:: IT Security Neophyte Investigator's MEMO ::: 2012

2012年12月28日金曜日

28日金曜日、友引

+ GNU grep Integer Overflow May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027924
CVE-2012-5667

Trend Micro Hosted Email Security製品をご利用の環境においてメールの送受信に遅延が発生する現象について
http://www.trendmicro.co.jp/support/news.asp?id=1882

InterScan for Lotus Domino 5.0 Windows版 Critical Patch build 3156 32bit/64bit版公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1881

ウイルスバスターコーポレートエディション 10.6 Service Pack 2 (build 3215) 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1879

[ MDVSA-2012:184 ] libtiff
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00144.html

Polycom HDX Video End Points Web Management Cross Site Scripting (XSS) vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00145.html

[SECURITY] [DSA 2590-1] wireshark security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00143.html

Open-Realty CMS 3.x | Persistent Cross Site Scripting (XSS) Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00142.html

Open-Realty CMS 3.x | Cross Site Request Forgery (CSRF) Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00141.html

Gmailの乗っ取りが国内で相次ぐ、パスワードの強化や2段階認証の利用を
ユーザーをかたって迷惑メールを送信、「ログイン履歴の確認も必須」
http://itpro.nikkeibp.co.jp/article/NEWS/20121227/447164/?ST=security

アズビル、既存環境に影響を与えずに導入できる制御システム向けセキュリティ製品を発売
http://itpro.nikkeibp.co.jp/article/NEWS/20121225/446647/?ST=security

大学の情報セキュリティ教育は留学生対応が必須
大学ICT推進協議会年次大会の企画セッションで3大学の担当者が発表
http://itpro.nikkeibp.co.jp/article/NEWS/20121225/446646/?ST=security

JVNDB-2011-003296 CA SiteMinder にクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003296.html

JVNDB-2012-005800 NetIQ eDirectory の Novell NCP の実装におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005800.html

JVNDB-2012-005799 Windows 上で稼働する NetIQ eDirectory における認証チェックを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005799.html

JVNDB-2012-005798 Windows 上で稼働する NetIQ eDirectory におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005798.html

JVNDB-2012-005797 NetIQ eDirectory におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005797.html

JVNDB-2012-005796 NetIQ Privileged User Manager における任意の Perl コードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005796.html

JVNDB-2012-005795 NetIQ Privileged User Manager におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005795.html

JVNDB-2012-005794 NetIQ Privileged User Manager における管理用アカウントのパスワードを変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005794.html

JVNDB-2012-005793 D-Link DCS-932L カメラにおけるパスワードを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005793.html

JVNDB-2012-005792 Novell iPrint Client における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005792.html

GNU grep Integer Overflow May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027924

cPanel Input Validation Flaw in 'account' Parameter Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027923

It's 3pm 2 days after Christmas, do you know where your unmanaged SSH keys are?
http://isc.sans.edu/diary.html?storyid=14770

NVidia Display Driver Service (nvvsvc.exe) Exploit
http://cxsecurity.com/issue/WLB-2012120216

Guru Auction 2.0 Multiple SQL Injection Vulnerabilities
http://cxsecurity.com/issue/WLB-2012120215

MyBB HM_My Country Flags Plugin "cnam" SQL Injection Vulnerability
http://secunia.com/advisories/51644/

IBM OS/400 Java Multiple Vulnerabilities
http://secunia.com/advisories/51634/

Falcon SSL Certificate Verification Security Issue
http://secunia.com/advisories/51632/

eXtplorer "ext_find_user()" Authentication Bypass Vulnerability
http://secunia.com/advisories/51636/

Polycom HDX Video End Points Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51648/

Guru Auction Two SQL Injection Vulnerabilities
http://secunia.com/advisories/51646/

Debian update for wireshark
http://secunia.com/advisories/51631/

Oracle Java SE CVE-2012-1533 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56046

Oracle Java SE CVE-2012-1531 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56033

Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075

Wireshark Versions Prior to 1.8.2 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55035

Wireshark Versions Prior to 1.8.1 Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/54649

Oracle Java SE CVE-2012-5083 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56025

Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082

Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/43673

eXtplorer 'ext_find_user()' Function Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/57058

Polycom HDX Video End Points Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57057

2012年12月27日木曜日

27日木曜日、先勝

+ gawk 4.0.2 released
http://ftp.gnu.org/gnu/gawk/?C=M;O=D

+ セキュリティ情報：Lotus Foundations の PHP 引数によるコマンドインジェクション (CVE-2012-1823)
http://www-01.ibm.com/support/docview.wss?uid=swg21621015
CVE-2012-1823

+ glibc 2.17 released
http://sourceware.org/ml/libc-announce/2012/msg00001.html

安全なウェブサイトの作り方
http://www.ipa.go.jp/security/vuln/websecurity.html

三菱東京UFJ銀行が約112万人分の顧客情報紛失、追加調査で判明
http://itpro.nikkeibp.co.jp/article/NEWS/20121226/446683/?ST=security

イランのエネルギー関連施設に新たな「Stuxnet」攻撃---米英メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20121226/446702/?ST=security

JVNDB-2012-002608 Mozilla Network Security Services の ASN.1 デコーダにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002608.html

JVNDB-2012-002979 Expat の expat/lib/xmlparse.c におけるサービス運用妨害 (メモリ消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002979.html

JVNDB-2012-002977 Expat の XML パーサ (xmlparse.c) におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002977.html

JVNDB-2012-004635 Mac OS X 上で稼働する Google Chrome の WebGL の実装における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004635.html

JVNDB-2012-004633 Google Chrome におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004633.html

JVNDB-2012-004770 Python におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004770.html

JVNDB-2012-004632 Google Chrome で使用される libxslt におけるメモリ二重解放の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004632.html

JVNDB-2012-004631 Google Chrome におけるポップアップブロッカーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004631.html

JVNDB-2012-004630 Google Chrome の IPC の実装における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004630.html

JVNDB-2011-005124 Python におけるユーザ名およびパスワードを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005124.html

JVNDB-2012-004628 Google Chrome におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004628.html

JVNDB-2012-004627 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004627.html

JVNDB-2012-004626 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004626.html

JVNDB-2012-004625 Google Chrome におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004625.html

JVNDB-2012-000063 Python SimpleHTTPServer におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000063.html

JVNDB-2012-004624 Google Chrome におけるメモリ二重解放の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004624.html

JVNDB-2012-004623 Google Chrome で使用される Skia におけるサービス運用妨害 (out-of-bounds read) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004623.html

JVNDB-2012-003877 GNU C Library の stdlib における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003877.html

JVNDB-2011-002222 GNU C Library の addmntent 関数における /etc/mtab ファイルの破損を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002222.html

JVNDB-2012-005511 Xen および他の製品で使用される Qemu における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005511.html

JVNDB-2012-003497 Qemu の bdrv_open 関数における任意のファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003497.html

JVNDB-2012-004622 Google Chrome で使用される Skia におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004622.html

JVNDB-2012-004621 Google Chrome で使用される FFmpeg におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004621.html

JVNDB-2012-004620 Google Chrome におけるサービス運用妨害 (DOM ツリーの破損) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004620.html

JVNDB-2012-004619 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004619.html

JVNDB-2012-005377 Apache Tomcat におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005377.html

JVNDB-2012-005696 (JVNTA12-346A) Microsoft Windows Server 2008 R2 および Windows Server 2012 におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005696.html

JVNDB-2012-005376 Apache Tomcat におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005376.html

JVNDB-2012-005375 Apache Tomcat におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005375.html

JVNDB-2012-005374 Apache Tomcat の HTTP NIO コネクタにおけるサービス運用妨害 (メモリ消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005374.html

