29日 水曜日、先負

- HS12-009: Multiple vulnerabilities were found in JP1/Cm2/Network Node Manager i.
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-009/index.html
- HS12-009: JP1/Cm2/Network Node Manager iにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-009/index.html

定期サーバメンテナンスのお知らせ（2012年3月12日）
http://www.trendmicro.co.jp/support/news.asp?id=1739

プレス発表
制御機器の脆弱性に関する注意喚起
～制御システムへの攻撃ルートの分析とセキュリティ対策の検討を！～
http://www.ipa.go.jp/about/press/20120229.html

JVNDB-2010-002890 Hulihan BXR の folder/list における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002890.html

JVNDB-2010-002889 TYPO3 用 Webkit PDFs エクステンションにおける任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002889.html

JVNDB-2010-002888 TYPO3 用 Webkit PDFs エクステンションにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002888.html

JVNDB-2010-002887 TYPO3 用 Branchenbuch エクステンションにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002887.html

JVNDB-2011-003742 Pre Projects Pre Podcast Portal の login 機能における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003742.html

JVNDB-2011-003741 Prado Portal の index.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003741.html

JVNDB-2010-002886 TYPO3 用 Questionnaire (ke_questionnaire) エクステンションにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002886.html

JVNDB-2010-002885 TYPO3 用 Questionnaire (ke_questionnaire) エクステンションにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002885.html

JVNDB-2011-003740 APBoard Developers APBoard の board/board.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003740.html

JVNDB-2011-003739 xt:Commerce Gambio 2008 の product_reviews_info.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003739.html

JVNDB-2011-003738 TYPO3 用 JW Calendar エクステンションにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003738.html

JVNDB-2011-003737 TYPO3 用 FE user statistic エクステンションにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003737.html

JVNDB-2011-003736 TYPO3 用 xaJax Shoutbox エクステンションにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003736.html

JVNDB-2011-003735 TYPO3 用 Event エクステンションにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003735.html

JVNDB-2011-003734 Joomla! 用 FreiChat および FreiChatPure におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003734.html

JVNDB-2011-003733 PHP Free Photo Gallery script における PHP リモートファイルインクルージョンの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003733.html

JVNDB-2011-003732 ALLPC の advanced_search_result.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003732.html

JVNDB-2011-003731 ALLPC の product_info.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003731.html

JVNDB-2011-003730 Joomla! 用 CamelcityDB コンポーネントにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003730.html

JVNDB-2011-003729 Mambo および Joomla! 用 Elite Experts コンポーネントにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003729.html

JVNDB-2011-003728 Saurus CMS における PHP リモートファイルインクルージョンの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003728.html

JVNDB-2011-003727 E-Xoopport Samsara の location.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003727.html

JVNDB-2011-003726 Joomla! 用 Teams (com_teams) コンポーネントにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003726.html

JVNDB-2011-003725 Wanewsletter の index.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003725.html

JVNDB-2011-003724 MailForm の index.php におけるリモートファイルインクルージョンの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003724.html

JVNDB-2012-000014 (JVN#25731073) 複数のクックパッド製 Android アプリケーションにおける WebView クラスに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000014.html

Snom VoIP Phone Firmware Password Reset Security Issue
http://secunia.com/advisories/48061/

Snom VoIP Phone Firmware Two Vulnerabilities
http://secunia.com/advisories/48158/

Snom VoIP Phone Firmware Password Reset Security Issue
http://secunia.com/advisories/48048/

Kadu Two Script Insertion Vulnerabilities
http://secunia.com/advisories/48162/

NetDecision Source Code Disclosure and Buffer Overflow Vulnerabilities
http://secunia.com/advisories/48168/

OpenSSL ASN.1 MIME Header Parsing NULL Pointer Dereference Vulnerability
http://secunia.com/advisories/48153/

Sagem F@st 2604 Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/48088/

lknSupport URL Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48151/

Webglimpse Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/48049/

WonderDesk SQL Multiple Cross-Site Scripting and Script Insertion Vulnerabilities
http://secunia.com/advisories/48167/

Gentoo update for libvirt
http://secunia.com/advisories/48177/

SUSE update for cvs
http://secunia.com/advisories/48150/

Debian update for puppet
http://secunia.com/advisories/48157/

Debian update for postgresql-8.4
http://secunia.com/advisories/48174/

Ubuntu update for ruby
http://secunia.com/advisories/48175/

Ubuntu update for libxml2
http://secunia.com/advisories/48178/

SUSE update for java-1_6_0-openjdk
http://secunia.com/advisories/48187/

Avaya CMS Solaris Information Disclosure and Denial of Service Vulnerabilities
http://secunia.com/advisories/48200/

PostgreSQL Multiple Vulnerabilities
http://secunia.com/advisories/48107/

- Linux Kernel CIFS File Error Lets Local Users Deny Service
http://www.securitytracker.com/id/1026745
http://www.securityfocus.com/bid/52197

[ANN] Apache Commons Daemon 1.0.10 released
http://commons.apache.org/daemon/

Dovecot clustering with dsync-based replication
http://blog.dovecot.org/2012/02/dovecot-clustering-with-dsync-based.html

JVN#25731073 複数のクックパッド製 Android アプリケーションにおける WebView クラスに関する脆弱性
http://jvn.jp/jp/JVN25731073/index.html

[SECURITY] [DSA 2420-1] openjdk-6 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00180.html

[ MDVSA-2012:025 ] samba
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00181.html

Reliable Windows 7 Exploitation: A Case Study
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00177.html

[ MDVSA-2012:023-1 ] libvpx
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00176.html

[ MDVSA-2012:022-1 ] mozilla
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00178.html

ImgPals Photo Host Version 1.0 Admin Account Disactivation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00179.html

JVNDB-2012-001591 Bugzilla の xmlrpc.cgi におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001591.html

JVNDB-2012-001590 複数の Cisco 製品の Local TFTP file-upload アプリケーションにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001590.html

JVNDB-2012-001589 複数の Cisco 製品における設定ファイルを置き換えられる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001589.html

JVNDB-2012-001588 複数の Cisco 製品の Web インタフェースにおける任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001588.html

JVNDB-2011-003723 Joomla! の Weblinks コンポーネントにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003723.html

JVNDB-2011-003722 Joomla! 用の Amblog コンポーネントにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003722.html

JVNDB-2011-003721 Joomla! 用の Slide Show コンポーネントにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003721.html

JVNDB-2011-003720 Entrans の poll.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003720.html

JVNDB-2011-003719 Get Tube の video.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003719.html

JVNDB-2011-003718 Geeklog の filemgmt/singlefile.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003718.html

JVNDB-2011-003717 Entrans の search.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003717.html

JVNDB-2012-001496 (JVNVU#523889) libpng における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001496.html

JVNDB-2011-003716 AtMail Webmail の index.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003716.html

JVNDB-2011-003715 Joomla! 用 Joostina コンポーネントにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003715.html

JVNDB-2011-003714 Joomla! 用 Restaurant Guide コンポーネントにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003714.html

JVNDB-2011-003713 Joomla! 用 Restaurant Guide コンポーネントにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003713.html

JVNDB-2011-003712 Joomla! 用 TimeTrack コンポーネントにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003712.html

JVNDB-2011-003711 Nuked-Klan 用 Partenaires モジュールにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003711.html

JVNDB-2011-003710 Virtue Netz Virtue Book Store における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003710.html

JVNDB-2011-003709 Allinta CMS における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003709.html

JVNDB-2011-003708 DMXReady Polling Booth Manager における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003708.html

JVNDB-2011-003707 Micronetsoft Rental Property Management Website の detail.asp における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003707.html

JVNDB-2011-003706 Micronetsoft RV Dealer Website の detail.asp における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003706.html

JVNDB-2011-003705 Joomla! 用 iJoomla Magazine コンポーネントにおける任意の PHP コードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003705.html

JVNDB-2011-003704 A-Blog の sources/search.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003704.html

JVNDB-2011-003703 ColdGen ColdUserGroup の index.cfm における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003703.html

JVNDB-2011-003702 ColdGen ColdBookmarks の index.cfm における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003702.html

JVNDB-2011-003701 PHP Classifieds の tools/phpmailer/class.phpmailer.php における任意の PHP コードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003701.html

JVNDB-2011-003700 ColdGen ColdUserGroup の search 機能におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003700.html

JVNDB-2011-003699 UCenter Home の shop.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003699.html

JVNDB-2011-003698 PHP Classifieds Ads の classi/detail.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003698.html

JVNDB-2011-003697 ColdGen ColdCalendar の index.cfm におけるSQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003697.html

JVNDB-2011-003696 PaysiteReviewCMS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003696.html

JVNDB-2011-003695 Virtue Shopping Mall の detail.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003695.html

JVNDB-2012-001504 Adobe Flash Player におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001504.html

JVNDB-2012-001503 Adobe Flash Player におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001503.html

