2012年9月25日火曜日

25日 火曜日、大安


+ Google Chrome 21.0.1180.90 for Mac released
http://googlechromereleases.blogspot.jp/2012/09/stable-channel-update.html

+ Google Chrome for iOS 21.0.1180.82 released
http://googlechromereleases.blogspot.jp/2012/09/chrome-for-ios-update_24.html

+ Apache OpenOffice 3.4.1 released
http://www.openoffice.org/development/releases/3.4.1.html

+ squid 3.1.21 released
http://www.squid-cache.org/Versions/v3/3.1/RELEASENOTES.html

+ UPDATE: Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts

+ Samba 3.5.18 Available for Download
http://samba.org/samba/history/samba-3.5.18.html

+ PostgreSQL 9.2.1, 9.1.6, 9.0.10, 8.4.14, 8.3.21 released
http://www.postgresql.org/docs/9.2/static/release-9-2-1.html
http://www.postgresql.org/docs/9.1/static/release-9-1-6.html
http://www.postgresql.org/docs/9.0/static/release-9-0-10.html
http://www.postgresql.org/docs/8.4/static/release-8-4-14.html
http://www.postgresql.org/docs/8.3/static/release-8-3-21.html

Advisory: Shh/Updater-B False positives
http://www.sophos.com/en-us/support/knowledgebase/118311.aspx

チェックしておきたい脆弱性情報<2012.09.25>
http://itpro.nikkeibp.co.jp/article/COLUMN/20120924/424652/?ST=security

Windows 8用のIE10に早くも脆弱性
http://itpro.nikkeibp.co.jp/article/NEWS/20120924/424842/?ST=security

ソフトバンク販売代理店における端末盗難事件、個人情報も漏洩
http://itpro.nikkeibp.co.jp/article/NEWS/20120924/424722/?ST=security

「対策方法無し」の脆弱性に対応するIEの更新プログラム公開、「直ちに適用」推奨
http://itpro.nikkeibp.co.jp/article/NEWS/20120924/424701/?ST=security

JVNTA12-262A Internet Explorer への攻撃に関する Microsoft Security Advisory (2757760) 公開
http://jvn.jp/cert/JVNTA12-262A/

JVNVU#480095 Internet Explorer に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU480095/

JVNTA12-265A Internet Explorer の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA12-265A/

JVNDB-2012-004553 Apple iOS 6 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004553.html

JVNDB-2012-004552 Apple iOS 6 未満の UIKit における平文のファイルコンテンツを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004552.html

JVNDB-2012-004551 Apple iOS 6 未満におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004551.html

JVNDB-2012-004550 Apple iOS 6 未満におけるテキストコミュニケーションを偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004550.html

JVNDB-2012-004549 Apple iOS 6 未満のシステムログの実装における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004549.html

JVNDB-2012-004548 Apple iOS 6 未満の Safari における https 接続に偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004548.html

JVNDB-2012-004547 Apple iOS 6 未満の制限の実装における Apple ID 認証ステップを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004547.html

JVNDB-2012-004546 Apple iOS 6 未満のパスコードロックの実装におけるパスコード要求を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004546.html

JVNDB-2012-004545 Apple iOS の CFNetwork における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004545.html

JVNDB-2012-004544 Apple iOS の DHCP コンポーネントにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004544.html

JVNDB-2012-004543 Apple iOS 6 未満のパスコードロックの実装におけるパスコードの要求を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004543.html

JVNDB-2012-004542 Apple iOS の ImageIO におけるメモリ二重解放の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004542.html

JVNDB-2012-004541 Apple iOS の IPsec コンポーネントにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004541.html

JVNDB-2012-004540 Apple iOS 6 未満のパスコードロックの実装におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004540.html

JVNDB-2012-004539 Apple iOS のカーネルにおける権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004539.html

JVNDB-2012-004538 Apple Safari 6.0.1 未満の Form Autofill 機能における Me カードの情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004538.html

JVNDB-2012-004537 Apple Safari 6.0.1 未満における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004537.html

JVNDB-2012-004536 Apple iOS のカーネルにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004536.html

JVNDB-2012-004535 Apple iOS のメールにおける添付ファイルを偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004535.html

JVNDB-2012-004534 Apple iOS のメールにおけるパスコードの要求を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004534.html

JVNDB-2012-004533 Apple iOS のメールにおける署名されたコンテンツを偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004533.html

JVNDB-2012-004532 Apple iOS 6 未満のパスコードロックの実装における任意の保存写真を表示される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004532.html

JVNDB-2012-004531 Apple iOS 6 未満のパスコードロックの実装におけるパスコードの要求を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004531.html

JVNDB-2012-004530 Apple Mac OS X の CoreText における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004530.html

JVNDB-2012-004529 Apple Mac OS X の DirectoryService におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004529.html

JVNDB-2012-004528 Apple iOS 6 未満のパスコードロックの実装における使用したサードパーティアプリケーションを見られる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004528.html

JVNDB-2012-004527 Apple iOS 6 未満の Office Viewer における Data Protection レベルまたは暗号化を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004527.html

JVNDB-2012-004526 Apple Mac OS X における入力されたパスワードを読み取られる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004526.html

JVNDB-2012-004525 Apple Mac OS X のメールにおける任意のプラグインコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004525.html

JVNDB-2012-004524 Apple iOS 6 未満のメッセージにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004524.html

JVNDB-2012-004523 Apple Mac OS X の QuickTime および iOS の CoreMedia におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004523.html

JVNDB-2012-004522 Apple Mac OS X のモバイルアカウントにおけるパスワードを特定される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004522.html

JVNDB-2012-004521 Apple Mac OS X の Profile Manager における管理対象のデバイスを列挙される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004521.html

JVNDB-2012-004520 Apple Mac OS X における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004520.html

APPLE-SA-2012-09-24-1 Apple TV 5.1
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00108.html

CVE-2012-4415: guacamole local root vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00106.html

[SECURITY] [DSA 2551-1] isc-dhcp security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00097.html

US-CERT Alert TA12-265A - Microsoft Releases Patch for Internet Explorer Exploit
http://www.derkeiler.com/Mailing-Lists/Cert/2012-09/msg00003.html

DDIVRT-2012-42 Novell GroupWise Agents Arbitrary File Retrieval (CVE-2012-0419)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00105.html

Toshiba ConfigFree CF7 File Stack Buffer Overflow (Comment Field
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00104.html

Toshiba ConfigFree CF7 File Remote Command Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00103.html

Toshiba ConfigFree CF7 File Stack Buffer Overflow (ProfileName)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00102.html

[security bulletin] HPSBMU02815 SSRT100715 rev.3 - HP SiteScope SOAP Security Issues, Remote Dis
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00096.html

ESA-2012-037: RSA(r) Authentication Agent 7.1 for Microsoft Windows(r) and RSA(r) Authentica
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00101.html

[Announcement] ClubHack Magazines Sept 2012 Issue Out
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00100.html

[CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulne
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00099.html

GreHack 2012 - 19th Oct. Grenoble, France - Conference + CTF - Call For [ Participation,
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00098.html

APPLE-SA-2012-09-19-3 Safari 6.0.1
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00095.html

APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00094.html

APPLE-SA-2012-09-19-1 iOS 6
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00093.html

[Positive Research] Intel SMEP Part II: Bypassing Intel SMEP on Windows 8 x64 Using Return-orien
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00107.html

[security bulletin] HPSBMU02815 SSRT100715 rev.2 - HP SiteScope SOAP Security Issues, Remote Dis
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00092.html

[2.0 Update] Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility C
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00091.html

RSA Authentication Agent Lets Remote Authenticated Users Bypass an Authentication Step
http://www.securitytracker.com/id/1027559

Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users
http://www.securitytracker.com/id/1027558

VU#555668 JAMF Software Casper Suite contains a cross-site request forgery
http://www.kb.cert.org/vuls/id/555668

SafeNet Sentinel Protection Installer Keys Server Denial of Service Vulnerability
http://secunia.com/advisories/50685/

WordPress Notices Ticker Plugin Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/50717/

Gentoo update for expat
http://secunia.com/advisories/50695/

Gentoo update for libreoffice
http://secunia.com/advisories/50692/

WordPress Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/50715/

gpEasy CMS Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50691/

SonicWALL Anti-Spam & Email Security Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50686/

Gentoo update for bind
http://secunia.com/advisories/50724/

Ubuntu update for kernel
http://secunia.com/advisories/50732/

Debian update for isc-dhcp
http://secunia.com/advisories/50727/

Gentoo update for tiff
http://secunia.com/advisories/50726/

Gentoo update for php
http://secunia.com/advisories/50725/

IBM Installation Manager IEHS Redirection Weakness and Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50729/

morgane CMS Cross-Site Scripting Vulnerability
http://cxsecurity.com/issue/WLB-2012090219

LetUsPlay CMS SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090218

mc-creation CMS Cross-Site Scripting Vulnerability
http://cxsecurity.com/issue/WLB-2012090217

SmartCreations Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090216

IFOBS CSRF and XSS vulnerabilities
http://cxsecurity.com/issue/WLB-2012090215

Novell GroupWise Agents Arbitrary File Retrieval
http://cxsecurity.com/issue/WLB-2012090214

Oracle Java Runtime Environment CVE-2012-3136 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55337

Oracle Java SE CVE-2012-1722 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53953

Oracle Java SE CVE-2012-1726 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53948

Oracle Java SE CVE-2012-1725 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53954

Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951

Oracle Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55213

Oracle Java SE CVE-2012-1721 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53959

Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53946

Oracle Java SE CVE-2012-1716 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53947

Oracle Java SE CVE-2012-1719 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53950

Oracle GlassFish Server Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53136

Oracle Java SE CVE-2012-0547 Remote Java Runtime Environment Weakness
http://www.securityfocus.com/bid/55339

Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952

Oracle Java Runtime Environment CVE-2012-1682 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55336

libTIFF ThunderCode Decoder Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46951

International Components for Unicode '_canonicalize( )' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51006

Google Chrome Prior to 16.0.912.75 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51300

WebKit Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54680

libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52049

libpng 'png_set_text_2()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52830

libTIFF CVE-2012-1173 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52891

libxml2 Invalid XPath Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/48056

Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49658

Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49279

libpng Malformed cHRM Divide-By-Zero Denial of Service Vulnerability
http://www.securityfocus.com/bid/49744

Apple iPhone/iPad/iPod touch Prior to iOS 6 Multiple Vulnerabilities
http://www.securityfocus.com/bid/55612

OpenSSL DTLS CVE-2012-2333 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53476

OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158

OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764

OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428

OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/51281

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1976 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55319

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1973 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55316

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1974 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55317

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3959 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55324

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-3972 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55310

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1975 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55318

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1972 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55314

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3962 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55342

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3978 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55306

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-1970 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55266

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-3969 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55292

libguac Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55497

Tor Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/55519

ICCLIB CVE-2012-4405 Out-of-Bounds Memory Write Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55494

PHP '_php_stream_scandir()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54638

PHP CVE-2012-0057 Security Bypass Vulnerability
http://www.securityfocus.com/bid/51806

Linux Kernel SFC Driver CVE-2012-3412 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54763

Linux Kernel 'rds_recvmsg()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54702

Expat XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37203

OpenOffice Microsoft Word File Format Importer Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/49969

OptiPNG Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55566

Tor Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55128

ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55522

GNU Automake Local Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/54418

PHP 'php_register_variable_ex()' Function Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/51830

PHP PDO Memory Access Violation Denial of Service Vulnerability
http://www.securityfocus.com/bid/54777

PHP 'header()' HTTP Header Injection Vulnerability
http://www.securityfocus.com/bid/55297

IcedTea-Web Multiple Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54762

libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729

PHP 'php-cgi' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53388

PHP CVE-2012-0789 Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52043

PHP Web Form Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51193

PHP PDORow Object Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51952

PHP CVE-2012-1172 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/53403

PHP CVE-2012-3365 'open_basedir' Security-Bypass Vulnerability
http://www.securityfocus.com/bid/54612

PHP CVE-2012-0831 'magic_quotes_gpc' Directive Security Bypass Weakness
http://www.securityfocus.com/bid/51954

PHP 'exif_process_IFD_TAG()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50907

PHP 'phar/tar.c' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47545

PHP 'is_a()' Function Remote File Include Vulnerability
http://www.securityfocus.com/bid/49754

ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54658

ISC BIND 9 TCP Query Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54659

ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53772

ISC BIND CVE-2012-1033 Security Bypass Vulnerability
http://www.securityfocus.com/bid/51898

Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36097

Expat XML Parsing Multiple Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52379

ISC DHCP IPv6 Lease Expiration Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/55530

Raptor XML External Entity Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52681

LibreOffice and OpenOffice Multiple Heap Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54769

OpenOffice Prior to 3.4 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/53570

IBM Eclipse Help System Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53884

LibTIFF 't2p_read_tiff_init()' Function Heap-based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54601

ZEN Load Balancer Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55638

NTR ActiveX control Buffer Overflow and Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/51374

JAMF Software Casper Suite Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/55663

Multiple RSA Products Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/55662

WordPress Notices Ticker Plugin Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/55661

gpEasy CMS Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55657

Oracle Database Authentication Protocol CVE-2012-3137 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55651

2012年9月24日月曜日

24日 月曜日、仏滅


+ UPDATE: Microsoft Security Advisory (2757760) Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2757760

+ UPDATE: Microsoft Security Advisory (2755801) Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
http://technet.microsoft.com/en-us/security/advisory/2755801

+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2757760) Internet Explorer の脆弱性により、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2757760

+ マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 10 における Adobe Flash Player の脆弱性に関する更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801

+ Microsoft Internet Explorer cloneNode Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2557

+ Microsoft Internet Explorer Layout Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2548

