:: IT Security Neophyte Investigator's MEMO ::: 8月 2012

2012年8月31日金曜日

31日金曜日、友引

+ Google Chrome 21.0.1180.89 released
http://googlechromereleases.blogspot.jp/2012/08/stable-channel-update_30.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2866
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2872

+ Opera 12.02 released
http://www.opera.com/docs/changelogs/unified/1202/

+ APSB12-20: Security update available for Adobe Photoshop CS6
http://www.adobe.com/support/security/bulletins/apsb12-20.html

+ PDFCreator 1.5.0 released
http://download.pdfforge.org/download/pdfcreator/PDFCreator-stable

+ Oracle Security Alert for CVE-2012-4681
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4681

+ SYM12-014 Security Advisories Relating to Symantec Products - PGP Universal Server Unauthorized Key Exposure
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120830_00

+ J2SE JDK/JRE 1.7.0_07, 1.6.0_35 released
http://www.oracle.com/technetwork/java/javase/7u7-relnotes-1835816.html
http://www.oracle.com/technetwork/java/javase/6u35-relnotes-1835788.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4681

+ FreeBSD SCTP NULL Pointer Dereference Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54797

ウイルスバスタークラウド公開とサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1829

パスワードマネージャー月額版公開とサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1832

UPDATE: JVNTA12-240A Oracle Java 7 に脆弱性
http://jvn.jp/cert/JVNTA12-240A/

JVNDB-2011-005131 Comodo Internet Security の Antivirus コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005131.html

JVNDB-2011-005130 Comodo Internet Security の Antivirus コンポーネントにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005130.html

JVNDB-2011-005129 Comodo Internet Security の Antivirus コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005129.html

JVNDB-2011-005128 Comodo Internet Security の Antivirus コンポーネントにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005128.html

JVNDB-2011-005127 Comodo Internet Security における Defense+ 機能を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005127.html

JVNDB-2011-005126 Comodo Internet Security における Defense+ 機能を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005126.html

JVNDB-2010-004290 Comodo Internet Security の Antivirus コンポーネントにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-004290.html

JVNDB-2010-004289 Comodo Internet Security の Antivirus コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-004289.html

JVNDB-2009-004030 Comodo Internet Security の Antivirus コンポーネントにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-004030.html

JVNDB-2009-004029 Comodo Internet Security の Antivirus コンポーネントにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-004029.html

JVNDB-2009-004028 Comodo Internet Security におけるマルウェアの検出を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-004028.html

JVNDB-2009-004027 Comodo Internet Security の Antivirus コンポーネントにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-004027.html

JVNDB-2009-004026 Comodo Internet Security の Antivirus コンポーネントにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-004026.html

JVNDB-2012-003976 Websense Web Security および Web Filter におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003976.html

JVNDB-2012-003975 Websense Email Security の Receive Service におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003975.html

JVNDB-2012-003974 Websense Email Security の Rules Service におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003974.html

JVNDB-2012-003973 Websense V10000 アプライアンスにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003973.html

JVNDB-2012-003972 Websense V10000 アプライアンスにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003972.html

JVNDB-2012-003971 Symantec Messaging Gateway における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003971.html

JVNDB-2012-003970 Symantec Messaging Gateway における Web アプリケーションを変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003970.html

JVNDB-2012-003969 Symantec Messaging Gateway におけるアクセス権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003969.html

JVNDB-2012-003968 Symantec Messaging Gateway におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003968.html

JVNDB-2012-003967 Symantec Messaging Gateway におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003967.html

JVNDB-2012-003966 複数の Mozilla 製品の Web コンソールにおける JavaScript コードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003966.html

JVNDB-2012-003965 Android 上で稼働する Mozilla Firefox における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003965.html

JVNDB-2012-003964 複数の Mozilla 製品の nsLocation::CheckURL 関数におけるコンテンツのロードの制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003964.html

JVNDB-2012-003963 複数の Mozilla 製品におけるアドレスバー内の X.509 証明書情報を偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003963.html

JVNDB-2012-003962 複数の Mozilla 製品の DOMParser コンポーネントにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003962.html

JVNDB-2012-003961 Windows 上で稼働する複数の Mozilla 製品のインストーラにおける権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003961.html

JVNDB-2012-003960 Mozilla Firefox の developer-tools サブシステムにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003960.html

JVNDB-2012-003959 複数の Mozilla 製品の XSLT の format-number の機能における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003959.html

JVNDB-2012-003958 複数の Mozilla 製品で使用される Graphite 2 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003958.html

JVNDB-2012-003957 複数の Mozilla 製品の nsTArray_base::Length 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003957.html

JVNDB-2012-003956 複数の Mozilla 製品の nsSVGFEMorphologyElement::Filter 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003956.html

JVNDB-2012-003955 複数の Mozilla 製品の WebGL の実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003955.html

JVNDB-2012-003954 Linux 上で稼働する複数の Mozilla 製品の WebGL の実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003954.html

JVNDB-2012-003953 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003953.html

JVNDB-2012-003952 Mozilla Firefox における Chrome 権限を持つ任意の JavaScript コードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003952.html

JVNDB-2012-003951 複数の Mozilla 製品の gfxTextRun::GetUserData 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003951.html

JVNDB-2012-003950 複数の Mozilla 製品の js::gc::MapAllocToTraceKind 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003950.html

JVNDB-2012-003949 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003949.html

JVNDB-2012-003948 複数の Mozilla 製品の RangeData の実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003948.html

JVNDB-2012-003947 複数の Mozilla 製品の mozSpellChecker::SetCurrentDictionary 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003947.html

JVNDB-2012-003946 複数の Mozilla 製品の nsRangeUpdater::SelAdjDeleteNode 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003946.html

JVNDB-2012-003945 複数の Mozilla 製品の nsHTMLEditRules::DeleteNonTableElements 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003945.html

JVNDB-2012-003944 複数の Mozilla 製品の nsBlockFrame::MarkLineDirty 関数におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003944.html

JVNDB-2012-003943 複数の Mozilla 製品の MediaStreamGraphThreadRunnable::Run 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003943.html

JVNDB-2012-003942 複数の Mozilla 製品の nsHTMLSelectElement::SubmitNamesValues 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003942.html

JVNDB-2012-003941 複数の Mozilla 製品の PresShell::CompleteMove 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003941.html

JVNDB-2012-003940 複数の Mozilla 製品の gfxTextRun::CanBreakLineBefore 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003940.html

JVNDB-2012-003939 複数の Mozilla 製品の nsObjectLoadingContent::LoadObject 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003939.html

JVNDB-2012-003938 複数の Mozilla 製品の nsHTMLEditor::CollapseAdjacentTextNodes 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003938.html

JVNDB-2012-003937 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003937.html

JVNDB-2012-003936 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003936.html

JVNDB-2012-003935 複数の Mozilla 製品におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003935.html

JVNDB-2012-000080 (JVN#69880570) Opera におけるアドレスバー詐称の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000080.html

JVNDB-2012-000079 (JVN#51615542) (JVNVU#845620) Adobe Reader における署名を正しく検証しない脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html

ESA-2012-038: EMC NetWorker Format String Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00218.html

[ MDVSA-2012:148 ] ffmpeg
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00217.html

[ MDVSA-2012:074-1 ] ffmpeg
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00216.html

SEC Consult SA-20120829-0 :: Symantec Messaging Gateway - Support Backdoor
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00215.html

[security bulletin] HPSB3C02809 SSRT100377 rev.1 - HP iNode Management Center, Remote Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00214.html

海外情報セキュリティ関連文書の翻訳・調査研究（NIST文書など）
http://www.ipa.go.jp/security/publications/nist/index.html

Oracle Java Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027458

Analyzing outgoing network traffic
http://isc.sans.edu/diary.html?storyid=14002

Oracle Releases Java Security Updates
http://isc.sans.edu/diary.html?storyid=14008

VU#511404 Open Technology Real Services nested tags cross-site scripting vulnerability
http://www.kb.cert.org/vuls/id/511404

TomatoCart "processForm()" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50459/

IBM Rational AppScan / Rational Policy Tester Multiple Vulnerabilities
http://secunia.com/advisories/50395/

HP Application Lifecycle Management XGO.ocx Two Vulnerabilities
http://secunia.com/advisories/50403/

HP Intelligent Management Center UAM Buffer Overflow Vulnerability
http://secunia.com/advisories/50406/

HP Operations Orchestration RSScheduler Service SQL Injection Vulnerability
http://secunia.com/advisories/50413/

SUSE update for nut
http://secunia.com/advisories/50389/

SUSE update for MozillaFirefox
http://secunia.com/advisories/50380/

Flexera Software InstallShield/AdminStudio ActiveX Controls Vulnerabilities
http://secunia.com/advisories/50383/

