Apache Gora 0.1-incubating Released
http://www.apache.org/dist/incubator/gora/0.1-incubating
コンピュータウイルス・不正アクセスの届出状況[3月分および第1四半期]について
http://www.ipa.go.jp/security/txt/2011/04outline.html
プレス発表
「安全なウェブサイトの作り方 改訂第5版」を公開
~携帯電話向けウェブサイトを開発する上での注意点を追加~
http://www.ipa.go.jp/about/press/20110406.html
JVNVU#107886 ISC DHCP クライアントに任意のコードを実行される脆弱性
http://jvn.jp/cert/JVNVU107886/index.html
JVNVU#648244 Oracle Solaris 10 に認証情報漏えいの脆弱性
http://jvn.jp/cert/JVNVU648244/index.html
JVNVU#598700 Dell Kace K2000 Systems Deployment Appliance に脆弱性
http://jvn.jp/cert/JVNVU598700/index.html
JVNVU#644812 Netgear Prosafe Wireless-N Access Point に複数の脆弱性
http://jvn.jp/cert/JVNVU644812/index.html
JVNDB-2010-002767 Apache Tomcat の HTML Manager Interface におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002767.html
JVNDB-2011-001185 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001185.html
JVNDB-2010-002768 Apache Tomcat におけるワーキングディレクトリ外のファイルを読み書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002768.html
JVNDB-2010-002300 Apache Portable Utility ライブラリの apr_brigade_split_line 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002300.html
JVNDB-2009-002392 Expat の libexpat におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002392.html
JVNDB-2009-002415 Expat の big2_toUtf8 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002415.html
WebCalendar Input Validation Flaw in 'edit_entry.php' Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1025298
policycoreutils 'seunshare' Directory Permission Settings Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1025291
Internet Explorer(R) 9 日本語版の提供日について
http://www.microsoft.com/japan/presspass/news/default.aspx#110406
Zend Server Java Bridge 'javamw.jar' Service Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47060
TextPattern 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47182
Xilisoft Video Converter Ultimate '.flv' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47181
Graugon Forum 'admin.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/47180
+ Courier-IMAP 4.9.0 released
http://www.courier-mta.org/download.php#imap
http://www.courier-mta.org/imap/changelog.html
+ Vulnerability Note VU#648244: Oracle Solaris 10 password hashes leaked through back-out patch files
http://www.kb.cert.org/vuls/id/648244
http://www.securityfocus.com/bid/47171
? PHP Zend Engine (CVE-2010-4697) Use-after-free Heap Corruption Vulnerability
http://www.securityfocus.com/bid/45952/references
? PHP 'iconv' Module 'iconv_mime_decode_headers()' Function Security-Bypass Vulnerability
http://www.securityfocus.com/bid/45954
? PHP 'EXTR_OVERWRITE' Parameter Security-Bypass Vulnerability
http://www.securityfocus.com/bid/46448
? PHP prior to 5.3.4 Multiple Vulnerabilities
http://www.securityfocus.com/bid/46168
- PHP GD Extension 'imagepstext()' Function Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45338
- ProFTPD 'mod_sftp' Module Integer Overflow Vulnerability
http://www.securityfocus.com/bid/46183
Squid Proxy 3.1.12, 3.2.0.6 released
http://www.squid-cache.org/Versions/v3/3.1/RELEASENOTES.html
http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html
DHCP 4.2.1-P1, 4.1-ESV-R2, 3.1-ESV-R1 released
https://www.isc.org/software/dhcp/421-p1
http://ftp.isc.org/isc/dhcp/dhcp-4.2.1-P1-RELNOTES
https://www.isc.org/software/dhcp/41-esv-r2
http://ftp.isc.org/isc/dhcp/dhcp-4.1-ESV-R2-RELNOTES
https://www.isc.org/software/dhcp/31-esv-r1
http://ftp.isc.org/isc/dhcp/dhcp-3.1-ESV-R1-RELNOTES
dhclient does not strip or escape shell meta-characters
https://www.isc.org/software/dhcp/advisories/cve-2011-0997
GCC has been accepted to Google's Summer of Code 2011. We are currently accepting student applications.
