2012年6月29日金曜日
29日 金曜日、友引
+ Google Chrome 20.0.1132.47 released
http://googlechromereleases.blogspot.jp/2012/06/beta-and-stable-channel-update.html
+ CentOS alert CESA-2012:1045 (php)
http://lwn.net/Alerts/504054/
+ CentOS alert CESA-2012:1047 (php53)
http://lwn.net/Alerts/504055/
Red Hat Enterprise Linux 6 専用 及び CentOS 6 専用 ServerProtect for Linux 3.0 プログラム公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1796
Advisory: Sophos Endpoint v 9.5 and 9.7: automatic upgrade to v 10, reboot required
http://www.sophos.com/en-us/support/knowledgebase/117480.aspx
Advisory: Upgrade to Sophos Anti-Virus for Mac, version 8
http://www.sophos.com/en-us/support/knowledgebase/116709.aspx
キヤノンITソリューションズ、Android向け総合セキュリティソフト
http://itpro.nikkeibp.co.jp/article/NEWS/20120628/406086/?ST=security
日立ソリューションズ、DBファイアウォールの導入SIをメニュー化
http://itpro.nikkeibp.co.jp/article/NEWS/20120628/405976/?ST=security
JVNDB-2012-002895 Oracle MySQL および MariaDB の sql/password.c における認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002895.html
JVNDB-2012-002894 IBM AIX および VIOS の sendmail のデフォルト設定における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002894.html
JVNDB-2012-002893 Google Chrome における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002893.html
JVNDB-2012-002892 Google Chrome の PDF 機能の JS API におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002892.html
JVNDB-2012-002891 Google Chrome の PDF 機能の画像コーデックにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002891.html
JVNDB-2012-002890 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002890.html
JVNDB-2012-002889 Google Chrome におけるサービス運用妨害 (不正なポインタの使用) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002889.html
JVNDB-2012-002888 Google Chrome の Cascading Style Sheets の実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002888.html
JVNDB-2012-002887 Google Chrome の PDF 機能における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002887.html
JVNDB-2012-002886 Mac OS X 上で稼働する Google Chrome の UI におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002886.html
JVNDB-2012-002885 Google Chrome におけるサービス運用妨害 (out-of-bounds read) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002885.html
JVNDB-2012-002884 Google Chrome の XSL の実装におけるサービス運用妨害 (不正な読み取り操作) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002884.html
JVNDB-2012-002883 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002883.html
JVNDB-2012-002882 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002882.html
JVNDB-2012-002881 Google Chrome の PDF 機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002881.html
JVNDB-2012-002880 Google Chrome の autofill におけるテキスト表示の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002880.html
JVNDB-2012-002879 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002879.html
JVNDB-2012-002878 Google Chrome の texSubImage2D におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002878.html
JVNDB-2012-002877 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002877.html
JVNDB-2012-002876 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002876.html
JVNDB-2012-002875 Windows 上で稼働する Google Chrome におけるサービス運用妨害 (プロセス干渉) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002875.html
JVNDB-2012-002874 Google Chrome におけるフラグメント識別子から重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002874.html
JVNDB-2012-002873 64-bit Linux プラットフォーム上の Google Chrome で使用される libxml2 における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002873.html
JVNDB-2012-002872 Google Chrome における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002872.html
ZDI-12-113 : IBM Rational ClearQuest CQOle ActiveX Control Remote Code Execution Vulnerabili
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00187.html
ZDI-12-112 : SAP Netweaver ABAP msg_server.exe Parameter Name Remote Code Execution Vulnerab
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00186.html
ZDI-12-111 : SAP Netweaver ABAP msg_server.exe Opcode 0x43 Remote Code Execution Vulnerabili
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00185.html
ZDI-12-110 : Mozilla Firefox AttributeChildRemoved Use-After-Free Remote Code Execut
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00184.html
ZDI-12-108 : Apple Quicktime TeXML sampleData Element Parsing Remote Code Execution Vulnerab
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00182.html
ZDI-12-109 : Apple Quicktime TeXML Karaoke Element Parsing Remote Code Execution Vulnerabili
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00183.html
ZDI-12-107 : Apple Quicktime TeXML Style Element Parsing Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00181.html
[SECURITY] [DSA 2504-1] libspring-2.5-java security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00180.html
[SECURITY] [DSA 2503-1] bcfg2 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00179.html
ZDI-12-106 : Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00178.html
[security bulletin] HPSBPI02794 SSRT100542 rev.1 - Certain HP Photosmart Printers, Remote Denial
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00177.html
Massive spike in BGP traffic - Possible BGP poisoning?
http://isc.sans.edu/diary.html?storyid=13579
ISC Feature of the Week: About the Internet Storm Center
http://isc.sans.edu/diary.html?storyid=13582
WordPress Job Manager Plugin Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/49756/
PHP-Fusion Advanced MP3 Player Module Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49735/
IBM Integrated Information Core Multiple Vulnerabilities
http://secunia.com/advisories/49668/
WordPress Multiple Vulnerabilities
http://secunia.com/advisories/49726/
web@all Cross-Site Request Forgery and Scripting Vulnerabilities
http://secunia.com/advisories/49529/
HP Photosmart Printers Denial of Service Vulnerability
http://secunia.com/advisories/49739/
IBM Rational ClearQuest Cross-Site Scripting and Information Disclosure Vulnerabilities
http://secunia.com/advisories/49681/
SUSE update for kernel
http://secunia.com/advisories/49736/
Drupal Hashcash Module Invalid Token Script Insertion Vulnerability
http://secunia.com/advisories/49683/
bcfg2 Trigger Plugin Command Injection Vulnerability
http://secunia.com/advisories/49629/
Red Hat update for php53
http://secunia.com/advisories/49731/
Red Hat update for php
http://secunia.com/advisories/49730/
Cisco WebEx Player WRF Processing Multiple Vulnerabilities
http://secunia.com/advisories/49750/
Red Hat update for php
http://secunia.com/advisories/49599/
Cisco WebEx Player ARF Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/49751/
Mini-stream URL Hunter Playlist Buffer Overflow
http://secunia.com/advisories/49512/
Symantec Web Gateway 5.0.2.8 Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012060334
Symantec PcAnywhere login and password field buffer overflow
http://cxsecurity.com/issue/WLB-2012060333
VLC 2.0.1 Denial Of Service
http://cxsecurity.com/issue/WLB-2012060332
Real Player 10 Gold Exception Handling
http://cxsecurity.com/issue/WLB-2012060331
Chiangrai Enter Soft Design SQL Injection
http://cxsecurity.com/issue/WLB-2012060330
Top Nepal SQL Injection
http://cxsecurity.com/issue/WLB-2012060329
MUSOYAN SQL Injection
http://cxsecurity.com/issue/WLB-2012060328
Rainbowdigital SQL Injection
http://cxsecurity.com/issue/WLB-2012060327
Pixel Identity SQL Injection
http://cxsecurity.com/issue/WLB-2012060326
Rhdesign SQL Injection
http://cxsecurity.com/issue/WLB-2012060325
Rubysoft Solutions SQL Injection
http://cxsecurity.com/issue/WLB-2012060324
HR Software SQL Injection
http://cxsecurity.com/issue/WLB-2012060323
ExNet SQL Injection
http://cxsecurity.com/issue/WLB-2012060322
LOCAL: Apple QuickTime TeXML Stack Buffer Overflow
http://www.exploit-db.com/exploits/19433
AccountsService 'user_change_icon_file_authorized_cb()' Function File Disclosure Vulnerability
http://www.securityfocus.com/bid/54223
Openfire Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/32189
Bcfg2 'Trigger' Plugin Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/54217
Python PyCrypto Key Generation Weakness
http://www.securityfocus.com/bid/53687
Spring Framework Expression Language JSP Attributes Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49543
Gallery Cross Site Scripting and Arbitrary PHP Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54013
Apple QuickTime Prior To 7.7.2 Multiple Stack Overflow Vulnerabilities
http://www.securityfocus.com/bid/53571
OpenJPEG '.jpeg' File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52654
OpenJPEG Gray16 TIFF Image File Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53012
PHP 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities
http://www.securityfocus.com/bid/40173
libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729
PHP 'phar/tar.c' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47545
PHP 'php-cgi' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53388
PHP CVE-2012-0057 Security Bypass Vulnerability
http://www.securityfocus.com/bid/51806
PHP CVE-2012-0789 Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52043
PHP 'zend_strndup()' Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/51417
PHP CVE-2012-1172 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/53403
Mozilla Firefox/Thunderbird/SeaMonkey nsDOMAttribute Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51755
Symantec Web Gateway Arbitrary File Download And Delete Vulnerability
http://www.securityfocus.com/bid/53442
Symantec Web Gateway Remote Shell Command Execution Vulnerability
http://www.securityfocus.com/bid/53444
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49143
Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51705
PHP 'php_register_variable_ex()' Function Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/51830
webERP Multiple Remote and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/54236
TEMENOS T24 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/54235
Basilic 'diff.php' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/54234
Boost 'ordered_malloc()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54233
SAP Netweaver ABAP 'msg_server.exe' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54231
