2012年11月30日金曜日
30日 金曜日、友引
+ RHSA-2012:1512 Important: libxml2 security update
http://rhn.redhat.com/errata/RHSA-2012-1512.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
+ About the security content of Apple TV 5.1.1
http://support.apple.com/kb/HT5598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3748
+ Google Chrome 23.0.1271.95 released
http://googlechromereleases.blogspot.jp/2012/11/stable-channel-update_29.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5137
+ Dovecot 2.1.11 released
http://www.dovecot.org/list/dovecot-news/2012-November/000235.html
Navicat Data Modeler for PostgreSQL now supports Mac OS X and Linux
http://www.postgresql.org/about/news/1428/
「パスワードの使い回しを防ぎたい」――Chromeのセキュリティ担当
「セキュリティが開発原則の一つ」、グーグルが説明会を実施
http://itpro.nikkeibp.co.jp/article/NEWS/20121129/441006/?ST=security
プロティビティ、クレジットカード番号トークン化の導入支援コンサルを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20121129/440934/?ST=security
JVNDB-2012-004983 Oracle Java SE の Java Runtime Environment における JMX の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004983.html
JVNDB-2012-004980 Oracle Java SE の Java Runtime Environment における Beans の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004980.html
JVNDB-2012-004979 Oracle Java SE の Java Runtime Environment における Networking の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004979.html
JVNDB-2012-004978 Oracle Java SE の Java Runtime Environment における Swing の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004978.html
JVNDB-2012-004977 Oracle Java SE の Java Runtime Environment における 2D の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004977.html
JVNDB-2012-005580 Google CityHash におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005580.html
JVNDB-2012-005579 Oracle Java SE および OpenJDK におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005579.html
JVNDB-2012-005540 (JVNVU#281284) Samsung 製プリンタに SNMP コミュニティ文字列がハードコードされている問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005540.html
JVNDB-2012-004865 tinyproxy におけるサービス運用妨害 (CPU およびメモリ消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004865.html
JVNDB-2012-005577 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005577.html
JVNDB-2012-005576 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005576.html
JVNDB-2012-005575 Google Chrome で使用される libxml2 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005575.html
JVNDB-2012-005574 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005574.html
JVNDB-2012-005573 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005573.html
JVNDB-2012-005572 Mac OS X 上で稼働する Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005572.html
JVNDB-2012-005571 Google Chrome で使用される Skia におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005571.html
JVNDB-2012-005570 EMC Smarts Network Configuration Manager における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005570.html
JVNDB-2012-005569 EMC Smarts Network Configuration Manager のデフォルト設定における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005569.html
JVNDB-2012-005568 EMC RSA Adaptive Authentication On-Premise におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005568.html
JVNDB-2012-005567 MikroTik RouterOS におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005567.html
JVNDB-2012-005566 Open Solution Quick.Cart における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005566.html
JVNDB-2012-005565 Guitar Pro におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005565.html
JVNDB-2012-005564 X7 Chat におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005564.html
JVNDB-2012-005563 PHP Enter の admin/banners.php における horad.php への任意の PHP コード を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005563.html
JVNDB-2012-005562 Ramui Forum の gb/user/index.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005562.html
JVNDB-2012-005561 Joomla! 用 Jstore コンポーネントにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005561.html
JVNDB-2012-005560 Collabtive の admin.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005560.html
JVNDB-2012-005559 Collabtive におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005559.html
JVNDB-2012-005558 OpenText ECM におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005558.html
JVNDB-2012-005557 OpenText ECM におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005557.html
JVNDB-2012-005556 IBrowser TinyMCE プラグインの CMScout 内の ibrowser.php におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005556.html
JVNDB-2012-005555 Joomla! 用 CBE コンポーネントにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005555.html
JVNDB-2012-005554 M-Player におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005554.html
JVNDB-2012-005553 PHP-Fusion の downloads.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005553.html
JVNDB-2012-005552 GPSMapEdit におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005552.html
JVNDB-2012-005551 GreenBrowser におけるメモリ二重解放の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005551.html
JVNDB-2012-005550 File King Advanced File Managemen におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005550.html
JVNDB-2012-005549 YABSoft Advanced Image Hosting Script における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005549.html
JVNDB-2012-005548 razorCMS の admin/core/admin_func.php におけるファイルを閲覧される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005548.html
JVNDB-2012-005541 JBoss Enterprise Portal Platform の JBossWS における平文データを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005541.html
JVNDB-2012-005539 OpenVAS Manager の manage_sql.c における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005539.html
JVNDB-2012-005538 ar web content manager におけるサービス運用妨害 (ディスク消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005538.html
JVNDB-2012-005537 ar web content manager の cookie_gen.php における任意のクッキーを生成される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005537.html
JVNDB-2012-005535 lighttpd の request.c におけるサービス運用妨害 (無限ループ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005535.html
JVNDB-2012-005534 Ruby の file.c におけるファイルを作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005534.html
JVNDB-2012-005533 Mahara におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005533.html
JVNDB-2012-005532 Mahara の group/members.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005532.html
JVNDB-2012-005531 Mahara におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005531.html
JVNDB-2012-005530 Mahara における任意のユーザを削除されるおよび CSRF 保護を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005530.html
JVNDB-2012-005529 Mahara における任意のプログラムを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005529.html
JVNDB-2012-005528 Mahara におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005528.html
JVNDB-2012-005526 Firefox 用 Unity integration 拡張機能におけるサービス運用妨害 (Firefox クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005526.html
JVNDB-2012-005525 Remote Login Service におけるログイン認証を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005525.html
JVNDB-2012-005524 Xen の HVMOP_pagetable_dying ハイパーコールにおけるサービス運用妨害 (ハイパーバイザークラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005524.html
JVNDB-2012-005515 Nicola Asuni TCExam の admin/code/tce_select_users_popup.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005515.html
JVNDB-2012-005514 Nicola Asuni TCExam における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005514.html
JVNDB-2012-005505 Perl 用 CGI.pm モジュールにおける改行を挿入される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005505.html
Safend Data Protector Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00107.html
[ MDVSA-2012:175 ] libssh
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00102.html
Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00106.html
ideo Lead Form Plugin Cross-Site Scripting Vulnerabilities which affects Wordpress URL
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00105.html
Oracle Exadata leaf switch logins
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00104.html
ISC Feature of the Week: SSH Scan Reports
http://isc.sans.edu/diary.html?storyid=14593
Webmin 'real name' Field Cross Site Scripting Vulnerability
http://www.securiteam.com/securitynews/6F03L2A61A.html
Wireshark Multiple Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1027822
Samsung Printers Hardcoded Password Lets Remote Users Gain Administrative Access
http://www.securitytracker.com/id/1027819
IBM Rational Developer for System z Discloses SSL Certificate Password to Local Users
http://www.securitytracker.com/id/1027818
Linux Hyper-V KPD Local Netlink Message Spofing and Denial of Service
http://www.securitytracker.com/id/1027816
Mikrotik Router Denial Of Service
http://cxsecurity.com/issue/WLB-2012050016
MODx CSRF, AoF, DoS and IAA vulnerabilities
http://cxsecurity.com/issue/WLB-2012110224
Safend Data Protector 3.4.5586.9772 Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012110223
Network Shutdown Module <= 3.21 (sort_values) Remote PHP Code Injection
http://cxsecurity.com/issue/WLB-2012110222
Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities
http://cxsecurity.com/issue/WLB-2012110221
Apple QuickTime 7.7.2 MIME Type Buffer Overflow
http://cxsecurity.com/issue/WLB-2012110220
Gleamtech FileVista/FileUltimate 4.6 Directory Traversal
http://cxsecurity.com/issue/WLB-2012110219
Mixpanel Cross site scripting (XSS)
http://cxsecurity.com/issue/WLB-2012110218
Services Information Disclosure
http://cxsecurity.com/issue/WLB-2012110216
Zero Point Cross Site Scripting (XSS)
http://cxsecurity.com/issue/WLB-2012110217
MultiLink Access Bypass
http://cxsecurity.com/issue/WLB-2012110215
Email Field Cross Site Scripting and Access bypass
http://cxsecurity.com/issue/WLB-2012110214
JRuby MurmurHash Web Form Object Hash Collision Denial of Service Vulnerability
http://secunia.com/advisories/51396/
Drupal Services Module Users Emails Information Disclosure Weakness
http://secunia.com/advisories/51383/
Drupal Zero Point Theme Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51330/
SUSE update for MozillaThunderbird
http://secunia.com/advisories/51433/
SUSE update for xulrunner
http://secunia.com/advisories/51434/
SUSE update for MozillaFirefox
http://secunia.com/advisories/51439/
SUSE update for seamonkey
http://secunia.com/advisories/51440/
Samsung / Dell Printers Hard-Coded SNMP Community String Security Issue
http://secunia.com/advisories/51435/
Drupal Mixpanel Module Token Script Insertion Vulnerability
http://secunia.com/advisories/51402/
Ubuntu update for keystone
http://secunia.com/advisories/51436/
Wireshark Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/51422/
SUSE update for java-1_6_0-ibm
http://secunia.com/advisories/51438/
REMOTE: Network Shutdown Module <= 3.21 (sort_values) Remote PHP Code Injection
http://www.exploit-db.com/exploits/23006
LOCAL: Windows AlwaysInstallElevated MSI
http://www.exploit-db.com/exploits/23007
DoS/PoC: UMPlayer Portable 0.95 Crash PoC
http://www.exploit-db.com/exploits/23003
Google Chrome Prior to 23.0.1271.91 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56684
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4204 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56613
Mozilla Firefox CVE-2012-4210 Style Inspector Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56646
Apple iPhone/iPad/iPod touch Prior to iOS 6.0.1 CVE-2012-3749 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56361
WebKit CVE-2012-3748 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56362
JRuby CVE-2012-5370 'MurmurHash2' Algorithm Hash Collision Denial of Service Vulnerability
http://www.securityfocus.com/bid/56669
Oracle Java SE CVE-2012-3159 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56072
