:: IT Security Neophyte Investigator's MEMO ::: 3日火曜日、赤口

2012年7月3日火曜日

3日火曜日、赤口

+ HPSBMU02783 SSRT100806 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03343724%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2018

+ HPSBMU02781 SSRT100617 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running PostgreSQL, Remote Execution of Arbitrary Code, Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03333585%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4034
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4015

+ HPSBUX02795 SSRT100878 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03388901%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667

+ GCC 4.5.4 released
http://gcc.gnu.org/gcc-4.5/changes.html

+ Samba 3.5.16 Available for Download
http://www.samba.org/samba/history/samba-3.5.16.html

［事例2］不正アクセスに遭い顧客情報流出の恐れ
マンダリンエレクトロンの被害事例
http://itpro.nikkeibp.co.jp/article/COLUMN/20120617/403224/

ジャングル、MITB攻撃に対応した統合セキュリティソフト新版
http://itpro.nikkeibp.co.jp/article/NEWS/20120702/406662/

NGS00162 Patch Notification: Symantec Message Filter Session Hijacking via session fixation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00012.html

NGS00195 Patch Notification: Nagios XI Network Monitor Stored and Reflected XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00011.html

NGS00194 Patch Notification: Nagios XI Network Monitor Blind SQL Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00010.html

NGS00196 Patch Notification: Nagios XI Network Monitor OS Command Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00009.html

[security bulletin] HPSBMU02783 SSRT100806 rev.1 - HP Network Node Manager i (NNMi) for HP-U
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00008.html

[security bulletin] HPSBMU02781 SSRT100617 rev.1 - HP Network Node Manager i (NNMi) for HP-U
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00007.html

[ MDVSA-2012:096-1 ] python
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00006.html

Bookmark4U lostpasswd.php env[include_prefix] Parameter RFI
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00005.html

IBM developerWorks ncp (Nigels Capacity Planning) 2.1 Remote Information Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00004.html

Sun iPlanet Error Page Link Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00003.html

IBM Edge Components Caching Proxy XSS Followup
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00002.html

Basilic RCE bug
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00001.html

[SECURITY] [DSA 2505-1] zendframework security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00000.html

Adobe Acrobat and Reader Memory-Corruption Vulnerability
http://www.securiteam.com/securitynews/5HP2V0K7PK.html

A rough guide to keeping your website up
http://isc.sans.edu/diary.html?storyid=13594

Storms of June 29th 2012 in Mid Atlantic region of the USA
http://isc.sans.edu/diary.html?storyid=13600

Linux & Java leap second bug
http://isc.sans.edu/diary.html?storyid=13603

Novell GroupWise WebAccess Directory Traversal Flaw Lets Remote Users View Files
http://www.securitytracker.com/id/1027217

HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027215

LOCAL: python-wrapper Untrusted Search Path/Code Execution Vulnerability
http://www.exploit-db.com/exploits/19523

WordPress Zingiri Web Shop Plugin "abspath" Remote File Inclusion Vulnerability
http://secunia.com/advisories/49676/

Joomla! Language Switcher Module URL Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49678/

WordPress Count Per Day Plugin Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/49692/

SAP NetWeaver Multiple Buffer Overflow Vulnerabilities
http://secunia.com/advisories/49744/

GetSimple Items Manager Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49786/

PowerNet Twin Client Denial of Service Vulnerability
http://secunia.com/advisories/49754/

Magix CMS Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49797/

Magix CMS Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49785/

Novell GroupWise WebAccess "User.interface" File Disclosure Vulnerability
http://secunia.com/advisories/49796/

Ubuntu update for kernel
http://secunia.com/advisories/49779/

Debian update for zendframework
http://secunia.com/advisories/49752/

Ubuntu update for kernel
http://secunia.com/advisories/49729/

Ubuntu update for kernel
http://secunia.com/advisories/49725/

ModSecurity Quote Parsing Security Bypass Vulnerability
http://www.securityfocus.com/bid/54156

PostgreSQL 'intarray' Module 'gettoken()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46084

PostgreSQL 'RESET ALL' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/40304

PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/43747

PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37333

PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/40215

PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/37334

PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36314

PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34090

Linux Kernel NFS Client 'decode_getacl()' Incomplete Fix Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53615

Python SimpleXMLRPCServer Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51996

Python SimpleHTTPServer 'list_directory()' Function Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54083

PHP Calendar Extension 'SdnToJulian()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/46967