SAP Netweaver ABAP 'msg_server.exe' Parameter Name Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54229
PHP-Fusion Advanced MP3 Player Infusion 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/54228
Boehm GC malloc()' and 'calloc()' Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54227
WordPress Job Manager Plugin Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/54226
Avaya IP Office Customer Call Reporter 'ImageUpload.ashx' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54225
WordPress Security Bypass And Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/54224
Real Networks RealPlayer '.avi' File Divide-By-Zero Denial of Service Vulnerability
http://www.securityfocus.com/bid/54220
VLC Media Player '.avi' File Denial of Service Vulnerability
http://www.securityfocus.com/bid/54208
2012年6月28日木曜日
28日 木曜日、先勝
+ RHSA-2012:1046 Moderate: php security update
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2386
+ CentOS alert CESA-2012:1043 (libwpd)
http://lwn.net/Alerts/503802/
+ Buffer Overflow Vulnerabilities in the Cisco WebEx Player
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120627-webex
+ RHSA-2012:1045 Moderate: php security update
http://rhn.redhat.com/errata/RHSA-2012-1045.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2336
+ RHSA-2012:1047 Moderate: php53 security update
http://rhn.redhat.com/errata/RHSA-2012-1047.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2386
Appliance / Virtual Appliance 製品のうるう秒への対応について
http://www.trendmicro.co.jp/support/news.asp?id=1803
Trend Micro Mobile Security 8.0 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1802
ZDI-12-105 : Apple Quicktime Text Track Descriptor Parsing Remote Code Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00175.html
ZDI-12-104 : SAP Netweaver ABAP msg_server.exe Parameter Value Remote Code Execution Vulnera
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00174.html
ZDI-12-103 : Apple Quicktime Dataref URI Buffer Remote Code Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00173.html
Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00176.html
ZDI-12-102 : Novell iPrint Client nipplib.dll GetDriverSettings realm Remote Code Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00172.html
ZDI-12-101 : IBM Cognos tm1admsd.exe Multiple Operations Remote Code Execution Vulnerabiliti
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00171.html
[security bulletin] HPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running o
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00170.html
アップル、「ウイルスフリー」主張を撤回 (WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20120628/405822/?ST=security
日立ソリューションズ、機密ファイルの持ち出し制御ができる「秘文V10」を販売
http://itpro.nikkeibp.co.jp/article/NEWS/20120627/405714/?ST=security
財務省などにサイバー攻撃、「国有財産情報公開システム」は復旧できず
http://itpro.nikkeibp.co.jp/article/NEWS/20120627/405563/?ST=security
JVNDB-2012-002590 Certified Asterisk および Asterisk Open Source におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002590.html
JVNDB-2012-002589 Certified Asterisk および Asterisk Open Source におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002589.html
JVNDB-2012-002591 NUT の upsd 内の common/parseconf.c の addchar 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002591.html
JVNDB-2012-002513 Pidgin 用の OTR pidgin-otr プラグインにおけるフォーマットストリングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002513.html
JVNDB-2012-002461 sudo におけるコマンドの制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002461.html
JVNDB-2012-002400 OpenSSL における整数アンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002400.html
JVNDB-2012-002871 Pro-face WinGP PC ランタイムおよび Pro-Server EX におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002871.html
JVNDB-2012-002870 Pro-face WinGP PC ランタイムおよび Pro-Server EX における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002870.html
JVNDB-2012-002869 Pro-face WinGP PC ランタイムおよび Pro-Server EX におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002869.html
JVNDB-2012-002868 Pro-face WinGP PC ランタイムおよび Pro-Server EX におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002868.html
JVNDB-2012-002867 Pro-face WinGP PC ランタイムおよび Pro-Server EX における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002867.html
JVNDB-2012-002866 Pro-face WinGP PC ランタイムおよび Pro-Server EX におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002866.html
JVNDB-2012-002865 Apache Roller におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002865.html
JVNDB-2012-002864 Apache Roller の admin/editor コンソールにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002864.html
JVNDB-2012-002863 Drupal 用の Global Redirect モジュールにおけるオープンリダイレクトの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002863.html
JVNDB-2012-002862 Ruby on Rails の Active Record コンポーネントにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002862.html
JVNDB-2012-002861 Ruby on Rails におけるデータベースのクエリ制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002861.html
JVNDB-2012-002860 Ruby on Rails の Active Record コンポーネントにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002860.html
JVNDB-2012-002859 Ruby on Rails におけるデータベースのクエリ制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002859.html
JVNDB-2012-002858 IBM AIX の libodm.a における任意のファイルを上書される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002858.html
JVNDB-2012-002857 IBM System Storage DS Storage Manager におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002857.html
JVNDB-2012-002856 IBM System Storage DS Storage Manager における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002856.html
JVNDB-2012-002855 IBM Lotus Expeditor の Web コンテナにおける localhost の要求元になりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002855.html
JVNDB-2012-002854 IBM Lotus Expeditor における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002854.html
JVNDB-2012-002853 IBM Lotus Expeditor の Eclipse Help コンポーネントにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002853.html
JVNDB-2012-002852 Symantec LiveUpdate Administrator における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002852.html
JVNDB-2012-002851 Simple Web Content Management System における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002851.html
JVNDB-2012-002850 Drupal 用 Counter モジュールにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002850.html
JVNDB-2012-002849 Drupal 用 Comment Moderation モジュールにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002849.html
JVNDB-2012-002848 OpenStack の EC2 および OS API におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002848.html
JVNDB-2012-002777 Linux Kernel の xfrm6_tunnel_rcv 関数におけるメモリ二重解放の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002777.html
JVNDB-2012-002847 hostapd における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002847.html
JVNDB-2012-002846 OpenOffice.org で使用される libwpd における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002846.html
JVNDB-2012-002845 OpenOffice.org および LibreOffice の vclmi.dll モジュールにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002845.html
JVNDB-2012-002844 Argyll CMS およびその他のプログラムで使用される icclib におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002844.html
JVNDB-2012-002842 ICU の common/uloc.c 内の _canonicalize 関数におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002842.html
JVNDB-2012-002841 libgssapi および libgssglue における信頼されていない設定ファイルをロードされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002841.html
JVNDB-2012-002840 qemu-kvm の virtio_queue_notify におけるサービス運用妨害 (ゲストクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002840.html
JVNDB-2012-002839 Linux Kernel の fs/proc/root.c におけるサービス運用妨害 (リファレンスリークおよびメモリ消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002839.html
JVNDB-2012-002838 Linux Kernel の robust futex の実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002838.html
JVNDB-2012-002837 Linux Kernel の ROSE プロトコルの実装における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002837.html
JVNDB-2012-002836 Linux Kernel の rose_parse_ccitt 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002836.html
JVNDB-2012-002835 Linux Kernel の encode_share_access 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002835.html
JVNDB-2012-002834 Linux Kernel の rose_parse_national 関数におけるサービス運用妨害 (ヒープメモリ破損) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002834.html
JVNDB-2012-002833 Linux Kernel の inotify サブシステムにおけるメモリ二重解放の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002833.html
JVNDB-2012-002832 Linux Kernel の sound/oss/opl3.c におけるサービス運用妨害 (ヒープメモリ破損) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002832.html
JVNDB-2012-002831 Linux Kernel の Open Sound System サブシステムにおける整数アンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002831.html
JVNDB-2012-002830 Linux Kernel の drivers/char/tpm/tpm.c における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002830.html
JVNDB-2012-002829 Linux Kernel の net/bridge/netfilter/ebtables.c における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002829.html
JVNDB-2012-002828 Linux Kernel の net/bluetooth/bnep/sock.c における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002828.html
JVNDB-2012-002827 Linux Kernel の sco_sock_getsockopt_old 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002827.html
JVNDB-2012-002826 Linux Kernel の Reliable Datagram Sockets サブシステムおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002826.html
JVNDB-2012-002825 Linux Kernel の drivers/acpi/debugfs.c おける任意のカーネルメモリロケーションを変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002825.html
JVNDB-2012-002824 Linux Kernel の br_multicast_add_group 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002824.html
JVNDB-2012-002823 Linux Kernel の ima_lsm_rule_init 関数における IMA ルールを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002823.html
JVNDB-2012-002822 Linux Kernel の fuse_do_ioctl 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002822.html
JVNDB-2012-002821 Linux Kernel の orinoco_ioctl_set_auth 関数における Wi-Fi ネットワークにアクセスされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002821.html
JVNDB-2012-002820 Linux Kernel の inotify_init1 関数におけるサービス運用妨害 (メモリ消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002820.html
What's up with port 79 ?
