2012年8月8日水曜日
8日 水曜日、友引
+ nginx-1.2.3 stable version released
http://nginx.org/en/download.html
+ CVE-2012-2111 Access Controls vulnerability in Samba
https://blogs.oracle.com/sunsecurity/entry/cve_2012_2111_access_controls
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2111
+ Multiple vulnerabilities in Thunderbird
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449
+ Multiple vulnerabilities in libpng
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libpng2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048
+ Multiple vulnerabilities in International Components for Unicode (ICU)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4599
+ CVE-2011-4339 Access Controls vulnerability in ipmitool
https://blogs.oracle.com/sunsecurity/entry/cve_2011_4339_access_controls
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4339
+ Multiple vulnerabilities in Python
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_python
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1150
+ Multiple Resource Management Error vulnerabilities in libexpat
https://blogs.oracle.com/sunsecurity/entry/multiple_resource_management_error_vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148
+ RHSA-2012:1149 Moderate: sudo security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-1149.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3440
+ Cisco IOS SSH2 Sessions CVE-2012-1367 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1367
+ Cisco ASA 5500 Series CVE-2012-2474 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2474
+ LINE for Android Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4005
+ Cisco IP Communicator CVE-2012-2490 Security Bypass Vulnerability
http://www.securityfocus.com/bid/54850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2490
+ Cisco AnyConnect Secure Mobility Client CVE-2012-2498 Certificate Validation Vulnerability
http://www.securityfocus.com/bid/54847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2498
ウイルスバスター コーポレートエディション 10.0 Service Pack 1 Patch 5 (ビルド 3071) 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1821
[security bulletin] HPSBMU02781 SSRT100617 rev.2 - HP Network Node Manager i (NNMi) for HP-U
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00052.html
nullcon International security conference Delhi 2012 Highlights
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00051.html
Oracle Business Transaction Management Server FlashTunnelService Remote File Deletion
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00050.html
Oracle Business Transaction Management Server FlashTunnelService WriteToFile Message Remote Code Ex
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00049.html
FreeBSD Security Advisory FreeBSD-SA-12:05.bind
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00048.html
[SECURITY] [DSA 2525-1] expat security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00047.html
[SECURITY] [DSA 2524-1] openttd security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00046.html
[SECURITY] [DSA 2523-1] globus-gridftp-server security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00045.html
[3]管理編:自分の記憶力だけに頼らない方法、お教えします
http://itpro.nikkeibp.co.jp/article/COLUMN/20120802/413688/?ST=security
「Facebookなどに投稿される1日3億URLの分析で攻撃防ぐ」、トレンドマイクロが新戦略
http://itpro.nikkeibp.co.jp/article/NEWS/20120807/414753/?ST=security
チェックしておきたい脆弱性情報<2012.08.07>
http://itpro.nikkeibp.co.jp/article/COLUMN/20120806/414404/?ST=security
JVN#67435981 Android 版 LINE における暗黙的 Intent の扱いに関する脆弱性
http://jvn.jp/jp/JVN67435981/index.html
JVNVU#960468 HP ArcSight アプライアンス製品にクロスサイトスクリプティングの脆弱性
http://jvn.jp/cert/JVNVU960468/index.html
JVNDB-2011-000088 iOS 上の Safari におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000088.html
JVNDB-2012-000074 Android 版 LINE における暗黙的 Intent の扱いに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000074.html
JVNDB-2012-003444 Linux 上で稼働する Google Chrome におけるサービス運用妨害 (クロスプロセス干渉) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003444.html
JVNDB-2012-003443 Cisco AnyConnect Secure Mobility Client におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003443.html
JVNDB-2012-003442 Cisco IOS の MallocLite の実装におけるサービス運用妨害 (ルートプロセッサクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003442.html
JVNDB-2012-003441 Cisco Unified Computing System におけるサービス運用妨害 (デバイスリロード) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003441.html
JVNDB-2012-003440 Cisco Unified Computing System におけるサービス運用妨害 (デバイスリロード) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003440.html
Who protects small business?
