2012年7月13日金曜日
13日 金曜日、仏滅
+ CESA-2012:1068 Important CentOS 6 openjpeg Update
http://lwn.net/Alerts/506546/
+ HPSBGN02787 SSRT100876 rev.1 - HP AssetManager, Remote Cross Site Scripting (XSS) and Unauthorized Data Modification
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03403333%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2021
+ HPSBMU02796 SSRT100594 rev.2 - HP Operations Agent for AIX, HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03397769%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2020
+ Buffer Overflow in DataDirect ODBC driver affects Hyperion Interactive Reporting, Hyperion Production Reporting Server, Hyperion Essbase Server, Hyperion Integration Services Server
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3133_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3133
+ libpng 1.5.12, 1.2.50 released
http://www.libpng.org/pub/png/src/libpng-1.5.12-README.txt
http://www.libpng.org/pub/png/src/libpng-1.2.50-README.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386
+ Linux kernel 3.2.23 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.23
Check Point response to "libcrypt 'crypt()' Password Encryption Weakness" (CVE-2012-2143)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk75640&src=securityAlerts
トレンドマイクロ オンラインストレージ SafeSync アップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1811
スマートスキャンパターンファイルにおける誤警告情報
http://www.trendmicro.co.jp/support/news.asp?id=1813
Oracle Critical Patch Update Pre-Release Announcement - July 2012
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
「暗号アルゴリズムの利用実績に関する調査」に対するご協力のお願い
http://www.ipa.go.jp/security/ipg/announce/20120712.html
アップル「App Store」に初のマルウェア (WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20120713/408901/?ST=security
[コラム]米国政府の脆弱性対策に関する取り組み~CVSS~
http://itpro.nikkeibp.co.jp/article/COLUMN/20120706/407648/?ST=security
特権IDを守って情報漏洩対策を強化しよう
http://itpro.nikkeibp.co.jp/article/COLUMN/20120710/408262/?ST=security
小・中・高校生のスマホ所有率は3割、女子高校生では半数以上
http://itpro.nikkeibp.co.jp/article/NEWS/20120712/408861/?ST=security
JVNVU#377915 SMC8024L2 に認証回避の脆弱性
http://jvn.jp/cert/JVNVU377915/index.html
[SECURITY] [DSA 2512-1] mono security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00085.html
[SECURITY] [DSA 2511-1] puppet security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00084.html
ZDI-12-125: Apple Quicktime QTPlugin SetLanguage Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00083.html
ZDI-12-124: EMC AutoStart ftAgent Opcode 50 Subcode 42 Parsing Remote Code Execution Vulnera
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00082.html
ZDI-12-123: EMC AutoStart ftAgent Opcode 50 Subcode 60 Parsing Remote Code Execution Vulnera
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00081.html
ZDI-12-122: EMC AutoStart ftAgent Opcode 65 Parsing Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00080.html
ZDI-12-121: EMC AutoStart ftAgent Opcode 85 Subcode 01 Parsing Remote Code Execution Vulnera
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00079.html
ZDI-12-120: EMC AutoStart ftAgent Opcode 85 Subcode 22 Parsing Remote Code Execution Vulner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00078.html
ZDI-12-119: EMC AutoStart ftAgent Opcode 0x41 Subcode 0x00 Parsing Remote Code Execution Vul
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00077.html
ZDI-12-118: EMC AutoStart ftAgent Opcode 0x03 Parsing Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00076.html
ZDI-12-117 : EMC AutoStart ftAgent Opcode 50 Parsing Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00075.html
ZDI-12-116 : EMC AutoStart ftAgent Opcode 50 Subcode 04 Parsing Remote Code Execution Vulner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00074.html
ZDI-12-115 : HP OpenView Performance Agent coda.exe Opcode 0x8C Remote Code Execution Vulner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00073.html
ZDI-12-114 : HP OpenView Performance Agent coda.exe Opcode 0x34 Remote Code Execution Vulner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00072.html
[ MDVSA-2012:105 ] pidgin
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00066.html
[ MDVSA-2012:104 ] openjpeg
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00065.html
[ MDVSA-2012:103 ] automake
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00064.html
Reserve Logic v1.2 Booking CMS - Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00071.html
PHP Jobsite v1.36 - Cross Site Scripting Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00070.html
Funeral Script PHP - Multiple Web Vulnerabilites
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00069.html
Phonalisa v5.0 VoiP - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00068.html
TP Link Gateway v3.12.4 - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00067.html
ESA-2012-023: RSA Authentication Manager Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00063.html
Yesterday (not as on the ball as Rob) at SANSFire
http://isc.sans.edu/diary.html?storyid=13684
Today at SANSFIRE - Dude Your Car is PWND !
