:: IT Security Neophyte Investigator's MEMO ::: 17日火曜日、友引

2012年7月17日火曜日

17日火曜日、友引

+ RHSA-2012:1081 Moderate: sudo security update
http://rhn.redhat.com/errata/RHSA-2012-1081.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2337

+ CESA-2012:1081 Moderate CentOS 6 sudo Update
http://lwn.net/Alerts/506953/

+ CESA-2012:1081 Moderate CentOS 5 sudo Update
http://lwn.net/Alerts/506954/

+ UPDATE: Buffer Overflow Vulnerabilities in the Cisco WebEx Player
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120627-webex

+ UPDATE: Directory Traversal Vulnerability in Cisco Network Admission Control Manager
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111005-nac

+ UPDATE: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport

+ UPDATE: Multiple Vulnerabilities in Cisco Firewall Services Module
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111005-fwsm

+ UPDATE: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111005-asa

+ HPSBMU02797 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.1x Running JDK for HP-UX
Linux
Solaris
and Windows
Remote Unauthorized Information Disclosure
Modification
Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03358587%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0866
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0508

+ HPSBMU02799 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.0x Running JDK for HP-UX
Linux
Solaris
and Windows
Remote Unauthorized Information Disclosure
Modification
Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03405642%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3866
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3873
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3874
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3875
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0866
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0508

+ Linux kernel 3.4.5, 3.0.37 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.37
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2669

Endpoint Connect (EPC) DLL hijacking vulnerability
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk76480&src=securityAlerts

定期サーバメンテナンスのお知らせ　（2012年7月18日）
http://www.trendmicro.co.jp/support/news.asp?id=1815

トレンドマイクロ：個人のお客様向け製品の登録システム改修のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1814

定期サーバメンテナンスのお知らせ（2012年7月20日）
http://www.trendmicro.co.jp/support/news.asp?id=1816

Advisory: Sophos Endpoint v 9.5 and 9.7: automatic upgrade to v 10, reboot required
http://www.sophos.com/en-us/support/knowledgebase/117480.aspx

HS12-020: JP1/NETM/DMにおける権限昇格の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-020/index.html

0A29-12-2 :Metasploit pcap_log plugin privilege escalation vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00104.html

CakePHP 2.x-2.2.0-RC2 XXE Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00101.html

WordPress Plugin Count Per Day 3.1.1 Multiple Cross-site scripting vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00100.html

MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00099.html

Blackboard Mobile Learn v3.0 - Persistent Web Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00098.html

PBBoard v2.1.4 CMS - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00097.html

SMF Board v2.0.2 - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00096.html

VamCart v0.9 CMS - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00095.html

Event Calendar PHP 1.2 - Multiple Web Vulnerabilites
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00094.html

Google Chrome 19 metro_driver.dll mishandling
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00093.html

[slackware-security] pidgin (SSA:2012-195-02)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00091.html

[slackware-security] php (SSA:2012-195-01)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00092.html

[security bulletin] HPSBMU02796 SSRT100594 rev.2 - HP Operations Agent for AIX, HP-UX, Linux
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00090.html

[ MDVSA-2012:107 ] exif
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00089.html

[ MDVSA-2012:106 ] libexif
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00088.html

[SECURITY] [DSA 2510-1] extplorer security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00087.html

[security bulletin] HPSBGN02787 SSRT100876 rev.1 - HP AssetManager, Remote Cross Site Scripting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00103.html

libexif project security advisory July 12, 2012
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00102.html

総務省がスマホプライバシー基準を公開
端末IDに個人情報並みの扱い求める
http://itpro.nikkeibp.co.jp/article/COLUMN/20120713/409032/?ST=security

カルピスが10万件弱の個人情報流出を公表、外部委託先担当者のパソコン経由
http://itpro.nikkeibp.co.jp/article/NEWS/20120713/409244/?ST=security

シマンテック、高校生を対象に「プログラムの脆弱性発見」を競うコンテストを開催
http://itpro.nikkeibp.co.jp/article/NEWS/20120713/409161/?ST=security

WikiLeaks、口座凍結を巡りアイスランドで勝訴
http://itpro.nikkeibp.co.jp/article/NEWS/20120713/409028/?ST=security

Yahoo!、不正アクセスで45万人以上のユーザー情報流出
http://itpro.nikkeibp.co.jp/article/NEWS/20120713/408941/?ST=security

