:: IT Security Neophyte Investigator's MEMO ::: 11日月曜日、先勝

2012年6月11日月曜日

11日月曜日、先勝

+ Google Chrome 19.0.1084.56 released
http://googlechromereleases.blogspot.jp/2012/06/stable-channel-update_08.html

+ APSB12-14 Security updates available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb12-14.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2034
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2040

+ CentOS alert CESA-2012:0716 (bind)
http://lwn.net/Alerts/501076/
http://lwn.net/Alerts/501077

+ CentOS alert CESA-2012:0717 (bind97)
http://lwn.net/Alerts/501078/

+ Squid 3.1.20 released
http://www.squid-cache.org/Versions/v3/3.1/RELEASENOTES.html

+ Linux kernel 3.4.2, 3.0.34 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.2
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.34

+ Microsoft .NET Framework Serialization Remote Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/5RP2X2A7FA.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0161

+ Microsoft IIS 6.0/7.5 Multiple Vulns
http://cxsecurity.com/issue/WLB-2012060118

+ REMOTE: Microsoft IIS 6.0 and 7.5 Multiple Vulnerabilities
http://www.exploit-db.com/exploits/19033

EndPointConnect (EPC) DLL hijacking vulnerability
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk76480&src=securityAlerts

緊急メンテナンス実施のお知らせ：製品プログラムダウンロードページ
http://www.trendmicro.co.jp/support/news.asp?id=1794

メールアカウントの乗っ取りが相次ぐ、パスワードの入手方法は不明
ISPのサーバーを悪用、正規ユーザーになりすまして迷惑メールを送信
http://itpro.nikkeibp.co.jp/article/NEWS/20120608/401139/?ST=security

日本インターネットポイント協議会がガイドラインを修正、ポイント不正利用対策を義務化
http://itpro.nikkeibp.co.jp/article/NEWS/20120608/401081/?ST=security

LinkedIn、650万件のパスワード流出を謝罪、当局と調査続行
http://itpro.nikkeibp.co.jp/article/NEWS/20120608/401021/?ST=security

JVNVU#442595 ScrumWorks Pro に権限昇格の脆弱性
http://jvn.jp/cert/JVNVU442595/

JVNDB-2012-002605 Xinetd の builtins.c におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002605.html

JVNDB-2012-002604 RPM の headerVerifyInfo 関数におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002604.html

JVNDB-2012-002603 RPM の headerLoad 関数におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002603.html

JVNDB-2012-002602 RPM におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002602.html

JVNDB-2012-002634 ScrumWorks Pro に権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002634.html

JVNDB-2011-002786 Apache HTTP Server におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002786.html

Preying on Users After Major Security Incidents
http://isc.sans.edu/diary.html?storyid=13423

Adobe Updates for Flash Player. More info can be found here --> http://www.adobe.com/support/security/bulletins/apsb12-14.html
http://isc.sans.edu/diary.html?storyid=13417

Print bomb?
http://isc.sans.edu/diary.html?storyid=13405

Follow up on Got packets? Interested in TCP/8909, TCP/6666, TCP/9415, TCP/27977 and UDP/7
http://isc.sans.edu/diary.html?storyid=13411

Packets wanted, DNS DDOS attacks
http://isc.sans.edu/diary.html?storyid=13414

Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information
http://www.securitytracker.com/id/1027139

HP Web Jetadmin Input Validation Hole Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027138

F5 BIG-IP SSH Configuration Error Lets Remote Users Gain Root Access
http://www.securitytracker.com/id/1027137

VU#815532 ForeScout CounterACT reflected XSS vulnerability
http://www.kb.cert.org/vuls/id/815532

Adobe Flash Player Multiple Vulnerabilities
http://secunia.com/advisories/49388/

Debian update for nss
http://secunia.com/advisories/49367/

Network Security Services ASN.1 Decoder Denial of Service
http://secunia.com/advisories/49288/

F5 Products Unspecified SSH Configuration Security Issue
http://secunia.com/advisories/49396/

Apache CXF WS-SecurityPolicy SupportingToken Two Security Issues
http://secunia.com/advisories/49361/

Audio Editor Master CD Audio File Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/49422/

Oracle Mojarra "FacesContext" Information Disclosure Vulnerability
http://secunia.com/advisories/49284/

Pale Moon Multiple Vulnerabilities
http://secunia.com/advisories/49252/

Debian update for openoffice.org
http://secunia.com/advisories/49373/

Red Hat update for bind97
http://secunia.com/advisories/49425/

Red Hat update for bind
http://secunia.com/advisories/49426/

WordPress Nmedia Member Conversation Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49375/

WordPress Front End Upload Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49434/

