:: IT Security Neophyte Investigator's MEMO ::: 12日水曜日、友引

2012年9月12日水曜日

12日水曜日、友引

+ 2012 年 9 月のセキュリティ情報
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-sep

+ MS12-061 - 重要 Visual Studio Team Foundation Server の脆弱性により、特権が昇格される (2719584)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1892

+ MS12-062 - 重要 System Center Configuration Manager の脆弱性により、特権が昇格される (2741528)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2536

+ Thunderbird 15.0.1 released
http://www.mozilla.org/en-US/thunderbird/15.0.1/releasenotes/

+ RHSA-2012:1255 Moderate: libexif security update
http://rhn.redhat.com/errata/RHSA-2012-1255.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841

+ RHSA-2012:1256 Moderate: ghostscript security update
http://rhn.redhat.com/errata/RHSA-2012-1256.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4405

+ APSB12-21 Security update: Hotfix available for ColdFusion 10 and earlier
http://www.adobe.com/support/security/bulletins/apsb12-21.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2048

+ Microsoft Security Advisory (2736233) Update Rollup for ActiveX Kill Bits
http://technet.microsoft.com/en-us/security/advisory/2736233

+ Microsoft Security Advisory (2661254) Update For Minimum Certificate Key Length
http://technet.microsoft.com/en-us/security/advisory/2661254

+ マイクロソフトセキュリティアドバイザリ (2736233) ActiveX の Kill Bit 更新プログラムのロールアップ
http://technet.microsoft.com/ja-jp/security/advisory/2736233

+ Apache HTTP Server 2.2.23 released
http://www.apache.org/dist/httpd/Announcement2.2.html
http://www.apache.org/dist/httpd/CHANGES_2.2.23
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687

+ jetty-hightide 8.1.7, 7.6.7 released
http://dist.codehaus.org/jetty/jetty-hightide-8.1.7/
http://dist.codehaus.org/jetty/jetty-hightide-7.6.7/

+ UltraMonkey L7 3.0.4-2 released
http://sourceforge.jp/projects/ultramonkey-l7/releases/

VUPEN - Mozilla Firefox "nsHTMLEditRules" Remote Use-after-free (CVE-2012-3958 /
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00048.html

VUPEN - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free (CVE-2012-
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00047.html

VUPEN - Adobe Flash Player "Matrix3D" Integer Overflow Code Execution (APSB12-19)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00046.html

ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00045.html

Multiple vulnerabilities in Ezylog photovoltaic management server
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00044.html

[SE-2012-01] Security vulnerabilities in IBM Java
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00038.html

GreHack 2012 - 19th Oct. Grenoble, France - Call For [ Participation, Student Grants Applica
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00043.html

[ MDVSA-2012:150 ] java-1.6.0-openjdk
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00037.html

[PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00042.html

Wordpress Download Monitor - Download Page Cross-Site Scripting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00041.html

[SECURITY] [DSA 2545-1] qemu security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00036.html

[SECURITY] [DSA 2544-1] xen security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00035.html

[SECURITY] [DSA 2543-1] xen-qemu-dm-4.0 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00034.html

[SECURITY] [DSA 2542-1] qemu-kvm security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00033.html

nullcon CTF HackIM is on
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00040.html

[SECURITY] [DSA 2541-1] beaker security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00032.html

ESA-2012-032: RSA BSAFE(r) Micro Edition Suite Security Update for BEAST (Browser Exploit Ag
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00039.html

[SECURITY] [DSA 2540-1] mahara security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00031.html

JVNVU#143395 BIG-IP Application Security Manager にクロスサイトスクリプティングの脆弱性
http://jvn.jp/cert/JVNVU143395/index.html

キーウェアソリューションズ、細かくポリシーを設定できるDLPソフトを販売
http://itpro.nikkeibp.co.jp/article/NEWS/20120911/422133/?ST=security

イー・ポスト、20万円からのメールアーカイブ専用機を販売
http://itpro.nikkeibp.co.jp/article/NEWS/20120911/422064/?ST=security

テリロジー、標的型攻撃への「出口対策」クラウドを国内提供
http://itpro.nikkeibp.co.jp/article/NEWS/20120911/422001/?ST=security

アクアシステムズのDB監査ソフトに新版、Oracleに加えSQL Serverも対象に
http://itpro.nikkeibp.co.jp/article/NEWS/20120911/421949/?ST=security

AppleデバイスのUDID漏えい、流出元はFBIではなくデジタル出版会社
http://itpro.nikkeibp.co.jp/article/NEWS/20120911/421861/?ST=security

「何台でもインストール可能」、カスペルスキーの新セキュリティソフト
http://itpro.nikkeibp.co.jp/article/NEWS/20120911/421841/?ST=security

Microsoft September 2012 Black Tuesday Update - Overview
http://isc.sans.edu/diary.html?storyid=14071

Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027516

F5 BIG-IP Input Validation Flaw in Configuration Utility Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027515

RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027514

RSA BSAFE Micro Edition Suite Lets Remote Users Decrypt SSL/TLS Traffic
http://www.securitytracker.com/id/1027513

Microsoft System Center Configuration Manager Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027512

Microsoft Visual Studio Team Foundation Server Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027511

Mozilla Firefox "nsHTMLEditRules" Remote Use-after-free
http://cxsecurity.com/issue/WLB-2012090120

Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free
http://cxsecurity.com/issue/WLB-2012090119

