iOS 4.3.2 のセキュリティアップデート

About the security content of iOS 4.3.2 Software Update

http://support.apple.com/kb/HT4606 

上記 URL の Mac OS X のセキュリティアップデートの翻訳

1) Certificate Trust Policy
 　Comodo 認証局により発行されたいくつかの不正な SSL 証明書が存在することが原因で、リモートから中間者攻撃を受けたり、機密情報や他の重要な情報を遮断されたりする脆弱性。 

2) libxslt　
libxslt の generate-id() においてヒープオーバーフローが発生することが原因で、細工した Web サイトを閲覧させることで、ヒープのアドレスを取得される脆弱性。(CVE-2011-0195) 

3) QuickLook
　QuickLook が Microsoft Office ファイルを取り扱う際にメモリ破壊が発生することが原因で、細工された Microsoft Office ファイルを閲覧することでアプリケーションが異常終了したり、任意のコードを実行されたりする脆弱性。(CVE-2011-1417) 

4) WebKit
　nodesets の取り扱いにおいて整数オーバーフローが発生することが原因で、細工された Web サイトを閲覧することでアプリケーションが異常終了したり、任意のコードを実行されたりする脆弱性。(CVE-2011-1290) 

5) WebKit
　text nodes の取り扱いにおいて解放済みメモリの利用が発生することが原因で、細工された Web サイトを閲覧することでアプリケーションが異常終了したり、任意のコードを実行されたりする脆弱性。(CVE-2011-1344) 

15日 金曜日、先負

PSN-2011-04-222: 2011-04 Routing & Switching: No Scheduled SIRT Security Bulletins for April 2011
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2011-04-222&viewMode=view

米当局、200万台超が感染した「Coreflood」ボットネットを閉鎖
http://itpro.nikkeibp.co.jp/article/NEWS/20110415/359465/?ST=security

JVNTA11-102A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA11-102A/index.html

JVNVU#643615 libpng に脆弱性
http://jvn.jp/cert/JVNVU643615/index.html

JVNVU#576029 libpng における圧縮された補助チャンクの処理に脆弱性
http://jvn.jp/cert/JVNVU576029/index.html

JVNVU#314158 Apple Mac OS X における脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU314158/index.html

JVNVU#658892 Apple Safari における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU658892/index.html

JVNVU#597782 Apple iOS 4.2 系における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU597782/index.html

JVNVU#805814 Apple iOS 4.3 系における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU805814/index.html

Microsoft MHTML Stack Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025359

IBM Tivoli Directory Server Bugs Let Remote Users Execute Arbitrary Code and Local Privileged Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1025358

Apple Mac OS X Fraudulent SSL Certificates Information Disclosure
http://www.vupen.com/english/advisories/2011/0985

Apple Safari WebKit Use-after-free and Integer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2011/0984

Apple iOS Code Execution and Information Disclosure Vulnerabilities
http://www.vupen.com/english/advisories/2011/0983

Invensys Wonderware InBatch BatchField ActiveX Control Stack Overflow
http://www.vupen.com/english/advisories/2011/0982

SAP NetWeaver Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2011/0981

Microsoft Reader LIT File Processing Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2011/0980




+ Linux kernel 2.6.38.3 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.3

+ Linux kernel 2.6.38.3 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.3

+ Perl 'lc()' and 'uc()' Functions TAINT Mode Protection Security Bypass Weakness
http://www.securityfocus.com/bid/47124

++ Courier-IMAP 2.9.1 released
http://www.courier-mta.org/download.php#imap

- Microsoft Reader Memory Corruption Errors Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025360

RHSA-2011:0447-1: Moderate: krb5 security update
http://rhn.redhat.com/errata/RHSA-2011-0447.html

About Security Update 2011-002
http://support.apple.com/kb/HT4608

About the security content of Safari 5.0.5
http://support.apple.com/kb/HT4596

About the security content of iOS 4.2.7 Software Update for iPhone
http://support.apple.com/kb/HT4607

About the security content of iOS 4.3.2 Software Update
http://support.apple.com/kb/HT4606

Chrome 10.0.648.205 released
http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html

Oracle Critical Patch Update Pre-Release Announcement - April 2011
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

SuSE : [SUSE-SA:2011:016] xorg-x11
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35618

Debian : [DSA-2218-1] vlc: heap-based buffer overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35604

Hewlett-Packard : Certain HP Photosmart Printers, Remote Unauthorized Access, Cross Site Scripting (XSS)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35605

High-Tech Bridge SA : [HTB22925] Path disclosure in Plogger
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35606

High-Tech Bridge SA : [HTB22926] XSS vulnerability in Plogger
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35607

High-Tech Bridge SA : [HTB22927] CSRF (Cross-Site Request Forgery) in Webjaxe
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35608

High-Tech Bridge SA : [HTB22928] Multiple SQL Injections in WebsiteBaker
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35609

High-Tech Bridge SA : [HTB22929] Multiple Path disclosure in WebsiteBaker
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35610

High-Tech Bridge SA : [HTB22930] Multiple XSS in WebCalendar
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35611

Mandriva : [MDVSA-2011:074] qt4
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35603

nSense : [NSENSE-2011-001] VeryPDF pdf2tif
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35613

Red Hat : [RHSA-2011:0429-01] kernel: Important Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35601

Red Hat : [RHSA-2011:0436-01] avahi: Moderate Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35602

Slackware Linux : [SSA:2011-101-02] kdelibs: Security Update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35598

Slackware Linux : [SSA:2011-098-01] libtiff: Security Update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35599

Slackware Linux : [SSA:2011-096-01] xrdb: Security Update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35600

DcLabs : [DCA-2011-0010] TOTVS Microsiga Protheus ERP - Memory Corruption
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35619

Luigi Auriemma : Stack overflow in Microsoft HTML Help 6.1 (CHM files)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35612

カスペルスキーがAndroid向けセキュリティソフト、当面は無料で提供
盗難対策やウイルス対策などを備える、有料版の提供時期は未定
http://itpro.nikkeibp.co.jp/article/NEWS/20110414/359461/?ST=security

Apple Security Patches for OS X and iOS
http://isc.sans.edu/diary.html?storyid=10708

Sysinternals updates, a new blog post, and webcast
http://isc.sans.edu/diary.html?storyid=10711

PHP Album Multiple Vulnerabilities
http://secunia.com/advisories/44078/

Sonexis ConferenceManager Script Insertion and SQL Injection Vulnerabilities
http://secunia.com/advisories/44001/

FiberHome HG-110 Router Cross-Site Scripting and File Disclosure Vulnerabilities
http://secunia.com/advisories/44085/

Cacti "drp_action" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/44133/

TinyBB "post" SQL Injection Vulnerability
http://secunia.com/advisories/44165/

Ubuntu update for gimp
http://secunia.com/advisories/44112/

BoltWire "p" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/43421/

Fedora update for perl
http://secunia.com/advisories/44168/

Orbeon Forms Multiple Vulnerabilities
http://secunia.com/advisories/44139/

SAP NetWeaver Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/44187/

CA Total Defense Multiple Vulnerabilities
http://secunia.com/advisories/44097/

phplist: cross site request forgery (CSRF)
http://securityreason.com/securityalert/8199

O2 classic router: persistent cross site scripting (XSS) and cross site request forgery (CSRF)
http://securityreason.com/securityalert/8198

Cisco Security Agent Web Management Interface Bug Lets Remote Users Execute Arbitrary Code
http://securityreason.com/securityalert/8197

libxslt generate-id() Discloses Heap Addresses to Remote Users
http://www.securitytracker.com/id/1025365

Apple Safari Text Node Use-After-Free Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025363

Mac OS X Includes Some Invalid Comodo Certificates
http://www.securitytracker.com/id/1025362

Microsoft Reader Memory Corruption Errors Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025360

Linux Kernel EFI GUID Partition Table Buffer Overflow Lets Local Users Deny Service
http://www.securitytracker.com/id/1025355

HP Network Node Manager i Lets Local Users Access Files and Input Validation Hole Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1025354

RealNetworks RealPlayer "OpenURLInDefaultBrowser()" Code Execution
http://www.vupen.com/english/advisories/2011/0979

MediaWiki Cross Site Scripting and CSS Image Injection Vulnerabilities
http://www.vupen.com/english/advisories/2011/0978

CA Total Defense Remote Code Execution and SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2011/0977

Red Hat Enterprise Virtualization Kernel GRO Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2011/0976

SuSE Security Update Fixes X.Org X11 Command Injection Vulnerability
http://www.vupen.com/english/advisories/2011/0975

LOCAL: SimplyPlay v.66 .pls File Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/17171/

LOCAL: NEdit 5.5 Format String Vulnerability
http://www.exploit-db.com/exploits/17169/