+ Microsoft Internet Explorer Event Listener Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2546

+ Microsoft Internet Explorer OnMove Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1529

緊急サーバメンテナンスのお知らせ(2012年9月23日)
http://www.trendmicro.co.jp/support/news.asp?id=1841

Advisory: Shh/Updater-B False positives
http://www.sophos.com/en-us/support/knowledgebase/118311.aspx

尖閣諸島関連改ざん被害の裁判所Webサイト、1週間ぶりに復旧
http://itpro.nikkeibp.co.jp/article/NEWS/20120921/424403/?ST=security

セキュアブレイン、社内のマルウエア感染状況を可視化するSaaSを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20120921/424324/?ST=security

JVNDB-2012-001793 JP1/Cm2/Network Node Manager i におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001793.html

JVNDB-2012-004397 (JVNVU#480095) (JVNTA12-262A) Internet Explorer に任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004397.html

JVNDB-2012-004519 KnowledgeTree の config/dmsDefaults.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004519.html

JVNDB-2012-004518 Caminova DjVu Browser Plug-in におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004518.html

JVNDB-2012-004517 VR GPub の admin/admin_options.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004517.html

JVNDB-2012-004516 Parallels H-Sphere におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004516.html

JVNDB-2012-004515 NoMachine NX Web Companion の nxapplet.jar における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004515.html

JVNDB-2012-004514 Social Book Facebook Clone におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004514.html

JVNDB-2012-004513 e107 用 jbShop プラグインの jbshop.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004513.html

JVNDB-2012-004512 Online Subtitles Workshop におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004512.html

JVNDB-2012-004511 HP Network Node Manager i におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004511.html

JVNDB-2012-004510 OrderSys における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004510.html

JVNDB-2012-004509 WordPress 用 ClickDesk Live Support - Live Chat におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004509.html

JVNDB-2012-004508 WordPress 用 ZooEffect プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004508.html

JVNDB-2012-004507 WordPress 用 Skysa App Bar Integration プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004507.html

JVNDB-2012-004506 eSyndiCat Pro の admin/controller.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004506.html

Update for CVE-2012-3132
http://isc.sans.edu/diary.html?storyid=14164

iOS 6 Security Roundup
http://isc.sans.edu/diary.html?storyid=14152

IE Cumulative Updates MS12-063 - KB2744842
http://isc.sans.edu/diary.html?storyid=14155

Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 (2755801)
http://isc.sans.edu/diary.html?storyid=14158

Storing your Collection of Malware Samples with Malwarehouse
http://isc.sans.edu/diary.html?storyid=14161

Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027555

Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
http://www.securitytracker.com/id/1027554

Zend Framework Input Validation Flaws Permit Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027553

ASUS Net4Switch ipswcom.dll ActiveX Stack Buffer Overflow
http://cxsecurity.com/issue/WLB-2012090213

FlatOut Malformed .bed file Buffer Overflow
http://cxsecurity.com/issue/WLB-2012090212

infobigs CMS LFI Vulnerability
http://cxsecurity.com/issue/WLB-2012090211

tapinllc Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090210

2xl Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090209

WEBBISH SQL Injection
http://cxsecurity.com/issue/WLB-2012090208

Gazine2 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012090207

Toshiba ConfigFree CF7 File Remote Command Execution
http://cxsecurity.com/issue/WLB-2012090206

Toshiba ConfigFree CF7 File Stack Buffer Overflow (Comment Field)
http://cxsecurity.com/issue/WLB-2012090205

Toshiba ConfigFree CF7 File Stack Buffer Overflow (ProfileName)
http://cxsecurity.com/issue/WLB-2012090204

Thomson Wireless VoIP Cable Modem Auth Bypass
http://cxsecurity.com/issue/WLB-2012090203

libdbus DBUS_SYSTEM_BUS_ADDRESS trivial non-dbus root exploit
http://cxsecurity.com/issue/WLB-2012090202

Apache CXF SOAP Action Spoofing Attacks
http://cxsecurity.com/issue/WLB-2012090201

AShop 5.3.4 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012090200

cgCraft llc SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090199

Jessica Rhaye Design <= Cross Site Scripting Vulnerabilities
http://cxsecurity.com/issue/WLB-2012090198

Tariq Rauf SQL Injection
http://cxsecurity.com/issue/WLB-2012090197

Rocket Web Consulting SQL Injection
http://cxsecurity.com/issue/WLB-2012090196

NW7Design SQL Injection
http://cxsecurity.com/issue/WLB-2012090195

Zen Load Balancer Two Information Disclosure Security Issues
http://secunia.com/advisories/50690/

Fortinet FortiOS (FortiGate) Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50638/

Manhali "f" Arbitrary File Disclosure Vulnerability
http://secunia.com/advisories/50570/

Zend Framework Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50682/

Avaya Aura Session Manager OpenSSL Two Vulnerabilities
http://secunia.com/advisories/50678/

Avaya Application Enablement Services Two Vulnerabilities
http://secunia.com/advisories/50712/

Avaya Aura Communication Manager Multiple Vulnerabilities
http://secunia.com/advisories/50684/

Avaya Voice Portal Multiple Vulnerabilities
http://secunia.com/advisories/50614/

Avaya Aura System Manager X.Org xserver File Locking Weakness
http://secunia.com/advisories/50675/

iFOBS Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50603/

Ubuntu update for dbus
http://secunia.com/advisories/50710/

Red Hat update for Red Hat Enterprise MRG
http://secunia.com/advisories/50697/

Cumin Multiple Vulnerabilities
http://secunia.com/advisories/50660/

eSyndiCat Pro Multiple Cross Site Scripting Vulnerabilities
2012-09-22
http://www.securityfocus.com/bid/50822

Linux Kernel SFC Driver CVE-2012-3412 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54763

Linux Kernel 'rds_recvmsg()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54702

HP SiteScope UploadFilesHandler Directory Traversal Vulnerability
http://www.securityfocus.com/bid/55273

KVM CVE-2012-2121 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53162

Linux Kernel 'madvise_remove()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/55151

Adobe Flash Player and AIR APSB12-19 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/55136

Adobe Flash Player and AIR CVE-2012-4171 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55365

Adobe Flash Player CVE-2012-1535 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55009

Drupal Password Policy Module Cross Site Request Forgery and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/51385

Drupal Search Autocomplete Module Database API SQL Injection Vulnerability
http://www.securityfocus.com/bid/51667

Drupal Admin:hover Module Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/51388

Drupal Taxotouch Module Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51384

Drupal Taxonomy Navigator Module Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51387

FlashFXP Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/52259

Hitachi JP1/Cm2/Network Node Manager i Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/52205

deV!L`z Clanportal Witze Addon 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52286

Mercury MR804 Router Multiple HTTP Header Fields Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/52106

starCMS 'q' Parameter URI Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52262

Ricoh Company DC Software DL-10 'USER' Command Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52235

Caminova DjVu Browser Plug-in 'npdjvu.dll' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51675