JVNDB-2012-001502 Adobe Flash Player におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001502.html

JVNDB-2012-001501 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001501.html

JVNDB-2012-001500 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001500.html

JVNDB-2012-001499 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001499.html

JVNDB-2012-001587 Powie pFile の pfile/kommentar.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001587.html

JVNDB-2011-003172 Apache HTTP Server の mod_proxy モジュールにおけるイントラネットサーバにリクエストを送信される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003172.html

JVNDB-2011-003171 Apache HTTP Server の mod_proxy モジュールにおけるイントラネットサーバにリクエストを送信される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003171.html

JVNDB-2011-002785 Apache HTTP Server における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002785.html

JVNDB-2012-001258 Apache HTTP Server の protocol.c における HTTPOnly cookies の値を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001258.html

JVNDB-2012-001160 GNU Emacs その他の製品で使用される CEDET の EDE における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001160.html

JVNDB-2012-001075 Apache HTTP Server におけるサービス運用妨害 (シャットダウン中のデーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001075.html

JVNDB-2012-001586 Zimbra Web Client の zimbra/h/calendar におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001586.html

JVNDB-2012-001585 Semantic Enterprise Wiki の smwfOnSfSetTargetName 関数におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001585.html

JVNDB-2012-001584 Powie pFile の pfile/file.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001584.html

JVNDB-2012-001583 Fork CMS の backend/core/engine/base.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001583.html

JVNDB-2012-001582 Fork CMS の backend/core/engine/base.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001582.html

JVNDB-2012-001581 Fork CMS の frontend/core/engine/javascript.php におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001581.html

JVNDB-2012-001580 Hancom Office 2010 SE における整数オーバフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001580.html

JVNDB-2012-001579 WordPress 用 Relocate Upload プラグインにおける PHP リモートファイルインクルージョンの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001579.html

JVNDB-2012-001578 LEPTON におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001578.html

JVNDB-2012-001577 LEPTON の modules/news/rss.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001577.html

JVNDB-2012-001576 LEPTON の account/preferences.php におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001576.html

JVNDB-2012-001575 11in1 の admin/index.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001575.html

JVNDB-2012-001574 11in1 におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001574.html

JVNDB-2011-003694 CONTIMEX Impulsio CMS における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003694.html

JVNDB-2011-003693 Boonex Dolphin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003693.html

JVNDB-2012-001573 VP8 Codec SDK (libvpx) におけるサービス運用妨害 (アプリケーションクラッシュ)の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001573.html

JVNDB-2012-001572 SAP NetWeaver における MessagingSystem Performance Data についての重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001572.html

JVNDB-2012-001571 SAP NetWeaver における Adapter Monitor についての重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001571.html

JVNDB-2012-001570 SAP NetWeaver の b2b/auction/container.jsp におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001570.html

JVNDB-2012-001569 SAP NetWeaver におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001569.html

OpenSSL S/MIME Parsing Null Pointer Dereference Lets Remote Users Deny Service
http://www.securitytracker.com/id/1026746

Linux Kernel CIFS File Error Lets Local Users Deny Service
http://www.securitytracker.com/id/1026745

Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012

ABB Products Robot Communications Runtime 'RobNetScanHost.exe' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52123

Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011

Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194

Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018

Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017

Oracle Java SE CVE-2012-0507 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52161

Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014

Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013

IcedTea-Web Plugin CVE-2011-3377 Same Origin Policy Bypass Vulnerability
http://www.securityfocus.com/bid/50610

Oracle Java SE CVE-2012-0497 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52009

libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52049

ioQuake3 Engine Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/48915

WebCalendar 'location' Variable Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51600

Oracle Virtual Desktop Infrastructure (VDI) CVE-2011-3571 Remote Vulnerability
http://www.securityfocus.com/bid/51467

Microsoft Internet Explorer Select Element CVE-2011-1999 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/49964

SystemTap DWARF Expression Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52121

Samba 'AndX' Request CVE-2012-0870 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52103

Csound 'getnum()' Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/52144

Ruby Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51198

PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52188

libvirt Threads Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47148

libvirt Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/46820

libvirt 'VirDomainGetVcpus()' Function Remote Integer Overflow Heap Corruption Vulnerability
http://www.securityfocus.com/bid/48478

libvirt Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/48321

Ruby 'FileUtils.remove_entry_secure()' Method Race Condition Vulnerability
http://www.securityfocus.com/bid/46460

Ruby WEBrick UTF-7 Encoding Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40895

Ruby "#to_s" Security Bypass Vulnerability
http://www.securityfocus.com/bid/46458

Ruby Random Number Generation Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/49015

Ruby 'BigDecimal' Class Integer Truncation Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46966

libxml2 Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52107

Kadu SMS and User Status Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52199

Debian 'x11-common' Init Script Insecure Temporary Directory Creation Vulnerability
http://www.securityfocus.com/bid/52198

Linux Kernel CVE-2012-1090 CIFS 'umount' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52197

NetDecision Traffic Grapher Server Source Code Disclosure Vulnerability
http://www.securityfocus.com/bid/52196

ImgPals Photo Host Remote Input Validation Vulnerability
http://www.securityfocus.com/bid/52195

NetDecision HTTP Server Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52194

WonderDesk SQL Cross Site Scripting and Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52193

phpFox 'val[description]' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/52192

28日 火曜日、友引

InterScan WebManager 7.0 Service Pack 1(Build0733)公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1741

InterScan VirusWall スタンダードエディション 7.0 Windows版 Patch3 ビルド1354 ならびに 6.02 Linux版 Patch4 ビルド7815 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1743

QOTD from securityburnout.org
http://isc.sans.edu/diary.html?storyid=12673

PostgreSQL Multiple Vulnerabilities
http://secunia.com/advisories/48107/

CentOS alert CESA-2012:0332 (samba)
http://lwn.net/Alerts/483719/

+ Linux kernel 3.2.8 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.8

+ PostgreSQL 9.1.3, 9.0.7, 8.4.11, 8.3.18 released
http://www.postgresql.org/docs/9.1/static/release-9-1-3.html
http://www.postgresql.org/docs/9.0/static/release-9-0-7.html
http://www.postgresql.org/docs/8.4/static/release-8-4-11.html
http://www.postgresql.org/docs/8.3/static/release-8-3-18.html

+ CVE-2012-0866: Permissions on a function called by a trigger are not checked.
http://www.postgresql.org/about/news/1377/

+ CVE-2012-0867: SSL certificate name checks are truncated to 32 characters, allowing connection spoofing
http://www.postgresql.org/about/news/1377/

+ CVE-2012-0868: Line breaks in object names can be exploited to execute code when loading a pg_dump file.
http://www.postgresql.org/about/news/1377/

+ Sudo 1.8.4p2 released
http://www.sudo.ws/sudo/stable.html#1.8.4p2

+ Linux Kernel CVE-2012-0810 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52182

+ Linux Kernel 'iproute' Package Multiple Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/52185

+ OpenSSL ASN.1 S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52181

[ANNOUNCE] pgAdmin III v1.14.2 released
http://www.pgadmin.org/development/changelog.php

[ANNOUNCE] Security Update  released
http://www.postgresql.org/download/

MySQL Connector/Net 6.5.3 has been released
http://dev.mysql.com/downloads/connector/net/#downloads

[SECURITY] [DSA 2419-1] puppet security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00170.html

Recon 2012 - Call For Papers - June 14-16, 2012 - Montreal, Quebec
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00168.html

[SECURITY] [DSA 2418-1] postgresql-8.4 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00167.html

Wolf CMS v0.7.5 - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00164.html

OSQA CMS v3b - Multiple Persistent Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00163.html

Socusoft Photo 2 Video v8.05 - Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00162.html

[ MDVSA-2012:023 ] libvpx
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00161.html

Case YVS Image Gallery
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00160.html

FrameJammer DOM based XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00159.html

DeepSec "Sector v6" - Call for Papers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00158.html

pidgin OTR information leakage
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00157.html

[SECURITY] [DSA 2414-2] fex regression
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00156.html

NGS00237 Patch Notification: Samba Andx request Remote Code Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00155.html

Syhunt: Google V8 - Server-Side JS Injection in vulnerable web apps
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00153.html

Kongreg8 1.7.3 Mutiple XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00154.html

TWSL2012-003: Cross-Site Scripting Vulnerability in Movable Type Publishing Platform
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00152.html

スマホユーザーを狙う新たな罠、「友達リクエスト」でウイルス感染
「リンクをクリックする際にはPC同様に注意深く」、英ソフォスが報告
http://itpro.nikkeibp.co.jp/article/NEWS/20120228/383362/?ST=security

JVN#20083397 Movable Type におけるセッションハイジャックが可能な脆弱性
http://jvn.jp/jp/JVN20083397/index.html

PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated Privileges, Inject SQL Commands, and Spoof Certificates
http://www.securitytracker.com/id/1026744