JVNDB-2012-005729 Samsung GALAXY および Meizu MX など Android デバイスにおける任意の物理メモリを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005729.html

JVNDB-2012-005745 Symantec Endpoint Protection の管理コンソールにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005745.html

JVNDB-2012-005730 Perl の util.c におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005730.html

JVNDB-2012-005688 (JVNTA12-346A) Microsoft Internet Explorer 9 および 10 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005688.html

JVNDB-2012-005694 (JVNTA12-346A) Microsoft Windows における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005694.html

JVNDB-2012-005691 (JVNTA12-346A) 複数の Microsoft Windows 製品のカーネルモードドライバにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005691.html

JVNDB-2012-005791 Carlo Gavazzi EOS-Box のファームウェアにおける管理アクセス権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005791.html

JVNDB-2012-005790 Carlo Gavazzi EOS-Box のファームウェアにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005790.html

JVNDB-2012-005789 複数の Siemens 製品におけるサーバを偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005789.html

JVNDB-2012-005788 VMware vCenter Server Appliance における任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005788.html

JVNDB-2012-005787 VMware vCenter Server Appliance におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005787.html

JVNDB-2012-005786 IBM Tivoli Storage Manager for Space Management におけるファイルシステムオブジェクトを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005786.html

JVNDB-2012-005785 IBM Tivoli Storage Manager for Space Management におけるファイルシステムオブジェクトを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005785.html

JVNDB-2012-005783 Linux Kernel の net/ipv4/tcp_illinois.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005783.html

JVNDB-2012-005774 MySQL で使用される yaSSL におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005774.html

JVNDB-2012-005772 Perl の File::Glob モジュールにおけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005772.html

Hitachi Multiple Products Apache "apr_brigade_split_line()" Denial of Service Vulnerability
http://secunia.com/advisories/51664/

Hitachi Collaboration Products Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51630/

Hitachi Multiple Products Apache HTTP Server "httpOnly" Cookie Disclosure Vulnerability
http://secunia.com/advisories/51626/

Hitachi Multiple Products Apache HTTP Server Scoreboard Invalid Free Security Bypass
http://secunia.com/advisories/51624/

Open-Realty Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/51585/

FreeType BDF Glyph Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/51519/

grep Long Line Handling Integer Overflow Vulnerability
http://secunia.com/advisories/51666/

EMC Data Protection Advisor Web UI Directory Traversal Vulnerability
http://secunia.com/advisories/51672/

IBM Rational Functional Tester Multiple Java Vulnerabilities
http://secunia.com/advisories/51688/

cPanel "account" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51651/

Open-Realty CMS 3.x Persistent Cross Site Scripting (XSS)
http://cxsecurity.com/issue/WLB-2012120214

Open-Realty CMS 3.Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012120213

Oracle Java SE CVE-2012-3159 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56072

Oracle Java SE CVE-2012-5067 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56070

Oracle Java SE CVE-2012-3143 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56055

Oracle Java SE CVE-2012-5088 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56057

Oracle Java SE CVE-2012-5087 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56043

Oracle Java SE CVE-2012-5077 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56058

Oracle Java SE CVE-2012-5086 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56039

Oracle Java SE CVE-2012-5069 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56065

Oracle Java SE CVE-2012-1532 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56051

Oracle Java SE CVE-2012-5074 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56056

Oracle Java SE CVE-2012-5076 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56054

Oracle Java SE CVE-2012-5084 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56063

Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071

Oracle Java SE CVE-2012-5089 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56059

Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080

Oracle Java SE CVE-2012-5070 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56079

Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081

Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061

Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083

Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51706

Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407

Squid 'cachemgr.cgi' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/56957

RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/56838

WordPress Asset Manager Plugin 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53809

2012年12月26日水曜日

26日水曜日、赤口

+ HS12-033 Cosminexus HTTP Server, Hitachi Web ServerにおけるCookieヘッダに関する脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-033/index.html

+ HS12-032 Cosminexus HTTP Server, Hitachi Web ServerにおけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-032/index.html

+ HS12-031 Cosminexus HTTP Server, Hitachi Web Serverにおけるメモリ使用量が増加する問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-031/index.html

+ HS12-030 Cosminexus HTTP Server, Hitachi Web ServerにおけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-030/index.html

+ HS12-029 Collaboration - Bulletin boardにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-029/index.html

Interscan Webmanager URLデータベース誤登録のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1880

チェックしておきたい脆弱性情報＜2012.12 26＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20121221/446024/?ST=security

Santa's Gift... The Twelve Days of Cyber Christmas
http://isc.sans.edu/diary.html?storyid=14755

EMC Data Protection Advisor Lets Remote Authenticated Users View Files on the Target System.
http://www.securitytracker.com/id/1027922

FreeType Multiple Bugs in BDF Implementation Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027921

REMOTE: Microsoft SQL Server Database Link Crawling Command Execution
http://www.exploit-db.com/exploits/23649

REMOTE: IBM Lotus Notes Client URL Handler Command Injection
http://www.exploit-db.com/exploits/23650

REMOTE: WordPress WP-Property PHP File Upload Vulnerability
http://www.exploit-db.com/exploits/23651

REMOTE: WordPress Asset-Manager PHP File Upload Vulnerability
http://www.exploit-db.com/exploits/23652

PHP-CGI Argument Injection Remote Code Execution
http://cxsecurity.com/issue/WLB-2012120212

EMC Data Protection Information Disclosure
http://cxsecurity.com/issue/WLB-2012120211

Microsoft SQL Server Database Link Crawling Command Execution
http://cxsecurity.com/issue/WLB-2012120210

IBM Lotus Notes Client URL Handler Command Injection
http://cxsecurity.com/issue/WLB-2012120209

CubeCart 5.0.7 Open URL Redirection
http://cxsecurity.com/issue/WLB-2012120208

CubeCart 4.4.6 Open URL Redirection
http://cxsecurity.com/issue/WLB-2012120207

CubeCart 4.4.6 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120206

CubeCart 4.4.6 Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012120205

CubeCart 4.4.6 Local File Inclusion
http://cxsecurity.com/issue/WLB-2012120204

CubeCart 4.4.6 SQL Injection
http://cxsecurity.com/issue/WLB-2012120203

CubeCart 4.x / 5.x Privilege Escalation
http://cxsecurity.com/issue/WLB-2012120202

WordPress W3 Total Cache Data Disclosure
http://cxsecurity.com/issue/WLB-2012120201

Feindura CMS 2.0.4 Shell Upload
http://cxsecurity.com/issue/WLB-2012120200

City Directory Review And Rating Script SQL Injection
http://cxsecurity.com/issue/WLB-2012120199

WordPress Rokbox Themes Content Spoofing and XSS
http://cxsecurity.com/issue/WLB-2012120198

MyBB AwayList SQL Injection
http://cxsecurity.com/issue/WLB-2012120197

Rugged Operating System Private Key Disclosure Vulnerability
http://www.securityfocus.com/bid/55123

IBM Lotus Notes CVE-2012-2174 URL Handler Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54070

PHP 'php-cgi' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53388

WordPress WP-Property Plugin 'uploadify.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53787

WordPress WP-UserOnline URL HTML Injection Vulnerability
http://www.securityfocus.com/bid/41335

Oracle Java SE CVE-2012-5069 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56065

Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075

Oracle Java SE CVE-2012-5083 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56025

FreeType Versions Prior to 2.4.11 Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/57041

2012年12月25日火曜日

25日火曜日、大安

+ Apache Struts 2.3.8 released
http://struts.apache.org/2.x/docs/version-notes-238.html

+ Postfix 2.9.5, 2.8.13, 2.7.12, 2.6.18 released
http://mirror.postfix.jp/postfix-release/official/postfix-2.9.5.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.8.13.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.7.12.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.6.18.HISTORY

