:: IT Security Neophyte Investigator's MEMO ::: 3月 2011

2011年3月31日木曜日

ReactOS 0.3.13 Setup MEMO

　さて、インストールが完了して再起動すると、セットアップが始まる。

1. セットアップウィザードのようこそ画面にて、[次へ] をクリック

2. GPL 確認画面にて、[次へ] をクリック

3. 個人用設定画面いて、名前と組織を入力して [次へ] をクリック

4. コンピュータ名と管理者パスワード画面にて、それぞれ入力して [次へ] をクリック

5. 地域の設定画面にて、[次へ] をクリック

6. 日付と時刻の設定画面にて、[次へ] をクリック

7. コンポーネントの登録中

8. セットアップウィザードが終了して再起動

そして、ディスクトップが登場 ...

　ちょっと使って気になったところ…

VMware にセットアップしたが、VMware Tool のインストール中に異常終了する。
ダイアログの消す処理が結構抜けているから画面上に残ってしまう。(Cntl+ALT+Deleteボタンの奴とか）
ソフトウェアをインストールしようとしたが、Proxy 環境では設定が見つからず断念

　というわけで、Alpha なのでインストールまでいったことがすばらしいとしよう！

ReactOS 0.3.13 Install MEMO

　Windows 互換環境をフリーソフトウェアで実現することを目指している ReactOS の Alpha ビルドが公開されたので、早速、インストールしてみた。

1. CD-ROM よりブート

2. 言語選択画面にて、"Japanese" を選択すると、ちょっと読みにくいカタカナでの表示となる。

3. インストール種類選択画面にて、そのまま Enter

4. インストール種類の確認画面にて、そのまま Enter

5. デバイス設定画面にて、そのまま Enter

6. パーティション選択画面にて、"C" ですべてのディスクを１つのパーティションに設定して Enter

7. フォーマット方法選択画面にて、そのまま Enter

8. フォーマットの確認画面にて、そのまま Enter

9. インストールフォルダ設定画面にて、そのまま Enter

10. インストール実行中

11. ブートローダ選択画面にて、そのまま Enter

12. インストール終了画面にて、CD-ROM を取り除いて Enter

　そうすると、何か起動してきた… 続きは Setup MEMO へ

UPDATE: VMSA-2011-0006.1: VMware vmrun utility local privilege escalation
http://www.vmware.com/security/advisories/VMSA-2011-0006.html

海外情報セキュリティ関連文書の翻訳・調査研究（NIST文書など）
http://www.ipa.go.jp/security/publications/nist/index.html

JVNDB-2011-001330 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001330.html

JVNDB-2011-001329 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001329.html

JVNDB-2011-001328 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001328.html

JVNDB-2011-001327 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001327.html

JVNDB-2011-001326 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001326.html

JVNDB-2011-001325 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001325.html

JVNDB-2011-001324 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001324.html

JVNDB-2011-001323 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001323.html

JVNDB-2011-001322 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001322.html

JVNDB-2011-001321 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001321.html

JVNDB-2011-001320 BlackBerry Enterprise Server の PDF Distiller におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001320.html

JVNDB-2010-002778 BlackBerry Device Software のブラウザにおける同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002778.html

JVNDB-2010-001645 Apple Mac OS X 上で稼働する CUPS におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001645.html

JVNDB-2010-002317 CUPS の cupsFileOpen 関数における任意のファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002317.html

JVNDB-2010-001670 CUPS のテキストフィルタサブシステムにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001670.html

JVNDB-2010-002318 CUPS の cupsd 内にある ipp.c における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002318.html

JVNDB-2010-001646 Apple Mac OS X 上で稼働する CUPS における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001646.html

JVNDB-2011-001183 Adobe Flash Player における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001183.html

GNOME Display Manager Race Condition Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47063

- ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46491

Sudo version 1.8.1b4 released
http://www.sudo.ws/sudo/devel.html#1.8.1b4

Sudo version 1.7.6b4 released
http://www.sudo.ws/sudo/devel.html#1.7.6b4

Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74117.shtml

Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco Secure Access Control System Unauthorized Password Change Vulnerability
http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b7411a.html

Cisco Security Advisory: Cisco Network Access Control Guest Server System Software Authentication Bypass Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74114.shtml

Two Cisco advisories: cisco-sa-20110330-nac and cisco-sa-20110330-acs
http://isc.sans.edu/diary.html?storyid=10627

Cisco NAC Guest Server Configuration Error Lets Remote Users Bypass Authentication and Access the Network
http://www.securitytracker.com/id/1025272

Cisco Secure Access Control System Management Interface Bug Lets Remote Users Change Arbitrary User Passwords
http://www.securitytracker.com/id/1025271

VMware vmrun Utility Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1025270

IBM Rational ClearQuest Licensing Component Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1025269

IBM AppScan Licensing Component Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1025268

libvirt API Access Control Flaw Lets Remote Users Deny Service and Potentially Gain Elevated Privileges
http://www.securitytracker.com/id/1025262

Conga luci Unspecified Bug Lets Remote Users Gain Elevated Privileges
http://www.securitytracker.com/id/1025258

LibTIFF Buffer Overflow in ThunderCode Decoder Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025257

YaCOMAS Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/43928/

osCSS2 Cross-Site Scripting and Local File Inclusion Vulnerabilities
http://secunia.com/advisories/43889/

Unidesk "ReportingService" Session Handling Security Bypass
http://secunia.com/advisories/43922/

Liferay Portal Multiple Vulnerabilities
http://secunia.com/advisories/43902/

RunCMS Multiple Vulnerabilities
http://secunia.com/advisories/43542/

Debian update for tomcat5.5
http://secunia.com/advisories/43863/

VMware VIX API "vmrun" Privilege Escalation Security Issue
http://secunia.com/advisories/43943/

VMware Workstation "vmrun" Privilege Escalation Security Issue
http://secunia.com/advisories/43885/

Spitfire "username" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/43919/

Ubuntu update for tomcat6
http://secunia.com/advisories/43888/

Ubuntu update for libvirt
http://secunia.com/advisories/43897/

Ubuntu update for quagga
http://secunia.com/advisories/43894/

Ubuntu update for subversion
http://secunia.com/advisories/43892/

Fedora update for phpMyAdmin
http://secunia.com/advisories/43940/

Fedora update for wordpress
http://secunia.com/advisories/43941/

Oracle Solaris BIND Two Vulnerabilities
http://secunia.com/advisories/43935/

Debian update for mahara
http://secunia.com/advisories/43878/

REMOTE: Zend Java Bridge - Remote Code Execution (ZDI-11-113)
http://www.exploit-db.com/exploits/17078/

LOCAL: HT Editor File openning Stack Overflow (0day)
http://www.exploit-db.com/exploits/17083/

DoS/PoC: Media Player Classic Home Cinema 1.5.0.2827 AVI DoS PoC
http://www.exploit-db.com/exploits/17075/

VMware Workstation and VIX API "vmrun" Library Path Privilege Escalation
http://www.vupen.com/english/advisories/2011/0816

Oracle Solaris 11 Express Avahi Two Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2011/0815

Oracle Sun Solaris BIND Remote Denial of Service and Security Bypass
http://www.vupen.com/english/advisories/2011/0814

Fedora Security Update Fixes Libxml2 XPath Double Free Vulnerability
http://www.vupen.com/english/advisories/2011/0813

Fedora Security Update Fixes phpMyAdmin Information Disclosure Issues
http://www.vupen.com/english/advisories/2011/0812

Fedora Security Update Fixes WordPress Information Disclosure Issues
http://www.vupen.com/english/advisories/2011/0811

Turbolinux Security Update Fixes Flash Code Execution Vulnerability
http://www.vupen.com/english/advisories/2011/0810

