:: IT Security Neophyte Investigator's MEMO ::: 4日木曜日、赤口

2010年11月4日木曜日

4日木曜日、赤口

UPDATE: MS10-070 - Important: Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)
http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx

UPDATE: MS10-079 - Important: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)
http://www.microsoft.com/technet/security/bulletin/MS10-079.mspx

UPDATE: Microsoft Security Bulletin Summary for September 2010
http://www.microsoft.com/technet/security/bulletin/MS10-sep.mspx

Fedora 14 released
http://fedoraproject.org/ja/get-fedora
http://docs.fedoraproject.org/ja-JP/Fedora/14/html/Release_Notes/index.html

Postfix 2.8 Snapshot 20101103
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.8-20101103.HISTORY
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.8-20101103.RELEASE_NOTES

ServerProtect 5.8においてスパイウェアパターンファイルの配信ができない現象について
http://www.trendmicro.co.jp/support/news.asp?id=1480

定期サーバメンテナンスのお知らせ（2010年11月19日）
http://www.trendmicro.co.jp/support/news.asp?id=1486

Microsoft Security Advisory (2458511): Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/2458511.mspx

マイクロソフトセキュリティアドバイザリ (2458511): Internet Explorer の脆弱性により、リモートでコードが実行される
http://www.microsoft.com/japan/technet/security/advisory/2458511.mspx

コンピュータウイルス・不正アクセスの届出状況[10月分]について
http://www.ipa.go.jp/security/txt/2010/11outline.html

共通セキュリティ設定一覧CCE概説 (パスワード編)
http://jvndb.jvn.jp/apis/myjvn/cccheck/cce_password.html

JPCERT/CC WEEKLY REPORT 2010-11-04
http://www.jpcert.or.jp/wr/2010/wr104201.html

JVNVU#899748 Microsoft Internet Explorer における無効なフラグ参照に起因する脆弱性
http://jvn.jp/cert/JVNVU899748/index.html

JVN#01948274 一太郎シリーズにおける任意のコードが実行される脆弱性
http://jvn.jp/jp/JVN01948274/index.html

JVN#19173793 一太郎シリーズにおける任意のコードが実行される脆弱性
http://jvn.jp/jp/JVN19173793/index.html

JVNDB-2010-002144 PostgreSQL の PL/perl および PL/Tcl 実装における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002144.html

JVNDB-2010-002143 FreeType の Standard Encoding Accented Character の呼び出しにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002143.html

JVNDB-2010-002141 FreeType の Mac_Read_POST_Resource 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002141.html

JVNDB-2010-002139 FreeType の t42_parse_sfnts 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002139.html

JVNDB-2010-002134 Linux kernel のネットワークキューイング機能の実装における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002134.html

JVNDB-2010-002118 64-bit プラットフォーム上で稼働している Linux kernel の compat_alloc_user_space 関数における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002118.html

JVNDB-2010-001159 Apache HTTP Server の mod_isapi における脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001159.html

JVNDB-2009-002016 APR ライブラリおよび APR-util ライブラリにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002016.html

JVNDB-2008-001610 Apache の mod_proxy_ftp モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001610.html

JVNDB-2008-001453 Apache HTTP Server の ap_proxy_http_process_response() 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001453.html

JVNDB-2010-002248 複数の Oracle 製品の CORBA コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002248.html

JVNDB-2010-002247 複数の Oracle 製品の 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002247.html

JVNDB-2010-002246 複数の Oracle 製品の 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002246.html

JVNDB-2010-002245 複数の Oracle 製品の 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002245.html

JVNDB-2010-002244 複数の Oracle 製品の 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002244.html

JVNDB-2010-002243 複数の Oracle 製品の 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002243.html

JVNDB-2010-002242 複数の Oracle 製品の 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002242.html

JVNDB-2010-002241 Oracle Solaris および OpenSolaris における USB の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002241.html

