:: IT Security Neophyte Investigator's MEMO ::: 10月 2010

2010年10月31日日曜日

31日日曜日

2010年10月29日金曜日

29日金曜日、赤口

+ Linux kernel 2.6.27.55, 2.6.32.25, 2.6.35.8 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.55

+ RHSA-2010:0811-1: Important: cups security update
http://rhn.redhat.com/errata/RHSA-2010-0811.html

Linux kernel Kernel release: 2.6.27.55
http://www.linux.org/news/2010/10/29/0001.html

【USダウンロードサーバダウンのお知らせ】
http://www-935.ibm.com/services/jp/index.wss/offerfamily/its/b1331513

RHSA-2010:0812-1: Moderate: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2010-0812.html

プレス発表
「2009年国内における情報セキュリティ事象被害状況調査」報告書の公開について
～中小企業はウェブ関連のセキュリティ対策推進や適切な情報源の理解・認識が必要～
http://www.ipa.go.jp/about/press/20101029.html

JVN#72541530 Active! mail 6 における HTTP ヘッダインジェクションの脆弱性
http://jvn.jp/jp/JVN72541530/index.html

JVNVU#402231 Adobe Shockwave Player に脆弱性
http://jvn.jp/cert/JVNVU402231/index.html

JVNVU#298081 Adobe Flash に脆弱性
http://jvn.jp/cert/JVNVU298081/index.html

Ubuntu update for xulrunner
http://secunia.com/advisories/42003/

Adobe Shockwave Player Has Multiple Flaws That Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Oct/1024664.html

LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form
http://securityreason.com/securityalert/7853

HP Virtual Connect Enterprise Manager (VCEM) Arbitrary File Download
http://securityreason.com/securityalert/7852

Oracle Sun Java System Web Server - HTTP Response Splitting
http://securityreason.com/securityalert/7851

Home FTP Server Post-Auth Directory Traversal
http://www.exploit-db.com/exploits/15349/

+ Microsoft Windows Environment Variable Expansion Library Loading Vulnerability
http://secunia.com/advisories/41984/

+- Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability
http://www.securityfocus.com/bid/44242
http://www.exploit-db.com/exploits/15344/

[ANNOUNCE] Apache MINA 2.0.1 released
http://mina.apache.org/downloads.html

APSB10-25: Security update available for Shockwave Player
http://www.adobe.com/support/security/bulletins/apsb10-25.html

APSA10-05: Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa10-05.html

UPDATE: APSA10-04: Security Advisory for Adobe Shockwave Player
http://www.adobe.com/support/security/advisories/apsa10-04.html

HPSBMA02607 SSRT100214 rev.1 - HP Insight Control for Linux, Remote Cross Site Request Forgery (CSRF)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02573692

HPSBMA02606 SSRT100321 rev.1 - HP Insight Orchestration Software for Windows, Remote Arbitrary File Download, Unauthorized Access
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02573285

HPSBMA02602 SSRT100317 rev.1 - HP Insight Control Performance Management for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Cross Site Request Forgery (CSRF)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02563642

HPSBMA02598 SSRT100314 rev.2 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Cross Site Request Forgery (CSRF)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02560655

HPSBMA02605 SSRT100238 rev.1 - HP Insight Managed System Setup Wizard for Windows, Remote Arbitrary File Download
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02573176

HPSBMA02604 SSRT100320 rev.1 - HP Insight Recovery for Windows, Remote Cross Site Scripting (XSS), Arbitrary File Download
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02571464

HPSBMA02600 SSRT100239 rev.1 - HP Insight Control Performance Management for Windows, Remote Arbitrary File Download
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02574359

サイトメンテナンスのお知らせ [2010/10/28（木）22:00?24:00]
http://asteria.jp/news/20101028-165634.html

Mandriva : [MDVSA-2010:213] xulrunner unspecified vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34039

Red Hat : [RHSA-2010:0810-01] Critical: seamonkey security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34047

SuSE : [SUSE-SA:2010:052] glibc code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34042

SuSE : [SUSE-SA:2010:053] Linux kernel privilege escalation
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34043

Ubuntu Security Notice : [USN-1011-1] Firefox buffer-overflow vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34040

Cisco : [cisco-sa-20101027-cs] CiscoWorks Common Services Arbitrary Code Execution Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34048

Digital Security Research Group : [DSECRG-09-032] Oracle Application Server - Linked XSS vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34053

DSecRG : [DSECRG-09-029] Oracle BI Publisher Enterprise 10 - Response Splitting
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34061

High-Tech Bridge SA : [HTB22653] Authentication bypass in phpLiterAdmin
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34051

High-Tech Bridge SA : [HTB22642] XSS vulnerability in Zomplog
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34066

Independent Researcher : Secunia PSI Insecure Library Loading Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34056

Red Hat : [RHSA-2010:0807-01] Critical: java-1.5.0-ibm security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34044

Red Hat : [RHSA-2010:0808-01] Critical: firefox security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34045

Red Hat : [RHSA-2010:0809-01] Critical: xulrunner security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34046

rPath : [rPSA-2010-0073-1] lftp
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34057

rPSA : [rPSA-2010-0072-1] curl denial-of-service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34059

rPSA : [rPSA-2010-0075-1] sudo
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34060

Secunia : Winamp VP6 Content Parsing Buffer Overflow Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34063

Slackware Linux : [SSA:2010-300-01] seamonkey
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34041

「非出会い系」での児童被害、半数以上が「健全」サイトで発生
フィルタリングしても被害の恐れ、ただし被害者の9割以上は利用せず
http://itpro.nikkeibp.co.jp/article/Research/20101028/353586/?ST=security

[USN-1011-2] Thunderbird vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00272.html

[ MDVSA-2010:213 ] xulrunner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00270.html

nSense-2010-002: Teamspeak 2 Windows client
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00271.html

[USN-1011-1] Firefox vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00268.html

