:: IT Security Neophyte Investigator's MEMO ::: 18日火曜日、仏滅

2012年9月18日火曜日

18日火曜日、仏滅

+ RHSA-2012:1283 Important: openjpeg security update
http://rhn.redhat.com/errata/RHSA-2012-1283.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3535

+ RHSA-2012:1284 Moderate: spice-gtk security update
http://rhn.redhat.com/errata/RHSA-2012-1284.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4425

+ CESA-2012:1266 Important CentOS 5 bind97 Update
http://lwn.net/Alerts/516280/

+ CESA-2012:1267 Important CentOS 5 bind Update
http://lwn.net/Alerts/516282/

+ CESA-2012:1268 Important CentOS 6 bind Update
http://lwn.net/Alerts/516283/

+ CESA-2012:1264 Moderate CentOS 5 postgresql Update
http://lwn.net/Alerts/516272/

+ CESA-2012:1263 Moderate CentOS 5 postgresql84 Update
http://lwn.net/Alerts/516274/

+ CESA-2012:1265 Important CentOS 5 libxslt Update
http://lwn.net/Alerts/516275/

+ CESA-2012:1261 Moderate CentOS 6 dbus Update
http://lwn.net/Alerts/516276/

+ CESA-2012:1265 Important CentOS 6 libxslt Update
http://lwn.net/Alerts/516278/

+ CESA-2012:1263 Moderate CentOS 6 postgresql Update
http://lwn.net/Alerts/516279/

+ HPSBMU02813 SSRT100712 rev.1 - HP Operations Orchestration, Remote Execution of Arbitrary Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03490339%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ RHSA-2012:1266 Important: bind97 security update
http://rhn.redhat.com/errata/RHSA-2012-1266.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4244

+ RHSA-2012:1267 Important: bind security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-1267.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4244

+ Linux kernel 3.5.4, 3.4.11, 3.0.43 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.11
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.43

+ Samba 3.6.8 Available for Download
http://www.samba.org/samba/history/samba-3.6.8.html

+ Sudo 1.8.6p2, 1.7.10p2 released
http://www.sudo.ws/sudo/stable.html#1.8.6p2
http://www.sudo.ws/sudo/stable.html#1.7.10p2

+ VU#480095 Microsoft Internet Explorer 7/8/9 contain a use-after-free vulnerability
http://www.kb.cert.org/vuls/id/480095

+ Microsoft Internet Explorer Image Arrays Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55562

+ Microsoft Windows Phone 7 SSL Certificate 'Common Name' Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/55569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2993

+ GNOME Shell Browser Plugin Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/55556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4427

UPDATE: Vulnerability in Citrix Receiver with Online Plug-in for Windows could result in arbitrary code execution
http://support.citrix.com/article/CTX134681

Multiple instances of the Sophos Anti-Virus for Mac OS X version 8.0.6 package are displayed in SUM
http://www.sophos.com/en-us/support/knowledgebase/118285.aspx

JVNVU#471364 InterScan Messaging Security Suite に複数の脆弱性
http://jvn.jp/cert/JVNVU471364/index.html

[Positive Research] Intel SMEP overview and partial bypass on Windows 8 (whitepaper)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00076.html

[waraxe-2012-SA#089] - Multiple Vulnerabilities in TorrentTrader 2.08
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00075.html

Secunia Research: Novell GroupWise iCalendar Date/Time Parsing Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00074.html

[IA38] NCMedia Sound Editor Pro v7.5.1 MRUList201202.dat File Handling Local Buffer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00073.html

[ MDVSA-2012:153 ] dhcp
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00063.html

[SECURITY] [DSA 2549-1] devscripts security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00062.html

[SECURITY] [DSA 2480-4] request-tracker3.8 regression update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00061.html

IPv6 Toolkit v1.2.3 released! (and upcoming IPv6 security trainings)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00072.html

