:: IT Security Neophyte Investigator's MEMO ::: 6日木曜日、友引

2012年9月6日木曜日

6日木曜日、友引

+ RHSA-2012:1234 Important: qemu-kvm security update
http://rhn.redhat.com/errata/RHSA-2012-1234.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515

+ About the security content of Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10
http://support.apple.com/kb/HT5473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0547

2728973) Unauthorized Digital Certificates Could Allow Spoofing
http://technet.microsoft.com/en-us/security/advisory/2728973

+ Citrix XenServer Multiple Security Updates
http://support.citrix.com/article/CTX134708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4606

+ RHSA-2012:1236 Important: xen security update
http://rhn.redhat.com/errata/RHSA-2012-1236.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515

ウイルス検索エンジン VSAPI 9.700 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1831

Advisory: Apps listed in current ‘Application Control Policy’ list are not available
http://www.sophos.com/en-us/support/knowledgebase/118199.aspx

コンピュータウイルス・不正アクセスの届出状況[8月分]について
http://www.ipa.go.jp/security/txt/2012/09outline.html

=?UTF-8?Q?=D0=A1ross-Site_Request_Forgery_=28CSRF=29_in_TestLink?=
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00022.html

Cross-Site Scripting (XSS) in Kayako Fusion
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00021.html

Cross-Site Scripting (XSS) Vulnerabilities in Flogr
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00020.html

[SECURITY] [DSA 2538-1] moin security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00026.html

[Rooted CON 2013] CFP starts!
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00025.html

APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac OS X 10.6 Upda
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00024.html

[IMF 2013] Call for Papers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00023.html

Ektron CMS - Multiple Vulnerabilities - Security Advisory - SOS-12-009
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00018.html

KIWICON: THE ANNUCIATION
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00019.html

Barracuda Web Filter 910 5.0.015 - Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00017.html

eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00015.html

ES Job Search Engine v3.0 - SQL injection vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00016.html

eFront Educational v3.6.11 - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00014.html

IPv6 implications on IPv4 nets: IPv6 RAs, IPv4, and VPN "evasion"
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00013.html

VMWare Tools susceptible to binary planting by hijack
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00012.html

QNAP Turbo NAS Multiple Path Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00011.html

Group-Office Calendar SQL Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00010.html

Secunia Research: Adobe Photoshop TIFF SGI24LogLum Decompression Buffer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00009.html

Security Advisory AA-004: Directory Traversal Vulnerability in Sitecom Home Storage Center
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00008.html

Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic GrabnGo Network Stor
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00007.html

[ MDVSA-2012:149 ] fetchmail
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00003.html

Admidio 2.3.5 Multiple security vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00004.html

[slackware-security] slocate (SSA:2012-244-05)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00006.html

[slackware-security] seamonkey (SSA:2012-244-04)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00005.html

[slackware-security] mozilla-thunderbird (SSA:2012-244-03)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00001.html

[slackware-security] mozilla-firefox (SSA:2012-244-02)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00000.html

[slackware-security] glibc (SSA:2012-244-01)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00002.html

世界のセキュリティ・ラボから
仮想マシンをマウントする「Crisis/MORCUT」の亜種
http://itpro.nikkeibp.co.jp/article/COLUMN/20120903/419803/?ST=security

1200万件以上のiOSデバイス情報が流出、ハッカー集団が犯行声明
http://itpro.nikkeibp.co.jp/article/NEWS/20120905/420501/?ST=security

JVNVU#777007 WhatsUp Gold に脆弱性
http://jvn.jp/cert/JVNVU777007/

Ektron CMS XXE Injection and Unauthenticated File Upload Vulnerabilities
http://www.securiteam.com/securitynews/5PP2V1F8AA.html

Xen GNTTABOP_swap_grant_ref() Validation Flaw Lets Local Guest Operating Systems Cause Denial of Service Conditions on the Host Operating System
http://www.securitytracker.com/id/1027485

Xen Qemu VT100 Emulation Flaw Lets Local Users Gain Elevated Privileges of the Target Device Model Process
http://www.securitytracker.com/id/1027484

Xen PHYSDEVOP_map_pirq() Index Validation Flaw Lets Local Guest Operating Systems Cause Denial of Service Conditions on the Host Operating System
http://www.securitytracker.com/id/1027483

Xen Transcendent Memory (TMEM) Multiple Flaws Lets Local Users on the Guest Operating System Gain Elevated Privileges on the Host
http://www.securitytracker.com/id/1027482

Xen XENMEM_populate_physmap() Input Validation Flaw Lets Local Users on the Guest Operating System Deny Service on the Host
http://www.securitytracker.com/id/1027481

Xen physdev_get_free_pirq() Error Checking Bug Lets Local Guest Users Deny Service on the Host
http://www.securitytracker.com/id/1027480