Dropbear SSH Server Use-After-Free Lets Remote Authenticated Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026743

Mozilla Firefox Firefox 4.0.1 Array.reduceRight() Exploit
http://www.exploit-db.com/exploits/18531

Cookpad for Android / Cookpad Noseru for Android Security Bypass Security Issue
http://secunia.com/advisories/48065/

MyJobList "eid" SQL Injection Vulnerability
http://secunia.com/advisories/48169/

idev-BusinessDirectory "SEARCH" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48173/

Contao Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/48180/

WordPress Video Embed & Thumbnail Generator Plugin Code Execution Vulnerabilities
http://secunia.com/advisories/48087/

Ubuntu update for samba
http://secunia.com/advisories/48186/

Dropbear SSH Server Use-After-Free Vulnerability
http://secunia.com/advisories/48147/

phpFox "val[description]" Script Insertion Vulnerability
http://secunia.com/advisories/48171/

IBM AIX ICMP Packet Handling Denial of Service Vulnerability
http://secunia.com/advisories/48149/

SUSE update for MozillaFirefox
http://secunia.com/advisories/48160/

SUSE update for mozilla-xulrunner192
http://secunia.com/advisories/48179/

Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194

Oracle Virtual Desktop Infrastructure (VDI) CVE-2011-3571 Remote Vulnerability
http://www.securityfocus.com/bid/51467

Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018

Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014

Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013

Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017

Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011

Oracle Java SE CVE-2012-0497 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52009

Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012

Linux Kernel CVE-2012-0810 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52182

Impulsio CMS 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52063

Dolibarr Multiple Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/52113

SAP NetWeaver Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/52101

Puppet Multiple Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/52158

Adobe Flash Player CVE-2012-0752 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52032

Adobe Flash Player CVE-2012-0754 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52034

Adobe Flash Player CVE-2012-0753 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52033

Adobe Flash Player CVE-2012-0756 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/52036

Adobe Flash Player CVE-2012-0755 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/52035

Adobe Flash Player CVE-2012-0767 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52040

VP8 Codec SDK libvpx Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51775

Asterisk SRTP Video Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51581

SystemTap DWARF Expression Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52121

FreeBSD 'telnetd' Daemon Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51182

PowerDNS Authoritative Server Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51355

Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51176

Linux Kernel 'journal_get_superblock()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50663

Linux Kernel 'net/ipv4/igmp.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51343

MaraDNS Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51225

Linux Kernel CVE-2011-4110 NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/50755

Linux Kernel DRM 'drivers/gpu/drm/crm_crtc.c' IOCTL Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51371

Linux Kernel XFS Filesystem 'fs/xfs/xfs_acl.c' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/51380

Linux Kernel '/mm/oom_kill.c' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50459

Linux Kernel NFS Client 'decode_getacl()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50655

Linux Kernel 'perf_count_sw_cpu_clock' Event Denial of Service Vulnerability
http://www.securityfocus.com/bid/49152

Linux Kernel 'xfs_readlink()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50370

CVS CVE-2012-0804 'proxy_connect()' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51943

Mozilla Firefox/Thunderbird/SeaMonkey 'Array.reduceRight()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/48372

HP OpenView Storage Data Protector Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/46234

Cookpad and Cookpad Noseru for Android 'WebView' Class Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52189

Wolf CMS SQL Injection and Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52187

Socusoft Photo to Video Converter 'pdmlog.dll' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52186

Linux Kernel 'iproute' Package Multiple Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/52185

OSQA's CMS Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52184

Bontq 'user/' URI Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52183

OpenSSL ASN.1 S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52181

WordPress Video Embed & Thumbnail Generator Plugin Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/52180

python-httplib2 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52179

Open Handset Alliance Android Browser Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52177

Bitweaver 'rankings.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/52176

Dotclear 'swfupload.swf' Remote Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/52173

cPassMan 'user_language' Cookie Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/52165

27日 月曜日、先勝

Stable Channel Update for Chromebooks
http://googlechromereleases.blogspot.com/2012/02/stable-channel-update-for-chromebooks_24.html

InterScan VirusWall スタンダードエディション 7.0 Windows版 Patch3 ビルド1354 ならびに 6.02 Linux版 Patch4 ビルド7815 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1743

BOMからパトライト社の信号灯を点灯させる
http://www.say-tech.co.jp/support/bom-for-windows/bom-7/index.shtml

プレス発表
IPAと米国NIST、暗号モジュール試験及び認証制度の共同認証で合意
http://www.ipa.go.jp/about/press/20120227.html

Flashback Trojan in the Wild
http://isc.sans.edu/diary.html?date=2012-02-24

+ DBI 1.618 released
http://search.cpan.org/~timb/DBI-1.618/

+ MySQL 5.0.95 released
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-95.html

+ Sun Java Web Start Plugin Command Line Argument Injection (2012)
http://www.exploit-db.com/exploits/18520/
http://www.securityfocus.com/bid/52015/exploit

[ANNOUNCE] Release of Apache MyFaces Extensions CDI 1.0.4
http://s.apache.org/CODI_104

[ANNOUNCE] Apache OFBiz 09.04.02 released
http://ofbiz.apache.org/

PHP 5.4.0 RC8 released
http://www.php.net/archive/2012.php#id-1

「ウイルス対策は8割だがパッチ適用は4割」、国内企業のサーバー事情
IPAがセキュリティ対策状況を調査、1割以上がウイルス感染を経験
http://itpro.nikkeibp.co.jp/article/NEWS/20120227/383084/?ST=security

Dropbear SSH server use-after-free vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00151.html

PHP Gift Registry 1.5.5 SQL Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00150.html

[Onapsis Security Advisory 2012-08] Oracle JD Edwards Security Kernel Information Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00149.html

[Onapsis Security Advisory 2012-07] Oracle JD Edwards SawKernel SET_INI Configuration Modificati
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00148.html

[Onapsis Security Advisory 2012-06] Oracle JD Edwards JDENET Large Packets Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00147.html

[Onapsis Security Advisory 2012-05] Oracle JD Edwards JDENET Multiple Information Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00146.html

[Onapsis Security Advisory 2012-04] Oracle JD Edwards SawKernel GET_INI Information Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00145.html

[Onapsis Security Advisory 2012-03] Oracle JD Edwards SawKernel Arbitrary File Read
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00144.html

[Onapsis Security Advisory 2012-02] Oracle JD Edwards Security Kernel Remote Password Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00143.html

[Onapsis Security Advisory 2012-01] Oracle JD Edwards JDENET Arbitrary File Write
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00142.html

[security bulletin] HPSBMU02739 SSRT100280 rev.2 - HP Data Protector Storage Media Operations (S
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00141.html

[security bulletin] HPSBUX02737 SSRT100747 rev.2 - HP-UX Running OpenSSL, Remote Denial of S
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00140.html

[ MDVSA-2012:022 ] mozilla
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00139.html

[SECURITY] [DSA 2416-1] notmuch security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00138.html

CJWSoft ASPGuest GuestBook edit.asp - SQL Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00137.html

Security advisory for Bugzilla 4.2 and 4.0.5
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00135.html

Cisco Security Advisory: Cisco Small Business SRP 500 Series Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00136.html

YVS Image Gallery Sql injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00134.html

NGS00120 Patch Notification: BlackBerry PlayBook Samba Remote Code Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00133.html

[SECURITY] [DSA 2417-1] libxml2 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00132.html

TPTI-12-01 : Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerabil
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00131.html

ZDI-12-039 : Oracle Java Web Start java-vm-args Command Argument Injection Remote Co
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00130.html

ZDI-12-038 : Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00129.html

ZDI-12-037 : Oracle Java Web Start JNLP Double Quote Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00128.html

ZDI-12-036 : Microsoft Internet Explorer VML CDispScroller Remote Code Execution Vulnerabil
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00127.html

ZDI-12-035 : Microsoft Internet Explorer CDispNode t:MEDIA Remote Code Execution Vulnerabili
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00126.html

ZDI-12-034 : Microsoft Windows Media Player ASX Meta-File Parsing Remote Code Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00125.html

ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00124.html

ZDI-12-032 : Oracle Java Runtime Environment readMabCurveData Integer Overflow Remote Code E
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00123.html

Mobile Mp3 Search Engine HTTP Response Splitting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00122.html

JVNDB-2012-001565 UTC Fire & Security Master Clock の管理者パスワードがハードコードされている問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001565.html

JVNDB-2011-003692 Samba の smbd 内の process.c におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003692.html

JVNDB-2011-003691 IBM WebSphere Lombardi Edition におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003691.html

IBM AIX ICMP Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1026742

The Uploader "username" SQL Injection Vulnerability
http://secunia.com/advisories/48141/

Cisco Small Business SRP520 / SRP540 Series Multiple Vulnerabilities
http://secunia.com/advisories/48129/

ELBA "account group name" SQL Injection Vulnerability
http://secunia.com/advisories/48014/

