+ 2010 年 8 月のセキュリティ情報 (定例外) http://www.microsoft.com/japan/technet/security/bulletin/ms10-aug.mspx
UPDATE: MS10-046 - Critical: Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)
http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx?pubDate=2010-08-03
[ANNOUNCE] Apache Commons Lang 3.0 Beta released
http://commons.apache.org/lang/api-3.0-beta/index.html
SUN ALERT WEEKLY SUMMARY REPORT
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021776.1-1
+ [ANNOUNCE]: Release of iptables-1.4.9
http://www.netfilter.org/news.html#
http://www.netfilter.org/projects/iptables/files/changes-iptables-1.4.9.txt
http://www.iptables.org/news.html#
http://www.iptables.org/projects/iptables/files/changes-iptables-1.4.9.txt
+ glibc 2.12.1 released
http://www.gnu.org/software/libc/libc.html
http://ftp.gnu.org/gnu/glibc/?C=M;O=D
- GnuPG 'GPGSM Tool' Certificate Importing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41945
ChronicDB v3.0 offers easy-to-use replication for PostgreSQL
http://www.postgresql.org/about/news.1224
Vulnerability in Citrix XenApp Online Plug-in for Windows could result in arbitrary code execution
http://support.citrix.com/article/CTX125976
Vulnerability in Citrix Online Plug-Ins and ICA Clients could result in arbitrary code execution
http://support.citrix.com/article/CTX125975
Debian : DSA 2084-1 New tiff packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33294
Hewlett-Packard : HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33314
Inj3ct0r.com : 68KB v1.0.0rc4 Remote File Include Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33316
Rapid7 : R7-0034 VxWorks WDB Agent Debug Service Remote Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33315
TheTestManager : Multiple XSS issues exist in Fusetalk forums.
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33301
DcLabs : DCA-0006 Baby ASP Web Server DoS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33308
DcLabs : DCA-0005 Baby POP Server DoS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33309
DcLabs : DCA-0007 Quick 'n Easy FTP Server v3.2
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33310
DcLabs : DCA-0008 Quick 'n Easy WEB Server DoS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33311
DcLabs : DCA-0004 Baby FTP Server DoS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33312
DcLabs : DCA-00014 Dlink WBR-2310 Wireless Router DoS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33313
[USN-964-2] Likewise Open regression
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00031.html
[SECURITY] [DSA 2085-1] New lftp packages fix file overwrite vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00030.html
[security bulletin] HPSBMA02563 SSRT100165 rev.1 - HP OpenView Network Node Manager (OV NNM), Re
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00022.html
68KB v1.0.0rc4 Remote File Include Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00025.html
[SECURITY] [DSA 2084-1] New tiff packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00024.html
[R7-0035] VxWorks Authentication Library Weak Password Hashing
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00026.html
[R7-0034] VxWorks WDB Agent Debug Service Exposure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00023.html
TWSL2010-003: Unauthorized access to root NFS export on EMC Celerra NAS appliance
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00021.html
[DCA-00014] Dlink WBR-2310 Wireless Router DoS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00020.html
[DCA-0009] - NetWordDLS Finger Server Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00028.html
[DCA-0003] Simple Web Server DoS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00027.html
JVNDB-2010-001760 Oracle Solaris における TCP/IP の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001760.html
JVNDB-2010-001759 Oracle Solaris における GigaSwift Ethernet ドライバの処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001759.html
JVNDB-2010-001758 Oracle Solaris における ZFS の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001758.html
JVNDB-2010-001757 Oracle Solaris における rdist の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001757.html
JVNDB-2008-002432 複数の製品の ftpd におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002432.html
JVNDB-2010-001522 MySQL の DROP TABLE コマンドにおけるシンボリックリンク攻撃の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001522.html
JVNDB-2010-001514 MySQL におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001514.html
JVNDB-2010-001513 MySQL の my_net_skip_rest 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001513.html
JVNDB-2010-001512 MySQL におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001512.html
JVNDB-2009-002504 MySQL で使用される yaSSL における複数のスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002504.html
JVNDB-2009-002318 OpenLDAP における任意の SSL サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002318.html
When Lightning Strikes
http://isc.sans.edu/diary.html?storyid=9319
Solar activity may cause problems this week
http://isc.sans.edu/diary.html?storyid=9322
SUSE update for Multiple Packages
http://secunia.com/advisories/40855/
Cetera eCommerce Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/40763/
Apple Mac OS X WebDAV Kernel Extension Local Denial of Service
http://secunia.com/advisories/40674/
Apple iOS Security Bypass and PDF File Processing Vulnerability
http://secunia.com/advisories/40807/