libssh Multiple Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56604
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5838 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56644
Mozilla Firefox CVE-2012-5837 Developer Toolbar Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56645
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5833 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56642
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5830 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56641
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4218 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56640
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4213 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56638
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5829 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56636
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5839 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56637
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4217 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56639
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5840 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56635
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4215 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56633
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4216 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56634
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4212 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56630
Mozilla Firefox, SeaMonkey, and Thunderbird HZ-GB-2312 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56632
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4209 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56629
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-5841 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56631
Mozilla Firefox CVE-2012-4206 Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/56625
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5836 Denial of Service Vulnerability
http://www.securityfocus.com/bid/56616
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4214 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56628
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5842 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/56611
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4202 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56614
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4205 Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56621
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-4201 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56618
Mozilla Firefox CVE-2012-4203 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56623
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5835 Integer Overflow Vulnerability
http://www.securityfocus.com/bid/56643
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5843 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/56612
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4208 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56627
Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/56692
eGroupWare 'menuaction' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52925
Xen 'TMEM hypercall' Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55410
Oracle Java SE CVE-2012-5084 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56063
Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083
Oracle Java SE CVE-2012-5089 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56059
Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082
Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080
Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081
Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56076
Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075
Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061
Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071
Oracle Java SE CVE-2012-1533 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56046
Oracle Java SE CVE-2012-1531 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56033
Oracle Java SE CVE-2012-1532 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56051
Oracle Java SE CVE-2012-3143 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56055
Oracle Java SE CVE-2012-5083 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56025
RESTEasy JaxB XML Entity References Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51766
Collabtive Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/44050
Joomla Community Builder Enhenced Local File Include and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/43873
CMScout IBrowser TinyMCE Plugin Local File Include Vulnerability
http://www.securityfocus.com/bid/43260
RETIRED:Moodle Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56582
Eaton Network Shutdown Module Arbitrary PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/54161
Apple QuickTime CVE-2012-3753 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56550
OpenSSL DTLS CVE-2012-2333 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53476
phpCAS 'cURL' API Security Bypass Vulnerability
http://www.securityfocus.com/bid/56680
OpenDNSSEC 'cURL' API Security Bypass Vulnerability
http://www.securityfocus.com/bid/56679
Multiple Symantec Products CAB Files Handling Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56399
Google Chrome Prior to 23.0.1271.95 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56741
Safend Data Protector Agent Multiple Local Security Vulnerabilities
http://www.securityfocus.com/bid/56740
WordPress Video Lead Form Plugin 'errMsg' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56737
FCKEditor 'FileUpload()' Function Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/56735
SBLIM 'cmpi-base' Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/56731
2012年11月29日木曜日
29日 木曜日、先勝
+ Wireshark 1.8.4 released
http://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html
InterScan Messaging Security製品用クロスサイトリクエストフォージェリ(CSRF)の脆弱性対応Critical Patchリリースのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1849
「偽画面型」詐欺マルウエアが猛威
http://itpro.nikkeibp.co.jp/article/COLUMN/20121116/437987/?ST=security
Google Docsを悪用するマルウエア「Backdoor.Makadocs」
http://itpro.nikkeibp.co.jp/article/COLUMN/20121127/440067/?ST=security
[SECURITY] [DSA 2578-1] rssh security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00098.html
McAfee releases extraDAT for W32/Autorun.worm.aaeb-h
http://isc.sans.edu/diary.html?storyid=14584
Debian update for rssh
http://secunia.com/advisories/51307/
SUSE update for kdelibs4
http://secunia.com/advisories/51375/
rssh Commands Filter Security Bypass Vulnerability
http://secunia.com/advisories/51343/
IBM Tivoli Management Framework OpenSSL Denial of Service Vulnerability
http://secunia.com/advisories/51312/
SUSE update for weechat
http://secunia.com/advisories/51377/
IBM Rational Developer for System z SSL Certificate Password Disclosure Security Issue
http://secunia.com/advisories/51401/
OpenStack Keystone EC2 Credentials Validation Security Issue
http://secunia.com/advisories/51423/
SBLIM "cmpi-base" UnixProcessProvider Shell Command Injection Vulnerability
http://secunia.com/advisories/51093/
MediaWiki Security Bypass Vulnerabilities
http://secunia.com/advisories/51424/
OpenVZ update for kernel
http://secunia.com/advisories/51420/
REMOTE: Apple QuickTime 7.7.2 MIME Type Buffer Overflow
http://www.exploit-db.com/exploits/22973
Samsung Dell printers firmware backdoor administrator account (VU#281284)
http://cxsecurity.com/issue/WLB-2012110212
Guitar Pro 6.1.1 r10791 (.gpx) Denial of Service Exploit
http://cxsecurity.com/issue/WLB-2012050056
X7 Chat 2.0.5.1 Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012050073
M-Player 0.4 Local Denial of Service Vulnerability
http://cxsecurity.com/issue/WLB-2012010061
Joomla Component com_jstore LFI Vulnerability
http://cxsecurity.com/issue/WLB-2010100065
Joomla Community Builder Enhenced (CBE) Component LFI/RCE
http://cxsecurity.com/issue/WLB-2012110213
OpenText LiveLink 9.7.1 cross site request forgeryd cross site scripting
http://cxsecurity.com/issue/WLB-2010090115
Collabtive Multiple XSS Vulnerabilities
http://cxsecurity.com/issue/WLB-2012110194
Apple WGT Dictionnaire 1.3 Script Code Injection
http://cxsecurity.com/issue/WLB-2012110211
Gleamtech FileVista & FileUltimate 4.6 Directory Traversal
http://cxsecurity.com/issue/WLB-2012110210
WordPress Newstimes Package SQL Injection
http://cxsecurity.com/issue/WLB-2012110209
WordPress myflash Local File Inclusion
http://cxsecurity.com/issue/WLB-2012110208
WordPress starmark Theme Local File Inclusion
http://cxsecurity.com/issue/WLB-2012110207
Wordpress asm theme SQL injection
http://cxsecurity.com/issue/WLB-2012110206
WordPress yaren Tema SQL Injection
http://cxsecurity.com/issue/WLB-2012110205
Spotify Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110204
Linux Kernel 'madvise_remove()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/55151
Linux Kernel UDF Filesystem Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54279
Linux Kernel ASLR Security Bypass Weakness
http://www.securityfocus.com/bid/52687
Linux Kernel Hugepages CVE-2012-2133 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53233
libotr2 Package Multiple Heap Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54907
rssh CVE-2012-3478 Security Bypass Vulnerability
http://www.securityfocus.com/bid/53430
Tor Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/56675
LibTIFF 'DOTRANGE' Tags Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56715
MediaWiki Multiple Security Bypass and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56714
rssh Command Line Filtering Multiple Remote Arbitrary Command Execution Vulnerabilities
http://www.securityfocus.com/bid/56708
2012年11月28日水曜日
28日 水曜日、赤口
+ nginx 1.3.9 develpment version released
http://nginx.org/en/download.html
+ UPDATE: Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-mp
+ rssh v2.3.4 released
http://www.pizzashack.org/rssh/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2252
Advisory: Shh/Updater-B False positives
http://www.sophos.com/en-us/support/knowledgebase/118311.aspx
Advisory: Tavis Ormandy finds vulnerabilities in Sophos Anti-Virus products
http://www.sophos.com/en-us/support/knowledgebase/118424.aspx
Advisory: SafeGuard Configuration Protection - a tool to avoid potential issues after upgrading clients running Sophos Anti-Virus has now been released
http://www.sophos.com/en-us/support/knowledgebase/118461.aspx
[SE-2011-01] Additional materials released for SAT TV research
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00097.html
NTTソフト、「標的型攻撃メールの即時検知」が可能なセキュリティソフト
http://itpro.nikkeibp.co.jp/article/NEWS/20121127/440241/?ST=security
委託社員の逮捕についてNTTデータが経緯を説明
http://itpro.nikkeibp.co.jp/article/NEWS/20121127/440222/?ST=security
「家宅捜索の事実はない」、ゼロが2ちゃんねる遠隔操作ウイルス関連報道を否定
http://itpro.nikkeibp.co.jp/article/NEWS/20121127/440033/?ST=security
NECが「サイバーセキュリティ・ファクトリー」設置、サイバー攻撃対策を支援
http://itpro.nikkeibp.co.jp/article/NEWS/20121127/440021/?ST=security
UPDATE: JVNVU#405811 Apache HTTPD サーバにサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU405811/index.html
UPDATE: JVNVU#864819 Apple Safari における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU864819/
JVNVU#281284 Samsung 製プリンタに SNMP コミュニティ文字列がハードコードされている問題
http://jvn.jp/cert/JVNVU281284/
Can users' phish emails be a security admin's catch of the day?
