:: IT Security Neophyte Investigator's MEMO ::: 30日木曜日、先勝

2012年8月30日木曜日

30日木曜日、先勝

+ RHSA-2012:1210 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2012-1210.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980

+ RHSA-2012:1211 Critical: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2012-1211.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980

+ CESA-2012:1210 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/514084/

+ CESA-2012:1210 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/514085/

+ CESA-2012:1211 Critical CentOS 6 thunderbird Update
http://lwn.net/Alerts/514086/

+ CESA-2012:1211 Critical CentOS 5 thunderbird Update
http://lwn.net/Alerts/514088/

+ HPSB3C02808 SSRT100361 rev.1 - HP Intelligent Management Center, Remote Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03473459%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3253

+ HPSB3C02809 SSRT100377 rev.1 - HP iNode Management Center, Remote Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03473527%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3254

+ OpenSSH 6.1 released
http://www.openssh.com/txt/release-6.1

インターネット非接続環境用「手動アップデートモジュール」ダウンロードページ変更のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1833

チェックしておきたい脆弱性情報＜2012.08.30＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20120827/418401/?ST=security

標的型攻撃時代におけるIT部門の役割
［4］これからのIT部門の役割
http://itpro.nikkeibp.co.jp/article/COLUMN/20120820/416833/?ST=security

「出会い系メール収集が決め手」auとシマンテックの迷惑メール対策
http://itpro.nikkeibp.co.jp/article/NEWS/20120829/419142/?ST=security

アプリ紹介サイト「アンドロイダー」がAndroidアプリのセキュリティチェック開始
http://itpro.nikkeibp.co.jp/article/NEWS/20120829/419085/?ST=security

[SECURITY] [DSA 2535-1] rtfm security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00213.html

Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00208.html

Sistem Biwes Multiple Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00207.html

[ MDVSA-2012:147 ] mozilla-thunderbird
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00206.html

squidGuard 1.4 - Remote Denial of Service - POC
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00210.html

ZDI-12-182 : EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnera
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00205.html

ZDI-12-181 : Novell iPrint nipplib.dll client-file-name Parsing Remote Code Executio
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00203.html

ZDI-12-180 : Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code Execution Vulnerabil
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00204.html

ZDI-12-179 : EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Exec
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00202.html

ZDI-12-178 : (0Day) HP SiteScope SOAP Call update Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00201.html

ZDI-12-177 : (0Day) HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerabili
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00200.html

ZDI-12-176 : (0Day) HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerabili
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00198.html

ZDI-12-175 : (0Day) HP SiteScope SOAP Call create Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00199.html

ZDI-12-174 : (0Day) HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00209.html

ZDI-12-173 : (0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution V
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00197.html

ZDI-12-172 : (0Day) HP Operations Orchestration RSScheduler Service JDBC Connector Remote Co
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00196.html

ZDI-12-171 : (0Day) Hewlett-Packard Intelligent Management Center UAM sprintf Remote Cod
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00192.html

ZDI-12-170 : (0Day) HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00195.html

ZDI-12-169 : GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00194.html

ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vuln
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00191.html

ZDI-12-167 : (0Day) Novell File Reporter NFRAgent.exe VOL Tag Remote Code Execution Vulnerab
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00193.html

[ MDVSA-2012:146 ] firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00190.html

XSS in PrestaShop
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00189.html

Cross-Site Scripting (XSS) in Phorum
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00188.html

=?UTF-8?B?dDLigLIxMjogQ2hhbGxlbmdlIHRvIGJlIHJlbGVhc2VkIDIwMTItMDk=?= =?UTF-8?B?LTAxIDEwOjAwI
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00187.html

[ MDVSA-2012:145 ] firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00186.html

ToorCon 14 Call For Papers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00185.html

"Data" URLs used for in-URL phishing
http://isc.sans.edu/diary.html?storyid=13996

IBM InfoSphere Guardium Discloses Saved Username and Password Data to Remote Users
http://www.securitytracker.com/id/1027456

IBM InfoSphere Guardium Bug Permits Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1027455

Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027452

Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027451

Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027450

syslog-ng Premium Edition Two OpenSSL Vulnerabilities
http://secunia.com/advisories/50444/

PrestaShop Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50449/

Phorum Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50445/

IBM Infosphere Guardium Cross-Site Request Forgery and Information Disclosure Vulnerabilities
http://secunia.com/advisories/50371/

Red Hat update for firefox
http://secunia.com/advisories/50436/

Red Hat update for thunderbird
http://secunia.com/advisories/50434/

Pale Moon Multiple Vulnerabilities
http://secunia.com/advisories/50437/

op5 Monitor Unspecified SQL Injection Vulnerability
http://secunia.com/advisories/50452/

op5 Monitor Multiple Vulnerabilities
http://secunia.com/advisories/50349/

Atlassian Bamboo OGNL Expression Injection Vulnerability
http://secunia.com/advisories/50417/

