2012年3月30日金曜日

30日 金曜日、大安


+ libpng 1.2.49, 1.5.10 released
http://www.libpng.org/pub/png/libpng.html
http://www.libpng.org/pub/png/src/libpng-1.2.49-README.txt
http://www.libpng.org/pub/png/src/libpng-1.5.10-README.txt

+ Revised png_set_text_2() to avoid potential memory corruption
http://www.libpng.org/pub/png/src/libpng-1.2.49-README.txt

[ANNOUNCE] Psycopg 2.4.5 released
http://initd.org/psycopg/articles/2012/03/29/psycopg-245-released/

Development release of BIND 10: bind10-devel-20120329
http://bind10.isc.org/

Google Chromebook 18.0.1025.140 released
http://googlechromereleases.blogspot.jp/2012/03/stable-channel-update-for-chromebooks_29.html

phpMyAdmin 3.4.10.2 is released
http://sourceforge.net/news/?group_id=23067&id=306976

phpMyAdmin at Percona MySQL Live Conference
http://sourceforge.net/news/?group_id=23067&id=306970

UPDATE: Oracle Security Alert for CVE-2011-5035
http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html

[waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00166.html

Cross-site scripting vulnerability in Invision Power Board version 3.2.3
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00165.html

[ MDVSA-2012:044 ] cvs
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00164.html

[ MDVSA-2012:043 ] nginx
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00163.html

NGS00158 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Arbitrary file downl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00162.html

NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00161.html

NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion toke
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00160.html

NGS00155 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Any logged-in us
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00159.html

NGS00154 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Session hijacking an
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00157.html

NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00158.html

[SECURITY] [DSA 2444-1] tryton-server security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00156.html

OWASP AppSec Research EU CFP/CFT
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-03/msg00155.html

Cisco Unified Communications Manager Directory Traversal Vulnerability
http://www.securiteam.com/securitynews/5SP3G2K6NA.html

Cisco Unified Communications Manager Directory Traversal Vulnerability
http://www.securiteam.com/securitynews/5SP3G2K6NA.html

Cisco IOS Software NAT of Crafted SIP Over UDP Packets DoS Vulnerability
http://www.securiteam.com/securitynews/5RP3F2K6NA.html

Cisco IOS Software NAT of H.323 Packets DoS Vulnerability
http://www.securiteam.com/securitynews/5ZP3O2K6MY.html

Cisco IOS Software NAT of SIP Over TCP Vulnerability
http://www.securiteam.com/securitynews/5YP3N2K6MA.html

Cisco IOS Software Provider Edge Multiprotocol Label Switching (MPLS) NAT of SIP Over UDP Packets DoSVulnerability
http://www.securiteam.com/securitynews/5XP3M2K6MC.html

Cisco IOS Software Smart Install Remote Code Execution Vulnerability
http://www.securiteam.com/securitynews/5WP3L2K6ME.html

Cisco IP Video Phone E20 Default Root Account
http://www.securiteam.com/securitynews/5VP3K2K6MG.html

Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
http://www.securiteam.com/securitynews/5UP3J2K6MI.html

Cisco Video Surveillance IP Cameras Denial of Service Vulnerability
http://www.securiteam.com/securitynews/5TP3I2K6MK.html

Apple iOS libxslt Information Disclosure Vulnerability
http://www.securiteam.com/securitynews/5SP3H2K6MM.html

Microsoft Expression Design Insecure Library Loading Vulnerability
http://www.securiteam.com/windowsntfocus/5RP3G2K6MO.html

Bugzilla Content Sniffing Cross-Site Scripting (XSS) Vulnerability
http://www.securiteam.com/securitynews/5QP3F2K6MQ.html

Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5YP3O2K6LW.html

Microsoft Remote Desktop Protocol Service Denial of Service Vulnerability
http://www.securiteam.com/windowsntfocus/5XP3N2K6LA.html

Microsoft Visual Studio Add-In Local Privilege Escalation Vulnerability
http://www.securiteam.com/windowsntfocus/5WP3M2K6LE.html

Microsoft Windows DNS Server Remote Denial of Service Vulnerability
http://www.securiteam.com/windowsntfocus/5VP3L2K6LI.html

