.jp/cert/JVNTA10-159A/index.html

JVNDB-2010-001300 Linux kernel の net/ipv4/tcp_input.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001300.html

+ 2010 年 6 月のセキュリティ情報
http://www.microsoft.com/japan/technet/security/bulletin/ms10-jun.mspx
http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx

+ MS10-032 - 重要: Windows カーネルモードドライバーの脆弱性により、特権が昇格される (979559)
http://www.microsoft.com/japan/technet/security/bulletin/ms10-032.mspx

+ MS10-033 - 緊急: メディア解凍の脆弱性により、リモートでコードが実行される (979902)
http://www.microsoft.com/japan/technet/security/bulletin/ms10-033.mspx

+ MS10-034 - 緊急: ActiveX の Kill Bit の累積的なセキュリティ更新プログラム (980195)
http://www.microsoft.com/japan/technet/security/bulletin/ms10-034.mspx

+ MS10-035 - 緊急: Internet Explorer 用の累積的なセキュリティ更新プログラム (982381)
http://www.microsoft.com/japan/technet/security/bulletin/ms10-035.mspx

+ MS10-036 - 重要: Microsoft Office の COM の検証の脆弱性により、リモートでコードが実行される (983235)
http://www.microsoft.com/japan/technet/security/bulletin/ms10-036.mspx

+ MS10-037 - 重要: OpenType Compact Font Format (CFF) ドライバーの脆弱性により、特権が昇格される (980218)
http://www.microsoft.com/japan/technet/security/bulletin/ms10-037.mspx

+ MS10-038 - 重要: Microsoft Office Excel の脆弱性により、リモートでコードが実行される (2027452)
http://www.microsoft.com/japan/technet/security/bulletin/ms10-038.mspx

+ MS10-040 - 重要: インターネットインフォメーションサービスの脆弱性により、リモートでコードが実行される (982666)
http://www.microsoft.com/japan/technet/security/bulletin/ms10-040.mspx

+ MS10-041 - 重要: Microsoft .NET Framework の脆弱性により、改ざんが起こる (981343)
http://www.microsoft.com/japan/technet/security/bulletin/ms10-041.mspx

+ Postfix 2.7 Patchlevel 1, 2.6 Patchlevel 7 released
http://mirror.postfix.jp/postfix-release/official/postfix-2.7.1.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.6.7.HISTORY

+ A Security Vulnerability Relating to Certificate Handling in sendmail(1M) Versions Prior to 8.14.4 May Allow Server Identification Forgery
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021797.1-1
http://secunia.com/advisories/40109/
http://www.vupen.com/english/advisories/2010/1386

+ Security Vulnerability in Solaris libpng(3) May Allow Denial of Service (DoS) or Privilege Escalation
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1

+? glibc and eglibc 'nis/nss_nis/nis-pwd.c' Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37885
CVE-2010-0015

- MS10-039 - 重要: Microsoft SharePoint の脆弱性により、特権が昇格される (2028554)
http://www.microsoft.com/japan/technet/security/bulletin/ms10-039.mspx

- Multiple Security Vulnerabilities in BIND DNSSEC Software Shipped With Solaris May Cause Bogus NXDOMAIN Responses
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1

ALERT WEEKLY SUMMARY REPORT
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021776.1-1

BIND 9.7.1rc1
https://www.isc.org/software/bind/971rc1
ftp://ftp.isc.org/isc/bind9/9.7.1rc1/9.7.1rc1

HPSBMA02537 SSRT010027 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02217439&admit=109447627+1276052129434+28353475

UPDATE: Microsoft Security Advisory (983438): Vulnerability in Microsoft SharePoint Could Allow Elevation of Privilege
http://www.microsoft.com/technet/security/advisory/983438.mspx

UPDATE: Microsoft Security Advisory (973811): Extended Protection for Authentication
http://www.microsoft.com/technet/security/advisory/973811.mspx

UPDATE: マイクロソフトセキュリティアドバイザリ (983438): Microsoft SharePoint の脆弱性により、特権が昇格される
http://www.microsoft.com/japan/technet/security/advisory/983438.mspx

UPDATE: マイクロソフトセキュリティアドバイザリ(973811): 認証に対する保護の強化
http://www.microsoft.com/japan/technet/security/advisory/973811.mspx

Apple : Safari 5.0 and Safari 4.1
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32797

Microsoft : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32802

Microsoft : Vulnerabilities in Media Decompression Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32803