+ MySQL 5.5.29, 5.1.67 released
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-29.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-67.html

+ GnuPG 1.4.13 released
http://lists.gnupg.org/pipermail/gnupg-announce/2012q4/000319.html

+ Sysstat 10.1.3 released (development version)
http://sebastien.godard.pagesperso-orange.fr/

CubeCart 4.x/5.x | Setup Re-installation Privilege Escalation Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00140.html

CubeCart 4.4.6 and lower | Local File Inclusion Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00139.html

CubeCart 4.4.6 and lower | Multiple SQL Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00138.html

CubeCart 4.4.6 and lower | Multiple Cross Site Scripting Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00137.html

CubeCart 4.4.6 and lower | Cross Site Request Forgery (CSRF) Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00136.html

CubeCart 5.0.7 and lower | Open URL Redirection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00135.html

CubeCart 4.4.6 and lower | Open URL Redirection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00133.html

[ MDVSA-2012:183 ] apache-mod_security
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00132.html

[ MDVSA-2012:182 ] apache-mod_security
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00131.html

[TOOL RELEASE] SQL Fingerprint powered by ENG++ Technology [Version 1.33.23-170308]
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00134.html

CubeCart 3.0.20 (3.0.x) and lower | Multiple SQL Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00130.html

CubeCart 3.0.20 (3.0.x) and lower | Arbitrary File Upload
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00129.html

CubeCart 3.0.20 (3.0.x) and lower | Multiple Cross Site Scripting Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00128.html

VMSA-2012-0018 VMware security updates for vCSA and ESXi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00126.html

CA20121220-01: Security Notice for CA IdentityMinder
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00125.html

ESA-2012-060: EMC Data Protection Advisor Information Disclosure Vulnerability.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00124.html

[security bulletin] HPSBUX02835 SSRT100763 rev.1 - HP-UX Running BIND, Remote Domain Name Re
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00123.html

DoS vulnerability in Siemens S7-1200 PLCs
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00121.html

チェックしておきたい脆弱性情報＜2012.12.25＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20121221/445981/?ST=security

マイクロソフトがWindowsのパッチを臨時公開、旧パッチの問題を修正
特定のフォントが適切に表示されない場合あり、自動更新機能で配布
http://itpro.nikkeibp.co.jp/article/NEWS/20121225/446301/?ST=security

アズジェント、米インパーバ製WAF/DBFの運用サービスをメニュー化
http://itpro.nikkeibp.co.jp/article/NEWS/20121221/446041/?ST=security

JVN#33159152 Android 版ロケタッチにおける情報管理不備の脆弱性
http://jvn.jp/jp/JVN33159152/

JVN#42625179 Android 版ロケタッチにおける暗黙的 Intent の扱いに関する脆弱性
http://jvn.jp/jp/JVN42625179/

JVN#65458431 concrete5 におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN65458431/

JVNDB-2011-002110 Samba Web Administration Tool におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002110.html

JVNDB-2010-001741 Samba の smbfs における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001741.html

JVNDB-2010-002862 Samba の client/mount.cifs.c におけるサービス運用妨害 (mtab 破損) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002862.html

JVNDB-2011-003524 RPM におけるサービス運用妨害 (メモリ破損) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003524.html

JVNDB-2010-002061 Red Hat Package Manager の lib/fsm.c における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002061.html

JVNDB-2012-002535 Linux Kernel の net/wireless/nl80211.c におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002535.html

JVNDB-2012-002712 Linux Kernel の fs/proc/base.c における重要な I/O 統計を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002712.html

JVNDB-2011-002087 Linux kernel の gfs2_fallocate 関数におけるサービス運用妨害 (バグおよびシステムクラッシュ）の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002087.html

JVNDB-2012-001277 Linux kernel の net/sched/sch_api.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001277.html

JVNDB-2011-001258 複数の Oracle 製品の Java Runtime Environment における脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001258.html

JVNDB-2010-002265 複数の Oracle 製品の Networking コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002265.html

JVNDB-2010-002264 複数の Oracle 製品の Networking コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002264.html

JVNDB-2010-002255 複数の Oracle 製品の Sound コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002255.html

JVNDB-2010-002247 複数の Oracle 製品の 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002247.html

JVNDB-2010-002259 複数の Oracle 製品の Deployment Toolkit コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002259.html

JVNDB-2010-002250 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002250.html

JVNDB-2010-002251 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002251.html

JVNDB-2010-002246 複数の Oracle 製品の 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002246.html

JVNDB-2010-002675 Linux kernel の ioc_general 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002675.html

JVNDB-2010-002674 Linux kernel の copy_semid_to_user 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002674.html

JVNDB-2012-005744 (JVNVU#90193767) Adobe Shockwave Player におけるプラグインモジュールのインストールに関する問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005744.html

JVNDB-2012-005742 (JVNVU#91076352) Adobe Shockwave Player における Shockwave ランタイムのインストールに関する問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005742.html

JVNDB-2012-005771 Squid の cachemgr.cgi におけるサービス運用妨害 (メモリ消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005771.html

JVNDB-2012-005599 libssh における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005599.html

JVNDB-2012-005598 libssh の keys.c におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005598.html

JVNDB-2012-005596 libssh の複数の関数におけるメモリ二重解放の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005596.html

JVNDB-2012-005600 libssh の sftp.c におけるメモリ二重解放の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005600.html

JVNDB-2012-005770 SANLock の log.h におけるファイルコンテンツを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005770.html

JVNDB-2012-005719 (JVNVU#99536825) IBM POWER5 のサービス・プロセッサーに権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005719.html

JVNDB-2012-005769 WordPress 用 Portable phpMyAdmin プラグインにおける認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005769.html

JVNDB-2012-000115 (JVN#33159152) Android 版ロケタッチにおける情報管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000115.html

JVNDB-2012-000114 (JVN#42625179) Android 版ロケタッチにおける暗黙的 Intent の扱いに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000114.html

JVNDB-2012-000113 (JVN#65458431) concrete5 におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000113.html

JVNDB-2012-005767 IBM WAS for z/OS の IBM HTTP Server コンポーネントにおける任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005767.html

JVNDB-2012-005766 IBM Rational ClearQuest の Web クライアントにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005766.html

JVNDB-2012-005765 IBM Rational ClearQuest におけるフィッシング攻撃を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005765.html

Google blocks silent Chrome extension installation
http://isc.sans.edu/diary.html?storyid=14749

Merry Christmas!
http://isc.sans.edu/diary.html?storyid=14752

VMWare posts some updates
http://isc.sans.edu/diary.html?storyid=14740

Microsoft re-releases MS12-078
http://isc.sans.edu/diary.html?storyid=14743

IBM Tivoli NetView for z/OS Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027920

Novell iPrint Unspecified 'op-client-interface-version' Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027919

Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027917

VMware vCenter Server Appliance Directory Traversal and XML Parsing Flaws Let Remote Authenticated Users Retrieve Files
http://www.securitytracker.com/id/1027916

Novell eDirectory DHOST Request Processing Flaw Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1027912

Novell eDirectory Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027911

Novell eDirectory Lets Remote Users Obtain the Administrator's Cookie
http://www.securitytracker.com/id/1027910

Novell NetIQ Privileged User Manager Bug Lets Remote Users Change the Administrative Password
http://www.securitytracker.com/id/1027909

TWiki Input Validation Flaw in '%MAKETEXT{}%' Parameter Lets Remote Users Execute Arbitrary Shell Commands
http://www.securitytracker.com/id/1027908

CA IdentityMinder Bugs Let Remote Users Execute Arbitrary Commands and Gain Elevated Privileges
http://www.securitytracker.com/id/1027907