RivetTracker Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/52283

AneCMS 'index.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/52272

Drupal Fill PDF Module Security Bypass and Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/51288

Microsoft Internet Explorer Image Arrays Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55562

NX Web Companion Applet Handling Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/51676

Drupal Support Timer Module Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50873

Drupal Supercron Module Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51383

Drupal Webform Validation Module Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50872

e107 CMS jbShop Plugin 'item_id' SQL Injection Vulnerability
http://www.securityfocus.com/bid/50438

Infoblox NetMRI Admin Login Page Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50646

OrderSys 'where_clause' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/50550

Online Subtitles Workshop 'video_comments.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/50382

HP Network Node Manager i Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50806

WordPress 1-jquery-photo-gallery-slideshow-flash Plugin Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50860

WordPress Skysa App Bar Plugin 'idnews' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50824

WordPress Lanoba Social Plugin 'action' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50746

WordPress ClickDesk Live Support Plugin 'cdwidget' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50778

Drupal Support Ticketing System Module Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50871

Drupal Vote up/down Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/51376

Drupal Date Module SQL Injection Vulnerability
http://www.securityfocus.com/bid/51378

Timesheet Next Gen Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/52270

KnowledgeTree Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/51373

Drupal Submenu Tree Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52226

Social Book Facebook Clone 2010 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50840

Drupal Hierarchical Select Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52228

Drupal Taxonomy Views Integrator Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/52227

Drupal Managesite Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51669

Cumin Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/55618

Linux Kernel FSGEOMETRY_V1 IOCTL Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46417

Condor Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55632

X.Org X11 File Enumeration Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50193

Linux Kernel Request Handling 'cm.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/46839

Linux Kernel 'inet_diag_bc_audit()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/48333

Linux Kernel Bluetooth 'l2cap_sock.c' and 'rfcomm/sock.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/48441

Linux Kernel EFI Partition Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47796

Red Hat Linux Kernel VLAN Packets Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/48907

Xen Instruction Emulation During VM Exits Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/48610

Linux Kernel 'agp_ioctl()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47534

Linux Kernel 'agp_ioctl()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47843

Linux Kernel 'agp_allocate_memory/agp_create_user_memory' Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/47535

Linux Kernel 'ib_uverbs_poll_cq()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46488

Linux Kernel 'next_pidmap()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47497

Linux Kernel SCTP INIT/INIT-ACK Chunk Length Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/47308

Linux Kernel Signal Code Spoofing Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47003

Linux Kernel 'ib_uverbs_poll_cq()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/46073

Microsoft Internet Explorer cloneNode Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55647

Microsoft Internet Explorer Layout Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55646

Microsoft Internet Explorer Event Listener Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55645

Toshiba ConfigFree 'CF7' File Multiple Stack Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/55644

Toshiba ConfigFree 'CF7' File Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/55643

Microsoft Internet Explorer OnMove Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55641

Monkey HTTP Daemon Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55639

ZEN Load Balancer Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55638

Zend Framework Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55636

2012年9月21日金曜日

21日 金曜日、先勝


+ CESA-2012:1269 Moderate CentOS 6 qpid Update
http://lwn.net/Alerts/517123/

+ CESA-2012:1288 Moderate CentOS 6 libxml2 Update
http://lwn.net/Alerts/517124/

+ UPDATE: HPSBMU02815 SSRT100715 rev.3 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03489683%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ GCC 4.7.2 released
http://gcc.gnu.org/gcc-4.7/changes.html

+ Microcart CVE-2012-4241 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4241

+ Linux Kernel 'request_module() OOM' Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/55361
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398

Advisory: Shh/Updater-B False positives
http://www.sophos.com/en-us/support/knowledgebase/118311.aspx

IPA テクニカルウォッチ
製品の品質を確保する「セキュリティテスト」に関するレポート
~修正費用の低減につながるセキュリティテスト「ファジング」の活用方法とテスト期間に関する考察~
http://www.ipa.go.jp/about/technicalwatch/20120920.html

プロティビティ、セキュリティ対応の組織作りを支援するコンサルを体系化
http://itpro.nikkeibp.co.jp/article/NEWS/20120920/424125/?ST=security

アノニマスの自称代弁者、チャット中に逮捕
http://itpro.nikkeibp.co.jp/article/NEWS/20120921/424182/?ST=security

日本マイクロソフト、9月22日にIEの修正プログラム緊急公開を予告
http://itpro.nikkeibp.co.jp/article/NEWS/20120920/424061/?ST=security

Eの危険な脆弱性を修正するパッチ、9月22日に緊急リリース
「Fix it」での対策ツールは既に公開
http://itpro.nikkeibp.co.jp/article/NEWS/20120920/423921/?ST=security

JVNTA12-262A Internet Explorer への攻撃に関する Microsoft Security Advisory (2757760) 公開
http://jvn.jp/cert/JVNTA12-262A/

JVNVU#480095 Internet Explorer に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU480095/

JVNDB-2012-004490 Ricoh DC Software DL-10 の SR10 FTP サーバーにおけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004490.html

JVNDB-2012-004489 deV!L'z Clanportal 用 Witze アドオンにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004489.html

JVNDB-2012-004488 Mercury MR804 ルータにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004488.html

JVNDB-2012-004487 starCMS の index.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004487.html

JVNDB-2012-004486 AneCMS の acp/index.php におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004486.html

JVNDB-2012-004485 LimeSurvey の admin/userrighthandling.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004485.html

JVNDB-2012-004484 LimeSurvey の admin/admin.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004484.html

JVNDB-2012-004483 RivetTracker における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004483.html

JVNDB-2012-004482 RivetTracker の torrent_functions.php における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004482.html

JVNDB-2012-004480 Apache Wicket におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004480.html

JVNDB-2012-004479 Timesheet Next Gen の login.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004479.html

JVNDB-2012-004478 (JVNVU#459446) PayPal Website Payments Standard を使用している osCommerce Online Merchant に検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004478.html

JVNDB-2012-003878 GIMP の GIF 画像形式用プラグインにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003878.html

JVNDB-2012-003877 GNU C Library の stdlib における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003877.html

JVNDB-2012-003777 libotr におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003777.html

JVNDB-2012-003775 Calligra の Microsoft インポートフィルタにおけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003775.html

JVNDB-2012-003776 KOffice の Microsoft インポートフィルタにおけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003776.html

JVNDB-2012-004477 Moodle の course/reset.php におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004477.html

JVNDB-2012-004476 Moodle の lib/filelib.php における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004476.html

JVNDB-2012-004475 Moodle の theme/yui_combo.php におけるインストールパスを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004475.html

JVNDB-2012-004474 Moodle の webservice/lib.php における任意の外部サービスを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004474.html

JVNDB-2012-004473 Moodle における機能制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004473.html

JVNDB-2012-004472 Moodle の repository/repository_ajax.php におけるアップロードサイズの制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004472.html

JVNDB-2012-004471 Mailtraq におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004471.html

JVNDB-2012-004470 SmarterMail におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004470.html

