Service Pack 1 未適用のウイルスバスターコーポレートエディション 8.0サポート終了に伴う後継製品へのアップグレードのご案内
http://www.trendmicro.co.jp/support/news.asp?id=1506
集中監視コンソールのインスタンスステータスログで、過去のログが混在することがある
http://www.say-tech.co.jp/support/bom-for-windows/post-57/index.shtml
JVNVU#120541 SSL および TLS プロトコルに脆弱性
http://jvn.jp/cert/JVNVU120541/index.html
JVNVU#568372 NTP におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU568372/index.html
+ Apache Ant 1.8.2 Released
http://ant.apache.org/
+ Microsoft Windows Fax Cover Page Editor Buffer Overflow Vulnerability
http://secunia.com/advisories/42747/
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00254.html
http://securitytracker.com/alerts/2010/Dec/1024925.html
http://www.vupen.com/english/advisories/2010/3327
http://www.securityfocus.com/bid/45583
- Perl IO::Socket::SSL 'verify_mode' Security Bypass Vulnerability
http://www.securityfocus.com/bid/45189
FreeBSD-7.4/8.2 first Release Candidate
http://www.freebsd.org/news/newsflash.html#event20101227:01
Debian : [DSA-2137-1] libxml2 - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34591
Independent Researcher : [W-Agora-SA-12/27/2010] W-Agora - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34600
ZDI : [ZDI-10-300] Novell iPrint Client - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34592
ZDI : [ZDI-10-299] Novell iPrint Client - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34593
ZDI : [ZDI-10-298] Novell iPrint Client - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34594
ZDI : [ZDI-10-297] Novell iPrint Client - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34595
ZDI : [ZDI-10-296] Novell iPrint Client - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34596
ZDI : [ZDI-10-295] - Novell iPrint Client - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34597
Mandriva : [MDVSA-2010:259] pidgin - Null Pointer Dereference Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34589
Mandriva : [MDVSA-2010:251-2] firefox - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34590
2010年のウイルス感染被害は前年の4割以下に減少---トレンドマイクロのレポートから
http://itpro.nikkeibp.co.jp/article/NEWS/20101227/355702/?ST=security
ファミマTカードの不正利用、米国の実店舗で発生
http://itpro.nikkeibp.co.jp/article/NEWS/20101227/355695/?ST=security
Multiple Vulnerabilities in OpenClassifieds 1.7.0.3
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00244.html
[waraxe-2010-SA#078] - Multiple Vulnerabilities in CruxCMS 3.0.0
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00247.html
Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption poc
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00254.html
Social Engine 4.x (Music Plugin) Arbitrary File Upload Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00255.html
[SECURITY] [DSA 2137-1] Security update for libxml2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00245.html
Pligg XSS and SQL Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00250.html
[ MDVSA-2010:251-2 ] firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00242.html
Security Advisory - FlexVision Listener Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00253.html
[ MDVSA-2010:251-1 ] firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00256.html
[IMF 2011] 2nd Call - Deadline Extended
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00252.html
[ MDVSA-2010:259 ] pidgin
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00251.html
Django admin list filter data extraction / leakage
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00249.html
MyBB 1.6 <= SQL Injection Vulnerability http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00248.html
Asan Portal (IdehPardaz) Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00246.html
Secunia Research: Microsoft Word LFO Parsing Double-Free Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00243.html
[security bulletin] HPSBST02619 SSRT100281 rev.2 - HP StorageWorks Storage Mirroring, Remote Exe
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00241.html
Sigma Portal Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00238.html
Various sites "Owned and Exposed"
http://isc.sans.edu/diary.html?storyid=10156
Novell iPrint Multiple Flaws Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Dec/1024926.html
Microsoft Fax Cover Page Editor Memory Corruption Error Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Dec/1024925.html
Square CMS "id" SQL Injection Vulnerability
http://secunia.com/advisories/42702/
OpenEMR Script Insertion and SQL Injection Vulnerabilities
http://secunia.com/advisories/42738/
Fedora update for perl-IO-Socket-SSL
http://secunia.com/advisories/42757/
IBM Lotus Mobile Connect Multiple Vulnerabilities
http://secunia.com/advisories/42703/
IBM WebSphere Service Registry and Repository EJB Authentication Bypass
http://secunia.com/advisories/42742/
Microsoft Windows Fax Cover Page Editor Buffer Overflow Vulnerability
http://secunia.com/advisories/42747/
IBM Tivoli Access Manager for e-business Directory Traversal Vulnerability
http://secunia.com/advisories/42727/
ENOVIA "emxFramework.FilterParameterPattern" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/42668/
PECL phar Extension Format String Vulnerabilities
http://secunia.com/advisories/42726/
web@all Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/42736/
Pligg Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/42740/
CubeCart Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/42728/
Debian update for libxml2
http://secunia.com/advisories/42762/
Pidgin MSN Direct Connection Denial of Service Weakness
http://secunia.com/advisories/42732/
Libxml2 XPath Double Free Vulnerability
http://secunia.com/advisories/42721/
Fedora update for dbus
http://secunia.com/advisories/42760/
Fedora update for eclipse
http://secunia.com/advisories/42761/
Novell Groupwise GWPOA HTTP Request Code Execution Vulnerability
http://www.securiteam.com/securitynews/6E03H200KO.html
Microsoft Excel MSODrawing Improper Exception Handling Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/6D03G200KA.html
Oracle Sun JRE JPEGImageWriter.writeImage Code Execution Vulnerability
http://www.securiteam.com/securitynews/6F03I200KC.html
Oracle Java ActiveX Plugin Uninitialized Window Handle Code Execution Vulnerability
http://www.securiteam.com/securitynews/6H03K200KS.html
Oracle Java Runtime HeadspaceSoundbank.nGetName BANK Record Size Code Execution Vulnerability
http://www.securiteam.com/securitynews/6I03L200KE.html
Oracle Java IE Browser Plugin docbase Parameter Code Execution Vulnerability
http://www.securiteam.com/securitynews/6G03J200KG.html
RealNetworks RealPlayer Malformed IVR Pointer Index Code Execution Vulnerability
http://www.securiteam.com/securitynews/6J03M200KQ.html
Microsoft Windows Fax Cover Page Editor Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3327
Fedora Security Update Fixes perl-IO-Socket-SSL Peer Verification Issue
http://www.vupen.com/english/advisories/2010/3326
Fedora Security Update Fixes D-Bus Nested Variants Stack Overflow
http://www.vupen.com/english/advisories/2010/3325
Fedora Security Update Fixes Eclipse Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/3324
Fedora Security Update Fixes GIT Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/3323
Fedora Security Update Fixes ImageMagick Untrusted Search Path
http://www.vupen.com/english/advisories/2010/3322
Fedora Security Update Fixes Kernel Remote and Local Vulnerabilities
http://www.vupen.com/english/advisories/2010/3321
Mandriva Security Update Fixes Firefox Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/3320
Debian Security Update Fixes Libxml2 XPath Double Free Vulnerability
http://www.vupen.com/english/advisories/2010/3319
Pidgin MSN Use-After-Free Denial of Service Vulnerability
http://www.securityfocus.com/bid/45024
IBM Lotus Mobile Connect Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45361
ImpressCMS 'quicksearch_ContentContent' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/45541
PHP 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities
http://www.securityfocus.com/bid/40173
IBM ENOVIA 'emxFramework.FilterParameterPattern' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/45391
Google Chrome prior to 8.0.552.215 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/45170
D-Bus Nested Variants Denial of Service Vulnerability
http://www.securityfocus.com/bid/45377
Mozilla Firefox and SeaMonkey Firebug 'XMLHttpRequestSpy' Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45354
Mozilla Firefox and SeaMonkey Java LiveConnect Script Security Bypass Vulnerability
http://www.securityfocus.com/bid/45355
Mozilla Firefox/Thunderbird/SeaMonkey OS Font Code Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/45352
Mozilla Firefox/Thunderbird/SeaMonkey 'document.write()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45345
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2010-3776 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45347
Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/45353
Mozilla Firefox and SeaMonkey (CVE-2010-3772) Invalid Array Index Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45351
Mozilla Firefox and SeaMonkey 'about:blank' Window Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45346
Mozilla Firefox and SeaMonkey 'nsDOMAttribute' Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45326
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2010-3777 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45348
Mozilla Firefox Pseudo URL Same Origin Policy Security Bypass Vulnerability
http://www.securityfocus.com/bid/45314
Mozilla Firefox/SeaMonkey 'JSSLOT_ARRAY_COUNT' Annotation Integer Overflow Vulnerability
http://www.securityfocus.com/bid/45324
Perl IO::Socket::SSL 'verify_mode' Security Bypass Vulnerability
http://www.securityfocus.com/bid/45189
Redmine Multiple Vulnerabilities
http://www.securityfocus.com/bid/45571
Jetty Web Server Plugin for Eclipse Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/44883
ImageMagick 'configure.c' Configuration File Loading Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45044
DD-WRT '/Info.live.htm' Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/45598
Sigma Portal 'ShowObjectPicture.aspx' Denial of Service Vulnerability
http://www.securityfocus.com/bid/45588
LiveZilla 'Track' Module 'server.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/45586
IBM WebSphere Service Registry and Repository Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/45585
Libpurple MSN Short Packets Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45581
Pligg CMS SQL Injection and Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45580
Kolibri Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45579
Pligg CMS 'range' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/45578
LoveCMS 'modules.php' Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/45577
Interact 'search_terms' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/45576
OpenEMR Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/45575
Novell iPrint Client Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/45301
Novell iPrint Client 'ienipp.ocx' ActiveX 'GetDriverSettings()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44966
Open Classifieds Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/45596
CruxCMS Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/45594
Microsoft Windows Fax Cover Page Editor Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45583
w-Agora 'search.php' Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/45587
2010年12月28日火曜日
2010年12月27日月曜日
27日 月曜日、友引
JVNDB-2010-002563 複数の VMware 製品の VMware-Tools アップデート機能における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002563.html
JVNDB-2010-002562 複数の VMware 製品の vmware-mount における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002562.html
JVNDB-2010-002561 複数の VMware 製品の vmware-mount における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002561.html
JVNDB-2010-002560 複数の VMware 製品の VMnc メディアコーデック内にあるフレーム復元機能における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002560.html
JVNDB-2010-002559 Apple QuickTime における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002559.html
JVNDB-2010-002558 Windows 上で稼働する Apple QuickTime における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002558.html
JVNDB-2010-002557 Windows 上で稼働する Apple QuickTime におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002557.html
JVNDB-2010-002556 Apple QuickTime における整数符号エラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002556.html
JVNDB-2010-002555 Apple QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002555.html
JVNDB-2010-002554 Apple QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002554.html
JVNDB-2010-002320 Microsoft Internet Explorer における無効なフラグ参照に起因する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002320.html
JVNDB-2010-002317 CUPS の cupsFileOpen 関数における任意のファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002317.html
JVNDB-2010-002263 複数の Oracle 製品の Networking コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002263.html
JVNDB-2010-002261 複数の Oracle 製品の Networking コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002261.html
JVNDB-2010-002553 CA PSFormX および CA WebScan ActiveX コントロールにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002553.html
JVNDB-2010-002552 CA eHealth Performance Manager におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002552.html
JVNDB-2009-002631 CA eTrust PestPatrol の PestPatrol ActiveX コントロールにおけるスタックペースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002631.html
JVNDB-2009-002630 CA Service Desk の Web インターフェイスにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002630.html
JVNDB-2009-002629 複数の CA 製品の Anti-Virus エンジン内にある arclib コンポーネントおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002629.html
JVNDB-2009-002628 複数の CA 製品の Anti-Virus エンジン内にある arclib コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002628.html
JVNDB-2009-002627 CA Host-Based Intrusion Prevention System の kmxIds.sys におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002627.html
JVNDB-2009-002626 CA SiteMinder における J2EE アプリケーションのクロスサイトスクリプティングに対する保護を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002626.html
JVNDB-2009-002625 CA SiteMinder における J2EE アプリケーションのクロスサイトスクリプティングに対する保護を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002625.html
JVNDB-2009-002624 複数の CA 製品の Data Transport Services におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002624.html
JVNDB-2009-002623 CA ARCserve Backup のメッセージエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002623.html
JVNDB-2009-002622 CA Internet Security Suite の vetmonnt.sys におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002622.html
JVNDB-2009-002621 CA Service Metric Analysis および Service Level Management の smmsnmpd サービスにおける任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002621.html
JVNDB-2009-002620 複数の CA 製品の Arclib library におけるウィルス検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002620.html
DoS: Web@all less= 1.1 Remote Admin Settings Change
http://www.exploit-db.com/exploits/15837/
DoS: OpenEMR v3.2.0 SQL Injection and XSS
http://www.exploit-db.com/exploits/15836/
DoS: pecio CMS v2.0.5 less= CSRF Add Admin
http://www.exploit-db.com/exploits/15835/
Redmine Multiple Vulnerabilities
http://www.securityfocus.com/bid/45571
Jetty Web Server Plugin for Eclipse Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/44883
Google Chrome prior to 8.0.552.215 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/45170
ImageMagick 'configure.c' Configuration File Loading Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45044
- Linux Kernel IRLMP_ENUMDEVICES Integer Underflow Lets Local Users Obtain Portions of Kernel Memory
http://securitytracker.com/alerts/2010/Dec/1024923.html
phpMyAdmin 3.3.9-rc1 is released
http://sourceforge.net/news/?group_id=23067&id=295464
http://sourceforge.net/projects/phpmyadmin/files%2FphpMyAdmin%2F3.3.9-rc1%2FphpMyAdmin-3.3.9-rc1.html/view
libmnl 1.0.1 released
http://www.netfilter.org/news.html#2010-12-26
http://www.netfilter.org/projects/libmnl/downloads.html#libmnl-1.0.1
Postfix 2.8-20101224-nonprod non-production release
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.8-20101224-nonprod.HISTORY
Samba 4.0alpha14 "ramdomdata"が出ました。
http://wiki.samba.gr.jp/mediawiki/index.php?title=%E3%83%A1%E3%82%A4%E3%83%B3%E3%83%9A%E3%83%BC%E3%82%B8
Sysstat 9.1.7 released (development version)
http://sebastien.godard.pagesperso-orange.fr/
Today's xkcd features sudo in a Christmas comic.