Atlassian JIRA Multiple Vulnerabilities
http://secunia.com/advisories/50415/

EMC Cloud Tiering Appliance Authentication Bypass Vulnerability
http://secunia.com/advisories/50393/

Mozilla SeaMonkey Multiple Vulnerabilities
http://secunia.com/advisories/50331/

Mozilla Thunderbird Multiple Vulnerabilities
http://secunia.com/advisories/50308/

Mozilla Firefox Multiple Vulnerabilities
http://secunia.com/advisories/50088/

Ubuntu update for libgdata
http://secunia.com/advisories/50432/

Mono Web Form Hash Collision Denial of Service Vulnerability
http://secunia.com/advisories/50446/

Active PHP Bookmarks SQL Vulnerability
http://cxsecurity.com/issue/WLB-2012080303

Atomic Photo Album SQL Vulnerability
http://cxsecurity.com/issue/WLB-2012080302

Sistem Biwes Multiple Vulnerability
http://cxsecurity.com/issue/WLB-2012080301

EMC ApplicationXtender Desktop Viewer AEXView Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080300

EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080299

Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080298

InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080297

Novell File Reporter NFRAgent.exe VOL Tag Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080296

HP OO RSScheduler Service JDBC Connector Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080295

GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080294

HP Intelligent Management Center UAM sprintf Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080293

HP ALM XGO.ocx ActiveX Control Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080292

HP SiteScope SOAP Call getFileInternal Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080291

HP SiteScope SOAP Call create Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080290

HP SiteScope UploadFilesHandler Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080289

HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080288

WordPress HD Webplayer 1.1 SQL Injection
http://cxsecurity.com/issue/WLB-2012080287

Apache OpenOffice 3.4.0 Logic Errors
http://cxsecurity.com/issue/WLB-2012080286

JQuery Tooltip Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080285

Xmb 1.8 SQL Vulnerability
http://cxsecurity.com/issue/WLB-2012080284

ActFax 4.31 Local Privilege Escalation
http://cxsecurity.com/issue/WLB-2012080283

Simple Web Server 2.2-rc2 Code Execution
http://cxsecurity.com/issue/WLB-2012080282

Mieric AddressBook 1.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012080281

LOCAL: ActFax 4.31 Local Privilege Escalation Exploit
http://www.exploit-db.com/exploits/20915

DoS/PoC: Winlog Lite SCADA HMI system SEH 0verwrite Vulnerability
http://www.exploit-db.com/exploits/20917

Elxis CMS Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50910

GE Proficy Historian 'KeyHelp.ocx' ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55265

EMC ApplicationXtender Multiple Products Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/55209

OpenSSL CVE-2012-2131 Encoded ASN.1 Data Incomplete Fix Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53212

OpenSSL ASN.1 S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52181

OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158

Advantech Studio ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/47596

Novell iPrint Client Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/51926

Novell ZENworks Configuration Management AdminStudio Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/50274

RETIRED: Novell ZENWorks 'LaunchHelp.dll' ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50574

op5 Monitor HTML Injection and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/55191

Oracle Outside In Technology CVE-2012-1768 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54536

Drupal Faster Permissions Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/52039

Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55290

Drupal CAPTCHA Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/55289

Drupal Activism Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/55288

Drupal Javascript Tool Multiple Arbitrary File Access and File Disclosure Vulnerabilities
http://www.securityfocus.com/bid/55287

Drupal Email Field Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/55286

Drupal Views Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55285

Wireshark DRDA Dissector 'dissect_drda()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/55284

Drupal Announcements Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/55283

Drupal Taxonomy Image Cross-Site Scripting and Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55282

GNU libiberty '_objalloc_alloc()' Function CVE-2012-3509 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/55281

PrestaShop Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55280

Disqus 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/55279

Phorum Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55275

HP SiteScope UploadFilesHandler Directory Traversal Vulnerability
http://www.securityfocus.com/bid/55273

HP Application Lifecycle Management 'XGO.ocx' Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55272

HP Intelligent Management Centre 'uam.exe' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55271

HP Operations Orchestration 'RSScheduler Service JDBC Connector' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55270

HP SiteScope Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55269

Novell File Reporter Agent 'NFRAgent.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55268

Novell ZENWorks AdminStudio 'ISGrid.dll' Activex Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55267

IBM Infosphere Guardium Administrative Account Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/55263

IBM Infosphere Guardium Database Credentials Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55262

Wordpress HD Webplayer Plugin Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/55259

Atlassian JIRA Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55253

Plogger 'index.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55252

Mono ASP.NET Web Form Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/55251

:: IT Security Neophyte Investigator's MEMO ::

2012年8月30日木曜日

30日木曜日、先勝

0 件のコメント:

コメントを投稿

2012年8月30日木曜日

30日 木曜日、先勝

0 件のコメント:

コメントを投稿

30日木曜日、先勝