http://gcc.gnu.org/
Independant Researcher : THOMSON Router XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35505
Mandriva : [MDVSA-2011:064] libtiff
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35503
Real : RealNetworks RealGames Commands Execution and Code Execution Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35504
Ubuntu Security Notice : [USN-1102-1] tiff vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35500
Ubuntu Security Notice : [USN-1103-1] tex-common vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35501
Ubuntu Security Notice : [USN-1104-1] FFmpeg vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35502
Debian : [DSA-2209-1] tgt - Double Free Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35486
Debian : [DSA-2210-1] tiff - Multiple Buffer Overflow Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35487
Mandriva : [MDVSA-2011:059] ffmpeg - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35482
Mandriva : [MDVSA-2011:060] ffmpeg - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35483
Mandriva : [MDVSA-2011:061] ffmpeg - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35484
Mandriva : [MDVSA-2011:062] ffmpeg - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35485
Mandriva : [MDVSA-2011:063] xmlsec1 - Data Loss Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35496
Ubuntu Security Notice : [USN-1101-1] Ubuntu - Qt - Man-in-the-Middle Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35488
ZDI : [ZDI-11-116] Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35508
Hewlett-Packard : [HPSBUX02639 SSRT100293] - HP-UX - Denial-of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35491
Hewlett-Packard : [HPSBMA02650 SSRT100429] - HP Operations - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35492
Hewlett-Packard : [HPSBUX02645 SSRT100387] HP-UX Apache - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35493
Hewlett-Packard : [HPSBUX02646 SSRT100396 ] HP-UX - Denial-of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35494
MustLive : MyBB - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35499
キヤノンITが震災被災者支援でウイルス対策ソフトを6カ月間無償提供
http://itpro.nikkeibp.co.jp/article/NEWS/20110405/359113/?ST=security
IPv6 MITM via fake router advertisements
http://isc.sans.edu/diary.html?storyid=10660
WebCalendar Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/44024/
Ubuntu update for ffmpeg
http://secunia.com/advisories/43971/
SUSE update for krb5 and nbd
http://secunia.com/advisories/44027/
GNU C Library "locale" Quoting Weakness
http://secunia.com/advisories/43976/
MyBB Multiple Vulnerabilities
http://secunia.com/advisories/43937/
Xymon Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/44036/
Slackware update for proftpd
http://secunia.com/advisories/43978/
HP Network Node Manager i Unspecified Information Disclosure Vulnerability
http://secunia.com/advisories/44032/
Data Dynamics Reports Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/43953/
Joomla! FLEXIcontent Component Insecure Permissions and Command Injection
http://secunia.com/advisories/44007/
Ubuntu update for tex-common
http://secunia.com/advisories/43973/
Ubuntu update for tiff
http://secunia.com/advisories/43974/
Joomla! Unspecified Information Disclosure Vulnerability
http://secunia.com/advisories/44028/
Red Hat update for policycoreutils
http://secunia.com/advisories/44034/
Novell File Reporter Agent XML Parsing Buffer Overflow
http://secunia.com/advisories/43975/
Vulnerability Note VU#107886: ISC dhclient vulnerability
http://www.kb.cert.org/vuls/id/107886
Vulnerability Note VU#648244: Oracle Solaris 10 password hashes leaked through back-out patch files
http://www.kb.cert.org/vuls/id/648244
Vulnerability Note VU#598700: Dell Kace K2000 Appliance unauthenticated access and information disclosure vulnerability
http://www.kb.cert.org/vuls/id/598700
Vulnerability Note VU#644812: NetGear WNAP210 remote password disclosure and password bypass vulnerability
http://www.kb.cert.org/vuls/id/644812
DoS/PoC: eXPert PDF Convert to Word v7 Denial of Service Exploit
http://www.exploit-db.com/exploits/17122/
DoS/PoC: GNU glibc < 2.12.2 'fnmatch()' Function Stack Corruption Vulnerability
http://www.exploit-db.com/exploits/17120/
HP Network Node Manager i Remote Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2011/0871
TP-LINK Products "NDSContext" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2011/0870
Encore ENPS-2012 "NDSContext" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2011/0869
DoceboLMS Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2011/0868
Thomson Gateway "url" Parameter Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2011/0867
Novell File Reporter "NFRAgent.exe" Remote Stack Overflow Vulnerability
http://www.vupen.com/english/advisories/2011/0866
Joomla! Error Checking Unspecified Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2011/0865
Redhat Security Update Fixes Policycoreutils Local Privilege Escalation
http://www.vupen.com/english/advisories/2011/0864
Redhat Security Update Fixes Glibc Privilege Escalation Vulnerabilities
http://www.vupen.com/english/advisories/2011/0863
Ubuntu Security Update Fixes FFmpeg Memory Corruption Vulnerabilities
http://www.vupen.com/english/advisories/2011/0862
Ubuntu Security Update Fixes TeX-Common Command Injection Vulnerability
http://www.vupen.com/english/advisories/2011/0861
Ubuntu Security Update Fixes LibTIFF 4-Thunder Heap Overflow Vulnerability
http://www.vupen.com/english/advisories/2011/0860
Mandriva Security Update Fixes LibTIFF Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2011/0859
