+ Sudo 1.7.4p4 released
http://www.sudo.ws/sudo/news.html
http://www.sudo.ws/sudo/changes.html
+ RHSA-2010:0675-1: Important: sudo security update
http://rhn.redhat.com/errata/RHSA-2010-0675.html
+ RHSA-2010:0679-1: Moderate: rpm security and bug fix update
http://rhn.redhat.com/errata/RHSA-2010-0679.html
+ RHSA-2010:0676-1: Important: kernel security update
http://rhn.redhat.com/errata/RHSA-2010-0676.html
+ RHSA-2010:0678-1: Moderate: rpm security update
http://rhn.redhat.com/errata/RHSA-2010-0678.html
- Flaw in Runas group matching
http://www.sudo.ws/sudo/alerts/runas_group.html
http://secunia.com/advisories/41316/
http://securitytracker.com/alerts/2010/Sep/1024392.html
[ANNOUNCE] PostgreSQL 9.1alpha1 Now Available
http://developer.postgresql.org/pgdocs/postgres/release-9-1-alpha.html
About the security content of Safari 5.0.2 and Safari 4.1.2
http://support.apple.com/kb/HT4333
Google Chrome 6.0.472.55 released
http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates.html
Mozilla Firefox 3.5.12, 3.6.9 released
Thunderbird 3.1.3 and 3.0.7 security updates now available
https://developer.mozilla.org/devnews/index.php/2010/09/07/thunderbird-3-1-3-and-3-0-7-security-updates-now-available/
Thunderbird 3.1.3 and 3.0.7 Updates Are Now Available
http://www.mozillamessaging.com/en-US/about/press/archive/-01
phpMyAdmin 3.3.7 and 2.11.11 released
http://sourceforge.net/news/?group_id=23067&id=291432
SQUID-2010:3: Denial of service in request processing
http://www.squid-cache.org/Advisories/SQUID-2010_3.txt
HPSBMA02574 SSRT100038 rev.1 - HP ProLiant G6 Lights-Out 100, Remote Management, Denial of Service (DoS)
http://www13.itrc.hp.com/service/cki/docDisplay.do?admit=109447627+1283910304294+28353475&docId=emr_na-c02498412
PostgreSQL 9.1alpha1 Now Available
http://www.postgresql.org/about/news.1233
Debian : [DSA-2102-1] New barnowl packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33625
VUPEN Security : [VUPEN-SR-2010-249] Google Chrome Focus Processing Memory Corruption Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33626
Gentoo Linux : [GLSA 201009-01] wxGTK: User-assisted execution of arbitrary code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33622
Hewlett-Packard : HP Operations Local Elevation of Privileges and Remote Execution of Arbitrary Code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33623
カスペルスキーがセキュリティ対策ソフトの新版を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20100908/351845/?ST=security
ティエスエスリンク、パソコンの画面キャプチャー&印刷防止ソフト
http://itpro.nikkeibp.co.jp/article/NEWS/20100908/351814/?ST=security
「メール添付のlnkファイルにも注意」、Windowsの脆弱性悪用ウイルス
USBメモリー経由以外でも感染拡大、トレンドマイクロが注意喚起
http://itpro.nikkeibp.co.jp/article/NEWS/20100908/351844/?ST=security
「国内での訴訟対応にも有効」、シマンテックがアーカイブソフトの新版
http://itpro.nikkeibp.co.jp/article/NEWS/20100907/351830/?ST=security
[USN-983-1] Sudo vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00034.html
Security problems in Zenphoto version 1.3
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00036.html
[TEHTRI-Security Training + 0days] "Hunting Web Attackers" at HITBSecConf
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00030.html
[ GLSA 201009-03 ] sudo: Privilege Escalation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00029.html
The Zed Attack Proxy (ZAP) version 1.0.0
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00040.html
[SECURITY] [DSA-2104-1] New quagga packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00031.html
XSS in Horde Application Framework <=3.3.8, icon_browser.php
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00038.html
[ MDVSA-2010:171 ] lvm2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00041.html
[SECURITY] [DSA-2103-1] New smbind packages fix sql injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00039.html
H2HC =?ISO-8859-1?Q?S=E3o_Paulo_-_Capture_the_Captcha?=
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00037.html
Call for Papers H2HC Cancun/Mexico and H2HC Sao Paulo/Brazil
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00035.html
nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00033.html
Joomla Component Clantools version 1.5 Blind SQL Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00032.html
Joomla Component Clantools version 1.2.3 Multiple Blind SQL Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00028.html
chillyCMS Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00026.html
Microsoft Internet explorer 8 DLL Hijacking (IESHIMS.DLL)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00025.html
SSH password authentication insight and analysis by DRG
http://isc.sans.edu/diary.html?storyid=9508
MySource Matrix "height" and "width" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/41295/
Gentoo update for sudo
http://secunia.com/advisories/40508/
DynPage "file" File Disclosure Vulnerability
http://secunia.com/advisories/41317/
Sudo Runas Group Matching Vulnerability
http://secunia.com/advisories/41316/
Horde Application Framework "subdir" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/41283/
Weborf Directory Traversal Vulnerability
http://secunia.com/advisories/41286/
Joomla! Aardvertiser Component "cat_name" SQL Injection
http://secunia.com/advisories/41293/
Gentoo update for maildrop
http://secunia.com/advisories/41281/
Debian update for quagga
http://secunia.com/advisories/41238/
MyBB Password Reset Weak Random Numbers Vulnerability
http://www.securiteam.com/securitynews/5YP2V202KK.html
Mozilla Firefox NodeIterator Code Execution Vulnerability
http://www.securiteam.com/securitynews/5ZP2W202KM.html
Horde Application Framework Input Validation Flaw in 'icon_browser.php' Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Sep/1024399.html
Sudo Runas Group Matching Error Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Sep/1024392.html
HP OpenView NNM webappmon.exe execvp_nc Remote Code Execution
http://securityreason.com/securityalert/7734
Weborf HTTP Requests Processing Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2010/2311
Aardvertiser for Joomla "cat_name" SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/2310
DMXReady Polling Booth Manager "QuestionID" SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/2309
Microsoft Internet Explorer CSS Cross Domain Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/2308