http://isc.sans.edu/diary.html?storyid=14578
Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027815
OpenBSD libc RPC Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027814
EMC Smarts Network Configuration Manager Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027812
phpCAS SSL Certificate Verification Security Issue
http://secunia.com/advisories/51368/
Greenstone Information Disclosure and Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51398/
Piwik Compromised Source Package Backdoor Security Issue
http://secunia.com/advisories/51304/
ClassifiedScript PHP "eval()" Code Execution Vulnerability
http://secunia.com/advisories/51395/
WordPress WooCommerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51385/
WordPress WP e-Commerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51384/
Beat Websites "id" SQL Injection Vulnerability
http://secunia.com/advisories/51406/
Smartphone Pentest Framework frameworkgui Multiple Vulnerabilities
http://secunia.com/advisories/51415/
Smartphone Pentest Framework frameworkgui Multiple Vulnerabilities
http://secunia.com/advisories/51414/
Ubuntu update for libssh
http://secunia.com/advisories/51407/
RSA Adaptive Authentication Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51394/
EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability
http://secunia.com/advisories/51408/
Symfony Arbitrary File Disclosure Vulnerability
http://secunia.com/advisories/51372/
Joomla! sh404SEF Component Unspecified Vulnerability
http://secunia.com/advisories/51376/
SUSE update for xen
http://secunia.com/advisories/51413/
Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/51437/
Piwik 1.9.2 backdoor remote code execution
http://cxsecurity.com/issue/WLB-2012110196
BugTracker.Net 3.5.8 XSS & SQL Injection & File Disclosure
http://cxsecurity.com/issue/WLB-2012110203
WordPress wp-imagezoon SQL Injection
http://cxsecurity.com/issue/WLB-2012110202
WordPress cstardesign SQL Injection
http://cxsecurity.com/issue/WLB-2012110201
WordPress oberliga SQL Injection
http://cxsecurity.com/issue/WLB-2012110200
WordPress st_newsletter SQL Injection
http://cxsecurity.com/issue/WLB-2012110199
WordPress weddingsatwork SQL Injection
http://cxsecurity.com/issue/WLB-2012110198
WordPress Shai-Saul SQL Injection
http://cxsecurity.com/issue/WLB-2012110197
Forescout NAC 6.3.4.1 Multiple Vulns
http://cxsecurity.com/issue/WLB-2012110195
MurmurHash Algorithm Collision Denial Of Service
http://cxsecurity.com/issue/WLB-2012110193
Collabtive Multiple XSS Vulnerabilities
http://cxsecurity.com/issue/WLB-2012110194
GPSMapEdit 1.1.73.2 Denial Of Service
http://cxsecurity.com/issue/WLB-2012010070
YABSoft Advanced Image Hosting Script SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012010093
razorCMS 1.2 Path Traversal Vulnerability
http://cxsecurity.com/issue/WLB-2012010077
CMScout 2.0 TinyMCE plugin IBrowser local file inclusion vulnerability
http://cxsecurity.com/issue/WLB-2010090078
OpenText LiveLink 9.7.1 cross site request forgeryd cross site scripting
http://cxsecurity.com/issue/WLB-2010090115
Advanced Digital Broadcast Digital Satellite TV Platform Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/51251
Bugzilla Multiple Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56504
YUI 'SWF' File Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56385
Debian 'android-tools' Package Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/56653
Symfony CVE-2012-5574 Arbitrary File Access Vulnerability
http://www.securityfocus.com/bid/56685
Moodle Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56505
libssh Multiple Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56604
GNU libiberty '_objalloc_alloc()' Function CVE-2012-3509 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/55281
WeeChat 'hook_process()' Function Remote Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/56584
Linux Kernel KVM CVE-2012-4461 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56414
MantisBT SOAP API Security Bypass Vulnerability
http://www.securityfocus.com/bid/53907
MantisBT Prior To 1.2.12 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56520
MantisBT 'delete_attachments_threshold()' Function Security Bypass Vulnerability
http://www.securityfocus.com/bid/53921
MantisBT Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/52313
WordPress WooCommerce Predictive Search Plugin 'rs' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56703
WordPress WP e-Commerce Predictive Search Plugin 'rs' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56702
Spotify Playlists HTML Injection Vulnerability
http://www.securityfocus.com/bid/56701
PHP-Nuke 'sid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/56700
RSA Adaptive Authentication (On Premise) Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56699
WordPress CStar Design 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/56694
WebSite X5 Evolution 9 Cross Site Scripting and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/56693
Joomla! sh404SEF Component Unspecified Security Vulnerability
http://www.securityfocus.com/bid/56690
2012年11月27日火曜日
27日 火曜日、大安
+ Google Chrome 23.0.1271.91 released
http://googlechromereleases.blogspot.jp/2012/11/stable-channel-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5136
+ WebSphere Portal 7.0.0.x および 8.0 のテーマコンポーネントにおける脆弱性の問題
http://www-01.ibm.com/support/docview.wss?uid=swg21617949
+ Linux kernel 3.6.8, 3.4.20, 3.0.53 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.8
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.20
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.53
+ SA51299 OpenBSD Portmap Denial of Service Vulnerability
http://secunia.com/advisories/51299/
Advisory: Tavis Ormandy finds vulnerabilities in Sophos Anti-Virus products
http://www.sophos.com/en-us/support/knowledgebase/118424.aspx
[DC-2012-11-002] DefenseCode ThunderScan ASP.Net C# Advisory: BugTracker.Net Multiple Security Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00095.html
ESA-2012-054: RSA R Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00094.html
Forescout NAC (Network Access Control) multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00096.html
ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00093.html
[oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00091.html
VUPEN Security Research - Mozilla Firefox "DocumentViewerImpl" Class Remote Use-After-Fr
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00092.html
パロアルト、仮想VM向けに管理IPをRESTで変えられるファイアウォール新OS
http://itpro.nikkeibp.co.jp/article/NEWS/20121126/439702/?ST=security
JVNVU#160027 複数の Broadcom 製無線チップセットにサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU160027/index.html
JVNDB-2012-005201 日立の JP1/File Transmission Server/FTP における複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005201.html
JVNDB-2012-005324 Joomla! におけるクリックジャッキング攻撃の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005324.html
JVNDB-2012-005193 Exim の dkim.c におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005193.html
JVNDB-2012-004866 ISC BIND におけるサービス運用妨害 (named デーモンハング) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004866.html
JVNDB-2012-003714 Ipswitch WhatsUp Gold におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003714.html
JVNDB-2012-003268 ViewVC の SVN のリビジョン表示における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003268.html
JVNDB-2012-003267 ViewVC のリモート SVN ビュー機能におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003267.html
JVNDB-2012-003901 PyFriBidi の fribidi_utf8_to_unicode 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003901.html
JVNDB-2012-001169 IrfanView PlugIns の JPEG2000 プラグインにおけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001169.html
JVNDB-2012-003091 DokuWiki の inc/template.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003091.html
JVNDB-2012-005502 複数の Sinapsi 製品の管理 Web ページにおける管理者のアクセス権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005502.html
JVNDB-2012-005501 複数の Sinapsi 製品の ping.php における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005501.html
JVNDB-2012-005500 複数の Sinapsi 製品の login.php における管理者のアクセス権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005500.html
JVNDB-2012-005499 複数の Sinapsi 製品における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005499.html
JVNDB-2012-005498 IBM WebSphere DataPower XC10 アプライアンスにおける管理ロールの要件を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005498.html
JVNDB-2012-005497 IBM WebSphere DataPower XC10 アプライアンスにおけるサービス運用妨害 (プロセス終了) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005497.html
JVNDB-2012-005496 IBM WebSphere DataPower XC10 アプライアンスにおけるコンテナサーバを偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005496.html
