2010年11月30日火曜日

30日 火曜日、仏滅

+ Velocity Engine 1.7 released
http://velocity.apache.org/

+ glibc 2.11.3 released
http://ftp.gnu.org/gnu/glibc/?C=M;O=D

プレス発表
SIPの脆弱性に関する検証ツールの機能を強化
~SIP実装製品開発者向けに検証項目拡充版を無償貸出~
http://www.ipa.go.jp/about/press/20101130.html

JVNDB-2010-002426 FreeType における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002426.html

JVNDB-2010-002425 Apple Mac OS X のカーネルにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002425.html

JVNDB-2010-002424 Apple Mac OS X の Image RAW におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002424.html

JVNDB-2010-002423 Apple Mac OS X の ImageIO におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002423.html

JVNDB-2010-002422 Apple Mac OS X の Image Capture におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002422.html

JVNDB-2010-001643 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001643.html

JVNDB-2010-001940 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001940.html

JVNDB-2010-001642 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001642.html

JVNDB-2010-001641 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001641.html

JVNDB-2010-001640 Adobe Flash Player および Adobe AIR におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001640.html

JVNDB-2010-001639 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001639.html

JVNDB-2010-001638 Adobe Flash Player および Adobe AIR における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001638.html

JVNDB-2010-001637 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001637.html

JVNDB-2010-001636 Adobe Flash Player および Adobe AIR における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001636.html

JVNDB-2010-001635 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001635.html

JVNDB-2010-001634 Adobe Flash Player および Adobe AIR におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001634.html

JVNDB-2010-001633 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001633.html

JVNDB-2010-001632 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001632.html

JVNDB-2010-001631 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001631.html

JVNDB-2010-001630 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001630.html

VMware 2 Web Server Directory Traversal
http://www.exploit-db.com/exploits/15617/




+ FreeBSD-SA-10:10.openssl: OpenSSL multiple vulnerabilities
http://security.freebsd.org/advisories/FreeBSD-SA-10:10.openssl.asc

+ RHSA-2010:0919-1: Moderate: php security update
http://rhn.redhat.com/errata/RHSA-2010-0919.html

+ Linux Kernel CVE-2010-4073 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45073

++ Cisco Security Response: Cisco IPSec VPN Implementation Group Name Enumeration Vulnerability
http://www.cisco.com/en/US/products/products_security_response09186a0080b5992c.html

- Microsoft Windows User Access Control (UAC) Bypass Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45045

[ANNOUNCE] phpPgAdmin 5.0 Released
http://phppgadmin.sourceforge.net/?page=download

phpMyAdmin 2.11.11.1 and 3.3.8.1 are released
http://sourceforge.net/news/?group_id=23067&id=294542

PMASA-2010-8: XSS attack in database search.
http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php

phpPgAdmin 5.0 Released
http://www.postgresql.org/about/news.1260

RHSA-2010:0918-1: Moderate: cvs security update
http://rhn.redhat.com/errata/RHSA-2010-0918.html

「復元したければ120ドル」、ファイルを暗号化する“脅迫ウイルス”
Adobe Readerなどの脆弱性を悪用、Webアクセスで感染の恐れ
http://itpro.nikkeibp.co.jp/article/NEWS/20101130/354672/?ST=security

[ MDVSA-2010:243 ] libxml2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00227.html

n.runs-SA-2010.003 - Hewlett Packard LaserJet MFP devices - Directory Traversal in P
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00226.html

Vulnerabilities in Joomla
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00225.html

[ MDVSA-2010:242 ] wireshark
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00224.html

[SECURITY] [DSA-2127-1] New wireshark packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00223.html

SQL injection and Path Disclosure Auth Bypass in 4images 1.7.X
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00222.html

Google Desktop Insecure Library Loading Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00220.html

AOL Instant Messenger Insecure Library Loading Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00221.html

jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php Arbitrary File Upload
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00219.html

iPhone phishing - What you see, isn't what you get
http://isc.sans.edu/diary.html?storyid=10000