Microsoft : Cumulative Security Update of ActiveX Kill Bits
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32804

Microsoft : Cumulative Security Update for Internet Explorer
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32805

Microsoft : Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32806

Microsoft : Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32811

Ubuntu Security Notice : OpenOffice.org vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32796

「新型iPhoneを差し上げます！」――迷惑メールが出回る
製品名は「iPhone 4」ならぬ「iPhone 4G」、目的はアドレスの収集
http://itpro.nikkeibp.co.jp/article/NEWS/20100608/349006/?ST=security

NEC、標的型攻撃を三つの手段で防ぐセキュリティサービスを発売
http://itpro.nikkeibp.co.jp/article/NEWS/20100608/349003/?ST=security

JVNDB-2010-001509 IBM WebSphere Application Server の Web コンテナにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001509.html

JVNDB-2010-001508 IBM WebSphere Application Server の Web コンテナにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001508.html

JVNDB-2010-001507 IBM WebSphere Application Server におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001507.html

JVNDB-2010-001506 IBM WebSphere Application Server におけるアクセス制限回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001506.html

[security bulletin] HPSBMA02537 SSRT010027 rev.1 - HP OpenView Network Node Manager (OV NNM), Re
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00097.html

IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00093.html

[CORE-2010-0415] SQL Injection in CubeCart PHP Free & Commercial Shopping Cart Applicati
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00098.html

ZDI-10-106: Hewlett-Packard OpenView NNM ovutil.dll getProxiedStorageAddress Remote Code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00092.html

ZDI-10-105: Hewlett-Packard OpenView NNM ovwebsnmpsrv.exe Bad Option Remote Code Executi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00096.html

tool: ref_fuzz (CVE-2010-1259 / MS10-035 and more)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00095.html

ZDI-10-104: Microsoft Office Excel SxView Record Parsing Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00091.html

ZDI-10-103: Microsoft Office Excel DBQueryExt Record Unspecified ADO Object Remote Code Exec
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00090.html

ZDI-10-102: Microsoft Internet Explorer Stylesheet Array Removal Remote Code Execution Vulne
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00094.html

ZDI-10-101: Apple Webkit SVG RadialGradiant Run-in Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00086.html

ZDI-10-100: Apple Webkit ConditionEventListener Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00088.html

ZDI-10-099: Apple Webkit ProcessInstruction Target Error Message Insertion Remote Code Execu
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00084.html

ZDI-10-098: Apple Webkit First-Letter Pseudo-Element Style Remote Code Execution Vul
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00080.html

ZDI-10-097: Apple Webkit ContentEditable moveParagraphs Uninitialized Element Remote Code Ex
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00079.html

ZDI-10-096: Apple Webkit Recursive Use Element Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00083.html

[ MDVSA-2010:111 ] glibc
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00078.html

ZDI-10-095: Apple Webkit DOCUMENT_POSITION_DISCONNECTED Attribute Remote Code Execution Vuln
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00081.html

ZDI-10-094: Apple Webkit SelectionController via Marquee Event Remote Code Execution Vulnera
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00087.html

ZDI-10-093: Apple Webkit CSS Charset Text Transformation Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00085.html

ZDI-10-092: Apple Webkit Option Element ContentEditable Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00089.html

ZDI-10-091: Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00082.html

Paessler - PRTG Traffic Grapher XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00073.html

ArpON (Arp handler inspectiON) 2.0 released!
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00076.html

VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free Vulnerability (
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00071.html

The XCon2010 is coming
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00075.html

Blue Arc Group - IgnitionSuite CMS WebDMailer unsubscribe issue
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00077.html

Recon 2010 - Speaker list, new additional capacity for sold-out training, party details
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00072.html

June 2010 Microsoft Black Tuesday Summary
http://isc.sans.edu/diary.html?storyid=8929

JVNVU#486225 Adobe Flash ActionScript AVM2 newfunction 命令に脆弱性
http://jvn.jp/cert/JVNVU486225/index.html

Microsoft Internet Information Services Authentication Memory Corruption
http://secunia.com/advisories/40079/

Microsoft .NET Framework XML Signature HMAC Truncation Security Issue
http://secunia.com/advisories/40080/

Microsoft Office Excel Multiple Vulnerabilities
http://secunia.com/advisories/37500/

Microsoft Data Analyzer ActiveX Control Vulnerability
http://secunia.com/advisories/40059/

Microsoft Internet Explorer Developer Tools ActiveX Control Vulnerability
http://secunia.com/advisories/40036/