Microsoft Windows 'xxxRealDrawMenuItem()' Function Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42250

RETIRED: Microsoft Windows Kernel 'xxxRealDrawMenuItem()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42497

X.Org xrdb Remote Arbitrary Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/47189

GNOME Display Manager Race Condition Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47063

WebKit Style Handling Memory Corruption Vulnerability
http://www.securityfocus.com/bid/46849

libxml2 'XPATH' Expressions Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45617

MIT Kerberos kadmind Change Password Feature Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47310

WebKit WBR Tags Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46822

Apple Mobile Safari for iOS 4.2.1 Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46832

libxslt 'xsltGenerateIdFunction()' Function Heap Memory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46818

Winamp '.wlz' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47334

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1240) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47217

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1239) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47216

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1241) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47218

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1242) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47219

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1237) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47214

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1238) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47215

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1233) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47233

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1236) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47213

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1235) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47212

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1234) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47211

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1229) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47229

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1227) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47227

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1230) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47230

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1228) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47228

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1231) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47231

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1232) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47232

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1225) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47225

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0676) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47220

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0677) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47224

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1226) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47226

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0675) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47210

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0674) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47209

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0672) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47207

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0670) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47205

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0666) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47203

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0662) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47194

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0665) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47202

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0671) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47206

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1234) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47234

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0667) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47204

Microsoft Internet Explorer JavaScript Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47192

Microsoft Internet Explorer Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/46821

Microsoft Internet Explorer Layout Handling Use After Free Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47190

Microsoft Internet Explorer Frame Tag Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47191

Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45639

Perl 'lc()' and 'uc()' Functions TAINT Mode Protection Security Bypass Weakness
http://www.securityfocus.com/bid/47124

Microsoft Windows OpenType Font (OTF) Driver Stack Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47179

Microsoft GDI+ EMF Image Processing Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47250

Microsoft Windows MHTML Script Code Injection Vulnerability
http://www.securityfocus.com/bid/46055

Microsoft Windows Fax Cover Page Editor Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45583

7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/46936

Microsoft Excel Data Validation Record Parsing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47256

McAfee Firewall Reporter 'GernalUtilities.pm' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/47306

HP Network Node Manager i Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47162

YUI Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/44420

PDF Extract TIFF 'pdf2tif.dll' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47322

Google Chrome Prior to 10.0.648.205 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/47377

Oracle April 2011 Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/47376

Qianbo Enterprise Web Site Management System 'Keyword' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47375

TimThumb Multiple Denial of Service and Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/47374

EZ-Shop 'specialoffer.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/47373

PhpAlbum.net 'var3' Parameter Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/47369

NEdit Preference File Name Format String Vulnerability
http://www.securityfocus.com/bid/47368

BoltWire 'p' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47364

Cacti 'drp_action' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47363

Orbeon Forms XML Injection Vulnerability
http://www.securityfocus.com/bid/47362

SAP Netweaver Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/47360

SAP GUI 'saplogon.ini' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47359

EC Software Help & Manual 'ijl15.dll' DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/47349

14日 木曜日、友引

+ Linux Kernel EFI Partition Denial of Service Vulnerability
http://www.securityfocus.com/bid/47343

UPDATE: HPSBMA02652 SSRT100432 rev.3 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Information Disclosure
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02776387

PSN-2011-04-222: 2011-04 Routing & Switching: No Scheduled SIRT Security Bulletins for April 2011
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2011-04-222&viewMode=view

jetty@codehaus 7.4.0.v20110414
http://svn.codehaus.org/jetty/jetty/branches/jetty-7/VERSION.txt

Linux kernel 2.6.39-rc3 released
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc3

Mandriva : [MDVSA-2011:073] dhcp
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35571

Microsoft : Cumulative Security Update for Internet Explorer
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35581

Microsoft : Vulnerabilities in SMB Client Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35582

Microsoft : Vulnerability in SMB Server Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35583

Microsoft : Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35584

Microsoft : Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35585

Microsoft : Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35586

Microsoft : Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35587

Microsoft : Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35588

Microsoft : Vulnerability in MHTML Could Allow Information Disclosure
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35589

Microsoft : Cumulative Security Update of ActiveX Kill Bits
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35590

Microsoft : Vulnerability in .NET Framework Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35591

Microsoft : Vulnerability in GDI+ Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35592

Microsoft : Vulnerability in DNS Resolution Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35593

Microsoft : Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35594

Microsoft : Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35595

Microsoft : Vulnerability in WordPad Text Converters Could Allow Remote Code Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35596

Microsoft : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35597

QSecure : Arbitary File Upload Vulnerability in Elxis CMS component eForum v1.1
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35572

Red Hat : [RHSA-2011:0432-01] xorg-x11: Moderate Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35569

Red Hat : [RHSA-2011:0433-01] xorg-x11-server-utils: Moderate Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35570

Slackware Linux : [SSA:2011-101-01] shadow: Security Update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35568

トレンドマイクロ、学生アワードを今年も開催
http://itpro.nikkeibp.co.jp/article/NEWS/20110414/359419/?ST=security

データを瞬時に無効化できる2.5型HDD、東芝が発表
http://itpro.nikkeibp.co.jp/article/NEWS/20110414/359404/?ST=security

WindowsやOfficeなどに危険な脆弱性が多数、すぐにパッチの適用を
過去最多17件のセキュリティ情報が公開、脆弱性も過去最多の64件
http://itpro.nikkeibp.co.jp/article/NEWS/20110414/359401/?ST=security

JVNVU#230057 Adobe Flash Player に脆弱性
http://jvn.jp/cert/JVNVU230057/index.html

dshield.org now DNSSEC signed via .org
http://isc.sans.edu/diary.html?storyid=10705

Update to Adobe Flash 0-day: Patch will be out soon
http://isc.sans.edu/diary.html?storyid=10702

TimThumb Cross-Site Scripting and Denial of Service Vulnerabilities
http://secunia.com/advisories/44126/

WooThemes "Live Wire" and "Gazette Edition" WordPress Themes Multiple Vulnerabilities
http://secunia.com/advisories/44140/

IBM Tivoli Directory Server Two Vulnerabilities
http://secunia.com/advisories/44184/

Microsoft Reader Multiple Vulnerabilities
http://secunia.com/advisories/44121/

SPIP Database Disconnect Denial of Service Vulnerability
http://secunia.com/advisories/44147/

HP Network Node Manager i Unauthorized Access and Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/44185/

HP Network Node Manager i Java Double Literal Denial of Service Vulnerability
http://secunia.com/advisories/44186/

Xceed Zip Compression Library Buffer Overflow Vulnerability
http://secunia.com/advisories/44129/

Vallen Zipper Buffer Overflow Vulnerability
http://secunia.com/advisories/44128/

Xceed Zip Compression Library Buffer Overflow Vulnerability
http://secunia.com/advisories/44099/

Debian update for vlc
http://secunia.com/advisories/43890/

Red Hat update for avahi
http://secunia.com/advisories/44131/

Barcode Reader Toolkit "pdf2tif.dll" File Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/44095/

FirstClass Client Link Input Sanitation and Insecure Library Loading Vulnerabilities
http://secunia.com/advisories/44052/

Xataface Output Cache Session Hijacking Security Issue
http://secunia.com/advisories/44130/

Red Hat update for kernel
http://secunia.com/advisories/44136/

BlackBerry Enterprise Server Multiple Vulnerabilities
http://secunia.com/advisories/44183/

BlackBerry Enterprise Server Apache Tomcat Multiple Vulnerabilities
http://secunia.com/advisories/44166/

MediaWiki Multiple Vulnerabilities
http://secunia.com/advisories/44142/

SUSE update for rsyslog
http://secunia.com/advisories/44158/

Wordtrainer Glosexpert File Parsing Buffer Overflow Vulnerabilities
http://secunia.com/advisories/44101/

WebJaxe Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/44118/

Tracks 1.7.2 XSS Vulnerability
http://securityreason.com/securityalert/8196

InTerra Blog Machine XSS vulnerability
http://securityreason.com/securityalert/8195

Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability
http://securityreason.com/securityalert/8194

HP Network Node Manager i Cross Site Scripting and Unauthorized Access
http://www.vupen.com/english/advisories/2011/0974

HP Network Node Manager i Java Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2011/0973

BlackBerry Enterprise Server Tomcat Information Disclosure and DoS
http://www.vupen.com/english/advisories/2011/0972

BlackBerry Enterprise Server Web Desktop Manager Cross Site Scripting
http://www.vupen.com/english/advisories/2011/0971

IBM DB2 Everyplace Java Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2011/0970

Redhat Security Update Fixes Avahi Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2011/0969

Redhat Security Update Fixes Kernel Privilege Escalation and DoS
http://www.vupen.com/english/advisories/2011/0968