WordPress 'wp-login.php' Fails to Properly Terminate Sessions
http://www.securitytracker.com/id/1027906

FireFly Media Server HTTP Header Parsing Denial of Service Vulnerability
http://secunia.com/advisories/51606/

Novell eDirectory Multiple Vulnerabilities
http://secunia.com/advisories/51667/

IBM Rational Method Composer Java Multiple Vulnerabilities
http://secunia.com/advisories/51682/

IBM Rational Synergy Java Multiple Vulnerabilities
http://secunia.com/advisories/51681/

IBM Tivoli NetView for z/OS Privilege Escalation Vulnerability
http://secunia.com/advisories/51680/

Novell iPrint Client "op-client-interface-version" Code Execution Vulnerability
http://secunia.com/advisories/51616/

IBM Rational System Architect Multiple Java Vulnerabilities
http://secunia.com/advisories/51684/

Hero Framework Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/51668/

Tiki Wiki CMS/Groupware "unserialize()" Arbitrary PHP Code Execution Vulnerabilities
http://secunia.com/advisories/51650/

WordPress Clockstone Theme upload.php Arbitrary File Upload Vulnerability
http://secunia.com/advisories/51619/

ownCloud Security Bypass Security Issue and Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51614/

pfSense Multiple Vulnerabilities
http://secunia.com/advisories/51674/

SUSE update for chromium
http://secunia.com/advisories/51685/

Foreman Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/51557/

VMware ESXi glibc Multiple Vulnerabilities
http://secunia.com/advisories/51555/

VMware vCenter Server Appliance Two Information Disclosure Vulnerabilities
http://secunia.com/advisories/46859/

Red Hat update for Fuse Management Console
http://secunia.com/advisories/51658/

Red Hat update for Fuse ESB Enterprise
http://secunia.com/advisories/51659/

Red Hat update for Fuse MQ Enterprise
http://secunia.com/advisories/51653/

CA IdentityMinder Two Vulnerabilities
http://secunia.com/advisories/51320/

Joomla! Virtuemart 2 Multiple Customfields Filter Module Unspecified Vulnerability
http://secunia.com/advisories/51635/

Siemens SIMATIC S7-1200 Two Denial of Service Vulnerabilities
http://secunia.com/advisories/51628/

REMOTE: TWiki MAKETEXT Remote Command Execution
http://www.exploit-db.com/exploits/23579

REMOTE: Foswiki MAKETEXT Remote Command Execution
http://www.exploit-db.com/exploits/23580

REMOTE: Netwin SurgeFTP Remote Command Execution
http://www.exploit-db.com/exploits/23601

DoS/PoC: Sony PC Companion 2.1 (DownloadURLToFile()) Stack-based Unicode Buffer Overflow
http://www.exploit-db.com/exploits/23565

DoS/PoC: Sony PC Companion 2.1 (Load()) Stack-based Unicode Buffer Overflow
http://www.exploit-db.com/exploits/23567

DoS/PoC: Sony PC Companion 2.1 (CheckCompatibility()) Stack-based Unicode Buffer Overflow
http://www.exploit-db.com/exploits/23568

DoS/PoC: Sony PC Companion 2.1 (Admin_RemoveDirectory()) Stack-based Unicode Buffer Overflow
http://www.exploit-db.com/exploits/23569

DoS/PoC: FireFly Mediaserver 1.0.0.1359 NULL Pointer Dereference
http://www.exploit-db.com/exploits/23574

Netwin SurgeFTP Remote Command Execution
http://cxsecurity.com/issue/WLB-2012120196

TWiki MAKETEXT Remote Command Execution Exploit
http://cxsecurity.com/issue/WLB-2012120195

Foswiki MAKETEXT Remote Command Execution Exploit
http://cxsecurity.com/issue/WLB-2012120194

Foswiki Remote code execution and other vulnerabilities in MAKETEXT
http://cxsecurity.com/issue/WLB-2012120126

CA IdentityMinder Multiple Vulns
http://cxsecurity.com/issue/WLB-2012120193

Smoke Loader SQL Injection
http://cxsecurity.com/issue/WLB-2012120192

CubeCart 3.0.20 Multiple SQL Injection
http://cxsecurity.com/issue/WLB-2012120191

CubeCart 3.0.20 Arbitrary File Upload
http://cxsecurity.com/issue/WLB-2012120190

CubeCart 3.0.20 Multiple Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120189

Dungbhumi Co Remote Sql Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012120188

Microsoft Remote Desktop User/Password Reader MS12-020
http://cxsecurity.com/issue/WLB-2012120184

grep linux command memory corruption
http://cxsecurity.com/issue/WLB-2012120183

YeaLink IP Phone 9.70.0.100 CSRF & Default Credentials
http://cxsecurity.com/issue/WLB-2012120187

WordPress BuddyPress Cross Site Scripting & Content Spoofing
http://cxsecurity.com/issue/WLB-2012120186

4psa VoipNow 2.x Remote Command Execution
http://cxsecurity.com/issue/WLB-2012120185

Honeywell HMIWeb Control RequestDSPLoad Remote Code Execution
http://cxsecurity.com/issue/WLB-2012120179

Microsoft Internet Explorer 9 CTreeNode Remote Code Execution
http://cxsecurity.com/issue/WLB-2012120180

Microsoft Internet Explorer OnRowsInserted Remote Code Execution
http://cxsecurity.com/issue/WLB-2012120173

Oracle Outside In WordPerfect File Processing Remote Code Execution
http://cxsecurity.com/issue/WLB-2012120182

Microsoft Internet Explorer CMarkup outerText Remote Code Execution
http://cxsecurity.com/issue/WLB-2012120181

Microsoft Office Word PAPX Section Remote Code Execution
http://cxsecurity.com/issue/WLB-2012120178

Microsoft Internet Explorer OnBeforeDeactivate Event Remote Code Execution
http://cxsecurity.com/issue/WLB-2012120177

Microsoft Internet Explorer insertAdjacentText Remote Code Execution
http://cxsecurity.com/issue/WLB-2012120176

Microsoft Internet Explorer insertRow Remote Code Execution
http://cxsecurity.com/issue/WLB-2012120175

Microsoft Internet Explorer Title Element Change Remote Code Execution
http://cxsecurity.com/issue/WLB-2012120174

Webkit HTMLMedia Element beforeLoad Remote Code Execution
http://cxsecurity.com/issue/WLB-2012120172

Oracle Java WebStart Changing System Properties Remote Code Execution
http://cxsecurity.com/issue/WLB-2012120171

Oracle Java java.beans.Statement Remote Code Execution Vulnerability
http://cxsecurity.com/issue/WLB-2012120170

RealNetworks RealPlayer ATRAC Sample Decoding Remote Code Execution Vulnerability
http://cxsecurity.com/issue/WLB-2012120169

Novell Groupwise GWIA ber_get_stringa Remote Code Execution Vulnerability
http://cxsecurity.com/issue/WLB-2012120168

Sony PC Companion 2.1 (DownloadURLToFile()) Stack-based Buffer Overload
http://cxsecurity.com/issue/WLB-2012120167

Sony PC Companion 2.1 (Load()) Stack-based Buffer Overload
http://cxsecurity.com/issue/WLB-2012120166

Sony PC Companion 2.1 (CheckCompatibility()) Stack-based Buffer Overload
http://cxsecurity.com/issue/WLB-2012120165

Sony PC Companion 2.1 (Admin_RemoveDirectory()) Stack-based Buffer Overload
http://cxsecurity.com/issue/WLB-2012120164

WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout
http://cxsecurity.com/issue/WLB-2012120163

ELBA Electronic Banking application Multiple vulnerabilities
http://cxsecurity.com/issue/WLB-2012120162

