2010年7月30日金曜日

30日 金曜日、赤口

JVNDB-2010-001158 libpng における圧縮された補助チャンクの処理に脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001158.html

JVNDB-2009-002257 libpng における初期化されていないメモリ内の情報の一部を読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002257.html

Web Traffic Analysis with httpry
http://isc.sans.edu/diary.html?storyid=9295

Debian update for openldap
http://secunia.com/advisories/40770/

HTML Email Creator 2.42 build 718 Buffer Overflow Exploit (SEH)
http://www.exploit-db.com/exploits/14503/

HTML Email Creator HTML Tags Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34487




Wireshark 1.2.10, 1.0.15 released
http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html
http://www.wireshark.org/docs/relnotes/wireshark-1.0.15.html

Multiple vulnerabilities in Wireshark version 1.2.0 to 1.2.9
http://www.wireshark.org/security/wnpa-sec-2010-08.html

Vulnerabilities in Wireshark version 0.10.8 to 1.0.14
http://www.wireshark.org/security/wnpa-sec-2010-07.html

Sysstat 9.1.4 released (development version)
http://sebastien.godard.pagesperso-orange.fr/

Sudo 1.7.4rc2 released
http://www.sudo.ws/sudo/devel.html#1.7.4rc2

UPDATE: Cisco Security Advisory: CDS Internet Streamer: Web Server Directory Traversal Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3bd1c.shtml

(参考)Lotus Notes のファイルビューアーにおける潜在的な脆弱性の問題 (2010年7月)
http://www-06.ibm.com/jp/domino04/lotus/support/faqs/faqs.nsf/all/734173

Hewlett-Packard : HP Insight Control Power Management for Windows - Local Unauthorized Read Access to Data
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33271

Independent Researcher : Jira Enterprise 4.0.1 - Multiple Low Risk Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33270

Mandriva : MDVSA-2010:142 - openldap - Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33265

MustLive : Vulnerabilities in Cetera eCommerce
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33268

MustLive : Cetera eCommerce - XXS, SQL Injection, and SQL DB Extraction Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33269

Red Hat : RHSA-2010:0567-01 - Moderate: lvm2-cluster security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33266

検索サイトに「わな」が潜む――「SEOポイズニング」に注意!
米シマンテックが警告、「上位100件中99件中が悪質サイトの場合も」
http://itpro.nikkeibp.co.jp/article/Research/20100730/350826/?ST=security

「最低限のセキュリティはDNSで確保を」---シマンテックがスマートデバイス戦略
http://itpro.nikkeibp.co.jp/article/NEWS/20100729/350842/?ST=security

JVNDB-2010-001743 Windows 上で稼働する CA ARCserve Backup における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001743.html

JVNDB-2010-001742 Samba の smbd におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001742.html

JVNDB-2010-001741 Samba の smbfs における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001741.html

JVNDB-2010-001740 Apache Tomcat における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001740.html

[SECURITY] [DSA 2077-1] New openldap packages fix potential code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00263.html

[HITB-Ann] Reminder: HITB2010 Malaysia Call for Papers Closing August 9th
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00262.html

[security bulletin] HPSBUX02556 SSRT100014 rev.2 - HP-UX Running rpc.ttdbserver, Remote Exec
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00259.html

CFP NcN 2010
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00258.html

PBBooking 1.0.4_3 Joomla Component Multiple Blind SQL Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00260.html

[ MDVSA-2010:142 ] openldap
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00261.html

NoScript 2.0 released
http://isc.sans.edu/diary.html?storyid=9286

Snort 2.8.6.1 and Snort 2.9 Beta Released
http://isc.sans.edu/diary.html?storyid=9289

FBI, Slovenian and Spanish Police announce more arrests of Mariposa Botnet Creator, Operators
http://isc.sans.edu/diary.html?storyid=9292

Joomla PBBooking Component Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/40749/

TYPO3 phpMyAdmin Extension Security Bypass
http://secunia.com/advisories/40781/

Drupal Kaltura Module Information Disclosure Weakness
http://secunia.com/advisories/40767/

Joomla PhotoMap Gallery Component Two SQL Injection Vulnerabilities
http://secunia.com/advisories/40761/

Drupal Sage Pay Direct Payment Gateway for Ubercart Module Information Disclosure
http://secunia.com/advisories/40777/

Zemana AntiLogger IOCTL Handling Privilege Escalation Vulnerability
http://secunia.com/advisories/40728/

Drupal Dashboard Module Script Insertion Vulnerability
http://secunia.com/advisories/40776/

TYPO3 Multiple Vulnerabilities
http://secunia.com/advisories/40742/

SPIP "var_login" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/40745/

Piwik Local File Inclusion Vulnerability
http://secunia.com/advisories/40703/

UPlusFtp Server Web Interface Buffer Overflow Vulnerability
http://secunia.com/advisories/40771/

IBM Java Plugin Argument Injection Vulnerability
http://secunia.com/advisories/40773/

IBM Java Multiple Vulnerabilities
http://secunia.com/advisories/40772/

LVM2 Abstract Socket Security Issue
http://secunia.com/advisories/40759/

Joomla Component Joomdle SQL vulnerability
http://securityreason.com/securityalert/7621

joomla component huruhelpdesk SQL injection Vulnerability
http://securityreason.com/securityalert/7620

SAP NetWaver SLD 7.0/6.4 Multiple XSS
http://securityreason.com/securityalert/7619

[Apache HTTP Server 2.2.16 Released multiple vulnerabilities
http://securityreason.com/securityalert/7618

VUPEN Security Research - HP OpenView Network Node Manager "nnmrptconfig.exe" Buffer Overflow (CVE-2010-2703)
http://securityreason.com/securityalert/7617

HP OpenView Network Node Manager "ov.dll" Buffer Overflow Vulnerability
http://securityreason.com/securityalert/7616

Likewise Open 5.4 & 6.0 Multiple Vulns
http://securityreason.com/securityalert/7615

Panda Security、個人向けセキュリティソフトの2011年版を発売
http://internet.watch.impress.co.jp/docs/news/20100728_383963.html

シマンテック、「ノートン2011」に搭載予定の新機能を説明
http://internet.watch.impress.co.jp/docs/news/20100729_384171.html

