2012年10月31日水曜日
31日 水曜日、先勝
+ RHSA-2012:1416 Critical: kdelibs security update
http://rhn.redhat.com/errata/RHSA-2012-1416.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4513
+ CESA-2012:1413 Important CentOS 6 thunderbird Update
http://lwn.net/Alerts/522061/
+ CESA-2012:1413 Important CentOS 5 thunderbird Update
http://lwn.net/Alerts/522062/
+ UPDATE: HPSBUX02824 SSRT100970 rev.2 - HP-UX Running Java, Remote Execution of Arbitrary Code, and Other Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03533078-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ Multiple vulnerabilities in Adobe Flashplayer
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0773
nginx-1.3.8 development version released
http://nginx.org/en/download.html
Check Point response to PASTEBIN claim that Check Point Firewalls are vulnerable to simple SYN flooding
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk86721&src=securityAlerts
InterScan Messaging Security製品用クロスサイトリクエストフォージェリ(CSRF)の脆弱性対応Critical Patchリリースのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1849
ウイルスバスター2012 クラウド プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1846
Samba 4.0.0rc4 Available for Download
https://download.samba.org/pub/samba/rc/WHATSNEW-4-0-0rc4.txt
IPA テクニカルウォッチ
フリーメールからの送信が増加傾向に:最近の標的型攻撃メールの傾向と事例分析
~添付ファイルの詐称には手間をかけず、あえてexeファイルのままの例も~
http://www.ipa.go.jp/about/technicalwatch/20121030.html
世界のセキュリティ・ラボから
脆弱なパスワードにつけ込む「PE_MUSTAN.A」マルウエア
http://itpro.nikkeibp.co.jp/article/COLUMN/20121029/433143/?ST=security
チェックしておきたい脆弱性情報<2012.10.30>
http://itpro.nikkeibp.co.jp/article/COLUMN/20121029/433141/?ST=security
大手3銀行のネットバンクで偽の情報入力画面、原因はウイルス
正規サイトへのログイン後に表示、暗証番号などを盗むことが目的
http://itpro.nikkeibp.co.jp/article/NEWS/20121030/433523/?ST=security
[security bulletin] HPSBUX02825 SSRT100974 rev.1 - HP-UX Running Java, Remote Indirect Vulne
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00142.html
[SECURITY] [DSA 2569-1] icedove security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00141.html
Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
http://isc.sans.edu/diary.html?storyid=14419
Hurricane Sandy Update
http://isc.sans.edu/diary.html?storyid=14410
VU#408099 CA ARCserve Backup authentication service denial-of-service vulnerability
http://www.kb.cert.org/vuls/id/408099
VU#936363 CA ARCserve Backup opcode 0x7a RWSList remote code execution vulnerability
http://www.kb.cert.org/vuls/id/936363
VU#207540 TomatoCart with PayPal Express Checkout design flaw vulnerability
http://www.kb.cert.org/vuls/id/207540
WordPress Slideshow Plugin Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/51135/
CorePlayer "callback" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51108/
D-Link Wireless N300 Cloud Router CAPTCHA Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/51075/
Debian update for icedove
http://secunia.com/advisories/51105/
Ubuntu update for thunderbird
http://secunia.com/advisories/51121/
Red Hat update for thunderbird
http://secunia.com/advisories/51123/
TYPO3 Formhandler Extension Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/51116/
EMC Avamar Client for VMware "root" Password Disclosure Security Issue
http://secunia.com/advisories/51130/
SUSE update for MozillaFirefox, MozillaThunderbird, xulrunner, and seamonkey
http://secunia.com/advisories/51127/
Wordpress FoxyPress Plugin Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012100257
appRain CMF 0.1.5 Cross Site Scripting / SQL Injection
http://cxsecurity.com/issue/WLB-2011120002
mPDF 5.3 File Disclosure
http://cxsecurity.com/issue/WLB-2011120011
DotA OpenStats 1.3.9 SQL Injection
http://cxsecurity.com/issue/WLB-2011120001
DATA Estudio SQL Injection & Cross-Site Scripting Vulnerabilities
http://cxsecurity.com/issue/WLB-2012100256
Art Creative CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012100255
TP-LINK TL-WR841N Local File Inclusion
http://cxsecurity.com/issue/WLB-2012100254
REMOTE: HP Operations Agent Opcode coda.exe 0x8c Buffer Overflow
http://www.exploit-db.com/exploits/22305
REMOTE: HP Operations Agent Opcode coda.exe 0x34 Buffer Overflow
http://www.exploit-db.com/exploits/22306
REMOTE: Aladdin Knowledge System Ltd - PrivAgent.ocx ChooseFilePath BOF
http://www.exploit-db.com/exploits/22301
DoS/PoC: hMailServer 5.3.3 IMAP Remote Crash PoC
http://www.exploit-db.com/exploits/22302
DoS/PoC: Microsoft Windows Help program (WinHlp32.exe) Crash PoC
http://www.exploit-db.com/exploits/22303
DoS/PoC: Microsoft Office Publisher 2010 Crash PoC
http://www.exploit-db.com/exploits/22310
Oracle Java SE CVE-2012-5089 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56059
Mozilla Firefox/Thunderbird/SeaMonkey 'defaultValue()' Security Bypass Vulnerability
http://www.securityfocus.com/bid/56155
KDE Konqueror Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55879
Computer Associates ARCserve Backup Remote Code Execution and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56116
Drupal Core Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56103
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4194 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56301
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4196 Cross-Origin Security Bypass Vulnerability
http://www.securityfocus.com/bid/56306
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4195 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56302
RETIRED: Microsoft Windows Help Viewer Memory Corruption Denial of Service Vulnerability
http://www.securityfocus.com/bid/56303
Invision Power Board 'core.php' Unspecified Security Vulnerability
http://www.securityfocus.com/bid/56288
Dokuwiki 'index.php' Path Disclosure Vulnerability
http://www.securityfocus.com/bid/56328
Citrix XenServer CVE-2012-4606 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55432
DokuWiki 'ns' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54439
Django 'HttpRequest.get_host()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56146
Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56285
MapServer Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/48720
MapServer Map File Double Free Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/49374
Oracle Java SE CVE-2012-5074 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56056
Oracle Java SE CVE-2012-3143 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56055
Wordpress Slideshow Plugin Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56335
TomatoCart PayPal Express Checkout Module Security Bypass Vulnerability
http://www.securityfocus.com/bid/56333
WordPress Foxypress Plugin Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56332
Real Networks RealPlayer '.3g2' File Write Access Violation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56329
2012年10月30日火曜日
30日 火曜日、赤口
+ RHSA-2012:1413 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2012-1413.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196
+ CESA-2012:1407 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/521899/
+ CESA-2012:1407 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/521902/
+ Thunderbird 16.0.2 released
http://www.mozilla.org/en-US/thunderbird/16.0.2/releasenotes/
+ Samba 3.6.9 Available for Download
http://www.samba.org/samba/history/samba-3.6.9.html
+ Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
http://www.securityfocus.com/bid/56304
Check Point response to 'Check Point Firewalls vulnerable to simple SYN flooding'
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk86721&src=securityAlerts
Advisory: SafeGuard Configuration Protection - a tool to avoid potential issues after upgrading clients running Sophos Anti-Virus has now been released
http://www.sophos.com/en-us/support/knowledgebase/118461.aspx
米ヤフー、IE10の「Do Not Track」初期設定を無視する方針を表明
http://itpro.nikkeibp.co.jp/article/NEWS/20121029/433292/?ST=security
米サウスカロライナ州、数百万人分の個人情報が流出
http://itpro.nikkeibp.co.jp/article/NEWS/20121029/433289/?ST=security
JVNDB-2012-005156 VideoLAN VLC media player の libpng_plugin におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005156.html
JVNDB-2012-005155 Wing FTP Server におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005155.html
JVNDB-2012-005154 Citrix Cloud.com CloudStack および Apache CloudStack pre-release における任意の API を呼び出される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005154.html
JVNDB-2012-005153 mnoGoSearch における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005153.html
JVNDB-2012-005152 Social Network Community の user.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005152.html
JVNDB-2012-005151 IrfanView 用 FlashPix PlugIn におけるメモリ二重解放の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005151.html
JVNDB-2012-005150 Seotoaster における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005150.html
JVNDB-2012-005149 appRain CMF の Forum モジュールにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005149.html
JVNDB-2012-005148 appRain CMF の Search モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005148.html
JVNDB-2012-005147 WordPress 用 Sentinel プラグインにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005147.html
JVNDB-2012-005146 WordPress 用 Sentinel プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005146.html
JVNDB-2012-005145 WordPress 用 Sentinel プラグインにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005145.html
JVNDB-2012-005144 PHP Flirt-Projekt の rub2_w.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005144.html
JVNDB-2012-005143 PHP-SCMS の templates/default/Admin/Login.html におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005143.html
JVNDB-2012-005142 mPDF の examples/show_code.php におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005142.html
JVNDB-2012-005141 DotA OpenStats における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005141.html
JVNDB-2012-005140 WordPress 用 SCORM Cloud For WordPress プラグインにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005140.html
JVNDB-2012-005139 Video Community Portal の index.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005139.html
