:: IT Security Neophyte Investigator's MEMO ::: 6日金曜日、赤口

2012年4月6日金曜日

6日金曜日、赤口

+ マイクロソフトセキュリティ情報の事前通知 - 2012 年 4 月
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-apr

+ Google Chrome 18.0.1025.151 released
http://googlechromereleases.blogspot.jp/search/label/Stable%20updates
http://googlechromereleases.blogspot.jp/search/label/Beta%20updates

+ Google Chromebooks 18.0.1025.151 released
http://googlechromereleases.blogspot.jp/search/label/Stable%20updates
http://googlechromereleases.blogspot.jp/search/label/Beta%20updates
http://googlechromereleases.blogspot.jp/search/label/Dev%20updates

+ Multiple Denial of Service (DoS) vulnerabilities in Apache Tomcat
https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4858
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0022

+ CVE-2011-3439 Denial of Service (DoS) vulnerability in FreeType
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3439_denial_of
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3439

+ Multiple vulnerabilities in Mozilla Firefox
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_mozilla_firefox1
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2372
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2995
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2997
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3000
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3001
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3002
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3003
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3004
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3005
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3232
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3648
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3650
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3651
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3652
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3654
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3655

+ CVE-2011-3256 Denial of Service (DoS) vulnerability in FreeType 2
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3256_denial_of
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3256

+ CVE-2011-4028 Information Disclosure vulnerability in X.org
https://blogs.oracle.com/sunsecurity/entry/cve_2011_4028_information_disclosure
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4028

+ Multiple vulnerabilities in Thunderbird
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird3
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2372
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2995
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2997
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2998
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2999
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3000
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3001
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3005
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3232

+ CVE-2010-1634 Integer Overflow vulnerability in Python
https://blogs.oracle.com/sunsecurity/entry/cve_2010_1634_integer_overflow
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1634

+ CVE-2011-2895 Buffer Overflow vulnerability in X.Org
https://blogs.oracle.com/sunsecurity/entry/cve_2011_2895_buffer_overflow
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2895

+ Tomcat 7.0.27 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

+ Sudo 1.8.5b5 released
http://www.sudo.ws/sudo/devel.html#1.8.5b5

APSB12-08 Prenotification Security Advisory for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb12-08.html

第8回IPA情報セキュリティ標語・ポスター・4コマ漫画コンクール2012開催決定
http://www.ipa.go.jp/security/event/hyogo/2012/index.html

いつの間にか感染、対策ソフトも未検知――脆弱性悪用ウイルスに注意
IPAが注意喚起、「ソフトウエアの脆弱性解消が第一」
http://itpro.nikkeibp.co.jp/article/NEWS/20120406/389742/?ST=security

JVN#97200417 せん茶SNS におけるセッション固定の脆弱性
http://jvn.jp/jp/JVN97200417/index.html

JVN#44913777 せん茶SNS におけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN44913777/index.html

JVN#92830293 東芝テック製 e-Studio シリーズにおける認証回避の脆弱性
http://jvn.jp/jp/JVN92830293/index.html

JVNVU#514315 Java for Mac OS における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU514315/index.html

JVNDB-2012-001483 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001483.html

JVNDB-2012-001482 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001482.html

JVNDB-2012-001480 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001480.html

JVNDB-2012-001479 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001479.html

JVNDB-2012-001478 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001478.html

JVNDB-2012-001473 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001473.html

JVNDB-2012-001477 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001477.html

JVNDB-2012-001476 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001476.html

JVNDB-2012-001475 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001475.html

JVNDB-2012-001474 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001474.html

JVNDB-2011-003567 Oracle Glassfish におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003567.html

JVNDB-2012-001990 (JVNVU#834723) TP-Link 8840T の初期設定に問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001990.html

JVNDB-2012-001989 (JVNVU#928795) Netgear FVS318N の初期設定に問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001989.html

JVNDB-2012-000030 (JVN#97200417) せん茶SNS におけるセッション固定の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000030.html

JVNDB-2012-000029 (JVN#44913777) せん茶SNS におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000029.html

JVNDB-2012-000028 (JVN#92830293) 東芝テック製 e-Studio シリーズにおける認証回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000028.html

JVNDB-2011-005031 TurboPower Abbrevia におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005031.html

JVNDB-2011-005030 複数の ARC Informatique 製品の ActiveX コントロールにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005030.html

JVNDB-2011-005029 複数の ARC Informatique 製品の ActiveX コントロールにおけるファイルを変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005029.html

JVNDB-2011-005028 複数の ARC Informatique 製品の ActiveX コントロールにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005028.html

JVNDB-2011-005027 複数の ARC Informatique 製品の ActiveX コントロールにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005027.html

JVNDB-2012-001988 複数の Invensys 製品におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001988.html

JVNDB-2012-001987 複数の Invensys 製品におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001987.html

JVNDB-2012-001986 Invensys Wonderware Information Server におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001986.html

JVNDB-2012-001985 Invensys Wonderware Information Server における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001985.html

JVNDB-2012-001984 Invensys Wonderware Information Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001984.html

JVNDB-2012-001981 Movable Type におけるデータを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001981.html

JVNDB-2012-001980 Movable Type におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001980.html

Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00026.html

[security bulletin] HPSBMU02749 SSRT100793 rev.1 - HP Business Availability Center (BAC) Running
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00025.html

[SECURITY] [DSA 2447-1] tiff security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00034.html

[SECURITY] [DSA 2446-1] libpng security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00030.html

Sourcefire Defense Center - multiple vulnerabilities.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00029.html

