30日 金曜日、大安

+ libpng 1.2.49, 1.5.10 released
http://www.libpng.org/pub/png/libpng.html
http://www.libpng.org/pub/png/src/libpng-1.2.49-README.txt
http://www.libpng.org/pub/png/src/libpng-1.5.10-README.txt

+ Revised png_set_text_2() to avoid potential memory corruption
http://www.libpng.org/pub/png/src/libpng-1.2.49-README.txt

[ANNOUNCE] Psycopg 2.4.5 released
http://initd.org/psycopg/articles/2012/03/29/psycopg-245-released/

Development release of BIND 10: bind10-devel-20120329
http://bind10.isc.org/

Google Chromebook 18.0.1025.140 released
http://googlechromereleases.blogspot.jp/2012/03/stable-channel-update-for-chromebooks_29.html

phpMyAdmin 3.4.10.2 is released
http://sourceforge.net/news/?group_id=23067&id=306976

phpMyAdmin at Percona MySQL Live Conference
http://sourceforge.net/news/?group_id=23067&id=306970

UPDATE: Oracle Security Alert for CVE-2011-5035
http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html

[waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00166.html

Cross-site scripting vulnerability in Invision Power Board version 3.2.3
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00165.html

[ MDVSA-2012:044 ] cvs
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00164.html

[ MDVSA-2012:043 ] nginx
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00163.html

NGS00158 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Arbitrary file downl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00162.html

NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00161.html

NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion toke
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00160.html

NGS00155 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Any logged-in us
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00159.html

NGS00154 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Session hijacking an
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00157.html

NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00158.html

[SECURITY] [DSA 2444-1] tryton-server security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00156.html

OWASP AppSec Research EU CFP/CFT
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00155.html

Cisco Unified Communications Manager Directory Traversal Vulnerability
http://www.securiteam.com/securitynews/5SP3G2K6NA.html

Cisco Unified Communications Manager Directory Traversal Vulnerability
http://www.securiteam.com/securitynews/5SP3G2K6NA.html

Cisco IOS Software NAT of Crafted SIP Over UDP Packets DoS Vulnerability
http://www.securiteam.com/securitynews/5RP3F2K6NA.html

Cisco IOS Software NAT of H.323 Packets DoS Vulnerability
http://www.securiteam.com/securitynews/5ZP3O2K6MY.html

Cisco IOS Software NAT of SIP Over TCP Vulnerability
http://www.securiteam.com/securitynews/5YP3N2K6MA.html

Cisco IOS Software Provider Edge Multiprotocol Label Switching (MPLS) NAT of SIP Over UDP Packets DoSVulnerability
http://www.securiteam.com/securitynews/5XP3M2K6MC.html

Cisco IOS Software Smart Install Remote Code Execution Vulnerability
http://www.securiteam.com/securitynews/5WP3L2K6ME.html

Cisco IP Video Phone E20 Default Root Account
http://www.securiteam.com/securitynews/5VP3K2K6MG.html

Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
http://www.securiteam.com/securitynews/5UP3J2K6MI.html

Cisco Video Surveillance IP Cameras Denial of Service Vulnerability
http://www.securiteam.com/securitynews/5TP3I2K6MK.html

Apple iOS libxslt Information Disclosure Vulnerability
http://www.securiteam.com/securitynews/5SP3H2K6MM.html

Microsoft Expression Design Insecure Library Loading Vulnerability
http://www.securiteam.com/windowsntfocus/5RP3G2K6MO.html

Bugzilla Content Sniffing Cross-Site Scripting (XSS) Vulnerability
http://www.securiteam.com/securitynews/5QP3F2K6MQ.html

Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5YP3O2K6LW.html

Microsoft Remote Desktop Protocol Service Denial of Service Vulnerability
http://www.securiteam.com/windowsntfocus/5XP3N2K6LA.html

Microsoft Visual Studio Add-In Local Privilege Escalation Vulnerability
http://www.securiteam.com/windowsntfocus/5WP3M2K6LE.html

Microsoft Windows DNS Server Remote Denial of Service Vulnerability
http://www.securiteam.com/windowsntfocus/5VP3L2K6LI.html

Microsoft Windows Kernel 'Win32k.sys' Local Privilege Escalation Vulnerability
http://www.securiteam.com/securitynews/5UP3K2K6LM.html

Oracle Communications Unified 'Calendar Server' Local Security Vulnerability
http://www.securiteam.com/securitynews/5TP3J2K6LQ.html

Oracle Communications Unified 'Calendar Server' Local Vulnerability
http://www.securiteam.com/securitynews/5SP3I2K6LU.html

Oracle Database Listener Remote Vulnerability
http://www.securiteam.com/securitynews/5RP3H2K6LY.html

Oracle Fusion Middleware Remote Oracle WebCenter Content Vulnerability
http://www.securiteam.com/securitynews/5QP3G2K6LC.html

Oracle GlassFish Enterprise Server 'Administration' Local Server Vulnerability
http://www.securiteam.com/securitynews/5PP3F2K6LG.html

Oracle JDEdwards EnterpriseOne Tools Information Disclosure Vulnerability
http://www.securiteam.com/securitynews/5XP3O2K6KU.html

Oracle JDEdwards EnterpriseOne Tools 'SEC (JDENET)' Information Disclosure Vulnerability
http://www.securiteam.com/securitynews/5WP3N2K6KA.html

Oracle Outside In 'Image Export SDK' Remote Code Execution Vulnerability
http://www.securiteam.com/securitynews/5VP3M2K6KG.html

Oracle PeopleSoft Enterprise HCM 9.1 'ePerformance' Remote Vulnerability
http://www.securiteam.com/securitynews/5UP3L2K6KM.html

Oracle Solaris 'ksh93 Shell' Local Solaris Vulnerability
http://www.securiteam.com/securitynews/5TP3K2K6KS.html

Oracle Sun Solaris Remote Security Vulnerability
http://www.securiteam.com/securitynews/5SP3J2K6KY.html

Oracle Transportation Management Denial Of Service Vulnerability
http://www.securiteam.com/securitynews/5RP3I2K6KE.html

Oracle Business Intelligence Enterprise Edition 'BI Platform Security' Sub Component Remote Vulnerability
http://www.securiteam.com/securitynews/5QP3H2K6KK.html

Oracle Core RDBMS SQL Injection Vulnerability
http://www.securiteam.com/securitynews/5PP3G2K6KQ.html

Cyberoam UTM Information Disclosure Security Issue and Command Injection Vulnerability
http://secunia.com/advisories/48507/

Drupal Activity Module Cross-Site Request Forgery and Script Insertion Vulnerabilities
http://secunia.com/advisories/48632/

IrfanView Multiple Buffer Overflow Vulnerabilities
http://secunia.com/advisories/47333/

eZ Publish ezjscore Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48564/

Debian update for tryton-server
http://secunia.com/advisories/48591/

Gentoo update for libzip
http://secunia.com/advisories/48599/

TYPO3 Multiple Vulnerabilities
http://secunia.com/advisories/48622/

Cisco IOS AAA WEB_EXEC Command Authorisation Security Bypass Vulnerability
http://secunia.com/advisories/48636/

Cisco IOS AAA WEB_EXEC Command Authorisation Security Bypass Vulnerability
http://secunia.com/advisories/48614/

TYPO3 Realty Manager Extension "unserialise()" Information Disclosure Vulnerability
http://secunia.com/advisories/48552/

Python trytond Module "Many2Many" Field Relation Model Security Bypass Vulnerability
http://secunia.com/advisories/48635/

Drupal Chaos tool suite Module Script Insertion Vulnerability
http://secunia.com/advisories/48616/

Seditio "newmsg" and "rtext" Script Insertion Vulnerability
http://secunia.com/advisories/48637/

Cisco IOS WAAS and MACE Denial of Service Vulnerabilities
http://secunia.com/advisories/48595/

Cisco IOS NAT SIP Processing Denial of Service Vulnerability
http://secunia.com/advisories/48515/

Red Hat update for flash-plugin
http://secunia.com/advisories/48640/

Camera Stream Client ActiveX Control "SetDirectory()" Buffer Overflow
http://secunia.com/advisories/48602/

Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability
http://secunia.com/advisories/48607/

Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability
http://secunia.com/advisories/48605/

Cisco IOS Zone-Based Firewall Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/48608/

TYPO3 additional_reports Extension Arbitrary File Download Vulnerability
http://secunia.com/advisories/48537/

Drupal Organic groups Module Security Bypass Security Issue
http://secunia.com/advisories/48620/

Drupal Fusion Theme Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48606/

Drupal Ubercart Views Module Default Views Security Bypass Vulnerability
http://secunia.com/advisories/48631/

Drupal Bundle copy Module "use PHP for settings" Security Bypass Vulnerability
http://secunia.com/advisories/48626/

Cisco IOS XE Reverse SSH Login Denial of Service Vulnerability
http://secunia.com/advisories/48641/

Cisco IOS Reverse SSH Login Denial of Service Vulnerability
http://secunia.com/advisories/48609/

Cisco IOS Smart Install Unspecified Denial of Service Vulnerability
http://secunia.com/advisories/48610/

Drupal Contact Save Module Unspecified Script Insertion Vulnerability
http://secunia.com/advisories/48619/

Drupal Share Buttons (AddToAny) Module Unspecified Script Insertion Vulnerability
http://secunia.com/advisories/48615/

Drupal ShareThis Module Script Insertion and Cross-Site Request Forgery Vulnerabilities
http://secunia.com/advisories/48598/

Drupal Node Limit Number Module Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/48597/

Drupal MultiBlock Module Block Title Script Insertion Vulnerability
http://secunia.com/advisories/48588/

Drupal Contact Forms Module Script Insertion Vulnerability
http://secunia.com/advisories/48583/

Cisco IOS Multicast Source Discovery Denial of Service Vulnerability
http://secunia.com/advisories/48633/

Cisco IOS RSVP Denial of Service Vulnerability
http://secunia.com/advisories/48621/

Cisco IOS Multicast Source Discovery Denial of Service Vulnerability
http://secunia.com/advisories/48630/

Cisco IOS RSVP Denial of Service Vulnerability
http://secunia.com/advisories/48611/

TRENDnet UltraMJCam ActiveX Control Buffer Overflow Vulnerability
http://secunia.com/advisories/48601/

SUSE update for MozillaFirefox
http://secunia.com/advisories/48624/

SUSE update for perl-DBD-Pg
http://secunia.com/advisories/48627/

SUSE update for expat
http://secunia.com/advisories/48628/

SUSE update for MozillaFirefox
http://secunia.com/advisories/48629/

Gitblit "jsessionid" Session Fixation Vulnerability
http://secunia.com/advisories/48592/

Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/48618/

Adobe Flash Player / AIR Two Vulnerabilities
http://secunia.com/advisories/48623/

Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194

Red Hat Linux Kernel CVE-2011-3347 VLAN Packets Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50312

libzip Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/52658

GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
http://www.securityfocus.com/bid/52201

Adobe Flash Player APSB12-07 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/52748

GnuTLS TLS Record Handling Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52667

GNU Libtasn1 ASN1 Length DER Decoding Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52668

GnuTLS 'gnutls_session_get_data()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50609

OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764

OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428

IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51426

Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407

Coppermine Photo Gallery 'keywords' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/52818

PTK Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/52817

Drupal Node Limit Number Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/52816

Drupal Ubercart Views Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52814

Drupal CDN2 Video Module Cross Site Request Forgery and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52812

Drupal Bundle Copy Module Arbitrary PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/52811

Skype UTF-8 Symbol Messages Denial of Service Vulnerability
http://www.securityfocus.com/bid/52810

PicoPublisher 'id' parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/52808

eZ Publish 'ezjscore' Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52807

IrfanView Bitmap File Remote Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52806

KnFTPd 'FEAT' Command Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52805

Python 'trytond' Module 'Many2Many' Field Security Bypass Vulnerability
http://www.securityfocus.com/bid/52804

Seditio 'forums.php' Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52802

Organic Groups Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/52799

Fusion Module Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52798

Barracuda Cloud Control Center Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52795

Chaos Tool Suite Module Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52794

Typo3 Event Board ('kb_eventboard') Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/52792

Drupal Contact Save Module Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52787

B2Evolution CMS SQL Injection and Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52783

EasyPHP 'main.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/52781

Drupal Share Buttons (AddToAny) Module Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52777

29日 木曜日、仏滅

Adobe Flash Player の脆弱性に関する注意喚起
http://www.jpcert.or.jp/at/2012/at120011.html

「トレンドマイクロ セキュリティアワード2012」の募集開始
http://itpro.nikkeibp.co.jp/article/NEWS/20120329/388222/?ST=security

欧州委、EU全体のサイバー犯罪対策の中核となるセンター設立を提案
http://itpro.nikkeibp.co.jp/article/NEWS/20120329/388207/?ST=security

HP Performance Manager Unspecified Bug Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026869

Cisco IOS Multicast Source Discovery Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1026868

Cisco IOS Smart Install Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1026867

Cisco IOS Reverse SSHv2 Login Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1026866

Cisco IOS RSVP VPN Routing and Forwarding Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1026865

Cisco IOS SIP NAT Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1026864

+ gawk 4.0.1 released
http://ftp.gnu.org/gnu/gawk/?C=M;O=D

+ HPSBUX02757 SSRT100779 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03254184%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Cisco IOS Software Reverse SSH Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-ssh

+ Cisco IOS Software Multicast Source Discovery Protocol Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-msdp

+ Cisco IOS Software Network Address Translation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-nat

+ Cisco IOS Internet Key Exchange Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-ike

+ Cisco IOS Software Smart Install Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-smartinstall

+ Cisco IOS Software Command Authorization Bypass
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-pai

+ Cisco IOS Software Zone-Based Firewall Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-zbfw

-+ Cisco IOS Software RSVP Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-rsvp

-+ Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-mace

++ OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764

Google Chrome 18.0.1025.142 released
http://googlechromereleases.blogspot.jp/search/label/Stable%20updates

Opera 11.62 released
http://www.opera.com/docs/changelogs/windows/1162/

nginx-1.1.18 development version released
http://nginx.org/en/CHANGES

APSB12-07: Security update available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb12-07.html

CentOS alert CESA-2012:0426 (openssl)
http://lwn.net/Alerts/489043/

CentOS alert CESA-2012:0426 (openssl)
http://lwn.net/Alerts/489045/

CentOS alert CESA-2012:0428 (gnutls)
http://lwn.net/Alerts/489046/

CentOS alert CESA-2012:0429 (gnutls)
http://lwn.net/Alerts/489047/

CentOS alert CESA-2012:0427 (libtasn1)
http://lwn.net/Alerts/489048/

HPSBMU02756 SSRT100596 rev.1 - HP Performance Manager Running on HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03255321%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

HPSBMU02744 SSRT100776 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03223954%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

HPSBMU02748 SSRT100772 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache HTTP Server, Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03231301%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

Sudo 1.8.5b3 release
http://www.sudo.ws/sudo/devel.html#1.8.5b3

RSA、使用言語を判断してページを改ざんするHTMLインジェクションを報告
http://itpro.nikkeibp.co.jp/article/NEWS/20120328/388162/?ST=security

Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creatio
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00154.html

D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remot
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00153.html

Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote C
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00152.html

TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam ActiveX Control OpenFileDlg Wi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00151.html

Cisco Security Advisory: Cisco IOS Internet Key Exchange Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00147.html

Cisco Security Advisory: Cisco IOS Software RSVP Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00145.html

Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00146.html

Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00149.html

Cisco Security Advisory: Cisco IOS Software Reverse SSH Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00150.html

Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Feature
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00148.html

[security bulletin] HPSBMU02756 SSRT100596 rev.1 - HP Performance Manager Running on HP-UX,
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00144.html

[security bulletin] HPSBUX02755 SSRT100667 rev.1 - HP-UX WBEM, Remote Unauthorized Access to
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00143.html

[security bulletin] HPSBMU02744 SSRT100776 rev.2 - HP Network Node Manager i (NNMi) for HP-U
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00142.html

[security bulletin] HPSBMU02748 SSRT100772 rev.1 - HP OpenView Network Node Manager (OV NNM) Run
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00141.html