PHP CVE-2012-1172 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/53403

PHP 'php_register_variable_ex()' Function Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/51830

PHP 'substr_replace()' Use After Free Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/46843

PHP 'exif_process_IFD_TAG()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50907

Expat XML Parsing Multiple Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52379

python 'distutils' Component '~/.pypirc' File Local Race Condition Vulnerability
http://www.securityfocus.com/bid/52732

Python Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51239

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49778

Opera Web Browser Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49388

GD Graphics Library '_gdGetColors' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36712

PHP 'php-cgi' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53388

libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729

PHP CVE-2012-0789 Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52043

PHP 'tidy_diagnose()' NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51992

PHP 'Zip' Extension 'zip_fread()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/46975

PHP 'zend_strndup()' Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/51417

PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49241

PHP Web Form Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51193

PHP 'socket_connect()' Function Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47950

PHP CVE-2012-0057 Security Bypass Vulnerability
http://www.securityfocus.com/bid/51806

PHP 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities
http://www.securityfocus.com/bid/40173

PHP Exif Extension 'exif_read_data()' Function Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46365

PHP Stream Component Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46970

PHP 'OpenSSL' Extension Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/46977

PHP CVE-2011-2202 Security Bypass Vulnerability
http://www.securityfocus.com/bid/48259

PHP 'Zip' Extension 'stream_get_contents()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/46969

PHP 'phar/tar.c' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47545

FreeBSD 'telnetd' Daemon Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51182

PHP PDORow Object Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51952

PHP Prior to 5.3.7 Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/49249

PHP Versions Prior to 5.3.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37079

PHP Zend Engine (CVE-2010-4697) Use-after-free Heap Corruption Vulnerability
http://www.securityfocus.com/bid/45952

PHP 5.2.4 and Prior Versions Multiple Vulnerabilities
http://www.securityfocus.com/bid/26403

PHP 'proc_open()' 'safe_mode_protected_env_var' Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/37138

PHP CVE-2012-0831 'magic_quotes_gpc' Directive Security Bypass Weakness
http://www.securityfocus.com/bid/51954

PHP GD Extension 'imagepstext()' Function Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45338

Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952

Oracle Java SE CVE-2012-1725 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53954

Oracle Java SE CVE-2012-1723 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53960

Oracle Java SE CVE-2012-1711 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53949

Oracle Java SE CVE-2012-1719 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53950

Oracle Java SE CVE-2012-1724 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53958

Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951

Oracle Java SE CVE-2012-1716 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53947

Oracle Java SE CVE-2012-1726 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53948

Oracle Java SE CVE-2012-1713 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53946

GIMP CVE-2012-2763 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53741

Ruby on Rails CVE-2012-2694 Unsafe SQL Query Generation Vulnerability
http://www.securityfocus.com/bid/53976

Ruby on Rails CVE-2012-2660 SQL Injection Vulnerability
http://www.securityfocus.com/bid/53754

389 Directory Server Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/54153

Ruby on Rails Active Record CVE-2012-2695 SQL Injection Vulnerability
http://www.securityfocus.com/bid/53970

Ruby on Rails Active Record SQL Injection Vulnerability
http://www.securityfocus.com/bid/53753

IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51426

HP Data Protector Express Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/52431

WordPress URI Redirection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/54265

Photodex ProShow Producer 'load' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54264

Nagios XI Unspecified Command Injection Vulnerability
http://www.securityfocus.com/bid/54263

Nagios XI Unspecified Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/54262

HP Network Node Manager i CVE-2012-2018 Unspecified Cross Site Scripting vulnerability
http://www.securityfocus.com/bid/54261

PHPList 'id' Parameter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/54260

Joomla! Language Switcher ModuleMultiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/54259

WordPress Count Per Day Plugin Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/54258

WordPress Zingiri Web Shop Plugin 'abspath' Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/54257

GetSimple CMS Items Manager Plugin 'php.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/54255

Novell Groupwise WebAccess 'User.interface' Parameter Directory Traversal Vulnerability
http://www.securityfocus.com/bid/54253

Zoom Player '.avi' File Divide-By-Zero Denial of Service Vulnerability
http://www.securityfocus.com/bid/54249

:: IT Security Neophyte Investigator's MEMO ::

2012年7月3日火曜日

3日火曜日、赤口

0 件のコメント:

コメントを投稿

2012年7月3日火曜日

3日 火曜日、赤口

0 件のコメント:

コメントを投稿

3日火曜日、赤口