:: IT Security Neophyte Investigator's MEMO ::: 10日水曜日、友引

2012年10月10日水曜日

10日水曜日、友引

+ 2012 年 10 月のセキュリティ情報
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-oct

+ MS12-064 - 緊急 Microsoft Word の脆弱性により、リモートでコードが実行される (2742319)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2528

+ MS12-065 - 重要 Microsoft Works の脆弱性により、リモートでコードが実行される (2754670)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2550

+ MS12-066 - 重要 HTML のサニタイズコンポーネントの脆弱性により、特権が昇格される (2741517)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2520

+ MS12-067 - 重要 FAST Search Server 2010 for SharePoint の解析の脆弱性により、リモートでコードが実行される (2742321)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3110

+ MS12-068 - 重要 Windows カーネルの脆弱性により、特権が昇格される (2724197)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2529

+ MS12-069 - 重要 Kerberos の脆弱性により、サービス拒否が起こる (2743555)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2551

+ MS12-070 - 重要 SQL Server の脆弱性により、特権が昇格される (2754849)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2552

+ RHSA-2012:1351 Critical: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2012-1351.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188

+ RHSA-2012:1350 Critical: firefox security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-1350.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188

+ Mozilla Firefox 16.0 released
http://www.mozilla.org/en-US/firefox/16.0/releasenotes/buglist.html

+ Moziila Thunderbird 16.0 released
http://www.mozilla.org/en-US/thunderbird/16.0/releasenotes/

+ MFSA 2012-87 Use-after-free in the IME State Manager
http://www.mozilla.org/security/announce/2012/mfsa2012-87.html

+ MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer
http://www.mozilla.org/security/announce/2012/mfsa2012-86.html

+ MFSA 2012-85 Use-after-free
buffer overflow
and out of bounds read issues found using Address Sanitizer
http://www.mozilla.org/security/announce/2012/mfsa2012-85.html

+ MFSA2012-84 Spoofing and script injection through location.hash
http://www.mozilla.org/security/announce/2012/mfsa2012-84.html

+ MFSA2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
http://www.mozilla.org/security/announce/2012/mfsa2012-83.html

+ MFSA2012-82 top object and location property accessible by plugins
http://www.mozilla.org/security/announce/2012/mfsa2012-82.html

+ MFSA2012-81 GetProperty function can bypass security checks
http://www.mozilla.org/security/announce/2012/mfsa2012-81.html

+ MFSA2012-80 Crash with invalid cast when using instanceof operator
http://www.mozilla.org/security/announce/2012/mfsa2012-80.html

+ MFSA2012-79 DOS and crash with full screen and history navigation
http://www.mozilla.org/security/announce/2012/mfsa2012-79.html

+ MFSA2012-78 Reader Mode pages have chrome privileges
http://www.mozilla.org/security/announce/2012/mfsa2012-78.html

+ MFSA2012-77 Some DOMWindowUtils methods bypass security checks
http://www.mozilla.org/security/announce/2012/mfsa2012-77.html

+ MFSA2012-76 Continued access to initial origin after setting document.domain
http://www.mozilla.org/security/announce/2012/mfsa2012-76.html

+ MFSA2012-75 select element persistance allows for attacks
http://www.mozilla.org/security/announce/2012/mfsa2012-75.html

+ MFSA2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)
http://www.mozilla.org/security/announce/2012/mfsa2012-74.html

+ BIND 9.9.2
9.9.1-P4
9.8.4
9.8.3-P4
9.7.7
9.7.6-P4
9.6-ESV-R8
9.6-ESV-R7-P4 released
https://kb.isc.org/article/AA-00798
https://kb.isc.org/article/AA-00812
https://kb.isc.org/article/AA-00797
https://kb.isc.org/article/AA-00813
https://kb.isc.org/article/AA-00796
https://kb.isc.org/article/AA-00811
https://kb.isc.org/article/AA-00795
https://kb.isc.org/article/AA-00809