JVNDB-2012-005138 BrowserCRM におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005138.html
JVNDB-2012-005137 BrowserCRM における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005137.html
JVNDB-2012-005136 Cisco WebEx Recording Format Player におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005136.html
JVNDB-2012-005135 Cisco WebEx Recording Format Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005135.html
JVNDB-2012-005134 Cisco WebEx Recording Format Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005134.html
JVNDB-2012-005133 Cisco WebEx Recording Format Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005133.html
JVNDB-2012-005132 Cisco WebEx Recording Format Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005132.html
JVNDB-2012-005131 Cisco WebEx Recording Format Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005131.html
Call for Papers: DIMVA 2013
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00140.html
PIAF H.M.S - SQL Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00139.html
[slackware-security] mozilla-firefox (SSA:2012-300-01)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00135.html
KmPlayer v3.0.0.1440 Local Crash PoC
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00138.html
[SECURITY] [DSA 2568-1] rtfm security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00134.html
[SECURITY] [DSA 2567-1] request-tracker3.8 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00133.html
Exploit - EasyITSP by Lemens Telephone Systems 2.0.2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00137.html
EMC Avamar Client for VMware Sensitive Information Disclosure Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00136.html
Cyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard
http://isc.sans.edu/diary.html?storyid=14404
EMC Avamar Client for VMware Discloses Server Password to Local Users
http://www.securitytracker.com/id/1027705
Internet Explorer 8 XSS filter bypass
http://cxsecurity.com/issue/WLB-2012100253
Multiple Browsers Cross-Site Scripting via redirectors 301 and 303
http://cxsecurity.com/issue/WLB-2012100010
Opera 12.02 Local files disclosure (0day)
http://cxsecurity.com/issue/WLB-2012100252
Opera 12.02 (UXSS) Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100086
Opera 12.10b Cross Site Scripting 0day PoC (CSRF) *youtube
http://cxsecurity.com/issue/WLB-2012100119
SilverStripe CMS 2.4.7 <= Persistent Cross Site Scripting Vulnerability
http://cxsecurity.com/issue/WLB-2012100251
SilverStripe CMS 2.4.7 <= Arbitrary URL Redirection
http://cxsecurity.com/issue/WLB-2012100250
Microsoft Paint 5.1 Memory Corruption
http://cxsecurity.com/issue/WLB-2012100249
Microsoft Windows Help Program Memory Corruption
http://cxsecurity.com/issue/WLB-2012100248
hMailServer 5.3.3 Remote Denial Of Service
http://cxsecurity.com/issue/WLB-2012100247
Arora 0.10.0 Windows Qt 4.5.3 DLL Hijack
http://cxsecurity.com/issue/WLB-2012100246
Aladdin Knowledge System Ltd. Active-X Buffer Overflow
http://cxsecurity.com/issue/WLB-2012100234
Aladdin Knowledge System Ltd Buffer Overflow
http://cxsecurity.com/issue/WLB-2012100245
ManageEngine Security Manager Plus 5.5 build 5505 SQL Injection
http://cxsecurity.com/issue/WLB-2012100244
HP Operations Agent Opcode coda.exe 0x8c Buffer Overflow
http://cxsecurity.com/issue/WLB-2012100243
HP Operations Agent Opcode coda.exe 0x34 Buffer Overflow
http://cxsecurity.com/issue/WLB-2012100242
Debian update for request-tracker3.8
http://secunia.com/advisories/51112/
Ubuntu update for exim4
http://secunia.com/advisories/51153/
Debian update for rtfm
http://secunia.com/advisories/51111/
Debian update for exim4
http://secunia.com/advisories/51115/
SUSE update for exim
http://secunia.com/advisories/51155/
Oracle Business Intelligence Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51151/
Ubuntu update for openjdk-6
http://secunia.com/advisories/51154/
Ubuntu update for firefox
http://secunia.com/advisories/51147/
Red Hat update for firefox
http://secunia.com/advisories/51146/
SAP NetWeaver Process Integration XML External Entity Vulnerability
http://secunia.com/advisories/51152/
Mozilla Firefox / Thunderbird / SeaMonkey "Location" Object Multiple Vulnerabilities
http://secunia.com/advisories/51144/
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3986 Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55922
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3990 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56131
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4186 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56135
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4179 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56129
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-4188 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56123
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-3982 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55924
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-4180 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56126
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4182 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56121
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3991 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55930
PLIB 'ssgParser.cxx' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55839
SafeNet Privilege 'PrivAgent.ocx' ActiveX Controls Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/56297
Linux Kernel Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/46616
Linux Kernel 'i915_gem_execbuffer.c' Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/53971
PostgreSQL 'xml_parse()' Function Arbitrary File Access Vulnerability
http://www.securityfocus.com/bid/55074
PostgreSQL 'xslt_process()' Function Arbitrary File Creation or Overwrite Vulnerability
http://www.securityfocus.com/bid/55072
Browser CRM Multiple SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/51060
Oracle Business Intelligence Enterprise Edition CVE-2012-1686 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56026
ICCLIB CVE-2012-4405 Out-of-Bounds Memory Write Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55494
VLC Media Player 'get_chunk_header()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51147
libfpx 'Free_All_Memory()' Function Double Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51131
IrfanView TIFF Image File Remote Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51132
ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55522
Linux Kernel SFC Driver CVE-2012-3412 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54763
GNU glibc Multiple Local Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54982
ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54658
libexif Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/54437
Todd Miller Sudo Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/54868
Video Community Portal 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/51108
Social Network Community 'userID' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/51107
PHP-SCMS 'lang' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51062
Enterasys Network Management Suite 'nssyslogd.exe' Component Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51124
Seotoaster Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/51077
mnoGoSearch Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/51113
WebSVN 'path' Parameter Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/51109
WordPress SCORM Cloud Plugin 'ajax.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/49484
DotA OpenStats 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/51110
Cacti Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/51048
Hitachi JP1/ServerConductor/DeploymentManager Directory Traversal Vulnerability
http://www.securityfocus.com/bid/51079
Sentinel Plugin for WordPress Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/51089
Flirt-Projekt 'rub' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/51106
appRain CMF Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/51105
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4194 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56301
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4195 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56302
HP Operations Agent Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54362
ManageEngine Security Manager Plus Advanced Search SQL Injection Vulnerability
http://www.securityfocus.com/bid/56138
Bcfg2 'Trigger' Plugin Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/54217
Drupal Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56103
Linux Kernel 'uname()' System Call Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55855
phpMyAdmin CVE-2012-5339 Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55925
phpMyAdmin CVE-2012-5368 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55939
Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
http://www.securityfocus.com/bid/47736
Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56285
Endpoint Protector Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56323
TP-LINK TL-WR841N Router Local File Include Vulnerability
http://www.securityfocus.com/bid/56320
EMC Avamar Client for VMware Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56317
cgit 'syntax-highlighting.sh' Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/56315
libunity-webapps Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56314
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4196 Cross-Origin Security Bypass Vulnerability
http://www.securityfocus.com/bid/56306
Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
http://www.securityfocus.com/bid/56304
2012年10月29日月曜日
29日 月曜日、大安
+ Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2012-1407.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196
+ MFSA 2012-90 Fixes for Location object issues
http://www.mozilla.org/security/announce/2012/mfsa2012-90.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196