[slackware-security] dhcp (SSA:2012-258-01)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00071.html

[slackware-security] patch (SSA:2012-257-02)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00069.html

[slackware-security] bind (SSA:2012-257-01)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00070.html

[INTREST SEC] Atlassian Confluence Wiki XSS Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00068.html

[SECURITY] [DSA 2548-1] tor security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00060.html

NeoBill CMS v0.8 Alpha - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00067.html

ASTPP VoIP Billing (4cf207a) - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00066.html

ipv6mon v1.0 released! (IPv6 address monitoring daemon)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00065.html

[ MDVSA-2012:152 ] bind
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00059.html

[SECURITY] [DSA 2548-1] Debian Security Team PGP/GPG key change notice
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00064.html

JVNDB-2012-004017 (JVNTA12-240A) Oracle Java SE の Java Runtime Environment (JRE) における AWT の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004017.html

JVNDB-2012-004019 (JVNTA12-240A) Oracle Java SE の Java Runtime Environment (JRE) における Beans の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004019.html

JVNDB-2012-004018 (JVNTA12-240A) Oracle Java SE の Java Runtime Environment (JRE) における Beans の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004018.html

JVNDB-2012-003918 (JVNTA12-240A) Oracle Java 7 に脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003918.html

JVNDB-2012-003802 phpMyAdmin の Database Structure ページにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003802.html

JVNDB-2012-003801 phpMyAdmin の show_config_errors.php における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003801.html

JVNDB-2012-003511 libvirt の virTypedParameterArrayClear 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003511.html

JVNDB-2012-003509 ImageMagick の coders/png.c の Magick_png_malloc 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003509.html

JVNDB-2012-003580 libpng の pngpread.c におけるサービス運用妨害 (out-of-bounds read) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003580.html

JVNDB-2012-003493 Puppet および Puppet Enterprise における重要な設定情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003493.html

JVNDB-2012-003933 Performance Co-Pilot におけるサービス運用妨害 (pmcd ハング) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003933.html

JVNDB-2012-003932 Performance Co-Pilot におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003932.html

JVNDB-2012-003931 Performance Co-Pilot における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003931.html

JVNDB-2012-003706 Wireshark の Ixia IxVeriWave ファイルパーサにおける整数符号エラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003706.html

JVNDB-2012-003930 Performance Co-Pilot の libpcp におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003930.html

JVNDB-2012-003705 Wireshark の GSM RLC MAC 解析機能におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003705.html

JVNDB-2012-003704 Wireshark の RTPS2 解析機能におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003704.html

JVNDB-2012-003579 Linux DiskQuota における hosts.deny の TCP Wrapper ルールを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003579.html

JVNDB-2012-003703 Wireshark の ERF 解析機能におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003703.html

JVNDB-2012-003702 Wireshark の ERF 解析機能におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003702.html

JVNDB-2012-003701 Wireshark の EtherCAT Mailbox 解析機能におけるサービス運用妨害 (アプリケーションの終了) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003701.html

JVNDB-2012-003700 Wireshark の STUN 解析機能におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003700.html

JVNDB-2012-003699 Wireshark の CIP 解析機能におけるサービス運用妨害 (メモリ消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003699.html

JVNDB-2012-003698 Wireshark の CTDB 解析機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003698.html

JVNDB-2012-003697 Wireshark の AFP 解析機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003697.html

JVNDB-2012-003696 Wireshark の XTP 解析機能における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003696.html

JVNDB-2012-003695 Wireshark の MongoDB 解析機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003695.html

JVNDB-2012-003694 Wireshark の pcap-ng ファイルパーサにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003694.html

JVNDB-2012-003693 Wireshark の DCP ETSI 解析機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003693.html

JVNDB-2012-003494 Puppet および Puppet Enterprise における巧妙に細工されたエージェント証明書に署名させられる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003694.html

JVNDB-2012-003492 Puppet および Puppet Enterprise におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003692.html