Ubuntu update for openjdk-6
http://secunia.com/advisories/48144/

TYPO 3 TC BE User Admin Extension Script Insertion Vulnerability
http://secunia.com/advisories/48122/

phpDenora Multiple File Disclosure and SQL Injection Vulnerabilities
http://secunia.com/advisories/48145/

Red Hat update for kernel-rt
http://secunia.com/advisories/48155/

Ubuntu update for puppet
http://secunia.com/advisories/48161/

Puppet Group Privileges Security Issue and K5login Privilege Escalation Vulnerability
http://secunia.com/advisories/48166/

Debian update for notmuch
http://secunia.com/advisories/48156/

PHP Live! Multiple Unspecified Vulnerabilities
http://secunia.com/advisories/48146/

Notmuch Emacs MML Tag Information Disclosure Vulnerability
http://secunia.com/advisories/48139/

Red Hat update for samba
http://secunia.com/advisories/48154/

SUSE update for wireshark
http://secunia.com/advisories/48164/

Samba Any Batched Request Handling Buffer Overflow Vulnerability
http://secunia.com/advisories/48152/

REMOTE: HP Data Protector 6.1 EXEC_CMD Remote Code Execution
http://www.exploit-db.com/exploits/18521

REMOTE: Sun Java Web Start Plugin Command Line Argument Injection (2012)
http://www.exploit-db.com/exploits/18520

DoS/PoC: Tiny HTTP Server ＜=v1.1.9 Remote Crash PoC
http://www.exploit-db.com/exploits/18524

Changes in DBI 1.618 (svn r15170) 25rd February 2012
http://search.cpan.org/~timb/DBI/Changes#Changes_in_DBI_1.618_(svn_r15170)_25rd_February_2012

Bugzilla "xmlrpc.cgi" Cross-Site Request Forgery Vulnerability
http://www.vupen.com/english/ADV-2012-0111.php

BlackBerry PlayBook Tablet File Sharing Remote Code Execution
http://www.vupen.com/english/ADV-2012-0110.php

Samba smbd AndX Offsets Remote Code Execution Vulnerability
http://www.vupen.com/english/ADV-2012-0109.php

IBM AIX X-Server Render Extension Remote Code Execution Vulnerability
http://www.vupen.com/english/ADV-2012-0108.php

Movable Type Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52138

OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/51281

Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013

Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407

Oracle Java SE CVE-2012-0499 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52016

Oracle Java SE CVE-2011-3560 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50236

Oracle Java SE CVE-2011-3557 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50234

Oracle Java SE CVE-2011-3552 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50248

Oracle Java SE CVE-2011-3549 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50223

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49778

Oracle Java SE CVE-2011-3556 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50231

Oracle Java SE CVE-2011-3548 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50211

Oracle Java SE CVE-2011-3545 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50220

Oracle Java SE CVE-2011-3547 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50243

HP Diagnostics Server 'magentservice.exe' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51398

Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018

Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017

Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014

Oracle Java SE CVE-2012-0497 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52009

Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012

Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194

Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011

Puppet Multiple Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/52158

Todd Miller Sudo 'Sudo_Debug()' Path Resolution Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51719

IBM Lotus Symphony Image Object Integer Overflow Vulnerability
http://www.securityfocus.com/bid/51591

Mozilla Firefox/SeaMonkey/Thunderbird XSLT Stylesheets Denial of Service Vulnerability
http://www.securityfocus.com/bid/51754

Oracle Java SE CVE-2012-0498 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52019

Oracle Java SE CVE-2012-0500 Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52015

libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52049

X.Org X11 Local Privilege Escalation Vulnerability and Memory Leak Vulnerability
http://www.securityfocus.com/bid/50002

UTC Fire & Security GE-MC100-NTP/GPS-ZB Default Credentials Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/52083

Oracle MySQL Server CVE-2012-0490 Remote Security Vulnerability
http://www.securityfocus.com/bid/51524

Oracle MySQL Server CVE-2012-0484 Remote Security Vulnerability
http://www.securityfocus.com/bid/51515

Oracle MySQL Server CVE-2012-0114 Local Security Vulnerability
http://www.securityfocus.com/bid/51520

Oracle MySQL CVE-2012-0075 Remote MySQL Server Vulnerability
http://www.securityfocus.com/bid/51526

Oracle MySQL Server CVE-2012-0087 Remote Security Vulnerability
http://www.securityfocus.com/bid/51509

Oracle MySQL Server CVE-2012-0102 Remote Security Vulnerability
http://www.securityfocus.com/bid/51502

Oracle MySQL Server CVE-2012-0101 Remote Security Vulnerability
http://www.securityfocus.com/bid/51505

IBM WebSphere Lombardi Edition 'Coach' Script HTML Injection Vulnerability
http://www.securityfocus.com/bid/52104

Oracle JDEdwards CVE-2011-2325 Password Disclosure Security Vulnerability
http://www.securityfocus.com/bid/51486

Oracle JD Edwards EnterpriseOne Tools CVE-2011-2317 Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/51456

Oracle JDEdwards CVE-2011-2326 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51482

Orbit Downloader 'Download Failed' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/28541

Oracle JDEdwards EnterpriseOne Tools CVE-2011-2324 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51455

Trend Micro Control Manager 'CmdProcessor.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50965

Oracle JDEdwards CVE-2011-3514 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/51464

Oracle JDEdwards CVE-2011-3509 Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/51459

Oracle JDEdwards EnterpriseOne Tools CVE-2011-2321 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51478

Oracle JDEdwards EnterpriseOne Tools CVE-2011-3524 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51468

Multiple Virtualization Applications Intel VT-d chipsets Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/48515

Linux Kernel 'ext4_ext_insert_extent()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50322

Linux Kernel 'xfs_readlink()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50370

PHP Gift Registry 'users.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/52163

CJWSoft ASPGuest GuestBook 'edit.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/52162

Dropbear SSH Server Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52159

PHP Live! Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/52157

The Uploader 'username' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52156

Notmuch Emacs Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52155

24日 金曜日、仏滅

BIND 9.9.0rc4 released
https://deepthought.isc.org/article/AA-00625

サポートページ閲覧不可障害について（2012年 2月24日）
http://www.trendmicro.co.jp/support/news.asp?id=1742

米政府、オンラインの消費者プライバシー保護に向け権利章典を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20120224/382841/?ST=security

プレス発表
「2010年度 国内における情報セキュリティ事象被害状況調査」報告書を公開
～依然として低いセキュリティパッチ適用状況の改善を～
http://www.ipa.go.jp/about/press/20120224.html

JVNVU#523889 libpng に整数オーバーフローの脆弱性
http://jvn.jp/cert/JVNVU523889/index.html

Samba Bug in chain_reply()/construct_reply() Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026739

Movable Type Flaws Permit Remote Authenticated Command Injection and Remote Cross-Site Scripting and Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1026738

Oracle JDEdwards CVE-2011-3509 Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/51459

Oracle JDEdwards EnterpriseOne Tools CVE-2011-2321 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51478

Oracle JDEdwards EnterpriseOne Tools CVE-2011-3524 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51468

Multiple Virtualization Applications Intel VT-d chipsets Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/48515

Linux Kernel 'ext4_ext_insert_extent()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50322

Linux Kernel 'xfs_readlink()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50370

+ RHSA-2012:0332 Critical: samba security update
http://rhn.redhat.com/errata/RHSA-2012-0332.html

+ Dovecot 2.1.1 released
http://www.dovecot.org/list/dovecot-news/2012-February/000216.html

+ libpng 1.2.47 released
http://www.libpng.org/pub/png/libpng.html
http://www.libpng.org/pub/png/src/libpng-1.2.47-README.txt

++ Samba pre-3.4 Security Issue
http://www.samba.org/samba/latest_news.html#CVE-2012-0870

- Linux Kernel 'Clone()' Function 'CLONE_IO' Flag Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/52152

OpenSSL 1.0.1 beta 3 released
http://www.openssl.org/

Cisco Small Business SRP 500 Series Multiple Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120223-srp500

トレンドマイクロ オンラインストレージ SafeSync アップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1738

win32 download site down
http://curl.haxx.se/gknw.net/win32/

Debian : [DSA-2413-1] libarchive - Multiple Buffer Overflow Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37686

Debian : [DSA-2417-1] libxml2 - Denial-Of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37701

Mandriva : [MDVSA-2012:022] libpng - Integer Overflow Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37697

Mandriva : [MDVSA-2012:023] libxml2 - Denial-Of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37698

Red Hat : [RHSA-2012:0149-03] KVM - Denial-Of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37687

Red Hat : [RHSA-2012:0151-03] Conga - Multiple Cross-site Scripting Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37688

Red Hat : [RHSA-2012:0152-03] kexec-tools - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37689

Red Hat : [RHSA-2012:0301-03] ImageMagick - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37690

Red Hat : [RHSA-2012:0302-03] Cups - Buffer Overflow Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37691

Red Hat : [RHSA-2012:0303-03 xorg-x11-server - Information Disclosure Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37692