Red Hat Network Satellite Unauthorized Access and Information Disclosure
http://www.vupen.com/english/advisories/2011/0967

Redhat Security Update Fixes X.Org X11 Command Injection Vulnerability
http://www.vupen.com/english/advisories/2011/0966

Fedora Security Update Fixes DHCP Command Injection Vulnerability
http://www.vupen.com/english/advisories/2011/0965

Fedora Security Update Fixes DBus Nested Variants Stack Overflow
http://www.vupen.com/english/advisories/2011/0964

Fedora Security Update Fixes Exim Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2011/0963

Fedora Security Update Fixes Libvirt Connections Privilege Escalation
http://www.vupen.com/english/advisories/2011/0962

Fedora Security Update Fixes Logrotate Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2011/0961

Fedora Security Update Fixes LibTIFF Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2011/0960

Fedora Security Update Fixes Quagga Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2011/0959

Fedora Security Update Fixes NSS Fraudulent SSL Certificates Issue
http://www.vupen.com/english/advisories/2011/0958

rPath Security Update Fixes httpd Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2011/0957

rPath Security Update Fixes OpenSSL DoS and Security Bypass Issues
http://www.vupen.com/english/advisories/2011/0956

SuSE Security Update Fixes Rsyslog Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2011/0955

Debian Security Update Fixes VLC "MP4_ReadBox_skcr()" Heap Corruption
http://www.vupen.com/english/advisories/2011/0954

Mandriva Security Update Fixes Qt Fraudulent SSL Certificates Issue
http://www.vupen.com/english/advisories/2011/0953

LOCAL: PlaylistMaker V1.5 .txt File Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/17166/

BlackBerry Enterprise Server Input Validation Flaw in BlackBerry Web Desktop Manager Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1025356

CA Total Defense Input Validation Flaw Lets Remote Users Inject SQL Commands
http://www.securitytracker.com/id/1025353

RealPlayer OpenURLInDefaultBrowser() Function Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025351

Windows Operating System Loader Driver Signing Restrictions Can Be Bypassed
http://www.securitytracker.com/id/1025348

PDF Extract TIFF 'pdf2tif.dll' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47322

Layer Four Traceroute (LFT) Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/46477

Adobe Flash Player CVE-2011-0611 'SWF' File Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47314

MIT Kerberos kadmind Change Password Feature Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47310

Microsoft Windows Messenger ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47197

Microsoft Internet Explorer 8 Developer Tools Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40490

Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45546

Microsoft WordPad Text Converter (CVE-2011-0028) Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47236

Microsoft Windows SMB Client Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47239

Microsoft Windows 'BROWSER ELECTION' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46360

Microsoft Windows CVE-2011-0657 DNS Resolution Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47242

Microsoft Windows SMB Transaction Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47198

Microsoft .NET Framework x86 JIT compiler Stack Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47223

BlackBerry Enterprise Server Web Desktop Manager Component Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47324

Joomla! JCE Component 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/47284

Linux Kernel Generic Receive Offload (GRO) Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47056

Oracle Java Floating-Point Value Denial of Service Vulnerability
http://www.securityfocus.com/bid/46091

Microsoft GDI+ EMF Image Processing Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47250

X.Org xrdb Remote Arbitrary Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/47189

Microsoft Windows OpenType Font (OTF) Driver Stack Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47179

IBM Tivoli Directory Server Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/47121

GIMP Multiple File Plugins Remote Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/45647

Microsoft Excel CVE-2011-0103 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47244

Computer Associates Total Defense 'UNCSW' Service Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47356

Computer Associates Total Defense Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/47355

MediaWiki Versions Prior to 1.16.3 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/47354

Xataface Output Cache Session Hijacking Vulnerability
http://www.securityfocus.com/bid/47353

Open Text FirstClass Client 'FCP://' URI and DLL Loading Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/47347

TinyBB 'viewthread.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/47346

ProletSoft Playlistmaker '.txt' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47344

Linux Kernel EFI Partition Denial of Service Vulnerability
http://www.securityfocus.com/bid/47343

TOTVS ERP Microsiga Protheus Memory Corruption Denial Of Service Vulnerability
http://www.securityfocus.com/bid/47342

13日 水曜日、先勝

UPDATE: MS10-087 - 緊急: Microsoft Office の脆弱性により、リモートでコードが実行される (2423930)
http://www.microsoft.com/japan/technet/security/bulletin/MS10-087.mspx

UPDATE: MS10-088 - 重要: Microsoft PowerPoint の脆弱性により、リモートでコードが実行される (2293386)
http://www.microsoft.com/japan/technet/security/bulletin/MS10-088.mspx

Database .NET 4.5 released
http://www.postgresql.org/about/news.1309

Trend Micro Portable SecurityにおけるWindows 2000環境のサポート終了日についてのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1565

Trend Micro Portable Security 1.0/1.1 用 修正プログラム提供開始に関するお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1564

Internet Explorer の脆弱性の修正について(MS11-018)
http://www.ipa.go.jp/security/ciadr/vul/20110413-ms11-018.html

JVNVU#230057 Adobe Flash Player に脆弱性
http://jvn.jp/cert/JVNVU230057/index.html

JVNTA11-102A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA11-102A/index.html

JVNVU#323172 Microsoft Windows にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU323172/index.html

VNVU#725596 Microsoft WMI Administrative Tools の ActiveX コントロールに脆弱性
http://jvn.jp/cert/JVNVU725596/index.html

JVNVU#427980 Microsoft Internet Explorer 8 における解放済みメモリを使用する脆弱性
http://jvn.jp/cert/JVNVU427980/index.html

Fedora update for dhcp
http://secunia.com/advisories/44180/

AR Web Content Manager (AWCM) Cross-Site scripting Vulnerability
http://securityreason.com/securityalert/8193

Anzeigenmarkt 2011 SQL Injection Vulnerability
http://securityreason.com/securityalert/8192




+ マイクロソフト 2011 年 4 月のセキュリティ情報
http://www.microsoft.com/japan/technet/security/bulletin/ms11-apr.mspx
http://www.microsoft.com/technet/security/bulletin/ms11-apr.mspx

+ MS11-018 - 緊急: Internet Explorer 用の累積的なセキュリティ更新プログラム (2497640)
http://www.microsoft.com/japan/technet/security/bulletin/MS11-018.mspx

+ MS11-019 - 緊急: SMB クライアントの脆弱性により、リモートでコードが実行される (2511455)
http://www.microsoft.com/japan/technet/security/bulletin/MS11-019.mspx

+ MS11-020 - 緊急: SMB サーバーの脆弱性により、リモートでコードが実行される (2508429)
http://www.microsoft.com/japan/technet/security/bulletin/MS11-020.mspx

+ MS11-021 - 重要: Microsoft Excel の脆弱性により、リモートでコードが実行される (2489279)
http://www.microsoft.com/japan/technet/security/bulletin/MS11-021.mspx

+ MS11-022 - 重要: Microsoft PowerPoint の脆弱性により、リモートでコードが実行される (2489283)
http://www.microsoft.com/japan/technet/security/bulletin/MS11-022.mspx

+ MS11-023 - 重要: Microsoft Office の脆弱性により、リモートでコードが実行される (2489293)
http://www.microsoft.com/japan/technet/security/bulletin/MS11-023.mspx

+ MS11-024 - 重要: Windows FAX 送付状エディターの脆弱性により、リモートでコードが実行される (2527308)
http://www.microsoft.com/japan/technet/security/bulletin/MS11-024.mspx

+ MS11-026 - 重要: MHTML の脆弱性により、情報漏えいが起こる (2503658)
http://www.microsoft.com/japan/technet/security/bulletin/MS11-026.mspx

+ MS11-027 - 緊急: ActiveX の Kill Bit の累積的なセキュリティ更新プログラム (2508272)
http://www.microsoft.com/japan/technet/security/bulletin/MS11-027.mspx

+ MS11-028 - 緊急: .NET Framework の脆弱性により、リモートでコードが実行される (2484015)
http://www.microsoft.com/japan/technet/security/bulletin/MS11-028.mspx

+ MS11-029 - 緊急: GDI+ の脆弱性により、リモートでコードが実行される (2489979)
http://www.microsoft.com/japan/technet/security/bulletin/MS11-029.mspx

+ MS11-030 - 緊急: DNS 解決の脆弱性により、リモートでコードが実行される (2509553)
http://www.microsoft.com/japan/technet/security/bulletin/MS11-030.mspx

+ MS11-031 - 緊急: JScript および VBScript スクリプト エンジンの脆弱性により、リモートでコードが実行される (2514666)
http://www.microsoft.com/japan/technet/security/bulletin/MS11-031.mspx