+ Firefox 16.0.2 released
http://www.mozilla.org/en-US/firefox/16.0.2/releasenotes/
+ Linux kernel 3.6.4, 3.4.16, 3.0.49 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.4
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.16
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.49
世界各地で連続被害、クレジットカードPOS端末 (WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20121029/433183/?ST=security
トレンドマイクロ、Windows 8向けに端末紛失対策など3種類の無償アプリを公開
http://itpro.nikkeibp.co.jp/article/NEWS/20121029/433145/?ST=security
三菱東京UFJ銀、ネットバンキングログイン時に情報を盗み出す新種ウイルスを警告
http://itpro.nikkeibp.co.jp/article/NEWS/20121027/433081/?ST=security
JVN#00322303 東京BBS におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN00322303/index.html
JVNDB-2011-002305 SSL と TLS の CBC モードに選択平文攻撃の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002305.html
JVNDB-2012-003222 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003222.html
JVNDB-2012-003221 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003221.html
JVNDB-2012-003220 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003220.html
JVNDB-2012-003219 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003219.html
JVNDB-2012-003218 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003218.html
JVNDB-2012-003217 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003217.html
JVNDB-2012-003216 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003216.html
JVNDB-2012-003215 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003215.html
JVNDB-2012-003214 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003214.html
JVNDB-2012-003213 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003213.html
JVNDB-2012-003212 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003212.html
JVNDB-2012-003223 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003223.html
JVNDB-2012-003224 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003224.html
JVNDB-2012-004886 Java 用 Eduserv OpenAthens におけるメッセージを偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004886.html
JVNDB-2012-004866 ISC BIND におけるサービス運用妨害 (named デーモンハング) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004866.html
JVNDB-2012-005130 (JVNVU#268267) 複数の DomainKeys Identified Mail (DKIM) 実装に問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005130.html
JVNDB-2012-000093 (JVN#00322303) 東京BBS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000093.html
JVNDB-2012-005129 Microsoft Office 2007 の Excel 2007 および Microsoft Excel Viewer におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005129.html
JVNDB-2012-005128 phpMyAdmin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005128.html
JVNDB-2012-005127 phpMyAdmin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005127.html
JVNDB-2012-005126 Apache Open For Business Project における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005126.html
JVNDB-2012-005125 (JVNVU#225404) HP/H3C 製および Huawei 製ネットワーク機器にアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005125.html
Inventory 1.0 Multiple XSS Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00132.html
Inventory 1.0 Multiple SQL Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00131.html
[SECURITY] [DSA 2566-1] exim4 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00130.html
[security bulletin] HPSBHF02819 SSRT100920 rev.2 - HP, 3COM, and H3C Routers & Switches, Rem
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00129.html
Firefox 16.02 Released
http://isc.sans.edu/diary.html?storyid=14398
Securing the Human Special Webcast - October 30, 2012
http://isc.sans.edu/diary.html?storyid=14392
Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant
http://isc.sans.edu/diary.html?storyid=14395
Mozilla Thunderbird 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027704
Mozilla Seamonkey 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027703
Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027701
SAP NetWeaver XML External Entity Flaw Lets Remote Users Obtain Files
http://www.securitytracker.com/id/1027700
Xen Doman Builder Size Validation Bug Lets Local Guest Administrators Denial of Service
http://www.securitytracker.com/id/1027699
Wordpress GRAND FlAGallery Plugin Multipe Vulnerabilities
http://secunia.com/advisories/51100/
Xen PV Domain Builder Kernel Decompression Denial of Service Vulnerability
http://secunia.com/advisories/51071/
IP.Board Unspecified Vulnerability
http://secunia.com/advisories/51104/
Drupal MailChimp Module Script Insertion Vulnerability
http://secunia.com/advisories/51061/
Exim DKIM DNS Decoding Buffer Overflow Vulnerability
http://secunia.com/advisories/51098/
Joomla! Freestyle Testimonials Component SQL Injection Vulnerability
http://secunia.com/advisories/51101/
Tiki Wiki CMS/Groupware "unserialize()" PHP Code Execution Vulnerability
http://secunia.com/advisories/51067/
RT RTFM Extension Article Creation Security Bypass Vulnerability
http://secunia.com/advisories/51062/
RT Multiple Vulnerabilities
http://secunia.com/advisories/51065/
IBM WebSphere MQ Multiple Java Vulnerabilities
http://secunia.com/advisories/51080/
IBM InfoSphere Streams Eclipse Help System Vulnerabilities
http://secunia.com/advisories/51073/
SAP NetWeaver XML External Entity Vulnerability
http://secunia.com/advisories/51063/
Ubuntu update for webkit
http://secunia.com/advisories/51070/
WordPress FireStorm Professional Real Estate Plugin "id" SQL Injection Vulnerability
http://secunia.com/advisories/51107/
Seotoaster 1.9 SQL Injection
http://cxsecurity.com/issue/WLB-2011120013
IrfanView TIFF Image Processing Buffer Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2012100241
IrfanView FlashPix PlugIn Double-Free Vulnerability
http://cxsecurity.com/issue/WLB-2012100240
VLC Player 2.0.3 ReadAV Arbitrary Code Execution
http://cxsecurity.com/issue/WLB-2012100083
Google SketchUp 8 Stack Based Buffer Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2012100239
Realplayer Watchfolders long Filepath Overflow
http://cxsecurity.com/issue/WLB-2012100238
NASA Tri-Agency Climate Education (TrACE) 1.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012100237
NASA Tri-Agency Climate Education (TrACE) 1.0 XSS
http://cxsecurity.com/issue/WLB-2012100236
WordPress Easy Webinar Blind SQL Injection
http://cxsecurity.com/issue/WLB-2012100235
Aladdin Knowledge System Ltd. Active-X Buffer Overflow
http://cxsecurity.com/issue/WLB-2012100234
Inventory 1.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012100233
Inventory 1.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100232
Layton Helpbox 4.4.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012100231
Layton Helpbox 4.4.0 Authorization Bypass
http://cxsecurity.com/issue/WLB-2012100230
Layton Helpbox 4.4.0 Password Disclosure
http://cxsecurity.com/issue/WLB-2012100229
Layton Helpbox 4.4.0 Stored Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100228
Layton Helpbox 4.4.0 login Bypass
http://cxsecurity.com/issue/WLB-2012100227
Layton Helpbox 4.4.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100226
Layton Helpbox 4.4.0 Unencrypted Login
http://cxsecurity.com/issue/WLB-2012100225
Gramophone 0.01b1 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100224
VideoPortalNeu SQL Injection
http://cxsecurity.com/issue/WLB-2011120016
FlirtPortal SQL Injection
http://cxsecurity.com/issue/WLB-2011120008
Social2 SQL Injection
http://cxsecurity.com/issue/WLB-2011120017
Microsoft Office Picture Manager 2010 memory corruption
http://cxsecurity.com/issue/WLB-2012100223
Microsoft Internet Explorer scrollIntoView Use-After-Free
http://cxsecurity.com/issue/WLB-2012100222
Oracle Java Font Processing maxPointCount Heap Overflow
http://cxsecurity.com/issue/WLB-2012100221
Contao 2.11.6 Path Disclosure
http://cxsecurity.com/issue/WLB-2012100220
Oracle Java Font Processing Glyph Element Memory Corruption
http://cxsecurity.com/issue/WLB-2012100219
Bitweaver 2.8.1 Cross Site Scripting & Local File Inclusion
http://cxsecurity.com/issue/WLB-2012100218
Apple QuickTime Player 7.7.2 Crash
http://cxsecurity.com/issue/WLB-2012100217
TIBCO Formvine vulnerability
http://cxsecurity.com/issue/WLB-2012100216
VaM Shop 1.69 Cross Site Scripting & SQL Injection
http://cxsecurity.com/issue/WLB-2012100215
ClanSphere 2011.3 Local File Inclusion & Remote Code Execution
http://cxsecurity.com/issue/WLB-2012100214
WordPress GRAND Flash Album Gallery SQL Injection & Disclosure & File Overwrite
http://cxsecurity.com/issue/WLB-2012100213
Drupal MailChimp 7.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100212
Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061
RT and RT RTFM Extension Security Bypass Vulnerability
http://www.securityfocus.com/bid/56291
Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075
Oracle Java SE CVE-2012-5083 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56025
Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080
Oracle Java SE CVE-2012-1532 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56051
Oracle Java SE CVE-2012-5069 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56065
Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56076
Oracle Java SE CVE-2012-5070 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56079
Request Tracker (RT) Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56290
Oracle Java SE CVE-2012-5085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56067
Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082
Oracle Java SE CVE-2012-5086 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56039
Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081
Oracle Java SE CVE-2012-5077 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56058
Oracle Java SE CVE-2012-1533 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56046
Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083
Oracle Java Virtual Machine (JVM) CVE-2012-4416 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55501
Oracle Java SE CVE-2012-5067 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56070