Red Hat : [RHSA-2012:0304-03] vixie-cron - Race Condition Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37693

Red Hat : [RHSA-2012:0305-03] boost - Multiple Denial-Of-Service Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37694

Red Hat : [RHSA-2012:0306-03] krb5 - Privilege Escalation Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37695

Red Hat : [RHSA-2012:0307-03] util-linux - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37696

Ubuntu Security Notice : [USN-1367-2] Firefox - Code Execution and Denial-Of-Service Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37681

Ubuntu Security Notice : [USN-1367-3] Thunderbird - Code Execution and Denial-Of-Service Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37682

Ubuntu Security Notice : [USN-1367-4] Xulrunner - Code Execution and Denial-Of-Service Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37683

Ubuntu Security Notice : [USN-1369-1] Thunderbird - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37684

Ubuntu Security Notice : [USN-1370-1] libvorbis - Denial-Of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37685

Debian : [DSA-2415-1] libmodplug - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37700

Debian : [DSA-2413-1] fex - Cross-site Scripting Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37699

Stefan Schurtz : [SSCHADV2012-003] WebsiteBaker - Cross-site Scripting Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37679

SEC Consult : ELBA5 - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37680

高まる「DDoS攻撃」の脅威、9割以上のプロバイダーが報告
1割は「1カ月に100回以上」、“洗練”された攻撃ツールが一因
http://itpro.nikkeibp.co.jp/article/NEWS/20120223/382823/?ST=security

GoogleやAppleなど6社、モバイルユーザーのプライバシー保護でカリフォルニア州と合意
http://itpro.nikkeibp.co.jp/article/NEWS/20120223/382680/?ST=security

JVNDB-2012-001568 Symantec pcAnywhere 製品におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001568.html

JVNDB-2011-003690 7-Technologies TERMIS における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003690.html

JVNDB-2011-003689 7-Technologies AQUIS および TERMIS における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003689.html

JVNDB-2012-001567 CubeCart におけるオープンリダイレクトの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001567.html

JVNDB-2012-001566 (JVNVU273502) EasyVista に認証回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001566.html

JVNDB-2012-001565 (JVNVU#707254) UTC Fire & Security Master Clock の管理者パスワードがハードコードされている問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001565.html

JVNDB-2012-000018 (JVN#20083397) Movable Type におけるセッションハイジャックが可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000018.html

JVNDB-2012-000017 (JVN#92683325) Movable Type における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000017.html

JVNDB-2012-000016 (JVN#49836527) Movable Type におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000016.html

JVNDB-2012-000015 (JVN#70683217) Movable Type におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000015.html

JVNDB-2012-001564 Advantech/BroadWin WebAccess におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001564.html

JVNDB-2012-001563 Advantech/BroadWin WebAccess における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001563.html

JVNDB-2012-001562 Advantech/BroadWin WebAccess における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001562.html

JVNDB-2012-001561 Advantech/BroadWin WebAccess の ActiveX コントロールにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001561.html

JVNDB-2012-001560 Advantech/BroadWin WebAccess におけるフォーマットストリングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001560.html

JVNDB-2012-001559 Advantech/BroadWin WebAccess におけるサービス運用妨害 (メモリ破損) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001559.html

JVNDB-2012-001558 Advantech/BroadWin WebAccess の GbScriptAddUp.asp における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001558.html

JVNDB-2012-001557 Advantech/BroadWin WebAccess の uaddUpAdmin.asp における管理者パスワードを変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001557.html

JVNDB-2012-001556 Advantech/BroadWin WebAccess の opcImg.asp におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001556.html

JVNDB-2012-001555 Advantech/BroadWin WebAccess における日付と時刻の同期設定を変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001555.html

JVNDB-2012-001554 Advantech/BroadWin WebAccess における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001554.html

JVNDB-2012-001553 Advantech/BroadWin WebAccess におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001553.html

JVNDB-2012-001552 Advantech/BroadWin WebAccess における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001552.html

JVNDB-2012-001551 Advantech/BroadWin WebAccess におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001551.html

JVNDB-2012-001550 Advantech/BroadWin WebAccess の ActiveX コントロールにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001550.html

JVNDB-2012-001549 Advantech/BroadWin WebAccess における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001549.html

JVNDB-2012-001548 Advantech/BroadWin WebAccess におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001548.html

JVNDB-2012-001547 Advantech/BroadWin WebAccess の bwview.asp におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001547.html

JVNDB-2012-001546 Advantech/BroadWin WebAccess の bwview.asp におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001546.html

JVNDB-2012-001545 Advantech/BroadWin WebAccess における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001545.html

JVNDB-2012-001544 複数の Advantech OPC Server 製品の OPC Server ActiveX コントロールにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001544.html

JVNDB-2011-003176 Adobe Flex SDK におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003176.html

JVNDB-2011-001639 Adobe RoboHelp および RoboHelp Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001639.html

JVNDB-2012-001543 Windows 上で稼働する Novell iPrint Client におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001543.html

JVNDB-2012-001542 Windows 上で稼働する Novell iPrint Client におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001542.html

JVNDB-2012-001541 Windows 上で稼働する Novell iPrint Client における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001541.html

Bugzilla Input Validation Flaw in XML-RPC API Permits Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1026737

Cisco Small Business SRP500 Series Bugs Let Remote Users Upload Files and Remote Authenticated Users Inject Commands
http://www.securitytracker.com/id/1026736

DNS-Changer "clean DNS" extension requested
http://isc.sans.edu/diary.html?storyid=12652

VU#523889 libpng chunk decompression integer overflow vulnerability
http://www.kb.cert.org/vuls/id/523889

Csound Two Buffer Overflow Vulnerabilities
http://secunia.com/advisories/47585/

Elefant CMS Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/48118/

TYPO3 JW Player Extension Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/48143/

TYPO3 Apache Solr Extension Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48052/

YVS Image Gallery "album_id" SQL Injection Vulnerability
http://secunia.com/advisories/48023/

ABB Multiple Products RobNetScanHost.exe Buffer Overflow Vulnerability
http://secunia.com/advisories/48090/

WordPress Magn Drag and Drop Upload Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/48096/

Movable Type Multiple Vulnerabilities
http://secunia.com/advisories/48127/

Joomla! DT Register Component "list1" SQL Injection Vulnerability
http://secunia.com/advisories/48064/

OneForum "id" SQL Injection Vulnerability
http://secunia.com/advisories/48123/

UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock Default Account Security Issue
http://secunia.com/advisories/48037/

Drupal FAQ Module Script Insertion Vulnerability
http://secunia.com/advisories/48131/

Bugzilla Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/48133/

OpenVZ update for kernel
http://secunia.com/advisories/48140/

Debian update for libxml2
http://secunia.com/advisories/48130/

Gentoo update for pdns
http://secunia.com/advisories/48134/

Gentoo update for maradns
http://secunia.com/advisories/48135/

Gentoo update for heimdal
http://secunia.com/advisories/48136/

Gentoo update for asterisk
http://secunia.com/advisories/48137/

Ubuntu update for cvs
http://secunia.com/advisories/48142/

REMOTE: TrendMicro Control Manger ＜= v5.5 CmdProcessor.exe Stack Buffer Overflow
http://www.exploit-db.com/exploits/18514

LOCAL: Orbit Downloader URL Unicode Conversion Overflow
http://www.exploit-db.com/exploits/18515

Samba 'AndX' Request CVE-2012-0870 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52103

libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52049

Linux Kernel NFS Implementation CVE-2011-4325 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51366

Red Hat Enterprise Linux NFSv4 Mount Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50798

Linux Kernel 'taskstats' Access Restriction Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/50314

Linux Kernel 'journal_get_superblock()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50663

Linux Kernel CIFS Mount Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/49626

Linux Kernel 'hfs_find_init()' Function NULL Pointer Deference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/48236

Linux Kernel CVE-2011-4110 NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/50755

Linux Kernel 'journal_unmap_buffer()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51945

Linux Kernel 'tpm_read()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50764

Linux Kernel '/proc//' Permissions Handling Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/46567

Linux Kernel 'm_stop()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51361

Linux Kernel 'exec()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51947

Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51176

Linux Kernel 'hfs_mac2asc()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50750

Linux Kernel 'net/ipv4/igmp.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51343

Mozilla Firefox/Thunderbird/Seamonkey Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/51756

EasyVista Single Sign-on Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/52102

libxml2 Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52107

Linux Kernel 'Clone()' Function 'CLONE_IO' Flag Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/52152

phpDenora 'ed' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52151

TYPO3 PDF Controller Unspecified Remote Code Execution and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/52150

TYPO3 Share Your Car Extension Unspecified Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/52149

TYPO3 Predigtsammlung Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/52148

TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52146

TYPO3 TC BE User Admin Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52145

Csound 'getnum()' Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/52144

Elefant CMS 'preview.php' Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52143

TYPO3 Crop and Square Thumbnails Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/52142