Crowbar "file" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50387/

IBM WebSphere Application Server Administrative Access Security Bypass Vulnerability
http://secunia.com/advisories/50471/

SUSE update for quota
http://secunia.com/advisories/50470/

Joomla! Spider Calendar Lite Component "date" SQL Injection Vulnerability
http://secunia.com/advisories/50457/

Opera Truncated Dialog Box Vulnerability
http://secunia.com/advisories/50381/

HP iNode Intelligent Client iNOdeMngChecker.exe Buffer Overflow
http://secunia.com/advisories/50350/

Drupal Apache Solr Autocomplete Module Script Insertion Vulnerability
http://secunia.com/advisories/50443/

WordPress HD Webplayer Plugin Two SQL Injection Vulnerabilities
http://secunia.com/advisories/50466/

Drupal Views Module Global User Object Security Bypass
http://secunia.com/advisories/50431/

Drupal Activism Module "Campaign" Content Type Security Bypass
http://secunia.com/advisories/50430/

Drupal Javascript Tool Module File Manipulation Vulnerability
http://secunia.com/advisories/50429/

Drupal Taxonomy Image Module Arbitrary File Upload Vulnerability
http://secunia.com/advisories/50428/

Drupal Email Field Module Contact Form Security Bypass
http://secunia.com/advisories/50426/

Drupal Announcements Module Node Access Security Bypass
http://secunia.com/advisories/50424/

Debian update for rtfm
http://secunia.com/advisories/50440/

Ubuntu update for firefox
http://secunia.com/advisories/50379/

PrestaShop 1.4.7 / 1.4.8 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080317

AP NetWeaver HostControl Command Injection
http://cxsecurity.com/issue/WLB-2012080316

Winlog Lite SCADA HMI System 2.06.17 SEH Overwrite
http://cxsecurity.com/issue/WLB-2012080315

squidGuard 1.4 Denial Of Service
http://cxsecurity.com/issue/WLB-2012080314

YourOnlineAgents CMS Blind SQL Injection
http://cxsecurity.com/issue/WLB-2012080313

Endonesia 8.5 CMS Publisher Module SQL Injection
http://cxsecurity.com/issue/WLB-2012080312

PHP iManager 3.1 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080311

TomatoCart 1.1.7 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080310

Joomla Spider Calendar Lite SQL Injection
http://cxsecurity.com/issue/WLB-2012080309

Drupal Javascript Tool 7.x File Access
http://cxsecurity.com/issue/WLB-2012080308

Drupal Taxonomy Image 6.x Cross Site Scripting / PHP Code Execution
http://cxsecurity.com/issue/WLB-2012080307

Drupal Activism 6.x Access Bypass
http://cxsecurity.com/issue/WLB-2012080306

Drupal Announcements 6.x Access Bypass
http://cxsecurity.com/issue/WLB-2012080305

Drupal Email Field 6.x / 7.x Access Bypass
http://cxsecurity.com/issue/WLB-2012080304

Oracle Java Runtime Environment CVE-2012-3136 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55337

Oracle Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55213

Oracle Java SE CVE-2011-3557 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50234

Oracle Java SE CVE-2011-3560 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50236

Oracle Java SE CVE-2011-3556 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50231

Oracle Java SE CVE-2011-3561 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50250

Oracle Java SE CVE-2011-3558 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50242

Oracle Java SE CVE-2011-3552 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50248

Oracle Java SE CVE-2011-3555 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50237

Oracle Java SE CVE-2011-3551 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50224

Oracle Java SE CVE-2011-3548 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50211

Oracle Java SE CVE-2011-3549 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50223

Oracle Java SE CVE-2011-3553 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50246

Oracle Java SE CVE-2011-3545 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50220

Oracle Java SE CVE-2011-3550 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50226

Oracle Java SE CVE-2011-3516 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50229

Apache Tomcat AJP Protocol Security Bypass Vulnerability
http://www.securityfocus.com/bid/49353

Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
http://www.securityfocus.com/bid/48667

Oracle Java SE CVE-2011-3546 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50239

Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
http://www.securityfocus.com/bid/46174

Oracle Java SE CVE-2011-3547 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50243

Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/48456

Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49143

Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
http://www.securityfocus.com/bid/49762

Opera Web Browser Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49388

Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50218

Symantec Messaging Gateway SSH Default Password Security Bypass Vulnerability
http://www.securityfocus.com/bid/55143

Novell ZENworks Configuration Management AdminStudio Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/50274

Novell ZENworks Configuration Management 'DoFindReplace()' Method Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50576

TomatoCart 'example_form.ajax.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55295

Novell ZENWorks 'mscomct2.ocx' ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50572

FreeBSD SCTP NULL Pointer Dereference Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54797

SAP Netweaver 'SAPHostControl' Service Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55084

Multiple Products Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/55234

Multiple Conceptronic Products 'login.js' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55226

Tigase XMPP Server Dialback Protection Bypass Component Security Bypass Vulnerability
http://www.securityfocus.com/bid/55232

HP Intelligent Management Centre 'img.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55158

HP iNode Management Center 'iNodeMngChecker.exe' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55160

IBM Infosphere Guardium Administrative Account Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/55263

Oracle Java Runtime Environment CVE-2012-1682 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55336

GarrettCom Magnum MNS-6K Software Hard Coded Password Security Bypass Vulnerability
http://www.securityfocus.com/bid/55334

Adobe Photoshop CVE-2012-4170 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55333

Google Chrome Prior to 21.0.1180.89 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55331

EMC NetWorker 'nsrd' RPC Service Format String Vulnerability
http://www.securityfocus.com/bid/55330

OpenStack Dashboard (Horizon) CVE-2012-3540 Redirect Module Open Redirection Vulnerability
http://www.securityfocus.com/bid/55329

OTRS Email Body CVE-2012-4600 HTML Injection Vulnerability
http://www.securityfocus.com/bid/55328

OpenStack Keystone CVE-2012-3542 Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/55326

Crowbar 'file' Parameter Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55315

IBM WebSphere Application Server Administrative Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/55309

Joomla! Spider Calendar Lite Extension 'date' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/55303

Opera Web Browser Prior to 12.02 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55301

PHP iManager Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55300

XM Forum 'search.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/55299

eNdonesia Publisher Module 'cid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/55296

Apple iChat Server XMPP Dialback Protection Bypass Component Security Bypass Vulnerability
http://www.securityfocus.com/bid/55294

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-3969 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55292

squidGuard Long URL Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55291

Symantec PGP Universal Server Private Key Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55246

2012年8月30日木曜日

30日木曜日、先勝

+ RHSA-2012:1210 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2012-1210.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980

+ RHSA-2012:1211 Critical: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2012-1211.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980

+ CESA-2012:1210 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/514084/

+ CESA-2012:1210 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/514085/

+ CESA-2012:1211 Critical CentOS 6 thunderbird Update
http://lwn.net/Alerts/514086/

+ CESA-2012:1211 Critical CentOS 5 thunderbird Update
http://lwn.net/Alerts/514088/

+ HPSB3C02808 SSRT100361 rev.1 - HP Intelligent Management Center, Remote Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03473459%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3253

+ HPSB3C02809 SSRT100377 rev.1 - HP iNode Management Center, Remote Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03473527%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3254

+ OpenSSH 6.1 released
http://www.openssh.com/txt/release-6.1

インターネット非接続環境用「手動アップデートモジュール」ダウンロードページ変更のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1833

チェックしておきたい脆弱性情報＜2012.08.30＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20120827/418401/?ST=security

標的型攻撃時代におけるIT部門の役割
［4］これからのIT部門の役割
http://itpro.nikkeibp.co.jp/article/COLUMN/20120820/416833/?ST=security

「出会い系メール収集が決め手」auとシマンテックの迷惑メール対策
http://itpro.nikkeibp.co.jp/article/NEWS/20120829/419142/?ST=security

アプリ紹介サイト「アンドロイダー」がAndroidアプリのセキュリティチェック開始
http://itpro.nikkeibp.co.jp/article/NEWS/20120829/419085/?ST=security

[SECURITY] [DSA 2535-1] rtfm security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00213.html

Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00208.html

Sistem Biwes Multiple Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00207.html

[ MDVSA-2012:147 ] mozilla-thunderbird
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00206.html

squidGuard 1.4 - Remote Denial of Service - POC
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00210.html

ZDI-12-182 : EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnera
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00205.html

ZDI-12-181 : Novell iPrint nipplib.dll client-file-name Parsing Remote Code Executio
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00203.html

ZDI-12-180 : Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code Execution Vulnerabil
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00204.html

ZDI-12-179 : EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Exec
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00202.html

ZDI-12-178 : (0Day) HP SiteScope SOAP Call update Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00201.html

ZDI-12-177 : (0Day) HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerabili
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00200.html

ZDI-12-176 : (0Day) HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerabili
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00198.html

ZDI-12-175 : (0Day) HP SiteScope SOAP Call create Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00199.html

