2011年11月2日水曜日

2日 水曜日、仏滅



+ Multiple vulnerabilities in Adobe Flashplayer
http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer2

+ Multiple vulnerabilities in Adobe Flashplayer
http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer1

+ Multiple Buffer Overflow vulnerabilities in GIMP
http://blogs.oracle.com/sunsecurity/entry/multiple_buffer_overflow_vulnerabilities_in

+ Microsoft Windows Kernel Word File Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50462

+- Linux Kernel '/mm/oom_kill.c' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50459

HPSBMU02712 SSRT100649 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03054052%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

Wireshark 1.6.3 Released
http://www.wireshark.org/docs/relnotes/wireshark-1.6.3.html

[security bulletin] HPSBMU02712 SSRT100649 rev.1 - HP OpenView Network Node Manager (OV NNM), Re
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00005.html

Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00009.html

XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00008.html

XSS Vulnerabilities in eFront
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00007.html

[ MDVSA-2011:162 ] kdelibs4
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00006.html

GDTelcom Speedtest ActiveX Control "FTPDownLoad Class"-ActiveX.dll Remote Denial of Service Vuln
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00004.html

[ GLSA 201111-01 ] Chromium, V8: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00003.html

IBSng all version Cross-Site Scripting Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00002.html

CVE-2011-3682: 2WIRE-SINGTEL 2701HGV-E/2700HGV-2/2700HG GATEWAY ROUTER MANAGEMEN
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00001.html

DDIVRT-2011-33 IBM WebSphere Application Server help Servlet Plug-in Bundle Directory Tr
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00000.html

Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC (*.oce)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00215.html

[SECURITY] [DSA 2333-1] phpldapadmin security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00212.html

PlotLineControl ActiveX Control "LinePutPoint" Integer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00214.html

YaTFTPSvr TFTP Server Directory Traversal Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00216.html

Apples Mail.app mail of death
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00213.html

Securiteam
http://www.derkeiler.com/Mailing-Lists/Securiteam/

[SECURITY] [DSA 2332-1] python-django security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00211.html

[security bulletin] HPSBUX02707 SSRT100626 rev.2 - HP-UX Apache Web Server, Remote Denial of
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00210.html

[security bulletin] HPSBUX02702 SSRT100606 rev.5 - HP-UX Apache Web Server, Remote Denial of
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00209.html

シマンテックがAndroid端末用セキュリティソフトの新版
遠隔操作でアラームを鳴らす機能などを追加
http://itpro.nikkeibp.co.jp/article/NEWS/20111102/372023/?ST=security

化学メーカーを狙った「標的型攻撃」が相次ぐ、国内企業も被害
世界中で48社がターゲットに、米シマンテックが報告
http://itpro.nikkeibp.co.jp/article/NEWS/20111102/372022/?ST=security

JVN#98649286 CSWorks の LiveData Service におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN98649286/index.html

JVNDB-2011-000095 CSWorks の LiveData Service におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000095.html

JVNDB-2011-002643 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002643.html

JVNDB-2011-002642 Google Chrome における URL バーを偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002642.html

JVNDB-2011-002641 Google Chrome における MIME タイプに関する詳細不明な脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002641.html

JVNDB-2011-002640 Linux 上で稼働する Google Chrome における PIC および PIE コンパイラオプションの使用に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002640.html

JVNDB-2011-002639 Google Chrome における詳細不明な脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002639.html

JVNDB-2011-002638 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002638.html

JVNDB-2011-002637 Google Chrome にて使用される libxml2 におけるメモリ二重開放の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002637.html

JVNDB-2011-002636 Google Chrome におけるサービス運用妨害 (out-of-bounds read) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002636.html

JVNDB-2011-002635 Google Chrome にて使用される Google V8 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002635.html

JVNDB-2011-002634 Google Chrome における詳細不明な脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002634.html

JVNDB-2011-002633 Google Chrome におけるサービス運用妨害 (out-of-bounds read) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002633.html

JVNDB-2011-002632 Google Chrome にて使用される Google V8 における詳細不明な脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002632.html

JVNDB-2011-002631 Google Chrome における、詳細不明な脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002631.html

JVNDB-2011-002630 Google Chrome のサービス運用妨害の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002630.html

JVNDB-2011-002629 Google Chrome における詳細不明な脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002629.html

JVNDB-2011-002628 Google Chrome におけるサービス運用妨害 (out-of-bounds read) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002628.html

JVNDB-2011-002627 Cisco IOS の cat6000-dot1x コンポーネントにおけるサービス運用妨害 (トラフィックストーム) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002627.html

JVNDB-2011-002626 Cisco CiscoWorks Common Services における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002626.html

JVNDB-2011-002625 Cisco IOS の ethernet-lldp コンポーネントにおけるサービス運用妨害 (デバイスクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002625.html

JVNDB-2011-002624 NexusPHP の thanks.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002624.html

JVNDB-2011-002623 OCS Inventory NG の ocsinventory におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002623.html

JVNDB-2011-002622 OpenOffice.org および LibreOffice の oowriter におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002622.html

JVNDB-2011-002621 Simple Machines Forum におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002621.html

JVNDB-2011-002620 KENT-WEB WEB FORUM におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002620.html

JVNDB-2011-002619 IBM WebSphere ILOG Rule Team Server の content/error.jsp におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002619.html

JVNDB-2011-002618 Simple Machines Forum における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002618.html

JVNDB-2011-002617 Novell ZENworks Handheld Management (ZHM) の ZfHSrvr.exe における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002617.html

JVNDB-2011-002616 Novell ZENworks Handheld Management (ZHM) の ZfHSrvr.exe における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002616.html

JVNDB-2011-000094 複数のスカイアークシステム製品におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000094.html

JVNDB-2011-000093 複数のスカイアークシステム製品におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000093.html

JVNDB-2011-002615 Asterisk Open Source の chan_sip.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002615.html

JVNDB-2011-002614 ATCOM Netvolution における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002614.html

JVNDB-2011-002613 BlackBerry Collaboration Service における任意のユーザアカウントへログインされる脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002613.html

JVNDB-2011-002612 ATCOM Netvolution の default.asp における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002612.html

JVNDB-2011-002611 ATCOM Netvolution の default.asp におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002611.html

JVNDB-2011-002610 ATCOM Netvolution におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002610.html

JVNDB-2011-002609 ATCOM Netvolution の default.asp における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002609.html

JVNDB-2011-002608 MIT Kerberos の krb5_db2_lockout_audit 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002608.html

JVNDB-2011-002607 MIT Kerberos の lookup_lockout_policy 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002607.html

JVNDB-2011-002606 MIT Kerberos の krb5_ldap_lockout_audit 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002606.html

JVNDB-2011-002605 MIT Kerberos の kdb_ldap プラグインにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002605.html

JVNDB-2011-002604 Empathy の theme_adium_append_message 関数におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002604.html

JVNDB-2011-002603 Empathy の theme_adium_append_message 関数におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002603.html

JVNDB-2011-002602 HP MFP Digital Sending ソフトウェアにおける重要なワークフローメタデータ情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002602.html

JVNDB-2011-002601 Linux kernel の napi_reuse_skb 関数におけるサービス運用妨害 (NULL ポインタデリファレンス) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002601.html

JVNDB-2011-002600 Cisco Adaptive Security Appliances デバイスにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002600.html

JVNDB-2011-002599 Cisco IOS の ipv6 コンポーネントにおけるフィンガープリンティング攻撃を誘導される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002599.html

JVNDB-2011-002598 Cisco IOS の cat6000-dot1x コンポーネントにおけるサービス運用妨害 (トラフィックストーム) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002598.html

Honeynet Project: Android Reverse Engineering (A.R.E.) Virtual Machine released
http://isc.sans.edu/diary.html?storyid=11926

Secure languages & frameworks
http://isc.sans.edu/diary.html?storyid=11929

Linux Kernel clock_gettime() Negative Divisor Bug Lets Local Users Deny Service
http://www.securitytracker.com/id/1026261

HP OpenView Network Node Manager Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026260

Novell GroupWise Messenger Discloses Arbitrary Memory Contents to Remote Users
http://www.securitytracker.com/id/1026257

IBM AIX BIND Multiple Vulnerabilities
http://secunia.com/advisories/46641/

Gentoo update for chromium and v8
http://secunia.com/advisories/46636/

NJStar Communicator MiniSmtp Packet Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/46630/

Joomla! Alameda Component "storeid" SQL Injection Vulnerability
http://secunia.com/advisories/46635/

Squid DNS Replies Invalid Free Denial of Service Vulnerability
http://secunia.com/advisories/46609/