http://www.sudo.ws/sudo/news.html
http://xkcd.com/838/
スパムメール判定ルール 17846.004 にアップデートすると弊社製品のサービスが停止する現象に関して
http://www.trendmicro.co.jp/support/news.asp?id=1507
2488013: Internet Explorer の脆弱性により、リモートでコードが実行される
http://www.microsoft.com/japan/technet/security/advisory/2488013.mspx
JVNTA10-348A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA10-348A/index.html
JVNVU#634956 Microsoft Internet Explorer に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU634956/index.html
JVNVU#842372 Microsoft IIS FTP サーバにメモリ破損の脆弱性
http://jvn.jp/cert/JVNVU842372/index.html
JVNVU#725596 Microsoft WMI Administrative Tools の ActiveX コントロールに脆弱性
http://jvn.jp/cert/JVNVU725596/index.html
JVNDB-2010-002551 Quagga の bgpd におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002551.html
JVNDB-2010-002550 Adobe Illustrator における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002550.html
JVNDB-2010-002549 OpenSSL における共有秘密鍵の認証要求を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002549.html
JVNDB-2010-002548 OpenSSL における暗号スイートのダウングレードに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002548.html
JVNDB-2010-002547 AWStats に脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002547.html
JVNDB-2010-002546 PHP にサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002546.html
JVNDB-2010-002545 ISC BIND named の allow-query の処理における脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002545.html
JVNDB-2010-002544 ISC BIND named validator に脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002543.html
JVNDB-2010-002543 ISC BIND におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002542.html
JVNDB-2010-002258 複数の Oracle 製品の Java Web Start コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002258.html
JVNDB-2010-002267 複数の Oracle 製品の Networking コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002267.html
JVNDB-2010-002253 複数の Oracle 製品の New Java Plug-in コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002253.html
JVNDB-2010-002256 複数の Oracle 製品の Swing コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002256.html
JVNDB-2010-002257 複数の Oracle 製品の Java Web Start コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002257.html
JVNDB-2010-002242 複数の Oracle 製品の 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002242.html
JVNDB-2010-002262 複数の Oracle 製品の Swing コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002262.html
JVNDB-2010-002252 複数の Oracle 製品の Java Web Start コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002252.html
JVNDB-2010-002254 複数の Oracle 製品の Sound コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002254.html
JVNDB-2010-002268 複数の Oracle 製品の Networking コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002268.html
JVNDB-2010-002243 複数の Oracle 製品の 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002243.html
JVNDB-2010-002249 複数の Oracle 製品の Deployment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002249.html
JVNDB-2010-002244 複数の Oracle 製品の 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002244.html
JVNDB-2010-002250 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002250.html
JVNDB-2010-002259 複数の Oracle 製品の Deployment Toolkit コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002259.html
JVNDB-2010-002255 複数の Oracle 製品の Sound コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002255.html
JVNDB-2008-002506 CA eTrust Antivirus における HTML ドキュメント内のマルウェアの検出を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002506.html
JVNDB-2008-002505 Windows 上で稼働する CA ARCserve Backup の LDBserver サービスにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002505.html
JVNDB-2008-002504 CA ARCserve Backup の asdbapi.dll におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002504.html
JVNDB-2008-002503 CA ARCserve Backup の asdbapi.dll のデータベースエンジンサービスにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002503.html
JVNDB-2008-002502 CA ARCserve Backup の asdbapi.dll のテープエンジンサービスにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002502.html
JVNDB-2008-002501 CA ARCserve Backup の RPC インターフェイスにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002501.html
JVNDB-2010-002264 複数の Oracle 製品の Networking コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002264.html
JVNDB-2010-002265 複数の Oracle 製品の Networking コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002265.html
JVNDB-2008-002500 CA Service Desk および CMDB におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002500.html
JVNDB-2008-002499 CA ARCserve Backup for Laptops and Desktops の LGServer サービスにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002499.html
JVNDB-2008-002498 CA Host-Based Intrusion Prevention System の kmxfw.sys ドライバにおける権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002498.html
JVNDB-2008-002497 CA eTrust Secure Content Manager の HTTP Gateway Service におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002497.html
JVNDB-2008-002496 CA Internet Security Suite の UmxEventCli.dll におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002496.html
JVNDB-2008-002495 CA BrightStor ARCServe Backup のサーバ内の xdr 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002495.html
JVNDB-2008-002494 CA BrightStor ARCServe Backup の caloggerd におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002494.html
JVNDB-2008-002493 CA Secure Content Manager の eTrust Common Services Daemon におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002493.html
JVNDB-2008-002492 複数の CA 製品の NetBackup サービスにおける任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002492.html
JVNDB-2008-002491 複数の CA 製品の LGServer サービスにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002491.html
ISC infocon monitor app for OS X
http://isc.sans.edu/diary.html?storyid=10153
Merry Christmas!!
http://isc.sans.edu/diary.html?storyid=10144
An interesting vulnerability playground to learn application vulnerabilities
http://isc.sans.edu/diary.html?storyid=10150
A question of class
http://isc.sans.edu/diary.html?storyid=10141
Embedded Video WordPress Plugin Cross Site Vulnerability (XSS)
http://securityreason.com/securityalert/7978
Linux Kernel less 2.6.37-rc2 ACPI custom_method Privilege Escalation
http://securityreason.com/securityalert/7977
Symantec Intel Handler Service Remote Denial-of-Service
http://securityreason.com/securityalert/7976
HP Insight Diagnostics Online Edition Cross Site Scripting (XSS)
http://securityreason.com/securityalert/7975
HP DDMI Cross SIte Scripting (XSS)
http://securityreason.com/securityalert/7974
HP Insight Management Agents Remote Full Path Disclosure
http://securityreason.com/securityalert/7973
HP OpenVMS Integrity Servers Local DoS
http://securityreason.com/securityalert/7972
HP Power Manager (HPPM) Remote Execution of Arbitrary Code
http://securityreason.com/securityalert/7971
Rocket U2 UniVerse and UniData Integer Overflow in RPC Service Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Dec/1024924.html
Linux Kernel IRLMP_ENUMDEVICES Integer Underflow Lets Local Users Obtain Portions of Kernel Memory
http://securitytracker.com/alerts/2010/Dec/1024923.html
Remote: Kolibri v2.0 Buffer Overflow RET + SEH exploit (HEAD)
http://www.exploit-db.com/exploits/15834/
DoS: HttpBlitz Web Server Denial Of Service Exploit
http://www.exploit-db.com/exploits/15821/
Django Remote Information Disclosure and Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/3318
Atmail Exim "string_vformat()" Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3317
Rocket U2 Uni RPC Service Remote Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3316
SuSE Security Update Fixes Code Execution and Security Bypass
http://www.vupen.com/english/advisories/2010/3315
Slackware Security Update Fixes ProFTPD "mod_sql" Buffer Overflow
http://www.vupen.com/english/advisories/2010/3314
Slackware Security Update Fixes PHP Double-free and Security Bypass
http://www.vupen.com/english/advisories/2010/3313
Mandriva Security Update Fixes Pidgin Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/3312
Pidgin MSN Protocol Direct Connection Packets Denial of Service
http://www.vupen.com/english/advisories/2010/3311
SUSE update for Multiple Packages
http://secunia.com/advisories/42746/
Fedora update for git
http://secunia.com/advisories/42743/
Rocket U2 UniVerse / UniData Uni RPC Service Signedness Vulnerability
http://secunia.com/advisories/42699/
Redmine Multiple Vulnerabilities
http://secunia.com/advisories/42741/
Slackware update for php
http://secunia.com/advisories/42729/
Fedora update for ImageMagick
http://secunia.com/advisories/42744/
Embedthis Appweb Cross-Site Scripting Vulnerability
http://secunia.com/advisories/42739/
Django Two Security Issues
http://secunia.com/advisories/42715/
Fedora update for kernel
http://secunia.com/advisories/42745/
Novell iPrint Client Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/45301
Novell iPrint Client 'ienipp.ocx' ActiveX 'GetDriverSettings()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44966
Mozilla Firefox and SeaMonkey Java LiveConnect Script Security Bypass Vulnerability
http://www.securityfocus.com/bid/45355
Mozilla Firefox and SeaMonkey Firebug 'XMLHttpRequestSpy' Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45354
Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/45353
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2010-3776 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45347
Mozilla Firefox/Thunderbird/SeaMonkey OS Font Code Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/45352
Mozilla Firefox and SeaMonkey (CVE-2010-3772) Invalid Array Index Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45351
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2010-3777 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45348
Mozilla Firefox and SeaMonkey 'nsDOMAttribute' Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45326
Mozilla Firefox and SeaMonkey 'about:blank' Window Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45346
Mozilla Firefox/Thunderbird/SeaMonkey 'document.write()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45345
Mozilla Firefox/SeaMonkey 'JSSLOT_ARRAY_COUNT' Annotation Integer Overflow Vulnerability
http://www.securityfocus.com/bid/45324
Mozilla Firefox Pseudo URL Same Origin Policy Security Bypass Vulnerability
http://www.securityfocus.com/bid/45314
ProFTPD 'mod_sql' Remote Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44933
PHP 'ext/imap/php_imap.c' Use After Free Denial of Service Vulnerability
http://www.securityfocus.com/bid/44980
PHP 'open_basedir' Security-Bypass Vulnerability
http://www.securityfocus.com/bid/44723
PHP ZipArchive::getArchiveComment() NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/44718
HP StorageWorks Storage Mirroring 'DoubleTake.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45526
SquareCMS 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/45574
HttpBlitz Server HTTP Request Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45573
XMovie Component for Joomla! 'file' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/45572
Redmine Multiple Vulnerabilities
http://www.securityfocus.com/bid/45571
iDevSpot iDevCart 'index.php' Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/45570
Rocket Software UniData and UniVerse 'unirpcd.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45569
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002563.html
JVNDB-2010-002562 複数の VMware 製品の vmware-mount における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002562.html
JVNDB-2010-002561 複数の VMware 製品の vmware-mount における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002561.html
JVNDB-2010-002560 複数の VMware 製品の VMnc メディアコーデック内にあるフレーム復元機能における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002560.html
JVNDB-2010-002559 Apple QuickTime における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002559.html
JVNDB-2010-002558 Windows 上で稼働する Apple QuickTime における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002558.html
JVNDB-2010-002557 Windows 上で稼働する Apple QuickTime におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002557.html
JVNDB-2010-002556 Apple QuickTime における整数符号エラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002556.html
JVNDB-2010-002555 Apple QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002555.html
JVNDB-2010-002554 Apple QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002554.html
JVNDB-2010-002320 Microsoft Internet Explorer における無効なフラグ参照に起因する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002320.html
JVNDB-2010-002317 CUPS の cupsFileOpen 関数における任意のファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002317.html
JVNDB-2010-002263 複数の Oracle 製品の Networking コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002263.html
JVNDB-2010-002261 複数の Oracle 製品の Networking コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002261.html
JVNDB-2010-002553 CA PSFormX および CA WebScan ActiveX コントロールにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002553.html
JVNDB-2010-002552 CA eHealth Performance Manager におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002552.html
JVNDB-2009-002631 CA eTrust PestPatrol の PestPatrol ActiveX コントロールにおけるスタックペースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002631.html
JVNDB-2009-002630 CA Service Desk の Web インターフェイスにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002630.html
JVNDB-2009-002629 複数の CA 製品の Anti-Virus エンジン内にある arclib コンポーネントおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002629.html
JVNDB-2009-002628 複数の CA 製品の Anti-Virus エンジン内にある arclib コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002628.html
JVNDB-2009-002627 CA Host-Based Intrusion Prevention System の kmxIds.sys におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002627.html
JVNDB-2009-002626 CA SiteMinder における J2EE アプリケーションのクロスサイトスクリプティングに対する保護を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002626.html
JVNDB-2009-002625 CA SiteMinder における J2EE アプリケーションのクロスサイトスクリプティングに対する保護を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002625.html
JVNDB-2009-002624 複数の CA 製品の Data Transport Services におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002624.html
JVNDB-2009-002623 CA ARCserve Backup のメッセージエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002623.html
JVNDB-2009-002622 CA Internet Security Suite の vetmonnt.sys におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002622.html
JVNDB-2009-002621 CA Service Metric Analysis および Service Level Management の smmsnmpd サービスにおける任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002621.html
JVNDB-2009-002620 複数の CA 製品の Arclib library におけるウィルス検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002620.html
DoS: Web@all less= 1.1 Remote Admin Settings Change
http://www.exploit-db.com/exploits/15837/
DoS: OpenEMR v3.2.0 SQL Injection and XSS
http://www.exploit-db.com/exploits/15836/
DoS: pecio CMS v2.0.5 less= CSRF Add Admin
http://www.exploit-db.com/exploits/15835/
Redmine Multiple Vulnerabilities
http://www.securityfocus.com/bid/45571
Jetty Web Server Plugin for Eclipse Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/44883
Google Chrome prior to 8.0.552.215 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/45170
ImageMagick 'configure.c' Configuration File Loading Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45044
- Linux Kernel IRLMP_ENUMDEVICES Integer Underflow Lets Local Users Obtain Portions of Kernel Memory
http://securitytracker.com/alerts/2010/Dec/1024923.html
phpMyAdmin 3.3.9-rc1 is released
http://sourceforge.net/news/?group_id=23067&id=295464
http://sourceforge.net/projects/phpmyadmin/files%2FphpMyAdmin%2F3.3.9-rc1%2FphpMyAdmin-3.3.9-rc1.html/view
libmnl 1.0.1 released
http://www.netfilter.org/news.html#2010-12-26
http://www.netfilter.org/projects/libmnl/downloads.html#libmnl-1.0.1
Postfix 2.8-20101224-nonprod non-production release
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.8-20101224-nonprod.HISTORY
Samba 4.0alpha14 "ramdomdata"が出ました。
http://wiki.samba.gr.jp/mediawiki/index.php?title=%E3%83%A1%E3%82%A4%E3%83%B3%E3%83%9A%E3%83%BC%E3%82%B8
Sysstat 9.1.7 released (development version)
http://sebastien.godard.pagesperso-orange.fr/
Today's xkcd features sudo in a Christmas comic.