JVNDB-2012-004468 Novell GroupWise の GWIA の gwia.exe における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004468.html

JVNDB-2012-004467 Novell GroupWise の GWIA 内の gwwww1.dll におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004467.html

JVNDB-2012-004459 libgio における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004459.html

JVNDB-2012-004458 OpenStack Keystone における取り消されたロールの特権を保持される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004458.html

JVNDB-2012-004457 International Color Consortium Format library における整数アンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004457.html

JVNDB-2012-004456 FlexCMS におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004456.html

JVNDB-2012-004453 HP Operations Orchestration における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004453.html

JVNDB-2012-004452 FreeRADIUS の cbtls_verify 関数におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004452.html

JVNDB-2012-004451 libdbus における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004451.html

JVNDB-2012-004397 (JVNVU#480095) (JVNTA12-262A) Internet Explorer に任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004397.html

JVNDB-2012-004450 Siemens WinCC の WebNavigator におけるユーザ名およびパスワードを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004450.html

JVNDB-2012-004449 Siemens WinCC の WebNavigator における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004449.html

JVNDB-2012-004448 Siemens WinCC の WebNavigator におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004448.html

JVNDB-2012-004447 Siemens WinCC の WebNavigator におけるファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004447.html

JVNDB-2012-004446 Siemens WinCC の WebNavigator におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004446.html

JVNDB-2012-000087 (JVN#56373673) myLittleAdmin for SQL server 2000 における任意のスクリプトが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000087.html

JVNDB-2012-000086 (JVN#50701493) Email Anti-virus(旧名称:Webshield SMTP)におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000086.html

JVNDB-2012-004437 Webfolio CMS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004437.html

JVNDB-2012-004436 (JVNVU#471364) Trend Micro InterScan Messaging Security Suite におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004436.html

JVNDB-2012-004435 (JVNVU#471364) Trend Micro InterScan Messaging Security Suite におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004435.html

JVNDB-2012-004434 NetWin SurgeMail におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004434.html

JVNDB-2012-004433 Oxwall の ow_updates/index.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004433.html

JVNDB-2012-004431 ImgPals Photo Host の approve.php における管理者のアクティベーションを変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004431.html

JVNDB-2012-004430 ImgPals Photo Host の approve.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004430.html

JVNDB-2012-004429 ASUS Net4Switch 用 ipswcom.dll ActiveX コンポーネントにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004429.html

JVNDB-2012-004428 Endian Firewall におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004428.html

JVNDB-2012-004427 Flogr の index.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004427.html

JVNDB-2012-004426 Beaker における重要なセッションデータの一部を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004426.html

JVNDB-2012-004425 Kayako Fusion におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004425.html

JVNDB-2012-004424 TestLink におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004424.html

JVNDB-2012-004423 Bugbear Entertainment FlatOut におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004423.html

JVNDB-2012-004422 StoryBoard Quick におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004422.html

JVNDB-2012-004421 Oracle Formula One ActiveX コントロールにおけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004421.html

JVNDB-2012-004420 KnFTP におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004420.html

JVNDB-2012-004419 Free MP3 CD Ripper におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004419.html

JVNDB-2012-004418 VanDyke Software AbsoluteFTP におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004418.html

JVNDB-2012-004417 GOM Player におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004417.html

JVNDB-2012-004416 Tor の common/util.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004416.html

JVNDB-2012-004415 Tor の or/policies.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004415.html

JVNDB-2012-004414 WordPress の wp-admin/plugins.php におけるプラグインを変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004414.html

JVNDB-2012-004413 WordPress の wp-includes/class-wp-atom-server.php におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004413.html

JVNDB-2012-004395 (JVNVU#389795) Windows Phone 7 に SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004395.html

JVNDB-2012-004396 (JVNVU#591667) Endpoint Protector 4 の認証機能に脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004396.html

JVNDB-2012-004412 Cisco IOS の SSLVPN の実装におけるサービス運用妨害 (デバイスクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004412.html

JVNDB-2012-004411 Cisco IOS の SSLVPN の実装におけるサービス運用妨害 (デバイスクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004411.html

JVNDB-2012-004410 複数の Cisco 製品で使用される Cisco ACE モジュールにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004410.html

JVNDB-2012-004409 Cisco IOS の DMVPN トンネルの実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004409.html

JVNDB-2012-004407 Cisco IPS 4200 シリーズセンサー上で稼働する sensorApp におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004407.html

JVNDB-2012-004406 Cisco IOS におけるサービス運用妨害 (デバイスクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004406.html

JVNDB-2012-004405 Cisco IOS の FlexVPN の実装におけるサービス運用妨害 (スポーククラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004405.html

JVNDB-2012-004404 Cisco Unity Connection におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004404.html

JVNDB-2012-004403 Linux 上の Cisco AnyConnect Secure Mobility Client における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004403.html

JVNDB-2012-004402 Cisco AnyConnect Secure Mobility Client における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004402.html

JVNDB-2012-004401 Cisco IOS におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004401.html

JVNDB-2012-004400 Cisco Unity Connection におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004400.html

JVNDB-2012-004399 Cisco VPN Client における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004399.html

JVNDB-2012-004398 Cisco Nexus 7000 シリーズスイッチ上で稼働する Cisco NX-OS におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004398.html

JVNDB-2012-004394 複数の製品で使用される SPDY プロトコルにおける平文の HTTP ヘッダを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004394.html

JVNDB-2012-004393 複数の製品で使用される TLS プロトコルにおける平文の HTTP ヘッダを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004393.html

JVNDB-2012-004392 Apache HTTP Server 用 mod_pagespeed モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004392.html

JVNDB-2012-004391 Apache HTTP Server 用 mod_pagespeed モジュールにおける HTTP リクエストを誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004391.html

JVNDB-2012-004390 IBM AIX および VIOS の NFSv4 クライアントの実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004390.html

JVNDB-2012-004389 bitcoind および Bitcoin-Qt におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004389.html

JVNDB-2012-004388 bitcoind および Bitcoin-Qt におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004388.html

JVNDB-2012-004387 Android 上で稼働する Google Chrome における Cookie 情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004387.html

JVNDB-2012-004386 Android 上で稼働する Google Chrome における同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004386.html

JVNDB-2012-004385 Android 上で稼働する Google Chrome における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004385.html

JVNDB-2012-004384 Android 上で稼働する Google Chrome における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004384.html

JVNDB-2012-004383 Android 上で稼働する Google Chrome におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004383.html

JVNDB-2012-004382 Android 上で稼働する Google Chrome におけるクロスアプリケーションスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004382.html

JVNDB-2012-004381 Android 上で稼働する Google Chrome における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004381.html

JVNDB-2012-004380 ISC BIND におけるサービス運用妨害 (表明違反および named デーモンの終了) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004380.html

JVNDB-2012-004379 ISC DHCP におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004379.html

JVNDB-2012-004378 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004378.html