JVNDB-2012-003491 Puppet および Puppet Enterprise における任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003691.html

JVNDB-2012-004314 (JVNTA12-255A) Microsoft Systems Management Server および System Center Configuration Manager におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004314.html

JVNDB-2012-004313 (JVNTA12-255A) Microsoft Visual Studio Team Foundation Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004313.html

JVNDB-2012-004327 Cisco ASA-CX Context-Aware Security モジュールおよび Prime Security Manager におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004327.html

JVNDB-2012-004326 Cisco Unified Presence および Jabber Extensible Communications Platform におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004326.html

JVNDB-2012-003578 LibTIFF の tiff2pdf におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003578.html

JVNDB-2012-003878 GIMP の GIF 画像形式用プラグインにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003878.html

JVNDB-2012-003873 GIMP の KiSS CEL ファイルフォーマットプラグインにおけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003873.html

JVNDB-2012-003524 Linux Kernel におけるサービス運用妨害 (パニック) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003524.html

JVNDB-2012-003523 Linux Kernel におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003523.html

JVNDB-2012-003483 OpenOffice.org および LibreOffice におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003483.html

IE Zero Day is "For Real"
http://isc.sans.edu/diary.html?storyid=14107

What's on your iPad?
http://isc.sans.edu/diary.html?storyid=14110

Analyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
http://isc.sans.edu/diary.html?storyid=14092

Scam Report - Fake Voice Mail Email Notification Redirects to Malicious Site
http://isc.sans.edu/diary.html?storyid=14098

ISC Feature of the Week: Privacy Policy
http://isc.sans.edu/diary.html?storyid=14101

Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027538

Moodle Multiple Bugs Let Remote Authenticated Users Bypass Security Restrictions and Gain Elevated Privileges
http://www.securitytracker.com/id/1027537

Novell GroupWise Internet Agent Integer Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027536

MCrypt Stack Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027532

IBM AIX NFSv4 GID Enforcement Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027531

VU#591667 CoSoSys Endpoint Protector 4 appliance contains a predictable password for root-equivalent account vulnerability
http://www.kb.cert.org/vuls/id/591667

VU#389795 Windows Phone 7 does not check certificate Common Names when sending or receiving emails over SSL.
http://www.kb.cert.org/vuls/id/389795

LOCAL: NCMedia Sound Editor Pro v7.5.1 MRUList201202.dat File Handling Buffer Overflow
http://www.exploit-db.com/exploits/21331/

DoS/PoC: Novell Groupwise 8.0.2 HP3 and 2012 Integer Overflow Vulnerability
http://www.exploit-db.com/exploits/21326

Microsoft Internet Explorer execCommand Use-After-Free Exploit
http://cxsecurity.com/issue/WLB-2012090167

Netsweeper WebAdmin Portal CSRF & XSS & SQL Injection
http://cxsecurity.com/issue/WLB-2012090166

FreeWebshop 2.2.9 Cross Site Scripting & SQL Injection
http://cxsecurity.com/issue/WLB-2012090165

TorrentTrader 2.08 Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012090164

Webmin /file/show.cgi Remote Command Execution
http://cxsecurity.com/issue/WLB-2012090163

Joomla <= 1.0.9 Weblinks blind SQL injection / admin credentials
http://cxsecurity.com/issue/WLB-2012090162

SmartSniff DLL Hijacking Exploit (wpcap.dll)
http://cxsecurity.com/issue/WLB-2012090161

SEasyOfficeRecovery DLL Hijacking Exploit (dwmapi.dll)
http://cxsecurity.com/issue/WLB-2012090160

KnFTP 1.0.0 Server Remote Buffer Overflow Exploit USER command
http://cxsecurity.com/issue/WLB-2012090159

KnFTP FTP Server Multiple Commands Remote Buffer Overflow
http://cxsecurity.com/issue/WLB-2012090158

