:: IT Security Neophyte Investigator's MEMO ::: 24日水曜日、赤口

2012年10月24日水曜日

24日水曜日、赤口

+ APSB12-23: Security update available for Adobe Shockwave Player
http://www.adobe.com/support/security/bulletins/apsb12-23.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4176

+ PDFCreater 1.5.1 released
http://download.pdfforge.org/download/pdfcreator/PDFCreator-stable

+ Wireshark is 1.8.3 released
http://www.wireshark.org/docs/relnotes/wireshark-1.8.3.html

+ Microsoft Security Advisory (2755801) Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
http://technet.microsoft.com/en-us/security/advisory/2755801

+ JVN#42676559 Safari においてリモートからローカルファイルを読み取り可能な脆弱性
http://jvn.jp/jp/JVN42676559/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3713

+ SA51081 HP Multiple Products Unspecified Information Disclosure Vulnerabilities
http://secunia.com/advisories/51081/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3268

キングソフト、「遠隔操作型への4重防御」機構を備えたWindows 8対応ウイルス対策ソフト新版
http://itpro.nikkeibp.co.jp/article/NEWS/20121023/432012/?ST=security

WebブラウザーSafariに深刻な脆弱性、JVNは「Windows版の使用停止」を推奨
http://itpro.nikkeibp.co.jp/article/NEWS/20121023/432003/?ST=security

NEC、ソフトトークンによる端末認証サービス「NEC Cloud Authentication」を開始
http://itpro.nikkeibp.co.jp/article/NEWS/20121023/431902/?ST=security

JVNVU#841851 Mutiny にコマンドインジェクションの脆弱性
http://jvn.jp/cert/JVNVU841851/

JVNDB-2012-005004 (JVNVU#603276) OTRS にクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005004.html

JVNDB-2012-004939 (JVNVU#332412) ZENworks Asset Management に情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004939.html

JVNDB-2012-004958 Oracle Java SE の Java Runtime Environment における Deployment の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004958.html

JVNDB-2012-004451 libdbus における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004451.html

JVNDB-2012-004379 ISC DHCP におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004379.html

JVNDB-2012-004457 International Color Consortium Format library における整数アンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004457.html

JVNDB-2012-000088 (JVN#42676559) (JVNVU#503755) Safari においてリモートからローカルファイルを読み取り可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000088.html

JVNDB-2012-005083 (JVNVU#841851) Mutiny にコマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005083.html

JVNDB-2012-005082 IBM XIV Storage System Gen3 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005082.html

JVNDB-2012-005080 IBM DB2 におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005080.html

JVNDB-2012-005079 Windows 上で稼働する CA ARCserve Backup におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005079.html

JVNDB-2012-005078 Windows 上で稼働する CA ARCserve Backup のサーバにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005078.html

JVNDB-2012-003475 MIT Kerberos の KDC におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003475.html

JVNDB-2012-003474 MIT Kerberos の KDC におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003474.html

JVNDB-2012-003918 Oracle Java 7 に脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003918.html

JVNDB-2012-004019 Oracle Java SE の Java Runtime Environment (JRE) における Beans の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004019.html

JVNDB-2012-002755 Oracle Java SE の Java Runtime Environment (JRE) におけるライブラリの処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002755.html

JVNDB-2012-002754 Oracle Java SE の Java Runtime Environment (JRE) における Hotspot の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002754.html

JVNDB-2012-002751 Oracle Java SE の Java Runtime Environment (JRE) における Deployment の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002751.html

JVNDB-2012-002750 Oracle Java SE の Java Runtime Environment (JRE) における Deployment の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002750.html

JVNDB-2012-002748 Oracle Java SE の Java Runtime Environment (JRE) における CORBA の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002748.html

JVNDB-2012-002747 Oracle Java SE の Java Runtime Environment (JRE) における Security の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002747.html

Cyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
http://isc.sans.edu/diary.html?storyid=14362

VU#160027 Broadcom BCM4325 and BCM4329 wireless chipset denial-of-service vulnerability
http://www.kb.cert.org/vuls/id/160027