JVNDB-2010-002240 Oracle Solaris および OpenSolaris における Device Drivers の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002240.html

JVNDB-2010-002239 Oracle Solaris における Solaris Zones の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002239.html

JVNDB-2010-000053 一太郎シリーズにおける任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000053.html

JVNDB-2010-000052 一太郎シリーズにおける任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000052.html

+ RHSA-2010:0825-1: Moderate: mysql security update
http://rhn.redhat.com/errata/RHSA-2010-0825.html

+ RHSA-2010:0824-1: Moderate: mysql security update
http://rhn.redhat.com/errata/RHSA-2010-0824.html

+ Vulnerability in Internet Explorer Could Allow Remote Code Execution (CVE-2010-3962)
http://isc.sans.edu/diary.html?storyid=9874
http://www.kb.cert.org/vuls/id/899748
http://www.securitytracker.com/id?1024676
http://www.vupen.com/english/advisories/2010/2880
http://www.securityfocus.com/bid/44536
http://www.microsoft.com/japan/technet/security/advisory/2458511.mspx

+ SA42061: Linux Kernel Memory Leak Weaknesses
http://secunia.com/advisories/42061/
http://www.securityfocus.com/bid/44630

MySQL Enterprise Monitor 2.3 Is Now GA!
http://edelivery.oracle.com/

[ANNOUNCE] Hive 0.6.0 is released!
http://hive.apache.org/releases.html

APSA10-05: Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa10-05.html

CESA-2010:0812 (thunderbird)
http://lwn.net/Alerts/412863/

CESA-2010:0812 (thunderbird)
http://lwn.net/Alerts/412864/

CESA-2010:0811 (cups)
http://lwn.net/Alerts/412865/

CESA-2010:0819 (pam)
http://lwn.net/Alerts/412866/

DHCP 4.2.0-P1 released
https://www.isc.org/software/dhcp/420-p1
http://ftp.isc.org/isc/dhcp/dhcp-4.2.0-P1-RELNOTES

DHCP 4.1.2 released
https://www.isc.org/software/dhcp/412
http://ftp.isc.org/isc/dhcp/dhcp-4.1.2-RELNOTES

DHCP 4.0.3 released
https://www.isc.org/software/dhcp/403
http://ftp.isc.org/isc/dhcp/dhcp-4.0.3-RELNOTES

DHCP: Server Crash with Empty Link-Address Field
https://www.isc.org/software/dhcp/advisories/cve-2010-3611

Sudo 1.7.5b1 released
http://www.sudo.ws/sudo/devel.html#1.7.5b1

Slackware Linux : [SSA:2010-305-02] pidgin Security Fix
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34130

Slackware Linux : [SSA:2010-305-03] proftpd Security Fix
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34131

Debian : [DSA 2123-1] New NSS packages fix cryptographic weaknesses
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34148

Debian : [DSA 2124-1] New Xulrunner packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34149

Mandriva : [MDVSA-2010:219] mozilla-thunderbird Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34138

Red Hat : [RHSA-2010:0817-01] Low: Red Hat Enterprise Linux 3 - End Of Life
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34132

Slackware Linux : [SSA:2010-305-01] seamonkey: Security Update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34129

YGN Ethical Hacker Group : Joomla 1.5.21 Potential SQL Injection Flaws
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34154

Mandriva : [MDVSA-2010:218] php DoS, Null-pointer Deference
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34137

Mark Stanislav : 'WSN Links' SQL Injection Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34155

Mandriva : [MDVSA-2010:215] python buffer overflows, DoS, Race Condition
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34134

Mandriva : [MDVSA-2010:216] python DoS, Race Condition
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34135

Mandriva : [MDVSA-2010:217] Dovecot Authentication-bypass, DoS, Disclosure
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34136

Mandriva : [MDVSA-2010:214] kernel stack overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34133