Cisco Small Business SRP500 Series Web Interface CVE-2012-0363 Command Injection Vulnerability
http://www.securityfocus.com/bid/52141

Cisco Small Business SRP500 Series Appliances Directory Traversal Vulnerability
http://www.securityfocus.com/bid/52140

Cisco Small Business SRP500 Series Appliances Unauthorized Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/52139

Movable Type Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52138

YVS Image Gallery 'album_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52137

Mobile Mp3 Search Script 'dl.php' HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/52136

Bugzilla CVE-2012-0453 Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/52135

Multiple D-Link DCS Products 'security.cgi' Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/52134

Joomla! Dtregister Component 'list1' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52132

OneForum 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52131

WordPress Magn WP Drag and Drop Upload Plugin Arbitrary Shell Upload Vulnerability
http://www.securityfocus.com/bid/52130

D-Link DSL-2640B MAC Address Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/52129

snom VoIP Phone Firmware Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/52128

23日 木曜日、先負

UPDATE: Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120215-nxos

UPDATE: Cisco IOS Software Smart Install Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-smart-install

UPDATE: Cisco 10000 Series Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-c10k

UPDATE: Cisco IOS Software Network Address Translation Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-nat

JVN#20083397 Movable Type におけるセッションハイジャックが可能な脆弱性
http://jvn.jp/jp/JVN20083397/index.html

JVN#92683325 Movable Type における OS コマンドインジェクションの脆弱性
http://jvn.jp/jp/JVN92683325/index.html

JVN#49836527 Movable Type におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN49836527/index.html

JVN#70683217 Movable Type におけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN70683217/index.html

+ Samba 'AndX' Request CVE-2012-0870 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52103

CentOS alert CESA-2012:0321 (cvs)
http://lwn.net/Alerts/483052/

CentOS alert CESA-2012:0324 (libxml2)
http://lwn.net/Alerts/483053/

CentOS alert CESA-2012:0317 (libpng)
http://lwn.net/Alerts/483054/
http://lwn.net/Alerts/482793
http://lwn.net/Alerts/482794
http://lwn.net/Alerts/482795

[ANNOUNCE] Commons NET 3.1 released
http://www.apache.org/dist/commons/net/RELEASE-NOTES.txt

OpenJPA 2.2.0 Released
http://openjpa.apache.org/

[ANNOUNCE] Npgsql 2.0.12 beta 3 (2.0.11.93) released!
http://www.npgsql.org/

[ANNOUNCEMENT] HttpComponents HttpAsyncClient 4.0-beta1 Released (corrected)
http://www.apache.org/dist/httpcomponents/httpasyncclient/RELEASE_NOTES.txt

UPDATE: HPSBMU02739 SSRT100280 rev.2 - HP Data Protector Storage Media Operations (SMO), Remote Execution of Arbitrary Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/action.process/public/kb/docDisplay/?javax.portlet.action=true&spf_p.tpst=kbDocDisplay&javax.portlet.begCacheTok=com.vignette.cachetoken&spf_p.prp_kbDocDisplay=wsrp-interactionState%3DdocId%253Demr_na-c03179046%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.endCacheTok=com.vignette.cachetoken

UPDATE: HPSBUX02737 SSRT100747 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/action.process/public/kb/docDisplay/?javax.portlet.action=true&spf_p.tpst=kbDocDisplay&javax.portlet.begCacheTok=com.vignette.cachetoken&spf_p.prp_kbDocDisplay=wsrp-interactionState%3DdocId%253Demr_na-c03169289%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.endCacheTok=com.vignette.cachetoken

シマンテック、統合セキュリティソフト「ノートン 360」の新版を発表
ウイルス対策やバックアップなどを装備、新版では管理機能などを充実
http://itpro.nikkeibp.co.jp/article/NEWS/20120223/382663/?ST=security

JVNTA12-045A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA12-045A/index.html

JVNVU#273502 EasyVista に認証回避の脆弱性
http://jvn.jp/cert/JVNVU273502/index.html

JVN#25731073 複数のクックパッド製 Android アプリケーションにおける WebView クラスに関する脆弱性
http://jvn.jp/jp/JVN25731073/index.html

JVNDB-2012-001540 pluck の admin.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001540.html

JVNDB-2012-001539 GAzie の modules/config/admin_utente.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001539.html

JVNDB-2012-001538 freelancerKit におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001538.html

JVNDB-2012-001537 freelancerKit における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001537.html

JVNDB-2012-001536 Zenphoto におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001536.html

JVNDB-2012-001535 Zenphoto の Manage Albums 機能における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001535.html

JVNDB-2012-001534 Zenphoto の viewer_size_image.php における任意の PHP コードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001534.html

JVNDB-2012-001533 IBM solidDB のサーバにおけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001533.html

JVNDB-2011-003688 IBM solidDB のサーバにおけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003688.html

JVNDB-2012-001532 STHS v2 Web Portal におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001532.html

JVNDB-2012-001531 PBBoard の admin.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001531.html

JVNDB-2012-001530 Dolibarr CMS におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001530.html

JVNDB-2012-001529 Dolibarr CMS における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001529.html

JVNDB-2012-001528 ContentLion Alpha の system/classes/login.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001528.html

JVNDB-2012-001527 RabidHamster R2/Extreme における PIN number を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001527.html

JVNDB-2012-001526 RabidHamster R2/Extreme におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001526.html

JVNDB-2012-001525 RabidHamster R2/Extreme の telnet サーバにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001525.html

JVNDB-2012-000014 複数のクックパッド製 Android アプリケーションにおける WebView クラスに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000014.html

JVNDB-2012-001524 Firefox 用 Yoono エクステンションの Add friends モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001524.html

JVNDB-2012-001523 Yoono Desktop Application の Add friends モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001523.html

[ MDVSA-2012:023 ] libxml2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00121.html

Multiple XSS in Chyrp
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00120.html

[ MDVSA-2012:022 ] libpng
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00119.html

Multiple security vulnerabilities in Tremulous 1.1.0, GPP1, and unofficial MG and TJW engines
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00118.html

[SECURITY] [DSA 2415-1] libmodplug security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00117.html

[SECURITY] [DSA 2414-1] fex security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00116.html

How to test OS X Mountain Lion's Gatekeeper in Lion
http://isc.sans.edu/diary.html?storyid=12631

Apache 2.4 Features
http://isc.sans.edu/diary.html?storyid=12643

ISC Feature of the Week: Handler Diaries
http://isc.sans.edu/diary.html?storyid=12646

Blackberry PlayBook Samba File Sharing Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026723

Libxml2 Hash Table Collision Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1026723

Novell GroupWise Messenger Client Stack Overflow Lets Remote USers Execute Arbitrary Code
http://www.securitytracker.com/id/1026718

EasyVista SSO Authentication Bypass Vulnerability
http://secunia.com/advisories/48124/

Unity Web Player File Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/48103/

LimeSurvey "fieldnames" SQL Injection Vulnerability
http://secunia.com/advisories/48051/

SocialCMS Enterprise Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/48082/

Chyrp "content" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48097/

Chyrp "body" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48112/

TestLink Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/48054/

WordPress SB Uploader Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/48076/

Dolphin Privacy Settings Security Bypass Vulnerability
http://secunia.com/advisories/48046/

Fork CMS Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/48067/

BlackBerry Tablet OS Samba File Sharing Vulnerability
http://secunia.com/advisories/48116/

PowerDNS Recursor Deleted Domain Record Cache Persistence Vulnerability
http://secunia.com/advisories/48132/

Debian update for libmodplug
http://secunia.com/advisories/48058/

Pale Moon libpng Integer Overflow Vulnerability
http://secunia.com/advisories/48110/

Pale Moon Two Vulnerabilities
http://secunia.com/advisories/48110/

Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability
http://secunia.com/advisories/48125/

Red Hat update for ibutils
http://secunia.com/advisories/48038/

Red Hat update for libxml2
http://secunia.com/advisories/48060/

Red Hat update for httpd
http://secunia.com/advisories/48062/

Red Hat update for cvs
http://secunia.com/advisories/48063/

Debian update for fex
http://secunia.com/advisories/48066/

libxml2 Hash Collision Denial of Service Vulnerability
http://secunia.com/advisories/48000/

Gentoo update for quagga
http://secunia.com/advisories/48106/

Unity 3D Web Player ＜= 3.2.0.61061 Denial of Service
http://www.exploit-db.com/exploits/18512/

DAMN Hash Calculator v1.5.1 Local Heap Overflow PoC
http://www.exploit-db.com/exploits/18507/

Microsoft Internet Explorer CVE-2012-0155 VML Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51935

Microsoft Internet Explorer Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51933

Microsoft Windows ASX File Parsing Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51913

Pointdev IDEAL Migration & IDEAL Administration '.ipj' File Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39729

Advantech WebAccess Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52051

Mozilla Firefox/Thunderbird/SeaMonkey 'ReadPrototypeBindings()' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51975

libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52049

Mozilla Firefox IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51786

Mozilla Firefox/Thunderbird/SeaMonkey Ogg Vorbis Files Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51753

