2012年8月23日木曜日
23日 木曜日、赤口
+ Chrome for iPhone and iPad 21.0.1180.77 released
http://googlechromereleases.blogspot.jp/2012/08/chrome-for-ios-update.html
+ CESA-2012:1174 Low CentOS 5 kernel Update
http://lwn.net/Alerts/512913/
+ UPDATE: HPSBUX02791 SSRT100856 rev.2 - HP-UX Apache Web Server running PHP
Remote Execution of Arbitrary Code
Privilege Elevation
Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03368475%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2311
+ SA50323 Linux Kernel Netlink Message Handling Privilege Escalation Vulnerability
http://secunia.com/advisories/50323/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3520
+ SA50310 Linux Kernel "madvise_remove()" Use-After-Free Vulnerability
http://secunia.com/advisories/50310/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3511
+ SA50363 Apache HTTP Server Information Disclosure and Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50363/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3502
+ GNU glibc Multiple Local Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480
ウイルスバスタービジネスセキュリティサービス バージョンアップ用メンテナンスのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1826
Sophos SafeGuard Disk Encryption for Mac - Compatibility with OS X 10.8 (Mountain Lion)
http://www.sophos.com/en-us/support/knowledgebase/118132.aspx
「2011年度 情報セキュリティ事象被害状況調査票」について
~ アンケート調査へのご協力をお願いします ~
http://www.ipa.go.jp/security/fy23/reports/isec-survey/cyousahyou.html
不正DOCファイルで軍需産業を狙う標的型攻撃
http://itpro.nikkeibp.co.jp/article/COLUMN/20120817/416403/?ST=security
データベースへの保存方法を考える
http://itpro.nikkeibp.co.jp/article/COLUMN/20120810/415586/?ST=security
DIT、特権IDを制御/監視するソフトの新版でWebアクセスを対象に
http://itpro.nikkeibp.co.jp/article/NEWS/20120822/417287/?ST=security
マカフィーの定義ファイルに重大な不具合、ネット接続不可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20120822/417202/?ST=security
NECが極小リソースで動作する軽量高速暗号「TWINE」を開発、ビッグデータなどで活用
http://itpro.nikkeibp.co.jp/article/NEWS/20120822/417221/?ST=security
XSS and SQL Injection Vulnerabilities in Jara
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00140.html
XSS Vulnerabilities in LabWiki
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00139.html
XSS and SQL Injection Vulnerabilities in OrderSys
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00138.html
XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00137.html
[ MDVSA-2012:142 ] gimp
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00136.html
apache struts2 remote code execute
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00135.html
Apple Remote Desktop update fixes no encryption issue
http://isc.sans.edu/diary.html?storyid=13951
Phishing/spam via SMS
http://isc.sans.edu/diary.html?storyid=13954
Foxit Reader Memory Corruption Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027424
Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information
http://www.securitytracker.com/id/1027422
VU#582879 Open Technology Real Services cross-site scripting vulnerability
http://www.kb.cert.org/vuls/id/582879
OrderSys Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50345/
Red Hat update for kernel
http://secunia.com/advisories/50346/
Red Hat update for katello
http://secunia.com/advisories/50344/
CuteSoft Cute Editor for ASP.NET "_UploadID" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50313/
Linux Kernel Netlink Message Handling Privilege Escalation Vulnerability
http://secunia.com/advisories/50323/
IBM HMC Login Panel Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50376/
Linux Kernel "madvise_remove()" Use-After-Free Vulnerability
http://secunia.com/advisories/50310/
Foxit Reader PDF Parsing Unspecified Memory Corruption
http://secunia.com/advisories/50359/
Squiz CMS File Disclosure Vulnerability
http://secunia.com/advisories/50355/
IBM DB2 XML File Disclosure Vulnerability
http://secunia.com/advisories/50314/
InterNetNews nnrpd "STARTTLS" Plaintext Injection Vulnerability
http://secunia.com/advisories/50320/
SUSE update for rubygem-activerecord
http://secunia.com/advisories/50326/
SUSE update for rubygem-actionpack
http://secunia.com/advisories/50321/
Google Chrome Adobe Flash Player Vulnerabilities
http://secunia.com/advisories/50356/
Apache HTTP Server Information Disclosure and Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50363/
Avaya CMS Oracle Solaris "apr_fnmatch()" Denial of Service Vulnerability
http://secunia.com/advisories/50370/
Adobe Flash Player Multiple Vulnerabilities
http://secunia.com/advisories/50354/
WebKit ContentEditable swapInNode Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080193
Cisco AnyConnect VPN Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080192
Novell eDirectory RelativeToFullDN Parsing Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080191
Symantec Endpoint Protection Remote Code Execution Vulnerability
http://cxsecurity.com/issue/WLB-2012080190
GE Proficy Real Remote Code Execution Vulnerability
http://cxsecurity.com/issue/WLB-2012080189
Multiple apps plain text storage in memory (FileZilla, iTunes, etc)
http://cxsecurity.com/issue/WLB-2012080188
VamCart v0.9 CSRF Vulnerability