「Google」や「YouTube」のバグ発見者に賞金、最高で3133.7ドル
米グーグルが新プログラムを開始、「Blogger」や「Orkut」も対象
http://itpro.nikkeibp.co.jp/article/NEWS/20101104/353748/?ST=security

CVE-2010-3863: Apache Shiro information disclosure vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00045.html

[Onapsis Security Advisory 2010-010] Oracle Virtual Server Agent Local Privilege Escalation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00042.html

[Onapsis Security Advisory 2010-009] Oracle Virtual Server Agent Remote Command Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00043.html

[Onapsis Security Advisory 2010-008] Oracle Virtual Server Agent Arbitrary File Access
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00044.html

[ MDVSA-2010:202-1 ] krb5
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00041.html

XSS vulnerability in Kandidat CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00034.html

XSS vulnerability in Kandidat CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00040.html

XSS vulnerability in MemHT Portal
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00039.html

XSS vulnerability in MemHT Portal
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00038.html

XSS vulnerability in Kandidat CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00037.html

Stored XSS vulnerability in Webmedia Explorer
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00035.html

Stored XSS (Cross Site Scripting) vulnerability in MemHT Portal
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00036.html

Security-Assessment.com Advisory: BroadWorks Call Detail Record Disclosure Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00033.html

[SECURITY] [DSA 2124-1] New Xulrunner packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00031.html

[SECURITY] [DSA 2123-1] New NSS packages fix cryptographic weaknesses
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00032.html

SQL Slammer Clean-up: Roundup and Review
http://isc.sans.edu/diary.html?storyid=9871

Vulnerability in Internet Explorer Could Allow Remote Code Execution (CVE-2010-3962)
http://isc.sans.edu/diary.html?storyid=9874

Adobe Shockwave Player "Shockwave Settings" Use-After-Free Vulnerability
http://isc.sans.edu/diary.html?storyid=9877

Defeating Drive-by Downloads in Windows
http://isc.sans.edu/diary.html?storyid=9880

Limited Malicious Search Engine Poisoning for Election
http://isc.sans.edu/diary.html?storyid=9868

Vulnerability Note VU#899748: Microsoft Internet Explorer invalid flag reference vulnerability
http://www.kb.cert.org/vuls/id/899748

Vulnerability Note VU#465239: NetSupport Manager Gateway transmits identifying information in plaintext
http://www.kb.cert.org/vuls/id/465239

DATAC RealWin Multiple Remote Buffer Overflow Vulnerabilities
http://securityreason.com/securityalert/7873

Kisisel Radyo Script - Multiple Vulnerabilities
http://securityreason.com/securityalert/7872

Directory Traversal Vulnerability in AnyConnect
http://securityreason.com/securityalert/7871

Directory Traversal Vulnerability in FreshFTP
http://securityreason.com/securityalert/7870

HP Storage Essentials Using LDAP, Remote Unauthenticated Access
http://securityreason.com/securityalert/7869

HP LoadRunner Web Tours 9.10 Remote Denial of Service
http://securityreason.com/securityalert/7868

Palm webOS Camera Application, Unauthorized WriteAccess
http://securityreason.com/securityalert/7867

Palm webOS, Code execution vulnerability in Palm webOSservice API
http://securityreason.com/securityalert/7866

Palm webOS, webOS Doc Viewer, Execution of ArbitraryCode
http://securityreason.com/securityalert/7865

HP Insight Control Power Management for Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF)
http://securityreason.com/securityalert/7864

HP Version Control Repository Manager (VCRM) for Windows, Remote Cross Site Scripting (XSS)
http://securityreason.com/securityalert/7863

HP Insight Control Server Migration for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Unauthorized Access
http://securityreason.com/securityalert/7862

Firefox 3.6.8 - 3.6.11 Interleaving document.write and appendChild Exploit (From the Wild)
http://securityreason.com/securityalert/7861

Spring Security bypass of security constraints
http://securityreason.com/securityalert/7860

