2010年7月2日金曜日

2日 金曜日、先勝

[訂正]ウイルスバスター コーポレートエディション 10.0 Service Pack 1 適用済版 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1433

InterScan Web Security Suite Linux版/Solaris版におけるウイルス検索エンジン VSAPI 9.135公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1434

2011年上半期(1月~6月)のサポートサービス終了予定製品のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1431

Adobe PDF Reader "Launch" vulnerability still exploitable
http://isc.sans.edu/diary.html?storyid=9112

TaskFreak "password" SQL Injection Vulnerability
http://securityreason.com/securityalert/7552

TaskFreak "tznMessage" Cross-Site Scripting Vulnerability
http://securityreason.com/securityalert/7551

Microsoft Windows Help And Support Center Trusted Document Whitelist Bypass Vulnerability
http://www.securityfocus.com/bid/40725




+ ProFTPD 1.3.3a released!
http://www.proftpd.org/docs/NEWS-1.3.3a
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.3a

+ A Security Vulnerability in the ntp Daemon (xntpd(1M)) May Lead to a Denial of the Solaris Network Time Protocol (NTP) Service
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1

+ RHSA-2010:0504-1: Important: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2010-0504.html

+ RHSA-2010:0505-1: Moderate: perl-Archive-Tar security update
http://rhn.redhat.com/errata/RHSA-2010-0505.html
http://www.securityfocus.com/bid/26355

- Microsoft Windows Kernel Local Use-after-free Vulnerability
http://www.vupen.com/english/advisories/2010/1663

Announce fourth development release of BIND 10: bind10-devel-20100701
http://bind10.isc.org/

MySQL Workbench 5.2.25 GA released
http://dev.mysql.com/downloads/workbench/

UPDATE: Abrupt System Reboot may Lead to ZFS Filesystem Data Integrity Issues
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1134162.1-1

Linux Kernel release: 2.6.34.1-rc1
http://www.linux.org/news/2010/07/01/0004.html

Linux Kernel release: 2.6.33.6-rc1
http://www.linux.org/news/2010/07/01/0003.html

Linux Kernel release: 2.6.32.16-rc1
http://www.linux.org/news/2010/07/01/0002.html

Linux Kernel release: 2.6.27.48-rc1
http://www.linux.org/news/2010/07/01/0001.html

Bkis : Vulnerability in Flash Slideshow Maker
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33025

MustLive : Vulnerabilities in WP-UserOnline for WordPress
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33027

SuSE : Samba
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33019

Microsoft-Spurned Researcher Collective : Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use-after-free Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33026

Red Hat : Critical: acroread security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33020

Secunia : Adobe Reader JPEG Uninitialised Memory Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33021

Secunia : Adobe Reader GIF Image Parsing Array-Indexing Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33022

Secunia : Joomla BookLibrary Component Four SQL Injection Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33023

Windowsを狙うゼロデイ攻撃が猛威、1万台以上が攻撃を受ける
攻撃数が多いのは米国、攻撃を受ける割合が高いのはポルトガル
http://itpro.nikkeibp.co.jp/article/NEWS/20100701/349851/?ST=security

JVNDB-2010-001597 複数の Microsoft 製品の Windows OpenType Compact Font Format ドライバにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001597.html

JVNDB-2010-001596 複数の Microsoft 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001596.html

JVNDB-2010-001595 Microsoft Windows の win32k.sys における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001595.html

JVNDB-2010-001594 Microsoft Windows の win32k.sys における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001594.html

JVNDB-2010-001593 Microsoft Windows の win32k.sys における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001593.html

JVNDB-2010-001501 MIT Kerberos 5 の GSS-API ライブラリにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001501.html

JVNDB-2010-001463 Microsoft SharePoint Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001463.html

JVNDB-2010-001091 Microsoft Windows の Microsoft Data Analyzer ActiveX コントロール における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001091.html

JVNDB-2010-001083 Microsoft Internet Explorer におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001083.html

JVNDB-2009-001911 XML 署名の検証において認証回避が可能な問題
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001911.html

Down the RogueAV and Blackhat SEO rabbit hole (part 2)
http://isc.sans.edu/diary.html?storyid=9103