Sun security updates
http://isc.sans.edu/diary.html?storyid=10003

Microsoft Office Word BKF Objects Array Indexing Vulnerability
http://www.securiteam.com/windowsntfocus/6V03H2K0AC.html

Microsoft Office Word Document Heap Overflow Vulnerability
http://www.securiteam.com/windowsntfocus/6U03G2K0AM.html

HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows Arbitrary File Download Vulnerability
http://www.securiteam.com/securitynews/6Y03K2K0AC.html

HP-UX Running BIND DNS Cache Poisoning Vulnerability
http://www.securiteam.com/securitynews/6W03I2K0AS.html

HP LaserJet Printers, Color LaserJet Printers, and Digital Senders Unauthorized Access to Files Vulnerability
http://www.securiteam.com/securitynews/6X03J2K0AI.html

MemHT Portal "User-Agent" HTTP Header Script Insertion Vulnerability
http://secunia.com/advisories/42386/

Easy Banner Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/42316/

McAfee VirusScan Enterprise Insecure Library Loading Vulnerability
http://secunia.com/advisories/41482/

Jurpopage Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/42387/

SiteEngine "module" SQL Injection Vulnerability
http://secunia.com/advisories/42353/

Oracle Solaris bzip2 "BZ_decompress" Integer Overflow Vulnerability
http://secunia.com/advisories/42405/

Oracle Solaris bzip2 "BZ_decompress" Integer Overflow Vulnerability
http://secunia.com/advisories/42404/

Oracle Solaris APR-util "apr_brigade_split_line()" Denial of Service Vulnerability
http://secunia.com/advisories/42403/

Oracle Solaris Perl Safe Module Security Bypass
http://secunia.com/advisories/42402/

Site2Nite Big Truck Broker "txtSiteId" SQL Injection Vulnerability
http://secunia.com/advisories/42383/

collectd "cu_rrd_create_file()" Denial of Service Vulnerability
http://secunia.com/advisories/42393/

Debian update for wireshark
http://secunia.com/advisories/42392/

RSAR Adaptive Authentication (On Premise) versions 2.x and 5.7.x. Cross-site Scripting Vulnerability
http://securityreason.com/securityalert/7917

Apache Tomcat Manager application XSS vulnerability
http://securityreason.com/securityalert/7916

Vtiger CRM 5.2.0 Multiple Vulnerabilities
http://securityreason.com/securityalert/7915

Free Simple Software SQL Injection Vulnerability
http://securityreason.com/securityalert/7914

REMOTE: HP LaserJet Directory Traversal in PJL Interface
http://www.exploit-db.com/exploits/15631/

LOCAL: Mediacoder 0.7.5.4792 Buffer Overflow Exploit (SEH)
http://www.exploit-db.com/exploits/15630/

DoS: FoxPlayer v2.4.0 Denial of Service
http://www.exploit-db.com/exploits/15632/

CVS CVE-2010-3846 RCS File Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44528

PHP xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38708

PHP Versions Prior to 5.3.3/5.2.14 Multiple Vulnerabilities
http://www.securityfocus.com/bid/41991

PHP 'xml_utf8_decode()' UTF-8 Input Validation Vulnerability
http://www.securityfocus.com/bid/44605

OpenSSL 'ssl3_get_key_exchange()' Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42306

PHP LCG Entropy Security Vulnerability
http://www.securityfocus.com/bid/38430

PHP 'php/ext/xml/xml.c' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/44889

OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44884

WebM libvpx Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44771

OpenConnect 'webvpn' Cookie Debugging Output Information Disclosure Vulnerability
http://www.securityfocus.com/bid/44111

FoxMediaTools FoxPlayer '.m3u' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38127

RETIRED: WordPress Register Plus 'wp-login.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45069

Cisco VPN Concentrator Groupname Enumeration Weakness
http://www.securityfocus.com/bid/13992

libxml2 'XPATH' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44779

MediaCoder Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38405

Wireshark Malformed SNMP V1 Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/43197