[security bulletin] HPSBMU02747 SSRT100771 rev.1 - HP OpenView Network Node Manager (OV NNM) Run
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00140.html

[ MDVSA-2012:042 ] wireshark
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00139.html

Adobe Flash Player APSB12-07 - 28 March 2012
http://isc.sans.edu/diary.html?storyid=12862

Cisco IOS IKE Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1026863

Cisco IOS Zone-Based Firewall IP/HTTP/H.323/SIP Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1026861

Cisco IOS Lets Remote Authenticated Users Bypass Command Authorization Level Controls
http://www.securitytracker.com/id/1026860

Adobe Flash Player Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026859

Debian update for openarena
http://secunia.com/advisories/48594/

GreenBrowser "about:" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48559/

HP Performance Manager Unspecified Code Execution Vulnerability
http://secunia.com/advisories/48586/

HP-UX update for Java
http://secunia.com/advisories/48589/

Matthew1471's ASP BlogX Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/48573/

Gentoo update for logwatch
http://secunia.com/advisories/48575/

Gentoo update for asterisk
http://secunia.com/advisories/48576/

TYPO3 cag_tables Extension Multiple Vulnerabilities
http://secunia.com/advisories/48533/

TYPO3 Event Board Extension SQL Injection Vulnerability
http://secunia.com/advisories/48563/

Gentoo update for nginx
http://secunia.com/advisories/48577/

ocPortal Multiple Vulnerabilities
http://secunia.com/advisories/48570/

HP OpenView Network Node Manager Apache Tomcat Two Denial of Service Vulnerabilities
http://secunia.com/advisories/48549/

HP OpenView Network Node Manager Apache HTTP Server Multiple Vulnerabilities
http://secunia.com/advisories/48551/

Joomla! Security Bypass and Information Disclosure Security Issues
http://secunia.com/advisories/48584/

HP-UX WBEM Diagnostic Data Security Bypass Vulnerability
http://secunia.com/advisories/48593/

Novell iManager Multiple Vulnerabilities
http://secunia.com/advisories/48582/

Red Hat update for libtasn1
http://secunia.com/advisories/48578/

Red Hat update for openssl
http://secunia.com/advisories/48580/

Red Hat update for gnutls
http://secunia.com/advisories/48579/

Red Hat update for gnutls
http://secunia.com/advisories/48596/

Wireshark Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/48548/

IntegraXor Project ActiveX Control Insecure Method
http://secunia.com/advisories/48558/

Ipswitch WhatsUp Gold "ExportViewer.asp" Directory Traversal Vulnerability
http://secunia.com/advisories/48590/

REMOTE: Quest InTrust 10.4.x ReportTree and SimpleTree Classes
http://www.exploit-db.com/exploits/18672

REMOTE: D-Link DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/18673

REMOTE: Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution
http://www.exploit-db.com/exploits/18674

REMOTE: TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow
http://www.exploit-db.com/exploits/18675

DoS/PoC: KnFTPd 1.0.0 'FEAT' DoS PoC-Exploit
http://www.exploit-db.com/exploits/18671

HP Performance Manager Remote Code Execution Vulnerability
http://www.vupen.com/english/ADV-2012-0181.php

HP OpenView Network Node Manager Tomcat Server Vulnerabilities
http://www.vupen.com/english/ADV-2012-0180.php

HP OpenView Network Node Manager HTTP Server Vulnerabilities
http://www.vupen.com/english/ADV-2012-0179.php

HP-UX WBEM Diagnostic Data Remote Unauthorized Access
http://www.vupen.com/english/ADV-2012-0178.php

WhatsUp Gold Web Interface Remote Directory Traversal Vulnerability
http://www.vupen.com/english/ADV-2012-0177.php

Wireshark Multiple Dissector and File Parsers Denial of Service
http://www.vupen.com/english/ADV-2012-0176.php

Opera File Download Manipulation and Information Disclosure
http://www.vupen.com/english/ADV-2012-0175.php

Google Chrome Multiple Memory Corruptions and Security Bypass
http://www.vupen.com/english/ADV-2012-0174.php

Adobe Flash Player Two Remote Code Execution Vulnerabilities
http://www.vupen.com/english/ADV-2012-0173.php

Microsoft .NET Framework CVE-2011-3416 ASP.NET Forms Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/51201

F5 FirePass 'state' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52653

Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51705

Logwatch Log File Special Characters Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/46554

Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51706

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0457 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52459

Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50494

Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
http://www.securityfocus.com/bid/51869

Rockwell Automation FactoryTalk Activation Server Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/51444

Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935

nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50710

nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52578

nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36839

nginx WebDAV Multiple Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/36490

Apache Tomcat Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51200

Apache Tomcat Parameter Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/51447

Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407

Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/47929

Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/47820

Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
http://www.securityfocus.com/bid/50802

Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49957

GIMP Multiple File Plugins Remote Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/45647

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0463 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52466

Mozilla Firefox/Thunderbird/SeaMonkey 'array.join' CVE-2012-0464 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52465

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0456 SVG Filters Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52461

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0461 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52464

Mozilla Firefox/Thunderbird/SeaMonkey 'cssText' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52457

Mozilla Firefox/SeaMonkey/Thunderbird 'window.fullScreen' Security Bypass Vulnerability
http://www.securityfocus.com/bid/52456

Mozilla Firefox/Thunderbird/SeaMonkey HTTP Header Security Bypass Vulnerability
http://www.securityfocus.com/bid/52463

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-0458 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52460

Mozilla Firefox, Thunderbird, and SeaMonkey Drag and Drop Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52458

Mozilla Firefox/Thunderbird/SeaMonkey 'shlwapi.dll' Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52455

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0462 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52467

Oracle Java SE CVE-2012-0497 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52009

Oracle Java SE CVE-2012-0504 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52020

Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194

Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011

Oracle Java SE CVE-2012-0499 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52016

Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014

Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017

Oracle Java SE CVE-2012-0500 Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52015

Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018

Oracle Java SE CVE-2012-0498 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52019

Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012

Oracle Java SE CVE-2012-0507 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52161

Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013

Asterisk 'Milliwatt()' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52523

Wireshark MP2T Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/52736

Wireshark IEEE 802.11 Dissector Infinite Loop Denial of Service Vulnerability
http://www.securityfocus.com/bid/52738

Wireshark 'ERF' data Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52737

Wireshark 'call_dissector()' NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52735

Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
http://www.securityfocus.com/bid/28482

Joomla! Unspecified Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/50188

GNU Libtasn1 ASN1 Length DER Decoding Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52668

OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428

GnuTLS 'gnutls_session_get_data()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50609

GnuTLS TLS Record Handling Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52667

Linux Kernel Regsets CVE-2012-1097 NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52274

Linux Kernel 'memcg' NULL Pointer Deference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52324

Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51176

Linux Kernel KVM CVE-2012-0045 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51389

Linux Kernel CVE-2012-1090 CIFS 'umount' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52197

Red Hat Linux Kernel CVE-2011-3347 VLAN Packets Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50312

Linux Kernel CVE-2011-4347 Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/50811

Linux Kernel 'Clone()' Function 'CLONE_IO' Flag Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/52152

Quest InTrust 'ArDoc.dll' Multiple Insecure Method Vulnerabilities
http://www.securityfocus.com/bid/52773

TYPO3 Basic SEO Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52772

TYPO3 Core TYPO3-CORE-SA-2012-001 Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/52771

eGroupware Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/52770

D-Link DCS-5605 PTZ ActiveX Control 'SelectDirectory()' Method Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52769

ocPortal Arbitrary File Disclosure and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52768

GreenBrowser Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52767

TomatoCart 'json.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/52766

Quest InTrust 'AnnotateX.dll' Uninitialized Pointer Code Execution Vulnerability
http://www.securityfocus.com/bid/52765

OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764

Ecava IntegraXor 'igcom.dll' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/52763

Google Chrome Prior to 18.0.1025.142 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52762

phpPgAdmin 'function.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52761

TRENDnet TV-IP121WN ActiveX Control 'OpenFileDlg()' Method Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52760

Cisco IOS Multicast Source Discovery Protocol Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52759