Xen set_debugreg() Hypercall Lets Local Guest Operating Systems Cause Denial of Service Conditions on the Host Operating System
http://www.securitytracker.com/id/1027479

VU#777007 Ipswitch WhatsUp Gold 15.02 contains SQL injection and XSS vulnerabilities
http://www.kb.cert.org/vuls/id/777007

Ubuntu update for kernel
http://secunia.com/advisories/49920/

Xen Multiple Denial of Service and Privilege Escalation Vulnerabilities
http://secunia.com/advisories/50472/

concrete5 Multiple Vulnerabilities
http://secunia.com/advisories/50001/

phpFox "message" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50504/

Seo Panel Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/46805/

IBM Tivoli Federated Identity Manager Two Vulnerabilities
http://secunia.com/advisories/50416/

SUSE update for otrs
http://secunia.com/advisories/50513/

Gentoo update for adobe-flash
http://secunia.com/advisories/50391/

REMOTE: JBoss DeploymentFileRepository WAR Deployment (via JMXInvokerServlet)
http://www.exploit-db.com/exploits/21080/

JIRA 4.4.3, GreenHopper < 5.9.8 Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012090040

JBoss DeploymentFileRepository WAR Deployment
http://cxsecurity.com/issue/WLB-2012090039

Wordocs Israel FCKeditor Shell Upload
http://cxsecurity.com/issue/WLB-2012090038

WordPress TDO Mini Forms Arbitrary File Upload
http://cxsecurity.com/issue/WLB-2012090037

Kingcow CMS Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012090036

PhpFox 3.0.1 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012090035

Cm3 CMS Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012090034

Cutenews 1.5 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012090033

WebActive CMS Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012090032

ES Job Search Engine 3.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012090031

eFront Educational 3.6.11 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012090030

Website Created By Triad SQL Injection
http://cxsecurity.com/issue/WLB-2012090029

Barracuda Web Filter 910 5.0.015 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012090028

CoDeSys Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/52942

WAGO IPC 758-870 Hardcoded Password Security Bypass Vulnerability
http://www.securityfocus.com/bid/52940

Advantech Studio ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/47596

musl libc Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53144

MoinMoin Virtual Group ACL Evaluation Security Bypass Vulnerability
http://www.securityfocus.com/bid/55391

Xen CVE-2012-3515 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55413

Oracle Java SE CVE-2012-0547 Remote Java Runtime Environment Weakness
http://www.securityfocus.com/bid/55339

Flogr 'index.php' CVE-2012-4336 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55418

MobileCartly 'savepage.php' Arbitrary File Write Vulnerability
http://www.securityfocus.com/bid/54970

Linux Kernel DRM 'drivers/gpu/drm/crm_crtc.c' IOCTL Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51371

Linux Kernel Reliable Datagram Sockets (RDS) CVE-2012-2372 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/54062

Oracle Java Floating-Point Value Denial of Service Vulnerability
http://www.securityfocus.com/bid/46091

IBM WebSphere Application Server JAX-WS Unspecified Vulnerability
http://www.securityfocus.com/bid/50310

keepalived Insecure PID Files Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/47859

GNOME Gnome-keyring 'GPG' Password Security Bypass Vulnerability
http://www.securityfocus.com/bid/54920

libvirt Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/54748

Adobe Flash Player CVE-2012-1535 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55009

Adobe Flash Player and AIR APSB12-19 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/55136

Drupal Exposed Filter Data Module Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55423

Drupal Heartbeat Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/55422

Kayako Fusion 'download.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55417

Arbiter Systems Power Sentinel CVE-2012-3012 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55416

concrete5 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55415

Xen 'PHYSDEVOP_map_pirq' Index CVE-2012-3498 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55414

Xen 'XENMEM_populate_physmap' CVE-2012-3496 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55412

Xen 'GNTTABOP_swap_grant_ref' CVE-2012-3516 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55411

Xen 'TMEM hypercall' CVE-2012-3497 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55410

eFront Enterprise Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55407

Xen 'physdev_get_free_pirq' CVE-2012-3495 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55406

Ektron CMS 'xmlrpc.aspx' XML Injection Vulnerability
http://www.securityfocus.com/bid/55404

CuteNews Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55403

Ektron CMS 'Upload.aspx' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/55402

Xen 'set_debugreg' CVE-2012-3494 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55400

MobileCartly 'savepage.php' Arbitrary File Create Vulnerability
http://www.securityfocus.com/bid/55399

eFront Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55398

ES Job Search Engine Script 'category' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/55397

Seo Panel Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55396

Cm3 CMS 'search.asp' Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55395

Barracuda Web Filter Authentification Module Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55394

:: IT Security Neophyte Investigator's MEMO ::

2012年9月6日木曜日

6日木曜日、友引

0 件のコメント:

コメントを投稿

2012年9月6日木曜日

6日 木曜日、友引

0 件のコメント:

コメントを投稿

6日木曜日、友引