Oracle Java SE CVE-2012-1531 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56033
Oracle Java SE CVE-2012-3159 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56072
RETIRED: Apple iPhone/iPad/iPod touch Prior to iOS 6 Multiple Vulnerabilities
http://www.securityfocus.com/bid/55612
Oracle Java SE CVE-2012-1719 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53950
Oracle Java SE CVE-2012-1716 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53947
Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951
Oracle Java SE CVE-2012-1723 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53960
Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53946
Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952
Oracle Java SE CVE-2012-1725 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53954
Oracle Java SE CVE-2012-1720 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53956
IBM Eclipse Help System Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53884
CoDeSys Unspecified Directory Traversal Vulnerability
http://www.securityfocus.com/bid/56300
HelpBox Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56298
SafeNet Privilege 'PrivAgent.ocx' ActiveX Controls Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/56297
Inventory Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/56293
Xen PV Domain Builder Kernel Decompression Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/56289
Perl CVE-2012-5195 Heap-Based Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56287
Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56285
Joomla! Freestyle Testimonials Component Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/56284
Tiki Wiki CMS Groupware 'unserialize()' PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/56282
Inout Article Base 'ViewController.class.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/56266
2012年10月26日金曜日
26日 金曜日、友引
+ UPDATE: HPSBHF02819 SSRT100920 rev.2 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03515685%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 10 上の Adobe Flash Player の脆弱性用の更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801
+ Linux Kernel 'ext4_convert_unwritten_exten()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4508
国内企業・組織の1割で通信隠蔽ソフト「Tor」を確認、パロアルトネットワークス調べ
http://itpro.nikkeibp.co.jp/article/NEWS/20121025/432643/?ST=security
JVNVU#225404 HP/H3C 製および Huawei 製ネットワーク機器にアクセス制限不備の脆弱性
http://jvn.jp/cert/JVNVU225404/
JVNVU#268267 複数の DomainKeys Identified Mail (DKIM) 実装に問題
http://jvn.jp/cert/JVNVU268267/
Wordpress 3.4 Cross-Site Scripting Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00128.html
JVNDB-2012-005124 Zoner AntiVirus Free application for Android における SSL サーバを偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005124.html
JVNDB-2012-005123 WordPress 用 White Label CMS プラグインの wlcms-plugin.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005123.html
JVNDB-2012-005122 WordPress 用 White Label CMS プラグインの wlcms-plugin.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005122.html
JVNDB-2012-005121 TIBCO Formvine における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005121.html
JVNDB-2012-005120 (JVNVU#160027) 複数の Broadcom 製無線チップセットにサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005120.html
JVNDB-2012-005119 (JVNVU#872545) Adobe Shockwave Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005119.html
JVNDB-2012-005118 (JVNVU#872545) Adobe Shockwave Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005118.html
JVNDB-2012-005117 (JVNVU#872545) Adobe Shockwave Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005117.html
JVNDB-2012-005116 (JVNVU#872545) Adobe Shockwave Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005116.html
JVNDB-2012-005115 (JVNVU#872545) Adobe Shockwave Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005115.html
JVNDB-2012-005114 (JVNVU#872545) Adobe Shockwave Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005114.html
JVNDB-2012-005113 GNOME gnome-keyring における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005113.html
JVNDB-2012-005112 rhncfg の Red Hat Network Configuration Client における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005112.html
JVNDB-2012-005111 RazorCMS の admin/index.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005111.html
JVNDB-2012-005109 Joomla! の language search コンポーネントにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005109.html
JVNDB-2012-005108 ATutor AContent の user/index_inline_editor_submit.php における任意のユーザパスワードを変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005108.html
JVNDB-2012-005107 ATutor AContent の user/index_inline_editor_submit.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005107.html
JVNDB-2012-005106 Subrion CMS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005106.html
JVNDB-2012-005105 ATutor AContent の file_manager/preview_top.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005105.html
JVNDB-2012-005104 ATutor AContent における任意のユーザのパスワードまたはカテゴリ名を変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005104.html
JVNDB-2012-005103 ATutor AContent における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005103.html
JVNDB-2012-005102 OpenX の admin/campaign-zone-link.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005102.html
JVNDB-2012-005101 OpenX の admin/plugin-index.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005101.html
JVNDB-2012-005100 Subrion CMS におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005100.html
JVNDB-2012-005099 Subrion CMS の register/ における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005099.html
JVNDB-2012-005098 Subrion CMS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005098.html
JVNDB-2012-005097 ibacm における ib_acm デーモンログまたは ibacm.port ファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005097.html
JVNDB-2012-005096 ibacm におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005096.html
JVNDB-2012-005095 librdmacm におけるアプリケーションのアドレス解決情報を設定される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005095.html
JVNDB-2012-005094 libsocialweb における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005094.html
JVNDB-2012-005093 Subrion CMS の admin/index.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005093.html
JVNDB-2012-005092 Subrion CMS の poll モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005092.html
JVNDB-2012-005091 libsocialweb における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005091.html
JVNDB-2012-005090 Claws Mail の procmime.c の strchr 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005090.html
JVNDB-2012-005089 gitolite におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005089.html
JVNDB-2012-005088 fwknop の client/fwknop.c におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005088.html
JVNDB-2012-005087 fwknop におけるサービス運用妨害 (サーバクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005087.html
JVNDB-2012-005086 OpenStack Object Storage (swift) における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005086.html
Cyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire
http://isc.sans.edu/diary.html?storyid=14380
Bitweaver Input Validation Flaws Permit Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027698
WordPress Poll Plugin Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/50910/
bitweaver Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51091/
ManageEngine SupportCenter Plus "fromCustomer" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50928/
WordPress FireStorm Professional Real Estate Plugin SQL Injection Vulnerabilities
http://secunia.com/advisories/50873/
phpMyBitTorrent Multiple Vulnerabilities
http://secunia.com/advisories/50829/
Ubuntu update for python3.1
http://secunia.com/advisories/51087/
RETIRED: Apple Mac OS X Security Update 2012-004 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55623
Apple iOS SMS Spoofing Vulnerability
http://www.securityfocus.com/bid/55087
Google Chrome Prior to 17.0.963.83 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52674
Google Chrome Prior to 17.0.963.65 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52271
WebKit Multiple Unspecified Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55534
WebKit Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54680
Google Chrome Prior to 18.0.1025.151 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52913
Google Chrome Prior to 19 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53540
Google Chrome Prior to 18.0.1025.142 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52762
Google Chrome Prior to 18.0.1025.168 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53309
Bitweaver Multiple Cross Site Scripting and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/56230
Oracle Java SE CVE-2012-0547 Remote Java Runtime Environment Weakness
http://www.securityfocus.com/bid/55339
fwknop Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55617
phpMyFAQ 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/43560
Subrion CMS 'username' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/48224
Joomla! 'language search' Component Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55858
Subrion CMS Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55502
VLC Media Player Read Access Violation Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/55850
Mozilla Firefox/Thunderbird/SeaMonkey 'defaultValue()' Security Bypass Vulnerability
http://www.securityfocus.com/bid/56155
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4191 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56153
Mozilla Firefox/Thunderbird/SeaMonkey Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56154
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4190 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56151
Xen CVE-2012-3515 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55413
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1973 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55316
WordPress 'doing_wp_cron' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56263
