:: IT Security Neophyte Investigator's MEMO ::: 2日水曜日、友引

2012年5月2日水曜日

2日水曜日、友引

+ Mozilla Thunderbird 12.0.1 released
http://www.mozilla.org/en-US/thunderbird/12.0.1/releasenotes/

+ HPSBMU02770 SSRT100848 rev.1 - HP Insight Management Agents for Windows Server, Remote Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS), URL Redirection, Unauthorized Modification, Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03301267%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2006

+ HPSBMU02771 SSRT100558 rev.1 - HP SNMP Agents for Linux, Remote Cross Site Scripting (XSS), URL Redirection
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03301854%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2002

+ HPSBMU02772 SSRT100603 rev.1 - HP System Health Application and Command Line Utilities for Linux, Remote Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03301871%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2000

+ Samba 4.0.0α20 released
ftp://ftp.samba.gr.jp/pub/samba/samba4/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2111

+ SA49007 McAfee Virtual Technician MVTControl ActiveX Control Code Execution Vulnerability
http://secunia.com/advisories/49007/

+ SA48976 Samba LSA RPC "take ownership" Privilege Security Bypass Security Issue
http://secunia.com/advisories/48976/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2111

+ SA48992 Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/48992/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1521

+ Samba mount.cifs Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/52742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1586

シマンテックが2011年セキュリティ脅威レポートを発表、攻撃は8割増
http://itpro.nikkeibp.co.jp/article/NEWS/20120427/394147/?ST=security

[ MDVSA-2012:067 ] samba
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00002.html

Bugtraq Corrections about Squid/McAfee URL Filtering Bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00001.html

Insider Threat Security Reference Architecture Technical Report Released
http://www.sei.cmu.edu/library/abstracts/reports/12tr007.cfm

JVNDB-2012-002169 Bugzilla におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002169.html

JVNDB-2012-002168 Bugzilla におけるロックアウトポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002168.html

JVNDB-2012-002167 RuggedCom の Rugged Operating System (ROS) におけるアクセス権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002167.html

JVNDB-2012-001989 Netgear FVS318N の初期設定に問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001989.html

JVNDB-2012-002127 Rugged Operating System (ROS) におけるユーザアカウントに関する問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002127.html

JVNDB-2012-001990 TP-Link 8840T の初期設定に問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001990.html

Are Open SSIDs in decline?
http://isc.sans.edu/diary.html?storyid=13102

Adobe Acrobat and Reader 'msiexec.exe' Search Path Remote Arbitrary Code Execution Vulnerability
http://www.securiteam.com/securitynews/5CP3J2K6UW.html

Drupal Session Fixation Vulnerability
http://www.securiteam.com/securitynews/5BP3I2K6UI.html

Oracle Database Server Remote XML Developer Kit Vulnerability
http://www.securiteam.com/securitynews/5AP3H2K6UU.html

Symantec pcAnywhere Session Closure Access Violation Vulnerability
http://www.securiteam.com/securitynews/5ZP3G2K6UG.html

Drupal Cross Site Request Forgeries Vulnerability
http://www.securiteam.com/securitynews/5QP3H2A6UA.html

Drupal core - Cross Site Scripting (UTF8) Vulnerability
http://www.securiteam.com/securitynews/5PP3G2A6UA.html

Drupal Password leak Vulnerability in URL
http://www.securiteam.com/securitynews/5ZP3H206US.html

HP System Health Application and Command Line Utilities for Linux Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026998

McAfee Virtual Technician ActiveX Control GetObject() Function Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026996

Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication
http://www.securitytracker.com/id/1026990

VU#359816 Oracle database TNS listener vulnerability
http://www.kb.cert.org/vuls/id/359816

Red Hat update for Red Hat Enterprise MRG
http://secunia.com/advisories/49001/

Apache Qpid Cluster Broker Authentication Security Bypass Security Issue
http://secunia.com/advisories/49000/

SUSE update for samba
http://secunia.com/advisories/49030/

MyClientBase Script Insertion and SQL Injection Vulnerabilities
http://secunia.com/advisories/48961/

