UPDATE: MS10-041 - Important: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
http://www.microsoft.com/technet/security/bulletin/MS10-041.mspx?pubDate=2010-06-30
UPDATE: MS10-040 - Important: Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
http://www.microsoft.com/technet/security/bulletin/MS10-040.mspx?pubDate=2010-06-30
UPDATE: MS10-038 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
http://www.microsoft.com/technet/security/bulletin/MS10-038.mspx?pubDate=2010-06-30
UPDATE: MS09-040 - Important: Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)
http://www.microsoft.com/technet/security/bulletin/MS09-040.mspx?pubDate=2010-06-30
UPDATE: MS10-040 - 重要: インターネット インフォメーション サービスの脆弱性により、リモートでコードが実行される (982666)
http://www.microsoft.com/japan/technet/security/bulletin/MS10-040.mspx
UPDATE: MS10-038 - 重要: Microsoft Office Excel の脆弱性により、リモートでコードが実行される (2027452)
http://www.microsoft.com/japan/technet/security/bulletin/MS10-038.mspx
UPDATE: MS09-040 - 重要: メッセージ キューの脆弱性により、特権が昇格される (971032)
http://www.microsoft.com/japan/technet/security/bulletin/MS09-040.mspx
ウェブサイト運営者向けセキュリティ対策セミナー開催のお知らせ
~ウェブサイトを安全に運営するための勘どころ~
http://www.ipa.go.jp/security/vuln/seminar/lab_semi_web_2010.html
Facebook、外部サイトとの情報共有でオプトイン機能を導入へ
http://itpro.nikkeibp.co.jp/article/NEWS/20100701/349820/?ST=security
Cisco ASA HTTP Response Splitting Vulnerability
http://securityreason.com/securityalert/7550
Joomla Component JFaq 1.2 Multiple Vulnerabilities
http://securityreason.com/securityalert/7549
Joomla JE Ajax event calendar SQL Vulnerable
http://securityreason.com/securityalert/7548
Joomla Component Picasa2Gallery LFI vulnerability
http://securityreason.com/securityalert/7547
Webmaster-Tips.net Flash Gallery for Joomla 'com_wmtpic' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41253
+ OpenLDAP 2.4.23 released
http://www.openldap.org/software/release/announce.html
http://www.openldap.org/software/release/changes.html
+ Sudo 1.7.2p8 released
http://www.gratisoft.us/sudo/news.html
http://www.sudo.ws/sudo/stable.html#1.7.2p8
+ PHP 'strrchr()' Function Information Disclosure Vulnerability
http://www.securityfocus.com/bid/41265
+ [0day] Microsoft mshtml.dll CTimeoutEventList::InsertIntoTimeoutList memory leak
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00259.html
HS10-014: HiRDBにおけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-014/index.html
Slackware Linux : libtiff
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33005
Slackware Linux : libpng
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33006
CSL Labs : SAP's web module OLK SQL Injection vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33016
High-Tech Bridge SA : SQL injection vulnerability in TomatoCMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33012
High-Tech Bridge SA : XSS vulnerability in PortalApp
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33013
High-Tech Bridge SA : SQL injection vulnerability in Grafik CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33014
High-Tech Bridge SA : XSS vulnerability in Grafik CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33015
Icy Silence : D-Link DAP-1160 Authentication Bypass
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32999
Independent Researcher : Miyabi CGI Tools index.pl command execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33010
Independent Researcher : Miyabi CGI Tools index.pl command execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33011
Secunia : TaskFreak "password" SQL Injection Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33007
Secunia : TaskFreak "tznMessage" Cross-Site Scripting Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33008
TurboBorland : Kryn Persistent XSS and Administrative CSRF
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33009
Ubuntu Security Notice : nss vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33001
Ubuntu Security Notice : nspr update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33002
Ubuntu Security Notice : Firefox and Xulrunner vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33003
Ubuntu Security Notice : apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33004
Adobe Readerの新版公開、「ゼロデイ攻撃」や「危険な仕様」に対応
Acrobatの新版もリリース、「ヘルプ」メニューからアップデート可能
http://itpro.nikkeibp.co.jp/article/NEWS/20100701/349729/?ST=security
JVNDB-2010-001592 Microsoft Internet Explorer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001592.html
JVNDB-2010-001591 Microsoft Internet Explorer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001591.html
JVNDB-2010-001590 Microsoft Internet Explorer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001590.html
JVNDB-2010-001589 Microsoft Internet Explorer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001589.html
JVNDB-2010-001588 複数の Microsoft 製品におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001588.html
JVNDB-2010-001587 Microsoft Internet Explorer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001587.html
JVNDB-2010-001586 複数の Microsoft 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001586.html
