2012年8月29日水曜日
29日 水曜日、赤口
+ Mozilla Firefox 15.0 released
http://www.mozilla.jp/firefox/15.0/releasenotes/
+ Mozilla Thunderbird 15.0 released
http://www.mozilla.jp/thunderbird/15.0/releasenotes/
+ MFSA 2012-72 Web console eval capable of executing chrome-privileged code
http://www.mozilla.org/security/announce/2012/mfsa2012-72.html
+ MFSA 2012-71 Insecure use of __android_log_print
http://www.mozilla.org/security/announce/2012/mfsa2012-71.html
+ MFSA 2012-70 Location object security checks bypassed by chrome code
http://www.mozilla.org/security/announce/2012/mfsa2012-70.html
+ MFSA 2012-69 Incorrect site SSL certificate data display
http://www.mozilla.org/security/announce/2012/mfsa2012-69.html
+ MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html
http://www.mozilla.org/security/announce/2012/mfsa2012-68.html
+ MFSA 2012-67 Installer will launch incorrect executable following new installation
http://www.mozilla.org/security/announce/2012/mfsa2012-67.html
+ MFSA 2012-66 HTTPMonitor extension allows for remote debugging without explicit activation
http://www.mozilla.org/security/announce/2012/mfsa2012-66.html
+ MFSA 2012-65 Out-of-bounds read in format-number in XSLT
http://www.mozilla.org/security/announce/2012/mfsa2012-65.html
+ MFSA 2012-64 Graphite 2 memory corruption
http://www.mozilla.org/security/announce/2012/mfsa2012-64.html
+ MFSA 2012-63 SVG buffer overflow and use-after-free issues
http://www.mozilla.org/security/announce/2012/mfsa2012-63.html
+ MFSA 2012-62 WebGL use-after-free and memory corruption
http://www.mozilla.org/security/announce/2012/mfsa2012-62.html
+ MFSA 2012-61 Memory corruption with bitmap format images with negative height
http://www.mozilla.org/security/announce/2012/mfsa2012-61.html
+ MFSA 2012-60 Escalation of privilege through about:newtab
http://www.mozilla.org/security/announce/2012/mfsa2012-60.html
+ MFSA 2012-59 Location object can be shadowed using Object.defineProperty
http://www.mozilla.org/security/announce/2012/mfsa2012-59.html
+ MFSA 2012-58 Use-after-free issues found using Address Sanitizer
http://www.mozilla.org/security/announce/2012/mfsa2012-58.html
+ MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)
http://www.mozilla.org/security/announce/2012/mfsa2012-57.html
+ CESA-2012:1206 Moderate CentOS 6 python-paste-script Update
http://lwn.net/Alerts/513847/
+ CESA-2012:1208 Moderate CentOS 6 glibc Update
http://lwn.net/Alerts/513848/
+ UPDATE: HPSBUX02805 SSRT100919 rev.3 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03441075%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ VU#636312 Oracle Java JRE 1.7 sun.awt.SunToolkit fails to restrict access to privileged code
http://www.kb.cert.org/vuls/id/636312
+ SA50421 Linux Kernel Two Vulnerabilities
http://secunia.com/advisories/50421/
+ SA50435 Symantec Messaging Gateway Multiple Vulnerabilities
http://secunia.com/advisories/50435/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3581
Check Point response to "libcrypt 'crypt()' Password Encryption Weakness" (CVE-2012-2143)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk75640&src=securityAlerts
弊社ウイルス対策製品をご利用の一部環境においてコンピュータの動作が遅くなる現象について
http://www.trendmicro.co.jp/support/news.asp?id=1830
[security bulletin] HPSBUX02805 SSRT100919 rev.3 - HP-UX Running Java, Remote Unauthorized A
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00184.html
ESA-2012-034: EMC Cloud Tiering Appliance (CTA) Authentication Bypass Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00183.html
[SE-2012-01] information regarding recently discovered Java 7 attack
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00182.html
[ MDVSA-2012:144 ] tetex
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00181.html
US-CERT Alert TA12-240A - Oracle Java 7 Security Manager Bypass Vulnerability
http://www.derkeiler.com/Mailing-Lists/Cert/2012-08/msg00001.html
CVE-2012-2665 Manifest-processing errors in Apache OpenOffice 3.4.0
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00180.html
CA20111208-01: Security Notice for CA SiteMinder [updated]
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00179.html
新たな感染手口を備えたSIREFEF/ZACCESSが登場
http://itpro.nikkeibp.co.jp/article/COLUMN/20120828/418672/?ST=security
標的型攻撃時代におけるIT部門の役割
[3]標的型攻撃対策の処方箋
http://itpro.nikkeibp.co.jp/article/COLUMN/20120820/416832/?ST=security
世界最大の石油企業、ワークステーション3万台に攻撃 (WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20120828/418763/?ST=security
Oracle Java 7に“超”危険な脆弱性、任意のOSコマンドが遠隔実行可能
http://itpro.nikkeibp.co.jp/article/NEWS/20120828/418722/?ST=security
JVNTA12-240A Oracle Java 7 に脆弱性
http://jvn.jp/cert/JVNTA12-240A/index.html
The Good, Bad and Ugly about Assigning IPv6 Addresses
http://isc.sans.edu/diary.html?storyid=13978
Symantec Messaging Gateway Multiple Flaws Let Remote Users Access and Modify the System
http://www.securitytracker.com/id/1027449
WordPress Cloudsafe365 Plugin Multiple Vulnerabilities
http://secunia.com/advisories/50392/
elcomCMS ASPX File Upload Vulnerability
http://secunia.com/advisories/50361/
Crowbar Ohai Plugin Insecure Temporary Files Security Issue
http://secunia.com/advisories/50442/
Ad Manager Pro Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/50427/
OpenJPEG JPEG2000 Image Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/50360/
Linux Kernel Two Vulnerabilities
http://secunia.com/advisories/50421/
LetoDMS Multiple Vulnerabilities
http://secunia.com/advisories/50351/
Sitecom MD-253 / MD-254 Web Management Security Bypass Vulnerabilities
http://secunia.com/advisories/50386/
Conceptronic CH3ENAS Web Management Security Bypass Vulnerabilities
