2010年7月20日火曜日

20日 火曜日、友引

+ Microsoft DirectX DirectPlay Denial of Service Vulnerabilities
http://secunia.com/advisories/40636/

Microsoft Office Outlook Remote Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5JP3C1520S.html

Cisco Industrial Ethernet 3000 Series Switches Hard Coded SNMP Community Names Vulnerability
http://www.securiteam.com/securitynews/5YP371521G.html

Microsoft Windows Help and Support Center Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5ZP381521K.html

AnNoText Third Party ActiveX Control Buffer Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/5ZP391520Y.html

Microsoft Office Access ActiveX Controls Code Execution Vulnerabilities
http://www.securiteam.com/windowsntfocus/5IP3A1521K.html

AnNoText Third Party ActiveX Control File Overwrite Vulnerability
http://www.securiteam.com/windowsntfocus/5HP3A1520A.html

Microsoft Canonical Display Driver Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5AP391521W.html

Microsoft Office Outlook Remote Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5IP3B1520E.html

Microsoft Office Outlook Remote Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5KP3D1520O.html

Skype Client for Mac Chat Unicode Denial of Service vulnerability
http://www.securiteam.com/unixfocus/5WP361520Q.html

Cisco ASA HTTP Response Splitting Vulnerability
http://www.securiteam.com/securitynews/5XP371520U.html

SpringSource Spring Framework Execution of Arbitrary Code Vulnerability
http://www.securiteam.com/securitynews/5YP381520Y.html

Multiple OS Apache httpd Timeout Detection Flaw Vulnerability
http://www.securiteam.com/securitynews/5LP3E1520K.html

Firefox, Internet Explorer, Chrome and Opera Denial Of Service vulnerabilities
http://www.securiteam.com/securitynews/5WP351521K.html

Multiple Cisco CSS and ACE Client Certificate and HTTP Header Manipulation Vulnerabilities
http://www.securiteam.com/securitynews/5XP361521A.html

Creative Software AutoUpdate Engine 2 ActiveX Control Buffer Overflow
http://www.securiteam.com/windowsntfocus/5YP2V2K20K.html

Sun Java Runtime Environment MIDI File metaEvent Code Execution Vulnerability
http://www.securiteam.com/securitynews/5ZP2V2K21E.html

Sun Java Runtime Environment JPEGImageReader stepX Code Execution Vulnerability
http://www.securiteam.com/securitynews/5AP2W2K21A.html

Joomla BookLibrary From Same Author Module id SQL Injection
http://www.securiteam.com/securitynews/5ZP2W2K20M.html

TaskFreak password SQL Injection Vulnerability
http://www.securiteam.com/securitynews/5AP2X2K20M.html

TaskFreak tznMessage Cross-Site Scripting Vulnerability
http://www.securiteam.com/securitynews/5BP2Y2K20K.html

Adobe Reader JPEG Uninitialised Memory Vulnerability
http://www.securiteam.com/securitynews/5NP302K20Y.html

Adobe Reader GIF Image Parsing Array-Indexing Vulnerability
http://www.securiteam.com/securitynews/5OP312K20Y.html

Joomla BookLibrary Component Four SQL Injection Vulnerabilities
http://www.securiteam.com/securitynews/5PP322K20Y.html

Apple QuickTime FlashPix NumberOfTiles Remote Code Execution Vulnerability
http://www.securiteam.com/securitynews/5QP332K20Y.html

Apple QuickTime FLI LinePacket Code Execution Vulnerability
http://www.securiteam.com/securitynews/5RP342K20Y.html

Apple QuickTime MPEG-1 genl Atom Code Execution Vulnerability
http://www.securiteam.com/securitynews/5YP2U2K21O.html

CA ARCserve Backup Multiple Vulnerabilties
http://www.securiteam.com/windowsntfocus/5QP342020A.html

Sun Java Runtime Environment XNewPtr Remote Code Execution Vulnerability
http://www.securiteam.com/securitynews/5ZP2X2020G.html

Apple QuickTime MediaVideo Compressor Name Code Execution Vulnerability
http://www.securiteam.com/securitynews/5YP2W2020U.html