Ubuntu Security Update Fixes vsftpd Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2011/0809

Ubuntu Security Update Fixes Tomcat Information Disclosure and DoS
http://www.vupen.com/english/advisories/2011/0808

Ubuntu Security Update Fixes Subversion Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2011/0807

Ubuntu Security Update Fixes Quagga Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2011/0806

Ubuntu Security Update Fixes Libvirt Connections Privilege Escalation
http://www.vupen.com/english/advisories/2011/0805

Debian Security Update Fixes Tomcat Information Disclosure and DoS
http://www.vupen.com/english/advisories/2011/0804

Debian Security Update Fixes Mahara Input Validation Vulnerabilities
http://www.vupen.com/english/advisories/2011/0803

libTIFF CCITT Group 4 Encoded TIFF Image Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46658

EMC Replication Manager Client Control Service Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46235

ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46491

PAM 'pam_namespace' Module Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44590

pam-xauth Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42472

Linux-PAM 'pam_env' and 'pam_mail' Modules Multiple Vulnerabilities
http://www.securityfocus.com/bid/43487

Zend Server Java Bridge 'javamw.jar' Service Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47060

OpenLDAP 'modrdn' NULL OldDN Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46831

OpenLDAP Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/46363

libxml2 'XPATH' Expressions Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45617

2011年3月30日水曜日

30日水曜日、先負

VMSA-2011-0006: VMware vmrun utility local privilege escalation
http://www.vmware.com/security/advisories/VMSA-2011-0006.html

止められない！マルウェアが行う攻撃サーバとの通信
～業務上で利用する通信と同じドアから侵入～
http://www.ipa.go.jp/security/vuln/report/newthreat201103.html

暗号モジュール試験及び認証制度における試行試験対象HSM製品の募集について
http://www.ipa.go.jp/security/jcmvp/call/call-for-hsm-for-jcmvp.html

JVNVU#707943 Windows プログラムの DLL 読み込みに脆弱性
http://jvn.jp/cert/JVNVU707943/index.html

JVNDB-2011-001319 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001319.html

JVNDB-2011-001318 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001318.html

JVNDB-2011-001317 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001317.html

JVNDB-2011-001316 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001316.html

JVNDB-2011-001315 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001315.html

JVNDB-2011-001314 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001314.html

JVNDB-2011-001313 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001313.html

JVNDB-2011-001312 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001312.html

JVNDB-2011-001311 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001311.html

JVNDB-2011-001310 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001310.html

JVNDB-2010-002777 BlackBerry Desktop Software における暗号化されたファイルを復号化される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002777.html

JVNDB-2010-002776 BlackBerry Enterprise Server の PDF Distiller コンポーネントにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002776.html

JVNDB-2010-002775 複数の BlackBerry 製品の PDF Distiller におけるバッファオーバーフロの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002775.html

JVNDB-2011-001188 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001188.html

JVNDB-2011-001187 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001187.html

JVNDB-2011-001186 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001186.html

JVNDB-2011-001184 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001184.html

JVNDB-2011-001182 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001182.html

JVNDB-2011-001181 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001181.html

JVNDB-2011-001180 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001180.html

JVNDB-2011-001179 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001179.html

JVNDB-2011-001178 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001178.html

JVNDB-2011-001177 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001177.html

JVNDB-2011-001176 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001176.html

JVNDB-2011-001175 Adobe Flash Player における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001175.html

JVNDB-2010-002725 Linux kernel の cxgb_extension_ioctl 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002725.html

IBM AppScan Licensing Component Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1025268

Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability
http://securityreason.com/securityalert/8165

IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution
http://securityreason.com/securityalert/8164

HP Discovery & Dependency Mapping Inventory Insecure SNMP Configuration
http://securityreason.com/securityalert/8163

VLC Vulnerabilities handling .AMV and .NSV files
http://securityreason.com/securityalert/8162

HP NNM CGI webappmon.exe execvp Buffer Overflow
http://securityreason.com/securityalert/8161

DoS/Poc: Winamp 5.61 - AVI DoS PoC
http://www.exploit-db.com/exploits/17074/

Pointdev IDEAL Migration & IDEAL Administration '.ipj' File Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39729

Apache Tomcat XML Parser Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35416

Apache Tomcat WAR File Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37944

Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37945

Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39635

Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/41544

Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
http://www.securityfocus.com/bid/35196

Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
http://www.securityfocus.com/bid/35193

Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35263

GuppY 'lng' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/47086

+ Linux kernel 2.6.33.9 released
http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.33/ChangeLog-2.6.33.9

+ Multiple Vulnerabilities in BIND DNS software
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_bind_dns

+ Windows Explorer 6.0.2900.5512 (Shmedia.dll 6.0.2900.5512) AVI Preview DoS PoC
http://www.exploit-db.com/exploits/17072/

++ Linux Kernel Generic Receive Offload (GRO) Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47056

[ANNOUNCEMENT] Apache Commons Codec 1.5 is now available

[ANNOUNCE] Apache Hive 0.7.0 Released
http://hive.apache.org/releases.html#Download

RHSA-2011:0390-1: Moderate: rsync security update
http://rhn.redhat.com/errata/RHSA-2011-0390.html

RHSA-2011:0391-1: Important: libvirt security update
http://rhn.redhat.com/errata/RHSA-2011-0391.html

+ RHSA-2011:0392-1: Important: libtiff security and bug fix update
http://rhn.redhat.com/errata/RHSA-2011-0392.html

RHSA-2011:0395-1: Moderate: gdm security update
http://rhn.redhat.com/errata/RHSA-2011-0395.html

+ BIND 9.6-ESV-R4 released
http://ftp.isc.org/isc/bind9/9.6.3/RELEASE-NOTES-BIND-9.6.3.html

Linux 2.6.39-rc1 released
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc1

9.1 Alpha 5 Available Now For Testing
http://www.postgresql.org/about/news.1306

CVE-2011-1002 Resource Management Errors vulnerability
http://blogs.sun.com/security/entry/cve_2011_1002

CVE-2010-2244 Denial of service vulnerability
http://blogs.sun.com/security/entry/cve_2010_2244

Debian : [DSA-2205-1] gdm3: privilege escalation
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35445

Netsparker : XSS Vulnerability in Tracks 1.7.2
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35447

Netsparker : XSS Vulnerability in EnanoCms 1.1.7 & 1.1.6
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35448

Red Hat : [RHSA-2011:0390-01] rsync: Moderate Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35439

Red Hat : [RHSA-2011:0391-01] libvirt: Important Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35440

Red Hat : [RHSA-2011:0392-01] libtiff: Important Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35441

Red Hat : [RHSA-2011:0393-01] conga: Important Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35442

Red Hat : [RHSA-2011:0394-01] conga: Important Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35443

Red Hat : [RHSA-2011:0395-01] gdm: Moderate Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35444

D99Y Team : SimplisCMS - File Disclosure Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35433

Debian : [DSA-2204-1] imp4 - Multiple Cross-site Scripting Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35427

Debian : [DSA-2203-1] Network Security Services -Fraudulent HTTPS Certificates Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35428

Hewlett-Packard : [HPSBMA02649 SSRT100430] HP Diagnostics - Cross Site Scripting Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35436

Independant Researcher : Unidesk ReportingService - Forceful Browsing Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35430

Independant Researcher : SimplisCMS - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35432

Independant Researcher : OpenCMS - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35437

Independant Researcher : DotCloud Beta - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35438

Mandriva : [MDVSA-2011:054] java-1.6.0-openjdk - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35426

Sense of Security : [SOS-11-003] Wordpress - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35429

Slackware Linux : [SSA:2011-086-03] shadow - Security Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35423

Slackware Linux : [SSA:2011-086-02] mozilla-firefox - Unspecified Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35424

Slackware Linux : [SSA:2011-086-01] seamonkey - Unspecified Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35425