JVN#46088915 Yahoo!ブラウザーにおける WebView クラスに関する脆弱性
http://jvn.jp/jp/JVN46088915/index.html

JVNTA12-192A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA12-192A/index.html

JVNDB-2012-003044 Microsoft Windows のシェルにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003044.html

JVNDB-2012-003038 Microsoft Internet Explorer 9 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003038.html

JVNDB-2012-003039 Microsoft Internet Explorer 9 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003039.html

JVNDB-2012-003041 複数の Microsoft 製品の VBE6.dll における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003041.html

JVNDB-2012-003046 Microsoft SharePoint 製品および Microsoft Office Web Apps におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003046.html

JVNDB-2012-003047 Microsoft SharePoint 製品および Microsoft Office Web Apps における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003047.html

JVNDB-2012-003048 Microsoft SharePoint 製品および Microsoft Office Web Apps におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003048.html

JVNDB-2012-003049 Microsoft Office SharePoint Server 2007 におけるオープンリダイレクトの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003049.html

JVNDB-2012-003050 複数の Microsoft SharePoint 製品におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003050.html

JVNDB-2012-003045 Microsoft Windows の TLS プロトコルの CBC モードにおける平文データを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003045.html

JVNDB-2012-003042 Microsoft Windows のカーネルモードドライバ内の win32k.sys における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003042.html

JVNDB-2012-003040 MDAC および WDAC におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003040.html

JVNDB-2012-003043 Microsoft Windows のカーネルモードドライバ内の win32k.sys における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003043.html

JVNDB-2012-003051 Microsoft Office for Mac 2011 における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003051.html

JVNDB-2012-003061 Cisco TelePresence Recording Server における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003061.html

JVNDB-2012-003060 Cisco TelePresence Immersive エンドポイントデバイスにおける任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003060.html

JVNDB-2012-003059 Cisco TelePresence Immersive エンドポイントデバイスの API における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003059.html

JVNDB-2012-003058 Cisco TelePresence 製品におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003058.html

JVNDB-2012-003057 Cisco TelePresence 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003057.html

JVNDB-2012-000070 Yahoo!ブラウザーにおける WebView クラスに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000070.html

Oracle July 2012 Critical Patch Pre-Release Announcement
http://isc.sans.edu/diary.html?storyid=13708

User Awareness and Education
http://isc.sans.edu/diary.html?storyid=13702

Yesterday (not as on the ball as Rob) at SANSFire
http://isc.sans.edu/diary.html?storyid=13684

2 for 1: SANSFIRE & MSRA presentations
http://isc.sans.edu/diary.html?storyid=13693

VMWare Security Advisory 12 JUL 2012
http://isc.sans.edu/diary.html?storyid=13696

Yahoo service SQL injection vuln leads to account exposure
http://isc.sans.edu/diary.html?storyid=13699

Blackboard Mobile Learn Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027251

Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027249

RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame Scripting and URL Redirection Attacks
http://www.securitytracker.com/id/1027247

HP AssetManager Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027246

VU#977312 Johnson Controls CK721-A and P2000 remote command execution
http://www.kb.cert.org/vuls/id/977312

Crappy Telnet Ftp Server Memory Corruption PoC
http://cxsecurity.com/issue/WLB-2012070108

Mc Full Audio Converter 1.3.0 Denial Of Service
http://cxsecurity.com/issue/WLB-2012070107

ALLMediaServer 0.8 Buffer Overflow Vuln
http://cxsecurity.com/issue/WLB-2012070106

beSTORM 3.5.6 Heap Overflow Vulns
http://cxsecurity.com/issue/WLB-2012070105

Elite Bulletin Board 2.1.19 SQL Injection
http://cxsecurity.com/issue/WLB-2012070104

Event Calendar PHP 1.2 Cross Site Scripting SQL Injection
http://cxsecurity.com/issue/WLB-2012070103

Kool Media Converter 2.7.0 Denial Of Service
http://cxsecurity.com/issue/WLB-2012070102

PBBoard CMS 2.1.4 CSRF Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012070101

Blackboard Mobile Learn 3.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012070100

Lepton CMS 1.2.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012070099

VamCart CMS 0.9 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012070098

Netcat 1.11 Crash POC
http://cxsecurity.com/issue/WLB-2012070097

Siemens Simatic S7 1200 CPU command module
http://cxsecurity.com/issue/WLB-2012070096

