2012年4月27日金曜日
27日 金曜日、先負
+ RHSA-2012:0523 Moderate: libpng security update
http://rhn.redhat.com/errata/RHSA-2012-0523.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048
+ Ubuntu Desktop 12.04 LTS released
https://wiki.ubuntu.com/PrecisePangolin/ReleaseNotes/UbuntuDesktop
+ Java SE 7 Update 4 is now available!
http://www.oracle.com/technetwork/java/javase/7u4-relnotes-1575007.html
+ Java SE 6 Update 32 released
http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html
http://www.oracle.com/technetwork/java/javase/6u32-relnotes-1578471.html
+ PHP 5.3.11 And PHP 5.4.1 Released!
http://www.php.net/ChangeLog-5.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0831
+ OpenSSL 1.0.1b released
http://www.openssl.org/
http://www.openssl.org/news/changelog.html
+ Microsoft Security Essentials 4.0 released
http://windows.microsoft.com/ja-JP/windows/products/security-essentials?SignedIn=1
HPSBNS02767 SSRT100829 rev.1 - HP NonStop Servers running Java 6.0, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Access
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03289980%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
HPSBPI02728 SSRT100692 rev.6 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03102449%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
HPSBPV02754 SSRT100803 rev.2 - HP ProCurve 5400 zl Switch, Compact flash card contains trojan malware
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03249176%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
製品プログラム、ドキュメントのダウンロード時にエラーが発生する現象につきまして
http://www.trendmicro.co.jp/support/news.asp?id=1775
ゴールデンウイーク期間の営業に関するご案内
http://www.trendmicro.co.jp/support/news.asp?id=1774
ゴールデンウィーク期間の問合せ窓口体制
http://www.trendmicro.co.jp/support/news.asp?id=1572
「サイバー攻撃対策で政府に協力、世界初の取り組み」--アドビ社長
政府機関の電子署名に対応、悪質なPDFファイルを検出可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20120427/393944/?ST=security
日本のサイバー防衛は5段階で3.5、マカフィーが調査
http://itpro.nikkeibp.co.jp/article/NEWS/20120426/393828/?ST=security
Facebook、アンチウイルスソフトの6カ月無償トライアルを提供
http://itpro.nikkeibp.co.jp/article/NEWS/20120426/393704/?ST=security
DDIVRT-2012-41 ACTi Web Configurator cgi-bin Directory Traversal
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00208.html
DDIVRT-2012-40 PacketVideo TwonkyServer and TwonkyMedia Directory Traversal
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00207.html
[security bulletin] HPSBPI02728 SSRT100692 rev.6 - Certain HP Printers and HP Digital Senders, R
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00206.html
PHP Volunteer Management id 1.0.2 Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00205.html
Oracle TNS Poison vulnerability is actually a 0day with no patch available
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00203.html
[SECURITY] [DSA 2459-1] quagga security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00202.html
ToorCamp 2012: The American Hacker Camp
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00201.html
JVN#15503729 OSQA におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN15503729/index.html
JVN#82029095 spモードメールアプリにおける SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/jp/JVN82029095/index.html
JVNDB-2012-000005 osCommerce におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000005.html
JVNDB-2012-002158 Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002158.html
JVNDB-2012-002157 Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002157.html
JVNDB-2012-002156 Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002156.html
JVNDB-2012-002155 Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002155.html
JVNDB-2012-002154 Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002154.html
JVNDB-2012-002153 Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002153.html
JVNDB-2012-002152 Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002152.html
JVNDB-2012-002151 Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002151.html
JVNDB-2012-002150 Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002150.html
JVNDB-2012-002149 Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002149.html
JVNDB-2012-002148 Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002148.html
JVNDB-2012-002147 Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002147.html
JVNDB-2012-002146 Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002146.html
JVNDB-2012-002145 Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002145.html
JVNDB-2012-002144 Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002144.html
JVNDB-2012-002143 Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002143.html
JVNDB-2012-002142 Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002142.html
JVNDB-2012-002141 Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002141.html
JVNDB-2012-002140 Mozilla Firefox Mobile およびその他の製品で使用される FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002140.html
JVNDB-2012-002139 複数の Mozilla 製品におけるアドレスバーを偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002139.html
JVNDB-2012-002138 複数の Mozilla 製品の texImage2D の実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002138.html
JVNDB-2012-002137 複数の Mozilla 製品におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002137.html
JVNDB-2012-002136 複数の Mozilla 製品における IPv6 リテラルのアクセス制御リスト (ACL) を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002136.html
JVNDB-2012-002135 複数の Mozilla 製品の docshell の実装におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002135.html
JVNDB-2012-002134 複数の Mozilla 製品の WebGLBuffer::FindMaxUshortElement 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002134.html
JVNDB-2012-002133 複数の Mozilla 製品の cairo-dwrite 実装におけるサービス運用妨害 (メモリ破損) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002133.html
JVNDB-2012-002132 複数の Mozilla 製品におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002132.html
JVNDB-2012-002131 複数の Mozilla 製品におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002131.html
JVNDB-2012-002130 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002130.html
JVNDB-2012-002129 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (表明違反およびメモリ破損) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002129.html
JVNDB-2012-002128 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002128.html
JVNDB-2012-000036 (JVN#15503729) OSQA におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000036.html
JVNDB-2012-000037 (JVN#82029095) spモードメールアプリにおける SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000037.html
JVNDB-2012-002127 (JVNVU#889195) Rugged Operating System (ROS) におけるユーザアカウントに関する問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002127.html
JVNDB-2012-002126 OpenSSL の crypto/buffer/buffer.c における整数符号エラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002126.html
Define Irony: A medical device with a Virus?
http://isc.sans.edu/diary.html?storyid=13066
Net-snmp handle_nsExtendOutput2Table() Array Index Error Lets Remote Users Deny Service
http://www.securitytracker.com/id/1026984
Comodo Internet Security PE File Processing Bug Lets Remote and Local Users Deny Service
http://www.securitytracker.com/id/1026982
Net-SNMP Agent MIB Subtree Handling Denial of Service Vulnerability
http://secunia.com/advisories/48938/
Drupal Linkit Module Information Disclosure Security Issue
http://secunia.com/advisories/48900/
Drupal Spaces Module Spaces Access Permissions Security Bypass Security Issue
http://secunia.com/advisories/48930/
Drupal RealName Module Script Insertion Vulnerability
http://secunia.com/advisories/48936/
Drupal Creative Commons Module License Description Script Insertion Vulnerability
http://secunia.com/advisories/48937/
Kaseya "adminName" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48946/
Debian update for quagga
http://secunia.com/advisories/48949/
Ruby Mail Gem Directory Traversal and Shell Command Injection Vulnerabilities
http://secunia.com/advisories/48970/
Joomla! NinjaXplorer Component Unspecified Vulnerability
http://secunia.com/advisories/48958/
sp-mode mail for Android SSL Certificate Validation Security Issue
http://secunia.com/advisories/48955/
SUSE update for wireshark
http://secunia.com/advisories/48986/
Debian update for asterisk
http://secunia.com/advisories/48941/
SUSE update for t1lib
http://secunia.com/advisories/48985/
Red Hat update for libpng
http://secunia.com/advisories/48983/
LOCAL: Parallels PLESK 9.x Insecure Permissions
http://www.exploit-db.com/exploits/18785
LOCAL: mount.cifs chdir() Arbitrary root File Identification
http://www.exploit-db.com/exploits/18783
Jetty Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51199
HP Printers and Digital Senders Remote Firmware Update Security Bypass Vulnerability
http://www.securityfocus.com/bid/50876
RETIRED: vtiger CRM 'module_name' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/52671
libpng 'png_set_text_2()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52830
OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158
Multiple PacketVideo Products Directory Traversal Vulnerability
http://www.securityfocus.com/bid/53265
Parallels Plesk Panel Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/53264
ACTi Web Configurator 'cgi-bin' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/53263
PHP Volunteer Management SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53261
OSQA Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53259
Net-SNMP Agent MIB Subtree Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53258
RubyGems mail Directory Traversal and Command Injection Vulnerabilities
http://www.securityfocus.com/bid/53257
Joomla! NinjaXplorer Component Unspecified Security Vulnerability
http://www.securityfocus.com/bid/53256
sp mode mail CVE-2012-1244 SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/53254
2012年4月26日木曜日
26日 木曜日、友引
+ RHSA-2012:0523 Moderate: libpng security update
http://rhn.redhat.com/errata/RHSA-2012-0523.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048
+ CentOS alert CESA-2012:0518 (openssl)
http://lwn.net/Alerts/494457/
http://lwn.net/Alerts/494459/
+ CentOS alert CESA-2012:0515 (firefox)
http://lwn.net/Alerts/494460/
http://lwn.net/Alerts/494462
+ CentOS alert CESA-2012:0516 (thunderbird)
http://lwn.net/Alerts/494466/
http://lwn.net/Alerts/494464/
+ CentOS alert CESA-2012:0523 (libpng)
http://lwn.net/Alerts/494468/
+ PostgreSQL JDBC driver 9.1-902 released
http://jdbc.postgresql.org/download.html#jdbcselection
+ SA48962 Microsoft Visual Studio Linker Integer Overflow Vulnerability
http://secunia.com/advisories/48962/
ウイルスバスター コーポレートエディション 8.0 Service Pack 1をご利用中のお客さまへ
- バージョンアップのお願い -
http://www.trendmicro.co.jp/support/news.asp?id=1757
[SECURITY] [DSA 2460-1] asterisk security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00196.html
Multiple vulnerabilities in Piwigo
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00195.html
