2012年10月29日月曜日
29日 月曜日、大安
+ Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2012-1407.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196
+ MFSA 2012-90 Fixes for Location object issues
http://www.mozilla.org/security/announce/2012/mfsa2012-90.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196
+ Firefox 16.0.2 released
http://www.mozilla.org/en-US/firefox/16.0.2/releasenotes/
+ Linux kernel 3.6.4, 3.4.16, 3.0.49 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.4
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.16
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.49
世界各地で連続被害、クレジットカードPOS端末 (WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20121029/433183/?ST=security
トレンドマイクロ、Windows 8向けに端末紛失対策など3種類の無償アプリを公開
http://itpro.nikkeibp.co.jp/article/NEWS/20121029/433145/?ST=security
三菱東京UFJ銀、ネットバンキングログイン時に情報を盗み出す新種ウイルスを警告
http://itpro.nikkeibp.co.jp/article/NEWS/20121027/433081/?ST=security
JVN#00322303 東京BBS におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN00322303/index.html
JVNDB-2011-002305 SSL と TLS の CBC モードに選択平文攻撃の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002305.html
JVNDB-2012-003222 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003222.html
JVNDB-2012-003221 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003221.html
JVNDB-2012-003220 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003220.html
JVNDB-2012-003219 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003219.html
JVNDB-2012-003218 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003218.html
JVNDB-2012-003217 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003217.html
JVNDB-2012-003216 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003216.html
JVNDB-2012-003215 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003215.html
JVNDB-2012-003214 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003214.html
JVNDB-2012-003213 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003213.html
JVNDB-2012-003212 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003212.html
JVNDB-2012-003223 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003223.html
JVNDB-2012-003224 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003224.html
JVNDB-2012-004886 Java 用 Eduserv OpenAthens におけるメッセージを偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004886.html
JVNDB-2012-004866 ISC BIND におけるサービス運用妨害 (named デーモンハング) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004866.html
JVNDB-2012-005130 (JVNVU#268267) 複数の DomainKeys Identified Mail (DKIM) 実装に問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005130.html
JVNDB-2012-000093 (JVN#00322303) 東京BBS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000093.html
JVNDB-2012-005129 Microsoft Office 2007 の Excel 2007 および Microsoft Excel Viewer におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005129.html
JVNDB-2012-005128 phpMyAdmin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005128.html
JVNDB-2012-005127 phpMyAdmin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005127.html
JVNDB-2012-005126 Apache Open For Business Project における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005126.html
JVNDB-2012-005125 (JVNVU#225404) HP/H3C 製および Huawei 製ネットワーク機器にアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005125.html
Inventory 1.0 Multiple XSS Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00132.html
Inventory 1.0 Multiple SQL Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00131.html
[SECURITY] [DSA 2566-1] exim4 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00130.html
[security bulletin] HPSBHF02819 SSRT100920 rev.2 - HP, 3COM, and H3C Routers & Switches, Rem
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00129.html
Firefox 16.02 Released
http://isc.sans.edu/diary.html?storyid=14398
Securing the Human Special Webcast - October 30, 2012
http://isc.sans.edu/diary.html?storyid=14392
Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant
http://isc.sans.edu/diary.html?storyid=14395
Mozilla Thunderbird 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027704
Mozilla Seamonkey 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027703
Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027701
SAP NetWeaver XML External Entity Flaw Lets Remote Users Obtain Files
http://www.securitytracker.com/id/1027700
Xen Doman Builder Size Validation Bug Lets Local Guest Administrators Denial of Service
http://www.securitytracker.com/id/1027699
Wordpress GRAND FlAGallery Plugin Multipe Vulnerabilities
http://secunia.com/advisories/51100/
Xen PV Domain Builder Kernel Decompression Denial of Service Vulnerability
http://secunia.com/advisories/51071/
IP.Board Unspecified Vulnerability
http://secunia.com/advisories/51104/
Drupal MailChimp Module Script Insertion Vulnerability
http://secunia.com/advisories/51061/
Exim DKIM DNS Decoding Buffer Overflow Vulnerability
http://secunia.com/advisories/51098/
Joomla! Freestyle Testimonials Component SQL Injection Vulnerability
http://secunia.com/advisories/51101/
Tiki Wiki CMS/Groupware "unserialize()" PHP Code Execution Vulnerability
http://secunia.com/advisories/51067/
RT RTFM Extension Article Creation Security Bypass Vulnerability
http://secunia.com/advisories/51062/
RT Multiple Vulnerabilities
http://secunia.com/advisories/51065/
IBM WebSphere MQ Multiple Java Vulnerabilities
http://secunia.com/advisories/51080/
IBM InfoSphere Streams Eclipse Help System Vulnerabilities
http://secunia.com/advisories/51073/
SAP NetWeaver XML External Entity Vulnerability
http://secunia.com/advisories/51063/
Ubuntu update for webkit
http://secunia.com/advisories/51070/
WordPress FireStorm Professional Real Estate Plugin "id" SQL Injection Vulnerability
http://secunia.com/advisories/51107/
Seotoaster 1.9 SQL Injection
http://cxsecurity.com/issue/WLB-2011120013
IrfanView TIFF Image Processing Buffer Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2012100241
IrfanView FlashPix PlugIn Double-Free Vulnerability
http://cxsecurity.com/issue/WLB-2012100240
VLC Player 2.0.3 ReadAV Arbitrary Code Execution
http://cxsecurity.com/issue/WLB-2012100083