Microsoft Windows User Access Control (UAC) Bypass Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45045

Perl Safe Module 'reval()' and 'rdo()' Restriction-Bypass Vulnerabilities
http://www.securityfocus.com/bid/40302

HP Multiple LaserJet Printers PJL Directory Traversal Vulnerability
http://www.securityfocus.com/bid/44882

Apache APR-util 'apr_brigade_split_line' Denial of Service Vulnerability
http://www.securityfocus.com/bid/43673

bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
http://www.securityfocus.com/bid/43331

Linux Kernel 'hdsp.c' IOCTL Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45063

Linux Kernel 'hmid_ds structure' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45054

Linux Kernel 'inet_diag.c' Netlink Message Denial of Service Vulnerability
http://www.securityfocus.com/bid/44665

Linux Kernel 'x25_parse_facilities()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/44642

Linux Kernel 'SNDRV_HDSP_IOCTL_GET_CONFIG_INFO' IOCTL Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45058

Linux Kernel 'x25_parse_facilities()' CVE-2010-4164 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45055

Linux Kernel 'FBIOGET_VBLANK' IOCTL Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45062

Linux Kernel CAN Protocol Information Disclosure Vulnerability
http://www.securityfocus.com/bid/44661

Linux Kernel 'setup_arg_pages()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/44301

CVS CVE-2010-3846 RCS File Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44528

PHP xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38708

PHP Versions Prior to 5.3.3/5.2.14 Multiple Vulnerabilities
http://www.securityfocus.com/bid/41991

PHP 'xml_utf8_decode()' UTF-8 Input Validation Vulnerability
http://www.securityfocus.com/bid/44605

OpenSSL 'ssl3_get_key_exchange()' Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42306

PHP LCG Entropy Security Vulnerability
http://www.securityfocus.com/bid/38430

PHP 'php/ext/xml/xml.c' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/44889

OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44884

WebM libvpx Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44771

OpenConnect 'webvpn' Cookie Debugging Output Information Disclosure Vulnerability
http://www.securityfocus.com/bid/44111

FoxMediaTools FoxPlayer '.m3u' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38127

RETIRED: WordPress Register Plus 'wp-login.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45069

Cisco VPN Concentrator Groupname Enumeration Weakness
http://www.securityfocus.com/bid/13992

libxml2 'XPATH' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44779

MediaCoder Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38405

Wireshark Malformed SNMP V1 Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/43197

Microsoft Windows User Access Control (UAC) Bypass Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45045

Perl Safe Module 'reval()' and 'rdo()' Restriction-Bypass Vulnerabilities
http://www.securityfocus.com/bid/40302

HP Multiple LaserJet Printers PJL Directory Traversal Vulnerability
http://www.securityfocus.com/bid/44882

Apache APR-util 'apr_brigade_split_line' Denial of Service Vulnerability
http://www.securityfocus.com/bid/43673

bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
http://www.securityfocus.com/bid/43331

Linux Kernel 'hdsp.c' IOCTL Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45063

Linux Kernel 'hmid_ds structure' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45054

Linux Kernel 'inet_diag.c' Netlink Message Denial of Service Vulnerability
http://www.securityfocus.com/bid/44665

Linux Kernel 'x25_parse_facilities()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/44642

Linux Kernel 'SNDRV_HDSP_IOCTL_GET_CONFIG_INFO' IOCTL Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45058

Linux Kernel 'x25_parse_facilities()' CVE-2010-4164 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45055

Linux Kernel 'FBIOGET_VBLANK' IOCTL Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45062

Linux Kernel CAN Protocol Information Disclosure Vulnerability
http://www.securityfocus.com/bid/44661

Linux Kernel 'setup_arg_pages()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/44301

Google Desktop 'schannel.dll' DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/45082

MemHT Portal "User-Agent" HTTP Header HTML Injection Vulnerability
http://www.securityfocus.com/bid/45078

Linux Kernel TIOCGICOUNT CVE-2010-4074 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45074

Linux Kernel CVE-2010-4073 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45073

0 件のコメント:

コメントを投稿