2012年6月4日月曜日
4日 月曜日、赤口
+ UPDATE: HPSBMA02224 SSRT071334 rev.2 - HP System Management Homepage (SMH) for Linux, Remote Privileged Access
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c01072894%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ UPDATE: HPSBMA02250 SSRT061275 rev.2 - HP System Management Homepage (SMH) for Linux and Windows, Remote Execution of Arbitrary Code and Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c01118771%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
+ HPSBMU02785 SSRT100526 rev.1 - HP LoadRunner Running on Windows, Remote Execution of Arbitrary Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03216705%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4789
+ HPSBPI02779 SSRT100855 rev.1 - HP Web Jetadmin v8.x Running on Windows, Remote Cross Site Scripting (XSS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03331603%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2011
+ UPDATE: HPSBUX02784 SSRT100871 rev.2 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03350339%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0507
+ Tomcat Connectors 1.2.37 Released
http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html
+ DoS/PoC: PHP 5.3.10 spl_autoload_call() Local Denial of Service
http://www.exploit-db.com/exploits/18978
+ DoS/PoC: PHP 5.3.10 spl_autoload_register() Local Denial of Service
http://www.exploit-db.com/exploits/18977
+ DoS/PoC: PHP 5.3.10 spl_autoload() Local Denial of Service
http://www.exploit-db.com/exploits/18976
プレス発表
「情報セキュリティ白書2012」を発行
~狙われる機密情報:求められる情報共有体制の整備~
http://www.ipa.go.jp/about/press/20120601.html
JVNVU#542123 複数の DNS ネームサーバの実装に問題
http://jvn.jp/cert/JVNVU542123/index.html
JVN#23328321 魔法少女まどか☆マギカ iP for Android における情報漏えいの脆弱性
http://jvn.jp/jp/JVN23328321/index.html
JVN#97995841 Segue における SQL インジェクションの脆弱性
http://jvn.jp/jp/JVN97995841/index.html
JVN#29083866 Segue におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN29083866/index.html
JVNDB-2012-001954 Adobe Flash Player および AIR の NetStream クラスにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001954.html
JVNDB-2012-001953 Windows 上で稼働する Adobe Flash Player および AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001953.html
JVNDB-2012-001629 Adobe Flash Player における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001629.html
JVNDB-2012-001628 Adobe Flash Player の Matrix3D コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001628.html
JVNDB-2012-002020 Google Chrome 上で稼働する Adobe Flash Player におけるサービス運用妨害 (メモリ破損) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002020.html
JVNDB-2012-002021 Google Chrome 上で稼働する Adobe Flash Player におけるサービス運用妨害 (メモリ破損) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002021.html
JVNDB-2012-001269 複数の Mozilla 製品におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001269.html
JVNDB-2012-001735 OpenSSL の CMS および PKCS #7 の実装におけるデータを復号化される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001735.html
JVNDB-2012-002584 Cisco ASR 9000 および CRS シリーズの Cisco IOS XR におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002584.html
JVNDB-2010-003620 TYPO3 の fileDenyPattern 機能におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-003620.html
JVNDB-2012-000054 魔法少女まどか☆マギカ iP for Android における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000054.html
JVNDB-2012-000053 Segue における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000053.html
JVNDB-2012-000052 Segue におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000052.html
Ruby on Rails Input Validation Flaw in Active Record Lets Remote Users Make Unsafe SQL Queries
http://www.securitytracker.com/id/1027113
Ruby on Rails Input Validation Flaw in Active Record Lets Remote Users Inject SQL Commands
http://www.securitytracker.com/id/1027112
cPanel Unspecified Flaws Have Unspecified Impact
http://www.securitytracker.com/id/1027111
strongSwan gmp Plugin Signature Verification Flaw Lets Remote Users Authenticate As Arbitrary Users
http://www.securitytracker.com/id/1027110
IDS Trolling - Anything new?
http://isc.sans.edu/diary.html?storyid=13360
ISC Feature of the Week: Country and Region Report
http://isc.sans.edu/diary.html?storyid=13357
Apple Releases iOS Security Specs
http://isc.sans.edu/diary.html?storyid=13348
What Does "IPv6 Day" mean to you?
