2012年7月24日火曜日
24日 火曜日、大安
+ UPDATE: Buffer Overflow Vulnerabilities in the Cisco WebEx Player
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex
+ UPDATE: HPSBMU02796 SSRT100594 rev.3 - HP Operations Agent and HP Performance Agent for AIX, HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03397769%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ UPDATE: HPSBUX02789 SSRT100824 rev.3 - HP-UX CIFS Server (Samba), Remote Execution of Arbitrary Code, Elevation of Privileges
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03365218%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ Sun Update Manager Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/54640
+ PHP '_php_stream_scandir()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2688
ソフトウェア等の脆弱性関連情報に関する届出状況
[2012年第2四半期(4月~6月)]
http://www.ipa.go.jp/security/vuln/report/vuln2012q2.html
JVNDB-2012-002139 複数の Mozilla 製品におけるアドレスバーを偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002139.html
JVNDB-2012-002138 複数の Mozilla 製品の texImage2D の実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002138.html
JVNDB-2012-002137 複数の Mozilla 製品におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002137.html
JVNDB-2012-002135 複数の Mozilla 製品の docshell の実装におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002135.html
JVNDB-2012-002134 複数の Mozilla 製品の WebGLBuffer::FindMaxUshortElement 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002134.html
JVNDB-2012-002132 複数の Mozilla 製品におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002132.html
JVNDB-2012-002131 複数の Mozilla 製品におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002131.html
JVNDB-2012-002130 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002130.html
JVNDB-2012-002129 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (表明違反およびメモリ破損) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002129.html
JVNDB-2012-002128 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002128.html
JVNDB-2012-001972 Google Chrome の OpenType サニタイザにおける一つずれ (Off-by-one) エラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001972.html
JVNDB-2012-002592 ISC BIND にサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002592.html
JVNDB-2012-002400 OpenSSL における整数アンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002400.html
JVNDB-2012-002461 sudo におけるコマンドの制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002461.html
JVNDB-2012-001070 Perl 用の Digest モジュールにおける任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001070.html
JVNDB-2012-003244 日立の JP1/NETM/DM のパッケージセットアップマネージャにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003244.html
JVNDB-2012-003243 PHP の SQLite における open_basedir 保護機能を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003243.html
JVNDB-2012-003242 OSIsoft PI OPC DA Interface におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003242.html
JVNDB-2012-003241 IBM Lotus Protector for Mail Security および Proventia Network Mail Security System におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003241.html
JVNDB-2012-003240 PHP の stream の実装における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003240.html
JVNDB-2011-005101 Moodle における電子メールアドレスを見つけられる脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005101.html
JVNDB-2011-005100 Moodle のコマンドラインクローンの実装における IP アドレスの制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005100.html
JVNDB-2011-005099 Moodle の lib/datalib.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005099.html
JVNDB-2011-005098 Moodle の Web サービスの実装におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005098.html
JVNDB-2011-005097 Moodle の backup/moodle2/restore_stepslib.php における ID 番号を上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005097.html
[ MDVSA-2012:108 ] php
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00126.html
file clobbering vulnerability in Solaris update manager & local root with SUNWbindr install.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00133.html
[SECURITY] [DSA 2508-1] kfreebsd-8 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00132.html
Wordpress (chenpress Plugin) Arbitrary File Upload Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00131.html
Free Web App Security Challenges - Hackademics Project
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00130.html
CodeIgniter <= 2.1.1 xss_clean() Cross Site Scripting filter bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00129.html
NESSUS ANDROID APP - stores login info in plain text
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00128.html
POC2012 Call for Paper
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00127.html
Most Anti-Privacy Web Browsing Tool Ever?