http://isc.sans.edu/diary.html?storyid=13849
Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1027355
Cisco AnyConnect Secure Mobility Client Bugs Let Remote Users Spoof Servers
http://www.securitytracker.com/id/1027354
Cisco IP Communicator Bug Lets Remote Users Modify the Certificate Trust List via Man-in-the-Middle Attacks
http://www.securitytracker.com/id/1027353
Cisco NX-OS CDP Packet Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027352
Cisco Carrier Routing System Lets Remote Users Bypass Access Control Lists
http://www.securitytracker.com/id/1027351
Cisco Unified Computing System SSH Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027350
Cisco Catalyst Switch Local Web Authentication Bug Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1027349
Cisco MDS Fibre Channel over IP Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027348
gnome-screensaver Lets Physically Local Users Bypass the Screen Saver Lock
http://www.securitytracker.com/id/1027347
Oracle Sun Products Suite 'Integrated Lights Out Manager' Local SPARC T-Series Servers Vulnerability
http://www.securiteam.com/securitynews/5DP2V2080O.html
AOL downloadUpdater2 Firefox Plugin Buffer Overflow Vulnerability
http://secunia.com/advisories/48945/
IBM Tivoli Endpoint Manager OpenSSL Two Vulnerabilities
http://secunia.com/advisories/50151/
Joomla! En Masse Component "sortBy" SQL Injection Vulnerability
http://secunia.com/advisories/50181/
WordPress Vitamin Plugin Two Arbitrary File Disclosure Vulnerabilities
http://secunia.com/advisories/50176/
Ubuntu update for nvidia-graphics-drivers
http://secunia.com/advisories/50185/
TCExam "subject_module_id" and "question_subject_id" SQL Injection Vulnerabilities
http://secunia.com/advisories/50141/
Sticky Notes Script Insertion and SQL Injection Vulnerabilities
http://secunia.com/advisories/50171/
Intuit GoPayment Card Reader Information Disclosure Vulnerability
http://secunia.com/advisories/50184/
Debian update for expat
http://secunia.com/advisories/50112/
Debian update for openttd
http://secunia.com/advisories/50137/
Debian update for globus-gridftp-server
http://secunia.com/advisories/50138/
KOffice KWord ODF Style Parsing Buffer Overflow Vulnerability
http://secunia.com/advisories/50199/
Calligra Words ODF Style Parsing Buffer Overflow Vulnerability
http://secunia.com/advisories/50050/
NVIDIA Graphics Drivers for Linux GPU Device Node Access Privilege Escalation Vulnerability
http://secunia.com/advisories/50085/
FreeBSD update for bind
http://secunia.com/advisories/50177/
SUSE update for SUSE Manager
http://secunia.com/advisories/50188/
AirDroid 1.0.4 several weaknesses
http://cxsecurity.com/issue/WLB-2012080067
Ubisoft uplay 2.0.3 Active X Control Arbitrary Code Execution
http://cxsecurity.com/issue/WLB-2012080066
Oracle BTM Server 12.1.0.2.7 Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080065
Oracle BTM Server 12.1.0.2.7 FlashTunnelService Remote File Deletion
http://cxsecurity.com/issue/WLB-2012080064
Dir2web3 3.0 SQL Injection and Information Disclosure
http://cxsecurity.com/issue/WLB-2012080063
YT-Videos Script SQL Injection
http://cxsecurity.com/issue/WLB-2012080062
Mibew Web Messenger 1.6.4 SQL Injection
http://cxsecurity.com/issue/WLB-2012080061
Inoutmail Webmail CMS 2012 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080060
BeneficialBank Business 4.13.1 SQL Injection
http://cxsecurity.com/issue/WLB-2012080059
Joomla com_package SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012080058
Joomla Photo SQL Injection
http://cxsecurity.com/issue/WLB-2012080057
Joomla Enmasse SQL Injection
http://cxsecurity.com/issue/WLB-2012080056
Zoho BugTracker Multiple Stored XSS Vulnerabilities
http://cxsecurity.com/issue/WLB-2012080055
Inout Mobile Webmail APP Multiple Web Vulnerabilities
http://cxsecurity.com/issue/WLB-2012080054
Openconstructor CMS 3.12.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080053
Turtle CMS 1 SQL Injection
http://cxsecurity.com/issue/WLB-2012080052
REMOTE: Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService WriteToFile Message RCE
http://www.exploit-db.com/exploits/20318
REMOTE: Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService Remote File Deletion
http://www.exploit-db.com/exploits/20319
Opera Web Browser Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49388
Python Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51239
Python SimpleXMLRPCServer Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51996
Expat XML Parsing Multiple Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52379
OpenIPMI 'ipmievd' Daemon PID Files Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/51036
libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52049
International Components for Unicode '_canonicalize( )' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51006
Google Chrome Prior to 13.0.782.107 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/48960
libpng 'png_set_text_2()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52830
Mozilla Firefox/Thunderbird/Seamonkey Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/51756
Mozilla Firefox/SeaMonkey/Thunderbird XSLT Stylesheets Denial of Service Vulnerability
http://www.securityfocus.com/bid/51754
Mozilla Firefox/SeaMonkey/Thunderbird XPConnect Security Check Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/51752
