:: IT Security Neophyte Investigator's MEMO ::: 10日火曜日、仏滅

2012年4月10日火曜日

10日火曜日、仏滅

+ Devocot 2.0.20, 2.1.4 released
http://www.dovecot.org/list/dovecot-news/2012-April/000221.html
http://www.dovecot.org/list/dovecot-news/2012-April/000220.html

+ Oracle MySQL Server Two Unspecified Vulnerabilities
http://secunia.com/advisories/48744/

CVE-2012-0769, the case of the perfect info leak
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00063.html

Secunia Research: Helix Server SNMP Master Agent Service Two Denial of Service Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00062.html

Secunia Research: RealNetworks Helix Server Credentials Disclosure Security Issue
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00061.html

OWASP ZAP 1.4.0 released
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00060.html

[Suspected Spam] Astaro Security Gateway v7.504 - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00059.html

[Suspected Spam] Astaro Command Center v2.x - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00058.html

CsForum v0.8 - Cross Site Scripting Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00057.html

osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00056.html

idev Game Site CMS v1.0 - Multiple Web Vulnerabilites
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00055.html

[Suspected Spam] AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00054.html

CitrusDB 2.4.1 - LFI/SQLi Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00053.html

[waraxe-2012-SA#085] - Reflected XSS in Uploadify Integration Wordpress plugin
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00052.html

[waraxe-2012-SA#084] - Multiple Vulnerabilities in OpenCart 1.5.2.1
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00050.html

[CVE-2012-1574] Apache Hadoop user impersonation vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00051.html

PHPNuke Modules Name Download SQL Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00049.html

[security bulletin] HPSBUX02758 SSRT100774 rev.1 - HP-UX running DCE, Remote Denial of Servi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00047.html

Twitterで詐欺サイトに誘導――スマホを狙ったワンクリ詐欺の新手口
ツイート中の短縮URLに注意、アダルト動画サイトに見せかける
http://itpro.nikkeibp.co.jp/article/NEWS/20120410/390282/?ST=security

「暗号化した文書ファイルにウイルス」――新たな標的型攻撃
パスワードは別のメールで送付、DLLを使った手口も確認
http://itpro.nikkeibp.co.jp/article/NEWS/20120410/390281/?ST=security

大塚商会、ホスト型セキュリティソフト「Trend Micro Deep Security」をSaaS提供
http://itpro.nikkeibp.co.jp/article/NEWS/20120409/390262/?ST=security

「Mac OS X」を狙う「Flashback」マルウエア、感染マシンは60万台以上
http://itpro.nikkeibp.co.jp/article/NEWS/20120409/390205/?ST=security

JVNDB-2012-002019 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002019.html

JVNDB-2012-002018 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002018.html

JVNDB-2012-002017 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002017.html

JVNDB-2012-002016 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002016.html

JVNDB-2012-002015 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002015.html

JVNDB-2012-002014 Google Chrome における同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002014.html

JVNDB-2012-002013 Google Chrome の HTMLMediaElement 実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002013.html

JVNDB-2012-002012 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002012.html

JVNDB-2012-002011 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002011.html

JVNDB-2012-002010 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002010.html

JVNDB-2012-002009 Google Chrome における同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002009.html

JVNDB-2012-002008 Google Chrome で使用される Skia におけるサービス運用妨害 (out-of-bounds read) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002008.html

JVNDB-2012-002007 SocialCMS の my_admin/admin1_list_pages.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002007.html

JVNDB-2012-002006 Quagga の bgpd の BGP 実装におけるサービス運用妨害 (表明違反および Daemon Exit) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002006.html

JVNDB-2012-002005 Quagga の OSPFv2 実装におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002005.html

JVNDB-2012-002004 Quagga の ospf_ls_upd_list_lsa 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002004.html

JVNDB-2012-002003 HP-UX 上の Distributed Computing Environment におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002003.html

JVNDB-2012-002002 HP Business Availability Center におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002002.html

JVNDB-2012-002001 HP Onboard Administrator における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002001.html

JVNDB-2012-002000 HP Onboard Administrator におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002000.html

JVNDB-2012-001999 HP Onboard Administrator におけるユーザを任意の Web サイトにリダイレクトされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001999.html

Helix Server Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, and Conduct Cross-Site Scripting Attacks and Let Local Users Obtain Passwords
http://www.securitytracker.com/id/1026898

Not your Parent's Wireless Threat
http://isc.sans.edu/diary.html?storyid=12934

osCMax "customers_group_name" Script Insertion and SQL Injection Vulnerabilities
http://secunia.com/advisories/48731/

Newscoop Multiple Vulnerabilities
http://secunia.com/advisories/48769/

KVM qemu-kvm "ext4_fill_flex_info()" Denial of Service Vulnerability
http://secunia.com/advisories/48645/

Gajim SQL and Command Injection Vulnerabilities
http://secunia.com/advisories/48708/