Firefox Interleaving document.write and appendChild Denial of Service
http://securityreason.com/securityalert/7859

Hewlett-Packard Data Protector DtbClsLogin Utf8cpy Code Vulnerability
http://www.securiteam.com/unixfocus/6G02V0K0AE.html

Hewlett-Packard Data Protector Express PrvRecvRqu Denial of Service Vulnerability
http://www.securiteam.com/unixfocus/6H02W0K0AI.html

Mozilla Firefox normalizeDocument Code Execution Vulnerability
http://www.securiteam.com/securitynews/6I02X0K0AM.html

Mozilla Firefox tree Object Removal Code Execution Vulnerability
http://www.securiteam.com/securitynews/6J02Y0K0AQ.html

Microsoft Internet Explorer Freed Object Invalid Flag Reference Access Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Nov/1024676.html

HP Insight Control Performance Management for Windows Lets Remote Users Download Arbitrary Files
http://securitytracker.com/alerts/2010/Nov/1024675.html

Trend Micro Titanium Maximum Security 'tmtdi.sys' Driver Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Nov/1024674.html

HP Insight Recovery for Windows Flaws Permit Cross-Site Scripting and Directory Traversal Attacks
http://securitytracker.com/alerts/2010/Nov/1024673.html

HP Insight Control Performance Management for Windows Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks and Let Remote Authenticated Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Nov/1024672.html

BroadSoft BroadWorks Lets Remote Authenticated Users View and Record Live Call Detail Records
http://securitytracker.com/alerts/2010/Nov/1024671.html

IBM Tivoli Directory Server Proxy Server Can Be Crashed By Remote Users
http://securitytracker.com/alerts/2010/Nov/1024670.html

PAM Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Nov/1024668.html

Internet Explorer CSS Tag Parsing Code Execution Vulnerability
http://secunia.com/advisories/42091/

IBM Tivoli Directory Server BER Denial of Service Vulnerability
http://secunia.com/advisories/42116/

Linux Kernel Memory Leak Weaknesses
http://secunia.com/advisories/42061/

SUSE update for Multiple Packages
http://secunia.com/advisories/42049/

SUSE update for kernel
http://secunia.com/advisories/42076/

F5 Products BIND "EVP_VerifyFinal()" Spoofing Vulnerability
http://secunia.com/advisories/42085/

Adobe Shockwave Player "Shockwave Settings" Use-After-Free Vulnerability
http://secunia.com/advisories/42112/

Apache Shiro URL Path Security Bypass Vulnerability
http://secunia.com/advisories/41989/

Advantage Data Architect Buffer Overflow Vulnerability
http://secunia.com/advisories/42025/

Pay Roll - Time Sheet and Punch Card Application With Web Interface SQL Injection Vulnerabilities
http://secunia.com/advisories/42096/

Dolphin "file" File Disclosure Vulnerability
http://secunia.com/advisories/42108/

Bugzilla Multiple Vulnerabilities
http://secunia.com/advisories/42071/

ISC DHCP Relay-Forward Denial of Service Vulnerability
http://secunia.com/advisories/42082/

Site2Ntite Vacation Rental (VRBO) Listings "ID" SQL Injection Vulnerability
http://secunia.com/advisories/42087/

Site2Nite Business e-Listings "ID" SQL Injection Vulnerability
http://secunia.com/advisories/42086/

Online Work Order Suite Professional Edition "password" SQL Injection
http://secunia.com/advisories/42111/

Cisco AnyConnect VPN Client Privilege Escalation Vulnerability
http://secunia.com/advisories/42093/

Fedora update for perl-libwww-perl
http://secunia.com/advisories/42114/

Douran Portal Information Disclosure Weakness and Cross-Site Scripting
http://secunia.com/advisories/42065/

Kandidat CMS Multiple Vulnerabilities
http://secunia.com/advisories/42050/

Advantage Data Architect Insecure Library Loading Vulnerability
http://secunia.com/advisories/42092/