WordPress Poll Plugin 'wp-admin/admin-ajax.php' Script Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/56249
WordPress FireStorm Professional Real Estate Plugin Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/56248
Microsoft Office Picture Manager Memory Corruption Denial of Service Vulnerability
http://www.securityfocus.com/bid/56239
Linux Kernel 'ext4_convert_unwritten_exten()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56238
AContent SQL Injection and Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/56237
2012年10月25日木曜日
25日 木曜日、先勝
+ CVE-2008-6536 Unspecified vulnerability in 7-zip
https://blogs.oracle.com/sunsecurity/entry/cve_2008_6536_unspecified_vulnerability
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6536
+ CVE-2012-5166 Denial of Service vulnerability in ISC BIND
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5166_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166
クラウドプレフィルタ 緊急サーバメンテナンスのお知らせ(2012年10月28日)
http://www.trendmicro.co.jp/support/news.asp?id=1856
Advisory: SafeGuard Configuration Protection - a tool to avoid potential issues after upgrading clients running Sophos Anti-Virus has now been released
http://www.sophos.com/en-us/support/knowledgebase/118461.aspx
Advisory: Shh/Updater-B False positives
http://www.sophos.com/en-us/support/knowledgebase/118311.aspx
[waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery P
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00126.html
[SECURITY] [DSA 2565-1] iceweasel security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00121.html
HP/H3C and Huawei SNMP Weak Access to Critical Data
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00122.html
[SECURITY] [DSA 2564-1] tinyproxy security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00125.html
[SECURITY] [DSA 2563-1] viewvc security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00123.html
[SECURITY] [DSA 2562-1] cups-pk-helper security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00124.html
VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerabil
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00120.html
VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerabilit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00119.html
VUPEN Security Research - Microsoft Internet Explorer "scrollIntoView" Use-After-Free Vu
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00118.html
VUPEN Security Research - Microsoft Internet Explorer "OnMove" Use-After-Free Vulnerabil
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00117.html
[security bulletin] HPSBUX02824 SSRT100970 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code, and Other Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00116.html
[security bulletin] HPSBHF02819 SSRT100920 rev.1 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00115.html
DC4420 - London DEFCON - October meet - tomorrow, Tuesday 23rd October.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00114.html
[ MDVSA-2012:168 ] hostapd
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00113.html
[SECURITY] [DSA 2561-1] tiff security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00110.html
VaM Shop Cross-Site Scripting and Blind SQL Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00112.html
[SECURITY] [DSA 2560-1] bind9 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00109.html
F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00108.html
XSS Vulnerabilities in ClipBucket
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00107.html
XSS Vulnerabilities in CMSMini
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00106.html
XSS Vulnerabilities in TaskFreak
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00105.html
世界のセキュリティ・ラボから
「87654321」というパスワードは強力?
http://itpro.nikkeibp.co.jp/article/COLUMN/20121021/431302/?ST=security
JVNVU#160027 複数の Broadcom 製無線チップセットにサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU160027/
JVNVU#872545 Adobe Shockwave Player に複数の脆弱性
http://jvn.jp/cert/JVNVU872545/
Apple Itunes Memory Corruption and Application Crash Remote Vulnerability
http://www.securiteam.com/securitynews/6V0360075O.html
Endpoint Protector Multiple Web Vulnerabilities
http://www.securiteam.com/securitynews/6V03K155PO.html
Cyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035
http://isc.sans.edu/diary.html?storyid=14371
3Com, HP, and H3C Switches SNMP Configuration Lets Remote Users Take Administrative Actions
http://www.securitytracker.com/id/1027694
VU#225404 HP/H3C and Huawei networking equipment h3c-user snmp vulnerability
http://www.kb.cert.org/vuls/id/225404
VU#268267 DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
http://www.kb.cert.org/vuls/id/268267
SUSE update for kernel
http://secunia.com/advisories/51099/
Joomla! Commedia Component "id" SQL Injection Vulnerability
http://secunia.com/advisories/51076/
Ubuntu update for python3.2
http://secunia.com/advisories/51089/
Winmail Server Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/50631/
WordPress Cimy User Manager Plugin "cimy_um_filename" Arbitrary File Disclosure Vulnerability
http://secunia.com/advisories/50834/
WordPress Spider Calendar Plugin "many_sp_calendar" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50981/
TIBCO Formvine Multiple Unspecified Vulnerabilities
http://secunia.com/advisories/51092/
OpenAthens SP for Java SAML Assertion Signature Validation Vulnerability
http://secunia.com/advisories/51084/
Oracle Solaris BIND Record Handling Lockup Vulnerability
http://secunia.com/advisories/51078/
Debian update for tinyproxy
http://secunia.com/advisories/51074/
Oracle Solaris 7-zip Unspecified Vulnerability
http://secunia.com/advisories/50926/
Liferay Portal Multiple Vulnerabilities
http://secunia.com/advisories/51095/
Debian update for viewvc
http://secunia.com/advisories/51072/
Debian update for iceweasel
http://secunia.com/advisories/50970/
Adobe Shockwave Player Multiple Vulnerabilities
http://secunia.com/advisories/51090/
HP-UX update for BIND
http://secunia.com/advisories/51096/
JetPort 5600 Hardcoded Credentials Security Issue
http://secunia.com/advisories/51083/
IBM AIX BIND Record Handling Lockup Vulnerability
http://secunia.com/advisories/51106/
Microsoft Office Word 2010 Stack Exhaustion
http://cxsecurity.com/issue/WLB-2012100208
Inout Article Base Ultimate 2 Blind SQLi & CSRF
http://cxsecurity.com/issue/WLB-2012100211
ENGINE 3.0 <= SQL Injection
http://cxsecurity.com/issue/WLB-2012100210
zomorrod Web Design SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012100209
REMOTE: Turbo FTP Server 1.30.823 PORT Overflow
http://www.exploit-db.com/exploits/22161
DoS/PoC: Apple QuickTime Player 7.7.2 Crash PoC
http://www.exploit-db.com/exploits/22214
DoS/PoC: Microsoft Office Word 2010 Crash PoC
http://www.exploit-db.com/exploits/22215
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3968 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55276
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-3969 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55292
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3970 Use-After-Free Memory CorruptionVulnerability
http://www.securityfocus.com/bid/55278
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3962 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55342
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3960 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55325
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3963 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55340
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3964 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55322
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3967 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55277
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-1970 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55266
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1974 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55317
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1975 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55318
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1972 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55314
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3959 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55324
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3958 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55323
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3966 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55274
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1976 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55319
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3978 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55306
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3957 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55341
Mozilla Firefox/SeaMonkey CVE-2012-3976 Address Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/55313
Mozilla Firefox/Thunderbird Web Console CVE-2012-3980 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55257
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3956 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55320
Linux Kernel dl2k Network Driver IOCTL Handling Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53965
python 'distutils' Component '~/.pypirc' File Local Race Condition Vulnerability
http://www.securityfocus.com/bid/52732
Python SimpleXMLRPCServer Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51996
Python Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51239
Python 'audioop' Module Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40863
Python 'PySys_SetArgv' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/40862
Python 'audioop' Module Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40370
Fedora 'Dracut' Package Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55713