CubeCart PHP Free & Commercial Shopping Cart Application SQL Injection Vulnerability
http://www.securiteam.com/securitynews/5IP3O2A20Y.html

IBM Java Security Update Fixes Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1949

SPIP "var_login" Parameter Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/1948

Front End User Registration for TYPO3 Password Handling Weakness
http://www.vupen.com/english/advisories/2010/1947

TYPO3 Code Execution and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1946

Apple Safari Code Execution and Information Disclosure Vulnerabilities
http://www.vupen.com/english/advisories/2010/1945

Redhat Security Update Fixes lvm2-cluster Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/1944

Mandriva Security Update Fixes OpenLDAP Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1943

Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities
http://www.securityfocus.com/bid/40728

PHP Traverser 'mp3_id.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/41899

Serenity Audio Player '.m3u' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39768

Mundi Mail Multiple Remote Command Execution Vulnerabilities
http://www.securityfocus.com/bid/41957

OpenLDAP 'modrdn' Request Multiple Vulnerabilities
http://www.securityfocus.com/bid/41770

Oracle Java SE and Java for Business Sound Component MIDI Stream Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39084

Oracle Java SE and Java for Business 'XNewPtr()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39083

Oracle Java SE and Java for Business CVE-2010-0848 Remote Java 2D Vulnerability
http://www.securityfocus.com/bid/39078

Oracle Java Runtime Environment 'JPEGImageEncoderImpl' Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39062

Oracle Java SE and Java for Business CVE-2010-0849 Remote Java 2D Vulnerability
http://www.securityfocus.com/bid/39073

Oracle Java SE and Java for Business CVE-2010-0847 Remote Java 2D Vulnerability
http://www.securityfocus.com/bid/39071

Oracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39077

Oracle Java SE and Java for Business ImageIO 'JPEGImageReader' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39067

Oracle Java SE and Java for Business JRE Trusted Method Chaining Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39065

Oracle Java SE and Java for Business CVE-2010-0091 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/39096

Oracle Java SE and Java for Business CVE-2010-0084 Remote Vulnerability
http://www.securityfocus.com/bid/39093

Oracle Java SE and Java for Business CVE-2010-0095 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/39086

Oracle Java SE and Java for Business CVE-2010-0088 Remote Java Runtime Environme Vulnerability
http://www.securityfocus.com/bid/39081

Oracle Java SE and Java for Business CVE-2010-0089 Remote Java Web Start Vulnerability
http://www.securityfocus.com/bid/39095

Oracle Java SE and Java for Business CVE-2010-0839 Remote Sound Vulnerability
http://www.securityfocus.com/bid/39070

Oracle Java SE and Java for Business CVE-2010-0085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/39094

Oracle Java SE and Java for Business CVE-2010-0087 Remote Vulnerability
http://www.securityfocus.com/bid/39068

WebKit 'font-face' and 'use' Elements Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42049

WebKit 'foreignObject' Elements Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42046

Whizzy CMS 'whizzycms1001.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/41703

WebKit Element Focus Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42044

WebKit Regular Expression Handling Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42042

WebKit 'use' Element Handling Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42041

Cisco CDS Internet Streamer Web Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/41846

Oracle Java SE and Java for Business Unspecified Vulnerabilities
http://www.securityfocus.com/bid/39492

Galore Simple Shop Component for Joomla! 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/42073

2010年7月29日木曜日

About the security content of Safari 5.0.1 and Safari 4.1.1

http://support.apple.com/kb/HT4276
上記 URL の Safari のセキュリティアップデートの翻訳

1) Safari
 Safari の RSS フィードの取り扱いにおける欠陥が原因で、細工された RSS へアクセスさせることでクロスサイトスクリプティング攻撃を受けてリモートのサーバへファイルを送信される脆弱性。(CVE-2010-1778)

2) Safari
 Safari のオートフィル機能の実装における欠陥が原因で、細工された Web サイトにてユーザに問い合わせることなしにアドレス帳内の情報を漏洩する脆弱性。(CVE-2010-1796)

3) WebKit
 WebKit の focus エレメントの取り扱いにおける解放済みメモリ使用が原因で、細工された Web サイトを閲覧することでアプリケーションが異常終了したり、任意のコードを実行されたりする脆弱性。(CVE-201-1780)

4) WebKit
 WebKit の inline エレメントの取り扱いにおけるメモリ破壊が原因で、細工されたWeb サイトを閲覧することでアプリケーションが異常終了したり、任意のコードを実行されたりする脆弱性。(CVEV-2010-1782)

5) WebKit
 WebKit のテキストノードへの動的更新の取り扱いにおけるメモリ破壊が原因で、細工された Web サイトを閲覧することでアプリケーションが異常終了したり、任意のコードを実行されたりする脆弱性。(CVE-2010-1783)

6) WebKit
 WebKit の CSS カウンタの取り扱いにおけるメモリ破壊が原因で、細工された Webサイトを閲覧することでアプリケーションが異常終了したり、任意のコードを実行されたりする脆弱性。(CVE-2010-1784)

7) WebKit
 WebKit の SVG テキストエレメント内の :first-letter 及び :first-line 擬似エレメントの取り扱いにおいて初期化されていないメモリへのアクセスが発生することが原因で、細工された Web サイトを閲覧することでアプリケーションが異常終了したり、任意のコードを実行されたりする脆弱性。(CVE-2010-1785)

8) WebKit
 WebKit の SVG エレメント内の foreignObject エレメントの取り扱いにおける解放済みメモリ使用が原因で、細工された Web サイトを閲覧することでアプリケーションが異常終了したり、任意のコードを実行されたりする脆弱性。(CVE-2010-1786)

9) WebKit
 WebKit の SVG エレメント内の floating エレメントの取り扱いにおけるメモリ破壊が原因で、細工された Web サイトを閲覧することでアプリケーションが異常終了したり、任意のコードを実行されたりする脆弱性。(CVE-2010-1787)

10) WebKit
 WebKit の SVG エレメント内の 'use' エレメントの取扱におけるメモリ破壊が原因で、細工された Web サイトを閲覧することでアプリケーションが異常終了したり、任意のコードを実行されたりする脆弱性。(CVE-2010-1788)

