2012年8月17日金曜日
17日 金曜日、大安
+ PMASA-2012-4: Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages.
http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4345
+ Wireshark Versions Prior to 1.8.2 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4298
+ phpMyAdmin CVE-2012-4219 'show_config_errors.php' Full Path Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4219
+ Adobe Acrobat and Reader Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55055
+ IBM Lotus Sametime IM Chat Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3308
+ Samsung Galaxy S2 Epic 4G Touch Multiple Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/55053
+ Multiple Samsung and HTC Devices Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2980
[ MDVSA-2012:133 ] usbmuxd
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00097.html
[slackware-security] t1lib (SSA:2012-228-01)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00096.html
vulnerabilities in Samsung Epic 4G Touch with 2.3.6 and probably other Samsung Galaxies
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00098.html
UPDATE: JVNTA12-227A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA12-227A/index.html
JVN#99192898 複数の GREE 製 Android アプリにおける WebView クラスに関する脆弱性
http://jvn.jp/jp/JVN99192898/index.html
グリー製Androidアプリ8種に脆弱性、情報漏洩リスクも
http://itpro.nikkeibp.co.jp/article/NEWS/20120816/416281/?ST=security
IBM Multiple Products Local Privilege Escalation Vulnerability
http://www.securiteam.com/securitynews/5FP3B1F80O.html
Cisco AnyConnect Secure Mobility Client Certificate Validation Security Bypass Vulnerabilities
http://www.securiteam.com/securitynews/5QP3D1580Y.html
TYPO3 Bugs Let Remote Authenticated Users Obtain Information and Execute Arbitrary Code and Permit Remote Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027405
Wireshark Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code
http://www.securitytracker.com/id/1027404
A Poor Man's DNS Anomaly Detection Script
http://isc.sans.edu/diary/A+Poor+Man+s+DNS+Anomaly+Detection+Script/13918
VU#247235 CuteSoft Cute Editor 6.4 reflected cross site scripting
http://www.kb.cert.org/vuls/id/247235
VU#251635 Samsung and HTC android phone information disclosure vulnerability
http://www.kb.cert.org/vuls/id/251635
WordPress RSVPMaker RVSP Report Script Insertion Vulnerability
http://secunia.com/advisories/50289/
Debian update for rssh
http://secunia.com/advisories/50272/
Performance Co-Pilot Multiple Vulnerabilities
http://secunia.com/advisories/50255/
Jease "author" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50253/
Jease "subject" and "comment" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50292/
Red Hat update for flash-plugin
http://secunia.com/advisories/50305/
Drupal Elegant Theme Slide Gallery Script Insertion Vulnerability
http://secunia.com/advisories/50273/
Drupal Custom Publishing Options Module Status Label Script Insertion Vulnerability
http://secunia.com/advisories/50256/
TYPO3 Multiple Vulnerabilities
http://secunia.com/advisories/50287/
Drupal HotBlocks Module Script Insertion and Denial of Service Vulnerabilities
http://secunia.com/advisories/50274/
SUSE update for chromium and v8
http://secunia.com/advisories/50307/
SUSE update for libvirt
http://secunia.com/advisories/50299/
SUSE update for opera
http://secunia.com/advisories/50298/
Wireshark Multiple Vulnerabilities
http://secunia.com/advisories/50276/
Niagara Framework Predictable Session Identifier Vulnerability
http://secunia.com/advisories/50288/
REMOTE: IE Time Element Memory Corruption Exploit (MS11-050)
http://www.exploit-db.com/exploits/20547
REMOTE: E-Mail Security Virtual Appliance (ESVA) Remote Execution
http://www.exploit-db.com/exploits/20551
LOCAL: globalSCAPE CuteZIP Stack Buffer Overflow
http://www.exploit-db.com/exploits/20542
LOCAL: Windows Service Trusted Path Privilege Escalation
http://www.exploit-db.com/exploits/20543
GIMP Scriptfu Python Remote Command Execution
http://cxsecurity.com/issue/WLB-2012080134
E-Mail Security Virtual Appliance < 2.0.6 (ESVA) Remote Execution
http://cxsecurity.com/issue/WLB-2012080133
Roundcube Webmail Version 0.8.0 Stored XSS
http://cxsecurity.com/issue/WLB-2012080132
Sphpforum 0.4 Cross Site Scripting / SQL Injection
http://cxsecurity.com/issue/WLB-2012080131
Blackberry Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080130
Drupal Hotblocks 6.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080129
Drupal Custom Publishing Options 6.x XSS
http://cxsecurity.com/issue/WLB-2012080128
Drupal Elegant Theme 7.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080125
SquidClamav URL Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/54663
WordPress Login With Ajax Plugin Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53423
Wireshark Versions Prior to 1.8.2 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55035
Debian 'libotr2' Package Multiple Heap Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54907
Mozilla Firefox/SeaMonkey/Thunderbird NSS Parsing Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/53798
Adobe Flash Player CVE-2012-1535 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55009
GNU Emacs 'enable-local-variables' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54969
GNU glibc Formatted Printing Functionality Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54374
Multiple Cisco Nexus Devices CVE-2012-1357 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54825
Cisco NX-OS CVE-2012-2469 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54833
WordPress ShareYourCart plugin Path-Disclosure Vulnerability
http://www.securityfocus.com/bid/53241
Samsung NET-i ware Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/53193