linux privileged and arbitrary chdir() (fixed at 5.4 cifs release)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00194.html
[SECURITY] [DSA 2454-2] openssl incomplete fix
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00193.html
[SECURITY] [DSA 2548-1] iceape security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00192.html
[SECURITY] [DSA 2457-1] iceweasel security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00191.html
[SECURITY] [DSA 2456-1] dropbear security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00190.html
【注意喚起】ゴールデンウィーク前に対策を
http://www.ipa.go.jp/security/topics/alert240425.html
日産ネットワークに攻撃、標的はEV技術か (WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20120426/393602/?ST=security
Adobe Readerが政府の電子署名に対応、PDF悪用のサイバー攻撃対策
GPKIの電子証明書を自動配信、手動でもインストール可能
http://itpro.nikkeibp.co.jp/article/NEWS/20120426/393601/?ST=security
「標的型攻撃も検知できる」、トレンドマイクロが専用機器を発表
企業ネットワークのデータを監視、ウイルスや攻撃を報告
http://itpro.nikkeibp.co.jp/article/NEWS/20120425/393242/?ST=security
Blacole's obfuscated JavaScript
http://isc.sans.edu/diary.html?storyid=13051
Blacole's shell code
http://isc.sans.edu/diary.html?storyid=13057
VU#889195 RuggedCom Rugged Operating System (ROS) contains a hard-coded user account with a predictable password
http://www.kb.cert.org/vuls/id/889195
Samsung TV Bug in Remote Control Feature Lets Remote Users Deny Service
http://www.securitytracker.com/id/1026976
Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code, Spoof Web Sites, Obtain Information, and Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1026973
Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code, Spoof Web Sites, Obtain Information, and Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1026972
Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code, Spoof Web Sites, Obtain Information, and Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1026971
Piwigo Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/48903/
RuggedCom Rugged Operating System Undocumented Account Security Issue
http://secunia.com/advisories/48963/
IBM Rational Products Multiple Vulnerabilities
http://secunia.com/advisories/48968/
IBM Rational Products Multiple Vulnerabilities
http://secunia.com/advisories/48967/
Microsoft Visual Studio Linker Integer Overflow Vulnerability
http://secunia.com/advisories/48962/
Red Hat update for thunderbird
http://secunia.com/advisories/48952/
Red Hat update for firefox
http://secunia.com/advisories/48944/
Debian update for iceape
http://secunia.com/advisories/48920/
Debian update for iceweasel
http://secunia.com/advisories/48922/
Red Hat update for java-1.6.0-ibm
http://secunia.com/advisories/48950/
bind-dyndb-ldap DNS Query Processing Denial of Service Vulnerability
http://secunia.com/advisories/48901/
WordPress ShareYourCart Plugin Path Disclosure Weaknesses
http://secunia.com/advisories/48960/
Mozilla Firefox Mobile FreeType Multiple Vulnerabilities
http://secunia.com/advisories/48973/
Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities
http://secunia.com/advisories/48972/
Mozilla Firefox / Thunderbird Multiple Vulnerabilities
http://secunia.com/advisories/48932/
Argyll Color Management System icclib Use-After-Free Vulnerability
http://secunia.com/advisories/48921/
Joomla! ccNewsletter Component "id" SQL Injection Vulnerability
http://secunia.com/advisories/48934/
Red Hat update for openssl
http://secunia.com/advisories/48942/
Red Hat update for JBoss Enterprise Portal Platform
http://secunia.com/advisories/48954/
Debian update for dropbear
http://secunia.com/advisories/48929/
Ubuntu update for openssl
http://secunia.com/advisories/48956/
REMOTE: MS12-027 MSCOMCTL ActiveX Buffer Overflow
http://www.exploit-db.com/exploits/18780
LOCAL: Shadow Stream Recorder 3.0.1.7 Buffer Overflow
http://www.exploit-db.com/exploits/18781
Linux Kernel CVE-2012-1090 CIFS 'umount' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52197
Linux Kernel 'Clone()' Function 'CLONE_IO' Flag Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/52152
Linux Kernel Regsets CVE-2012-1097 NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52274
Oracle Solaris CVE-2012-1692 Local Vulnerability
http://www.securityfocus.com/bid/53125
Oracle Sun Products Suite CVE-2012-1694 Remote Solaris Vulnerability
http://www.securityfocus.com/bid/53126
Oracle Sun Products Suite CVE-2012-1683 Local Solaris Vulnerability
http://www.securityfocus.com/bid/53130
Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51702
Rugged Operating System Backdoor Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/53215
Chilkat Zip ChilkatZip2.DLL Multiple Arbitrary File Overwrite Vulnerabilities
http://www.securityfocus.com/bid/24806
Joomla CCNewsLetter Module 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/53208
OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158
systemd 'systemd-logind' Insecure Temporary File Handling Vulnerability
http://www.securityfocus.com/bid/52538
Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52911
libpng 'png_set_text_2()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52830
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0467 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53223
Drupal Linkit Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/53253
Drupal Spaces and Spaces OG Modules Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/53252
Drupal Ubercart Module Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53251
Drupal RealName Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53250
Drupal Site Documentation Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53249
Drupal Creative Commons Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53248
IBM Rational Products Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53247
GNU Common Internet File System (CIFS) setuid 'mount.cifs' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53246
Piwigo Multiple Cross Site Scripting and Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/53245
Microsoft Visual Studio Linker Integer Overflow Vulnerability
http://www.securityfocus.com/bid/53243
Ettercap 'exchndl.dll' And 'quserex.dll' DLL Loading Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/53242
WordPress ShareYourCart plugin Path-Disclosure Vulnerability
http://www.securityfocus.com/bid/53241
ICCLIB CVE-2012-1616 Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53240
2012年4月25日水曜日
25日 水曜日、先勝
+ RHSA-2012:0516 Critical: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2012-0516.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0479
+ RHSA-2012:0515 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2012-0515.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0479
+ RHSA-2012:0518 Important: openssl security update
http://rhn.redhat.com/errata/RHSA-2012-0518.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
+ Mozilla Firefox 12 released
http://mozilla.jp/firefox/download/all/
+ Mozilla Thunderbird 12 released
http://mozilla.jp/thunderbird/download/all/
+ Postfix 2.6.15, 2.7.9, 2.8.10, 2.9.1 released
http://mirror.postfix.jp/postfix-release/official/postfix-2.6.15.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.7.9.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.8.10.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.9.2.HISTORY
+ Sudo 1.8.5rc3 released
http://www.sudo.ws/sudo/devel.html#1.8.5rc3
+ OpenSSL CVE-2012-2131 Encoded ASN.1 Data Incomplete Fix Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2131
+ Linux Kernel Hugepages CVE-2012-2133 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2133
MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds
http://www.mozilla.org/security/announce/2012/mfsa2012-33.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0479
MFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors
http://www.mozilla.org/security/announce/2012/mfsa2012-32.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1187
MFSA 2012-31 Off-by-one error in OpenType Sanitizer
http://www.mozilla.org/security/announce/2012/mfsa2012-31.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3062
MFSA 2012-30 Crash with WebGL content using textImage2D
http://www.mozilla.org/security/announce/2012/mfsa2012-30.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0478
MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
http://www.mozilla.org/security/announce/2012/mfsa2012-29.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477
MFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
http://www.mozilla.org/security/announce/2012/mfsa2012-28.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0475
MFSA 2012-27 Page load short-circuit can lead to XSS
http://www.mozilla.org/security/announce/2012/mfsa2012-27.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0474
MFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error
http://www.mozilla.org/security/announce/2012/mfsa2012-26.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0473
MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite
http://www.mozilla.org/security/announce/2012/mfsa2012-25.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0472
MFSA 2012-24 Potential XSS via multibyte content processing errors
http://www.mozilla.org/security/announce/2012/mfsa2012-24.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471
MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface
http://www.mozilla.org/security/announce/2012/mfsa2012-23.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0470
MFSA 2012-22 use-after-free in IDBKeyRange
http://www.mozilla.org/security/announce/2012/mfsa2012-22.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0469
MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9
http://www.mozilla.org/security/announce/2012/mfsa2012-21.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1144
MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)
http://www.mozilla.org/security/announce/2012/mfsa2012-20.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0467
CentOS alert CESA-2012:0509 (wireshark)
http://lwn.net/Alerts/494141/
phpMyAdmin 3.5.1-rc1 released
http://sourceforge.net/news/?group_id=23067&id=307432
Announcing phpMyAdmin's GSoC 2012 projects
http://sourceforge.net/news/?group_id=23067&id=307427
InterScan for Lotus Domino 3.0 及び 3.1 におけるウイルスパターンファイル リリースの遅延について
http://www.trendmicro.co.jp/support/news.asp?id=1773
PHP Ticket System Beta 1 p SQL Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00189.html
[ MDVSA-2012:064 ] openssl0.9.8
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00184.html
New IETF I-D: Security Implications of IPv6 on IPv4 networks
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00187.html
[security bulletin] HPSBUX02768 SSRT100664 rev.1 - CIFS Server (Samba), Remote Cross Site Reques
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00186.html
RuggedCom - Backdoor Accounts in my SCADA network? You dont say...