JVNDB-2012-005493 Xen におけるサービス運用妨害 (無限ループ および ハングアップまたはクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005493.html
JVNDB-2012-005492 Xen におけるサービス運用妨害 (メモリ消費および表明違反) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005492.html
JVNDB-2012-005491 Xen におけるサービス運用妨害 (Xen クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005491.html
JVNDB-2012-005490 Xen におけるサービス運用妨害 (Xen の無限ループおよび物理 CPU の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005490.html
JVNDB-2012-005489 mcrypt におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005489.html
JVNDB-2012-005488 mcrypt におけるフォーマットストリングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005488.html
JVNDB-2012-005487 mcrypt の extra.c におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005487.html
Online Shopping for the Holidays? Tips, News and a Fair Warning
http://isc.sans.edu/diary.html?storyid=14569
RSA Adaptive Authentication (On-Premise) Input Validation Flaws Permit Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027811
VU#281284 Samsung Printer firmware contains a backdoor administrator account
http://www.kb.cert.org/vuls/id/281284
OpenBSD Portmap Denial of Service Vulnerability
http://secunia.com/advisories/51299/
WibuKey Runtime for Windows ActiveX Control Buffer Overflow Vulnerability
http://secunia.com/advisories/49987/
jBilling Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/51341/
ManageEngine ServiceDesk Plus Two Script Insertion Vulnerabilities
http://secunia.com/advisories/51290/
Synology Photo Station "list" Arbitrary File Disclosure Vulnerability
http://secunia.com/advisories/51354/
Tor Denial of Service Vulnerability
http://secunia.com/advisories/51329/
OpenBSD 5.2 libc/ RPC (portmap) remote DoS
http://cxsecurity.com/issue/WLB-2012110187
mcrypt <= 2.5.8 STACK based overflow
http://cxsecurity.com/issue/WLB-2012110192
BlazeVideo HDTV Player 6.6 Professional (Direct Retn) Buffer overflow
http://cxsecurity.com/issue/WLB-2012110191
Aviosoft Digital TV Player Professional 1.x (Direct Retn) Buffer Overflow
http://cxsecurity.com/issue/WLB-2012110190
buyclassifiedscript PHP code injection vulnerability
http://cxsecurity.com/issue/WLB-2012110189
SmartCMS <= SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012110188
Websense Proxy Filter Bypass
http://cxsecurity.com/issue/WLB-2012110186
jBilling 3.0.2 Cross Site Scripting Vulnerability
http://cxsecurity.com/issue/WLB-2012110185
PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability
http://cxsecurity.com/issue/WLB-2012110184
Landshop 0.9.2 Cross Site Scripting & SQL Injection
http://cxsecurity.com/issue/WLB-2012040004
Quest InTrust 10.4.x Remote File Creation / Overwrite
http://cxsecurity.com/issue/WLB-2012110120
KnFTPd 1.0.0 Denial Of Service
http://cxsecurity.com/issue/WLB-2012030249
LOCAL: mcrypt <= 2.5.8 Stack Based Overflow
http://www.exploit-db.com/exploits/22928
LOCAL: BlazeVideo HDTV Player 6.6 Professional (Direct Retn)
http://www.exploit-db.com/exploits/22931
LOCAL: Aviosoft Digital TV Player Professional 1.x (Direct Retn)
http://www.exploit-db.com/exploits/22932
DoS/PoC: Websense Proxy Filter Bypass
http://www.exploit-db.com/exploits/22935
DoS/PoC: mcrypt <= 2.6.8 stack-based buffer overflow poc
http://www.exploit-db.com/exploits/22938
OpenSSL DTLS CVE-2012-2333 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53476
Xen CVE-2012-3515 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55413
Google Chrome Prior to 23.0.1271.91 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56684
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4205 Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56621
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-4201 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56618
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4202 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56614
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5836 Denial of Service Vulnerability
http://www.securityfocus.com/bid/56616
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5843 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/56612
Mozilla Firefox CVE-2012-4206 Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/56625
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4204 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56613
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4209 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56629
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5842 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/56611
Mozilla Firefox CVE-2012-4203 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56623
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/51281
OpenSSL Internal Certificate Verification Routine Security Bypass Vulnerability
http://www.securityfocus.com/bid/49469
OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428
OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764
OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158
libssh Multiple Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56604
SWFUpload 'movieName' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54245
Mcrypt Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55425
Xen 'PHYSDEVOP_map_pirq' Index CVE-2012-3498 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55414
Xen 64-bit PV Guests Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53961
Xen QEMU VNC Server Arbitrary Information Disclosure Vulnerability
http://www.securityfocus.com/bid/22967
Xen PV Domain Builder Kernel Decompression Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/56289
Xen 'physdev_get_free_pirq' CVE-2012-3495 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55406
Xen 'set_debugreg' CVE-2012-3494 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55400
Xen 'TMEM hypercall' CVE-2012-3497 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55410
Xen PyGrub Kernel Decompression Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53650
Xen Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56498
Xen 'XENMEM_populate_physmap' CVE-2012-3496 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55412
Xen CVE-2012-4411 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/55442
BlazeVideo BlazeDVD Professional '.PLF' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35918
Aviosoft DTV Player '.plf' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50582
ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55852
ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55522
Ruby CVE-2012-5371 Hash Collision Denial of Service Vulnerability
http://www.securityfocus.com/bid/56484
Drupal ShareThis Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55870
Apple QuickTime CVE-2012-3752 Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/56557
Symphony CVE-2012-5574 Arbitrary File Access Vulnerability
http://www.securityfocus.com/bid/56685
EMC Smarts Network Configuration Manager (NCM) Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/56682
WordPress Ads Box Plugin 'count' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/56681
WibuKey Runtime ActiveX Control Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56678
PRADO 'sr' Parameter Multiple Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/56677
BuyClassifiedScript 'search()' Function PHP Code Injection Vulnerability
http://www.securityfocus.com/bid/56676
Synology Photo Station 'list' Parameter Arbitrary File Disclosure Vulnerability
http://www.securityfocus.com/bid/56674
SmartCMS 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/56672
2012年11月26日月曜日
26日 月曜日、仏滅
+ CESA-2012:1482 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/526436/
+ CESA-2012:1482 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/526439/
+ CESA-2012:1483 Critical CentOS 5 thunderbird Update
http://lwn.net/Alerts/526440/
+ CESA-2012:1483 Critical CentOS 6 thunderbird Update
http://lwn.net/Alerts/526441/
+ PDFCreator 1.6.0 released
http://www.pdfforge.org/
+ Tomcat 7.0.33 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
+ FreeBSD-SA-12:08.linux Linux compatibility layer input validation error
http://www.freebsd.org/security/advisories/FreeBSD-SA-12:08.linux.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4576
+ FreeBSD-SA-12:07.hostapd Insufficient message length validation for EAP-TLS messages
http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4445
+ FreeBSD-SA-12:06.bind Multiple Denial of Service vulnerabilities with named(8)
http://www.freebsd.org/security/advisories/FreeBSD-SA-12:06.bind.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166
+ PHP 5.4.9 and PHP 5.3.19 released!