JVNDB-2012-004377 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004377.html

JVNDB-2012-004376 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004376.html

JVNDB-2012-004375 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004375.html

JVNDB-2012-004374 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004374.html

JVNDB-2012-004373 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004373.html

JVNDB-2012-004372 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004372.html

JVNDB-2012-004371 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004371.html

JVNDB-2012-004370 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004370.html

JVNDB-2012-004369 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004369.html

JVNDB-2012-004368 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004368.html

JVNDB-2012-004367 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004367.html

JVNDB-2012-004366 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004366.html

JVNDB-2012-004365 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004365.html

JVNDB-2012-004364 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004364.html

JVNDB-2012-004363 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004363.html

JVNDB-2012-004362 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004362.html

JVNDB-2012-004361 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004361.html

JVNDB-2012-004360 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004360.html

JVNDB-2012-004359 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004359.html

JVNDB-2012-004358 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004358.html

JVNDB-2012-004357 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004357.html

JVNDB-2012-004356 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004356.html

JVNDB-2012-004355 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004355.html

JVNDB-2012-004354 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004354.html

JVNDB-2012-004353 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004353.html

JVNDB-2012-004352 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004352.html

JVNDB-2012-004351 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004351.html

JVNDB-2012-004350 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004350.html

JVNDB-2012-004349 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004349.html

JVNDB-2012-004348 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004348.html

JVNDB-2012-004347 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004347.html

JVNDB-2012-004346 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004346.html

JVNDB-2012-004345 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004345.html

JVNDB-2012-004344 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004344.html

JVNDB-2012-004343 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004343.html

JVNDB-2012-004342 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004342.html

JVNDB-2012-004341 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004341.html

JVNDB-2012-004340 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004340.html

JVNDB-2012-004339 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004339.html

JVNDB-2012-004338 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004338.html

JVNDB-2012-004337 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004337.html

JVNDB-2012-004336 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004336.html

JVNDB-2012-004335 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004335.html

JVNDB-2012-004334 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004334.html

JVNDB-2012-004333 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004333.html

JVNDB-2012-004332 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004332.html

JVNDB-2012-004331 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004331.html

JVNDB-2012-004330 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004330.html

JVNDB-2012-004329 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004329.html

JVNDB-2012-004328 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004328.html

Apple iOS Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Information and Local Users Bypass Security Restrictions
http://www.securitytracker.com/id/1027552

Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027551

Apple Safari Bugs Let Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code
http://www.securitytracker.com/id/1027550

IE Fixes Available
http://isc.sans.edu/diary.html?storyid=14134

Apple and Cisco Security Advisories 19 SEP 2012
http://isc.sans.edu/diary.html?storyid=14143

Financial sector advisory: attacks and threats against financial institutions
http://isc.sans.edu/diary.html?storyid=14146

WordPress WP-TopBar Plugin Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/50693/

Apache CXF SOAP Action Validation Vulnerability
http://secunia.com/advisories/50664/

WordPress MF Gig Calendar Plugin URL Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50571/

Condor Multiple Vulnerabilities
http://secunia.com/advisories/50666/

Red Hat update for kernel-rt
http://secunia.com/advisories/50696/

Red Hat update for qpid
http://secunia.com/advisories/50699/

Drupal Imagemenu Module Image Filename Script Insertion Vulnerability
http://secunia.com/advisories/50683/

Drupal Spambot Module stopforumspam.com API Script Insertion Vulnerability
http://secunia.com/advisories/50670/

Drupal PRH Search Module Script Insertion Vulnerability
http://secunia.com/advisories/50672/

Red Hat update for Red Hat Enterprise MRG
http://secunia.com/advisories/50602/

SUSE update for rubygem-actionpack and rubygem-activesupport
http://secunia.com/advisories/50694/

Red Hat update for Red Hat Enterprise MRG
http://secunia.com/advisories/50602/

Drupal FileField Sources Module Filename Script Insertion Vulnerability
http://secunia.com/advisories/50688/

Apache Qpid Incomplete Client Connection Handling Broker Denial of Service Vulnerability
http://secunia.com/advisories/50573/

SUSE update for ghostscript
http://secunia.com/advisories/50662/

Cisco Secure Desktop WebLaunch Vulnerability
http://secunia.com/advisories/50669/

Ubuntu update for kernel
http://secunia.com/advisories/50652/

Ubuntu update for kernel
http://secunia.com/advisories/50633/

Apple iOS Multiple Vulnerabilities
http://secunia.com/advisories/50628/

Apple Mac OS X Multiple Vulnerabilities
http://secunia.com/advisories/50628/

Webify Multiple Products File Deletion Vulnerability
http://secunia.com/advisories/50524/

Apple Safari for Mac OS X Multiple Vulnerabilities
http://secunia.com/advisories/50577/

Apache CXF SOAP Action Spoofing Attacks
http://cxsecurity.com/issue/WLB-2012090201

AShop 5.3.4 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012090200

cgCraft llc SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090199

Jessica Rhaye Design <= Cross Site Scripting Vulnerabilities
http://cxsecurity.com/issue/WLB-2012090198

Tariq Rauf SQL Injection
http://cxsecurity.com/issue/WLB-2012090197

Rocket Web Consulting SQL Injection
http://cxsecurity.com/issue/WLB-2012090196

NW7Design SQL Injection
http://cxsecurity.com/issue/WLB-2012090195

GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
http://www.securityfocus.com/bid/52201

X.Org X11 File Enumeration Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50193

libxml2 Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52107

OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764

OpenLDAP Weak Cipher Encryption Security Weakness
http://www.securityfocus.com/bid/53823

Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/47820

ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53772

libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729

HP SiteScope Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55269

Drupal Read More Link Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/52340

Drupal Data Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52337

Drupal Node Recommendation Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52343

Piwik Unspecified PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/48352

Drupal Multisite Search Module SQL Injection Vulnerability
http://www.securityfocus.com/bid/52342

Drupal UC PayDutchGroup / WeDeal payment Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52344

Drupal Block Class Module 'Class' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/52341

Drupal Webform Module Radio Buttons Checkboxes HTML Injection Vulnerability
http://www.securityfocus.com/bid/52345

Microcart CVE-2012-4241 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55620

libdbus 'DBUS_SYSTEM_BUS_ADDRESS' Variable Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55517

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49778

libTIFF CVE-2012-1173 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52891

Apple iPhone/iPad/iPod touch Prior to iOS 6 Multiple Vulnerabilities
http://www.securityfocus.com/bid/55612

Apple Mac OS X Security Update 2012-004 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55623

PHP '_php_stream_scandir()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54638

PHP 'phar/tar.c' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47545

PHP CVE-2012-1172 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/53403

PHP CVE-2012-0831 'magic_quotes_gpc' Directive Security Bypass Weakness
http://www.securityfocus.com/bid/51954

PHP 'php-cgi' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53388

Apple iPhone/iPad/iPod touch Prior to iOS 5.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/52364

