:: IT Security Neophyte Investigator's MEMO ::: 21日木曜日、赤口

2012年6月21日木曜日

21日木曜日、赤口

+ RHSA-2012:0796 Moderate: rsyslog security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-0796.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4623

+ RHSA-2012:0748 Low: libvirt security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-0748.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2693

+ RHSA-2012:0810 Low: busybox security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-0810.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2716

+ RHSA-2012:0811 Low: php-pecl-apc security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-0811.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3294

+ RHSA-2012:0987 Low: sblim-cim-client2 security update
http://rhn.redhat.com/errata/RHSA-2012-0987.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2328

+ RHSA-2012:0862 Moderate: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-0862.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4131

+ RHSA-2012:0899 Low: openldap security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-0899.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1164

+ RHSA-2012:0958 Low: sos security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-0958.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2664

+ RHSA-2012:0813 Low: 389-ds-base security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-0813.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0833

+ RHSA-2012:0774 Low: libguestfs security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-0774.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2690

+ RHSA-2012:0874 Low: mysql security and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-0874.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2102

+ RHSA-2012:0939 Low: xorg-x11-server security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-0939.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4029

+ RHSA-2012:0884 Low: openssh security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-0884.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5000

+ RHSA-2012:0973 Moderate: nss, nss-util, and nspr security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-0973.html

+ RHSA-2012:1009 Important: java-1.7.0-openjdk security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-1009.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1726

+ RHSA-2012:0876 Moderate: net-snmp security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-0876.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2141

+ RHSA-2012:0902 Low: cifs-utils security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-0902.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1586

+ RHSA-2012:0997 Moderate: 389-ds-base security update
http://rhn.redhat.com/errata/RHSA-2012-0997.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2746

+ RHSA-2012:0841 Low: abrt, libreport, btparser, and python-meh security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-0841.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1106

+ RHSA-2012:0880 Moderate: qt security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-0880.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3922

+ UPDATE: Cisco Application Control Engine Administrator IP Address Overlap Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3063

+ Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2496

+ Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-asaipv6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3058

+ Cross-site scripting (XSS) vulnerability in Webmin
https://blogs.oracle.com/sunsecurity/entry/cve_2011_1937_cross_site
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1937

+ Multiple vulnerabilities in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2131

+ Multiple Integer overflow vulnerabilities in ImageMagick
https://blogs.oracle.com/sunsecurity/entry/cve_2006_3744_multiple_integer
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3744

+ Multiple vulnerabilities in ImageMagick
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_imagemagick1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4167

+ Multiple vulnerabilities in ImageMagick
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_imagemagick
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988

+ Multiple Denial of Service (DoS) vulnerabilities in libxml2
https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3919

+ Multiple Denial of Service (DoS) vulnerabilities in libxml2
https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2834

+ Denial of Service (DoS) vulnerability in libxml2
https://blogs.oracle.com/sunsecurity/entry/cve_2011_0216_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0216

+ Denial of Service (DoS) vulnerability in libxml2
https://blogs.oracle.com/sunsecurity/entry/cve_2011_1944_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1944

+ Denial of Service (DoS) vulnerability in libxml2
https://blogs.oracle.com/sunsecurity/entry/cve_2010_4008_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4008

+ Multiple Denial of Service (DoS) vulnerabilities in FreeType
https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1144

+ Buffer overflow vulnerability in libxml2
https://blogs.oracle.com/sunsecurity/entry/cve_2008_3529_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529

+ Linux kernel 3.2.21 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.21

ウイルスバスターコーポレートエディション 10.6 リパック版公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1799

[ MDVSA-2012:097 ] python
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00130.html

Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00127.html

Cisco Security Advisory: Cisco Application Control Engine Administrator IP Address Overlap Vulnerabi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00128.html

Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00129.html

[ MDVSA-2012:096 ] python
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00126.html

Commentics 2.0 <= Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00125.html

Multiple vulnerabilities in web@all
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00124.html