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00185.html
プレス発表
複数のジャストシステム製品におけるセキュリティ上の弱点(脆弱性)の注意喚起
http://www.ipa.go.jp/about/press/20120424.html
サイバーセキュリティ注意喚起サービス「icat」の公開
http://www.ipa.go.jp/security/vuln/icat.html
IPA テクニカルウォッチ
「クラウドコンピューティングのセキュリティその意味と社会的重要性の考察」レポート
http://www.ipa.go.jp/about/technicalwatch/20120424.html
トレンドマイクロ、標的型攻撃の実態をレポートで可視化する監視機器を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20120424/393036/?ST=security
JVN#09619876 複数のジャストシステム製品におけるバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN09619876/index.html
JVN#95378720 複数のジャストシステム製品における DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN95378720/index.html
JVNDB-2012-002125 Gallery における暗号化の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002125.html
JVNDB-2012-002124 Cumin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002124.html
JVNDB-2012-002123 Gallery の管理サブシステムにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002123.html
JVNDB-2012-002122 NVIDIA UNIX ドライバにおける任意のメモリ領域にアクセスされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002122.html
JVNDB-2012-002121 IBM Tivoli Directory Server におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002121.html
JVNDB-2012-002120 IBM Tivoli Directory Server の Web Admin Tool におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002120.html
JVNDB-2012-002119 IBM Tivoli Directory Server の TLS のデフォルト設定における非暗号化通信を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002119.html
JVNDB-2012-002118 IBM Rational ClearQuest の Ole API におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002118.html
JVNDB-2012-002117 Debian GNU/Linux 上で稼働する apache2 におけるクロスサイトスクリプティング (XSS) 攻撃を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002117.html
JVNDB-2012-002116 TeamPass の sources/users.queries.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002116.html
JVNDB-2012-002115 WordPress の wp-comments-post.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002115.html
JVNDB-2012-002114 WordPress の wp-includes/formatting.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002114.html
JVNDB-2012-002113 WordPress の wp-admin/plugins.php におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002113.html
JVNDB-2012-002112 WordPress および他の製品で使用される Plupload における同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002112.html
JVNDB-2012-002111 WordPress の wp-includes/js/swfobject.js における詳細不明な脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002111.html
JVNDB-2012-002110 WordPress の wp-includes/js/swfupload/swfupload.swf における詳細不明な脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002110.html
JVNDB-2012-000035 (JVN#09619876) 複数のジャストシステム製品におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000035.html
JVNDB-2012-000034 (JVN#95378720) 複数のジャストシステム製品における DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000034.html
JVNDB-2012-001903 Windows 上で稼働する CA ARCserve Backup におけるサービス運用妨害 (サービスシャットダウン) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001903.html
JVNDB-2012-002109 ownCloud の files/ajax/download.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002109.html
JVNDB-2012-002108 ownCloud におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002108.html
JVNDB-2012-002107 ownCloud の index.php におけるオープンリダイレクトの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002107.html
JVNDB-2012-002106 ownCloud におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002106.html
JVNDB-2012-002105 PHP Gift Registry の users.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002105.html
JVNDB-2012-002104 Windows 7 64-bit プラットフォーム上で稼働する Comodo Internet Security におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002104.html
JVNDB-2012-001629 Adobe Flash Player における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001629.html
JVNDB-2012-002103 EMC Data Protection Advisor の DPA_Utilities ライブラリにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002103.html
JVNDB-2012-002102 EMC Data Protection Advisor におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002102.html
JVNDB-2012-002101 VideoLAN VLC media player におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002101.html
JVNDB-2012-002100 複数のプラットフォーム上で稼働する HP OpenVMS におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002100.html
JVNDB-2012-002099 OpenSSL の asn1_d2i_read_bio 関数におけるバッファオーバーフロー攻撃を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002099.html
OpenSSL reissues fix for ASN1 BIO vulnerability
http://isc.sans.edu/diary.html?storyid=13042
SPIP Input Validation Flaws Permit Cross-Site Scripting and Other Unspecified Attacks
http://www.securitytracker.com/id/1026970
WebCalendar Access Control and File Inclusion Bugs Let Remote Users Potentially Execute Arbitrary Code
http://www.securitytracker.com/id/1026966
REMOTE: RuggedCom Devices Backdoor Access
http://www.exploit-db.com/exploits/18779
DoS/PoC: .NET Framework EncoderParameter Integer Overflow Vulnerability
http://www.exploit-db.com/exploits/18777
DoS/PoC: BeyondCHM 1.1 Buffer Overflow
http://www.exploit-db.com/exploits/18776
Ubuntu update for linux-ec2 and linux
http://secunia.com/advisories/48914/
vBulletin Multiple Products MAPI Unspecified Vulnerability
http://secunia.com/advisories/48917/
Ubuntu update for mysql
http://secunia.com/advisories/48919/
WebCalendar "pref_THEME" File Inclusion Vulnerability
http://secunia.com/advisories/48906/
SUSE update for cobbler
http://secunia.com/advisories/48926/
SUSE update for SUSE Manager
http://secunia.com/advisories/48953/
Red Hat update for wireshark
http://secunia.com/advisories/48947/
Red Hat update for java-1.5.0-ibm
http://secunia.com/advisories/48948/
Liferay Portal "addUser" Method Security Bypass Vulnerability
http://secunia.com/advisories/43687/
SPIP Unspecified Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/48939/
Exponent CMS "src" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48911/
Exponent CMS Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/48902/
Asterisk Multiple Vulnerabilities
http://secunia.com/advisories/48891/
NET-i viewer ActiveX Controls "BackupToAvi()" Buffer Overflow Vulnerabilities
http://secunia.com/advisories/48966/
NET-i viewer ActiveX Controls "ConnectDDNS()" Code Execution Vulnerabilities
http://secunia.com/advisories/48965/
HP-UX update for CIFS Server
http://secunia.com/advisories/48943/
SUSE update for freetype2
http://secunia.com/advisories/48951/
SUSE update for kernel
http://secunia.com/advisories/48898/
JustSystems Multiple Products Two Vulnerabilities
http://secunia.com/advisories/47363/
Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0474 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53228
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0473 Out of Bounds Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53231
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0477 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53229
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-0478 Denial of Service Vulnerability
http://www.securityfocus.com/bid/53227
Mozilla Firefox/Thunderbird/SeaMonkey 'cairo-dwrite' CVE-2012-0472 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53218
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0468 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53221
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-0470 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53225
Mozilla Firefox/SeaMonkey/Thunderbird Site Identity Spoofing Vulnerability
http://www.securityfocus.com/bid/53224
OpenType Sanitizer Off By One Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53222
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0471 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53219
Mozilla Firefox/Thunderbird/SeaMonkey IDBKeyRange Use-After-Free Vulnerability
http://www.securityfocus.com/bid/53220
Linux Kernel 'ext4_ext_insert_extent()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50322
OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158
OpenSSL CVE-2012-2131 Encoded ASN.1 Data Incomplete Fix Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53212
Rugged Operating System Backdoor Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/53215
Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability
http://www.securityfocus.com/bid/52161
Oracle Java SE CVE-2012-0498 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52019
Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013
Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018
Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012
Oracle Java SE CVE-2012-0499 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52016
Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014
Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011
Oracle Java SE CVE-2012-0497 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52009
Oracle Java SE CVE-2012-0500 Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52015
Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194
Google Chrome Prior to 18.0.1025.142 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52762
Google Chrome prior to 10.0.648.127 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/46785
FreeType Versions Prior to 2.4.9 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52318
Linux kernel fcaps Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/53166
MacVTap Device Driver Local Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53165
KVM CVE-2012-2121 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53162
Wicd 'SetWirelessProperty()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/52987
libpng 'png_set_text_2()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52830
Oracle MySQL CVE-2012-1690 Remote MySQL Server Vulnerability
http://www.securityfocus.com/bid/53074
Oracle MySQL CVE-2012-1688 Remote MySQL Server Vulnerability
http://www.securityfocus.com/bid/53067
Oracle MySQL CVE-2012-1703 Remote MySQL Server Vulnerability
http://www.securityfocus.com/bid/53058
Linux Kernel Regsets CVE-2012-1097 NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52274
Linux Kernel KVM CVE-2012-0045 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51389
Linux Kernel CVE-2011-4347 Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/50811
Linux Kernel CVE-2012-1090 CIFS 'umount' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52197
Wireshark Buffer Underflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/51710
Wireshark Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/51368
Wireshark 'ERF' data Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52737
Wireshark ERF File Parser Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50486
Wireshark Versions Prior to 1.4.7/1.2.17 Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/48066
Wireshark NTLMSSP NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46796
Wireshark Lucent/Ascend File Parser Denial of Service Vulnerability
http://www.securityfocus.com/bid/48506
Wireshark Versions Prior to 1.4.5/1.2.16 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/47392
Wireshark ANSI A MAP Files Denial of Service Vulnerability
http://www.securityfocus.com/bid/49071
Bind DynDB LDAP 'bind-dyndb-ldap' Package Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53236
PHP Ticket 'p' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/53235
Linux Kernel Hugepages CVE-2012-2133 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53233
libsoup SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/53232
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0475 Security Bypass Vulnerability
http://www.securityfocus.com/bid/53230
Multiple vBulletin Products Unspecified Security Vulnerability
http://www.securityfocus.com/bid/53226
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0467 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53223
SPIP Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53216
Multiple JustSystems Products Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/53214
BeyondCHM '.chm' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53213
2012年4月24日火曜日
24日 火曜日、赤口
+ RHSA-2012:0509 Moderate: wireshark security update
http://rhn.redhat.com/errata/RHSA-2012-0509.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1595