Mandriva Security Update Fixes Xmlsec File Overwrite Vulnerability
http://www.vupen.com/english/advisories/2011/0858
Slackware Security Update Fixes ProFTPD Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2011/0857
Glibc Memory Corruption Flaw in fnmatch() May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025290
Glibc Regression Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1025289
HP Network Node Manager i Bug Lets Remote Authenticated Users Obtain Information
http://www.securitytracker.com/id/1025288
Ruby on Rails Cross Site Scripting and Cross Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/46291
Ruby on Rails Security Bypass and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/46292
rsync Client Incremental File List Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47064
Linux Kernel Local Address Limit Override Security Weakness
http://www.securityfocus.com/bid/45159
Linux Kernel 'install_special_mapping()' Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/45323
Linux Kernel 'hci_uart_tty_open()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/45014
Linux Kernel TIOCGICOUNT CVE-2010-4077 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45059
Linux Kernel 'net/core/filter.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/44758
Linux Kernel Block Layer Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/44793
Linux Kernel 'x25_parse_facilities()' CVE-2010-4164 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45055
Linux Kernel TIOCGICOUNT 'serial_core.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43806
Wireshark Visual C++ Analyzer Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46416
Oracle Java Floating-Point Value Denial of Service Vulnerability
http://www.securityfocus.com/bid/46091
Linux Kernel 'ethtool.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45972
Linux Kernel 'drivers/media/dvb/ttpci/av7110_ca' IOCTL Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45986
Linux Kernel 'load_mixer_volumes()' Multiple Vulnerabilities
http://www.securityfocus.com/bid/45629
Quagga BGP Daemon 'AS_PATHLIMIT' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46943
Quagga BGP Daemon Null Pointer Deference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46942
OTRS Unspecified Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/46947
KDE kdelibs IP Address SSL Certificate Security Bypass Vulnerability
http://www.securityfocus.com/bid/46789
OpenSSL Ciphersuite Downgrade Security Weakness
http://www.securityfocus.com/bid/45164
OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44884
OpenSSL J-PAKE Security Bypass Vulnerability
http://www.securityfocus.com/bid/45163
GNOME Display Manager Race Condition Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47063
PHP prior to 5.3.4 Multiple Vulnerabilities
http://www.securityfocus.com/bid/46168
PHP 'EXTR_OVERWRITE' Parameter Security-Bypass Vulnerability
http://www.securityfocus.com/bid/46448
PHP Exif Extension 'exif_read_data()' Function Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46365
PHP 'ext/imap/php_imap.c' Use After Free Denial of Service Vulnerability
http://www.securityfocus.com/bid/44980
PHP 'iconv' Module 'iconv_mime_decode_headers()' Function Security-Bypass Vulnerability
http://www.securityfocus.com/bid/45954
PHP Zend Engine (CVE-2010-4697) Use-after-free Heap Corruption Vulnerability
http://www.securityfocus.com/bid/45952
PHP GD Extension 'imagepstext()' Function Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45338
PHP 'zend_strtod()' Function Floating-Point Value Denial of Service Vulnerability
http://www.securityfocus.com/bid/45668
logrotate Insecure Default File Permissions Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47108
logrotate 'shred_file()' Log Filename Command Injection Vulnerability
http://www.securityfocus.com/bid/47103
logrotate 'writeState()' Function Logfile Name Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47107
phpThumb() 'fltr[]' Parameter Command Injection Vulnerability
http://www.securityfocus.com/bid/39605
ProFTPD 'mod_sftp' Module Integer Overflow Vulnerability
http://www.securityfocus.com/bid/46183
TutorialMS 'show' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/47178
python-feedparser 'feedparser/feedparser.py' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47177
ISC DHCP 'dhclient' Shell Characters in Response Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47176
NETGEAR WNAP210 Information Disclosure and Security Bypass Vulnerability
http://www.securityfocus.com/bid/47175
Dell Kace K2000 Hidden CIFS Fileshare Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47172
Oracle Solaris CVE-2011-0412 Password Hash Local Information Disclosure Weakness
http://www.securityfocus.com/bid/47171
logrotate Gentoo Linux 'var/log/' Symlink Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47170
logrotate Debian Linux 'var/log/postgresql' Symlink Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47167
UseBB 'admin.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/47166
WebCalendar 'edit_entry_handler.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/47165
Eleanor CMS Cross Site Scripting and Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/47164
SUSE openSUSE cobbler daemon Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47163
HP Network Node Manager i Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47162
Joomla! FLEXIcontent Component Insecure Directory Permissions Vulnerability
http://www.securityfocus.com/bid/47160
Joomla! Prior to 1.5.23 Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47159
0 件のコメント:
コメントを投稿