[Announcement] ClubHack Magazine Issue 29, June 2012 Released
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00123.html

トレンドマイクロがパスワード管理ツール、無料版を先行公開
登録ID数が無制限の有料版は2012年秋提供、月額200円以下を予定
http://itpro.nikkeibp.co.jp/article/NEWS/20120621/404307/?ST=security

ラック、標的型攻撃で侵入したウイルスを解析するサービス
http://itpro.nikkeibp.co.jp/article/NEWS/20120620/404249/?ST=security

シマンテック、セキュリティの専門知識を備えた人材育成の教育プログラムを提供開始
http://itpro.nikkeibp.co.jp/article/NEWS/20120620/404248/?ST=security

トレンドマイクロ、パスワード管理ソフトを無償配布開始
http://itpro.nikkeibp.co.jp/article/NEWS/20120620/404247/?ST=security

インテルがvProの新版を発表、PKI関連の機能などを強化
http://itpro.nikkeibp.co.jp/article/NEWS/20120620/404186/?ST=security

JVNDB-2010-002486 OpenSSL の ssl/t1_lib.c における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002486.html

JVNDB-2011-001843 LibreOffice に複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001843.html

JVNDB-2012-002466 Gajim の src/common/latex.py における任意のファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002466.html

JVNDB-2012-002677 Microsoft Internet Explorer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002677.html

JVNDB-2012-002349 Microsoft Excel および Microsoft Office における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002349.html

JVNDB-2012-002784 複数の Mozilla 製品の nsHTMLSelectElement 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002784.html

JVNDB-2012-002783 libvirt における異なるデバイスを関連づける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002783.html

JVNDB-2012-002782 MantisBT におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002782.html

JVNDB-2012-002781 MantisBT の mc_issue_note_update 関数における任意の bugnote を編集される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002781.html

JVNDB-2012-002780 OpenLDAP の libraries/libldap/tls_m.c における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002780.html

JVNDB-2012-002779 PyCrypto における秘密鍵を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002779.html

JVNDB-2012-002778 OpenOffice およびその他の製品で使用される Redland Raptor における任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002778.html

JVNDB-2012-002777 Linux Kernel の xfrm6_tunnel_rcv 関数におけるメモリ二重解放の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002777.html

JVNDB-2012-002776 Cobbler の action_power.py における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002776.html

JVNDB-2012-002775 PyPam の PAMmodule.c 内の PyPAM_conv におけるメモリ二重解放の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002775.html

JVNDB-2012-002774 Red Hat Network Satellite におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002774.html

JVNDB-2012-002328 Oracle GlassFish Enterprise Server における Web コンテナの処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002328.html

JVNDB-2012-002773 Gnash の plugin/npapi/plugin.cpp における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002773.html

JVNDB-2012-002772 Oracle Mojarra におけるコンテキスト情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002772.html

JVNDB-2012-002771 Rack::Cache rubygem における重要なクッキー情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002771.html

JVNDB-2012-002770 Collabtive の manageuser.php におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002770.html

CVE-2012-0217 (from MS12-042) applies to other environments too
http://isc.sans.edu/diary.html?storyid=13510

Cisco Secure Desktop Software Update Bug Lets Remote Users Downgrade the Target User to an Older Version
http://www.securitytracker.com/id/1027190

Cisco AnyConnect Secure Mobility Client Software Update Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027189

Cisco Application Control Engine IP Address Overlap May Let Remote Authenticated Administrators Login to the Incorrect Context
http://www.securitytracker.com/id/1027188

Cisco ASA 5500 Series IPv6 Processing Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027187

Microsoft Internet Explorer CollectionCache Remote Use-After-Free
http://cxsecurity.com/issue/WLB-2012060254

Adobe Flash Player AVM Verification Logic Array Indexing Code Execution
http://cxsecurity.com/issue/WLB-2012060253

