+ FreeBSD-SA-10:07.mbuf: Lost mbuf flag resulting in data corruption
http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc
Download Windows 7 and Windows Server 2008 R2 Service Pack 1 (SP1) Beta
http://technet.microsoft.com/en-us/evalcenter/ff183870.aspx
Linux Kernel release: 2.6.35-rc5
http://www.linux.org/news/2010/07/12/0001.html
InterScan Web Security Suite 3.1 Solaris 版 Patch 1 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1439
VMSA-2010-0011: VMware Studio 2.1 addresses security vulnerabilities in virtual appliances created with Studio 2.0.
http://www.vmware.com/security/advisories/VMSA-2010-0011.html
JVNVU#732671 Cisco Industrial Ethernet 3000 シリーズに SNMP Community String がハードコードされている問題
http://jvn.jp/cert/JVNVU732671/index.html
JVNDB-2010-001187 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001187.html
JVNDB-2010-001186 Apple Safari の Cascading Style Sheet 実装 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001186.html
JVNDB-2010-001183 Apple Safari の ImageIO における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001183.html
JVNDB-2010-001182 Apple Safari の ImageIO における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001182.html
JVNDB-2010-001181 Apple Safari の ImageIO における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001181.html
JVNDB-2009-002409 libc における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002409.html
JVNDB-2009-002394 WebKit におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002394.html
JVNDB-2009-002036 Apple Safari の WebKit におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002036.html
JVNDB-2009-002018 libxml2 および libxml の Notation または Enumeration 属性タイプの処理におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002018.html
JVNDB-2009-002017 libxml2 および libxml における DTD 内の要素宣言の処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002017.html
JVNDB-2009-001992 Apple Mac OS の CFNetwork における任意の HTTPS Web サイトを訪問しているように偽装可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001992.html
Forensic challenge results
http://isc.sans.edu/diary.html?storyid=9163
HP Insight Control Power Management Unspecified Flaw Lets Local Users Access Data and Deny Service
http://securitytracker.com/alerts/2010/Jul/1024184.html
HP Virtual Connect Enterprise Manager Input Validation Hole Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Jul/1024181.html
ASX to MP3 Converter v3.1.2.1 SEH Exploit (Multiple OS, DEP and ASLR Bypass)
http://www.exploit-db.com/exploits/14352/
+ ZCS 5.0.24 GA Release
http://www.zimbra.com/downloads/os-downloads.html
http://files2.zimbra.com/website/docs/archives/5.0/Zimbra%20OS%20Release%20Notes%205.0.24.pdf
+ Microsoft Internet Explorer CSS 'expression' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40487
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00068.html
+ Multiple BSD Kernel Implementations 'netsmb' Kernel Module Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/41557
+ HS10-015: JP1/Cm2/Network Node Managerにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-015/index.html
[ANNOUNCE] PostgreSQL 9.0 Beta 3 available now!
http://www.postgresql.org/about/news.1220
http://developer.postgresql.org/pgdocs/postgres/release-9-0.html
[ANN] Axiom 1.2.9 released
http://ws.apache.org/commons/axiom/download.cgi
SUN ALERT WEEKLY SUMMARY REPORT
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021776.1-1
HS10-009: Hitachi Web ServerのSSLクライアント認証におけるCRL失効確認不可の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-009/index.html
HS09-010: Hitachi Web ServerのSSLクライアント認証における脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS09-010/index.html
HS09-009: Hitachi Web ServerのリバースプロキシにおけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS09-009/index.html
HPSBMA02551 SSRT100165 rev.1 - HP Virtual Connect Enterprise Manager for Windows, Remote Cross Site Scripting (XSS)
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02283465
HPSBMA02549 SSRT090158 rev.1 - HP Insight Control Power Management for Windows, Local Unauthorized Access to Data, Denial of Service (DoS)
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282361
HPSBMA02548 SSRT100126 rev.1 - HP Insight Orchestration for Windows, Remote Unauthorized Access
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02280158
HPSBMA02555 SSRT100064 rev.1 - HP Client Automation Enterprise Infrastructure (Radia) Remote Disclosure of Information
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286740
HPSBMA02554 SSRT100018 rev.1 - HP Insight Control for Linux, Remote Execution of Arbitrary Code, Remote Denial of Service (DoS), Remote Unauthorized Access
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
HPSBMA02553 SSRT100184 rev.1 - HP Insight Control Server Migration for Windows, Local and Remote Unauthorized Access to Data, Remote Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS)
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
HPSBMA02547 SSRT100179 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
HPSBMA02550 SSRT100170 rev.1 - HP Insight Software Installer for Windows, Local Unauthorized Access to Data, Remote Cross Site Request Forgery (CSRF)
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282377