http://secunia.com/advisories/50385/
Express Burn Project File Parsing Buffer Overflow Vulnerability
http://secunia.com/advisories/50439/
Chamilo Multiple Vulnerabilities
http://secunia.com/advisories/50412/
SUSE update for xen and libvirt
http://secunia.com/advisories/50196/
OpenOffice XML Manifest Handling Buffer Overflow Vulnerabilities
http://secunia.com/advisories/50438/
Symantec Messaging Gateway Multiple Vulnerabilities
http://secunia.com/advisories/50435/
RT FCGI Module CGI::Fast API Environment Variables Security Bypass
http://secunia.com/advisories/50407/
Red Hat update for glibc
http://secunia.com/advisories/50422/
Red Hat update for python-paste-script
http://secunia.com/advisories/50410/
REMOTE: Simple Web Server 2.2-rc2 ASLR Bypass Exploit
http://www.exploit-db.com/exploits/20876
DoS/PoC: Express Burn Plus v4.58 EBP Project File Handling Buffer Overflow PoC
http://www.exploit-db.com/exploits/20870
Joomla com_ornekek SQL Vulnerability
http://cxsecurity.com/issue/WLB-2012080280
Joomla com_weblinks SQL Vulnerability
http://cxsecurity.com/issue/WLB-2012080279
ANGLER Technologies Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012080278
Infinite IT Solutions Cms Cross-Site Scripting Vulnerability
http://cxsecurity.com/issue/WLB-2012080277
Distantia Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012080276
Java 7 Applet Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080275
CakePHP and Squiz CMS XXE Injection
http://cxsecurity.com/issue/WLB-2012080274
Pell Shopping SQL Injection
http://cxsecurity.com/issue/WLB-2012080273
Chamilo 1.8.8.4 XSS / File Deletion
http://cxsecurity.com/issue/WLB-2012080272
CA SiteMinder Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080271
XWiki 4.2-milestone-2 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080270
VLinks 2.0.3 SQL Injection
http://cxsecurity.com/issue/WLB-2012080269
Silly Fellow Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080268
Silentblast Interactive Shell Upload
http://cxsecurity.com/issue/WLB-2012080267
Mihalism Multi Host 5.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080266
WordPress Simple Forum Shell Upload
http://cxsecurity.com/issue/WLB-2012080265
CommPort 1.01 Authentication Bypass
http://cxsecurity.com/issue/WLB-2012080264
CommPort 1.01 SQL Injection
http://cxsecurity.com/issue/WLB-2012080263
Khorshid Chehr SQL Injection
http://cxsecurity.com/issue/WLB-2012080262
Paliz CMS Path Disclosure
http://cxsecurity.com/issue/WLB-2012080261
Douran CMS Path Disclosure
http://cxsecurity.com/issue/WLB-2012080260
IBN Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080259
Zabbix Server Arbitrary Command Execution
http://cxsecurity.com/issue/WLB-2012080258
Wiki Web Help 0.3.9 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080257
Express Burn Plus 4.58 Buffer Overflow
http://cxsecurity.com/issue/WLB-2012080256
Drupal Faster Permissions Module Access Security Bypass Vulnerability
2012-08-29
http://www.securityfocus.com/bid/52039
Drupal CDN Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52041
Drupal OG Vocabulary Module Security Bypass Vulnerability
http://www.securityfocus.com/bid/52042
Drupal Link Checker Security Bypass Vulnerability
http://www.securityfocus.com/bid/52038
Drupal Finder Module Multiple Cross-Site Scripting And Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/51921
Drupal Revisioning Module Security Bypass Vulnerability
http://www.securityfocus.com/bid/51555
Arbor Networks Peakflow SP 'index/' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52881
VBulletin 'announcementid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52897
Drupal ZipCart Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/52231
Drupal MediaFront Module Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52229
PMSoftware Simple Web Server Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54605
WordPress Cloudsafe365 Plugin 'file' Parameter Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/55241
CPG Dragonfly CMS Multiple Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52100
OpenJPEG Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55214
LetoDMS Multiple HTML Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55181
LibreOffice and OpenOffice Multiple Heap Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54769
Perl Fast CGI Module CGI Variables Authentication Security Bypass Vulnerability
http://www.securityfocus.com/bid/49549
Multiple Conceptronic Products 'login.js' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55226
WordPress chenpress Plugin Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/54635
Computer Associates SiteMinder 'login.fcc' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50962
OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/54114
Oracle Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55213
EMC Cloud Tiering Appliance (CTA) Authentication Security Bypass Vulnerabilityy
http://www.securityfocus.com/bid/55250
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2012-57 through -72 Multiple Vulnerabilities
http://www.securityfocus.com/bid/55249
WordPress Cloudsafe365 Plugin 'cs365_edit.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55245
Silly Fellow Unspecified HTML Injection Vulnerability
http://www.securityfocus.com/bid/55244
WordPress Simple:Press Forum Plugin Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/55243
Express Burn Project File Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55242
Dell 'Crowbar ohai' Plugin Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55240
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