CSWorks LiveData Service TCP Packets Processing Denial of Service Vulnerability
http://secunia.com/advisories/46625/

Megatops YaTFTPSvr Directory Traversal Vulnerability
http://secunia.com/advisories/46665/

Oracle Hyperion Enterprise Performance Management arsqls24.dll Buffer Overflow Vulnerability
http://secunia.com/advisories/46652/

WordPress ClassiPress Theme "twitter_id" and "facebook_id" Script Insertion Vulnerabilities
http://secunia.com/advisories/46658/

Joomla! Vik Real Estate Extension "contract" and "imm" SQL Injection Vulnerabilities
http://secunia.com/advisories/46661/

Joomla! HM Community Component Script Insertion and SQL Injection Vulnerabilities
http://secunia.com/advisories/46656/

Novell Messenger Server Process Memory Information Disclosure Vulnerability
http://secunia.com/advisories/46677/

Gobby Two Weaknesses
http://secunia.com/advisories/46698/

net6 Two Weaknesses
http://secunia.com/advisories/46605/

Debian update for python-django
http://secunia.com/advisories/46614/

Debian update for radvd
http://secunia.com/advisories/46639/

Debian update for tor
http://secunia.com/advisories/46640/

Ubuntu update for empathy
http://secunia.com/advisories/46684/

Openswan Cryptographic Helper Use-After-Free Denial of Service Vulnerability
http://secunia.com/advisories/46681/

WordPress Simple Balance Theme "s" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/46671/

eFront Multiple Vulnerabilities
http://secunia.com/advisories/46613/

SUSE update for java-1_6_0-openjdk
http://secunia.com/advisories/46695/

Debian update for phpldapadmin
http://secunia.com/advisories/46672/

Fedora update for kernel
http://secunia.com/advisories/46687/

Fujitsu Interstage HTTP Server Two Vulnerabilities
http://secunia.com/advisories/46648/

NJStar Communicator 3.00 MiniSMTP Server Remote Exploit
http://www.exploit-db.com/exploits/18057

Linux Kernel TCP Sequence Number Generation Security Weakness
http://www.securityfocus.com/bid/49289

KDE KSSL Common Name SSL Certificate Spoofing Vulnerability
http://www.securityfocus.com/bid/49925

Linux Kernel 'clock_gettime()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50311

Oracle Java SE CVE-2011-3553 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50246

IBM WebSphere Application Server Administration Console Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49362

Oracle Java SE CVE-2011-3556 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50231

Oracle Java SE CVE-2011-3561 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50250

Oracle Java SE CVE-2011-3557 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50234

Oracle Java SE CVE-2011-3558 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50242

Oracle Java SE CVE-2011-3554 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50216

Oracle Java SE CVE-2011-3551 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50224

Oracle Java SE CVE-2011-3552 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50248

Oracle Java SE CVE-2011-3548 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50211

Oracle Java SE CVE-2011-3549 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50223

Oracle Java SE CVE-2011-3547 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50243

Oracle Java SE CVE-2011-3521 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50215

Oracle Java SE CVE-2011-3545 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50220

Oracle Java SE CVE-2011-3550 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50226

Oracle Java SE CVE-2011-3546 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50239

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49778

Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50218

Oracle Java SE CVE-2011-3516 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50229

KDE KSSL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36229

ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118

Apache Tomcat AJP Protocol Security Bypass Vulnerability
http://www.securityfocus.com/bid/49353

ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37865

Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability
http://www.securityfocus.com/bid/33151

Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49279

Google Chrome Prior to 14.0.835.202 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49938

Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49658

Google Chrome Prior to 15.0.874.102 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/50360

Google Chrome Prior to 12.0.742.112 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/48479

Google Chrome prior to 14.0.835.163 PDF File Handling Memory Corruption Vulnerability
http://www.securityfocus.com/bid/49933

Oracle Hyperion Financial Management 'TList6.ocx' ActiveX Control Insecure Method Vulnerability
http://www.securityfocus.com/bid/50476

GE Proficy Historian Data Archiver Service Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50475

GE Proficy Plant Application Components Remote Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50474

GE Proficy Historian Web Administrator Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50473

HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/50471

Symphony Multiple SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50470

eFront Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50469

IBSng 'str' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50468

Google App Engine Python SDK 'FakeFile' Object Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/50464

Microsoft Windows Kernel Word File Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50462

Linux Kernel '/mm/oom_kill.c' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50459

Hyperic HQ Enterprise Cross Site Scripting and Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/50456

vBulletin Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/50455

Domain Shop 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50454

BroadWin WebAccess Client 'bwocxrun.ocx ' Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/49428

Microsoft Windows AFD Driver CVE-2011-2005 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/49941

Apple QuickTime Prior To 7.7.1 'Flic' Movie File Handling Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50404

phpLDAPadmin Cross Site Scripting and PHP Code Injection Vulnerabilities
http://www.securityfocus.com/bid/50331

Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/47820

Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49957

Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/47929

Django Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49573

NJStar Communicator MiniSMTP Server Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50452

Joomla! Alameda Component 'storeid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/50451

Squid Proxy Caching Server CNAME Denial of Service Vulnerability
http://www.securityfocus.com/bid/50449

Multiple SKYARC System Products Unspecified Security Bypass Vulnerability
http://www.securityfocus.com/bid/50448

Novell Messenger Server Memory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50443

net6 Session Hijacking and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/50442

YaTFTPSvr TFTP Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/50441

Openswan Crpyotgraphic Helper Use After Free Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/50440

Joomla! 'com_hmcommunity' Component Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/50439

e107 CMS jbShop Plugin 'item_id' SQL Injection Vulnerability
http://www.securityfocus.com/bid/50438

phpAlbum Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/50437

Joomla Component JEEMA SMS Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/50436

Joomla Component Vik Real Estate Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/50435

WordPress WP Glossary Plugin 'ajax.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/50434

WordPress Classipress Theme Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/50433

Barter Sites Joomla! Component Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/50432

PROMOTIC ActiveX Control 'GetPromoticSite' Method Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50430

GFI Faxmaker Divide-By-Zero Denial of Service Vulnerability
http://www.securityfocus.com/bid/50429

0 件のコメント:
ラベル: ,

2011年10月31日月曜日

31日 月曜日、友引


JVN#56667137 複数のスカイアークシステム製品におけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN56667137/index.html

JVN#41032068 複数のスカイアークシステム製品におけるアクセス制限不備の脆弱性
http://jvn.jp/jp/JVN41032068/index.html

REMOTE: BroadWin WebAccess SCADA/HMI Client Remote Code Execution
http://www.exploit-db.com/exploits/18051

DoS/PoC: Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC
http://www.exploit-db.com/exploits/18052

DoS/PoC: Microsys PROMOTIC 8.1.4 ActiveX GetPromoticSite Unitialized Pointer
http://www.exploit-db.com/exploits/18049




+ Linux Kernel Network Bridge NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/50417

[ANNOUNCEMENT] Apache Commons Digester 3.1 released!
http://commons.apache.org/digester/download_digester.cgi

[courier-announce] Courier and courier-imap builds 20111028
http://www.courier-mta.org/download.php

UPDATE: HPSBUX02715 SSRT100623 rev.3 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03057703%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

Benetl, a free ETL tool for postgreSQL, is out in version 3.8
http://www.postgresql.org/about/news.1361

PostgreSQL Data Sync released
http://www.postgresql.org/about/news.1360

LedgerSMB 1.3.0 Released
http://www.postgresql.org/about/news.1359

Debian : [DSA-2329-1] torque - Buffer Overflow Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37003

Hewlett-Packard : [HPSBMU02714 SSRT100244] - HP - Network Node Manager i - Information Disclosure Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36996

High-Tech Bridge SA : [HTB23052] SPIP - Path Disclosure Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37002

Red Hat : [RHSA-2011:1402-01] FreeType - Denial-Of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37004

Red Hat : [RHSA-2011:1409-01] OpenSSL - Security Bypass Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37005

Ubuntu Security Notice : [USN-1238-2] Puppet - Man-In-The-Middle Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37006

Ubuntu Security Notice : [USN-1247-1] Nova - Information Disclosure Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37007

Ubuntu Security Notice : [USN-1248-1] KDE-Libs - Spoofing Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37008

VMware : [VMSA-2011-0013] Multiple Products - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37009

ZDI : [ZDI-11-311] Apple - QuickTime - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37010

ZDI : [ZDI-11-312] Apple - QuickTime - Code Execution Isshe
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37011

ZDI : [ZDI-11-313] Apple - QuickTime - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37012

ZDI : [ZDI-11-314] Apple - QuickTime - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37013

ZDI : [ZDI-11-315] Apple - QuickTime - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37014

