+ Sudo 1.7.6, 1.8.1 released
http://www.sudo.ws/sudo/stable.html#1.7.6
http://www.sudo.ws/sudo/stable.html#1.8.1
+ Microsoft Windows Kernel Bug in AFD.sys Lets Local Users Deny Service
http://www.securitytracker.com/id/1025312
http://www.exploit-db.com/exploits/17133/
http://secunia.com/advisories/44080/
http://www.securityfocus.com/bid/47279
+- Microsoft Windows shmedia.dll Division By Zero, Explore.exe DOS Exploit
http://www.securiteam.com/exploits/5SP360040Q.html
+- PHP 'php5-common.php5.cron.d' Race Condition Vulnerability
http://www.securityfocus.com/bid/46928
PostgreSQL Multiple Precision Arithmetic 1.0b1 available for testing
http://pgmp.projects.postgresql.org/
CentOS 5.6 Release
http://lists.centos.org/pipermail/centos-announce/2011-April/017282.html
http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.6
RHSA-2011:0428-1: Important: dhcp security update
http://rhn.redhat.com/errata/RHSA-2011-0428.html
CESA-2011:0422 (postfix)
http://lwn.net/Alerts/437566/
Critical Issue with pg_upgrade
http://www.postgresql.org/about/news.1308
Debian : [DSA-2212-1] tmux: privilege escalation
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35541
High-Tech Bridge SA : [HTB22915] Path disclosure in Joomla
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35542
High-Tech Bridge SA : [HTB22916] XSRF (CSRF) in phpCollab
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35543
High-Tech Bridge SA : [HTB22917] XSS vulnerabilities in phpCollab
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35544
High-Tech Bridge SA : [HTB22918] Path disclosure in phpCollab
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35545
High-Tech Bridge SA : [HTB22919] Multiple XSS in Viscacha
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35546
High-Tech Bridge SA : [HTB22920] Path disclosure in Viscacha
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35547
High-Tech Bridge SA : [HTB22921] SQL Injection in Viscacha
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35548
Mandriva : [MDVSA-2011:068] firefox
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35548
Mandriva : [MDVSA-2011:069] php
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35548
Mandriva : [MDVSA-2011:070] gdm
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35553
Red Hat : [RHSA-2011:0422-01] postfix: Moderate Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35536
Red Hat : [RHSA-2011:0423-01] postfix: Moderate Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35537
Red Hat : [RHSA-2011:0426-01] spice-xpi: Moderate Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35538
Red Hat : [RHSA-2011:0427-01] spice-xpi: Moderate Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35539
Slackware Linux : [SSA:2011-097-01] dhcp: Security Update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35535
Buguroo : Maia Mailguard is affected by a XSS vulnerability in version 1.0.2a
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35551
マイクロソフトがパッチを予告、過去最多となる64件の脆弱性を修正
セキュリティ情報も過去最多タイの17件、ゼロデイ脆弱性を含む
http://itpro.nikkeibp.co.jp/article/NEWS/20110411/359278/?ST=security
震災後のBCP見直しを支援、ベリサインがリモートアクセス向け認証サービスを半額に
http://itpro.nikkeibp.co.jp/article/NEWS/20110408/359270/?ST=security
JVNDB-2011-001384 Apple iOS の MobileSafari の URL ハンドラにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001384.html
JVNDB-2011-001383 Linux kernel の ib_uverbs_poll_cq 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001383.html
JVNDB-2011-001382 Linux kernel の ib_uverbs_poll_cq 関数における整数オーバーフロー脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001382.html
Pros and Cons of "Secure" Wi-Fi Access
http://isc.sans.edu/diary.html?storyid=10675
Recent security enhancements in web browsers (e.g. Google Chrome)
http://isc.sans.edu/diary.html?storyid=10681
Have you seen this?