+ Specially Crafted DNS Data Can Cause a Lockup in named
https://www.isc.org/software/bind/advisories/cve-2012-5166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166

+ HPSBOV02822 SSRT100966 rev.1 - HP Secure Web Server (SWS) for OpenVMS
Remote Denial of Service (DoS)
Unauthorized Access
Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03517954%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031

+ Multiple vulnerabilities in PostgreSQL
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3489

+ UPDATE: Microsoft Security Advisory (2749655) Compatibility Issues Affecting Signed Microsoft Binaries
http://technet.microsoft.com/en-us/security/advisory/2749655

+ UPDATE: Microsoft Security Advisory (2737111) Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2737111

+ UPDATE: Microsoft Security Advisory (2661254) Update For Minimum Certificate Key Length
http://technet.microsoft.com/en-us/security/advisory/2661254

+ マイクロソフトセキュリティアドバイザリ (2749655) 署名されたマイクロソフトバイナリに影響を与える互換性の問題
http://technet.microsoft.com/ja-jp/security/advisory/2749655

+ UPDATE: マイクロソフトセキュリティアドバイザリ (2737111) Microsoft Exchange および FAST Search Server 2010 for SharePoint の解析の脆弱性により、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2737111

+ UPDATE: マイクロソフトセキュリティアドバイザリ (2661254) 証明書の鍵長の最小値に関する更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2661254

+ Tomcat 7.0.32 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

+ Linux kernel 2.6.32.60 released
http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.60

+ MySQL 5.5.28, 5.1.66 released
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-28.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-66.html

+ SA50849 Linux Kernel HFS+ Privilege Escalation Vulnerability
http://secunia.com/advisories/50849/

静的検証ツールのコベリティ、Webの脆弱性検出ツールでエンタープライズ分野に本格参入
http://itpro.nikkeibp.co.jp/article/Interview/20121009/428581/?ST=security

フォティーンフォティ技術研究所が標的型攻撃対策ゲートウエイを発売
http://itpro.nikkeibp.co.jp/article/NEWS/20121008/428221/?ST=security

チェックしておきたい脆弱性情報＜2012.10.09＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20121004/427503/?ST=security

[security bulletin] HPSBOV02822 SSRT100966 rev.1 - HP Secure Web Server (SWS) for OpenVMS, Remot
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00046.html

Privilege Escalation Vulnerability in Microsoft Windows
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00047.html

WingFTP Server Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00051.html

BufferOverflow Vulnerability on Logica HotScan SWIFT Alliance Access Interface
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00050.html

WingFTP Server Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00049.html

soapbox Local Root / Privilege Escalation Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00048.html

[SECURITY] [DSA 2558-1] bacula security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00045.html

Key Systems Electronic Key Lockers command injection and weak authentication vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00054.html

Endpoint Protector v4.0.4.0 - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00044.html

GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00043.html

Interspire Email Marketer v6.0.1 - Multiple Vulnerabilites
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00042.html

[PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00041.html

[SECURITY] [DSA 2557-1] hostapd security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00040.html

[SECURITY] [DSA 2556-1] icedove security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00039.html

utempter allows fake host setting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00038.html

[ MDVSA-2012:161 ] html2ps
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00037.html

Blender 2.63 Exploitable User Mode Write AV
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00036.html

ESA-2012-035: RSAR Adaptive Authentication (On-Premise) Information Disclosure Vulnerabi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00035.html

[SECURITY] [DSA 2555-1] libxslt security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00034.html

[ MDVSA-2012:160 ] imagemagick
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00033.html

[ MDVSA-2012:150-1 ] java-1.6.0-openjdk
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00032.html

[ MDVSA-2012:151-1 ] ghostscript
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00031.html

FastStone Image Viewer 4.6 <= ReadAVonIP Arbitrary Code Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00053.html

Hardcoreview WriteAV Arbitrary Code Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00052.html

Team SHATTER Security Advisory: Java Operating System command execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00030.html