http://isc.sans.edu/diary.html?storyid=13570
Online Banking Heists
http://isc.sans.edu/diary.html?storyid=13573
VU#971035 Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests
http://www.kb.cert.org/vuls/id/971035
Cisco WebEx Player Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027212
SAP NetWeaver ABAP Flaw in 'msg_server.exe' Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027211
HP System Management Homepage Bugs Let Remote Users Deny Service and Remote Authenticated Users Obtain Information and Gain Elevated Privileges
http://www.securitytracker.com/id/1027209
Zend Framework XML Entity Processing Flaw Lets Remote Users View Files
http://www.securitytracker.com/id/1027208
IBM AIX Sendmail Default Configuration Lets Local Users Gain Root Privileges
http://www.securitytracker.com/id/1027207
PostgreSQL CREATE LANGUAGE Capability Lets Remote Authenticated Administrators Service
http://www.securitytracker.com/id/1027203
Apple QuickTime Java extensions - security checks bypass
http://cxsecurity.com/issue/WLB-2012060321
CMS Schoolhos 2.29 Multiple Vulns
http://cxsecurity.com/issue/WLB-2012060320
Edimestre Plus 2.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012060319
OpenLimit Reader Vulnerable Components
http://cxsecurity.com/issue/WLB-2012060318
Monstra CMS 1.1.6 Multiple CSRF Vulnerability
http://cxsecurity.com/issue/WLB-2012060317
WordPress Website FAQ 1.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012060316
Dove Forums 1.0.3 Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012060315
BizShop SQL Injection
http://cxsecurity.com/issue/WLB-2012060314
Toko Flamboyan Local File Inclusion
http://cxsecurity.com/issue/WLB-2012060313
DigPHP Remote File Disclosure
http://cxsecurity.com/issue/WLB-2012060312
Zend Framework XXE Injection
http://cxsecurity.com/issue/WLB-2012060311
IMCE Mkdir Shell Upload
http://cxsecurity.com/issue/WLB-2012060310
REMOTE: Symantec PcAnywhere 12.5.0 Login and Password Field Buffer Overflow
http://www.exploit-db.com/exploits/19407
DoS/PoC: Sielco Sistemi Winlog 2.07.16 Multiple Vulnerabilities
http://www.exploit-db.com/exploits/19409
WordPress Website FAQ Plugin "category" SQL Injection Vulnerability
http://secunia.com/advisories/49682/
HP System Management Homepage Multiple Vulnerabilities
http://secunia.com/advisories/49592/
WordPress SS Quiz Plugin Cross-Site Request Forgery and Security Bypass Vulnerabilities
http://secunia.com/advisories/49694/
Dove Forums Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/49720/
Symantec Message Filter Multiple Vulnerabilities
http://secunia.com/advisories/49727/
Red Hat Directory Server Information Disclosure Security Issue and Vulnerability
http://secunia.com/advisories/49734/
IBM AIX Sendmail Privilege Escalation Vulnerability
http://secunia.com/advisories/49723/
Red Hat update for kernel
http://secunia.com/advisories/49733/
Red Hat update for libwpd
http://secunia.com/advisories/49732/
Monstra CMS Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/49691/
Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/49724/
PHP Web Form Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51193
Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407
Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50639
RoundCube Webmail Denial of Service Vulnerability
http://www.securityfocus.com/bid/50402
PHP 'is_a()' Function Remote File Include Vulnerability
http://www.securityfocus.com/bid/49754
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/51281
Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50494
Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49658
PHP 'php-cgi' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53388
PHP 'zend_strndup()' Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/51417
libxml2 Invalid XPath Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/48056
PHP CVE-2012-0057 Security Bypass Vulnerability
http://www.securityfocus.com/bid/51806
Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49279
Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
http://www.securityfocus.com/bid/50802
cURL/libcURL Remote Input Validation Vulnerability
http://www.securityfocus.com/bid/51665
OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764
Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51706
PHP 'phar/tar.c' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47545
libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729
PHP 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities
http://www.securityfocus.com/bid/40173
Pro-Server EX Multiple Vulnerabilities
http://www.securityfocus.com/bid/53499
PHP 'tidy_diagnose()' NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51992
PHP CVE-2012-1172 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/53403
PHP CVE-2012-0789 Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52043
Apple QuickTime Prior To 7.7.2 Text Tracks Heap Overflow Vulnerability
http://www.securityfocus.com/bid/53574
ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53772
IBM Cognos TM1 Admin Server Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52847
Apple Mac OS X CVE-2011-3459 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51811
Novell iPrint Client Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/51926
SugarCRM Community Edition 'unserialize()' Multiple PHP Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54169
Symantec pcAnywhere Host Services Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51592
Zend Framework 'Zend_XmlRpc' Class Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54192
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1940 Use After Free Vulnerability
http://www.securityfocus.com/bid/53794
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1937 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53800
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1938 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53796
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1947 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53791
Multiple Browsers WebGL Implementation Linux NVIDIA Driver 'glBufferData()' Security Vulnerability
http://www.securityfocus.com/bid/53808
Mozilla Firefox/Thunderbird/SeaMonkey CSP's Inline-Script Blocking Feature Security Bypass Weakness
http://www.securityfocus.com/bid/53801
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1941 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53793
Mozilla Firefox/SeaMonkey/Thunderbird NSS Parsing Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/53798
Oracle MySQL CVE-2012-2122 User Login Security Bypass Vulnerability
http://www.securityfocus.com/bid/53911
Drupal Hashcash Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/54219
HP System Management Homepage Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54218
Bcfg2 'Trigger' Plugin Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/54217
Multiple Vendor Simple Certificate Enrollment Protocol Authentication Security Bypass Vulnerability
http://www.securityfocus.com/bid/54216
Multiple GE Proficy Products Stack Buffer Overflow and Command Injection Vulnerabilities
http://www.securityfocus.com/bid/54215
SAP Netweaver ABAP 'msg_server.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54214
Cisco WebEx WRF and ARF File Format Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54213
GNOME NetworkManager CVE-2012-2736 AdHoc Wireless Security Vulnerability
http://www.securityfocus.com/bid/54211
WordPress 'SS Quiz' Plugin Cross Site Request Forgery and Access Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/54210
Schoolhos CMS Arbitrary File Upload and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/54204
2012年6月27日水曜日
27日 水曜日、赤口
+ Google Chrome 20 (20.0.1132.43) released
http://googlechromereleases.blogspot.jp/2012/06/stable-channel-update_26.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2807
+ nginx-1.3.2 development version released
http://nginx.org/en/CHANGES
+ CentOS alert CESA-2012:1036 (postgresql)
http://lwn.net/Alerts/503582/
+ CentOS alert CESA-2012:1037 (postgresql, postgresql84)
http://lwn.net/Alerts/503583/
+ Multiple vulnerabilities in Wireshark
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1596
+ Denial of Service (DoS) vulnerability in librsvg
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3146_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3146
+ Numeric Errors vulnerability in LibTIFF
https://blogs.oracle.com/sunsecurity/entry/cve_2012_1173_numeric_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1173
+ Multiple vulnerabilities in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2131
+ Memory corruption vulnerability in Ogg Vorbis
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0444_memory_corruption
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444
+ Multiple vulnerabilities in Thunderbird
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0464
+ Multiple vulnerabilities in Firefox web browser
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_firefox_web
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0464
+ Multiple Denial of Service (DoS) vulnerabilities in FreeType
https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1144
+ Access Controls vulnerability in Samba
https://blogs.oracle.com/sunsecurity/entry/cve_2012_2111_access_controls
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2111
