CESA-2010:0926 (krb5)
http://lwn.net/Alerts/418004/
UPDATE: APSB10-28: Security updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb10-28.html
Development release of BIND 10: bind10-devel-20101201
http://bind10.isc.org/
Apache Tomcat 6.0.30 (not yet released)
http://tomcat.apache.org/security-6.html#Fixed_in_SVN_for_Apache_Tomcat_6.0.30_(not_yet_released)
Postfix 2.8 Snapshot 20101201
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.8-20101201.HISTORY
Devel-NYTProf-4.06 released
http://search.cpan.org/~timb/Devel-NYTProf-4.06/
Robert Hansen and our happiness
http://isc.sans.edu/diary.html?storyid=10018
JBoss Enterprise Application Platform Bugs Let Remote Users Execute Arbitrary Code, Deny Service, and Conduct Cross-Site Request Forgery Attacks
http://securitytracker.com/alerts/2010/Dec/1024813.html
Adobe Acrobat, Reader, and Flash CVE-2010-3654 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44504
Adobe Reader 9.4 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44638
Cisco CiscoWorks Common Services Web Server Module Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44468
+ BIND 9.7.2-P3, 9.6.2-P3, 9.6-ESV-R3 and 9.4-ESV-R4 are now available
http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html
http://ftp.isc.org/isc/bind9/9.6.2-P3/RELEASE-NOTES-BIND-9.6.2-P3.html
http://ftp.isc.org/isc/bind9/9.6-ESV-R3/RELEASE-NOTES-BIND-9.6-ESV-R3.html
http://ftp.isc.org/isc/bind9/9.4-ESV-R4/RELEASE-NOTES-BIND-9.4-ESV-R4.html
+ BIND: Key algorithm rollover bug in bind9
http://www.isc.org/software/bind/advisories/cve-2010-3614
http://www.kb.cert.org/vuls/id/837744
http://www.securityfocus.com/bid/45137
+ HPSBUX02610 SSRT100341 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS)
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02629503
+ RHSA-2010:0936-1: Important: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2010-0936.html
- BIND: allow-query processed incorrectly
http://www.isc.org/software/bind/advisories/cve-2010-3615
http://www.kb.cert.org/vuls/id/510208
http://www.securityfocus.com/bid/45134
- BIND: cache incorrectly allows a ncache entry and a rrsig for the same type
http://www.isc.org/software/bind/advisories/cve-2010-3613
http://www.kb.cert.org/vuls/id/706148
http://www.securityfocus.com/bid/45133
- Perl CGI-Simple 'multipart/x-mixed-replace' MIME Boundary HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/45144
[ANNOUNCE] Database Designer for PostgreSQL 1.3.0 is out!
http://microolap.com/products/database/postgresql-designer/download/
[ANN] Apache Tomcat 7.0.5 beta released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
Wireshark 1.4.2 released
http://www.wireshark.org/docs/relnotes/
Fixed inApache Tomcat 7.0.5: low: Cross-site scripting CVE-2010-4172
http://tomcat.apache.org/security-7.html#Fixed_inApache_Tomcat_7.0.5
Tomcat 7.0.5 Beta Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
UPDATE: Cisco Security Advisory: CiscoWorks Common Services Arbitrary Code Execution Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml
eVuln : [EV0150] Multiple XSS inj in Wernhart Guestbook
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34374
eVuln : [EV0149] Multiple SQL injections in Wernhart Guestbook
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34375
Mandriva : [MDVSA-2010:245] krb5 spoofing issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34371
Mandriva : [MDVSA-2010:246] krb5 token-forgery, authentication-bypass
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34372
Apache Archiva Team : Apache Archiva CSRF Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34376
Core Security Technologies : [CORE-2010-1109] Multiple vulnerabilities in BugTracker.Net
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34377
iPhoneでURLを偽装できる問題、フィッシングに悪用される恐れ
研究者がデモページを公開、本物のアドレスバーを隠して偽物を表示
http://itpro.nikkeibp.co.jp/article/NEWS/20101202/354764/?ST=security
「パソコンを起動したければ100ドル払え」、相次ぐ“脅迫ウイルス”
MBRを書き換えて起動不能に、起動用パスワードの購入を迫る
http://itpro.nikkeibp.co.jp/article/NEWS/20101202/354763/?ST=security
JVNDB-2010-002431 Apple Mac OS X の QuickTime におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002431.html
JVNDB-2010-002430 Apple Mac OS X の QuickLook における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002430.html
JVNDB-2010-002429 Apple Mac OS X の QuickLook におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002429.html
