:: IT Security Neophyte Investigator's MEMO ::: 29日月曜日、大安

2012年10月29日月曜日

29日月曜日、大安

+ Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2012-1407.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196

+ MFSA 2012-90 Fixes for Location object issues
http://www.mozilla.org/security/announce/2012/mfsa2012-90.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196

+ Firefox 16.0.2 released
http://www.mozilla.org/en-US/firefox/16.0.2/releasenotes/

+ Linux kernel 3.6.4, 3.4.16, 3.0.49 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.4
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.16
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.49

世界各地で連続被害、クレジットカードPOS端末（WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20121029/433183/?ST=security

トレンドマイクロ、Windows 8向けに端末紛失対策など3種類の無償アプリを公開
http://itpro.nikkeibp.co.jp/article/NEWS/20121029/433145/?ST=security

三菱東京UFJ銀、ネットバンキングログイン時に情報を盗み出す新種ウイルスを警告
http://itpro.nikkeibp.co.jp/article/NEWS/20121027/433081/?ST=security

JVN#00322303 東京BBS におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN00322303/index.html

JVNDB-2011-002305 SSL と TLS の CBC モードに選択平文攻撃の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002305.html

JVNDB-2012-003222 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003222.html

JVNDB-2012-003221 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003221.html

JVNDB-2012-003220 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003220.html

JVNDB-2012-003219 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003219.html

JVNDB-2012-003218 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003218.html

JVNDB-2012-003217 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003217.html

JVNDB-2012-003216 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003216.html

JVNDB-2012-003215 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003215.html

JVNDB-2012-003214 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003214.html

JVNDB-2012-003213 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003213.html

JVNDB-2012-003212 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003212.html

JVNDB-2012-003223 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003223.html

JVNDB-2012-003224 Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003224.html

JVNDB-2012-004886 Java 用 Eduserv OpenAthens におけるメッセージを偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004886.html

JVNDB-2012-004866 ISC BIND におけるサービス運用妨害 (named デーモンハング) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004866.html

JVNDB-2012-005130 (JVNVU#268267) 複数の DomainKeys Identified Mail (DKIM) 実装に問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005130.html

JVNDB-2012-000093 (JVN#00322303) 東京BBS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000093.html

JVNDB-2012-005129 Microsoft Office 2007 の Excel 2007 および Microsoft Excel Viewer におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005129.html

JVNDB-2012-005128 phpMyAdmin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005128.html

JVNDB-2012-005127 phpMyAdmin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005127.html

JVNDB-2012-005126 Apache Open For Business Project における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005126.html

JVNDB-2012-005125 (JVNVU#225404) HP/H3C 製および Huawei 製ネットワーク機器にアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005125.html

Inventory 1.0 Multiple XSS Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00132.html

Inventory 1.0 Multiple SQL Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00131.html

[SECURITY] [DSA 2566-1] exim4 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00130.html

[security bulletin] HPSBHF02819 SSRT100920 rev.2 - HP, 3COM, and H3C Routers & Switches, Rem
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00129.html

Firefox 16.02 Released
http://isc.sans.edu/diary.html?storyid=14398

Securing the Human Special Webcast - October 30, 2012
http://isc.sans.edu/diary.html?storyid=14392

Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant
http://isc.sans.edu/diary.html?storyid=14395

Mozilla Thunderbird 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027704

Mozilla Seamonkey 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027703

Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027701

SAP NetWeaver XML External Entity Flaw Lets Remote Users Obtain Files
http://www.securitytracker.com/id/1027700

Xen Doman Builder Size Validation Bug Lets Local Guest Administrators Denial of Service
http://www.securitytracker.com/id/1027699

Wordpress GRAND FlAGallery Plugin Multipe Vulnerabilities
http://secunia.com/advisories/51100/

Xen PV Domain Builder Kernel Decompression Denial of Service Vulnerability
http://secunia.com/advisories/51071/

IP.Board Unspecified Vulnerability
http://secunia.com/advisories/51104/

Drupal MailChimp Module Script Insertion Vulnerability
http://secunia.com/advisories/51061/

Exim DKIM DNS Decoding Buffer Overflow Vulnerability
http://secunia.com/advisories/51098/

Joomla! Freestyle Testimonials Component SQL Injection Vulnerability
http://secunia.com/advisories/51101/

Tiki Wiki CMS/Groupware "unserialize()" PHP Code Execution Vulnerability
http://secunia.com/advisories/51067/

RT RTFM Extension Article Creation Security Bypass Vulnerability
http://secunia.com/advisories/51062/

RT Multiple Vulnerabilities
http://secunia.com/advisories/51065/

IBM WebSphere MQ Multiple Java Vulnerabilities
http://secunia.com/advisories/51080/

IBM InfoSphere Streams Eclipse Help System Vulnerabilities
http://secunia.com/advisories/51073/

SAP NetWeaver XML External Entity Vulnerability
http://secunia.com/advisories/51063/

Ubuntu update for webkit
http://secunia.com/advisories/51070/

WordPress FireStorm Professional Real Estate Plugin "id" SQL Injection Vulnerability
http://secunia.com/advisories/51107/

Seotoaster 1.9 SQL Injection
http://cxsecurity.com/issue/WLB-2011120013

IrfanView TIFF Image Processing Buffer Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2012100241

IrfanView FlashPix PlugIn Double-Free Vulnerability
http://cxsecurity.com/issue/WLB-2012100240