Ubuntu update for samba
http://secunia.com/advisories/48984/

McAfee Virtual Technician MVTControl ActiveX Control Code Execution Vulnerability
http://secunia.com/advisories/49007/

HP Systems Insight Manager Multiple Vulnerabilities
http://secunia.com/advisories/49035/

Ubuntu update for linux-lts-backport-oneiric
http://secunia.com/advisories/48987/

Pale Moon Multiple Vulnerabilities
http://secunia.com/advisories/48995/

Red Hat update for samba and samba3x
http://secunia.com/advisories/48996/

ManageEngine SupportCenter Plus Multiple Vulnerabilities
http://secunia.com/advisories/48839/

Ubuntu update for kernel
http://secunia.com/advisories/49027/

Remote-Anything Player Movie Processing Code Execution Vulnerability
http://secunia.com/advisories/49008/

Samba LSA RPC "take ownership" Privilege Security Bypass Security Issue
http://secunia.com/advisories/48976/

Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/48992/

REMOTE: Solarwinds Storage Manager 5.1.0 Remote SYSTEM SQL Injection Exploit
http://www.exploit-db.com/exploits/18818

REMOTE: McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability
http://www.exploit-db.com/exploits/18812

LOCAL: SAMSUNG NET-i Viewer 1.37 SEH Overwrite
http://www.exploit-db.com/exploits/18808

DoS/PoC: Mikrotik Router Denial of Service
http://www.exploit-db.com/exploits/18817

DoS/PoC: LAN Messenger <= v1.2.28 Denial of Service Vulnerability
http://www.exploit-db.com/exploits/18816

Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/53305

Mozilla Firefox/SeaMonkey/Thunderbird Site Identity Spoofing Vulnerability
http://www.securityfocus.com/bid/53224

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0475 Security Bypass Vulnerability
http://www.securityfocus.com/bid/53230

Mozilla Firefox/Thunderbird/SeaMonkey 'cairo-dwrite' CVE-2012-0472 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53218

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0471 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53219

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0474 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53228

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0477 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53229

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0473 Out of Bounds Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53231

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-0470 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53225

Mozilla Firefox/Thunderbird/SeaMonkey IDBKeyRange Use-After-Free Vulnerability
http://www.securityfocus.com/bid/53220

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0467 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53223

OpenType Sanitizer Off By One Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53222

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0468 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53221

Bugzilla Cross Site Request Forgery and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/53153

Oracle Java SE and Java for Business CVE-2011-0868 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/48140

OpenStack Compute (Nova) CVE-2012-2101 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53297

Expat XML Parsing Multiple Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52379

phpMyAdmin Database Name Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52857

phpMyAdmin 'show_config_errors.php' Full Path Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52858

RubyGems SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/53174

GNU Common Internet File System (CIFS) setuid 'mount.cifs' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53246

Samba mount.cifs Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/52742

ImageMagick Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52898

ImageMagick Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/51957

Samba CVE-2012-2111 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/53307

Oracle Java Floating-Point Value Denial of Service Vulnerability
http://www.securityfocus.com/bid/46091

Oracle Java SE and Java for Business CVE-2011-0872 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48141

Oracle Java SE and Java for Business CVE-2010-4470 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46387

Oracle Java SE and Java for Business CVE-2011-0873 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48148

Oracle Java SE and Java for Business CVE-2011-0871 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48142

Oracle Java SE and Java for Business CVE-2011-0869 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48146

Oracle Java SE and Java for Business CVE-2011-0867 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/48144

Oracle Java SE and Java for Business CVE-2011-0865 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48147

Oracle Java SE and Java for Business CVE-2011-0864 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48139

Oracle Java SE and Java for Business CVE-2011-0863 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/48138

Oracle Java SE and Java for Business CVE-2011-0866 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48136

Oracle Java SE and Java for Business ICC Profile Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/48137

Oracle Java SE and Java for Business CVE-2011-0815 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48143

Oracle Java SE and Java for Business CVE-2011-0814 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48145

