IBM AIX FTP Core Dump Information Disclosure Security Issue
http://secunia.com/advisories/40617/
Siemens SIMATIC WinCC Undocumented Database User Account
http://secunia.com/advisories/40682/
Fedora update for bind
http://secunia.com/advisories/40709/
+ Tomcat 6.0.29 Released
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html
+ PHP 5.2.14, 5.3.3 Released
http://www.php.net/ChangeLog-5.php#5.2.14
http://www.php.net/ChangeLog-5.php#5.3.3
+ Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
http://www.php.net/ChangeLog-5.php#5.2.14
+ Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
http://www.php.net/ChangeLog-5.php#5.2.14
http://www.php.net/ChangeLog-5.php#5.3.3
+ Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531).
http://www.php.net/ChangeLog-5.php#5.2.14
http://www.php.net/ChangeLog-5.php#5.3.3
+ Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)
http://www.php.net/ChangeLog-5.php#5.2.14
+ Jetty 6.1.25 released
http://svn.codehaus.org/jetty/jetty/branches/jetty-6.1/VERSION.txt
+ Transport Layer Security Renegotiation Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml
+ CVE-2010-2387 Password disclosure vulnerability in GNOME Display Manager (gdm)
http://blogs.sun.com/security/entry/cve_2010_2387_password_disclosure
++ MySQL 5.1.49 released
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
++ Fixed a possible resource destruction issues in shm_put_var().
http://www.php.net/releases/5_3_3.php
++ Fixed a possible memory corruption in ArrayObject::uasort().
http://www.php.net/releases/5_3_3.php
++ Fixed a possible memory corruption in parse_str().
http://www.php.net/releases/5_3_3.php
++ Fixed a possible memory corruption in pack().
http://www.php.net/releases/5_3_3.php
++ Fixed a possible memory corruption in substr_replace().
http://www.php.net/releases/5_3_3.php
++ Fixed a possible memory corruption in addcslashes().
http://www.php.net/releases/5_3_3.php
++ Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().
http://www.php.net/releases/5_2_14.php
++ Fixed a possible stack exhaustion inside fnmatch().
http://www.php.net/releases/5_2_14.php
http://www.php.net/releases/5_3_3.php
++ Fixed a possible arbitrary memory access inside sqlite extension.
http://www.php.net/releases/5_2_14.php
http://www.php.net/releases/5_3_3.php
++ Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().
http://www.php.net/releases/5_2_14.php
++ Fixed handling of session variable serialization on certain prefix characters.
http://www.php.net/releases/5_2_14.php
http://www.php.net/releases/5_3_3.php
++ Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().
http://www.php.net/releases/5_2_14.php
++ Fixed a possible information leak because of interruption of XOR operator.
http://www.php.net/releases/5_3_3.php
Cisco Security Advisory: CDS Internet Streamer: Web Server Directory Traversal Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml
BIND 9.7.2b1 released
http://ftp.isc.org/isc/bind9/9.7.2b1/9.7.2b1
DBI-1.612_90 development released
http://search.cpan.org/~timb/DBI-1.612_90/
High-Tech Bridge SA : HTB22483 XSS vulnerability in Spitfire search
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33224
Slackware Linux : SSA:2010-202-03 seamonkey
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33202
Slackware Linux : SSA:2010-202-02 mozilla-thunderbird
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33203
Slackware Linux : SSA:2010-202-01 mozilla-firefox
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33204
Cisco : CDS Internet Streamer: Web Server Directory Traversal Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33206
JVNDB-2007-001206 Apache Geronimo の LoginModule 実装における認証要求を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001206.html
JVNDB-2007-001205 Apache Geronimo の management EJB における認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001205.html
JVNDB-2007-001204 Apache Geronimo の SQLLoginModule における認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001204.html
JVNDB-2010-001720 Snare Agent のウェブインターフェースにクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001720.html
JVNDB-2010-001719 Internet Navigware Server における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001719.html
JVNDB-2010-001665 Linux kernel の find_keyring_by_name 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001665.html
JVNDB-2010-001664 Linux kernel の sctp_process_unk_param 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001664.html
JVNDB-2010-001325 複数の Oracle 製品の Java 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001325.html
JVNDB-2009-002470 Linux kernel の NFSv4 クライアントの nfs4_proc_lock 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002470.html
JVNDB-2009-002319 SSL および TLS プロトコルに脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002319.html
JVNDB-2009-001911 XML 署名の検証において認証回避が可能な問題
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001911.html
vBulletin - Critical Information Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00200.html
XSS vulnerability in Spitfire
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00196.html
XSS vulnerability in Spitfire
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00197.html
XSS vulnerability in Spitfire
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00198.html
XSS vulnerability in Spitfire
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00199.html
XSS vulnerability in Spitfire search
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00194.html
ZDI-10-137: Hewlett-Packard OpenView NNM webappmon.exe execvp_nc Remote Code Execution V
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00193.html
ZDI-10-136: Novell Teaming ajaxUploadImageFile Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00195.html
Common sense in Spam identification
http://isc.sans.edu/diary.html?storyid=9232
Pre Podcast Portal Password SQL Injection Vulnerability
