2012年10月30日火曜日
30日 火曜日、赤口
+ RHSA-2012:1413 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2012-1413.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196
+ CESA-2012:1407 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/521899/
+ CESA-2012:1407 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/521902/
+ Thunderbird 16.0.2 released
http://www.mozilla.org/en-US/thunderbird/16.0.2/releasenotes/
+ Samba 3.6.9 Available for Download
http://www.samba.org/samba/history/samba-3.6.9.html
+ Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
http://www.securityfocus.com/bid/56304
Check Point response to 'Check Point Firewalls vulnerable to simple SYN flooding'
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk86721&src=securityAlerts
Advisory: SafeGuard Configuration Protection - a tool to avoid potential issues after upgrading clients running Sophos Anti-Virus has now been released
http://www.sophos.com/en-us/support/knowledgebase/118461.aspx
米ヤフー、IE10の「Do Not Track」初期設定を無視する方針を表明
http://itpro.nikkeibp.co.jp/article/NEWS/20121029/433292/?ST=security
米サウスカロライナ州、数百万人分の個人情報が流出
http://itpro.nikkeibp.co.jp/article/NEWS/20121029/433289/?ST=security
JVNDB-2012-005156 VideoLAN VLC media player の libpng_plugin におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005156.html
JVNDB-2012-005155 Wing FTP Server におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005155.html
JVNDB-2012-005154 Citrix Cloud.com CloudStack および Apache CloudStack pre-release における任意の API を呼び出される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005154.html
JVNDB-2012-005153 mnoGoSearch における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005153.html
JVNDB-2012-005152 Social Network Community の user.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005152.html
JVNDB-2012-005151 IrfanView 用 FlashPix PlugIn におけるメモリ二重解放の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005151.html
JVNDB-2012-005150 Seotoaster における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005150.html
JVNDB-2012-005149 appRain CMF の Forum モジュールにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005149.html
JVNDB-2012-005148 appRain CMF の Search モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005148.html
JVNDB-2012-005147 WordPress 用 Sentinel プラグインにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005147.html
JVNDB-2012-005146 WordPress 用 Sentinel プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005146.html
JVNDB-2012-005145 WordPress 用 Sentinel プラグインにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005145.html
JVNDB-2012-005144 PHP Flirt-Projekt の rub2_w.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005144.html
JVNDB-2012-005143 PHP-SCMS の templates/default/Admin/Login.html におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005143.html
JVNDB-2012-005142 mPDF の examples/show_code.php におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005142.html
JVNDB-2012-005141 DotA OpenStats における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005141.html
JVNDB-2012-005140 WordPress 用 SCORM Cloud For WordPress プラグインにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005140.html
JVNDB-2012-005139 Video Community Portal の index.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005139.html
JVNDB-2012-005138 BrowserCRM におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005138.html
JVNDB-2012-005137 BrowserCRM における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005137.html
JVNDB-2012-005136 Cisco WebEx Recording Format Player におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005136.html
JVNDB-2012-005135 Cisco WebEx Recording Format Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005135.html
JVNDB-2012-005134 Cisco WebEx Recording Format Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005134.html
JVNDB-2012-005133 Cisco WebEx Recording Format Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005133.html
JVNDB-2012-005132 Cisco WebEx Recording Format Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005132.html
JVNDB-2012-005131 Cisco WebEx Recording Format Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005131.html
Call for Papers: DIMVA 2013
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00140.html
PIAF H.M.S - SQL Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00139.html
[slackware-security] mozilla-firefox (SSA:2012-300-01)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00135.html
KmPlayer v3.0.0.1440 Local Crash PoC
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00138.html
[SECURITY] [DSA 2568-1] rtfm security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00134.html
[SECURITY] [DSA 2567-1] request-tracker3.8 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00133.html
Exploit - EasyITSP by Lemens Telephone Systems 2.0.2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00137.html
EMC Avamar Client for VMware Sensitive Information Disclosure Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00136.html
Cyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard
http://isc.sans.edu/diary.html?storyid=14404
EMC Avamar Client for VMware Discloses Server Password to Local Users
http://www.securitytracker.com/id/1027705
Internet Explorer 8 XSS filter bypass
http://cxsecurity.com/issue/WLB-2012100253
Multiple Browsers Cross-Site Scripting via redirectors 301 and 303
http://cxsecurity.com/issue/WLB-2012100010
Opera 12.02 Local files disclosure (0day)
http://cxsecurity.com/issue/WLB-2012100252
Opera 12.02 (UXSS) Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012100086
Opera 12.10b Cross Site Scripting 0day PoC (CSRF) *youtube
http://cxsecurity.com/issue/WLB-2012100119
SilverStripe CMS 2.4.7 <= Persistent Cross Site Scripting Vulnerability
http://cxsecurity.com/issue/WLB-2012100251
SilverStripe CMS 2.4.7 <= Arbitrary URL Redirection
http://cxsecurity.com/issue/WLB-2012100250
Microsoft Paint 5.1 Memory Corruption
http://cxsecurity.com/issue/WLB-2012100249
Microsoft Windows Help Program Memory Corruption
http://cxsecurity.com/issue/WLB-2012100248
hMailServer 5.3.3 Remote Denial Of Service
http://cxsecurity.com/issue/WLB-2012100247
Arora 0.10.0 Windows Qt 4.5.3 DLL Hijack
http://cxsecurity.com/issue/WLB-2012100246
Aladdin Knowledge System Ltd. Active-X Buffer Overflow
http://cxsecurity.com/issue/WLB-2012100234
Aladdin Knowledge System Ltd Buffer Overflow
http://cxsecurity.com/issue/WLB-2012100245
ManageEngine Security Manager Plus 5.5 build 5505 SQL Injection
http://cxsecurity.com/issue/WLB-2012100244
HP Operations Agent Opcode coda.exe 0x8c Buffer Overflow