Microsoft Internet Explorer Image Arrays Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55562
Multiple HP Products CVE-2012-3268 Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56183
Linux Kernel CVE-2011-4110 NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/50755
Linux Kernel 'ib_uverbs_poll_cq()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46488
Microsoft Internet Explorer OnMove Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55641
Eduserv OpenAthens SP for Java CVE-2012-5353 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55899
ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55522
RETIRED: Adobe Flash Player and AIR APSB12-22 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/55827
RETIRED: Adobe Flash Player and AIR APSB12-19 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/55136
RETIRED: Adobe Shockwave Player APSB12-23 Multiple Code Execution Vulnerabilities
http://www.securityfocus.com/bid/56181
ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55852
ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54658
ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53772
7-Zip Unspecified Archive Handling Vulnerability
http://www.securityfocus.com/bid/28285
Linux Kernel IPv6 'nf_ct_frag6_reasm()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54367
Linux Kernel 'sock_alloc_send_pskb()' Function Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53721
Linux Kernel iptables '--syn' Rules Security Bypass Vulnerability
http://www.securityfocus.com/bid/53733
Linux Kernel 'taskstats' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/55144
Icecast 'error.log' Security Bypass Vulnerability
http://www.securityfocus.com/bid/56176
OpenStack Dashboard (Horizon) CVE-2012-3540 Redirect Module Open Redirection Vulnerability
http://www.securityfocus.com/bid/55329
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4179 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56129
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4186 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56135
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-4180 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56126
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-3982 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55924
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3990 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56131
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3991 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55930
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-4188 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56123
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4182 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56121
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3986 Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55922
Tinyproxy Header Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/55099
ViewVC CVE-2012-4533 HTML Injection Vulnerability
http://www.securityfocus.com/bid/56161
ViewVC 'svn_ra.py' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54199
ViewVC 'svn_ra.py' Authorization Security Bypass Vulnerability
http://www.securityfocus.com/bid/54197
ViewVC 'cvsdb.py' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/47928
cups-pk-helper 'cupsGetFile()' and 'cupsPutFile()' Local Security Vulnerabilities
http://www.securityfocus.com/bid/55911
Drupal MailChimp Module Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56234
Drupal Time Spent Module Multiple Unspecified Input Validation Vulnerabilities
http://www.securityfocus.com/bid/56233
VAM Shop Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/56232
Winmail Server Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56231
WordPress Spider Calendar Plugin 'many_sp_calendar' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56228
DomainKeys Identified Mail (DKIM) Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56227
Liferay Portal Security Bypass and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56226
Grandstream GXP1405 Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56186
2012年10月24日水曜日
24日 水曜日、赤口
+ APSB12-23: Security update available for Adobe Shockwave Player
http://www.adobe.com/support/security/bulletins/apsb12-23.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4176
+ PDFCreater 1.5.1 released
http://download.pdfforge.org/download/pdfcreator/PDFCreator-stable
+ Wireshark is 1.8.3 released
http://www.wireshark.org/docs/relnotes/wireshark-1.8.3.html
+ Microsoft Security Advisory (2755801) Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
http://technet.microsoft.com/en-us/security/advisory/2755801
+ JVN#42676559 Safari においてリモートからローカルファイルを読み取り可能な脆弱性
http://jvn.jp/jp/JVN42676559/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3713
+ SA51081 HP Multiple Products Unspecified Information Disclosure Vulnerabilities
http://secunia.com/advisories/51081/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3268
キングソフト、「遠隔操作型への4重防御」機構を備えたWindows 8対応ウイルス対策ソフト新版
http://itpro.nikkeibp.co.jp/article/NEWS/20121023/432012/?ST=security
WebブラウザーSafariに深刻な脆弱性、JVNは「Windows版の使用停止」を推奨
http://itpro.nikkeibp.co.jp/article/NEWS/20121023/432003/?ST=security
NEC、ソフトトークンによる端末認証サービス「NEC Cloud Authentication」を開始
http://itpro.nikkeibp.co.jp/article/NEWS/20121023/431902/?ST=security
JVNVU#841851 Mutiny にコマンドインジェクションの脆弱性
http://jvn.jp/cert/JVNVU841851/
JVNDB-2012-005004 (JVNVU#603276) OTRS にクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005004.html
JVNDB-2012-004939 (JVNVU#332412) ZENworks Asset Management に情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004939.html
JVNDB-2012-004958 Oracle Java SE の Java Runtime Environment における Deployment の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004958.html
JVNDB-2012-004451 libdbus における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004451.html
JVNDB-2012-004379 ISC DHCP におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004379.html
JVNDB-2012-004457 International Color Consortium Format library における整数アンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004457.html
JVNDB-2012-000088 (JVN#42676559) (JVNVU#503755) Safari においてリモートからローカルファイルを読み取り可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000088.html
JVNDB-2012-005083 (JVNVU#841851) Mutiny にコマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005083.html
JVNDB-2012-005082 IBM XIV Storage System Gen3 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005082.html
JVNDB-2012-005080 IBM DB2 におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005080.html
JVNDB-2012-005079 Windows 上で稼働する CA ARCserve Backup におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005079.html
JVNDB-2012-005078 Windows 上で稼働する CA ARCserve Backup のサーバにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005078.html
JVNDB-2012-003475 MIT Kerberos の KDC におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003475.html
JVNDB-2012-003474 MIT Kerberos の KDC におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003474.html
JVNDB-2012-003918 Oracle Java 7 に脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003918.html
JVNDB-2012-004019 Oracle Java SE の Java Runtime Environment (JRE) における Beans の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004019.html
JVNDB-2012-002755 Oracle Java SE の Java Runtime Environment (JRE) におけるライブラリの処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002755.html
JVNDB-2012-002754 Oracle Java SE の Java Runtime Environment (JRE) における Hotspot の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002754.html
JVNDB-2012-002751 Oracle Java SE の Java Runtime Environment (JRE) における Deployment の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002751.html
JVNDB-2012-002750 Oracle Java SE の Java Runtime Environment (JRE) における Deployment の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002750.html
JVNDB-2012-002748 Oracle Java SE の Java Runtime Environment (JRE) における CORBA の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002748.html
JVNDB-2012-002747 Oracle Java SE の Java Runtime Environment (JRE) における Security の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002747.html
Cyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
http://isc.sans.edu/diary.html?storyid=14362
VU#160027 Broadcom BCM4325 and BCM4329 wireless chipset denial-of-service vulnerability
http://www.kb.cert.org/vuls/id/160027
VU#872545 Adobe Shockwave 11.6.7.637 contains multiple exploitable vulnerabilities
http://www.kb.cert.org/vuls/id/872545
Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027692
HP/H3C and Huawei SNMP Weak Access to Critical Data
http://cxsecurity.com/issue/WLB-2012100207
Linksys WRT54GX (ADSL Router) Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012100206
Apple QuickTime 7.7.2(1680.56) Division By Zero
http://cxsecurity.com/issue/WLB-2012100205
phpMyFAQ <= 2.6.8 XSS
http://cxsecurity.com/issue/WLB-2012100204
HP Intelligent Management Center UAM sprintf Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080293
HP OO RSScheduler Service JDBC Connector Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080295
HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080288
HP SiteScope UploadFilesHandler Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080288
HP SiteScope SOAP Call getFileInternal Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080289
HP SiteScope SOAP Call create Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080290
Adobe Flash Player "Matrix3D" Integer Overflow Code Execution
http://cxsecurity.com/issue/WLB-2012090118
phpMyAdmin 3.5.2.2 server_sync.php backdoor
http://cxsecurity.com/issue/WLB-2012090231
IBM Lotus Notes Traveler 8.5.3 XSS & CSRF & Brute Force
http://cxsecurity.com/issue/WLB-2012100020
OTRS 3.1 Stored XSS Vulnerability
http://cxsecurity.com/issue/WLB-2012100157
HP Multiple Products Unspecified Information Disclosure Vulnerabilities
http://secunia.com/advisories/51081/
ViewVC Diff View Script Insertion Vulnerability
http://secunia.com/advisories/51041/
Bitrix Site Manager JW Player Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51021/