http://secunia.com/advisories/40705/
Pre Web Host Password SQL Injection Vulnerability
http://secunia.com/advisories/40667/
Apple Safari AutoFill Information Disclosure Weakness
http://secunia.com/advisories/40664/
CodeIgniter File Uploading Class File Upload Vulnerability
http://secunia.com/advisories/40696/
MyBB Advanced Stats on Index/Portal Plugin "subject" Script Insertion Vulnerability
http://secunia.com/advisories/40695/
Drupal Tagging Module Script Insertion Vulnerability
http://secunia.com/advisories/40698/
Cisco Content Delivery System Internet Streamer Directory Traversal Vulnerability
http://secunia.com/advisories/40701/
HP OpenView Network Node Manager "nnmRptConfig" Buffer Overflow
http://secunia.com/advisories/40697/
Pidgin X-Status Message Denial of Service Weakness
http://secunia.com/advisories/40699/
OpenTTD "NetworkSyncCommandQueue()" Endless Loop Denial of Service
http://secunia.com/advisories/40630/
AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities
http://securityreason.com/securityalert/7601
MULTIPLE REMOTE VULNERABILITIES --Small Pirates v-2.1-->
http://securityreason.com/securityalert/7600
HPSBOV02539 SSRT090267 rev.1 - HP OpenVMS Auditing, Local Information Disclosure
http://securityreason.com/securityalert/7599
HPSBMA02555 SSRT100064 rev.1 - HP Client Automation Enterprise Infrastructure (Radia)Remote Disclosure of Information
http://securityreason.com/securityalert/7598
Ghostscript 8.64 executes random code at startup
http://securityreason.com/securityalert/7597
ZipCentral (.zip) Buffer Overflow (SEH)
http://securityreason.com/securityalert/7596
Qt Memory Corruption Error in QTextEngine::LayoutData::reallocate() May Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jul/1024240.html
Cisco Content Delivery System Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2010/1881
RSA Federated Identity Manager URL Redirection Weakness
http://www.vupen.com/english/advisories/2010/1880
Fedora Security Update Fixes w3m Certificate Spoofing Vulnerability
http://www.vupen.com/english/advisories/2010/1879
Fedora Security Update Fixes Python-cjson Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1878
Fedora Security Update Fixes Libpng Two Vulnerabilities
http://www.vupen.com/english/advisories/2010/1877
Redhat Security Update Fixes Java Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/1876
Slackware Security Update Fixes Seamonkey Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1875
Slackware Security Update Fixes Thunderbird Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1874
Slackware Security Update Fixes Firefox Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1873
Debian Security Update Fixes ncompress Integer Underflow Vulnerability
http://www.vupen.com/english/advisories/2010/1872
Caner Hikaye Script "id" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1871
PHP Chat Module for 123 Flash Chat Local File Inclusion Vulnerability
http://www.vupen.com/english/advisories/2010/1870
EZ-Oscommerce Arbitrary File Creation and Upload Vulnerabilities
http://www.vupen.com/english/advisories/2010/1869
Omnistar Drive Management System Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/1868
MyWebFTP "mwh" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/1867
phpMyFAQ Search Page Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37020
Mozilla Firefox and Thunderbird 'SJOW' Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/41868
vBulletin 'faq.php' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/41875
NQcontent CMS 'admin/index.cfm' Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/41799
Cacti Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37109
Cacti Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/40332
Cacti 'rra_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/40149
Cacti Multiple Input Validation Security Vulnerabilities
http://www.securityfocus.com/bid/39639
UseBB BBcode Parsing Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37010
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Siemens SIMATIC WinCC Default Password Security Bypass Vulnerability
http://www.securityfocus.com/bid/41753
Openads (phpAdsNew) 'lib-remotehost.inc.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/25277
Mozilla Firefox and SeaMonkey Plugin Parameters Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41842
Mozilla Firefox 'about:blank' Document URI Spoofing Vulnerability
http://www.securityfocus.com/bid/41055
Mozilla Firefox and SeaMonkey 'NodeIterator' Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41845
Mozilla Firefox and SeaMonkey DOM Cloning Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41849
Mozilla Firefox and Thunderbird Character Mapping Security Weakness
http://www.securityfocus.com/bid/41866
Mozilla Firefox, Thunderbird, and SeaMonkey CVE-2010-1212 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41865
Multiple Mozilla Products Script Filename Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/41860
Mozilla Firefox, Thunderbird and SeaMonkey CSS Values Integer Overflow Vulnerability
http://www.securityfocus.com/bid/41852
Mozilla Firefox, Thunderbird, and SeaMonkey 'nsTreeSelection' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41853
libpng Memory Corruption and Memory Leak Vulnerabilities
http://www.securityfocus.com/bid/41174
Dell OpenManage 'file' Parameter URI Redirection Vulnerability
http://www.securityfocus.com/bid/40247
ZipCentral ZIP File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/18160
Multiple Mozilla Products 'importScripts()' Method Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/41871
Git 'gitdir' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41891
Apple Safari Personal Address Book AutoFill Information Disclosure Weakness
http://www.securityfocus.com/bid/41884
0 件のコメント:
コメントを投稿