Drupal Ubercart Module Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53251
Multiple vBulletin Products Unspecified Security Vulnerability
http://www.securityfocus.com/bid/53226
Samsung TV and BD Products Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/53161
WordPress Image News slider Plugin Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/52977
Drupal Linkit Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/53253
Drupal CDN2 Video Module Cross Site Request Forgery and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52812
SPIP Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53216
Drupal ShareThis Module Cross Site Request Forgery and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52778
Drupal Autosave Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/52985
Drupal Contact Save Module Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52787
Drupal Node Limit Number Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/52816
Drupal Fivestar Module Remote Input Validation Vulnerability
http://www.securityfocus.com/bid/52984
Organic Groups Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/52799
Drupal RealName Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53250
Chaos Tool Suite Module Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52794
Drupal Contact Forms Module Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52801
Travelon Express CMS Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/53500
Free Realty Cross Site Scripting, HTML Injection and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/53491
WordPress Bad Behavior Plugin Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53477
Drupal Bundle Copy Module Arbitrary PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/52811
Drupal Ubercart Views Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52814
Drupal Share Buttons (AddToAny) Module Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52777
Joomla CCNewsLetter Module 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/53208
Drupal MultiBlock Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52800
Trombinoscope 'photo.php' Server SQL Injection Vulnerability
http://www.securityfocus.com/bid/53398
WordPress BulletProof Security 'Accept-Encoding' Header Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53478
MyBB Versions Prior to 1.6.7 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53417
WordPress Better WP Security 'User-Agent' Header Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53480
WordPress WP-FaceThumb 'pagination_wp_facethum' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53497
MYRE Real Estate Mobile Multiple SQL Injection and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53394
myCare2x Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/53392
Samsung NET-i Viewer 'msls31.dll' ActiveX Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53317
MySQLDumper Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53306
eFront Cross Site Scripting and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/53412
XPhone Unified Communications (UC) Web Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53283
Cisco IOS XR Software Route Processor Denial of Service Vulnerability
http://www.securityfocus.com/bid/53728
usbmuxd 'libusbmuxd/libusbmuxd.c' Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51573
t1lib Type 1 Font Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46941
t1lib Type 1 Font Parsing Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/47169
Evince Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/45678
Linux Kernel 'i915_gem_execbuffer.c' Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/53971
Linux Kernel Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/46616
rssh CVE-2012-3478 Security Bypass Vulnerability
http://www.securityfocus.com/bid/53430
GLPI Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/54416
Opera Web Browser Cross Site Scripting Sanitizer Security Bypass Vulnerability
http://www.securityfocus.com/bid/54788
Opera Web Browser Prior to 12.01 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54782
Opera Web Browser Prior to 11.64 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53474
Opera Web Browser HTML Injection Vulnerability
http://www.securityfocus.com/bid/54779
Google Chrome Prior to 20.0.1132.57 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54386
Google Chrome Prior to 19 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53540
CuteZip '.zip' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46375
SPIP Multiple CVE-2012-4331 Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/55061
CuteSoft Cute Editor CVE-2012-2985 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55058
phpMyAdmin CVE-2012-4219 'show_config_errors.php' Full Path Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55057
Adobe Acrobat and Reader Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55055
IBM Lotus Sametime IM Chat Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55054
Samsung Galaxy S2 Epic 4G Touch Multiple Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/55053
TYPO3 Core TYPO3-CORE-SA-2012-004 Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/55052
RoundCube Webmail Multiple HTML-injection Vulnerabilities
http://www.securityfocus.com/bid/55051
E-Mail Security Virtual Appliance Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55050
Jease Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55048
Multiple Samsung and HTC Devices Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55047
Niagara Framework Session Hijacking Vulnerability
http://www.securityfocus.com/bid/55042
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