http://www.sudo.ws/sudo/news.html
http://xkcd.com/838/
スパムメール判定ルール 17846.004 にアップデートすると弊社製品のサービスが停止する現象に関して
http://www.trendmicro.co.jp/support/news.asp?id=1507
2488013: Internet Explorer の脆弱性により、リモートでコードが実行される
http://www.microsoft.com/japan/technet/security/advisory/2488013.mspx
JVNTA10-348A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA10-348A/index.html
JVNVU#634956 Microsoft Internet Explorer に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU634956/index.html
JVNVU#842372 Microsoft IIS FTP サーバにメモリ破損の脆弱性
http://jvn.jp/cert/JVNVU842372/index.html
JVNVU#725596 Microsoft WMI Administrative Tools の ActiveX コントロールに脆弱性
http://jvn.jp/cert/JVNVU725596/index.html
JVNDB-2010-002551 Quagga の bgpd におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002551.html
JVNDB-2010-002550 Adobe Illustrator における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002550.html
JVNDB-2010-002549 OpenSSL における共有秘密鍵の認証要求を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002549.html
JVNDB-2010-002548 OpenSSL における暗号スイートのダウングレードに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002548.html
JVNDB-2010-002547 AWStats に脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002547.html
JVNDB-2010-002546 PHP にサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002546.html
JVNDB-2010-002545 ISC BIND named の allow-query の処理における脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002545.html
JVNDB-2010-002544 ISC BIND named validator に脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002543.html
JVNDB-2010-002543 ISC BIND におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002542.html
JVNDB-2010-002258 複数の Oracle 製品の Java Web Start コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002258.html
JVNDB-2010-002267 複数の Oracle 製品の Networking コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002267.html
JVNDB-2010-002253 複数の Oracle 製品の New Java Plug-in コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002253.html
JVNDB-2010-002256 複数の Oracle 製品の Swing コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002256.html
JVNDB-2010-002257 複数の Oracle 製品の Java Web Start コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002257.html
JVNDB-2010-002242 複数の Oracle 製品の 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002242.html
JVNDB-2010-002262 複数の Oracle 製品の Swing コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002262.html
JVNDB-2010-002252 複数の Oracle 製品の Java Web Start コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002252.html
JVNDB-2010-002254 複数の Oracle 製品の Sound コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002254.html
JVNDB-2010-002268 複数の Oracle 製品の Networking コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002268.html
JVNDB-2010-002243 複数の Oracle 製品の 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002243.html
JVNDB-2010-002249 複数の Oracle 製品の Deployment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002249.html
JVNDB-2010-002244 複数の Oracle 製品の 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002244.html
JVNDB-2010-002250 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002250.html
JVNDB-2010-002259 複数の Oracle 製品の Deployment Toolkit コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002259.html
JVNDB-2010-002255 複数の Oracle 製品の Sound コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002255.html
JVNDB-2008-002506 CA eTrust Antivirus における HTML ドキュメント内のマルウェアの検出を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002506.html
JVNDB-2008-002505 Windows 上で稼働する CA ARCserve Backup の LDBserver サービスにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002505.html
JVNDB-2008-002504 CA ARCserve Backup の asdbapi.dll におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002504.html
JVNDB-2008-002503 CA ARCserve Backup の asdbapi.dll のデータベースエンジンサービスにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002503.html
JVNDB-2008-002502 CA ARCserve Backup の asdbapi.dll のテープエンジンサービスにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002502.html
JVNDB-2008-002501 CA ARCserve Backup の RPC インターフェイスにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002501.html
JVNDB-2010-002264 複数の Oracle 製品の Networking コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002264.html
JVNDB-2010-002265 複数の Oracle 製品の Networking コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002265.html
JVNDB-2008-002500 CA Service Desk および CMDB におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002500.html
JVNDB-2008-002499 CA ARCserve Backup for Laptops and Desktops の LGServer サービスにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002499.html
JVNDB-2008-002498 CA Host-Based Intrusion Prevention System の kmxfw.sys ドライバにおける権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002498.html
JVNDB-2008-002497 CA eTrust Secure Content Manager の HTTP Gateway Service におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002497.html
JVNDB-2008-002496 CA Internet Security Suite の UmxEventCli.dll におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002496.html
JVNDB-2008-002495 CA BrightStor ARCServe Backup のサーバ内の xdr 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002495.html
JVNDB-2008-002494 CA BrightStor ARCServe Backup の caloggerd におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002494.html
JVNDB-2008-002493 CA Secure Content Manager の eTrust Common Services Daemon におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002493.html
JVNDB-2008-002492 複数の CA 製品の NetBackup サービスにおける任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002492.html
JVNDB-2008-002491 複数の CA 製品の LGServer サービスにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002491.html
ISC infocon monitor app for OS X
http://isc.sans.edu/diary.html?storyid=10153
Merry Christmas!!
http://isc.sans.edu/diary.html?storyid=10144
An interesting vulnerability playground to learn application vulnerabilities
http://isc.sans.edu/diary.html?storyid=10150
A question of class
http://isc.sans.edu/diary.html?storyid=10141
Embedded Video WordPress Plugin Cross Site Vulnerability (XSS)
http://securityreason.com/securityalert/7978
Linux Kernel less 2.6.37-rc2 ACPI custom_method Privilege Escalation
http://securityreason.com/securityalert/7977
Symantec Intel Handler Service Remote Denial-of-Service
http://securityreason.com/securityalert/7976
HP Insight Diagnostics Online Edition Cross Site Scripting (XSS)
http://securityreason.com/securityalert/7975
HP DDMI Cross SIte Scripting (XSS)
http://securityreason.com/securityalert/7974
HP Insight Management Agents Remote Full Path Disclosure
http://securityreason.com/securityalert/7973
HP OpenVMS Integrity Servers Local DoS
http://securityreason.com/securityalert/7972
HP Power Manager (HPPM) Remote Execution of Arbitrary Code
http://securityreason.com/securityalert/7971
Rocket U2 UniVerse and UniData Integer Overflow in RPC Service Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Dec/1024924.html
Linux Kernel IRLMP_ENUMDEVICES Integer Underflow Lets Local Users Obtain Portions of Kernel Memory
http://securitytracker.com/alerts/2010/Dec/1024923.html
Remote: Kolibri v2.0 Buffer Overflow RET + SEH exploit (HEAD)
http://www.exploit-db.com/exploits/15834/
DoS: HttpBlitz Web Server Denial Of Service Exploit
http://www.exploit-db.com/exploits/15821/
Django Remote Information Disclosure and Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/3318
Atmail Exim "string_vformat()" Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3317
Rocket U2 Uni RPC Service Remote Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3316
SuSE Security Update Fixes Code Execution and Security Bypass
http://www.vupen.com/english/advisories/2010/3315
Slackware Security Update Fixes ProFTPD "mod_sql" Buffer Overflow
http://www.vupen.com/english/advisories/2010/3314
Slackware Security Update Fixes PHP Double-free and Security Bypass
http://www.vupen.com/english/advisories/2010/3313
Mandriva Security Update Fixes Pidgin Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/3312
Pidgin MSN Protocol Direct Connection Packets Denial of Service
http://www.vupen.com/english/advisories/2010/3311
SUSE update for Multiple Packages
http://secunia.com/advisories/42746/
Fedora update for git
http://secunia.com/advisories/42743/
Rocket U2 UniVerse / UniData Uni RPC Service Signedness Vulnerability
http://secunia.com/advisories/42699/
Redmine Multiple Vulnerabilities
http://secunia.com/advisories/42741/
Slackware update for php
http://secunia.com/advisories/42729/
Fedora update for ImageMagick
http://secunia.com/advisories/42744/
Embedthis Appweb Cross-Site Scripting Vulnerability
http://secunia.com/advisories/42739/
Django Two Security Issues
http://secunia.com/advisories/42715/
Fedora update for kernel
http://secunia.com/advisories/42745/
Novell iPrint Client Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/45301
Novell iPrint Client 'ienipp.ocx' ActiveX 'GetDriverSettings()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44966
Mozilla Firefox and SeaMonkey Java LiveConnect Script Security Bypass Vulnerability
http://www.securityfocus.com/bid/45355
Mozilla Firefox and SeaMonkey Firebug 'XMLHttpRequestSpy' Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45354
Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/45353
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2010-3776 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45347
Mozilla Firefox/Thunderbird/SeaMonkey OS Font Code Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/45352
Mozilla Firefox and SeaMonkey (CVE-2010-3772) Invalid Array Index Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45351
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2010-3777 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45348
Mozilla Firefox and SeaMonkey 'nsDOMAttribute' Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45326
Mozilla Firefox and SeaMonkey 'about:blank' Window Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45346
Mozilla Firefox/Thunderbird/SeaMonkey 'document.write()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45345
Mozilla Firefox/SeaMonkey 'JSSLOT_ARRAY_COUNT' Annotation Integer Overflow Vulnerability
http://www.securityfocus.com/bid/45324
Mozilla Firefox Pseudo URL Same Origin Policy Security Bypass Vulnerability
http://www.securityfocus.com/bid/45314
ProFTPD 'mod_sql' Remote Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44933
PHP 'ext/imap/php_imap.c' Use After Free Denial of Service Vulnerability
http://www.securityfocus.com/bid/44980
PHP 'open_basedir' Security-Bypass Vulnerability
http://www.securityfocus.com/bid/44723
PHP ZipArchive::getArchiveComment() NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/44718
HP StorageWorks Storage Mirroring 'DoubleTake.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45526
SquareCMS 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/45574
HttpBlitz Server HTTP Request Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45573
XMovie Component for Joomla! 'file' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/45572
Redmine Multiple Vulnerabilities
http://www.securityfocus.com/bid/45571
iDevSpot iDevCart 'index.php' Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/45570
Rocket Software UniData and UniVerse 'unirpcd.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45569
2010年12月24日金曜日
24日 金曜日、大安
+ Microsoft Security Advisory (2488013): Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/2488013.mspx
http://www.securityfocus.com/bid/45246
+ Zimbra Collaboration Suite Open Source Edition 5.0.26, 6.0.10 GA Release
http://files2.zimbra.com/website/docs/archives/5.0/Zimbra%20OS%20Release%20Notes%205.0.26.pdf
http://files2.zimbra.com/website/docs/Zimbra%20OS%20Release%20Notes%206.0.10.pdf
+ Linux Kernel "irda_getsockopt()" Integer Underflow Weakness
http://secunia.com/advisories/42684/
http://www.securityfocus.com/bid/45556
+ PHP 'xml_utf8_decode()' UTF-8 Input Validation Vulnerability
http://www.securityfocus.com/bid/44605
+ PHP LCG Entropy Security Vulnerability
http://www.securityfocus.com/bid/38430
- Microsoft IIS FTP Server Telnet IAC Character Encoding Vulnerability
http://secunia.com/advisories/42713/
http://blogs.technet.com/b/srd/archive/2010/12/22/assessing-an-iis-ftp-7-5-unauthenticated-denial-of-service-vulnerability.aspx
http://www.exploit-db.com/exploits/15803/
http://www.kb.cert.org/vuls/id/842372
http://securitytracker.com/alerts/2010/Dec/1024921.html
http://www.vupen.com/english/advisories/2010/3305
http://www.securityfocus.com/bid/45542
- Microsoft WMI Administrative Tools WMI Object Viewer ActiveX Control Vulnerabilities
http://secunia.com/advisories/42693/
http://www.kb.cert.org/vuls/id/725596
http://www.exploit-db.com/exploits/15809
http://www.vupen.com/english/advisories/2010/3301
http://www.securityfocus.com/bid/45546
Subversion 1.5.9 Released
http://subversion.apache.org/docs/release-notes/1.5.html
http://svn.apache.org/repos/asf/subversion/tags/1.5.9/CHANGES
BIND 9.7.3b1 is now available
http://www.isc.org/software/bind
http://ftp.isc.org/isc/bind9/9.7.3b1/RELEASE-NOTES-BIND-9.7.html
Firefox 4.0 Beta 8 released
http://www.mozilla.com/en-US/firefox/all-beta.html
http://www.mozilla.com/en-US/firefox/4.0b8/releasenotes/
Squid Proxy 3.1.10, 3.2.0.4 released
http://www.squid-cache.org/Versions/v3/3.1/RELEASENOTES.html#ss1.2
http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_10.html
http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html#ss1.2
http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID_3_2_0_4.html
HPSBMA02617 SSRT100338 改訂版1 - Windowsで実行中のHP Discovery & Dependency Mapping Inventory(DDMI)、リモート クロスサイト スクリプティング(XSS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02665580
HPSBMA02616 SSRT100231 改訂版1 - LinuxおよびWindowsで実行中のHP Insight Management Agents、フルパスのリモート開示
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02665577
HPSBMA02615 SSRT100228 改訂版1 - LinaxとWindowsで実行中のHP Insight Diagnostics オンラインエディション、リモート クロスサイト スクリプティング(XSS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02665576
HPSBMA02545 SSRT100139 改訂版.1 - LinaxおよびWindowsでのHP Power Manager(HPPM)の実行、任意コードのリモート実行
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02665574
HPSBMI02614 SSRT100344 改訂版1 - HP webOS コンタクトアプリケーション、任意コードのリモート実行
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02655388
HPSBUX02608 SSRT100333 改訂版1 - Javaを実行するHP-UX、任意コードのリモート実行、情報開示、その他の脆弱性
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02655386
HPSBUX02611 SSRT090201 改訂版1 - HP-UX スレッド処理の実行、リモートサービス拒否(DoS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02655385
HPSBUX02612 SSRT100345 改訂版1 - HP-UX ApacheベースのWebサーバー、ローカルインフォメーション ディスクロージャ、権限の拡大、リモートサービス拒否(DoS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02655384
HPSBST02620 SSRT100356 rev.2 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02660754
UPDATE: HPSBST02619 SSRT100281 rev.2 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02660122
スパムメール判定ルール 17846.004 にアップデートすると弊社製品のサービスが停止する現象に関して
http://www.trendmicro.co.jp/support/news.asp?id=1507
eVuln : [EV0168] HTTP Response Splitting in Social Share
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34586
Debian : [DSA-2136-1] New tor packages fix potential code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34566
Hewlett-Packard : HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34579