+ Multiple vulnerabilities in Foomatic
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_foomatic
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2697
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2964
+ TList 6 ActiveX control remote code execution vulnerability in Hyperion Financial Management
https://blogs.oracle.com/sunsecurity/entry/cve_2012_1714_tlist_6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1714
+ Path Traversal Vulnerability in Sun GlassFish Web Space Server
https://blogs.oracle.com/sunsecurity/entry/cve_2012_1712_path_traversal
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1712
+ Symantec Message Filter Security Issues
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0303
+ OpenSSH 'ssh_gssapi_parse_ename()' Function Denial Of Service Vulnerability
http://www.securityfocus.com/bid/54114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5000
UPDATE: APSB12-12 Security bulletin for Adobe Flash Professional
http://www.adobe.com/support/security/bulletins/apsb12-12.html
エントラストジャパンが電子証明書販売の日本語サイトを公開
http://itpro.nikkeibp.co.jp/article/NEWS/20120626/405423/?ST=security
[security bulletin] HPSBMU02792 SSRT100820 rev.2 - HP Business Service Management (BSM), Remote
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00167.html
SEC Consult SA-20120626-0 :: Zend Framework - Local file disclosure via XXE injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00166.html
[CVE-2012-0694] SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00165.html
OpenLimit Reader for Windows contains completely outdated, superfluous and VULNERABLE system compone
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00163.html
[slackware-security] freetype (SSA:2012-176-01)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00154.html
[ MDVSA-2012:100 ] rsyslog
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00153.html
[SE-2012-01] Security weakness in Apple QuickTime Java extensions (details released)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00159.html
hashdays 2012 - Call for Papers (#days CFP)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00152.html
[SECURITY] [DSA 2502-1] python-crypto security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00151.html
[SECURITY] [DSA 2498-1] dhcpcd security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00158.html
CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00157.html
CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00156.html
[SECURITY] [DSA 2501-1] xen security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00150.html
[SECURITY] [DSA 2500-1] mantis security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00149.html
Run, Forest! (Update)
http://isc.sans.edu/diary.html?storyid=13561
Apache Roller Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/49049/
Apache Roller Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/49593/
Horde IMP SVG Attachment Script Insertion Vulnerability
http://secunia.com/advisories/49643/
WaveMaker Security Bypass Vulnerability
http://secunia.com/advisories/49675/
Squiz Matrix Cross-Site Scripting and Information Disclosure Vulnerabilities
http://secunia.com/advisories/49617/
SoftPerfect Bandwidth Manager Password Disclosure Vulnerability
http://secunia.com/advisories/49685/
FCKeditor "print_textinputs_var()" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/49606/
Support Tickets MyTickets "MyTickets_language" SQL Injection Vulnerability
http://secunia.com/advisories/49557/
Gentoo update for logrotate
http://secunia.com/advisories/49697/
Gentoo update for sendmail
http://secunia.com/advisories/49712/
Gentoo update for mount-cifs
http://secunia.com/advisories/49713/
Gentoo update for texlive-core
http://secunia.com/advisories/49714/
Red Hat update for postgresql and postgresql84
http://secunia.com/advisories/49717/
Red Hat update for postgresql
http://secunia.com/advisories/49718/
Slackware update for freetype
http://secunia.com/advisories/49721/
UmaPresence Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49699/
Zend Framework "Zend_XmlRpc" XML Entity References Information Disclosure Vulnerability
http://secunia.com/advisories/49665/
SUSE update for linux
http://secunia.com/advisories/49722/
Gentoo update for nbd
http://secunia.com/advisories/49700/
Gentoo update for msmtp
http://secunia.com/advisories/49704/
Gentoo update for postfix
http://secunia.com/advisories/49706/
Gentoo update for links
http://secunia.com/advisories/49707/
Gentoo update for pam
http://secunia.com/advisories/49711/
FCKEditor <= 2.6.7 reflected XSS vulnerability
http://cxsecurity.com/issue/WLB-2012060309
Apache Roller 4.x / 5.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060308
Apache Roller 4.x / 5.x Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012060307
SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution
http://cxsecurity.com/issue/WLB-2012060306
Kingview Touchview 6.53 Heap Overflows
http://cxsecurity.com/issue/WLB-2012060305
Slim PDF Reader 1.0 Memory Corruption
http://cxsecurity.com/issue/WLB-2012060304
Qutecom 2.2.1 Heap Overflow
http://cxsecurity.com/issue/WLB-2012060303
Kingview Touchview 6.53 EIP Overwrite
http://cxsecurity.com/issue/WLB-2012060302
Drupal Drag And Drop 6.x-1.5 Shell Upload
http://cxsecurity.com/issue/WLB-2012060301
Western Digital TV (WD-TV) Live Remote Code Execution
http://cxsecurity.com/issue/WLB-2012060300
Able2Doc / Able2Doc Professional 6.0 Memory Corruption
http://cxsecurity.com/issue/WLB-2012060299
Parodia 6.8 SQL Injection
http://cxsecurity.com/issue/WLB-2012060298
Able2Extract 6.0 Memory Corruption
http://cxsecurity.com/issue/WLB-2012060297
Umapresence 2.6.0 Shell Upload / File Deletion
http://cxsecurity.com/issue/WLB-2012060296
Autopagina CMS 2.8 SQL Injection
http://cxsecurity.com/issue/WLB-2012060295
REMOTE: Root Exploit Western Digital's WD TV Live SMP/Hub
http://www.exploit-db.com/exploits/19402
LOCAL: quicktime.util.QTByteObject Initialization Security Checks Bypass
http://www.exploit-db.com/exploits/19401
NCompress Decompress Buffer Underflow Vulnerability
http://www.securityfocus.com/bid/19455
BusyBox 'udhcpc' Shell Characters in Response Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/48879
RSyslog Function Imfile Module Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51171
Linux Kernel KVM 'kvm_set_irq()' Function Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54063
MacVTap Device Driver Local Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53165
Linux Kernel NFS Client 'decode_getacl()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50655
MantisBT SOAP API Security Bypass Vulnerability
http://www.securityfocus.com/bid/53907
MantisBT Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/52313
MantisBT 'delete_attachments_threshold()' Function Security Bypass Vulnerability
http://www.securityfocus.com/bid/53921
Mozilla Firefox/Thunderbird/SeaMonkey '.lnk' Files Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53799
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1938 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53796
Mozilla Firefox/Thunderbird/SeaMonkey Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53792
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1937 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53800
Multiple Browsers WebGL Implementation Linux NVIDIA Driver 'glBufferData()' Security Vulnerability
http://www.securityfocus.com/bid/53808
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1941 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53793
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1939 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53797
Mozilla Firefox/Thunderbird/SeaMonkey CSP's Inline-Script Blocking Feature Security Bypass Weakness
http://www.securityfocus.com/bid/53801
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1940 Use After Free Vulnerability
http://www.securityfocus.com/bid/53794
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1947 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53791
Oracle MySQL CVE-2012-2122 User Login Security Bypass Vulnerability
http://www.securityfocus.com/bid/53911
Qt SSL Certificate IP Address Wildcard Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/42833
Google Chrome Prior to 16.0.912.75 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51300
Linux Kernel Reliable Datagram Sockets (RDS) CVE-2012-2372 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/54062
KVM CVE-2012-2121 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53162
Linux kernel fcaps Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/53166
Linux Kernel DRM 'drivers/gpu/drm/crm_crtc.c' IOCTL Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51371
Linux Kernel '__split_huge_page()' Race Condition Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52533
Linux Kernel 'sock_alloc_send_pskb()' Function Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53721
Linux Kernel CVE-2012-2373 Race Condition Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53614
Oracle MySQL Server Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/52931
OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/54114
Linux Kernel epoll Subsystem 'eventpoll.c' Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/46630
OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158
389 Directory Server Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/54153