+ MS11-032 - 緊急: OpenType Compact Font Format (CFF) ドライバーの脆弱性により、リモートでコードが実行される (2507618)
http://www.microsoft.com/japan/technet/security/bulletin/MS11-032.mspx

+ MS11-033 - 重要: ワードパッドのテキスト コンバーターの脆弱性により、リモートでコードが実行される (2485663)
http://www.microsoft.com/japan/technet/security/bulletin/MS11-033.mspx

+ MS11-034 - 重要: Windows カーネルモード ドライバーの脆弱性により、特権が昇格される (2506223)
http://www.microsoft.com/japan/technet/security/bulletin/MS11-034.mspx

+ 2501696: MHTML の脆弱性により、情報漏えいが起こる
http://www.microsoft.com/japan/technet/security/advisory/2501696.mspx

+ Dovecot 2.0.12 released
http://www.dovecot.org/list/dovecot-news/2011-April/000187.html

+ RHSA-2011:0436-1: Moderate: avahi security update
http://rhn.redhat.com/errata/RHSA-2011-0436.html

+ RHSA-2011:0429-1: Important: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2011-0429.html

+ Linux Kernel "mremap()" Denial of Service Vulnerability
http://secunia.com/advisories/44094/
http://www.securityfocus.com/bid/47321

? Microsoft HTML Help '.chm' File Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47330
http://www.exploit-db.com/exploits/17158/

- MS11-025 - 重要: Microsoft Foundation Classes (MFC) ライブラリの脆弱性により、リモートでコードが実行される (2500212)
http://www.microsoft.com/japan/technet/security/bulletin/MS11-025.mspx

- 2506014: Update for the Windows Operating System Loader
http://www.microsoft.com/technet/security/advisory/2506014.mspx
http://www.microsoft.com/japan/technet/security/advisory/2506014.mspx

- 2501584: Release of Microsoft Office File Validation for Microsoft Office
http://www.microsoft.com/technet/security/advisory/2501584.mspx
http://www.microsoft.com/japan/technet/security/advisory/2501584.mspx

MySQL Enterprise Monitor 2.3.2 Is Now GA!
http://dev.mysql.com/doc/mysql-monitor/2.3/en/mem-news-2-3-2.html

HPSBMA02643 SSRT100416 rev.2 - HP Network Node Manager i (NNMi), Local Unauthorized Read Access to Files, Remote Cross Site Scripting (XSS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02729035

HPSBUX02642 SSRT100415 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02746026

Opera 11.10 released
http://www.opera.com/docs/changelogs/windows/1110/

APSA11-02 Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa11-02.html

Database .NET 4.5 released
http://www.postgresql.org/about/news.1309

Samba 3.6.0pre2 Available for Download
http://www.samba.org/samba/latest_news.html
http://samba.org/samba/ftp/pre/WHATSNEW-3-6-0pre2.txt

5.0.93 (Not yet released)
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html

UPDATE: 973811: Extended Protection for Authentication
http://www.microsoft.com/technet/security/advisory/973811.mspx
http://www.microsoft.com/japan/technet/security/advisory/973811.mspx

UPDATE: 2501696: Vulnerability in MHTML Could Allow Information Disclosure
http://www.microsoft.com/technet/security/advisory/2501696.mspx
http://www.microsoft.com/japan/technet/security/advisory/2501696.mspx

UPDATE: 2269637: Insecure Library Loading Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/2269637.mspx
http://www.microsoft.com/japan/technet/security/advisory/2269637.mspx

トレンドマイクロ オンラインストレージ SafeSync
クライアントソフト最新ビルド公開および一部機能変更のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1566

PUBLIC ADVISORY: 04.12.11: Microsoft Internet Explorer Use-After-Free Memory Corruption Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=900

PUBLIC ADVISORY: 04.12.11: Microsoft Excel Memory Corruption Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=901

危険な「短縮URL」に注意、クリックすると悪質サイトに誘導
SNSでは危険なリンクの6割以上を占める、シマンテックが報告
http://itpro.nikkeibp.co.jp/article/NEWS/20110413/359362/?ST=security

GMail User Using 2FA Warned of Access From China
http://isc.sans.edu/diary.html?storyid=10687

April 2011 Microsoft Black Tuesday Summary
http://isc.sans.edu/diary.html?storyid=10693

VU#230057: Adobe Flash Player contains unspecified code execution vulnerability
http://www.kb.cert.org/vuls/id/230057

Microsoft Windows Messenger ActiveX Control Unspecified Vulnerability
http://secunia.com/advisories/44159/

Microsoft Internet Explorer Multiple Vulnerabilities
http://secunia.com/advisories/44153/

Microsoft Windows JScript and VBScript Integer Overflow Vulnerability
http://secunia.com/advisories/44162/

Microsoft Windows DNS LLMNR Query Processing Vulnerability
http://secunia.com/advisories/44161/

Microsoft Office Two Vulnerabilities
http://secunia.com/advisories/44015/

Microsoft Windows OpenType Compact Font Format Driver Vulnerability
http://secunia.com/advisories/43836/

Microsoft Excel Multiple Vulnerabilities
http://secunia.com/advisories/39122/

Microsoft Windows win32k.sys Driver Privilege Escalation Vulnerabilities
http://secunia.com/advisories/44156/

Microsoft Windows/Office GDI+ Integer Overflow Vulnerability
http://secunia.com/advisories/44155/

Microsoft .NET Framework JIT Compiler Stack Corruption Vulnerability
http://secunia.com/advisories/44160/

Microsoft Windows Wordpad Word 97 Converter Vulnerabilities
http://secunia.com/advisories/41387/

Microsoft PowerPoint Three Vulnerabilities
http://secunia.com/advisories/39903/

Microsoft Windows SMB Transaction Parsing Vulnerability
http://secunia.com/advisories/44072/

OTRS Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/44029/

HP-UX NFS/ONCplus Denial of Service Vulnerability
http://secunia.com/advisories/44096/

HP-UX update for BIND
http://secunia.com/advisories/44152/

Elxis CMS eForum Component File Upload Vulnerability
http://secunia.com/advisories/44114/

Red Hat Network Satellite Server Two Vulnerabilities
http://secunia.com/advisories/44150/

Fedora update for libvirt
http://secunia.com/advisories/44145/

Linux Kernel "mremap()" Denial of Service Vulnerability
http://secunia.com/advisories/44094/

PDF Extract TIFF File Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/44113/

HP Photosmart Printers Multiple Vulnerabilities
http://secunia.com/advisories/44143/

Red Hat update for xorg-x11-server-utils
http://secunia.com/advisories/44123/

Red Hat update for xorg-x11
http://secunia.com/advisories/44122/

Slackware update for libtiff
http://secunia.com/advisories/44117/

Fedora update for logrotate
http://secunia.com/advisories/44146/

Fedora update for quagga
http://secunia.com/advisories/44148/

Ubuntu update for dhcp3
http://secunia.com/advisories/44103/

McAfee Firewall Reporter Web Interface Security Bypass Vulnerability
http://secunia.com/advisories/44110/

ISIS Papyrus AFP Viewer ActiveX Control Buffer Overflow Vulnerabilities
http://secunia.com/advisories/43349/

Google Chrome Flash Player Code Execution Vulnerability
http://secunia.com/advisories/44141/

Adobe Reader/Acrobat authplay.dll Code Execution Vulnerability
http://secunia.com/advisories/44149/

Adobe Flash Player Unspecified Code Execution Vulnerability
http://secunia.com/advisories/44119/

Microsoft Fax Cover Page Editor Memory Corruption Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025347

Microsoft Foundation Classes May Load DLLs Unsafely and Remotely Execute Arbitrary Code
http://www.securitytracker.com/id/1025346

Windows Kernel win32k.sys Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1025345

Microsoft WordPad Parsing Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025344

Microsoft Office DLL Loading and Graphic Object Processing Flaws Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025343

Microsoft PowerPoint Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025340

Microsoft Excel Multiple Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025337

Microsoft GDI+ EMF Image Integer Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025335

Microsoft OpenType Compact Font Format (CFF) Driver Stack Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025334

Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025333

Windows DNS Resolution LLMNR Processing Flaw Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1025332

Microsoft .NET Stack Corruption Error in JIT Compiler Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025331

Microsoft WMITools and Windows Messenger ActiveX Controls Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025330

Windows SMB Server Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025329

Windows Server Message Block Parsing Errors Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025328

Microsoft Internet Explorer Bugs Let Remote Users Obtain Potentially Sensitive Information, Execute Arbitrary Code, and Hijack User Clicks
http://www.securitytracker.com/id/1025327

HP-UX Unspecified Flaw in NFS/ONCplus Lets Local Users Deny Service
http://www.securitytracker.com/id/1025326

