「情報セキュリティ対策を標準化する技術仕様SCAP」セミナー開催のお知らせ
~身近で使われているSCAP~
http://www.ipa.go.jp/security/vuln/seminar/lab_semi_scap_2011_1.html
ImpervaがWAFを年額制のクラウドサービスとして提供
http://itpro.nikkeibp.co.jp/article/NEWS/20111004/370083/?ST=security
FacebookがWebsenseと提携、ユーザーを不正サイトから保護
http://itpro.nikkeibp.co.jp/article/NEWS/20111004/370073/?ST=security
JVNVU#668534 Quagga に複数の脆弱性
http://jvn.jp/cert/JVNVU668534/index.html
JVNVU#275036 SlimPDF Reader に複数の脆弱性
http://jvn.jp/cert/JVNVU275036/index.html
JVNDB-2011-002305 SSL と TLS の CBC モードに選択平文攻撃の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002305.html
JVNDB-2011-002304 Wibu-Systems CodeMeter WebAdmin の Licenses.html におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002304.html
JVNDB-2011-002303 NetSaro Enterprise Messenger Server におけるアプリケーションのソースコードを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002303.html
JVNDB-2011-002302 NetSaro Enterprise Messenger Server における平文のサーバ資格情報を発見される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002302.html
JVNDB-2011-002301 NetSaro Enterprise Messenger Server における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002301.html
JVNDB-2011-002300 Foxit Reader における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002300.html
JVNDB-2011-002299 PlotSoft PDFill PDF Editor における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002299.html
JVNDB-2011-002298 Sonexis ConferenceManager における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002298.html
Cyber Security Awarness Month Day 3 - Critical Control 2 - Inventory of Authorized and Unauthorized Software
http://isc.sans.edu/diary.html?storyid=11728
KDE KSSL and Rekong Let Remote Users Spoof the Certificate Display Dialog
http://www.securitytracker.com/id/1026136
RPM Package Manager Header Validation Flaws Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026134
JBoss Enterprise Application Platform Multiple Vulnerabilities
http://www.securityfocus.com/bid/39710
+ Important: rpm security update
http://rhn.redhat.com/errata/RHSA-2011-1349.html
+ Perl Digest "Digest->new()" Code Injection Vulnerability
http://secunia.com/advisories/46299/
http://www.securityfocus.com/bid/49911
- BIND 9.9.0a2 released
https://www.isc.org/software/bind/bind-990a2
- Microsoft Internet Explorer selection.empty Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/6M02V0U2UK.html
Apache JMeter 2.5.1 Released
http://jakarta.apache.org/site/news/news-2011-q4.html#20111003.1
PHP 5.4 beta1 released
http://www.php.net/archive/2011.php#id2011-09-27-1
MySQL 5.1.60 (Not yet released)
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-60.html
MySQL 5.6.3 released (Development)
http://dev.mysql.com/doc/refman/5.6/en/news-5-6-3.html
MySQL 5.6.4 (Not yet released)
http://dev.mysql.com/doc/refman/5.6/en/news-5-6-4.html
sudo 1.8.3rc3 released
http://www.sudo.ws/sudo/devel.html#1.8.3rc3
sudo 1.7.8rc3 released
http://www.sudo.ws/sudo/devel.html#1.7.8rc3
Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco Identity Services Engine Database Default Credentials Vulnerability
http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b95110.html
Nexaweb Adds Eric Green VP Sales
http://www.nexaweb.com/about/news-events/press-releases/default.cfm?id=62
「第7回 IPA 情報セキュリティ標語・ポスターコンクール」の入選候補作品決定とご意見募集
http://www.ipa.go.jp/about/pubcomme/201110/index.html
IPA テクニカルウォッチ
『標的型攻撃メールの分析』に関するレポート
~だましのテクニックの事例4件の紹介と標的型攻撃メールの分析・対策~
http://www.ipa.go.jp/about/technicalwatch/20111003.html
[SECURITY] [DSA 2313-1] iceweasel security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-09/msg00197.html
DeepSec 2011 Conference - Final Schedule Published
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-09/msg00196.html
[SECURITY] [DSA 2312-1] iceape security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-09/msg00195.html
Arbitrary memory corruption in NCSS 07.1.21
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-09/msg00194.html
Bitweaver 2.8.1 Multiple Cross-site Scripting Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-09/msg00193.html
Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-09/msg00192.html
「Webページをコピペ」「社内メールを悪用」――「標的型」だましの手口
IPAが報告、「ファイルを添付しない」「日常会話で油断させる」といった手口も
http://itpro.nikkeibp.co.jp/article/NEWS/20111004/370065/?ST=security
MSのウイルス対策ソフトが誤検出、「Chrome」をウイルスと判定
最新の定義ファイルでは解消、影響がなければ何もする必要なし