JVNDB-2010-001173 Apache HTTP Server の ap_proxy_ajp_request 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001173.html

JVNDB-2010-001071 Apache Tomcat におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001071.html

JVNDB-2010-001070 Apache Tomcat におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001070.html

JVNDB-2010-000039 Lhaplus における実行ファイル読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000039.html

JVNDB-2009-002188 Apache HTTP Server の mod_proxy_ftp モジュールにおけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002188.html

JVNDB-2009-002187 Apache HTTP Server の ap_proxy_ftp_handler 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002187.html

JVNDB-2009-001892 Apache httpd の mod_deflate モジュールにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001892.html

JVNDB-2009-001884 Apache HTTP Server の mod_proxy におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001884.html

JVNDB-2009-001562 Apache HTTP Server における AllowOverride ディレクティブの処理に関する権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001562.html

JVNDB-2009-001282 Apache HTTP Server の mod_proxy_ajp モジュールにおける情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001282.html

JVNDB-2010-002208 複数の Microsoft 製品の Comctl32.dll におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002208.html

JVNDB-2010-002207 複数の Microsoft 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002207.html

JVNDB-2010-002206 Microsoft Excel および Microsoft Office における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002206.html

JVNDB-2010-002205 複数の Microsoft 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002205.html

JVNDB-2010-002204 Microsoft Excel における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002204.html

JVNDB-2010-002203 複数の Microsoft 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002203.html

JVNDB-2010-002202 複数の Microsoft 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002202.html

JVNDB-2010-002201 複数の Microsoft 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002201.html

JVNDB-2010-002200 Microsoft Excel における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002200.html

JVNDB-2010-002199 Microsoft Excel および Microsoft Office における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002199.html

CVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability
http://isc.sans.edu/diary.html?storyid=9835

TeamSpeak Client Voice Packet Processing Vulnerability
http://secunia.com/advisories/42014/

SUSE update for kernel
http://secunia.com/advisories/42001/

SUSE update for glibc
http://secunia.com/advisories/42002/

Google Chrome Flash Player Unspecified Code Execution Vulnerability
http://secunia.com/advisories/42031/

Adobe Reader / Acrobat Unspecified Code Execution Vulnerability
http://secunia.com/advisories/42030/

Adobe Flash Player Unspecified Code Execution Vulnerability
http://secunia.com/advisories/41917/

FrontAccounting Two SQL Injection Vulnerabilities
http://secunia.com/advisories/41976/

Weborf HTTP Request Processing Denial of Service Vulnerability
http://secunia.com/advisories/40590/

Palm Pre WebOS Multiple Vulnerabilities
http://secunia.com/advisories/42023/

n2 n2view Authentication Bypass Vulnerability
http://secunia.com/advisories/42007/

Spring Security Constraints Security Bypass Vulnerability
http://secunia.com/advisories/42024/

HP Storage Essentials LDAP Authentication Security Bypass Vulnerability
http://secunia.com/advisories/42022/

ENOVIA Unspecified Vulnerability
http://secunia.com/advisories/42029/

Fedora update for subversion
http://secunia.com/advisories/42016/

Microsoft Windows Environment Variable Expansion Library Loading Vulnerability
http://secunia.com/advisories/41984/

Ubuntu update for firefox
http://secunia.com/advisories/41761/

Red Hat update for firefox
http://secunia.com/advisories/41969/

Red Hat update for seamonkey
http://secunia.com/advisories/41965/

Red Hat update for xulrunner
http://secunia.com/advisories/41966/

Fedora update for firefox and xulrunner
http://secunia.com/advisories/42019/

Oracle Mojarra Cryptographic Padding Oracle Information Disclosure
http://secunia.com/advisories/41981/

AlstraSoft E-Friends Local File Inclusion and Arbitrary File Upload Vulnerabilities
http://secunia.com/advisories/42013/

CiscoWorks Common Services Buffer Overflow Vulnerability
http://secunia.com/advisories/42011/

Drupal Watcher Module Multiple Vulnerabilities
http://secunia.com/advisories/41952/

Red Hat update for java-1.5.0-ibm
http://secunia.com/advisories/41967/

NetBSD update for openssl
http://secunia.com/advisories/41961/

IBM HTTP Server Information Disclosure and Denial of Service Vulnerabilities
http://secunia.com/advisories/42027/

Mozilla Thunderbird "document.write()" and DOM Insertion Vulnerability
http://secunia.com/advisories/41975/

Fedora update for sepostgresql
http://secunia.com/advisories/42018/

IBM HTTP Server "mod_dav" Denial of Service Vulnerability
http://secunia.com/advisories/42028/

Fedora update for apr-util
http://secunia.com/advisories/42015/

Adobe Reader and Acrobat Flaw in 'authplay.dll' Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Oct/1024660.html

Adobe Flash Player Flaw Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Oct/1024659.html

Palm webOS Camera Application Lets Local Users Overwrite Arbitrary Files
http://securitytracker.com/alerts/2010/Oct/1024658.html

HP LoadRunner Web Tours Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/Oct/1024657.html

Palm webOS Doc Viewer Flaw in Processing Word Documents Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/Oct/1024656.html

Vulnerability Note VU#298081: Adobe Flash code execution vulnerability
http://www.kb.cert.org/vuls/id/298081

FreePBX Recordings Interface Code Execution Vulnerability
http://www.securiteam.com/unixfocus/6T03G2A00K.html

IBM Proventia Mail Security System Insecure Direct Object Reference Vulnerability
http://www.securiteam.com/securitynews/6U03H2A00C.html

IBM Proventia Network Mail Security System - Cross-Site Request Forgery Vulnerabilities
http://www.securiteam.com/securitynews/6V03I2A00I.html

Adobe Acrobat and Reader "authplay.dll" Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/2811

Adobe Flash Player Content Processing Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/2810

