:: IT Security Neophyte Investigator's MEMO ::: 28日火曜日、大安

2012年8月28日火曜日

28日火曜日、大安

+ RHSA-2012:1208 Moderate: glibc security update
http://rhn.redhat.com/errata/RHSA-2012-1208.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480

+ RHSA-2012:1207 Moderate: glibc security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-1207.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480

+ RHSA-2012:1206 Moderate: python-paste-script security update
http://rhn.redhat.com/errata/RHSA-2012-1206.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0878

+ CESA-2012:1207 Moderate CentOS 5 glibc Update
http://lwn.net/Alerts/513686/

+ Manifest-processing errors in Apache OpenOffice 3.4.0
http://www.openoffice.org/security/cves/CVE-2012-2665.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2665

+ HPSBUX02805 SSRT100919 rev.2 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03441075%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1726

+ SYM12-013: Security Advisories Relating to Symantec Products - Symantec Messaging Gateway Security Issues
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3581

+ Linux kernel 3.4.10, 3.0.42 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.10
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.42

+ Sudo 1.7.10rc5, 1.8.6rc2 released
http://www.sudo.ws/sudo/devel.html#1.7.10rc5
http://www.sudo.ws/sudo/devel.html#1.8.6rc2

+ PostgreSQL 9.2 RC1 Available for Testing
http://www.postgresql.org/about/news/1410/

+ Multiple Products Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/55234

CommPort 1.01 <= SQL Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00178.html

Wordpress fckeditor Arbitrary File Upload Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00177.html

Exploit Title: Mihalism Multi Host v 5.0
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00176.html

Paliz CMS Full Path Disclosure Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00175.html

Chamilo 1.8.8.4 Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00174.html

[slackware-security] dhcp (SSA:2012-237-01)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00173.html

ソースコードセキュリティ検査ツール iCodeChecker
http://www.ipa.go.jp/security/vuln/iCodeChecker/index.html

「脆弱性対策情報の収集と活用」セミナー開催のお知らせ
～米国政府での脆弱性対策の取り組み～
http://www.ipa.go.jp/security/vuln/seminar/lab_semi_scap_2012_2.html

標的型攻撃時代におけるIT部門の役割
［2］国内企業が抱える課題
http://itpro.nikkeibp.co.jp/article/COLUMN/20120820/416831/?ST=security

CAがアイデンティティ管理ソフトの新版、動作設定や操作をGUIで容易に
http://itpro.nikkeibp.co.jp/article/NEWS/20120827/418515/?ST=security

JVNDB-2012-001629 Adobe Flash Player における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001629.html

JVNDB-2012-001954 Adobe Flash Player および AIR の NetStream クラスにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001954.html

JVNDB-2012-001628 Adobe Flash Player の Matrix3D コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001628.html

JVNDB-2012-001504 Adobe Flash Player におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001504.html

JVNDB-2012-001503 Adobe Flash Player におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001503.html

JVNDB-2012-001502 Adobe Flash Player におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001502.html

JVNDB-2012-001501 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001501.html

JVNDB-2012-001500 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001500.html

JVNDB-2012-002603 RPM の headerLoad 関数におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002603.html

JVNDB-2012-002602 RPM におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002602.html

JVNDB-2012-002778 OpenOffice およびその他の製品で使用される Redland Raptor における任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002778.html

JVNDB-2012-003870 (JVNVU#663809) MarkAny ContentSAFER MASetupCaller の ActiveX コントロールに脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003870.html

JVNDB-2012-003869 (JVNVU#318779) Websense Content Gateway にクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003869.html

JVNDB-2012-003867 SetSeed CMS の setseed-hub における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003867.html

JVNDB-2012-003866 DLGuard におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003866.html

JVNDB-2012-003865 Barracuda Link Balancer 330 ファームウェアにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003865.html

JVNDB-2012-003864 Joomla! 用 Techfolio コンポーネントにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003864.html

JVNDB-2012-003863 Kajian Website CMS Balitbang における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003863.html

JVNDB-2012-003862 Blogs Manager における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003862.html

JVNDB-2012-003861 Freelancer calendar における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003861.html