ISC BIND 9 Recursive Queries Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50690

Apple Mac OS X CVE-2012-0652 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/53457

Apple QuickTime Prior To 7.7.2 RLE Files Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53579

Apple QuickTime Prior To 7.7.2 'sean' Atoms Integer Overflow Vulnerability
http://www.securityfocus.com/bid/53582

Apple QuickTime Prior To 7.7.2 '.pict' Files Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53584

Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51705

Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49957

Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50494

libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52049

libpng 'png_set_text_2()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52830

Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407

Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51706

Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
http://www.securityfocus.com/bid/50802

International Components for Unicode '_canonicalize( )' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51006

WebKit Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54680

WebKit Multiple Unspecified Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55534

Google Chrome Prior to 20.0.1132.57 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54386

Google Chrome Prior to 20.0.1132.43 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54203

Google Chrome Prior to 19.0.1084.52 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53679

Microsoft Internet Explorer Image Arrays Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55562

Apache Qpid (qpidd) Denial of Service Vulnerability
http://www.securityfocus.com/bid/55608

Linux Kernel 'request_module() OOM' Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/55361

Google Chrome Prior to 17.0.963.56 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52031

Google Chrome Prior to 16.0.912.75 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51300

Google Chrome Prior to 15.0.874.102 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/50360

Teiid JDBC Man in the Middle Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55634

WebKit for Apple iOS 6 for Developer Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55631

AShop 'language' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55630

Manhali 'f' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/55629

Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
http://www.securityfocus.com/bid/55628

openCryptoki Multiple Insecure File Creation Vulnerabilities
http://www.securityfocus.com/bid/55627

WordPress MF Gig Calendar Plugin CVE-2012-4242 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55622

Technicolor THOMSON TWG850-4 HTTP Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/55621

Poweradmin 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55619

2012年9月20日木曜日

20日 木曜日、赤口


+ RHSA-2012:1269 Moderate: qpid security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-1269.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2145

+ About the security content of Safari 6.0.1
http://support.apple.com/kb/HT5502

+ About the security content of OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004
http://support.apple.com/kb/HT5501

+ About the security content of iOS 6
http://support.apple.com/kb/HT5503

+ CESA-2012:1288 Moderate CentOS 5 libxml2 Update
http://lwn.net/Alerts/516912/

+ UPDATE: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac

+ UPDATE: HPSBMU02815 SSRT100715 rev.2 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03489683%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX02729 SSRT100687 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03105548%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Multiple vulnerabilities in Wireshark
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4049

+ Multiple vulnerabilities in Wireshark
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2394

+ CVE-2011-2524 Directory traversal vulnerability in libsoup
https://blogs.oracle.com/sunsecurity/entry/cve_2011_2524_directory_traversal
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2524

+ CVE-2012-2763 Buffer overflow vulnerability in Gimp
https://blogs.oracle.com/sunsecurity/entry/cve_2012_2763_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2763

+ CVE-2012-3236 Buffer overflow vulnerability in Gimp
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3236_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3236

+ Multiple vulnerabilities in Oracle Java Web Console
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022

+ Multiple vulnerabilities in Oracle Java Web Console
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022

+ Multiple vulnerabilities in Pidgin
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_pidgin1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4603
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1178

+ Multiple vulnerabilities in Firefox web browser
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_firefox_web1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0479

+ Linux kernel 3.2.30 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30

+ Cisco Secure Desktop CVE-2012-4655 Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/55606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4655

+ Cisco IOS SSLVPN Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/55604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3924

+ Cisco Identity Services Engine CVE-2012-3908 Multiple Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/55602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3908

Check Point response to "Check Point GO Vulnerabilities report"
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk79500&src=securityAlerts

Advisory: Shh/Updater-B False positives
http://www.sophos.com/en-us/support/knowledgebase/118311.aspx

US-CERT Alert TA12-262A - Microsoft Security Advisory for Internet Explorer Exploit
http://www.derkeiler.com/Mailing-Lists/Cert/2012-09/msg00002.html

Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00090.html

[SECURITY] [DSA 2550-1] asterisk security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00089.html

プレス発表
官民の情報セキュリティコンテンツを集約したポータルサイト「ここからセキュリティ!」を公開
~被害への対処、対策方法など、情報セキュリティの知りたい情報はここから入手可能~
http://www.ipa.go.jp/about/press/20120919.html

シマンテックがセキュリティソフトの新版、マルチOS対応製品も用意
1製品にWindows/Mac/Android用ソフトを同こん、Windows 8にも対応
http://itpro.nikkeibp.co.jp/article/NEWS/20120920/423762/?ST=security

情報セキュリティと国家のセキュリティは不可分、サイバー戦争に日本政府が打つ手は?
http://itpro.nikkeibp.co.jp/article/Watcher/20120918/423301/?ST=security

Javaゼロデイ脆弱性とBlackhole攻撃ツール
http://itpro.nikkeibp.co.jp/article/COLUMN/20120919/423492/?ST=security

ウイルス新時代に備える
[対策編]脆弱性解消と心構えが重要
http://itpro.nikkeibp.co.jp/article/COLUMN/20120912/422365/?ST=security

JVNVU#459446 PayPal Website Payments Standard を使用している osCommerce Online Merchant に検証不備の脆弱性
http://jvn.jp/cert/JVNVU459446/

JVNVU#480095 Internet Explorer に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU480095/

JVNTA12-262A Internet Explorer への攻撃に関する Microsoft Security Advisory (2757760) 公開
http://jvn.jp/cert/JVNTA12-262A/

Script kiddie scavenging with Shellbot.S
http://isc.sans.edu/diary.html?storyid=14116

Volatility: 2.2 is Coming Soon
http://isc.sans.edu/diary.html?storyid=14125

Sophos detecting itself as SHH/Updater-B
http://isc.sans.edu/diary.html?storyid=14131

HP SiteScope Bugs in SiteScope SOAP Feature Let Remote Users Obtain Information and Execute Arbitrary Code
http://www.securitytracker.com/id/1027547

Trend Micro InterScan Messaging Security Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1027544

OpenJPEG Heap Overflow in j2k_read_cox() Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027542

Cisco IOS SSLVPN Denial of Service Vulnerability
http://secunia.com/advisories/50676/

WordPress Answer My Question Plugin "user_name" and "subject" Script Insertion Vulnerabilities
http://secunia.com/advisories/50655/

osCommerce Website Payments Standard Module Merchant Email Address Security Bypass
http://secunia.com/advisories/50640/

WordPress Purity Theme Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50627/

Cisco Nexus 7000 Series NX-OS ARP Packet Handling Denial of Service
http://secunia.com/advisories/50671/

Cisco Identity Services Engine Cross-Site Request Forgery
http://secunia.com/advisories/50680/

LuxCal Web Calendar Multiple Vulnerabilities
http://secunia.com/advisories/50597/