Mozilla Firefox/SeaMonkey/Thunderbird XSLT Stylesheets Denial of Service Vulnerability
http://www.securityfocus.com/bid/51754

Mozilla Firefox/Thunderbird/SeaMonkey nsDOMAttribute Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51755

Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
http://www.securityfocus.com/bid/50802

Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51706

Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
http://www.securityfocus.com/bid/51869

Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50494

libxml2 Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52107

Yoono Extension 'create' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/51970

CubeCart Multiple URI Redirection Vulnerabilities
http://www.securityfocus.com/bid/51966

Dolibarr 'adherents/fiche.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/51956

RabidHamster R4 File Disclosure and Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/51967

freelancerKit SQL Injection and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/51946

IBM solidDB 'SELECT' Statement Denial of Service Vulnerability
http://www.securityfocus.com/bid/51629

Zenphoto Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51916

WordPress Relocate Upload Plugin 'abspath' Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/49693

STHS v2 Web Portal 'team' parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/51991

Hancom Office Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/51892

SMW+ 'target' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/51980

Zimbra 'view' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51974

pfile Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/51982

Fork CMS Cross Site Scripting and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/51972

CVS CVE-2012-0804 'proxy_connect()' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51943

libmodplug Multiple Buffer Overflow and Off-By-One Vulnerabilities
http://www.securityfocus.com/bid/48979

libmodplug 'load_abc.cpp' Remote Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47624

Samba 'AndX' Request CVE-2012-0870 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52103

Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194

Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018

Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014

Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407

Oracle Virtual Desktop Infrastructure (VDI) CVE-2011-3571 Remote Vulnerability
http://www.securityfocus.com/bid/51467

Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013

Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012

Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017

Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011

Oracle Java SE CVE-2012-0497 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52009

Oxwall 'plugin' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52125

Apple iPhone Missed Call Notification Lock Screen Security Bypass Vulnerability
http://www.securityfocus.com/bid/52124

ABB WebWare Server 'RobNetScanHost.exe' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52123

SystemTap DWARF Expression Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52121

BRIM 'field' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52120

WebcamXP and Webcam7 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/52119

DAMN Hash Calculator Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52118

Chyrp 'error.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/52117

Unity Web Player Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52116

Chyrp 'ajax.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/52115

LimeSurvey 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/52114

Dolibarr Multiple Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/52113

ContentLion Alpha 'login.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52112

P-Chat 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52108

22日 水曜日、友引、猫の日

+ RHSA-2012:0310 Low: nfs-utils security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-0310.html

+ RHSA-2012:0303 Low: xorg-x11-server security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-0303.html

+ RHSA-2012:0307 Low: util-linux security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-0307.html

+ RHSA-2012:0313 Low: samba security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-0313.html

+ RHSA-2012:0323 Moderate: httpd security update
http://rhn.redhat.com/errata/RHSA-2012-0323.html

+ RHSA-2012:0309 Low: sudo security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-0309.html

+ RHSA-2012:0308 Low: busybox security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-0308.html

+ RHSA-2012:0322 Important: java-1.6.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2012-0322.html

+ RHSA-2012:0321 Moderate: cvs security update
http://rhn.redhat.com/errata/RHSA-2012-0321.html

+ RHSA-2012:0153 Low: sos security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-0153.html

+ RHSA-2012:0312 Low: initscripts security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-0312.html

+ RHSA-2012:0324 Moderate: libxml2 security update
http://rhn.redhat.com/errata/RHSA-2012-0324.html

+ RHSA-2012:0150 Moderate: Red Hat Enterprise Linux 5.8 kernel update
http://rhn.redhat.com/errata/RHSA-2012-0150.html

+ RHSA-2012:0305 Low: boost security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-0305.html

+ RHSA-2012:0306 Low: krb5 security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-0306.html

+ RHSA-2012:0152 Moderate: kexec-tools security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-0152.html

+ RHSA-2012:0302 Low: cups security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-0302.html

+ RHSA-2012:0304 Low: vixie-cron security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-0304.html

+ RHSA-2012:0301 Low: ImageMagick security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-0301.html

+ Tomcat 7.0.26 Released
http://tomcat.apache.org/
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

+ Sudo 1.8.4p1 released
http://www.sudo.ws/sudo/news.html
http://www.sudo.ws/sudo/stable.html#1.8.4p1

+ SA48092: Symantec pcAnywhere Denial of Service Vulnerability
http://secunia.com/advisories/48092/
http://www.exploit-db.com/exploits/18493

- Linux NFS Project 'nfs-utils' Package 'mount.nfs' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47532

- Linux Kernel CVE-2011-4347 Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/50811

JVNDB-2011-001638 Apache Portable Runtime ライブラリなどの製品で使用される apr_fnmatch.c および fnmatch.c におけるサービス運用妨害 (CPU とメモリ消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001638.html

JVNDB-2012-001522 Nova CMS における PHP リモートファイルインクルージョンの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001522.html

JVNDB-2012-001521 Basic Analysis and Security Engine における PHP リモートファイルインクルージョンの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001521.html

JVNDB-2012-001520 Basic Analysis and Security Engine の base_ag_main.php における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001520.html

JVNDB-2012-001519 ACDSee の IDE_ACDStd.apl モジュールにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001519.html

JVNDB-2012-001518 Lenovo ThinkManagement Console におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001518.html

JVNDB-2012-001517 Lenovo ThinkManagement Console の ServerSetup web サービスにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001517.html

JVNDB-2012-001516 BackupPC の RestoreFile.pm におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001516.html

JVNDB-2012-001515 BackupPC の View.pm におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001515.html

JVNDB-2011-003687 TYPO3 の workspaces system エクステンションにおける PHP リモートファイルインクルージョンの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003687.html

JVNDB-2012-001514 ejabberd の mod_pubsub モジュール (mod_pubsub.erl) におけるサービス運用妨害 (無限ループ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001514.html

JVNDB-2012-001513 BackupPC の CGI/Browse.pm におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001513.html

JVNDB-2012-001512 Drupal 用 Views モジュールにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001512.html

JVNDB-2012-001511 LightDM における任意のファイルの所有権を変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001511.html

JVNDB-2012-001510 (JVNVU#542123) Microsoft Windows Server 2008 における無効なドメイン名の継続的な名前解決を可能にされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001510.html

JVNDB-2012-001509 (JVNVU#542123) PowerDNS における無効なドメイン名の継続的な名前解決を可能にされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001509.html

JVNDB-2012-001508 (JVNVU#542123) Unbound における無効なドメイン名の継続的な名前解決を可能にされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001508.html

JVNDB-2012-001507 (JVNVU#542123) Daniel J. Bernstein djbdns における無効なドメイン名の継続的な名前解決を可能にされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001507.html

JVNDB-2012-001506 PowerDNS Authoritative Server の common_startup.cc におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001506.html

JVNDB-2012-001475 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001475.html

JVNDB-2012-001474 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001474.html

JVNDB-2011-003567 (JVNVU#903934) Oracle Glassfish におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003567.html

JVNDB-2012-001473 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001473.html

JVNDB-2012-001476 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001476.html

JVNDB-2012-001483 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001483.html

JVNDB-2012-001482 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001482.html

JVNDB-2012-001480 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001480.html

JVNDB-2012-001479 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001479.html

JVNDB-2012-001478 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001478.html

JVNDB-2012-001427 (JVNTA12-045A) Microsoft Windows のカーネルモードドライバにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001427.html

JVNDB-2012-001428 (JVNTA12-045A) Microsoft Windows の afd.sys における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001428.html

JVNDB-2012-001429 (JVNTA12-045A) Microsoft Windows Server 2003 の afd.sys における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001429.html

JVNDB-2012-001430 (JVNTA12-045A) Microsoft Internet Explorer 6 から 9 におけるコンテンツを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001430.html

JVNDB-2012-001431 (JVNTA12-045A) Microsoft Internet Explorer 7 から 9 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001431.html

JVNDB-2012-001432 (JVNTA12-045A) Microsoft Internet Explorer 9 におけるデータを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001432.html

JVNDB-2012-001433 (JVNTA12-045A) Microsoft Internet Explorer 9 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001433.html

JVNDB-2012-001434 (JVNTA12-045A) Microsoft SharePoint Foundation 2010 におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001434.html

JVNDB-2012-001435 (JVNTA12-045A) Microsoft Office SharePoint の themeweb.aspx におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001435.html

JVNDB-2012-001436 (JVNTA12-045A) Microsoft Office SharePoint の wizardlist.aspx におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001436.html

JVNDB-2012-001437 (JVNTA12-045A) Microsoft Windows の msvcrt.dll におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001437.html

JVNDB-2012-001438 (JVNTA12-045A) Microsoft Visio Viewer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001438.html