Microsoft Internet Explorer GetAtomTable Remote Use-After-Free
http://cxsecurity.com/issue/WLB-2012060252

Microsoft Internet Explorer Col Element Remote Heap Overflow
http://cxsecurity.com/issue/WLB-2012060251

CMS Balitbang Cross Site Request Forgery / Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060250

iBoutique eCommerce 4.0 SQL Injection / Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060249

SolarWinds Network Performance Monitor Blind SQL Injection
http://cxsecurity.com/issue/WLB-2012060248

Irancell WiMAX Connection Manager memory corruption
http://cxsecurity.com/issue/WLB-2012060247

vBulletin 4.2.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060246

Sonna SQL Injection
http://cxsecurity.com/issue/WLB-2012060245

Fireshop SQL Injection
http://cxsecurity.com/issue/WLB-2012060244

Sana Net SQL Injection
http://cxsecurity.com/issue/WLB-2012060243

e107 Filemanager 1.0 Shell Upload
http://cxsecurity.com/issue/WLB-2012060242

e107 FileDownload 1.1 Shell Upload / File Disclosure
http://cxsecurity.com/issue/WLB-2012060241

e107 Tap 2.0 Shell Upload
http://cxsecurity.com/issue/WLB-2012060240

e107 Hupsi Share 1.00 Shell Upload
http://cxsecurity.com/issue/WLB-2012060239

e107 Image Gallery 0.9.7.1 File Disclosure
http://cxsecurity.com/issue/WLB-2012060238

e107 Hupsi Fancybox 1.0.4 Shell Upload
http://cxsecurity.com/issue/WLB-2012060237

e107 Hupsi Media Gallery 1.0 Shell Upload
http://cxsecurity.com/issue/WLB-2012060236

e107 Radio Plan 2.06 Shell Upload
http://cxsecurity.com/issue/WLB-2012060235

Red Hat update for 389-ds-base
http://secunia.com/advisories/49562/

Red Hat update for rsyslog
http://secunia.com/advisories/49603/

Red Hat update for java-1.7.0-openjdk
http://secunia.com/advisories/49560/

Red Hat update for java-1.7.0-oracle
http://secunia.com/advisories/49569/

Red Hat update for xorg-x11-server
http://secunia.com/advisories/49579/

Red Hat update for kernel
http://secunia.com/advisories/49594/

Red Hat update for net-snmp
http://secunia.com/advisories/49596/

Red Hat update for mysql
http://secunia.com/advisories/49597/

Red Hat update for php-pecl-apc
http://secunia.com/advisories/49598/

Red Hat update for qt
http://secunia.com/advisories/49604/

Red Hat update for openldap
http://secunia.com/advisories/49607/

Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform
http://secunia.com/advisories/49635/

Red Hat update for JBoss Enterprise Products
http://secunia.com/advisories/49636/

Red Hat update for libguestfs
http://secunia.com/advisories/49545/

WordPress TheCartPress Plugin Order Information Security Bypass
http://secunia.com/advisories/49652/

Balitbang CMS Multiple Vulnerabilities
http://secunia.com/advisories/49580/

e107 Hupsi Fancybox Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49591/

e107 Image Gallery Plugin "name" File Download Vulnerability
http://secunia.com/advisories/49589/

e107 Radio Plan Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49585/

e107 Hupsis Media Gallery Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49584/

e107 Hupsi Share Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49583/

Ubuntu update for php5
http://secunia.com/advisories/49626/

Edimax IC-3030iWn Network Camera Password Disclosure Vulnerability
http://secunia.com/advisories/49524/

SUSE update for kernel
http://secunia.com/advisories/49628/

JW Player Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49615/

Adobe Flash Player AVM Verification Logic Array Indexing Code Execution
http://www.exploit-db.com/exploits/19295

Sysax <= 5.62 Admin Interface Local Buffer Overflow
http://www.exploit-db.com/exploits/19293