XWiki Watch Cross-Site Scripting and Script Insertion Vulnerabilities
http://secunia.com/advisories/42090/

XWiki Enterprise Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/42058/

Monkeysphere "monkeysphere-authentication" Privilege Escalation Vulnerability
http://secunia.com/advisories/42067/

AVG Internet Security IOCTL Handling Denial of Service
http://secunia.com/advisories/42046/

MemHT Portal "Referer" HTTP Header SQL Injection Vulnerability
http://secunia.com/advisories/42057/

MemHT Portal Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/42089/

Red Hat update for pam
http://secunia.com/advisories/42064/

Linux-PAM Modules Information Disclosure and Privilege Escalation
http://secunia.com/advisories/42088/

Intel Xeon 5500 / 5600 Series BMC Firmware Privilege Escalation Vulnerability
http://secunia.com/advisories/42059/

Trend Micro Titanium Maximum Security 2011 IOCTL Handling Vulnerability
http://secunia.com/advisories/42012/

WSN Links Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/42062/

Debian update for nss
http://secunia.com/advisories/42045/

Debian update for xulrunner
http://secunia.com/advisories/42026/

Fedora update for tomcat6
http://secunia.com/advisories/42079/

Fedora update for thunderbird and sunbird
http://secunia.com/advisories/42077/

Fedora update for pidgin
http://secunia.com/advisories/42075/

CometBird "document.write()" and DOM Insertion Vulnerability
http://secunia.com/advisories/42010/

Slackware update for proftpd
http://secunia.com/advisories/42047/

Minishare 1.5.5 Buffer Overflow Vulnerability (SEH)
http://www.exploit-db.com/exploits/15406/

Minishare 1.5.5 Buffer Overflow Vulnerability (users.txt)
http://www.exploit-db.com/exploits/15403/

HtaEdit v 3.2.3.0 (.hta) Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/15411/

Crystal Report Viewer v8.0.0.371 ActiveX Denial of Service Vulnerability
http://www.exploit-db.com/exploits/15408/

Avira Premium Security Suite NtCreateKey Race Condition Vulnerability
http://www.exploit-db.com/exploits/15407/

Gom Player (wav) Denial of Service Vulnerability
http://www.exploit-db.com/exploits/15401/

Maxthon 3.0.18.1000 CSS Denial of Service Vulnerability
http://www.exploit-db.com/exploits/15394/

Quickzip 5.1.8.1 Denial of Service Vulnerability
http://www.exploit-db.com/exploits/15393/

Microsoft Internet Explorer CSS "clip" Attribute Memory Corruption
http://www.vupen.com/english/advisories/2010/2880

ISC DHCP Relay Forward Message Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/2879

Bugzilla Cross Site Scripting and HTTP Response Splitting Vulnerabilities
http://www.vupen.com/english/advisories/2010/2878

Redhat Security Update Fixes PAM Privilege Escalation Vulnerabilities
http://www.vupen.com/english/advisories/2010/2877

Linux-PAM Multiple Privilege Escalation and Information Disclosure
http://www.vupen.com/english/advisories/2010/2876

Intel Xeon 5500/5600 BMC Firmware Privilege Escalation and DoS Issue
http://www.vupen.com/english/advisories/2010/2875

Fedora Security Update Fixes Libguestfs Format Detection Vulnerability
http://www.vupen.com/english/advisories/2010/2874

Fedora Security Update Fixes Luci Authentication Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/2873

Fedora Security Update Fixes libwww-perl File Overwrite Vulnerability
http://www.vupen.com/english/advisories/2010/2872

Fedora Security Update Fixes SeaMonkey Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/2871

Fedora Security Update Fixes Pidgin Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/2870

Fedora Security Update Fixes CVS Delta Fragments Array Indexing
http://www.vupen.com/english/advisories/2010/2869

Fedora Security Update Fixes Tomcat Information Disclosure
http://www.vupen.com/english/advisories/2010/2868