BuddyPress for WordPress XSS and CS vulnerabilities
http://cxsecurity.com/issue/WLB-2012120161

NetWin SurgeFTP Authenticated Admin Command Injection
http://cxsecurity.com/issue/WLB-2012120160

InduSoft Web Studio ISSymbol.ocx InternationalSeparator() Heap Overflow
http://cxsecurity.com/issue/WLB-2012120159

gdb (GNU debugger) <= 7.5.1 (crash due a NULL pointer dereference)
http://cxsecurity.com/issue/WLB-2012120158

IDA Pro 6.3 Crash PoC
http://cxsecurity.com/issue/WLB-2012120157

Wordpress plugin sintic_gallery Path Disclosure Vulnerability
http://cxsecurity.com/issue/WLB-2012120156

ClipBucket Multiple SQL Injection vulnerabilities
http://www.securiteam.com/securitynews/6S03K0A6AA.html

Oracle Java Virtual Machine (JVM) CVE-2012-4416 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55501

Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083

Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081

Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080

Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061

Oracle Java SE CVE-2012-3159 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56072

Oracle Java SE CVE-2012-1533 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56046

Oracle Java SE CVE-2012-1531 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56033

Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56076

Oracle Java SE CVE-2012-3143 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56055

Oracle Java SE CVE-2012-1532 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56051

Oracle Java SE CVE-2012-1725 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53954

Oracle Java SE CVE-2012-1722 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53953

Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951

Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952

Oracle Java SE CVE-2012-1719 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53950

Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53946

Oracle Java SE CVE-2012-1716 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53947

Oracle Java SE CVE-2012-1721 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53959

Oracle GlassFish Server Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53136

Oracle Java SE CVE-2012-1720 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53956

Oracle Java SE CVE-2012-5084 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56063

Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071

Oracle Java SE CVE-2012-5089 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56059

Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082

WordPress Multiple CMSMasters Themes 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/56988

hostapd CVE-2012-4445 Message Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/55826

OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/51281

OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428

hostapd CVE-2012-4445 Message Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/55826

OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/51281

OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428

Intel CPU Hardware Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53856

OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158

Inkscape XML External Entity Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56965

TWiki and Foswiki 'MAKETEXT' Variable Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56950

Xen 'XENMEM_exchange' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56797

Xen 'extent_order' Values Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56798

Xen 'HVMOP_set_mem_access' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56799

Xen CVE-2012-5514 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56803

Xen Grant Table Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56794

Xen Bitmap Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56796

ModSecurity POST Parameters Security Bypass Vulnerability
http://www.securityfocus.com/bid/56096

ModSecurity Quote Parsing Security Bypass Vulnerability
http://www.securityfocus.com/bid/54156

Adiscan LogAnalyzer 'oracle_query' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57012

Novell eDirectory Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57038

Novell iPrint Client CVE-2012-0411 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57037

IBM Tivoli NetView for z/OS CVE-2012-5951 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57036

Hero Framework Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/57035

Tiki Wiki CMS Groupware 'unserialize()' Multiple Remote PHP Code Execution Vulnerabilities
http://www.securityfocus.com/bid/57034

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5840 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56635

CubeCart Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/57031

NetIQ Privileged User Manager Admin Password Change Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/56535

JRuby CVE-2012-5370 'MurmurHash2' Algorithm Hash Collision Denial of Service Vulnerability
http://www.securityfocus.com/bid/56669

Jetty Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51199

Microsoft Windows TrueType Font CVE-2012-4786 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56842

Microsoft Windows OpenType Font (OTF) Driver CVE-2012-2556 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56841

Isearch Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/57024

Linux Kernel 'tcp_illinois_info()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56346

Honeywell HMIWeb Browser ActiveX Control Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55465

Google Chrome Prior to 18.0.1025.151 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52913

Microsoft Internet Explorer CVE-2012-1879 'insertAdjacentText()' Method Code Execution Vulnerability
http://www.securityfocus.com/bid/53868

Microsoft Internet Explorer CVE-2012-1880 'insertRow()' Method Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53869

Red Hat Certificate System Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56843

Oracle MySQL and MariaDB 'acl_get()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56769

Qt 'XmlHttpRequest' Object Insecure Redirection Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56807

Linux Kernel EXT4 'ext4_fill_flex_info()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53414

Linux Kernel IPv6 CVE-2012-4444 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56891

Microsoft Internet Explorer cloneNode Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55647

Microsoft Word PAPX Section Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55780

Oracle Java Runtime Environment CVE-2012-1682 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55336

Microsoft Internet Explorer Layout Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55646

Novell GroupWise Internet Agent CVE-2012-0417 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/55731

Microsoft Internet Explorer CVE-2012-1877 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53866

Real Networks RealPlayer Atrac Sample Decoding Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51890

Microsoft Internet Explorer CVE-2012-1878 'OnBeforeDeactivate' Event Code Execution Vulnerability
http://www.securityfocus.com/bid/53867

Microsoft Internet Explorer CVE-2012-1881 'OnRowsInserted' Event Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53870

Squid 'cachemgr.cgi' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/56957

GNU glibc Multiple Local Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54982

GNU glibc 'svc_run()' EMFILE Error Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/51439

GNU glibc 'addmntent()' Mount Helper Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/46740

GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
http://www.securityfocus.com/bid/52201

GNU glibc 'ld.so' ELF Header Parsing Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40063

GNU glibc Timezone Parsing Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50898

GNU glibc Formatted Printing Functionality Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54374

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5836 Denial of Service Vulnerability
http://www.securityfocus.com/bid/56616

VoipNow Service Provider Edition Remote Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/57032

Yealink SIP-T20P IP Phone Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57029

Joomla! Virtuemart 2 Multiple Customfields Filter Module Unspecified Security Vulnerability
http://www.securityfocus.com/bid/57025

SIEMENS SIMATIC S7-1200 Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/57023

2012年12月21日金曜日

21日金曜日、先勝

+ phpMyAdmin 3.5.5 released
http://sourceforge.net/news/?group_id=23067&id=310033

+ PHP 5.4.10, 5.3.20 released
http://php.net/ChangeLog-5.php

FreeBSD Foundation Newsletter, December 20, 2012
http://www.freebsdfoundation.org/press/2012Dec-newsletter.shtml

プレス発表
「2011年度情報セキュリティ事象被害状況調査」報告書を公開
～ウイルス遭遇率は約7割に上昇するも感染被害は約17％に留まる～
http://www.ipa.go.jp/about/press/20121220.html

マスターカードをかたるフィッシング急増、日本語の偽サイトが150件以上
アクセス数は合計で988件、トレンドマイクロが報告
http://itpro.nikkeibp.co.jp/article/NEWS/20121220/445882/?ST=security

2013年の危険なマルウエアトレンド予測ワースト5
http://itpro.nikkeibp.co.jp/article/COLUMN/20121220/445641/?ST=security

Android版Operaに深刻な脆弱性が発覚、他アプリからCookie情報などを盗まれる危険
http://itpro.nikkeibp.co.jp/article/NEWS/20121220/445764/?ST=security

重要なPCは違う「目線」で2重検査すべき
http://itpro.nikkeibp.co.jp/article/Interview/20121217/444943/?ST=security

JVN#27691264 Android 版 Opera Mini ウェブブラウザおよび Opera Mobile ウェブブラウザにおいて任意のスクリプトが実行される脆弱性
http://jvn.jp/jp/JVN27691264/

JVN#69589791 Boat Browser および Boat Browser Mini における WebView クラスに関する脆弱性
http://jvn.jp/jp/JVN69589791/

JVNDB-2012-005764 (JVNVU#92360060) Huawei E585 デバイスにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005764.html

JVNDB-2012-005763 (JVNVU#92360060) Huawei E585 デバイスにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005763.html

JVNDB-2012-005762 (JVNVU#92360060) Huawei E585 デバイスにおける重要なユーザ情報およびセッション ID を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005762.html