ZDI : [ZDI-11-316] Apple - QuickTime - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37015

Cisco : [cisco-sa-20111026-webex] Cisco - WebEx Player - Multiple Buffer Overflow Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36997

Cisco : [cisco-sa-20111026-csa] Cisco - Security Agent - Multiple Code Execution Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36998

Cisco : [cisco-sa-20111026-cucm] Cisco - Unified Communications Manager - Directory Traversal Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36999

Cisco : [cisco-sa-20111026-uccx] Cisco - Unified Contact Center Express - Directory Traversal Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37000

Cisco : [cisco-sa-20111026-camera] Cisco - Video Surveillance IP Cameras - Denial-Of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37001

Gentoo Linux : [GLSA 201110-24] Squid - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36982

Gentoo Linux : [GLSA 201110-25] Pure-FTPd - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36983

Gentoo Linux : [GLSA 201110-26] libxml2 - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36984

Hewlett-Packard : [HPSBUX02700 SSRT100506] HP-UX - VEA - Denial-Of-Service and Code Execution Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36972

Ubuntu Security Notice : [USN-1238-1] Puppet - Man-In-The-Middle Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36974

Ubuntu Security Notice : [USN-1239-1] Linux kernel - EC2 - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36975

Ubuntu Security Notice : [USN-1240-1] Linux kernel - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36976

Ubuntu Security Notice : [USN-1241-1] Linux Kernel - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36977

Ubuntu Security Notice : [USN-1242-1] Linux Kernel - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36978

Ubuntu Security Notice : [USN-1243-1] Linux Kernel - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36979

Ubuntu Security Notice : [USN-1245-1] Linux Kernel - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36980

ZDI : [ZDI-11-308] Cisco - WebEx Player - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36985

ZDI : [ZDI-11-309] Novell - iPrint Client - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36986

ZDI : [ZDI-11-310] Adobe - Reader - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36987

ZDI : [ZDI-11-296] Adobe - Reader - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36988

ZDI : [ZDI-11-297] Adobe - Reader - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36989

ZDI : [ZDI-11-298] Adobe - Reader - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36990

ZDI : [ZDI-11-299] Adobe - Reader - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36991

ZDI : [ZDI-11-300] Adobe - Reader - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36992

ZDI : [ZDI-11-301] Adobe - Reader - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36993

ZDI : [ZDI-11-302] Adobe - Reader - Buffer Overflow and Code Execution Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36994

Cisco : Cisco Nexus OS (NX-OS) - Command Injection Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36968

Gentoo Linux : [GLSA 201110-22] PostgreSQL - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36995

Gentoo Linux : [GLSA 201110-23] Apache - mod_authnz_external - SQL Injection Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36995

Independant Researcher : zFtp Server - Denial-Of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36981

Mandriva : [MDVSA-2011:161] postgresql - Weak Encrypted Password Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36964

Red Hat : [RHSA-2011:1401-01] xen - Denial-Of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36963

Ubuntu Security Notice : [USN-1237-1] PAM - Multiple Denial-Of-Service Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36962

Debian : [DSA-2326-1] PAM - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36966

Debian : [DSA-2327-1] libfcgi-perl - Authentication Bypass Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36970

Debian : [DSA 2328-1] Freetype - Denial-Of-Service and Code Execution Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36973

Gentoo Linux : [GLSA 201110-21] Asterisk - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36971

Independant Researcher : [TC-SA-2011-01] OmniTouch - Instant Communication Suite - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36965

Debian : [DSA-2325-1] kfreebsd-8 - Buffer Overflow Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36967

[SECURITY] [DSA 2323-1] radvd security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00205.html

[SECURITY] [DSA 2331-1] tor security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00206.html

[PT-2011-30] Disclosure of sensitive information in D-Link DIR-300 Router
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00204.html

[PT-2011-29] Arbitrary file reading and arbitrary code execution in Router Manager for D-
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00203.html

[PT-2011-21] SQL injection vulnerability in OneOrZero AIMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00202.html

[PT-2011-20] Authorization bypass vulnerability in OneOrZero AIMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00201.html

VMSA-2011-0013 VMware third party component updates for VMware vCenter Server, vCenter Updat
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00199.html

[security bulletin] HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers (SRP), Local Unauthorize
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00198.html

[security bulletin] HPSBUX02719 SSRT100658 rev.1 - HP-UX Running BIND, Remote Denial of Serv
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00197.html

ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00196.html

ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00195.html

ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00194.html

ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00192.html

ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vu
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00193.html

ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00191.html

[SECURITY] [DSA 2330-1] simplesamlphp security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00190.html

eFront <= 3.6.10 (build 11944) Multiple Security Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00207.html

[SECURITY] [DSA 2329-1] torque security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00174.html

foofus.net security advisory - Toshiba eStudio Multifunction Printer Information Leakage
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00189.html

APPLE-SA-2011-10-26-1 QuickTime 7.7.1
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00188.html

[ GLSA 201110-26 ] libxml2: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00187.html

[ GLSA 201110-25 ] Pure-FTPd: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00186.html

[ GLSA 201110-24 ] Squid: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00185.html

DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal [CVE-2011-33
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00184.html

ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerab
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00183.html

ZDI-11-309 : Novell iPrint Client nipplib.dll GetDriverSettings Remote Code Execution Vulner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00182.html

ZDI-11-308 : Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerabilit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00181.html

ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vu
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00180.html

ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerabi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00178.html

ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00179.html

ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00177.html

ZDI-11-303 : Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00176.html

SANS AppSec 2012 CFP is Open
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00175.html

JVN#72640744 複数の D-Link 製品におけるバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN72640744/index.html

JVNVU#402731 Enspire eClient に SQL インジェクションの脆弱性
http://jvn.jp/cert/JVNVU402731/index.html

プレス発表
複数のD-Link製品におけるセキュリティ上の弱点(脆弱性)の注意喚起
http://www.ipa.go.jp/about/press/20111028.html

The Sub Critical Control? Evidence Collection
http://isc.sans.edu/diary.html?storyid=11914

IBM Lotus Sametime Configuration Servlet Lets Remote Users Obtain Configuration Data
http://www.securitytracker.com/id/1026255

Cisco NX-OS Command Validation Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1026254

HP Power Manager 'formExportDataLogs' Buffer Overflow
http://securityreason.com/securityalert/8482

Apple Safari Webkit libxslt Arbitrary File Creation
http://securityreason.com/securityalert/8481

Ubuntu update for backuppc
http://secunia.com/advisories/46621/

VMware vCenter Products JRE Multiple Vulnerabilities
http://secunia.com/advisories/46651/

HP-UX update for BIND
http://secunia.com/advisories/46633/

VMware ESX Server Multiple Vulnerabilities
http://secunia.com/advisories/46529/

Enspire eClient Unspecified SQL Injection Vulnerability
http://secunia.com/advisories/46638/

Tor TLS Certificate Reuse User De-Anonymisation Security Issue
http://secunia.com/advisories/46634/

VMware ESXi Server "sblim-sfcb" Integer Overflow Vulnerability
http://secunia.com/advisories/46650/

Gentoo update for libxml2
http://secunia.com/advisories/46601/

BackupPC "num" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/46615/

Cisco NX-OS / Unified Computing System "section" and "less" Privilege Escalation Vulnerabilities
http://secunia.com/advisories/46569/

D-Link Products SSH Server Buffer Overflow Vulnerability
http://secunia.com/advisories/46637/

FFFTP Insecure Executable Loading Vulnerability
http://secunia.com/advisories/46649/

IBM Lotus Sametime Configuration Servlet Authentication Security Issue
http://secunia.com/advisories/46647/

SUSE update for kernel
http://secunia.com/advisories/46608/

HP-UX BIND Requests Processing Remote Denial of Service Vulnerability
http://www.vupen.com/english/ADV-2011-2244.php

Tor Security Update Fixes Multiple Information Disclosure Vulnerabilities
http://www.vupen.com/english/ADV-2011-2243.php

IBM DB2 for Linux, UNIX and Windows "STMM" Security Vulnerability
http://www.vupen.com/english/ADV-2011-2242.php

IBM Lotus Sametime Configuration Servlet Remote Information Disclosure
http://www.vupen.com/english/ADV-2011-2241.php

VMware Products Code Execution and Denial of Service Vulnerabilities
http://www.vupen.com/english/ADV-2011-2240.php

Enspire eClient Data Processing Remote SQL Injection Vulnerability
http://www.vupen.com/english/ADV-2011-2239.php

Winamp Data Processing Multiple Heap and Integer Overflow Vulnerabilities
http://www.vupen.com/english/ADV-2011-2238.php