JVNDB-2010-001585 複数の Microsoft 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001585.html
JVNDB-2010-001500 PostgreSQL における任意の Perl コードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001500.html
JVNDB-2009-001993 Apple Mac OS の ColorSync における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001993.html
JVNDB-2008-002430 Perl の rmtree 関数における任意のファイルを削除される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002430.html
JVNDB-2008-002429 Perl の rmtree 関数における任意の setuid バイナリを作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002429.html
[USN-930-3] Firefox regression
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00268.html
ZDI-10-116: Adobe Reader CLOD Progressive Mesh Continuation Resolution Remote Code Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00267.html
VUPEN Security Research - Adobe Acrobat and Reader "pushstring" Memory Corruption Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00266.html
VUPEN Security Research - Adobe Acrobat and Reader "newfunction" Memory Corruption Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00264.html
VUPEN Security Research - Adobe Acrobat and Reader "newclass" Memory Corruption Vulnerability (C
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00265.html
VUPEN Security Research - Adobe Acrobat and Reader #1023 Tag Buffer Overflow Vulnerability (CVE&
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00262.html
Secunia Research: Joomla BookLibrary Component Four SQL Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00263.html
Secunia Research: Adobe Reader GIF Image Parsing Array-Indexing Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00261.html
Secunia Research: Adobe Reader JPEG Uninitialised Memory Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00260.html
[0day] Microsoft mshtml.dll CTimeoutEventList::InsertIntoTimeoutList memory leak
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00259.html
[USN-930-2] apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmb
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00258.html
[USN-930-1] Firefox and Xulrunner vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-06/msg00257.html
MySQL ALTER DATABASE Processing Error Lets Remote Authenticated Users Deny Service
http://securitytracker.com/alerts/2010/Jun/1024160.html
Slackware update for libtiff
http://secunia.com/advisories/40381/
Slackware update for libpng
http://secunia.com/advisories/40336/
Grafik CMS Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/40380/
Website Baker Multiple Vulnerabilities
http://secunia.com/advisories/39899/
LIOOSYS CMS "id" SQL Injection Vulnerability
http://secunia.com/advisories/40393/
Joomla CKForms Component Multiple Vulnerabilities
http://secunia.com/advisories/40127/
Joomla BookLibrary Component Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/40131/
Battlefield 2 / 2142 Logo Download Directory Traversal Vulnerability
http://secunia.com/advisories/40334/
Miyabi CGI Tools SEO Links Command Injection Vulnerability
http://secunia.com/advisories/40419/
YPNinc JokeScript "ypncat_id" SQL Injection Vulnerability
http://secunia.com/advisories/40378/
Ubuntu update for firefox and xulrunner
http://secunia.com/advisories/40401/
YPNinc PHP Realty Script "docID" SQL Injection Vulnerability
http://secunia.com/advisories/40377/
TopManage OLK SQL Injection Vulnerabilities
http://secunia.com/advisories/40424/
Fedora update for moin
http://secunia.com/advisories/40426/
Mumble Murmur Denial of Service Vulnerability
http://secunia.com/advisories/40385/
Qt "QSslSocketBackendPrivate::transmit()" Denial of Service Vulnerability
http://secunia.com/advisories/40389/
Allomani Super Multimedia Cross Site Request Forgery Vulnerability
http://www.vupen.com/english/advisories/2010/1650
Allomani E-Store Admin Interface Cross Site Request Forgery Vulnerability
http://www.vupen.com/english/advisories/2010/1649
YPNinc PHP Realty Script "docID" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1648
YPNinc JokeScript "ypncat_id" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1647
lineaCMS "menu" and "contenuto" Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1646
MySpace Clone 2010 "mode" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1645
Clix N Cash Clone 2010 "view" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1644
MemDB Products HTTP "Host" Header Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1643
Fedora Security Update Fixes Moin Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/1642
Fedora Security Update Fixes Python-Paste Cross Site Scripting Issue
http://www.vupen.com/english/advisories/2010/1641
Ubuntu Security Update Fixes Firefox and Xulrunner Vulnerabilities
http://www.vupen.com/english/advisories/2010/1640
Ubuntu Security Update Fixes NSS TLS Plaintext Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1639
Slackware Security Update Fixes LibTIFF Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1638
Slackware Security Update Fixes Libpng Two Vulnerabilities
http://www.vupen.com/english/advisories/2010/1637
Todd Miller Sudo 'secure path' Security Bypass Vulnerability