HPSBOV02539 SSRT090267 rev.1 - HP OpenVMS Auditing, Local Information Disclosure, Elevation of Privilege, Denial of Service (DoS)
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02227261
jetty 8.0.0.M1 released
http://svn.codehaus.org/jetty/jetty/branches/jetty-8/VERSION.txt
サポートお問い合わせフォーム システム障害について
http://www.trendmicro.co.jp/support/news.asp?id=1445
Document ID: 357420: Running command "vmgetdrive" results with error "Could not initialize VM provider. Error Code = FFFFFFFF"
http://seer.entsupport.symantec.com/docs/357420.htm
Debian : New znc packages fix denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33083
Justin C. Klein Keane : NuralStorm Webmail Multiple Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33085
Debian : New python-cjson packages fix denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33082
Independent Researcher : Zend studio location Cross-Domain Scripting Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33084
Independent Researcher : Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33086
サポート付きの「偽ソフト」、不満なユーザーには別の偽ソフトを提供
有効期間が1日のお試し版、“自作自演”で信用させる
http://itpro.nikkeibp.co.jp/article/NEWS/20100713/350183/?ST=security
JVNDB-2010-001665 Linux kernel の find_keyring_by_name 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001665.html
JVNDB-2010-001664 Linux kernel の sctp_process_unk_param 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001664.html
JVNDB-2010-001663 sudo の secure path 機能における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001663.html
JVNDB-2010-001662 Apple Mac OS X の Wiki サーバにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001662.html
JVNDB-2010-001661 Apple Mac OS X の SMB ファイルサーバにおける任意のファイルにアクセスされる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001661.html
JVNDB-2010-001660 Apple Mac OS X の Ruby WEBrick HTTP サーバにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001660.html
JVNDB-2010-001659 Apple Mac OS X の cgtexttops CUPS フィルタにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001659.html
JVNDB-2010-001658 Apple Mac OS X のプリンタ設定におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001658.html
JVNDB-2010-001509 IBM WebSphere Application Server の Web コンテナにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001509.html
JVNDB-2010-001508 IBM WebSphere Application Server の Web コンテナ におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001508.html
JVNDB-2010-001507 IBM WebSphere Application Server におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001507.html
JVNDB-2010-001506 IBM WebSphere Application Server におけるアクセス制限回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001506.html
JVNDB-2010-001174 Apache HTTP Server の ap_read_request 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001174.html
JVNDB-2010-001173 Apache HTTP Server の ap_proxy_ajp_request 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001173.html
JVNDB-2010-001159 Apache HTTP Server の mod_isapi における脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001159.html
JVNDB-2009-002344 CUPS の cupsd におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002344.html
JVNDB-2009-002319 SSL および TLS プロトコルに脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002319.html
Metasploit Framework 3.4.1 Released
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00070.html
IE6 css set Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00068.html
Opera Crash by Element
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00069.html
[SECURITY] [DSA-2069-1] New znc packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00064.html
[SECURITY] [DSA-2068-1] New python-cjson packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00066.html
XSS holes dotDefender
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00065.html
Thoughts on Malware for Mobile Devices - Part 2
http://isc.sans.edu/diary.html?storyid=9160
Image22 ActiveX Control "DrawIcon()" Buffer Overflow Vulnerability
http://secunia.com/advisories/40543/
TheHostingTool Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/40526/
InterPhoto Gallery Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/40537/
Fedora update for gv
http://secunia.com/advisories/40532/
GNU gv Two Security Issues
http://secunia.com/advisories/40475/
Ghostscript "-P-" Command Line Option Security Issue
http://secunia.com/advisories/40452/
Joomla redSHOP Component "pid" SQL Injection Vulnerability
http://secunia.com/advisories/40535/
Joomla Rapid Recipe Component Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/40538/
Debian update for znc
http://secunia.com/advisories/40523/
LifeType Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/40514/
ImpressCMS CSSTidy Cross-Site Scripting Vulnerability
http://secunia.com/advisories/40522/
CSSTidy "url" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/40515/
RunCms "url" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/40521/
CMS Made Simple Download Manager Module Arbitrary File Upload
http://secunia.com/advisories/40570/
FireStats Information Disclosure and Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/40569/
FireStats "fs_javascript" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/40548/
Zend Studio Function Description Script Insertion Vulnerability
