2012年8月13日月曜日
13日 月曜日、先勝
+ phpMyAdmin 3.4.11.1 and 3.5.2.2 are released
http://sourceforge.net/news/?group_id=23067&id=308959
+ マイクロソフト セキュリティ情報の事前通知 - 2012 年 8 月
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-aug
+ Oracle Security Alert for CVE-2012-3132
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3132
+ Linux kernel 3.2.7 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.27
+ MySQL 5.1.65 released
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-65.html
+ MySQL 5.6.6 (Milestone 9) released
http://dev.mysql.com/doc/refman/5.6/en/news-5-6-6.html
+ Sudu 1.8.6b4 released
http://www.sudo.ws/sudo/devel.html#1.8.6b4
+ SA50189 FreeBSD SCTP ASCONF Chunk Processing Denial of Service Vulnerability
http://secunia.com/advisories/50189/
+ Linux Kernel UDF Filesystem Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54279
+ Linux kernel NCI Multiple Remote Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3364
Detection by Sophos of Mal/Behav-104 / Trojan.MulDrop3.62656
http://www.sophos.com/en-us/support/knowledgebase/118078.aspx
New guide to building libcurl with Visual Studio 2010
http://curl.haxx.se/libcurl/c/
Uniserveral Database Tools - DtSQL 1.1.1 is released
http://www.postgresql.org/about/news/1404/
夏休みにおける注意喚起
http://www.ipa.go.jp/security/topics/alert240810.html
Google、Chrome安定版でFlashを堅牢なサンドボックスに収容
http://itpro.nikkeibp.co.jp/article/NEWS/20120810/415562/?ST=security
[PRE-SA-2012-05] Multiple heap-based buffer overflows in LibreOffice / OpenOffice
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00067.html
WordPress Plugin Quick Post Widget 1.9.1 Multiple Cross-site scripting vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00066.html
Another Solaris 10 Patch Cluster Symlink Attack
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00064.html
How well does Microsoft support (and follow) their mantra "keep your PC updated"?
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00065.html
JVNDB-2012-001265 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001265.html
JVNDB-2012-003525 日立の JP1/Integrated Management - Service Support におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003525.html
JVNDB-2012-003524 Linux Kernel におけるサービス運用妨害 (パニック) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003524.html
JVNDB-2012-003523 Linux Kernel におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003523.html
JVNDB-2012-003522 x86 プラットフォーム上の Linux Kernel におけるサービス運用妨害 (パニック) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003522.html
JVNDB-2012-003521 Linux Kernel の net/core/sock.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003521.html
JVNDB-2012-003520 Google Chrome の PDF 機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003520.html
JVNDB-2012-003519 Google Chrome の PDF 機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003519.html
JVNDB-2012-003265 ModSecurity におけるフィルタリングルールを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003265.html
JVNDB-2012-003518 RHEL 上で稼働する sudo 用の特定の Red Hat のスクリプトにおける任意のファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003518.html
JVNDB-2012-003517 IBM Global Security Kit における SSL サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003517.html
JVNDB-2012-003516 IBM Global Security Kit におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003516.html
JVNDB-2011-005113 Chef の Chef Server におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005113.html
JVNDB-2011-005112 Chef の Chef Server における cookbooks をアップロードまたは削除される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005112.html
JVNDB-2010-004287 Chef の API におけるユーザアカウントを管理される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-004287.html
Layers of the Defense-in-Depth Onion
http://isc.sans.edu/diary.html?storyid=13882
Oracle Security Alert for CVE-2012-3132
http://isc.sans.edu/diary.html?storyid=13885
Did you get a Better Business Bureau Complaint Today?