VU#872545 Adobe Shockwave 11.6.7.637 contains multiple exploitable vulnerabilities
http://www.kb.cert.org/vuls/id/872545

Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027692

HP/H3C and Huawei SNMP Weak Access to Critical Data
http://cxsecurity.com/issue/WLB-2012100207

Linksys WRT54GX (ADSL Router) Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012100206

Apple QuickTime 7.7.2(1680.56) Division By Zero
http://cxsecurity.com/issue/WLB-2012100205

phpMyFAQ <= 2.6.8 XSS
http://cxsecurity.com/issue/WLB-2012100204

HP Intelligent Management Center UAM sprintf Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080293

HP OO RSScheduler Service JDBC Connector Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080295

HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080288

HP SiteScope UploadFilesHandler Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080288

HP SiteScope SOAP Call getFileInternal Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080289

HP SiteScope SOAP Call create Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080290

Adobe Flash Player "Matrix3D" Integer Overflow Code Execution
http://cxsecurity.com/issue/WLB-2012090118

phpMyAdmin 3.5.2.2 server_sync.php backdoor
http://cxsecurity.com/issue/WLB-2012090231

IBM Lotus Notes Traveler 8.5.3 XSS & CSRF & Brute Force
http://cxsecurity.com/issue/WLB-2012100020

OTRS 3.1 Stored XSS Vulnerability
http://cxsecurity.com/issue/WLB-2012100157

HP Multiple Products Unspecified Information Disclosure Vulnerabilities
http://secunia.com/advisories/51081/

ViewVC Diff View Script Insertion Vulnerability
http://secunia.com/advisories/51041/

Bitrix Site Manager JW Player Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51021/

WordPress UnGallery Plugin "search" Arbitrary Command Execution Vulnerability
http://secunia.com/advisories/50875/

ManageEngine Security Manager Plus File Disclosure and SQL Injection Vulnerabilities
http://secunia.com/advisories/51069/

WordPress Zingiri Form Builder Plugin "error" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50983/

WordPress Thank You Counter Button Plugin "paged" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50977/

WordPress Zingiri Bookings Plugin "error" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50975/

F5 FirePass SQL Injection and Redirection Vulnerabilities
http://secunia.com/advisories/51045/

Dolibarr ERP/CRM Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51058/

Magento Unirgy uStoreLocator Extension SQL Injection Vulnerability
http://secunia.com/advisories/50917/

Avaya Aura Presence Services Linux Kernel Multiple Vulnerabilities
http://secunia.com/advisories/51077/

Apache OFBiz Unspecified Vulnerability
http://secunia.com/advisories/51052/

Palo Alto Networks GlobalProtect Certificate Verification Security Issue
http://secunia.com/advisories/51036/

REMOTE: Turbo FTP Server 1.30.823 PORT Overflow
http://www.exploit-db.com/exploits/22161

DoS/PoC: Adobe Reader 10.1.4 Crash PoC
http://www.exploit-db.com/exploits/22155

DoS/PoC: RealPlayer 15.0.6.14 .3gp Crash PoC
http://www.exploit-db.com/exploits/22154

Korenix Jetport 5600 Series Default Credentials Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/55196

Linux Kernel 'mmap()' Failure Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53668

Linux Kernel 'inet->opt ip_options' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/55359

Linux Kernel 'rds_recvmsg()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54702

Linux Kernel dl2k Network Driver IOCTL Handling Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53965

Linux Kernel 'i915_gem_execbuffer.c' Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/53971

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4179 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56129

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3990 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56131

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4186 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56135

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-4180 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56126

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-4188 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56123

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3991 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55930

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-3982 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55924

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4182 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56121

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3986 Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55922

Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071

ViewVC 'cvsdb.py' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/47928

ViewVC 'svn_ra.py' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54199

ViewVC CVE-2012-4533 HTML Injection Vulnerability
http://www.securityfocus.com/bid/56161

ViewVC 'svn_ra.py' Authorization Security Bypass Vulnerability
http://www.securityfocus.com/bid/54197

