:: IT Security Neophyte Investigator's MEMO ::: 8日金曜日、仏滅

2012年6月8日金曜日

8日金曜日、仏滅

+ RHSA-2012:0716 Important: bind security update
http://rhn.redhat.com/errata/RHSA-2012-0716.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667

+ RHSA-2012:0717 Important: bind97 security update
http://rhn.redhat.com/errata/RHSA-2012-0717.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667

+ CentOS alert CESA-2012:0715 (thunderbird)
http://lwn.net/Alerts/500828/

+ マイクロソフトセキュリティ情報の事前通知 - 2012 年 6 月
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-jun

迷惑/詐欺メール検索エンジン TMASE 7.0(ビルド 1014) 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1791

一部の弊社製品において検索が途中で止まってしまう現象について
http://www.trendmicro.co.jp/support/news.asp?id=1793

標的型攻撃対策の米FireEyeが日本法人を設立
http://itpro.nikkeibp.co.jp/article/NEWS/20120607/400861/?ST=security

Linkedinのパスワードが流出、650万件がハッカーフォーラムで公開との報道
http://itpro.nikkeibp.co.jp/article/NEWS/20120607/400824/?ST=security

JVN#18397171 FeedDemon において任意のスクリプトが実行される脆弱性
http://jvn.jp/jp/JVN18397171/

JVNVU#458153 複数のビデオドライバが ASLR 機能をサポートしていない問題
http://jvn.jp/cert/JVNVU458153/

[SECURITY] [DSA 2480-3] request-tracker3.8 regression update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00031.html

ComSndFTP Server Remote Format String Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00030.html

Mybb 1.6.8 Sql Injection Vulnerabilitiy
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00029.html

Secunia Research: Network Instruments Observer SNMP Processing Buffer Overflows
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00028.html

Secunia Research: Network Instruments Observer SNMP OID Processing Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00027.html

ZDI-12-089 : HP DataDirect OpenAccess GIOP Parsing Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00026.html

ZDI-12-088 : HP DataDirect OpenAccess GIOP Opcode 0x0E Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00025.html

ZDI-12-087 : RealNetworks RealPlayer raac.dll stsz Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00024.html

ZDI-12-086 : RealNetworks RealPlayer rvrender RMFF Flags Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00023.html

ZDI-12-085 : RealNetworks RealPlayer dmp4 esds Width Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00022.html

ZDI-12-084 : RealNetworks RealPlayer RV10 Encoded Height/Width Remote Code Execution Vulnera
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00021.html

ZDI-12-083 : Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution Vulnerabi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00020.html

ZDI-12-081 : Oracle Java GlueGen Arbitrary Native Library Loading Remote Code Execution Vuln
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00019.html

ZDI-12-080 : Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00018.html

ZDI-12-079 : Apple QuickTime H264 Picture Width Parsing Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00017.html

ZDI-12-078 : Apple QuickTime SVQ3 Codec mb_skip_run Parsing Remote Code Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00016.html

ZDI-12-077 : Apple QuickTime QTVR QTVRStringAtom Parsing Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00015.html

ZDI-12-076 : Apple QuickTime MPEG Stream Padding Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00014.html

ZDI-12-075 : Apple Quicktime RLE Sample Decoding Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00013.html

JVNDB-2012-002633 (JVNVU#458153) 複数のビデオドライバが ASLR 機能をサポートしていない問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002633.html

JVNDB-2012-002632 OpenStack Dashboard (Horizon) における Web セッションをハイジャックされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002632.html

JVNDB-2012-002631 OpenStack Dashboard (Horizon) におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002631.html

JVNDB-2012-002630 ImageMagick の TIFFGetEXIFProperties 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002630.html

JVNDB-2012-002629 ImageMagick の magick/property.c 内の GetEXIFProperty 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002629.html

JVNDB-2012-002628 ImageMagick の profile.c 内の SyncImageProfiles 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002628.html

JVNDB-2012-002627 ImageMagick の magick/profile.c または magick/property.c における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002627.html

JVNDB-2012-002592 (JVNVU#381699) ISC BIND にサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002592.html

JVNDB-2012-002622 Dropbear SSH server における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002622.html

JVNDB-2012-002621 Keystone で使用される SQLAlchemy における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002621.html

JVNDB-2012-002620 複数の Mozilla 製品の glBufferData 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002620.html

JVNDB-2012-002619 複数の Mozilla 製品の utf16_to_isolatin1 関数におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002619.html

JVNDB-2012-002618 複数の Mozilla 製品の nsINode::ReplaceOrInsertBefore 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002618.html

JVNDB-2012-002617 複数の Mozilla 製品における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002617.html

JVNDB-2012-002616 複数の Mozilla 製品の CSP の実装におけるクロスサイトスクリプティング攻撃を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002616.html

JVNDB-2012-002615 Windows 上で稼働する複数の Mozilla 製品における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002615.html

JVNDB-2012-002614 Windows 上で稼働する複数の Mozilla 製品における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002614.html

JVNDB-2012-002613 複数の Mozilla 製品におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002613.html

JVNDB-2012-002612 複数の Mozilla 製品の nsFrameList::FirstChild 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002612.html

JVNDB-2012-002611 Mozilla Firefox ESR および Thunderbird ESR におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002611.html

JVNDB-2012-002610 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002610.html

JVNDB-2012-002609 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002609.html

JVNDB-2012-002608 Mozilla Network Security Services の ASN.1 デコーダにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002608.html

JVNDB-2012-000056 (JVN#18397171) FeedDemon において任意のスクリプトが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000056.html