Oracle Java SE CVE-2012-1724 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53958

Oracle Java SE CVE-2012-1723 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53960

Oracle Java SE CVE-2012-1719 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53950

Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952

Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951

Oracle Java SE CVE-2012-1713 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53946

Oracle Java SE CVE-2012-1725 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53954

Oracle Java SE CVE-2012-1716 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53947

Oracle Java SE CVE-2012-1726 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53948

Oracle Java SE CVE-2012-1722 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53953

Oracle Java SE CVE-2012-1721 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53959

Oracle GlassFish Server Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53136

PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52188

Quagga bgpd 'bgp_capability_orf()' BGP OPEN Message Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53775

Oracle Database Server 'TNS Listener' Remote Poisoning Vulnerability
http://www.securityfocus.com/bid/53308

Python SimpleHTTPServer 'list_directory()' Function Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54083

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49778

Python SimpleXMLRPCServer Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51996

Expat XML Parsing Multiple Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52379

python 'distutils' Component '~/.pypirc' File Local Race Condition Vulnerability
http://www.securityfocus.com/bid/52732

Python Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51239

Oracle MySQL Server Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/52931

BusyBox 'udhcpc' Shell Characters in Response Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/48879

389 Directory Server Certificate Groups Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52044

Linux Kernel NFS Client 'decode_getacl()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50655

Linux Kernel epoll Subsystem 'eventpoll.c' Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/46630

Qt SSL Certificate IP Address Wildcard Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/42833

Google Chrome Prior to 16.0.912.75 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51300

PECL Alternative PHP Cache 'apc.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/43218

Net-SNMP SNMP GET Request Denial of Service Vulnerability
http://www.securityfocus.com/bid/53255

X.Org X11 File Enumeration Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50193

X.Org X11 File Read Permission Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50196

OpenLDAP LDAP Search Request Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52404

RSyslog Function Imfile Module Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51171

libguestfs File Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53932

Samba mount.cifs Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/52742

GNU Common Internet File System (CIFS) setuid 'mount.cifs' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53246

Multiple AntiVirus Products CVE-2012-1459 TAR File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/52623

Multiple AntiVirus Products CVE-2012-1458 CHM File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/52611

Multiple AntiVirus Products CVE-2012-1457 TAR File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/52610

Edimax IC-3030iWn UDP Packet Password Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54006

Linux Kernel HFS Plus Filesystem Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53401

Linux Kernel dl2k Network Driver IOCTL Handling Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53965

Linux Kernel 'fs/befs/linuxvfs.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/49256

Linux Kernel 'hfs_mac2asc()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50750

Red Hat Enterprise Linux NFSv4 Mount Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50798

Linux Kernel 'xfs_readlink()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50370

Adobe Flash Player CVE-2011-2110 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/48268

Linux Kernel KVM 'kvm_apic_accept_pic_intr()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53488

IBM System Storage Manager Profiler SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/54112

Drupal Privatemsg Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54110

web@all Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/54109

Cisco AnyConnect Secure Mobility Client Downgrade Security Weaknesses
http://www.securityfocus.com/bid/54108

Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54107

Cisco ASA 5500 Series and Cisco Catalyst 6500 Series Denial of Service Vulnerability
http://www.securityfocus.com/bid/54106

Commentics 'index.php' Arbitrary File Deletion Vulnerability
http://www.securityfocus.com/bid/54104

WordPress TheCartPress Plugin 'PrintOrder.php' Script Security Bypass Vulnerability
http://www.securityfocus.com/bid/54103

FireDesign fireshop 'news.php' Script SQL Injection Vulnerability
http://www.securityfocus.com/bid/54095

:: IT Security Neophyte Investigator's MEMO ::

2012年6月21日木曜日

21日木曜日、赤口

0 件のコメント:

コメントを投稿

2012年6月21日木曜日

21日 木曜日、赤口

0 件のコメント:

コメントを投稿

21日木曜日、赤口