Siemens Simatic S7 300 Remote Memory Viewer Backdoor
http://cxsecurity.com/issue/WLB-2012070095

Siemens Simatic S7 300/400 CPU command module
http://cxsecurity.com/issue/WLB-2012070094

Shopware 3.5 SQL Injection
http://cxsecurity.com/issue/WLB-2012070093

House Style 0.1.2 File Disclosure Vulnerability
http://cxsecurity.com/issue/WLB-2012070092

eCan 0.1 File Disclosure Vulnerability
http://cxsecurity.com/issue/WLB-2012070091

Gustavo Antunez SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012070090

Lc Flickr Carousel 1.0 File Disclosure
http://cxsecurity.com/issue/WLB-2012070089

Ajax Data Uploader Shell Upload
http://cxsecurity.com/issue/WLB-2012070088

WebPageTest 2.6 Shell Upload / File Disclosure / File Deletion
http://cxsecurity.com/issue/WLB-2012070087

WordPress Resume Submissions / Job Postings 2.5.1 Shell Upload
http://cxsecurity.com/issue/WLB-2012070086

Joomla KSAdvertiser Shell Upload
http://cxsecurity.com/issue/WLB-2012070085

ZipItFast PRO v3.0 Heap-Overflow
http://cxsecurity.com/issue/WLB-2012070084

Hastymail 2.1.1 RC1 Command Injection
http://cxsecurity.com/issue/WLB-2012070083

WaveSurfer 1.8.8p4 <= Memory Corruption Exploit / PoC
http://cxsecurity.com/issue/WLB-2012070082

eCan v0.1 => Local File Disclosure Vulnerability
http://cxsecurity.com/issue/WLB-2012070081

Phonalisa 5.0 VoiP Code Execution / Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012070080

Instagram Friendship Authorization Logic
http://cxsecurity.com/issue/WLB-2012070079

EMC Celerra/VNX/VNXe Improper Access Control
http://cxsecurity.com/issue/WLB-2012070078

REMOTE: ALLMediaServer 0.8 Buffer Overflow
http://www.exploit-db.com/exploits/19857

REMOTE: Siemens Simatic S7-300/400 CPU START/STOP Module
http://www.exploit-db.com/exploits/19831

REMOTE: Siemens Simatic S7-300 PLC Remote Memory Viewer
http://www.exploit-db.com/exploits/19832

REMOET: Siemens Simatic S7-1200 CPU START/STOP Module
http://www.exploit-db.com/exploits/19833

DoS/PoC: beSTORM 3.5.6 ActiveX (WinGraphviz.dll) Remote Heap Overflow
http://www.exploit-db.com/exploits/19861

DoS/PoC: DomsHttpd <= 1.0 Remote Denial Of Service Exploit
http://www.exploit-db.com/exploits/19866

WebPagetest Multiple Vulnerabilities
http://secunia.com/advisories/49899/

EmbryoCore Directory Traversal Vulnerability
http://secunia.com/advisories/49946/

IBM WebSphere Products Eclipse Help System Vulnerabilities
http://secunia.com/advisories/49959/

Rama Zeiten CMS Arbitrary File Disclosure Vulnerability
http://secunia.com/advisories/49940/

web@all "name" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49922/

Website Baker "lang" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49944/

WaveSurfer WAV Processing Buffer Overflow Vulnerabilities
http://secunia.com/advisories/49926/

Snack Sound Toolkit "GetWavHeader()" Buffer Overflow Vulnerabilities
http://secunia.com/advisories/49889/

EGallery uploadify.php Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49941/

WordPress Resume Submissions & Job Postings Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49896/

WordPress Post Recommendations Plugin "abspath" File Inclusion Vulnerability
http://secunia.com/advisories/49945/

Event Calendar PHP Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/49939/

Joomla! OS Property Component File Upload Vulnerability
http://secunia.com/advisories/49888/

ALLMediaServer Request Handling Buffer Overflow Vulnerability
http://secunia.com/advisories/49931/

Niagara Framework Directory Traversal Vulnerability
http://secunia.com/advisories/49903/

IBM AIX BIND DNS Resource Records Handling Vulnerability
http://secunia.com/advisories/49917/

KDE Kontact / KMail "HTMLQuoteColorer::process()" Security Bypass
http://secunia.com/advisories/49851/

DotNetNuke Multiple Vulnerabilities
http://secunia.com/advisories/49059/

DokuWiki "ns" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49196/

RSA Authentication Manager Weakness and Multiple Vulnerabilities
http://secunia.com/advisories/49927/