WordPress UnGallery Plugin "search" Arbitrary Command Execution Vulnerability
http://secunia.com/advisories/50875/
ManageEngine Security Manager Plus File Disclosure and SQL Injection Vulnerabilities
http://secunia.com/advisories/51069/
WordPress Zingiri Form Builder Plugin "error" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50983/
WordPress Thank You Counter Button Plugin "paged" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50977/
WordPress Zingiri Bookings Plugin "error" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50975/
F5 FirePass SQL Injection and Redirection Vulnerabilities
http://secunia.com/advisories/51045/
Dolibarr ERP/CRM Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51058/
Magento Unirgy uStoreLocator Extension SQL Injection Vulnerability
http://secunia.com/advisories/50917/
Avaya Aura Presence Services Linux Kernel Multiple Vulnerabilities
http://secunia.com/advisories/51077/
Apache OFBiz Unspecified Vulnerability
http://secunia.com/advisories/51052/
Palo Alto Networks GlobalProtect Certificate Verification Security Issue
http://secunia.com/advisories/51036/
REMOTE: Turbo FTP Server 1.30.823 PORT Overflow
http://www.exploit-db.com/exploits/22161
DoS/PoC: Adobe Reader 10.1.4 Crash PoC
http://www.exploit-db.com/exploits/22155
DoS/PoC: RealPlayer 15.0.6.14 .3gp Crash PoC
http://www.exploit-db.com/exploits/22154
Korenix Jetport 5600 Series Default Credentials Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/55196
Linux Kernel 'mmap()' Failure Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53668
Linux Kernel 'inet->opt ip_options' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/55359
Linux Kernel 'rds_recvmsg()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54702
Linux Kernel dl2k Network Driver IOCTL Handling Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53965
Linux Kernel 'i915_gem_execbuffer.c' Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/53971
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4179 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56129
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3990 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56131
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4186 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56135
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-4180 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56126
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-4188 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56123
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3991 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55930
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-3982 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55924
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4182 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56121
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3986 Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55922
Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071
ViewVC 'cvsdb.py' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/47928
ViewVC 'svn_ra.py' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54199
ViewVC CVE-2012-4533 HTML Injection Vulnerability
http://www.securityfocus.com/bid/56161
ViewVC 'svn_ra.py' Authorization Security Bypass Vulnerability
http://www.securityfocus.com/bid/54197
Adobe Shockwave Player APSB12-23 Multiple Code Execution Vulnerabilities
http://www.securityfocus.com/bid/56181
Oracle Java SE CVE-2012-5088 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56057
Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061
Oracle Java SE CVE-2012-5089 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56059
Oracle Java SE CVE-2012-5087 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56043
Oracle Java SE CVE-2012-5084 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56063
Oracle Java SE CVE-2012-5077 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56058
Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082
Oracle Java SE CVE-2012-5085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56067
Oracle Java SE CVE-2012-5086 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56039
Oracle Java SE CVE-2012-5083 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56025
Oracle Java SE CVE-2012-5076 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56054
Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080
Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081
Oracle Java SE CVE-2012-5074 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56056
Oracle Java SE CVE-2012-5070 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56079
Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083
Oracle Java SE CVE-2012-5069 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56065
Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56076
Oracle Java Virtual Machine (JVM) CVE-2012-4416 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55501
Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075
Oracle Java SE CVE-2012-5067 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56070
Oracle Java SE CVE-2012-1531 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56033
Oracle Java SE CVE-2012-3143 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56055
Oracle Java SE CVE-2012-3159 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56072
Oracle Java SE CVE-2012-1532 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56051
Oracle Java SE CVE-2012-1533 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56046
ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55852
cups-pk-helper 'cupsGetFile()' and 'cupsPutFile()' Local Security Vulnerabilities
http://www.securityfocus.com/bid/55911
Tinyproxy Header Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/55099
Oracle April 2007 Security Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/23532
Oracle January 2007 Security Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/22083
Oracle October Security Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/15134
Oracle January 2008 Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/27229
BreakPoint Software Hex Workshop '.hex' File Handling Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33932
Ots Labs OtsTurntables M3U Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/25514
Oracle January Security Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/16287
Sun Solaris 'CODE_GET_VERSION IOCTL' Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38016
FirePass SSL VPN 'refreshURL' Parameter URI Redirection Vulnerability
http://www.securityfocus.com/bid/56156
Cerulean Studios Trillian Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/29330
ManageEngine Security Manager Plus Advanced Search SQL Injection Vulnerability
http://www.securityfocus.com/bid/56138
Linux Kernel Unix Sockets Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/45037
Linux Kernel Unix Socket Backlog Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/46637
Linux Kernel 'ethtool.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45972
Drupal Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56103
Django 'HttpRequest.get_host()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56146
FreeRADIUS Multiple Stack Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/55483
JW Player 'logo.link' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55199
JW Player 'playerready' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54739
JW Player Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/48214
JW Player HTML Injection And Content Spoofing Vulnerability
http://www.securityfocus.com/bid/53876
Ruby CVE-2012-4522 Local File Creation Vulnerability
http://www.securityfocus.com/bid/56115
Ruby '#to_s' Method Incomplete Fix Security Bypass Vulnerability
http://www.securityfocus.com/bid/55813
Ruby 'error.c' Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55757
GNU glibc Multiple Local Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54982
Real Networks RealPlayer Write Access Violation Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/56113
OpenJPEG Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55214
HAProxy Trash Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53647
Broadcom BCM4325 and BCM4329 Wireless Chipset Out of Bound Read Denial of Service Vulnerability
http://www.securityfocus.com/bid/56184
Multiple HP Products CVE-2012-3268 Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56183
WordPress UnGallery Plugin 'search' Parameter Remote Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/56182
WordPress Thank You Counter Button Plugin 'paged' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56180
WordPress Zingiri Form Builder Plugin Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56179
WordPress Bookings Plugin 'error' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56177
F5 FirePass Remote SQL Injection Vulnerability
http://www.securityfocus.com/bid/56175
Joomla! 'com_sqlreport' Component Password Disclosure Vulnerability
http://www.securityfocus.com/bid/56172
2012年10月23日火曜日
23日 火曜日、大安
+ HPSBHF02819 SSRT100920 rev.1 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03515685%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3268
+ Check Point response to CVE-2012-4930 aka CRIME attack
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk86443&src=securityAlerts
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4930
+ Linux kernel 3.0.48 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.48
+ Linux Kernel 'binfmt_script.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55878
Aqua Data Studio 12.0 - Big Data Performance & ETL Shell for PostgreSQL
http://www.postgresql.org/about/news/1421/
pgBadger 2.1 released
http://www.postgresql.org/about/news/1419/
Announcing Barman 1.1
http://www.postgresql.org/about/news/1418/
ソフトウェア等の脆弱性関連情報に関する届出状況
[2012年第3四半期(7月~9月)]