11) WebKit
 WebKit の JavaScript の文字列オブジェクトの取り扱いにおいてヒープオーバーフローが発生することが原因で、細工された Web サイトを閲覧することでアプリケーションが異常終了したり、任意のコードを実行されたりする脆弱性。(CVE-2010-1789)

12) WebKit
 WebKit のジャストインタイムでコンパイルされた JavaScript スタブの取り扱いにおいて再入可能性が存在することが原因で、細工された Web サイトを閲覧することでアプリケーションが異常終了したり、任意のコードを実行されたりする脆弱性。(CVE-2010-1790)

13) WebKit
 WebKit の JavaScript 配列の取り扱いにおいて署名問題が存在することが原因で、細工された Web サイトを閲覧することでアプリケーションが異常終了したり、任意のコードを実行されたりする脆弱性。(CVE-2010-1791)

14) WebKit
 WebKit の正規表現の取り扱いにおけるメモリ破壊が原因で、細工された Web サイトを閲覧することでアプリケーションが異常終了したり、任意のコードを実行されたりする脆弱性。(CVE-2010-1792)

15) WebKit
 WebKit の SVG ドキュメント内の "font-face" 及び "use" エレメントの取り扱いにおける解放済みメモリ使用が原因で、細工された Web サイトを閲覧することでアプリケーションが異常終了したり、任意のコードを実行されたりする脆弱性。(CVE-2010-1793)

29日 木曜日、大安

Squid 3.1.5.1 release
http://www.squid-cache.org/Versions/v3/3.1/RELEASENOTES.html
http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_5_1.html

Postfix 2.8 Snapshot 20100728
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.8-20100728.HISTORY

「文書閲覧ソフトウェアの古い脆弱性を狙った標的型攻撃」についての調査結果の公開~「2009年度 
脆弱性を利用した新たなる脅威の分析による調査 最終報告書」~
http://www.ipa.go.jp/security/vuln/report/newthreat201007.html

Dell、中堅企業向けセキュリティソリューションを拡充
http://itpro.nikkeibp.co.jp/article/NEWS/20100729/350785/?ST=security

Microsoftのセキュリティ企業向け情報開示プログラム、Adobe製品の情報も提供へ
http://itpro.nikkeibp.co.jp/article/NEWS/20100729/350783/?ST=security

JVNVU#129889 OpenLDAP に複数の脆弱性
http://jvn.jp/cert/JVNVU129889/index.html

JVNVU#568637 Apple Safari における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU568637/index.html

The 2010 Verizon Data Breach Report is Out
http://isc.sans.edu/diary.html?storyid=9283

Symantec Data Loss Prevention KeyView Filter Memory Corruption Errors Let Remote Users Deny Service
http://securitytracker.com/alerts/2010/Jul/1024263.html

Symantec Mail Security KeyView Filter Memory Corruption Errors Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jul/1024262.html

IBM Lotus Notes Memory Corruption Errors in Various File Readers Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jul/1024261.html

LVM2 Missing Authentication in Cluster Local Volume Manager Lets Local Users Manage
Volumes in the Clusterhttp://securitytracker.com/alerts/2010/Jul/1024258.html

WM Downloader 3.1.2.2 2010.04.15 Buffer Overflow (SEH)
http://www.exploit-db.com/exploits/14497/




+ make 3.82 released
http://www.gnu.org/software/make/
http://ftp.gnu.org/pub/gnu/make/?C=M;O=D

- HPSBUX02556 SSRT100014 rev.2 - HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02288473

About the security content of Safari 5.0.1 and Safari 4.1.1
http://support.apple.com/kb/HT4276

Samba 3.6.0pre1 Available for Download
http://www.samba.org/
http://www.samba.org/samba/ftp/pre/WHATSNEW-3-6-0pre1.txt
http://news.samba.org/releases/3.6.0pre1/

Secunia : Autonomy KeyView Compound File Parsing Buffer Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33257

Secunia : Autonomy KeyView wkssr.dll Floating Point Conversion Buffer Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33258

Secunia : Autonomy KeyView rtfsr.dll RTF Parsing Signedness Error
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33259

Secunia : Autonomy KeyView wosr.dll Data Block Parsing Buffer Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33260

Secunia : Autonomy KeyView wkssr.dll Integer Underflow Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33261

Secunia : Autonomy KeyView wkssr.dll String Indexing Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33262

Debian : DSA 2075-1 New xulrunner packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33255

Debian : DSA 2076-1 New gnupg2 packages fix potential code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33256

MajorSecurity : MajorSecurity SA-079 - PHPKIT WCMS - Multiple stored Cross Site Scripting Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33264

「ゼロデイ対策にはアカウントの使い分けが有効」――専門家が伝授
頻発するゼロデイ攻撃、原因の一つは「企業のセキュリティ向上」
http://itpro.nikkeibp.co.jp/article/NEWS/20100729/350782/?ST=security

JPCERT/CC WEEKLY REPORT
http://www.jpcert.or.jp/wr/2010/wr102801.html

JVNDB-2010-001739 x86_64 プラットフォーム上で稼動する RHEL の LibTIFF におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001739.html

JVNDB-2010-001738 LibTIFF の TIFFVStripSize 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001738.html

JVNDB-2010-001737 LibTIFF の TIFFYCbCrtoRGB 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001737.html

JVNDB-2010-001736 LibTIFF の TIFFRGBAImageGet 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001736.html

JVNDB-2010-001735 LibTIFF の TIFFExtractData マクロにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001735.html

JVNDB-2010-001734 iSNS 実装におけるバッファーオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001734.html

New vulnerabilities in Cetera eCommerce
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00257.html

Vulnerabilities in Cetera eCommerce
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00256.html

PhotoMap Gallery 1.6.0 Joomla Component Multiple Blind SQL Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00254.html

[security bulletin] HPSBMA02549 SSRT090158 rev.2 - HP Insight Control Power Management for Windo
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00255.html

Enterprise 4.0.1 - Multiple Low Risk Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00253.html

Secunia Research: Autonomy KeyView wkssr.dll Record Parsing Buffer Overflows
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00252.html

Secunia Research: Autonomy KeyView wkssr.dll String Indexing Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00251.html

Secunia Research: Autonomy KeyView wkssr.dll Integer Underflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00250.html

