:: IT Security Neophyte Investigator's MEMO ::: 20日金曜日、友引

2012年4月20日金曜日

20日金曜日、友引

+ HPSBMU02764 SSRT100827 rev.2 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03280632%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Apache James Server 3.0-beta4 released
http://james.apache.org/download.cgi#Apache_James_Server

+ OpenSSL 1.0.1a released
http://www.openssl.org/news/
http://www.openssl.org/news/changelog.html

+ OpenSSL "asn1_d2i_read_bio()" DER Format Data Processing Vulnerability
http://secunia.com/advisories/48847/
http://isc.sans.edu/diary.html?storyid=13018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110

+ DoS/PoC: OpenSSL ASN1 BIO Memory Corruption Vulnerability
http://www.exploit-db.com/exploits/18756

+ DoS/PoC: MS11-046 Afd.sys Proof of Concept
http://www.exploit-db.com/exploits/18755

脆弱性対策情報データベースJVN iPediaの登録状況
[2012年第1四半期（1月～3月）]
http://www.ipa.go.jp/security/vuln/report/JVNiPedia2012q1.html

話題の「インスタグラム」をかたるAndroidマルウエア出現
http://itpro.nikkeibp.co.jp/article/NEWS/20120420/392184/?ST=security

Macを狙う「Flashback」マルウエア、いまだに14万台が感染
シマンテックが報告、アップルなどは削除ツールを提供
http://itpro.nikkeibp.co.jp/article/NEWS/20120420/392181/?ST=security

［ONS2012］SDNの活用シーンに広がり、ペアレンタルコントロールやセキュリティ分野にも
http://itpro.nikkeibp.co.jp/article/NEWS/20120419/392081/?ST=security

「Visaカードの不正利用は20年間で3分の2に減少」---米Visaのリスク管理チーフが説明
http://itpro.nikkeibp.co.jp/article/NEWS/20120419/392061/?ST=security

TISとインテック、会員登録時に携帯電話番号を認証するWebサービスを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20120419/391982/?ST=security

[ MDVSA-2012:060 ] openssl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00140.html

Vulnerabilities in Samsung TV (remote controller protocol)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00141.html

[CVE-2012-2273] Comodo Internet Security <5.10 BSOD (Win7 x64)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00138.html

VUPEN Security Research - Adobe Flash Player NetStream Remote Code Execution Vulnerability (APSB
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00137.html

Ruxcon 2012 Call For Papers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00136.html

[SECURITY] [DSA 2453-2] gajim regression
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00135.html

Security advisory for Bugzilla 4.2.1, 4.0.6 and 3.6.9
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00134.html

The history of a -probably- 13 years old Oracle bug: TNS Poison
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00133.html

ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00132.html

Paste Script Improper Group Privileges Weakness
http://secunia.com/advisories/48812/

KVM Device Mapping Memory Leak Denial of Service Vulnerability
http://secunia.com/advisories/48852/

HP-UX Apache Web Server Multiple Vulnerabilities
http://secunia.com/advisories/48851/

ownCloud Multiple Vulnerabilities
http://secunia.com/advisories/48850/

Red Hat update for kernel
http://secunia.com/advisories/48881/

SUSE update for freetype2
http://secunia.com/advisories/48918/

Drupal Gigya - Social optimization Module Cross-Site-Scripting Vulnerability
http://secunia.com/advisories/48832/

Bugzilla Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/48835/

Gentoo swftools Two Integer Overflow Vulnerabilities
http://secunia.com/advisories/48821/

Drupal Commerce Reorder Module Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/48912/

DoS/PoC: Wireshark 'call_dissector()' NULL Pointer Dereference Denial Of Service
http://www.exploit-db.com/exploits/18758

DoS/PoC: VLC 2.0.1 division by zero vulnerability
http://www.exploit-db.com/exploits/18757

DoS/PoC: LibreOffice 3.5.2.2 Memory Corruption
http://www.exploit-db.com/exploits/18754

DoS/PoC: Samsung D6000 TV Multiple Vulnerabilities
http://www.exploit-db.com/exploits/18751

OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428

Oracle Database Server OCIPasswordChange API CVE-2012-0510 Security Bypass Vulnerability
http://www.securityfocus.com/bid/53090

Oracle Database Server OCIPasswordChange API Security Bypass Vulnerability
http://www.securityfocus.com/bid/53101

OpenSSL ASN.1 S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52181

OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764

OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158

Oracle Enterprise Manager CVE-2012-0512 SQL Injection Vulnerability
http://www.securityfocus.com/bid/53092

Oracle Enterprise Manager CVE-2012-0525 SQL Injection Vulnerability
http://www.securityfocus.com/bid/53063

Oracle Database Server CVE-2012-0528 Remote Session Fixation Vulnerability
http://www.securityfocus.com/bid/53089

Oracle Database Server CVE-2012-0527 Remote HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/53093

Oracle Database Server CVE-2012-0526 Remote HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/53084

Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability
http://www.securityfocus.com/bid/52161

Adobe Flash Player APSB12-07 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/52748

Oracle GlassFish Enterprise Server 'REST interface' Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/53118

Wireshark 'call_dissector()' NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52735

Wireshark 'ERF' data Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52737

Wireshark MP2T Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/52736

Wireshark IEEE 802.11 Dissector Infinite Loop Denial of Service Vulnerability
http://www.securityfocus.com/bid/52738

Samba 'Perl-Based DCE/RPC IDL' Compiler Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52973

Gallery Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52996

ioQuake3 Engine Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52719

Drupal Autosave Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/52985

UniOPC IP*Works! SSL Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50003

Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51706

Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51705

Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407

Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50494

Microsoft Office RTF File Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44652

Gajim CVE-2012-2093 Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/53017

Gajim SQL Injection and Code Execution Vulnerabilities
http://www.securityfocus.com/bid/52943

Microsoft Windows 'AFD.sys' Driver Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/48198

MacVTap Device Driver Local Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53165

EMC Data Protection Advisor Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/53164

Comodo Internet Security Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53163

KVM CVE-2012-2121 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53162

Samsung TV and BD Products Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/53161

AdAstrA TRACE MODE Data Center Remote Arbitrary File Access Vulnerability
http://www.securityfocus.com/bid/53160

Fortune3 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53151

:: IT Security Neophyte Investigator's MEMO ::

2012年4月20日金曜日

20日金曜日、友引

0 件のコメント:

コメントを投稿

2012年4月20日金曜日

20日 金曜日、友引

0 件のコメント:

コメントを投稿

20日金曜日、友引