ZDI-12-174 : (0Day) HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00209.html

ZDI-12-173 : (0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution V
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00197.html

ZDI-12-172 : (0Day) HP Operations Orchestration RSScheduler Service JDBC Connector Remote Co
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00196.html

ZDI-12-171 : (0Day) Hewlett-Packard Intelligent Management Center UAM sprintf Remote Cod
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00192.html

ZDI-12-170 : (0Day) HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00195.html

ZDI-12-169 : GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00194.html

ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vuln
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00191.html

ZDI-12-167 : (0Day) Novell File Reporter NFRAgent.exe VOL Tag Remote Code Execution Vulnerab
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00193.html

[ MDVSA-2012:146 ] firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00190.html

XSS in PrestaShop
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00189.html

Cross-Site Scripting (XSS) in Phorum
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00188.html

=?UTF-8?B?dDLigLIxMjogQ2hhbGxlbmdlIHRvIGJlIHJlbGVhc2VkIDIwMTItMDk=?= =?UTF-8?B?LTAxIDEwOjAwI
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00187.html

[ MDVSA-2012:145 ] firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00186.html

ToorCon 14 Call For Papers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00185.html

"Data" URLs used for in-URL phishing
http://isc.sans.edu/diary.html?storyid=13996

IBM InfoSphere Guardium Discloses Saved Username and Password Data to Remote Users
http://www.securitytracker.com/id/1027456

IBM InfoSphere Guardium Bug Permits Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1027455

Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027452

Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027451

Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027450

syslog-ng Premium Edition Two OpenSSL Vulnerabilities
http://secunia.com/advisories/50444/

PrestaShop Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50449/

Phorum Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50445/

IBM Infosphere Guardium Cross-Site Request Forgery and Information Disclosure Vulnerabilities
http://secunia.com/advisories/50371/

Red Hat update for firefox
http://secunia.com/advisories/50436/

Red Hat update for thunderbird
http://secunia.com/advisories/50434/

Pale Moon Multiple Vulnerabilities
http://secunia.com/advisories/50437/

op5 Monitor Unspecified SQL Injection Vulnerability
http://secunia.com/advisories/50452/

op5 Monitor Multiple Vulnerabilities
http://secunia.com/advisories/50349/

Atlassian Bamboo OGNL Expression Injection Vulnerability
http://secunia.com/advisories/50417/

Atlassian JIRA Multiple Vulnerabilities
http://secunia.com/advisories/50415/

EMC Cloud Tiering Appliance Authentication Bypass Vulnerability
http://secunia.com/advisories/50393/

Mozilla SeaMonkey Multiple Vulnerabilities
http://secunia.com/advisories/50331/

Mozilla Thunderbird Multiple Vulnerabilities
http://secunia.com/advisories/50308/

Mozilla Firefox Multiple Vulnerabilities
http://secunia.com/advisories/50088/

Ubuntu update for libgdata
http://secunia.com/advisories/50432/

Mono Web Form Hash Collision Denial of Service Vulnerability
http://secunia.com/advisories/50446/

Active PHP Bookmarks SQL Vulnerability
http://cxsecurity.com/issue/WLB-2012080303

Atomic Photo Album SQL Vulnerability
http://cxsecurity.com/issue/WLB-2012080302

Sistem Biwes Multiple Vulnerability
http://cxsecurity.com/issue/WLB-2012080301

EMC ApplicationXtender Desktop Viewer AEXView Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080300

EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080299

Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080298

InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080297

Novell File Reporter NFRAgent.exe VOL Tag Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080296

HP OO RSScheduler Service JDBC Connector Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080295

GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080294

HP Intelligent Management Center UAM sprintf Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080293

HP ALM XGO.ocx ActiveX Control Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080292

HP SiteScope SOAP Call getFileInternal Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080291

HP SiteScope SOAP Call create Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080290

HP SiteScope UploadFilesHandler Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080289

HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080288

WordPress HD Webplayer 1.1 SQL Injection
http://cxsecurity.com/issue/WLB-2012080287

Apache OpenOffice 3.4.0 Logic Errors
http://cxsecurity.com/issue/WLB-2012080286

JQuery Tooltip Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080285

Xmb 1.8 SQL Vulnerability
http://cxsecurity.com/issue/WLB-2012080284

ActFax 4.31 Local Privilege Escalation
http://cxsecurity.com/issue/WLB-2012080283

Simple Web Server 2.2-rc2 Code Execution
http://cxsecurity.com/issue/WLB-2012080282

Mieric AddressBook 1.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012080281

LOCAL: ActFax 4.31 Local Privilege Escalation Exploit
http://www.exploit-db.com/exploits/20915

DoS/PoC: Winlog Lite SCADA HMI system SEH 0verwrite Vulnerability
http://www.exploit-db.com/exploits/20917

Elxis CMS Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50910

GE Proficy Historian 'KeyHelp.ocx' ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55265

EMC ApplicationXtender Multiple Products Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/55209

OpenSSL CVE-2012-2131 Encoded ASN.1 Data Incomplete Fix Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53212

OpenSSL ASN.1 S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52181

OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158

Advantech Studio ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/47596

Novell iPrint Client Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/51926

Novell ZENworks Configuration Management AdminStudio Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/50274

RETIRED: Novell ZENWorks 'LaunchHelp.dll' ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50574

op5 Monitor HTML Injection and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/55191

Oracle Outside In Technology CVE-2012-1768 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54536

Drupal Faster Permissions Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/52039

Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55290

Drupal CAPTCHA Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/55289

Drupal Activism Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/55288

Drupal Javascript Tool Multiple Arbitrary File Access and File Disclosure Vulnerabilities
http://www.securityfocus.com/bid/55287

Drupal Email Field Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/55286

Drupal Views Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55285

Wireshark DRDA Dissector 'dissect_drda()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/55284

Drupal Announcements Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/55283

Drupal Taxonomy Image Cross-Site Scripting and Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55282

GNU libiberty '_objalloc_alloc()' Function CVE-2012-3509 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/55281

PrestaShop Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55280

Disqus 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/55279

Phorum Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55275

HP SiteScope UploadFilesHandler Directory Traversal Vulnerability
http://www.securityfocus.com/bid/55273

HP Application Lifecycle Management 'XGO.ocx' Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55272

HP Intelligent Management Centre 'uam.exe' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55271

HP Operations Orchestration 'RSScheduler Service JDBC Connector' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55270

HP SiteScope Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55269

Novell File Reporter Agent 'NFRAgent.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55268

Novell ZENWorks AdminStudio 'ISGrid.dll' Activex Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55267

IBM Infosphere Guardium Administrative Account Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/55263

IBM Infosphere Guardium Database Credentials Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55262

Wordpress HD Webplayer Plugin Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/55259

Atlassian JIRA Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55253

Plogger 'index.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55252

Mono ASP.NET Web Form Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/55251

2012年8月29日水曜日

29日水曜日、赤口

+ Mozilla Firefox 15.0 released
http://www.mozilla.jp/firefox/15.0/releasenotes/

+ Mozilla Thunderbird 15.0 released
http://www.mozilla.jp/thunderbird/15.0/releasenotes/

+ MFSA 2012-72 Web console eval capable of executing chrome-privileged code
http://www.mozilla.org/security/announce/2012/mfsa2012-72.html

+ MFSA 2012-71 Insecure use of __android_log_print
http://www.mozilla.org/security/announce/2012/mfsa2012-71.html

+ MFSA 2012-70 Location object security checks bypassed by chrome code
http://www.mozilla.org/security/announce/2012/mfsa2012-70.html

+ MFSA 2012-69 Incorrect site SSL certificate data display
http://www.mozilla.org/security/announce/2012/mfsa2012-69.html

+ MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html
http://www.mozilla.org/security/announce/2012/mfsa2012-68.html

+ MFSA 2012-67 Installer will launch incorrect executable following new installation
http://www.mozilla.org/security/announce/2012/mfsa2012-67.html

+ MFSA 2012-66 HTTPMonitor extension allows for remote debugging without explicit activation
http://www.mozilla.org/security/announce/2012/mfsa2012-66.html

+ MFSA 2012-65 Out-of-bounds read in format-number in XSLT
http://www.mozilla.org/security/announce/2012/mfsa2012-65.html

+ MFSA 2012-64 Graphite 2 memory corruption
http://www.mozilla.org/security/announce/2012/mfsa2012-64.html

+ MFSA 2012-63 SVG buffer overflow and use-after-free issues
http://www.mozilla.org/security/announce/2012/mfsa2012-63.html

+ MFSA 2012-62 WebGL use-after-free and memory corruption
http://www.mozilla.org/security/announce/2012/mfsa2012-62.html

+ MFSA 2012-61 Memory corruption with bitmap format images with negative height
http://www.mozilla.org/security/announce/2012/mfsa2012-61.html

+ MFSA 2012-60 Escalation of privilege through about:newtab
http://www.mozilla.org/security/announce/2012/mfsa2012-60.html