Microsoft Windows Kernel 'Win32k.sys' Local Privilege Escalation Vulnerability
http://www.securiteam.com/securitynews/5UP3K2K6LM.html

Oracle Communications Unified 'Calendar Server' Local Security Vulnerability
http://www.securiteam.com/securitynews/5TP3J2K6LQ.html

Oracle Communications Unified 'Calendar Server' Local Vulnerability
http://www.securiteam.com/securitynews/5SP3I2K6LU.html

Oracle Database Listener Remote Vulnerability
http://www.securiteam.com/securitynews/5RP3H2K6LY.html

Oracle Fusion Middleware Remote Oracle WebCenter Content Vulnerability
http://www.securiteam.com/securitynews/5QP3G2K6LC.html

Oracle GlassFish Enterprise Server 'Administration' Local Server Vulnerability
http://www.securiteam.com/securitynews/5PP3F2K6LG.html

Oracle JDEdwards EnterpriseOne Tools Information Disclosure Vulnerability
http://www.securiteam.com/securitynews/5XP3O2K6KU.html

Oracle JDEdwards EnterpriseOne Tools 'SEC (JDENET)' Information Disclosure Vulnerability
http://www.securiteam.com/securitynews/5WP3N2K6KA.html

Oracle Outside In 'Image Export SDK' Remote Code Execution Vulnerability
http://www.securiteam.com/securitynews/5VP3M2K6KG.html

Oracle PeopleSoft Enterprise HCM 9.1 'ePerformance' Remote Vulnerability
http://www.securiteam.com/securitynews/5UP3L2K6KM.html

Oracle Solaris 'ksh93 Shell' Local Solaris Vulnerability
http://www.securiteam.com/securitynews/5TP3K2K6KS.html

Oracle Sun Solaris Remote Security Vulnerability
http://www.securiteam.com/securitynews/5SP3J2K6KY.html

Oracle Transportation Management Denial Of Service Vulnerability
http://www.securiteam.com/securitynews/5RP3I2K6KE.html

Oracle Business Intelligence Enterprise Edition 'BI Platform Security' Sub Component Remote Vulnerability
http://www.securiteam.com/securitynews/5QP3H2K6KK.html

Oracle Core RDBMS SQL Injection Vulnerability
http://www.securiteam.com/securitynews/5PP3G2K6KQ.html

Cyberoam UTM Information Disclosure Security Issue and Command Injection Vulnerability
http://secunia.com/advisories/48507/

Drupal Activity Module Cross-Site Request Forgery and Script Insertion Vulnerabilities
http://secunia.com/advisories/48632/

IrfanView Multiple Buffer Overflow Vulnerabilities
http://secunia.com/advisories/47333/

eZ Publish ezjscore Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48564/

Debian update for tryton-server
http://secunia.com/advisories/48591/

Gentoo update for libzip
http://secunia.com/advisories/48599/

TYPO3 Multiple Vulnerabilities
http://secunia.com/advisories/48622/

Cisco IOS AAA WEB_EXEC Command Authorisation Security Bypass Vulnerability
http://secunia.com/advisories/48636/

Cisco IOS AAA WEB_EXEC Command Authorisation Security Bypass Vulnerability
http://secunia.com/advisories/48614/

TYPO3 Realty Manager Extension "unserialise()" Information Disclosure Vulnerability
http://secunia.com/advisories/48552/

Python trytond Module "Many2Many" Field Relation Model Security Bypass Vulnerability
http://secunia.com/advisories/48635/

Drupal Chaos tool suite Module Script Insertion Vulnerability
http://secunia.com/advisories/48616/

Seditio "newmsg" and "rtext" Script Insertion Vulnerability
http://secunia.com/advisories/48637/

Cisco IOS WAAS and MACE Denial of Service Vulnerabilities
http://secunia.com/advisories/48595/

Cisco IOS NAT SIP Processing Denial of Service Vulnerability
http://secunia.com/advisories/48515/

Red Hat update for flash-plugin
http://secunia.com/advisories/48640/

Camera Stream Client ActiveX Control "SetDirectory()" Buffer Overflow
http://secunia.com/advisories/48602/

Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability
http://secunia.com/advisories/48607/

Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability
http://secunia.com/advisories/48605/