Palm webOS Multiple Code Execution and File Overwrite Vulnerabilities
http://www.vupen.com/english/advisories/2010/2809

Fedora Security Update Fixes Multiple Local Kernel Vulnerabilities
http://www.vupen.com/english/advisories/2010/2808

Fedora Security Update Fixes Ocsinventory-Agent Vulnerability
http://www.vupen.com/english/advisories/2010/2807

Fedora Security Update Fixes Apr-util Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/2806

Fedora Security Update Fixes Subversion Unauthorized Access Issue
http://www.vupen.com/english/advisories/2010/2805

Fedora Security Update Fixes SEPostgreSQL Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/2804

Fedora Security Update Fixes Firefox and Xulrunner Vulnerabilities
http://www.vupen.com/english/advisories/2010/2803

Fedora Security Update Fixes NSS Certificate Processing Vulnerability
http://www.vupen.com/english/advisories/2010/2802

Redhat Security Update Fixes SeaMonkey Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/2801

Redhat Security Update Fixes XULRunner Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/2800

Redhat Security Update Fixes Firefox Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/2799

Redhat Security Update Fixes Java Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/2798

Ubuntu Security Update Fixes Firefox Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/2797

Slackware Security Update Fixes Seamonkey Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/2796

XBMC 9.04.1r20672 soap_action_name post upnp sscanf Buffer Overflow
http://www.exploit-db.com/exploits/15347/

Platinum SDK Library post upnp sscanf Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/15346/

Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability
http://www.exploit-db.com/exploits/15344/

Firefox Memory Corruption Proof of Concept (Simplified)
http://www.exploit-db.com/exploits/15342/

Firefox Interleaving document.write and appendChild Denial of Service
http://www.exploit-db.com/exploits/15341/

Linux Kernel GFS2 Directory Rename NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/42124

Adobe Shockwave Player 'dirapi.dll' CVE-2010-4084 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44520

Linux Kernel CVE-2010-2240 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42505

libHX 'HX_split()' Remote Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/42592

Mozilla Firefox SeaMonkey and Thunderbird 'document.write' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44247

Mozilla Firefox SeaMonkey Thunderbird Modal Calls Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/44252

Mozilla Firefox SeaMonkey and Thunderbird 'LookupGetterOrSetter' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44249

Mozilla Firefox and SeaMonkey Gopher Parser Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/44253

Mozilla Firefox SeaMonkey and Thunderbird 'nsBarProp' Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44248

Mozilla Firefox SeaMonkey and Thunderbird 'LD_LIBRARY_PATH' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44251

GNU glibc Dynamic Linker 'LD_AUDIT' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44347

Mozilla Firefox SeaMonkey and Thunderbird CVE-2010-3176 Multiple Memory-Corruption Vulnerabilities
http://www.securityfocus.com/bid/44243

Mozilla Firefox and Thunderbird CVE-2010-3175 Multiple Memory-Corruption Vulnerabilities
http://www.securityfocus.com/bid/44245

Mozilla Firefox 3.5/3.6 Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44425

Linux Kernel CIFS DNS Lookup Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/41904

Linux Kernel XSF 'SWAPEXT' IOCTL Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40920

Linux Kernel CVE-2010-2066 Donor File Security Bypass Vulnerability
http://www.securityfocus.com/bid/41466

Linux Kernel XDR Implementation Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/42249

Linux Kernel Bluetooth Sysfs File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38898

Xen 'arch/ia64/xen/faults.c' Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40776

Linux Kernel CIFS 'CIFSSMBWrite()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/42242

Multiple Browser Wild Card Certificate Spoofing Vulnerability
http://www.securityfocus.com/bid/42817

Oracle Java SE and Java for Business CVE-2010-3574 Remote Networking Vulnerability
http://www.securityfocus.com/bid/44011

Oracle Java SE and Java for Business CVE-2010-3566 ICC Profile Vulnerability
http://www.securityfocus.com/bid/43988

Oracle Java SE and Java for Business CVE-2010-3562 Remote 2D Vulnerability
http://www.securityfocus.com/bid/43979

Oracle Java SE and Java for Business 'defaultReadObject' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44016

Oracle Java SE and Java for Business CVE-2010-3567 Remote 2D Vulnerability
http://www.securityfocus.com/bid/43992

Oracle Java SE and Java for Business CVE-2010-3573 Same Origin Bypass Vulnerability
http://www.securityfocus.com/bid/44028

Oracle Java SE and Java for Business CVE-2010-3565 JPEGImageWriter.writeImage Vulnerability
http://www.securityfocus.com/bid/43985

Oracle Java SE and Java for Business CVE-2010-3568 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/44012

Oracle Communications Messaging Server CVE-2010-3564 Webmail Remote Vulnerability
http://www.securityfocus.com/bid/43963

Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935

Oracle Java SE and Java for Business CVE-2010-3553 Remote Swing Vulnerability
http://www.securityfocus.com/bid/44035

Oracle Java SE and Java for Business CVE-2010-3541 Remote Networking Vulnerability
http://www.securityfocus.com/bid/44032

Oracle Java SE and Java for Business CVE-2010-3549 HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/44027

Oracle Java SE and Java for Business CVE-2010-3557 Remote Swing Vulnerability
http://www.securityfocus.com/bid/44014

Oracle Java SE and Java for Business CVE-2010-3551 Remote Networking Vulnerability
http://www.securityfocus.com/bid/44009

Oracle Java SE and Java for Business CVE-2010-3548 Remote JNDI Vulnerability
http://www.securityfocus.com/bid/44017

Oracle Java SE and Java for Business CVE-2010-3554 Remote CORBA Vulnerability
http://www.securityfocus.com/bid/43994

Oracle Java SE and Java for Business CVE-2010-3561 Remote CORBA Vulnerability
http://www.securityfocus.com/bid/44013

Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability
http://www.securityfocus.com/bid/44242