http://isc.sans.edu/diary.html?storyid=13762
Cisco Linksys PlayerPT ActiveX Control 'SetSource()' Buffer Overflow Vulnerability
http://www.securiteam.com/securitynews/5IP3K0U7QW.html
Symantec Backup Exec System Recovery and Symantec System Recovery DLL Loading Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027290
Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords
http://www.securitytracker.com/id/1027289
VU#309979 Caucho's Quercus on Resin contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/309979
REMOTE: Simple Web Server Connection Header Buffer Overflow
http://www.exploit-db.com/exploits/20028
LOCAL: Photodex ProShow Producer v5.0.3256 Local Buffer Overflow Exploit
http://www.exploit-db.com/exploits/20036
LOCAL: MyMp3 Player Stack .m3u DEP Bypass Exploit
http://www.exploit-db.com/exploits/20053
Ipswitch WhatsUp Gold 15.02 Stored XSS - Blind SQLi - RCE
http://cxsecurity.com/issue/WLB-2012070159
MySQL Squid Access Report 2.1.4 / HTML Injection
http://cxsecurity.com/issue/WLB-2012070158
Shahumyanmedia CMS_2010_Auth_ByPass
http://cxsecurity.com/issue/WLB-2012070157
WordPress Get Off Malicious Scripts Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50030/
Symantec Web Gateway Multiple Vulnerabilities
http://secunia.com/advisories/50031/
Nwahy Articles Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/50011/
IBM InfoSphere Identity Insight IEHS Privilege Escalation Vulnerability
http://secunia.com/advisories/50036/
Debian update for kfreebsd-8
http://secunia.com/advisories/49985/
eCryptfs Filesystem Mounting Privilege Escalation Vulnerability
http://secunia.com/advisories/49989/
SUSE update for MozillaFirefox
http://secunia.com/advisories/50034/
Symantec Two Products Insecure Library Loading Vulnerability
http://secunia.com/advisories/50033/
X-Cart Gold "symb" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50006/
TeamViewer Unspecified Vulnerability
http://secunia.com/advisories/50015/
SUSE update for gdk-pixbuf
http://secunia.com/advisories/49983/
Symantec Web Gateway CVE-2012-2961 SQL Injection Vulnerability
http://www.securityfocus.com/bid/54425
Symantec Web Gateway CVE-2012-2574 SQL Injection Vulnerability
http://www.securityfocus.com/bid/54424
myMP3-Player '.m3u' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38835
PMSoftware Simple Web Server Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54605
Linux Kernel 'mmap()' Failure Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53668
libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729
libexif Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/54437
ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53772
EGallery 'egallery/uploadify.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/54464
ISC BIND CVE-2012-1033 Security Bypass Vulnerability
http://www.securityfocus.com/bid/51898
Photodex ProShow Producer 'load' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54264
Google Chrome Prior to 20.0.1132.43 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54203
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-1961 Clickjacking Vulnerability
http://www.securityfocus.com/bid/54584
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1955 Location Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/54586
PHP CVE-2012-3365 'open_basedir' Security-Bypass Vulnerability
http://www.securityfocus.com/bid/54612
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1957 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54583
Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability
http://www.securityfocus.com/bid/54585
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-1964 Clickjacking Vulnerability
http://www.securityfocus.com/bid/54581
Mozilla Firefox/Thunderbird/Seamonkey MFSA 2012-42 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/54580
Mozilla Firefox CVE-2012-1965 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54579
Mozilla Firefox, SeaMonkey, and Thunderbird Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/54578
Mozilla Firefox, SeaMonkey, and Thunderbird Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54582
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1962 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/54575
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1967 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/54573
Mozilla Firefox CVE-2012-1966 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54577
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1959 Security Bypass Vulnerability
http://www.securityfocus.com/bid/54576
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1958 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/54574
Intel CPU Hardware Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53856
RETIRED: Oracle July 2012 Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/54423
JBoss Enterprise Application Platform CVE-2011-4605 Security Bypass Vulnerability
http://www.securityfocus.com/bid/54644
Nessus App for Android Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54642
@mail 'dbconfig.ini' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54641
Sun Update Manager Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/54640
PHP '_php_stream_scandir()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54638
WordPress Get Off Malicious Scripts Plugin Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54636
eCryptfs CVE-2012-3409 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/54634
TeamViewer Unspecified Security Vulnerability
http://www.securityfocus.com/bid/54632
httpdx Wildcards Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54629
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