Free MP3 CD Ripper 2.6 (wav) Ruby PoC
http://cxsecurity.com/issue/WLB-2012090157

Free MP3 CD Ripper 2.6 (wav) stack buffer overflow PoC exploit
http://cxsecurity.com/issue/WLB-2012090156

Free MP3 CD Ripper 1.1 (WAV File) Stack Buffer Overflow
http://cxsecurity.com/issue/WLB-2012090155

AbsoluteFTP 1.9.6 - 2.2.10 Remote Buffer Overflow (LIST)
http://cxsecurity.com/issue/WLB-2012090154

Spiceworks 6.0.00993 Multiple Script Injection Vulnerabilities
http://cxsecurity.com/issue/WLB-2012090153

Sound Editor Pro v7.5.1 Stack-based Buffer Overflow
http://cxsecurity.com/issue/WLB-2012090152

XRIX SQL Injection Bug
http://cxsecurity.com/issue/WLB-2012090151

LuxCal v2.7.0 Multiple Remote Vulnerabilities
http://cxsecurity.com/issue/WLB-2012090150

libgio CVE-2012-4425 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55555

Microsoft Internet Explorer Image Arrays Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55562

Webmin Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/55446

WordPress Security Bypass And Unspecified Vulnerabilities
http://www.securityfocus.com/bid/55455

libdbus 'DBUS_SYSTEM_BUS_ADDRESS' Variable Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55517

OpenJPEG Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55214

Asterisk 'externalIVR' Application Shell Command Execution Security Bypass Vulnerability
http://www.securityfocus.com/bid/55351

Xen 'physdev_get_free_pirq' CVE-2012-3495 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55406

Xen CVE-2012-3515 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55413

Xen 'set_debugreg' CVE-2012-3494 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55400

Xen 'XENMEM_populate_physmap' CVE-2012-3496 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55412

Xen CVE-2012-4411 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/55442

Xen 'PHYSDEVOP_map_pirq' Index CVE-2012-3498 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55414

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1956 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55260

MoinMoin Virtual Group ACL Evaluation Security Bypass Vulnerability
http://www.securityfocus.com/bid/55391

ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55522

Netsweeper Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/54355

Atlassian Confluence Error Page Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55509

Blender Unspecified Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/28936

Expat XML Parsing Multiple Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52379

Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53946

PHP PDO Memory Access Violation Denial of Service Vulnerability
http://www.securityfocus.com/bid/54777

PHP 'header()' HTTP Header Injection Vulnerability
http://www.securityfocus.com/bid/55297

PHP '_php_stream_scandir()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54638

PHP 'main/SAPI.c' CVE-2012-4388 HTTP Header Injection Vulnerability
http://www.securityfocus.com/bid/55527

Novell GroupWise Internet Agent CVE-2012-0271 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/55551

ISC DHCP IPv6 Lease Expiration Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/55530

Multiple Products CVE-2012-3500 Temporary File Handling Security Vulnerability
http://www.securityfocus.com/bid/55358

Oracle Business Transaction Management Server Arbitrary File Write Vulnerability
http://www.securityfocus.com/bid/54839

NCMedia Sound Editor Pro 'MRUList201202.dat' File Local Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55579

minimal Gallery 'index.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55577

Netsweeper 'view_details.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/55576

Novell GroupWise Date/Time Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/55574

SpiceWorks Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55572

GnuPG Short Key ID Security Bypass Vulnerability
http://www.securityfocus.com/bid/55571

CoSoSys Endpoint Protector CVE-2012-2994 Predictable Password Generation Vulnerability
http://www.securityfocus.com/bid/55570

Microsoft Windows Phone 7 SSL Certificate 'Common Name' Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/55569

webERP 'WO' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/55568

FreeWebshop Multiple SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55567

OptiPNG Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55566

Moodle Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55565

Debian devscripts Multiple Arbitrary File Deletion and Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55564