JVNDB-2010-002428 Apple Mac OS X の Printing におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002428.html
JVNDB-2010-002427 Apple Mac OS X のパスワードサーバにおけるパスワードの認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002427.html
[SECURITY] [DSA-2129-1] New krb5 packages fix checksum verification weakness
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00009.html
[SECURITY] [DSA-2128-1] New libxml2 packages fix potential code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00010.html
[USN-1025-1] Bind vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00008.html
Vulnerabilities in Fabrica Engine
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00007.html
Digitalus 1.10.0 Alpha2 Arbitrary File Upload vulnerability.txt
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00003.html
Secunia Research: Winamp NSV Table of Contents Parsing Integer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00005.html
[eVuln.com] Multiple XSS in Alguest
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00004.html
[ MDVSA-2010:246 ] krb5
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00001.html
[ MDVSA-2010:245 ] krb5
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00002.html
CORE-2010-1109 - Multiple vulnerabilities in BugTracker.Net
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00000.html
代理監視にてリモートコンピューターを監視する場合
http://www.say-tech.co.jp/support/bom-for-windows/post-55/index.shtml
McAfee Security Bulletin Released
http://isc.sans.edu/diary.html?storyid=10012
A Gentle Reminder - It is that time of year again
http://isc.sans.edu/diary.html?storyid=10015
Vulnerability Note VU#706148: ISC BIND cache vulnerability
http://www.kb.cert.org/vuls/id/706148
Vulnerability Note VU#510208: ISC BIND named allow-query vulnerability
http://www.kb.cert.org/vuls/id/510208
Vulnerability Note VU#837744: ISC BIND named validator vulnerability
http://www.kb.cert.org/vuls/id/837744
WordPress Input Validation Flaw in do_trackbacks() Lets Remote Authenticated Users Inject SQL Commands
http://securitytracker.com/alerts/2010/Dec/1024809.html
CA Internet Security Suite Buffer Overflow in 'KmxSbx.sys'Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Dec/1024808.html
Red Hat Enterprise MRG Messaging Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Dec/1024806.html
PHP Validation Flaw in utf8_decode() Permits Cross-Site Scripting Attacks and Lets Remote Users Inject SQL Commands
http://securitytracker.com/alerts/2010/Nov/1024797.html
CVS Heap Overflow in Processing RCS Files Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Nov/1024795.html
Linux Kernel 2.6.35.9 'setup_arg_pages()' Denial of Service Vulnerability
http://securityreason.com/securityalert/7920
Linux Kernel 2.6.37:rc2 Unix Sockets Local Denial of Service
http://securityreason.com/securityalert/7919
Free Simple Software - SQL Injection Vulnerability
http://securityreason.com/securityalert/7918
DynPG CMS "CHG_DYNPG_SET_LANGUAGE" File Inclusion Vulnerability
http://secunia.com/advisories/42380/
WordPress WPtouch Plugin "wptouch_settings" Cross-Site Scripting
http://secunia.com/advisories/42438/
Joomla! sh404SEF Component Multiple Vulnerabilities
http://secunia.com/advisories/42430/
Ubuntu update for openjdk-6
http://secunia.com/advisories/42412/
WordPress SQL Injection Vulnerability
http://secunia.com/advisories/42431/
Grani Clipboard Access Security Bypass Vulnerability
http://secunia.com/advisories/42428/
Sleipnir Clipboard Access Security Bypass Vulnerability
http://secunia.com/advisories/42427/
Enano CMS "email" SQL Injection Vulnerability
http://secunia.com/advisories/42375/
Red Hat update for krb5
http://secunia.com/advisories/42436/
Red Hat update for krb5
http://secunia.com/advisories/42399/
Red Hat Enterprise MRG Condor QMF Plug-ins Vulnerability
http://secunia.com/advisories/42406/
Pandora FMS Multiple Vulnerabilities
http://secunia.com/advisories/42347/
Kerberos Multiple Vulnerabilities
http://secunia.com/advisories/42396/
Fedora update for kdenetwork
http://secunia.com/advisories/42423/
BugTracker.NET Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/42418/
Red Hat update for wireshark
http://secunia.com/advisories/42411/
Red Hat update for dhcp
http://secunia.com/advisories/42407/