http://isc.sans.edu/diary.html?storyid=13876
ISC Feature of the Week: Report Fake Tech Support Calls
http://isc.sans.edu/diary.html?storyid=13879
Blizzard Compromise-- what they missed in their user communication
http://isc.sans.edu/diary.html?storyid=13870
Oracle Database ‘INDEXTYPE CTXSYS.CONTEXT’ Bug Lets Remote Authenticated Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027367
Ruby on Rails Input Validation Flaws Permit Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027366
MailEnable HTML Mail Script Insertion Vulnerability
http://secunia.com/advisories/50205/
Flogr URL "get_previous_page_link()" and "get_next_page_link()" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50172/
Cyclope Employee Surveillance Solution "username" SQL Injection Vulnerability
http://secunia.com/advisories/50200/
Ubuntu update for calligra
http://secunia.com/advisories/50221/
Ubuntu update for koffice
http://secunia.com/advisories/50223/
Ubuntu update for expat
http://secunia.com/advisories/50233/
SUSE update for rubygem-actionpack/activerecord
http://secunia.com/advisories/50160/
Ruby on Rails Three Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50128/
Apache Qpid AMQP Client Shadow Connection Authentication Bypass Vulnerability
http://secunia.com/advisories/50186/
SUSE update for php5
http://secunia.com/advisories/50194/
SUSE update for libxml2
http://secunia.com/advisories/50216/
SUSE update for mono-web
http://secunia.com/advisories/50234/
Xen HVM Guest p2m Teardown Denial of Service Vulnerability
http://secunia.com/advisories/50191/
Mailtraq Email Subject Script Insertion Vulnerability
http://secunia.com/advisories/50202/
Xeams Email Body Script Insertion Vulnerability
http://secunia.com/advisories/50190/
FreeBSD SCTP ASCONF Chunk Processing Denial of Service Vulnerability
http://secunia.com/advisories/50189/
Babbsacks babbiges Board 2.8 Full Multiple Vulnerabilites
http://cxsecurity.com/issue/WLB-2012080101
SolarWinds Orion Network Performance Monitor 10.2.2 Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012080100
Alt-N MDaemon Free 12.5.4 Stored XSS
http://cxsecurity.com/issue/WLB-2012080098
InterPhoto Image Gallery thisurl Cross Site Scripting Vulnerability
http://cxsecurity.com/issue/WLB-2012080098
Flynax General Classifieds 4.0 CMS Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012080097
MobileCartly 1.0 <= Arbitrary Delete Vulnerability
http://cxsecurity.com/issue/WLB-2012080096
MobileCartly 1.0 <= Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080095
Ruby on Rails Potential XSS Vulnerability in escape_html
http://cxsecurity.com/issue/WLB-2012080094
Ruby on Rails Potential XSS Vulnerability in strip_tags
http://cxsecurity.com/issue/WLB-2012080093
Ruby on Rails Potential XSS Vulnerability in select_tag
http://cxsecurity.com/issue/WLB-2012080092
LibreOffice / OpenOffice Multiple heap-based buffer overflows
http://cxsecurity.com/issue/WLB-2012080091
Sananet CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012080090
REMOTE: NetDecision 4.2 TFTP Writable Directory Traversal Execution
http://www.exploit-db.com/exploits/20392
LOCAL: Tunnelblick Local Root Exploit
http://www.exploit-db.com/exploits/20417
LOCAL: Solaris 10 Patch 137097-01 Symlink Attack Privilege Escalation
http://www.exploit-db.com/exploits/20418
LOCAL: Tunnelblick Local Root Exploit #2
http://www.exploit-db.com/exploits/20443
Oracle Database 'CTXSYS.CONTEXT' Index Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/54884
LibreOffice and OpenOffice Multiple Heap Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54769
Linux Kernel UDF Filesystem Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54279
IcedTea-Web Multiple Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54762
BusyBox 'udhcpc' Shell Characters in Response Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/48879
NCompress Decompress Buffer Underflow Vulnerability
http://www.securityfocus.com/bid/19455
Linux Kernel 'fs/eventpoll.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/54283
Linux Kernel Reliable Datagram Sockets (RDS) CVE-2012-2372 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/54062
Linux Kernel 'sock_alloc_send_pskb()' Function Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53721
Linux Kernel CVE-2012-2373 Race Condition Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53614
MacVTap Device Driver Local Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53165
Linux Kernel KVM 'kvm_set_irq()' Function Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54063
Alligra Calligra Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54816
Solaris 10 Patch 137097-01 Symlink Attack Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/54919
RT::Authen::ExternalAuth Extension Security Bypass Vulnerability
http://www.securityfocus.com/bid/54681
Ruby on Rails 'authenticate_or_request_with_http_digest' Method Denial Of Service Vulnerability
http://www.securityfocus.com/bid/54704
NSD NULL Pointer Dereference CVE-2012-2978 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54606
LibTIFF 't2p_read_tiff_init()' Function Heap-based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54601
ISC BIND 9 TCP Query Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54659
ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54658
QEMU CVE-2012-2652 Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/53725
libjpeg-turbo Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54480
MIT Kerberos 5 Uninitialized Pointer Dereference Remote Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/54750
libxml2 CVE-2012-2807 Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54718
Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
http://www.securityfocus.com/bid/49762
Flogr 'tag' Parameter Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/54354
Mailtraq Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/54889
Expat XML Parsing Multiple Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52379
Linux kernel NCI Multiple Remote Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54966
MobileCartly 'deletepage.php' Arbitrary File Deletion Vulnerability
http://www.securityfocus.com/bid/54965
ownCloud 'sharedstorage.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/54964
Flogr Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/54963
ownCloud 'sharing.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54962
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