2012年8月29日水曜日

29日 水曜日、赤口


+ Mozilla Firefox 15.0 released
http://www.mozilla.jp/firefox/15.0/releasenotes/

+ Mozilla Thunderbird 15.0 released
http://www.mozilla.jp/thunderbird/15.0/releasenotes/

+ MFSA 2012-72 Web console eval capable of executing chrome-privileged code
http://www.mozilla.org/security/announce/2012/mfsa2012-72.html

+ MFSA 2012-71 Insecure use of __android_log_print
http://www.mozilla.org/security/announce/2012/mfsa2012-71.html

+ MFSA 2012-70 Location object security checks bypassed by chrome code
http://www.mozilla.org/security/announce/2012/mfsa2012-70.html

+ MFSA 2012-69 Incorrect site SSL certificate data display
http://www.mozilla.org/security/announce/2012/mfsa2012-69.html

+ MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html
http://www.mozilla.org/security/announce/2012/mfsa2012-68.html

+ MFSA 2012-67 Installer will launch incorrect executable following new installation
http://www.mozilla.org/security/announce/2012/mfsa2012-67.html

+ MFSA 2012-66 HTTPMonitor extension allows for remote debugging without explicit activation
http://www.mozilla.org/security/announce/2012/mfsa2012-66.html

+ MFSA 2012-65 Out-of-bounds read in format-number in XSLT
http://www.mozilla.org/security/announce/2012/mfsa2012-65.html

+ MFSA 2012-64 Graphite 2 memory corruption
http://www.mozilla.org/security/announce/2012/mfsa2012-64.html

+ MFSA 2012-63 SVG buffer overflow and use-after-free issues
http://www.mozilla.org/security/announce/2012/mfsa2012-63.html

+ MFSA 2012-62 WebGL use-after-free and memory corruption
http://www.mozilla.org/security/announce/2012/mfsa2012-62.html

+ MFSA 2012-61 Memory corruption with bitmap format images with negative height
http://www.mozilla.org/security/announce/2012/mfsa2012-61.html

+ MFSA 2012-60 Escalation of privilege through about:newtab
http://www.mozilla.org/security/announce/2012/mfsa2012-60.html

+ MFSA 2012-59 Location object can be shadowed using Object.defineProperty
http://www.mozilla.org/security/announce/2012/mfsa2012-59.html

+ MFSA 2012-58 Use-after-free issues found using Address Sanitizer
http://www.mozilla.org/security/announce/2012/mfsa2012-58.html

+ MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)
http://www.mozilla.org/security/announce/2012/mfsa2012-57.html

+ CESA-2012:1206 Moderate CentOS 6 python-paste-script Update
http://lwn.net/Alerts/513847/

+ CESA-2012:1208 Moderate CentOS 6 glibc Update
http://lwn.net/Alerts/513848/

+ UPDATE: HPSBUX02805 SSRT100919 rev.3 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03441075%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ VU#636312 Oracle Java JRE 1.7 sun.awt.SunToolkit fails to restrict access to privileged code
http://www.kb.cert.org/vuls/id/636312

+ SA50421 Linux Kernel Two Vulnerabilities
http://secunia.com/advisories/50421/

+ SA50435 Symantec Messaging Gateway Multiple Vulnerabilities
http://secunia.com/advisories/50435/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3581

Check Point response to "libcrypt 'crypt()' Password Encryption Weakness" (CVE-2012-2143)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk75640&src=securityAlerts

弊社ウイルス対策製品をご利用の一部環境においてコンピュータの動作が遅くなる現象について
http://www.trendmicro.co.jp/support/news.asp?id=1830

[security bulletin] HPSBUX02805 SSRT100919 rev.3 - HP-UX Running Java, Remote Unauthorized A
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00184.html

ESA-2012-034: EMC Cloud Tiering Appliance (CTA) Authentication Bypass Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00183.html

[SE-2012-01] information regarding recently discovered Java 7 attack
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00182.html

[ MDVSA-2012:144 ] tetex
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00181.html

US-CERT Alert TA12-240A - Oracle Java 7 Security Manager Bypass Vulnerability
http://www.derkeiler.com/Mailing-Lists/Cert/2012-08/msg00001.html

CVE-2012-2665 Manifest-processing errors in Apache OpenOffice 3.4.0
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00180.html

CA20111208-01: Security Notice for CA SiteMinder [updated]
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00179.html

新たな感染手口を備えたSIREFEF/ZACCESSが登場
http://itpro.nikkeibp.co.jp/article/COLUMN/20120828/418672/?ST=security

標的型攻撃時代におけるIT部門の役割
[3]標的型攻撃対策の処方箋
http://itpro.nikkeibp.co.jp/article/COLUMN/20120820/416832/?ST=security

世界最大の石油企業、ワークステーション3万台に攻撃 (WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20120828/418763/?ST=security

Oracle Java 7に“超”危険な脆弱性、任意のOSコマンドが遠隔実行可能
http://itpro.nikkeibp.co.jp/article/NEWS/20120828/418722/?ST=security

JVNTA12-240A Oracle Java 7 に脆弱性
http://jvn.jp/cert/JVNTA12-240A/index.html

The Good, Bad and Ugly about Assigning IPv6 Addresses
http://isc.sans.edu/diary.html?storyid=13978

Symantec Messaging Gateway Multiple Flaws Let Remote Users Access and Modify the System
http://www.securitytracker.com/id/1027449

WordPress Cloudsafe365 Plugin Multiple Vulnerabilities
http://secunia.com/advisories/50392/

elcomCMS ASPX File Upload Vulnerability
http://secunia.com/advisories/50361/

Crowbar Ohai Plugin Insecure Temporary Files Security Issue
http://secunia.com/advisories/50442/