Trend Micro InterScan Web Security Virtual Appliance Input Validation Hole Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Jul/1024163.html

SUSE update for java-1_6_0-ibm
http://secunia.com/advisories/40429/

TortoiseSVN Spoofing Vulnerability
http://secunia.com/advisories/40355/

SUSE update for samba
http://secunia.com/advisories/40405/

Flash Slideshow Maker Project Files Buffer Overflow Vulnerabilities
http://secunia.com/advisories/40373/

Cerberus FTP Server "MLSD" and "MLST" Commands Hidden Files Security Bypass
http://secunia.com/advisories/40370/

Kolab Server Multiple Vulnerabilities
http://secunia.com/advisories/40396/

Opera Two Security Issues
http://secunia.com/advisories/40375/

webERP Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/40392/

python-cjson Unicode Character Encoding Buffer Overflow Vulnerability
http://secunia.com/advisories/40335/

Red Hat update for acroread
http://secunia.com/advisories/40383/

Ubuntu update for sudo
http://secunia.com/advisories/39638/

Mako "cgi.escape()" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39935/

Fedora update for kvirc
http://secunia.com/advisories/40409/

Fedora update for lftp
http://secunia.com/advisories/40400/

Windows SMTP Service DNS Query ID Vulnerabilities
http://www.securiteam.com/windowsntfocus/5CP2W0K25A.html

Windows SMTP Service DNS Query ID Vulnerabilities
http://www.securiteam.com/windowsntfocus/5HP2Y0K28Y.html

Microsoft Windows Outlook Express and Windows Mail Integer Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/5SP320K25Y.html

Adobe Shockwave DIRAPI Multiple Code Execution Vulnerabilities
http://www.securiteam.com/windowsntfocus/5YP2X0K20A.html

Adobe Shockwave DIRAPI Multiple Code Execution Vulnerabilities
http://www.securiteam.com/windowsntfocus/5BP2V0K25E.html

Microsoft Windows Outlook Express and Windows Mail Integer Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/5PP320K22Y.html

Microsoft Office Visio DXF File Insertion Buffer Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/5IP340A23M.html

Adobe Shockwave DIRAPI Multiple Code Execution Vulnerabilities
http://www.securiteam.com/windowsntfocus/5QP310K24M.html

Adobe Shockwave DIRAPI Multiple Code Execution Vulnerabilities
http://www.securiteam.com/windowsntfocus/5GP2X0K28S.html

Adobe Shockwave 3D Blocks Field Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5BP2X0K23S.html

Microsoft Internet Explorer Stylesheet Array Removal Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5FP310A23I.html

Adobe Director DIRAPI.DLL Memory Corruption Vulnerability
http://www.securiteam.com/windowsntfocus/5OP310K22Y.html

Windows SMTP Service DNS Query ID Vulnerabilities
http://www.securiteam.com/windowsntfocus/5QQ340K20M.html

Microsoft Windows Outlook Express and Windows Mail Integer Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/5EY2V0A29O.html

Microsoft Office Visio DXF File Insertion Buffer Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/5RP2Y0A22I.html

Adobe Shockwave DIRAPI Multiple Code Execution Vulnerabilities
http://www.securiteam.com/windowsntfocus/5SY300A28K.html

Microsoft Office Visio DXF File Insertion Buffer Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/5TP330K25G.html

Windows SMTP Service DNS Query ID Vulnerabilities
http://www.securiteam.com/windowsntfocus/5TY310A28Q.html

Microsoft Internet Explorer Stylesheet Array Removal Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5OP2V0A22A.html

Microsoft Internet Explorer Stylesheet Array Removal Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5WY340A28M.html

Adobe Director DIRAPI.DLL Memory Corruption Vulnerability
http://www.securiteam.com/windowsntfocus/5WP330K28K.html

Microsoft Office Visio DXF File Insertion Buffer Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/5WP2U0K21O.html

Microsoft Internet Explorer Stylesheet Array Removal Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5RP2V0A25O.html

Adobe Director DIRAPI.DLL Memory Corruption Vulnerability
http://www.securiteam.com/windowsntfocus/5DY2U0A29G.html