+ MFSA 2012-59 Location object can be shadowed using Object.defineProperty
http://www.mozilla.org/security/announce/2012/mfsa2012-59.html

+ MFSA 2012-58 Use-after-free issues found using Address Sanitizer
http://www.mozilla.org/security/announce/2012/mfsa2012-58.html

+ MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)
http://www.mozilla.org/security/announce/2012/mfsa2012-57.html

+ CESA-2012:1206 Moderate CentOS 6 python-paste-script Update
http://lwn.net/Alerts/513847/

+ CESA-2012:1208 Moderate CentOS 6 glibc Update
http://lwn.net/Alerts/513848/

+ UPDATE: HPSBUX02805 SSRT100919 rev.3 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03441075%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ VU#636312 Oracle Java JRE 1.7 sun.awt.SunToolkit fails to restrict access to privileged code
http://www.kb.cert.org/vuls/id/636312

+ SA50421 Linux Kernel Two Vulnerabilities
http://secunia.com/advisories/50421/

+ SA50435 Symantec Messaging Gateway Multiple Vulnerabilities
http://secunia.com/advisories/50435/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3581

Check Point response to "libcrypt 'crypt()' Password Encryption Weakness" (CVE-2012-2143)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk75640&src=securityAlerts

弊社ウイルス対策製品をご利用の一部環境においてコンピュータの動作が遅くなる現象について
http://www.trendmicro.co.jp/support/news.asp?id=1830

[security bulletin] HPSBUX02805 SSRT100919 rev.3 - HP-UX Running Java, Remote Unauthorized A
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00184.html

ESA-2012-034: EMC Cloud Tiering Appliance (CTA) Authentication Bypass Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00183.html

[SE-2012-01] information regarding recently discovered Java 7 attack
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00182.html

[ MDVSA-2012:144 ] tetex
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00181.html

US-CERT Alert TA12-240A - Oracle Java 7 Security Manager Bypass Vulnerability
http://www.derkeiler.com/Mailing-Lists/Cert/2012-08/msg00001.html

CVE-2012-2665 Manifest-processing errors in Apache OpenOffice 3.4.0
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00180.html

CA20111208-01: Security Notice for CA SiteMinder [updated]
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00179.html

新たな感染手口を備えたSIREFEF/ZACCESSが登場
http://itpro.nikkeibp.co.jp/article/COLUMN/20120828/418672/?ST=security

標的型攻撃時代におけるIT部門の役割
［3］標的型攻撃対策の処方箋
http://itpro.nikkeibp.co.jp/article/COLUMN/20120820/416832/?ST=security

世界最大の石油企業、ワークステーション3万台に攻撃（WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20120828/418763/?ST=security

Oracle Java 7に“超”危険な脆弱性、任意のOSコマンドが遠隔実行可能
http://itpro.nikkeibp.co.jp/article/NEWS/20120828/418722/?ST=security

JVNTA12-240A Oracle Java 7 に脆弱性
http://jvn.jp/cert/JVNTA12-240A/index.html

The Good, Bad and Ugly about Assigning IPv6 Addresses
http://isc.sans.edu/diary.html?storyid=13978

Symantec Messaging Gateway Multiple Flaws Let Remote Users Access and Modify the System
http://www.securitytracker.com/id/1027449

WordPress Cloudsafe365 Plugin Multiple Vulnerabilities
http://secunia.com/advisories/50392/

elcomCMS ASPX File Upload Vulnerability
http://secunia.com/advisories/50361/

Crowbar Ohai Plugin Insecure Temporary Files Security Issue
http://secunia.com/advisories/50442/

Ad Manager Pro Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/50427/

OpenJPEG JPEG2000 Image Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/50360/

Linux Kernel Two Vulnerabilities
http://secunia.com/advisories/50421/

LetoDMS Multiple Vulnerabilities
http://secunia.com/advisories/50351/

Sitecom MD-253 / MD-254 Web Management Security Bypass Vulnerabilities
http://secunia.com/advisories/50386/

Conceptronic CH3ENAS Web Management Security Bypass Vulnerabilities
http://secunia.com/advisories/50385/

Express Burn Project File Parsing Buffer Overflow Vulnerability
http://secunia.com/advisories/50439/

Chamilo Multiple Vulnerabilities
http://secunia.com/advisories/50412/

SUSE update for xen and libvirt
http://secunia.com/advisories/50196/

OpenOffice XML Manifest Handling Buffer Overflow Vulnerabilities
http://secunia.com/advisories/50438/

Symantec Messaging Gateway Multiple Vulnerabilities
http://secunia.com/advisories/50435/

RT FCGI Module CGI::Fast API Environment Variables Security Bypass
http://secunia.com/advisories/50407/

Red Hat update for glibc
http://secunia.com/advisories/50422/

Red Hat update for python-paste-script
http://secunia.com/advisories/50410/

REMOTE: Simple Web Server 2.2-rc2 ASLR Bypass Exploit
http://www.exploit-db.com/exploits/20876

DoS/PoC: Express Burn Plus v4.58 EBP Project File Handling Buffer Overflow PoC
http://www.exploit-db.com/exploits/20870

Joomla com_ornekek SQL Vulnerability
http://cxsecurity.com/issue/WLB-2012080280

Joomla com_weblinks SQL Vulnerability
http://cxsecurity.com/issue/WLB-2012080279

ANGLER Technologies Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012080278

Infinite IT Solutions Cms Cross-Site Scripting Vulnerability
http://cxsecurity.com/issue/WLB-2012080277

Distantia Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012080276

Java 7 Applet Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080275

CakePHP and Squiz CMS XXE Injection
http://cxsecurity.com/issue/WLB-2012080274

Pell Shopping SQL Injection
http://cxsecurity.com/issue/WLB-2012080273

Chamilo 1.8.8.4 XSS / File Deletion
http://cxsecurity.com/issue/WLB-2012080272

CA SiteMinder Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080271

XWiki 4.2-milestone-2 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080270

VLinks 2.0.3 SQL Injection
http://cxsecurity.com/issue/WLB-2012080269

Silly Fellow Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080268

Silentblast Interactive Shell Upload
http://cxsecurity.com/issue/WLB-2012080267

Mihalism Multi Host 5.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080266

WordPress Simple Forum Shell Upload
http://cxsecurity.com/issue/WLB-2012080265

CommPort 1.01 Authentication Bypass
http://cxsecurity.com/issue/WLB-2012080264

CommPort 1.01 SQL Injection
http://cxsecurity.com/issue/WLB-2012080263

Khorshid Chehr SQL Injection
http://cxsecurity.com/issue/WLB-2012080262

Paliz CMS Path Disclosure
http://cxsecurity.com/issue/WLB-2012080261

Douran CMS Path Disclosure
http://cxsecurity.com/issue/WLB-2012080260

IBN Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080259

Zabbix Server Arbitrary Command Execution
http://cxsecurity.com/issue/WLB-2012080258

Wiki Web Help 0.3.9 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080257

Express Burn Plus 4.58 Buffer Overflow
http://cxsecurity.com/issue/WLB-2012080256

Drupal Faster Permissions Module Access Security Bypass Vulnerability
2012-08-29
http://www.securityfocus.com/bid/52039

Drupal CDN Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52041

Drupal OG Vocabulary Module Security Bypass Vulnerability
http://www.securityfocus.com/bid/52042

Drupal Link Checker Security Bypass Vulnerability
http://www.securityfocus.com/bid/52038

Drupal Finder Module Multiple Cross-Site Scripting And Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/51921

Drupal Revisioning Module Security Bypass Vulnerability
http://www.securityfocus.com/bid/51555

Arbor Networks Peakflow SP 'index/' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52881

VBulletin 'announcementid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52897

Drupal ZipCart Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/52231

Drupal MediaFront Module Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52229

PMSoftware Simple Web Server Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54605

WordPress Cloudsafe365 Plugin 'file' Parameter Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/55241

CPG Dragonfly CMS Multiple Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52100

OpenJPEG Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55214

LetoDMS Multiple HTML Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55181

LibreOffice and OpenOffice Multiple Heap Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54769

Perl Fast CGI Module CGI Variables Authentication Security Bypass Vulnerability
http://www.securityfocus.com/bid/49549

Multiple Conceptronic Products 'login.js' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55226

WordPress chenpress Plugin Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/54635

Computer Associates SiteMinder 'login.fcc' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50962

OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/54114

Oracle Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55213

EMC Cloud Tiering Appliance (CTA) Authentication Security Bypass Vulnerabilityy
http://www.securityfocus.com/bid/55250

Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2012-57 through -72 Multiple Vulnerabilities
http://www.securityfocus.com/bid/55249

WordPress Cloudsafe365 Plugin 'cs365_edit.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55245

Silly Fellow Unspecified HTML Injection Vulnerability
http://www.securityfocus.com/bid/55244

WordPress Simple:Press Forum Plugin Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/55243