Adobe Shockwave Player 'dirapi.dll' CVE-2010-2581 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44512

Adobe Shockwave Player rcsL Chunk EAX Register Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44291

Adobe Acrobat, Reader and Flash CVE-2010-3654 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44504

Free Joke Script Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/33760

WP-Lytebox 'main.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/35098

AIMP 'MP3' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44369

Linux Kernel Reliable Datagram Sockets (RDS) Protocol Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44219

GNU glibc 'ld.so' ELF Header Parsing Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40063

GNU glibc Dynamic Linker '$ORIGIN' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44154

glibc and eglibc 'nis/nss_nis/nis-pwd.c' Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37885

Multiple BSD Platforms 'strfmon()' Function Integer Overflow Weakness
http://www.securityfocus.com/bid/28479

Subversion Server 'SVNPathAuthz' Restriction Security Bypass Vulnerability
http://www.securityfocus.com/bid/43678

Linux Kernel 915 GEM IOCTL Local Memory Overwrite Vulnerability
http://www.securityfocus.com/bid/44067

MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40235

Oracle Java SE and Java for Business CVE-2010-3556 Remote 2D Vulnerability
http://www.securityfocus.com/bid/43971

Oracle Java SE and Java for Business CVE-2010-3550 Remote Java Web Start Vulnerability
http://www.securityfocus.com/bid/44040

Oracle Java SE and Java for Business CVE-2010-3559 HeadspaceSoundbank.nGetName Vulnerability
http://www.securityfocus.com/bid/44026

Oracle Java SE and Java for Business CVE-2010-3572 Remote Sound Vulnerability
http://www.securityfocus.com/bid/44030

OpenSSL 'ssl3_get_key_exchange()' Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42306

Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40827

Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/41963

OCS Inventory NG Agent 'Backend.pm' Perl Module Handling Code Execution Vulnerability
http://www.securityfocus.com/bid/35593

Apache APR-util 'apr_brigade_split_line' Denial of Service Vulnerability
http://www.securityfocus.com/bid/43673

PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/40215

PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/43747

CVS CVE-2010-3846 RCS File Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44528

TFTgallery 'thumbnailformpost.inc.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/44523

Platinum UPnP Library Post UPnP Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44522

Adobe Shockwave Player 'IML32.dll' CVE-2010-4089 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44521

Adobe Shockwave Player 'dirapi.dll' CVE-2010-4088 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44519

Adobe Shockwave Player 'IML32.dll' CVE-2010-4087 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44518

Adobe Shockwave Player 'dirapi.dll' CVE-2010-4086 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44517

Adobe Shockwave Player 'dirapi.dll' CVE-2010-3655 Stack Overflow Vulnerability
http://www.securityfocus.com/bid/44516

Adobe Shockwave Player CVE-2010-4090 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44515

Adobe Shockwave Player CVE-2010-2582 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44514

Adobe Shockwave Player 'dirapi.dll' CVE-2010-4085 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44513

ENOVIA Unspecified Security Vulnerability
http://www.securityfocus.com/bid/44509

Weborf HTTP Request Denial Of Service Vulnerability
http://www.securityfocus.com/bid/44506

n2 n2view Authentication Security Bypass Vulnerability
http://www.securityfocus.com/bid/44503

Teamspeak Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44502

Feindura CMS Groupware Multiple Local File Include and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/44501

Drupal Watcher Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/44499

2010年10月28日木曜日

28日木曜日、大安

- Firefox Interleaving document.write and appendChild Denial of Service
http://www.exploit-db.com/exploits/15341/

Windows 7 and Windows Server 2008 R2 Service Pack 1 Release Candidate
http://www.microsoft.com/windowsserver2008/en/us/sp1.aspx

Windows 7 および Windows Server 2008 R2 の Service Pack 1 Release Candidate (KB976932)
http://www.microsoft.com/downloads/details.aspx?FamilyID=c3202ce6-4056-4059-8a1b-3a9b77cdfdda&displaylang=ja&Hash=x%2bAsbSN0TngwQXh3UVkl4dkiK%2b4JM87txXqzT73qfWvkoCXaYM2%2bcZPiVtU8qPdtajysXn1NHvRaKcWroYrPgA%3d%3d

Thunderbird 3.1.6 and 3.0.10 security updates now available
https://developer.mozilla.org/devnews/index.php/2010/10/27/thunderbird-3-1-6-and-3-0-10-security-updates-now-available/
http://www.mozillamessaging.com/en-US/thunderbird/3.1.6/releasenotes/
http://www.mozillamessaging.com/en-US/thunderbird/3.0.10/releasenotes/

Thunderbird 3.1.6 and 3.0.10 Updates Are Now Available
http://www.mozillamessaging.com/en-US/about/press/archive/2010-10-27-01

Trend Micro Deep Security 7.5 の公開およびサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1485

ServerProtect 5.8においてスパイウェアパターンファイルの配信ができない現象について
http://www.trendmicro.co.jp/support/news.asp?id=1480

Cyber Security Awareness Month - Day 27 - Social Media use in the office
http://isc.sans.edu/diary.html?storyid=9826

Cyber Security Awareness Month - Day 28 - Role of the employee
http://isc.sans.edu/diary.html?storyid=9832

Mozilla Thunderbird Heap Overflow Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Oct/1024651.html

Mozilla Seamonkey Heap Overflow Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Oct/1024650.html

HP Storage Essentials Grants Access to Remote Users
http://securitytracker.com/alerts/2010/Oct/1024649.html

Palm webOS Flaw in Service API Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Oct/1024647.html

Fedora update for nss, nss-util, and nss-softokn
http://secunia.com/advisories/42020/

HP Storage Essentials LDAP Remote Unauthenticated Access
http://www.vupen.com/english/advisories/2010/2795

HP LoadRunner Web Tours Code Execution and Denial of Service
http://www.vupen.com/english/advisories/2010/2794

Cisco Products Multiple Remote Buffer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/2793