Adobe Shockwave Player APSB12-23 Multiple Code Execution Vulnerabilities
http://www.securityfocus.com/bid/56181

Oracle Java SE CVE-2012-5088 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56057

Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061

Oracle Java SE CVE-2012-5089 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56059

Oracle Java SE CVE-2012-5087 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56043

Oracle Java SE CVE-2012-5084 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56063

Oracle Java SE CVE-2012-5077 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56058

Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082

Oracle Java SE CVE-2012-5085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56067

Oracle Java SE CVE-2012-5086 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56039

Oracle Java SE CVE-2012-5083 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56025

Oracle Java SE CVE-2012-5076 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56054

Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080

Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081

Oracle Java SE CVE-2012-5074 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56056

Oracle Java SE CVE-2012-5070 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56079

Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083

Oracle Java SE CVE-2012-5069 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56065

Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56076

Oracle Java Virtual Machine (JVM) CVE-2012-4416 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55501

Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075

Oracle Java SE CVE-2012-5067 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56070

Oracle Java SE CVE-2012-1531 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56033

Oracle Java SE CVE-2012-3143 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56055

Oracle Java SE CVE-2012-3159 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56072

Oracle Java SE CVE-2012-1532 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56051

Oracle Java SE CVE-2012-1533 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56046

ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55852

cups-pk-helper 'cupsGetFile()' and 'cupsPutFile()' Local Security Vulnerabilities
http://www.securityfocus.com/bid/55911

Tinyproxy Header Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/55099

Oracle April 2007 Security Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/23532

Oracle January 2007 Security Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/22083

Oracle October Security Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/15134

Oracle January 2008 Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/27229

BreakPoint Software Hex Workshop '.hex' File Handling Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33932

Ots Labs OtsTurntables M3U Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/25514

Oracle January Security Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/16287

Sun Solaris 'CODE_GET_VERSION IOCTL' Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38016

FirePass SSL VPN 'refreshURL' Parameter URI Redirection Vulnerability
http://www.securityfocus.com/bid/56156

Cerulean Studios Trillian Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/29330

ManageEngine Security Manager Plus Advanced Search SQL Injection Vulnerability
http://www.securityfocus.com/bid/56138

Linux Kernel Unix Sockets Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/45037

Linux Kernel Unix Socket Backlog Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/46637

Linux Kernel 'ethtool.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45972

Drupal Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56103

Django 'HttpRequest.get_host()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56146

FreeRADIUS Multiple Stack Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/55483

JW Player 'logo.link' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55199

JW Player 'playerready' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54739

JW Player Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/48214

JW Player HTML Injection And Content Spoofing Vulnerability
http://www.securityfocus.com/bid/53876

Ruby CVE-2012-4522 Local File Creation Vulnerability
http://www.securityfocus.com/bid/56115

Ruby '#to_s' Method Incomplete Fix Security Bypass Vulnerability
http://www.securityfocus.com/bid/55813

Ruby 'error.c' Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55757

GNU glibc Multiple Local Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54982

Real Networks RealPlayer Write Access Violation Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/56113

OpenJPEG Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55214

HAProxy Trash Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53647

Broadcom BCM4325 and BCM4329 Wireless Chipset Out of Bound Read Denial of Service Vulnerability
http://www.securityfocus.com/bid/56184

Multiple HP Products CVE-2012-3268 Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56183

WordPress UnGallery Plugin 'search' Parameter Remote Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/56182

WordPress Thank You Counter Button Plugin 'paged' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56180

WordPress Zingiri Form Builder Plugin Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56179

WordPress Bookings Plugin 'error' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56177

F5 FirePass Remote SQL Injection Vulnerability
http://www.securityfocus.com/bid/56175

Joomla! 'com_sqlreport' Component Password Disclosure Vulnerability
http://www.securityfocus.com/bid/56172

:: IT Security Neophyte Investigator's MEMO ::

2012年10月24日水曜日

24日水曜日、赤口

0 件のコメント:

コメントを投稿

2012年10月24日水曜日

24日 水曜日、赤口

0 件のコメント:

コメントを投稿

24日水曜日、赤口