JVNDB-2012-003860 AdaptCMS の config.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003860.html

JVNDB-2012-003859 WordPress 用 Alert Before Your Post プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003859.html

JVNDB-2012-003858 WordPress 用 Flexible Custom Post Type プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003858.html

JVNDB-2012-003857 ZOHO ManageEngine ADSelfService の EmployeeSearch.cc におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003857.html

JVNDB-2012-003856 WordPress 用 WP e-Commerce プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003856.html

JVNDB-2012-003855 Alurian Prismotube PHP Video Script における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003855.html

Malware Spam harvesting Facebook Information
http://isc.sans.edu/diary.html?storyid=13981

Quick Bits about Today's Java 0-Day
http://isc.sans.edu/diary.html?storyid=13984

Oracle Java Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027447

REMOTE: Zabbix Server Arbitrary Command Execution
http://www.exploit-db.com/exploits/20796

REMOTE: Java 7 Applet Remote Code Execution
http://www.exploit-db.com/exploits/20865

LOCAL: Microsoft Windows Kernel Intel x64 SYSRET PoC
http://www.exploit-db.com/exploits/20861

Oracle Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55213

Real Networks RealPlayer 'VIDOBJ_START_CODE' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51885

Wiki Web Help Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55229

t1lib Type 1 Font Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46941

ZABBIX 'node_process_command()' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/37989

Autonomy KeyView PRZ File Viewer Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48013

Autonomy KeyView Applix Document Filter Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48021

Autonomy KeyView Filter ZIP File Viewer Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48016

Autonomy KeyView LZH Archive File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48018

Autonomy KeyView Filter XLS File Viewer Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48017

Autonomy KeyView Filter RTF Hyperlink Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48019

Autonomy KeyView Microsoft Office Document Filter Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48020

Linux Kernel 'fs/eventpoll.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/54283

Oracle Outside In Technology CVE-2012-3110 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54506

Oracle Outside In Technology CVE-2012-3107 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54504

Oracle Outside In Technology CVE-2012-3106 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54546

Oracle Outside In Technology CVE-2012-3109 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54554

Oracle Outside In Technology CVE-2012-3108 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54550

Oracle Outside In Technology CVE-2012-1772 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54497

Oracle Outside In Technology CVE-2012-1771 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54543

Oracle Outside In Technology CVE-2012-1766 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54531

Oracle Outside In Technology CVE-2012-1770 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54541

Oracle Outside In Technology CVE-2012-1773 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54548

Oracle Outside In Technology CVE-2012-1769 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54500

Oracle Outside In Technology CVE-2012-1767 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54511

Intel CPU Hardware Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53856

CommPort 'signup.cgi' SQL Injection Vulnerability
http://www.securityfocus.com/bid/55239

Vlinks 'id' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/55236

XWiki Enterprise Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55235

Multiple Products Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/55234

Tigase XMPP Server Dialback Protection Bypass Component Security Bypass Vulnerability
http://www.securityfocus.com/bid/55232

WordPress Count Per Day Plugin Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55231

Joomla Komento Component 'cid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/55230

WordPress Image News Slider Plugin Multiple Unspecified Remote Vulnerabilities
http://www.securityfocus.com/bid/55228

SysAid Unspecified SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55227

Multiple Conceptronic Products 'login.js' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55226

ownCloud 'fileuploaded.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/55223

ownCloud 'Remember Me' Function Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/55221

OpenJPEG Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55214

Joomla! Komento Component 'cid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/55212

Symantec Messaging Gateway SSH Default Password Security Bypass Vulnerability
http://www.securityfocus.com/bid/55143

Symantec Messaging Gateway CVE-2012-3581 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55142

Symantec Messaging Gateway CVE-2012-3580 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55141

Symantec Messaging Gateway Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55138

Symantec Messaging Gateway CVE-2012-0308 Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/55137

:: IT Security Neophyte Investigator's MEMO ::

2012年8月28日火曜日

28日火曜日、大安

0 件のコメント:

コメントを投稿

2012年8月28日火曜日

28日 火曜日、大安

0 件のコメント:

コメントを投稿

28日火曜日、大安