PMI: Hacking servers that are turned "off"
http://isc.sans.edu/diary.html?storyid=13399

Microsoft June Security Bulletin Advance Notification
http://isc.sans.edu/diary.html?storyid=13402

IBM WebSphere Sensor Events Input Validation Flaws Permit Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027134

VU#442595 ScrumWorks Pro privilege escalation vulnerability
http://www.kb.cert.org/vuls/id/442595

IBM DB2 Multiple Vulnerabilities
http://secunia.com/advisories/49437/

IBM Scale Out Network Attached Storage Samba Vulnerability
http://secunia.com/advisories/49445/

IBM Storwize V7000 Unified Samba Vulnerability
http://secunia.com/advisories/49449/

FeedDemon Feed Preview Script Insertion Vulnerability
http://secunia.com/advisories/49427/

Siemens SIMATIC WinCC Multiple Vulnerabilities
http://secunia.com/advisories/49341/

WordPress FCChat Widget Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49419/

IBM WebSphere Sensor Events Multiple Vulnerabilities
http://secunia.com/advisories/49413/

Siemens SIMATIC WinCC DiagAgent Buffer Overflow Vulnerability
http://secunia.com/advisories/49359/

Vanilla Forums kPoll Plugin Poll Title Script Insertion Vulnerability
http://secunia.com/advisories/49421/

Drupal Protest Module "protest_body" Script Insertion Vulnerability
http://secunia.com/advisories/49386/

Drupal Authoring HTML Whitelist Security Bypass Vulnerability
http://secunia.com/advisories/49387/

NetBSD update for openssl
http://secunia.com/advisories/49264/

NetBSD update for openssl
http://secunia.com/advisories/49440/

WordPress MM Forms Community Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49411/

Ubuntu update for nova
http://secunia.com/advisories/49439/

Red Hat update for thunderbird
http://secunia.com/advisories/49435/

Red Hat update for firefox
http://secunia.com/advisories/49405/

Wordpress Font Uploader Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49327/

GEAR CD DVD Filter Driver GEARAspiWDM.sys 222000h IOCTL Handling Vulnerabilities
http://secunia.com/advisories/44647/

OpenStack Compute (Nova) "Security Group" Security Bypass Security Issue
http://secunia.com/advisories/46808/

Drupal Maestro Module Script Insertion and Cross-Site Request Forgery Vulnerabilities
http://secunia.com/advisories/49393/

Ubuntu update for ubuntuone-client and ubuntuone-storage-protocol
http://secunia.com/advisories/49442/

Ubuntu update for ubuntu-sso-client
http://secunia.com/advisories/49448/

Drupal Node Embed Module Node Titles Security Bypass Security Issue
http://secunia.com/advisories/48348/

WordPress VideoWhisper Video Presentation Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49410/

Drupal Organic Groups Module Security Bypass and Script Insertion Vulnerabilities
http://secunia.com/advisories/49397/

Drupal Tokenauth Module URL Token Security Bypass Vulnerability
http://secunia.com/advisories/49400/

SyndeoCMS Script Insertion and SQL Injection Vulnerabilities
http://secunia.com/advisories/47384/

LOCAL: Lattice Semiconductor PAC-Designer 6.21 (*.PAC) Exploit
http://www.exploit-db.com/exploits/19006

socat 'xioscan_readline()' Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53510

Linux Kernel CVE-2012-2373 Race Condition Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53614

Linux Kernel 'mmap()' Failure Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53668

OpenOffice Prior to 3.4 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/53570

Microsoft Data Access Components RDS Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/6214

Samsung NET-i ware Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/53193

ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53772

ISC BIND CVE-2012-1033 Security Bypass Vulnerability
http://www.securityfocus.com/bid/51898

Serendipity 'functions_trackbacks.inc.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/53620

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1947 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53791

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1939 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53797

Google Chrome Prior to 19 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53540

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1941 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53793

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1937 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53800

Mozilla Firefox/Thunderbird/SeaMonkey CSP's Inline-Script Blocking Feature Security Bypass Weakness
http://www.securityfocus.com/bid/53801

Mozilla Firefox/Thunderbird/SeaMonkey '.lnk' Files Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53799

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1940 Use After Free Vulnerability
http://www.securityfocus.com/bid/53794

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1938 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53796

Real Networks RealPlayer Versions Prior to 15.0.0 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/50741

HP Database Archiving Software Remote Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/51205

Real Networks RealPlayer 'rvrender' RMFF Flags Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51883

Oracle Java SE Critical Patch Update June 2012 Advance Notification
http://www.securityfocus.com/bid/53864

Microsoft June 2012 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/53862

MyBB 'customfield' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/53860

IBM WebSphere Sensor Events Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/53859

FeedDemon 'Feed Preview' Arbitrary Script Injection Vulnerability
http://www.securityfocus.com/bid/53858

ScrumWorks Pro CVE-2012-2603 Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53857

WordPress FCChat Widget Plugin 'Upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53855

SyndeoCMS 'newsletter_email' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/53854

WordPress Font Uploader Plugin 'font-upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53853

WordPress MM Forms Community Plugin 'doajaxfileupload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53852

WordPress VideoWhisper Video Presentation Plugin 'vw_upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53851

WordPress Email Newsletter Plugin 'option' Parameter Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53850

WordPress Gallery Plugin Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53849

SN News 'visualiza.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/53846

:: IT Security Neophyte Investigator's MEMO ::

2012年6月8日金曜日

8日金曜日、仏滅

0 件のコメント:

コメントを投稿

2012年6月8日金曜日

8日 金曜日、仏滅

0 件のコメント:

コメントを投稿

8日金曜日、仏滅