IFOBS 'regclientprint.jsp' Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55561

Oracle Java SE CVE-2012-1719 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53950

Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951

Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952

Linux Kernel 'rds_recvmsg()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54702

Linux Kernel SFC Driver CVE-2012-3412 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54763

Linux Kernel 'madvise_remove()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/55151

Linux Kernel Key Management CVE-2012-2745 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54365

IOServer Directory Traversal Vulnerability
http://www.securityfocus.com/bid/55093

Mozilla Firefox CVE-2012-3973 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55308

Google Chrome Prior to 20.0.1132.43 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54203

MySQL Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51925

Google Chrome Prior to 17.0.963.46 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51911

RETIRED: MySQL 5.5.20 Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52154

Google Chrome Prior to 21.0.1180.89 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55331

libxslt 'generate-id()' Function Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47668

PostgreSQL 'xslt_process()' Function Arbitrary File Creation or Overwrite Vulnerability
http://www.securityfocus.com/bid/55072

libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729

PostgreSQL 'xml_parse()' Function Arbitrary File Access Vulnerability
http://www.securityfocus.com/bid/55074

PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52188

PostgreSQL 'SECURITY DEFINER' and 'SET' Attributes Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53812

D-Bus Message Byte Order Denial of Service Vulnerability
http://www.securityfocus.com/bid/48216

Xen CVE-2012-3433 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54942

Xen HVM Guest User Mode MMIO Emulation Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/54691

Xen PyGrub Kernel Decompression Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53650

Oracle Java SE CVE-2012-0547 Remote Java Runtime Environment Weakness
http://www.securityfocus.com/bid/55339

Oracle Java Runtime Environment CVE-2012-1682 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55336

OpenSLP 'SLPIntersectStringList()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/55540

qdPM Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/54022

udev Netlink Message Validation Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34536

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-3969 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55292

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3968 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55276

Mozilla Firefox/SeaMonkey/Thunderbird Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55311

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3970 Use-After-Free Memory CorruptionVulnerability
http://www.securityfocus.com/bid/55278

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-3972 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55310

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3960 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55325

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3961 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55321

Mozilla Firefox/Thunderbird CVE-2012-3974 Local Code Execution Vulnerability
http://www.securityfocus.com/bid/55312

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3963 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55340

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3962 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55342

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3956 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55320

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3958 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55323

GNU patch Path Name Directory Traversal Vulnerability
http://www.securityfocus.com/bid/46768

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1972 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55314

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3964 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55322

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1973 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55316

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-1971 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55264

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1976 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55319

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1974 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55317

Mozilla Firefox CVE-2012-3965 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55256

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-1970 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55266

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1975 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55318

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3971 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55304

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3959 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55324

Mozilla Firefox/SeaMonkey CVE-2012-3976 Address Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/55313

Mozilla Firefox CVE-2012-3979 '__android_log_print' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55344

Mozilla Firefox/Thunderbird Web Console CVE-2012-3980 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55257

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3966 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55274

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3957 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55341

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3967 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55277

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3978 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55306

Joomla! and Mambo FCKeditor Module 'Connector' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/55563

McAfee Application Control Automatic File Execution Security Bypass Vulnerability
http://www.securityfocus.com/bid/55558

Mcrypt Multiple Format String Vulnerabilities
http://www.securityfocus.com/bid/55557

GNOME Shell Browser Plugin Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/55556

SE46 Application Whitelisting 'PIF' File Automatic File Execution Security Bypass Vulnerability
http://www.securityfocus.com/bid/55554

OpenX 'xajaxargs' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/55553

Vino CVE-2012-4429 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55548

:: IT Security Neophyte Investigator's MEMO ::

2012年9月18日火曜日

18日火曜日、仏滅

0 件のコメント:

コメントを投稿

2012年9月18日火曜日

18日 火曜日、仏滅

0 件のコメント:

コメントを投稿

18日火曜日、仏滅