Microsoft Internet Explorer Multiple Vulnerabilities
http://secunia.com/advisories/40062/

Microsoft Windows Media Decompression Two Vulnerabilities
http://secunia.com/advisories/40058/

Microsoft Windows Kernel-Mode Drivers Three Vulnerabilities
http://secunia.com/advisories/39655/

Microsoft Windows OpenType Compact Font Format Driver Vulnerability
http://secunia.com/advisories/38176/

Microsoft Office XP COM Object Instantiation Validation Vulnerability
http://secunia.com/advisories/40082/

Microsoft Office COM Object Instantiation Validation Vulnerability
http://secunia.com/advisories/40068/

D.R. Software Audio Converter Playlist Parsing Buffer Overflow
http://secunia.com/advisories/40081/

Sun Solaris Sendmail SSL Certificate Spoofing Vulnerability
http://secunia.com/advisories/40109/

Red Hat update for perl
http://secunia.com/advisories/40052/

Red Hat update for perl
http://secunia.com/advisories/40049/

log1 CMS Two Vulnerabilities
http://secunia.com/advisories/40090/

CyberHost Sales System "id" SQL Injection Vulnerability
http://secunia.com/advisories/40061/

Greeting Cards Script Arbitrary File Upload Vulnerability
http://secunia.com/advisories/40069/

Core FTP mini-sftp-server Directory Traversal and Buffer Overflow
http://secunia.com/advisories/40075/

Fedora update for zikula
http://secunia.com/advisories/40108/

Fedora update for mysql
http://secunia.com/advisories/40106/

Fedora update for openoffice.org
http://secunia.com/advisories/40107/

Red Hat update for openoffice.org
http://secunia.com/advisories/40097/

Apple Safari HTTP Basic Authentication Information Disclosure
http://secunia.com/advisories/40110/

Apple Safari Multiple Vulnerabilities
http://secunia.com/advisories/40105/

Debian update for mysql-dfsg
http://secunia.com/advisories/40035/

Ubuntu update for openoffice.org
http://secunia.com/advisories/40104/

fileNice "sstring" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/40077/

Motorola SURFBoard SBV6120E Directory Traversal Vulnerability
http://secunia.com/advisories/40054/

PHP Car Hire Script "id" SQL Injection Vulnerability
http://secunia.com/advisories/40099/

iScripts eSwap "txtHomeSearch" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/40087/

iScripts EasyBiller "planid" SQL Injection Vulnerability
http://secunia.com/advisories/40088/

Microsoft .NET XML Digital Signature Flaw May Let Remote Users Bypass Authentication
http://securitytracker.com/alerts/2010/Jun/1024080.html

Microsoft Internet Information Services Memory Allocation Error Lets Remote Authenticated Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jun/1024079.html

Microsoft SharePoint Input Validation Flaw in toStaticHTML API Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Jun/1024078.html

Microsoft SharePoint Help Page Processing Bug Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/Jun/1024077.html

Microsoft Office Excel Has Multiple Flaws That Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jun/1024076.html

Microsoft Office Open XML File Format Converter for Mac Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Jun/1024075.html

Windows OpenType Compact Font Format Memory Corruption Error Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Jun/1024074.html

Microsoft Office COM Object Instantiation Error Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jun/1024073.html

Windows Kernel 'win32k.sys' Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Jun/1024072.html

HP OpenView Network Node Manager 'jovgraph.exe' Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jun/1024071.html

Microsoft Internet Explorer 8 Developer Tools ActiveX Control Memory Corruption Error Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jun/1024070.html

Windows Media Decompression Components Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jun/1024069.html

Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Jun/1024068.html

Apple Safari Bugs Let Remote Users Execute Arbitrary Code or Access Potentially Sensitive Information
http://securitytracker.com/alerts/2010/Jun/1024067.html

HP-UX Running NFS/ONCplus NFS Inadvertently Enabled Vulnerability
http://www.securiteam.com/securitynews/5UP2W2A1PC.html

VMWare WebAccess Multiple Vulnerabilities
http://www.securiteam.com/securitynews/5VP2X2A1PI.html

Microsoft Internet Explorer onreadystatechange Use After Free Vulnerability
http://www.securiteam.com/windowsntfocus/5KP322A1PA.html

HP IC-Linux Execution of Arbitrary Code and Elevation of Privilege Vulnerabilities
http://www.securiteam.com/unixfocus/5IP302A1PQ.html