Mozilla Firefox/Thunderbird/SeaMonkey nsDOMAttribute Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51755
Drupal Ubercart AJAX Cart Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53999
Drupal Protected Node Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/54001
Drupal SimpleMeta Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/53997
Drupal Global Redirect Module Open Redirection Vulnerability
http://www.securityfocus.com/bid/54002
Drupal Node Hierarchy Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/53993
Drupal Janrain Capture Module Open Redirection Vulnerability
http://www.securityfocus.com/bid/53992
Drupal Token Authentication Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/53840
Drupal Simplenews Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53839
Drupal Counter Module SQL Injection Vulnerability
http://www.securityfocus.com/bid/53736
Drupal Node Embed Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/53835
Drupal filedepot Module Session Management Security Bypass Vulnerability
http://www.securityfocus.com/bid/53742
Drupal Organic Groups Module Cross Site Scripting and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/53838
Drupal Maestro Module Cross Site Request Forgery and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53836
Drupal Mobile Tools Module Multiple Unspecified HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53734
Drupal Amadou Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53732
Drupal Search API Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53672
Drupal Zen Theme Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53573
Drupal Comment Moderation Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/53738
Drupal Taxonomy List Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53671
Drupal BrowserID (Mozilla Persona) Module Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53673
Drupal Aberdeen Theme Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53581
Drupal Hostmaster Module Cross Site Scripting and Access Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/53588
Drupal Smart Breadcrumb 'filter_titles()' HTML Injection Vulnerability
http://www.securityfocus.com/bid/53592
Drupal Advertisement Module Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/53590
Drupal Post Affiliate Pro Cross Site Scripting and Access Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/53589
Drupal Ubercart Product Keys Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/53587
Drupal Take Control Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/53452
Drupal Glossary Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53440
Drupal Contact Forms Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/53441
Sticky Notes Multiple HTML Injection and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/54256
ISC DHCP Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/54665
Linux Kernel IPv6 'nf_ct_frag6_reasm()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54367
OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54658
ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53772
CoolPlayer M3U File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/30418
Opera Web Browser HTML Injection Vulnerability
http://www.securityfocus.com/bid/54779
Opera Web Browser Cross Site Scripting Sanitizer Security Bypass Vulnerability
http://www.securityfocus.com/bid/54788
Joomla RSGallery2 Component HTML Injection and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/54752
Opera Web Browser Prior to 12.01 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54782
Cisco IOS BGP UPDATE CVE-2012-1367 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54830
Opera Web Browser Unspecified Security Vulnerability
http://www.securityfocus.com/bid/54780
Cisco ASA 5500 Series CVE-2012-2474 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54840
LINE for Android Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54871
OpenStack Nova CVE-2012-3447 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/54869
Todd Miller Sudo Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/54868
Ubisoft Uplay ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54867
GetSimple 'path' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/54866
PBBoard Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/54862
TCExam Prior 11.3.008 Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/54861
Intuit GoPayment Card Reader Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54858
WordPress Vitamin Plugin 'path' Parameter Multiple Remote File Disclosure Vulnerabilities
http://www.securityfocus.com/bid/54856
Joomla En Masse Component 'sortBy' Parameter Remote SQL Injection Vulnerability
http://www.securityfocus.com/bid/54853
Cisco IP Communicator CVE-2012-2490 Security Bypass Vulnerability
http://www.securityfocus.com/bid/54850
Cisco AnyConnect Secure Mobility Client CVE-2012-2498 Certificate Validation Vulnerability
http://www.securityfocus.com/bid/54847
Dir2web Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54845
IBM Multiple Products CVE-2012-2188 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/54844
Oracle Business Transaction Management Server Arbitrary File Write Vulnerability
http://www.securityfocus.com/bid/54839
Alligra Calligra Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54816
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