http://www.ipa.go.jp/security/vuln/report/vuln2012q3.html
チェックしておきたい脆弱性情報<2012.10.23>
http://itpro.nikkeibp.co.jp/article/COLUMN/20121021/431301/?ST=security
「遠隔操作ウイルス」はありふれたウイルス――その正体を探る
「パソコンを乗っ取るウイルスは珍しくない」「感染の危険性は小さい」
http://itpro.nikkeibp.co.jp/article/NEWS/20121022/431561/?ST=security
ネットオフで1万件超の情報漏洩の可能性、サービス提供を一時停止中
http://itpro.nikkeibp.co.jp/article/NEWS/20121022/431552/?ST=security
Microsoft、封鎖に追い込んだKelihosボットネットに関する訴訟で和解
http://itpro.nikkeibp.co.jp/article/NEWS/20121022/431502/?ST=security
ソフトイーサ、遠隔操作ウイルスによる冤罪防止ソフトを無償配布開始
http://itpro.nikkeibp.co.jp/article/NEWS/20121022/431441/?ST=security
JVNDB-2012-003925 Apache QPID における認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003925.html
JVNDB-2012-003798 Adobe Flash Player におけるコンテンツを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003798.html
JVNDB-2012-003797 Adobe Flash Player における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003797.html
JVNDB-2012-003796 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003796.html
JVNDB-2012-003795 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003795.html
JVNDB-2012-003794 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003794.html
JVNDB-2012-003793 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003793.html
JVNDB-2012-003098 libexif の exif-entry.c の exif_entry_get_value 関数における整数アンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003098.html
JVNDB-2012-003097 libexif の exif-entry.c の exif_convert_utf16_to_utf8 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003097.html
JVNDB-2012-003096 libexif の olympus/mnote-olympus-entry.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003096.html
JVNDB-2012-003095 libexif の exif-data.c の exif_data_load_data 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003095.html
JVNDB-2012-003094 libexif の exif-entry.c におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003094.html
JVNDB-2012-003093 libexif の exif-entry.c の exif_convert_utf16_to_utf8 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003093.html
JVNDB-2012-003092 libexif の exif-entry.c の exif_entry_get_value 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003092.html
JVNDB-2012-003311 複数の Apple 製品で使用される WebKit における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003311.html
JVNDB-2012-002693 Intel CPU で動作する 64bit OS や仮想化環境に権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002693.html
JVNDB-2011-004380 Shibboleth OpenSAML ライブラリにおける認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-004380.html
JVNDB-2012-003532 Oracle Database Server における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003532.html
JVNDB-2012-004560 Oracle Database における総当りパスワード推測攻撃を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004560.html
JVNDB-2012-003235 PostgreSQL におけるサービス運用妨害 (サーバクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003235.html
JVNDB-2012-002716 32-bit プラットフォーム上の Linux Kernel の i915_gem_execbuffer2 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002716.html
JVNDB-2012-003022 FreeBSD の crypt_des 関数におけるアクセス権を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003022.html
JVNDB-2012-002895 Oracle MySQL および MariaDB の sql/password.c における認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002895.html
JVNDB-2012-003275 libtiff の tiff2pdf における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003275.html
JVNDB-2012-003942 複数の Mozilla 製品の nsHTMLSelectElement::SubmitNamesValues 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003942.html
JVNDB-2012-004560 Oracle Database における総当りパスワード推測攻撃を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004560.html
JVNDB-2012-004670 devscripts の scripts/dget.pl における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004670.html
JVNDB-2012-004591 IBM WebSphere Commerce におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004591.html
JVNDB-2012-004244 PHP の main/SAPI.c における HTTP レスポンス分割の保護メカニズムを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004244.html
JVNDB-2012-004675 Red Hat Enterprise MRG で使用される Cumin における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004675.html
JVNDB-2012-004677 Red Hat Enterprise MRG で使用される Cumin におけるセッションキーを推測される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004677.html
JVNDB-2012-004679 Red Hat Enterprise MRG で使用される Cumin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004683.html
JVNDB-2012-004683 Red Hat Enterprise MRG で使用される Cumin におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004683.html
JVNDB-2012-004684 Red Hat Enterprise MRG で使用される Cumin における Web セッションをハイジャックされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004684.html
JVNDB-2012-004628 Google Chrome におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004628.html
JVNDB-2012-004630 Google Chrome の IPC の実装における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004630.html
JVNDB-2012-004668 devscripts の scripts/dscverify.pl における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004668.html
JVNDB-2012-004631 Google Chrome におけるポップアップブロッカーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004631.html
JVNDB-2012-004636 Google Chrome で使用される Microsoft Windows 7 のカーネルにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004636.html
JVNDB-2012-004632 Google Chrome で使用される libxslt におけるメモリ二重解放の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004632.html
JVNDB-2012-004656 Condor の condor_startd.V6/command.cpp における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004656.html
JVNDB-2012-004380 ISC BIND におけるサービス運用妨害 (表明違反および named デーモンの終了) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004380.html
F5 FirePass SSL VPN Input Validation Flaw Permits Cross-Site URL Redirection Attacks
http://www.securitytracker.com/id/1027688
Cyber Security Awareness Month - Day 22: Connectors
http://isc.sans.edu/diary.html?storyid=14350
Potential Phish for Regular Webmail Accounts
http://isc.sans.edu/diary.html?storyid=14356
VU#841851 Mutiny Technology virtual appliance command injection vulnerability
http://www.kb.cert.org/vuls/id/841851
WordPress Wordfence Plugin "email" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51055/
dotProject Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/51060/
SUSE update for libproxy
http://secunia.com/advisories/51048/
SUSE update for chromium
http://secunia.com/advisories/51030/
WordPress White Label CMS Plugin Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/50487/
Mutiny Unspecified Command Injection Vulnerability
http://secunia.com/advisories/51094/
Gentoo update for chromium
http://secunia.com/advisories/51079/
Gentoo update for libav
http://secunia.com/advisories/51085/
Joomla! Freestyle Support Component "prodid" SQL Injection Vulnerability
http://secunia.com/advisories/51068/
Gentoo update for bash
http://secunia.com/advisories/51086/
Debian update for tiff
http://secunia.com/advisories/51049/
Debian update for bind9
http://secunia.com/advisories/51054/
Piwik Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51032/
IBM Proventia Management SiteProtector IEHS Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51066/
Self Service Password Unspecified LDAP Injection Vulnerability
http://secunia.com/advisories/51064/
Turbo FTP Server 1.30.823 PORT Overflow
http://cxsecurity.com/issue/WLB-2012100194
Movable Type Pro 5.13en Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100193
DropBox iOS & Android App File Theft
http://cxsecurity.com/issue/WLB-2012100192
NetBoot SQL Injection
http://cxsecurity.com/issue/WLB-2012100191
Oracle Java SE CVE-2012-5085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56067
Dotproject SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56152
Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061
Google Chrome Prior to 22.0.1229.79 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55676
Linux Kernel 'binfmt_script.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55878
RETIRED: Joomla Kunena 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52636
hostapd CVE-2012-4445 Message Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/55826
hostapd 'hostapd.conf' Configuration File Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/54093
IBM Eclipse Help System Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53884
ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55852
Google Chrome Prior to 22.0.1229.94 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55867
libpng 'png_formatted_warning()' Function Off-By-One Error Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51823
Ruby CVE-2012-4522 Local File Creation Vulnerability
http://www.securityfocus.com/bid/56115
LibTIFF TIFF Image Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55673
Google Chrome Prior to 21 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54749
Google Chrome Prior to 21.0.1180.89 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55331
Google Chrome Prior to 22.0.1229.92 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55830
FFmpeg libavcodec 'vqavideo.c' '.vaq' File Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53389
FFmpeg Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/51307
FFmpeg Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/51720
GNU Bash Remote Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54937
bash-doc Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/32733
TurboFTP Server 'PORT' Command Processing Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55764
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3988 Use After Free Denial of Service Vulnerability
http://www.securityfocus.com/bid/55931
Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
http://www.securityfocus.com/bid/56171
xlockmore 'dclock' Mode Security Bypass Vulnerability
http://www.securityfocus.com/bid/56169
libsocialweb CVE-2012-4511 Non-SSL Connection Man in The Middle Vulnerability
http://www.securityfocus.com/bid/56167
Mutiny CVE-2012-3001 Command Injection Vulnerability
http://www.securityfocus.com/bid/56165
Self Service Password Unspecified LDAP Injection Vulnerability
http://www.securityfocus.com/bid/56163
登録:
投稿 (Atom)