http://isc.sans.edu/diary.html?storyid=13678
ISC Feature of the Week: Internet Storm Center Events
http://isc.sans.edu/diary.html?storyid=13681
Cisco TelePresence Immersive Endpoint Devices Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027245
Cisco TelePresence Recording Server Bugs Let Remote Users Execute Arbitrary Code and Deny Service
http://www.securitytracker.com/id/1027244
LOCAL: ZipItFast PRO v3.0 Heap Overflow Exploit
http://www.exploit-db.com/exploits/19776
DoS/PoC: WaveSurfer 1.8.8p4 <= Memory Corruption PoC
http://www.exploit-db.com/exploits/19772
DoS/PoC: IE9, SharePoint, Lync toStaticHTML HTML Sanitizing Bypass
http://www.exploit-db.com/exploits/19777
FileZilla Server version 0.9.41 beta Remote DOS (CPU exhaustion) POC
http://cxsecurity.com/issue/WLB-2012070077
Kajona 3.4.1 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012070076
TP Link Gateway 3.12.4 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012070075
Drupal Book Block 6.x-1.0-beta1 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012070074
PHP Jobsite 1.36 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012070073
Reserve Logic Booking CMS 1.2 XSS / Shell Upload / SQL Injection
http://cxsecurity.com/issue/WLB-2012070072
Funeral Script PHP Cross Site Scripting / SQL Injection
http://cxsecurity.com/issue/WLB-2012070071
Windows Kernel ReadLayoutFile Heap Overflow
http://cxsecurity.com/issue/WLB-2012070070
IE9 SharePoint Lync: toStaticHTML HTML Sanitizing Bypass
http://cxsecurity.com/issue/WLB-2012070069
GLPI Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/49887/
WordPress Global Content Blocks Plugin Multiple Vulnerabilities
http://secunia.com/advisories/49854/
Magento Zend Framework XML Entity References Information Disclosure Vulnerability
http://secunia.com/advisories/49866/
EMC Products Security Bypass Security Issue
http://secunia.com/advisories/49911/
Funeral Script PHP Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/49885/
Cisco TelePresence Immersive Endpoint Multiple Vulnerabilities
http://secunia.com/advisories/49879/
Cisco TelePresence Recording Server Two Vulnerabilities
http://secunia.com/advisories/49864/
Cisco TelePresence Recording Server Denial of Service Vulnerability
http://secunia.com/advisories/49880/
Cisco TelePresence Products Denial of Service and Code Execution Vulnerabilities
http://secunia.com/advisories/49915/
Phonalisa Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/49886/
Drupal Search Autocomplete Module Admin Page Security Bypass Weakness
http://secunia.com/advisories/49898/
Drupal Security Questions Module Security Bypass Vulnerability
http://secunia.com/advisories/49882/
Ubuntu update for nova
http://secunia.com/advisories/49902/
Drupal Colorbox Node Module "width" and "height" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/49891/
Quest Foglight Multiple Security Bypass Vulnerabilities
http://secunia.com/advisories/49908/
Eucalyptus VMware Broker and Walrus Authentication Bypass Vulnerabilities
http://secunia.com/advisories/49916/
Eucalyptus VMware Broker and Walrus Authentication Bypass Vulnerabilities
http://secunia.com/advisories/49912/
Drupal Restrict node page view Module Security Bypass Vulnerability
http://secunia.com/advisories/49892/
IP.Board Search Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49901/
Drupal Commons Module Node Comments Security Bypass Security Issue
http://secunia.com/advisories/49867/
Red Hat update for openjpeg
http://secunia.com/advisories/49913/
Ubuntu update for qt
http://secunia.com/advisories/49895/
OpenStack Compute (Nova) Scheduler Node Denial of Service Vulnerability
http://secunia.com/advisories/49816/
Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/49906/
Mono 'HttpForbiddenHandler.cs' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/54344
Puppet Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54399
HP Operations Agent Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54362
EMC AutoStart CVE-2012-0409 Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/53682
Apple QuickTime Prior To 7.7.2 QTMovie Objects Stack Overflow Vulnerability
http://www.securityfocus.com/bid/53577
Pidgin 'mxit_show_message()' Function Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54322
Xen 64-bit PV Guests Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53961
Qt 'gray-scale' Image File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49724
Qt SSL Certificate IP Address Wildcard Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/42833
Pango HarfBuzz Engine Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49723
Linux Kernel 'fs/eventpoll.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/54283
Linux Kernel epoll Subsystem 'eventpoll.c' Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/46630
Intel CPU Hardware Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53856
Zend Framework 'Zend_XmlRpc' Class Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54192
Hastymail 'rs' and 'rsargs[]' Parameters Remote Code Injection Vulnerabilities
http://www.securityfocus.com/bid/50791
OpenJPEG Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54373
OpenJPEG Gray16 TIFF Image File Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53012
WaveSurfer '.wav' File Denial of Service Vulnerability
http://www.securityfocus.com/bid/54419
GNU Automake Local Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/54418
RSA Authentication Manager Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54417
GLPI Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/54416
ZipItFast PRO '.zip' File Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54415
EMC Multiple Products Security Bypass Vulnerability
http://www.securityfocus.com/bid/54414
WordPress Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/54413
Drupal Restrict Node Page View Module Security Bypass Vulnerability
http://www.securityfocus.com/bid/54407
Drupal Colorbox Node Module Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/54406
Quest Foglight Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/54405
Eucalyptus Multiple Authentication Mechanism Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/54404
Phonalisa Multiple HTML-Injection Cross-Site Scripting and Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54401
Reserve Logic Booking CMS Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/54400
TP Link Gateway Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/54396
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