Fedora Security Update Fixes FreeType Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/2867

Fedora Security Update Fixes Thunderbird and Sunbird Vulnerability
http://www.vupen.com/english/advisories/2010/2866

Mandriva Security Update Fixes Kerberos Uninitialized Pointer Vulnerability
http://www.vupen.com/english/advisories/2010/2865

Mandriva Security Update Fixes Thunderbird Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/2864

IBM Tivoli Directory Server LDAP and BER Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/2863

Xerox 4595 Web Server Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/2862

IBM Tivoli Directory Server Proxy Server Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/2861

Trend Micro Titanium Maximum Security "tmtdi.sys" Privilege Escalation
http://www.vupen.com/english/advisories/2010/2860

Mongoose HTTP Requests Processing Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2010/2859

Yaws HTTP Requests Processing Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2010/2858

Redhat Security Update Fixes Thunderbird Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/2857

Redhat Security Update Fixes CUPS Use-after-free and Privilege Escalation
http://www.vupen.com/english/advisories/2010/2856

Debian Security Update Fixes Xulrunner and Iceweasel Vulnerabilities
http://www.vupen.com/english/advisories/2010/2855

Debian Security Update Fixes NSS Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/2854

Slackware Security Update Fixes ProFTPD Remote Vulnerabilities
http://www.vupen.com/english/advisories/2010/2853

ProFTPD Remote Buffer Overflow and Directory Traversal Vulnerabilities
http://www.vupen.com/english/advisories/2010/2852

Slackware Security Update Fixes Pidgin Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/2851

Ubuntu Security Update Fixes Xulrunner Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/2850

NetSupport Manager Gateway HTTP Protocol Information disclosure vulnerability
http://www.securityfocus.com/bid/44629

Oracle MySQL 'COM_FIELD_LIST' Command Packet Security Bypass Vulnerability
http://www.securityfocus.com/bid/40109

Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/43676

Oracle MySQL 'TEMPORARY InnoDB' Tables Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42598

Oracle MySQL Prior to 5.1.49 'JOIN' Statement Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42646

Oracle MySQL 'HANDLER' interface Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42633

Oracle MySQL 'EXPLAIN' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42599

Multiple Browser Wild Card Certificate Spoofing Vulnerability
http://www.securityfocus.com/bid/42817

Microsoft Internet Explorer CSS Tags Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44536

OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
http://www.securityfocus.com/bid/33150

Todd Miller Sudo 'sudoedit' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38362

Todd Miller Sudo 'runas_default' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38432

PEAR Sendmail 'From' Parameter Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37081

PEAR Sendmail 'Recipient' Parameter Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37395

GnuPG 'GPGSM Tool' Certificate Importing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41945

Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/43690

PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/43747

Festival Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/44395

ClamAV 'find_stream_bounds()' PDF File Processing Denial Of Service Vulnerability
http://www.securityfocus.com/bid/43555

ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/41730

dbus-glib 'access' Flag Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42347

Linux Kernel Rose Protocol 'srose_ndigis' Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/43368

Linux Kernel 'EQL_GETMASTRCFG' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43229

Linux Kernel 'CHELSIO_GET_QSET_NUM' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43221

Linux Kernel 'irda_bind()' Null Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/42900

Linux Kernel JFS xattr Namespace Rules Security Bypass Vulnerability
http://www.securityfocus.com/bid/42589

Linux Kernel 'XFS_IOC_FSGETXATTR' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43022

Linux Kernel 'snd_seq_oss_open()' Multiple Local Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/43062

Linux Kernel 'net/sched/act_police.c' File Memory Leak Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42529

Linux Kernel GFS2 Directory Rename NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/42124

Linux Kernel 'SIOCGIWSSID' IOCTL Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42885

Linux Kernel DRM Module IOCTL Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42577

Linux Kernel EXT4 Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/42477

Zen Cart 'includes/initsystem.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/44636

