2012年8月23日木曜日

23日 木曜日、赤口


+ Chrome for iPhone and iPad 21.0.1180.77 released
http://googlechromereleases.blogspot.jp/2012/08/chrome-for-ios-update.html

+ CESA-2012:1174 Low CentOS 5 kernel Update
http://lwn.net/Alerts/512913/

+ UPDATE: HPSBUX02791 SSRT100856 rev.2 - HP-UX Apache Web Server running PHP
Remote Execution of Arbitrary Code
Privilege Elevation
Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03368475%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2311

+ SA50323 Linux Kernel Netlink Message Handling Privilege Escalation Vulnerability
http://secunia.com/advisories/50323/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3520

+ SA50310 Linux Kernel "madvise_remove()" Use-After-Free Vulnerability
http://secunia.com/advisories/50310/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3511

+ SA50363 Apache HTTP Server Information Disclosure and Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50363/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3502

+ GNU glibc Multiple Local Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480

ウイルスバスタービジネスセキュリティサービス バージョンアップ用メンテナンスのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1826

Sophos SafeGuard Disk Encryption for Mac - Compatibility with OS X 10.8 (Mountain Lion)
http://www.sophos.com/en-us/support/knowledgebase/118132.aspx

「2011年度 情報セキュリティ事象被害状況調査票」について
  ~ アンケート調査へのご協力をお願いします ~
http://www.ipa.go.jp/security/fy23/reports/isec-survey/cyousahyou.html

不正DOCファイルで軍需産業を狙う標的型攻撃
http://itpro.nikkeibp.co.jp/article/COLUMN/20120817/416403/?ST=security

データベースへの保存方法を考える
http://itpro.nikkeibp.co.jp/article/COLUMN/20120810/415586/?ST=security

DIT、特権IDを制御/監視するソフトの新版でWebアクセスを対象に
http://itpro.nikkeibp.co.jp/article/NEWS/20120822/417287/?ST=security

マカフィーの定義ファイルに重大な不具合、ネット接続不可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20120822/417202/?ST=security

NECが極小リソースで動作する軽量高速暗号「TWINE」を開発、ビッグデータなどで活用
http://itpro.nikkeibp.co.jp/article/NEWS/20120822/417221/?ST=security

XSS and SQL Injection Vulnerabilities in Jara
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00140.html

XSS Vulnerabilities in LabWiki
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00139.html

XSS and SQL Injection Vulnerabilities in OrderSys
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00138.html

XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00137.html

[ MDVSA-2012:142 ] gimp
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00136.html

apache struts2 remote code execute
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00135.html

Apple Remote Desktop update fixes no encryption issue
http://isc.sans.edu/diary.html?storyid=13951

Phishing/spam via SMS
http://isc.sans.edu/diary.html?storyid=13954

Foxit Reader Memory Corruption Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027424

Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information
http://www.securitytracker.com/id/1027422

VU#582879 Open Technology Real Services cross-site scripting vulnerability
http://www.kb.cert.org/vuls/id/582879

OrderSys Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50345/

Red Hat update for kernel
http://secunia.com/advisories/50346/

Red Hat update for katello
http://secunia.com/advisories/50344/

CuteSoft Cute Editor for ASP.NET "_UploadID" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50313/

Linux Kernel Netlink Message Handling Privilege Escalation Vulnerability
http://secunia.com/advisories/50323/

IBM HMC Login Panel Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50376/

Linux Kernel "madvise_remove()" Use-After-Free Vulnerability
http://secunia.com/advisories/50310/

Foxit Reader PDF Parsing Unspecified Memory Corruption
http://secunia.com/advisories/50359/

Squiz CMS File Disclosure Vulnerability
http://secunia.com/advisories/50355/

IBM DB2 XML File Disclosure Vulnerability
http://secunia.com/advisories/50314/

InterNetNews nnrpd "STARTTLS" Plaintext Injection Vulnerability
http://secunia.com/advisories/50320/

SUSE update for rubygem-activerecord
http://secunia.com/advisories/50326/

SUSE update for rubygem-actionpack
http://secunia.com/advisories/50321/

Google Chrome Adobe Flash Player Vulnerabilities
http://secunia.com/advisories/50356/

Apache HTTP Server Information Disclosure and Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50363/

Avaya CMS Oracle Solaris "apr_fnmatch()" Denial of Service Vulnerability
http://secunia.com/advisories/50370/

Adobe Flash Player Multiple Vulnerabilities
http://secunia.com/advisories/50354/

WebKit ContentEditable swapInNode Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080193

Cisco AnyConnect VPN Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080192

Novell eDirectory RelativeToFullDN Parsing Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080191