http://www.php.net/archive/2012.php#id2012-11-22-1
http://www.php.net/ChangeLog-5.php
Advisory: Delay in new kernel support for Linux endpoints
http://www.sophos.com/en-us/support/knowledgebase/118578.aspx
Advisory: Shh/Updater-B False positives
http://www.sophos.com/en-us/support/knowledgebase/118311.aspx
「暗証番号や合い言葉を同時に要求」、みずほ銀行をかたるフィッシング
http://itpro.nikkeibp.co.jp/article/NEWS/20121126/439521/?ST=security
情報窃盗マルウエア「PASSTEAL」、HTTPSでも油断禁物
http://itpro.nikkeibp.co.jp/article/COLUMN/20121121/438941/?ST=security
[SECURITY] [DSA 2576-1] trousers security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00090.html
FreeBSD Security Advisory FreeBSD-SA-12:08.linux
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00087.html
FreeBSD Security Advisory FreeBSD-SA-12:07.hostapd
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00086.html
FreeBSD Security Advisory FreeBSD-SA-12:06.bind
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00085.html
[ MDVSA-2012:174 ] libtiff
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00084.html
[slackware-security] mozilla-thunderbird (SSA:2012-326-03)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00083.html
[slackware-security] mozilla-firefox (SSA:2012-326-02)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00081.html
[slackware-security] seamonkey (SSA:2012-326-01)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00082.html
JVNDB-2012-005486 JP1/Automatic Job Management System 3 および JP1/Automatic Job Management System 2 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005486.html
JVNDB-2012-005485 Hitachi Device Manager Software 製品におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005485.html
JVNDB-2012-005484 Moodle における全てのケイパビリティデータを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005484.html
JVNDB-2012-005483 Moodle における他の参加者のエントリの閲覧制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005483.html
JVNDB-2012-005482 Moodle の Portfolio プラグインにおけるファイルをアップロードされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005482.html
JVNDB-2012-005481 Moodle における異なるグループユーザの活動エントリを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005481.html
JVNDB-2012-005480 Moodle の lib/formslib.php におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005480.html
JVNDB-2012-005479 Moodle の Dropbox Repository File Picker における異なるユーザの Dropbox にアクセスされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005479.html
JVNDB-2012-005478 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005478.html
JVNDB-2012-005477 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005477.html
JVNDB-2012-005476 複数の Mozilla 製品におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005476.html
JVNDB-2012-005475 複数の Mozilla 製品の nsTextEditorState::PrepareEditor 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005475.html
JVNDB-2012-005474 複数の Mozilla 製品におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005474.html
JVNDB-2012-005473 複数の Mozilla 製品の WebGL サブシステムにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005473.html
JVNDB-2012-005472 Mozilla Firefox の Web 開発ツールバーにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005472.html
JVNDB-2012-005471 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005471.html
JVNDB-2012-005470 複数の Mozilla 製品の WebGL サブシステムにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005470.html
JVNDB-2012-005469 複数の Mozilla 製品の WebGL サブシステムにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005469.html
JVNDB-2012-005468 Mac OS X 上で稼働する複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005468.html
JVNDB-2012-005467 複数の Mozilla 製品の nsWindow::OnExposeEvent 関数におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005467.html
JVNDB-2012-005466 複数の Mozilla 製品の BuildTextRunsScanner::BreakSink::SetBreaks 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005466.html
JVNDB-2012-005465 複数の Mozilla 製品の nsViewManager::ProcessPendingUpdates 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005465.html
JVNDB-2012-005464 複数の Mozilla 製品の gfxFont::GetFontEntry 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005464.html
JVNDB-2012-005463 複数の Mozilla 製品の nsPlaintextEditor::FireClipboardEvent 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005463.html
JVNDB-2012-005462 複数の Mozilla 製品の nsTextEditorState::PrepareEditor 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005462.html
JVNDB-2012-005461 複数の Mozilla 製品の nsEditor::FindNextLeafNode 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005461.html
JVNDB-2012-005460 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005460.html
JVNDB-2012-005459 Mozilla Firefox および Firefox ESR における任意の JavaScript を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005459.html
JVNDB-2012-005458 複数の Mozilla 製品におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005458.html
JVNDB-2012-005457 複数の Mozilla 製品の XrayWrapper の実装におけるクローム専用の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005457.html
JVNDB-2012-005456 複数の Mozilla 製品におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005456.html
JVNDB-2012-005455 Mozilla Firefox のインストーラにおける権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005455.html
JVNDB-2012-005454 複数の Mozilla 製品におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005454.html
JVNDB-2012-005453 複数の Mozilla 製品の JavaScript エンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005453.html
JVNDB-2012-005452 Mozilla Firefox の新しいタブページにおける任意のプログラムを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005452.html
JVNDB-2012-005451 複数の Mozilla 製品の image::RasterImage::DrawFrameTo 関数におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005451.html
JVNDB-2012-005450 複数の Mozilla 製品の evalInSandbox の実装におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005450.html
Risk Assessment Reloaded (thanks PCI ! )
http://isc.sans.edu/diary.html?storyid=14560
What's in Your Change Control Form?