OpenOffice Prior to 3.4 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/53570
Linux Kernel Regsets CVE-2012-1097 NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52274
Linux Kernel XFS Filesystem 'fs/xfs/xfs_acl.c' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/51380
Linux Kernel CVE-2011-4347 Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/50811
Python SimpleXMLRPCServer Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51996
Python Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51239
RETIRED: MyBB 'announcements.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/54130
Python SimpleHTTPServer 'list_directory()' Function Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54083
python 'distutils' Component '~/.pypirc' File Local Race Condition Vulnerability
http://www.securityfocus.com/bid/52732
OpenLDAP LDAP Search Request Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52404
Roundcube Webmail Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53453
Red Hat Sos CVE-2012-2664 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54116
Links SSL Certificate Verification Security Weakness
http://www.securityfocus.com/bid/33108
HP Business Service Management CVE-2012-2561 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53556
PostgreSQL 'SECURITY DEFINER' and 'SET' Attributes Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53812
PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52188
libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729
OpenStack Compute (Nova) Security Bypass Vulnerability
http://www.securityfocus.com/bid/53875
Asterisk CVE-2012-3553 SCCP Skinny Channel Driver Denial of Service Vulnerability
http://www.securityfocus.com/bid/54017
RoundCube Webmail Remote Mail Relay Vulnerability
http://www.securityfocus.com/bid/47247
MyTickets 'define.php' Script SQL Injection Vulnerability
http://www.securityfocus.com/bid/54064
Cactusoft Parodia 'ag_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/48458
Mosh Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53646
Intel CPU Hardware Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53856
lighttpd 'http_auth.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50851
SlimPDF Reader Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/49923
Linux Kernel 'mmap()' Failure Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53668
Google Chrome Prior to 20.0.1132.43 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54203
WordPress Website FAQ 'website-faq-widget.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/54200
ViewVC 'svn_ra.py' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54199
ViewVC 'svn_ra.py' Authorization Security Bypass Vulnerability
http://www.securityfocus.com/bid/54197
WaveMaker Security Bypass Vulnerability
http://www.securityfocus.com/bid/54196
Horde Project IMP SVG Attachment HTML Injection Vulnerability
http://www.securityfocus.com/bid/54195
Zend Framework 'Zend_XmlRpc' Class Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54192
Symantec Message Filter CVE-2012-0300 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54136
Symantec Message Filter CVE-2012-0301 Session Fixation Vulnerability
http://www.securityfocus.com/bid/54135
Symantec Message Filter CVE-2012-0302 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54134
Symantec Message Filter CVE-2012-0303 Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/54133
2012年6月26日火曜日
26日 火曜日、大安
+ RHSA-2012:1037 Moderate: postgresql and postgresql84 security update
http://rhn.redhat.com/errata/RHSA-2012-1037.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2655
+ RHSA-2012:1036 Moderate: postgresql security update
http://rhn.redhat.com/errata/RHSA-2012-1036.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
+ Samba 3.6.6 Available for Download
http://www.samba.org/samba/history/samba-3.6.6.html
JVNTA12-174A Microsoft XML コアサービスに脆弱性
http://jvn.jp/cert/JVNTA12-174A/index.html
[SECURITY] [DSA 2499-1] icedove security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00148.html
[ MDVSA-2012:088-1 ] mozilla
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00147.html
データ消失障害のファーストサーバが中間報告、「データは復旧不可能」
http://itpro.nikkeibp.co.jp/article/NEWS/20120625/404962/?ST=security
Targeted Malware for Industrial Espionage?
http://isc.sans.edu/diary.html?storyid=13549
Issues with Windows Update Agent
http://isc.sans.edu/diary.html?storyid=13552
Belgian online banking customers hacked.
http://isc.sans.edu/diary.html?storyid=13555
Using JSDetox to Analyze and Deobfuscate Javascript
http://isc.sans.edu/diary.html?storyid=13558
UCCASS 1.8.1 Blind SQL Injection
http://cxsecurity.com/issue/WLB-2012060294
Voila Web Design SQL Injection
http://cxsecurity.com/issue/WLB-2012060293
WEBO Site SpeedUp 1.6.1 Local File Inclusion / Remote File Inclusion
http://cxsecurity.com/issue/WLB-2012060292
Debian update for dhcpcd
http://secunia.com/advisories/49679/
Joomla! Virtuemart Shipping by State Component Unspecified Security Bypass Vulnerability
http://secunia.com/advisories/49616/
Gentoo update for tomcat
http://secunia.com/advisories/49702/
Gentoo update for apache
http://secunia.com/advisories/49701/
Debian update for icedove
http://secunia.com/advisories/49588/
Debian update for mantis
http://secunia.com/advisories/49572/
Debian update for xen
http://secunia.com/advisories/49570/
Debian update for python-crypto
http://secunia.com/advisories/49559/
Gentoo update for nvidia-drivers
http://secunia.com/advisories/49709/
Gentoo update for adobe-flash
http://secunia.com/advisories/49716/
Drupal Drag & Drop Gallery Module Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49698/
Gentoo update for mini_httpd
http://secunia.com/advisories/49693/
Gentoo update for rpm
http://secunia.com/advisories/49680/
Gentoo update for pycrypto
http://secunia.com/advisories/49703/
Gentoo update for TagLib
http://secunia.com/advisories/49688/
Gentoo update for Samba
http://secunia.com/advisories/49705/
Gentoo update for gdk-pixbuf
http://secunia.com/advisories/49715/
Gentoo update for gnutls
http://secunia.com/advisories/49708/
Gentoo update for virtualenv
http://secunia.com/advisories/49710/
REMOTE: Apple iTunes 10 Extended M3U Stack Buffer Overflow
http://www.exploit-db.com/exploits/19387
REMOET: Adobe Flash Player Object Type Confusion
http://www.exploit-db.com/exploits/19369
DoS/PoC: Slimpdf Reader 1.0 Memory Corruption
http://www.exploit-db.com/exploits/19391
DoS/PoC: Able2Extract and Able2Extract Server v 6.0 Memory Corruption
http://www.exploit-db.com/exploits/19392
DoS/PoC: Kingview Touchview 6.53 Multiple Heap Overflow Vulnerabilities
http://www.exploit-db.com/exploits/19389
DoS/PoC: Kingview Touchview 6.53 EIP Overwrite
http://www.exploit-db.com/exploits/19388
DoS/PoC: Able2Doc and Able2Doc Professional v 6.0 Memory Corruption
http://www.exploit-db.com/exploits/19393
logrotate 'shred_file()' Log Filename Command Injection Vulnerability
http://www.securityfocus.com/bid/47103
logrotate Insecure Default File Permissions Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47108
logrotate Gentoo Linux 'var/log/' Symlink Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47170
logrotate 'writeState()' Function Logfile Name Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47107
Apple QuickTime Java Extension Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/53003
Network Block Device Server (CVE-2011-0530) Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46572
Network Block Device Server NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/47884
HP Database Archiving Software Multiple Remote Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/51205
Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability
http://www.securityfocus.com/bid/46767
Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47778
Linux-PAM 'pam_env' Module Multiple Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/50343
PAM 'pam_namespace' Module Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44590
pam-xauth Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42472
Linux-PAM 'pam_env' Module Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/46046
Linux-PAM 'pam_env' and 'pam_mail' Modules Multiple Vulnerabilities
http://www.securityfocus.com/bid/43487
Linux-PAM 'pam_xauth' Module Denial of Service and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/46045
FreeType Versions Prior to 2.4.9 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52318
Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/37543
Samba 'mount.cifs' Utility Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37992
Samba 'client/mount.cifs.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38326
TeX Live '.dvi' File Parsing Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39966
TeX Live '.dvi' File Parsing (CVE-2010-0827) Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39971
TeX Live 'dospecial.c' '.dvi' File Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/39500
BibTeX '.bib' File Handling Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34332
RETIRED: Zoph Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/53788
PostgreSQL 'SECURITY DEFINER' and 'SET' Attributes Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53812
Microsoft Remote Desktop Protocol CVE-2012-0002 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52353