Cisco IOS NAT Functionality SIP Denial of Service Vulnerability
http://www.securityfocus.com/bid/52758

Cisco Internet Key Exchange Denial of Service Vulnerability
http://www.securityfocus.com/bid/52757

Cisco IOS Smart Install Feature Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52756

Cisco IOS Authorization Security Bypass Vulnerability
http://www.securityfocus.com/bid/52755

Cisco IOS RSVP Feature Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52754

Cisco IOS Zone-Based Firewall Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52753

Cisco IOS Reverse SSH Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52752

Cisco IOS WAAS and MACE Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52751

Joomla! Predictable Password Generation And Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/52750

HP Performance Manager CVE-2012-0127 Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52749

Adobe Flash Player APSB12-07 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/52748

Apple Safari For Windows 'window.open()' URI Spoofing Vulnerability
http://www.securityfocus.com/bid/52746

Ipswitch WhatsUp Gold 'ExportViewer.asp' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/52745

Invision Power Board 'searchText' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52740

WordPress Integrator 'redirect_to' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52739

28日 水曜日、先負

JVNVU#551715 Quagga に複数の脆弱性
http://jvn.jp/cert/JVNVU551715/index.html

JVNVU#668534 Quagga に複数の脆弱性
http://jvn.jp/cert/JVNVU668534/index.html

JVNVU#212651 InspIRCd にメモリ破損の脆弱性
http://jvn.jp/cert/JVNVU212651/index.html

個人情報3200万人分が流出したRockYou、25万ドルでFTCと和解
http://itpro.nikkeibp.co.jp/article/NEWS/20120328/388140/?ST=security

GNU Libtasn1 ASN1 Length DER Decoding Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52668

OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428

GnuTLS 'gnutls_session_get_data()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50609

GnuTLS TLS Record Handling Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52667

Linux Kernel Regsets CVE-2012-1097 NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52274

Linux Kernel 'memcg' NULL Pointer Deference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52324

Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51176

Linux Kernel KVM CVE-2012-0045 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51389

Linux Kernel CVE-2012-1090 CIFS 'umount' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52197

Red Hat Linux Kernel CVE-2011-3347 VLAN Packets Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50312

Linux Kernel CVE-2011-4347 Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/50811

Linux Kernel 'Clone()' Function 'CLONE_IO' Flag Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/52152

Oracle Java SE CVE-2012-0498 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52019

Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011

Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012

+ RHSA-2012:0428 Important: gnutls security update
http://rhn.redhat.com/errata/RHSA-2012-0428.html

+ RHSA-2012:0426 Moderate: openssl security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-0426.html

+ Apache POI 3.8 released
http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt
http://poi.apache.org/changes.html

+ iptables 1.4.13 released
http://www.iptables.org/news.html#c
http://www.iptables.org/projects/iptables/files/changes-iptables-1.4.13.txt

+ GnuPG 2.0.19 released
http://lists.gnupg.org/pipermail/gnupg-announce/2012q1/000314.html

+ Linux Kernel ASLR Security Bypass Weakness
http://www.securityfocus.com/bid/52687

++ HP WBEM Discloses Diagnostic Data to Remote and Local Users
http://www.securitytracker.com/id/1026849

[Announce] GnuPG 2.0.19 released
ftp://ftp.gnupg.org/gcrypt/gnupg/

[ANNOUNCE] Netfilter releases: iptables 1.4.13, nfacct 1.0.0 and libnetfilter_acct 1.0.0
ftp://ftp.netfilter.org/pub/iptables/

[announce] The Apache Software Foundation Announces Apache Rave as a Top-Level Project
http://rave.apache.org/

[ANNOUNCE] Apacle Flume 1.1.0-incubating Released
http://www.apache.org/dyn/closer.cgi/incubator/flume/

RHSA-2012:0429 Important: gnutls security update
http://rhn.redhat.com/errata/RHSA-2012-0429.html

RHSA-2012:0427 Important: libtasn1 security update
http://rhn.redhat.com/errata/RHSA-2012-0427.html

RHSA-2012:0426 Moderate: openssl security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-0426.html

Memory disclosure with specially crafted backend responses
http://nginx.org/en/security_advisories.html
http://nginx.org/download/patch.2012.memory.txt

Wireshark 1.6.6 released
http://www.wireshark.org/docs/relnotes/wireshark-1.6.6.html

HPSBMU02747 SSRT100771 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache Tomcat, Remote Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03231290%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

Check Point Response to Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk65222&src=securityAlerts

[ MDVSA-2012:041 ] expat
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00138.html

[ MDVSA-2012:040 ] gnutls
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00136.html

[waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00134.html

[ MDVSA-2012:039 ] libtasn1
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00133.html

[PRE-SA-2012-02] Incorrect loop construct and numeric overflow in libzip
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00132.html

[SECURITY] [DSA 2443-1] linux-2.6 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00131.html

[SECURITY] [DSA 2442-1] openarena security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00130.html

[ MDVSA-2012:038 ] openssl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00128.html

Matthew1471s ASP BlogX - XSS Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00129.html

Traffic amplification via Quake 3-based servers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00127.html

PcwRunAs Password Obfuscation Design Flaw
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00135.html

[SECURITY] [DSA 2441-1] gnutls26 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00126.html

SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00125.html

[SECURITY] [DSA 2440-1] libtasn1-3 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00124.html

CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00123.html

プレス発表
ファジングによる脆弱性検出の有効性の実証結果の公開
～「ファジング活用の手引き」を活用し、ソフトウェア開発にファジングの導入を～
http://www.ipa.go.jp/about/press/20120327.html

NTTデータ先端技術、標的型サイバー攻撃への耐性強化サービスを提供
http://itpro.nikkeibp.co.jp/article/NEWS/20120327/388105/?ST=security

Microsoft、金融業界と協力してZeusボットネットのサーバーを押収
http://itpro.nikkeibp.co.jp/article/NEWS/20120327/388045/?ST=security

JVNVU#743555 AtMail に複数の脆弱性
http://jvn.jp/cert/JVNVU743555/index.html

JVNVU#542123 複数の DNS ネームサーバの実装に問題
http://jvn.jp/cert/JVNVU542123/index.html

Firefox 3.6 EOL
http://isc.sans.edu/diary.html?storyid=12844

ISC Feature of the Week: ISC Poll
http://isc.sans.edu/diary.html?storyid=12850

Wireshark 1.6.6 and 1.4.2 Released
http://isc.sans.edu/diary.html?storyid=12853

Minify And Related Plugins DOM-Based XSS Vulnerability
http://www.securiteam.com/securitynews/5TP3G1P6KK.html

Opera Multiple Vulnerabilities
http://secunia.com/advisories/48535/

Ubuntu update for kernel
http://secunia.com/advisories/48565/

Ubuntu update for kernel
http://secunia.com/advisories/48544/

IBM 31-bit SDK for z/OS Multiple Vulnerabilities
http://secunia.com/advisories/48546/

Ubuntu update for linux-lts-backport-oneiric
http://secunia.com/advisories/48536/

Ubuntu update for linux
http://secunia.com/advisories/48545/

Ruby Zip/Ruby Gem Zip File Parsing Vulnerabilities
http://secunia.com/advisories/48534/

Ubuntu update for linux-ti-omap4
http://secunia.com/advisories/48547/

vBulletin vBShop Module Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/48560/

Event Calendar PHP "cal_year" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48539/

Debian update for linux-2.6
http://secunia.com/advisories/48523/

SUSE update for gnash
http://secunia.com/advisories/48540/

SUSE update for MozillaFirefox and MozillaThunderbird
http://secunia.com/advisories/48553/

SUSE update for libzip
http://secunia.com/advisories/48562/

vBulletin vbShout Module "message" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48531/

Family Connections Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities
http://secunia.com/advisories/48569/

Google Talk Credentials Disclosure Security Issue
http://secunia.com/advisories/48448/

Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
2012-03-28
http://www.securityfocus.com/bid/52012

Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194

Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013

Oracle Java SE CVE-2012-0499 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52016

Oracle Java SE CVE-2012-0504 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52020

Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017

Oracle Virtual Desktop Infrastructure (VDI) CVE-2011-3571 Remote Vulnerability
http://www.securityfocus.com/bid/51467

Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014

Oracle Java SE CVE-2012-0497 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52009

Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018

Oracle JavaFX CVE-2012-0508 Remote Vulnerability
http://www.securityfocus.com/bid/52010

Oracle Java SE CVE-2012-0500 Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52015

Raptor XML External Entity Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52681

Oracle Java SE CVE-2011-3557 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50234

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49778

Oracle Java SE CVE-2011-3560 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50236

Oracle Java SE CVE-2012-0507 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52161

Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011

Oracle Java SE CVE-2012-0498 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52019

Expat XML Parsing Multiple Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52379

phpMyVisites 'phpmv2/index.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52377

Red Hat Linux Kernel CVE-2011-3347 VLAN Packets Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50312

Linux Kernel CVE-2011-4347 Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/50811

libzip Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/52658

Linux Kernel 'Clone()' Function 'CLONE_IO' Flag Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/52152

GNU Libtasn1 ASN1 Length DER Decoding Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52668

PHP 'php_register_variable_ex()' Function Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/51830

GnuTLS TLS Record Handling Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52667

Linux Kernel Regsets CVE-2012-1097 NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52274

Linux Kernel KVM CVE-2012-0045 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51389

Linux Kernel 'memcg' NULL Pointer Deference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52324

Linux Kernel eCryptfs Multiple Vulnerabilities
http://www.securityfocus.com/bid/49108

Linux Kernel CVE-2012-1090 CIFS 'umount' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52197

Pidgin 'msn_oim_report_to_user()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/52475

Pidgin XMPP Protocol Denial of Service Vulnerability
http://www.securityfocus.com/bid/52476

OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428

WebKit CSS 'format()' Arguments Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38684

IBM WebSphere Application Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51441

IBM WebSphere Application Server 'iscdeploy' Script Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/51420

PHP Web Form Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51193

PHP CVE-2012-0057 Security Bypass Vulnerability
http://www.securityfocus.com/bid/51806

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0462 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52467

taglib Memory Corruption and Infinite Loop Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/52290

Linux Kernel '__split_huge_page()' Race Condition Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52533

Linux Kernel ASLR Security Bypass Weakness
http://www.securityfocus.com/bid/52687

GNU Gnash 'GnashImage::size()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52446

systemd 'systemd-logind' Insecure Temporary File Handling Vulnerability
http://www.securityfocus.com/bid/52538

Wireshark IEEE 802.11 Dissector Infinite Loop Denial of Service Vulnerability
http://www.securityfocus.com/bid/52738

Wireshark 'ERF' data Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52737

Wireshark MP2T Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/52736

Wireshark 'call_dissector()' NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52735

HP-UX WBEM CVE-2012-0126 Remote Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/52734

python 'distutils' Component '~/.pypirc' File Local Race Condition Vulnerability
http://www.securityfocus.com/bid/52732

Opera Web Browser 11.62 prior Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52731

Matthew1471 BlogX Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52730

vBulletin vBShop Module Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52729

NextBBS Multiple Input Validation Security Vulnerabilities
http://www.securityfocus.com/bid/52728

Geeklog 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/52725

27日 火曜日、友引

+ JK-1.2.35 released
http://tomcat.apache.org/connectors-doc/index.html
http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html

+- PHP CVE-2012-0789 Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52043

- PHP 'Content-Length' Header Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52704

[ANN] Apache Tomcat Connectors 1.2.35 released
http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html

PDFCreator 1.3.2 released
http://www.pdfforge.org/

CentOS alert CESA-2012:0411 (openoffice.org)
http://lwn.net/Alerts/488638/

Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120215-nxos

Tomcat Connectors 1.2.35 Released
http://tomcat.apache.org/
http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html

キヤノンIT、単機能化で価格を下げたHD暗号化ソフトを発売
http://itpro.nikkeibp.co.jp/article/NEWS/20120326/388034/?ST=security

トレンドマイクロ、サーバー数無制限のSSL証明書を顧客向けに提供
http://itpro.nikkeibp.co.jp/article/NEWS/20120326/388003/?ST=security

ベクターに不正アクセス、個人情報26万件が流出の恐れ
クレジットカード情報を含む、補償などについては今後報告
http://itpro.nikkeibp.co.jp/article/NEWS/20120326/387992/?ST=security

米連邦政府の情報システム、グローバルな製品・サービスの採用が新たな脅威に
http://itpro.nikkeibp.co.jp/article/NEWS/20120326/387989/?ST=security

Facebook、雇用者によるパスワード開示強要に法的措置を示唆
http://itpro.nikkeibp.co.jp/article/NEWS/20120326/387986/?ST=security

vBulletin vBDownloads Module "mirrors[]" Script Insertion Vulnerability
http://secunia.com/advisories/48522/

vBulletin vBQuiz Module "quiz_name" Script Insertion Vulnerability
http://secunia.com/advisories/48521/

vBulletin Forumon RPG Module "monster[title]" Script Insertion Vulnerability
http://secunia.com/advisories/48514/

vBulletin vbShout Module Cross-Site Scripting and Script Insertion Vulnerabilities
http://secunia.com/advisories/48519/

vBulletin vbActivity Module "reason" Script Insertion Vulnerabilities
http://secunia.com/advisories/48490/

vBulletin "[URL]" BBCode Script Insertion Vulnerability
http://secunia.com/advisories/48506/

WordPress CMS Tree Page View Plugin "cms_tpv_view" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48510/

SUSE update for openssl
http://secunia.com/advisories/48516/

Hitachi IT Operations Analyzer Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48556/

Hitachi IT Operations Director Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48555/

phpFox static/ajax.php Command Injection Vulnerability
http://secunia.com/advisories/48550/

Pale Moon Multiple Vulnerabilities
http://secunia.com/advisories/48561/

NetFront Life Browser for Android Unspecified Vulnerability
http://secunia.com/advisories/48557/

Apache Traffic Server Host Header Buffer Overflow Vulnerability
http://secunia.com/advisories/48509/

SUSE update for php5
http://secunia.com/advisories/48567/

Red Hat Enterprise Virtualization Manager XML External Entity Processing Lets Remote Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1026848

Hitachi IT Operations Products Unspecified Cross Site Scripting Vulnerability
http://www.vupen.com/english/ADV-2012-0172.php

Quagga OSPF and BGP Handling Remote Buffer Overflow Vulnerabilities
http://www.vupen.com/english/ADV-2012-0170.php

IBM TS3310 Tape Library Pre-configured Default Accounts Vulnerability
http://www.vupen.com/english/ADV-2012-0169.php

REMOTE: UltraVNC 1.0.2 Client (vncviewer.exe) Buffer Overflow
http://www.exploit-db.com/exploits/18666

GnuTLS TLS Record Handling Heap Memory Corruption Vulnerability
2012-03-27
http://www.securityfocus.com/bid/52667

systemd 'systemd-logind' Insecure Temporary File Handling Vulnerability
2012-03-27
http://www.securityfocus.com/bid/52538

libpng 'png_inflate()' Function Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52453

Linux Kernel 'iproute' Package Multiple Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/52185

PHP CVE-2012-0789 Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52043

PHP PDORow Object Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51952

PHP 'tidy_diagnose()' NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51992

Suhosin Extension Transparent Cookie Encryption Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51574

PHP CVE-2012-0831 'magic_quotes_gpc' Directive Security Bypass Weakness
http://www.securityfocus.com/bid/51954

PHP 'zend_strndup()' Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/51417

Jetty Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51199

RESTEasy JaxB XML Entity References Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51766

RESTEasy XML Entity References Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51748

Google Chrome Prior to 17.0.963.79 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52395

Google Chrome Prior to 17.0.963.78 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52369

Google Chrome Prior to 17.0.963.83 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52674

Google Chrome Prior to 17.0.963.65 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52271

Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49279

Linux Kernel 'net/ipv4/igmp.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51343

Linux Kernel KVM CVE-2012-0045 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51389

UltraVNC VNCViewer 'ClientConnection.cpp' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/27561

Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45015

PHP Web Form Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51193

PHP Exif Extension 'exif_read_data()' Function Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46365

PHP Stream Component Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46970

PHP Calendar Extension 'SdnToJulian()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/46967