+ Google Chrome 18.0.1025.165 on Mac released
http://googlechromereleases.blogspot.jp/2012/04/stable-channel-update_23.html
+ nginx 1.2.0 stable version released
http://nginx.org/en/CHANGES
+ HPSBUX02768 SSRT100664 rev.1 - CIFS Server (Samba), Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03297338%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522
+ Dovecot 2.1.5 released
http://www.dovecot.org/list/dovecot-news/2012-April/000222.html
+ DBI 1.619 released
http://search.cpan.org/~timb/DBI/Changes#Changes_in_DBI_1.619_(svn_r15294)_23rd_April_2012
+ OpenLDAP 2.4.31 released
http://www.openldap.org/software/release/announce.html
http://www.openldap.org/software/release/changes.html
+ OpenSSL 0.9.8w released
http://www.openssl.org/news/
+ Linux Kernel 'xfrm6_tunnel_rcv()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1583
InterScan Messaging Security Virtual Appliance 8.2 リパック版 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1767
米国政府のプロテクションプロファイルの翻訳
~ IT製品の安全な調達のためのセキュリティ要求仕様書 ~
http://www.ipa.go.jp/security/publications/niap/spp-jp/index.html
ソフトウェア等の脆弱性関連情報に関する届出状況
[2012年第1四半期(1月~3月)]
http://www.ipa.go.jp/security/vuln/report/vuln2012q1.html
日立、モバイル端末向けの認証装置を発売
http://itpro.nikkeibp.co.jp/article/NEWS/20120423/392794/?ST=security
FYI: Were now paying up to $20,000 for web vulns in our services
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00182.html
WebCalendar <= 1.2.4 Two Security Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00181.html
AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00180.html
AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00179.html
AST-2012-004: Asterisk Manager User Unauthorized Shell Access
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00178.html
ChurchCMS 0.0.1 admin.php Multiple SQLi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00177.html
.NET Framework EncoderParameter integer overflow vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00176.html
[HITB-Announce] HITB Magazine Issue 008 (now with print edition!)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00174.html
XSS and Blind SQL Injection Vulnerabilities in ExponentCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00173.html
[Spam] Chengdu Bureau of Commerce - SQL Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00172.html
PSFTP v.1.8 Build 921 - Null Pointer (DoS) Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00170.html
[Suspected Spam] Havalite CMS v1.0.4 - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00171.html
[Suspected Spam] IPhone TreasonSMS - HTML Inject & File Include Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00169.html
phpMyBible 0.5.1 Mutiple XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00168.html
HTC IQRD Android Permission Leakage (CVE-2012-2217)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00175.html
[ MDVSA-2012:063 ] libreoffice
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00167.html
[ MDVSA-2012:062 ] openoffice.org
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00166.html
[ MDVSA-2012:061 ] raptor
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00165.html
[SECURITY] [DSA 2455-1] typo3-src security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00161.html
Adobe Acrobat and Reader 'newfunction' Remote Code Execution Vulnerability
http://www.securiteam.com/securitynews/5HP36206UU.html
Comments open for NIST-proposed updates to Digital Signature Standard
http://isc.sans.edu/diary.html?storyid=13033
Continued interest in Nikjju mass SQL injection campaign
http://isc.sans.edu/diary.html?storyid=13036
Asterisk SIP Channel Driver Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1026963
Asterisk Heap Overflow in Skinny Channel Driver Lets Remote Authenticated Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026962
Asterisk Manager Interface Lets Remote Authenticated Users Execute Shell Commands
http://www.securitytracker.com/id/1026961
NET-i ware Master and Storage Services Denial of Service Vulnerability
http://secunia.com/advisories/48825/
SUSE update for openssl
http://secunia.com/advisories/48916/
WordPress WP Survey And Quiz Tool Plugin "rowcount" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/48940/
WordPress Sharebar Plugin "status" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48908/
WordPress Multiple Vulnerabilities
http://secunia.com/advisories/48957/
IBM Tivoli Directory Server Web Admin Tool Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48907/
Xunlei Thunder Insecure Library Loading Vulnerability
http://secunia.com/advisories/47864/
SUSE update for kernel
http://secunia.com/advisories/48964/
IBM Rational ClearQuest CQOle ActiveX Remote Execution Vulnerability
http://www.vupen.com/english/ADV-2012-0220.php
SumatraPDF Files Processing Two Memory Corruption Vulnerabilities
http://www.vupen.com/english/ADV-2012-0219.php
OpenSSL "asn1_d2i_read_bio()" ASN1 BIO Remote Memory Corruption
http://www.vupen.com/english/ADV-2012-0218.php
WordPress Privilege Escalation and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/ADV-2012-0217.php
RubyGems SSL Server Certificate Verification Failure Security Bypass
http://www.vupen.com/english/ADV-2012-0216.php
Ruby "RubyGems: SSL" Server Verification Failure Security Bypass
http://www.vupen.com/english/ADV-2012-0215.php
DoS/PoC: Mobipocket Reader 6.2 Build 608 Buffer Overflow
http://www.exploit-db.com/exploits/18774
DoS/PoC: SumatraPDF v2.0.1 .chm and .mobi Memory Corruption
http://www.exploit-db.com/exploits/18771
Linux Kernel CVE-2012-1090 CIFS 'umount' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52197
Linux Kernel 'Clone()' Function 'CLONE_IO' Flag Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/52152
Linux Kernel Regsets CVE-2012-1097 NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52274
Linux Kernel NFS Client 'decode_getacl()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50655
Linux Kernel 'xfrm6_tunnel_rcv()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53139
Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51176
Linux Kernel 'journal_get_superblock()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50663
Linux Kernel 'memcg' NULL Pointer Deference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52324
Linux Kernel epoll Subsystem 'eventpoll.c' Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/46630
Linux Kernel 'taskstats' Access Restriction Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/50314
Linux Kernel '__split_huge_page()' Race Condition Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52533
Linux Kernel 'journal_unmap_buffer()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51945
SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49778
FreeType Versions Prior to 2.4.0 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/41663
Samba SWAT Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/48899
QEMU KVM CVE-2012-0029 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51642
Oracle Sun Products Suite CVE-2012-0539 Local Solaris Vulnerability
http://www.securityfocus.com/bid/53120
libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52049
Wireshark Buffer Underflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/51710
Wireshark ANSI A MAP Files Denial of Service Vulnerability
http://www.securityfocus.com/bid/49071
Wireshark Versions Prior to 1.4.5/1.2.16 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/47392
Wireshark ERF File Parser Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50486
Wireshark Versions Prior to 1.4.7/1.2.17 Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/48066
Wireshark 'ERF' data Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52737
Wireshark NTLMSSP NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46796
Wireshark Lucent/Ascend File Parser Denial of Service Vulnerability
http://www.securityfocus.com/bid/48506
Wireshark Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/51368
Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017
Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013
Oracle Java SE CVE-2012-0499 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52016
Oracle Java SE CVE-2011-3557 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50234
Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011
Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014
Oracle Java SE CVE-2011-3560 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50236
Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018
Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012
Oracle Java SE CVE-2012-0498 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52019
Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability
http://www.securityfocus.com/bid/52161
@lex Guestbook Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/37706
Apple iOS FreeType CVE-2011-3439 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/50643
FreeType Compact Font Format (CFF) Multiple Stack Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/42241
FreeType BDF Font File Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/42624
FreeType TrueType Font Handling 'ttinterp.c' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44643
FreeType Versions Prior to 2.4.9 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52318
FreeType Rendering Engine Position Value Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/43700
X.Org libXfont LZW Decompression 'BufCompressedFill()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/49124
FreeType Stack Buffer Overflow and Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/42285
FreeType Font Document Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/50155
FreeType 'seac' Calls Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/42621
Apple iOS for iPhone/iPad/iPod touch Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42151
FreeType 'ft_var_readpackedpoints()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44214
RETIRED: Liferay Enterprise Portal Arbitrary File Download And Security Bypass Vulnerability
http://www.securityfocus.com/bid/53190
Samba 'Perl-Based DCE/RPC IDL' Compiler Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52973
RPM Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52865
libTIFF CVE-2012-1173 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52891
Gallery Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52996
Quagga Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/52531
Raptor XML External Entity Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52681
ownCloud Password Reset Security Bypass Vulnerability
http://www.securityfocus.com/bid/53179
Oracle GlassFish Server Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53136
Asterisk Skinny Channel Driver Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53210
WebCalendar Local File Include and PHP code Injection Vulnerabilities
http://www.securityfocus.com/bid/53207
Asterisk Shell Command Execution Security Bypass Vulnerability
http://www.securityfocus.com/bid/53206
Asterisk SIP Channel Driver Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53205
Microsoft .NET Framework Parameter Validation Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/53204
WP Survey And Quiz Tool for WordPress Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53203
WordPress Sharebar 'status' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53201
Mobipocket Reader '.CHM' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53200
Havalite Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53199
TreasonSMS HTML Injection And File Include Vulnerabilities
http://www.securityfocus.com/bid/53198
Sumatra PDF Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/53196
ExponentCMS Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/53195
IBM Tivoli Directory Server Web Admin Tool Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53194
Samsung NET-i ware Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/53193
Xunlei Thunder Insecure Library Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/53191
Mega File Manager 'name' Parameter Directory Traversal Vulnerability
http://www.securityfocus.com/bid/53189