Ad Manager Pro Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/50427/

OpenJPEG JPEG2000 Image Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/50360/

Linux Kernel Two Vulnerabilities
http://secunia.com/advisories/50421/

LetoDMS Multiple Vulnerabilities
http://secunia.com/advisories/50351/

Sitecom MD-253 / MD-254 Web Management Security Bypass Vulnerabilities
http://secunia.com/advisories/50386/

Conceptronic CH3ENAS Web Management Security Bypass Vulnerabilities
http://secunia.com/advisories/50385/

Express Burn Project File Parsing Buffer Overflow Vulnerability
http://secunia.com/advisories/50439/

Chamilo Multiple Vulnerabilities
http://secunia.com/advisories/50412/

SUSE update for xen and libvirt
http://secunia.com/advisories/50196/

OpenOffice XML Manifest Handling Buffer Overflow Vulnerabilities
http://secunia.com/advisories/50438/

Symantec Messaging Gateway Multiple Vulnerabilities
http://secunia.com/advisories/50435/

RT FCGI Module CGI::Fast API Environment Variables Security Bypass
http://secunia.com/advisories/50407/

Red Hat update for glibc
http://secunia.com/advisories/50422/

Red Hat update for python-paste-script
http://secunia.com/advisories/50410/

REMOTE: Simple Web Server 2.2-rc2 ASLR Bypass Exploit
http://www.exploit-db.com/exploits/20876

DoS/PoC: Express Burn Plus v4.58 EBP Project File Handling Buffer Overflow PoC
http://www.exploit-db.com/exploits/20870

Joomla com_ornekek SQL Vulnerability
http://cxsecurity.com/issue/WLB-2012080280

Joomla com_weblinks SQL Vulnerability
http://cxsecurity.com/issue/WLB-2012080279

ANGLER Technologies Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012080278

Infinite IT Solutions Cms Cross-Site Scripting Vulnerability
http://cxsecurity.com/issue/WLB-2012080277

Distantia Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012080276

Java 7 Applet Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080275

CakePHP and Squiz CMS XXE Injection
http://cxsecurity.com/issue/WLB-2012080274

Pell Shopping SQL Injection
http://cxsecurity.com/issue/WLB-2012080273

Chamilo 1.8.8.4 XSS / File Deletion
http://cxsecurity.com/issue/WLB-2012080272

CA SiteMinder Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080271

XWiki 4.2-milestone-2 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080270

VLinks 2.0.3 SQL Injection
http://cxsecurity.com/issue/WLB-2012080269

Silly Fellow Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080268

Silentblast Interactive Shell Upload
http://cxsecurity.com/issue/WLB-2012080267

Mihalism Multi Host 5.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080266

WordPress Simple Forum Shell Upload
http://cxsecurity.com/issue/WLB-2012080265

CommPort 1.01 Authentication Bypass
http://cxsecurity.com/issue/WLB-2012080264

CommPort 1.01 SQL Injection
http://cxsecurity.com/issue/WLB-2012080263

Khorshid Chehr SQL Injection
http://cxsecurity.com/issue/WLB-2012080262

Paliz CMS Path Disclosure
http://cxsecurity.com/issue/WLB-2012080261

Douran CMS Path Disclosure
http://cxsecurity.com/issue/WLB-2012080260

IBN Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080259

Zabbix Server Arbitrary Command Execution
http://cxsecurity.com/issue/WLB-2012080258

Wiki Web Help 0.3.9 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080257

Express Burn Plus 4.58 Buffer Overflow
http://cxsecurity.com/issue/WLB-2012080256

Drupal Faster Permissions Module Access Security Bypass Vulnerability
2012-08-29
http://www.securityfocus.com/bid/52039

Drupal CDN Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52041

Drupal OG Vocabulary Module Security Bypass Vulnerability
http://www.securityfocus.com/bid/52042

Drupal Link Checker Security Bypass Vulnerability
http://www.securityfocus.com/bid/52038

Drupal Finder Module Multiple Cross-Site Scripting And Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/51921

Drupal Revisioning Module Security Bypass Vulnerability
http://www.securityfocus.com/bid/51555

Arbor Networks Peakflow SP 'index/' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52881

VBulletin 'announcementid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52897

Drupal ZipCart Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/52231

Drupal MediaFront Module Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52229

PMSoftware Simple Web Server Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54605

WordPress Cloudsafe365 Plugin 'file' Parameter Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/55241

CPG Dragonfly CMS Multiple Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52100

OpenJPEG Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55214

LetoDMS Multiple HTML Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55181

LibreOffice and OpenOffice Multiple Heap Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54769

Perl Fast CGI Module CGI Variables Authentication Security Bypass Vulnerability
http://www.securityfocus.com/bid/49549

Multiple Conceptronic Products 'login.js' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55226

WordPress chenpress Plugin Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/54635

Computer Associates SiteMinder 'login.fcc' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50962

OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/54114

Oracle Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55213

EMC Cloud Tiering Appliance (CTA) Authentication Security Bypass Vulnerabilityy
http://www.securityfocus.com/bid/55250

Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2012-57 through -72 Multiple Vulnerabilities
http://www.securityfocus.com/bid/55249

WordPress Cloudsafe365 Plugin 'cs365_edit.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55245

Silly Fellow Unspecified HTML Injection Vulnerability
http://www.securityfocus.com/bid/55244

WordPress Simple:Press Forum Plugin Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/55243

Express Burn Project File Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55242

Dell 'Crowbar ohai' Plugin Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55240

0 件のコメント:

コメントを投稿