Multiple vulnerabilities in osCmax
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00020.html

[ MDVSA-2012:053 ] ocsinventory
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00027.html

[security bulletin] HPSBMU02753 SSRT100782 rev.1 - HP Business Availability Center (BAC) Running
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00014.html

vBulletin 4.1.10 Sql Injection Vulnerabilitiy
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00041.html

[security bulletin] HPSBMU02759 SSRT100817 rev.1 - HP Onboard Administrator (OA), Remote Unautho
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00012.html

Hotel Booking Portal SQL Injection (CVE-2012-1672)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00024.html

e-ticketing SQL Injection (CVE-2012-1673)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00021.html

phpPaleo Local File Inclusion (CVE-2012-1671)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00022.html

[DCA-2011-0016] - Tufin SecureTrack Cross Site Script
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00023.html

APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Upda
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00019.html

Arbor Networks Peakflow SP web interface XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00018.html

[Suspected Spam] Astaro Command Center v2.x - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00017.html

[ MDVSA-2012:052 ] libvorbis
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00016.html

[ MDVSA-2012:051 ] libvorbis
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00015.html

[ MDVSA-2012:050 ] phpmyadmin
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00013.html

[SE-2012-01] Security vulnerabilities in Java SE
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00028.html

[ MDVSA-2012:049 ] nagios
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00011.html

[ MDVSA-2012:048 ] mutt
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00010.html

[ MDVSA-2012:047 ] freeradius
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00009.html

[ MDVSA-2012:046 ] libpng
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00008.html

DirectAdmin v1.403 - Cross Site Scripting Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00033.html

ME Firewall Analyzer v7.2 - Cross Site Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00032.html

Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00031.html

Hackito 2012 Crypto Challenge
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00007.html

Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026892

Sourcefire Defense Center Bugs Let Remote Users Traverse the Directory, Access the Database, and Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1026890

Evil hides everywhere: Web Application Exploits in Headers
http://isc.sans.edu/diary.html?storyid=12904

REMOTE: Quest vWorkspace 7.5 Connection Broker Client ActiveX Control (pnllmcli.dll 7.5.304.547) SaveMiniLaunchFile() Method Remote File Creation / Overwrite poc
http://www.exploit-db.com/exploits/18704

REMOTE: Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite poc
http://www.exploit-db.com/exploits/18703

LOCAL: Mini-stream Ripper [.m3u] 3.1.3.2 buffer overflow vulnnerability
http://www.exploit-db.com/exploits/18706

DoS/PoC: Sony Bravia Remote Denial of Service
http://www.exploit-db.com/exploits/18705

Cisco WebEx Player Three Vulnerabilities
http://secunia.com/advisories/47023/

Debian update for tiff
http://secunia.com/advisories/48735/

Ubuntu update for tiff
http://secunia.com/advisories/48722/

LibTIFF "gtTileSeparate()" Integer Overflow Vulnerability
http://secunia.com/advisories/48684/

e-ticketing "user_name" and "password" SQL Injection Vulnerabilities
http://secunia.com/advisories/48670/

Sourcefire Defense Center / 3D Sensor Multiple Vulnerabilities
http://secunia.com/advisories/48667/

ABB Multiple Products ActiveX Control Buffer Overflow Vulnerability
http://secunia.com/advisories/48693/

ImageMagick Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/48679/

Sencha SNS Cross-Site Request Forgery and Session Fixation Vulnerabilities
http://secunia.com/advisories/48639/

Hosting Directory Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/48706/

Debian update for libpng
http://secunia.com/advisories/48644/

Juniper IVE OS Network Connect/Pulse Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48720/

Juniper IVE OS Network Connect/Pulse Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48718/

Ticket Support Script Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/48710/

AlstraSoft Site Uptime Enterprise Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/48707/

SUSE update for chromium and v8
http://secunia.com/advisories/48729/

Drupal Print Module Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48625/

Linux Kernel 'journal_unmap_buffer()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51945

Linux Kernel 'ext4_ext_insert_extent()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50322

Linux Kernel 'exec()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51947

Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51176

libpng 'png_set_text_2()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52830

Multiple Toshiba e-Studio Devices Security Bypass Vulnerability
http://www.securityfocus.com/bid/50168

Arbor Networks Peakflow SP 'index/' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52881

libTIFF CVE-2012-1173 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52891

LibTIFF Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/47338

Quest Toad DBA Suite for Oracle ActiveX Control Arbitrary File Overwrite Vulnerability
http://www.securityfocus.com/bid/52920

Adobe Acrobat and Reader APSB12-08 Advance Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52919

Quest vWorkspace 'pnllmcli.dll' ActiveX Control Arbitrary File Overwrite Vulnerability
http://www.securityfocus.com/bid/52917

Adobe Flash Player CVE-2012-0724 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52916

Adobe Flash Player CVE-2012-0725 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52914

Google Chrome Prior to 18.0.1025.151 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52913

Umbraco CMS 'url' Parameter Open Proxy Vulnerability
http://www.securityfocus.com/bid/52912

Microsoft April 2012 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/52910

WordPress TagGator 'tagid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52908

Sencha SNS Session Fixation And Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/52900

Juniper Networks IVE OS Network Connect/Pulse feature Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52899

ImageMagick Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52898

Sony Bravia 'hping' Command Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52893

:: IT Security Neophyte Investigator's MEMO ::

2012年4月6日金曜日

6日金曜日、赤口

0 件のコメント:

コメントを投稿

2012年4月6日金曜日

6日 金曜日、赤口

0 件のコメント:

コメントを投稿

6日金曜日、赤口