Ubuntu Security Notice : [Ubuntu: 1092-1] Linux Kernel - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35421

Ubuntu Security Notice : [USN-1091-1] Firefox and Xulrunner - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35422

ZDI : [ZDI-11-113] Zend Server Java Bridge Design Flaw Remote Code Execution Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35446

Toucan System : [TSSA-2011-01] xpdf - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35431

Oracleへの接続確認でエラーが発生する
http://www.say-tech.co.jp/support/oracle/oracle-4/index.shtml

「情報セキュリティ早期警戒パートナーシップガイドライン」の2010年版を公開
http://www.ipa.go.jp/security/ciadr/partnership_guide.html

サイバー犯罪者のターゲットは個人情報から企業の知的資産へ
http://itpro.nikkeibp.co.jp/article/NEWS/20110329/358844/?ST=security

震災便乗のウイルス出現、原発事故の日本語情報に見せかける
Wordの脆弱性を突いて感染、ダミーの日本語ファイルであざむく
http://itpro.nikkeibp.co.jp/article/NEWS/20110328/358819/?ST=security

ベリサインが被災者向けWebサイトにSSLサーバー証明書などを無償提供
http://itpro.nikkeibp.co.jp/article/NEWS/20110328/358818/?ST=security

JVNDB-2011-001309 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001309.html

JVNDB-2011-001308 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001308.html

JVNDB-2011-001307 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001307.html

JVNDB-2011-001306 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001306.html

JVNDB-2011-001305 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001305.html

JVNDB-2011-001304 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001304.html

JVNDB-2011-001303 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001303.html

JVNDB-2011-001302 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001302.html

JVNDB-2011-001301 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001301.html

JVNDB-2011-001300 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001300.html

JVNDB-2010-002774 BlackBerry Desktop Software における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002774.html

JVNDB-2011-001299 BlackBerry Device Software におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001299.html

JVNDB-2011-001021 Linux kernel の blk_rq_map_user_iov 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001021.html

JVNDB-2010-002678 Linux kernel の _exit_signal 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002678.html

JVNDB-2010-002676 Linux kernel の hci_uart_tty_open 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002676.html

JVNDB-2011-001020 Linux kernel の blk_rq_map_user_iov 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001020.html

JVNDB-2011-001019 Linux kernel の fs/bio.c における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001019.html

JVNDB-2011-001018 Linux kernel の PPPoL2TP および IPoL2TP 実装における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001018.html

JVNDB-2010-002297 Linux kernel のネットワークキューイング機能の実装における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002297.html

JVNDB-2011-001148 Apache Tomcat におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001148.html

JVNDB-2010-002492 FreeType の truetype/ttgxvar.c 内にある ft_var_readpackedpoints 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002492.html

JVNDB-2010-001858 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001858.html

JVNDB-2011-001298 GNU Mailman の Cgi/confirm.py におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001298.html

JVNDB-2011-001297 GNU Mailman におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001297.html

Easy File Sharing Web Server Authentication Bypass Vulnerability
http://secunia.com/advisories/43886/

Andy's PHP Knowledgebase Project "pdfa" SQL Injection
http://secunia.com/advisories/43879/

Ays Blog "id" SQL Injection Vulnerability
http://secunia.com/advisories/43895/

OrangeHRM "recruitcode" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/43911/

ICONICS GENESIS32 / GENESIS64 Multiple Vulnerabilities
http://secunia.com/advisories/43850/

PyroCMS "website" Script Insertion Vulnerability
http://secunia.com/advisories/43910/

Claroline "firstname" and "lastname" Script Insertion Vulnerabilities
http://secunia.com/advisories/43882/

Froxlor Script Insertion and SQL Injection Vulnerabilities
http://secunia.com/advisories/43870/

Joomla! Joomanager Component Unspecified SQL Injection Vulnerability
http://secunia.com/advisories/43901/

Zend Server Java Bridge Component Code Execution Vulnerability
http://secunia.com/advisories/43867/

Red Hat update for conga
http://secunia.com/advisories/43914/

Red Hat update for libtiff
http://secunia.com/advisories/43900/

Debian update for gdm3
http://secunia.com/advisories/43714/

Red Hat update for libvirt
http://secunia.com/advisories/43917/

Red Hat update for gdm
http://secunia.com/advisories/43916/

GNOME Display Manager Cache Files Handling Privilege Escalation Vulnerability
http://secunia.com/advisories/43854/

wodWebServer.NET Directory Traversal Vulnerability
http://secunia.com/advisories/43908/

Alkacon OpenCMS Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/43872/

Siemens FactoryLink Multiple Vulnerabilities
http://secunia.com/advisories/43851/

IBM WebSphere DataPower XC10 Appliance Unspecified Java Vulnerability
http://secunia.com/advisories/43931/

Feng Office Community Edition Cross-Site Scripting and Arbitrary File Upload
http://secunia.com/advisories/43912/

Doctrine ORM "modifyLimitQuery" SQL Injection Vulnerabilities
http://secunia.com/advisories/43932/

Doctrine DBAL "modifyLimitQuery" SQL Injection Vulnerability
http://secunia.com/advisories/43773/

HP Diagnostics Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/43899/

SUSE update for openssl 160 views
http://secunia.com/advisories/43904/

HTML Purifier Multiple Vulnerabilities
http://secunia.com/advisories/43907/

SimplisCMS Multiple Vulnerabilities
http://secunia.com/advisories/43926/

Ubuntu update for linux-mvl-dove
http://secunia.com/advisories/43835/

Ubuntu update for linux-source
http://secunia.com/advisories/43840/

Debian update for imp4
http://secunia.com/advisories/43896/

EMC Data Protection Advisor Collector Privilege Escalation Vulnerability
http://secunia.com/advisories/43893/

Fedora update for libcgroup
http://secunia.com/advisories/43891/

Fedora update for gnash
http://secunia.com/advisories/43903/

Xerox WorkCentre Samba SMB1 Packet Chaining Vulnerability
http://secunia.com/advisories/43887/

Zend Server Java Bridge 'javamw.jar' Service Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025267

Xpdf Memory Corruption Errors in t1lib Library Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025266

GNOME Display Manager Cache Directory Symlink Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1025264

Rsync Checksum Mismatch Error Lets Remote Servers Execute Arbitrary Code
http://www.securitytracker.com/id/1025256

HP Diagnostics Input Validation Hole Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1025255

Making sense of RSA ACE server audit logs
http://isc.sans.edu/diary.html?storyid=10618

Requesting deletion of "free" email and chat accounts
http://isc.sans.edu/diary.html?storyid=10621

Malware emails with fake cellphone invoice
http://isc.sans.edu/diary.html?storyid=10624

TCP Tricks to Detect Rogue Wireless Access Points
http://isc.sans.edu/diary.html?storyid=10615

REMOTE: jHTTPd 0.1a Directory Traversal Vulnerability
http://www.exploit-db.com/exploits/17068/

REMOTE: Easy File Sharing Web Server 5.8 Multiple Vulnerabilities
http://www.exploit-db.com/exploits/17063/

REMOTE: Distributed Ruby Send instance_eval/syscall Code Execution
http://www.exploit-db.com/exploits/17058/

LOCAL: IDEAL Administration 2011 v11.4 Local SEH Buffer Overflow Exploit
http://www.exploit-db.com/exploits/17064/

DoS/PoC: Windows Explorer 6.0.2900.5512 (Shmedia.dll 6.0.2900.5512) AVI Preview DoS PoC
http://www.exploit-db.com/exploits/17072/

DoS/PoC: GOM Player 2.1.28.5039 - AVI DoS PoC
http://www.exploit-db.com/exploits/17071/