Microsoft Remote Desktop Protocol Service CVE-2012-0152 Denial of Service Vulnerability
http://www.securityfocus.com/bid/52354
JBoss CVE-2012-1167 Security Bypass Vulnerability
http://www.securityfocus.com/bid/54089
libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729
Samba CVE-2012-2111 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/53307
Apple iTunes '.m3u' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54113
RSyslog Function Imfile Module Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51171
Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51705
Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407
gdk-pixbuf 'gdk_pixbuf__gif_image_load()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/48425
gdk-pixbuf 'read_bitmap_file_data()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/53548
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1940 Use After Free Vulnerability
http://www.securityfocus.com/bid/53794
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1937 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53800
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1939 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53797
Python PyCrypto Key Generation Weakness
http://www.securityfocus.com/bid/53687
Samba 'Perl-Based DCE/RPC IDL' Compiler Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52973
Samba 'etc/mtab' File Appending Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/49939
Samba SID Parsing Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/43212
Samba 'AndX' Request CVE-2012-0870 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52103
Samba 'SMB1 Packet Chaining' Unspecified Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40884
Samba 'FD_SET' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/46597
Samba 'CAP_DAC_OVERRIDE' File Permissions Security Bypass Vulnerability
http://www.securityfocus.com/bid/38606
Samba Oplock Break Notification Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36573
Samba Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/40097
Samba setuid 'mount.cifs' Verbose Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36572
Apache Tomcat Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51200
Apache Tomcat Request Object Security Bypass Vulnerability
http://www.securityfocus.com/bid/51442
Apache Tomcat Parameter Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/51447
Apache Tomcat AJP Protocol Security Bypass Vulnerability
http://www.securityfocus.com/bid/49353
Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
http://www.securityfocus.com/bid/49762
Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49147
Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
http://www.securityfocus.com/bid/48667
Apache Tomcat SecurityConstraints Security Bypass Vulnerability
http://www.securityfocus.com/bid/47886
Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/48456
Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47199
Apache Tomcat Login Constraints Security Bypass Vulnerability
http://www.securityfocus.com/bid/47196
Apache Tomcat SecurityManager Security Bypass Vulnerability
http://www.securityfocus.com/bid/46177
Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
http://www.securityfocus.com/bid/46685
Apache Tomcat NIO Connector Denial of Service Vulnerability
http://www.securityfocus.com/bid/46164
Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45015
Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
http://www.securityfocus.com/bid/46174
Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39635
Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37945
Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/41544
Apache Tomcat WAR File Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37944
Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37942
Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35263
Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
http://www.securityfocus.com/bid/35196
Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
http://www.securityfocus.com/bid/35193
Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51706
Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
http://www.securityfocus.com/bid/50802
Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/53046
Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50494
Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/49616
Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/49303
Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49957
Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42102
Apache 'mod_isapi' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38494
Apache Subrequest Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38580
Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38491
Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/41963
Xen 'syscall/sysenter' Instruction Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53955
Intel CPU Hardware Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53856
Xen 64-bit PV Guests Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53961
Linux kernel fcaps Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/53166
Linux Kernel '__split_huge_page()' Race Condition Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52533
KVM CVE-2012-2121 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53162
RPM Package Update and Removal File Attribute Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/40512
rpm-python RPM File Handling Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/49799
RPM Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52865
Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability
http://www.securityfocus.com/bid/37714
dhcpcd CVE-2012-2152 Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53354
NVIDIA UNIX Driver CVE-2012-0946 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/52982
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
GnuTLS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35952
GnuTLS 'gnutls_session_get_data()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50609
GnuTLS TLS Record Handling Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52667
Multiple Browsers WebGL Implementation Linux NVIDIA Driver 'glBufferData()' Security Vulnerability
http://www.securityfocus.com/bid/53808
Mozilla Firefox/Thunderbird/SeaMonkey CSP's Inline-Script Blocking Feature Security Bypass Weakness
http://www.securityfocus.com/bid/53801
Mozilla Firefox/Thunderbird/SeaMonkey '.lnk' Files Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53799
Mozilla Firefox/Thunderbird/SeaMonkey Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53792
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1941 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53793
Mozilla Firefox/SeaMonkey/Thunderbird NSS Parsing Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/53798
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1938 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53796
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1947 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53791
Adobe Flash Player CVE-2012-0779 Object Type Confusion Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53395
Apache Roller Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/54189
FCKEditor 'spellchecker.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54188
Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54187
Rhythmbox 'context' Plugin Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/54186
Joomla! Virtuemart Shipping by State Component Unspecified Security Bypass Vulnerability
http://www.securityfocus.com/bid/54184
Drupal Drag & Drop Gallery 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/54179
UCCASS 'sid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/54177
CMS DMS-Easy Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54175
SugarCRM Community Edition 'unserialize()' Multiple PHP Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54169
2012年6月25日月曜日
25日 月曜日、仏滅
+ Lotus Notes の URL コマンドインジェクションによるリモートコード実行に関する脆弱性の問題
http://www-06.ibm.com/ibm/jp/security/info/lotus/si20120621a.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2174
+ HS12-018: DoS Vulnerability in Hitachi Command Suite Products (Japanese version)
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-018/index.html
+ HS12-018: Hitachi Command Suite製品(日本国内向け製品)におけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-018/index.html
+ Linux kernel 3.4.4, 3.0.36 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.4
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.36
Mac OS X 10.8 Mountain Lionで弊社エンドポイント製品を利用する際の注意事項
http://www.trendmicro.co.jp/support/news.asp?id=1800
Advisory: Sophos Endpoint v 9.5 and 9.7: automatic upgrade to v 10, reboot required
http://www.sophos.com/en-us/support/knowledgebase/117480.aspx
プレス発表
連絡不能開発者一覧の公表状況[2012年第2四半期]
~連絡不能開発者98件の製品開発者情報を求めています~
http://www.ipa.go.jp/about/press/20120622.html
US-CERT Alert TA12-174A - Microsoft XML Core Services Attack Activity
http://www.derkeiler.com/Mailing-Lists/Cert/2012-06/msg00002.html
[security bulletin] HPSBOV02793 SSRT100891 rev.1 - HP OpenVMS running SSL, Remote Denial of Serv
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00144.html
[security bulletin] HPSBOV02780 SSRT100766 rev.2 - HP OpenVMS ACMELOGIN, Local Unauthorized Acce
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00143.html