High-Tech Bridge SA : [HTB22744] XSS vulnerability in Injader CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34567
High-Tech Bridge SA : [HTB22743] SQL injection in Injader CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34568
High-Tech Bridge SA : [HTB22740] SQL injection in Hycus CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34569
High-Tech Bridge SA : [HTB22741] SQL injection in Hycus CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34570
High-Tech Bridge SA : [HTB22738] SQL injection in Hycus CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34571
High-Tech Bridge SA : [HTB22737] LFI in Hycus CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34577
waraxe : [waraxe-2010-SA#077] Multiple Vulnerabilities in Calibre 0.7.34
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34578
Debian : [DSA 2135-1] New xpdf packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34565
http://www.evuln.com/ : HTTP Response Splitting in Social Share
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00237.html
[SECURITY] [DSA-2136-1] New tor packages fix potential code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00233.html
VMSA-2010-0020 VMware ESXi 4.1 Update Installer SFCB Authentication Flaw
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00234.html
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-04
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00232.html
[SECURITY] [DSA 2135-1] New xpdf packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00236.html
VSR Advisories: Citrix Access Gateway Command Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00235.html
年末年始は「ウイルス」と「ワンクリック詐欺」にご用心
「安易に『はい』を押さないで」、IPAが注意喚起
http://itpro.nikkeibp.co.jp/article/NEWS/20101223/355593/?ST=security
データ暗号化やID管理など“全部入り”の統合セキュリティソフト、カスペルスキーがベータ公開
http://itpro.nikkeibp.co.jp/article/NEWS/20101222/355572/?ST=security
Skoudis' Annual Xmas Hacking Challenge - The Nightmare Before Charlie Brown's Christmas
http://isc.sans.edu/diary.html?storyid=10129
IE 0 Day, just in time for Christmas
http://isc.sans.edu/diary.html?storyid=10132
Older AV Scam Active again.
http://isc.sans.edu/diary.html?storyid=10135
White house greeting cards
http://isc.sans.edu/diary.html?storyid=10138
IIS 7.5 0-Day DoS (processing FTP requests)
http://isc.sans.edu/diary.html?storyid=10126
IBM Lotus Notes Traveler Multiple Vulnerabilities
http://secunia.com/advisories/39880/
Fedora update for seamonkey
http://secunia.com/advisories/42716/
TheHostingTool "updateResource()" SQL Injection Vulnerability
http://secunia.com/advisories/42369/
Built2Go PHP Shopping "cat" SQL Injection Vulnerability
http://secunia.com/advisories/42717/
YPNinc Realty Classifieds "id" SQL Injection Vulnerability
http://secunia.com/advisories/42687/
Debian update for tor
http://secunia.com/advisories/42687/
Drupal Image Module Unspecified Script Insertion Vulnerability
http://secunia.com/advisories/42735/
Drupal oEmbed Module Security Bypass Vulnerability
http://secunia.com/advisories/42700/
Linux Kernel "irda_getsockopt()" Integer Underflow Weakness
http://secunia.com/advisories/42684/
logrotate Privilege Escalation Security Issue
http://secunia.com/advisories/42559/
CommunityManager.NET Authentication Bypass Vulnerability
http://secunia.com/advisories/42701/
IntegraXor Insecure Library Loading Vulnerability
http://secunia.com/advisories/42734/
JobAppr Multiple Vulnerabilities
http://secunia.com/advisories/42709/
WordPress Accept Signups Plugin "email" Script Insertion Vulnerability
http://secunia.com/advisories/42641/
Joomla! JE Auto Component "view" Local File Inclusion Vulnerability
http://secunia.com/advisories/42705/
Microsoft IIS FTP Server Telnet IAC Character Encoding Vulnerability
http://secunia.com/advisories/42713/
Debian update for xpdf
http://secunia.com/advisories/42691/
Red Hat update for git
http://secunia.com/advisories/42731/
Mitel Audio and Web Conferencing (AWC) Shell Command Injection Vulnerability
http://secunia.com/advisories/42697/
Microsoft WMI Administrative Tools WMI Object Viewer ActiveX Control Vulnerabilities
http://secunia.com/advisories/42693/
Blue Coat Reporter OpenSSL Multiple Vulnerabilities
http://secunia.com/advisories/42733/
Blue Coat Reporter OpenSSL Multiple Vulnerabilities
http://secunia.com/advisories/42724/
IntegraXor "file_name" File Disclosure Vulnerability
http://secunia.com/advisories/42730/
VMware ESXi Update Installer SFCB Authentication Security Bypass
http://secunia.com/advisories/42591/
Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch Vulnerability
http://www.securiteam.com/unixfocus/6M03G0U0KS.html
Landesk OS Command Injection Vulnerability
http://www.securiteam.com/unixfocus/6N03H0U0KW.html
Vulnerability Note VU#842372: Microsoft IIS FTP server memory corruption vulnerability
http://www.kb.cert.org/vuls/id/842372
Vulnerability Note VU#725596: Microsoft WMI Administrative Tools WBEMSingleView.ocx ActiveX control vulnerability
http://www.kb.cert.org/vuls/id/725596
Microsoft Internet Explorer Recursive CSS Import Memory Corruption Error Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Dec/1024922.html
Microsoft IIS FTP Server Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/Dec/1024921.html
VMware ESXi Update Installer SFCB Authentication Lets Remote Users Gain Access
http://securitytracker.com/alerts/2010/Dec/1024917.html
SAP Crystal Reports Print ActiveX Control Buffer Overflow
http://securityreason.com/securityalert/7970
Radius Manager 3.8.0 Multiple XSS Vulnerabilities
http://securityreason.com/securityalert/7969
Pointter PHP Content Management System Unauthorized Privilege Escalation
http://securityreason.com/securityalert/7968
Pointter PHP Micro-Blogging Social Network Unauthorized Privilege Escalation
http://securityreason.com/securityalert/7967
REMOTE: WMITools ActiveX Remote Command Execution Exploit 0day
http://www.exploit-db.com/exploits/15809/
YPNinc Realty Classifieds "id" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/3310
Built2Go PHP Shopping "cat" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/3309
D-Link WBR-1310 Wireless G Router Authentication Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/3308
Fedora Security Update Fixes Seamonkey Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/3307
Serendipity Xinha Plugins File Upload Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/3306
Microsoft Internet Information Services (IIS) FTP Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3305
Ecava IntegraXor "file_name" Parameter Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2010/3304
VMware ESXi Update Installer SFCB Authentication Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/3303
Blue Coat Reporter Security Update Fixes Multiple SSL/TLS Vulnerabilities
http://www.vupen.com/english/advisories/2010/3302
Microsoft WMI Administrative Tools Trusted Value Remote Code Execution
http://www.vupen.com/english/advisories/2010/3301
Mitel Audio and Web Conferencing "xml" Command Injection Vulnerability
http://www.vupen.com/english/advisories/2010/3300
Symantec PGP Universal Web Messenger URL Redirection Weakness
http://www.vupen.com/english/advisories/2010/3299
Redhat Security Update Fixes GIT Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/3298
Redhat Security Update Fixes mod-auth-mysql SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/3297
Debian Security Update Fixes Tor Remote Heap Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3296
Debian Security Update Fixes Xpdf Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/3295
Linux Kernel Unix Sockets Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/45037
Linux Kernel Local Address Limit Override Security Weakness
http://www.securityfocus.com/bid/45159
Linux Kernel 'perf_event_mmap()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/44861
Linux Kernel 'net/core/filter.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/44758
Linux Kernel 'drivers/scsi/gdth.c' IOCTL Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44648
Linux Kernel Block Layer Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/44793
Linux Kernel Invalid 'fs' and 'gs' Registry Denial of Service Vulnerability
http://www.securityfocus.com/bid/44500
Linux Kernel CAN Protocol Information Disclosure Vulnerability
http://www.securityfocus.com/bid/44661
Linux Kernel 915 GEM IOCTL Local Memory Overwrite Vulnerability
http://www.securityfocus.com/bid/44067
Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability
http://www.securityfocus.com/bid/44242
Linux Kernel ALSA 'sound/core/control.c' Local Integer Overflow Vulnerability
http://www.securityfocus.com/bid/43787
Linux Kernel SCTP HMAC Handling Memory Corruption Vulnerability
http://www.securityfocus.com/bid/43701
Pidgin MSN Use-After-Free Denial of Service Vulnerability
http://www.securityfocus.com/bid/45024
Git gitweb 'index.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45439
ImageMagick 'configure.c' Configuration File Loading Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45044
Django 'django.contrib.admin' Querystring Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45562
CubeCart 'productId' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37065
PHP xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38708
PHP Versions Prior to 5.3.3/5.2.14 Multiple Vulnerabilities
http://www.securityfocus.com/bid/41991
PHP 'xml_utf8_decode()' UTF-8 Input Validation Vulnerability
http://www.securityfocus.com/bid/44605
PHP LCG Entropy Security Vulnerability
http://www.securityfocus.com/bid/38430
Apache APR-util 'apr_brigade_split_line' Denial of Service Vulnerability
http://www.securityfocus.com/bid/43673
Xpdf 'Gfx::getPos()' (CVE-2010-3702) Unitialized Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/43845
Poppler Multiple Denial of Service and Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/43594
OTRS Core System Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/43264
Zope Object Database ZEO Server 'StorageServer.py' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/43916
MIT Kerberos 5 Key Distribution Center 'KrbFastReq' Forgery Security Bypass Vulnerability
http://www.securityfocus.com/bid/45122
MIT Kerberos 5 1.3.x Checksum Multiple Remote Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/45118
MIT Kerberos 5 1.7.x Checksum Multiple Remote Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/45116
MIT Kerberos Checksum AD-SIGNEDPATH and AD-KDC-ISSUED Security Bypass Vulnerability
http://www.securityfocus.com/bid/45117
Python 'audioop' Module Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40370
Mono/Moonlight Generic Type Argument Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45051
Python 'audioop' Module Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40863
Python Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/44533
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Subversion Server 'SVNPathAuthz' Restriction Security Bypass Vulnerability
http://www.securityfocus.com/bid/43678
KDE KGet Security Bypass and Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/40141
OpenOffice Impress File Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/42202
Opera Web Browser Prior to 11.00 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/45461
ClamAV Prior to 0.96.5 Multiple Vulnerabilities
http://www.securityfocus.com/bid/45152
Microsoft Word (CVE-2010-3217) Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/43770
Microsoft Internet Explorer CSS Parsing Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45246
Microsoft IIS FTP Service Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45542
Symantec Endpoint Protection Reporting Module 'fw_charts.php' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45372
Appweb Web Server Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/45568
Social Share 'search' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/45566
MyBB 'keywords' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/45565
IBM Lotus Notes Traveler Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/45564
Django Password Reset Mechanism Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45563
OfflineIMAP SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/45561
TheHostingTool 'class_db.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/45560
Joomla! 'com_adsmanager' Component Remote File Include Vulnerability
http://www.securityfocus.com/bid/45559
Joomla 'com_ponygallery' Component Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/45558
Drupal Image Module Unspecified HTML Injection Vulnerability
http://www.securityfocus.com/bid/45557
Linux Kernel 'irda_getsockopt()' Local Integer Underflow Vulnerability
http://www.securityfocus.com/bid/45556
IPN Development Handler 'login.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/45555
D-Link WBR-1310 'tools_admin.cgi' CGI Script Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/45554
Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/45353
Mozilla Firefox CVE-2010-3778 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45344
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2010-3777 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45348
Mozilla Firefox and SeaMonkey Firebug 'XMLHttpRequestSpy' Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45354
Mozilla Firefox/SeaMonkey 'JSSLOT_ARRAY_COUNT' Annotation Integer Overflow Vulnerability
http://www.securityfocus.com/bid/45324
Mozilla Firefox Pseudo URL Same Origin Policy Security Bypass Vulnerability
http://www.securityfocus.com/bid/45314
Mozilla Firefox and SeaMonkey Java LiveConnect Script Security Bypass Vulnerability
http://www.securityfocus.com/bid/45355
Mozilla Firefox and SeaMonkey (CVE-2010-3772) Invalid Array Index Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45351
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2010-3776 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45347
Mozilla Firefox/Thunderbird/SeaMonkey OS Font Code Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/45352
Mozilla Firefox and SeaMonkey 'nsDOMAttribute' Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45326
Mozilla Firefox and SeaMonkey 'about:blank' Window Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45346
Mozilla Firefox/Thunderbird/SeaMonkey 'document.write()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45345
Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45546
Tor Unspecified Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45500
OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/35001
OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31692
OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35138
OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40502
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/34256
OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39013
OpenSSL 'bn_wexpend()' Error Handling Unspecified Vulnerability
http://www.securityfocus.com/bid/38562
OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38533
Drupal oEmbed Module Security Bypass Vulnerability
http://www.securityfocus.com/bid/45553
Apple Mobile Safari Crafted JavaScript '.' Assignment Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45552
logrotate Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45551
Ecava IntegraXor 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/45549