Pulse CMS login.php Arbitrary File Writing Vulnerability
http://www.securiteam.com/unixfocus/5TP2V2A1PW.html

HP Secure Web Server for OpenVMS CSWS Multiple Vulnerabilities
http://www.securiteam.com/unixfocus/5JP312A1PQ.html

ViewVC Regular Expression Search Cross Site Scripting Vulnerability
http://www.securiteam.com/securitynews/5WP2Y2A1PI.html

Oracle Java Runtime Environment Image File Buffer Overflow Vulnerability
http://www.securiteam.com/securitynews/5LP332A1PG.html

Microsoft .NET Framework XML HMAC Truncation Vulnerability (MS10-041)
http://www.vupen.com/english/advisories/2010/1398

Microsoft IIS Authentication Memory Corruption Vulnerability (MS10-040)
http://www.vupen.com/english/advisories/2010/1397

Microsoft SharePoint Information Disclosure and DoS (MS10-039)
http://www.vupen.com/english/advisories/2010/1396

Microsoft Office Excel Multiple Code Execution Vulnerabilities (MS10-038)
http://www.vupen.com/english/advisories/2010/1395

Microsoft Windows OpenType CFF Font Driver Vulnerability (MS10-037)
http://www.vupen.com/english/advisories/2010/1394

Microsoft Office COM Validation Code Execution Vulnerability (MS10-036)
http://www.vupen.com/english/advisories/2010/1393

Microsoft Internet Explorer Code Execution and Information Disclosure (MS10-035)
http://www.vupen.com/english/advisories/2010/1392

Microsoft Windows ActiveX Remote Code Execution Issues (MS10-034)
http://www.vupen.com/english/advisories/2010/1391

Microsoft Windows Media Decompression Code Execution (MS10-033)
http://www.vupen.com/english/advisories/2010/1390

Microsoft Windows Kernel-Mode Drivers Privilege Escalation (MS10-032)
http://www.vupen.com/english/advisories/2010/1389

D.R. Software Easy CD-DA Recorder Playlist Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1388

D.R. Software Audio Converter Playlist Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1387

Sun Security Update Fixes Sendmail Certificate Spoofing Vulnerability
http://www.vupen.com/english/advisories/2010/1386

Motorola SURFboard SBV6120E Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2010/1385

FlatnuX "head" and "body" Parameters Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1384

Nuggetz Admin Interface Cross Site Request Forgery Vulnerability
http://www.vupen.com/english/advisories/2010/1383

EasyJobPortal SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1382

EasyCarPortal "current_page" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1381

EasyPhotoStore "search_keywords" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1380

EasyEstateManager "current_page" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1379

Script Market Place "sf_id" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1378

binarydrive "id" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1377

Article Publisher Pro "art_id" Parameter SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1376

CommonSense CMS "article_id" Parameter SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1376

DJ-ArtGallery for Joomla "cid" Parameter Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/1374

Apple Safari Code Execution and Information Disclosure Vulnerabilities
http://www.vupen.com/english/advisories/2010/1373

ISC DHCP Zero Length Client ID Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1372

Fedora Security Update Fixes MySQL Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1371

Fedora Security Update Fixes Zikula Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1370

edora Security Update Fixes OpenOffice.org Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/1369

Redhat Security Update Fixes OpenOffice.org Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/1368

Redhat Security Update Fixes Perl Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/1367

Ubuntu Security Update Fixes OpenOffice.org Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/1366

Debian Security Update Fixes MySQL Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1365

SureThing CD Labeler (m3u/pls) - Unicode Stack Overflow PoC Exploit
http://www.exploit-db.com/exploits/13767/

Castripper 2.50.70 (.pls) stack buffer overflow w/ DEP bypass exploit
http://www.exploit-db.com/exploits/13768/

RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/40548

ircd-ratbox 'HELP' Command Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37979

IRCD-Hybrid and ircd-ratbox 'LINKS' Command Remote Integer Underflow Vulnerability
http://www.securityfocus.com/bid/37978

Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40451

Exim MBX Locking Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/40454

Xinha Dynamic Configuration Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/40033

GNU glibc 'ld.so' ELF Header Parsing Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40063

glibc and eglibc 'nis/nss_nis/nis-pwd.c' Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37885

GNU glibc 'strfmon()' Function Integer Overflow Weakness
http://www.securityfocus.com/bid/36443

Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39776

Microsoft Internet Explorer 'CStyleSheet' Uninitialized Memory Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40417