Adobe Acrobat/Reader 'Authplay.dll' Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025325

Adobe Flash Player Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025324

KDE Konqueror Input Validation Flaw in Error Page Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1025322

Linux Kernel Memory Leak in inotify_init() Lets Local Users Deny Service
http://www.securitytracker.com/id/1025321

Kerberos kadmind Can Be Crashed By a Remote Users Conducting an NMAP Scan
http://www.securitytracker.com/id/1025320

Red Hat Network Satellite Server Bugs Let Remote Users Obtain Files and Other Information
http://www.securitytracker.com/id/1025316

HP Photosmart Printer Bugs Let Remote Users Access and Modify Data and Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1025315

REMOTE: OpenText FirstClass Client v 11.005 Code Execution
http://www.exploit-db.com/exploits/17156

REMOTE: Cisco Security Agent Management Console ‘st_upload’ RCE Exploit
http://www.exploit-db.com/exploits/17155

LOCAL: Microsoft HTML Help <= 6.1 Stack Overflow
http://www.exploit-db.com/exploits/17158

LOCAL: Wordtrainer 3.0 .ORD File Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/17157

DoS/PoC: Microsoft Reader <= 2.1.1.3143 NULL Byte Write
http://www.exploit-db.com/exploits/17164

DoS/PoC: Microsoft Reader <= 2.1.1.3143 Array Overflow
http://www.exploit-db.com/exploits/17163

DoS/PoC: Microsoft Reader <= 2.1.1.3143 Integer Overflow
http://www.exploit-db.com/exploits/17162/

DoS/PoC: Microsoft Reader <= 2.1.1.3143 Heap Overflow
http://www.exploit-db.com/exploits/17161

DoS/PoC: Microsoft Reader <= 2.1.1.3143 Integer Overflow
http://www.exploit-db.com/exploits/17160

DoS/PoC: Microsoft Host Integration Server <= 8.5.4224.0 DoS Vulnerabilities
http://www.exploit-db.com/exploits/17159

Microsoft Windows Kernel-Mode Drivers Multiple Privilege Escalation (MS11-034)
http://www.vupen.com/english/advisories/2011/0952

Microsoft Windows WordPad Converter Parsing Code Execution (MS11-033)
http://www.vupen.com/english/advisories/2011/0951

Microsoft Windows OpenType CFF Driver Code Execution Vulnerability (MS11-032)
http://www.vupen.com/english/advisories/2011/0950

Microsoft Windows JScript and VBScript Scripting Vulnerability (MS11-031)
http://www.vupen.com/english/advisories/2011/0949

Microsoft Windows DNS Query Remote Code Execution Vulnerability (MS11-030)
http://www.vupen.com/english/advisories/2011/0948

Microsoft Office MSO Library Integer Overflow Vulnerability (MS11-029)
http://www.vupen.com/english/advisories/2011/0947

Microsoft Windows GDI+ Library Integer Overflow Vulnerability (MS11-029)
http://www.vupen.com/english/advisories/2011/0946

Microsoft .NET Framework Remote Stack Corruption Vulnerability (MS11-028)
http://www.vupen.com/english/advisories/2011/0945

Microsoft Windows ActiveX Controls Code Execution Vulnerabilities (MS11-027)
http://www.vupen.com/english/advisories/2011/0944

Microsoft Foundation Class Insecure Library Loading Vulnerability (MS11-025)
http://www.vupen.com/english/advisories/2011/0943

Microsoft Office Object Dereferencing and Insecure Library Loading (MS11-023)
http://www.vupen.com/english/advisories/2011/0942

Microsoft Office PowerPoint File Parsing Multiple Code Execution (MS11-022)
http://www.vupen.com/english/advisories/2011/0941

Microsoft Office Excel Document Parsing Multiple Code Execution (MS11-021)
http://www.vupen.com/english/advisories/2011/0940

Microsoft Windows SMB Server Transaction Parsing Vulnerability (MS11-020)
http://www.vupen.com/english/advisories/2011/0939

Microsoft Windows SMB Client Two Code Execution Vulnerabilities (MS11-019)
http://www.vupen.com/english/advisories/2011/0938

Microsoft Internet Explorer Code Execution and Information Disclosure (MS11-018)
http://www.vupen.com/english/advisories/2011/0937

MIT Kerberos Packets Processing Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2011/0936

HP-UX NFS/ONCplus Data Processing Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2011/0935

HP-UX BIND Signed Negative Responses Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2011/0934

VeryPDF PDF Extract TIFF Data Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2011/0933

McAfee Firewall Reporter Remote Authentication Bypass Vulnerability
http://www.vupen.com/english/advisories/2011/0932

HP Photosmart Printers Cross Site Scripting and Unauthorized Access
http://www.vupen.com/english/advisories/2011/0931

Slackware Security Update Fixes LibTIFF Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2011/0930

Slackware Security Update Fixes xrdb Command Injection Vulnerability
http://www.vupen.com/english/advisories/2011/0929

Slackware Security Update Fixes KDE Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2011/0928

KDE Konqueror "KHTMLPart::htmlError()" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2011/0927

Mandriva Security Update Fixes DHCP Command Injection Vulnerability
http://www.vupen.com/english/advisories/2011/0926

Slackware Security Update Fixes Shadow Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2011/0925

Google Chrome Flash Content Processing Code Execution Vulnerability
http://www.vupen.com/english/advisories/2011/0924

Adobe Acrobat and Reader "authplay.dll" Code Execution Vulnerability
http://www.vupen.com/english/advisories/2011/0923

Adobe Flash Player Content Processing Code Execution Vulnerability
http://www.vupen.com/english/advisories/2011/0922

Microsoft Internet Explorer Layout Handling Use After Free Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47190

D-Bus Nested Variants Denial of Service Vulnerability
http://www.securityfocus.com/bid/45377

ISC DHCP 'dhclient' Shell Characters in Response Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47176

Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40451

Exim MBX Locking Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/40454

Microsoft PowerPoint Invalid 'TimeColorBehaviorContainer' Record Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47252

RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/47255

Microsoft PowerPoint Invalid 'PersistDirectoryEntry' Record Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47251

Microsoft Internet Explorer Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/46821

Microsoft Excel 'RealTimeData' Record Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47243

Avahi 'avahi-core/socket.c' NULL UDP Packet Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46446

Linux Kernel Generic Receive Offload (GRO) Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47056

Linux Kernel 'install_special_mapping()' Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/45323

Linux Kernel Validate 'map_count' Variable Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/46492

Linux Kernel NFS Access Control List (ACL) Allocation Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/46766

Linux Kernel 'task_show_regs()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46421

Linux Kernel 'drivers/media/dvb/ttpci/av7110_ca' IOCTL Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45986

Microsoft Excel Data Validation Record Parsing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47256

VLC Media Player 'MP4' Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47293

Mozilla Firefox CVE-2011-0062 Multiple Unspecified Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/46647

Mozilla Firefox/SeaMonkey 'eval()' Function Security Bypass Vulnerability
http://www.securityfocus.com/bid/46643

Mozilla Firefox and SeaMonkey JavaScript Worker Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/46663

Mozilla Firefox/SeaMonkey Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/46652

Mozilla Firefox and SeaMonkey JavaScript String Values Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46650

Mozilla Firefox and Thunderbird JPEG Image Decoding Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46651

Mozilla Firefox and SeaMonkey JavaScript Non-Local Variables Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46648

Mozilla Firefox/SeaMonkey Text Run Construction Memory Corruption Vulnerability
http://www.securityfocus.com/bid/46660

Mozilla Firefox SeaMonkey and Thunderbird CVE-2011-0053 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/46645

Mozilla Firefox and SeaMonkey 'JSON.stringify()' Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/46661

Microsoft PowerPoint OfficeArt Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46228

Adobe Flash Player CVE-2011-0611 'SWF' File Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47314

Microsoft Windows Fax Cover Page Editor Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45583

IBM Rational Licensing Multiple Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/47091

Microsoft Excel Drawing Layer Dangling Pointer Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46227

Microsoft Windows 'BROWSER ELECTION' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46360

Computer Associates WebScan ActiveX Control Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/40689

Oracle Java SE and Java for Business Unspecified Vulnerabilities
http://www.securityfocus.com/bid/39492

Microsoft Excel Axis Properties Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46225

Microsoft Excel Office Art Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46226

Microsoft Excel Invalid Object Type Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46229

Microsoft ATL/MFC Trace Tool 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/42811

Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45546

Microsoft Windows MHTML Script Code Injection Vulnerability
http://www.securityfocus.com/bid/46055

Microsoft Internet Explorer 8 Developer Tools Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40490

Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45639

Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935

ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45133

Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/41544

Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35263

Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/25316

Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/27706

OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31692

Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
http://www.securityfocus.com/bid/28482