Powermail for TYPO3 Unspecified Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/2792

VLC Media Player ActiveX and Plugin Memory Corruption Vulnerabilities
http://www.vupen.com/english/advisories/2010/2791

Fujitsu Interstage Products Servlet Service Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/2790

Symantec IM Manager Administration Console SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2010/2789

HP Insight Control Power Management for Windows Two Vulnerabilities
http://www.vupen.com/english/advisories/2010/2788

HP Version Control Repository Manager Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/2787

HP Insight Control Virtual Machine Management Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/2786

HP Virtual Server Environment Remote File Download Vulnerability
http://www.vupen.com/english/advisories/2010/2785

HP Insight Control Server Migration for Windows Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/2784

Apple iOS for iPhone Lock Screen Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/2783

Mozilla Firefox DOM Insertion Remote Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/2782

+ RHSA-2010:0809-1: Critical: xulrunner security update
http://rhn.redhat.com/errata/RHSA-2010-0809.html

+ RHSA-2010:0808-1: Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2010-0808.html

+- Oracle Fusion Middleware CVE-2010-3581 BPEL Console Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/43954

Firefox 3.6.12 and 3.5.15 security updates now available
https://developer.mozilla.org/devnews/index.php/2010/10/27/firefox-3-6-12-and-3-5-15-security-updates-now-available/
http://www.mozilla.com/firefox/3.6.12/releasenotes/
http://www.mozilla.com/firefox/3.5.15/releasenotes/

MFSA 2010-73: Heap buffer overflow mixing document.write and DOM insertion
http://www.mozilla.org/security/announce/2010/mfsa2010-73.html

MFSA 2010-73: ヒープバッファオーバーフロー
http://www.mozilla-japan.org/security/announce/2010/mfsa2010-73.html

Cisco Security Advisory: CiscoWorks Common Services Arbitrary Code Execution Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20101027-cs.shtml

Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Vulnerability in CiscoWorks Common Services
http://www.cisco.com/warp/public/707/cisco-amb-20101027-cs.shtml

RHSA-2010:0810-1: Critical: seamonkey security update
http://rhn.redhat.com/errata/RHSA-2010-0810.html

Hewlett-Packard : HP Insight Control Power Management for Windows, XSS, Cross Site Request Forgery (CSRF)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34033

Hewlett-Packard : HP Insight Control Server Migration for Windows, XSS, Privilege Escalation, Unauthorized Access
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34034

Hewlett-Packard : HP Virtual Server Environment for Windows, Remote Arbitrary File Download
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34035

Hewlett-Packard : HP Version Control Repository Manager (VCRM) for Windows XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34036

Hewlett-Packard : HP Insight Control Virtual Machine Management for Windows, XSS, Privilege Escalation, CSRF
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34037

Hewlett-Packard : HP Software Update HPeDiag, Disclosure of Information and Execution of Arbitrary Code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34038

「クロネコヤマト」の携帯サイトに脆弱性
ログイン方法に問題、他人の個人情報が丸見えに
http://itpro.nikkeibp.co.jp/article/NEWS/20101028/353519/?ST=security

「.com」サイトの3割以上は「危険」、最も安全なのは「.jp」サイト
米マカフィーが2700万サイトを調査、全体の6％には危険が潜む
http://itpro.nikkeibp.co.jp/article/NEWS/20101028/353520/?ST=security

アクセス解析サービスを使用した Web サイト経由での攻撃に関する注意喚起
http://www.jpcert.or.jp/at/2010/at100028.txt

JPCERT/CC WEEKLY REPORT
http://www.jpcert.or.jp/wr/2010/wr104101.html

MyCart 2.0 Multiple Remote Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00262.html

USBsploit 0.4b - added: Auto[runplay] USB infection & PDF
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00255.html

"Back with another one of those block rockin beats"
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00257.html

CVE-2010-3700: Spring Security bypass of security constraints
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00254.html

[security bulletin] HPSBMA02533 SSRT080049 rev.1 - HP LoadRunner Web Tours 9.10 Remote Denial of
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00260.html

[security bulletin] HPSBST02595 SSRT1000303 rev.1 - HP Storage Essentials Using LDAP, Remote Una
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00259.html

[security bulletin] HPSBST02595 SSRT1000303 rev.1 - HP Storage Essentials Using LDAP, Remote Una
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00258.html

rPSA-2010-0075-1 sudo
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00224.html

Cisco Security Advisory: CiscoWorks Common Services Arbitrary Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00241.html

rPSA-2010-0074-1 ImageMagick
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00265.html

rPSA-2010-0073-1 lftp
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00234.html

rPSA-2010-0072-1 curl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00233.html

rPSA-2010-0071-1 automake
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00264.html

rPSA-2010-0070-1 cpio tar
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00242.html

[security bulletin] HPSBMI02582 SSRT100269 rev.1 - Palm webOS Camera Application, Unauthorized W
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00239.html

[security bulletin] HPSBMI02580 SSRT100254 rev.1 - Palm webOS, Code execution vulnerability in P
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00245.html

[security bulletin] HPSBMI02573 SSRT100227 rev.1 - Palm webOS, webOS Doc Viewer, Execution of Ar
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00261.html

AlstraSoft E-Friends 4.96 Multiple Remote Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00244.html

Breaking The SetDllDirectory Protection Against Binary Planting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00250.html

[DSECRG-09-032] Oracle Application Server - Linked XSS vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00240.html

[DSECRG-09-029] Oracle BI Publisher Enterprise 10 - Response Splitting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00229.html

WinMerge Insecure Library Loading Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00248.html

Secunia PSI Insecure Library Loading Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00251.html

Orbit Downloader Insecure Library Loading Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00232.html

Nessus Client Insecure Library Loading Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00231.html

Internet Download Manager Insecure Library Loading Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00230.html

FlipAlbum Vista Pro Insecure Library Loading Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00228.html