HP Small Form Factor and Microtower PC Execution of Arbitrary Code
http://www.securiteam.com/securitynews/5NP312020Y.html

Quicksilver Forums mysqldump Password Disclosure Vulnerability
http://www.securiteam.com/securitynews/5OP322020Q.html

Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Code Execution Vulnerabilities
http://www.securiteam.com/securitynews/5AP2Y2020K.html

[ANNOUNCE] MyFaces Core v2.0.1 Release
http://myfaces.apache.org/download.html

ASTERIA Cafe 新コンテンツ『つなぐシチュエーション』スタート
http://asteria.jp/news/20100720-134912.html

MyJVN バージョンチェッカ RSS 配信機能のご紹介
http://www.ipa.go.jp/security/vuln/myjvnrss.html

JVNVU#940193 Microsoft Windows のショートカットファイルの処理に脆弱性
http://jvn.jp/cert/JVNVU940193/index.html

LNK vulnerability now with Metasploit module implementing the WebDAV method
http://isc.sans.edu/diary.html?storyid=9199

Apple iTunes "itpc:" Handling Buffer Overflow
http://secunia.com/advisories/40660/

OpenLDAP Bugs in slap_mods_free() and IA5StringNormalize() Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jul/1024221.html

Apple iTunes Buffer Overflow in Processing 'itpc:' URLs Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jul/1024220.html

Hero DVD Player Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41423




+ DBI 1.612 released
http://search.cpan.org/~timb/DBI-1.612/

+ [Announce] GnuPG 2.0.16 released
http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000301.html

+ マイクロソフト セキュリティ アドバイザリ (2286198): Windows シェルの脆弱性により、リモートでコードが実行される
http://www.microsoft.com/japan/technet/security/advisory/2286198.mspx
http://www.microsoft.com/technet/security/advisory/2286198.mspx
http://www.securitytracker.com/id?1024216
http://www.exploit-db.com/exploits/14403/
http://www.vupen.com/english/advisories/2010/1836
http://www.securityfocus.com/bid/41732

- BIND "RRSIG" Requests Endless Loop Denial of Service
http://secunia.com/advisories/40652/

-+ OpenLDAP "modrdn" Two Vulnerabilities
http://secunia.com/advisories/40639/
http://www.securityfocus.com/bid/41770
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570

++ [CPUJul2010] Oracle Critical Patch Update Advisory - July 2010
http://support.oracle.co.jp/krown_external/oisc_showDoc.do?id=144908

[ANNOUNCE] ulogd 2.0.0beta4
http://www.netfilter.org/projects/ulogd/downloads.html

MySQL Community Server 5.5.5-m3 has been released
http://mysql.com/products/enterprise/

About the security content of iTunes 9.2.1
http://support.apple.com/kb/HT4263

phpMyAdmin 3.3.5-rc1 is released
http://sourceforge.net/news/?group_id=23067&id=289380

HPSBMA02425 SSRT080091 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01728300

Apache HTTP Server 2.3.6-alpha Released
http://www.apache.org/dist/httpd/Announcement2.3.txt

ulogd 2.0.0beta4 released
http://www.iptables.org/projects/ulogd/downloads.html#ulogd-2.0.0beta4

Sudo .7.4b1 released
http://www.sudo.ws/sudo/devel.html#1.7.4b1

Debian : New libpng packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33170

Mandriva : freetype2
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33172

Independent Researcher : iOffice 0.1 command execution vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33173

Independent Researcher : Two biggest Indian University Websites are vulnerable
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33177

Inj3ct0r Team : YACK CMS 10.5.27 Remote File Inclusion Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33176

MajorSecurity : Conpresso CMS - Cross site Scripting vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33174

Mandriva : ghostscript
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33141

Mandriva : ghostscript
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33142

Mandriva : ghostscript
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33143

Protek Research Lab : {PRL} Novell Groupwise Internet Agent Stack Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33175

ZDI : Novell Netware Groupwise Internet Gateway Remote Code Execution Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33171