Wordpress Omni Secure Files Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49441/

SRWare Iron Multiple Vulnerabilities
http://secunia.com/advisories/49420/

Atlassian Bamboo XML Parsing Vulnerability
http://secunia.com/advisories/49407/

Quagga "bgp_capability_orf()" Denial of Service Vulnerability
http://secunia.com/advisories/49401/

IBM Lotus iNotes Upload Module ActiveX Control Buffer Overflow Vulnerability
http://secunia.com/advisories/49443/

Cnectd for Android Unspecified Vulnerability
http://secunia.com/advisories/49347/

IBM SPSS Data Collection Developer Library Eclipse Help System Vulnerabilities
http://secunia.com/advisories/49455/

IBM Eclipse Help System Redirection Weakness and Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49438/

Debian update for iceape and iceweasel
http://secunia.com/advisories/49344/

NetEase Reader for Android Unspecified Vulnerability
http://secunia.com/advisories/49349/

NetEase Weibo for Android Unspecified Vulnerability
http://secunia.com/advisories/49389/

TYPO3 powermail Extension Scheduler Module Script Insertion Vulnerability
http://secunia.com/advisories/49406/

NetEase WeiboHD for Android Unspecified Vulnerability
http://secunia.com/advisories/49415/

Ubuntu update for firefox
http://secunia.com/advisories/49446/

F5 FirePass PHP Web Form Hash Collision Denial of Service
http://secunia.com/advisories/49376/

[SECURITY] [DSA 2488-1] iceweasel security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00038.html

[SECURITY] [DSA 2489-1] iceape security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00036.html

[SECURITY] [DSA 2490-1] nss security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00037.html

Analysis: Vast IPv6 address space actually enables IPv6 attacks
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00039.html

CVE-2012-3287: md5crypt is no longer considered safe
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00032.html

[SECURITY] [DSA 2487-1] openoffice.org security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00035.html

Microsoft IIS 6.0/7.5 Multiple Vulns
http://cxsecurity.com/issue/WLB-2012060118

Apache CXF failed token element verification
http://cxsecurity.com/issue/WLB-2012060117

Apache CXF pickup of child policies
http://cxsecurity.com/issue/WLB-2012060116

RIPS Scanner 0.10 File Disclosure
http://cxsecurity.com/issue/WLB-2012060115

Webspell FIRSTBORN Movie-Addon Blind SQL Injection
http://cxsecurity.com/issue/WLB-2012060114

WordPress Front End Upload 0.5.3 Shell Upload
http://cxsecurity.com/issue/WLB-2012060113

WordPress Omni Secure Files 0.1.13 Shell Upload
http://cxsecurity.com/issue/WLB-2012060112

WordPress Front File Manager 0.1 Shell Upload
http://cxsecurity.com/issue/WLB-2012060111

WordPress Easy Contact Forms Export 1.1.0 File Disclosure
http://cxsecurity.com/issue/WLB-2012060110

WordPress Hungred Post Thumbnail 2.1.9 Shell Upload
http://cxsecurity.com/issue/WLB-2012060109

WordPress PICA Photo Gallery 1.0 File Disclosure
http://cxsecurity.com/issue/WLB-2012060108

WordPress PDW File Browser 1.1 Shell Upload
http://cxsecurity.com/issue/WLB-2012060107

WordPress Picturesurf Gallery 1.2 Shell Upload
http://cxsecurity.com/issue/WLB-2012060106

WordPress Tinymce Thumbnail Gallery 1.0.7 File Disclosure
http://cxsecurity.com/issue/WLB-2012060105

WordPress Newsletter 1.5 File Disclosure
http://cxsecurity.com/issue/WLB-2012060104

WordPress wpStoreCart 2.5.29 Shell Upload
http://cxsecurity.com/issue/WLB-2012060103

WordPress Simple Download Button Shortcode 1.0 File Disclosure
http://cxsecurity.com/issue/WLB-2012060102

WordPress RBX Gallery 2.1 Shell Upload
http://cxsecurity.com/issue/WLB-2012060101

WordPress Thinkun Remind 1.1.3 File Disclosure
http://cxsecurity.com/issue/WLB-2012060100

Safari iOS Denial Of Service
http://cxsecurity.com/issue/WLB-2012060099

Sielco Sistemi Winlog Buffer Overflow 2.07.14
http://cxsecurity.com/issue/WLB-2012060098