ZDI-12-100 : HP OpenView Performance Manager PMParamHandler Remote Code Execution Vulnerabil
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00141.html
ZDI-12-099 : DataDirect OpenAccess oaagent.exe GIOP Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00142.html
ZDI-12-098 : AOL Products dnUpdater ActiveX Uninitialized Pointer Remote Code Execution Vuln
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00140.html
ZDI-12-097 : HP Data Protector Express Opcode 0x320 Parsing Remote Code Execution Vulnerabil
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00139.html
ZDI-12-096 : HP Data Protector Express Opcode 0x330 Parsing Remote Code Execution Vulnerabil
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00138.html
ZDI-12-095 : Apple Quicktime TeXML transform Attribute Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00137.html
ZDI-12-094 : RealNetworks Helix Server rn5auth Credential Parsing Remote Code Execution Vuln
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00136.html
JVNDB-2012-002819 qemu-kvm の virtio サブシステムにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002819.html
JVNDB-2012-002818 qemu-kvm の pciej_write 関数におけるサービス運用妨害 (ゲストクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002818.html
JVNDB-2012-002817 qemu-kvm の virtio-blk ドライバにおけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002817.html
JVNDB-2012-002816 qemu-kvm における認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002816.html
JVNDB-2012-002815 Cisco Application Control Engine (ACE) におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002815.html
JVNDB-2012-002814 Cisco ASA 5500 シリーズおよび Catalyst 6500 シリーズデバイスにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002814.html
JVNDB-2012-002813 64-bit Linux プラットフォーム上の Cisco AnyConnect Secure Mobility Client における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002813.html
JVNDB-2012-002812 Cisco AnyConnect Secure Mobility Client および Cisco Secure Desktop におけるダウングレードを強制される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002812.html
JVNDB-2012-002811 Cisco AnyConnect Secure Mobility Client におけるバージョンのダウングレードを強制される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002811.html
JVNDB-2012-002810 Cisco AnyConnect Secure Mobility Client における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002810.html
JVNDB-2012-002809 OpenSSL のディフィーヘルマン鍵共有の実装における共有秘密鍵を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002809.html
JVNDB-2012-002808 PolarSSL のディフィーヘルマン鍵共有の実装における共有秘密鍵を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002808.html
JVNDB-2012-002807 Adiscon LogAnalyzer の index.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002807.html
SyndeoCMS 'newsletter_email' Parameter SQL Injection Vulnerability
http://www.securiteam.com/securitynews/5JP3G0K7FY.html
Updated Poll: Which Patch Delivery Schedule Works the Best for You?
http://isc.sans.edu/diary.html?storyid=13531
ISC Feature of the Week: Tools->ISC At-A-Glance
http://isc.sans.edu/diary.html?storyid=13534
Investigator's Tool-kit: Timeline
http://isc.sans.edu/diary.html?storyid=13537
Run, Forest!
http://isc.sans.edu/diary.html?storyid=13540
JBoss JGroups Diagnostics Service Lets Remote Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1027198
IBM Lotus Expeditor Bugs Let Remote Users Bypass Access Controls, Traverse the Directory, and Execute Code
http://www.securitytracker.com/id/1027195
Interspire Shopping Cart "prodName" and "couponname" Script Insertion Vulnerabilities
http://secunia.com/advisories/49530/
IrfanView Formats PlugIn DjVu Image Decompression Buffer Overflow Vulnerability
http://secunia.com/advisories/49176/
Gentoo update for acroread
http://secunia.com/advisories/49667/
Gentoo update for libpng
http://secunia.com/advisories/49660/
Croogo CMS Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/49666/
IBM Lotus Expeditor Multiple Vulnerabilities
http://secunia.com/advisories/49624/
Eaton Network Shutdown Module Multiple Vulnerabilities
http://secunia.com/advisories/49103/
Hitachi Replication Manager Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49673/
Ubuntu update for thunderbird
http://secunia.com/advisories/49672/
Hitachi Command Suite Products Cross-Site Scripting and Denial of Service Vulnerabilities
http://secunia.com/advisories/49671/
SUSE update for kernel
http://secunia.com/advisories/49664/
ModSecurity Multipart Quote Parsing Security Bypass Vulnerability
http://secunia.com/advisories/49576/
Gentoo update for mediawiki
http://secunia.com/advisories/49649/
Gentoo update for ejabberd
http://secunia.com/advisories/49648/
Gentoo update for pidgin
http://secunia.com/advisories/49640/
OpenVMS update for SSL
http://secunia.com/advisories/49670/
Gentoo update for mono and mono-debugger
http://secunia.com/advisories/49637/
Lokomedia CMS Multiple Vulnerabilities
http://secunia.com/advisories/49595/
Western Digital ShareSpace webgui Configuration File Disclosure Security Issue
http://secunia.com/advisories/49528/
Traq Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/49644/
IBM Rational Directory Server Help System Redirection Weakness and Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49627/
WordPress Schreikasten Plugin "alias" and "text" Script Insertion Vulnerabilities
http://secunia.com/advisories/49600/
AOL dnUpdater ActiveX Control Code Execution Vulnerability
http://secunia.com/advisories/49550/
Red Hat update for JBoss Enterprise BRMS Platform
http://secunia.com/advisories/49669/
e107 plugins Articulate Arbitrary File Upload Vulnerability
http://cxsecurity.com/issue/WLB-2012060291
Silverstripe Pixlr Image Editor 1.0.4 Shell Upload
http://cxsecurity.com/issue/WLB-2012060290
WordPress Fancy Gallery 1.2.4 Shell Upload
http://cxsecurity.com/issue/WLB-2012060289
Wolf CMS / Frog CMS BD uploadR Shell Upload
http://cxsecurity.com/issue/WLB-2012060288
WordPress Flip Book 1.0 Shell Upload
http://cxsecurity.com/issue/WLB-2012060287
WordPress Ajax Multi Upload 1.1 Shell Upload
http://cxsecurity.com/issue/WLB-2012060286
OpenCart CMS Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060285
Agora Project 2.13.1 Cross Site Scripting / SQL Injection
http://cxsecurity.com/issue/WLB-2012060284
Qutecom Heap Overflow DoS/Crash Proof of Concept
http://cxsecurity.com/issue/WLB-2012060283
LimeSurvey 1.92+ Build120620 Remote File Inclusion / Traversal
http://cxsecurity.com/issue/WLB-2012060282
Citraweb Nusa SQL Injection
http://cxsecurity.com/issue/WLB-2012060281
Brainz Web SQL Injection
http://cxsecurity.com/issue/WLB-2012060280
EuropA SQL Injection
http://cxsecurity.com/issue/WLB-2012060279
Smart-Info Limited SQL Injection
http://cxsecurity.com/issue/WLB-2012060278
Optimalus SQL Injection
http://cxsecurity.com/issue/WLB-2012060277
Denobi SQL Injection
http://cxsecurity.com/issue/WLB-2012060276
Papyros Digitales SQL Injection
http://cxsecurity.com/issue/WLB-2012060275
InterPont Plus Kft SQL Injection
http://cxsecurity.com/issue/WLB-2012060274
Suninway SQL Injection
http://cxsecurity.com/issue/WLB-2012060273
Toko Flamboyan SQL Injection
http://cxsecurity.com/issue/WLB-2012060272
Nitikajain SQL Injection
http://cxsecurity.com/issue/WLB-2012060271
Heinisblog SQL Injection
http://cxsecurity.com/issue/WLB-2012060270
CMS DMS-Easy 0.9.8 CSRF / File Disclosure / Shell Upload
http://cxsecurity.com/issue/WLB-2012060269
Etomite CMS 1.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060268
WordPress Schreikasten 0.14.13 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060267
Cotonti 0.6.23 SQL Injection
http://cxsecurity.com/issue/WLB-2012060266
Bitweaver CMS 2.8.1 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060265
CMS Lokomedia 1.5 Cross Site Request Forgery / Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060264
Infrastructure Resources LLC SQL Injection
http://cxsecurity.com/issue/WLB-2012060263
Commentics 2.0 Cross Site Request Forgery / Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060262
Adiscan LogAnalyzer 3.4.3 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060261
LiveStreet 0.5.1 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060260
Anantasoft Gazelle CMS 1.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060259
Joomla Szallasok SQL Injection
http://cxsecurity.com/issue/WLB-2012060258
DoS/PoC: IrfanView 4.33 DJVU Image Processing Heap Overflow
http://www.exploit-db.com/exploits/19385
DoS/PoC: Qutecom Softphone 2.2.1 Heap Overflow DoS/Crash Proof of Concept
http://www.exploit-db.com/exploits/19328
DoS/PoC: ACDSee PRO 5.1 RLE Image Processing Heap Overflow
http://www.exploit-db.com/exploits/19331
DoS/PoC: ACDSee PRO 5.1 PCT Image Processing Heap Overflow
http://www.exploit-db.com/exploits/19332
DoS/PoC: ACDSee PRO 5.1 GIF Image Processing Heap Overflow
http://www.exploit-db.com/exploits/19333
DoS/PoC: ACDSee PRO 5.1 CUR Image Processing Heap Overflow
http://www.exploit-db.com/exploits/19334
DoS/PoC: XnView 1.98.8 GIF Image Processing Heap Overflow
http://www.exploit-db.com/exploits/19335
OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428
Oracle Java SE CVE-2012-1711 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53949
Apple iTunes '.m3u' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54113
OpenSSL DTLS CVE-2012-0050 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51563
OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764
OpenSSL CVE-2012-2131 Encoded ASN.1 Data Incomplete Fix Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53212
OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/51281
Multiple AntiVirus Products CVE-2012-1457 TAR File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/52610
Multiple AntiVirus Products CVE-2012-1459 TAR File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/52623
Multiple AntiVirus Products CVE-2012-1458 CHM File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/52611
OpenStack Compute (Nova) Security Bypass Vulnerability
http://www.securityfocus.com/bid/53875
ImageMagick Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52898
Linux Kernel 'mmap()' Failure Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53668
Linux Kernel CVE-2012-2373 Race Condition Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53614
Linux Kernel NFS Client 'decode_getacl()' Incomplete Fix Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53615
ACDsee Pro Multiple Image Parsing Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/54138
Sielco Sistemi Winlog Lite Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53811
XnView Multiple Image Decompression Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/54125
Pidgin 'msn_oim_report_to_user()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/52475
Pidgin XMPP Protocol File Transfer Request Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/53706
Pidgin MSN Denial of Service Vulnerability
http://www.securityfocus.com/bid/53400
arpwatch CVE-2012-2653 Security Bypass Vulnerability
http://www.securityfocus.com/bid/54157
Virtualenv Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/51120
Eclipse IDE Help Component Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/44883
taglib Buffer Overflow and Divide-By-Zero Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52284
taglib Memory Corruption and Infinite Loop Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/52290
Eclipse IDE (CVE-2008-7271) Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45921
WordPress Schreikasten Plugin Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/54144
libpng 'png_inflate()' Function Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52453
libpng 'png_set_text_2()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52830
libpng Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/48660
libpng 'pngerror.c' Off-By-One Error Denial Of Service Vulnerability
http://www.securityfocus.com/bid/48474
libpng 'png_formatted_warning()' Function Off-By-One Error Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51823
libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52049
libpng PNG File Denial Of Service Vulnerability
http://www.securityfocus.com/bid/48618
Adobe Acrobat and Reader (CVE-2012-0774) Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52951
Adobe Acrobat and Reader 'msiexec.exe' Search Path Remote Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/52952
Adobe Acrobat and Reader (CVE-2011-4372) Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51349
Adobe Acrobat and Reader BMP Resources Signedness Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51350
Adobe Acrobat and Reader (CVE-2012-0777) Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52950
Adobe Acrobat and Reader (CVE-2012-0775) Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52949
Adobe Acrobat and Reader (CVE-2011-4371) Heap Corruption Vulnerability
http://www.securityfocus.com/bid/51351
Adobe Acrobat and Reader (CVE-2011-4370) Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51348
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1938 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53796
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1947 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53791
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1941 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53793
Mozilla Firefox/Thunderbird/SeaMonkey Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53792
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1940 Use After Free Vulnerability
http://www.securityfocus.com/bid/53794
Google Chrome Prior to 19 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53540
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1937 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53800
Mozilla Firefox/Thunderbird/SeaMonkey CSP's Inline-Script Blocking Feature Security Bypass Weakness
http://www.securityfocus.com/bid/53801
Mozilla Firefox/Thunderbird/SeaMonkey '.lnk' Files Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53799
Mozilla Firefox/SeaMonkey/Thunderbird NSS Parsing Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/53798
ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53772
Oracle JavaFX CVE-2012-0508 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52010
Oracle Java SE CVE-2012-0500 Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52015
RealNetworks Helix Server Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52929
Apple QuickTime Prior To 7.7.2 Multiple Stack Overflow Vulnerabilities
http://www.securityfocus.com/bid/53571
HP OpenView Performance Manager CVE-2012-0127 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52749
HP Data Protector Express Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/52431
gdk-pixbuf 'gdk_pixbuf__gif_image_load()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/48425
Moonlight Prior to 2.4.1/3.99.3 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/47208
Mono ASP.NET 'mod_mono' Source Code Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45711
Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43316
IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35671
Mono/Moonlight Generic Type Argument Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45051
Mono 'loader.c' Library Loading Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44810
Mono 'LD_LIBRARY_PATH' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44351
Pidgin 'silc_private_message()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/49912
Libpurple MSN-SLP Emoticon Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37524
MediaWiki Versions Prior to 1.16.3 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/47354
MediaWiki CSS Comments Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/46108
MediaWiki 'profileinfo.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/42024
MediaWiki 1.16.4 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/47722
MediaWiki Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/46451
MediaWiki 'api.php' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42019
Wicd 'wicd/configmanager.py' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51703
Wicd 'SetWirelessProperty()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/52987
ejabberd XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/48072
ejabberd 'mod_pubsub' Module Denial of Service Vulnerability
http://www.securityfocus.com/bid/50737
ejabberd 'client2server' Message Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38003
nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52999
OpenJPEG '.jpeg' File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52654
Linux Kernel Reliable Datagram Sockets (RDS) CVE-2012-2372 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/54062
MacVTap Device Driver Local Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53165
Linux Kernel DRM 'drivers/gpu/drm/crm_crtc.c' IOCTL Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51371
Asterisk SCCP Skinny Channel Driver Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53723
Asterisk IAX2 Channel Driver Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53722
Asterisk Shell Command Execution Security Bypass Vulnerability
http://www.securityfocus.com/bid/53206
Asterisk Skinny Channel Driver Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53210
Asterisk SIP Channel Driver Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53205
LimeSurvey Remote File Include and Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/54167
Agora-Project Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/54166
IBM Lotus Expeditor DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/54165
IBM Lotus Expeditor 'Eclipse Help' Component Directory Traversal Vulnerability
http://www.securityfocus.com/bid/54164
IBM Lotus Expeditor Request Header Spoofing Security Bypass Vulnerability
http://www.securityfocus.com/bid/54163
Eaton Network Shutdown Module Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/54162
Eaton Network Shutdown Module Arbitrary PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/54161
Interspire Shopping Cart Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/54160
Croogo CMS Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/54159
IrfanView Formats PlugIn DJVU Image Processing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54158
Hitachi Command Suite Multiple Products Cross-Site Scripting and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/54154
Bitweaver Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/54151
CMS Lokomedia Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/54150
Etomite Multiple Fields Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/54148
Cotonti 'admin.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/54147
AOL Deskbar Uninitialized Pointer Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54146
登録:
投稿 (Atom)