WordPress Accept Signups Plugin 'email' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/45548
Classified Component for Joomla! SQL Injection Vulnerability
http://www.securityfocus.com/bid/45545
http://www.microsoft.com/technet/security/advisory/2488013.mspx
http://www.securityfocus.com/bid/45246
+ Zimbra Collaboration Suite Open Source Edition 5.0.26, 6.0.10 GA Release
http://files2.zimbra.com/website/docs/archives/5.0/Zimbra%20OS%20Release%20Notes%205.0.26.pdf
http://files2.zimbra.com/website/docs/Zimbra%20OS%20Release%20Notes%206.0.10.pdf
+ Linux Kernel "irda_getsockopt()" Integer Underflow Weakness
http://secunia.com/advisories/42684/
http://www.securityfocus.com/bid/45556
+ PHP 'xml_utf8_decode()' UTF-8 Input Validation Vulnerability
http://www.securityfocus.com/bid/44605
+ PHP LCG Entropy Security Vulnerability
http://www.securityfocus.com/bid/38430
- Microsoft IIS FTP Server Telnet IAC Character Encoding Vulnerability
http://secunia.com/advisories/42713/
http://blogs.technet.com/b/srd/archive/2010/12/22/assessing-an-iis-ftp-7-5-unauthenticated-denial-of-service-vulnerability.aspx
http://www.exploit-db.com/exploits/15803/
http://www.kb.cert.org/vuls/id/842372
http://securitytracker.com/alerts/2010/Dec/1024921.html
http://www.vupen.com/english/advisories/2010/3305
http://www.securityfocus.com/bid/45542
- Microsoft WMI Administrative Tools WMI Object Viewer ActiveX Control Vulnerabilities
http://secunia.com/advisories/42693/
http://www.kb.cert.org/vuls/id/725596
http://www.exploit-db.com/exploits/15809
http://www.vupen.com/english/advisories/2010/3301
http://www.securityfocus.com/bid/45546
Subversion 1.5.9 Released
http://subversion.apache.org/docs/release-notes/1.5.html
http://svn.apache.org/repos/asf/subversion/tags/1.5.9/CHANGES
BIND 9.7.3b1 is now available
http://www.isc.org/software/bind
http://ftp.isc.org/isc/bind9/9.7.3b1/RELEASE-NOTES-BIND-9.7.html
Firefox 4.0 Beta 8 released
http://www.mozilla.com/en-US/firefox/all-beta.html
http://www.mozilla.com/en-US/firefox/4.0b8/releasenotes/
Squid Proxy 3.1.10, 3.2.0.4 released
http://www.squid-cache.org/Versions/v3/3.1/RELEASENOTES.html#ss1.2
http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_10.html
http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html#ss1.2
http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID_3_2_0_4.html
HPSBMA02617 SSRT100338 改訂版1 - Windowsで実行中のHP Discovery & Dependency Mapping Inventory(DDMI)、リモート クロスサイト スクリプティング(XSS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02665580
HPSBMA02616 SSRT100231 改訂版1 - LinuxおよびWindowsで実行中のHP Insight Management Agents、フルパスのリモート開示
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02665577
HPSBMA02615 SSRT100228 改訂版1 - LinaxとWindowsで実行中のHP Insight Diagnostics オンラインエディション、リモート クロスサイト スクリプティング(XSS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02665576
HPSBMA02545 SSRT100139 改訂版.1 - LinaxおよびWindowsでのHP Power Manager(HPPM)の実行、任意コードのリモート実行
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02665574
HPSBMI02614 SSRT100344 改訂版1 - HP webOS コンタクトアプリケーション、任意コードのリモート実行
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02655388
HPSBUX02608 SSRT100333 改訂版1 - Javaを実行するHP-UX、任意コードのリモート実行、情報開示、その他の脆弱性
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02655386
HPSBUX02611 SSRT090201 改訂版1 - HP-UX スレッド処理の実行、リモートサービス拒否(DoS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02655385
HPSBUX02612 SSRT100345 改訂版1 - HP-UX ApacheベースのWebサーバー、ローカルインフォメーション ディスクロージャ、権限の拡大、リモートサービス拒否(DoS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02655384
HPSBST02620 SSRT100356 rev.2 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02660754
UPDATE: HPSBST02619 SSRT100281 rev.2 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02660122
スパムメール判定ルール 17846.004 にアップデートすると弊社製品のサービスが停止する現象に関して
http://www.trendmicro.co.jp/support/news.asp?id=1507
eVuln : [EV0168] HTTP Response Splitting in Social Share
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34586
Debian : [DSA-2136-1] New tor packages fix potential code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34566
Hewlett-Packard : HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34579
High-Tech Bridge SA : [HTB22744] XSS vulnerability in Injader CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34567
High-Tech Bridge SA : [HTB22743] SQL injection in Injader CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34568
High-Tech Bridge SA : [HTB22740] SQL injection in Hycus CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34569
High-Tech Bridge SA : [HTB22741] SQL injection in Hycus CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34570
High-Tech Bridge SA : [HTB22738] SQL injection in Hycus CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34571
High-Tech Bridge SA : [HTB22737] LFI in Hycus CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34577
waraxe : [waraxe-2010-SA#077] Multiple Vulnerabilities in Calibre 0.7.34
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34578
Debian : [DSA 2135-1] New xpdf packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34565
http://www.evuln.com/ : HTTP Response Splitting in Social Share
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00237.html
[SECURITY] [DSA-2136-1] New tor packages fix potential code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00233.html
VMSA-2010-0020 VMware ESXi 4.1 Update Installer SFCB Authentication Flaw
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00234.html
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-04
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00232.html
[SECURITY] [DSA 2135-1] New xpdf packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00236.html
VSR Advisories: Citrix Access Gateway Command Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00235.html
年末年始は「ウイルス」と「ワンクリック詐欺」にご用心
「安易に『はい』を押さないで」、IPAが注意喚起
http://itpro.nikkeibp.co.jp/article/NEWS/20101223/355593/?ST=security
データ暗号化やID管理など“全部入り”の統合セキュリティソフト、カスペルスキーがベータ公開
http://itpro.nikkeibp.co.jp/article/NEWS/20101222/355572/?ST=security
Skoudis' Annual Xmas Hacking Challenge - The Nightmare Before Charlie Brown's Christmas
http://isc.sans.edu/diary.html?storyid=10129
IE 0 Day, just in time for Christmas
http://isc.sans.edu/diary.html?storyid=10132
Older AV Scam Active again.
http://isc.sans.edu/diary.html?storyid=10135
White house greeting cards
http://isc.sans.edu/diary.html?storyid=10138
IIS 7.5 0-Day DoS (processing FTP requests)
http://isc.sans.edu/diary.html?storyid=10126
IBM Lotus Notes Traveler Multiple Vulnerabilities
http://secunia.com/advisories/39880/
Fedora update for seamonkey
http://secunia.com/advisories/42716/
TheHostingTool "updateResource()" SQL Injection Vulnerability
http://secunia.com/advisories/42369/
Built2Go PHP Shopping "cat" SQL Injection Vulnerability
http://secunia.com/advisories/42717/
YPNinc Realty Classifieds "id" SQL Injection Vulnerability
http://secunia.com/advisories/42687/
Debian update for tor
http://secunia.com/advisories/42687/
Drupal Image Module Unspecified Script Insertion Vulnerability
http://secunia.com/advisories/42735/
Drupal oEmbed Module Security Bypass Vulnerability
http://secunia.com/advisories/42700/
Linux Kernel "irda_getsockopt()" Integer Underflow Weakness
http://secunia.com/advisories/42684/
logrotate Privilege Escalation Security Issue
http://secunia.com/advisories/42559/
CommunityManager.NET Authentication Bypass Vulnerability
http://secunia.com/advisories/42701/
IntegraXor Insecure Library Loading Vulnerability
http://secunia.com/advisories/42734/
JobAppr Multiple Vulnerabilities
http://secunia.com/advisories/42709/
WordPress Accept Signups Plugin "email" Script Insertion Vulnerability
http://secunia.com/advisories/42641/
Joomla! JE Auto Component "view" Local File Inclusion Vulnerability
http://secunia.com/advisories/42705/
Microsoft IIS FTP Server Telnet IAC Character Encoding Vulnerability
http://secunia.com/advisories/42713/
Debian update for xpdf
http://secunia.com/advisories/42691/
Red Hat update for git
http://secunia.com/advisories/42731/
Mitel Audio and Web Conferencing (AWC) Shell Command Injection Vulnerability
http://secunia.com/advisories/42697/
Microsoft WMI Administrative Tools WMI Object Viewer ActiveX Control Vulnerabilities
http://secunia.com/advisories/42693/
Blue Coat Reporter OpenSSL Multiple Vulnerabilities
http://secunia.com/advisories/42733/
Blue Coat Reporter OpenSSL Multiple Vulnerabilities
http://secunia.com/advisories/42724/
IntegraXor "file_name" File Disclosure Vulnerability
http://secunia.com/advisories/42730/
VMware ESXi Update Installer SFCB Authentication Security Bypass
http://secunia.com/advisories/42591/
Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch Vulnerability
http://www.securiteam.com/unixfocus/6M03G0U0KS.html
Landesk OS Command Injection Vulnerability
http://www.securiteam.com/unixfocus/6N03H0U0KW.html
Vulnerability Note VU#842372: Microsoft IIS FTP server memory corruption vulnerability
http://www.kb.cert.org/vuls/id/842372
Vulnerability Note VU#725596: Microsoft WMI Administrative Tools WBEMSingleView.ocx ActiveX control vulnerability
http://www.kb.cert.org/vuls/id/725596
Microsoft Internet Explorer Recursive CSS Import Memory Corruption Error Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Dec/1024922.html
Microsoft IIS FTP Server Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/Dec/1024921.html
VMware ESXi Update Installer SFCB Authentication Lets Remote Users Gain Access
http://securitytracker.com/alerts/2010/Dec/1024917.html
SAP Crystal Reports Print ActiveX Control Buffer Overflow
http://securityreason.com/securityalert/7970
Radius Manager 3.8.0 Multiple XSS Vulnerabilities
http://securityreason.com/securityalert/7969
Pointter PHP Content Management System Unauthorized Privilege Escalation
http://securityreason.com/securityalert/7968
Pointter PHP Micro-Blogging Social Network Unauthorized Privilege Escalation
http://securityreason.com/securityalert/7967
REMOTE: WMITools ActiveX Remote Command Execution Exploit 0day
http://www.exploit-db.com/exploits/15809/
YPNinc Realty Classifieds "id" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/3310
Built2Go PHP Shopping "cat" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/3309
D-Link WBR-1310 Wireless G Router Authentication Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/3308
Fedora Security Update Fixes Seamonkey Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/3307
Serendipity Xinha Plugins File Upload Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/3306
Microsoft Internet Information Services (IIS) FTP Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3305
Ecava IntegraXor "file_name" Parameter Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2010/3304
VMware ESXi Update Installer SFCB Authentication Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/3303
Blue Coat Reporter Security Update Fixes Multiple SSL/TLS Vulnerabilities
http://www.vupen.com/english/advisories/2010/3302
Microsoft WMI Administrative Tools Trusted Value Remote Code Execution
http://www.vupen.com/english/advisories/2010/3301
Mitel Audio and Web Conferencing "xml" Command Injection Vulnerability
http://www.vupen.com/english/advisories/2010/3300
Symantec PGP Universal Web Messenger URL Redirection Weakness
http://www.vupen.com/english/advisories/2010/3299
Redhat Security Update Fixes GIT Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/3298
Redhat Security Update Fixes mod-auth-mysql SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/3297
Debian Security Update Fixes Tor Remote Heap Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3296
Debian Security Update Fixes Xpdf Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/3295
Linux Kernel Unix Sockets Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/45037
Linux Kernel Local Address Limit Override Security Weakness
http://www.securityfocus.com/bid/45159
Linux Kernel 'perf_event_mmap()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/44861
Linux Kernel 'net/core/filter.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/44758
Linux Kernel 'drivers/scsi/gdth.c' IOCTL Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44648
Linux Kernel Block Layer Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/44793
Linux Kernel Invalid 'fs' and 'gs' Registry Denial of Service Vulnerability
http://www.securityfocus.com/bid/44500
Linux Kernel CAN Protocol Information Disclosure Vulnerability
http://www.securityfocus.com/bid/44661
Linux Kernel 915 GEM IOCTL Local Memory Overwrite Vulnerability
http://www.securityfocus.com/bid/44067
Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability
http://www.securityfocus.com/bid/44242
Linux Kernel ALSA 'sound/core/control.c' Local Integer Overflow Vulnerability
http://www.securityfocus.com/bid/43787
Linux Kernel SCTP HMAC Handling Memory Corruption Vulnerability
http://www.securityfocus.com/bid/43701
Pidgin MSN Use-After-Free Denial of Service Vulnerability
http://www.securityfocus.com/bid/45024
Git gitweb 'index.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45439
ImageMagick 'configure.c' Configuration File Loading Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45044
Django 'django.contrib.admin' Querystring Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45562
CubeCart 'productId' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37065
PHP xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38708
PHP Versions Prior to 5.3.3/5.2.14 Multiple Vulnerabilities
http://www.securityfocus.com/bid/41991
PHP 'xml_utf8_decode()' UTF-8 Input Validation Vulnerability
http://www.securityfocus.com/bid/44605
PHP LCG Entropy Security Vulnerability
http://www.securityfocus.com/bid/38430
Apache APR-util 'apr_brigade_split_line' Denial of Service Vulnerability
http://www.securityfocus.com/bid/43673
Xpdf 'Gfx::getPos()' (CVE-2010-3702) Unitialized Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/43845
Poppler Multiple Denial of Service and Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/43594
OTRS Core System Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/43264
Zope Object Database ZEO Server 'StorageServer.py' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/43916
MIT Kerberos 5 Key Distribution Center 'KrbFastReq' Forgery Security Bypass Vulnerability
http://www.securityfocus.com/bid/45122
MIT Kerberos 5 1.3.x Checksum Multiple Remote Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/45118
MIT Kerberos 5 1.7.x Checksum Multiple Remote Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/45116
MIT Kerberos Checksum AD-SIGNEDPATH and AD-KDC-ISSUED Security Bypass Vulnerability
http://www.securityfocus.com/bid/45117
Python 'audioop' Module Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40370
Mono/Moonlight Generic Type Argument Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45051
Python 'audioop' Module Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40863
Python Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/44533
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Subversion Server 'SVNPathAuthz' Restriction Security Bypass Vulnerability
http://www.securityfocus.com/bid/43678
KDE KGet Security Bypass and Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/40141