http://isc.sans.edu/diary.html?storyid=14563
Greek National Arrested on Suspicion of Theft of 9M Records on Fellow Greeks
http://isc.sans.edu/diary.html?storyid=14557
FreeBSD Input Validation Flaw in Linux Compatibility Layer Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027809
FreeBSD hostapd Validation Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027808
lighttpd Connection Header Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027802
Autonomy KeyView IDOL File Parsing Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027798
IBM WebSphere DataPower XC10 Appliance Bugs Let Remote Authenticated Users Gain Elevated Privileges and Remote Users Deny Service
http://www.securitytracker.com/id/1027798
Linux Kernel Dlink dl2k IOCTL Permissions Let Local Users Deny Service
http://www.securitytracker.com/id/1027796
ownCloud Cross-Site Scripting and File Upload Vulnerabilities
http://secunia.com/advisories/51357/
SUSE update for lighttpd
http://secunia.com/advisories/51298/
Debian update for trousers
http://secunia.com/advisories/51295/
BugTracker.NET "msg" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51292/
XiVO Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/51361/
Red Hat update for java-1.4.2-ibm
http://secunia.com/advisories/51393/
Jenkins Three Vulnerabilities
http://secunia.com/advisories/51392/
Radiant CMS upload_manager Plugin swfupload Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51391/
SUSE update for icedtea-web
http://secunia.com/advisories/51374/
Liferay Portal swfupload Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51387/
IBM Tivoli Endpoint Manager Remote Control Broker Denial of Service Vulnerability
http://secunia.com/advisories/51386/
Call of Duty Modern Warfare 3 Denial of Service Vulnerability
http://secunia.com/advisories/51280/
TinyMCE Archiv Plugin swfupload Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51389/
Ubuntu update for thunderbird
http://secunia.com/advisories/51370/
Ubuntu update for firefox
http://secunia.com/advisories/51369/
Feng Office Cross-Site Scripting and Security Bypass Vulnerabilities
http://secunia.com/advisories/51356/
SUSE update for java-1_7_0-ibm
http://secunia.com/advisories/51390/
Avaya CMS Oracle Solaris SCTP Denial of Service Vulnerability
http://secunia.com/advisories/51388/
dotProject Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities
http://secunia.com/advisories/51380/
dotProject "date" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51332/
Ubuntu update for tomcat6
http://secunia.com/advisories/51371/
Incomedia WebSite X5 Evolution <= 9.0.4.1748 XSS & Auth bypass
http://cxsecurity.com/issue/WLB-2012110183
Apple QuickTime 7.7.2 TeXML font-table Field Stack Buffer Overflow
http://cxsecurity.com/issue/WLB-2012110182
TYPO3 CMS, TinyMCE, Liferay Portal, Drupal swfupload XSS
http://cxsecurity.com/issue/WLB-2012110181
Wordpress dailyedition-mouss Theme SQL injection
http://cxsecurity.com/issue/WLB-2012110180
ES CmS 0.1 Sql Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012110179
vBulletin 5.0.0 Beta 19 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110178
Cisco WAG120N Command Execution
http://cxsecurity.com/issue/WLB-2012110177
Designlab SQL Injection
http://cxsecurity.com/issue/WLB-2012110176
Gianni Messina CMS 2.0 2010 SQL Injection
http://cxsecurity.com/issue/WLB-2012110175
Twitter 5.0 Eavesdropping Proof Of Concept
http://cxsecurity.com/issue/WLB-2012110174
WordPress Zarzadzanie Kontem Shell Upload
http://cxsecurity.com/issue/WLB-2012110173
WordPress Simple Slider 1.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110172
WordPress Plg Novana SQL Injection
http://cxsecurity.com/issue/WLB-2012110171
WordPress Zingiri Web Shop 2.5.0 Shell Upload
http://cxsecurity.com/issue/WLB-2012110170
Beat Websites Blind SQL Injection
http://cxsecurity.com/issue/WLB-2012110169
TrouSerS Denial Of Service Vulnerability
http://cxsecurity.com/issue/WLB-2012110168
Ezylog Photovoltaic Management SQL Injection and Command Injection
http://cxsecurity.com/issue/WLB-2012090124
GIMP 2.8.2 XWD files memory corruption
http://cxsecurity.com/issue/WLB-2012110167
Wordpress malmonation theme SQL Injection
http://cxsecurity.com/issue/WLB-2012110166
FORMEDIA id parameter SQL Injection
http://cxsecurity.com/issue/WLB-2012110165
Egroupware 1.8.002 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012040057
Greenstone Digital Library Software Multiple Vulns
http://cxsecurity.com/issue/WLB-2012110164
Wordpress magazine-basic-plugin/ Theme SQL Injection
http://cxsecurity.com/issue/WLB-2012110163
Wordpress plg_novana plugin Sql Injection
http://cxsecurity.com/issue/WLB-2012110162
lighttpd 1.4.31 DOS POC
http://cxsecurity.com/issue/WLB-2012110161
swfupload_f8.swf Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110160
Wordpress hd-webplayer Theme SQL Injection
http://cxsecurity.com/issue/WLB-2012110158
Wordpress webplayer-plugin Theme SQL Injection
http://cxsecurity.com/issue/WLB-2012110159
Wordpress fs-real-estate-plugin Theme SQL Injection
http://cxsecurity.com/issue/WLB-2012110157
PicoPublisher 2.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012030252
SnackAmp 3.1.3 Denial Of Service
http://cxsecurity.com/issue/WLB-2012040023
ManageEngine ServiceDesk 8.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110156
NetIQ Privileged User Manager 2.3.1 ldapagnt_eval() Remote Perl Code Execution
http://cxsecurity.com/issue/WLB-2012110155
dotProject 2.1.6 Cross Site Scripting & SQL Injection
http://cxsecurity.com/issue/WLB-2012110154
Feng Office 2.0 Beta 3 XSS & Privilege Escalation
http://cxsecurity.com/issue/WLB-2012110153
PHP Server Monitor Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110152
REMOTE: Apple QuickTime 7.7.2 TeXML Style Element font-table Field Stack Buffer Overflow
http://www.exploit-db.com/exploits/22905
REMOTE: NetIQ Privileged User Manager 2.3.1 ldapagnt_eval() Remote Perl Code Execution
http://www.exploit-db.com/exploits/22903
DoS/PoC: TrouSerS Denial Of Service Vulnerability
http://www.exploit-db.com/exploits/22904
DoS/PoC: lighttpd 1.4.31 Denial of Service PoC
http://www.exploit-db.com/exploits/22902
Multiple Horde Products Multiple Unspecified HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56541
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5838 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56644
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5833 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56642
OpenSSL DTLS CVE-2012-2333 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53476
OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158
libsocialweb CVE-2012-4511 Non-SSL Connection Man in The Middle Vulnerability
http://www.securityfocus.com/bid/56167
cgit 'syntax-highlighting.sh' Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/56315
AWStats 'awredir.pl' Unspecified Security Vulnerability
http://www.securityfocus.com/bid/56280
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5830 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56641
GNU libiberty '_objalloc_alloc()' Function CVE-2012-3509 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/55281
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5835 Integer Overflow Vulnerability
http://www.securityfocus.com/bid/56643
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4217 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56639
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4218 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56640
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5839 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56637
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4213 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56638
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5829 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56636
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4202 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56614
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4204 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56613
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4216 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56634
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5840 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56635
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4215 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56633
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5843 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/56612
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5842 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/56611
Mozilla Firefox, SeaMonkey, and Thunderbird HZ-GB-2312 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56632
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4214 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56628
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4205 Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56621
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4209 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56629
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-5841 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56631
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4212 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56630
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5836 Denial of Service Vulnerability
http://www.securityfocus.com/bid/56616
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-4201 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56618
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4208 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56627
Ruby CVE-2012-5371 Hash Collision Denial of Service Vulnerability
http://www.securityfocus.com/bid/56484
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/51281
OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428
OpenSSL Internal Certificate Verification Routine Security Bypass Vulnerability
http://www.securityfocus.com/bid/49469
OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764
hostapd CVE-2012-4445 Message Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/55826
MantisBT Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/52313
MantisBT 'delete_attachments_threshold()' Function Security Bypass Vulnerability
http://www.securityfocus.com/bid/53921
MantisBT Prior To 1.2.12 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56520
Xen Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56498
Perl CGI.pm 'Set-Cookie' and 'P3P' Headers HTTP Header Injection Vulnerability
http://www.securityfocus.com/bid/56562
ViewVC CVE-2012-4533 HTML Injection Vulnerability
http://www.securityfocus.com/bid/56161
ModSecurity POST Parameters Security Bypass Vulnerability
http://www.securityfocus.com/bid/56096
SWFUpload 'movieName' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54245
Drupal Chaos Tool Suite Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56538
Drupal User Read-Only Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/56548
Drupal RESTful Web Services Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56536
Multiple Drupal Modules HTML Injection Vulnerability
http://www.securityfocus.com/bid/56540