PHP 'exif_process_IFD_TAG()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50907

PHP CVE-2011-2202 Security Bypass Vulnerability
http://www.securityfocus.com/bid/48259

PHP 'substr_replace()' Use After Free Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/46843

PHP 'exif_process_IFD_TAG()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50907

PHP CVE-2011-2202 Security Bypass Vulnerability
http://www.securityfocus.com/bid/48259

PHP 'substr_replace()' Use After Free Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/46843

PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49241

Real Networks RealPlayer Versions Prior to 15.0.0 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/50741

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0461 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52464

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0457 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52459

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0456 SVG Filters Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52461

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-0458 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52460

Mozilla Firefox, Thunderbird, and SeaMonkey Drag and Drop Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52458

Mozilla Firefox/Thunderbird/SeaMonkey 'array.join' CVE-2012-0464 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52465

Mozilla Firefox/Thunderbird/SeaMonkey HTTP Header Security Bypass Vulnerability
http://www.securityfocus.com/bid/52463

Mozilla Firefox/Thunderbird/SeaMonkey 'cssText' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52457

Mozilla Firefox/SeaMonkey/Thunderbird 'window.fullScreen' Security Bypass Vulnerability
http://www.securityfocus.com/bid/52456

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0463 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52466

Mozilla Firefox/Thunderbird/SeaMonkey 'shlwapi.dll' Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52455

Ricoh Company DC Software DL-10 'USER' Command Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52235

FreePBX Multiple Cross Site Scripting and Remote Command Execution Vulnerabilities
http://www.securityfocus.com/bid/52630

Fortigate UTM WAF Appliances Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/51708

GNU Libtasn1 ASN1 Length DER Decoding Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52668

ioQuake3 Engine Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52719

FlexNet License Server Manager 'lmgrd' Component Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52718

vBulletin vBshop module HTML Injection Vulnerability
http://www.securityfocus.com/bid/52717

Family Connections 'uid' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52716

vBShout 'Shoutbox Search Archive' Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52715

vBShout 'vbshout.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52714

vBulletin vBDownloads module 'mirrors[]' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/52713

vBQuiz 'class_profileblock.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/52712

vBulletin vbActivity Pro module 'reason' parameter Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52711

vBulletin '[URL]' BBCode Tag HTML Injection Vulnerability
http://www.securityfocus.com/bid/52709

WordPress CMS Tree Page View Plugin 'cms_tpv_view' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52708

vBulletin Forumon RPG module 'monster[title]' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/52707

Hitachi IT Operations Products Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52705

Real Networks RealPlayer '.mp4' File Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52706

PHP 'Content-Length' Header Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52704

RIPS 'file' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/52703

Event Calendar PHP 'cal_year' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52701

26日 月曜日、先勝

HS12-010: Cross-site Scripting Vulnerability in Hitachi IT Operations Products
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-010/index.html

HS12-010: Hitachi IT Operations製品におけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-010/index.html

プレス発表
「地方公共団体のための脆弱性対応ガイド」などを公開
～「情報システム等の脆弱性情報の取扱いに関する研究会」の2011年度活動成果～
http://www.ipa.go.jp/about/press/20120326.html

JVNVU#551715 Quagga に複数の脆弱性
http://jvn.jp/cert/JVNVU551715/index.html

JVNVU#194833 Apache Traffic Server にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU194833/index.html

JVNDB-2012-001906 IBM Tivoli Endpoint Manager における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001905.html

JVNDB-2012-001905 IBM Tivoli Endpoint Manager におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001906.html

JVNDB-2012-001904 ClamAV および Sophos Anti-Virus の Microsoft CHM ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001904.html

JVNDB-2012-001903 Windows 上で稼働する CA ARCserve Backup におけるサービス運用妨害 (サービスシャットダウン) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001903.html

JVNDB-2012-001902 複数の製品の TAR ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001902.html

JVNDB-2012-001901 複数の製品の Gzip ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001901.html

JVNDB-2012-001900 複数の製品の TAR ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001900.html

JVNDB-2012-001899 NOD32 Antivirus および Rising Antivirus の CAB ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001899.html

JVNDB-2012-001898 複数の製品の CAB ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001898.html

JVNDB-2012-001897 複数の製品の ELF ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001897.html

JVNDB-2012-001896 複数の製品の ELF ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001896.html

JVNDB-2012-001895 複数の製品の RAR ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001895.html

JVNDB-2012-001894 複数の製品の ELF ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001894.html

JVNDB-2012-001893 複数の製品の ELF ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001893.html

JVNDB-2012-001892 複数の製品の ELF ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001892.html

JVNDB-2012-001891 複数の製品の ELF ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001891.html

JVNDB-2012-001890 複数の製品の TAR ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001890.html

JVNDB-2012-001889 複数の製品の TAR ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001889.html

JVNDB-2012-001888 複数の製品の TAR ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001888.html

JVNDB-2012-001887 複数の製品の TAR ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001887.html

JVNDB-2012-001886 複数の製品の TAR ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001886.html

JVNDB-2012-001885 複数の製品の TAR ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001889.html

JVNDB-2012-001884 複数の製品の TAR ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001884.html

JVNDB-2012-001883 複数の製品の TAR ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001883.html

JVNDB-2012-001882 複数の製品の TAR ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001881.html

JVNDB-2012-001881 ClamAV および Quick Heal の TAR ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001881.html

Gentoo update for chromium
http://secunia.com/advisories/48527/

FreePBX Cross-Site Scripting and Command Injection Vulnerabilities
http://secunia.com/advisories/48463/

Debian update for libtasn1-3
http://secunia.com/advisories/48505/

Debian update for gnutls26
http://secunia.com/advisories/48511/

FreePBX Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/48475/

+ Linux kernel 3.0.26, 3.2.13 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.26
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.13

[ANN] Release of Apache Jena Fuseki 0.2.1
http://incubator.apache.org/jena/

[ANNOUNCE] Apache Tika 1.1 released
http://www.apache.org/dist/tika/CHANGES-1.1.txt

[ANNOUNCE] Apache Maven Fluido Skin 1.2 is out
http://maven.apache.org/skins/maven-fluido-skin/

CentOS alert CESA-2012:0410 (raptor)
http://lwn.net/Alerts/488313/

[ MDVSA-2012:037 ] cyrus-imapd
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00122.html

[ MDVSA-2012:036 ] libsoup
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00121.html

[ MDVSA-2012:035 ] file
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00120.html

[ MDVSA-2012:034 ] libzip
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00119.html

[SECURITY] [DSA 2439-1] libpng security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00118.html

[ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00117.html

[SECURITY] [DSA 2438-1] raptor security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00116.html

phpMoneyBooks Local File Inclusion (CVE-2012-1669)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00115.html

PHP Grade Book Unauthenticated SQL Database Export (CVE-2012-1670)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00114.html

Prado TJavaScript::encode() script injection vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00113.html

[CVE-2012-1089] Apache Wicket serving of hidden files vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00111.html

[CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00112.html

struts2 xsltResult Local code execution vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00110.html

JVNDB-2012-001880 NOD32 Antivirus および Rising Antivirus の CAB ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001880.html

JVNDB-2012-001879 複数の製品の ELF ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001879.html

JVNDB-2012-001878 複数の製品の ELF ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001878.html

JVNDB-2012-001877 複数の製品の ELF ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001877.html

JVNDB-2012-001876 複数の製品の Microsoft EXE ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001876.html

JVNDB-2012-001875 複数の製品の ELF ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001875.html

JVNDB-2012-001874 Comodo Antivirus および Sophos Anti-Virus の Microsoft Office ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001874.html

JVNDB-2012-001873 複数の製品の Microsoft Office ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001873.html

JVNDB-2012-001872 複数の製品の ELF ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001872.html

JVNDB-2012-001871 複数の製品の ZIP ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001871.html

JVNDB-2012-001870 複数の製品の Gzip ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001870.html

JVNDB-2012-001869 複数の製品の TAR ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001869.html

JVNDB-2012-001868 複数の製品の ELF パーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001868.html

JVNDB-2012-001867 複数の製品の CAB ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001867.html

JVNDB-2012-001866 複数の製品の Microsoft EXE ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001866.html