ChurchCMS 'admin.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/53209
2012年4月23日月曜日
23日 月曜日、大安
+ CVE-2012-0053 Information Disclosure vulnerability in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0053_information_disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053
+ CVE-2012-0031 Resource Management Errors vulnerability in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0031_resource_management
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031
+ CVE-2011-4317 Improper Input Validation vulnerability in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/cve_2011_4317_improper_input
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
+ CVE-2011-3607 Buffer Overflow vulnerability in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3607_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607
+ Multiple vulnerabilities in Apache HTTP Server 1.3
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053
+ Critical Patch Update - April 2012 (日本語版)
http://www.oracle.com/technetwork/jp/topics/ojkb158094-1595211-ja.html
http://www.oracle.com/technetwork/jp/topics/top-1596514-ja.html
+ Linux kernel 3.0.29, 3.2.16, 3.3.3 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.29
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.16
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.3
+ OpenSSH 6.0 released
http://www.openssh.com/txt/release-6.0
+ Linux kernel fcaps Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/53166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2123
Check Point response to OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk71821&src=securityAlerts
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
サーバメンテナンス遅延のお知らせ(2012年4月20日)
http://www.trendmicro.co.jp/support/news.asp?id=1770
HS12-010: Cross-site Scripting Vulnerability in Hitachi IT Operations Products
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-010/index.html
HS12-012: CA ARCserve Backupに関するセキュリティ問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-012/index.html
「go.jp」の97%が送信ドメイン認証、なりすましメールを検知可能に
政府機関をかたる偽メール対策を強化、受信側での対応を推奨
http://itpro.nikkeibp.co.jp/article/NEWS/20120423/392582/?ST=security
JVN#00000601 TwitRocker2 (Android 版) における WebView クラスに関する脆弱性
http://jvn.jp/jp/JVN00000601/index.html
JVNDB-2011-005041 ICONICS GENESIS32 および BizViz におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005041.html
JVNDB-2011-005040 ICONICS GENESIS32 および BizViz における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005040.html
JVNDB-2009-002714 Ghostscript の errprintf 関数におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002714.html
JVNDB-2010-003612 Ghostscript における任意の PostScript コマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-003612.html
JVNDB-2010-003611 GhostScript の parser 関数におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-003611.html
JVNDB-2010-003610 Ghostscript における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-003612.html
JVNDB-2011-003470 JasPer の jpc_crg_getparms 関数におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003470.html
JVNDB-2011-003469 JasPer の jpc_cox_getcompparms 関数におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003469.html
JVNDB-2011-003541 lighttpd の base64_decode 関数における整数符号エラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003541.html
JVNDB-2011-003563 Ruby におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003563.html
JVNDB-2011-003172 Apache HTTP Server の mod_proxy モジュールにおけるイントラネットサーバにリクエストを送信される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003172.html
JVNDB-2011-002785 Apache HTTP Server における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002785.html
JVNDB-2012-001075 Apache HTTP Server におけるサービス運用妨害 (シャットダウン中のデーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001075.html
JVNDB-2012-001258 Apache HTTP Server の protocol.c における HTTPOnly cookies の値を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001258.html
JVNDB-2009-002713 Quagga の BGP デーモンにおけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002713.html
JVNDB-2012-002044 Pluck SiteLife にクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002044.html
JVNDB-2011-003659 Apache HTTP Server の log_cookie 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003659.html
JVNDB-2011-002351 Apache HTTP Server の mod_proxy モジュールにおけるイントラネットサーバにリクエストを送信される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002351.html
JVNDB-2012-001592 OpenSSL の mime_hdr_cmp 関数におけるサービス運用妨害 (NULL ポインタデリファレンスおよびアプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001592.html
JVNDB-2011-003689 7-Technologies AQUIS における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003689.html
JVNDB-2012-000033 TwitRocker2 (Android 版) における WebView クラスに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000033.html
JVNDB-2012-002098 Siemens Scalance X Industrial Ethernet スイッチにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002098.html
JVNDB-2012-002097 複数の Siemens 製品におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002097.html
JVNDB-2012-002096 複数の Siemens 製品の Web サーバにおけるアクセス権を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002096.html
JVNDB-2012-002095 複数の ABB 製品におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002095.html
JVNDB-2012-002044 (JVNVU#400619) Pluck SiteLife にクロスサイトスクリプティングの脆弱性 4.3 2012/04/11 2012/04/20
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002044.html
JVNDB-2012-000033 (JVN#00000601) TwitRocker2 (Android 版) における WebView クラスに関する脆弱性 2.6 2012/04/20 2012/04/20
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000033.html
JVNDB-2012-002098 Siemens Scalance X Industrial Ethernet スイッチにおけるバッファオーバーフローの脆弱性 7.8 2012/04/05 2012/04/19
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002098.html
JVNDB-2012-002097 複数の Siemens 製品におけるスタックベースのバッファオーバーフローの脆弱性 6.1 2012/04/05 2012/04/19
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002097.html
JVNDB-2012-002096 複数の Siemens 製品の Web サーバにおけるアクセス権を取得される脆弱性 10.0 2012/04/05 2012/04/19
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002096.html
JVNDB-2012-002095 複数の ABB 製品におけるスタックベースのバッファオーバーフローの脆弱性 7.7 2012/04/18 2012/04/19
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002095.html
JVNDB-2012-002094 Apache HTTP Server の envvars における権限を取得される脆弱性 6.9 2012/03/02 2012/04/19
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002094.html
JVNDB-2012-002093 IrfanView 用 FlashPix PlugIn におけるヒープベースのバッファオーバーフローの脆弱性 9.3 2012/04/18 2012/04/19
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002093.html
JVNDB-2012-002092 HP System Management Homepage におけるデータを改ざんされる脆弱性 3.2 2012/04/16 2012/04/19
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002092.html
JVNDB-2012-002091 HP System Management Homepage におけるサービス運用妨害 (DoS) の脆弱性 3.5 2012/04/16 2012/04/19
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002091.html
JVNDB-2012-002090 AdAstrA TRACE MODE Data Center における任意のファイルを読まれる脆弱性 5.0 2012/04/18 2012/04/19
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002090.html
JVNDB-2012-002088 複数の VMware 製品におけるゲスト OS の権限を取得される脆弱性 8.3 2012/04/12 2012/04/19
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002088.html
JVNDB-2012-002087 nginx の ngx_http_mp4_module.c におけるバッファオーバーフローの脆弱性 5.1 2012/04/17 2012/04/19
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002087.html
JVNDB-2012-002086 nginx における重要な情報を取得される脆弱性 5.0 2012/04/17 2012/04/19
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002086.html
JVNDB-2012-002085 SyndeoCMS の starnet/index.php におけるクロスサイトスクリプティングの脆弱性 3.5 2012/04/17 2012/04/19
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002085.html
JVNDB-2012-002084 Google SketchUp における任意のコードを実行される脆弱性 9.3 2012/04/17 2012/04/19
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002084.html
JVNDB-2012-001879 複数の製品の ELF ファイルパーサにおけるマルウェア検知を回避される脆弱性 4.3 2012/03/21 2012/04/18
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001879.html
XSS in Kaseya version 6.2.0.0 web interface
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00160.html
DC4420 - London DEFCON - April meet - Tuesday April 24th 2012
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00144.html
[security bulletin] HPSBMU02764 SSRT100827 rev.2 - HP System Management Homepage (SMH) Running o
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00159.html
IPv6 host scanning in IPv6
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00158.html
[security bulletin] HPSBUX02761 SSRT100823 rev.1 - HP-UX Running Apache, Remote Denial of Se
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00143.html
Specially crafted webdav request allows reading of local files on liferay 6.0.x
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00157.html
[SECURITY] [DSA 2454-1] openssl security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00142.html
OCIPasswordChange API leaks information of password hash (CVE-2012-0511)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00156.html
Oracle Enterprise Manager vulnerable to Session fixation (CVE-2012-0528)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00155.html
HTTP Response Splitting in Oracle Enterprise Manager (pageName parameter) (CVE-2012-0527)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00154.html
HTTP Response Splitting in Oracle Enterprise Manager (prevPage parameter) (CVE-2012-0526)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00153.html
SQL Injection in Oracle Enterprise Manager (searchPage web page) (CVE-2012-0525)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00152.html
Liferay 6.1 can be compromised in its default configuration
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00151.html
SQL Injection in Oracle Enterprise Manager (compareWizFirstConfig web page) (CVE-2012-0512)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00150.html
Specially crafted Json service request allows full control over a Liferay portal instance
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00149.html
Some failed authentication attempts using OCIPasswordChange API are not recorded (CVE-2012-0
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00148.html
OCIPasswordChange API leaks information of password hash (CVE-2012-0511)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00147.html
Incomplete protection of Oracle Database locked accounts (CVE-2012-0510)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00146.html
IBM Rational ClearQuest Buffer Overflow in ActiveX Control RegisterSchemaRepoFromFileByDbSet() Function Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026958
OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026957
EMC Data Protection Advisor Server and Collector Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1026956
WordPress Release Security Update
http://isc.sans.edu/diary/WordPress+Release+Security+Update/13024
REMOTE: Liferay 6.0.x Webdav File Reading Vulnerability
http://www.exploit-db.com/exploits/18763
DoS/PoC: Samsung NET-i ware <= 1.37 Multiple Vulnerabilities
http://www.exploit-db.com/exploits/18765
ReadyDesk Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/48904/
ownCloud Password Reset Vulnerability
http://secunia.com/advisories/48856/
SUSE update for libtiff
http://secunia.com/advisories/48893/
Shibboleth Service Provider OpenSSL DER Format Data Processing Vulnerability
http://secunia.com/advisories/48896/
Shibboleth Identity Provider LDAPS Hostname Verification Security Issue
http://secunia.com/advisories/48910/
ChatBlazer Enterprise Server Client "user" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48905/
WordPress Download Manager Plugin "cid" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48927/
IBM Java 6 Multiple Vulnerabilities
http://secunia.com/advisories/48913/
IBM Java 5 Multiple Vulnerabilities
http://secunia.com/advisories/48915/
WordPress Zingiri Web Shop Plugin Multiple Unspecified Vulnerabilities
http://secunia.com/advisories/48909/
TwitRocker2 for Android WebView Class Security Bypass Security Issue
http://secunia.com/advisories/48894/
Hitachi JP1/IT Desktop Management Cross-Site Scripting and Denial of Service Vulnerabilities
http://secunia.com/advisories/48843/
RubyGems Remote Repository SSL Certificate Verification Security Issue
http://secunia.com/advisories/48807/
