2012年6月1日金曜日
1日 金曜日、先負
+ UPDATE: Cisco IOS XR Software Route Processor Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr
+ HPSBPI02779 SSRT100855 rev.1 - HP Web Jetadmin v8.x Running on Windows, Remote Cross Site Scripting (XSS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03331603%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2011
+ HPSBUX02784 SSRT100871 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03350339%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0507
[SECURITY] [DSA 2483-1] strongswan security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00156.html
OpenSSL 1.0.1 Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00155.html
[security bulletin] HPSBMU02785 SSRT100526 rev.1 - HP LoadRunner Running on Windows, Remote Exec
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00154.html
[ MDVSA-2012:086 ] acpid
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00153.html
[security bulletin] HPSBUX02784 SSRT100871 rev.1 - HP-UX Running Java, Remote Unauthorized A
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00151.html
script-fu buffer overflow in GIMP 2.6
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00152.html
things you can do with downloads
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00150.html
JVNDB-2012-001355 複数の DNS ネームサーバの実装に問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001355.html
JVNDB-2012-001003 Apache Tomcat におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001003.html
JVNDB-2012-001078 Apache Tomcat におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001078.html
JVNDB-2012-002583 Jaow の add_ons.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002583.html
JVNDB-2012-002582 Plogger の plog-rss.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002582.html
JVNDB-2012-002581 Puppet および Puppet Enterprise における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002581.html
JVNDB-2012-002580 Puppet および Puppet Enterprise におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002580.html
JVNDB-2012-002579 Puppet および Puppet Enterprise における任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002579.html
JVNDB-2012-002578 Puppet および Puppet Enterprise における任意のファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002578.html
JVNDB-2012-002577 Puppet および Puppet Enterprise における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002577.html
JVNDB-2012-002576 Puppet および Puppet Enterprise の change_user メソッドにおける権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002576.html
JVNDB-2012-002575 CVS の src/client.c 内の proxy_connect 関数におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002575.html
JVNDB-2012-002574 ikiwiki のメタプラグイン (Plugin/meta.pm) におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002574.html
JVNDB-2012-002573 libpng の pngset.c 内の png_set_text_2 関数におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002573.html
JVNDB-2012-002572 ZTE Score M デバイス上の Android 用 ZTE sync_agent プログラムにおける権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002572.html
JVNDB-2012-002235 PHP-CGI の query string の処理に脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002235.html
JVNDB-2012-002562 HAProxy のヘッダキャプチャ機能のトラッシュバッファにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002562.html
JVNDB-2012-002554 Pligg CMS の captcha モジュールにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002554.html
プレス発表
「第8回IPA情報セキュリティ標語・ポスター・4コマ漫画コンクール」募集開始
http://www.ipa.go.jp/about/press/20120531.html
プレス発表
「2011年度 自動車の情報セキュリティ動向に関する調査」報告書を公開
~ネットワーク化・オープン化の進む自動車に情報セキュリティを~
http://www.ipa.go.jp/about/press/20120531_2.html
IPA テクニカルウォッチ
「自動車の情報セキュリティ」に関するレポート
~必要性が高まる自動車の情報セキュリティ~
http://www.ipa.go.jp/about/technicalwatch/20120531.html
Skype Technologies Skype for Mac Unspecified Remote Code Execution Vulnerability
http://www.securiteam.com/securitynews/5UP3S0A75A.html
OpenSSL Invalid TLS/DTLS Record Attack Vulnerability
http://www.securiteam.com/securitynews/5TP3R0A75A.html
Joomla! JCE Component 'index.php' Cross Site Scripting Vulnerability
http://www.securiteam.com/securitynews/5SP3Q0A75A.html
Horde Groupware Input Validation Flaw in Calendar Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027106
SCADA@Home: Your health is no secret no more!
