:: IT Security Neophyte Investigator's MEMO ::: 7日金曜日、先負

2012年9月7日金曜日

7日金曜日、先負

+ CESA-2012:1236 Important CentOS 5 xen Update
http://lwn.net/Alerts/515129/

+ CESA-2012:1235 Important CentOS 5 kvm Update
http://lwn.net/Alerts/515130/

+ CESA-2012:1234 Important CentOS 6 qemu-kvm Update
http://lwn.net/Alerts/515131/

+ Mozilla Firefox 15.0.1 released
http://www.mozilla.org/en-US/firefox/all.html

+ HPSBMU02811 SSRT100937 rev.1 - HP Business Availability Center (BAC) Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Web Session Hijacking
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03475750%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3257

+ Tomcat 7.0.30 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

ウイルスバスターモバイル for Android バージョン 2.6 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1837

Advisory: Apps listed in current ‘Application Control Policy’ list are not available
http://www.sophos.com/en-us/support/knowledgebase/118199.aspx

クラウドやモバイルに注力、専門家を積極採用
トレンドマイクロエバ・チェン社長兼CEO
http://itpro.nikkeibp.co.jp/article/Interview/20120906/421122/?ST=security

[security bulletin] HPSBMU02811 SSRT100937 rev.1 - HP Business Availability Center (BAC) Cross S
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00030.html

Internet Explorer Script Interjection Code Execution (updated)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00029.html

[CVE-2012-3373] Apache Wicket XSS vulnerability via manipulated URL parameter
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00028.html

[SECURITY] [DSA 2539-1] zabbix security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00027.html

Cross-Site Scripting (XSS) in Kayako Fusion
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00021.html

SSL Requests sent to port 80 (request for help/input)
http://isc.sans.edu/diary.html?storyid=14041

VU#788478 Webmin contains input validation vulnerabilities
http://www.kb.cert.org/vuls/id/788478

Debian update for zabbix
http://secunia.com/advisories/50475/

Red Hat update for qemu-kvm
http://secunia.com/advisories/50540/

Tiki Wiki CMS/Groupware swfupload Unspecified Vulnerability
http://secunia.com/advisories/50488/

Red Hat update for JBoss Enterprise Portal Platform
http://secunia.com/advisories/50549/

Qemu Console VT1000 Sequence Handling Privilege Escalation Vulnerability
http://secunia.com/advisories/50461/

SUSE update for opera
http://secunia.com/advisories/50490/

Drupal Exposed Filter Data Module Filter Value Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50550/

PlaySMS SMS Gateway CSV File Handling Security Bypass
http://secunia.com/advisories/50489/

Drupal Heartbeat Module Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/50542/

mcrypt Decryption Header Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/50507/

IBM Maximo Asset Management Products Multiple Vulnerabilities
http://secunia.com/advisories/50551/

Citrix XenServer Denial of Service and Privilege Escalation Vulnerabilities
http://secunia.com/advisories/50530/

Power Sentinel Traffic Handling Denial of Service Vulnerability
http://secunia.com/advisories/50533/

Red Hat update for xen
http://secunia.com/advisories/50528/

OpenVZ update for kernel
http://secunia.com/advisories/50538/

Debian update for moin
http://secunia.com/advisories/50474/

Kayako Fusion URL PHPExcel Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50366/

Apple Mac OS X update for Java
http://secunia.com/advisories/50545/

essentialwebsitedesign Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090060

fourdegreeswest Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090059

firebellydesign Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090058

typomania Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090057

TP-LINK TL-WR340G Wireless Denial of Service
http://cxsecurity.com/issue/WLB-2012090056

mcrypt 2.6.8 Buffer Overflow Proof Of Concept
http://cxsecurity.com/issue/WLB-2012090055

TestLink 1.9.3 Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012090054

Syracuse Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090053

Symbion Productions Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090052

agentimage Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090051

WEBSKINZ Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090050

thoughtmedia Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090049

Drop CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012090048

2xpress CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012090047

HP SiteScope Remote Code Execution
http://cxsecurity.com/issue/WLB-2012090046

Kayako Fusion 4.40.1148 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012090045

Drupal Exposed Filter Data 6.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012090044

Drupal Heartbeat 6.x 7.x Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012090043