IBM Rational ClearQuest ActiveX Control Buffer Overflow Vulnerability
http://secunia.com/advisories/48933/
Comodo Internet Security PE File Processing Denial of Service Vulnerability
http://secunia.com/advisories/48928/
Debian update for openssl
http://secunia.com/advisories/48895/
Ubuntu update for openssl
http://secunia.com/advisories/48899/
Oracle Products Multiple Remote Code Execution and Security Bypass
http://www.vupen.com/english/ADV-2012-0214.php
Apache HTTP Server "LD_LIBRARY_PATH " Privilege Escalation
http://www.vupen.com/english/ADV-2012-0213.php
Apache OFBiz Request Processing Unspecified Code Execution
http://www.vupen.com/english/ADV-2012-0212.php
Apache OFBiz Data Processing Multiple Cross Site Scripting Issues
http://www.vupen.com/english/ADV-2012-0211.php
HP System Management Homepage Multiple Remote Vulnerabilities
http://www.vupen.com/english/ADV-2012-0210.php
Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017
Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014
Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018
Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011
Oracle Java SE CVE-2012-0500 Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52015
Oracle Java SE CVE-2012-0499 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52016
Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013
Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012
Oracle Java SE CVE-2012-0498 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52019
Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194
Oracle Virtual Desktop Infrastructure (VDI) CVE-2011-3571 Remote Vulnerability
http://www.securityfocus.com/bid/51467
TYPO3 Exception Handler Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53047
OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0462 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52467
Mozilla Firefox/Thunderbird/SeaMonkey 'array.join' CVE-2012-0464 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52465
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0456 SVG Filters Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52461
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0461 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52464
Mozilla Firefox/Thunderbird/SeaMonkey HTTP Header Security Bypass Vulnerability
http://www.securityfocus.com/bid/52463
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-0458 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52460
Mozilla Firefox, Thunderbird, and SeaMonkey Drag and Drop Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52458
Mozilla Firefox/SeaMonkey/Thunderbird 'window.fullScreen' Security Bypass Vulnerability
http://www.securityfocus.com/bid/52456
Mozilla Firefox/Thunderbird/SeaMonkey 'cssText' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52457
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0457 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52459
Oracle Database Server OCIPasswordChange API Security Bypass Vulnerability
http://www.securityfocus.com/bid/53101
xRadio '.xrl' File Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46290
Adobe Flash Player Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/32896
Anchor CMS 'id' Parameter Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53181
Kaseya System Version 'adminName' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53180
ownCloud Password Reset Security Bypass Vulnerability
http://www.securityfocus.com/bid/53179
Shibboleth Identity Provider LDAPS Hostname Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/53178
WordPress Download Manager Plugin 'cid' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53176
Hitachi JP1/IT Desktop Management - Manager Multiple Vulnerabilities
http://www.securityfocus.com/bid/53175
RubyGems SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/53174
TwitRocker2 CVE-2012-1243 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53173
VLC Media Player Divide-By-Zero Denial of Service Vulnerability
http://www.securityfocus.com/bid/53169
Pendulab ChatBlazer 'username' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53168
Linux kernel fcaps Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/53166
2012年4月20日金曜日
20日 金曜日、友引
+ HPSBMU02764 SSRT100827 rev.2 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03280632%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ Apache James Server 3.0-beta4 released
http://james.apache.org/download.cgi#Apache_James_Server
+ OpenSSL 1.0.1a released
http://www.openssl.org/news/
http://www.openssl.org/news/changelog.html
+ OpenSSL "asn1_d2i_read_bio()" DER Format Data Processing Vulnerability
http://secunia.com/advisories/48847/
http://isc.sans.edu/diary.html?storyid=13018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
+ DoS/PoC: OpenSSL ASN1 BIO Memory Corruption Vulnerability
http://www.exploit-db.com/exploits/18756
+ DoS/PoC: MS11-046 Afd.sys Proof of Concept
http://www.exploit-db.com/exploits/18755
脆弱性対策情報データベースJVN iPediaの登録状況
[2012年第1四半期(1月~3月)]
http://www.ipa.go.jp/security/vuln/report/JVNiPedia2012q1.html
話題の「インスタグラム」をかたるAndroidマルウエア出現
http://itpro.nikkeibp.co.jp/article/NEWS/20120420/392184/?ST=security
Macを狙う「Flashback」マルウエア、いまだに14万台が感染
シマンテックが報告、アップルなどは削除ツールを提供
http://itpro.nikkeibp.co.jp/article/NEWS/20120420/392181/?ST=security
[ONS2012]SDNの活用シーンに広がり、ペアレンタルコントロールやセキュリティ分野にも
http://itpro.nikkeibp.co.jp/article/NEWS/20120419/392081/?ST=security
「Visaカードの不正利用は20年間で3分の2に減少」---米Visaのリスク管理チーフが説明
http://itpro.nikkeibp.co.jp/article/NEWS/20120419/392061/?ST=security
TISとインテック、会員登録時に携帯電話番号を認証するWebサービスを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20120419/391982/?ST=security
[ MDVSA-2012:060 ] openssl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00140.html
Vulnerabilities in Samsung TV (remote controller protocol)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00141.html
[CVE-2012-2273] Comodo Internet Security <5.10 BSOD (Win7 x64)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00138.html
VUPEN Security Research - Adobe Flash Player NetStream Remote Code Execution Vulnerability (APSB
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00137.html
Ruxcon 2012 Call For Papers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00136.html
[SECURITY] [DSA 2453-2] gajim regression
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00135.html
Security advisory for Bugzilla 4.2.1, 4.0.6 and 3.6.9
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00134.html
The history of a -probably- 13 years old Oracle bug: TNS Poison
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00133.html
ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00132.html
Paste Script Improper Group Privileges Weakness
http://secunia.com/advisories/48812/
KVM Device Mapping Memory Leak Denial of Service Vulnerability
http://secunia.com/advisories/48852/
HP-UX Apache Web Server Multiple Vulnerabilities
http://secunia.com/advisories/48851/
ownCloud Multiple Vulnerabilities
http://secunia.com/advisories/48850/
Red Hat update for kernel
http://secunia.com/advisories/48881/
SUSE update for freetype2
http://secunia.com/advisories/48918/
Drupal Gigya - Social optimization Module Cross-Site-Scripting Vulnerability
http://secunia.com/advisories/48832/
Bugzilla Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/48835/
Gentoo swftools Two Integer Overflow Vulnerabilities
http://secunia.com/advisories/48821/
Drupal Commerce Reorder Module Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/48912/
DoS/PoC: Wireshark 'call_dissector()' NULL Pointer Dereference Denial Of Service
http://www.exploit-db.com/exploits/18758
DoS/PoC: VLC 2.0.1 division by zero vulnerability
http://www.exploit-db.com/exploits/18757
DoS/PoC: LibreOffice 3.5.2.2 Memory Corruption
http://www.exploit-db.com/exploits/18754
DoS/PoC: Samsung D6000 TV Multiple Vulnerabilities
http://www.exploit-db.com/exploits/18751
OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428
Oracle Database Server OCIPasswordChange API CVE-2012-0510 Security Bypass Vulnerability
http://www.securityfocus.com/bid/53090
Oracle Database Server OCIPasswordChange API Security Bypass Vulnerability
http://www.securityfocus.com/bid/53101
OpenSSL ASN.1 S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52181
OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764
OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158
Oracle Enterprise Manager CVE-2012-0512 SQL Injection Vulnerability
http://www.securityfocus.com/bid/53092
Oracle Enterprise Manager CVE-2012-0525 SQL Injection Vulnerability
http://www.securityfocus.com/bid/53063
Oracle Database Server CVE-2012-0528 Remote Session Fixation Vulnerability
http://www.securityfocus.com/bid/53089
Oracle Database Server CVE-2012-0527 Remote HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/53093
Oracle Database Server CVE-2012-0526 Remote HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/53084
Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability
http://www.securityfocus.com/bid/52161
Adobe Flash Player APSB12-07 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/52748
Oracle GlassFish Enterprise Server 'REST interface' Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/53118
Wireshark 'call_dissector()' NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52735
Wireshark 'ERF' data Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52737
Wireshark MP2T Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/52736
Wireshark IEEE 802.11 Dissector Infinite Loop Denial of Service Vulnerability
http://www.securityfocus.com/bid/52738
Samba 'Perl-Based DCE/RPC IDL' Compiler Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52973
Gallery Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52996
ioQuake3 Engine Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52719
Drupal Autosave Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/52985
UniOPC IP*Works! SSL Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50003
Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51706
Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51705
Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407
Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50494
Microsoft Office RTF File Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44652
Gajim CVE-2012-2093 Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/53017
Gajim SQL Injection and Code Execution Vulnerabilities
http://www.securityfocus.com/bid/52943
Microsoft Windows 'AFD.sys' Driver Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/48198
MacVTap Device Driver Local Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53165
EMC Data Protection Advisor Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/53164
Comodo Internet Security Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53163
KVM CVE-2012-2121 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53162
Samsung TV and BD Products Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/53161
AdAstrA TRACE MODE Data Center Remote Arbitrary File Access Vulnerability
http://www.securityfocus.com/bid/53160
Fortune3 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53151
2012年4月19日木曜日
19日 木曜日、先勝
+ FreeBSD 8.3-RELEASE Released
http://www.freebsd.org/releases/8.3R/relnotes-detailed.html
http://www.freebsd.org/releases/8.3R/errata.html
+ HPSBUX02761 SSRT100823 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Local Increase of Privilege
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03278391%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053
+ CVE-2011-2728 Denial of Service (DoS) vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1
+ CVE-2008-6536 Unspecified vulnerability in 7-zip
https://blogs.oracle.com/sunsecurity/entry/cve_2008_6536_unspecified_vulnerability
+ CVE-2009-2369 Denial of Service (DoS) vulnerability in wxWidgets
https://blogs.oracle.com/sunsecurity/entry/cve_2009_2369_denial_of
+ CVE-2006-7250 Denial of Service (DoS) vulnerability in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/cve_2006_7250_denial_of
+ CVE-2011-3368 Improper Input Validation vulnerability in Apache HTTP Server 2.0
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3368_improper_input1