Secunia Research: Winamp VP6 Content Parsing Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00227.html

ACDSee Photo Manager Insecure Library Loading Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00226.html

SQL injection in DBHcms
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00247.html

XSS in NinkoBB
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00267.html

Authentication bypass in phpLiterAdmin
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00237.html

Path disclosure in MyBB
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00263.html

LFI in DZCP
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00236.html

LFI in Novaboard
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00223.html

Information disclosure in BloofoxCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00252.html

Information disclosure in BloofoxCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00253.html

XSS vulnerability in BlogBird platform
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00235.html

XSS vulnerability in BlogBird platform
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00266.html

XSRF (CSRF) in Zomplog
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00225.html

XSS vulnerability in Zomplog
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00246.html

Stored XSS vulnerability in Zomplog
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00243.html

SQL injection in Energine
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00238.html

SQL injection in BloofoxCMS registration plugin
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00222.html

XSS vulnerability in Zomplog
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00249.html

Apple Safari Binary Planting Vulnerability
http://www.securiteam.com/windowsntfocus/6D03H2000C.html

Adobe Flash Player User-assisted Privacy Compromise Vulnerability
http://www.securiteam.com/securitynews/6C03G2000Q.html

DZCP "language" File Inclusion Vulnerability
http://secunia.com/advisories/41963/

mpg123 "utf8_ascii()" String Handling Vulnerability
http://secunia.com/advisories/41938/

Apple iOS Emergency Call Passcode Lock Security Bypass Weakness
http://secunia.com/advisories/41977/

HP Operations Orchestration Cross-Site Scripting Vulnerability
http://secunia.com/advisories/41983/

Energine "NRGNSID" Cookie SQL Injection Vulnerability
http://secunia.com/advisories/41973/

NinkoBB Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/41933/

IBM WebSphere MQ Certificate Spoofing Vulnerability
http://secunia.com/advisories/41993/

Symantec IM Manager Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/41959/

Fujitsu Interstage Products Host Header Buffer Overflow Vulnerabilities
http://secunia.com/advisories/41953/

HP Insight Dynamics - VSE File Disclosure Vulnerability
http://secunia.com/advisories/41999/

HP Insight Control Multiple Vulnerabilities
http://secunia.com/advisories/42000/

Mozilla Firefox Unspecified Code Execution Vulnerability
http://secunia.com/advisories/41957/

HP Version Control Repository Manager Cross-Site Scripting Vulnerability
http://secunia.com/advisories/41998/

CometBird Multiple Vulnerabilities
http://secunia.com/advisories/41956/

Symantec IM Manager Input Validation Flaws Let Remote Users Inject SQL Commands
http://securitytracker.com/alerts/2010/Oct/1024648.html

CiscoWorks Common Services Buffer Overflow Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Oct/1024646.html

Adobe Shockwave Player Bug Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Oct/1024635.html

DATAC RealWin SCADA 1.06 Buffer Overflow Exploit
http://www.exploit-db.com/exploits/15337/

MinaliC Webserver 1.0 Remote Source Disclosure/File Download
http://www.exploit-db.com/exploits/15336/

MinaliC Webserver v1.0 Directory Traversal Vulnerability
http://www.exploit-db.com/exploits/15333/

MinaliC Webserver v1.0 Denial of Service Vulnerability
http://www.exploit-db.com/exploits/15334/

Mozilla Firefox 3.5/3.6 Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44425

Nessus 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/44472

Adobe Shockwave Player rcsL Chunk EAX Register Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44291

Mozilla Firefox SeaMonkey and Thunderbird 'LD_LIBRARY_PATH' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44251

Mozilla Firefox SeaMonkey and Thunderbird 'LookupGetterOrSetter' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44249

Mozilla Firefox SeaMonkey and Thunderbird 'document.write' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44247

Mozilla Firefox and SeaMonkey Gopher Parser Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/44253

Mozilla Firefox SeaMonkey Thunderbird Modal Calls Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/44252

Mozilla Firefox SeaMonkey and Thunderbird 'nsBarProp' Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44248

Mozilla Firefox and Thunderbird CVE-2010-3175 Multiple Memory-Corruption Vulnerabilities
http://www.securityfocus.com/bid/44245

Mozilla Firefox SeaMonkey and Thunderbird DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/44250

Mozilla Firefox SeaMonkey and Thunderbird CVE-2010-3174 Memory-Corruption Vulnerability
http://www.securityfocus.com/bid/44246

Online Grades Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/44399

Oracle Fusion Middleware CVE-2010-3581 BPEL Console Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/43954

Oracle Fusion Middleware CVE-2010-2413 BI Publisher HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/43962

Symantec IM Manager Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/44299

DATAC RealWin Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/44150

Todd Miller Sudo Runas Group Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/43019

Todd Miller Sudo 'sudoedit' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38362

Todd Miller Sudo 'runas_default' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38432

Todd Miller Sudo 'sudoedit' Path Resolution Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39468

Todd Miller Sudo 'secure path' Security Bypass Vulnerability
http://www.securityfocus.com/bid/40538

ImageMagick TIFF File Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35111

LFTP 'Content-Disposition' HTTP Header Arbitrary File Overwrite Vulnerability
http://www.securityfocus.com/bid/43728

cURL/libcURL CURLOPT_ENCODING Option Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38162

GNU Automake Insecure Directory Permissions Vulnerability
http://www.securityfocus.com/bid/37378

GNU Tar and GNU Cpio Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38628

AlstraSoft E-friends 'GetStartOptions.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/20088

Mozilla Firefox SeaMonkey and Thunderbird CVE-2010-3176 Multiple Memory-Corruption Vulnerabilities
http://www.securityfocus.com/bid/44243

Multiple Browser Wild Card Certificate Spoofing Vulnerability
http://www.securityfocus.com/bid/42817

Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/27752

Spring Security URI Path Parameter Security Bypass Vulnerability
http://www.securityfocus.com/bid/44496