LOCAL: Xorg 1.4 to 1.11.2 File Permission Change PoC
http://www.exploit-db.com/exploits/18040

LOCAL: GTA SA-MP server.cfg Buffer Overflow
http://www.exploit-db.com/exploits/18038

DoS/PoC: GFI Faxmaker - Fax Viewer v10.0[build 237] DoS (Poc).
http://www.exploit-db.com/exploits/18043

Oracle Solaris CVE-2011-2311 ZFS Component Local Vulnerability
http://www.securityfocus.com/bid/50266

Oracle Solaris CVE-2011-2312 'ZFS' Sub Component Local Vulnerability
http://www.securityfocus.com/bid/50269

Oracle Sun Products Suite CVE-2011-3536 Local Vulnerability
http://www.securityfocus.com/bid/50262

Oracle Sun Products Suite CVE-2011-2286 Remote Vulnerability
http://www.securityfocus.com/bid/50265

Oracle Solaris CVE-2011-2304 Remote Vulnerability
http://www.securityfocus.com/bid/50257

Oracle Solaris CVE-2011-2313 Local Solaris Vulnerability
http://www.securityfocus.com/bid/50254

Oracle Sun Solaris CVE-2011-3508 Remote Vulnerability
http://www.securityfocus.com/bid/50201

Oracle Sun Solaris CVE-2011-3515 Local Vulnerability
http://www.securityfocus.com/bid/50235

Oracle Sun Product Suite CVE-2011-3537 Local Vulnerability
http://www.securityfocus.com/bid/50259

Oracle Sun Solaris CVE-2011-3535 Remote Vulnerability
http://www.securityfocus.com/bid/50255

Oracle Sun Solaris CVE-2011-3534 Remote Vulnerability
http://www.securityfocus.com/bid/50251

RETIRED: Linux Kernel kexec-tools Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/49944

Linux Kernel CVE-2011-3589 kexec-tools 'mkdumprd' Utility Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50415

Empathy 'nickname' Field Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50323

Oracle Java SE and Java for Business CVE-2010-3541 Remote Networking Vulnerability
http://www.securityfocus.com/bid/44032

Oracle Java SE and Java for Business CVE-2010-4469 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46400

Cisco Nexus OS 'section' and 'less' Local Command Injection Vulnerabilities
http://www.securityfocus.com/bid/50347

Oracle Java SE and Java for Business NTLM Credentials Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46411

Oracle Java SE and Java for Business Java Runtime Environment CVE-2010-4454 Remote Vulnerability
http://www.securityfocus.com/bid/46391

Oracle Java SE and Java for Business CVE-2011-0871 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48142

Oracle Java SE and Java for Business CVE-2011-0802 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/48149

Oracle Java SE and Java for Business CVE-2011-0864 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48139

Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/47820

Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/47929

Oracle Java SE and Java for Business CVE-2010-3574 Remote Networking Vulnerability
http://www.securityfocus.com/bid/44011

Microsoft Windows Local DNS Cache Poisoning Vulnerabilities
http://www.securityfocus.com/bid/50281

radvd Multiple Local and Remote Vulnerabilities
http://www.securityfocus.com/bid/50395

Oracle Java SE and Java for Business CVE-2010-3573 Same Origin Bypass Vulnerability
http://www.securityfocus.com/bid/44028

Oracle Java SE and Java for Business CVE-2010-3571 ICC Profile Vulnerability
http://www.securityfocus.com/bid/43965

Oracle Java SE and Java for Business CVE-2010-3572 Remote Sound Vulnerability
http://www.securityfocus.com/bid/44030

Oracle Java SE and Java for Business CVE-2010-3570 Remote Deployment Toolkit Vulnerability
http://www.securityfocus.com/bid/44020

Oracle Java SE and Java for Business 'defaultReadObject' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44016

Oracle Java SE and Java for Business CVE-2010-3568 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/44012

Oracle Java SE and Java for Business CVE-2010-3565 JPEGImageWriter.writeImage Vulnerability
http://www.securityfocus.com/bid/43985

Oracle Java SE and Java for Business CVE-2010-3567 Remote 2D Vulnerability
http://www.securityfocus.com/bid/43992

Oracle Java SE and Java for Business CVE-2010-3566 ICC Profile Vulnerability
http://www.securityfocus.com/bid/43988

Oracle Java SE and Java for Business CVE-2010-3562 Remote 2D Vulnerability
http://www.securityfocus.com/bid/43979

Oracle Java SE and Java for Business CVE-2010-3563 BasicServiceImpl Vulnerability
http://www.securityfocus.com/bid/43999

Oracle Java SE and Java for Business CVE-2010-3561 Remote CORBA Vulnerability
http://www.securityfocus.com/bid/44013

Oracle Java SE and Java for Business CVE-2010-3560 Remote Networking Vulnerability
http://www.securityfocus.com/bid/44024

Oracle Java SE and Java for Business CVE-2010-3559 HeadspaceSoundbank.nGetName Vulnerability
http://www.securityfocus.com/bid/44026

Oracle Java SE and Java for Business CVE-2010-3557 Remote Swing Vulnerability
http://www.securityfocus.com/bid/44014

Oracle Java SE and Java for Business CVE-2010-3558 Remote Java Web Start Vulnerability
http://www.securityfocus.com/bid/44021

Oracle Java SE and Java for Business CVE-2010-3556 Remote 2D Vulnerability
http://www.securityfocus.com/bid/43971

Oracle Java SE and Java for Business CVE-2010-3554 Remote CORBA Vulnerability
http://www.securityfocus.com/bid/43994

Oracle Java SE and Java for Business CVE-2010-3555 Remote ActiveX Plug-in Vulnerability
http://www.securityfocus.com/bid/44038

Oracle Java SE and Java for Business CVE-2010-3553 Remote Swing Vulnerability
http://www.securityfocus.com/bid/44035

Oracle Java SE and Java for Business CVE-2010-3552 Remote New Java Plug-in Vulnerability
http://www.securityfocus.com/bid/44023

Oracle Java SE and Java for Business CVE-2010-3551 Remote Networking Vulnerability
http://www.securityfocus.com/bid/44009

Oracle Java SE and Java for Business CVE-2010-3549 HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/44027

Oracle Java SE and Java for Business CVE-2010-3550 Remote Java Web Start Vulnerability
http://www.securityfocus.com/bid/44040

Cisco IOS 'ethernet-lldp' Component Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50377

MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40235

Oracle Java SE and Java for Business CVE-2010-3548 Remote JNDI Vulnerability
http://www.securityfocus.com/bid/44017

Oracle Java SE and Java for Business CVE-2010-4472 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46404

Oracle Java SE and Java for Business CVE-2010-4470 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46387

Oracle Java SE and Java for Business CVE-2010-4471 Remote Security Vulnerability
http://www.securityfocus.com/bid/46399

Oracle Java SE and Java for Business CVE-2010-4474 Remote Java DB Vulnerability
http://www.securityfocus.com/bid/46407

Oracle Java SE and Java for Business CVE-2010-4467 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46395

Oracle Java SE and Java for Business CVE-2010-4422 Remote Vulnerability
http://www.securityfocus.com/bid/46402

Oracle Java 'Applet2ClassLoader' Class Unsigned Applet Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46388

Oracle Java SE and Java for Business Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46386

Oracle Java SE and Java for Business CVE-2010-4451 Vulnerability
http://www.securityfocus.com/bid/46405

Oracle Java Floating-Point Value Denial of Service Vulnerability
http://www.securityfocus.com/bid/46091

Oracle Java SE and Java for Business CVE-2010-4473 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46403

Oracle Java SE and Java for Business CVE-2010-4475 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46410

Oracle Java SE and Java for Business CVE-2010-4468 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46393

Cisco IOS dot1x Port Handling Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/50375

Oracle Java SE and Java for Business CVE-2010-4450 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46397

Oracle Java SE and Java for Business Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46394

Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46406

Oracle Java SE and Java for Business CVE-2010-4448 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46398

Oracle Java SE and Java for Business CVE-2010-4447 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46409

Linux Kernel 'CIFSFindNext()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/49295

Linux Kernel EFI Partition Denial of Service Vulnerability
http://www.securityfocus.com/bid/47343

Linux Kernel CIFS Mount Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/49626

Linux Kernel Auerswald USB Device Driver Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48687

Oracle Java SE and Java for Business CVE-2011-0815 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48143

Oracle Java SE and Java for Business ICC Profile Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/48137

Oracle Java SE and Java for Business CVE-2011-0865 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48147

Oracle Java SE and Java for Business CVE-2011-0873 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48148

Oracle Java SE and Java for Business CVE-2011-0867 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/48144