http://isc.sans.edu/diary.html?storyid=13351
Puella Magi Madoka Magica iP for Android Information Disclosure Security Issue
http://secunia.com/advisories/49371/
cPanel Two Unspecified Vulnerabilities
http://secunia.com/advisories/49363/
IrfanView Formats PlugIn TTF File Handling Buffer Overflow Vulnerability
http://secunia.com/advisories/49319/
Debian update for strongswan
http://secunia.com/advisories/49315/
Ubuntu update for linux-ti-omap4
http://secunia.com/advisories/49355/
Ubuntu update for linux
http://secunia.com/advisories/49372/
Ruby on Rails Nested Query Parameters SQL Injection Vulnerability
http://secunia.com/advisories/49297/
Ubuntu update for nut
http://secunia.com/advisories/49356/
GIMP Script-Fu Server Buffer Overflow Vulnerability
http://secunia.com/advisories/49314/
strongSwan GMP Plugin RSA Signature Handling Security Bypass Vulnerability
http://secunia.com/advisories/49370/
Sony VAIO WifiMan ActiveX Control Two Buffer Overflow Vulnerabilities
http://secunia.com/advisories/49340/
IBM WebSphere Application Server Information Disclosure Vulnerability
http://secunia.com/advisories/49352/
HP-UX update for Java
http://secunia.com/advisories/49369/
SUSE update for python
http://secunia.com/advisories/49354/
FineCMS SQL Injection
http://cxsecurity.com/issue/WLB-2012060018
f2blog Remote File Uploader (RFU) Sh3ll
http://cxsecurity.com/issue/WLB-2012060017
netclimberwebdesign Cms Sql Injection Vulnerabilitiy
http://cxsecurity.com/issue/WLB-2012060016
prominenttech Cms Sql Injection Vulnerabilitiy
http://cxsecurity.com/issue/WLB-2012060015
baytech web design Cms Sql Injection Vulnerabilitiy
http://cxsecurity.com/issue/WLB-2012060014
RiteSolutions Cms Sql Injection Vulnerabilitiy
http://cxsecurity.com/issue/WLB-2012060013
ignitesolutions Cms Sql Injection Vulnerabilitiy
http://cxsecurity.com/issue/WLB-2012060012
IrfanView 4.33 Format PlugIn ECW Decompression Heap Overflow
http://cxsecurity.com/issue/WLB-2012060011
4PSA VoipNow Professional 2.5.3 Reflected XSS / CSRF (Add Reseller)
http://cxsecurity.com/issue/WLB-2012060010
Chrome 18 Anti-XSS Bypass
http://cxsecurity.com/issue/WLB-2012060009
TrueCaller Vulnerability Allows Changing Users Details
http://cxsecurity.com/issue/WLB-2012060008
4PSA VoipNow Professional 2.5.3 Cross Site Request Forgery / Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060007
Citrix Provisioning Services 5.6 SP1 Streamprocess Buffer Overflow
http://cxsecurity.com/issue/WLB-2012060006
OpenSSL 1.0.1 Buffer Overflow
http://cxsecurity.com/issue/WLB-2012060005
Noict SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012060004
MiniWeb Content-Length Denial Of Service
http://cxsecurity.com/issue/WLB-2012060003
Simple Web Content Management System 1.1 SQL Injection
http://cxsecurity.com/issue/WLB-2012060002
Regnum Christi SQL Injection
http://cxsecurity.com/issue/WLB-2012060001
REMOTE: GIMP script-fu Server Buffer Overflow
http://www.exploit-db.com/exploits/18973
REMOTE: Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020004 Buffer Overflow
http://www.exploit-db.com/exploits/18967
REMOTE: Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020006 Buffer Overflow
http://www.exploit-db.com/exploits/18968
REMOTE: Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020002 Buffer Overflow
http://www.exploit-db.com/exploits/18969
DoS/PoC: IrfanView 4.33 Format PlugIn TTF File Parsing Stack Based Overflow
http://www.exploit-db.com/exploits/18972
DoS/PoC: IrfanView 4.33 Format PlugIn ECW Decompression Heap Overflow
http://www.exploit-db.com/exploits/18964
Moodle SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53627
Moodle Multiple Information Disclosure and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/53629
Moodle CVE-2012-2367 Security Bypass Vulnerability
http://www.securityfocus.com/bid/53626
Moodle Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53632
feedparser CVE-2012-2921 Denial of Service Vulnerability
http://www.securityfocus.com/bid/53654
socat 'xioscan_readline()' Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53510
Request Tracker Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53660
Citrix Provisioning Services Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/49803
Oracle Java SE CVE-2012-0500 Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52015
Oracle Java SE CVE-2012-0504 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52020
Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014
Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017
Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018
Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012
Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194
Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability
http://www.securityfocus.com/bid/52161
Oracle Java SE CVE-2012-0499 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52016
Oracle Java SE CVE-2012-0497 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52009
Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013
Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011
Oracle Java SE CVE-2012-0498 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52019
Linux Kernel Hugepages CVE-2012-2133 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53233
Linux Kernel KVM 'kvm_apic_accept_pic_intr()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53488
Linux Kernel Regsets CVE-2012-1097 NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52274
VoipNow Professional 'nsextt' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53759
Puella Magi Madoka Magica iP for Android CVE-2012-2630 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53758
cPanel Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/53757
IrfanView Formats PlugIn TTF File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53756
IBM WebSphere Application Snoop Servlets Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53755
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