Express Burn Project File Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55242

Dell 'Crowbar ohai' Plugin Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55240

2012年8月28日火曜日

28日火曜日、大安

+ RHSA-2012:1208 Moderate: glibc security update
http://rhn.redhat.com/errata/RHSA-2012-1208.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480

+ RHSA-2012:1207 Moderate: glibc security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-1207.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480

+ RHSA-2012:1206 Moderate: python-paste-script security update
http://rhn.redhat.com/errata/RHSA-2012-1206.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0878

+ CESA-2012:1207 Moderate CentOS 5 glibc Update
http://lwn.net/Alerts/513686/

+ Manifest-processing errors in Apache OpenOffice 3.4.0
http://www.openoffice.org/security/cves/CVE-2012-2665.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2665

+ HPSBUX02805 SSRT100919 rev.2 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03441075%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1726

+ SYM12-013: Security Advisories Relating to Symantec Products - Symantec Messaging Gateway Security Issues
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3581

+ Linux kernel 3.4.10, 3.0.42 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.10
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.42

+ Sudo 1.7.10rc5, 1.8.6rc2 released
http://www.sudo.ws/sudo/devel.html#1.7.10rc5
http://www.sudo.ws/sudo/devel.html#1.8.6rc2

+ PostgreSQL 9.2 RC1 Available for Testing
http://www.postgresql.org/about/news/1410/

+ Multiple Products Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/55234

CommPort 1.01 <= SQL Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00178.html

Wordpress fckeditor Arbitrary File Upload Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00177.html

Exploit Title: Mihalism Multi Host v 5.0
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00176.html

Paliz CMS Full Path Disclosure Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00175.html

Chamilo 1.8.8.4 Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00174.html

[slackware-security] dhcp (SSA:2012-237-01)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00173.html

ソースコードセキュリティ検査ツール iCodeChecker
http://www.ipa.go.jp/security/vuln/iCodeChecker/index.html

「脆弱性対策情報の収集と活用」セミナー開催のお知らせ
～米国政府での脆弱性対策の取り組み～
http://www.ipa.go.jp/security/vuln/seminar/lab_semi_scap_2012_2.html

標的型攻撃時代におけるIT部門の役割
［2］国内企業が抱える課題
http://itpro.nikkeibp.co.jp/article/COLUMN/20120820/416831/?ST=security

CAがアイデンティティ管理ソフトの新版、動作設定や操作をGUIで容易に
http://itpro.nikkeibp.co.jp/article/NEWS/20120827/418515/?ST=security

JVNDB-2012-001629 Adobe Flash Player における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001629.html

JVNDB-2012-001954 Adobe Flash Player および AIR の NetStream クラスにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001954.html

JVNDB-2012-001628 Adobe Flash Player の Matrix3D コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001628.html

JVNDB-2012-001504 Adobe Flash Player におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001504.html

JVNDB-2012-001503 Adobe Flash Player におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001503.html

JVNDB-2012-001502 Adobe Flash Player におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001502.html

JVNDB-2012-001501 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001501.html

JVNDB-2012-001500 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001500.html

JVNDB-2012-002603 RPM の headerLoad 関数におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002603.html

JVNDB-2012-002602 RPM におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002602.html

JVNDB-2012-002778 OpenOffice およびその他の製品で使用される Redland Raptor における任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002778.html

JVNDB-2012-003870 (JVNVU#663809) MarkAny ContentSAFER MASetupCaller の ActiveX コントロールに脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003870.html

JVNDB-2012-003869 (JVNVU#318779) Websense Content Gateway にクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003869.html

JVNDB-2012-003867 SetSeed CMS の setseed-hub における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003867.html

JVNDB-2012-003866 DLGuard におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003866.html

JVNDB-2012-003865 Barracuda Link Balancer 330 ファームウェアにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003865.html

JVNDB-2012-003864 Joomla! 用 Techfolio コンポーネントにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003864.html

JVNDB-2012-003863 Kajian Website CMS Balitbang における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003863.html

JVNDB-2012-003862 Blogs Manager における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003862.html

JVNDB-2012-003861 Freelancer calendar における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003861.html

JVNDB-2012-003860 AdaptCMS の config.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003860.html

JVNDB-2012-003859 WordPress 用 Alert Before Your Post プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003859.html

JVNDB-2012-003858 WordPress 用 Flexible Custom Post Type プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003858.html

JVNDB-2012-003857 ZOHO ManageEngine ADSelfService の EmployeeSearch.cc におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003857.html

JVNDB-2012-003856 WordPress 用 WP e-Commerce プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003856.html

JVNDB-2012-003855 Alurian Prismotube PHP Video Script における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003855.html

Malware Spam harvesting Facebook Information
http://isc.sans.edu/diary.html?storyid=13981

Quick Bits about Today's Java 0-Day
http://isc.sans.edu/diary.html?storyid=13984

Oracle Java Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027447

REMOTE: Zabbix Server Arbitrary Command Execution
http://www.exploit-db.com/exploits/20796

REMOTE: Java 7 Applet Remote Code Execution
http://www.exploit-db.com/exploits/20865

LOCAL: Microsoft Windows Kernel Intel x64 SYSRET PoC
http://www.exploit-db.com/exploits/20861

Oracle Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55213

Real Networks RealPlayer 'VIDOBJ_START_CODE' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51885

Wiki Web Help Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55229

t1lib Type 1 Font Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46941

ZABBIX 'node_process_command()' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/37989

Autonomy KeyView PRZ File Viewer Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48013

Autonomy KeyView Applix Document Filter Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48021

Autonomy KeyView Filter ZIP File Viewer Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48016

Autonomy KeyView LZH Archive File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48018

Autonomy KeyView Filter XLS File Viewer Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48017

Autonomy KeyView Filter RTF Hyperlink Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48019

Autonomy KeyView Microsoft Office Document Filter Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48020

Linux Kernel 'fs/eventpoll.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/54283

Oracle Outside In Technology CVE-2012-3110 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54506

Oracle Outside In Technology CVE-2012-3107 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54504

Oracle Outside In Technology CVE-2012-3106 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54546

Oracle Outside In Technology CVE-2012-3109 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54554

Oracle Outside In Technology CVE-2012-3108 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54550

Oracle Outside In Technology CVE-2012-1772 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54497

Oracle Outside In Technology CVE-2012-1771 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54543

Oracle Outside In Technology CVE-2012-1766 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54531

Oracle Outside In Technology CVE-2012-1770 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54541

Oracle Outside In Technology CVE-2012-1773 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54548

Oracle Outside In Technology CVE-2012-1769 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54500

Oracle Outside In Technology CVE-2012-1767 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54511

Intel CPU Hardware Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53856

CommPort 'signup.cgi' SQL Injection Vulnerability
http://www.securityfocus.com/bid/55239

Vlinks 'id' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/55236

XWiki Enterprise Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55235

Multiple Products Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/55234

Tigase XMPP Server Dialback Protection Bypass Component Security Bypass Vulnerability
http://www.securityfocus.com/bid/55232

WordPress Count Per Day Plugin Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55231

Joomla Komento Component 'cid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/55230

WordPress Image News Slider Plugin Multiple Unspecified Remote Vulnerabilities
http://www.securityfocus.com/bid/55228

SysAid Unspecified SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55227

Multiple Conceptronic Products 'login.js' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55226

ownCloud 'fileuploaded.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/55223

ownCloud 'Remember Me' Function Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/55221

OpenJPEG Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55214

Joomla! Komento Component 'cid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/55212

Symantec Messaging Gateway SSH Default Password Security Bypass Vulnerability
http://www.securityfocus.com/bid/55143

Symantec Messaging Gateway CVE-2012-3581 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55142

Symantec Messaging Gateway CVE-2012-3580 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55141

Symantec Messaging Gateway Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55138

Symantec Messaging Gateway CVE-2012-0308 Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/55137

2012年8月27日月曜日

27日月曜日、仏滅

+ CESA-2012:1202 Moderate CentOS 6 libvirt Update
http://lwn.net/Alerts/513354/

+ CESA-2012:1201 Moderate CentOS 5 tetex Update
http://lwn.net/Alerts/513356/

+ VMware Player 5.0.0 released
https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/5_0|PLAYER-500|product_downloads

+ UPDATE: HPSBUX02806 SSRT100789 rev.2 - HP Serviceguard, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03457976%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Linux kernel 3.5.3 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.3

+ Sudo 1.7.10rc4, 1.8.6rc1 released
http://www.sudo.ws/sudo/devel.html#1.7.10rc4
http://www.sudo.ws/sudo/devel.html#1.8.6rc1

+ Linux Kernel Netlink Message Handling Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3520

ウイルスバスター for Mac プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1827

PostgreSQL PHP Generator 12.8 released
http://www.postgresql.org/about/news/1408/

Postgres Plus xDB Replication Server BETA with Multi-Master support is now available
http://www.postgresql.org/about/news/1409/

Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - S
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00171.html

[SECURITY] [DSA 2533-1] pcp security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00169.html

[security bulletin] HPSBUX02806 SSRT100789 rev.2 - HP Serviceguard, Remote Denial of Service (Do
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00168.html

ESA-2012-039: EMC ApplicationXtender Arbitrary File Upload Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00167.html

［1］セキュリティ対策の“常識”を疑え
セキュリティ管理者に求められる発想の転換
http://itpro.nikkeibp.co.jp/article/COLUMN/20120820/416830/?ST=security

JVNVU#663809 MarkAny ContentSAFER MASetupCaller の ActiveX コントロールに脆弱性
http://jvn.jp/cert/JVNVU663809/

JVNVU#318779 Websense Content Gateway にクロスサイトスクリプティングの脆弱性
http://jvn.jp/cert/JVNVU318779/

JVNDB-2012-001783 複数の Mozilla 製品の nsSMILTimeValueSpec::ConvertBetweenTimeContainer 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001783.html

JVNDB-2012-001782 複数の Mozilla 製品の SVG Filters 実装における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001782.html

JVNDB-2012-001781 複数の Mozilla 製品におけるクロスサイトスクリプティング (XSS) 攻撃を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001781.html

JVNDB-2012-001779 複数の Mozilla 製品における CRLF インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001779.html

JVNDB-2012-003853 (JVNVU#582879) Open Technology Real Services にクロスサイトスクリプティングの脆弱性 4.3 2012/08/23 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003853.html

JVNDB-2012-003852 Websense Email Security の SMTP コンポーネントにおける重要な情報を取得される脆弱性 5.0 2012/08/23 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003852.html

JVNDB-2012-003851 Websense Web Security の TRITON 管理コンソールにおける認証を回避される脆弱性 4.3 2012/08/23 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003851.html

JVNDB-2012-003850 複数の Websense 製品の TRITON 管理コンソールにおけるコマンドを実行される脆弱性 7.5 2012/08/23 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003850.html

JVNDB-2012-003849 Websense Web Security および Web Filter におけるサービス運用妨害 (DoS) の脆弱性 5.0 2012/08/23 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003849.html

JVNDB-2012-003848 Websense Web Security および Web Filter におけるクッキーをキャプチャされる脆弱性 5.0 2012/08/23 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003848.html

JVNDB-2012-003847 Websense Web Security および Web Filter の Remote Filtering におけるサービス運用妨害 (DoS) の脆弱性 5.0 2012/08/23 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003847.html

JVNDB-2012-003846 Websense Web Security および Web Filter におけるフィルタリングを回避される脆弱性 2.1 2012/08/23 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003846.html

JVNDB-2012-003845 Windows 上で稼働する Websense Web Security および Web Filter におけるサービス運用妨害 (DoS) の脆弱性 4.3 2012/08/23 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003845.html

JVNDB-2012-003844 複数の Websense 製品におけるフィルタリングおよびモニタリングを回避される脆弱性 4.3 2012/08/23 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003844.html

JVNDB-2012-003843 Websense Email Security における重要な情報を取得される脆弱性 5.0 2012/08/23 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003843.html

JVNDB-2012-003842 Websense Email Security における送信者のブラックリストを回避される脆弱性 5.0 2012/08/23 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003842.html

JVNDB-2012-003841 Websense Web Security および Web Filter におけるクロスサイトスクリプティングの脆弱性 4.3 2012/08/23 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003841.html

JVNDB-2012-003840 Websense Web Security および Web Filter における重要な情報を取得される脆弱性 4.3 2012/08/23 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003840.html

JVNDB-2012-003839 Websense Enterprise の Filtering Service におけるフィルタリングを回避される脆弱性 5.0 2012/08/23 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003839.html

JVNDB-2012-003838 Apache HTTP Server のプロキシ機能における重要な情報を取得される脆弱性 4.3 2012/08/16 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003838.html

JVNDB-2012-003836 McAfee SmartFilter Administration における任意のコードを実行される脆弱性 10.0 2012/08/22 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003836.html

JVNDB-2012-003835 McAfee Virtual Technician および ePO-MVT における任意のコードを実行される脆弱性 9.3 2012/08/22 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003835.html

JVNDB-2012-003829 McAfee Enterprise Mobility Manager のポータルにおけるクッキーを取得される脆弱性 5.0 2012/08/22 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003829.html

JVNDB-2012-003828 McAfee Enterprise Mobility Manager のポータルにおける重要な情報を取得される脆弱性 5.0 2012/08/22 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003828.html

JVNDB-2012-003827 McAfee Enterprise Mobility Manager のポータルにおけるクロスサイトスクリプティングの脆弱性 4.3 2012/08/22 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003827.html

JVNDB-2012-003826 McAfee Enterprise Mobility Manager のポータルにおけるアクセス権を取得される脆弱性 2.1 2012/08/22 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003826.html

JVNDB-2012-003816 (JVNVU#247235) Cute Editor にクロスサイトスクリプティングの脆弱性 3.5 2012/08/17 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003816.html

JVNDB-2012-003815 (JVNVU#251635) Samsung および HTC 製 Android 端末に情報漏えいの脆弱性 7.1 2012/08/17 2012/08/24
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003815.html

JVNDB-2012-003813 McAfee Firewall Reporter の Web インターフェイスにおけるアクセス権を取得される脆弱性 7.5 2012/08/22 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003813.html

JVNDB-2012-003812 McAfee VirusScan Enterprise における製品を無効にされる脆弱性 2.6 2012/08/22 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003812.html

JVNDB-2012-003811 F-Secure Anti-Virus における任意のコードを実行される脆弱性 6.4 2012/08/22 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003811.html

JVNDB-2012-003810 AVG Anti-Virus における任意のコードを実行される脆弱性 6.4 2012/08/22 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003810.html

JVNDB-2012-003809 Symantec Norton AntiVirus における任意のコードを実行される脆弱性 6.4 2012/08/22 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003809.html

JVNDB-2012-003808 McAfee VirusScan Enterprise における任意のコードを実行される脆弱性 6.4 2012/08/22 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003808.html

JVNDB-2012-003807 McAfee VirusScan Enterprise における権限を取得される脆弱性 9.3 2012/08/22 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003807.html

JVNDB-2012-003806 McAfee Host Data Loss Prevention の Web Post Protection 機能における重要な情報を取得される脆弱性 1.9 2012/08/22 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003806.html

JVNDB-2012-003805 McAfee LinuxShield における統計サーバーへの管理アクセスを取得される脆弱性 6.5 2012/08/22 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003805.html

JVNDB-2012-003804 McAfee Common Management Agent および McAfee Agent における任意のファイルを上書される脆弱性 6.5 2012/08/22 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003804.html

JVNDB-2012-003803 phpMyAdmin におけるクロスサイトスクリプティングの脆弱性 3.5 2012/08/16 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003803.html

JVNDB-2012-003802 phpMyAdmin の Database Structure ページにおけるクロスサイトスクリプティングの脆弱性 3.5 2012/08/16 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003802.html

JVNDB-2012-003801 phpMyAdmin の show_config_errors.php における重要な情報を取得される脆弱性 5.0 2012/08/09 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003801.html

JVNDB-2012-003800 FreeBSD 上で稼働する geli 暗号化プロバイダにおける暗号化による保護メカニズムを破られる脆弱性 2.1 2012/08/21 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003800.html

JVNDB-2012-003799 Korenix Jetport およびその他の製品で使用されるファームウェアにおける管理アクセスを取得される脆弱性 10.0 2012/08/21 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003799.html

JVNDB-2012-003798 Adobe Flash Player におけるコンテンツを読まれる脆弱性 4.3 2012/08/21 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003798.html

JVNDB-2012-003797 Adobe Flash Player における整数オーバーフローの脆弱性 10.0 2012/08/21 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003797.html

JVNDB-2012-003796 Adobe Flash Player における任意のコードを実行される脆弱性 10.0 2012/08/21 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003796.html

JVNDB-2012-003795 Adobe Flash Player における任意のコードを実行される脆弱性 10.0 2012/08/21 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003795.html

JVNDB-2012-003794 Adobe Flash Player における任意のコードを実行される脆弱性 10.0 2012/08/21 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003794.html

JVNDB-2012-003793 Adobe Flash Player における任意のコードを実行される脆弱性 10.0 2012/08/21 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003793.html

JVNDB-2012-003792 Google Chrome で使用される Mesa における任意のコードを実行される脆弱性 10.0 2012/08/21 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003792.html

JVNDB-2012-003791 Apple Remote Desktop における平文の VNC セッションを取得される脆弱性 4.3 2012/08/20 2012/08/23
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003791.html

JVNDB-2012-003790 Adobe Reader におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性 9.3 2012/08/21 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003790.html