Oracle Java SE and Java for Business CVE-2011-0814 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48145

Linux Kernel EFI Partition Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47796

X.Org X11 File Read Permission Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50196

ISC BIND 9 Unspecified Packet Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/48566

Multiple Browser Wild Card Certificate Spoofing Vulnerability
http://www.securityfocus.com/bid/42817

libuser 'luseradd' Default Password Security Bypass Vulnerability
http://www.securityfocus.com/bid/45791

SBLIM-SFCB Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/40475

OpenSSL Ciphersuite Downgrade Security Weakness
http://www.securityfocus.com/bid/45164

OpenSSL Ciphersuite Modification Allows Disabled Cipher Security Bypass Vulnerability
http://www.securityfocus.com/bid/45254

Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36377

Plici Search 'p48-search.html' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50428

SjXjV 'post.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/50426

D-Link DIR-300 Unspecified Remote Code Execution and Remote File Disclosure Vulnerabilities
http://www.securityfocus.com/bid/50424

simpleSAMLphp Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/50423

Joomla! Techfolio Component 'catid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/50422

Opera Web Browser Escape Sequence Stack Buffer Overflow Denial of Service Vulnerability
http://www.securityfocus.com/bid/50421

eFront 'professor.php' Script Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/50419

Empathy 'nickname' Field 'me-type' Event Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50418

Linux Kernel Network Bridge NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/50417

Tor Directory Remote Information Disclosure Vulnerability Bridge Enumeration Weaknesses
http://www.securityfocus.com/bid/50414

FFFTP Insecure Excutable File Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/50412

Touhou Hisouten Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50411

IBM Lotus Sametime Configuration Servlet Authentication Security Bypass Vulnerability
http://www.securityfocus.com/bid/50410

bzexe '/tmp/$prog' Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/50409

Serendipity Karma Plugin Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50408

BackupPC 'index.cgi' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50406

D-Link Multiple Products Unspecified Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50405

0 件のコメント:
ラベル: ,

2011年10月28日金曜日

28日 金曜日、大安


Trend Micro Mobile Security 7.0 Critical Patch 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1672

VMSA-2011-0013: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
http://www.vmware.com/security/advisories/VMSA-2011-0013.html

UPDATE: HS11-019: DoS Vulnerability in Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-019/index.html

UPDATE: HS11-019: Hitachi Web ServerにおけるRangeヘッダによるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-019/index.html

プレス発表
複数のD-Link製品におけるセキュリティ上の弱点(脆弱性)の注意喚起
http://www.ipa.go.jp/about/press/20111028.html

JVNVU#402731 Enspire eClient に SQL インジェクションの脆弱性
http://jvn.jp/cert/JVNVU402731/index.html

JVN#50227837 東方緋想天におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN50227837/index.html

JVN#72640744 複数の D-Link 製品におけるバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN72640744/index.html

JVN#62336482 FFFTP における実行ファイル読み込みに関する脆弱性
http://jvn.jp/jp/JVN62336482/index.html

JVNDB-2011-000089 東方緋想天におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000089.html

JVNDB-2011-000092 複数の D-Link 製品におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000092.html

JVNDB-2011-000091 FFFTP における実行ファイル読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000091.html

JVNDB-2011-002597 Cisco CiscoWorks Common Services の Home Page コンポーネントにおける任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002597.html

JVNDB-2011-002596 Cisco Show and Share における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002596.html

JVNDB-2011-002595 Cisco Show and Share における複数の管理者用ページにアクセスされる脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002595.html

JVNDB-2011-002594 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002594.html

JVNDB-2011-002593 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002593.html

JVNDB-2011-002592 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002592.html

JVNDB-2011-002591 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002591.html

JVNDB-2011-002590 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002590.html

JVNDB-2011-002589 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002589.html

JVNDB-2011-002588 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002588.html

JVNDB-2011-002587 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002587.html

JVNDB-2011-002586 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002586.html

JVNDB-2011-002585 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002585.html

JVNDB-2011-002584 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002584.html

JVNDB-2011-002583 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002583.html

JVNDB-2011-002582 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002582.html

JVNDB-2011-002581 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002581.html

JVNDB-2011-002580 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002580.html

JVNDB-2011-002579 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002579.html

JVNDB-2011-002578 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002578.html

JVNDB-2011-002577 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002577.html

JVNDB-2011-002576 Windows 上で稼働する Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002576.html

Critical Control 19: Data Recovery Capability
http://isc.sans.edu/diary.html?storyid=11905

Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36377





+ HPSBUX02719 SSRT100658 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03070783%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
対象名:HP-UX B.11.11/11.23

UPDATE: HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03057703%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

「マニュアル」のGR4000/GS4000/GS3000マニュアル訂正資料(Ver.10-10-/K対応)を更新しました。
http://www.hitachi.co.jp/Prod/comp/network/manual/manualtop.html

ウェブルートがセキュリティソフトの新版などを展示会に出展
http://itpro.nikkeibp.co.jp/article/NEWS/20111027/371598/?ST=security

シマンテック、約2週間で社内のボットネットを洗い出すサービスを発表
http://itpro.nikkeibp.co.jp/article/NEWS/20111027/371549/?ST=security

JVNDB-2011-002575 FreeBSD の "linux emulation" サポートにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002575.html

JVNDB-2011-002574 IBM DB2 Express Edition の FreeBSD の db2rspgn における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002574.html

JVNDB-2011-002573 QNX Neutrino RTOS の runtime linker におけるファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002573.html

JVNDB-2011-002572 Oracle Solaris における Remote Quota Server の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002572.html

JVNDB-2011-002571 Oracle OpenSSO における認証の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002571.html

JVNDB-2011-002570 Oracle Sun Products Suite の Oracle Communications Unified コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002570.html

JVNDB-2011-002569 Oracle OpenSSO における認証の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002569.html

JVNDB-2011-002568 Oracle Sun Products Suite の Oracle Communications Unified コンポーネントおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002568.html

JVNDB-2011-002567 Oracle Sun Products Suite の Oracle Waveset コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002567.html

JVNDB-2011-002566 Oracle Solaris 11 Express における iSCSI DataMover の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002566.html

JVNDB-2011-002565 racle Solaris における Kernel/Performance Counter BackEnd Module の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002565.html

JVNDB-2011-002564 Oracle Solaris における Process File System (procfs) の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002564.html

JVNDB-2011-002563 Oracle Solaris における LDAP library の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002563.html

JVNDB-2011-002562 Oracle Solaris における ZFS の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002562.html

Critical Control 18: Incident Response Capabilities
http://isc.sans.edu/diary.html?storyid=11899

Software Update Potpourri
http://isc.sans.edu/diary.html?storyid=11902

Trend Micro InterScan Web Security Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1026252

Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026251

HP-UX Containers Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1026250

VU#402731: Enspire eClient SQL injection allows authentication bypass
http://www.kb.cert.org/vuls/id/402731

SUSE update for puppet
http://secunia.com/advisories/46628/

Debian update for torque
http://secunia.com/advisories/46577/

HP-UX Containers Unspecified Privilege Escalation Vulnerability
http://secunia.com/advisories/46617/

Red Hat update for openssl
http://secunia.com/advisories/46629/

Gentoo update for squid
http://secunia.com/advisories/46604/

Gentoo update for pure-ftpd
http://secunia.com/advisories/46603/

Apple QuickTime Multiple Vulnerabilities
http://secunia.com/advisories/46618/

HP Network Node Manager i JMX Console Security Bypass Security Issue
http://secunia.com/advisories/46627/

Libxml2 Two XSLT Double Free Vulnerabilities
http://secunia.com/advisories/46632/

SPIP Unspecified SQL Injection Vulnerability
http://secunia.com/advisories/46622/

Winamp Multiple Vulnerabilities
http://secunia.com/advisories/45279/

Cisco Multiple Products Directory Traversal Vulnerability
http://secunia.com/advisories/46600/

Trend Micro InterScan Web Security Suite "patchCmd" Privilege Escalation Vulnerability
http://secunia.com/advisories/46610/

Cisco WebEx Player WRF File Processing Vulnerabilities
http://secunia.com/advisories/46607/

Oracle Solaris Vino Framebuffer Update Handling Denial of Service Vulnerability
http://secunia.com/advisories/46619/

Joomla! YJ Contact Us Component "view" Local File Inclusion Vulnerability
http://secunia.com/advisories/46588/

Fedora update for radvd
http://secunia.com/advisories/46626/

Online Subtitles Workshop "comment" Script Insertion Vulnerability
http://secunia.com/advisories/46616/

Drupal Organic groups Module Security Bypass Vulnerability
http://secunia.com/advisories/46623/