Symantec Endpoint Protection Remote Code Execution Vulnerability
http://cxsecurity.com/issue/WLB-2012080190

GE Proficy Real Remote Code Execution Vulnerability
http://cxsecurity.com/issue/WLB-2012080189

Multiple apps plain text storage in memory (FileZilla, iTunes, etc)
http://cxsecurity.com/issue/WLB-2012080188

VamCart v0.9 CSRF Vulnerability
http://cxsecurity.com/issue/WLB-2012080187

New-CMS 2.2 Directory Traversal
http://cxsecurity.com/issue/WLB-2012080186

LabWiki 1.5 XSS Vulnerabilities
http://cxsecurity.com/issue/WLB-2012080185

OrderSys 1.6.4 XSS and SQL Injection
http://cxsecurity.com/issue/WLB-2012080184

Banana Dance B.2.1 CMS XSS and Blind SQL Injection
http://cxsecurity.com/issue/WLB-2012080183

Jara 1.6 XSS and SQL Injection
http://cxsecurity.com/issue/WLB-2012080182

OpenDocMan Password Change CSRF
http://cxsecurity.com/issue/WLB-2012080181

Utopia News Pro 1.4.0 <= CSRF Add Admin Vulnerability
http://cxsecurity.com/issue/WLB-2012080180

REMOTE: Sysax Multi Server 5.64 Create Folder Buffer Overflow
http://www.exploit-db.com/exploits/20702

DoS/PoC: SAP Netweaver Dispatcher 7.0 EHP1/2 Multiple Vulnerabilities
http://www.exploit-db.com/exploits/20705

Microsoft Data Access Components CVE-2012-1891 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54308

Microsoft Excel CVE-2012-1847 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53379

OpenStack Nova CVE-2012-3447 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/54869

IBM Lotus Notes CVE-2012-2174 URL Handler Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54070

Oracle Enterprise Manager CVE-2012-0525 SQL Injection Vulnerability
http://www.securityfocus.com/bid/53063

Oracle Database Server CVE-2012-0526 Remote HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/53084

EMC AutoStart CVE-2012-0409 Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/53682

Oracle Database Server CVE-2012-0527 Remote HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/53093

Oracle Database Server CVE-2012-0534 Remote RDBMS Core Vulnerability
http://www.securityfocus.com/bid/53076

Apache 'mod-rpaf' Module Denial of Service Vulnerability
http://www.securityfocus.com/bid/55154

Oracle Database Server CVE-2012-0552 Remote Oracle Spatial Vulnerability
http://www.securityfocus.com/bid/53097

Symantec Endpoint Protection Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51795

ImageMagick 'Magick_png_malloc()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/54714

XODA Arbitrary File Upload and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55127

Advantech Studio ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/47596

Google Chrome Prior to 15.0.874.120 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/50642

Oracle Database Server CVE-2012-1745 Remote Network Layer Vulnerability
http://www.securityfocus.com/bid/54501

Oracle Database Server CVE-2012-3134 Remote Core RDBMS Vulnerability
http://www.securityfocus.com/bid/54496

OTRS 'Body' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/54890

Apple QuickTime Prior To 7.7.2 'sean' Atoms Integer Overflow Vulnerability
http://www.securityfocus.com/bid/53582

Oracle Enterprise Manager for Oracle Database CVE-2012-1737 Remote Security Vulnerability
http://www.securityfocus.com/bid/54569

GE Proficy Real-Time Information Portal 'rifsrvd.exe' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/52439

Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54107

E-Mail Security Virtual Appliance Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55050

Cisco AnyConnect Secure Mobility Client Downgrade Security Weaknesses
http://www.securityfocus.com/bid/54108

Symantec Web Gateway Password Change Security Bypass Vulnerability
http://www.securityfocus.com/bid/54430

Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/47820

IBM DB2 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53873

OpenStack Nova CVE-2012-3361 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/54278

Alligra Calligra Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54816

Xen CVE-2012-3433 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54942

Performance Co-Pilot Multiple Vulnerabilities
http://www.securityfocus.com/bid/55041

GNU glibc Multiple Local Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54982

python-feedparser 'feedparser/feedparser.py' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47177

python-feedparser Denial of Service and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/46867

HP LeftHand Virtual SAN Appliance Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/55162

HP Operations Agent for NonStop Server Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55161

HP iNode Management Center 'iNodeMngChecker.exe' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55160

HP Diagnostics Server 'magentservice.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55159

HP Intelligent Management Centre 'img.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55158

Novell eDirectory Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55157

ClipBucket 'forgot.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/55155

Banana Dance Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/55153

Squiz CMS Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/55148

OrderSys Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55147

Jara Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55145

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)