JVNDB-2012-005761 Tropos wireless mesh router の Mesh OS におけるデバイスになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005761.html

JVNDB-2012-005760 Invensys Wonderware InTouch および Siemens ProcessSuite におけるパスワードを発見される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005760.html

JVNDB-2012-005759 Siemens Automation License Manager におけるサービス運用妨害 (メモリ消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005759.html

JVNDB-2012-005758 VMware View におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005758.html

JVNDB-2012-005757 IBM Lotus Foundations Start におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005757.html

JVNDB-2012-005756 IBM Lotus Notes における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005756.html

JVNDB-2012-005755 Linux 上で稼働する IBM ASU および BoMC における任意のファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005755.html

JVNDB-2012-005754 Cisco Wireless LAN Controller デバイスにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005754.html

JVNDB-2012-005753 Cisco Wireless LAN Controller デバイスにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005753.html

JVNDB-2012-005752 Cisco Wireless LAN Controller デバイスにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005752.html

JVNDB-2012-005751 Apache Tomcat におけるサービス運用妨害 (無限ループ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005751.html

JVNDB-2012-005750 Apache Tomcat におけるクロスサイトリクエストフォージェリ (CSRF) 保護メカニズムを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005750.html

JVNDB-2012-005749 Apache Tomcat における security-constraint のチェックを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005749.html

JVNDB-2012-000112 (JVN#27691264) Android 版 Opera Mini ウェブブラウザおよび Opera Mobile ウェブブラウザにおいて任意のスクリプトが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000112.html

JVNDB-2012-000111 (JVN#69589791) Boat Browser および Boat Browser Mini における WebView クラスに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000111.html

JVNDB-2012-005748 RealNetworks RealPlayer および RealPlayer SP におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005748.html

JVNDB-2012-005747 RealNetworks RealPlayer および RealPlayer SP における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005747.html

JVNDB-2012-005746 Symantec Enterprise Security Manager における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005746.html

JVNDB-2012-005745 Symantec Endpoint Protection の管理コンソールにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005745.html

JVNDB-2012-005744 (JVNVU#90193767) Adobe Shockwave Player におけるプラグインモジュールのインストールに関する問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005744.html

JVNDB-2012-005743 (JVNVU#93897900) Adobe Shockwave Player に旧バージョンの Flash ランタイムが同梱されている問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005743.html

JVNDB-2012-005742 (JVNVU#91076352) Adobe Shockwave Player における Shockwave ランタイムのインストールに関する問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005742.html

JVNDB-2012-005741 OpenShift の管理コンソールにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005741.html

JVNDB-2012-005740 ownCloud の lib/filesystem.php における任意の PHP コードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005740.html

JVNDB-2012-005739 ownCloud の lib/migrate.php における任意の PHP コードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005739.html

JVNDB-2012-005738 ownCloud の apps/user_webdavauth/settings.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005738.html

JVNDB-2012-005735 GIMP の X Window Dump プラグインにおけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005735.html

JVNDB-2012-005734 Symfony CMS の lib/form/sfForm.class.php における任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005734.html

JVNDB-2012-005733 OpenStack Keystone における承認の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005733.html

JVNDB-2012-005732 OpenStack Keystone における承認の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005732.html

JVNDB-2012-005731 bogofilter の bogolexer コンポーネントにおけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005731.html

JVNDB-2012-005730 Perl の util.c におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005730.html

JVNDB-2012-005729 Samsung GALAXY および Meizu MX など Android デバイスにおける任意の物理メモリを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005729.html

JVNDB-2012-005716 Adobe Photoshop Camera Raw におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005716.html

JVNDB-2012-005713 Itanium および Alpha プラットフォーム上の HP OpenVMS におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005713.html

White House strategy on security information sharing and safeguarding
http://isc.sans.edu/diary.html?storyid=14734

A Consumer's Guide to Spotting "Fake" Charities
http://isc.sans.edu/diary.html?storyid=14737

Adobe Shockwave Player Old Runtime Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027905

Adobe Shockwave Player Flaw in Flash Runtime Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027904

Adobe Shockwave Player Flaw in 'Xtras' Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027903

MLE-Moodle 0.8.8.4 <= Local File Inclusion Vulnerability
http://cxsecurity.com/issue/WLB-2012120155

Thaiweb <= Remote File Inclusion Vulnerability
http://cxsecurity.com/issue/WLB-2012120154

CMSMasters and Clockstone Theme File Upload Vulnerabilities
http://cxsecurity.com/issue/WLB-2012120153

Elite Bulletin Board 2.1.21 SQL Injection
http://cxsecurity.com/issue/WLB-2012120152

SurgeFTP Remote Command Execution
http://cxsecurity.com/issue/WLB-2012120151

Drupal Core 6.x & 7.x Access Bypass & Code Execution
http://cxsecurity.com/issue/WLB-2012120150

Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2012120146

Cerberus FTP Server <= 5.0.5.1 Multiple XSS vulnerabilities
http://cxsecurity.com/issue/WLB-2012120149

Firefly MediaServer Multiple Remote DoS Vulnerabilities
http://cxsecurity.com/issue/WLB-2012120148

Avamar backup client for Linux writable cache files
http://cxsecurity.com/issue/WLB-2012120147

REMOTE: InduSoft Web Studio ISSymbol.ocx InternationalSeparator() Heap Overflow
http://www.exploit-db.com/exploits/23500

REMOTE: NetWin SurgeFTP Authenticated Admin Command Injection
http://www.exploit-db.com/exploits/23522

DoS/PoC: gdb (GNU debugger) <= 7.5.1NULL Pointer Dereference
http://www.exploit-db.com/exploits/23523

DoS/PoC: IDA Pro 6.3 Crash PoC
http://www.exploit-db.com/exploits/23524

Qt XmlHttpRequest Local File Information Disclosure Vulnerability
http://secunia.com/advisories/51655/

Drupal Uploaded Files Information Disclosure Vulnerability
http://secunia.com/advisories/51517/

Piwigo EXIF/IPTC Metadata Script Insertion Vulnerability
http://secunia.com/advisories/51576/

IBM Rational Policy Tester / Security AppScan Enterprise Certificate Spoofing
http://secunia.com/advisories/51661/

LemonLDAP::NG SAML Signature Verification Bypass Security Issue
http://secunia.com/advisories/51139/

Elite Bulletin Board Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/51622/

SonicWALL SonicOS "searchStr" XML Tag Script Insertion Vulnerability
http://secunia.com/advisories/51615/

IBM WebSphere Application Server for z/OS Arbitrary Command Execution Vulnerability
http://secunia.com/advisories/51656/

Carlo Gavazzi Eos-Box Hard-Coded Credentials and SQL Injection
http://secunia.com/advisories/51641/

Adiscon LogAnalyzer "query" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51539/

IBM Tivoli Remote Control / IBM Tivoli Endpoint Manager for Remote Control Java Multiple Vulnerabilities
http://secunia.com/advisories/51584/

D-Link DCS-932L Password Request Handling Security Issue
http://secunia.com/advisories/51610/

Drupal Context Module Block Content Information Disclosure Vulnerability
http://secunia.com/advisories/51594/

IBM Rational Automation Framework Web UI Security Bypass Security Issue
http://secunia.com/advisories/51587/

IBM InfoSphere Streams Java Multiple Vulnerabilities
http://secunia.com/advisories/51657/

MyBB Transactions Plugin "transaction" SQL Injection Vulnerability
http://secunia.com/advisories/51639/

Ubuntu update for libav
http://secunia.com/advisories/51643/

Ubuntu update for ffmpeg
http://secunia.com/advisories/51642/

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4205 Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56621

Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities
http://www.securityfocus.com/bid/56993

IBM Java Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55495

JW Player 'playerready' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54739

Linux Kernel NFS Client 'decode_getacl()' Incomplete Fix Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53615

Linux Kernel CVE-2012-5517 NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56527

Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951

Oracle Java SE CVE-2012-3159 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56072

Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071

Oracle Java SE CVE-2012-3143 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56055

Mozilla Firefox CVE-2012-4206 Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/56625

Django Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54742

Dnsmasq Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54353

Zend Framework 'Zend_Feed' Component Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56982

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5835 Integer Overflow Vulnerability
http://www.securityfocus.com/bid/56643

Mozilla Firefox CVE-2012-4210 Style Inspector Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56646

Mozilla Firefox CVE-2012-5837 Developer Toolbar Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56645

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5838 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56644

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5830 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56641

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5833 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56642

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4217 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56639

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5839 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56637

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4213 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56638

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4218 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56640

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5829 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56636

Mozilla Firefox, SeaMonkey, and Thunderbird HZ-GB-2312 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56632

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4216 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56634

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4212 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56630

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-5841 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56631

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4215 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56633

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4214 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56628

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4209 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56629

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4204 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56613

Mozilla Firefox CVE-2012-4203 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56623

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-4201 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56618

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4202 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56614

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4208 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56627

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5842 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/56611

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5843 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/56612

SSH Tectia Server Unauthorized Password Change Security Bypass Vulnerability
http://www.securityfocus.com/bid/56783

Sony PC Companion Multiple Stack Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/57016

Piwigo 'EXIF/IPTC' Metadata HTML Injection Vulnerability
http://www.securityfocus.com/bid/57015

IBM Multiple Products SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/57014

ELBA Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/57013

Adiscan LogAnalyzer 'query' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57012

D-Link DCS-932L CVE-2012-4046 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57011

Foreman CVE-2012-5648 Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/57007

IDA Pro 'ELF' File Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57004

Banana Dance Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/57003

Firefly Media Server Multiple NULL Pointer Dereference Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56999

2012年12月20日木曜日

20日木曜日、赤口

+ CESA-2012:1590 Moderate CentOS 5 libtiff Update
http://lwn.net/Alerts/529858/

+ CESA-2012:1590 Moderate CentOS 6 libtiff Update
http://lwn.net/Alerts/529875/

+ CESA-2012:1580 Moderate CentOS 6 kernel Update
http://lwn.net/Alerts/529877/

+ Multiple vulnerabilities fixed in Java 7U9
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_java1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5085

+ Multiple vulnerabilities fixed in Java 6U37
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_java
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5085

+ Zimbra Collaboration Suite Open Source Edition 8.0.2, 7.2.2 GA Release
http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.2.pdf
http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.2.pdf

APSB12-28 Security update available for Photoshop Camera Raw
http://www.adobe.com/support/security/bulletins/apsb12-28.html

年末年始における注意喚起
http://www.ipa.go.jp/security/topics/alert241219.html

「数独」のExcelファイルにウイルス、マクロを有効にすると感染
パソコンのシステム情報などが盗まれる
http://itpro.nikkeibp.co.jp/article/NEWS/20121220/445604/?ST=security

不正送金を自動化、被害は60億円以上――進化する「サイバー金融詐欺」
マカフィーが最新の手口を解説、「Webインジェクト」や「MITB攻撃」も猛威
http://itpro.nikkeibp.co.jp/article/NEWS/20121219/445321/?ST=security

JVNVU#90193767 Adobe Shockwave Player におけるプラグインモジュールのインストールに関する問題
http://jvn.jp/cert/JVNVU90193767/

JVNVU#93897900 Adobe Shockwave Player に旧バージョンの Flash ランタイムが同梱されている問題
http://jvn.jp/cert/JVNVU93897900/

JVNVU#91076352 Adobe Shockwave Player における Shockwave ランタイムのインストールに関する問題
http://jvn.jp/cert/JVNVU91076352/

EMC Avamar: World writable cache files
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00118.html

Multiple XSS vulnerabilities in Cerberus FTP Server <= 5.0.5.1 [CVE-2012-6339]
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00117.html

[ MDVSA-2012:181 ] python-django
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00116.html

Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00109.html

Multiple vulnerabilities in Banana Dance
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00115.html

Firefly MediaServer Multiple Remote DoS Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00114.html

Multiple SQL Injection Vulnerabilities in Elite Bulletin Board
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00113.html

Local root exploit for Centrify Deployment Manager < v2.1.0.283 local root
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00112.html

Enterpriser16 LoadBalancer v7.1 - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00111.html

SonicWall SonicOS 5.8.1.8 WAF - POST Inject Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00110.html

Challenges of Anti-Phishing Advice, the Google Docs Edition
http://isc.sans.edu/diary.html?storyid=14731

IBM Tivoli Storage Manager for Space Management Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027902

IBM Tivoli Storage Manager for Space Management Lets Remote Users Access and Modify Files
http://www.securitytracker.com/id/1027901

DoS/PoC: DIMIN Viewer 5.4.0 GIF Decode Crash PoC
http://www.exploit-db.com/exploits/23496

phpwcms "preg_replace()" Arbitrary Code Execution Vulnerabilities
http://secunia.com/advisories/51588/

Quenlig "comment" Script Insertion Vulnerability
http://secunia.com/advisories/51564/

IBM Tivoli Storage Manager for Space Management Two Vulnerabilities
http://secunia.com/advisories/51623/

fail2ban Unspecified Vulnerability
http://secunia.com/advisories/51553/

MyBB Profile Xbox Live ID Plugin "xli" SQL Injection and Script Insertion Vulnerabilities
http://secunia.com/advisories/51620/

Red Hat update for JBoss Enterprise Application Platform
http://secunia.com/advisories/51607/

IronJacamar Security Domains "allow-multiple-users" Security Bypass
http://secunia.com/advisories/51550/

Zend Framework "Zend_Feed" XML Entity References Information Disclosure Vulnerability
http://secunia.com/advisories/51583/

MyBB MyTube Plugin "profile_fields[]" Script Insertion Vulnerability
http://secunia.com/advisories/51600/

Red Hat update for kernel
http://secunia.com/advisories/51613/

Red Hat update for libtiff
http://secunia.com/advisories/51582/

Oracle Solaris Apache HTTP Server LD_LIBRARY_PATH and Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51575/

Nagios history.cgi "get_history()" Buffer Overflow Vulnerability
http://secunia.com/advisories/51537/

Oracle Solaris Java Multiple Vulnerabilities
http://secunia.com/advisories/51618/

HP-UX update for BIND
http://secunia.com/advisories/51604/

Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2012120146

Cerberus FTP Server <= 5.0.5.1 Multiple XSS vulnerabilities
http://cxsecurity.com/issue/WLB-2012120149

Firefly MediaServer Multiple Remote DoS Vulnerabilities
http://cxsecurity.com/issue/WLB-2012120148

Avamar backup client for Linux writable cache files
http://cxsecurity.com/issue/WLB-2012120147

Cerberus FTP Server Web Admin Multiple HTML-Injection Vulnerabilities
http://www.securityfocus.com/bid/56906

Dell SonicWALL SonicOS Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56976

Loadbalancer Enterprise R16 Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56979

Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081

Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071

Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/27409

Rugged Operating System Private Key Disclosure Vulnerability
http://www.securityfocus.com/bid/55123

Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/53046

Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/55131

Apache CXF Child Policies Security Bypass Vulnerability
http://www.securityfocus.com/bid/53880

Oracle Mojarra 'FacesContext' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53901

Apache CXF Elements Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/53877

Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
http://www.securityfocus.com/bid/55628

IronJacamar CVE-2012-3428 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56981

Django 'HttpRequest.get_host()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56146