Adobe Shockwave 3D Blocks Field Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5EP2V0K28C.html

Microsoft Office Visio DXF File Insertion Buffer Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/5FY2W0A29M.html

Adobe Director DIRAPI.DLL Memory Corruption Vulnerability
http://www.securiteam.com/windowsntfocus/5SP2W0A25O.html

Microsoft Internet Explorer Stylesheet Array Removal Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5NP300K22Y.html

Adobe Shockwave 3D Blocks Field Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5YQ2U0K22I.html

Adobe Shockwave 3D Blocks Field Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5VY320A29U.html

Microsoft Windows Outlook Express and Windows Mail Integer Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/5TP2X0A25U.html

Microsoft Windows Outlook Express and Windows Mail Integer Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/5PP340K20A.html

Microsoft Windows Outlook Express and Windows Mail Integer Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/5XP340K28A.html

Mini-Stream RM-MP3 Converter v3.1.2.1 .m3u Buffer Overflow
http://www.exploit-db.com/exploits/14158/

Mediacoder v0.7.3.4682 Universal Buffer Overflow (SEH)
http://www.exploit-db.com/exploits/14153/

RM Downloader 3.1.3 Local SEH Exploit (Win7 ASLR and DEP Bypass)
http://www.exploit-db.com/exploits/14150/

Serenity Audio Player 3.2.3 (SEH) Buffer Overflow
http://www.exploit-db.com/exploits/14148/

Opera for Windows and Mac File Execution and Upload Vulnerabilities
http://www.vupen.com/english/advisories/2010/1664

Microsoft Windows Kernel Local Use-after-free Vulnerability
http://www.vupen.com/english/advisories/2010/1663

TaskFreak SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1662

Netvolution Content Management System Cross Site Scripting Issue
http://www.vupen.com/english/advisories/2010/1661

PHP Bible Search "chapter" Parameter SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1660

WebDM CMS "cf_id" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1659

PageDirector CMS "catid" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1658

Qt "QSslSocketBackendPrivate::transmit()" Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1657

Redhat Security Update Fixes Acroread Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1656

Fedora Security Update Fixes KVIrc Directory Traversal and Format String
http://www.vupen.com/english/advisories/2010/1655

Fedora Security Update Fixes lftp File Overwrite Vulnerability
http://www.vupen.com/english/advisories/2010/1654

Turbolinux Security Update Fixes PostgreSQL Two Vulnerabilities
http://www.vupen.com/english/advisories/2010/1653

Turbolinux Security Update Fixes AdobeReader Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1652

Ubuntu Security Update Fixes Sudo Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/1651

Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities
http://www.securityfocus.com/bid/40728

libpng Memory Corruption and Memory Leak Vulnerabilities
http://www.securityfocus.com/bid/41174

LibTIFF 'tif_dirread.c' SubjectDistance EXIF Tag Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41012

LibTIFF Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/41088

LibTIFF FAX3 Decoder Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40823

LibTIFF 'TIFFroundup()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/41011

CUPS Web Interface Unspecified Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/40889

CUPS 'texttops' Filter NULL-pointer Dereference Vulnerability
http://www.securityfocus.com/bid/40943

CUPS Web Interface Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40897

CUPS File Descriptors Handling Use-After-Free Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38510

Perl Archive::Tar Module Remote Directory Traversal Vulnerability
http://www.securityfocus.com/bid/26355

Multiple Mini-stream Software Products '.m3u' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34494

Linux Kernel VM/VFS 'invalidatepage()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39569

Linux Kernel 'tipc' Module Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39120

Linux Kernel 'sctp_process_unk_param()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39794

Linux Kernel 'find_keyring_by_name()' Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39719

Linux Kernel GFS2 File Attribute Security Bypass Vulnerability
http://www.securityfocus.com/bid/40356

Linux Kernel PI Futex Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38165

Linux Kernel CVE-2010-0291 'mmap()' and 'mremap()' Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/37906

Linux Kernel NFS Automount 'symlinks' Denial of Service Vulnerability
http://www.securityfocus.com/bid/39044

FunkGallery 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40239

Oracle Java SE and Java for Business CVE-2010-0849 Remote Java 2D Vulnerability
http://www.securityfocus.com/bid/39073