+ CVE-2011-3368 Improper Input Validation vulnerability in Apache HTTP Server 1.3
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3368_improper_input
+ CVE-2012-0021 Improper Input Validation vulnerability in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0021_improper_input
+ CVE-2011-4029 Race Condition vulnerability in X.Org
https://blogs.oracle.com/sunsecurity/entry/cve_2011_4029_race_condition
+ ownCloud Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/53145
CentOS alert CESA-2012:0480 (kernel)
http://lwn.net/Alerts/493122/
CentOS alert CESA-2012:0481 (kernel)
http://lwn.net/Alerts/493123/
Check Point Response to Check Point Firewall-1 SecuRemote Topology Service Hostname Disclosure
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk69360&src=securityAlerts
ウイルスバスター コーポレートエディション 10.0 および10.5 Critical Patch 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1763
Hitachi Consulting and Nexaweb Expand Solutions Delivery Alliance for IT Modernization
http://www.nexaweb.com/about/news-events/press-releases/default.cfm?id=63
[security bulletin] HPSBMU02766 SSRT100624 rev.1 - HP Onboard Administrator (OA), Remote Denial of Service (DoS)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00129.html
Multiple vulnerabilities in Newscoop
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00128.html
Multiple XSS vulnerabilities in XOOPS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00127.html
TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00126.html
[ MDVSA-2012:032-1 ] mozilla
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00125.html
Acuity CMS 2.6.x <= Cross Site Scripting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00124.html
VUPEN Security Research - Microsoft Internet Explorer VML Remote Code Execution (MS12-023 / CVE-2012-0172)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00123.html
[security bulletin] HPSBOV02765 SSRT100828 rev.1 - HP OpenVMS, local Denial of Service (DoS)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00115.html
ポイント交換サービス「Gポイント」でなりすまし、400人以上が被害
150万円分以上のポイントが不正に交換、ユーザーはパスワードの変更を
http://itpro.nikkeibp.co.jp/article/NEWS/20120419/391783/?ST=security
不正なAndroidアプリが3カ月で5000種類、日本への標的型攻撃も相次ぐ
トレンドマイクロが2012年第1四半期のセキュリティ動向
http://itpro.nikkeibp.co.jp/article/NEWS/20120419/391781/?ST=security
JVNDB-2007-000909 libpng の pngrtran.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000909.html
JVNDB-2007-001151 libpng の pngset.c における一つずれエラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001151.html
JVNDB-2007-001150 libpng の pngset.c における一つずれエラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001150.html
JVNDB-2009-002257 libpng における初期化されていないメモリ内の情報の一部を読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002257.html
JVNDB-2008-001720 libpng の PNG ファイル処理における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001720.html
JVNDB-2007-000910 libpng の複数のチャンクハンドラにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000910.html
JVNDB-2009-001104 libpng が適切にエレメントポインタを初期化しない脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001104.html
JVNDB-2008-002313 libpng におけるサービス運用妨害 (DoS) 状態の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002313.html
JVNDB-2012-001879 複数の製品の ELF ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001879.html
JVNDB-2011-002305 SSL と TLS の CBC モードに選択平文攻撃の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002305.html
JVNDB-2011-004877 Gopher の gopherToHTML 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-004877.html
JVNDB-2012-001003 Apache Tomcat におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001003.html
JVNDB-2012-001078 Apache Tomcat におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001078.html
JVNDB-2011-003560 Microsoft .NET Framework におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003560.html
JVNDB-2012-002083 RealNetworks Helix Server および Helix Mobile Server におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002083.html
JVNDB-2012-002082 RealNetworks Helix Server および Helix Mobile Server におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002082.html
JVNDB-2012-002081 RealNetworks Helix Server および Helix Mobile Server におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002081.html
JVNDB-2012-002080 RealNetworks Helix Server および Helix Mobile Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002080.html
JVNDB-2012-002079 RealNetworks Helix Server および Helix Mobile Server における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002079.html
JVNDB-2012-002078 RealNetworks Helix Server および Helix Mobile Server の rn5auth.dll におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002078.html
JVNDB-2011-002372 Quagga の ospf_flood 関数におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002372.html
JVNDB-2011-002370 Quagga の ospfd 内の ospf_packet.c におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002370.html
JVNDB-2011-002369 Quagga の ospf6_lsa.c 内にある ospf6_lsa_is_changed 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002369.html
JVNDB-2011-002368 Quagga の ospf6d 内にある OSPFv3 実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002368.html
JVNDB-2004-000471 Info-ZIP Zip のファイル名やパス名の解析処理におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2004/JVNDB-2004-000471.html
JVNDB-2012-001879 複数の製品の ELF ファイルパーサにおけるマルウェア検知を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001879.html
JVNDB-2012-002083 RealNetworks Helix Server および Helix Mobile Server におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002083.html
JVNDB-2012-002082 RealNetworks Helix Server および Helix Mobile Server におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002082.html
JVNDB-2012-002081 RealNetworks Helix Server および Helix Mobile Server におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002081.html
JVNDB-2012-002080 RealNetworks Helix Server および Helix Mobile Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002080.html
JVNDB-2012-002079 RealNetworks Helix Server および Helix Mobile Server における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002079.html
JVNDB-2012-002078 RealNetworks Helix Server および Helix Mobile Server の rn5auth.dll におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002078.html
JVNDB-2012-002077 複数の光洋電子工業社製品の Web サーバにおけるサービス運用妨害 (リソース消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002077.html
JVNDB-2012-002076 複数の光洋電子工業社製品の Web サーバおける不特定の機能を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002076.html
JVNDB-2012-002075 複数の光洋電子工業社製品の Web サーバにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002075.html
JVNDB-2012-002074 複数の光洋電子工業社製品の ECOM Ethernet モジュールにおけるアクセス権を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002074.html
JVNDB-2012-002073 複数の光洋電子工業社製品の ECOM Ethernet モジュールにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002073.html
JVNDB-2012-002072 libarchive におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002072.html
JVNDB-2012-002071 libarchive におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002071.html
JVNDB-2012-002070 libarchive の archive_read_support_format_iso9660.c におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002070.html
JVNDB-2012-002069 libarchive におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002069.html
JVNDB-2012-002068 curl および libcurl におけるデータインジェクション攻撃の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002068.html
Sysinternals Updates - 2012 Apr 17
http://isc.sans.edu/diary.html?storyid=13006
ISC Feature of the Week: Suspicious Domains
http://isc.sans.edu/diary.html?storyid=13012
Oracle PeopleSoft Products Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data, Modify Data, and Deny Service
http://www.securitytracker.com/id/1026954
Oracle Financial Services Software Bugs Let Remote Users Partially Access and Modify Data and Cause Partial Denial of Service Conditions
http://www.securitytracker.com/id/1026953
Oracle Industry Applications Siebel Clinical Bug Lets Remote Authenticated Users Partially Modify Data
http://www.securitytracker.com/id/1026952
Oracle iPlanet Web Server Admin Console Flaw Lets Remote Users Partially Access and Modify Data and Partially Deny Service
http://www.securitytracker.com/id/1026951
Oracle Grid Engine Lets Local Users and Remote Authenticated Users Gain Root Privileges
http://www.securitytracker.com/id/1026950
Oracle Fusion Middleware Bugs Let Remote Users Partially Access and Modify Data and Partially Deny Service
http://www.securitytracker.com/id/1026949
Oracle JRockit Lets Remote Users Gain Full Control of the System
http://www.securitytracker.com/id/1026948
Oracle Primavera Products Suite Lets Remote Users Partially Modify Data
http://www.securitytracker.com/id/1026943
Sun SPARC Enterprise Server XCP Bugs Let Local Users Gain Elevated Privileges and Remote Users Partially Deny Service
http://www.securitytracker.com/id/1026942
Sun GlassFish Enterprise Server Bugs Let Remote Users Partially Access Data, Modify Data, and Deny Service
http://www.securitytracker.com/id/1026941
Solaris Lets Local Users Gain Root Privileges and Remote Users Partially Access or Modify Data
http://www.securitytracker.com/id/1026940
IBM Tivoli Directory Server NULL Ciphers Let Remote Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1026939
IBM Tivoli Directory Server Paged Search Request Processing Error Lets Remote Users Deny Service
http://www.securitytracker.com/id/1026938
Oracle Supply Chain Products Suite Bugs Let Remote Users Partially Deny Service, Access Data, and Modify Data
http://www.securitytracker.com/id/1026937
Oracle E-Business Suite Bugs Let Remote Users Partially Access and Modify Data
http://www.securitytracker.com/id/1026936
HP OpenVMS Unspecified Flaw Lets Local Users Deny Service
http://www.securitytracker.com/id/1026935
MySQL Multiple Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1026934
Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1026932
Linux Kernel Bug in xfrm6_tunnel Module Lets Remote Users Deny Service
http://www.securitytracker.com/id/1026930
Xoops "to_userid" and "current_file" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/48887/
Oracle iPlanet Web Server Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/43942/
Sitecom WLM-2501 Wireless Modem Router 300N Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/48840/
Red Hat update for kernel
http://secunia.com/advisories/48842/
Oracle AutoVue Office Unspecified Vulnerability
http://secunia.com/advisories/48875/
Oracle Agile PLM Multiple Vulnerabilities
http://secunia.com/advisories/48874/
Oracle Agile PLM for Process Unspecified Vulnerability
http://secunia.com/advisories/48853/
Oracle FLEXCUBE Universal Banking Unspecified Vulnerabilities
http://secunia.com/advisories/48831/
Oracle Siebel Clinical Two Unspecified Vulnerabilities
http://secunia.com/advisories/48885/
Oracle PeopleSoft Enterprise Supply Chain Management (SCM) Unspecified Vulnerabilities
http://secunia.com/advisories/48884/
Oracle PeopleSoft Enterprise Human Resource Management System (HRMS) Unspecified Vulnerabilities
http://secunia.com/advisories/48878/
Oracle PeopleSoft Enterprise FCSM Unspecified Vulnerability
http://secunia.com/advisories/48880/
Gentoo update for adobe-flash
http://secunia.com/advisories/48819/
Oracle FLEXCUBE Direct Banking Unspecified Vulnerabilities
http://secunia.com/advisories/48886/
SPARC Enterprise M Series XSCF Control Package Vulnerabilities
http://secunia.com/advisories/48837/
Gentoo update for DBD-Pg
http://secunia.com/advisories/48824/
Oracle Solaris Multiple Vulnerabilities
http://secunia.com/advisories/48809/
Gentoo update for polkit
http://secunia.com/advisories/48817/
Gentoo update for freetype
http://secunia.com/advisories/48822/
Oracle GlassFish Enterprise Server Unspecified Vulnerabilities
http://secunia.com/advisories/48798/
Oracle Grid Engine Two Vulnerabilities
http://secunia.com/advisories/48826/
HP Onboard Administrator Denial of Service Vulnerability
http://secunia.com/advisories/48830/
Oracle Database Multiple Vulnerabilities
http://secunia.com/advisories/48855/
Oracle JRockit Multiple Vulnerabilities
http://secunia.com/advisories/48864/
Oracle Enterprise Manager Grid Control Multiple Vulnerabilities
http://secunia.com/advisories/48870/
Oracle JDeveloper Java Business Objects Unspecified Vulnerability
