2012年7月2日月曜日
2日 月曜日、大安
+ Squid 3.2.0.18 released
http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html
+ The GNU C Library version 2.16 is now available.
http://sourceware.org/ml/libc-alpha/2012-06/msg00807.html
ジャングル、MITB攻撃に対応した統合セキュリティソフト新版
http://itpro.nikkeibp.co.jp/article/NEWS/20120702/406662/?ST=security
ファーストサーバ事件で情報漏洩の2次被害、2300社に影響か
http://itpro.nikkeibp.co.jp/article/NEWS/20120629/406461/?ST=security
省庁横断のサイバー攻撃対策機動チーム「CYMAT」が発足
http://itpro.nikkeibp.co.jp/article/NEWS/20120629/406366/?ST=security
JVNVU#971035 Simple Certificate Enrollment Protocol (SCEP) の実装に問題
http://jvn.jp/cert/JVNVU971035/
JVNDB-2012-002054 Wireshark の mp2t_process_fragmented_payload 関数 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002054.html
JVNDB-2012-002053 Wireshark の wiretap/pcap-common.c 内の pcap_process_pseudo_header 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002053.html
JVNDB-2012-002052 Wireshark の IEEE 802.11 解析機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002052.html
JVNDB-2012-002051 Wireshark の ANSI A 解析機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002051.html
JVNDB-2012-002607 LibTIFF の tiff_getimage.c における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002607.html
JVNDB-2012-002921 Drupal 用 Organic Groups モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002921.html
JVNDB-2012-002920 Drupal 用 Maestro モジュールにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002920.html
JVNDB-2012-002919 Drupal 用 Janrain Capture モジュールにおけるパスワードの推測が容易になる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002919.html
JVNDB-2012-002918 Drupal 用 Ubercart AJAX Cart における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002918.html
JVNDB-2012-002917 Drupal 用 Protected Node モジュールにおけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002917.html
JVNDB-2012-002916 Drupal 用 SimpleMeta モジュールにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002916.html
JVNDB-2012-002915 Drupal 用 Node Hierarchy モジュールにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002915.html
JVNDB-2012-002914 Drupal 用の Janrain Capture モジュールにおけるオープンリダイレクトの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002914.html
JVNDB-2012-002913 Drupal 用の Protest モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002913.html
JVNDB-2012-002912 Drupal 用の Authoring HTML モジュールにおけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002912.html
JVNDB-2012-002911 Drupal 用の Maestro モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002911.html
JVNDB-2012-002910 Drupal 用の Node Embed モジュールにおけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002910.html
JVNDB-2012-002909 Drupal 用の Organic Groups モジュールにおけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002909.html
JVNDB-2012-002908 Drupal 用の Token Authentication モジュールにおける設定以上の権限を持つリクエストを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002908.html
GIMP FIT File Format DoS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00191.html
Irfanview Plugins JLS Decompression
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00190.html
Vulnerabilities in Winlog 2.07.16
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00189.html
REWTERZ-20120629 - TEMENOS T24 Cross-Site Scripting (XSS) Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00188.html
ZDI-12-113 : IBM Rational ClearQuest CQOle ActiveX Control Remote Code Execution Vulnerabili
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00187.html
ZDI-12-112 : SAP Netweaver ABAP msg_server.exe Parameter Name Remote Code Execution Vulnerab
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00186.html
ZDI-12-111 : SAP Netweaver ABAP msg_server.exe Opcode 0x43 Remote Code Execution Vulnerabili
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00185.html
ZDI-12-110 : Mozilla Firefox AttributeChildRemoved Use-After-Free Remote Code Execut
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00184.html
ZDI-12-108 : Apple Quicktime TeXML sampleData Element Parsing Remote Code Execution Vulnerab
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00182.html
ZDI-12-109 : Apple Quicktime TeXML Karaoke Element Parsing Remote Code Execution Vulnerabili
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00183.html