Oracle Java SE and Java for Business CVE-2010-0847 Remote Java 2D Vulnerability
http://www.securityfocus.com/bid/39071

Oracle Java SE and Java for Business CVE-2010-0848 Remote Java 2D Vulnerability
http://www.securityfocus.com/bid/39078

Oracle Java Runtime Environment 'JPEGImageEncoderImpl' Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39062

Oracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39077

Oracle Java SE and Java for Business 'XNewPtr()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39083

Oracle Java SE and Java for Business 'readMabCurveData()' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39069

Oracle Java SE and Java for Business CVE-2010-0839 Remote Sound Vulnerability
http://www.securityfocus.com/bid/39070

Oracle Java SE and Java for Business JRE Trusted Method Chaining Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39065

Oracle Java SE and Java for Business Sound Component MIDI Stream Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39084

Oracle Java SE and Java for Business ImageIO 'JPEGImageReader' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39067

Oracle Java SE and Java for Business CVE-2010-0095 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/39086

Oracle Java SE and Java for Business CVE-2010-0091 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/39096

Oracle Java SE and Java for Business CVE-2010-0837 Remote Vulnerability
http://www.securityfocus.com/bid/39072

Neon NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36079

Oracle Java SE and Java for Business CVE-2010-0092 Remote Vulnerability
http://www.securityfocus.com/bid/39090

Oracle Java SE and Java for Business CVE-2010-0094 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/39075

Oracle Java SE and Java for Business CVE-2010-0085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/39094

Oracle Java SE and Java for Business CVE-2010-0088 Remote Java Runtime Environme Vulnerability
http://www.securityfocus.com/bid/39081

Oracle Java SE and Java for Business CVE-2010-0087 Remote Vulnerability
http://www.securityfocus.com/bid/39068

Oracle Java SE and Java for Business CVE-2010-0090 Remote Java Web Start Vulnerability
http://www.securityfocus.com/bid/39091

Oracle Java SE and Java for Business CVE-2010-0089 Remote Java Web Start Vulnerability
http://www.securityfocus.com/bid/39095

Oracle Java SE and Java for Business CVE-2010-0084 Remote Vulnerability
http://www.securityfocus.com/bid/39093

Serenity Audio Player '.m3u' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39768

MediaCoder Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38405

Samba 'mount.cifs' Utility Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37992

Samba 'SMB1 Packet Chaining' Unspecified Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40884

Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38491

ClamAV 'parseicon()' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40318

PHP 'tempnam()' 'safe_mode' Validation Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/38431

ClamAV 'cli_pdf()' PDF File Processing Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40317

OpenSSL 'EVP_PKEY_verify_recover()' Invalid Return Value Security Bypass Vulnerability
http://www.securityfocus.com/bid/40503

PHP LCG Entropy Security Vulnerability
http://www.securityfocus.com/bid/38430

Apache Subrequest Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38580

PHP 'session_save_path()' 'safe_mode' Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/38182

Apache 'mod_isapi' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38494

OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40502

MoreAmp '.maf' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40980

iScripts EasySnaps Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/41298

Trend Micro InterScan Web Security Virtual Appliance Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/41296

LibTIFF Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/41295

SIDA University System 'UserStart.aspx' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41294

Oxygen 'forumdisplay.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41293

Joomla AD/BS Date Converter 'Itemid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/41292

Oxygen 'post.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41291

Flash Slideshow Maker '.fss' File Multiple Heap Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/41290

Setiran CMS 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/41289

ALPHA Ethernet Adapter II Web-Manager Security Bypass Vulnerability
http://www.securityfocus.com/bid/41288

Opera Web Browser prior to 10.60 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/41284

Flatnux 'find' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/41282

Microsoft Windows 'NtUserCheckAccessForIntegrityLevel' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/41280

Joomla! 'com_myblog' Component Local File Include Vulnerability
http://www.securityfocus.com/bid/41277

Sumatra PDF Denial Of Service Vulnerability
http://www.securityfocus.com/bid/41276

DPScms 'q' Parameter SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/41273
ラベル:

1 件のコメント:

登録: コメントの投稿 (Atom)