Linux Kernel CVE-2012-5517 NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56527

Linux Kernel IPv6 CVE-2012-4444 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56891

Linux Kernel 'tcp_illinois_info()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56346

Linux Kernel NFS Client 'decode_getacl()' Incomplete Fix Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53615

Linux Kernel EXT4 'ext4_fill_flex_info()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53414

Samsung SmartPhones Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56955

LibTIFF 't2p_read_tiff_init()' Function Heap-based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54601

LibTIFF 'DOTRANGE' Tags Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56715

LibTIFF 'TIFFScanlineSize()' Function Heap-based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56372

LibTIFF TIFF Image Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55673

ownCloud Multiple Cross Site Scripting and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/56658

FFmpeg Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/55355

Opera Web Browser Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56788

Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56814

Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
http://www.securityfocus.com/bid/56813

Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
http://www.securityfocus.com/bid/56402

Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56812

Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
http://www.securityfocus.com/bid/56403

rssh CVE-2012-3478 Security Bypass Vulnerability
http://www.securityfocus.com/bid/53430

rssh Command Line Filtering Multiple Remote Arbitrary Command Execution Vulnerabilities
http://www.securityfocus.com/bid/56708

Oracle Java SE CVE-2012-5085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56067

Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082

Oracle Java SE CVE-2012-5089 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56059

Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080

Oracle Java SE CVE-2012-5083 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56025

Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061

Oracle Java SE CVE-2012-5069 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56065

Oracle Java SE CVE-2012-1533 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56046

Oracle Java Virtual Machine (JVM) CVE-2012-4416 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55501

Oracle Java SE CVE-2012-5084 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56063

Oracle Java SE CVE-2012-5077 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56058

Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075

Oracle Java SE CVE-2012-1531 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56033

Oracle Java SE CVE-2012-3143 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56055

Oracle Java SE CVE-2012-3159 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56072

Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56076

Oracle Java SE CVE-2012-1532 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56051

Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083

Oracle Java SE CVE-2012-5067 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56070

Oracle Java SE CVE-2012-5087 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56043

Oracle Java SE CVE-2012-5076 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56054

Oracle Java SE CVE-2012-5074 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56056

Oracle Java SE CVE-2012-5070 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56079

Oracle Java SE CVE-2012-5088 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56057

Nagios Core 'get_history()' Function Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56879

ISC BIND CVE-2012-1033 Security Bypass Vulnerability
http://www.securityfocus.com/bid/51898

Linux Kernel dl2k Network Driver IOCTL Handling Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53965

Advantech Studio ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/47596

Drupal Context Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56997

Joomla! Bit Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/56995

Joomla! ZT Autolinks Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/56994

Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities
http://www.securityfocus.com/bid/56993

Free Hosting Manager Unspecified HTML Injection Vulnerability
http://www.securityfocus.com/bid/56991

Carlo Gavazzi EOS-BOX Security Bypass and SQL Injection Vulnerability
http://www.securityfocus.com/bid/56989

WordPress Multiple CMSMasters Themes 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/56988

Quenlig 'comment' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/56986

Opera Web Browser Repeated Attempts Site Access Address Bar URI Spoofing Vulnerability
http://www.securityfocus.com/bid/56984

Zend Framework 'Zend_Feed' Component Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56982

Opera Web Browser Prior to 12.12 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56980

MyBB Profile Xbox Live ID Plugin HTML Injection Vulnerability
http://www.securityfocus.com/bid/56978

MyBB MyYoutube Plugin HTML Injection Vulnerability
http://www.securityfocus.com/bid/56977

2012年12月19日水曜日

19日水曜日、大安

+ RHSA-2012:1590 Moderate: libtiff security update
http://rhn.redhat.com/errata/RHSA-2012-1590.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5581

+ RHSA-2012:1580 Moderate: kernel security, bug fix and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-1580.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5517

+ Opera 12.12 released
http://www.opera.com/docs/changelogs/unified/1212/

+ HPSBUX02835 SSRT100763 rev.1 - HP-UX Running BIND, Remote Domain Name Revalidation
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03577598-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1033

+ Multiple vulnerabilities in Apache HTTP server
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687

+ Multiple vulnerabilities in Firefox
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_firefox
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980

OpenSSL vulnerability CVE-2012-0884
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk76360&src=securityAlerts

Database .NET 7.6 released
http://www.postgresql.org/about/news/1436/

NECがインターポールと提携、国際サイバー犯罪への対応力を強化
http://itpro.nikkeibp.co.jp/article/NEWS/20121218/445242/?ST=security

Mitigating the impact of organizational change: a risk assessment
http://isc.sans.edu/diary.html?storyid=14725

All I Want for Christmas is to Not Get Hacked !
http://isc.sans.edu/diary.html?storyid=14722

Joomla! 'language search' Component Cross Site Scripting Vulnerability
http://www.securiteam.com/securitynews/6Z0362A6AA.html

VU#519137 Adobe Shockwave player installs Xtras without prompting
http://www.kb.cert.org/vuls/id/519137

VU#323161 Adobe Shockwave player provides vulnerable Flash runtime
http://www.kb.cert.org/vuls/id/323161

VU#546769 Adobe Shockwave player vulnerable to downgrading
http://www.kb.cert.org/vuls/id/546769

SonicWALL SonicOS Input Validation Flaw Permits Script Injection Attacks
http://www.securitytracker.com/id/1027895

RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027893

Aptdaemon Certification Validation Flaw Lets Remote Users Install PPA GPG Keys
http://www.securitytracker.com/id/1027891

SANLock Log File Insecure Permissions Weakness
http://secunia.com/advisories/51603/

Ubuntu update for aptdaemon
http://secunia.com/advisories/51627/

IBM InfoSphere BigInsights Java and Jetty Denial of Service Vulnerabilities
http://secunia.com/advisories/51586/

Ubuntu update for bogofilter
http://secunia.com/advisories/51625/

MyBB User Profile Skype ID Plugin "skype" Script Insertion Vulnerability
http://secunia.com/advisories/51612/

IBM Intelligent Operations Center Event Data Script Insertion Vulnerability
http://secunia.com/advisories/51591/

REMOTE: Crystal Reports CrystalPrintControl ActiveX ServerResourceVersion Property Overflow
http://www.exploit-db.com/exploits/23472

phpwcms 1.5.4.6 remote code execution exploit
http://cxsecurity.com/issue/WLB-2012120135

Crystal Reports CrystalPrintControl ActiveX ServerResourceVersion Property Overflow
http://cxsecurity.com/issue/WLB-2012120134

MyBB Profile Skype ID Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120133

WordPress Rokbox 2.13 Multiple Vulns
http://cxsecurity.com/issue/WLB-2012120132

Peruvian Universities SQL Injection
http://cxsecurity.com/issue/WLB-2012120131

National Weather Service Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120130

Element C2 & Phuse Web & Cox Web Design SQL Injection
http://cxsecurity.com/issue/WLB-2012120129

Pej Studio & Nissi Infotech & Plante Graffix Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120128

Centrify Deployment Manager '/tmp' Insecure Temporary File Handling Vulnerability
http://www.securityfocus.com/bid/56802

Freeciv Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/41352

Linux Kernel 'binfmt_script.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55878

Perl CGI.pm 'Set-Cookie' and 'P3P' Headers HTTP Header Injection Vulnerability
http://www.securityfocus.com/bid/56562

Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013

Jetty Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51199

SAP Crystal Reports Print ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45387

Dell SonicWALL SonicOS Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56976

MyBB MyTube Plugin 'mytube.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/56974

IBM Intelligent Operations Center HTML Injection Vulnerability
http://www.securityfocus.com/bid/56970

Totem '.avi' File Divide-By-Zero Denial of Service Vulnerability
http://www.securityfocus.com/bid/56968

登録: 投稿 (Atom)