JVNDB-2012-001865 複数の製品の Microsoft EXE ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001865.html

JVNDB-2012-001864 複数の製品の Microsoft EXE ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001864.html

JVNDB-2012-001863 複数の製品の Microsoft EXE ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001863.html

JVNDB-2012-001862 複数の製品の CAB ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001862.html

JVNDB-2012-001861 Emsisoft Anti-Malware および Ikarus Virus Utilities T3 Command Line Scanner の CAB ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001861.html

JVNDB-2012-001860 複数の製品の CAB ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001860.html

JVNDB-2012-001859 複数の製品の Microsoft EXE ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001859.html

JVNDB-2012-001858 IBM DB2 におけるテーブルデータのビューの制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001858.html

JVNDB-2012-001857 IBM DB2 における詳細不明な脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001857.html

JVNDB-2012-001856 IBM DB2 の XML 機能におけるサービス運用妨害 (無限ループ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001856.html

JVNDB-2012-001854 EMC RSA enVision におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001854.html

JVNDB-2012-001853 EMC RSA enVision におけるアクセスを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001853.html

JVNDB-2012-001852 EMC RSA enVision における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001852.html

JVNDB-2012-001851 EMC RSA enVision におけるアクセスを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001851.html

JVNDB-2012-001850 EMC RSA enVision におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001850.html

evilcode.class
http://isc.sans.edu/diary.html?storyid=12838

Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1026847

Apache Wicket Discloses Hidden Application Files to Remote Users
http://www.securitytracker.com/id/1026846

Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026841

Clam AntiVirus Bugs Let Remote Users Bypass Malware Detection
http://www.securitytracker.com/id/1026840

Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1026839

VU#551715 Quagga contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/551715

MediaWiki Multiple Vulnerabilities
http://secunia.com/advisories/48504/

Webglimpse "query" Command Injection Vulnerability
http://secunia.com/advisories/48452/

Janetter Information Disclosure and Cross-Site Request Forgery Vulnerabilities
http://secunia.com/advisories/48480/

LibreOffice Raptor RDF XML External Entity Processing Information Disclosure Vulnerability
http://secunia.com/advisories/48526/

PHP Grade Book "SaveSQL" Database Backup Authentication Bypass Vulnerability
http://secunia.com/advisories/48524/

Ubuntu update for thunderbird
http://secunia.com/advisories/48495/

vBulletin vBShout Module "shout" Script Insertion Vulnerability
http://secunia.com/advisories/48525/

SWTOR CharDB Multiple Vulnerabilities
http://secunia.com/advisories/48518/

WordPress Image News slider Plugin Unspecified Vulnerabilities
http://secunia.com/advisories/48538/

Cisco Linksys PlayerPT ActiveX Control "SetSource()" Buffer Overflow
http://secunia.com/advisories/48543/

Wolf CMS Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/48520/

Apache Wicket Cross-Site Scripting and File Disclosure Vulnerabilities
http://secunia.com/advisories/48499/

Red Hat update for raptor
http://secunia.com/advisories/48542/

Debian update for raptor
http://secunia.com/advisories/48493/

Raptor RDF XML External Entity Processing Information Disclosure Vulnerability
http://secunia.com/advisories/48479/

Ubuntu update for freetype
http://secunia.com/advisories/48508/

Red Hat update for openoffice.org
http://secunia.com/advisories/48529/

Ubuntu update for libpng
http://secunia.com/advisories/48532/

Debian update for libpng
http://secunia.com/advisories/48320/

Apache Traffic Server "Host:" Header Processing Heap Overflow
http://www.vupen.com/english/ADV-2012-0168.php

Citrix XenServer vSwitch Controller Management Interface Vulnerabilities
http://www.vupen.com/english/ADV-2012-0167.php

Cisco Linksys WVC200 PlayerPT ActiveX Control Code Execution
http://www.vupen.com/english/ADV-2012-0166.php

Google Chrome Multiple Use-after-free and Memory Corruptions
http://www.vupen.com/english/ADV-2012-0165.php

LibreOffice XML External Entity ODF Documents Data Disclosure
http://www.vupen.com/english/ADV-2012-0164.php

OpenOffice.org XML External Entity ODF Documents Data Disclosure
http://www.vupen.com/english/ADV-2012-0163.php

CA ARCserve Backup Network Requests Remote Denial of Service
http://www.vupen.com/english/ADV-2012-0162.php

Libtasn1 ASN.1 Length Decoding Heap Corruption Vulnerability
http://www.vupen.com/english/ADV-2012-0161.php

GnuTLS TLS Record Handling Heap Corruption Vulnerability
http://www.vupen.com/english/ADV-2012-0160.php

Apple Mobile Safari for iOS Address Bar Spoofing Vulnerability
http://www.vupen.com/english/ADV-2012-0159.php

Dell Webcam Software Bundled ActiveX Control Remote Code Execution
http://www.vupen.com/english/ADV-2012-0158.php

HP Insight Control Software for Linux Multiple Remote Vulnerabilities
http://www.vupen.com/english/ADV-2012-0157.php

REMOTE: Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow"
http://www.exploit-db.com/exploits/18658

LOCAL: mmPlayer 2.2 (.ppl) Local Buffer Overflow Exploit (SEH)
http://www.exploit-db.com/exploits/18657

LOCAL: mmPlayer 2.2 (.m3u) Local Buffer Overflow Exploit (SEH)
http://www.exploit-db.com/exploits/18656

DoS/PoC: PHP 5.4.0 Built-in Web Server DoS PoC
http://www.exploit-db.com/exploits/18665

DoS/PoC: RealPlayer .mp4 file handling memory corruption
http://www.exploit-db.com/exploits/18661

DoS/PoC: Spotify 0.8.2.610 (search func) Memory Exhaustion Exploit
http://www.exploit-db.com/exploits/18654

Linux Kernel CVE-2011-4348 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51363

Linux Kernel NFS Implementation CVE-2011-4325 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51366

Linux Kernel 'hfs_mac2asc()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50750

Linux Kernel 'xfs_readlink()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50370

Red Hat Enterprise Linux NFSv4 Mount Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50798

Linux Kernel 'journal_get_superblock()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50663

Linux Kernel '/proc//' Permissions Handling Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/46567

Linux Kernel 'm_stop()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51361

Quagga Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/52531

Samba 'AndX' Request CVE-2012-0870 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52103

Atheme IRC Services 'mycertfp_delete()' Function Security Bypass Vulnerability
http://www.securityfocus.com/bid/52675

file Composite Document File Format Denial of Service Vulnerability
http://www.securityfocus.com/bid/52225

FreePBX Multiple Cross Site Scripting and Remote Command Execution Vulnerabilities
http://www.securityfocus.com/bid/52630

Cyrus IMAP Server 'index_get_ids()' NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/49659

libsoup SoupServer Directory Traversal Vulnerability
http://www.securityfocus.com/bid/48926

Mozilla Firefox/Thunderbird/SeaMonkey Out of Bounds Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51138

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-0458 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52460

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0456 SVG Filters Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52461

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0461 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52464

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0457 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52459

Mozilla Firefox/Thunderbird/SeaMonkey 'array.join' CVE-2012-0464 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52465

Mozilla Firefox, Thunderbird, and SeaMonkey Drag and Drop Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52458

libzip Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/52658

libpng 'png_inflate()' Function Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52453

Raptor XML External Entity Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52681

FreeType Versions Prior to 2.4.9 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52318

phpFox 'ajax.php' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/52699

MMPlayer '.m3u' and '.ppl' Files Multiple Local Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/52698

Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52696

WordPress Image News slider Plugin Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/52695

Joomla JE Testimonial Component Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/52694

SWTOR CharDB SQL Injection and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52692

Spotify 'spotify.exe' Denial of Service Vulnerability
http://www.securityfocus.com/bid/52690

23日 金曜日、仏滅

2011年データ侵害の過半数は“ハクティビスト”の仕業---Verizonの調査
http://itpro.nikkeibp.co.jp/article/NEWS/20120323/387721/?ST=security

JVNVU#194833 Apache Traffic Server にバッファオーバーフローの脆弱
http://jvn.jp/cert/JVNVU194833/index.html