Secunia Research: Autonomy KeyView wosr.dll Data Block Parsing Buffer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00249.html

Secunia Research: Autonomy KeyView rtfsr.dll RTF Parsing Signedness Error
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00247.html

Secunia Research: Autonomy KeyView wkssr.dll Floating Point Conversion Buffer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00248.html

Secunia Research: Autonomy KeyView Compound File Parsing Buffer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00246.html

Appointinator 1.0.1 Joomla Component Multiple Remote Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00244.html

[SECURITY] [DSA 2076-1] New gnupg2 packages fix potential code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00242.html

[SECURITY] [DSA 2075-1] New xulrunner packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00243.html

Oracle announced GNOME Display Manager password disclosure weakness
http://isc.sans.edu/diary.html?storyid=9277

hsolinkcontrol Privilege Escalation Vulnerabilities
http://secunia.com/advisories/40713/

TYPO3 Front End User Registration Extension Password Security Issue
http://secunia.com/advisories/40753/

nuBuilder "GLOBALS[StartingDirectory]" File Inclusion Vulnerability
http://secunia.com/advisories/40744/

bozohttp Security Bypass Vulnerability
http://secunia.com/advisories/40737/

MediaWiki Information Disclosure and Cross-Site Scripting
http://secunia.com/advisories/40740/

KVIrc Failed DCC Handshake Notification Command Injection Vulnerability
http://secunia.com/advisories/40727/

Red Hat update for jboss-seam2
http://secunia.com/advisories/40741/

Internet Navigware Server Information Disclosure and Manipulation of Data
http://secunia.com/advisories/40738/

Zabbix PHP Frontend "formatQuery()" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/40679/

JBoss Enterprise SOA Platform Multiple Security Issues
http://secunia.com/advisories/40681/

Sun Solaris GNOME Display Manager Password Disclosure Weakness
http://secunia.com/advisories/40690/

GNOME Display Manager Password Disclosure Weakness
http://secunia.com/advisories/40780/

IBM Tivoli Directory Server DB2 Password Information Disclosure
http://secunia.com/advisories/40734/

IBM AIX BIND DNSSEC Cache Poisoning Vulnerability
http://secunia.com/advisories/40730/

Cisco Multiple Products TLS Session Renegotiation Plaintext Injection
http://secunia.com/advisories/40747/

Symantec Products File Parsing Multiple Vulnerabilities
http://secunia.com/advisories/38830/

Lotus Notes File Parsing Multiple Vulnerabilities
http://secunia.com/advisories/38704/

Joomla! Appointinator Component "aid" SQL Injection Vulnerability
http://secunia.com/advisories/40779/

Red Hat update for w3m
http://secunia.com/advisories/40733/

Debian update for xulrunner
http://secunia.com/advisories/40724/

Debian update for gnupg2
http://secunia.com/advisories/40718/

Autonomy Keyview Multiple Vulnerabilities
http://secunia.com/advisories/38690/

Apple Safari Memory Corruption Errors Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jul/1024257.html

Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jul/1024256.html

IBM SolidDB solid.exe Handshake Request Username Field Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5DP3J2A20U.html

HP-UX Running rpc.ttdbserver Execution of Arbitrary Code vulnerability
http://www.securiteam.com/securitynews/5AP3G2A20O.html

Oracle Secure Backup Web Interface Post-Auth Command Injection Code Execution Vulnerabilities
http://www.securiteam.com/securitynews/5BP3H2A20A.html

HP Systems Insight Manager Execution of Arbitrary Code and Other Vulnerabilities
http://www.securiteam.com/securitynews/5CP3I2A20O.html

nuBuilder 10.04.20 Local File Inclusion Vulnerability
http://securityreason.com/securityalert/7614

UPlusFTP Server v1.7.1.01 [ HTTP ] Remote Buffer Overflow [ Post Auth ]
http://www.exploit-db.com/exploits/14496/

Symantec AMS Intel Alert Handler Service Design Flaw
http://www.exploit-db.com/exploits/14492/

Apache Tomcat http://www.exploit-db.com/exploits/14489

Zemana AntiLogger AntiLog32.sys <= 1.5.2.755 Local Privilege Escalation Vulnerability http://www.exploit-db.com/exploits/14491/

QQPlayer smi File Buffer Overflow Exploit
http://www.exploit-db.com/exploits/14482/

Cisco Products Transport Layer Security Renegotiation Vulnerability
http://www.vupen.com/english/advisories/2010/1942

IBM Tivoli Directory Server DB2 Password Disclosure Vulnerability
http://www.vupen.com/english/advisories/2010/1941

IBM AIX Security Update Fixes BIND Cache Poisoning Vulnerability
http://www.vupen.com/english/advisories/2010/1940

IBM Lotus Notes Autonomy Keyview Buffer and Integer Overflows
http://www.vupen.com/english/advisories/2010/1939

Symantec Products Autonomy Keyview Buffer and Integer Overflows
http://www.vupen.com/english/advisories/2010/1938

Autonomy Keyview Multiple Buffer and Integer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/1937

Nessus Web Server Plugin Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1936

SAP NetWeaver "action" and "helpstring" Cross Site Scripting
http://www.vupen.com/english/advisories/2010/1935

Turbolinux Security Update Fixes CUPS Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1934

Mandriva Security Update Fixes Samba Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/1933

Mandriva Security Update Fixes PHP Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1932

Debian Security Update Fixes GnuPG Use-after-free Vulnerability
http://www.vupen.com/english/advisories/2010/1931

Debian Security Update Fixes Xulrunner Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1930

Redhat Security Update Fixes JBoss Seam Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/1929

Redhat Security Update Fixes w3m Certificate Spoofing Vulnerability
http://www.vupen.com/english/advisories/2010/1928

Fedora Security Update Fixes libvirt Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/1927

Mundi Mail Multiple Remote Command Execution Vulnerabilities
http://www.securityfocus.com/bid/41957

RETIRED: Apple Safari Prior to 5.0.1 and 4.1.1 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/42020

ZABBIX 'formatQuery()' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/42017

OpenLDAP 'modrdn' Request Multiple Vulnerabilities
http://www.securityfocus.com/bid/41770

Easy FTP Server (AKA UplusFTP) 'Path' Parameter Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38321

OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39013

Multiple Mini-stream Software Products '.m3u' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34494

Quiksoft EasyMail 'AddAttachment()' Method ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36440

IBM AIX FTP Server 'NLST' Command Information Disclosure Vulnerability
http://www.securityfocus.com/bid/41762

EasyMail Objects 'emimap4.dll' ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36409

EasyMail Objects Connect Method Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/22583

Jetty Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/34800

Uiga Church Portal Multiple Vulnerabilities
http://www.securityfocus.com/bid/42011

RETIRED: Joomla! 'com_ninjamonial' Component 'Itemid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/41345

Samba 'SMB1 Packet Chaining' Unspecified Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40884

Apple Safari Personal Address Book AutoFill Information Disclosure Weakness
http://www.securityfocus.com/bid/41884

HP Insight Control Power Management Unspecified Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/41578

IBM Tivoli Directory Server DB2 Password Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42015

ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118

Multiple Java Runtime Implementations UTF-8 Input Validation Vulnerability
http://www.securityfocus.com/bid/30633

Autonomy KeyView Filter Module Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/41928

Pointdev IDEAL Migration & IDEAL Administration '.ipj' File Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39729

Mongoose Slash Character Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/42051

WebKit 'font-face' and 'use' Elements Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42049

WebKit JavaScript String Object Remote Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/42048

WebKit 'foreignObject' Elements Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42046

WebKit JavaScript Array Signedness Error Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42045

WebKit Element Focus Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42044

WebKit Just-In-Time Compiled JavaScript Stubs Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42043

WebKit Regular Expression Handling Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42042

WebKit 'use' Element Handling Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42041

Apple Safari RSS Feed Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42039

WebKit CVE-2010-1787 Floating Elements Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42038

WebKit ':first-letter' and ':first-line' Pseudo-Elements Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42037

WebKit CSS Counters Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42036

WebKit CVE-2010-1783 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42035

WebKit Inline Elements Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42034

Piwik 0.6 Through 0.6.3 Remote File Include Vulnerability
http://www.securityfocus.com/bid/42031

TYPO3 Core TYPO3-SA-2010-012 Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/42029

nuBuilder 'report.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/42027

KVIrc '\r' Carriage Return in DCC Handshake Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/42026

Jira Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/42025

MediaWiki 'profileinfo.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/42024

AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/42023

MediaWiki 'api.php' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42019

2010年7月28日水曜日

28日 水曜日、仏滅

+ Microsoft Internet Explorer Frame Border Property Denial of Service Vulnerability
http://www.securityfocus.com/bid/41990

Firefox 4 Beta 2 now available for download
https://developer.mozilla.org/devnews/index.php/2010/07/27/firefox-4-beta-2-now-available-for-download/
http://www.mozilla.com/firefox/4.0b2/releasenotes/

HPSBMA02549 SSRT090158 rev.2 - HP Insight Control Power Management for Windows, Local Unauthorized Read Access to Data
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282361

SUN ALERT WEEKLY SUMMARY REPORT
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021776.1-1

Sudo 1.7.4rc1 was released
http://www.sudo.ws/sudo/devel.html#1.7.4rc1

(July 2010) Fixes for potential security vulnerabilities in Lotus Notes file viewers
http://www-01.ibm.com/support/docview.wss?uid=swg21440812

RHSA-2010:0565-1: Moderate: w3m security update
http://rhn.redhat.com/errata/RHSA-2010-0565.html

Document ID: 358006: The Windows Failover Cluster (WFC) Management Console displays incorrect volume information for Storage Foundation for Windows (SFW) 5.1 SP1 volumes that do not have a drive letter assigned. When viewing the volume properties, the Management Console will display foreign characters for the Drive Letter and will show an incorrect volume size.
http://seer.entsupport.symantec.com/docs/358006.htm

Document ID: 357880: The RHS.exe process in a Windows Server 2008 Failover Cluster (WFC) crashes unexpectedly when running Storage Foundation for Windows (SFW) 5.1 SP1. The crash dump output and information logged to the Application Event Log point to vxres.dll as the possible cause.
http://seer.support.veritas.com/docs/SFFW_index.htm

Mandriva : MDVSA-2010:139 - php
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33242

Mandriva : MDVSA-2010:140 - php
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33249

Red Hat : RHSA-2010:0565-01 Moderate: w3m security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33247

[ MDVSA-2010:141 ] samba
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00241.html

[ MDVSA-2010:140 ] php
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00240.html

TTVideo 1.0 Joomla Component SQL Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00239.html

London DEFCON July meet - DC4420 - Wed 28th July 2010
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00238.html

[MajorSecurity SA-079]PHPKIT WCMS - Multiple stored Cross Site Scripting Issues
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00237.html

[USN-964-1] Likewise Open vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00236.html

FuzzDiff tool
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00235.html

XSS vulnerability in Theeta CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00234.html

XSS vulnerability in Theeta CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00233.html

XSS vulnerability in SyndeoCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00232.html

XSS vulnerability in Theeta CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00231.html

XSS vulnerability in SyndeoCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00230.html

SQL injection vulnerability in Theeta CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00229.html

XSS vulnerability in SyndeoCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00228.html

Heap Overflow/DoS Vulnerability in Media Player Classic
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00227.html

[USN-930-6] Firefox and Xulrunner vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00226.html

JVNDB-2010-001733 LibTIFF の OJPEGReadBufferFill 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001733.html

JVNDB-2010-001732 LibTIFF の TIFFroundup マクロにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001732.html

JVNDB-2010-001731 Cisco Industrial Ethernet 3000 シリーズに SNMP Community String がハードコードされている問題
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001731.html

JVNDB-2010-001730 libpng に脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001730.html

JVNDB-2010-001729 Cisco Content Services Switch における HTTP Request Smuggling 攻撃の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001729.html

JVNDB-2010-001728 Cisco Content Services Switch における認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001728.html

SYM10-009: Security Advisories Relating to Symantec Products - Multi-Vendor Autonomy KeyView Filter Multiple Security Issues
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01

HP Insight Orchestration for Windows Unauthorized Access Vulnerability
http://www.securiteam.com/windowsntfocus/5JP3G2020E.html

HP Insight Control Power Management for Windows Multiple Vulnerabilities
http://www.securiteam.com/windowsntfocus/5KP3H2020W.html