JVNDB-2012-001439 (JVNTA12-045A) Microsoft Visio Viewer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001439.html

JVNDB-2012-001440 (JVNTA12-045A) Microsoft Visio Viewer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001440.html

JVNDB-2012-001441 (JVNTA12-045A) Microsoft Visio Viewer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001441.html

JVNDB-2012-001442 (JVNTA12-045A) Microsoft Visio Viewer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001442.html

JVNDB-2012-001443 (JVNTA12-045A) Microsoft .NET Framework および Silverlight における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001443.html

JVNDB-2012-001444 (JVNTA12-045A) Microsoft .NET Framework における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001444.html

JVNDB-2011-001662 Pidgin の Yahoo! プロトコルプラグインにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001662.html

JVNDB-2012-001403 Cisco IronPort Encryption Appliance の管理インターフェースにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001403.html

JVNDB-2012-001505 複数の Cisco Nexus スイッチの Cisco NX-OS におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001505.html

JVNDB-2012-001504 Adobe Flash Player におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001504.html

JVNDB-2012-001503 Adobe Flash Player におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001503.html

JVNDB-2012-001502 Adobe Flash Player におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001502.html

JVNDB-2012-001501 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001501.html

JVNDB-2012-001500 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001500.html

JVNDB-2012-001499 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001499.html

JVNDB-2012-001498 Adobe Flash Player の ActiveX コントロールにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001498.html

JVNDB-2012-001497 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001497.html

JVNDB-2012-001496 Google Chrome で使用される libpng における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001496.html

JVNDB-2012-001495 Google Chrome におけるサービス運用妨害 (out-of-bounds read) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001495.html

JVNDB-2012-001494 Google Chrome におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001494.html

JVNDB-2012-001493 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001493.html

JVNDB-2012-001492 Google Chrome の translate/translate_manager.cc における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001492.html

JVNDB-2012-001491 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001491.html

JVNDB-2012-001490 Google Chrome の Native Client validator 実装における詳細不明な脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001490.html

JVNDB-2012-001489 Google Chrome におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001489.html

JVNDB-2012-001488 Google Chrome におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001488.html

JVNDB-2012-001487 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001487.html

JVNDB-2012-001486 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001486.html

JVNDB-2012-001485 Google Chrome の PDF コーデックにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001485.html

JVNDB-2012-001484 Oracle Java SE の JavaFX コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001484.html

JVNDB-2012-001481 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001481.html

JVNDB-2012-001477 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001477.html

Apache HTTP Server 2.4.1 がリリースされました
http://www.apache.jp/news/apache-http-server-2.4.1-released

Mercurycom MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00115.html

IPv6 NIDS evasion and IPv6 fragmentation/reassembly improvements
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00114.html

F*EX 20111129-2 Cross Site Scripting Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00110.html

F*EX ＜= 20100208 Cross Site Scripting Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00109.html

Vulnerabilitites in Debian F*EX ＜= 20100208 and F*EX 20111129-2.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00108.html

[SECURITY] [DSA 2413-1] libarchive security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00107.html

Androidの怪しい「ファンアプリ」に注意、個人情報を盗まれる
米トレンドマイクロが報告、Androidマーケットからは削除済み
http://itpro.nikkeibp.co.jp/article/NEWS/20120222/382421/?ST=security

「都合の悪い情報を省いている」Microsoftの非難にGoogleが反論
http://itpro.nikkeibp.co.jp/article/NEWS/20120221/382341/?ST=security

Symantec pcAnywhere Lets Remote Users Deny Service
http://www.securitytracker.com/id/1026717

VU#273502 EasyVista single sign-on authentication bypass vulnerability
http://www.kb.cert.org/vuls/id/273502

Red Hat update for initscripts
http://secunia.com/advisories/48045/

IBM WebSphere Lombardi Edition Coach Script Insertion Vulnerability
http://secunia.com/advisories/48055/

Website Baker "Referer" Header Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/48083/

Debian update for libarchive
http://secunia.com/advisories/48034/

Symantec pcAnywhere Denial of Service Vulnerability
http://secunia.com/advisories/48092/

CPG Dragonfly CMS "meta" and URL Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/47999/

Novell Messenger Client Contact File Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/48126/

Red Hat update for busybox
http://secunia.com/advisories/48117/

SAP NetWeaver Multiple Vulnerabilities
http://secunia.com/advisories/47861/

Jamroom "user_action" Script Insertion Vulnerability
http://secunia.com/advisories/48077/

Red Hat update for samba
http://secunia.com/advisories/48041/

Red Hat update for boost
http://secunia.com/advisories/48099/

Red Hat update for ImageMagick
http://secunia.com/advisories/48100/

SUSE update for horde3-dimp
http://secunia.com/advisories/48091/

Hitachi Command Suite Products Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48084/

Ubuntu update for libvorbis
http://secunia.com/advisories/48095/

Red Hat update for krb5
http://secunia.com/advisories/48101/

Red Hat update for xorg-x11-server
http://secunia.com/advisories/48105/

Red Hat update for vixie-cron
http://secunia.com/advisories/48104/

Red Hat update for nfs-utils
http://secunia.com/advisories/48113/

Red Hat update for util-linux
http://secunia.com/advisories/48114/

Red Hat update for kernel
http://secunia.com/advisories/48115/

SUSE update for horde3
http://secunia.com/advisories/48121/

IP.Board Admin Login Details Script Insertion Vulnerability
http://secunia.com/advisories/48094/

Red Hat update for libpng
http://secunia.com/advisories/48119/

Psycle Multiple Vulnerabilities
http://secunia.com/advisories/48071/

RETIRED: LightDM '.Xauthority' Arbitrary File Access Vulnerability
http://www.securityfocus.com/bid/50685

LightDM 'xsession_setup()' Symlink Attack Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50511

Nova CMS Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/51976

TYPO3 'BACK_PATH' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/51090

BackupPC 'index.cgi' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50406

BASE Security Bypass and Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/51979

Lenovo ThinkManagement Console Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/52023

Drupal Views Module SQL Injection Vulnerability
http://www.securityfocus.com/bid/50500

ACDSee BMP Image File Handling Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52047

7T TERMIS DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/52069

libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52049

Linux NFS Project 'nfs-utils' Package 'mount.nfs' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47532

NCompress Decompress Buffer Underflow Vulnerability
http://www.securityfocus.com/bid/19455

BusyBox 'udhcpc' Shell Characters in Response Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/48879

Red Hat Enterprise Linux Sos Private Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50936

Nagios 'expand' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/48087

Rocks'n'Diamonds Insecure Permissions Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/51019

F*EX Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52085

Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51706

Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51705

Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49957

Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50494

Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407

QEMU KVM CVE-2012-0029 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51642

OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/51281

Linux Kernel 'net/ipv4/igmp.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51343

Boost Library Regular Expression Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/27325

Plone Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/48005

Zope 'standard_error_message' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37765

ImageMagick 'configure.c' Configuration File Loading Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45044

MIT Kerberos krb5-appl FTP Daemon EGID Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/48571

cronie 'crontab' Symbolic Link Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38391

X.Org X11 File Enumeration Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50193

Linux Kernel CVE-2011-4347 Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/50811

GIMP GIF Image Parsing 'LZWReadByte()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49148

util-linux Package 'mount' and 'umount' Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/50941

Linux Kernel epoll Subsystem 'eventpoll.c' Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/46630

Samba Symlink Directory Traversal Vulnerability
http://www.securityfocus.com/bid/38111

Linux Kernel kexec-tools 'kdump/mkdumprd' Utility Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50420

Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50416

Linux Kernel CVE-2011-3589 kexec-tools 'mkdumprd' Utility Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50415

Todd Miller Sudo Group ID Change Security Vulnerability
http://www.securityfocus.com/bid/45774

Blade API Monitor '.txt' File Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51358

Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194

Dolphin Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52088

Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017

Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011

Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013

Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014

Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018

Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012

Oracle Virtual Desktop Infrastructure (VDI) CVE-2011-3571 Remote Vulnerability
http://www.securityfocus.com/bid/51467

Oracle Java SE CVE-2012-0497 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52009

Adobe Flash Player CVE-2012-0751 Remote ActiveX Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52037

Mercury MR804 Router Multiple HTTP Header Fields Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/52106

Linksys WAG54GS Wireless Router Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/52105

IBM WebSphere Lombardi Edition 'Coach' Script HTML Injection Vulnerability
http://www.securityfocus.com/bid/52104

BlackBerry PlayBook Tablet Samba File Sharing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52103

EasyVista Single Sign-on Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/52102

BlackBerry PlayBook Tablet Samba File Sharing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52103

EasyVista Single Sign-on Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/52102

SAP NetWeaver Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/52101

CPG Dragonfly CMS Multiple Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52100

Hitachi Command Suite Products Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52099

Xavi 7968 ADSL Router Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52098

Invision Power Board Unspecified HTML Injection Vulnerability
http://www.securityfocus.com/bid/52097

D-Link DSL-2640B 'redpass.cgi' Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/52096