JVNDB-2012-003789 IBM Lotus Domino におけるクロスサイトスクリプティングの脆弱性 4.3 2012/08/15 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003789.html

JVNDB-2012-003788 IBM Lotus Domino の HTTP サーバにおける CRLF インジェクションの脆弱性 4.3 2012/08/15 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003788.html

JVNDB-2012-003787 IBM WAS の管理コンソールにおけるクロスサイトスクリプティングの脆弱性 4.3 2012/08/06 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003787.html

JVNDB-2012-003786 IBM WAS の HTTP サーバで使用される IBM Global Security Kit におけるサービス運用妨害 (DoS) の脆弱性 5.0 2012/08/06 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003786.html

JVNDB-2012-003785 (JVNVU#441363) HP Virtual SAN Appliance 上で稼働する HP SAN/iQ におけるアクセスを取得される脆弱性 4.0 2012/08/20 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003785.html

JVNDB-2012-003784 (JVNVU#441363) HP Virtual SAN Appliance 上で稼働する HP SAN/iQ における任意のコマンドを実行される脆弱性 7.7 2012/08/20 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003784.html

JVNDB-2012-003783 HP Serviceguard におけるサービス運用妨害 (DoS) の脆弱性 7.8 2012/08/15 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003783.html

JVNDB-2012-003782 (JVNVU#441363) HP Virtual SAN Appliance 上で稼働する HP SAN/iQ における任意のコマンドを実行される脆弱性 7.7 2012/08/20 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003782.html

JVNDB-2012-003781 TCExam の admin/code/tce_edit_answer.php におけるクロスサイトスクリプティングの脆弱性 2.1 2012/08/06 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003781.html

JVNDB-2012-003780 TCExam における SQL インジェクションの脆弱性 6.8 2012/08/06 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003780.html

JVNDB-2012-003779 Jease におけるクロスサイトスクリプティングの脆弱性 4.3 2012/08/20 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003779.html

JVNDB-2012-003778 Total Shop UK eCommerce Open Source におけるクロスサイトスクリプティングの脆弱性 4.3 2012/08/20 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003778.html

JVNDB-2012-003777 libotr におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性 4.3 2012/08/20 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003777.html

JVNDB-2012-003776 KOffice の Microsoft インポートフィルタにおけるヒープベースのバッファオーバーフローの脆弱性 7.5 2012/08/10 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003776.html

JVNDB-2012-003775 Calligra の Microsoft インポートフィルタにおけるヒープベースのバッファオーバーフローの脆弱性 7.5 2012/08/10 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003775.html

JVNDB-2012-003774 OpenStack Compute (Nova) の virt/disk/api.py における任意のファイルを上書される脆弱性 4.9 2012/07/31 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003774.html

JVNDB-2012-003773 devotee における秘密のあだ名を取得される脆弱性 5.0 2012/08/20 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003773.html

JVNDB-2012-003770 FFmpeg の libavcode の j2kdec.c におけるバッファオーバーフローの脆弱性 5.0 2012/08/20 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003770.html

JVNDB-2012-003769 FFmpeg の libavcodec/dpcm.c におけるヒープベースのバッファオーバーフローの脆弱性 5.0 2012/08/20 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003769.html

JVNDB-2012-003768 FFmpeg の libavcodec/aacsbr.c におけるサービス運用妨害 (DoS) の脆弱性 4.3 2012/08/20 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003768.html

JVNDB-2012-003767 FFmpeg の libavcodec/ws-snd1.c におけるヒープベースのバッファオーバーフローの脆弱性 4.3 2012/08/20 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003767.html

JVNDB-2012-003766 FFmpeg の libavfilter/avfilter.c におけるヒープベースのバッファオーバーフローの脆弱性 4.3 2012/08/20 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003766.html

JVNDB-2012-003765 FFmpeg の libavcodec の vorbis.c におけるサービス運用妨害 (DoS) の脆弱性 6.8 2012/08/20 2012/08/22
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003765.html

JVNDB-2012-003648 Windows および Mac OS X 上の Adobe Reader および Acrobat における任意のコードを実行される脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003648.html

JVNDB-2012-003631 Windows および Mac OS X 上の Adobe Reader および Acrobat におけるヒープベースのバッファオーバーフローの脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003631.html

JVNDB-2012-003632 Windows および Mac OS X 上の Adobe Reader および Acrobat におけるスタックベースのバッファオーバーフローの脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003632.html

JVNDB-2012-003633 Windows および Mac OS X 上の Adobe Reader および Acrobat におけるバッファオーバーフローの脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003633.html

JVNDB-2012-003634 Windows および Mac OS X 上の Adobe Reader および Acrobat における任意のコードを実行される脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003634.html

JVNDB-2012-003635 Windows および Mac OS X 上の Adobe Reader および Acrobat における任意のコードを実行される脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003635.html

JVNDB-2012-003636 Windows および Mac OS X 上の Adobe Reader および Acrobat における任意のコードを実行される脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003636.html

JVNDB-2012-003637 Windows および Mac OS X 上の Adobe Reader および Acrobat における任意のコードを実行される脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003637.html

JVNDB-2012-003638 Windows および Mac OS X 上の Adobe Reader および Acrobat における任意のコードを実行される脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003638.html

JVNDB-2012-003639 Windows および Mac OS X 上の Adobe Reader および Acrobat における任意のコードを実行される脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003639.html

JVNDB-2012-003640 Windows および Mac OS X 上の Adobe Reader および Acrobat における任意のコードを実行される脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003640.html

JVNDB-2012-003641 Windows および Mac OS X 上の Adobe Reader および Acrobat における任意のコードを実行される脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003641.html

JVNDB-2012-003642 Windows および Mac OS X 上の Adobe Reader および Acrobat における任意のコードを実行される脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003642.html

JVNDB-2012-003643 Windows および Mac OS X 上の Adobe Reader および Acrobat における任意のコードを実行される脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003643.html

JVNDB-2012-003644 Windows および Mac OS X 上の Adobe Reader および Acrobat における任意のコードを実行される脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003644.html

JVNDB-2012-003645 Windows および Mac OS X 上の Adobe Reader および Acrobat における任意のコードを実行される脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003645.html

JVNDB-2012-003646 Windows および Mac OS X 上の Adobe Reader および Acrobat における任意のコードを実行される脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003646.html

JVNDB-2012-003647 Windows および Mac OS X 上の Adobe Reader および Acrobat における任意のコードを実行される脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003647.html

JVNDB-2012-003649 Mac OS X 上で稼働する Adobe Reader および Acrobat における任意のコードを実行される脆弱性 7.5 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003649.html

JVNDB-2012-003650 Mac OS X 上で稼働する Adobe Reader および Acrobat における任意のコードを実行される脆弱性 7.5 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003650.html

JVNDB-2012-003618 (JVNTA12-227A) Microsoft Internet Explorer 6 および 7 における任意のコードを実行される脆弱性 9.3 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003618.html

JVNDB-2012-003619 (JVNTA12-227A) Microsoft Internet Explorer 6 から 9 における任意のコードを実行される脆弱性 9.3 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003619.html

JVNDB-2012-003620 (JVNTA12-227A) Microsoft Internet Explorer 6 から 9 における任意のコードを実行される脆弱性 9.3 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003620.html

JVNDB-2012-003621 (JVNTA12-227A) 64 ビット上で稼働する複数の Microsoft 製品における整数オーバーフローの脆弱性 9.3 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003621.html

JVNDB-2012-003622 (JVNTA12-227A) Microsoft Windows の Remote Desktop Protocol の実装における任意のコードを実行される脆弱性 9.3 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003622.html

JVNDB-2012-003623 (JVNTA12-227A) Microsoft Windows の LanmanWorkstation サービスにおけるサービス運用妨害 (DoS) の脆弱性 5.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003623.html

JVNDB-2012-003624 (JVNTA12-227A) Microsoft Windows の印刷スプーラーサービスにおけるフォーマットストリングの脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003624.html

JVNDB-2012-003625 (JVNTA12-227A) Microsoft Windows XP の LanmanWorkstation サービスにおけるヒープベースのバッファオーバーフローの脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003625.html

JVNDB-2012-003626 (JVNTA12-227A) Microsoft Windows XP の LanmanWorkstation サービスにおけるスタックベースのバッファオーバーフローの脆弱性 10.0 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003626.html

JVNDB-2012-003627 (JVNTA12-227A) Microsoft Windows のカーネルモードドライバ内の win32k.sys における権限昇格の脆弱性 7.2 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003627.html

JVNDB-2012-003628 (JVNTA12-227A) Microsoft Office 2007 および 2010 における任意のコードを実行される脆弱性 9.3 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003628.html

JVNDB-2012-003656 Adobe Flash Player における任意のコードを実行される脆弱性 9.3 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003656.html