DoS/PoC: Rumble 0.25.2232 Denial of Service Vulnerability
http://www.exploit-db.com/exploits/17070/

Andy PHP Knowledgebase Multiple Remote SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2011/0802

Crabgrass Chat Controller Data Handling Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2011/0801

Zend Server Java Bridge "javamw.jar" Remote Code Execution Vulnerability
http://www.vupen.com/english/advisories/2011/0800

Alkacon OpenCms Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2011/0799

HP Diagnostics Unspecified Data Handling Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2011/0798

Redhat Security Update Fixes GDM Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2011/0797

Redhat Security Update Fixes Conga Luci Unauthorized Admin Access
http://www.vupen.com/english/advisories/2011/0796

Redhat Security Update Fixes LibTIFF 4-Thunder Heap Overflow Vulnerability
http://www.vupen.com/english/advisories/2011/0795

Redhat Security Update Fixes Libvirt Connections Privilege Escalation
http://www.vupen.com/english/advisories/2011/0794

Redhat Security Update Fixes Rsync Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2011/0793

Rsync Memory Corruption and Multiple Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2011/0792

Fedora Security Update Fixes Logrotate Local Command Injection and DoS
http://www.vupen.com/english/advisories/2011/0791

Fedora Security Update Fixes Asterisk Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2011/0790

Fedora Security Update Fixes Doctrine Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2011/0789

Fedora Security Update Fixes RoundCube Cross-Site Request Forgery
http://www.vupen.com/english/advisories/2011/0788

Debian Security Update Fixes GDM Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2011/0787

GNOME Display Manager Cache Directory Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2011/0786

IBM WebSphere DataPower XC10 Appliance Java Remote Denial of Service
http://www.vupen.com/english/advisories/2011/0785

SPIP "404.html" Data Processing Remote Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2011/0784

EMC Data Protection Advisor Collector Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2011/0783

Xerox WorkCentre Samba SMB1 Remote Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2011/0782

Ubuntu Security Update Fixes Kernel Code Execution and Denial of Service
http://www.vupen.com/english/advisories/2011/0781

Ubuntu Security Update Fixes Kernel Local Privilege Escalation and DoS
http://www.vupen.com/english/advisories/2011/0780

Ubuntu Security Update Fixes Firefox and Xulrunner Fraudulent Certificates
http://www.vupen.com/english/advisories/2011/0779

Fedora Security Update Fixes NSS Fraudulent SSL Certificates Issue
http://www.vupen.com/english/advisories/2011/0778

Fedora Security Update Fixes Gnash Insecure Temporary File Vulnerability
http://www.vupen.com/english/advisories/2011/0777

Fedora Security Update Fixes Subversion Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2011/0776

Fedora Security Update Fixes phpMyAdmin Information Disclosure Issues
http://www.vupen.com/english/advisories/2011/0775

Fedora Security Update Fixes Libcgroup Privilege Escalation and DoS
http://www.vupen.com/english/advisories/2011/0774

Slackware Security Update Fixes "chfn" and "chsh" Utilities Vulnerability
http://www.vupen.com/english/advisories/2011/0773

Slackware Security Update Fixes Firefox Fraudulent SSL Certificates
http://www.vupen.com/english/advisories/2011/0772

Slackware Security Update Fixes Seamonkey Fraudulent SSL Certificates
http://www.vupen.com/english/advisories/2011/0771

Mandriva Security Update Fixes Java Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2011/0770

Debian Security Update Fixes IMP4 Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2011/0769

Debian Security Update Fixes NSS Fraudulent SSL Certificates Issue
http://www.vupen.com/english/advisories/2011/0768

phpMyAdmin Error Page Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/45633

vsftpd FTP Server 'ls.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46617

Apple Mac OS X 'i386_set_ldt()' Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/46997

Avahi 'avahi-core/socket.c' Zero Size Packet Denial Of Service Vulnerability
http://www.securityfocus.com/bid/41075

Avahi 'avahi-core/socket.c' NULL UDP Packet Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46446

Apache Tomcat SecurityManager Security Bypass Vulnerability
http://www.securityfocus.com/bid/46177

Apache Tomcat NIO Connector Denial of Service Vulnerability
http://www.securityfocus.com/bid/46164

Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
http://www.securityfocus.com/bid/46174

Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46734

Quagga BGP Daemon 'AS_PATHLIMIT' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46943

Quagga BGP Daemon Null Pointer Deference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46942

ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45133

libvirt Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/46820

Asterisk TCP/TLS Server NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46898

Asterisk Manager Interface Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46897

Doctrine Project Database Abstraction Layer Library 'modifyLimitQuery()' SQL Injection Vulnerability
http://www.securityfocus.com/bid/47034

GNOME Display Manager Race Condition Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47063

Plone CVE-2011-0720 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/46102

libTIFF ThunderCode Decoder Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46951

Oracle Java Floating-Point Value Denial of Service Vulnerability
http://www.securityfocus.com/bid/46091

t1lib Type 1 Font Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46941

osCSS Local File Include and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/47083

Liferay Portal Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/47082

Enano CMS Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47080

Froxler Multiple SQL Injection and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/47079

Tracks URI Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47078

Spitfire 'cms_username' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47077

Joomla Joomanager Component Unspecified Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/47076

jHTTPd Directory Traversal Vulnerability
http://www.securityfocus.com/bid/47075

Easy File Sharing Web Server Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/47072

Rumble Mail Server 'MAIL FROM' Command Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/47070

Horde IMP Webmail 'fetchmailprefs.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/43515

Debian/Ubuntu Linux 'shadow' Package Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/46426

Oracle Java SE and Java for Business CVE-2010-4472 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46404

Oracle Java SE and Java for Business CVE-2010-4471 Remote Security Vulnerability
http://www.securityfocus.com/bid/46399

Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46406

Oracle Java SE and Java for Business CVE-2010-4469 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46400

Oracle Java SE and Java for Business CVE-2010-4448 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46398

OpenJDK 'IcedTea' Multiple Signers Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/46439

Oracle Java SE and Java for Business CVE-2010-4450 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46397

Oracle Java SE and Java for Business CVE-2010-4470 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46387

OpenJDK 'IcedTea' Plugin JAR Signature Verification Security Bypass Vulnerability
http://www.securityfocus.com/bid/46110

OpenJDK 'IcedTea' plugin JNLPSecurityManager Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45894

Gnash Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/45102

libcgroup 'cgrulesengd' Daemon Netlink Messages Event Spoofing Vulnerability
http://www.securityfocus.com/bid/46578

libcgroup Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46729

Claroline Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/47073

Distributed Ruby Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/47071

Toon Boom Studio 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/47069

pppBLOG 'search.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47068

Ulead COOL 3D Multiple DLL Loading Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/47067

webEdition CMS 'DOCUMENT_ROOT' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/47065

rsync Client Incremental File List Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47064

Zend Server Java Bridge 'javamw.jar' Service Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47060

BackWPup Plugin for WordPress 'wp_xml_export.php' Local and Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/47058

Alkacon OpenCms HTTPOnly Cookie Flag Information Disclosure Weakness
http://www.securityfocus.com/bid/47057

Linux Kernel Generic Receive Offload (GRO) Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47056

Alkacon OpenCms Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/47055

PyroCMS Blog Comment HTML Injection Vulnerability
http://www.securityfocus.com/bid/47051

wodWebServer.NET Directory Traversal Vulnerability
http://www.securityfocus.com/bid/47050

Feng Office Arbitrary File Upload and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/47049

webEdition CMS HTML Injection and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/47047

OrangeHRM 'jobVacancy.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47046

FLVPlayer4Free '.fp4f' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47045

Cetera eCommerce Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/47044

Joomla Component 'com_media' Local File Include Vulnerability
http://www.securityfocus.com/bid/47043

DivX Player Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/47042

Microsoft Windows Media Player '.ape' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47041

eXPert PDF Batch Creator Denial of Service Vulnerability
http://www.securityfocus.com/bid/47040