Ubuntu update for isc-dhcp and dhcp3
http://secunia.com/advisories/49084/

SUSE update for otrs
http://secunia.com/advisories/50615/

SUSE update for chromium
http://secunia.com/advisories/50667/

Red Hat update for java-1.7.0-ibm
http://secunia.com/advisories/50629/

Red Hat update for libxml2
http://secunia.com/advisories/50658/

Novo Knowledge Base Enterprise Edition SQL Injection Vulnerability
http://secunia.com/advisories/50575/

Debian update for asterisk
http://secunia.com/advisories/50687/

Ubuntu update for gnupg and gnupg2
http://secunia.com/advisories/50639/

TorrentTrader Multiple Vulnerabilities
http://secunia.com/advisories/50657/

SUSE update for java-1_5_0-ibm
http://secunia.com/advisories/50585/

Ubuntu update for kernel
http://secunia.com/advisories/50677/

SUSE update for kvm
http://secunia.com/advisories/50689/

SumatraPDF Document Processing Two Vulnerabilities
http://secunia.com/advisories/50656/

Google SketchUp SKP File Processing Vulnerability
http://secunia.com/advisories/50663/

WinTR Unspecified Directory Traversal Vulnerability
http://secunia.com/advisories/50668/

MF Gig Calendar Wordpress Plugin Cross-Site Scripting
http://cxsecurity.com/issue/WLB-2012090190

Microcart 1.0 _Admin Cross-Site Scripting Security Vulnerability
http://cxsecurity.com/issue/WLB-2012090189

SmarterMail Free 9.2 stored XSS
http://cxsecurity.com/issue/WLB-2012090188

FreeSWITCH remote denial of service vulnerability
http://cxsecurity.com/issue/WLB-2012090187

LFSQ CMS Easy Login Vulnerability
http://cxsecurity.com/issue/WLB-2012090186

Symantec Messaging Gateway 9.5.3-3 Arbitrary File Download
http://cxsecurity.com/issue/WLB-2012090185

Symantec Messaging Gateway 9.5.3-3 Unauthorized SSH Access
http://cxsecurity.com/issue/WLB-2012090184

Symantec Messaging Gateway 9.5.3-3 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012090183

Symantec Messaging Gateway 9.5.3-3 Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012090182

Symantec Messaging Gateway 9.5.3-3 Disclosure
http://cxsecurity.com/issue/WLB-2012090181

Oracle Hyperion SFC 12.x Remote Heap Overflow poc
http://cxsecurity.com/issue/WLB-2012090180

poweradmin Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012090179

Wordpress Admin name Information Disclosure
http://cxsecurity.com/issue/WLB-2012090178

InforpolNET SQL Injection
http://cxsecurity.com/issue/WLB-2012090177

avcmedia Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090176

firstlink Cms Cross-Site Scripting Vulnerability
http://cxsecurity.com/issue/WLB-2012090175

Google Chrome Prior to 17.0.963.56 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52031

Google Chrome Prior to 16.0.912.75 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51300

Google Chrome Prior to 15.0.874.102 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/50360

Linux Kernel 'rds_recvmsg()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54702

Linux Kernel SFC Driver CVE-2012-3412 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54763

Korenix Jetport 5600 Series Default Credentials Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/55196

Google Chrome Prior to 17.0.963.65 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52271

Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49658

Apple Safari CVE-2012-0680 Security Bypass Vulnerability
http://www.securityfocus.com/bid/54688

Apple Mac OS X CVE-2011-3457 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/51808

Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49279

libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52049

libxml2 Invalid XPath Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/48056

International Components for Unicode '_canonicalize( )' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51006

libTIFF CVE-2012-1173 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52891

libTIFF ThunderCode Decoder Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46951

libpng 'png_set_text_2()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52830

libpng Malformed cHRM Divide-By-Zero Denial of Service Vulnerability
http://www.securityfocus.com/bid/49744

FreeType Versions Prior to 2.4.9 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52318

ICCLIB CVE-2012-4405 Out-of-Bounds Memory Write Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55494

Linux Kernel Key Management CVE-2012-2745 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54365

Linux Kernel 'madvise_remove()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/55151

WebKit SVG Images CVE-2012-3650 Uninitialized Memory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54703

WebKit Multiple Unspecified Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55534

WebKit International CVE-2012-3693 Domain Name URI Spoofing Vulnerability
http://www.securityfocus.com/bid/54693

WebKit CVE-2012-3691 Cross Origin Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54687

WebKit WebSockets CVE-2012-3696 HTTP Header Injection Vulnerability
http://www.securityfocus.com/bid/54700

WebKit CVE-2012-3695 Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/54695

Google Chrome Prior to 20.0.1132.43 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54203

Google Chrome Prior to 19.0.1084.52 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53679

WebKit Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54680

Google Chrome Prior to 17.0.963.83 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52674

Google Chrome Prior to 17.0.963.46 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51911

Google Chrome Prior to 16.0.912.77 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51641

Google Chrome Prior to 18.0.1025.168 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53309

Google Chrome Prior to 18.0.1025.142 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52762

Google Chrome Prior to 16.0.912.63 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51041

Google Chrome Prior to 18.0.1025.151 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52913

Google Chrome Prior to 19 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53540

Siemens SIMATIC S7-1200 SSL Private Key Reuse Spoofing Vulnerability
http://www.securityfocus.com/bid/55559

Apache QPID NullAuthenticator Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/54954

Mcrypt Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55425

Joomla! Language Switcher ModuleMultiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/54259

Oracle Java SE CVE-2012-1725 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53954

Oracle Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55213

Microsoft Internet Explorer Image Arrays Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55562

Oracle Java Runtime Environment CVE-2012-3136 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55337

Oracle Java SE CVE-2012-1721 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53959

Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952

Oracle Java SE CVE-2012-1719 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53950

Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53946

Oracle Java SE CVE-2012-1716 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53947

Oracle Java SE CVE-2012-1722 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53953

Oracle Java SE CVE-2012-1726 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53948

Oracle GlassFish Server Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53136

Oracle Java Runtime Environment CVE-2012-1682 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55336

Oracle Java SE CVE-2012-0547 Remote Java Runtime Environment Weakness
http://www.securityfocus.com/bid/55339

libxml2 Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52107

libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51084

Drupal Fonecta Verify Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55614

Drupal Spambot Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55613

Apple iPhone/iPad/iPod touch Prior to iOS 6 Multiple Vulnerabilities
http://www.securityfocus.com/bid/55612

Drupal PRH Search Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55611

Drupal Imagemenu Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55610

Apache Qpid (qpidd) Denial of Service Vulnerability
http://www.securityfocus.com/bid/55608

iFOBS 'regclientmain.jsp' Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55607

Cisco Secure Desktop CVE-2012-4655 Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/55606

Cisco IOS SSLVPN Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/55604

WordPress WP-TopBar Plugin HTML Injection and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/55603

Cisco Identity Services Engine CVE-2012-3908 Multiple Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/55602

WordPress Answer My Question Plugin Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55601

Cisco Nexus 7000 Series Switches NX-OS CVE-2012-3051 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55600

FreeSWITCH Route Header Value Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/55599