REMOTE: J-Integra v2.11 ActiveX SetIdentity() Buffer Overflow Exploit
http://www.exploit-db.com/exploits/15655/
REMOTE: J-Integra v2.11 Remote Code Execution Exploit
http://www.exploit-db.com/exploits/15648/
DoS: Apple Directory Services Memory Corruption
http://www.exploit-db.com/exploits/15491/
DoS: HP Data Protector Manager A.06.11 MMD NULL Pointer Dereference Denial of Service Vulnerability
http://www.exploit-db.com/exploits/15649/
AWStats Remote Code Execution and Directory Traversal Vulnerabilities
http://www.vupen.com/english/advisories/2010/3099
Apache Archiva Form Data Cross Site Request Forgery Vulnerability
http://www.vupen.com/english/advisories/2010/3098
SuSE Security Update Fixes Code Execution and DoS Vulnerabilities
http://www.vupen.com/english/advisories/2010/3097
Fedora Security Update Fixes KDE Network KGet Two Vulnerabilities
http://www.vupen.com/english/advisories/2010/3096
Redhat Security Update Fixes Kerberos Checksum Handling Vulnerabilities
http://www.vupen.com/english/advisories/2010/3095
MIT Kerberos Checksum Handling Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/3094
Redhat Security Update Fixes Wireshark Buffer Overflow and DoS Issues
http://www.vupen.com/english/advisories/2010/3093
Redhat Security Update Fixes DHCP Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/3092
Red Hat Enterprise MRG Condor Configuration Job Injection Vulnerability
http://www.vupen.com/english/advisories/2010/3091
Ubuntu Security Update Fixes OpenJDK Information Disclosure Issue
http://www.vupen.com/english/advisories/2010/3090
Ubuntu Security Update Fixes Kernel Privilege Escalation and DoS
http://www.vupen.com/english/advisories/2010/3089
Slackware Security Update Fixes CUPS Use-after-free Vulnerability
http://www.vupen.com/english/advisories/2010/3088
Mandriva Security Update Fixes phpMyAdmin Cross Site Scripting
http://www.vupen.com/english/advisories/2010/3087
Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/45123
Adobe Acrobat, Reader, and Flash CVE-2010-3654 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44504
Adobe Reader 9.4 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44638
Perl CGI.pm 'multipart/x-mixed-replace' MIME Boundary HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/44892
OpenJDK 'IcedTea' plugin (CVE-2010-3860) Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45114
ISC BIND Key Algorithm Rollover Security Vulnerability
http://www.securityfocus.com/bid/45137
ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45133
libxml2 'XPATH' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44779
MIT Kerberos 5 1.3.x Checksum Multiple Remote Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/45118
D-Link DIR-300 'tools_admin.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/44743
McAfee VirusScan Enterprise 'traceapp.dll' DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/45080
Xion Audio Player '.m3u8' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45018
MIT Kerberos Checksum AD-SIGNEDPATH and AD-KDC-ISSUED Security Bypass Vulnerability
http://www.securityfocus.com/bid/45117
MIT Kerberos 5 Key Distribution Center 'KrbFastReq' Forgery Security Bypass Vulnerability
http://www.securityfocus.com/bid/45122
MIT Kerberos 5 1.7.x Checksum Multiple Remote Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/45116
ArtistScope Link Protect Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/45109
Perl CGI-Simple 'multipart/x-mixed-replace' MIME Boundary HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/45144
LittlePhpGallery 'gallery.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/45143
J-Integra 'SetIdentity()' Method ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45142
Alguest Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45140
WordPress WPtouch Plugin 'wptouch_settings' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/45139
Digitalus CMS 'config.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/45136
ISC BIND 'allow-query' Zone ACL Security Bypass Vulnerability
http://www.securityfocus.com/bid/45134
Alibaba Clone 'es_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/45130
OsCSS 'categories.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/45129
HP Data Protector Manager Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45128
0 件のコメント:
コメントを投稿