VLC Player 2.0.3 ReadAV Arbitrary Code Execution
http://cxsecurity.com/issue/WLB-2012100083

Google SketchUp 8 Stack Based Buffer Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2012100239

Realplayer Watchfolders long Filepath Overflow
http://cxsecurity.com/issue/WLB-2012100238

NASA Tri-Agency Climate Education (TrACE) 1.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012100237

NASA Tri-Agency Climate Education (TrACE) 1.0 XSS
http://cxsecurity.com/issue/WLB-2012100236

WordPress Easy Webinar Blind SQL Injection
http://cxsecurity.com/issue/WLB-2012100235

Aladdin Knowledge System Ltd. Active-X Buffer Overflow
http://cxsecurity.com/issue/WLB-2012100234

Inventory 1.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012100233

Inventory 1.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100232

Layton Helpbox 4.4.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012100231

Layton Helpbox 4.4.0 Authorization Bypass
http://cxsecurity.com/issue/WLB-2012100230

Layton Helpbox 4.4.0 Password Disclosure
http://cxsecurity.com/issue/WLB-2012100229

Layton Helpbox 4.4.0 Stored Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100228

Layton Helpbox 4.4.0 login Bypass
http://cxsecurity.com/issue/WLB-2012100227

Layton Helpbox 4.4.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100226

Layton Helpbox 4.4.0 Unencrypted Login
http://cxsecurity.com/issue/WLB-2012100225

Gramophone 0.01b1 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100224

VideoPortalNeu SQL Injection
http://cxsecurity.com/issue/WLB-2011120016

FlirtPortal SQL Injection
http://cxsecurity.com/issue/WLB-2011120008

Social2 SQL Injection
http://cxsecurity.com/issue/WLB-2011120017

Microsoft Office Picture Manager 2010 memory corruption
http://cxsecurity.com/issue/WLB-2012100223

Microsoft Internet Explorer scrollIntoView Use-After-Free
http://cxsecurity.com/issue/WLB-2012100222

Oracle Java Font Processing maxPointCount Heap Overflow
http://cxsecurity.com/issue/WLB-2012100221

Contao 2.11.6 Path Disclosure
http://cxsecurity.com/issue/WLB-2012100220

Oracle Java Font Processing Glyph Element Memory Corruption
http://cxsecurity.com/issue/WLB-2012100219

Bitweaver 2.8.1 Cross Site Scripting & Local File Inclusion
http://cxsecurity.com/issue/WLB-2012100218

Apple QuickTime Player 7.7.2 Crash
http://cxsecurity.com/issue/WLB-2012100217

TIBCO Formvine vulnerability
http://cxsecurity.com/issue/WLB-2012100216

VaM Shop 1.69 Cross Site Scripting & SQL Injection
http://cxsecurity.com/issue/WLB-2012100215

ClanSphere 2011.3 Local File Inclusion & Remote Code Execution
http://cxsecurity.com/issue/WLB-2012100214

WordPress GRAND Flash Album Gallery SQL Injection & Disclosure & File Overwrite
http://cxsecurity.com/issue/WLB-2012100213

Drupal MailChimp 7.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100212

Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061

RT and RT RTFM Extension Security Bypass Vulnerability
http://www.securityfocus.com/bid/56291

Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075

Oracle Java SE CVE-2012-5083 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56025

Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080

Oracle Java SE CVE-2012-1532 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56051

Oracle Java SE CVE-2012-5069 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56065

Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56076

Oracle Java SE CVE-2012-5070 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56079

Request Tracker (RT) Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56290

Oracle Java SE CVE-2012-5085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56067

Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082

Oracle Java SE CVE-2012-5086 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56039

Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081

Oracle Java SE CVE-2012-5077 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56058

Oracle Java SE CVE-2012-1533 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56046

Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083

Oracle Java Virtual Machine (JVM) CVE-2012-4416 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55501

Oracle Java SE CVE-2012-5067 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56070

Oracle Java SE CVE-2012-1531 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56033

Oracle Java SE CVE-2012-3159 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56072

RETIRED: Apple iPhone/iPad/iPod touch Prior to iOS 6 Multiple Vulnerabilities
http://www.securityfocus.com/bid/55612

Oracle Java SE CVE-2012-1719 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53950

Oracle Java SE CVE-2012-1716 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53947

Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951

Oracle Java SE CVE-2012-1723 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53960

Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53946

Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952

Oracle Java SE CVE-2012-1725 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53954

Oracle Java SE CVE-2012-1720 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53956

IBM Eclipse Help System Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53884

CoDeSys Unspecified Directory Traversal Vulnerability
http://www.securityfocus.com/bid/56300

HelpBox Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56298

SafeNet Privilege 'PrivAgent.ocx' ActiveX Controls Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/56297

Inventory Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/56293

Xen PV Domain Builder Kernel Decompression Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/56289

Perl CVE-2012-5195 Heap-Based Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56287

Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56285

Joomla! Freestyle Testimonials Component Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/56284

Tiki Wiki CMS Groupware 'unserialize()' PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/56282

Inout Article Base 'ViewController.class.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/56266

:: IT Security Neophyte Investigator's MEMO ::

2012年10月29日月曜日

29日月曜日、大安

0 件のコメント:

コメントを投稿

2012年10月29日月曜日

29日 月曜日、大安

0 件のコメント:

コメントを投稿

29日月曜日、大安