http://secunia.com/advisories/48863/
Oracle PeopleSoft Enterprise Portal Unspecified Vulnerability
http://secunia.com/advisories/48883/
Oracle PeopleSoft Enterprise PeopleTools Multiple Vulnerabilities
http://secunia.com/advisories/48882/
Oracle Identity Manager Connector for Database User Management Unspecified Vulnerability
http://secunia.com/advisories/48858/
Oracle PeopleSoft Enterprise CRM Unspecified Vulnerability
http://secunia.com/advisories/48876/
Oracle BI Publisher Administration Unspecified Vulnerability
http://secunia.com/advisories/48857/
Oracle E-Business Suite iStore Component Data Manipulation Vulnerability
http://secunia.com/advisories/48892/
Oracle MySQL Server Multiple Vulnerabilities
http://secunia.com/advisories/48890/
Oracle Primavera P6 Enterprise Project Portfolio Management Unspecified Vulnerability
http://secunia.com/advisories/48888/
Oracle E-Business Suite Multiple Vulnerabilities
http://secunia.com/advisories/48871/
Oracle WebCenter Forms Recognition Designer Two Vulnerabilities
http://secunia.com/advisories/48869/
Oracle Identity Manager User Config Management Unspecified Vulnerability
http://secunia.com/advisories/48861/
Oracle Outside In Technology Outside In Image Export SDK Multiple Vulnerabilities
http://secunia.com/advisories/48867/
Oracle PeopleSoft Human Capital Management Human Resources Unspecified Vulnerability
http://secunia.com/advisories/48877/
Apache HTTP Server LD_LIBRARY_PATH Security Issue
http://secunia.com/advisories/48849/
LOCAL: Office 2008 sp0 RTF Pfragments MAC exploit
http://www.exploit-db.com/exploits/18749
LOCAL: CyberLink Power2Go name attribute (p2g) Stack Buffer Overflow Exploit
http://www.exploit-db.com/exploits/18747
LOCAL: GSM SIM Editor 5.15 Buffer Overflow
http://www.exploit-db.com/exploits/18748
MySQL Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51925
MySQL 5.5.20 Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52154
WebKit Multiple Unspecified Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/52365
Siemens SIMATIC WinCC Flexible Runtime 'HmiLoad.exe' Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/50828
Multiple Siemens SIMATIC Products Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/51177
Siemens SIMATIC HMI Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/51835
Siemens SIMATIC WinCC HMI Web Server Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/51836
GSM SIM Utility '.sms' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41212
CyberLink Power2Go Multiple Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/50997
ioQuake3 Engine Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52719
libTIFF CVE-2012-1173 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52891
FreeType Versions Prior to 2.4.9 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52318
Sourcefabric Newscoop Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/52941
Microsoft Internet Explorer CVE-2012-0171 SelectAll Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52905
Samba 'Perl-Based DCE/RPC IDL' Compiler Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52973
Adobe Flash Player CVE-2011-2445 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50625
PolicyKit 'pkexec' File Existence Information Disclosure Weakness
http://www.securityfocus.com/bid/39198
PolicyKit 'pkexec' Utility and 'polkitd' Daemon Local Race Condition Vulnerability
http://www.securityfocus.com/bid/47496
WordPress 1-jquery-photo-gallery-slideshow-flash Plugin Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50860
WordPress Featurific For WordPress Plugin 'snum' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50779
WordPress Advanced Text Widget Plugin 'page' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50744
SWFTools Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/42433
Microsoft Internet Explorer CVE-2012-0172 VML Style Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52906
Adobe Flash Player APSB12-07 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/52748
Adobe Flash Player CVE-2012-0768 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52297
Adobe Flash Player CVE-2012-0769 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52299
Adobe Flash Player CVE-2012-0754 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52034
Adobe Flash Player CVE-2011-2459 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50620
Adobe Flash Player CVE-2012-0753 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52033
Adobe Flash Player CVE-2012-0752 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52032
Adobe Flash Player CVE-2012-0755 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/52035
Adobe Flash Player CVE-2012-0756 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/52036
Adobe Flash Player CVE-2012-0767 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52040
Adobe Flash Player CVE-2011-2460 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50628
HP OpenVMS CVE-2012-0134 Unspecified Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53045
Adobe Flash Player CVE-2011-2458 Cross Domain Security Bypass Vulnerability
http://www.securityfocus.com/bid/50629
Adobe Flash Player CVE-2011-2456 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50624
Adobe Flash Player CVE-2011-2452 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50622
Adobe Flash Player CVE-2011-2455 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50627
Adobe Flash Player CVE-2011-2450 Heap Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50619
Adobe Flash Player CVE-2011-2457 Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50621
Adobe Flash Player CVE-2011-2453 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50618
Adobe Flash Player CVE-2011-2454 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50626
Adobe Flash Player CVE-2011-2451 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50623
RETIRED: Oracle April 2012 Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/53004
perl-DBD-Pg Module Multiple Format String Vulnerabilities
http://www.securityfocus.com/bid/52378
Adobe Flash Player CVE-2012-0725 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52914
Adobe Flash Player CVE-2012-0724 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52916
Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/49303
RealNetworks Helix Server Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52929
Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012
OpenSSL ECDSA Timing Attack Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47888
Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/47929
Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011
Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
http://www.securityfocus.com/bid/50802
HP System Management Homepage CVE-2011-3846 Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/52974
Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49957
Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
http://www.securityfocus.com/bid/51869
X.Org Input Device Format String Vulnerability
http://www.securityfocus.com/bid/53150
Sourcefabric Newscoop Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/53147
ownCloud Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/53145
musl libc Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53144
XOOPS Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53143
Oracle Solaris CVE-2012-1684 Local Vulnerability
http://www.securityfocus.com/bid/53138
Oracle GlassFish Enterprise Server CVE-2012-0551 Remote Vulnerability
http://www.securityfocus.com/bid/53136
Oracle Solaris CVE-2012-1681 Local Vulnerability
http://www.securityfocus.com/bid/53135
Oracle SPARC Enterprise M Series Servers CVE-2012-0548 Local Vulnerability
http://www.securityfocus.com/bid/53134
Oracle SPARC Enterprise M Series Servers CVE-2012-1693 Remote vulnerability
http://www.securityfocus.com/bid/53131
Oracle FLEXCUBE Universal Banking CVE-2012-0573 Remote Vulnerability
http://www.securityfocus.com/bid/53129
Oracle Solaris CVE-2012-1698 Remote Vulnerability
http://www.securityfocus.com/bid/53128
Oracle Solaris CVE-2012-1692 Local Vulnerability
http://www.securityfocus.com/bid/53125
Oracle FLEXCUBE Universal Banking CVE-2012-0545 Remote Vulnerability
http://www.securityfocus.com/bid/53122
Oracle FLEXCUBE Direct Banking CVE-2012-1706 Remote Vulnerability
http://www.securityfocus.com/bid/53116
Oracle FLEXCUBE Universal Banking CVE-2012-0567 Remote Vulnerability
http://www.securityfocus.com/bid/53114
Oracle FLEXCUBE Direct Banking CVE-2012-0576 Remote Vulnerability
http://www.securityfocus.com/bid/53113
Oracle FLEXCUBE Universal Banking CVE-2012-0575 Remote Vulnerability
http://www.securityfocus.com/bid/53111
Oracle FLEXCUBE Universal Banking CVE-2012-0546 Remote Vulnerability
http://www.securityfocus.com/bid/53108
Oracle FLEXCUBE Direct Banking CVE-2012-1707 Remote Vulnerability
http://www.securityfocus.com/bid/53107
Oracle Database Server CVE-2012-1708 Remote Application Express Vulnerability
http://www.securityfocus.com/bid/53104
Oracle FLEXCUBE Universal Bank CVE-2012-0571 Remote Vulnerability
http://www.securityfocus.com/bid/53103
Oracle Database Server CVE-2012-0511 Remote OCI Vulnerability
http://www.securityfocus.com/bid/53101
Oracle Database Server CVE-2012-0552 Remote Oracle Spatial Vulnerability
http://www.securityfocus.com/bid/53097
Oracle Database Server CVE-2012-0527 Remote Enterprise Manager Base Platform Vulnerability
http://www.securityfocus.com/bid/53093
Oracle Database Server CVE-2012-0512 Remote Enterprise Manager Base Platform Vulnerability
http://www.securityfocus.com/bid/53092
Oracle Database Server CVE-2012-0510 Remote Core RDBMS Vulnerability
http://www.securityfocus.com/bid/53090
Oracle Database Server CVE-2012-0528 Remote Enterprise Manager Base Platform Vulnerability
http://www.securityfocus.com/bid/53089
Oracle Outside In Technology CVE-2012-0556 Remote Vulnerability
http://www.securityfocus.com/bid/53087
Oracle Database Server CVE-2012-0526 Remote Enterprise Manager Base Platform Vulnerability
http://www.securityfocus.com/bid/53084
Oracle BI Publisher CVE-2012-0543 Remote Vulnerability
http://www.securityfocus.com/bid/53083
Oracle WebCenter Forms Recognition CVE-2012-1709 Remote Vulnerability
http://www.securityfocus.com/bid/53082
Oracle Database Server CVE-2012-0520 Remote Enterprise Manager Base Platform Vulnerability
http://www.securityfocus.com/bid/53081
Oracle Identity Manager Connector CVE-2012-0515 Remote Vulnerability
http://www.securityfocus.com/bid/53079
Oracle Supply Chain Products Suite CVE-2012-0549 Remote Oracle AutoVue Office Vulnerability
http://www.securityfocus.com/bid/53077
Oracle Database Server CVE-2012-0534 Remote RDBMS Core Vulnerability
http://www.securityfocus.com/bid/53076
Oracle Database Server CVE-2012-0519 Remote Core RDBMS Vulnerability
http://www.securityfocus.com/bid/53072
Oracle Outside In Technology CVE-2012-0555 Remote Vulnerability
http://www.securityfocus.com/bid/53070
Oracle Outside In Technology CVE-2012-0554 Remote Vulnerability
http://www.securityfocus.com/bid/53069
Oracle E-Business Suite CVE-2012-0542 Remote Oracle iStore Vulnerability
http://www.securityfocus.com/bid/53068
Oracle E-Business Suite CVE-2012-0537 Remote Oracle Application Object Library Vulnerability
http://www.securityfocus.com/bid/53066
Oracle Database Server CVE-2012-0525 Remote Enterprise Manager Base Platform Vulnerability
http://www.securityfocus.com/bid/53063
Oracle WebCenter Forms Recognition CVE-2012-1710 Remote Vulnerability
http://www.securityfocus.com/bid/53062
Oracle Identity Manager CVE-2012-0532 Remote Vulnerability
http://www.securityfocus.com/bid/53060
Oracle E-Business Suite CVE-2012-0535 Remote Oracle Application Object Library Vulnerability
http://www.securityfocus.com/bid/53059
Oracle E-Business Suite CVE-2012-0513 Remote Oracle Application Object Library Vulnerabilty
http://www.securityfocus.com/bid/53055
Oracle Outside In Technology CVE-2012-0557 Remote Vulnerability
http://www.securityfocus.com/bid/53054
Oracle Fusion Middleware CVE-2012-0522 Remote Vulnerability
http://www.securityfocus.com/bid/53053
登録:
投稿 (Atom)