VxWorks loginLib Default Password Hashing Algorithm Security Issue
http://secunia.com/advisories/40803/
SUSE update for kernel
http://secunia.com/advisories/40856/
Fedora update for kernel
http://secunia.com/advisories/40839/
Red Hat update for tomcat5
http://secunia.com/advisories/40813/
Citrix XenApp Online Plug-in ActiveX Control Code Execution Vulnerability
http://secunia.com/advisories/40819/
Citrix XenApp Online Plug-in ActiveX Control Code Execution Vulnerability
http://secunia.com/advisories/40821/
Red Hat update for tomcat5 and tomcat6
http://secunia.com/advisories/40846/
Red Hat update for tomcat5
http://secunia.com/advisories/40847/
Red Hat update for lftp
http://secunia.com/advisories/40814/
Fedora update for gnupg2
http://secunia.com/advisories/40841/
Debian update for moin
http://secunia.com/advisories/40836/
Red Hat update for jbossweb
http://secunia.com/advisories/40848/
Citrix XenApp Online Plug-in and ICA Clients Code Execution Vulnerability
http://secunia.com/advisories/40808/
Debian update for tiff
http://secunia.com/advisories/40834/
Fedora update for perl
http://secunia.com/advisories/40840/
Citrix Online Plug-in and ICA Client Connection Flaw Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Aug/1024278.html
Citrix XenApp Online Plug-in for Windows Flaw Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Aug/1024277.html
VxWorks loginLib Authentication API Hashing Collision Lets Remote Users Conduct Brute Force Password Guessing Attacks
http://securitytracker.com/alerts/2010/Aug/1024276.html
Wind River VxWorks Weak Hashing Algorithm and Debug Service Access
http://www.vupen.com/english/advisories/2010/1994
SuSE Security Update Fixes Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1993
Apple iPhone / iPad / iPod Code Execution and Sandbox Bypass
http://www.vupen.com/english/advisories/2010/1992
SuSE Security Update Fixes Kernel Multiple Local Vulnerabilities
http://www.vupen.com/english/advisories/2010/1991
Fedora Security Update Fixes Perl Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/1990
Fedora Security Update Fixes Kernel Two Local Vulnerabilities
http://www.vupen.com/english/advisories/2010/1989
Fedora Security Update Fixes GnuPG Use-after-free Vulnerability
http://www.vupen.com/english/advisories/2010/1988
Fedora Security Update Fixes MySQL Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1987
Redhat Security Update Fixes Tomcat Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1986
Redhat Security Update Fixes JBoss Web Information Disclosure Issues
http://www.vupen.com/english/advisories/2010/1985
Redhat Security Update Fixes lftp File Overwrite Vulnerability
http://www.vupen.com/english/advisories/2010/1984
Redhat Security Update Fixes Java Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1983
Debian Security Update Fixes TIFF Integer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/1982
Debian Security Update Fixes Moin Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/1981
FathFTP 1.8 (SEH) ActiveX Buffer Overflow
http://www.exploit-db.com/exploits/14539/
Unauthorized Access to Root NFS Export on EMC Celerra NAS Appliance
http://www.exploit-db.com/exploits/14536/
Progitek Visionner Photos v2.0 - File Format DOS
http://www.exploit-db.com/exploits/14545/
Apple iOS pdf Jailbreak Exploit
http://www.exploit-db.com/exploits/14538/
Mini-stream RM-MP3 Converter/WMDownloader/ASX to MP3 Cnvrtr Stack Buffer Overflow
http://www.exploit-db.com/exploits/14532/
WM Downloader 3.1.2.2 Buffer Overflow Exploit
http://www.exploit-db.com/exploits/14527/
HP OpenView Network Node Manager 'OvJavaLocale' Cookie Value Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42154
All Enthusiast Photopost PHP Pro Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/9994
RETIRED: PhotoPost PHP 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41916
Avast! Internet Security 'aswFW.sys' Driver IOCTL Handling Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/42148
RETIRED: PhotoPost 'showphoto.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/41946
All Enthusiast Photopost PHP Pro SQL Injection Vulnerability
http://www.securityfocus.com/bid/9557
68designs 68kb Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/39845
Multiple SpringSource Products HTML Injection and Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/42141
LibTIFF FAX3 Decoder Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40823
Linux Kernel CVE-2010-2066 Donor File Security Bypass Vulnerability
http://www.securityfocus.com/bid/41466
GnuPG 'GPGSM Tool' Certificate Importing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41945
Oracle MySQL 'ALTER DATABASE' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/41198
Multiple Mini-stream Software Products '.m3u' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34494
phpCAS Service Ticket Validation Session Hijacking Vulnerability
http://www.securityfocus.com/bid/42162
phpCAS CAS Proxy Mode Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/42160
FuseTalk Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/42157
PMSoftware Simple Web Server 'From:' Header Processing Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42155
D-Link WBR-2310 Web Server HTTP GET Request Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/42153
Citrix XenApp Online Plug-in ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42149
0 件のコメント:
コメントを投稿