Google SketchUp 8 Stack Based Buffer Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2012100239
Realplayer Watchfolders long Filepath Overflow
http://cxsecurity.com/issue/WLB-2012100238
NASA Tri-Agency Climate Education (TrACE) 1.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012100237
NASA Tri-Agency Climate Education (TrACE) 1.0 XSS
http://cxsecurity.com/issue/WLB-2012100236
WordPress Easy Webinar Blind SQL Injection
http://cxsecurity.com/issue/WLB-2012100235
Aladdin Knowledge System Ltd. Active-X Buffer Overflow
http://cxsecurity.com/issue/WLB-2012100234
Inventory 1.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012100233
Inventory 1.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100232
Layton Helpbox 4.4.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012100231
Layton Helpbox 4.4.0 Authorization Bypass
http://cxsecurity.com/issue/WLB-2012100230
Layton Helpbox 4.4.0 Password Disclosure
http://cxsecurity.com/issue/WLB-2012100229
Layton Helpbox 4.4.0 Stored Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100228
Layton Helpbox 4.4.0 login Bypass
http://cxsecurity.com/issue/WLB-2012100227
Layton Helpbox 4.4.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100226
Layton Helpbox 4.4.0 Unencrypted Login
http://cxsecurity.com/issue/WLB-2012100225
Gramophone 0.01b1 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100224
VideoPortalNeu SQL Injection
http://cxsecurity.com/issue/WLB-2011120016
FlirtPortal SQL Injection
http://cxsecurity.com/issue/WLB-2011120008
Social2 SQL Injection
http://cxsecurity.com/issue/WLB-2011120017
Microsoft Office Picture Manager 2010 memory corruption
http://cxsecurity.com/issue/WLB-2012100223
Microsoft Internet Explorer scrollIntoView Use-After-Free
http://cxsecurity.com/issue/WLB-2012100222
Oracle Java Font Processing maxPointCount Heap Overflow
http://cxsecurity.com/issue/WLB-2012100221
Contao 2.11.6 Path Disclosure
http://cxsecurity.com/issue/WLB-2012100220
Oracle Java Font Processing Glyph Element Memory Corruption
http://cxsecurity.com/issue/WLB-2012100219
Bitweaver 2.8.1 Cross Site Scripting & Local File Inclusion
http://cxsecurity.com/issue/WLB-2012100218
Apple QuickTime Player 7.7.2 Crash
http://cxsecurity.com/issue/WLB-2012100217
TIBCO Formvine vulnerability
http://cxsecurity.com/issue/WLB-2012100216
VaM Shop 1.69 Cross Site Scripting & SQL Injection
http://cxsecurity.com/issue/WLB-2012100215
ClanSphere 2011.3 Local File Inclusion & Remote Code Execution
http://cxsecurity.com/issue/WLB-2012100214
WordPress GRAND Flash Album Gallery SQL Injection & Disclosure & File Overwrite
http://cxsecurity.com/issue/WLB-2012100213
Drupal MailChimp 7.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100212
Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061
RT and RT RTFM Extension Security Bypass Vulnerability
http://www.securityfocus.com/bid/56291
Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075
Oracle Java SE CVE-2012-5083 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56025
Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080
Oracle Java SE CVE-2012-1532 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56051
Oracle Java SE CVE-2012-5069 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56065
Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56076
Oracle Java SE CVE-2012-5070 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56079
Request Tracker (RT) Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56290
Oracle Java SE CVE-2012-5085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56067
Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082
Oracle Java SE CVE-2012-5086 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56039
Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081
Oracle Java SE CVE-2012-5077 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56058
Oracle Java SE CVE-2012-1533 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56046
Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083
Oracle Java Virtual Machine (JVM) CVE-2012-4416 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55501
Oracle Java SE CVE-2012-5067 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56070
Oracle Java SE CVE-2012-1531 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56033
Oracle Java SE CVE-2012-3159 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56072
RETIRED: Apple iPhone/iPad/iPod touch Prior to iOS 6 Multiple Vulnerabilities
http://www.securityfocus.com/bid/55612
Oracle Java SE CVE-2012-1719 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53950
Oracle Java SE CVE-2012-1716 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53947
Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951
Oracle Java SE CVE-2012-1723 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53960
Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53946
Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952
Oracle Java SE CVE-2012-1725 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53954
Oracle Java SE CVE-2012-1720 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53956
IBM Eclipse Help System Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53884
CoDeSys Unspecified Directory Traversal Vulnerability
http://www.securityfocus.com/bid/56300
HelpBox Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56298
SafeNet Privilege 'PrivAgent.ocx' ActiveX Controls Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/56297
Inventory Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/56293
Xen PV Domain Builder Kernel Decompression Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/56289
Perl CVE-2012-5195 Heap-Based Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56287
Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56285
Joomla! Freestyle Testimonials Component Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/56284
Tiki Wiki CMS Groupware 'unserialize()' PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/56282
Inout Article Base 'ViewController.class.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/56266
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