Turbolinux Security Update Fixes w3m Certificate Spoofing Vulnerability
http://www.vupen.com/english/advisories/2010/2307
Turbolinux Security Update Fixes OpenLDAP Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/2306
Turbolinux Security Update Fixes Multiple httpd/APR Vulnerabilities
http://www.vupen.com/english/advisories/2010/2305
Debian Security Update Fixes Quagga Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/2304
Gentoo Security Update Fixes Maildrop Privilege Escalation Issue
http://www.vupen.com/english/advisories/2010/2303
Mandriva Security Update Fixes lvm2 Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/2302
Integard Home and Pro v2 Remote HTTP Buffer Overflow Exploit
http://www.exploit-db.com/exploits/14941/
Internet Download Accelerator 5.8 Remote Buffer Overflow PoC
http://www.exploit-db.com/exploits/14938/
QQPlayer 2.3.696.400p1(.wav) Denial of Service Vulnerability
http://www.exploit-db.com/exploits/14937/
MOAUB #7 - Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Buffer overflow
http://www.exploit-db.com/exploits/14928/
Adobe Acrobat and Reader (CVE-2010-2208) Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41244
Adobe Acrobat and Reader Flash Content Parsing Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41245
Adobe Acrobat and Reader CVE-2010-2211 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41243
Adobe Acrobat and Reader CVE-2010-2210 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41242
Adobe Acrobat and Reader 'AcroForm.api' GIF Image Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41241
Adobe Acrobat and Reader CVE-2010-2209 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41240
Adobe Acrobat and Reader CVE-2010-2203 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41235
Adobe Acrobat and Reader CVE-2010-2207 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41239
Adobe Acrobat and Reader 'pushstring' and 'debugfile' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41237
Adobe Acrobat and Reader CLOD Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41234
Adobe Acrobat and Reader CoolType Typography Engine Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/41231
Adobe Acrobat and Reader 'newfunction' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41236
Adobe Acrobat and Reader 'AcroForm.api' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41238
Adobe Acrobat and Reader 'newclass' Flash Content Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41232
Adobe Acrobat and Reader CVE-2010-1295 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41230
Adobe Acrobat and Reader CVE-2010-0204 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39522
Adobe Acrobat and Reader GIF Data Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39514
Adobe Acrobat and Reader CVE-2010-0197 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39518
Adobe Acrobat and Reader BMP Data Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39507
Adobe Acrobat and Reader JPEG Data Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39511
Adobe Flash Player, Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40586
Adobe Acrobat and Reader CVE-2010-0201 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39520
Adobe Acrobat and Reader CVE-2010-1241 'CoolType.dll' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39470
Adobe Acrobat and Reader PNG Data Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39505
Adobe Acrobat and Reader CVE-2010-0193 Denial of Service Vulnerability
http://www.securityfocus.com/bid/39524
Adobe Acrobat and Reader CVE-2010-0192 Denial of Service Vulnerability
http://www.securityfocus.com/bid/39523
Adobe Acrobat and Reader Prefix Protocol Handler Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39517
Multiple Adobe Products Unspecified Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/38198
Adobe Acrobat and Reader CVE-2010-0195 Embedded Font Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39417
Adobe Acrobat and Reader CVE-2010-0190 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39515
Adobe Reader and Acrobat 'newplayer()' JavaScript Method Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37331
Adobe Acrobat and Reader CVE-2010-0194 X3D Component Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39469
Adobe Reader and Acrobat U3D Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37758
Adobe Acrobat and Reader CVE-2010-0188 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38195
Adobe Acrobat and Reader CLOD Mesh Declaration Block Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39521
ClamAV Security Bypass And Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/39262
ClamAV 'parseicon()' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40318
ClamAV 'cli_pdf()' PDF File Processing Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40317
Unsniff Network Analyzer '.usnf' File Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34396
SARG Multiple Unspecified Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/29141
AIMP '.pls' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41857
Sorinara Soritong MP3 Player '.m3u' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34863
Autonomy KeyView Filter Module Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/41928
Todd Miller Sudo Runas Group Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/43019
RPM Package Update File Attribute Security Bypass Vulnerability
http://www.securityfocus.com/bid/40512
Google Chrome prior to 6.0.472.53 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/42952
Novell Netware FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/39041
Webkit Floating Point Datatype Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/43047
Multiple ColdGen Products 'index.cfm' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/43035
QQPlayer '.wav' File Denial Of Service Vulnerability
http://www.securityfocus.com/bid/43033
Zenphoto Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/43021
DynPage 'dynpage_load.php' Local File Disclosure Vulnerability
http://www.securityfocus.com/bid/43018
Weborf HTTP 'modURL()' Function Directory Traversal Vulnerability
http://www.securityfocus.com/bid/43016
0 件のコメント:
コメントを投稿