RealPlayer '.rmp' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47039

2011年3月28日月曜日

28日月曜日、先勝

InterScan VirusWall スタンダードエディション 6.02 Linux版 Patch 3 ならびに Critical Patch ビルド 7806 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1551

Trend Micro Network VirusWall Enforcer 2500 Service Pack 1 Patch 2 リパック版公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1550

JVNDB-2011-001296 HarfBuzz の hb-buffer.c 内にある hb_buffer_ensure 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001296.html

JVNDB-2011-001295 複数の Mozilla 製品の nsIScriptableUnescapeHTML.parseFragment メソッドにおける任意の JavaScript を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001295.html

JVNDB-2011-001294 複数の Mozilla 製品におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001294.html

JVNDB-2011-001293 複数の Mozilla 製品におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001293.html

JVNDB-2011-001292 Windows 上で稼働する Mozilla Firefox および SeaMonkey のバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001292.html

JVNDB-2011-001291 Mozilla Firefox および SeaMonkey の Web Worker 実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001291.html

JVNDB-2009-002644 BlackBerry Enterprise Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002644.html

JVNDB-2009-002643 BlackBerry Desktop Software の IBM Lotus Notes Intellisync ActiveX コントロールにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002643.html

JVNDB-2009-002642 BlackBerry Application Web Loader の Motion RIM AxLoader ActiveX コントロールの Research におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002642.html

JVNDB-2010-002061 Red Hat Package Manager の lib/fsm.c における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002061.html

JVNDB-2010-002748 Linux-PAM の pam_namespace.c における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002748.html

JVNDB-2010-002747 Linux-PAM の run_coprocess 関数における任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002747.html

JVNDB-2010-002746 Linux-PAM の run_coprocess 関数における任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002746.html

JVNDB-2010-002614 ISC BIND におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002614.html

JVNDB-2010-002544 ISC BIND named validator に脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002544.html

JVNDB-2010-002543 ISC BIND におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002543.html

JVNDB-2010-002653 Microsoft Internet Explorer に任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002653.html

Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46734

libcgroup 'cgrulesengd' Daemon Netlink Messages Event Spoofing Vulnerability
http://www.securityfocus.com/bid/46578

libcgroup Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46729

phpMyAdmin Error Page Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/45633

eXPert PDF Batch Creator Denial of Service Vulnerability
http://www.securityfocus.com/bid/47040

RealPlayer '.rmp' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47039

+ GCC 4.6.0 has been released.
http://gcc.gnu.org/gcc-4.6/

+ Linux kernel 2.6.32.36, 2.6.37.6, 2.6.38.2 released
http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.36
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37.6
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.2

+ OpenLDAP 2.4.25 released
http://www.openldap.org/
http://www.openldap.org/software/release/changes.html

+ Linux Kernel "iriap_getvaluebyclass_indication()" Buffer Overflows
http://secunia.com/advisories/43841/

2524375: 不正なデジタル証明書により、なりすましが行われる
http://www.microsoft.com/japan/technet/security/advisory/2524375.mspx

Google Chrome 10.0.648.204 released
http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html

CESA-2011:0373 (firefox)
http://lwn.net/Alerts/435267/

CESA-2011:0374 (thunderbird)
http://lwn.net/Alerts/435268/

CESA-2011:0375 (seamonkey)
http://lwn.net/Alerts/435269/

HPSBMA02649 SSRT100430 rev.1 - HP Diagnostics, Remote Cross Site Scripting (XSS)
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02770512

Postfix 2.9 Snapshot 20110323
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.9-20110323.HISTORY

Rdbhost's Rdbadmin Utility version 4 released
http://www.postgresql.org/about/news.1305

UPDATE: Cisco Security Advisory: Local Privilege Escalation Vulnerabilities in Cisco VPN Client
http://www.cisco.com/en/US/products/products_security_advisory09186a00808a0554.shtml

+ Vulnerability in the ActiveSync feature of Citrix Presentation Server and XenApp could result in arbitrary code execution
http://support.citrix.com/article/CTX128366

Trend Micro Network VirusWall Enforcer 1500i / 3500i バージョン 3.1 公開停止のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1552

パフォーマンスカウンタ監視で-207エラーによりステータスがNGとなる
http://www.say-tech.co.jp/support/bom-for-windows/207ng/index.shtml

同一種の監視を200個以上行うと正常な監視結果が得られない。
http://www.say-tech.co.jp/support/bom-for-windows/200/index.shtml

Debian : [DSA-2202-1] apache2: failure to drop root privil
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35410

High-Tech Bridge SA : [HTB22895] XSS vulnerability in Ripe website manager
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35411

High-Tech Bridge SA : [HTB22896] SQL injection vulnerability in Ripe website manager
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35412

High-Tech Bridge SA : [HTB22897] SQL injection vulnerability in Ripe website manager
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35413

High-Tech Bridge SA : [HTB22898] XSRF (CSRF) in Ripe website manager
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35414

High-Tech Bridge SA : [HTB22899] Path disclosure in SyndeoCMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35415

High-Tech Bridge SA : [HTB22900] Multiple XSS vulnerabilities in SyndeoCMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35416

High-Tech Bridge SA : [HTB22901] SQL injection in SyndeoCMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35417

High-Tech Bridge SA : [HTB22902] XSS in SyndeoCMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35418

SuSE : [SUSE-SA:2011:015] Linux kernel
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35409

YGN Ethical Hacker Group : Parallels Plesk 7.0 - 8.2 | Open URL Redirection Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35419

Mandriva : [MDVSA-2011:052] php
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35398

Mandriva : [MDVSA-2011:053] php
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35399

Ubuntu Security Notice : [USN-1091-1] Firefox and Xulrunner vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35420

Core Security Technologies : [CORE-2011-0208] VLC Vulnerabilities handling .AMV and .NSV files
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35403

プレス発表
「2011年版 10大脅威進化する攻撃．．．その対策で十分ですか？」を公開
～情報漏えいやウェブサイトを経由した攻撃が上位に～
http://www.ipa.go.jp/about/press/20110324.html

「義援金詐取サイト」防止のため、コモドジャパンがサーバー向けSSL証明書を無償提供
http://itpro.nikkeibp.co.jp/article/NEWS/20110325/358745/?ST=security

IP電話サーバー乗っ取りによる不正国際通話被害、アジルネットワークスが注意を呼びかけ
http://itpro.nikkeibp.co.jp/article/NEWS/20110324/358716/?ST=security

McAfeeがDBセキュリティー会社を買収へ、統合プラットフォーム化を推進
http://itpro.nikkeibp.co.jp/article/NEWS/20110324/358673/?ST=security

Android対応のウイルス対策ソフト製品版を無償提供、Doctor Webが期間限定で
http://itpro.nikkeibp.co.jp/article/NEWS/20110324/358662/?ST=security

JVN#99977321 Picasa における実行ファイル読み込みに関する脆弱性
http://jvn.jp/jp/JVN99977321/index.html

JVNVU#636925 Apple Mac OS X における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU636925/index.html

JVNDB-2011-001185 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001185.html

JVNDB-2011-001290 Mozilla Firefox および SeaMonkey の JavaScript エンジンにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001290.html

JVNDB-2011-001289 Mozilla Firefox および SeaMonkey の JavaScript エンジンにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001289.html

JVNDB-2011-001288 Mozilla Firefox および SeaMonkey の JSON.stringify メソッドにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001288.html

JVNDB-2011-001287 Mozilla Firefox および SeaMonkey におけるダイアログの質問に対し応答を強制される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001287.html

JVNDB-2011-001286 複数の Mozilla 製品のブラウザエンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001286.html