OpenOffice Impress File Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/42202
Opera Web Browser Prior to 11.00 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/45461
ClamAV Prior to 0.96.5 Multiple Vulnerabilities
http://www.securityfocus.com/bid/45152
Microsoft Word (CVE-2010-3217) Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/43770
Microsoft Internet Explorer CSS Parsing Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45246
Microsoft IIS FTP Service Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45542
Symantec Endpoint Protection Reporting Module 'fw_charts.php' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45372
Appweb Web Server Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/45568
Social Share 'search' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/45566
MyBB 'keywords' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/45565
IBM Lotus Notes Traveler Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/45564
Django Password Reset Mechanism Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45563
OfflineIMAP SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/45561
TheHostingTool 'class_db.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/45560
Joomla! 'com_adsmanager' Component Remote File Include Vulnerability
http://www.securityfocus.com/bid/45559
Joomla 'com_ponygallery' Component Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/45558
Drupal Image Module Unspecified HTML Injection Vulnerability
http://www.securityfocus.com/bid/45557
Linux Kernel 'irda_getsockopt()' Local Integer Underflow Vulnerability
http://www.securityfocus.com/bid/45556
IPN Development Handler 'login.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/45555
D-Link WBR-1310 'tools_admin.cgi' CGI Script Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/45554
Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/45353
Mozilla Firefox CVE-2010-3778 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45344
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2010-3777 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45348
Mozilla Firefox and SeaMonkey Firebug 'XMLHttpRequestSpy' Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45354
Mozilla Firefox/SeaMonkey 'JSSLOT_ARRAY_COUNT' Annotation Integer Overflow Vulnerability
http://www.securityfocus.com/bid/45324
Mozilla Firefox Pseudo URL Same Origin Policy Security Bypass Vulnerability
http://www.securityfocus.com/bid/45314
Mozilla Firefox and SeaMonkey Java LiveConnect Script Security Bypass Vulnerability
http://www.securityfocus.com/bid/45355
Mozilla Firefox and SeaMonkey (CVE-2010-3772) Invalid Array Index Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45351
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2010-3776 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45347
Mozilla Firefox/Thunderbird/SeaMonkey OS Font Code Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/45352
Mozilla Firefox and SeaMonkey 'nsDOMAttribute' Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45326
Mozilla Firefox and SeaMonkey 'about:blank' Window Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45346
Mozilla Firefox/Thunderbird/SeaMonkey 'document.write()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45345
Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45546
Tor Unspecified Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45500
OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/35001
OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31692
OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35138
OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40502
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/34256
OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39013
OpenSSL 'bn_wexpend()' Error Handling Unspecified Vulnerability
http://www.securityfocus.com/bid/38562
OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38533
Drupal oEmbed Module Security Bypass Vulnerability
http://www.securityfocus.com/bid/45553
Apple Mobile Safari Crafted JavaScript '.' Assignment Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45552
logrotate Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45551
Ecava IntegraXor 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/45549
WordPress Accept Signups Plugin 'email' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/45548
Classified Component for Joomla! SQL Injection Vulnerability
http://www.securityfocus.com/bid/45545
2010年12月22日水曜日
22日 水曜日、先負
設定一括配布ツールで、2台目以降のサーバへの配布に失敗する
http://www.say-tech.co.jp/support/bom-for-windows/post-56/index.shtml
VMSA-2010-0020: VMware ESXi 4.1 Update Installer SFCB Authentication Flaw
http://www.vmware.com/security/advisories/VMSA-2010-0020.html
年末年始における注意喚起
http://www.ipa.go.jp/security/topics/alert221222.html
JVNVU#545319 Apple Time Capsule および AirPort Base Station (802.11n) における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU545319/index.html
JVNDB-2010-002459 ProFTPD の pr_netio_telnet_get 関数におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002459.html
JVNDB-2010-002458 ProFTPD の mod_site_misc モジュールにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002458.html
JVNDB-2010-001229 OpenSSL における複数の関数に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001229.html
JVNDB-2010-002284 複数の Mozilla 製品のブラウザエンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002284.html
JVNDB-2010-002072 複数の Mozilla 製品の SafeJSObjectWrapper 実装における同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002072.html
JVNDB-2010-002542 MIT Kerberos 5 における AD-SIGNEDPATH または AD-KDC-ISSUED 署名を偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002542.html
JVNDB-2010-002541 MIT Kerberos 5 における GSS トークンを偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002541.html
JVNDB-2010-002540 MIT Kerberos 5 における KRB-SAFE メッセージを偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002540.html
JVNDB-2010-002539 ISC DHCP サーバにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002539.html
JVNDB-2010-002538 Wireshark の ZigBee ZCL 解析部の epan/dissectors/packet-zbee-zcl.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002538.html
JVNDB-2010-002537 Wireshark の LDSS 解析部の dissect_ldss_transfer 関数におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002537.html
JVNDB-2010-002536 Wireshark の BER 解析部の dissect_ber_unknown 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002536.html
JVNDB-2009-002619 PHP の utf8_decode 関数におけるクロスサイトスクリプティングおよび SQL インジェクションに対する保護メカニズムを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002619.html
JVNDB-2010-002535 PHP の xml_utf8_decode 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002535.html
REMOTE: Citrix Access Gateway Command Injection Vulnerability
http://www.exploit-db.com/exploits/15806/
DoS: Apple iPhone Safari (JS .) Remote Crash
http://www.exploit-db.com/exploits/15805/
Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/43353
Linux Kernel 'net/sched/act_police.c' File Memory Leak Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42529
Linux Kernel 'XFS_IOC_FSGETXATTR' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43022
Linux Kernel Futex Macros Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/44754
+ Microsoft Internet Explorer CSS Parsing Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45246
RHSA-2010:1002-1: Moderate: mod_auth_mysql security update
http://rhn.redhat.com/errata/RHSA-2010-1002.html
RHSA-2010:1003-1: Moderate: git security update
http://rhn.redhat.com/errata/RHSA-2010-1003.html
Struts 2.2.1.1 General Availability Release
http://struts.apache.org/2.2.1.1/index.html
Apache httpd 2.3.10-alpha Released
http://www.apache.org/dist/httpd/Announcement2.3.txt
http://www.apache.org/dist/httpd/CHANGES_2.3
NTP 4.2.7p100 Development released
http://archive.ntp.org/ntp4/ChangeLog-dev
Linux Kernel release: 2.6.37-rc7
http://www.linux.org/news/2010/12/21/0001.html
Trend Micro Threat Discovery Appliance / Trend Micro Threat Mitigator のサポート終了日程更新のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1505
eVuln : [EV0166] "postid" SQL Injection in Social Share
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34544
Mandriva : [MDVSA-2010:258] mozilla-thunderbird
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34532
MyBB Development Team : MyBB 1.6 <= Cross Site Scripting (XSS) Vulnerability http://www.criticalwatch.com/support/security-advisories.aspx?AID=34553
Red Hat : [RHSA-2010:0998-01] Low: kvm security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34528
Red Hat : [RHSA-2010:0999-01] Moderate: libvpx security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34529
Red Hat : [RHSA-2010:1000-01] Important: bind security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34530
Secunia : SAP Crystal Reports Print ActiveX Control Buffer Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34547
Secunia : RealPlayer AAC Spectral Data Parsing Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34548
Secunia : RealPlayer "cook" Uninitialised Memory Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34549
Secunia : RealPlayer "cook" Arbitrary Free Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34550
Sense of Security : [SOS-10-004] Elcom CommunityManager.NET Auth Bypass Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34555
Debian : [DSA 2134-1] Upcoming changes in advisory format
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34537
eVuln : [EV0164] Non-persistent XSS in Social Share
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34543
eVuln : [EV0165] "link" and "linkdescription" XSS in Social Share
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34545
Independent Researcher : Alt-N WebAdmin Source Code Disclosure
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34558
Mandriva : [MDVSA-2010:257] kernel
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34531
OpenBSD : OpenBSD CARP Hash Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34552
Check Point Software Technologies : Embedded Video WordPress Plugin Cross Site Vulnerability (XSS)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34554
Check Point Software Technologies : Apple Quicktime Memory Corruption - CVE-2010-3801
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34557
Check Point Software Technologies : Radius Manager Multiple Cross Site Scripting (XSS) Vulnerabilities - CVE-2010-4275
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34562
Gentoo Linux : [GLSA 201012-01] Chromium: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34559
Hewlett-Packard : Your HP-UX UNIX Security Bulletin Notification
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34534
Hewlett-Packard : Your HP Storage SW Security Bulletin Notification
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34535
Hewlett-Packard : Your HP Management Agents Security Bulletin Notification
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34536
High-Tech Bridge SA : [HTB22724] XSS vulnerability in BLOG:CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34538
High-Tech Bridge SA : XSS vulnerability in BLOG:CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34539
High-Tech Bridge SA : [HTB22723] XSS vulnerability in BEdita
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34540
High-Tech Bridge SA : [HTB22727] XSRF (CSRF) in BLOG:CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34541
High-Tech Bridge SA : [HTB22729] XSRF (CSRF) in BEdita
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34542
High-Tech Bridge SA : [HTB22728] Stored Cross Site Scripting vulnerability in BEdita
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34546
High-Tech Bridge SA : [HTB22726] cross site scripting vulnerability in BLOG:CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34556
SuSE : [SUSE-SA:2010:061] IBM Java 1.4.2
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34526
Apple : [APPLE-SA-2010-12-16-1] Time Capsule and AirPort Base Station (802.11n) Firmware 7.5.2
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34533
プレス発表
「安全なウェブサイトの作り方」のダウンロード件数が250万件を突破
~安全なウェブサイト実現に向けたIPAの取組み~
http://www.ipa.go.jp/about/press/20101221.html
2010年は「ガンブラー」が猛威、「有名サイトでウイルス感染」の時代に
トレンドマイクロが感染報告数を集計、「わな」ウイルスが上位に
http://itpro.nikkeibp.co.jp/article/NEWS/20101222/355540/?ST=security
4割以上は「Adobe Reader」を更新していない――危険な実態が明らかに
IPAのセキュリティ意識調査、「4人に1人はセキュリティ対策ソフトなし」
http://itpro.nikkeibp.co.jp/article/NEWS/20101222/355539/?ST=security
高騰する「サイバー攻撃ツール」、犯罪者集団が7000万ドルを荒稼ぎ
2010年のセキュリティ動向をラックが解説、「1万ドル以上のツールも」
http://itpro.nikkeibp.co.jp/article/NEWS/20101221/355453/?ST=security
JVNVU#159528 ISC DHCP にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU159528/index.html
JVNVU#568372 NTP におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU568372/index.html
JVNDB-2010-001824 複数の Mozilla 製品におけるクロスサイトスクリプティングを誘導される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001824.html
JVNDB-2010-001299 複数の Mozilla 製品の XMLDocument::load 関数におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001299.html
JVNDB-2010-001297 Mozilla Firefox/SeaMonkey における任意の JavaScript を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001297.html
JVNDB-2010-001296 Mozilla Firefox/SeaMonkey における任意の JavaScript を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001296.html
JVNDB-2010-001294 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001294.html
JVNDB-2010-001293 複数の Mozilla 製品 の nsTreeSelection の実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001293.html
JVNDB-2010-001292 複数の Mozilla 製品 のブラウザエンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001292.html
JVNDB-2010-001291 複数の Mozilla 製品 のブラウザエンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001291.html
JVNDB-2010-001206 Mozilla Thunderbird/SeaMonkey における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001206.html
JVNDB-2010-002089 Adobe Flash に脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002089.html
JVNDB-2010-002534 CVS の rcs.c 内にある apply_rcs_change 関数における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002534.html
JVNDB-2010-002533 Microsoft Windows の RtlQueryRegistryValues() 関数におけるレジストリデータ検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002533.html
JVNDB-2010-002532 RealFlex RealWin HMI サービスにバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002532.html
JVNDB-2010-002531 Apache Tomcat の Manager アプリケーションにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002531.html
JVNDB-2010-002530 Webmin および Usermin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002530.html
JVNDB-2010-002529 Interstage Application Server における許可されていない IP アドレスからのリクエストのアクセスを許可する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002529.html
JVNDB-2010-002528 日立の Groupmax 関連製品におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002528.html
PR10-14 Unauthenticated command execution within Mitels AWC (Mitel Audio and Web Conferencing)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00221.html
[security bulletin] HPSBST02619 SSRT100281 rev.1 - HP StorageWorks Storage Mirroring, Remote Exe
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00218.html
http://www.evuln.com/ : Authentication Bypass by SQL Injection in Social Share
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00217.html
XSS vulnerability in ImpressCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00216.html
Path disclosure in HTML-EDIT CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00231.html