Symantec Messaging Gateway 9.5 Default SSH Password
http://cxsecurity.com/issue/WLB-2012090042

Ektron CMS 8.5.0 File Upload and XXE Injection
http://cxsecurity.com/issue/WLB-2012090041

REMOTE: JBoss DeploymentFileRepository WAR Deployment (via JMXInvokerServlet)
http://www.exploit-db.com/exploits/21080

Linux Kernel IPv6 'nf_ct_frag6_reasm()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54367

ISC DHCP Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/54665

Attachmate Reflection DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/50496

Effective File Search (EFS) DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/48608

EC Software Help & Manual 'ijl15.dll' DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/47349

SAP GUI DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/46857

ACDSee Fotoslate DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/48130

ACDSee Photo Editor 2008 DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/48128

ACDSee Picture Frame Manager DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/48127

FreePBX Multiple Cross Site Scripting and Remote Command Execution Vulnerabilities
http://www.securityfocus.com/bid/52630

Joomla Kunena 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52636

Xtreme RAT 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/52542

Oreans Technologies Themida TMD File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52649

Oreans WinLicense Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52650

JBoss Enterprise Application Platform CVE-2011-4605 Security Bypass Vulnerability
http://www.securityfocus.com/bid/54644

Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958

JBoss Enterprise Application Platform Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/54915

JBoss Enterprise BRMS Platform JGroups Diagnostics Service Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54183

JBoss CVE-2012-1167 Security Bypass Vulnerability
http://www.securityfocus.com/bid/54089

Drupal Wishlist Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52660

Foxit Reader 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/55177

CyberLink PowerProducer Multiple DLL Loading Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55380

CyberLink StreamAuthor Insecure Library Loading Multiple Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55378

CyberLink LabelPrint Multiple Insecure Library Loading Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55376

Scientific Toolworks Understand 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/51910

Mindjet MindManager 2012 DLL Loading Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/51767

Xen CVE-2012-3515 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55413

Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952

Oracle Java SE CVE-2012-1719 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53950

Oracle Java SE CVE-2012-1725 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53954

Oracle Java SE CVE-2012-1721 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53959

Oracle Java SE CVE-2012-1722 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53953

Oracle Java SE CVE-2012-1716 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53947

Oracle GlassFish Server Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53136

Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53946

Citrix XenServer CVE-2012-4606 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55432

ownCloud 'Remember Me' Function Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/55221

Linux Kernel Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/46616

Linux Kernel 'i915_gem_execbuffer.c' Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/53971

Xen 'GNTTABOP_swap_grant_ref' CVE-2012-3516 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55411

ZABBIX 'itemid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/54661

Xen 'set_debugreg' CVE-2012-3494 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55400

Xen 'physdev_get_free_pirq' CVE-2012-3495 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55406

Xen HVM Guest User Mode MMIO Emulation Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/54691

Xen CVE-2012-3433 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54942

Xen 'PHYSDEVOP_map_pirq' Index CVE-2012-3498 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55414

Xen 'XENMEM_populate_physmap' CVE-2012-3496 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55412

HP SiteScope UploadFilesHandler Directory Traversal Vulnerability
http://www.securityfocus.com/bid/55273

HP SiteScope Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55269

Symantec Messaging Gateway SSH Default Password Security Bypass Vulnerability
http://www.securityfocus.com/bid/55143

Webmin Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/55446

Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55445

HP Business Availability Center (BAC) Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/55444

ownCloud 'migrate.php' File Upload Vulnerability
http://www.securityfocus.com/bid/55443

Xen CVE-2012-4411 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/55442

ownCloud CMS Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55441

Tiki Wiki CMS Groupware 'SWFUpload' Unspecified Vulnerability
http://www.securityfocus.com/bid/55436

PlaySMS SMS Gateway CSV File Handling Security Bypass Vulnerability
http://www.securityfocus.com/bid/55431

Multiple Sitecom Products Admin Password Change Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/55429

Multiple Conceptronic Products Admin Password Change Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/55428

web@all Local File Include and Multiple Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/55426

Mcrypt Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55425

:: IT Security Neophyte Investigator's MEMO ::

2012年9月7日金曜日

7日金曜日、先負

0 件のコメント:

コメントを投稿

2012年9月7日金曜日

7日 金曜日、先負

0 件のコメント:

コメントを投稿

7日金曜日、先負