http://itpro.nikkeibp.co.jp/article/NEWS/20111003/370005/?ST=security
JVNVU#668534 Quagga に複数の脆弱性
http://jvn.jp/cert/JVNVU668534/
JVNVU#405811 Apache HTTPD サーバにサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU405811/
JVNVU#901251 ProjectForum におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/cert/JVNVU901251/
JVNDB-2011-002297 Sonexis ConferenceManager におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002297.html
JVNDB-2011-002296 Sonexis ConferenceManager の myAddressBook.asp におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002296.html
JVNDB-2011-002295 Tembria Server Monitor における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002295.html
JVNDB-2011-002294 Tembria Server Monitor におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002294.html
JVNDB-2011-002293 Newgen OmniDocs におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002293.html
Barracuda Backup Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/46120/
QtWeb Browser Address Bar URL Spoofing Weakness
http://secunia.com/advisories/46250/
Adobe Photoshop Elements Two Buffer Overflow Vulnerabilities
http://secunia.com/advisories/46277/
ezCourses Two Security Bypass Vulnerabilities
http://secunia.com/advisories/46271/
WordPress RedLine Theme "s" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/46301/
Pale Moon Multiple Vulnerabilities
http://secunia.com/advisories/46242/
Pale Moon Multiple Vulnerabilities
http://secunia.com/advisories/46124/
phpPgAdmin Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/46248/
FFmpeg Multiple Vulnerabilities
http://secunia.com/advisories/46245/
ProjectForum "newname" Script Insertion Vulnerability
http://secunia.com/advisories/46222/
Radfa Sabadkharid Arbitrary File Upload Vulnerability
http://secunia.com/advisories/46244/
Pidgin "silc_private_message()" Denial of Service Weakness
http://secunia.com/advisories/46298/
Cytel Products Cytel Studio Component File Processing Vulnerabilities
http://secunia.com/advisories/46280/
Fedora update for firefox and xulrunner
http://secunia.com/advisories/46249/
Perl FCGI Module CGI::Fast API Environment Variables Security Bypass
http://secunia.com/advisories/46263/
Perl Digest "Digest->new()" Code Injection Vulnerability
http://secunia.com/advisories/46299/
Perl Digest Module "Digest->new()" Code Injection Vulnerability
http://secunia.com/advisories/46279/
Ubuntu update for puppet
http://secunia.com/advisories/46289/
OpenVZ update for kernel
http://secunia.com/advisories/46287/
Fedora update for drupal6-views_bulk_operations
http://secunia.com/advisories/46261/
Puppet Multiple Security Issues
http://secunia.com/advisories/46286/
IBM Tivoli Enterprise Portal Server Input Validation Hole Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1026133
Adobe Photoshop Elements Buffer Overflows Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026132
HTC Phone Lets Local Applications Gain Elevated Privileges
http://www.securitytracker.com/id/1026131
Mac OS X < 10.6.7 Kernel Panic Exploit
http://securityreason.com/securityalert/8402
Sonexis ConferenceManager SQL Injection
http://securityreason.com/securityalert/8401
Sonexis ConferenceManager Multiple Cross-site Scripting (XSS) Vulnerabilities
http://securityreason.com/securityalert/8400
IBM Tivoli Components Eclipse Help Server Cross Site Scripting Issues
http://www.vupen.com/english/ADV-2011-2123.php
InduSoft ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities
http://www.vupen.com/english/ADV-2011-2122.php
ICONICS GENESIS32 Multiple Memory Corruption Vulnerabilities
http://www.vupen.com/english/ADV-2011-2121.php
ProjectForum Data Processing Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/ADV-2011-2120.php
Adobe Photoshop Elements "grd" and "abr" File Handling Buffer Overflows
http://www.vupen.com/english/ADV-2011-2119.php
Dos/Poc: Adobe Photoshop Elements 8.0 Multiple Arbitrary Code Execution Vulnerabilities
http://www.exploit-db.com/exploits/17918/
RSyslog 'parseLegacySyslogMsg()' Function Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49413
Banana Dance 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/49903
Mozilla Firefox and SeaMonkey 'loadSubScript()' Security Bypass Vulnerability
http://www.securityfocus.com/bid/49852
Puppet X.509 Certificate Signing Requests Directory Traversal Vulnerability
http://www.securityfocus.com/bid/49860