Cisco IOS Zone-Based Firewall Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/48608/

TYPO3 additional_reports Extension Arbitrary File Download Vulnerability
http://secunia.com/advisories/48537/

Drupal Organic groups Module Security Bypass Security Issue
http://secunia.com/advisories/48620/

Drupal Fusion Theme Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48606/

Drupal Ubercart Views Module Default Views Security Bypass Vulnerability
http://secunia.com/advisories/48631/

Drupal Bundle copy Module "use PHP for settings" Security Bypass Vulnerability
http://secunia.com/advisories/48626/

Cisco IOS XE Reverse SSH Login Denial of Service Vulnerability
http://secunia.com/advisories/48641/

Cisco IOS Reverse SSH Login Denial of Service Vulnerability
http://secunia.com/advisories/48609/

Cisco IOS Smart Install Unspecified Denial of Service Vulnerability
http://secunia.com/advisories/48610/

Drupal Contact Save Module Unspecified Script Insertion Vulnerability
http://secunia.com/advisories/48619/

Drupal Share Buttons (AddToAny) Module Unspecified Script Insertion Vulnerability
http://secunia.com/advisories/48615/

Drupal ShareThis Module Script Insertion and Cross-Site Request Forgery Vulnerabilities
http://secunia.com/advisories/48598/

Drupal Node Limit Number Module Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/48597/

Drupal MultiBlock Module Block Title Script Insertion Vulnerability
http://secunia.com/advisories/48588/

Drupal Contact Forms Module Script Insertion Vulnerability
http://secunia.com/advisories/48583/

Cisco IOS Multicast Source Discovery Denial of Service Vulnerability
http://secunia.com/advisories/48633/

Cisco IOS RSVP Denial of Service Vulnerability
http://secunia.com/advisories/48621/

Cisco IOS Multicast Source Discovery Denial of Service Vulnerability
http://secunia.com/advisories/48630/

Cisco IOS RSVP Denial of Service Vulnerability
http://secunia.com/advisories/48611/

TRENDnet UltraMJCam ActiveX Control Buffer Overflow Vulnerability
http://secunia.com/advisories/48601/

SUSE update for MozillaFirefox
http://secunia.com/advisories/48624/

SUSE update for perl-DBD-Pg
http://secunia.com/advisories/48627/

SUSE update for expat
http://secunia.com/advisories/48628/

SUSE update for MozillaFirefox
http://secunia.com/advisories/48629/

Gitblit "jsessionid" Session Fixation Vulnerability
http://secunia.com/advisories/48592/

Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/48618/

Adobe Flash Player / AIR Two Vulnerabilities
http://secunia.com/advisories/48623/

Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194

Red Hat Linux Kernel CVE-2011-3347 VLAN Packets Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50312

libzip Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/52658

GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
http://www.securityfocus.com/bid/52201

Adobe Flash Player APSB12-07 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/52748

GnuTLS TLS Record Handling Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52667

GNU Libtasn1 ASN1 Length DER Decoding Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52668

GnuTLS 'gnutls_session_get_data()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50609

OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764

OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428

IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51426

Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407

Coppermine Photo Gallery 'keywords' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/52818

PTK Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/52817

Drupal Node Limit Number Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/52816

Drupal Ubercart Views Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52814

Drupal CDN2 Video Module Cross Site Request Forgery and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52812

Drupal Bundle Copy Module Arbitrary PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/52811

Skype UTF-8 Symbol Messages Denial of Service Vulnerability
http://www.securityfocus.com/bid/52810

PicoPublisher 'id' parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/52808

eZ Publish 'ezjscore' Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52807

IrfanView Bitmap File Remote Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52806

KnFTPd 'FEAT' Command Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52805

Python 'trytond' Module 'Many2Many' Field Security Bypass Vulnerability
http://www.securityfocus.com/bid/52804

Seditio 'forums.php' Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52802

Organic Groups Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/52799

Fusion Module Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52798

Barracuda Cloud Control Center Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52795

Chaos Tool Suite Module Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52794

Typo3 Event Board ('kb_eventboard') Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/52792

Drupal Contact Save Module Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52787

B2Evolution CMS SQL Injection and Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52783

EasyPHP 'main.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/52781

Drupal Share Buttons (AddToAny) Module Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52777

0 件のコメント:

コメントを投稿