WordPress Paid Memberships Pro Plugin Membership Information Disclosure Vulnerability
http://secunia.com/advisories/49630/

Debian update for mono
http://secunia.com/advisories/49870/

Debian update for puppet
http://secunia.com/advisories/49871/

libexif Multiple Vulnerabilities
http://secunia.com/advisories/49857/

Hitachi JP1 Products Unspecified Privilege Escalation Vulnerability
http://secunia.com/advisories/49907/

HP AssetManager Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/49925/

Debian update for extplorer
http://secunia.com/advisories/49869/

VMware ESXi libxml2 Multiple Vulnerabilities
http://secunia.com/advisories/49858/

VMware ESXi libxml2 Multiple Vulnerabilities
http://secunia.com/advisories/49930/

Ubuntu update for openjdk
http://secunia.com/advisories/49909/

Ubuntu update for puppet
http://secunia.com/advisories/49921/

Google Chrome Prior to 20.0.1132.43 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54203

MGB Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/54348

WordPress Count Per Day Plugin Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/54258

Niagara Framework Directory Traversal Vulnerability
http://www.securityfocus.com/bid/54454

Todd Miller Sudo Host_List Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53569

Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014

Oracle Java SE CVE-2012-0499 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52016

Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018

Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017

Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012

Johnson Controls Multiple Products Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/54469

IBM Eclipse Help System Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53884

Snack Sound Toolkit 'GetWavHeader()' Function Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54419

Pidgin 'mxit_show_message()' Function Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54322

ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53772

DomsHttpd Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54478

Vivotek Network Cameras Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54476

ALLMediaServer Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54475

CakePHP XML External Entity Injection Vulnerability
http://www.securityfocus.com/bid/54474

MetaSploit Framework 'pcap_log' Plugin Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/54472

PBBoard 'answer' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/54471

EmbryoCore CMS 'loadcss.php' Multiple Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/54470

Rama Zeiten CMS 'download.php' Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/54467

web@all 'name' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54466

EGallery 'egallery/uploadify.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/54464

WebsiteBaker 'lang' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54463

Telnet FTP Server 'PASV' Command Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/54462

WordPress Post Recommendations Plugin 'abspath' Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/54459

Beyond Security beSTORM 'WinGraphviz.dll' ActiveX Control Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54458

Simple Machines Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/54456

Event Calender PHP Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/54455

VAMCart CMS 0.9 Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/54461

Elite Bulletin Board Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/54452

Shopware SQL Injection Vulnerability
http://www.securityfocus.com/bid/54473

Kool Media Converter '.ogg' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54465

Multiple KDE Products Security Bypass Vulnerability
http://www.securityfocus.com/bid/54448

WordPress Resume Submissions & Job Postings Unrestricted File Upload Vulnerability
http://www.securityfocus.com/bid/54441

ZipItFree '.zip' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48629

libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51084

libxml2 Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52107

Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49658

Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49279

Google Chrome Prior to 16.0.912.75 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51300

libxml2 'XPATH' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44779

Apple Safari 'libxml' (CVE-2011-0216) Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/48832

libxml2 'XPATH' Expressions Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45617

libxml2 Invalid XPath Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/48056

Oracle Java SE CVE-2012-1713 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53946

Oracle Java SE CVE-2012-1716 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53947

Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952

Oracle Java SE CVE-2012-1719 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53950

Oracle Java SE CVE-2012-1723 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53960

Oracle Java SE CVE-2012-1711 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53949

Oracle Java SE CVE-2012-1725 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53954

Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951

Oracle Java SE CVE-2012-1724 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53958

Blackboard Mobile Learn HTML Injection Vulnerability
http://www.securityfocus.com/bid/54468

Joomla! KSAdvertiser Component Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/54447

Joomla! OS Property Component Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/54446

DotNetNuke Cross Site Scripting and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/54444

WordPress Paid Memberships Pro Plugin 'memberslist-csv.php' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54443

WebPagetest Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/54442

WordPress Generic Plugin Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/54440

DokuWiki 'ns' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54439

libexif Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/54437

Hitachi JP1 Multiple Products Unspecified Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/54435

Chyrp SQL Injection and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/54421

:: IT Security Neophyte Investigator's MEMO ::

2012年7月17日火曜日

17日火曜日、友引

0 件のコメント:

コメントを投稿

2012年7月17日火曜日

17日 火曜日、友引

0 件のコメント:

コメントを投稿

17日火曜日、友引