Cisco Security Agent Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46420

libTIFF CCITT Group 4 Encoded TIFF Image Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46658

VideoSpirit Pro and Lite '.visprj' File Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/45741

libTIFF ThunderCode Decoder Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46951

KDE Konqueror Error Page Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47304

X.Org xrdb Remote Arbitrary Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/47189

Real Networks RealPlayer 'OpenURLInDefaultBrowser()' Function Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47335

Winamp '.wlz' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47334

Winamp '.m3u8' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47333

Website Baker Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/47332

Microsoft HTML Help '.chm' File Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47330

Plogger 'gallery_name' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47329

WebCalendar Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/47328

Wordtrainer '.ord' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47326

HP-UX Unspecified Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/47325

BlackBerry Enterprise Server Web Desktop Manager Component Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47324

OTRS Multiple Unspecified Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/47323

PDF Extract TIFF 'pdf2tif.dll' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47322

Linux Kernel 'mremap()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47321

The Gazette Edition For Wordpress Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/47320

HP Photosmart Printers Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/47319

ISIS Papyrus AFP Viewer ActiveX Control Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/47318

Spellchecker Plugin for WordPress 'general.php' Local and Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/47317

Microsoft GDI+ EMF Image Processing Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47250

Microsoft VBScript And JScript Scripting Engines Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47249

Microsoft Office Shared Component DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/47246

Microsoft Excel CVE-2011-0104 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47245

Microsoft Excel CVE-2011-0103 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47244

Microsoft Windows CVE-2011-0657 DNS Resolution Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47242

Microsoft Windows SMB Client Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47239

Microsoft WordPad Text Converter (CVE-2011-0028) Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47236

Microsoft Excel CVE-2011-0098 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47235

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1234) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47234

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1233) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47233

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1232) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47232

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1231) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47231

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1230) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47230

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1229) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47229

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1228) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47228

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1227) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47227

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1226) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47226

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1225) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47225

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0677) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47224

Microsoft .NET Framework x86 JIT compiler Stack Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47223

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0676) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47220

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1242) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47219

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1241) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47218

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1240) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47217

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1239) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47216

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1238) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47215

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1237) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47214

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1236) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47213

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1235) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47212

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1234) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47211

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0675) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47210

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0674) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47209

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0672) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47207

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0671) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47206

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0670) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47205

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0667) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47204

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0666) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47203

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0665) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47202

Microsoft Excel Buffer Allocation Integer Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47201

Microsoft Windows SMB Transaction Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47198

Microsoft Windows Messenger ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47197

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0662) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47194

Microsoft Internet Explorer JavaScript Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47192

Microsoft Internet Explorer Frame Tag Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47191

Microsoft Windows OpenType Font (OTF) Driver Stack Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47179

12日 火曜日、赤口

+ HPSBUX02655 SSRT100353 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02783438

+ RHSA-2011:0433-1: Moderate: xorg-x11-server-utils security update
http://rhn.redhat.com/errata/RHSA-2011-0433.html

+ RHSA-2011:0432-1: Moderate: xorg-x11 security update
http://rhn.redhat.com/errata/RHSA-2011-0432.html

+ Linux Kernel SCTP INIT/INIT-ACK Chunk Length Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/47308

- MySQL Community Server 5.6.2 has been released
http://dev.mysql.com/doc/refman/5.6/en/mysql-nutshell.html

- HPSBUX02653 SSRT100310 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service (DoS)
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02777287

- Linux Kernel "inotify_init1()" Denial of Service Vulnerability
http://secunia.com/advisories/44091/
http://www.securityfocus.com/bid/47296

HPSBPI02656 SSRT090262 rev.1 - Certain HP Photosmart Printers, Remote Unauthorized Access, Cross Site Scripting (XSS)
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02267197

Apache POI 3.8 beta 2 available
http://poi.apache.org/changes.html

MySQL 5.6.3 (Not yet released)
http://dev.mysql.com/doc/refman/5.6/en/news-5-6-3.html

定期サーバメンテナンスのお知らせ（2011年4月22日）
http://www.trendmicro.co.jp/support/news.asp?id=1559

Trend Micro Network VirusWall Enforcer 1500i / 3500i バージョン 3.1 再公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1561

Trend Micro Network VirusWall Enforcer 1500i/3500i バージョン 3.1用 Critical Patch ビルド 1015 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1562

Debian : [DSA-2215-1] gitolite - Directory Traversal Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35558

Debian : [DSA-2214-1] ikiwiki - Input Validation Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35559

Debian : [DSA-2213-1] x11-xserver-utils - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35560

Independant Researcher : 1024cms Admin Control Panel - Directory Traversal Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35561

Independant Researcher : JCE - SQL Injection Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35562

Mandriva : [MDVSA-2011:072] gwenhywfar - Unspecified Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35556

Mandriva : [MDVSA-2011:071] kdelibs - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35557

Red Hat : [RHSA-2011:0428-01] DHCP - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35554

Red Hat : [RHSA-2011:0421-01] kernel - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35555

プレス発表
「ヤマハルーターシリーズ」におけるセキュリティ上の弱点（脆弱性）の注意喚起
http://www.ipa.go.jp/about/press/20110411.html

ヤマハルーターの機種多数にDoS攻撃を受ける重大な脆弱性、IPヘッダー処理に不具合
http://itpro.nikkeibp.co.jp/article/NEWS/20110411/359310/?ST=security

JVN#55714408 ヤマハルーターシリーズにおけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN55714408/index.html

Layer 2 DoS and other IPv6 Tricks
http://isc.sans.edu/diary.html?storyid=10690

Yet another Adobe Flash/Reader/Acrobat 0 day
http://isc.sans.edu/diary.html?storyid=10696

GMail User Using 2FA Warned of Access From China
http://isc.sans.edu/diary.html?storyid=10687

Tine 2.0 Path disclosure
http://securityreason.com/securityalert/8191

DataDynamics Report Library CoreHandler XSS
http://securityreason.com/securityalert/8190

Linux Kernel 2.4 and 2.6 disclosure of sensitive information
http://securityreason.com/securityalert/8189

Apache Tomcat 7.0.11 information disclosure
http://securityreason.com/securityalert/8188

Apache Tomcat 7.0.11 security constraint bypass
http://securityreason.com/securityalert/8187

KDE Konqueror Error Page Cross-Site Scripting Vulnerability
http://secunia.com/advisories/44065/

PHP-Lance Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/44102/

SUSE update for libvirt
http://secunia.com/advisories/44106/

Kerberos kadmind Denial of Service Vulnerability
http://secunia.com/advisories/44125/

Softbiz B2B Trading Marketplace Script "cid" SQL Injection Vulnerability
http://secunia.com/advisories/44004/

Softbiz Classified Ads PLUS Script "cid" SQL Injection Vulnerability
http://secunia.com/advisories/44006/

Etki Video PRO Two SQL Injection Vulnerabilities
http://secunia.com/advisories/44109/

Debian update for ikiwiki
http://secunia.com/advisories/44079/

PHP-Jokesite "cat_id" SQL Injection Vulnerabilities
http://secunia.com/advisories/44100/

IBM Tivoli Monitoring Unspecified Java Vulnerability
http://secunia.com/advisories/44043/

IT Dashboard "value" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/44033/

Pithos "pithos.ini" Credentials Information Disclosure Security Issue
http://secunia.com/advisories/44059/

SUSE update for libcgroup
http://secunia.com/advisories/44093/

Debian update for gitolite
http://secunia.com/advisories/44075/

IntegraXor SQL Database Insecure Permissions Security Issue
http://secunia.com/advisories/44105/

ikiwiki "meta stylesheet" Script Insertion Vulnerability
http://secunia.com/advisories/44137/

Linux Kernel "inotify_init1()" Denial of Service Vulnerability
http://secunia.com/advisories/44091/

IBM Virtual I/O Server Java Double Literal Parsing Denial of Service Vulnerability
http://secunia.com/advisories/44138/

Novell ZENworks Configuration Management Unspecified Code Execution
http://secunia.com/advisories/44120/

Debian update for x11-xserver-utils
http://secunia.com/advisories/44082/

Debian update for isc-dhcp
http://secunia.com/advisories/44090/

Debian update for dhcp3
http://secunia.com/advisories/44089/

Yamaha RT Series Routers IP Header Parsing Denial of Service Vulnerability
http://secunia.com/advisories/44087/

Red Hat update for dhcp
http://secunia.com/advisories/44127/

Fedora update for libtiff
http://secunia.com/advisories/44135/

VLC Media Player "MP4_ReadBox_skcr()" Buffer Overflow Vulnerability
http://secunia.com/advisories/44022/

Cacti Multiple SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2011/0921

SPIP Unspecified Request Processing Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2011/0920