Cisco Video Surveillance IP Cameras RTSP TCP Packets Processing Denial of Service
http://secunia.com/advisories/46612/

Cisco Video Surveillance IP Cameras RTSP TCP Packets Processing Denial of Service
http://secunia.com/advisories/46611/

OpenLDAP "UTF8StringNormalize()" Off-by-One Denial of Service Vulnerability
http://secunia.com/advisories/46599/

Cisco Security Agent Outside In Technology File Processing Vulnerabilities
http://secunia.com/advisories/46631/

Novell iPrint Client "GetDriverSettings()" Buffer Overflow Vulnerability
http://secunia.com/advisories/46606/

Winamp Data Processing Multiple Heap and Integer Overflow Vulnerabilities
http://www.vupen.com/english/ADV-2011-2238.php

HP-UX Containers Local Unauthorized Access and Privilege Escalation
http://www.vupen.com/english/ADV-2011-2237.php

Oracle Sun Solaris Vino GNOME Desktop Sharing Server Denial of Service
http://www.vupen.com/english/ADV-2011-2236.php

OpenLDAP "UTF8StringNormalize()" Remote Off-by-one Buffer Overflow
http://www.vupen.com/english/ADV-2011-2235.php

Cisco WebEx Player WRF and ATAS32 Buffer Overflow Vulnerabilities
http://www.vupen.com/english/ADV-2011-2234.php

Cisco Security Agent Outside-In Remote Code Execution Vulnerabilities
http://www.vupen.com/english/ADV-2011-2233.php

Cisco Video Surveillance IP Cameras Denial of Service Vulnerability
http://www.vupen.com/english/ADV-2011-2232.php

Cisco Unified Contact Center Express Directory Traversal Vulnerability
http://www.vupen.com/english/ADV-2011-2231.php

Organic Groups for Drupal Access Bypass Remote Unauthorized Access
http://www.vupen.com/english/ADV-2011-2230.php

Apple QuickTime Multiple Code Execution and Information Disclosure
http://www.vupen.com/english/ADV-2011-2229.php

Apple QuickTime Prior To 7.7.1 Pict File Handling Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50399

RETIRED: Apple QuickTime Prior To 7.7.1 Multiple Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/50388

Apple Mac OS X FLIC Files CVE-2011-3223 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50101

Apple QuickTime CVE-2011-3221 Movie File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50131

Apple QuickTime Prior To 7.7.1 TKHD Atoms Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50403

phpScheduleIt 'reserve.php' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/31520

Apple Mac OS X FlashPix Files CVE-2011-3222 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50100

Apple Mac OS X QuickTime Player CVE-2011-3228 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/50127

Apple Mac OS X QuickTime 'Save for Web' Feature HTML Injection Vulnerability
http://www.securityfocus.com/bid/50122

Apple Mac OS X CoreMedia H.264 Encoded Movie Files Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50068

Apple QuickTime CVE-2011-3220 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50130

X.Org X11 File Read Permission Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50196

X.Org X11 Local Privilege Escalation Vulnerability and Memory Leak Vulnerability
http://www.securityfocus.com/bid/50002

OpenSSL Internal Certificate Verification Routine Security Bypass Vulnerability
http://www.securityfocus.com/bid/49469

Linux Kernel GHASH Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50366

torque 'job name' Argument Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48374

Vino Framebuffer Request Processing Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/47681

Mozilla Firefox RegExp Remote Integer Underflow Vulnerability
http://www.securityfocus.com/bid/49809

libxml2 'XPATH' Expressions Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45617

Apple QuickTime Prior To 7.7.1 'Flic' Movie File Handling Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50404

RoundCube Webmail Denial of Service Vulnerability
http://www.securityfocus.com/bid/50402

Apple QuickTime Prior To 7.7.1 Movie File Handling Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50401

Apple QuickTime Prior To 7.7.1 Movie File Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50400

Enspire eClient Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/50398

HP-UX Containers Unspecified Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50396

radvd Multiple Local and Remote Vulnerabilities
http://www.securityfocus.com/bid/50395

Toshiba e-Studio Devices Password Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50392

eFront 3.6.10 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/50391

SPIP Versions Prior to 1.9.2k Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/50390

WordPress WPtouch Plugin 'ajax.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/50389

0 件のコメント:
ラベル:

2011年10月27日木曜日

QuickTime 7.7.1 のセキュリティアップデート 


About the security content of QuickTime 7.7.1
http://support.apple.com/kb/HT5016



上記 URL の QuickTime 7.7.1 のセキュリティアップデートの翻訳




1) QuickTime
 QuickTime が H.264 エンコードされた動画ファイルを取り扱う際にバッファオーバーフローが発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3219)

2) QuickTime
 QuickTime が動画ファイルの URL データハンドラを取り扱う際に初期化されてないメモリへアクセスすることが原因で、メモリ上のコンテンツを取得される脆弱性。(CVE-2011-3220)

3) QuickTime
 QuickTime が動画ファイルの atom 階層を取り扱う際に実装上の欠陥が存在することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-20113221)

4) QuickTime
 QuickTime Player の "Save for Web" にクロスサイトスクリプティングの欠陥が存在することが原因で、ローカルドメインからスクリプトを注入される脆弱性。(CVE-2011-3218)

5) QuickTime
 QuickTime が FlashPix ファイルを取り扱う際にバッファオーバーフローが発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3222)

6) QuickTime
 QuickTime が FLIC ファイルを取り扱う際にバッファオーバーフローが発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3223)

7) QuickTime
 QuickTime が動画ファイルを取り扱う際に複数のメモリ破壊が発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3228)

8) QuickTime
 PICT ファイルの取り扱いにおいて整数オーバーフローが発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3247)

9) QuickTime
 QuickTime の動画ファイルに埋め込まれたフォントテーブルの取り扱いにおいて署名問題が存在することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3248)

10) QuickTime
 FLC エンコードされた動画ファイルの取り扱いにおいてバッファオーバーフローが発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3249)

11) QuickTime
 JPEG2000 エンコードされた動画ファイルの取り扱いにおいて整数オーバーフローが発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3250)

12) QuickTime
 QuickTime の動画ファイル内の TKHD atom の取り扱いにおいてメモリ破壊が発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3251)






















0 件のコメント:
  

















ラベル:
,

























27日 木曜日、仏滅












Lotus Notes の一太郎ファイルビューアーにおけるバッファーオーバーフローの潜在的な脆弱性の問題

http://www-06.ibm.com/ibm/jp/security/info/lotus/si20111025a.html



JVNVU#784211 Apple Quicktime における複数の脆弱性に対するアップデート

http://jvn.jp/cert/JVNVU784211/index.html



JVNDB-2011-002561 Oracle Supply Chain Products Suite の Oracle Agile Product Supplier Collaboration for Process コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002561.html



JVNDB-2011-002560 Oracle Industry Applications の Health Sciences - Oracle Thesaurus Management System コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002560.html



JVNDB-2011-002559 Oracle Industry Applications の Health Sciences - Oracle Clinical、Remote Data Capture における脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002559.html



JVNDB-2011-002558 Oracle Virtualization の Sun Ray コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002558.html



JVNDB-2011-002557 Oracle Linux の Oracle Validated 処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002557.html



JVNDB-2011-002556 複数の Oracle Sun 製品における Integrated Lights Out Manager CLI の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002556.html



JVNDB-2011-002555 Oracle PeopleSoft Enterprise HRMS における JPM の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002555.html



JVNDB-2011-002554 Oracle PeopleSoft Enterprise HRMS における Talent Acquisition Manager の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002554.html



JVNDB-2011-002553 Oracle PeopleSoft Enterprise HRMS における Candidate Gateway の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002553.html



JVNDB-2011-002552 Oracle PeopleSoft Enterprise PeopleTools におけるセキュリティの処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002529.html



JVNDB-2011-002551 Oracle PeopleSoft Enterprise PeopleTools における Personalization の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002551.html



JVNDB-2011-002550 Oracle PeopleSoft Enterprise HRMS における eDevelopment の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002550.html



JVNDB-2011-002549 Oracle PeopleSoft Enterprise HRMS における eProfile の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025549.html



JVNDB-2011-002548 Oracle Siebel CRM の Siebel Core - UIF Server コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025548.html



JVNDB-2011-002547 Oracle Siebel CRM の Siebel Core - UIF Client コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025547.html



JVNDB-2011-002546 Oracle Siebel CRM の Siebel Apps - Marketing コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025546.html



JVNDB-2011-002545 Oracle Solaris における Zone の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025545.html



JVNDB-2011-002544 Oracle Solaris における Kernel/Filesystem の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025544.html