Hewlett-Packard : HP Insight Software Installer for Windows, Unauthorized Access to Data, CSRF
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33155

High-Tech Bridge SA : XSS vulnerability in DSite CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33157

High-Tech Bridge SA : XSS vulnerability in Gekko Web Builder
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33158

High-Tech Bridge SA : XSS vulnerability in Pligg search module
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33160

High-Tech Bridge SA : XSS vulnerability in Taggon CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33161

High-Tech Bridge SA : XSS vulnerability in WebPress
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33162

High-Tech Bridge SA : XSS vulnerability in phpwcms
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33163

High-Tech Bridge SA : Stored XSS vulnerability in Pixie
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33164

High-Tech Bridge SA : XSS vulnerability in Pixie
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33165

High-Tech Bridge SA : XSS vulnerability in FestOS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33166

High-Tech Bridge SA : XSRF (CSRF) in Pixie
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33167

High-Tech Bridge SA : XSRF (CSRF) in phpwcms
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33169

トレンドマイクロ、「インスタントOS」向けセキュリティ対策ソフトを提供
http://itpro.nikkeibp.co.jp/article/NEWS/20100720/350416/?ST=security

JVNDB-2010-001702 S2 Netbox に脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001702.html

JVNDB-2010-001701 Cisco Adaptive Security Appliances デバイスの WebVPN における CRLF インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001701.html

JVNDB-2010-001700 IBM WebSphere Application Server の管理コンソールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001700.html

JVNDB-2010-001699 z/OS 上で稼働する IBM WebSphere Application Server における link インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001699.html

JVNDB-2010-001698 z/OS 上で稼働する IBM WebSphere Application Server における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001698.html

JVNDB-2010-001697 IBM WebSphere Application Server の管理コンソールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001697.html

JVNDB-2010-001499 PostgreSQL における任意の Tcl コードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001499.html

JVNDB-2010-001498 PostgreSQL における任意の Perl コードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001498.html

JVNDB-2010-001466 RHEL の MMIO 命令デコーダにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001466.html

JVNDB-2010-001465 Linux kernel の drivers/connector /connector.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001465.html

JVNDB-2010-001462 Linux Kernel の ULE decapsulation functionality におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001462.html

JVNDB-2010-001461 Linux Kernel の azx_position_ok 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001461.html

JVNDB-2010-001203 x86_64 プラットフォーム上の Linux kernel の load_elf_binary 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001203.html

JVNDB-2010-001141 IBM Lotus Domino のサーバにおけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001141.html

Nmap 5.35DC1 (Defcon Edition) Released
http://seclists.org/nmap-hackers/2010/7

VMSA-2010-0012 VMware vCenter Update Manager fix for Jetty Web server addresses important s
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00165.html

[SECURITY] [DSA 2072-1] New libpng packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00161.html

[ MDVSA-2010:137 ] freetype2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00160.html

PoC for CVE-2010-1869 (ghostscript) and CVE-2010-1039 (rpc.pcnfsd)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00166.html

Microsoft ClickOnce MITM Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00164.html

YACK CMS 10.5.27 Remote File Inclusion Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00162.html

SeaMonkey 2.0.5 Address Bar Spoofing Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00163.html

{PRL} Novell Groupwise Internet Agent Stack Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00158.html

ZDI-10-129: Novell Netware Groupwise Internet Gateway Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00155.html

[MajorSecurity SA-076]Conpresso CMS - Cross site Scripting vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00156.html

[ MDVSA-2010:136 ] ghostscript
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00150.html

[ MDVSA-2010:135 ] ghostscript
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00149.html

Kiwicon IV: Our Worst CFP Yet
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00147.html

[ MDVSA-2010:134 ] ghostscript
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00148.html

[ MDVSA-2010:133 ] libpng
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00146.html

A new zombie port scanning attack
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00157.html

ZDI-10-128: Ipswitch Imail Server Queuemgr Format String Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00153.html

ZDI-10-127: Ipswitch Imail Server Mailing List Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00154.html

ZDI-10-126: Ipswitch Imail Server List Mailer Reply-To Address Remote Code Execution Vul
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00151.html