http://secunia.com/advisories/40437/
Debian update for python-cjson
http://secunia.com/advisories/40500/
Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
http://securitytracker.com/alerts/2010/Jul/1024180.html
Joomla Component com_weblinks Sql Injection Vulnerability
http://securityreason.com/securityalert/7572
Joomla Component com_xmap Sql Injection Vulnerability
http://securityreason.com/securityalert/7571
Vulnerability Note VU#732671: Cisco Industrial Ethernet 3000 Series switches have hardcoded SNMP community strings
http://www.kb.cert.org/vuls/id/732671
: Metasploit Framework 3.4.1 Released
http://www.metasploit.com/
http://www.metasploit.com/framework/download/
My Kazaam Address and Contact Organizer SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1785
Gallery Plugin for EQdkp-Plus "pid" SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1784
Orbis CMS Admin Interface Cross Site Request Forgery Vulnerabilities
http://www.vupen.com/english/advisories/2010/1783
FrogCMS Admin Interface Cross Site Request Forgery Vulnerabilities
http://www.vupen.com/english/advisories/2010/1782
WebCalendar Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1781
Macs CMS Cross Site Scripting and Request Forgery Vulnerabilities
http://www.vupen.com/english/advisories/2010/1780
Edge PHP Clickbank Affiliate Marketplace Script SQL Injection Issue
http://www.vupen.com/english/advisories/2010/1779
eliteCMS Admin Interface Cross Site Request Forgery Vulnerabilities
http://www.vupen.com/english/advisories/2010/1778
MyHome for Joomla "nidimm" Parameter SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1777
redSHOP for Joomla "pid" Parameter SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1776
Debian Security Update Fixes ZNC Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1775
Debian Security Update Fixes Python-cjson Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1774
SuSE Security Update Fixes Firefox and Xulrunner Vulnerabilities
http://www.vupen.com/english/advisories/2010/1773
Ubuntu PAM MOTD Local Root Exploit
http://www.exploit-db.com/exploits/14339/
FireStats Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/41548
iSCSI Enterprise Target and tgt Multiple Format String Vulnerabilities
http://www.securityfocus.com/bid/39127
iSCSI Enterprise Target Multiple Implementations iSNS Message Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41327
Hitachi Web Server Reverse Proxy Denial of Service Vulnerability
http://www.securityfocus.com/bid/35216
Retired: givesight PowerMail Pro Component for Joomla! Local File Include Vulnerability
http://www.securityfocus.com/bid/39348
Microsoft Internet Explorer CSS 'expression' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40487
Joomla! Health & Fitness Stats Component Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/41530
Koobi 'img_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/28711
Hitachi Web Server DirectoryIndex Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/26858
Hitachi Web Server 'imagemap' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/26861
Hitachi Web Server Reverse Proxy Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35663
Hitachi Web Server with SSL Enabled Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40223
Linux Kernel GFS2 Access Control List (ACL) Security Bypass Vulnerability
http://www.securityfocus.com/bid/41516
Usagi Project mipv6-daemon ND Options Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41522
ZNC NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40982
Python-cjson Unicode Character Encoding Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41279
Multiple BSD Kernel Implementations 'netsmb' Kernel Module Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/41557
Opera 'Canvas' Tag Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/41555
GetSimple CMS Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/41549
dotDefender 'clave' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/41541
Joomla! EasyBlog HTML Injection Vulnerability
http://www.securityfocus.com/bid/41532
RunCms 'magpie_debug.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/41551
Mac's CMS 'searchString' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/41529
PHP-Nuke 'Web_Links' Module SQL Injection Vulnerability
http://www.securityfocus.com/bid/41546
PHP-Nuke 'Your_Account' Module SQL Injection Vulnerability
http://www.securityfocus.com/bid/41543
MyKazaam Notes Management System 'notes.php' SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/41542
Sillaj 'username' and 'password' SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/41540
EdgePHP CBQuick 'search' Parameter SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/41538
eliteCMS Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/41537
Joomla MyHome Component 'nidimm' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/41536
Joomla! 'com_mysms' Component Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/41535
Joomla redSHOP Component 'pid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/41533
Joomla! Rapid-Recipe Component HTML Injection Vulnerability
http://www.securityfocus.com/bid/41531
0 件のコメント:
コメントを投稿