http://isc.sans.edu/diary.html?storyid=10678
Reader's Choice
http://isc.sans.edu/diary.html?storyid=10672
HP-UX Running CDE Calendar Manager Execution of Arbitrary Code Vulnerability
http://www.securiteam.com/securitynews/5TP370040A.html
Symantec Intel Alert Originator Service iao.exe Code Execution Vulnerability
http://www.securiteam.com/securitynews/5VP390040Y.html
HP Web Jetadmin Unauthorized Access to Managed Resources Vulnerability
http://www.securiteam.com/windowsntfocus/5UP380040M.html
Realplayer vidplin.dll AVI Parsing Code Execution Vulnerability
http://www.securiteam.com/securitynews/5DP3A0040Q.html
IBM DB2 db2dasrrm validateUser Code Execution Vulnerability
http://www.securiteam.com/securitynews/5FP3C0040O.html
IBM DB2 db2dasrrm receiveDASMessage Code Execution Vulnerability
http://www.securiteam.com/securitynews/5GP3D0040Y.html
HP OpenView Performance Insight Server Backdoor Account Code Execution Vulnerability
http://www.securiteam.com/securitynews/5EP3B0040W.html
HP Network Node Manager i (NNMi) Remote Information Disclosure
http://securityreason.com/securityalert/8186
Ananda Real Estate "list.asp" Multiple SQL Injection Vulnerabilities
http://securityreason.com/securityalert/8185
SQL injection Auth Bypass in Easy Banner Free
http://securityreason.com/securityalert/8184
Enano CMS 1.1.7pl1 Path Disclosure / SQL Injection
http://securityreason.com/securityalert/8183
Microsoft Windows Kernel Bug in AFD.sys Lets Local Users Deny Service
http://www.securitytracker.com/id/1025312
Linux Kernel Generic Receive Offload (GRO) Null Pointer Dereference Lets Remote Users Deny Service
http://www.securitytracker.com/id/1025307
Linux Kernel Ethernet Bridge IGMP Processing Bug Lets Local Users Deny Service
http://www.securitytracker.com/id/1025306
HAProxy "manage_server_side_cookies()" Denial of Service Vulnerability
http://secunia.com/advisories/44083/
Red Hat update for spice-xpi
http://secunia.com/advisories/44060/
Debian update for tmux
http://secunia.com/advisories/44081/
Viscacha Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/44077/
phplist Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/44041/
SUSE update for python-feedparser
http://secunia.com/advisories/44074/
phpCollab Cross-Site Request Forgery and Script Insertion Vulnerabilities
http://secunia.com/advisories/44073/
SUSE update for xorg-x11
http://secunia.com/advisories/44012/
SUSE update for moonlight
http://secunia.com/advisories/44076/
Microsoft Windows "afd.sys" 120CFh IOCTL Handling Vulnerability
http://secunia.com/advisories/44080/
e107 Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/44061/
vBulletin Search UI Unspecified SQL Injection Vulnerability
http://secunia.com/advisories/44084/
SUSE update for libvirt
http://secunia.com/advisories/44069/
Red Hat update for kernel
http://secunia.com/advisories/44086/
eGroupware "lang" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/44067/
eXtplorer Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/44066/
Fedora update for rsync
http://secunia.com/advisories/44088/
SUSE update for dhcpcd
http://secunia.com/advisories/44025/
SUSE update for dhcp
http://secunia.com/advisories/44011/
SUSE update for mailman
http://secunia.com/advisories/44068/
tinyproxy Netmask Generation ACL Bypass Security Issue
http://secunia.com/advisories/43948/
dhcpcd Response Processing Input Sanitation Vulnerability
http://secunia.com/advisories/44070/
rsync Incremental Recursion Memory Corruption Vulnerability
http://secunia.com/advisories/44071/
Cyber-Ark PIM Suite Password Vault Web Access Cross-Site Scripting Vulnerability
http://secunia.com/advisories/44058/
Maia Mailguard Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/44056/
Apache HttpComponents HttpClient "Proxy-Authorization" Security Issue
http://secunia.com/advisories/43998/
Microsoft Windows shmedia.dll Division By Zero, Explore.exe DOS Exploit
http://www.securiteam.com/exploits/5SP360040Q.html
LOCAL: MikeyZip 1.1 .ZIP File Buffer Overflow
http://www.exploit-db.com/exploits/17144/
DoS/PoC: IrfanView 4.28 - ICO Without Transparent Colour DoS & RDoS
http://www.exploit-db.com/exploits/17143/
DoS/PoC: IrfanView 4.28 - ICO With Transparent Colour DoS & RDoS
http://www.exploit-db.com/exploits/17142/
DoS/PoC: Libmodplug ReadS3M Stack Overflow
http://www.exploit-db.com/exploits/17140/
DoS/PoC: Microsoft Windows xp AFD.sys Local Kernel DoS Exploit
http://www.exploit-db.com/exploits/17133/