Team SHATTER Security Advisory: Elevated roles through DBCC
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00029.html

Team SHATTER Security Advisory: Multiple SQL Injection in Oracle Enterprise Manager (SQL Tunning Set
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00028.html

Team SHATTER Security Advisory: XML file disclosure vulnerability via GET_WRAP_CFG_C and GET_WRAP_CF
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00027.html

[DCA-2011-0013] - IBM Informix Dynamic Server 11.50 SET COLLATION Stack OverFlow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00026.html

Cyber Security Awreness Month - Day 9 - Request for Comment (RFC)
http://isc.sans.edu/diary.html?storyid=14269

Microsoft October 2012 Black Tuesday Update - Overview
http://isc.sans.edu/diary.html?storyid=14272

Microsoft Office InfoPath HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027629

Microsoft Office Communicator HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027628

Microsoft Lync HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027627

Microsoft SharePoint HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027626

Microsoft Groove Server HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027625

Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027624

Microsoft SQL Server Input Validation Flaw in Reporting Services Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027623

Windows Kernel Integer Overflow Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027622

Microsoft Works Heap Corruption Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027621

Microsoft Kerberos Null Pointer Dereference Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027620

Microsoft Word Memory Errors Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027618

Microsoft Products HTML Sanitisation Component Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50855/

Microsoft Works DOC File Processing Memory Corruption Vulnerability
http://secunia.com/advisories/50844/

Microsoft SQL Server Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50901/

Microsoft Products PAPX Section and listid Handling Vulnerabilities
http://secunia.com/advisories/50835/

Microsoft Windows Kerberos Session Handling Denial of Service Vulnerability
http://secunia.com/advisories/50867/

Microsoft Windows Kernel Integer Overflow Privilege Escalation Vulnerability
http://secunia.com/advisories/50862/

Fujitsu Interstage HTTP Server "httpOnly" Cookie Information Disclosure Vulnerability
http://secunia.com/advisories/50840/

Siemens SIMATIC S7-1200 Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50816/

Zen Cart "zen_get_all_get_params()" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50574/

Pale Moon Multiple Unspecified Vulnerabilities
http://secunia.com/advisories/50817/

Ubuntu update for kernel
http://secunia.com/advisories/50848/

Red Hat update for flash-plugin
http://secunia.com/advisories/50820/

Ubuntu update for kernel
http://secunia.com/advisories/50807/

Linux Kernel HFS+ Privilege Escalation Vulnerability
http://secunia.com/advisories/50849/

Interspire Email Marketer "Action" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50815/

Siemens SiPass Integrated Message Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/50900/

Icy Phoenix "subject" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50890/

Debian update for bacula
http://secunia.com/advisories/50808/

Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/50872/

Adobe Flash Player / AIR Multiple Vulnerabilities
http://secunia.com/advisories/50876/

CMS2U (SQLi/phpinfo.php/Upload Shell) Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012100079

Hostapd Missing EAP-TLS Message Length Validation
http://cxsecurity.com/issue/WLB-2012100078

HCView WriteAV Crash Proof Of Concept
http://cxsecurity.com/issue/WLB-2012100077

Breviloquent SQL Injection
http://cxsecurity.com/issue/WLB-2012100076

Interspire Email Marketer 6.0.1 XSS / SQL Injection
http://cxsecurity.com/issue/WLB-2012100075

Avaya IP Office Customer Call Reporter Command Execution
http://cxsecurity.com/issue/WLB-2012100074

Avaya WinPMD UniteHostRouter Buffer Overflow
http://cxsecurity.com/issue/WLB-2012100073

Easy Fast Admin SQL Injection
http://cxsecurity.com/issue/WLB-2012100072

Number Nine Design SQL Injection
http://cxsecurity.com/issue/WLB-2012100071

MyFreePost Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100070

YourArcadeScript 2.4 Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012100069

Megapolis.Portal Manager Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100068

Icy Phoenix 2.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100067

Web Help Desk 11.0.7 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100066

Endpoint Protector 4.0.4.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100065