XnView MBM Processing Heap Overflow Vulnerability
http://www.securiteam.com/securitynews/5LP3I2020O.html

SyndeoCMS Script Insertion and Cross-Site Request Forgery Vulnerabilities
http://secunia.com/advisories/40769/

PunBB Private messaging Extension "message_id" SQL Injection Vulnerability
http://secunia.com/advisories/40721/

Wing FTP Server SSH and Web Client Two Vulnerabilities
http://secunia.com/advisories/40731/

AKY Blog "id" SQL Injection Vulnerability
http://secunia.com/advisories/40746/

Fedora update for libvirt
http://secunia.com/advisories/40778/

libvirt iptables Rules and Disk Format Security Bypass
http://secunia.com/advisories/40758/

Joomla! TTVideo Component "cid" SQL Injection Vulnerability
http://secunia.com/advisories/40716/

PHPKIT Cross-Site Scripting and Cross-Site Request Forgery
http://secunia.com/advisories/40754/

Nessus Web Server Plugin Cross-Site Scripting Vulnerability
http://secunia.com/advisories/40722/

Ubuntu update for likewise-open
http://secunia.com/advisories/40736/

Likewise Open / Likewise-CIFS pam_lsass Logic Error Security Bypass
http://secunia.com/advisories/40725/

Fedora update for xulrunner
http://secunia.com/advisories/40757/

Fedora update for turba
http://secunia.com/advisories/40755/

SAP NetWeaver System Landscape Directory Component Cross-Site Scripting
http://secunia.com/advisories/40712/

Fedora update for pidgin
http://secunia.com/advisories/40764/

Fedora update for mysql
http://secunia.com/advisories/40762/

Fedora update for openttd
http://secunia.com/advisories/40760/

Fedora update for mingw32-libpng
http://secunia.com/advisories/40756/

Ubuntu update for thunderbird
http://secunia.com/advisories/40694/

Ubuntu update for firefox and xulrunner
http://secunia.com/advisories/40693/

Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/40743/

Responsible Disclosure or Full Disclosure?
http://isc.sans.edu/diary.html?storyid=9274

JBoss Seam Input Validation Flaw in Processing JBoss Expression Language Expressions Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jul/1024253.html

w3m NULL Character Flaw in Common Name Field Lets Remote Users Spoof Certificates
http://securitytracker.com/alerts/2010/Jul/1024252.html

Nessus Web Server Input Validation Flaw Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Jul/1024248.html

PHPKIT WCMS - Multiple stored Cross Site Scripting
http://securityreason.com/securityalert/7613

PHPKIT WCMS - Reflected Cross Site Scripting Issue
http://securityreason.com/securityalert/7612

Vulnerabilities in SimpNews
http://securityreason.com/securityalert/7611

Joomla Music Manager Component LFI Vulnerability
http://securityreason.com/securityalert/7610

iScripts VisualCaster SQL Injection Vulnerability
http://securityreason.com/securityalert/7609

Microsoft Visual Studio 6.0 (VCMUTL.dll) 0day Unicode ActiveX Buffer Overflow
http://www.exploit-db.com/exploits/14487/

QQPlayer smi File Buffer Overflow Exploit
http://www.exploit-db.com/exploits/14482/

MC Content Manager SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1926

Visites for Joomla "mosConfig_absolute_path" File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/1925

ZeeAdbox "bnnnerid" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1924

Joomdle for Joomla "course_id" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1923

Google Chrome Memory Corruption and Information Disclosure Issues
http://www.vupen.com/english/advisories/2010/1922

Fujitsu Interstage Products HTTP Server Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1921

Fedora Security Update Fixes MinGW-Libpng Two Vulnerabilities
http://www.vupen.com/english/advisories/2010/1920

Fedora Security Update Fixes Xulrunner Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/1919

Fedora Security Update Fixes MySQL Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1918

Fedora Security Update Fixes Pidgin Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1917

Fedora Security Update Fixes OpenTTD Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1916

Fedora Security Update Fixes Turba Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1915

Fedora Security Update Fixes Horde and IMP Information Disclosure
http://www.vupen.com/english/advisories/2010/1914

Ubuntu Security Update Fixes Likewise Open Password Expiration Issue
http://www.vupen.com/english/advisories/2010/1913

Ubuntu Security Update Fixes Firefox and Xulrunner Vulnerability
http://www.vupen.com/english/advisories/2010/1912

Ubuntu Security Update Fixes Thunderbird Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1911

Apple QuickTime 'QuickTimeStreaming.qtx' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41962

libvirt Multiple Local Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/41981

Mozilla Firefox, Thunderbird, and SeaMonkey CVE-2010-1211 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41859

Multiple Mozilla Products CSS Selectors Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/41872

Multiple Mozilla Products Script Filename Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/41860

libpng Memory Corruption and Memory Leak Vulnerabilities
http://www.securityfocus.com/bid/41174

Mozilla Firefox and SeaMonkey DOM Cloning Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41849

Mozilla Firefox, Thunderbird, and SeaMonkey 'nsTreeSelection' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41853

Mozilla Firefox and Sea Monkey Location Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/41968

Mozilla Firefox/Thunderbird/SeaMonkey 'nsIContentPolicy' Security Bypass Vulnerability
http://www.securityfocus.com/bid/39479

Mozilla Firefox and SeaMonkey Plugin Parameters Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41842

Microsoft Internet Explorer Frame Border Property Denial of Service Vulnerability
http://www.securityfocus.com/bid/41990

Michelles L2J DropCalc I-Search.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/22335

Mozilla Firefox Plugin Parameter Reference Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41933

Samba Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/40097

nuBuilder Local File Include and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/41404

PHP xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38708

PHP 'SplObjectStorage' Unserializer Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/40948

CUPS Web Interface Unspecified Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/40889

CUPS Web Interface Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40897

CUPS File Descriptors Handling Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37048

CUPS File Descriptors Handling Use-After-Free Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38510

CUPS 'texttops' Filter NULL-pointer Dereference Vulnerability
http://www.securityfocus.com/bid/40943

W3M NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/40837

RETIRED: 4images 'command' Parameter Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/41974

Horde Turba Contact Manager '/imp/test.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/31168

Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40106

Oracle MySQL 'COM_FIELD_LIST' Command Packet Security Bypass Vulnerability
http://www.securityfocus.com/bid/40109

Oracle MySQL Malformed Packet Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40100

Oracle MySQL 'ALTER DATABASE' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/41198

OpenTTD 'NetworkSyncCommandQueue()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/41804

OpenTTD Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37487

OpenTTD Map Download File Descriptor Consumption Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39874

OpenTTD Spectator Company Password Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39871

OpenTTD Prior to 1.0.1 Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/39869

Libpurple MSN Protocol Custom Emoticons Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40138

Pidgin 'X-Status' Message Denial of Service Vulnerability
http://www.securityfocus.com/bid/41881

Multiple Vendors Email Clients DNS prefetching Domain Name Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38046

Joomla Component Appointinator Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/42007

JBoss Seam Parameterized EL Expressions Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41994

PHP Versions Prior to 5.3.3/5.2.14 Multiple Vulnerabilities
http://www.securityfocus.com/bid/41991

Wing FTP Server Denial of Service Vulnerability and Information Disclosure Vulnerability
http://www.securityfocus.com/bid/41987

Autonomy KeyView Filter Module Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/41928

2010年7月27日火曜日

27日 火曜日、先負

Google Chrome 5.0.375.125 has been released
http://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html

phpMyAdmin 3.3.5 is released
http://sourceforge.net/news/?group_id=23067&id=289691

日本ベリサインがGumblarなどにかかっていないことを証明するサービス
http://itpro.nikkeibp.co.jp/article/NEWS/20100727/350716/?ST=security

iPhoneのJailbreakは違法にあらず、DMCA見直しで適用免除に
http://itpro.nikkeibp.co.jp/article/NEWS/20100727/350710/?ST=security

Symantec Antivirus Corporate Edition Alert Management Service Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jul/1024251.html

Mac OS X WebDAV Memory Allocation Error Lets Local Users Deny Service
http://securitytracker.com/alerts/2010/Jul/1024250.html

Citi Mobile Local File Storage May Disclose Potentially Sensitive Information to Local Users
http://securitytracker.com/alerts/2010/Jul/1024249.html

Joomla BookLibrary From Same Author Module "id" SQL Injection
http://securityreason.com/securityalert/7608

nuBuilder 10.04.20 Local File Inclusion
http://securityreason.com/securityalert/7607

nuBuilder 10.04.20 Reflected XSS
http://securityreason.com/securityalert/7606

ArtForms 2.1b7.2 RC2 Joomla Component Multiple Remote Vulnerabilities
http://securityreason.com/securityalert/7605

Joomla Component (com_quickfaq) BSQL-i Vulnerability
http://securityreason.com/securityalert/7604

News Office 2.0.18 Reflected XSS
http://securityreason.com/securityalert/7603




+ Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/41963
http://httpd.apache.org/security/vulnerabilities_22.html

+ Symantec Antivirus Corporate Ed. Alert Management Service Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/41959

- Dovecot ACL Plugin INBOX Permissions Security Weakness
http://www.vupen.com/english/advisories/2010/1909

Sudo 1.7.4b5 was released
http://www.sudo.ws/sudo/devel.html#1.7.4b5

Dan Rosenberg : Mac OS X WebDAV kernel extension local denial-of-service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33241

MustLive : Multiple vulnerabilities in MC Content Manager
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33240

Red Hat : RHSA-2010:0556-01 Critical: firefox security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33237

Red Hat : RHSA-2010:0557-01 Critical: seamonkey security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33238

Red Hat : RHSA-2010:0558-01 Critical: firefox security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33239

Slackware Linux : SSA:2010-204-01 mozilla-firefox
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33236

JVNDB-2007-001207 Perl の Archive::Tar モジュールにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001207.html

JVNDB-2010-001727 Linux kernel の do_gfs2_set_flags 関数におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001727.html

JVNDB-2010-001726 Linux kernel の gfs2 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001726.html

JVNDB-2010-001725 Linux kernel の Transparent Inter-Process Communication 機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001725.html

JVNDB-2010-001724 Linux kernel の fs/nfs/pagelist.c における脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001724.html

JVNDB-2010-001723 Linux kernel の nfs_wait_on_request 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001723.html

JVNDB-2010-001722 Linux kernel の wake_futex_pi 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001722.html

[USN-957-2] Firefox and Xulrunner vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00222.html

Nessus Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00223.html

[USN-958-1] Thunderbird vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00221.html

[LWSA-2010-001] Likewise Open 5.4 & 6.0
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00219.html

Mac OS X WebDAV kernel extension local denial-of-service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00218.html

Foofus.net Security Advisory: Symantec AMS Intel Alert Handler service Design Flaw
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00212.html

QQplayer smi File Processing Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00217.html

WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00216.html

Multiple vulnerabilities in MC Content Manager
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00215.html

Call For Papers - Hackers 2 Hackers Conference 7th Edition - Brazil
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00214.html

DM Filemanager (fckeditor) Remote Arbitrary File Upload Exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00213.html

Internet Explorer 8.0 Address Bar Spoofing Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00211.html

SophosLabs Released Free Tool to Validate Microsoft Shortcut
http://isc.sans.edu/diary.html?storyid=9268

QuickTime Player Streaming Debug Error Logging Buffer Overflow
http://secunia.com/advisories/40729/

libmspack MS-ZIP Infinite Loop Denial of Service
http://secunia.com/advisories/40719/

Joomla! IT Armory Component Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/40752/

CometBird Multiple Vulnerabilities
http://secunia.com/advisories/40739/

Joomla Frei-Chat Component One Script Insertion Vulnerability
http://secunia.com/advisories/40751/

DM Filemanager FCKeditor File Upload Security Issue
http://secunia.com/advisories/40748/

Interstage HTTP Server Multiple Vulnerabilities
http://secunia.com/advisories/40732/

WhiteBoard "displayname" and "email" SQL Injection Vulnerabilities
http://secunia.com/advisories/40735/

Dovecot ACL Plugin Maildir / INBOX ACL Weakness
http://secunia.com/advisories/40723/

GnuPG GPGSM Certificate Parsing Use-After-Free Vulnerability
http://secunia.com/advisories/38877/