Microsoft Office COM Object Validation Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40574

Microsoft SharePoint Help Page Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40559

Microsoft Excel CVE-2010-0821 'SxView' Record Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40518

Microsoft Excel 'DBQueryExt' ActiveX Data Object (ADO) Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40531

Microsoft Internet Explorer URLMON Sniffing Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38056

Microsoft Data Analyzer 'max3activex.dll' ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38045

Microsoft Internet Explorer Dynamic Object Tag Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38055

Danske Bank Danske e-Sec Control Module ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34549

IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35671

EMO Realty Manager 'cat1' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/40625

Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/37543

OpenOffice Python Scripting IDE Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40599

OpenOffice Prior to 3.2 Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/38218

Apple Safari Prior to 5.0 and 4.1 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/40620

Rayzz Photoz HTML Injection Vulnerability
http://www.securityfocus.com/bid/40627

Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40106

Oracle MySQL 'COM_FIELD_LIST' Command Packet Security Bypass Vulnerability
http://www.securityfocus.com/bid/40109

MySQL Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/37297

Oracle MySQL Malformed Packet Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40100

MySQL 'sql/sql_table.cc' CREATE TABLE Security Bypass Vulnerability
http://www.securityfocus.com/bid/38043

DM Database Server 'SP_DEL_BAK_EXPIRED' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40460

Zikula Application Framework 'lang' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39717

Adobe Flash Player, Acrobat Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40586

VUPlayer M3U UNC Name Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/21363

Apple Mac OS X 2009-003 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/35954

WebKit SVG 'use' Element Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40657

Google Chrome prior to 5.0.375.70 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/40651

Linksys WAP54Gv3 Wireless Router Debug Credentials Security Bypass Vulnerability
http://www.securityfocus.com/bid/40648

PHPList 'archive.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40643

CubeCart 'shipKey' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/40641

Cobra Scripts Greeting Cards Remote Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/40640

PhreeBooks Multiple HTML-Injection and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/40639

HP OpenView Network Node Manager 'ovutil.dll' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40638

HP OpenView Network Node Manager 'ovwebsnmpsrv.exe' Bad Option Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40637

Motorola SB5101 Haxorware Firmware Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/40635

iScripts EasyBiller 'viewhistorydetail.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40634

MCLogin System 'login_index.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/40633

SureThing CD/DVD Labeler '.m3u' File Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40632

Mini-stream Software CastRipper '.pls' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40626

Microsoft IIS Authentication Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40573

Microsoft Windows OpenType Compact Font Format Driver Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40572

Microsoft Windows Kernel 'Win32k.sys' TrueType Font Parsing Code Execution Vulnerability
http://www.securityfocus.com/bid/40570

Microsoft Windows Kernel 'Win32k.sys' Window Creation Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40569

Avaya CallPilot Unified Messaging ActiveX Control Unspecified Security Vulnerability
http://www.securityfocus.com/bid/40535

Microsoft Office XML Converter for Mac Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40533

Microsoft Excel CVE-2010-1252 String Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40530

Microsoft Excel CVE-2010-1251 Record Parsing Stack Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40529

Microsoft Excel CVE-2010-1250 EDG Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40528

Microsoft Excel CVE-2010-1249 File Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40527

Microsoft Excel HFPicture Record Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40526

Microsoft Excel CVE-2010-1247 File Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40525

Microsoft Excel Real Time Data (RTD) Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40524

Microsoft Excel CVE-2010-1245 Record Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40523

Microsoft Excel CVE-2010-0824 Record Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40522

Microsoft Excel Malformed Chart Sheet Substream Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40521

Microsoft Excel CVE-2010-0822 Stack Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40520

Microsoft Windows Kernel 'Win32k.sys' Data Validation Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40508

Kodak Gallery Easy Upload Manager ActiveX Control Unspecified Security Vulnerability
http://www.securityfocus.com/bid/40496

Computer Associates PSFormX ActiveX Control Unspecified Security Vulnerability
http://www.securityfocus.com/bid/40494

Microsoft Internet Explorer 8 Developer Tools Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40490

Microsoft Windows Media Decompression (CVE-2010-1880) Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40464

Microsoft Windows Media Decompression (CVE-2010-1879) Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40432

Microsoft Internet Explorer Developer Toolbar (CVE-2010-1261) Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40416

Microsoft Internet Explorer Developer Toolbar HTML Element Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40414

Microsoft Internet Explorer Uninitialized Memory (CVE-2010-1259) Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40410

Internet Explorer and SharePoint 'toStaticHTML' Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40409

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)