JVNDB-2011-002543 Oracle Solaris における DTrace Software Library の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025543.html



JVNDB-2011-002542 Oracle Solaris における Network Status Monitor の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025542.html



JVNDB-2011-002541 Oracle Solaris における ZFS の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025541.html



JVNDB-2011-002540 Oracle Solaris における ZFS の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025540.html



JVNDB-2011-002539 Oracle Solaris における libnsl の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025539.html



JVNDB-2011-002538 Oracle Solaris における xscreensaver の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025538.html



JVNDB-2011-002537 Oracle Solaris における ZFS の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025537.html



JVNDB-2011-002536 Oracle Sun Products Suite の複数の製品における Web Container の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025536.html



JVNDB-2011-002535 Oracle Database Server の Application Express コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025535.html



JVNDB-2011-002534 Oracle Database Server の Core RDBMS コンポーネントおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025534.html



JVNDB-2011-002533 Oracle Database Server の Database Vault コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025533.html



JVNDB-2011-002532 Oracle Database Server の Database Vault コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025532.html



JVNDB-2011-002531 Oracle Database Server の Oracle Text コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025531.html



JVNDB-2011-002530 Oracle E-Business Suite の Oracle Applications Framework コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025530.html



JVNDB-2011-002529 Oracle E-Business Suite の Oracle Application Object Library コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025529.html



JVNDB-2011-002528 Oracle E-Business Suite の Oracle Application Object Library コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025528.html



JVNDB-2011-002527 Oracle E-Business Suite の Oracle Application Object Library コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025527.html



JVNDB-2011-002526 Oracle E-Business Suite の Oracle Application Object Library コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025526.html



JVNDB-2011-002525 Oracle Fusion Middleware の Oracle Outside In Technology コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025525.html



JVNDB-2011-002524 Oracle Fusion Middleware の Oracle Web Services Manager コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025524.html



JVNDB-2011-002523 Oracle Fusion Middleware の Oracle Business Intelligence Enterprise Edition コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025523.html



JVNDB-2011-002522 Oracle WebLogic Server における Web Services の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025522.html



JVNDB-2011-002521 Oracle WebLogic Server における JMS の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025521.html



JVNDB-2011-002520 Oracle WebLogic Server における WLS Security の処理に関する脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025520.html



JVNDB-2011-002519 Oracle Fusion Middleware の Oracle Containers for J2EE コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025519.html



JVNDB-2011-002518 Oracle Fusion Middleware の Oracle WebLogic Portal コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025158.html



JVNDB-2011-002517 Oracle Fusion Middleware の Oracle Web Services Manager コンポーネントにおける脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025157.html



Critical Control 17:Penetration Tests and Red Team Exercises

http://isc.sans.edu/diary.html?storyid=11887



Mozilla Firefox RegExp Remote Integer Underflow Vulnerability

http://www.securityfocus.com/bid/49809



libxml2 'XPATH' Expressions Memory Corruption Vulnerability

http://www.securityfocus.com/bid/45617













+- HPSBUX02715 SSRT100623 rev.1 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges

https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03057703%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken



+ GCC 4.6.2 released

http://gcc.gnu.org/gcc-4.6/



+ SA46591: Linux Kernel XFS "xfs_readlink()" Buffer Overflow Vulnerability

http://secunia.com/advisories/46591/

http://www.securityfocus.com/bid/50370



+ SA46584: Linux Kernel ghash NULL Pointer Dereference Vulnerability

http://secunia.com/advisories/46584/

http://www.securityfocus.com/bid/50366



+ OpenLDAP 'UTF8StringNormalize()' Remote Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/50384



++ Cisco IOS Fingerprinting ICMPv6 Echo Request Information Disclosure Vulnerability

http://www.securityfocus.com/bid/50379



++ Cisco IOS 'ethernet-lldp' Component Remote Denial of Service Vulnerability

http://www.securityfocus.com/bid/50377



++ Cisco IOS dot1x Port Handling Multiple Denial of Service Vulnerabilities

http://www.securityfocus.com/bid/50375



- HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information

https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03057508%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken



- Multiple Denial of Service vulnerabilities in Vino GNOME desktop sharing server

http://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities



[ANNOUNCE] Apache Archiva 1.4-M1 Released!

http://archiva.apache.org/docs/1.4-M1/release-notes.html



[ANNOUNCE] Apache Derby 10.8.2.2 released

http://db.apache.org/derby/derby_downloads.html



RHSA-2011:1409 Moderate: openssl security update

http://rhn.redhat.com/errata/RHSA-2011-1409.html



About the security content of QuickTime 7.7.1

http://support.apple.com/kb/HT5016



Google Chrome 15.0.874.106 released

http://googlechromereleases.blogspot.com/2011/10/stable-channel-update_26.html



CESA-2011:1402 (freetype)

http://lwn.net/Alerts/464550/



HPSBUX02702 SSRT100606 rev.5 - HP-UX Apache Web Server, Remote Denial of Service (DoS)

https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c02997184%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken



PHP 5.4 beta2 released

http://www.php.net/archive/2011.php#id-1



ZDI-11-302 : Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerabil

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00173.html



ZDI-11-301 : Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00172.html



ZDI-11-300 : Adobe Reader U3D PICT 10h Encoding Remote Code Execution Vulnerability

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00171.html



ZDI-11-299 : Adobe Reader PICT Parsing Remote Code Execution Vulnerability

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00170.html



ZDI-11-298 : Adobe Reader U3D IFF RGBA Parsing Remote Code Execution Vulnerability

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00169.html



ZDI-11-297 : Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00168.html



ZDI-11-296 : Adobe Reader BMP Image RLE Decoding Remote Code Execution Vulnerability

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00166.html



Cisco Security Advisory: Cisco Security Agent Remote Code Execution Vulnerabilities

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00167.html



Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00165.html



Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00164.html



Cisco Security Advisory: Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00163.html



Cisco Security Advisory: Cisco Unified Communications Manager Directory Traversal Vulnerability

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00162.html



[security bulletin] HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-U

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00161.html



Path disclosure in SPIP

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00160.html



[ GLSA 201110-23 ] Apache mod_authnz_external: SQL injection

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00159.html



Androidを狙う新手口、アプリをアップデートするとウイルスに

エフセキュアが報告、インストール時に追加のアクセス許可

http://itpro.nikkeibp.co.jp/article/NEWS/20111027/371504/?ST=security



衆院事務局がウイルス感染問題で初会合、「報道でサイバー攻撃の可能性を認識」

http://itpro.nikkeibp.co.jp/article/NEWS/20111027/371481/?ST=security



Cisco Video Surveillance IP Cameras RTSP Processing Flaw Lets Remote Users Deny Service

http://www.securitytracker.com/id/1026248



Cisco WebEx Player Buffer Overflows Let Remote Users Execute Arbitrary Code

http://www.securitytracker.com/id/1026244



Cisco Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files

http://www.securitytracker.com/id/1026243



Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

http://www.securitytracker.com/id/1026242



WordPress BackWPUp Remote Code Execution Vulnerability

http://www.securiteam.com/securitynews/6U03G1P2UA.html



Linux Kernel XFS "xfs_readlink()" Buffer Overflow Vulnerability

http://secunia.com/advisories/46591/



WordPress NextGEN Gallery Plugin Cross-Site Scripting and Request Forgery Vulnerabilities

http://secunia.com/advisories/46602/



phpMyFAQ Code Injection Vulnerability

http://secunia.com/advisories/46582/



Ubuntu update for linux-ti-omap4

http://secunia.com/advisories/46571/



Ubuntu update for linux

http://secunia.com/advisories/46585/



Ubuntu update for linux-mvl-dove

http://secunia.com/advisories/46587/



Ubuntu update for linux-ec2

http://secunia.com/advisories/46589/



Ubuntu update for linux

http://secunia.com/advisories/46590/



Ubuntu update for linux-lts-backport-maverick

http://secunia.com/advisories/46595/



Ubuntu update for linux-fsl-imx51

http://secunia.com/advisories/46598/



Ubuntu update for nova

http://secunia.com/advisories/46597/



Google Chrome Multiple Vulnerabilities

http://secunia.com/advisories/46594/



OpenStack Compute (Nova) "EC2_SECRET_KEY" Credentials Disclosure Weakness

http://secunia.com/advisories/46576/



SUSE update for hplip

http://secunia.com/advisories/46593/



Linux Kernel ghash NULL Pointer Dereference Vulnerability

http://secunia.com/advisories/46584/



Ubuntu update for kde4libs

http://secunia.com/advisories/46592/



Gentoo update for mod_authnz_external

http://secunia.com/advisories/46581/



IBM WebSphere ILOG Rule Team Server Unspecified Cross-Site Scripting Vulnerability