IBM Rational Build Forge Servlet Redirection Session ID Disclosure
http://www.vupen.com/english/advisories/2011/0919

IBM Virtual I/O Server Java Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2011/0918

Novell ZENworks Configuration Management File Overwrite Code Execution
http://www.vupen.com/english/advisories/2011/0917

VLC Media Player "MP4_ReadBox_skcr()" Heap Corruption Vulnerability
http://www.vupen.com/english/advisories/2011/0916

Redhat Security Update Fixes DHCP Command Injection Vulnerability
http://www.vupen.com/english/advisories/2011/0915

Redhat Security Update Fixes Kernel Privilege Escalation and DoS
http://www.vupen.com/english/advisories/2011/0914

Mandriva Security Update Fixes KDE KSSL Certificate Validation Issue
http://www.vupen.com/english/advisories/2011/0913

Mandriva Security Update Fixes Gwenhywfar Fraudulent SSL Certificates
http://www.vupen.com/english/advisories/2011/0912

Mandriva Security Update Fixes GDM Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2011/0911

Mandriva Security Update Fixes PHP Cron Local Symlink Vulnerability
http://www.vupen.com/english/advisories/2011/0910

Debian Security Update Fixes DHCP Command Injection Vulnerability
http://www.vupen.com/english/advisories/2011/0909

Debian Security Update Fixes Gitolite Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2011/0908

Debian Security Update Fixes ikiwiki Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2011/0907

Debian Security Update Fixes X.Org X11 Command Injection Vulnerability
http://www.vupen.com/english/advisories/2011/0906

Fedora Security Update Fixes LibTIFF Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2011/0905

REMOTE: ManageEngine Applications Manager Authenticated Code Execution
http://www.exploit-db.com/exploits/17152/

LOCAL: AOL Desktop 9.6 RTX Buffer Overflow
http://www.exploit-db.com/exploits/17150/

LOCAL: tmux '-S' Option Incorrect SetGID Privilege Escalation Vulnerability
http://www.exploit-db.com/exploits/17147/

DoS/PoC: Vallen Zipper V2.30 .ZIP File Heap Overflow
http://www.exploit-db.com/exploits/17145/

McAfee Firewall Reporter 'GernalUtilities.pm' Authentication Bypass Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025314

Novell ZENworks Asset Management Directory Traversal Flaw Lets Remote Users Overwrite Files and Execute Arbitrary Code
http://www.securitytracker.com/id/1025313

libvirt Threads Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47148

libvirt Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/46820

libTIFF ThunderCode Decoder Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46951

libTIFF CCITT Group 4 Encoded TIFF Image Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46658

Novell ZENworks Configuration Management ZAM File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47295

logrotate 'shred_file()' Log Filename Command Injection Vulnerability
http://www.securityfocus.com/bid/47103

logrotate Insecure Default File Permissions Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47108

logrotate 'writeState()' Function Logfile Name Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47107

Quagga BGP Daemon 'AS_PATHLIMIT' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46943

Quagga BGP Daemon Null Pointer Deference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46942

X.Org xrdb Remote Arbitrary Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/47189

Microsoft Internet Explorer Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/46821

ISC DHCP 'dhclient' Shell Characters in Response Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47176

Apache 'mod_isapi' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38494

Apache Subrequest Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38580

OpenSSL Ciphersuite Downgrade Security Weakness
http://www.securityfocus.com/bid/45164

OpenSSL 'bn_wexpend()' Error Handling Unspecified Vulnerability
http://www.securityfocus.com/bid/38562

Pango Font Parsing 'pangoft2-render.c' Heap Corruption Vulnerability
http://www.securityfocus.com/bid/45842

AOL 9.5 '.rtx' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46071

Ecava IntegraXor Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/47019

Oracle Java Floating-Point Value Denial of Service Vulnerability
http://www.securityfocus.com/bid/46091

RealNetworks GameHouse 'InstallerDlg.dll' ActiveX Control Multiple Vulnerabilities
http://www.securityfocus.com/bid/47133

Gitolite 'ADC' Security Bypass Vulnerability
http://www.securityfocus.com/bid/46473

Red Hat Network Satellite Server Security Bypass and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/47316

Microsoft Host Integration Server Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/47315

Adobe Flash Player CVE-2011-0611 'SWF' File Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47314

Joomla! Phoca Download Component Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/47313

Microsoft Reader Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/47312

IT Dashboard 'value' POST Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47311

MIT Kerberos kadmind Version String Processing Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/47310

Linux Kernel SCTP INIT/INIT-ACK Chunk Length Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/47308

IBM Tivoli Monitoring Java Unspecified Security Vulnerability
http://www.securityfocus.com/bid/47307

McAfee Firewall Reporter 'GernalUtilities.pm' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/47306

K-Link 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/47305

KDE Konqueror Error Page Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47304

Shadow Login Failure Limit Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47303

SPIP Disconnect Database Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/47302

Vallen System Zipper '.zip' File Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47301

Pithos 'pithos.ini' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47300

Live Wire For Wordpress Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/47299

Etki Video Pro Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/47298

ManageEngine Applications Manager 'Upload.do' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/47297

Linux Kernel 'inotify_init1()' Double Free Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47296

Yamaha RT Series Routers IP Header Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/47294

VLC Media Player 'MP4' Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47293

PHP-Jokesite 2.0 Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/47292

Dimac CMS XS 'default.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/47291

PHP-Lance Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/47290

Sonexis ConferenceManager 'hostlogin.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/47289

IrfanView '.ico' File Denial of Service Vulnerability
http://www.securityfocus.com/bid/47286

Point Market 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/47288

MikeyZip '.zip' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47287

eForum '/eforum.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/47309

11日 月曜日、大安

+ Sudo 1.7.6, 1.8.1 released
http://www.sudo.ws/sudo/stable.html#1.7.6
http://www.sudo.ws/sudo/stable.html#1.8.1

+ Microsoft Windows Kernel Bug in AFD.sys Lets Local Users Deny Service
http://www.securitytracker.com/id/1025312
http://www.exploit-db.com/exploits/17133/
http://secunia.com/advisories/44080/
http://www.securityfocus.com/bid/47279

+- Microsoft Windows shmedia.dll Division By Zero, Explore.exe DOS Exploit
http://www.securiteam.com/exploits/5SP360040Q.html

+- PHP 'php5-common.php5.cron.d' Race Condition Vulnerability
http://www.securityfocus.com/bid/46928

PostgreSQL Multiple Precision Arithmetic 1.0b1 available for testing
http://pgmp.projects.postgresql.org/

CentOS 5.6 Release
http://lists.centos.org/pipermail/centos-announce/2011-April/017282.html
http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.6

RHSA-2011:0428-1: Important: dhcp security update
http://rhn.redhat.com/errata/RHSA-2011-0428.html

CESA-2011:0422 (postfix)
http://lwn.net/Alerts/437566/

Critical Issue with pg_upgrade
http://www.postgresql.org/about/news.1308

Debian : [DSA-2212-1] tmux: privilege escalation
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35541

High-Tech Bridge SA : [HTB22915] Path disclosure in Joomla
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35542

High-Tech Bridge SA : [HTB22916] XSRF (CSRF) in phpCollab
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35543

High-Tech Bridge SA : [HTB22917] XSS vulnerabilities in phpCollab
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35544

High-Tech Bridge SA : [HTB22918] Path disclosure in phpCollab
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35545

High-Tech Bridge SA : [HTB22919] Multiple XSS in Viscacha
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35546

High-Tech Bridge SA : [HTB22920] Path disclosure in Viscacha
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35547

High-Tech Bridge SA : [HTB22921] SQL Injection in Viscacha
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35548

Mandriva : [MDVSA-2011:068] firefox
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35548

Mandriva : [MDVSA-2011:069] php
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35548

Mandriva : [MDVSA-2011:070] gdm
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35553

Red Hat : [RHSA-2011:0422-01] postfix: Moderate Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35536

Red Hat : [RHSA-2011:0423-01] postfix: Moderate Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35537

Red Hat : [RHSA-2011:0426-01] spice-xpi: Moderate Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35538

Red Hat : [RHSA-2011:0427-01] spice-xpi: Moderate Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35539

Slackware Linux : [SSA:2011-097-01] dhcp: Security Update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35535

Buguroo : Maia Mailguard is affected by a XSS vulnerability in version 1.0.2a
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35551

マイクロソフトがパッチを予告、過去最多となる64件の脆弱性を修正
セキュリティ情報も過去最多タイの17件、ゼロデイ脆弱性を含む
http://itpro.nikkeibp.co.jp/article/NEWS/20110411/359278/?ST=security

震災後のBCP見直しを支援、ベリサインがリモートアクセス向け認証サービスを半額に
http://itpro.nikkeibp.co.jp/article/NEWS/20110408/359270/?ST=security