ZDI-12-107 : Apple Quicktime TeXML Style Element Parsing Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00181.html
[SECURITY] [DSA 2504-1] libspring-2.5-java security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00180.html
[SECURITY] [DSA 2503-1] bcfg2 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00179.html
ZDI-12-106 : Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00178.html
[security bulletin] HPSBPI02794 SSRT100542 rev.1 - Certain HP Photosmart Printers, Remote Denial
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00177.html
HP Photosmart Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027213
DShield for Splunk
http://isc.sans.edu/index.html
LIOOSYS CMS "id" SQL Injection Vulnerability
http://secunia.com/advisories/49677/
IP.Board swfupload Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49761/
swfupload "movieName" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49651/
SpecView Web Server Request Processing Directory Traversal Vulnerability
http://secunia.com/advisories/49753/
GoAnywhere Director / Services Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/49608/
SugarCRM "unserialize()" PHP Code Execution Vulnerability
http://secunia.com/advisories/49689/
IBM Support Assistant Multiple Vulnerabilities
http://secunia.com/advisories/49755/
Ubuntu update for accountsservice
http://secunia.com/advisories/49759/
GE Intelligent Platforms Multiple Products KeyHelp ActiveX Control Two Vulnerabilities
http://secunia.com/advisories/49728/
accountsservice "user_change_icon_file_authorized_cb()" File Disclosure Vulnerability
http://secunia.com/advisories/49695/
Avaya IP Office Customer Call Reporter Arbitrary File Upload Security Issue
http://secunia.com/advisories/49762/
Debian update for libspring-2.5-java
http://secunia.com/advisories/49684/
Debian update for bcfg2
http://secunia.com/advisories/49690/
Ubuntu update for python-crypto
http://secunia.com/advisories/49760/
IBM Lotus Expeditor Information Disclosure and Code Execution
http://www.vupen.com/english/ADV-2012-0303.php
AOL Products dnUpdater ActiveX Pointer Remote Code Execution
http://www.vupen.com/english/ADV-2012-0302.php
Winamp Media File Processing Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/ADV-2012-0301.php
Cisco ASA and ASASM Packet Processing Remote Denial of Service
http://www.vupen.com/english/ADV-2012-0300.php
Cisco Application Control Engine Administrator IP Address Overlap
http://www.vupen.com/english/ADV-2012-0299.php
Cisco AnyConnect Secure Mobility Client Multiple Vulnerabilities
http://www.vupen.com/english/ADV-2012-0298.php
IBM Lotus Notes "notes:" URI Remote Code Execution Vulnerability
http://www.vupen.com/english/ADV-2012-0297.php
Asterisk Products Skinny Channel Driver Remote Denial of Service
http://www.vupen.com/english/ADV-2012-0296.php
IBM Security Appscan Source for Analysis Multiple Vulnerabilities
http://www.vupen.com/english/ADV-2012-0295.php
VMware Products Code Execution and Denial of Service Vulnerabilities
http://www.vupen.com/english/ADV-2012-0294.php
Opera Browser Multiple Spoofing and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/ADV-2012-0293.php
FreeBSD 64-Bit Mode CPU Sysret Local Privilege Escalation Vulnerability
http://www.vupen.com/english/ADV-2012-0292.php
TCP/IP Invisible Userland Unix Backdoor with Reverse Shell
http://cxsecurity.com/issue/WLB-2012070004
IBM developerWorks ncp 2.1 Remote Information Disclosure
http://cxsecurity.com/issue/WLB-2012070003
IBM Edge Components Caching Proxy XSS Followup
http://cxsecurity.com/issue/WLB-2012070002
Sun iPlanet Error Page Link Injection
http://cxsecurity.com/issue/WLB-2012070001
Oracle AutoVue ActiveX SetMarkupMode Remote Code Execution
http://cxsecurity.com/issue/WLB-2012060356
SpecView 2.5 Build 853 Directory Traversal
http://cxsecurity.com/issue/WLB-2012060355
Zoom Player 4.51 Denial Of Service
http://cxsecurity.com/issue/WLB-2012060354
PC Tools Firewall Plus 7.0.0.123 Denial Of Service
http://cxsecurity.com/issue/WLB-2012060353
PHP Money Books 1.03 Stored Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060352
Lefigaro.fr Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060351
GIMP 2.8.0 FIT File Format DoS
http://cxsecurity.com/issue/WLB-2012060350
Irfanview Plugins JLS Decompression