JVNDB-2012-003629 (JVNTA12-227A) Microsoft Visio 2010 および Visio Viewer 2010 におけるバッファオーバーフローの脆弱性 9.3 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003629.html

JVNDB-2012-003630 (JVNTA12-227A) 複数の Microsoft 製品の MSCOMCTL.OCX における任意のコードを実行される脆弱性 9.3 2012/08/14 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003630.html

JVNDB-2012-003752 MySQLDumper におけるクロスサイトリクエストフォージェリの脆弱性 5.1 2012/08/13 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003752.html

JVNDB-2012-003751 Sielco Sistemi Winlog Pro SCADA および Winlog Lite SCADA におけるサービス運用妨害 (DoS) の脆弱性 9.3 2012/07/31 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003751.html

JVNDB-2012-003750 Sielco Sistemi Winlog Pro SCADA および Winlog Lite SCADA におけるサービス運用妨害 (DoS) の脆弱性 9.3 2012/07/17 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003750.html

JVNDB-2012-003749 Sielco Sistemi Winlog Pro SCADA および Winlog Lite SCADA における任意のコードを実行される脆弱性 9.3 2012/07/17 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003749.html

JVNDB-2012-003748 Sielco Sistemi Winlog Pro SCADA および Winlog Lite SCADA におけるディレクトリトラバーサルの脆弱性 4.3 2012/07/17 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003748.html

JVNDB-2012-003747 Sielco Sistemi Winlog Pro SCADA および Winlog Lite SCADA における任意のコードを実行される脆弱性 9.3 2012/07/31 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003747.html

JVNDB-2012-003746 Sielco Sistemi Winlog Pro SCADA および Winlog Lite SCADA における任意のコードを実行される脆弱性 9.3 2012/07/17 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003746.html

JVNDB-2012-003745 Sielco Sistemi Winlog Pro SCADA および Winlog Lite SCADA におけるスタックベースのバッファオーバーフローの脆弱性 9.3 2012/07/17 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003745.html

JVNDB-2012-003744 IBM Power Hardware Management Console におけるクロスサイトスクリプティングの脆弱性 4.3 2012/08/08 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003744.html

JVNDB-2012-003738 IBM Rational ClearQuest における重要な情報を取得される脆弱性 5.0 2012/08/08 2012/08/21
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003738.html

PolarisCMS 'WebForm_OnSubmit()' Function Cross Site Scripting Vulnerability
http://www.securiteam.com/securitynews/5XP3J1581C.html

McAfee Email Gateway Lets Remote Users Bypass Authentication and Conduct Cross-Site Scripting and Directory Traversal Attacks
http://www.securitytracker.com/id/1027444

McAfee Email and Web Security Lets Remote Users Bypass Authentication and Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027443

EMC ApplicationXtender Lets Remote Users Upload Files to Execute Arbitrary Code
http://www.securitytracker.com/id/1027442

Ipswitch WhatsUp Gold Input Validation Flaw Lets Remote Users Inject SQL Commands
http://www.securitytracker.com/id/1027441

McAfee Host Data Loss Prevention KeyView File Processing Vulnerabilities
http://secunia.com/advisories/50399/

McAfee Email and Web Security Appliance and Email Gateway Multiple Vulnerabilities
http://secunia.com/advisories/50408/

McAfee Application Control / Change Control Password-Protected Command Bypass
http://secunia.com/advisories/50397/

xt:Commerce "products_name_de" Script Insertion Vulnerability
http://secunia.com/advisories/50373/

SUSE update for php5
http://secunia.com/advisories/50367/

RuggedCom Rugged Operating System SSL Private Key Reuse Vulnerability
http://secunia.com/advisories/50364/

Websense Content Gateway "menu" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50368/

GNU Gatekeeper Unspecified Vulnerability
http://secunia.com/advisories/50343/

Samsung Kies MASetupCaller ActiveX Control Insecure Method Vulnerabilities
http://secunia.com/advisories/50405/

MarkAny Content SAFER MASetupCaller ActiveX Control Insecure Method Vulnerabilities
http://secunia.com/advisories/50365/

GWebmail Cross-Site Scripting and Script Insertion Vulnerabilities
http://secunia.com/advisories/50302/

Debian update for pcp
http://secunia.com/advisories/50329/

Red Hat update for flash-plugin
http://secunia.com/advisories/50369/

Red Hat update for libvirt
http://secunia.com/advisories/50372/

Red Hat update for tetex
http://secunia.com/advisories/50375/

Windows Kernel Intel x64 SYSRET Code Signing Bypass *youtube*
http://cxsecurity.com/issue/WLB-2012080255

Zend Framework SQL Configuration-File disclosure
http://cxsecurity.com/issue/WLB-2012080254

Ideaplus CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012080253

Typomania CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012080252

Joomla Komento SQL Injection
http://cxsecurity.com/issue/WLB-2012080251

Area51Lab CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012080250

Pululart CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012080249

MediaSpan Website Management Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080248

Funnel CMS Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080247

E-GlobalFocus CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012080246

Power-eCommerce CMS Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080245

Web Glory CMS Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080244

WordPress Finder Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080243

Qualikom Canada Inc CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012080242

Qualikom Canada Inc CMS Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080241

NetEazer 3 CMS Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080240

ReaLife WebDesigns CMS Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080239

ShareLive CMS Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080238

Power-IT CMS Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080237

LibGuides Springshare CMS Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080236

WordPress Count Per Day 3.2.3 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080235

Web Wiz Forums 10.03 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080234

yahoo messenger 11.5.0 (d3d10.dll) DLL Hijacking Exploit
http://cxsecurity.com/issue/WLB-2012080233

Aoop CMS 0.3.6 SQL Injection / Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080232

WebPA 1.1.0.1 File Upload / Add Administrator
http://cxsecurity.com/issue/WLB-2012080231

BusinessWiki 2.5 RC3 XSS / File Upload
http://cxsecurity.com/issue/WLB-2012080230

Ad Manager Pro SQL Injection / Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080229

Elcom Community Manager 7.4.10 Shell Upload
http://cxsecurity.com/issue/WLB-2012080228

EMC ApplicationXtender Arbitrary File Upload
http://cxsecurity.com/issue/WLB-2012080227

Easy Banner Pro Local File Inclusion
http://cxsecurity.com/issue/WLB-2012080226

AB Banner Exchange Local File Inclusion
http://cxsecurity.com/issue/WLB-2012080225

Text Exchange Pro Local File Inclusion
http://cxsecurity.com/issue/WLB-2012080224

Microsoft Indexing Service Server-side (ixsso.dll) null pointer dereference
http://cxsecurity.com/issue/WLB-2012080223

Ad Manager Pro 4 Remote FLI
http://cxsecurity.com/issue/WLB-2012080222

SaltOS 3.1 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080221

op5 Monitoring 5.4.2 XSS / CSRF / SQL Injection
http://cxsecurity.com/issue/WLB-2012080220

DoS/PoC: WireShark 1.8.2 & 1.6.0 Buffer Overflow 0day PoC
http://www.exploit-db.com/exploits/20784

libsoup SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/53232

Linux Kernel IPv6 'nf_ct_frag6_reasm()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54367

JW Player 'playerready' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54739

PHP CVE-2012-3365 'open_basedir' Security-Bypass Vulnerability
http://www.securityfocus.com/bid/54612

PHP '_php_stream_scandir()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54638

Poppler Multiple Denial of Service and Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/43594

XPDF 'Gfx::getPos()' (CVE-2010-3702) Unitialized Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/43845

Evince AFM Font File Parser Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47168

Evince Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/45678

t1lib Type 1 Font Parsing Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/47169

Linux Kernel dl2k Network Driver IOCTL Handling Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53965

libvirt Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/54748

Linux Kernel Netlink Message Handling Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55152

gdk-pixbuf 'read_bitmap_file_data()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/53548

Xfig and Transfig '.fig' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37193

Ruby on Rails CVE-2012-3464 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54958

Ruby on Rails 'select_tag()' Method CVE-2012-3463 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54959

Ruby on Rails 'strip_tags()' CVE-2012-3465 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54957

GNU Emacs 'enable-local-variables' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54969

elcomCMS 'UploadStyleSheet.aspx' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/55210

EMC ApplicationXtender Multiple Products Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/55209

oVirt SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/55208

PHP Web Scripts Easy Banner Pro 'page' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/55207

AbScripts AB Banner Exchange 'page' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/55206

PHP Web Scripts Text Exchange Pro 'page' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/55205

PHP Web Scripts Ad Manager Pro Multiple HTML Injection and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/55203

Microsoft Indexing Service 'ixsso.dll' ActiveX Control Denial of Service Vulnerability
http://www.securityfocus.com/bid/55202

GNU Gatekeeper Unspecified Security Vulnerability
http://www.securityfocus.com/bid/55198

登録: 投稿 (Atom)

2012年8月31日金曜日

31日 金曜日、友引

2012年8月30日木曜日

30日 木曜日、先勝