JVNDB-2011-001384 Apple iOS の MobileSafari の URL ハンドラにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001384.html

JVNDB-2011-001383 Linux kernel の ib_uverbs_poll_cq 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001383.html

JVNDB-2011-001382 Linux kernel の ib_uverbs_poll_cq 関数における整数オーバーフロー脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001382.html

Pros and Cons of "Secure" Wi-Fi Access
http://isc.sans.edu/diary.html?storyid=10675

Recent security enhancements in web browsers (e.g. Google Chrome)
http://isc.sans.edu/diary.html?storyid=10681

Have you seen this?
http://isc.sans.edu/diary.html?storyid=10678

Reader's Choice
http://isc.sans.edu/diary.html?storyid=10672

HP-UX Running CDE Calendar Manager Execution of Arbitrary Code Vulnerability
http://www.securiteam.com/securitynews/5TP370040A.html

Symantec Intel Alert Originator Service iao.exe Code Execution Vulnerability
http://www.securiteam.com/securitynews/5VP390040Y.html

HP Web Jetadmin Unauthorized Access to Managed Resources Vulnerability
http://www.securiteam.com/windowsntfocus/5UP380040M.html

Realplayer vidplin.dll AVI Parsing Code Execution Vulnerability
http://www.securiteam.com/securitynews/5DP3A0040Q.html

IBM DB2 db2dasrrm validateUser Code Execution Vulnerability
http://www.securiteam.com/securitynews/5FP3C0040O.html

IBM DB2 db2dasrrm receiveDASMessage Code Execution Vulnerability
http://www.securiteam.com/securitynews/5GP3D0040Y.html

HP OpenView Performance Insight Server Backdoor Account Code Execution Vulnerability
http://www.securiteam.com/securitynews/5EP3B0040W.html

HP Network Node Manager i (NNMi) Remote Information Disclosure
http://securityreason.com/securityalert/8186

Ananda Real Estate "list.asp" Multiple SQL Injection Vulnerabilities
http://securityreason.com/securityalert/8185

SQL injection Auth Bypass in Easy Banner Free
http://securityreason.com/securityalert/8184

Enano CMS 1.1.7pl1 Path Disclosure / SQL Injection
http://securityreason.com/securityalert/8183

Microsoft Windows Kernel Bug in AFD.sys Lets Local Users Deny Service
http://www.securitytracker.com/id/1025312

Linux Kernel Generic Receive Offload (GRO) Null Pointer Dereference Lets Remote Users Deny Service
http://www.securitytracker.com/id/1025307

Linux Kernel Ethernet Bridge IGMP Processing Bug Lets Local Users Deny Service
http://www.securitytracker.com/id/1025306

HAProxy "manage_server_side_cookies()" Denial of Service Vulnerability
http://secunia.com/advisories/44083/

Red Hat update for spice-xpi
http://secunia.com/advisories/44060/

Debian update for tmux
http://secunia.com/advisories/44081/

Viscacha Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/44077/

phplist Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/44041/

SUSE update for python-feedparser
http://secunia.com/advisories/44074/

phpCollab Cross-Site Request Forgery and Script Insertion Vulnerabilities
http://secunia.com/advisories/44073/

SUSE update for xorg-x11
http://secunia.com/advisories/44012/

SUSE update for moonlight
http://secunia.com/advisories/44076/

Microsoft Windows "afd.sys" 120CFh IOCTL Handling Vulnerability
http://secunia.com/advisories/44080/

e107 Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/44061/

vBulletin Search UI Unspecified SQL Injection Vulnerability
http://secunia.com/advisories/44084/

SUSE update for libvirt
http://secunia.com/advisories/44069/

Red Hat update for kernel
http://secunia.com/advisories/44086/

eGroupware "lang" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/44067/

eXtplorer Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/44066/

Fedora update for rsync
http://secunia.com/advisories/44088/

SUSE update for dhcpcd
http://secunia.com/advisories/44025/

SUSE update for dhcp
http://secunia.com/advisories/44011/

SUSE update for mailman
http://secunia.com/advisories/44068/

tinyproxy Netmask Generation ACL Bypass Security Issue
http://secunia.com/advisories/43948/

dhcpcd Response Processing Input Sanitation Vulnerability
http://secunia.com/advisories/44070/

rsync Incremental Recursion Memory Corruption Vulnerability
http://secunia.com/advisories/44071/

Cyber-Ark PIM Suite Password Vault Web Access Cross-Site Scripting Vulnerability
http://secunia.com/advisories/44058/

Maia Mailguard Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/44056/

Apache HttpComponents HttpClient "Proxy-Authorization" Security Issue
http://secunia.com/advisories/43998/

Microsoft Windows shmedia.dll Division By Zero, Explore.exe DOS Exploit
http://www.securiteam.com/exploits/5SP360040Q.html

LOCAL: MikeyZip 1.1 .ZIP File Buffer Overflow
http://www.exploit-db.com/exploits/17144/

DoS/PoC: IrfanView 4.28 - ICO Without Transparent Colour DoS & RDoS
http://www.exploit-db.com/exploits/17143/

DoS/PoC: IrfanView 4.28 - ICO With Transparent Colour DoS & RDoS
http://www.exploit-db.com/exploits/17142/

DoS/PoC: Libmodplug ReadS3M Stack Overflow
http://www.exploit-db.com/exploits/17140/

DoS/PoC: Microsoft Windows xp AFD.sys Local Kernel DoS Exploit
http://www.exploit-db.com/exploits/17133/

SuSE Security Update Fixes Moonlight Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2011/0904

SuSE Security Update Fixes NetworkManager dbus-glib Security Bypass
http://www.vupen.com/english/advisories/2011/0903

SuSE Security Update Fixes Mailman Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2011/0902

SuSE Security Update Fixes Telepathy-gabble Update Validation Issue
http://www.vupen.com/english/advisories/2011/0901

SuSE Security Update Fixes dbus-glib Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2011/0900

Redhat Security Update Fixes Firefox SPICE-XPI Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2011/0899

Mandriva Security Update Fixes Firefox Fraudulent SSL Certificates
http://www.vupen.com/english/advisories/2011/0898

Debian Security Update Fixes tmux Loca Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2011/0897

ISC DHCP 'dhclient' Shell Characters in Response Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47176

X.Org xrdb Remote Arbitrary Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/47189

Logwatch Log File Special Characters Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/46554

Samba 'FD_SET' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/46597

KDE kdelibs IP Address SSL Certificate Security Bypass Vulnerability
http://www.securityfocus.com/bid/46789

PHP 'php5-common.php5.cron.d' Race Condition Vulnerability
http://www.securityfocus.com/bid/46928

GNOME Display Manager Race Condition Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47063

PHP 'shmop_read()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/46786

PHP 'phar/phar_object.c' Format String Vulnerability
http://www.securityfocus.com/bid/46854

PHP 'substr_replace()' Use After Free Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/46843

libcgroup Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46729

libcgroup 'cgrulesengd' Daemon Netlink Messages Event Spoofing Vulnerability
http://www.securityfocus.com/bid/46578

Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46734

ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46491

Linux Kernel 'net/bridge/br_multicast.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/46433

Linux Kernel Generic Receive Offload (GRO) Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47056

Linux Kernel Request Handling 'cm.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/46839

Linux Kernel 'install_special_mapping()' Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/45323

Linux Kernel I/O-Warrior USB Device Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46069

Linux Kernel 'ethtool.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45972

Linux Kernel 'task_show_regs()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46421

Linux Kernel 'drivers/media/dvb/ttpci/av7110_ca' IOCTL Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45986

Linux Kernel 'CHELSIO_GET_QSET_NUM' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43221

Linux Kernel SCTP Local Race Condition Vulnerability
http://www.securityfocus.com/bid/45661

Linux Kernel TKIP Countermeasures Security Vulnerability
http://www.securityfocus.com/bid/46322

ikiwiki 'htmlscrubber' Plugin Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47285

Joomla! JCE Component 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/47284

tmux '-S' Option Incorrect SetGID Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47283

1024cms Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/47282

Multiple vBulletin Products Search UI Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/47281

Microsoft Windows 'AFD.sys' Driver Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47279

VirtueMart Component for Joomla! SQL Injection Vulnerability
http://www.securityfocus.com/bid/47278

Fiberhome HG-110 Cross Site Scripting and Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/47277

Tinyproxy ACL Security Bypass Vulnerability
http://www.securityfocus.com/bid/47276

dhcpcd 'hostname' Remote Arbitrary Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/47272

Cyber-Ark PIM Suite Password Vault Web Access Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47271

PrestaShop 'cms.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/47264

vtiger CRM 'sortfieldsjson.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/47263

eGroupware 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/47262