SuSE Security Update Fixes Moonlight Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2011/0904
SuSE Security Update Fixes NetworkManager dbus-glib Security Bypass
http://www.vupen.com/english/advisories/2011/0903
SuSE Security Update Fixes Mailman Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2011/0902
SuSE Security Update Fixes Telepathy-gabble Update Validation Issue
http://www.vupen.com/english/advisories/2011/0901
SuSE Security Update Fixes dbus-glib Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2011/0900
Redhat Security Update Fixes Firefox SPICE-XPI Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2011/0899
Mandriva Security Update Fixes Firefox Fraudulent SSL Certificates
http://www.vupen.com/english/advisories/2011/0898
Debian Security Update Fixes tmux Loca Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2011/0897
ISC DHCP 'dhclient' Shell Characters in Response Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47176
X.Org xrdb Remote Arbitrary Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/47189
Logwatch Log File Special Characters Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/46554
Samba 'FD_SET' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/46597
KDE kdelibs IP Address SSL Certificate Security Bypass Vulnerability
http://www.securityfocus.com/bid/46789
PHP 'php5-common.php5.cron.d' Race Condition Vulnerability
http://www.securityfocus.com/bid/46928
GNOME Display Manager Race Condition Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47063
PHP 'shmop_read()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/46786
PHP 'phar/phar_object.c' Format String Vulnerability
http://www.securityfocus.com/bid/46854
PHP 'substr_replace()' Use After Free Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/46843
libcgroup Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46729
libcgroup 'cgrulesengd' Daemon Netlink Messages Event Spoofing Vulnerability
http://www.securityfocus.com/bid/46578
Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46734
ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46491
Linux Kernel 'net/bridge/br_multicast.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/46433
Linux Kernel Generic Receive Offload (GRO) Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47056
Linux Kernel Request Handling 'cm.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/46839
Linux Kernel 'install_special_mapping()' Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/45323
Linux Kernel I/O-Warrior USB Device Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46069
Linux Kernel 'ethtool.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45972
Linux Kernel 'task_show_regs()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46421
Linux Kernel 'drivers/media/dvb/ttpci/av7110_ca' IOCTL Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45986
Linux Kernel 'CHELSIO_GET_QSET_NUM' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43221
Linux Kernel SCTP Local Race Condition Vulnerability
http://www.securityfocus.com/bid/45661
Linux Kernel TKIP Countermeasures Security Vulnerability
http://www.securityfocus.com/bid/46322
ikiwiki 'htmlscrubber' Plugin Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47285
Joomla! JCE Component 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/47284
tmux '-S' Option Incorrect SetGID Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47283
1024cms Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/47282
Multiple vBulletin Products Search UI Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/47281
Microsoft Windows 'AFD.sys' Driver Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47279
VirtueMart Component for Joomla! SQL Injection Vulnerability
http://www.securityfocus.com/bid/47278
Fiberhome HG-110 Cross Site Scripting and Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/47277
Tinyproxy ACL Security Bypass Vulnerability
http://www.securityfocus.com/bid/47276
dhcpcd 'hostname' Remote Arbitrary Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/47272
Cyber-Ark PIM Suite Password Vault Web Access Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47271
PrestaShop 'cms.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/47264
vtiger CRM 'sortfieldsjson.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/47263
eGroupware 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/47262
0 件のコメント:
コメントを投稿