RedShop 1.0.23.1 Joomla Component Blind SQL Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00159.html

Preempting a Major Issue Due to the LNK Vulnerability - Raising Infocon to Yellow
http://isc.sans.edu/diary.html?storyid=9190

Targeting VoIP: Increase in SIP Connections on UDP port 5060
http://isc.sans.edu/diary.html?storyid=9193

SAGAN: An open-source event correlation system - Part 1: Installation
http://isc.sans.edu/diary.html?storyid=9184

New metasploit GUI written in Java
http://isc.sans.edu/diary.html?storyid=9187

Vulnerability in Windows "LNK" files?
http://isc.sans.edu/diary.html?storyid=9181

Group-Office Multiple Vulnerabilities
http://secunia.com/advisories/40665/

Guruscript Freelancer Marketplace Script Two Script Insertion Vulnerabilities
http://secunia.com/advisories/40663/

DeDeCMS "_Cs" SQL Injection Vulnerability
http://secunia.com/advisories/40641/

Subrion Auto Classifieds Script "auto_title" Script Insertion Vulnerability
http://secunia.com/advisories/40662/

Pre SoftClones Marketing Management System Two SQL Injection Vulnerabilities
http://secunia.com/advisories/40672/

OpenLDAP "modrdn" Two Vulnerabilities
http://secunia.com/advisories/40639/

Really Simple IM Denial of Service Vulnerability
http://secunia.com/advisories/40628/

Calendarix Advanced "limit" SQL Injection Vulnerability
http://secunia.com/advisories/40661/

actiTIME Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/40666/

Xinha "mode" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/40669/

Unreal Tournament 3 "STEAMBLOB" Denial of Service Vulnerability
http://secunia.com/advisories/40637/

IBM AIX "rpc.ttdbserver" ToolTalk Database Server Buffer Overflow Vulnerability
http://secunia.com/advisories/40632/

Microsoft Windows Shell Shortcut Parsing Vulnerability
http://secunia.com/advisories/40647/

UltraEdit Spell Checker Buffer Overflow Vulnerability
http://secunia.com/advisories/40625/

Pligg "search.php" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/40616/

Whizzy CMS Directory Traversal Vulnerability
http://secunia.com/advisories/40626/

DSite CMS "button_name" Script Insertion Vulnerability
http://secunia.com/advisories/40619/

FestOS Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/40593/

SAP GUI SAPWADMXHTML ActiveX Control "tags" Property Memory Corruption
http://secunia.com/advisories/40633/

Ipswitch IMail Server Multiple Vulnerabilities
http://secunia.com/advisories/40638/

Joomla redSHOP Component "keyword" SQL Injection Vulnerability
http://secunia.com/advisories/40640/

Joomla Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/40644/

Ubuntu update for vte
http://secunia.com/advisories/40657/

Gnome VTE Icon and Window Title Escape Sequence Vulnerabilities
http://secunia.com/advisories/40635/

Pixie CMS Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/40591/

Unreal Engine "ReceivedRawBunch" Denial of Service Vulnerability
http://secunia.com/advisories/40648/

BIND "RRSIG" Requests Endless Loop Denial of Service
http://secunia.com/advisories/40652/

IBM solidDB Handshake Request Buffer Overflow Vulnerability
http://secunia.com/advisories/40582/

BIND 'RRSIG' Query Processing Error Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/Jul/1024217.html

Microsoft Windows Shell LNK Shortcut Processing Flaw Lets Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jul/1024216.html

IPSwitch IMail Server Stack Overflow in Processing 'Reply-To' Headers Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jul/1024215.html

SAP J2EE Engine Input Validation Flaw in Web Services Navigator Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Jul/1024214.html

Hero DVD Buffer Overflow Exploit (meta)
http://www.exploit-db.com/exploits/14412/

AIX5l with FTP-Server Remote Root Hash Disclosure Exploit
http://www.exploit-db.com/exploits/14409/

rpc.pcnfsd Remote Format String Exploit
http://www.exploit-db.com/exploits/14407/