JVNDB-2011-001285 複数の Mozilla 製品のブラウザエンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001285.html

JVNDB-2011-001284 Samba におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001284.html

JVNDB-2011-001283 Mutare Software Enabled VoiceMail (EVM) のウェブインターフェースに複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001283.html

JVNDB-2011-001282 IBM WebSphere Portal Server の入力値検証に脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001282.html

JVNDB-2011-000021 e107 におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000021.html

JVNDB-2011-000022 Picasa における実行ファイル読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000022.html

JVNDB-2011-001281 Microsoft Malware Protection Engine における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001281.html

JVNDB-2011-001280 Cisco Adaptive Security Appliances デバイスにおける任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001280.html

JVNDB-2011-001279 Cisco Adaptive Security Appliances デバイスにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001279.html

JVNDB-2011-001278 複数の Cisco 製品におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001278.html

JVNDB-2011-001277 Cisco Adaptive Security Appliances デバイスおよび Cisco PIX Security Appliances デバイスにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001277.html

JVNDB-2011-001276 ISC BIND にサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001276.html

JVNDB-2010-002773 Linux kernel の mm/mprotect.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002773.html

JVNDB-2010-002772 Linux kernel の do_tcp_setsockopt 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002772.html

JVNDB-2011-001275 PivotX において第三者にパスワードを変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001275.html

JVNDB-2010-002771 memcached の memcached.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002771.html

JVNDB-2010-002761 libxml2 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002761.html

JVNDB-2010-002521 libxml2 の XPath 表現におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002521.html

JVNDB-2010-001805 libpng に含まれる pngrutil.c におけるメモリリークの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001805.html

JVNDB-2010-001730 libpng に脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001730.html

Strange Shockwave File with Surprising Attachments
http://isc.sans.edu/diary.html?storyid=10612

APT Tabletop Exercise
http://isc.sans.edu/diary.html?storyid=10606

The Recent RSA Breach - Imagining the Worst Case, And Why it Isn't Time to Panic (Yet)
http://isc.sans.edu/diary.html?storyid=10609

Symantec LiveUpdate Administrator Management GUI HTML Injection
http://securityreason.com/securityalert/8160

DVD Rental Software SQL injection Vulnerability
http://securityreason.com/securityalert/8159

Pre Online Tests Generator Pro SQL Injection Vulnerability
http://securityreason.com/securityalert/8158

HP OpenView Network Node Manager snmpviewer.exe Buffer Overflow
http://securityreason.com/securityalert/8157

HP OpenView NNM nnmRptConfig.exe schdParams Buffer Overflow
http://securityreason.com/securityalert/8156

HP OpenView Network Node Manager ovwebsnmpsrv.exe main Buffer Overflow
http://securityreason.com/securityalert/8155

HP OpenView Network Node Manager getnnmdata.exe (ICount) CGI Buffer Overflow
http://securityreason.com/securityalert/8154

HP OpenView Network Node Manager getnnmdata.exe (MaxAge) CGI Buffer Overflow
http://securityreason.com/securityalert/8153

Adobe Flash Player AVM Bytecode Verification
http://securityreason.com/securityalert/8152

HP OpenView NNM nnmRptConfig nameParams Buffer Overflow
http://securityreason.com/securityalert/8151

HP NNM CGI webappmon.exe OvJavaLocale Buffer Overflow
http://securityreason.com/securityalert/8150

Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability
http://securityreason.com/securityalert/8149

Adobe ColdFusion - Directory Traversal'
http://securityreason.com/securityalert/8148

RealNetworks RealPlayer CDDA URI Initialization Vulnerability
http://securityreason.com/securityalert/8147

openC Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/43865/

openC "FORM[profilbild]" Script Insertion Vulnerability
http://secunia.com/advisories/43866/

Group-Office Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/43869/

ClanSphere CKEditor Cross-Site Scripting and File Upload Vulnerabilities
http://secunia.com/advisories/43871/

Mahara Cross-Site Request Forgery and Script Insertion Vulnerabilities
http://secunia.com/advisories/43858/

SUSE update for kernel
http://secunia.com/advisories/43880/

Fedora update for krb5
http://secunia.com/advisories/43881/

Loggerhead Filename Script Insertion Vulnerability
http://secunia.com/advisories/43822/

netjukebox "skin" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/43868/

SyndeoCMS Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/43834/

Linux Kernel "iriap_getvaluebyclass_indication()" Buffer Overflows
http://secunia.com/advisories/43841/

Avaya IP Office Manager TFTP Denial of Service Vulnerability
http://secunia.com/advisories/43819/

Python urllib.request "file://" Redirect Security Issue
http://secunia.com/advisories/43883/

Python urllib/urllib2 "file://" Redirect Security Issue
http://secunia.com/advisories/43831/

Citrix Products ActiveSync Service Denial of Service Vulnerability
http://secunia.com/advisories/38748/

Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/43859/

Google Picasa Insecure Library Loading Vulnerability
http://secunia.com/advisories/43853/

Advantech WebAccess Network Service Component Code Execution Vulnerability
http://secunia.com/advisories/43877/

IBM Lotus Domino Server Controller Authentication Bypass Vulnerability
http://secunia.com/advisories/43860/

XMB Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/43862/

Nokia E75 Lock Code Bypass Vulnerability
http://secunia.com/advisories/43827/

HP StorageWorks P4000 Virtual SAN Appliance Software Buffer Overflow
http://secunia.com/advisories/43876/

VLC Media Player Large Video Dimension Vulnerability
http://secunia.com/advisories/43826/

MediaScripts Social Media "view" File Inclusion Vulnerability
http://secunia.com/advisories/43793/

Debian update for wireshark
http://secunia.com/advisories/43795/

Drupal Webform Block Module Script Insertion Vulnerability
http://secunia.com/advisories/43838/

SUSE update for pango
http://secunia.com/advisories/43873/

SUSE update for flash-player
http://secunia.com/advisories/43864/

Fedora update for postfix
http://secunia.com/advisories/43874/

Fedora update for mhonarc
http://secunia.com/advisories/43875/

Apple iPhone iOS "OfficeArtMetafileHeader" Parsing Vulnerability
http://secunia.com/advisories/43832/

Citrix XenApp and Citrix Presentation Server Bug in ActiveSync Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025254

EMC Data Protection Advisor Collector for Solaris File Permission Error Lets Remote Authenticated Users Gain Elevated Privileges
http://www.securitytracker.com/id/1025253

Immunity Debugger HTTP Update Buffer Overflow Lets Remote Users Execute Arbitrary Code via Man-in-the-Middle Attacks
http://www.securitytracker.com/id/1025252

HP Data Protector Media Operations Flaw in 'DBServer.exe' Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025251

HP Virtual SAN Appliance Stack Overflow in 'hydra.exe' Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025249

REMOTE: wodWebServer.NET 1.3.3 Directory Traversal
http://www.exploit-db.com/exploits/17053/

REMOTE: VLC AMV Dangling Pointer Vulnerability
http://www.exploit-db.com/exploits/17048/

REMOTE: HP OpenView Network Node Manager getnnmdata.exe (Hostname) CGI Buffer Overflow
http://www.exploit-db.com/exploits/17047/

DoS/PoC: Avaya IP Office Manager 8.1 TFTP DOS
http://www.exploit-db.com/exploits/17045/

DoS/PoC: IGSS 8 ODBC Server Multiple Remote Uninitialized Pointer Free DoS
http://www.exploit-db.com/exploits/17033/

DoS/PoC: VMCPlayer 1.0 Denial of Service
http://www.exploit-db.com/exploits/17032/

RoundCube Requests Handling Cross-Site Request Forgery Vulnerabilities
http://www.vupen.com/english/advisories/2011/0767