http://cxsecurity.com/issue/WLB-2012100243
HP Operations Agent Opcode coda.exe 0x34 Buffer Overflow
http://cxsecurity.com/issue/WLB-2012100242
Debian update for request-tracker3.8
http://secunia.com/advisories/51112/
Ubuntu update for exim4
http://secunia.com/advisories/51153/
Debian update for rtfm
http://secunia.com/advisories/51111/
Debian update for exim4
http://secunia.com/advisories/51115/
SUSE update for exim
http://secunia.com/advisories/51155/
Oracle Business Intelligence Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51151/
Ubuntu update for openjdk-6
http://secunia.com/advisories/51154/
Ubuntu update for firefox
http://secunia.com/advisories/51147/
Red Hat update for firefox
http://secunia.com/advisories/51146/
SAP NetWeaver Process Integration XML External Entity Vulnerability
http://secunia.com/advisories/51152/
Mozilla Firefox / Thunderbird / SeaMonkey "Location" Object Multiple Vulnerabilities
http://secunia.com/advisories/51144/
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3986 Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55922
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3990 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56131
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4186 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56135
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4179 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56129
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-4188 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56123
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-3982 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55924
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-4180 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56126
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4182 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56121
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3991 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55930
PLIB 'ssgParser.cxx' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55839
SafeNet Privilege 'PrivAgent.ocx' ActiveX Controls Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/56297
Linux Kernel Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/46616
Linux Kernel 'i915_gem_execbuffer.c' Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/53971
PostgreSQL 'xml_parse()' Function Arbitrary File Access Vulnerability
http://www.securityfocus.com/bid/55074
PostgreSQL 'xslt_process()' Function Arbitrary File Creation or Overwrite Vulnerability
http://www.securityfocus.com/bid/55072
Browser CRM Multiple SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/51060
Oracle Business Intelligence Enterprise Edition CVE-2012-1686 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56026
ICCLIB CVE-2012-4405 Out-of-Bounds Memory Write Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55494
VLC Media Player 'get_chunk_header()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51147
libfpx 'Free_All_Memory()' Function Double Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51131
IrfanView TIFF Image File Remote Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51132
ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55522
Linux Kernel SFC Driver CVE-2012-3412 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54763
GNU glibc Multiple Local Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54982
ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54658
libexif Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/54437
Todd Miller Sudo Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/54868
Video Community Portal 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/51108
Social Network Community 'userID' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/51107
PHP-SCMS 'lang' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51062
Enterasys Network Management Suite 'nssyslogd.exe' Component Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51124
Seotoaster Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/51077
mnoGoSearch Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/51113
WebSVN 'path' Parameter Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/51109
WordPress SCORM Cloud Plugin 'ajax.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/49484
DotA OpenStats 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/51110
Cacti Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/51048
Hitachi JP1/ServerConductor/DeploymentManager Directory Traversal Vulnerability
http://www.securityfocus.com/bid/51079
Sentinel Plugin for WordPress Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/51089
Flirt-Projekt 'rub' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/51106
appRain CMF Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/51105
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4194 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56301
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4195 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56302
HP Operations Agent Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54362
ManageEngine Security Manager Plus Advanced Search SQL Injection Vulnerability
http://www.securityfocus.com/bid/56138
Bcfg2 'Trigger' Plugin Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/54217
Drupal Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56103
Linux Kernel 'uname()' System Call Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55855
phpMyAdmin CVE-2012-5339 Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55925
phpMyAdmin CVE-2012-5368 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55939
Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
http://www.securityfocus.com/bid/47736
Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56285
Endpoint Protector Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56323
TP-LINK TL-WR841N Router Local File Include Vulnerability
http://www.securityfocus.com/bid/56320
EMC Avamar Client for VMware Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56317
cgit 'syntax-highlighting.sh' Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/56315
libunity-webapps Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56314
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4196 Cross-Origin Security Bypass Vulnerability
http://www.securityfocus.com/bid/56306
Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
http://www.securityfocus.com/bid/56304
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