Red Hat update for firefox
http://secunia.com/advisories/40717/

Red Hat update for seamonkey
http://secunia.com/advisories/40700/

IBM Tivoli Storage Manager Multiple Vulnerabilities
http://secunia.com/advisories/40726/

Mozilla Firefox Plugin Parameter Array Dangling Pointer Vulnerability
http://secunia.com/advisories/40720/

GnuPG GPGSM Tool Certificate Import Memory Error May Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jul/1024247.html

HP SSL for OpenVMS Unauthorized Data Injection and DoS Vulnerabilities
http://www.securiteam.com/securitynews/5OP3G1P20A.html

Cisco Network Building Mediator Multiple Vulnerabilities
http://www.securiteam.com/securitynews/5TP3L1P20C.html

HP Small Form Factor PC's with Broadcom Integrated NIC Firmware Vulnerability
http://www.securiteam.com/securitynews/5QP3H1P21M.html

HP-UX running ONCplus rpc.pcnfsd Denial of Service and Increase in Privilege Vulnerabilities
http://www.securiteam.com/securitynews/5PP3G1P21I.html

HP-UX Running Apache-based Web Server Multiple Vulnerabilities
http://www.securiteam.com/securitynews/5UP3M1P20K.html

HP-UX Running BIND Denial of Service Vulnerability
http://www.securiteam.com/securitynews/5VP3N1P20A.html

HP Performance Manager Multiple vulnerabilities
http://www.securiteam.com/securitynews/5OP3F1P21C.html

HP StorageWorks Storage Mirroring Unauthorized Access Vulnerability
http://www.securiteam.com/securitynews/5WP3O1P20K.html

HP Business Availability Center Running Apache Multiple Vulnerabilities
http://www.securiteam.com/securitynews/5RP3J1P20S.html

HP OpenView SNMP Emanate Master Agent Unauthorized Access Vulnerability
http://www.securiteam.com/securitynews/5QP3I1P20U.html

HP-UX Running Apache with PHP Multiple Vulnerabilities
http://www.securiteam.com/securitynews/5PP3H1P20Q.html

HP OpenView Network Node Manager Execution of Arbitrary Code Vulnerability
http://www.securiteam.com/securitynews/5SP3K1P20I.html

GnuPG GPGSM Tool Subject Alternate Names Use-after-free Vulnerability
http://www.vupen.com/english/advisories/2010/1910

Dovecot ACL Plugin INBOX Permissions Security Weakness
http://www.vupen.com/english/advisories/2010/1909

Zabbix Multiple Parameter Handling Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/1908

Joomla! Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2010/1907

IBM Tivoli Storage Manager Security Bypass and DoS Vulnerabilities
http://www.vupen.com/english/advisories/2010/1906

Sun Solaris GNOME Display Manager Password Disclosure Vulnerability
http://www.vupen.com/english/advisories/2010/1905

PHP Security Update Fixes Multiple Memory Corruption Vulnerabilities
http://www.vupen.com/english/advisories/2010/1904

cabextract Security Update Fixes Two Unspecified Vulnerabilities
http://www.vupen.com/english/advisories/2010/1903

libmspack Security Update Fixes Two Unspecified Vulnerabilities
http://www.vupen.com/english/advisories/2010/1902

XAOS CMS "m" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1901

Ballettin Forum Multiple Parameter SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2010/1900

CMS Ignition "shopMGID" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1899

Redhat Security Update Fixes Firefox and SeaMonkey Vulnerability
http://www.vupen.com/english/advisories/2010/1898

Ubuntu Security Update Fixes Firefox and Xulrunner Vulnerabilities
http://www.vupen.com/english/advisories/2010/1897

Ubuntu Security Update Fixes NSS TLS Plaintext Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1896

Slackware Security Update Fixes Firefox Dangling Pointer Vulnerability
http://www.vupen.com/english/advisories/2010/1895

IBM Java Illegal UTF8 Byte Sequences Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/1894

Siemens SIMATIC WinCC Hardcoded Database Credentials Vulnerability
http://www.vupen.com/english/advisories/2010/1893

vBulletin FAQ Database Credentials Disclosure Vulnerability
http://www.vupen.com/english/advisories/2010/1892

Mozilla Firefox Plugin Parameter Array Dangling Pointer Vulnerability
http://www.vupen.com/english/advisories/2010/1891

Mandriva Security Update Fixes iputils ping Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1890

Mozilla Firefox Plugin Parameter Reference Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41933

Shibboleth Redirection URL HTML Injection Vulnerability
http://www.securityfocus.com/bid/37241

iputils 'ping.c' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/41911

RETIRED: Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2010-34 Through -47 Multiple Vulnerabilities
http://www.securityfocus.com/bid/41824

Microsoft Access ActiveX Control Multiple Instantiation Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41442

Microsoft Access 'AccWizObjects' ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41444

Apache 'mod_isapi' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38494

Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40827

Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
http://www.securityfocus.com/bid/29653

libpng Memory Corruption and Memory Leak Vulnerabilities
http://www.securityfocus.com/bid/41174

Multiple Mozilla Products Script Filename Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/41860

Mozilla Firefox, Thunderbird, and SeaMonkey 'nsTreeSelection' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41853

Mozilla Firefox, Thunderbird, and SeaMonkey CVE-2010-1211 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41859

Mozilla Firefox and SeaMonkey Plugin Parameters Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41842

LILDBI 'uploader.php' Remote File Upload Vulnerability
http://www.securityfocus.com/bid/41909

Rit Research Labs TinyWeb Server Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/8810

NoticeBoard Joomla! Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/39742

IBM DB2 'REPEAT()' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37976

IBM DB2 'kuddb2' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38018

Microsoft Outlook TNEF Stream With MAPI Attachment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41446

Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935

IBM DB2 prior to 9.7 Fix Pack 2 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/40446

MediaCoder '.m3u' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34051

Media Player Classic '.m3u' File Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41972

sSMTP 'standardize()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41965

Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
http://www.securityfocus.com/bid/41964

Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/41963

Apple QuickTime 'QuickTimeStreaming.qtx' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41962

Freeway 'ecPath' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/41960

Symantec Antivirus Corporate Ed. Alert Management Service Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/41959

Apple Mac OS X WebDAV Kernel Extension Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/41958

Open-Realty 'title' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/41947