HP LoadRunner Web Tours Unspecified Denial of Service Vulnerability
http://www.securityfocus.com/bid/44487

AppIdeas MyCart Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/44486

HP Storage Essentials LDAP Unspecified Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/44485

Internet Download Manager 'Schannel.dll' DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/44480

HP Palm Pre webOS API Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44479

HP Palm webOS Camera Local Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/44478

Orbit Downloader 'schannel.dll' DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/44477

AlstraSoft E-Friends Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/44476

ACDSee Photo Manager DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/44474

HP Palm Pre webOS Doc Viewer Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44473

mpg123 'utf8_ascii()' ID3 Data Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44470

Cisco CiscoWorks Common Services Web Server Module Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44468

Nullsoft Winamp VP6 Video Content Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44466

BlogBird Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/44465

bloofoxCMS 'gender' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/44464

Zomplog Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/44463

NinkoBB 'users.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/44462

Energine 'NRGNSID' Cookie Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/44461

DBHcms Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/44460

NovaBoard 'nova_lang' Local File Include Vulnerability
http://www.securityfocus.com/bid/44459

deV!L'z Clanportal Local File Include Vulnerability
http://www.securityfocus.com/bid/44458

LES PACKS 'ID' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/44457

Joomla! Projects 'com_projects' Component SQL Injection and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/44456

2010年10月27日水曜日

27日水曜日、仏滅

mozilla-central closed for Firefox 4 Beta 7, Fennec Beta 2
https://developer.mozilla.org/devnews/index.php/2010/10/26/mozilla-central-closed-for-firefox-4-beta-7-fennec-beta-2/

FreeBSD Quarterly Status Report
http://www.freebsd.org/news/status/report-2010-07-2010-09.html

SYM10-010: Symantec IM Manager Multiple SQL Injection Issues
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101027_01

JVNDB-2010-002198 Microsoft Excel における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002198.html

JVNDB-2010-002197 Microsoft Excel における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002197.html

JVNDB-2010-002196 複数の Microsoft 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002196.html

JVNDB-2010-002195 Microsoft Excel における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002195.html

JVNDB-2010-002194 複数の Microsoft 製品におけるスタックペースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002194.html

JVNDB-2010-002193 複数の Microsoft 製品におけるスタックペースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002193.html

JVNDB-2010-002192 Microsoft Word および Microsoft Office における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002192.html

JVNDB-2010-002191 Microsoft Word における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002191.html

JVNDB-2010-002190 Microsoft Word におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002190.html

JVNDB-2010-002189 Microsoft Word における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002198.html

JVNDB-2010-001142 Pidgin および Adium の MSN プロトコルプラグインにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001142.html

Mozilla Firefox Unspecified Flaw Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Oct/1024645.html

Oracle Siebel eBusiness Application Multiple Cross Site Scripting Vulnerabilities
http://securityreason.com/securityalert/7850

HP Systems Insight Manager (SIM) CSRF, XSS and Privilege Escalation
http://securityreason.com/securityalert/7849

IBM solidDB <= 6.5.0.3 Denial of Service Vulnerability
http://securityreason.com/securityalert/7849

Oracle JRE - java.net.URLConnection class Same-of-Origin (SOP) Policy Bypass
http://securityreason.com/securityalert/7847

+? Apache 2.2 (Windows) Local Denial of Service
http://www.exploit-db.com/exploits/15319/

[ANNOUNCE] Apache PDFBox 1.3.1 released
http://pdfbox.apache.org/
http://www.apache.org/dist/pdfbox/1.3.1/RELEASE-NOTES.txt

CESA-2010:0792 (kernel)
http://lwn.net/Alerts/411868/

CESA-2010:0793 (glibc)
http://lwn.net/Alerts/411869/

UPDATE: MS10-077 - Critical: Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841)
http://www.microsoft.com/technet/security/bulletin/MS10-077.mspx

HPSBGN02333 SSRT080031 rev.2 - HP Software Update HPeDiag Running on Windows, Remote Disclosure of Information and Execution of Arbitrary Code
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01439758

HPSBMA02533 SSRT080049 rev.1 - HP LoadRunner Web Tours 9.10 Remote Denial of Service
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02165172

HPSBMA02603 SSRT100319 rev.1 - HP Insight Control Power Management for Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02564294

HPSBMA02601 SSRT100316 rev.1 - HP Insight Control Server Migration for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Unauthorized Access
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02563279

HPSBMA02597 SSRT100198 rev.1 - HP Version Control Repository Manager (VCRM) for Windows, Remote Cross Site Scripting (XSS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02560536

HPSBMA02599 SSRT100235 rev.1 - HP Virtual Server Environment for Windows, Remote Arbitrary File Download
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02563225

HPSBMA02598 SSRT100314 rev.1 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Cross Site Request Forgery (CSRF).
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02560655

HPSBMI02573 SSRT100227 rev.1 - Palm webOS, webOS Doc Viewer, Execution of Arbitrary Code
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498311

HPSBMI02582 SSRT100269 rev.1 - Palm webOS Camera Application, Unauthorized Write Access
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02518539

HPSBMI02580 SSRT100254 rev.1 - Palm webOS, Code execution vulnerability in Palm webOS service API
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02516786

HPSBST02595 SSRT1000303 rev.1 - HP Storage Essentials Using LDAP, Remote Unauthenticated Access
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02552030

Cache-Memcached-libmemcached-0.02011 released
http://search.cpan.org/~timb/Cache-Memcached-libmemcached-0.02011/
http://cpansearch.perl.org/src/TIMB/Cache-Memcached-libmemcached-0.02011/Changes

Red Hat : [RHSA-2010:0792-01] Important: kernel security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34027

Red Hat : [RHSA-2010:0793-01] Important: glibc security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34028

Ubuntu Security Notice : [USN-959-2] PAM - Privilage escalation vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34025