Puppet Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49909
Computer Associates Total Defense Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/47355
Mozilla Firefox CVE-2011-2996 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/49845
Mozilla Firefox and SeaMonkey CVE-2011-3003 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/49847
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2011-3000 HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/49849
Mozilla Firefox/Thunderbird/SeaMonkey OGG headers Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/49808
Mozilla Firefox/Thunderbird/SeaMonkey Enter Key Dialog Bypass Vulnerability
http://www.securityfocus.com/bid/49837
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2011-3232 YARR Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/49850
Mozilla Firefox/Thunderbird/SeaMonkey Enter Key Dialog Bypass Weakness
http://www.securityfocus.com/bid/49811
Mozilla Firefox CVE-2011-2995 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/49810
Mozilla Firefox and SeaMonkey CVE-2011-3002 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49813
Mozilla Firefox CVE-2011-2997 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/49812
Cisco IOS Network Address Translation Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/49822
Cisco Identity Services Engine Database Default Credentials Security Bypass Vulnerability
http://www.securityfocus.com/bid/49703
Perl Fast CGI Module CGI Variables Authentication Security Bypass Vulnerability
http://www.securityfocus.com/bid/49549
Drupal Views Bulk Operations 'Modify node taxonomy terms' Action HTML Injection Vulnerability
http://www.securityfocus.com/bid/49727
Linux Kernel '/proc/PID/io' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49408
Linux Kernel SSID Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48538
Linux Kernel NFS File Locking Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/49141
Xen 'x86_64 __addr_ok()' Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/49370
Linux Kernel SCTP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/49373
Xen SAHF Emulation Denial of Service Vulnerability
http://www.securityfocus.com/bid/49375
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2011-2999 Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/49848
Mozilla Firefox RegExp Remote Integer Underflow Vulnerability
http://www.securityfocus.com/bid/49809
GenStat Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/49926
KDE KSSL Common Name SSL Certificate Spoofing Vulnerability
http://www.securityfocus.com/bid/49925
Multiple Cytel Products Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/49924
SlimPDF Reader Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/49923
OpenStack 'qcow2' File Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/49922
Metropolis Technologies OfficeWatch Directory Traversal Vulnerability
http://www.securityfocus.com/bid/49921
Phorum 'admin/index.php' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/49920
Multiple Cybele Software Products Directory Traversal and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/49919
Netvolution 'referer' Header SQL Injection Vulnerability
http://www.securityfocus.com/bid/49918
QtWeb Browser Address Bar URI Spoofing Vulnerability
http://www.securityfocus.com/bid/49917
Multiple HTC devices 'HtcLoggers.apk' Application Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49916
FFmpeg Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/49915
phpPgAdmin Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/49914
GotoCode Online Bookstore 'MyInfo.aspx' Password Reset Security Bypass Vulnerability
http://www.securityfocus.com/bid/49910
Perl Digest Module 'Digest->new()' Code Injection Vulnerability
http://www.securityfocus.com/bid/49911
SonicWall Viewpoint 'scheduleID' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/49906
Vivvo CMS Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/49904
Polipo POST/PUT Requests HTTP Header Processing Denial Of Service Vulnerability
http://www.securityfocus.com/bid/49908
ezCourses 'admin.asp' Security Bypass Vulnerability
http://www.securityfocus.com/bid/49907
Adobe Photoshop Elements CVE-2011-2443 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/49905
0 件のコメント:
コメントを投稿