Google Picasa "Locate on Disk" Feature Insecure Library Loading
http://www.vupen.com/english/advisories/2011/0766

Google Chrome Multiple Use-after-free and Buffer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2011/0765

Fedora Security Update Fixes PHP Code Execution and DoS Vulnerabilities
http://www.vupen.com/english/advisories/2011/0764

Fedora Security Update Fixes krb5 KDC PKINIT Double-free Vulnerability
http://www.vupen.com/english/advisories/2011/0763

Apple Safari WebKit Library Redirections Address Bar Spoofing Vulnerability
http://www.vupen.com/english/advisories/2011/0762

Ecava IntegraXor HMI Remote SQL Statement Execution Vulnerability
http://www.vupen.com/english/advisories/2011/0761

Immunity Debugger HTTP Response Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2011/0760

VLC Media Player AMV and NSV Data Processing Memory Corruption
http://www.vupen.com/english/advisories/2011/0759

IBM Lotus Domino Cookie File Authentication Bypass and Code Execution
http://www.vupen.com/english/advisories/2011/0758

HP OpenView Storage Data Protector Media Operations Memory Corruption
http://www.vupen.com/english/advisories/2011/0757

HP StorageWorks P4000 Virtual SAN Appliance Stack Overflow Vulnerability
http://www.vupen.com/english/advisories/2011/0756

HP Discovery & Dependency Mapping Inventory SNMP Configuration Issue
http://www.vupen.com/english/advisories/2011/0755

Citrix Presentation Server and XenApp ActiveSync Remote Code Execution
http://www.vupen.com/english/advisories/2011/0754

Microsoft Windows Fraudulent SSL Certificates Information Disclosure
http://www.vupen.com/english/advisories/2011/0753

Fedora Security Update Fixes Postfix STARTTLS Command Injection
http://www.vupen.com/english/advisories/2011/0752

Fedora Security Update Fixes Firefox and Xulrunner Fraudulent Certificates
http://www.vupen.com/english/advisories/2011/0751

Fedora Security Update Fixes MHonArc Cross Site Scripting and DoS
http://www.vupen.com/english/advisories/2011/0750

Debian Security Update Fixes Apache2 MPM-ITK Configuration Parsing Issue
http://www.vupen.com/english/advisories/2011/0749

MPM-ITK Module for Apache2 "itk_merge_dir_config()" Config Parsing Issue
http://www.vupen.com/english/advisories/2011/0748

Debian Security Update Fixes Wireshark Multiple Code Execution and DoS
http://www.vupen.com/english/advisories/2011/0747

Debian Security Update Fixes Iceweasel Fraudulent SSL Certificates Issue
http://www.vupen.com/english/advisories/2011/0746

Debian Security Update Fixes Iceape Fraudulent SSL Certificates Issue
http://www.vupen.com/english/advisories/2011/0745

Mandriva Security Update Fixes PHP Code Execution and DoS Vulnerabilities
http://www.vupen.com/english/advisories/2011/0744

VLC Media Player '.AMV' and '.NSV' Files Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/47012

libcgroup 'cgrulesengd' Daemon Netlink Messages Event Spoofing Vulnerability
http://www.securityfocus.com/bid/46578

libcgroup Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46729

Samba 'SMB1 Packet Chaining' Unspecified Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40884

Linux Kernel Block Layer Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/44793

Linux Kernel TIOCGICOUNT CVE-2010-4077 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45059

Linux Kernel 'hci_uart_tty_open()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/45014

Linux Kernel 'net/core/filter.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/44758

Cisco VPN Client for Windows Multiple Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/25332

HP OpenView Network Node Manager 'getnnmdata.exe' Code Execution Vulnerability
http://www.securityfocus.com/bid/40072

netjukebox 'skin' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47027

PHP Exif Extension 'exif_read_data()' Function Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46365

libzip '_zip_name_locate()' NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46354

PHP 'phar/phar_object.c' Format String Vulnerability
http://www.securityfocus.com/bid/46854

Family Connections 'getChat.php' XPath Injection Vulnerability
http://www.securityfocus.com/bid/47038

Family Connections 'subject' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/47037

EMC Data Protection Advisor Collector for Solaris SPARC Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/47036

PreProjects Pre Online Tests Generator Pro 'takefreestart.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/47035

Mahara Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/47033

Google Picasa Insecure Library Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/47031

Aybulut Portal 'resim.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47030

Cisco IOS CVE-2010-2829 H.323 Unspecified Denial of Service Vulnerability
http://www.securityfocus.com/bid/43395

MIT Kerberos KDC 'do_as_req.c' Double Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/46881

RETIRED: Apple Mac OS X Prior to 10.6.7 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/46950

Google Chrome prior to 9.0.597.107 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/46614

MHonArc HTML Mail Conversion Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/45528

MHonArc Tag Nesting Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46923

Linux Kernel 'task_show_regs()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46421

Linux Kernel 'drivers/media/dvb/ttpci/av7110_ca' IOCTL Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45986

Linux Kernel 'ethtool.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45972

Linux Kernel FSGEOMETRY_V1 IOCTL Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46417

Linux Kernel 'load_mixer_volumes()' Multiple Vulnerabilities
http://www.securityfocus.com/bid/45629

Linux Kernel SCTP Local Race Condition Vulnerability
http://www.securityfocus.com/bid/45661

Linux Kernel 'blk_rq_map_user_iov()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/45660

Linux Kernel 'irda_getsockopt()' Local Integer Underflow Vulnerability
http://www.securityfocus.com/bid/45556

Linux Kernel Multiple 'net/' Subsystems Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/44630

Linux Kernel 'AF_ECONET' Protocol NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/45321

Linux Kernel 'posix-cpu-timers.c' Local Race Condition Vulnerability
http://www.securityfocus.com/bid/45028

Linux Kernel TIOCGICOUNT 'serial_core.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43806

Linux Kernel 'sctp_process_unk_param()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39794

Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability
http://www.securityfocus.com/bid/46767

HP OpenView Network Node Manager CVE-2010-1964 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40873

Wireshark 1.4.3 and 1.2.14 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/46626

Wireshark '.pcap' File Memory Corruption Vulnerability
http://www.securityfocus.com/bid/46167

Wireshark Visual C++ Analyzer Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46416

Apache MPM-ITK Module Security Weakness
http://www.securityfocus.com/bid/46953

HP OpenView Network Node Manager 'ovwebsnmpsrv.exe' Bad Option Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40637

HP OpenView Network Node Manager 'ovutil.dll' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40638

HP OpenView Network Node Manager 'getnnmdata.exe' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40071

HP OpenView Network Node Manager (CVE-2010-1552) 'doLoad()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40068

Social Media 'index.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/42009

Loggerhead Filenames HTML Injection Vulnerability
http://www.securityfocus.com/bid/47032

Google Chrome Prior to 10.0.648.204 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/47029

OpenCollab Unspecified HTML Injection Vulnerability
http://www.securityfocus.com/bid/47026

Python 'urllib' and 'urllib2' Modules Information Disclosure and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/47024

Nokia E75 Firmware Lock Code Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/47022

Avaya IP Office Manager TFTP Server Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/47021

SyndeoCMS Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/47018

Ripe Website Manager Cross Site Scripting and Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/47017

MC Content Manager Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/47014

2011年3月24日木曜日

24日木曜日、先負

+ Linux kernel 2.6.32.34, 2.6.37.5, 2.6.38.1 released
http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.34
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37.5
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.1

+ 2524375: Fraudulent Digital Certificates Could Allow Spoofing
http://www.microsoft.com/technet/security/advisory/2524375.mspx
http://isc.sans.edu/diary.html?storyid=10600
http://www.securitytracker.com/id/1025248

+ PHP 'Zip' Extension 'zip_fread()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/46975

+ PHP 'OpenSSL' Extension Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/46977