Adobe Flash Player "Matrix3D" Integer Overflow Code Execution
http://cxsecurity.com/issue/WLB-2012090118

Binamic Web Design XSS
http://cxsecurity.com/issue/WLB-2012090117

RapidFire CMS Blind SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090116

FBDj Stats SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090115

Subrion CMS 2.2.1 Multiple Remote XSS POST Injection Vulnerabilities
http://cxsecurity.com/issue/WLB-2012090114

Subrion CMS 2.2.1 CSRF Add Admin Exploit
http://cxsecurity.com/issue/WLB-2012090113

Winamp MAKI Buffer Overflow
http://cxsecurity.com/issue/WLB-2012090112

PersianTools SQL Injection / Shell Upload
http://cxsecurity.com/issue/WLB-2012090111

Twig SQL Injection
http://cxsecurity.com/issue/WLB-2012090110

TamWeb SQL Injection
http://cxsecurity.com/issue/WLB-2012090109

akcms v4.2.4 Information Disclosure Vulnerability
http://cxsecurity.com/issue/WLB-2012090108

Oracle VM VirtualBox 4.1 Local DoS PoC
http://cxsecurity.com/issue/WLB-2012090107

EasyWebTime V.2007 CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012090106

Synthetix CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012090105

Sichkg CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012090104

Keralainfotech CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012090103

Detna CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012090102

Globi CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012090101

Shadow infosystem CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012090100

TAGWORX CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012090099

Mediachurch CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012090098

Jajitech IT Solutions CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012090097

System Center Configuration Manager Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50497/

Visual Studio Team Foundation Server Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50463/

Adobe ColdFusion Unspecified Denial of Service Vulnerability
http://secunia.com/advisories/50523/

WordPress Download Monitor Plugin "dlsearch" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50511/

ViciDial Asterisk GUI Client Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50518/

Ubuntu update for python-django
http://secunia.com/advisories/50567/

DTE Axiom Registration ID Verification Security Bypass
http://secunia.com/advisories/50508/

Ubuntu update for xmlrpc
http://secunia.com/advisories/50559/

Ubuntu update for ubiquity-slideshow-ubuntu
http://secunia.com/advisories/50563/

FreeRADIUS Client Certificate Verification Buffer Overflow Vulnerability
http://secunia.com/advisories/50484/

Siemens SIMATIC WinCC Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/50581/

Siemens SIMATIC WinCC Multiple Vulnerabilities
http://secunia.com/advisories/50568/

Ubuntu update for gimp
http://secunia.com/advisories/50564/

F5 BIG-IP ASM Traffic Overview Page Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50561/

libexif Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/54437

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3958 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55323

FreeRADIUS Multiple Stack Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/55483

Cisco AnyConnect Secure Mobility Client Downgrade Security Weaknesses
http://www.securityfocus.com/bid/54108

Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54107

Microsoft Windows Common Controls ActiveX Control CVE-2012-1856 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54948

libguac Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55497

Adobe Flash Player and AIR APSB12-19 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/55136

RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/55472

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49778

OpenSSL CVE-2012-2131 Encoded ASN.1 Data Incomplete Fix Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53212

OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158

Mcrypt Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55425

Nullsoft Winamp 'gen_ff.dll' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35052

RocketTheme RokModule Joomla! Component 'moduleid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/39378

RocketTheme RokModule Joomla! Component 'module' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/55477

Linux Kernel Reliable Datagram Sockets (RDS) CVE-2012-2372 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/54062

Bugzilla LDAP Injection and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/55349

Mozilla Firefox, SeaMonkey, and Thunderbird Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54582

Linux Kernel UDF Filesystem Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54279

Expat XML Parsing Multiple Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52379

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-1964 Clickjacking Vulnerability
http://www.securityfocus.com/bid/54581

Mozilla Firefox CVE-2012-1965 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54579

Mozilla Firefox CVE-2012-1966 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54577

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-1961 Clickjacking Vulnerability
http://www.securityfocus.com/bid/54584

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1959 Security Bypass Vulnerability
http://www.securityfocus.com/bid/54576

Mozilla Firefox/Thunderbird/Seamonkey MFSA 2012-42 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/54580

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1967 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/54573

Mozilla Firefox, SeaMonkey, and Thunderbird Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/54578

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1957 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54583

Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability
http://www.securityfocus.com/bid/54585

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1955 Location Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/54586

Symantec LiveUpdate Administrator Insecure File Permissions Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53903

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1958 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/54574

Subrion CMS Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55502

Oracle Java Virtual Machine (JVM) CVE-2012-4416 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55501

Adobe ColdFusion CVE-2012-2048 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55499

MariaDB CVE-2012-4414 Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/55498

Webify Blog Arbitrary File Deletion Vulnerability
http://www.securityfocus.com/bid/55496

IBM Java Multiple Unspecified Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55495

ICCLIB CVE-2012-4405 Out-of-Bounds Memory Write Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55494

Siemens SIMATIC WinCC Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/55493

Siemens SIMATIC WinCC Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55492

Microsoft System Center Configuration Manager CVE-2012-2536 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55430

Microsoft Visual Studio Team Foundation Server CVE-2012-1892 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55409

:: IT Security Neophyte Investigator's MEMO ::

2012年9月12日水曜日

12日水曜日、友引

0 件のコメント:

コメントを投稿

2012年9月12日水曜日

12日 水曜日、友引

0 件のコメント:

コメントを投稿

12日水曜日、友引