Easy FTP Server v1.7.0.11 CWD Command Remote Buffer Overflow Exploit (Post Auth)
http://www.exploit-db.com/exploits/14402/

GhostScript PostScript File Stack Overflow Exploit
http://www.exploit-db.com/exploits/14406/

Microsoft Windows Automatic LNK Shortcut File Code Execution
http://www.exploit-db.com/exploits/14403/

foobla Suggestions "controller" Local File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/1844

Kayako eSupport "newsid" Parameter SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1843

Freelancers Marketplace Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1842

actiTIME Admin Interface Cross Site Request Forgery Vulnerability
http://www.vupen.com/english/advisories/2010/1841

BrotherScripts Scripts Directory "id" Parameter SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1840

Ubuntu Security Update Fixes VTE Command Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1839

Mandriva Security Update Fixes Ghostscript Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1838

Mandriva Security Update Fixes libpng Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1837

Microsoft Windows Shell Shortcut Handling Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/1836

SAP GUI "wadmxhtml.dll" ActiveX Remote Heap Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1835

IPSwitch IMail Server Buffer Overflow and Format String Vulnerabilities
http://www.vupen.com/english/advisories/2010/1834

Novell GroupWise Cross Site Scripting and Header Injection Vulnerabilities
http://www.vupen.com/english/advisories/2010/1833

Novell GroupWise Buffer Overflow and Cross Site Scripting Issues
http://www.vupen.com/english/advisories/2010/1832

ISC BIND RRSIG Query Handling Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1831

IBM solidDB Handshake Request Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1830

I-Net Enquiry Management Script "id" SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1829

phpwcms "calendardate" Parameter Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/1828

WebPress Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1827

FestOS Multiple Parameter Handling Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1826

Pixie Cross Site Scripting and Request Forgery Vulnerabilities
http://www.vupen.com/english/advisories/2010/1825

phpwcms Admin Interface Cross Site Request Forgery Vulnerability
http://www.vupen.com/english/advisories/2010/1824

CMSQLite Multiple SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/1823

Microsoft Windows Shortcut 'LNK' Files Automatic File Execution Vulnerability
http://www.securityfocus.com/bid/41732

Unreal Tournament 3 'STEAMBLOB' Command Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/41764

IBM AIX FTP Server 'NLST' Command Information Disclosure Vulnerability
http://www.securityfocus.com/bid/41762

FreeType Versions Prior to 2.4.0 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/41663

MoreAmp '.maf' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40980

libpng Memory Corruption and Memory Leak Vulnerabilities
http://www.securityfocus.com/bid/41174

uplusware UplusFtp Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/38102

Multiple Vendor ToolTalk Heap Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41598

Ghostscript PostScript Identifier Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40103

Multiple Vendor 'rpc.pcnfsd' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40248

Apple iTunes 'itpc:' URI Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41789

OpenLDAP 'modrdn' Request Multiple Vulnerabilities
http://www.securityfocus.com/bid/41770

Calendarix 'cal_cat.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41769

icash Click&Rank 'admin.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41760

Kayako eSupport 'functions.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41756

Kayako eSupport 'newsid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/41779

Novell GroupWise Internet Agent 'CREATE' Verb Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41704

Joomla! HTML Injection and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/41743

Venalsur Booking Centre 'HotelID' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/32512

Linux Kernel 'find_keyring_by_name()' Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39719

Linux Kernel 'sctp_process_unk_param()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39794

Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36936

Mini-stream Software RM-MP3 Converter '.pls' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34514

Multiple BrotherScripts 'articledetails.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41368

Ghostscript PostScript Infinite Recursion Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40107

Ghostscript 'errprintf()' Function PDF Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37410

Libpng Library 'png_handle_tEXt()' Memory Leak Denial of Service Vulnerability
http://www.securityfocus.com/bid/31920

Oracle Business Process Management CVE-2010-2370 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/41617

CooolSoft PowerFTP 'RETR' Command Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41782

Siemens SIMATIC WinCC Default Password Security Bypass Vulnerability
http://www.securityfocus.com/bid/41753

UltraEdit Spell Checker Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41745

0 件のコメント:

コメントを投稿