Ubuntu Security Notice : [USN-959-2] PAM vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34029

Independent Researcher : Aardvark Topsite XSS vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34030

「遠隔地から設定変更を可能に」――フィルタリングソフトの新版
デジタルアーツが発表、「データベースやユーザー情報をクラウドに」
http://itpro.nikkeibp.co.jp/article/NEWS/20101027/353481/?ST=security

マカフィーが仮想環境専用ウイルス対策ソフト、スキャンの負荷を低減する機能を搭載
http://itpro.nikkeibp.co.jp/article/NEWS/20101026/353447/?ST=security

[security bulletin] HPSBMA02597 SSRT100198 rev.1 - HP Version Control Repository Manager (VCRM)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00212.html

[security bulletin] HPSBMA02603 SSRT100319 rev.1 - HP Insight Control Power Management for Windo
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00218.html

[security bulletin] HPSBMA02601 SSRT100316 rev.1 - HP Insight Control Server Migration for Windo
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00216.html

[security bulletin] HPSBMA02599 SSRT100235 rev.1 - HP Virtual Server Environment for Windows, Re
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00215.html

[security bulletin] HPSBMA02598 SSRT100314 rev.1 - HP Insight Control Virtual Machine Management
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00209.html

[security bulletin] HPSBGN02333 SSRT080031 rev.2 - HP Software Update HPeDiag Running on Windows
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00208.html

Firefox news
http://isc.sans.edu/diary.html?storyid=9817

Cyber Security Awareness Month - Day 26 - Sharing Office Files
http://isc.sans.edu/diary.html?storyid=9820

VIPS LD_LIBRARY_PATH Security Issue
http://secunia.com/advisories/41997/

Bristol LD_LIBRARY_PATH Security Issue
http://secunia.com/advisories/41994/

Apache MyFaces Cryptographic Padding Oracle Information Disclosure
http://secunia.com/advisories/41995/

TYPO3 powermail Extension Cross-Site Scripting Vulnerability
http://secunia.com/advisories/41962/

IBM Rational Quality Manager Tomcat Multiple Vulnerabilities
http://secunia.com/advisories/41935/

SUSE update for Multiple Packages
http://secunia.com/advisories/41958/

YUI Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/41955/

Red Hat update for glibc
http://secunia.com/advisories/41950/

Red Hat update for kernel
http://secunia.com/advisories/41951/

HP Version Control Repository Manager Hole Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Oct/1024644.html

HP Insight Control Server Migration Bugs Let Local Users Gain Elevated Privileges and Remote Users Conduct Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Oct/1024643.html

HP Insight Control Power Management Bugs Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks
http://securitytracker.com/alerts/2010/Oct/1024642.html

HP Insight Control Virtual Machine Management Lets Local Users Gain Elevated Privileges and Permits Remote Cross-Site Scripting and Cross-Site Request Forgery Attacks
http://securitytracker.com/alerts/2010/Oct/1024641.html

HP Virtual Server Environment Lets Remote Users Download Arbitrary Files
http://securitytracker.com/alerts/2010/Oct/1024640.html

NitroView ESM Input Validation Flaw in 'ess.pm' Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Oct/1024639.html

Synology Disk Station Web commands injection through FTP Login
http://www.securiteam.com/securitynews/6H03G1P00U.html

HP ProCurve 2626 and 2650 Switches Unauthorized Access Vulnerability
http://www.securiteam.com/securitynews/6I03H1P00O.html

HP StorageWorks Storage Mirroring Local Unauthorized Access Vulnerability
http://www.securiteam.com/securitynews/6J03I1P00I.html

Blue Coat ProxyAV Management Console Cross Site Request Forgery
http://www.vupen.com/english/advisories/2010/2781

Redhat Security Update Fixes Glibc Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2010/2780

Redhat Security Update Fixes Kernel Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2010/2779

Ubuntu Security Update Fixes PAM Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2010/2778

Ubuntu Security Update Fixes Glibc Privilege Escalation Vulnerabilities
http://www.vupen.com/english/advisories/2010/2777

SuSE Security Update Fixes Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/2776

NitroSecurity ESM v8.4.0a Remote Code Execution
http://www.exploit-db.com/exploits/15318/

Apache 2.2 (Windows) Local Denial of Service
http://www.exploit-db.com/exploits/15319/

PeaZip '.Zip' Remote Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/39906

VICIDIAL Call Center Suite 'admin.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/35056

RETIRED: Real Networks RealPlayer SP and RealPlayer Enterprise Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/44144

Sitecore CMS 'default.aspx' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/44405

Mozilla Firefox SeaMonkey and Thunderbird 'document.write' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44247

Free Download Manager Remote Control Server Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33554

HP Insight Control Virtual Machine Management Unspecified Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44429

Apple iPhone Lock Screen Security Bypass Vulnerability
http://www.securityfocus.com/bid/44419

HP HPeDiag ActiveX Control Multiple Information Disclosure and Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/28929

EgyPlus 7ml Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/44411

Ghostscript 'gs_type2_interpret()' Function NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/43932

Microsoft Internet Explorer Uninitialized Memory CVE-2010-3328 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/43705

Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
http://www.securityfocus.com/bid/35196

Apache Tomcat XML Parser Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35416

Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
http://www.securityfocus.com/bid/35193

Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35263

HP Insight Control Server Migration For Windows Data Access Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44437

HP Insight Control Virtual Machine Management Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/44435

HP Insight Control Server Migration Unspecified Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/44434

HP Insight Control Server Migration for Windows Unspecified Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/44433

HP Insight Control Virtual Machine Management Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/44432

HP Virtual Server Environment Arbitrary File Download Vulnerability
http://www.securityfocus.com/bid/44428

Mozilla Firefox 3.5/3.6 Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44425

TYPO3 powermail Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/44422

NitroView ESM 'ess.pm' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/44421

YUI Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/44420

登録: 投稿 (Atom)

2010年10月31日日曜日

31日 日曜日