JVNVU#743555 AtMail に複数の脆弱性
http://jvn.jp/cert/JVNVU743555/index.html

+ cURL 7.25.0 released
http://curl.haxx.se/changes.html#7_25_0

+ GCC 4.7.0 released
http://gcc.gnu.org/gcc-4.7/
http://gcc.gnu.org/gcc-4.7/changes.html

+ MySQL 5.0.96, 5.1.62, 5.5.22 released
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-96.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html

[ANNOUNCE] phpPgAdmin 5.0.4 released !
http://phppgadmin.sourceforge.net/doku.php?id=download

[ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256
http://trafficserver.apache.org/downloads
https://www.cert.fi/en/reports/2012/vulnerability612884.html

UPDATE: Cisco Identity Services Engine Database Default Credentials Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110920-ise

RHSA-2012:0410 Important: raptor security update
http://rhn.redhat.com/errata/RHSA-2012-0410.html

CVE-2012-0037: OpenOffice.org data leakage vulnerability
http://www.openoffice.org/security/cves/CVE-2012-0037.html

DOVECOT: Red Hat/CentOS users
http://www.dovecot.org/

JVNDB-2012-001849 GoLismero の libs/updater.py における任意のファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001849.html

JVNDB-2012-001848 as31 におけるファイルを生成または削除される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001848.html

JVNDB-2012-001847 Apache HTTP Server の mod_fcgid モジュールにおけるサービス運用妨害 (メモリ消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001847.html

JVNDB-2011-003766 WordPress 用 Video Embed & Thumbnail Generator プラグインにおけるインストールパスを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003766.html

JVNDB-2011-003765 WordPress 用 Video Embed & Thumbnail Generator プラグインにおける任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003765.html

JVNDB-2012-001846 MyJobList における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001846.html

JVNDB-2012-001845 Tiny Server におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001845.html

JVNDB-2012-001844 Webgrind における絶対パストラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001844.html

JVNDB-2012-001843 IDevSpot idev-BusinessDirectory におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001843.html

JVNDB-2012-001842 CreateVision CMS の artykul_print.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001842.html

JVNDB-2012-001841 Webfolio CMS におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001841.html

JVNDB-2012-001840 NetMechanica NetDecision の Traffic Grapher Server におけるソースコードを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001840.html

JVNDB-2012-001839 NetMechanica NetDecision の HTTP Server におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001839.html

JVNDB-2012-001838 NetMechanica NetDecision の Dashboard Server におけるインストールパスを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001838.html

JVNDB-2012-001837 Contao の main.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001837.html

JVNDB-2012-001836 Kongreg8 におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001836.html

JVNDB-2012-001835 Dotclear の inc/swf/swfupload.swf における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001835.html

JVNDB-2012-001834 WonderDesk SQL の wonderdesk.cgi におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001834.html

JVNDB-2012-001833 WordPress 用 s2Member Pro プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001833.html

JVNDB-2012-001832 Bitweaver の wiki/rankings.php におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001832.html

JVNDB-2012-001831 Webglimpse の wgarcmin.cgi におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001831.html

JVNDB-2012-001830 WebGlimpse の wgarcmin.cgi におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001830.html

JVNDB-2012-001829 WebGlimpse の wgarcmin.cgi におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001829.html

JVNDB-2012-001828 WebGlimpse の wgarcmin.cgi におけるインストールパスを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001828.html

JVNDB-2012-001827 OSQA の questions/ask におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001827.html

JVNDB-2012-001826 Dotclear におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001826.html

JVNDB-2012-001825 OxWall におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001825.html

JVNDB-2012-001824 SocialCMS の ajax/commentajax.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001824.html

JVNDB-2012-001823 SocialCMS の search.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001823.html

JVNDB-2012-001760 (JVNTA12-073A) Microsoft Windows のリモートデスクトッププロトコルの実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001760.html

Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00109.html

CA20120320-01: Security Notice for CA ARCserve Backup
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00108.html

OpenOffice.org XML External Entity Processing Lets Remote Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1026837

VU#743555 AtMail webmail interface contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/743555

WordPress ALO EasyMail Newsletter Plugin Multiple Unspecified Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/48482/

SUSE update for osc
http://secunia.com/advisories/48477/

OpenOffice.org ODF Document XML External Entity Processing Information Disclosure Vulnerability
http://secunia.com/advisories/48494/

phplist "num" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48491/

Ubuntu update for thunderbird
http://secunia.com/advisories/48513/

Debian update for icedove
http://secunia.com/advisories/48483/

Drupal Wishlist Module "wl_reveal" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48486/

Atheme "myuser_delete()" Certificate Fingerprint Handling Vulnerability
http://secunia.com/advisories/48481/

WordPress Carousel Slideshow Plugin Unspecified Vulnerabilities
http://secunia.com/advisories/48470/

WordPress Blaze Slideshow Plugin Unspecified Vulnerabilities
http://secunia.com/advisories/48472/

Public Knowledge Project Open Conference Systems Multiple Vulnerabilities
http://secunia.com/advisories/48467/

Public Knowledge Project Open Journal Systems Multiple Vulnerabilities
http://secunia.com/advisories/48464/

Public Knowledge Project Open Journal Systems "authors[][url]" Script Insertion Vulnerability
http://secunia.com/advisories/48449/

IBM AIX OpenSSL Multiple Vulnerabilities
http://secunia.com/advisories/48528/

Blue Coat PacketShaper and PolicyCenter OpenSSL Ciphersuite Downgrade Vulnerability
http://secunia.com/advisories/48517/

Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/48512/

REMOTE: MS10-002 Internet Explorer Object Memory Use-After-Free
http://www.exploit-db.com/exploits/18642

REMOTE: Google Talk gtalk:// Deprecated Uri Handler Parameter Injection Vulnerability
http://www.exploit-db.com/exploits/18640

DoS/PoC: Ricoh DC Software DL-10 FTP Server (SR10.exe) ＜= 1.1.0.6 Remote Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/18643

DoS/PoC: Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx sprintf Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/18641

Raptor XML External Entity Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52681

libpng 'png_inflate()' Function Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52453

IBM WebSphere Portal Search Center Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47954

Real Networks RealPlayer Versions Prior to 15.0.0 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/50741

OpenSSL Ciphersuite Downgrade Security Weakness
http://www.securityfocus.com/bid/45164

phpMoneyBooks 'index.php' Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/52532

Real Networks RealPlayer 'coded_frame_size' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51889

Real Networks RealPlayer 'VIDOBJ_START_CODE' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51885

Adobe Flash Player CVE-2012-0754 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52034

RETIRED: Joomla! 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/52549

Joomla! 'redirect.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/52312

Ricoh Company DC Software DL-10 'USER' Command Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52235

Dell Webcam Center 'CrazyTalk4Native.dll' ActiveX Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/52560

Microsoft Internet Explorer Cloned DOM Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37894

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-0458 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52460

Mozilla Firefox/Thunderbird/SeaMonkey HTTP Header Security Bypass Vulnerability
http://www.securityfocus.com/bid/52463

Mozilla Firefox/Thunderbird/SeaMonkey 'array.join' CVE-2012-0464 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52465

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0456 SVG Filters Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52461

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0461 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52464

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0457 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52459

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0462 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52467

Mozilla Firefox, Thunderbird, and SeaMonkey Drag and Drop Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52458

Mozilla Firefox/SeaMonkey/Thunderbird 'window.fullScreen' Security Bypass Vulnerability
http://www.securityfocus.com/bid/52456

Mozilla Firefox/Thunderbird/SeaMonkey 'cssText' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52457

vBShout 'shoutbox' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/52685

AtMail Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52684

WordPress ALO EasyMail Newsletter Plugin Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52683

Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52680

Apache Wicket Hidden Files Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52679

WordPress Carousel Slideshow Plugin Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/52678

WordPress Blaze Slideshow Plugin Unspecified Security Vulnerability
http://www.securityfocus.com/bid/52677

Cisco Wireless-G PTZ Internet Video Camera WVC200 'PlayerPT.ocx' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52673

Google Talk '/gaiaserver' Parameter Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52669