http://www.securityfocus.com/bid/40538
TornadoStore SQL Injection and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/41233
Miyabi CGI Tools 'index.pl' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/41228
Adobe Acrobat and Reader (CVE-2010-2208) Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41244
Adobe Acrobat and Reader CVE-2010-2211 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41243
Adobe Acrobat and Reader Flash Content Parsing Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41245
Adobe Acrobat and Reader CVE-2010-2210 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41242
Adobe Acrobat and Reader CVE-2010-2209 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41240
Adobe Acrobat and Reader 'AcroForm.api' GIF Image Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41241
Adobe Acrobat and Reader CVE-2010-2203 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41235
Adobe Acrobat and Reader 'newfunction' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41236
Adobe Acrobat and Reader 'pushstring' and 'debugfile' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41237
Adobe Acrobat and Reader 'AcroForm.api' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41238
Adobe Acrobat and Reader 'newclass' Flash Content Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41232
Adobe Acrobat and Reader CVE-2010-2207 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41239
Adobe Acrobat and Reader CLOD Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41234
Adobe Acrobat and Reader CoolType Typography Engine Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/41231
Adobe Acrobat and Reader CVE-2010-1295 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41230
Adobe Flash Player, Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40586
KVIrc DCC Directory Traversal and Multiple Format String Vulnerabilities
http://www.securityfocus.com/bid/40746
Oxygen Bulletin Board 'member.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/28651
PHP-Nuke News Module SQL Injection Vulnerability
http://www.securityfocus.com/bid/40942
libpng Memory Corruption and Memory Leak Vulnerabilities
http://www.securityfocus.com/bid/41174
LibTIFF 'tif_dirread.c' SubjectDistance EXIF Tag Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41012
LibTIFF 'TIFFroundup()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/41011
LibTIFF FAX3 Decoder Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40823
Mozilla Firefox/Thunderbird/SeaMonkey DOM Nodes Integer Overflow Vulnerability
http://www.securityfocus.com/bid/41087
Mozilla Firefox/Thunderbird/SeaMonkey XSLT Integer Overflow Vulnerability
http://www.securityfocus.com/bid/41082
Mozilla Firefox 'jstracer.cpp' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41099
Mozilla Firefox and SeaMonkey Plugin Object Reference Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41102
Mozilla Firefox/SeaMonkey Attachment With Content-Disposition HTTP Header Bypass Vulnerability
http://www.securityfocus.com/bid/41103
Mozilla Firefox Cross Document DOM Node Movement Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38952
Mozilla Firefox CVE-2010-1201 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41093
Mozilla Firefox CVE-2010-1202 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41094
Mozilla Firefox CVE-2010-1200 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41090
Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities
http://www.securityfocus.com/bid/40728
Samba 'SMB1 Packet Chaining' Unspecified Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40884
Ruby WEBrick UTF-7 Encoding Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40895
LiteSpeed Web Server Source Code Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40815
Splunk Cross Site Scripting and Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/41269
PHP 'strrchr()' Function Information Disclosure Vulnerability
http://www.securityfocus.com/bid/41265
Joomla! BookLibrary Component Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/41264
Website Baker Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/41263
EA Battlefield 2 and Battlefield 2142 Multiple Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/41262
SysCP Security Bypass Vulnerability and Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/41261
HTML Purifier Versions Prior to 4.1.1 Unspecified Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/41259
Joomla! CKForms Component SQL Injection and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/41258
Joomla! Gamesbox 'com_gamesbox' Component SQL Injection Vulnerability
http://www.securityfocus.com/bid/41257
Joomanager Joomla Component 'catid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/41256
E-topbiz Shopcart DX 'products.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41255
Webmaster-Tips.net Flash Gallery for Joomla 'com_wmtpic' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41253
System CMS Contentia 'news.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41248
0 件のコメント:
コメントを投稿