Open Handset Alliance Android Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/44625

Avira Premium Security Suite 'avipbb.sys' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44624

eLouai's Force Download Script 'force-download.php' Arbitrary File Download Vulnerability
http://www.securityfocus.com/bid/44621

Bugzilla Response Splitting and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/44618

Adobe Shockwave Player 'Shockwave Settings' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44617

digiSHOP 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/44614

Mozilla Firefox 3.5/3.6 Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44425

Mozilla Firefox and SeaMonkey Gopher Parser Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/44253

Mozilla Firefox SeaMonkey and Thunderbird 'nsBarProp' Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44248

Mozilla Firefox SeaMonkey Thunderbird Modal Calls Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/44252

Mozilla Firefox SeaMonkey and Thunderbird CVE-2010-3176 Multiple Memory-Corruption Vulnerabilities
http://www.securityfocus.com/bid/44243

Mozilla Firefox SeaMonkey and Thunderbird 'LookupGetterOrSetter' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44249

Mozilla Firefox SeaMonkey and Thunderbird 'LD_LIBRARY_PATH' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44251

Mozilla Firefox SeaMonkey and Thunderbird 'document.write' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44247

Mozilla Firefox and Thunderbird CVE-2010-3175 Multiple Memory-Corruption Vulnerabilities
http://www.securityfocus.com/bid/44245

Mozilla Firefox SeaMonkey and Thunderbird DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/44250

Mozilla Firefox SeaMonkey and Thunderbird CVE-2010-3174 Memory-Corruption Vulnerability
http://www.securityfocus.com/bid/44246

Oracle VM CVE-2010-3583 Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/44044

libguestfs Disk Format Specifier Information Disclosure Vulnerability
http://www.securityfocus.com/bid/44166

FreeType Stack Buffer Overflow and Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/42285

FreeType Rendering Engine Position Value Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/43700

FreeType 'seac' Calls Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/42621

Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/43353

Oracle VM CVE-2010-3585 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44047

Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703

Xpdf 'Gfx::getPos()' (CVE-2010-3702) Unitialized Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/43845

Oracle VM CVE-2010-3584 'ovs-agent' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44043

Adobe Acrobat, Reader, and Flash CVE-2010-3654 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44504

MIT Kerberos KDC 'kdc_authdata.c' NULL Pointer Denial Of Service Vulnerability
http://www.securityfocus.com/bid/43756

ProFTPD Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/44562

Pidgin 'libpurple' Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/44283

Linux Kernel Multiple 'net/' Subsystems Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/44630

FUSE fusermount Tool Race Condition Vulnerability
http://www.securityfocus.com/bid/44623

Dolphin SQL Injection and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/44620

Site2Nite Multiple Products 'detail.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/44619

Apache Shiro Directory Traversal Vulnerability
http://www.securityfocus.com/bid/44616

ISC DHCP Server Relay-Forward Empty Link-Address Field Denial of Service Vulnerability
http://www.securityfocus.com/bid/44615

MySource Matrix CMS 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/44612

Luci Spoofed Ticket Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/44611

Digger Solutions Newsletter Open Source 'article.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/44610

Pay Roll Time Sheet & Punch Card Login SQL Injection Vulnerability
http://www.securityfocus.com/bid/44609

Online Work Order Suite Login SQL Injection Vulnerability
http://www.securityfocus.com/bid/44608

Maxthon Browser CSS Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/44607

XWiki Watch HTML Injection and Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/44606

IBM Tivoli Directory Server Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/44604

Azaronline Design 'id' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/44602

XWiki Enterprise Unspecified SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/44601

Sybase Advantage Data Architect DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/44600

Webmedia Explorer HTML Injection Vulnerability
http://www.securityfocus.com/bid/44598

BroadWorks Call Detail Record Security Bypass Vulnerability
http://www.securityfocus.com/bid/44597

AVG Internet Security IOCTL Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/44596

Rising Antivirus 2009 IOCTL Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/44595

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)