Drupal Webform CiviCRM Integration Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/56444
Drupal Password Policy Module Password Hash Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56350
Drupal OM Maximenu Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/56441
Drupal MailChimp Module Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56234
Drupal Search API Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56099
Drupal Mandrill Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55868
Drupal Twitter Pull Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55768
Drupal Feeds Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/55869
Drupal Commerce Extra Panes Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/55776
Drupal Hostip Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55772
Drupal Organic Groups SA-CONTRIB-2012-148 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55702
Drupal FileField Sources Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/55615
Drupal Simplenews Scheduler Module Arbitrary PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/55616
Drupal Time Spent Module Multiple Unspecified Input Validation Vulnerabilities
http://www.securityfocus.com/bid/56233
Mozilla Firefox CVE-2012-4210 Style Inspector Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56646
Mozilla Firefox CVE-2012-4206 Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/56625
Mozilla Firefox CVE-2012-4203 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56623
Mozilla Firefox CVE-2012-5837 Developer Toolbar Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56645
Linux Kernel KVM CVE-2012-4461 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56414
TrouSerS CVE-2012-0698 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/55459
lighttpd 'http_request_split_value()' Function Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/56619
Greenstone Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56662
ownCloud Multiple Cross Site Scripting and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/56658
Performance Co-Pilot CVE-2012-5530 Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/56656
Debian 'android-tools' Package Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/56653
Jenkins Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56651
Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080
Drupal Printer, email and PDF versions Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52896
Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082
Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071
Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075
Oracle Java SE CVE-2012-5084 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56063
Oracle Java SE CVE-2012-5083 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56025
Oracle Java SE CVE-2012-1531 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56033
IBM Java Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55495
RETIRED: Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2012-91 through -106 Multiple Vulnerabilities
http://www.securityfocus.com/bid/56607
LibTIFF TIFF Image Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55673
LibTIFF 'TIFFScanlineSize()' Function Heap-based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56372
OpenStack Glance CVE-2012-4573 Arbitrary File Deletion Vulnerability
http://www.securityfocus.com/bid/56437
Oracle Java SE CVE-2012-5077 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56058
Oracle Java SE CVE-2012-5087 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56043
Oracle Java SE CVE-2012-5086 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56039
Oracle Java SE CVE-2012-5069 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56065
Oracle Java SE CVE-2012-5088 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56057
Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061
Oracle Java SE CVE-2012-3143 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56055
Oracle Java SE CVE-2012-5089 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56059
Oracle Java SE CVE-2012-5070 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56079
Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081
Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083
Oracle Java SE CVE-2012-5074 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56056
Oracle Java SE CVE-2012-5076 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56054
Oracle Java SE CVE-2012-1532 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56051
Oracle Java SE CVE-2012-5067 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56070
Oracle Java SE CVE-2012-1533 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56046
Oracle Java SE CVE-2012-3159 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56072
Oracle Solaris CVE-2012-3165 Local Security Vulnerability
http://www.securityfocus.com/bid/56016
Autonomy Keyview IDOL Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/56610
Debian 'libotr2' Package Multiple Heap Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54907
Oracle Solaris CVE-2012-1692 Local Vulnerability
http://www.securityfocus.com/bid/53125
NetIQ Privileged User Manager 'ldapagnt_eval()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56539
WordPress FireStorm Professional Real Estate Plugin 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/56278
WordPress Magazine Basic Theme 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/56664
WordPress Zarzadzonie Kontem Plugin 'ajaxfilemanager.php' Script Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/56663
WordPress Plg Novana Plugin 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/56661
WordPress Webplayer Plugin 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/56660
WordPress Zingiri Web Shop Plugin 'path' Parameter Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/56659
FreeBSD Linux Compatibility Layer Local Privilege Escalation Vulnerabiity
http://www.securityfocus.com/bid/56654
Ubuntu 'unity-firefox-extension' Package Denial of Service Vulnerability
http://www.securityfocus.com/bid/56650
Cisco WAG120N Multiple Remote Command Execution Vulnerabilities
http://www.securityfocus.com/bid/56648
GIMP XWD File Handling Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56647
2012年11月22日木曜日
22日 木曜日、赤口
+ IBM JRE の脆弱性による IBM Lotus Notes/Domino への影響について
http://www-01.ibm.com/support/docview.wss?uid=swg21617459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4823
[ MDVSA-2012:173 ] firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00080.html
Multiple vulnerabilities in dotProject
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00079.html
ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00078.html
世界のセキュリティ・ラボから
情報窃盗マルウエア「PASSTEAL」、HTTPSでも油断禁物
http://itpro.nikkeibp.co.jp/article/COLUMN/20121121/438941/?ST=security
ネットエージェントが遠隔操作ウイルス発見サービスを開始、パケットを全収集して調査
http://itpro.nikkeibp.co.jp/article/NEWS/20121121/439101/?ST=security
デジタルアーツ、「添付ファイルを送信後に消せる」フィルタリングソフトを発売
http://itpro.nikkeibp.co.jp/article/NEWS/20121121/439083/?ST=security
NECフィールディング、MSP型のウイルス対策サービスを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20121121/438985/?ST=security
カスペルスキー、「盗難時の遠隔撮影」に対応したAndroid向けセキュリティアプリ新版
http://itpro.nikkeibp.co.jp/article/NEWS/20121121/438976/?ST=security
チェックしておきたい脆弱性情報<2012.11.20>
http://itpro.nikkeibp.co.jp/article/COLUMN/20121113/436944/?ST=security
JVNTA12-318A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA12-318A/index.html
JVN#60931933 BIGACE におけるセッション固定の脆弱性
http://jvn.jp/jp/JVN60931933/index.html
JVNVU#849841 Autonomy Keyview IDOL ライブラリに複数の脆弱性
http://jvn.jp/cert/JVNVU849841/index.html
JVNDB-2012-003937 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003937.html
JVNDB-2012-005079 (JVNVU#408099) Windows 上で稼働する CA ARCserve Backup におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005079.html
JVNDB-2012-005078 (JVNVU#936363) Windows 上で稼働する CA ARCserve Backup のサーバにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005078.html
JVNDB-2012-005449 VMware ESXi および ESX の vSphere API におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005449.html
JVNDB-2012-005448 Adobe ColdFusion におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005448.html
JVNDB-2012-005447 Google Web Toolkit におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005447.html
JVNDB-2012-005445 CUPS における root として任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005445.html
JVNDB-2012-005444 Google Web Toolkit におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005444.html
JVNDB-2012-005443 radsecproxy におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005443.html
JVNDB-2012-005442 radsecproxy におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005442.html
JVNDB-2012-005441 cups-pk-helper における重要なファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005441.html
JVNDB-2012-005440 複数の Belkin Wireless Router 製品におけるネットワークにアクセスされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005440.html
JVNDB-2012-005439 Fedora で使用される DokuWiki における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005439.html
JVNDB-2012-000104 (JVN#60931933) BIGACE におけるセッション固定の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000104.html
JVNDB-2012-005437 Havalite におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005437.html
JVNDB-2012-005436 razorCMS における管理者ディレクトリおよびファイルへアクセスされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005436.html
JVNDB-2012-005435 WeeChat におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005435.html
JVNDB-2012-005434 Piwik におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005434.html
JVNDB-2012-005432 LibreOffice および OpenOffice.org におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005432.html
JVNDB-2012-005430 ViewVC の lib/viewvc.py 内の diff 関数におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005430.html
JVNDB-2012-005429 PLIB の ssg/ssgParser.cxx におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005429.html
JVNDB-2012-005428 Django における任意の URL が表示される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005428.html
JVNDB-2012-005427 GEGL の operations/external/ppm-load.c における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005427.html
JVNDB-2012-005426 Red Hat Storage Server 2.0 で使用される GlusterFS における任意のファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005426.html
JVNDB-2012-005425 (JVNVU#427547) Agile FleetCommander および FleetCommander Kiosk における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005425.html
JVNDB-2012-005424 (JVNVU#427547) Agile FleetCommander および FleetCommander Kiosk における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005424.html
JVNDB-2012-005423 (JVNVU#427547) Agile FleetCommander および FleetCommander Kiosk における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005423.html
JVNDB-2012-005422 (JVNVU#427547) Agile FleetCommander および FleetCommander Kiosk における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005422.html
JVNDB-2012-005421 (JVNVU#427547) Agile FleetCommander および FleetCommander Kiosk におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005421.html
JVNDB-2012-005420 (JVNVU#427547) Agile FleetCommander および FleetCommander Kiosk におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005420.html
JVNDB-2012-005419 (JVNVU#427547) Agile FleetCommander および FleetCommander Kiosk における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005419.html