ComSndFTP 1.3.7 Beta Format String Overflow
http://cxsecurity.com/issue/WLB-2012060097

phpAccounts 0.5.3 SQL Injection
http://cxsecurity.com/issue/WLB-2012060096

PHPNet 1.8 SQL Injection
http://cxsecurity.com/issue/WLB-2012060095

CMS Wizard SQL Injection
http://cxsecurity.com/issue/WLB-2012060094

CiativaWeb SQL Injection
http://cxsecurity.com/issue/WLB-2012060093

RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution
http://cxsecurity.com/issue/WLB-2012060092

Symantec Web Gateway upload_file Remote Code Execution
http://cxsecurity.com/issue/WLB-2012060091

Symantec Web Gateway Shell Command Injection Remote Code Execution
http://cxsecurity.com/issue/WLB-2012060090

Mybb 1.6.8 Sql Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012060089

Lattice Semiconductor PAC-Designer 6.21 Code Execution
http://cxsecurity.com/issue/WLB-2012060088

Samsung NET-i viewer Multiple ActiveX BackupToAvi() Remote Overflow
http://cxsecurity.com/issue/WLB-2012060087

Microsoft (win2000) IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow
http://cxsecurity.com/issue/WLB-2012060086

Microsoft (win2000) IIS MDAC msadcs.dll RDS Remote Command Execution
http://cxsecurity.com/issue/WLB-2012060085

Microsoft Windows OLE Object File Handling Remote Code Execution
http://cxsecurity.com/issue/WLB-2012060084

Serendipity 1.6.1 SQL Injection
http://cxsecurity.com/issue/WLB-2012060083

SN News 1.2 SQL Injection
http://cxsecurity.com/issue/WLB-2012060082

JW Player 5.9 Cross Site Scripting / Content Spoofing
http://cxsecurity.com/issue/WLB-2012060081

libmodplug <= 0.8.8.2 .abc stack-based buffer overflow poc
http://cxsecurity.com/issue/WLB-2012060080

WordPress Gallery 3.06 Shell Upload
http://cxsecurity.com/issue/WLB-2012060079

WordPress MM Forms Community 2.2.5 / 2.2.6 Shell Upload
http://cxsecurity.com/issue/WLB-2012060078

WordPress VideoWhisper Video Presentation 3.17 Shell Upload
http://cxsecurity.com/issue/WLB-2012060077

Drupal Simplenews 6.x / 7.x Information Disclosure
http://cxsecurity.com/issue/WLB-2012060076

Drupal Authoring HTML 6.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060075

Drupal Protest 6.x / 7.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060074

Drupal Maestro 7.x Cross Site Scripting / Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012060073

Drupal Tokenauth 6.x Access Bypass
http://cxsecurity.com/issue/WLB-2012060072

Drupal Organic Groups 6.x Cross Site Scripting / Access Bypass
http://cxsecurity.com/issue/WLB-2012060071

Drupal Node Embed 6.x / 7.x Access Bypass
http://cxsecurity.com/issue/WLB-2012060070

HP DataDirect OpenAccess GIOP Parsing Remote Code Execution Vulnerability
http://cxsecurity.com/issue/WLB-2012060069

P DataDirect OpenAccess GIOP Opcode 0x0E Remote Code Execution
http://cxsecurity.com/issue/WLB-2012060068

RealNetworks RealPlayer raac.dll stsz Remote Code Execution
http://cxsecurity.com/issue/WLB-2012060067

RealNetworks RealPlayer dmp4 esds Width Remote Code Execution
http://cxsecurity.com/issue/WLB-2012060066

RealNetworks RealPlayer rvrender RMFF Flags Remote Code Execution
http://cxsecurity.com/issue/WLB-2012060065

Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution
http://cxsecurity.com/issue/WLB-2012060064

RealNetworks RealPlayer RV10 Encoded Height/Width Remote Code Execution
http://cxsecurity.com/issue/WLB-2012060063

Oracle Java OpenGL Arbitrary Native Library Loading Remote Code Execution
http://cxsecurity.com/issue/WLB-2012060062

REMOTE: Tom Sawyer Software GET Extension Factory Remote Code Execution
http://www.exploit-db.com/exploits/19030

REMOTE: Microsoft IIS 6.0 and 7.5 Multiple Vulnerabilities
http://www.exploit-db.com/exploits/19033

DoS/PoC: ComSndFTP Server 1.3.7 Beta Remote Format String Overflow
http://www.exploit-db.com/exploits/19024

Samba 'Perl-Based DCE/RPC IDL' Compiler Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52973

Mozilla Firefox/Thunderbird/SeaMonkey Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53792

:: IT Security Neophyte Investigator's MEMO ::

2012年6月11日月曜日

11日月曜日、先勝

0 件のコメント:

コメントを投稿

2012年6月11日月曜日

11日 月曜日、先勝

0 件のコメント:

コメントを投稿

11日月曜日、先勝