Oracle Java SE and Java for Business CVE-2011-0817 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/48134

Oracle Java SE and Java for Business CVE-2011-0802 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/48149

Oracle Java SE CVE-2011-3557 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50234

Oracle Java SE CVE-2011-3556 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50231

Adobe LiveCycle Data Services and BlazeDS Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/48267

BlazeDS and GraniteDS AMF/AMFX Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/48279

Oracle Java SE and Java for Business CVE-2011-0788 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48135

Oracle Java SE CVE-2011-3558 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50242

Oracle Java SE and Java for Business CVE-2011-0786 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48133

Adobe Flex SDK CVE-2011-2461 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50869

nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52999

Multiple Browser Wild Card Certificate Spoofing Vulnerability
http://www.securityfocus.com/bid/42817

Adobe Flash Player CVE-2011-2414 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49076

Adobe Flash Player CVE-2011-2425 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/49085

Adobe Flash Player CVE-2011-2415 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49077

Adobe Flash Player CVE-2011-2417 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/49084

Adobe Flash Player CVE-2011-2416 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/49081

Adobe Flash Player CVE-2011-0611 'SWF' File Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47314

Adobe Flash Player CVE-2011-2137 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49075

Adobe Flash Player CVE-2011-2139 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/49086

Adobe Flash Player CVE-2011-2140 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/49083

Adobe Flash Player 'BitmapData.scroll' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/49080

Adobe Flash Player 'flash.display' Class Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/49082

Adobe Flash Player CVE-2011-2136 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/49079

Adobe Flash Player CVE-2011-2134 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49074

Adobe Flash Player CVE-2011-2430 Streaming Media Logic Error Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/49717

Adobe Flash Player CVE-2011-2429 Security Control Bypass Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49718

Adobe Flash Player CVE-2011-2427 AVM Stack Overflow Vulnerability
http://www.securityfocus.com/bid/49715

Adobe Flash Player CVE-2011-2130 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49073

Adobe Flash Player CVE-2011-2428 Logic Error Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/49716

Adobe Flash Player CVE-2011-2444 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/49710

Adobe Flash Player CVE-2011-2459 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50620

Adobe Flash Player CVE-2011-2460 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50628

Adobe Flash Player CVE-2011-2426 AVM Stack Overflow Vulnerability
http://www.securityfocus.com/bid/49714

Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935

Adobe Flash Player CVE-2011-2458 Cross Domain Security Bypass Vulnerability
http://www.securityfocus.com/bid/50629

Adobe Flash Player CVE-2011-2457 Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50621

Adobe Flash Player CVE-2011-2456 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50624

Adobe Flash Player CVE-2011-2454 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50626

Adobe Flash Player CVE-2011-2453 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50618

Adobe Flash Player CVE-2011-2452 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50622

Adobe Flash Player CVE-2011-2455 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50627

Adobe Flash Player CVE-2011-2445 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50625

Adobe Flash Player CVE-2011-2451 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50623

Adobe Flash Player CVE-2011-2450 Heap Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50619

Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/41544

Linux Kernel 'memcg' NULL Pointer Deference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52324

Linux Kernel '__split_huge_page()' Race Condition Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52533

Linux Kernel KVM CVE-2012-0045 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51389

Linux Kernel CVE-2011-4347 Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/50811

Linux Kernel Regsets CVE-2012-1097 NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52274

Linux Kernel 'journal_unmap_buffer()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51945

Linux Kernel CVE-2012-1090 CIFS 'umount' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52197

WordPress Zingiri Web Shop Plugin HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53318

Samsung NET-i Viewer 'msls31.dll' ActiveX Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53317

WellinTech KingView DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/53316

HP Systems Insight Manager Unspecified Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/53315

GENU Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/53312

MyClientBase Multiple SQL Injection and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53311

:: IT Security Neophyte Investigator's MEMO ::

2012年5月2日水曜日

2日水曜日、友引

0 件のコメント:

コメントを投稿

2012年5月2日水曜日

2日 水曜日、友引

0 件のコメント:

コメントを投稿

2日水曜日、友引