http://cxsecurity.com/issue/WLB-2012060349
B2CPrint Remote File Uploader Vulnerability
http://cxsecurity.com/issue/WLB-2012060348
hi-media Remote Sql Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012060347
TEMENOS T24 7 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060346
SAP Netweaver ABAP Remote Code Execution Vulnerability
http://cxsecurity.com/issue/WLB-2012060345
Avaya IP Office Customer Remote Code Execution Vulnerability
http://cxsecurity.com/issue/WLB-2012060344
Apple Quicktime TeXML Style Element Parsing Remote Code Execution Vulnerability
http://cxsecurity.com/issue/WLB-2012060343
Lidosys CMS SQL Injection / Information Disclosure
http://cxsecurity.com/issue/WLB-2012060342
JAKCMS 2.2.6 Shell Upload
http://cxsecurity.com/issue/WLB-2012060341
As ad Mansour SQL Injection
http://cxsecurity.com/issue/WLB-2012060340
Dharmatechnet SQL Injection
http://cxsecurity.com/issue/WLB-2012060339
Frog Web Works SQL Injection
http://cxsecurity.com/issue/WLB-2012060338
Access Bank Plc SQL Injection
http://cxsecurity.com/issue/WLB-2012060337
Geosoft Technologies SQL Injection
http://cxsecurity.com/issue/WLB-2012060336
RADIANT INFOTECH SQL Injection
http://cxsecurity.com/issue/WLB-2012060335
REMOTE: HP Data Protector Create New Folder Buffer Overflow
http://www.exploit-db.com/exploits/19484
REMOTE: BSD telnetd Remote Root Exploit
http://www.exploit-db.com/exploits/19520
LOCAL: Emesene 2.12.5 Password Disclosure
http://www.exploit-db.com/exploits/19517
LOCAL: Irfanview JPEG2000 <= v4.3.2.0 jp2 Stack Buffer Overflow
http://www.exploit-db.com/exploits/19519
DoS/PoC: GIMP 2.8.0 FIT File Format DoS
http://www.exploit-db.com/exploits/19482
DoS/PoC: IrfanView JLS Formats PlugIn Heap Overflow
http://www.exploit-db.com/exploits/19483
DoS/PoC: PC Tools Firewall Plus 7.0.0.123 Local DoS
http://www.exploit-db.com/exploits/19453
DoS/PoC: PowerNet Twin Client <= 8.9 (RFSync 1.0.0.1) Crash PoC
http://www.exploit-db.com/exploits/19456
Zend Framework 'Zend_XmlRpc' Class Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54192
Linux Kernel HFS Plus Filesystem Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53401
Linux Kernel dl2k Network Driver IOCTL Handling Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53965
HP Data Protector Express Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/52431
Linux Kernel NFS Client 'decode_getacl()' Incomplete Fix Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53615
SWFUpload 'movieName' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54245
Mozilla Firefox/Thunderbird/SeaMonkey '.lnk' Files Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53799
tftp-hpa FTP Server 'utimeout' Option Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48411
Apache Tomcat XML Parser Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35416
IBM Lotus Expeditor DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/54165
Eclipse IDE (CVE-2008-7271) Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45921
Eclipse IDE Help Component Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/44883
IBM Lotus Expeditor 'Eclipse Help' Component Directory Traversal Vulnerability
http://www.securityfocus.com/bid/54164
IBM Lotus Expeditor Request Header Spoofing Security Bypass Vulnerability
http://www.securityfocus.com/bid/54163
dtach Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54209
IBM Rational ClearQuest 'cqole.dll' ActiveX Control Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53170
IBM WebSphere Sensor Events Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/53859
PowerNet Twin Client Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54248
phpMoneyBooks 'index.php' Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/54247
GIMP 'fit' File Format Denial of Service Vulnerability
http://www.securityfocus.com/bid/54246
IrfanView Formats PlugIn 'jpeg_ls.dll' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54244
SpecView Web Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/54243
LIOOSYS CMS SQL Injection and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/54239
JAKCMS PRO 'uploader.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/54238
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