http://cxsecurity.com/issue/WLB-2012080187
New-CMS 2.2 Directory Traversal
http://cxsecurity.com/issue/WLB-2012080186
LabWiki 1.5 XSS Vulnerabilities
http://cxsecurity.com/issue/WLB-2012080185
OrderSys 1.6.4 XSS and SQL Injection
http://cxsecurity.com/issue/WLB-2012080184
Banana Dance B.2.1 CMS XSS and Blind SQL Injection
http://cxsecurity.com/issue/WLB-2012080183
Jara 1.6 XSS and SQL Injection
http://cxsecurity.com/issue/WLB-2012080182
OpenDocMan Password Change CSRF
http://cxsecurity.com/issue/WLB-2012080181
Utopia News Pro 1.4.0 <= CSRF Add Admin Vulnerability
http://cxsecurity.com/issue/WLB-2012080180
REMOTE: Sysax Multi Server 5.64 Create Folder Buffer Overflow
http://www.exploit-db.com/exploits/20702
DoS/PoC: SAP Netweaver Dispatcher 7.0 EHP1/2 Multiple Vulnerabilities
http://www.exploit-db.com/exploits/20705
Microsoft Data Access Components CVE-2012-1891 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54308
Microsoft Excel CVE-2012-1847 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53379
OpenStack Nova CVE-2012-3447 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/54869
IBM Lotus Notes CVE-2012-2174 URL Handler Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54070
Oracle Enterprise Manager CVE-2012-0525 SQL Injection Vulnerability
http://www.securityfocus.com/bid/53063
Oracle Database Server CVE-2012-0526 Remote HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/53084
EMC AutoStart CVE-2012-0409 Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/53682
Oracle Database Server CVE-2012-0527 Remote HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/53093
Oracle Database Server CVE-2012-0534 Remote RDBMS Core Vulnerability
http://www.securityfocus.com/bid/53076
Apache 'mod-rpaf' Module Denial of Service Vulnerability
http://www.securityfocus.com/bid/55154
Oracle Database Server CVE-2012-0552 Remote Oracle Spatial Vulnerability
http://www.securityfocus.com/bid/53097
Symantec Endpoint Protection Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51795
ImageMagick 'Magick_png_malloc()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/54714
XODA Arbitrary File Upload and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55127
Advantech Studio ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/47596
Google Chrome Prior to 15.0.874.120 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/50642
Oracle Database Server CVE-2012-1745 Remote Network Layer Vulnerability
http://www.securityfocus.com/bid/54501
Oracle Database Server CVE-2012-3134 Remote Core RDBMS Vulnerability
http://www.securityfocus.com/bid/54496
OTRS 'Body' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/54890
Apple QuickTime Prior To 7.7.2 'sean' Atoms Integer Overflow Vulnerability
http://www.securityfocus.com/bid/53582
Oracle Enterprise Manager for Oracle Database CVE-2012-1737 Remote Security Vulnerability
http://www.securityfocus.com/bid/54569
GE Proficy Real-Time Information Portal 'rifsrvd.exe' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/52439
Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54107
E-Mail Security Virtual Appliance Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55050
Cisco AnyConnect Secure Mobility Client Downgrade Security Weaknesses
http://www.securityfocus.com/bid/54108
Symantec Web Gateway Password Change Security Bypass Vulnerability
http://www.securityfocus.com/bid/54430
Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/47820
IBM DB2 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53873
OpenStack Nova CVE-2012-3361 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/54278
Alligra Calligra Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54816
Xen CVE-2012-3433 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54942
Performance Co-Pilot Multiple Vulnerabilities
http://www.securityfocus.com/bid/55041
GNU glibc Multiple Local Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54982
python-feedparser 'feedparser/feedparser.py' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47177
python-feedparser Denial of Service and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/46867
HP LeftHand Virtual SAN Appliance Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/55162
HP Operations Agent for NonStop Server Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55161
HP iNode Management Center 'iNodeMngChecker.exe' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55160
HP Diagnostics Server 'magentservice.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55159
HP Intelligent Management Centre 'img.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55158
Novell eDirectory Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55157
ClipBucket 'forgot.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/55155
Banana Dance Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/55153
Squiz CMS Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/55148
OrderSys Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55147
Jara Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55145
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