XSS in HTML-EDIT CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00213.html
XSS vulnerability in Habari
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00211.html
Path disclosure in Habari
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00210.html
SQL Injection in HTML-EDIT CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00207.html
XSS vulnerability in Habari
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00206.html
Path disclosure in GetSimple CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00203.html
SQL injection in Hycus CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00204.html
SQL injection in Hycus CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00227.html
SQL injection in Hycus CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00222.html
XSS vulnerability in Injader CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00226.html
SQL injection in Injader CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00205.html
SQL injection in Injader CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00224.html
XSS vulnerability in Injader CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00214.html
SQL injection in Hycus CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00223.html
LFI in Hycus CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00220.html
nSense-2010-005: Winamp
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00209.html
nSense-2010-004: Sybase Afaria
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00215.html
[waraxe-2010-SA#077] - Multiple Vulnerabilities in Calibre 0.7.34
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00219.html
[ MDVSA-2010:258 ] mozilla-thunderbird
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00228.html
Secunia Research: Microsoft Office FlashPix Tile Data Two Buffer Overflows
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00208.html
Secunia Research: Microsoft Office FlashPix Property Set Parsing Buffer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00201.html
Secunia Research: Microsoft Office TIFF Image Converter Two Buffer Overflows
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00229.html
Secunia Research: Microsoft Office Document Imaging Endian Conversion Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00202.html
Secunia Research: Microsoft Office TIFF Image Converter Endian Conversion Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00212.html
Secunia Research: Microsoft Office PICT Filter Integer Truncation Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00230.html
Network Reliability, Part 2 - HSRP Attacks and Defenses
http://isc.sans.edu/diary.html?storyid=10120
Oracle Multiple Products HTTP Request Buffer Overflow Vulnerability
http://www.securiteam.com/securitynews/6U03I0A0KM.html
Microsoft Office Excel Ghost Record Type Parsing Vulnerability
http://www.securiteam.com/windowsntfocus/6T03H0A0KQ.html
SAP Crystal Reports JobServer GIOP Request Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/6V03J0A0KI.html
Microsoft Internet Explorer EOT File hdmx Parsing Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/6X03L0A0KA.html
Microsoft Windows OpenType CFF Parsing Vulnerability
http://www.securiteam.com/windowsntfocus/6S03G0A0KW.html
Microsoft Internet Explorer Stylesheet PrivateFind Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/6W03K0A0KC.html
HP StorageWorks Storage Mirroring Unspecified Flaw Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Dec/1024916.html
ManageEngine OpManager "viewCount" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/42719/
Vacation Rental Script File Upload Vulnerability
http://secunia.com/advisories/42636/
Calibre Cross-Site Scripting and File Disclosure Vulnerabilities
http://secunia.com/advisories/42689/
ImpressCMS "quicksearch_ContentContent" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/42695/
PrestaShop Cross-Site Scripting Vulnerability
http://secunia.com/advisories/42503/
Openfiler "device" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/42507/
Hycus CMS Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/42567/
FreeNAS "lang" File Inclusion Vulnerability
http://secunia.com/advisories/42635/
Habari "additem_form" and "status_data[]" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/42688/
Html-edit CMS Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/42664/
Sybase Afaria Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/42686/
MHonArc HTML Mail Conversion Cross-Site Scripting Vulnerability
http://secunia.com/advisories/42694/
HP StorageWorks Storage Mirroring Software Unspecified Code Execution Vulnerability
http://secunia.com/advisories/42696/
AhnLab V3 Internet Security "AhnRec2k.sys" Privilege Escalation Vulnerability
http://secunia.com/advisories/42685/
Red Hat update for libvpx
http://secunia.com/advisories/42690/
Red Hat update for bind
http://secunia.com/advisories/42707/
MyBB "url" and "posthash" Parameters Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/3294
MP3 CD Converter Playlist Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3293
Word Splash Pro Word List Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3292
HP StorageWorks Storage Mirroring Remote Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/3291
Tor Unspecified Data Processing Remote Heap Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3290
Redhat Security Update Fixes BIND Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/3289
Redhat Security Update Fixes libvpx Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2010/3288
Redhat Security Update Fixes KVM Memory Disclosure Vulnerability
http://www.vupen.com/english/advisories/2010/3287
Mandriva Security Update Fixes Thunderbird Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/3286
REMOTE: Ecava IntegraXor 3.6.4000.0 Directory Traversal
http://www.exploit-db.com/exploits/15802/
DoS: Windows 7 IIS7.5 FTPSVC UNAUTH'D Remote DoS PoC
http://www.exploit-db.com/exploits/15803/
DoS: Apple iPhone Safari (decodeURIComponent) Remote Crash
http://www.exploit-db.com/exploits/15796/
Linux Kernel 'io_submit_one()' NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/44755
Xen 'arch/ia64/xen/faults.c' Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40776
Linux Kernel CIFS 'CIFSSMBWrite()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/42242
Linux Kernel XSF 'SWAPEXT' IOCTL Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40920
Linux Kernel CVE-2010-2066 Donor File Security Bypass Vulnerability
http://www.securityfocus.com/bid/41466
Linux Kernel CIFS DNS Lookup Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/41904
Linux Kernel Bluetooth Sysfs File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38898
Microsoft Internet Explorer CSS Parsing Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45246
Git gitweb 'index.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45439
'mod_auth_mysql' Package Multibyte Character Encoding SQL Injection Vulnerability
http://www.securityfocus.com/bid/33392
Xpdf 'FoFiType1::parse()' Array Indexing Error Vulnerability
http://www.securityfocus.com/bid/43841
Xpdf 'Gfx::getPos()' (CVE-2010-3702) Unitialized Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/43845
Citrix Access Gateway User Credentials Command Injection Vulnerability
http://www.securityfocus.com/bid/45402
Microsoft Office PICT Image Converter (CVE-2010-3946) Integer Overflow Vulnerability
http://www.securityfocus.com/bid/45273
Microsoft Internet Explorer Select HTML Element Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45260
Microsoft Internet Explorer Uninitialized Object CVE-2010-3343 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45259
Microsoft Internet Explorer Uninitialized Object CVE-2010-3340 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45255
Winamp 'in_midi' Component MIDI Timestamp Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45221
Microsoft Office FlashPix Image Converter (CVE-2010-3952) Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/45283
Microsoft Office FlashPix Image Converter (CVE-2010-3951) Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45278
VMware ESXi Update Installer Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/45543
Microsoft IIS FTPSVC Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45542
ImpressCMS 'quicksearch_ContentContent' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/45541
Mediatricks Viva Thumbs Plugin for WordPress Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/45539
Injader Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/45538
Mitel Audio and Web Conferencing (AWC) Remote Arbitrary Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/45537
Social Share 'username' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/45536
Ecava IntegraXor 'file_name' Parameter Directory Traversal Vulnerability
http://www.securityfocus.com/bid/45535
XGallery Component for Joomla! 'file' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/45534
Calibre Cross Site Scripting and Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/45532
PrestaShop 1.3.3 Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45531
Habari Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45530
Sybase Afaria Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/45529
MHonArc HTML Mail Conversion Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/45528
Hycus CMS Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/45527
HP StorageWorks Storage Mirroring (CVE-2010-4116) Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45526
S9Y Serendipity 'manager.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/45525
Apple Mobile Safari 'decodeURIComponent' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45524
Openfiler 'device' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/45523
FreeNAS 'index.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45522
http://www.say-tech.co.jp/support/bom-for-windows/post-56/index.shtml
VMSA-2010-0020: VMware ESXi 4.1 Update Installer SFCB Authentication Flaw
http://www.vmware.com/security/advisories/VMSA-2010-0020.html
年末年始における注意喚起
http://www.ipa.go.jp/security/topics/alert221222.html
JVNVU#545319 Apple Time Capsule および AirPort Base Station (802.11n) における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU545319/index.html
JVNDB-2010-002459 ProFTPD の pr_netio_telnet_get 関数におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002459.html
JVNDB-2010-002458 ProFTPD の mod_site_misc モジュールにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002458.html
JVNDB-2010-001229 OpenSSL における複数の関数に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001229.html
JVNDB-2010-002284 複数の Mozilla 製品のブラウザエンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002284.html
JVNDB-2010-002072 複数の Mozilla 製品の SafeJSObjectWrapper 実装における同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002072.html
JVNDB-2010-002542 MIT Kerberos 5 における AD-SIGNEDPATH または AD-KDC-ISSUED 署名を偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002542.html
JVNDB-2010-002541 MIT Kerberos 5 における GSS トークンを偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002541.html
JVNDB-2010-002540 MIT Kerberos 5 における KRB-SAFE メッセージを偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002540.html
JVNDB-2010-002539 ISC DHCP サーバにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002539.html
JVNDB-2010-002538 Wireshark の ZigBee ZCL 解析部の epan/dissectors/packet-zbee-zcl.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002538.html
JVNDB-2010-002537 Wireshark の LDSS 解析部の dissect_ldss_transfer 関数におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002537.html
JVNDB-2010-002536 Wireshark の BER 解析部の dissect_ber_unknown 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002536.html
JVNDB-2009-002619 PHP の utf8_decode 関数におけるクロスサイトスクリプティングおよび SQL インジェクションに対する保護メカニズムを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002619.html
JVNDB-2010-002535 PHP の xml_utf8_decode 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002535.html
REMOTE: Citrix Access Gateway Command Injection Vulnerability
http://www.exploit-db.com/exploits/15806/
DoS: Apple iPhone Safari (JS .) Remote Crash
http://www.exploit-db.com/exploits/15805/
Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/43353
Linux Kernel 'net/sched/act_police.c' File Memory Leak Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42529
Linux Kernel 'XFS_IOC_FSGETXATTR' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43022
Linux Kernel Futex Macros Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/44754
+ Microsoft Internet Explorer CSS Parsing Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45246
RHSA-2010:1002-1: Moderate: mod_auth_mysql security update
http://rhn.redhat.com/errata/RHSA-2010-1002.html
RHSA-2010:1003-1: Moderate: git security update
http://rhn.redhat.com/errata/RHSA-2010-1003.html
Struts 2.2.1.1 General Availability Release
http://struts.apache.org/2.2.1.1/index.html
Apache httpd 2.3.10-alpha Released
http://www.apache.org/dist/httpd/Announcement2.3.txt
http://www.apache.org/dist/httpd/CHANGES_2.3
NTP 4.2.7p100 Development released
http://archive.ntp.org/ntp4/ChangeLog-dev
Linux Kernel release: 2.6.37-rc7
http://www.linux.org/news/2010/12/21/0001.html
Trend Micro Threat Discovery Appliance / Trend Micro Threat Mitigator のサポート終了日程更新のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1505
eVuln : [EV0166] "postid" SQL Injection in Social Share
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34544
Mandriva : [MDVSA-2010:258] mozilla-thunderbird
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34532
MyBB Development Team : MyBB 1.6 <= Cross Site Scripting (XSS) Vulnerability http://www.criticalwatch.com/support/security-advisories.aspx?AID=34553
Red Hat : [RHSA-2010:0998-01] Low: kvm security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34528
Red Hat : [RHSA-2010:0999-01] Moderate: libvpx security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34529
Red Hat : [RHSA-2010:1000-01] Important: bind security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34530
Secunia : SAP Crystal Reports Print ActiveX Control Buffer Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34547
Secunia : RealPlayer AAC Spectral Data Parsing Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34548
Secunia : RealPlayer "cook" Uninitialised Memory Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34549
Secunia : RealPlayer "cook" Arbitrary Free Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34550
Sense of Security : [SOS-10-004] Elcom CommunityManager.NET Auth Bypass Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34555
Debian : [DSA 2134-1] Upcoming changes in advisory format
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34537
eVuln : [EV0164] Non-persistent XSS in Social Share
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34543
eVuln : [EV0165] "link" and "linkdescription" XSS in Social Share
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34545
Independent Researcher : Alt-N WebAdmin Source Code Disclosure
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34558
Mandriva : [MDVSA-2010:257] kernel
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34531
OpenBSD : OpenBSD CARP Hash Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34552