OpenCart Two Vulnerabilities
http://secunia.com/advisories/48762/

ISPConfig Webdav User Permission Change Security Bypass
http://secunia.com/advisories/48709/

idev-GameSite "id" SQL Injection Vulnerability
http://secunia.com/advisories/48725/

Cloudera Manager Hadoop User Impersonation Vulnerability
http://secunia.com/advisories/48776/

Apache Hadoop User Impersonation Vulnerability
http://secunia.com/advisories/48775/

Apache Hadoop User Impersonation Vulnerability
http://secunia.com/advisories/48715/

FFmpeg Multiple Vulnerabilities
http://secunia.com/advisories/48770/

Oracle MySQL Server Two Unspecified Vulnerabilities
http://secunia.com/advisories/48744/

RealNetworks Helix Server Multiple Vulnerabilities
http://secunia.com/advisories/45414/

Google Chrome Multiple Code Execution and Security Bypass
http://www.vupen.com/english/ADV-2012-0199.php

Cisco WebEx Player Multiple Buffer Overflow Vulnerabilities
http://www.vupen.com/english/ADV-2012-0198.php

Novell iManager jclient "EnteredAttrName" Parameter Buffer Overflow
http://www.vupen.com/english/ADV-2012-0197.php

ImageMagick Data Processing Multiple Denial of Service Vulnerabilities
http://www.vupen.com/english/ADV-2012-0196.php

HP Business Availability Center Cross Site Scripting Vulnerability
http://www.vupen.com/english/ADV-2012-0195.php

Apple Mac OS X Security Update Fixes Java Remote Code Execution
http://www.vupen.com/english/ADV-2012-0194.php

REMOTE: Snort 2 DCE/RPC preprocessor Buffer Overflow
http://www.exploit-db.com/exploits/18723

LOCAL: Mini-stream RM-MP3 Converter v3.1.2.2 Local Buffer Overflow
http://www.exploit-db.com/exploits/18726

WordPress TagGator 'tagid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52908

Symantec pcAnywhere Authentication Request Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/52094

Symantec pcAnywhere Host Services Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51592

Symantec pcAnywhere Client/Server Input Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/51965

Symantec pcAnywhere Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/51593

Symantec pcAnywhere Session Closure Access Violation Vulnerability
http://www.securityfocus.com/bid/51862

libpng 'png_set_text_2()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52830

OpenStack Compute (Nova) Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52831

Perl YAML-LibYAML Module 'perl_libyaml.c' Multiple Format String Vulnerabilities
http://www.securityfocus.com/bid/52381

Python 'trytond' Module 'Many2Many' Field Security Bypass Vulnerability
http://www.securityfocus.com/bid/52804

Oracle Java SE CVE-2012-0498 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52019

Mozilla Firefox/Thunderbird/SeaMonkey Ogg Vorbis Files Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51753

Apple Mac OS X CVE-2011-3460 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51814

Mozilla Firefox/Thunderbird/SeaMonkey Out of Bounds Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51138

TRENDnet TV-IP121WN ActiveX Control 'OpenFileDlg()' Method Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52760

Csound 'getnum()' Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/52144

Lenovo ThinkManagement Console Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/52023

Liferay Portal Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/47082

CastRipper '.m3u' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34915

libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52049

Sectool DBus File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/52884

PHP CVE-2012-0057 Security Bypass Vulnerability
http://www.securityfocus.com/bid/51806

PHP CVE-2012-0831 'magic_quotes_gpc' Directive Security Bypass Weakness
http://www.securityfocus.com/bid/51954

Suhosin Extension Transparent Cookie Encryption Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51574

PHP 'zend_strndup()' Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/51417

GNU Libtasn1 ASN1 Length DER Decoding Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52668

python-paste-script Root GID Files Arbitrary File Access Vulnerability
http://www.securityfocus.com/bid/52147

GnuTLS 'gnutls_session_get_data()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50609

GnuTLS TLS Record Handling Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52667

Novell iManager Long TREE Field Off-By-One Denial of Service Vulnerability
http://www.securityfocus.com/bid/40485

Novell iManager Schema Create Class Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40480

GE Energy D20/D200 Substation Controller Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52955

Dolibarr 'export.php' Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/52953

osCMax Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52948

CitrusDB Local File Include and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/52946

Sourcefabric Newscoop Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/52941

Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
http://www.securityfocus.com/bid/52939

IDevSpot idev-GameSite 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52937

Siemens Scalance X Switches 'HTTP' Request Denial of Service Vulnerability
http://www.securityfocus.com/bid/52933

RealNetworks Helix Server Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52929

:: IT Security Neophyte Investigator's MEMO ::

2012年4月10日火曜日

10日火曜日、仏滅

0 件のコメント:

コメントを投稿

2012年4月10日火曜日

10日 火曜日、仏滅

0 件のコメント:

コメントを投稿

10日火曜日、仏滅