JVNDB-2012-005418 (JVNVU#802596) Pattern Insight の Web インタフェースにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005418.html
JVNDB-2012-005417 (JVNVU#802596) Pattern Insight の Web インタフェースにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005417.html
JVNDB-2012-005416 (JVNVU#802596) Pattern Insight の Web インタフェースにおける Web セッションをハイジャックされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005416.html
JVNDB-2012-005415 (JVNVU#802596) Pattern Insight の Web インタフェースにおけるクリックジャッキング攻撃を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005415.html
JVNDB-2012-005414 (JVNVU#802596) Pattern Insight の Web インタフェースにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005414.html
JVNDB-2012-005413 PostgreSQL 用 PgBouncer pooler におけるサービス運用妨害 (デーモンの停止) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005413.html
JVNDB-2012-005412 SnackAmp におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005412.html
JVNDB-2012-005411 Neocrome Seditio における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005411.html
JVNDB-2012-005410 Neocrome Seditio における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005410.html
JVNDB-2012-005409 Neocrome Seditio の system/functions.php 内の sed_import 関数におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005409.html
JVNDB-2012-005408 WordPress 用 WordPress Integrator モジュールの wp-integrator.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005408.html
JVNDB-2012-005407 PicoPublisher における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005407.html
JVNDB-2012-005406 b2evolution の blogs/blog1.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005406.html
JVNDB-2012-005405 b2evolution の blogs/htsrv/viewfile.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005405.html
JVNDB-2012-005404 MyBB の admin/modules/user/users.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005404.html
JVNDB-2012-005403 MyBB の admin/modules/user/users.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005403.html
JVNDB-2012-005402 TomatoCart の json.php におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005402.html
JVNDB-2012-005401 GreenBrowser におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005401.html
JVNDB-2012-005400 KnFTPd におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005400.html
JVNDB-2012-005398 Simple Machines Forum におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005398.html
JVNDB-2012-005397 DFLabs PTK の ptk/lib/modal_bookmark.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005397.html
JVNDB-2012-005396 DFLabs PTK におけるログなどを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005396.html
JVNDB-2012-005395 SAMEDIA LandShop における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005395.html
JVNDB-2012-005394 SAMEDIA LandShop の admin/action/objects.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005394.html
JVNDB-2012-005393 SAMEDIA LandShop におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005393.html
JVNDB-2012-005392 Quest InTrust の ARDoc ActiveX コントロール における任意のファイルを書込まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005392.html
JVNDB-2012-005391 Quest InTrust の AnnotateX.dll における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005391.html
JVNDB-2012-005389 Havalite CMS の hava_post.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005389.html
JVNDB-2012-005388 Havalite CMS の hava_upload.php における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005388.html
JVNDB-2012-005387 Havalite CMS における構成データベースをダウンロードされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005387.html
JVNDB-2012-005386 DAlbum の photo/pass.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005386.html
JVNDB-2012-005382 WordPress 用 Uk Cookie プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005382.html
JVNDB-2012-005381 (JVNVU#273371) Novell File Reporter の NFRAgent.exe におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005381.html
JVNDB-2012-005380 (JVNVU#273371) Novell File Reporter の NFRAgent.exe におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005380.html
JVNDB-2012-005379 (JVNVU#273371) Novell File Reporter の NFRAgent.exe における絶対パストラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005379.html
JVNDB-2012-005378 (JVNVU#273371) Novell File Reporter の NFRAgent.exe におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005378.html
JVNDB-2012-005377 Apache Tomcat におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005377.html
JVNDB-2012-005376 Apache Tomcat におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005376.html
JVNDB-2012-005375 Apache Tomcat におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005375.html
JVNDB-2012-005374 Apache Tomcat の HTTP NIO コネクタにおけるサービス運用妨害 (メモリ消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005374.html
JVNDB-2012-005326 (JVNVU#611988) Vanilla Forums にアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005326.html
JVNDB-2012-005373 Bugzilla における任意のユーザの保存済み検索に関する重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005373.html
JVNDB-2012-005372 Bugzilla で使用される YUI におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005372.html
JVNDB-2012-005371 YUI の Flash インフラストラクチャコンポーネントにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005371.html
JVNDB-2012-005370 Bugzilla の template/en/default/bug/field-events.js.tmpl における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005370.html
JVNDB-2012-005369 Bugzilla の Bugzilla/WebService/User.pm におけるプライベートグループ名を見つけられる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005369.html
JVNDB-2012-005368 Bugzilla の attachment.cgi における添付された詳細を読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005368.html
JVNDB-2012-005367 Bugzilla におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005367.html
JVNDB-2012-005366 EmpireCMS の e/class/connect.php における任意の PHP コードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005366.html
JVNDB-2012-005365 MantisBT の core/email_api.php における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005365.html
JVNDB-2012-005364 MantisBT におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005364.html
Behind the Random NTP Bizarreness of Incorrect Year Being Set
http://isc.sans.edu/diary.html?storyid=14548
Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027793
Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027792
Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027791
lighttpd HTTP Header Processing Denial of Service Vulnerability
http://secunia.com/advisories/51268/
IBM Security AppScan Source Java Multiple Vulnerabilities
http://secunia.com/advisories/51379/
Oracle Solaris Libxml2 Multiple Vulnerabilities
http://secunia.com/advisories/51373/
Sinapsi eSolar Products Multiple Vulnerabilities
http://secunia.com/advisories/51364/
HP Integrated Lights-Out Information Disclosure Vulnerability
http://secunia.com/advisories/51378/
Red Hat update for firefox
http://secunia.com/advisories/51359/
Red Hat update for thunderbird
http://secunia.com/advisories/51360/
Symantec Products KeyView File Processing Vulnerabilities
http://secunia.com/advisories/51365/
Autonomy KeyView File Processing Vulnerabilities
http://secunia.com/advisories/51362/
IBM WebSphere DataPower XC10 Denial of Service and Security Bypass
http://secunia.com/advisories/51319/
BIGACE Web CMS Session Fixation Vulnerability
http://secunia.com/advisories/51355/
Mozilla Firefox / Thunderbird Multiple Vulnerabilities
http://secunia.com/advisories/51382/
Mozilla SeaMonkey Multiple Vulnerabilities
http://secunia.com/advisories/51381/
Mozilla Firefox / Thunderbird Multiple Vulnerabilities
http://secunia.com/advisories/51358/
Oracle Solaris Wireshark Multiple Vulnerabilities
http://secunia.com/advisories/51363/
Oracle Solaris ISC DHCP IPv6 Lease Expiration Handling Denial of Service Security Issue
http://secunia.com/advisories/51318/
Yii Framework Search SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012110151
Narcissus Image Configuration Passthru Vulnerability
http://cxsecurity.com/issue/WLB-2012110150
wordpress tdo-mini-forms plugin (rfu/rfd) Vulnerabilities
http://cxsecurity.com/issue/WLB-2012110149
Adobe Reader 10.1.4 JP2KLib&CoolType WriteAV Vulnerability
http://cxsecurity.com/issue/WLB-2012110140
MODx 1.0.6 Brute Force & Path Disclosure
http://cxsecurity.com/issue/WLB-2012110148
WordPress FireStorm Real Estate 2.06.08 SQL Injection
http://cxsecurity.com/issue/WLB-2012110147
WordPress Madebymilk SQL Injection
http://cxsecurity.com/issue/WLB-2012110146
TP-LINK TL-WR841N 3.13.9 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110145
Penske Media Corporation Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110144
Webthinkers Cross Site Scripting & SQL Injection
http://cxsecurity.com/issue/WLB-2012110143
Base Solida Cross Site Scripting & SQL Injection
http://cxsecurity.com/issue/WLB-2012110142
Diseno Internet Cross Site Scripting & SQL Injection
http://cxsecurity.com/issue/WLB-2012110141
REMOTE: Narcissus Image Configuration Passthru Vulnerability
http://www.exploit-db.com/exploits/22856
Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
http://www.securityfocus.com/bid/56403
Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
http://www.securityfocus.com/bid/56402
libssh Multiple Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56604
Oracle Java SE CVE-2012-1724 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53958
Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53946
Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951
libunity-webapps Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56314
Narcissus Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/56511
Google Chrome Prior to 16.0.912.75 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51300
libxml2 Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52107
libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51084
Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49279
Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49658
Apple Safari 'libxml' (CVE-2011-0216) Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/48832
libxml2 Invalid XPath Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/48056
ISC DHCP IPv6 Lease Expiration Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/55530
Wireshark Versions Prior to 1.8.2 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55035
Ruby CVE-2012-5371 Hash Collision Denial of Service Vulnerability
http://www.securityfocus.com/bid/56484
libproxy CVE-2012-4504 Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55909
WeeChat Color Decoding Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56482
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2012-91 through -106 Multiple Vulnerabilities
http://www.securityfocus.com/bid/56607
Cumin Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/55618
Linux Kernel dl2k Network Driver IOCTL Handling Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53965
Dotproject Multiple SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56624
PHP Server Monitor HTML Injection Vulnerability
http://www.securityfocus.com/bid/56622
Yii Framework 'Search' Form Field SQL Injection Vulnerability
http://www.securityfocus.com/bid/56620
lighttpd 'http_request_split_value()' Function Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/56619
IBM WebSphere DataPower XC10 Denial of Service and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/56617
BIGACE Web CMS Session Fixation Vulnerability
http://www.securityfocus.com/bid/56615
登録:
投稿 (Atom)