+ PHP Stream Component Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46970

+ PHP Calendar Extension 'SdnToJulian()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/46967

+ Linux Kernel 'sound/oss/opl3.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47009

+ Linux Kernel 'sound/oss/midi_synth.c' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47007

+ Perl 'Perl_reg_numbered_buff_fetch()' Function Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/47006

+ Linux Kernel Signal Code Spoofing Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47003

- PHP 'Zip' Extension 'stream_get_contents()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/46969

- PHP 'Intl' Extension 'NumberFormatter::setSymbol()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/46968

CESA-2011:0370 (wireshark)
http://lwn.net/Alerts/435050/

TestLink 1.9.2 RELEASED (2011-03-19)
http://www.teamst.org/index.php/news-mainmenu-2/1-latest/106-testlink-192-released-2011-03-19

Debian : [DSA-2198-1] tex-common: insufficient input sanitiza
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35382

eidelweiss : CMS Balitbang 3.3 Arbitary File Upload Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35385

Hewlett-Packard : HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Insecure SNMP Configuration
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35383

Paul Szabo : XSS in Oracle default fcgi-bin/echo
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35396

Red Hat : [RHSA-2011:0372-01] flash-plugin: Critical Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35377

Red Hat : [RHSA-2011:0373-01] firefox: Important Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35378

Red Hat : [RHSA-2011:0374-01] thunderbird: Important Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35379

Red Hat : [RHSA-2011:0375-01] seamonkey: Important Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35380

Red Hat : [RHSA-2011:0376-01] dbus: Moderate Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35381

SuSE : [SUSE-SA:2011:014] IBM Java
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35376

ZDI : Joomla! 1.6.0 Information Disclosure/Full Path Disclosure Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35394

Firefox 4 Security Features
http://isc.sans.edu/diary.html?storyid=10594

Firefox 3 Updates and SSL Blacklist extension
http://isc.sans.edu/diary.html?storyid=10597

Microsoft Advisory about fraudulent SSL Certificates
http://isc.sans.edu/diary.html?storyid=10600

Comodo RA Compromise
http://isc.sans.edu/diary.html?storyid=10603

Achievo Multiple Vulnerabilities
http://secunia.com/advisories/42254/

7-Technologies Interactive Graphical SCADA System Multiple Vulnerabilities
http://secunia.com/advisories/43849/

Pligg CMS Multiple Unspecified Vulnerabilities
http://secunia.com/advisories/43815/

Debian update for tex-common
http://secunia.com/advisories/43816/

SUSE update for clamav
http://secunia.com/advisories/43852/

Red Hat update for flash-plugin
http://secunia.com/advisories/43856/

Immunity Debugger HTTP Response Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/43857/

Red Hat update for dbus
http://secunia.com/advisories/43839/

BroadWin / Advantech WebAccess Remote Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2011/0743

DATAC RealWin Packets Processing Remote Buffer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2011/0742

7T Interactive Graphical SCADA System Overflows and File Manipulation
http://www.vupen.com/english/advisories/2011/0741

ICONICS GENESIS Memory Corruption and Integer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2011/0740

Siemens FactoryLink Code Execution and File Download Vulnerabilities
http://www.vupen.com/english/advisories/2011/0739

Fedora Security Update Fixes PEAR Installer File Overwrite Vulnerability
http://www.vupen.com/english/advisories/2011/0738

Redhat Security Update Fixes DBus Nested Variants Stack Overflow
http://www.vupen.com/english/advisories/2011/0737

Redhat Security Update Fixes Seamonkey Fraudulent SSL Certificates
http://www.vupen.com/english/advisories/2011/0736

Redhat Security Update Fixes Thunderbird Fraudulent SSL Certificates Issue
http://www.vupen.com/english/advisories/2011/0735

Redhat Security Update Fixes Firefox Fraudulent SSL Certificates Issue
http://www.vupen.com/english/advisories/2011/0734

Mozilla Products Fraudulent SSL Certificates Information Disclosure
http://www.vupen.com/english/advisories/2011/0733

Redhat Security Update Fixes Flash Remote Code Execution Vulnerability
http://www.vupen.com/english/advisories/2011/0732

Debian Security Update Fixes TeX-Common Command Injection Vulnerability
http://www.vupen.com/english/advisories/2011/0731

Progea Movicon 11 TCPUploadServer Remote Exploit
http://www.exploit-db.com/exploits/17034

HP NNM CGI webappmon.exe execvp Buffer Overflow
http://www.exploit-db.com/exploits/17030

HP NNM CGI webappmon.exe OvJavaLocale Buffer Overflow
http://www.exploit-db.com/exploits/17029

HP OpenView NNM nnmRptConfig nameParams Buffer Overflow
http://www.exploit-db.com/exploits/17028

Adobe Flash Player AVM Bytecode Verification
http://www.exploit-db.com/exploits/17027

Distributed Ruby send syscall vulnerability
http://www.exploit-db.com/exploits/17031

VLC Media Player Buffer Overflow in Processing AMV and NSV Files Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025250

Microsoft Windows Includes Some Invalid Comodo Certificates
http://www.securitytracker.com/id/1025248

RETIRED: libTIFF TIFF Image 'StripByteCounts' Field Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46931

Progea Movicon 'TCPUploadServer.exe' Security Bypass Vulnerability
http://www.securityfocus.com/bid/46907

7T Interactive Graphical SCADA System Malformed Packet Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/46310

PHP 'Zip' Extension 'zip_fread()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/46975

PHP 'OpenSSL' Extension Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/46977

PHP 'shmop_read()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/46786

PHP Stream Component Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46970

PHP 'Zip' Extension 'stream_get_contents()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/46969

PHP 'phar/phar_object.c' Format String Vulnerability
http://www.securityfocus.com/bid/46854

PHP 'Intl' Extension 'NumberFormatter::setSymbol()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/46968

libzip '_zip_name_locate()' NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46354

PHP Exif Extension 'exif_read_data()' Function Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46365

PHP Calendar Extension 'SdnToJulian()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/46967

PEAR Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/46605

HP OpenView Network Node Manager 'OvJavaLocale' Cookie Value Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42154

HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/45762

HP OpenView Network Node Manager 'execvp_nc()' Code Execution Vulnerability
http://www.securityfocus.com/bid/41829

Adobe Flash Player CVE-2011-0609 'SWF' File Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/46860

D-Bus Nested Variants Denial of Service Vulnerability
http://www.securityfocus.com/bid/45377

VLC Media Player '.AMV' and '.NSV' Files Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/47012

Constructr CMS Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/47011

Achievo Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/47010

Linux Kernel 'sound/oss/opl3.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47009

Advantech/BroadWin SCADA WebAccess Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/47008

Linux Kernel 'sound/oss/midi_synth.c' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47007

Perl 'Perl_reg_numbered_buff_fetch()' Function Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/47006

Hewlett-Packard Virtual SAN Appliance 'hydra.exe' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47005

HP Data Protector 'DBServer.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47004

Linux Kernel Signal Code Spoofing Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47003

PHP-Nuke 'HTTP_REFERER' Header Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/47002

PHP-Nuke 'Feedback' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/47001

PHP-Nuke 'chng_uid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/47000

Pligg CMS Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/46998

Apple Mac OS X Libinfo Denial of Service Vulnerability
http://www.securityfocus.com/bid/46990

Web Wiz Forums Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/46131

登録: 投稿 (Atom)

2011年3月31日木曜日

ReactOS 0.3.13 Setup MEMO

ReactOS 0.3.13 Install MEMO

31日 木曜日、仏滅

2011年3月30日水曜日

30日 水曜日、先負

2011年3月28日月曜日

28日 月曜日、先勝

2011年3月24日木曜日

24日 木曜日、先負

31日木曜日、仏滅

30日水曜日、先負

28日月曜日、先勝

24日木曜日、先負