http://isc.sans.edu/diary.html?storyid=13333
NASA Man-in-the-Middle Attack: Why you should use proper SSL Certificates
http://isc.sans.edu/diary.html?storyid=13336
Why Flame is Lame
http://isc.sans.edu/diary.html?storyid=13342
ScriptFu Server Buffer Overflow in GIMP <= 2.6
http://cxsecurity.com/issue/WLB-2012050233
Wireless Manager Sony VAIO 4.0.0.0 Buffer Overflows
http://cxsecurity.com/issue/WLB-2012050232
Mapserver 3.0.4 (Windows) Remote Code Execution
http://cxsecurity.com/issue/WLB-2012050231
.NET 4 Remote Code Execution
http://cxsecurity.com/issue/WLB-2012050230
PHP Agenda 2.2.8 SQLi Vulnerability
http://cxsecurity.com/issue/WLB-2012050229
Ganesha Digital Library 4.0 Cross Site Scripting / SQL Injection
http://cxsecurity.com/issue/WLB-2012050228
Drupal Counter 6.x SQL Injection
http://cxsecurity.com/issue/WLB-2012050227
Drupal Mobile Tools 6.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012050226
Drupal Comment Moderation 6.x Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012050225
Drupal Amadou 6.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012050224
StyleDesign SQL Injection
http://cxsecurity.com/issue/WLB-2012050223
NewsAdd 1.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012050222
Ibaguenet SQL Injection
http://cxsecurity.com/issue/WLB-2012050221
activeCollab Planning Module Cross-Site Scripting and XQuery Injection Vulnerabilities
http://secunia.com/advisories/49305/
Drupal filedepot Module Session Hijacking Security Issue
http://secunia.com/advisories/49316/
SUSE update for openssl
http://secunia.com/advisories/49332/
SUSE update for openssl
http://secunia.com/advisories/49309/
MapServer for Windows PHP Code Execution Vulnerability
http://secunia.com/advisories/49358/
Drupal Mobile Tools Module Script Insertion Vulnerabilities
http://secunia.com/advisories/49318/
Drupal Comment Moderation Module Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/49326/
Drupal Amadou Theme Script Insertion Vulnerability
http://secunia.com/advisories/49328/
PostgreSQL DES Encryption Input Handling Weakness
http://secunia.com/advisories/49345/
FreeBSD DES "crypt()" Input Handling Weakness
http://secunia.com/advisories/49304/
IrfanView Formats PlugIn ECW Image Decompression Buffer Overflow Vulnerability
http://secunia.com/advisories/49204/
Red Hat update for java-1.4.2-ibm
http://secunia.com/advisories/49351/
Cisco IOS XR Denial of Service Vulnerability
http://secunia.com/advisories/49329/
Network UPS Tools "addchar()" Buffer Overflow Vulnerability
http://secunia.com/advisories/49348/
Red Hat update for kernel
http://secunia.com/advisories/49325/
LOCAL: Browser Navigation Download Trick
http://www.exploit-db.com/exploits/18959
LOCAL: MPlayer SAMI Subtitle File Buffer Overflow
http://www.exploit-db.com/exploits/18954
DoS/PoC: GIMP 2.6 script-fu < 2.8.0 Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/18956
DoS/PoC: Sony VAIO Wireless Manager 4.0.0.0 Buffer Overflows
http://www.exploit-db.com/exploits/18958
DoS/PoC: Microsoft Wordpad 5.1 (.doc) Null Pointer Dereference Vulnerability
http://www.exploit-db.com/exploits/18952
DoS/PoC: Sorensoft Power Media 6.0 Denial of Service
http://www.exploit-db.com/exploits/18962
Linux Kernel Regsets CVE-2012-1097 NULL Pointer Dereference Local Denial of Service Vulnerability
2012-06-01
http://www.securityfocus.com/bid/52274
Linux Kernel NFS Client 'decode_getacl()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50655
Linux kernel fcaps Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/53166
KVM CVE-2012-2121 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53162
Linux Kernel EXT4 'ext4_fill_flex_info()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53414
Linux Kernel CVE-2012-1090 CIFS 'umount' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52197
Linux Kernel 'journal_unmap_buffer()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51945
Linux Kernel 'memcg' NULL Pointer Deference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52324
MiniWeb Denial Of Service and Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/50827
Network UPS Tools (NUT) 'addchar()' Function Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53743
Microsoft .NET Framework Input Serialization CVE-2012-0160 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53356
Microsoft .NET Framework Serialization CVE-2012-0161 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53357
Linux Kernel 'sock_alloc_send_pskb()' Function Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53721
HP Diagnostics Server 'magentservice.exe' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51398
OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428
acpid Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/45915
OpenSSL DTLS CVE-2012-2333 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53476
PHP Volunteer Management Arbitrary File Upload and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53701
Ruby on Rails Active Record SQL Injection Vulnerability
http://www.securityfocus.com/bid/53753
strongSwan GMP Plugin Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/53752
Sorensoft Power Media '.asz' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53748
SuperNews 'noticias.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/53747
activeCollab Planning Module Cross-Site Scripting and XQuery Injection Vulnerabilities
http://www.securityfocus.com/bid/53746
IrfanView Formats PlugIn 'NCSEcw.dll' Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53744
GIMP GIF Image Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53741
WHMCS Cross Site Scripting and Multiple HTTP Parameter Pollution Vulnerabilities
http://www.securityfocus.com/bid/53740
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