LOCAL: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow
http://www.exploit-db.com/exploits/21831

DoS/PoC: Arctic Torrent 1.2.3 Memory Corruption (DoS)
http://www.exploit-db.com/exploits/21824

DoS/PoC: FL Studio 10 Producer Edition SEH Based Buffer Overflow PoC
http://www.exploit-db.com/exploits/21826

DoS/PoC: Gom Player 2.1.44.5123 (Unicode) NULL Pointer Dereference
http://www.exploit-db.com/exploits/21830

Microsoft SQL Server Report Manager CVE-2012-2552 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55783

Microsoft Windows Kerberos CVE-2012-2551 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55778

Siemens SIMATIC S7-1200 PLC 'web server' Component Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55841

WellinTech KingView Backdoor Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/54729

Adobe Flash Player and AIR APSB12-22 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/55827

TLS Protocol CVE-2012-4929 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55704

Xen CVE-2012-3515 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55413

QEMU KVM CVE-2012-0029 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51642

Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
http://www.securityfocus.com/bid/50802

Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/49303

Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50494

Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/47929

Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407

Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/47820

Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49957

Linux Kernel HFS Plus Filesystem Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53401

Linux Kernel EXT4 'ext4_fill_flex_info()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53414

Ruby 'error.c' Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55757

Oracle Outside In Technology CVE-2012-3107 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54504

Oracle Outside In Technology CVE-2012-3110 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54506

Oracle Outside In Technology CVE-2012-1770 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54541

Oracle Outside In Technology CVE-2012-1768 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54536

Oracle Outside In Technology CVE-2012-1767 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54511

Oracle Outside In Technology CVE-2012-3108 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54550

Oracle Outside In Technology CVE-2012-1766 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54531

Oracle Outside In Technology CVE-2012-3106 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54546

Oracle Outside In Technology CVE-2012-3109 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54554

Oracle Outside In Technology CVE-2012-1769 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54500

Oracle Outside In Technology CVE-2012-1773 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54548

Oracle Outside In Technology CVE-2012-1772 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54497

Oracle Outside In Technology CVE-2012-1771 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54543

Perl HTML::Template::Pro Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51117

Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51706

Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
http://www.securityfocus.com/bid/55628

Apache CXF Child Policies Security Bypass Vulnerability
http://www.securityfocus.com/bid/53880

Apache CXF Elements Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/53877

Linux Kernel SFC Driver CVE-2012-3412 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54763

PhpTax 'drawimage.php' Remote Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/55759

Linux Kernel Netlink Message Handling Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55152

Linux Kernel 'sock_alloc_send_pskb()' Function Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53721

Avaya WinPDM Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/47947

Avaya IP Office Customer Call Reporter 'ImageUpload.ashx' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54225

Wing FTP Server Denial of Service Vulnerability
http://www.securityfocus.com/bid/55847

et-chat 'farbe' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/55845

Key Systems Electronic Key Lockers Command Injection and Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/55844

HotScan Interface CVE-2012-2624 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55843

RSA Adaptive Authentication (On Premise) CVE-2012-2286 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55842

GOM Player NULL Pointer Dereference Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55840

PLIB 'ssgParser.cxx' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55839

Zen Cart 'zen_get_all_get_params()' Function Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55838

Pale Moon Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/55836

Siemens SiPass Integrated 'SiPass server' Component Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55835

Microsoft SharePoint And Microsoft Lync HTML Sanitization Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55797

Microsoft Works CVE-2012-2550 Word File Handling Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55796

Microsoft Windows Kernel 'Win32k.sys' Integer Overflow Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55793

Microsoft Word RTF File Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55781

Microsoft Word PAPX Section Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55780

:: IT Security Neophyte Investigator's MEMO ::

2012年10月10日水曜日

10日水曜日、友引

0 件のコメント:

コメントを投稿

2012年10月10日水曜日

10日 水曜日、友引

0 件のコメント:

コメントを投稿

10日水曜日、友引