http://secunia.com/advisories/46574/



HP Network Node Manager i (NNMi) Remote Information Disclosure

http://www.vupen.com/english/ADV-2011-2228.php



IBM WebSphere ILOG Rule Team Server Cross Site Scripting Vulnerability

http://www.vupen.com/english/ADV-2011-2227.php



phpMyFAQ ImageManager Library Remote PHP Code Injection Vulnerability

http://www.vupen.com/english/ADV-2011-2226.php



Google Chrome Multiple Memory Corruption and Information Disclosure

http://www.vupen.com/english/ADV-2011-2225.php



Novell iPrint Client for Windows Activex Remote Code Execution Vulnerability

http://www.vupen.com/english/ADV-2011-2224.php



Novell ZENworks 7 Handheld Management Directory Traversal Vulnerability

http://www.vupen.com/english/ADV-2011-2223.php



Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities

http://www.securityfocus.com/bid/49279



libxml2 'XPATH' Memory Corruption Vulnerability

http://www.securityfocus.com/bid/44779



libxml2 Invalid XPath Multiple Memory Corruption Vulnerabilities

http://www.securityfocus.com/bid/48056



Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities

http://www.securityfocus.com/bid/49658



GNU libc glob(3) 'pattern' Remote Denial of Service Vulnerability

http://www.securityfocus.com/bid/47671



Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability

http://www.securityfocus.com/bid/46767



Squid 'DNS' Reply Remote Denial of Service Vulnerability

http://www.securityfocus.com/bid/42645



Squid Web Proxy Cache HTCP Request Processing Remote Denial of Service Vulnerability

http://www.securityfocus.com/bid/38212



Squid Web Proxy Cache Authentication Header Parsing Remote Denial of Service Vulnerability

http://www.securityfocus.com/bid/36091



Squid Proxy String Processing NULL Pointer Dereference Denial Of Service Vulnerability

http://www.securityfocus.com/bid/42982



Squid Header-Only Packets Remote Denial of Service Vulnerability

http://www.securityfocus.com/bid/37522



Squid Proxy Gopher Remote Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/49356



Squid Multiple Remote Denial of Service Vulnerabilities

http://www.securityfocus.com/bid/35812



Cisco WebEx WRF and ATAS32 File Format Multiple Remote Buffer Overflow Vulnerabilities

http://www.securityfocus.com/bid/50373



Mozilla Firefox/Thunderbird/SeaMonkey CVE-2011-3000 HTTP Response Splitting Vulnerability

http://www.securityfocus.com/bid/49849



Mozilla Firefox CVE-2011-2995 Remote Memory Corruption Vulnerability

http://www.securityfocus.com/bid/49810



Mozilla Firefox/Thunderbird/SeaMonkey Enter Key Dialog Bypass Weakness

http://www.securityfocus.com/bid/49811



Mozilla Firefox/SeaMonkey/Thunderbird CVE-2011-2999 Cross Domain Scripting Vulnerability

http://www.securityfocus.com/bid/49848



Adobe Acrobat and Reader CVE-2011-2441 Multiple Remote Stack Buffer Overflow Vulnerabilities

http://www.securityfocus.com/bid/49581



Novell iPrint Client 'nipplib.dll' Remote Code Execution Vulnerability

http://www.securityfocus.com/bid/50367



X.Org X11 Local Privilege Escalation Vulnerability and Memory Leak Vulnerability

http://www.securityfocus.com/bid/50002



Oracle Java SE CVE-2011-3545 Remote Java Runtime Environment Vulnerability

http://www.securityfocus.com/bid/50220



Oracle Java SE CVE-2011-3521 Remote Java Runtime Environment Vulnerability

http://www.securityfocus.com/bid/50215



Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability

http://www.securityfocus.com/bid/50218



Adobe Acrobat and Reader CVE-2011-2436 Remote Heap Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/49578



Apple iTunes CoreAudio (CVE-2011-3252) Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/50065



Apple Mac OS X CoreMedia H.264 Encoded Movie Files Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/50068



OpenSSL Internal Certificate Verification Routine Security Bypass Vulnerability

http://www.securityfocus.com/bid/49469



Red Hat Linux Kernel CVE-2011-3347 VLAN Packets Handling Remote Denial of Service Vulnerability

http://www.securityfocus.com/bid/50312



Red Hat Linux Kernel Ethernet Bridge Interface Denial of Service Vulnerability

http://www.securityfocus.com/bid/50313



Linux Kernel TCP Sequence Number Generation Security Weakness

http://www.securityfocus.com/bid/49289



Linux Kernel Generic Receive Offload (GRO) CVE-2011-2723 Denial of Service Vulnerability

http://www.securityfocus.com/bid/48929



Adobe Acrobat and Reader CVE-2011-2433 Remote Heap Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/49576



Adobe Acrobat and Reader CVE-2011-2435 Remote Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/49575



Adobe Acrobat and Reader U3D Tiff Remote Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/49572



Adobe Acrobat and Reader CVE-2011-2434 Remote Heap Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/49577



Adobe Acrobat and Reader CVE-2011-2438 Multiple Remote Stack Buffer Overflow Vulnerabilities

http://www.securityfocus.com/bid/49580



Adobe Acrobat and Reader CVE-2011-2437 Remote Heap Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/49579



Oracle Outside In Technology Microsoft CAB File Parsing Remote Code Execution Vulnerability

http://www.securityfocus.com/bid/47437



Oracle Outside In Technology Lotus 123 File Parsing Remote Code Execution Vulnerability

http://www.securityfocus.com/bid/47435



Retired: Microsoft Outlook Web Access Session Replay Security Bypass Vulnerability

http://www.securityfocus.com/bid/50361



IBM WebSphere ILOG Rule Team Server 'project' Parameter Cross Site Scripting Vulnerability

http://www.securityfocus.com/bid/50056



FreeType Font Document Multiple Memory Corruption Vulnerabilities

http://www.securityfocus.com/bid/50155



KDE KSSL Common Name SSL Certificate Spoofing Vulnerability

http://www.securityfocus.com/bid/49925



Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/49534



phpMyFAQ 'ajax_create_folder.php' Code Injection Vulnerability

http://www.securityfocus.com/bid/50385



OpenLDAP 'UTF8StringNormalize()' Remote Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/50384



NextGEN Gallery for WordPress Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

http://www.securityfocus.com/bid/50383



Online Subtitles Workshop 'video_comments.php' HTML Injection Vulnerability

http://www.securityfocus.com/bid/50382



XAMPP Multiple Cross Site Scripting Vulnerabilities

http://www.securityfocus.com/bid/50381



Trendmicro IWSS 3.1 Local Privilege Escalation Vulnerability

http://www.securityfocus.com/bid/50380



Cisco IOS Fingerprinting ICMPv6 Echo Request Information Disclosure Vulnerability

http://www.securityfocus.com/bid/50379



Cisco Adaptive Security Appliances (ASA) 5500 'platform-sw' Local Denial of Service Vulnerability

http://www.securityfocus.com/bid/50378



Cisco IOS 'ethernet-lldp' Component Remote Denial of Service Vulnerability

http://www.securityfocus.com/bid/50377



Cisco CiscoWorks Common Services Information Disclosure Vulnerability

http://www.securityfocus.com/bid/50376



Cisco IOS dot1x Port Handling Multiple Denial of Service Vulnerabilities

http://www.securityfocus.com/bid/50375



PrestaShop Presta2PhpList Module 'list' SQL Injection Vulnerability

http://www.securityfocus.com/bid/50374



Multiple Cisco Products (CVE-2011-3315) Directory Traversal Vulnerability

http://www.securityfocus.com/bid/50372



Cisco Video Surveillance 2421, 2500, and 2600 Series IP Cameras Denial of Service Vulnerability

http://www.securityfocus.com/bid/50371



Linux Kernel 'xfs_readlink()' Local Privilege Escalation Vulnerability

http://www.securityfocus.com/bid/50370



Novell ZENworks Handheld Management 'Common.dll' Directory Traversal Vulnerability

http://www.securityfocus.com/bid/50369



IBM WebSphere ILOG Rule Team Server Unspecified Cross Site Scripting Vulnerability

http://www.securityfocus.com/bid/50368



Linux Kernel GHASH Local Denial of Service Vulnerability

http://www.securityfocus.com/bid/50366



vtiger CRM 'index.php' Multiple Cross Site Scripting Vulnerabilities

http://www.securityfocus.com/bid/50364

















0 件のコメント:
  

















ラベル:

















        

      









登録:
投稿 (Atom)