Check Point Software Technologies : Embedded Video WordPress Plugin Cross Site Vulnerability (XSS)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34554
Check Point Software Technologies : Apple Quicktime Memory Corruption - CVE-2010-3801
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34557
Check Point Software Technologies : Radius Manager Multiple Cross Site Scripting (XSS) Vulnerabilities - CVE-2010-4275
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34562
Gentoo Linux : [GLSA 201012-01] Chromium: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34559
Hewlett-Packard : Your HP-UX UNIX Security Bulletin Notification
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34534
Hewlett-Packard : Your HP Storage SW Security Bulletin Notification
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34535
Hewlett-Packard : Your HP Management Agents Security Bulletin Notification
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34536
High-Tech Bridge SA : [HTB22724] XSS vulnerability in BLOG:CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34538
High-Tech Bridge SA : XSS vulnerability in BLOG:CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34539
High-Tech Bridge SA : [HTB22723] XSS vulnerability in BEdita
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34540
High-Tech Bridge SA : [HTB22727] XSRF (CSRF) in BLOG:CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34541
High-Tech Bridge SA : [HTB22729] XSRF (CSRF) in BEdita
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34542
High-Tech Bridge SA : [HTB22728] Stored Cross Site Scripting vulnerability in BEdita
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34546
High-Tech Bridge SA : [HTB22726] cross site scripting vulnerability in BLOG:CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34556
SuSE : [SUSE-SA:2010:061] IBM Java 1.4.2
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34526
Apple : [APPLE-SA-2010-12-16-1] Time Capsule and AirPort Base Station (802.11n) Firmware 7.5.2
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34533
プレス発表
「安全なウェブサイトの作り方」のダウンロード件数が250万件を突破
~安全なウェブサイト実現に向けたIPAの取組み~
http://www.ipa.go.jp/about/press/20101221.html
2010年は「ガンブラー」が猛威、「有名サイトでウイルス感染」の時代に
トレンドマイクロが感染報告数を集計、「わな」ウイルスが上位に
http://itpro.nikkeibp.co.jp/article/NEWS/20101222/355540/?ST=security
4割以上は「Adobe Reader」を更新していない――危険な実態が明らかに
IPAのセキュリティ意識調査、「4人に1人はセキュリティ対策ソフトなし」
http://itpro.nikkeibp.co.jp/article/NEWS/20101222/355539/?ST=security
高騰する「サイバー攻撃ツール」、犯罪者集団が7000万ドルを荒稼ぎ
2010年のセキュリティ動向をラックが解説、「1万ドル以上のツールも」
http://itpro.nikkeibp.co.jp/article/NEWS/20101221/355453/?ST=security
JVNVU#159528 ISC DHCP にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU159528/index.html
JVNVU#568372 NTP におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU568372/index.html
JVNDB-2010-001824 複数の Mozilla 製品におけるクロスサイトスクリプティングを誘導される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001824.html
JVNDB-2010-001299 複数の Mozilla 製品の XMLDocument::load 関数におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001299.html
JVNDB-2010-001297 Mozilla Firefox/SeaMonkey における任意の JavaScript を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001297.html
JVNDB-2010-001296 Mozilla Firefox/SeaMonkey における任意の JavaScript を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001296.html
JVNDB-2010-001294 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001294.html
JVNDB-2010-001293 複数の Mozilla 製品 の nsTreeSelection の実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001293.html
JVNDB-2010-001292 複数の Mozilla 製品 のブラウザエンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001292.html
JVNDB-2010-001291 複数の Mozilla 製品 のブラウザエンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001291.html
JVNDB-2010-001206 Mozilla Thunderbird/SeaMonkey における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001206.html
JVNDB-2010-002089 Adobe Flash に脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002089.html
JVNDB-2010-002534 CVS の rcs.c 内にある apply_rcs_change 関数における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002534.html
JVNDB-2010-002533 Microsoft Windows の RtlQueryRegistryValues() 関数におけるレジストリデータ検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002533.html
JVNDB-2010-002532 RealFlex RealWin HMI サービスにバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002532.html
JVNDB-2010-002531 Apache Tomcat の Manager アプリケーションにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002531.html
JVNDB-2010-002530 Webmin および Usermin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002530.html
JVNDB-2010-002529 Interstage Application Server における許可されていない IP アドレスからのリクエストのアクセスを許可する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002529.html
JVNDB-2010-002528 日立の Groupmax 関連製品におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002528.html
PR10-14 Unauthenticated command execution within Mitels AWC (Mitel Audio and Web Conferencing)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00221.html
[security bulletin] HPSBST02619 SSRT100281 rev.1 - HP StorageWorks Storage Mirroring, Remote Exe
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00218.html
http://www.evuln.com/ : Authentication Bypass by SQL Injection in Social Share
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00217.html
XSS vulnerability in ImpressCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00216.html
Path disclosure in HTML-EDIT CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00231.html
XSS in HTML-EDIT CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00213.html
XSS vulnerability in Habari
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00211.html
Path disclosure in Habari
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00210.html
SQL Injection in HTML-EDIT CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00207.html
XSS vulnerability in Habari
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00206.html
Path disclosure in GetSimple CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00203.html
SQL injection in Hycus CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00204.html
SQL injection in Hycus CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00227.html
SQL injection in Hycus CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00222.html
XSS vulnerability in Injader CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00226.html
SQL injection in Injader CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00205.html
SQL injection in Injader CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00224.html
XSS vulnerability in Injader CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00214.html
SQL injection in Hycus CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00223.html
LFI in Hycus CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00220.html
nSense-2010-005: Winamp
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00209.html
nSense-2010-004: Sybase Afaria
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00215.html
[waraxe-2010-SA#077] - Multiple Vulnerabilities in Calibre 0.7.34
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00219.html
[ MDVSA-2010:258 ] mozilla-thunderbird
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00228.html
Secunia Research: Microsoft Office FlashPix Tile Data Two Buffer Overflows
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00208.html
Secunia Research: Microsoft Office FlashPix Property Set Parsing Buffer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00201.html
Secunia Research: Microsoft Office TIFF Image Converter Two Buffer Overflows
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00229.html
Secunia Research: Microsoft Office Document Imaging Endian Conversion Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00202.html
Secunia Research: Microsoft Office TIFF Image Converter Endian Conversion Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00212.html
Secunia Research: Microsoft Office PICT Filter Integer Truncation Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00230.html
Network Reliability, Part 2 - HSRP Attacks and Defenses
http://isc.sans.edu/diary.html?storyid=10120
Oracle Multiple Products HTTP Request Buffer Overflow Vulnerability
http://www.securiteam.com/securitynews/6U03I0A0KM.html
Microsoft Office Excel Ghost Record Type Parsing Vulnerability
http://www.securiteam.com/windowsntfocus/6T03H0A0KQ.html
SAP Crystal Reports JobServer GIOP Request Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/6V03J0A0KI.html
Microsoft Internet Explorer EOT File hdmx Parsing Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/6X03L0A0KA.html
Microsoft Windows OpenType CFF Parsing Vulnerability
http://www.securiteam.com/windowsntfocus/6S03G0A0KW.html
Microsoft Internet Explorer Stylesheet PrivateFind Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/6W03K0A0KC.html
HP StorageWorks Storage Mirroring Unspecified Flaw Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Dec/1024916.html
ManageEngine OpManager "viewCount" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/42719/
Vacation Rental Script File Upload Vulnerability
http://secunia.com/advisories/42636/
Calibre Cross-Site Scripting and File Disclosure Vulnerabilities
http://secunia.com/advisories/42689/
ImpressCMS "quicksearch_ContentContent" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/42695/
PrestaShop Cross-Site Scripting Vulnerability
http://secunia.com/advisories/42503/
Openfiler "device" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/42507/
Hycus CMS Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/42567/
FreeNAS "lang" File Inclusion Vulnerability
http://secunia.com/advisories/42635/
Habari "additem_form" and "status_data[]" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/42688/
Html-edit CMS Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/42664/
Sybase Afaria Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/42686/
MHonArc HTML Mail Conversion Cross-Site Scripting Vulnerability
http://secunia.com/advisories/42694/
HP StorageWorks Storage Mirroring Software Unspecified Code Execution Vulnerability
http://secunia.com/advisories/42696/
AhnLab V3 Internet Security "AhnRec2k.sys" Privilege Escalation Vulnerability
http://secunia.com/advisories/42685/
Red Hat update for libvpx
http://secunia.com/advisories/42690/
Red Hat update for bind
http://secunia.com/advisories/42707/
MyBB "url" and "posthash" Parameters Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/3294
MP3 CD Converter Playlist Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3293
Word Splash Pro Word List Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3292
HP StorageWorks Storage Mirroring Remote Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/3291
Tor Unspecified Data Processing Remote Heap Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3290
Redhat Security Update Fixes BIND Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/3289
Redhat Security Update Fixes libvpx Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2010/3288
Redhat Security Update Fixes KVM Memory Disclosure Vulnerability
http://www.vupen.com/english/advisories/2010/3287
Mandriva Security Update Fixes Thunderbird Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/3286
REMOTE: Ecava IntegraXor 3.6.4000.0 Directory Traversal
http://www.exploit-db.com/exploits/15802/
DoS: Windows 7 IIS7.5 FTPSVC UNAUTH'D Remote DoS PoC
http://www.exploit-db.com/exploits/15803/
DoS: Apple iPhone Safari (decodeURIComponent) Remote Crash
http://www.exploit-db.com/exploits/15796/
Linux Kernel 'io_submit_one()' NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/44755
Xen 'arch/ia64/xen/faults.c' Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40776
Linux Kernel CIFS 'CIFSSMBWrite()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/42242
Linux Kernel XSF 'SWAPEXT' IOCTL Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40920
Linux Kernel CVE-2010-2066 Donor File Security Bypass Vulnerability
http://www.securityfocus.com/bid/41466
Linux Kernel CIFS DNS Lookup Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/41904
Linux Kernel Bluetooth Sysfs File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38898
Microsoft Internet Explorer CSS Parsing Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45246
Git gitweb 'index.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45439
'mod_auth_mysql' Package Multibyte Character Encoding SQL Injection Vulnerability
http://www.securityfocus.com/bid/33392
Xpdf 'FoFiType1::parse()' Array Indexing Error Vulnerability
http://www.securityfocus.com/bid/43841
Xpdf 'Gfx::getPos()' (CVE-2010-3702) Unitialized Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/43845
Citrix Access Gateway User Credentials Command Injection Vulnerability
http://www.securityfocus.com/bid/45402
Microsoft Office PICT Image Converter (CVE-2010-3946) Integer Overflow Vulnerability
http://www.securityfocus.com/bid/45273
Microsoft Internet Explorer Select HTML Element Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45260
Microsoft Internet Explorer Uninitialized Object CVE-2010-3343 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45259
Microsoft Internet Explorer Uninitialized Object CVE-2010-3340 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45255
Winamp 'in_midi' Component MIDI Timestamp Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45221
Microsoft Office FlashPix Image Converter (CVE-2010-3952) Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/45283
Microsoft Office FlashPix Image Converter (CVE-2010-3951) Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45278
VMware ESXi Update Installer Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/45543
Microsoft IIS FTPSVC Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45542
ImpressCMS 'quicksearch_ContentContent' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/45541
Mediatricks Viva Thumbs Plugin for WordPress Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/45539
Injader Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/45538
Mitel Audio and Web Conferencing (AWC) Remote Arbitrary Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/45537
Social Share 'username' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/45536
Ecava IntegraXor 'file_name' Parameter Directory Traversal Vulnerability
http://www.securityfocus.com/bid/45535
XGallery Component for Joomla! 'file' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/45534
Calibre Cross Site Scripting and Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/45532
PrestaShop 1.3.3 Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45531
Habari Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45530
Sybase Afaria Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/45529
MHonArc HTML Mail Conversion Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/45528
Hycus CMS Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/45527
HP StorageWorks Storage Mirroring (CVE-2010-4116) Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45526
S9Y Serendipity 'manager.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/45525
Apple Mobile Safari 'decodeURIComponent' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45524
Openfiler 'device' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/45523
FreeNAS 'index.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45522
登録:
投稿 (Atom)