:: IT Security Neophyte Investigator's MEMO ::: 1日木曜日、友引

2012年11月1日木曜日

1日木曜日、友引

+ CESA-2012:1418 Critical CentOS 6 kdelibs Update
http://lwn.net/Alerts/522163/

+ CESA-2012:1416 Critical CentOS 6 kdelibs Update
http://lwn.net/Alerts/522166/

+ Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-mp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5416

+ Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-dcnm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5417

+ Linux kernel 3.6.5, 3.4.17, 3.2.33, 3.0.50 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.5
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.17
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.33
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.50

+ Linux Kernel 'tcp_illinois_info()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4565

Check Point response to PASTEBIN claim that Check Point Firewalls are vulnerable to simple SYN flooding
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk86721&src=securityAlerts

[BUGTRAQ]Security Advisory - TP-LINK TL-WR841N LFI - [UPDATE]
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00146.html

[slackware-security] seamonkey (SSA:2012-304-02)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00145.html

[slackware-security] mozilla-thunderbird (SSA:2012-304-01)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00144.html

[waraxe-2012-SA#095] - Multiple Vulnerabilities in Wordpress FoxyPress Plugin
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00143.html

チェックしておきたい脆弱性情報＜2012.11.01＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20121029/433142/?ST=security

国内DLP市場、2011年の市場規模は29億円、2016年には3倍の90億円に
http://itpro.nikkeibp.co.jp/article/NEWS/20121031/433902/?ST=security

JVNVU#971035 Simple Certificate Enrollment Protocol (SCEP) の実装に問題
http://jvn.jp/cert/JVNVU971035/

JVNVU#408099 CA ARCserve Backup にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU408099/

JVNVU#936363 CA ARCserve Backup において任意のコードが実行可能な脆弱性
http://jvn.jp/cert/JVNVU936363/

JVNVU#207540 TomatoCart の PayPal Express Checkout モジュールに検証不備の脆弱性
http://jvn.jp/cert/JVNVU207540/

JVNDB-2012-005167 TomatoCart の PayPal Express Checkout モジュールに検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005167.html

JVNDB-2012-005166 複数の Cisco 製品におけるサービス運用妨害 (デバイスリロード) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005166.html

JVNDB-2012-005165 複数の Cisco 製品におけるサービス運用妨害 (デバイスリロード) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005165.html

JVNDB-2012-005164 複数の Cisco 製品におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005164.html

JVNDB-2012-005163 Cisco ASA 5500 シリーズおよび Catalyst 6500 シリーズデバイスにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005163.html

JVNDB-2012-005162 Cisco ASA 5500 シリーズおよび Catalyst 6500 シリーズデバイスにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005162.html

JVNDB-2012-005161 Cisco ASA 5500 シリーズおよび Catalyst 6500 シリーズデバイスにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005161.html

JVNDB-2012-000095 Mac OS X の OpenSSH におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000095.html

JVNDB-2012-005160 複数の Mozilla 製品における同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005160.html

JVNDB-2012-005159 複数の Mozilla 製品の nsLocation::CheckURL 関数におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005159.html

JVNDB-2012-005158 複数の Mozilla 製品におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005158.html

JVNDB-2012-003589 MySQLDumper におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003589.html

JVNDB-2012-001379 RealNetworks RealPlayer および RealPlayer SP の RV40 コーデックにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001379.html

JVNDB-2012-001382 複数の RealNetworks 製品の ATRAC コーデックにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001382.html

JVNDB-2012-001377 RealNetworks RealPlayer および RealPlayer SP の RV20 コーデックにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001377.html

JVNDB-2011-003049 RealNetworks RealPlayer の RV20 コーデックにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003049.html

JVNDB-2012-005157 LibTIFF におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005157.html

Cyber Security Awareness Month - Day 31 - Business Continuity and Disaster Recovery
http://isc.sans.edu/diary.html?storyid=14425

Apache Axis2 XML Signature Wrapping Security Vulnerability
http://www.securiteam.com/securitynews/6M03Q0A5PA.html

Cisco Unified MeetingPlace Web Conferencing Bugs Let Remote Users Inject SQL Commands and Deny Service
http://www.securitytracker.com/id/1027713

Cisco Prime Data Center Network Manager JBoss RMI Services Let Remote Users Execute Arbitrary Commands
http://www.securitytracker.com/id/1027712

mod_security Multipart Processing Flaw Lets Remote Users Bypass Security Restrictions
http://www.securitytracker.com/id/1027706

VU#203844 SolarWinds Orion IPAM web interface reflected xss vulnerability
http://www.kb.cert.org/vuls/id/203844

VU#586556 Axigen Mail Server directory traversal vulnerability
http://www.kb.cert.org/vuls/id/586556

NetCat "search_query" and "redirect_url" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51119/

AXIGEN Mail Server "fileName" Arbitrary File Disclosure and Deletion Vulnerabilities
http://secunia.com/advisories/51118/

WordPress FoxyPress Plugin Multiple Vulnerabilities
http://secunia.com/advisories/51109/

SolarWinds IP Address Manager "q" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51120/

World of Phaos Cross-Site Scripting and Script Insertion Vulnerabilities
http://secunia.com/advisories/51124/

Red Hat update for kdelibs
http://secunia.com/advisories/51145/

KDE kdelibs Multiple Vulnerabilities
http://secunia.com/advisories/51097/

Grails Data Binding Security Bypass Vulnerability
http://secunia.com/advisories/51113/

Pale Moon "Location" Object Multiple Vulnerabilities
http://secunia.com/advisories/51125/

Plone Security Bypass and Code Execution Vulnerabilities
http://secunia.com/advisories/51126/

Oracle Solaris Adobe Flash Player Multiple Vulnerabilities
http://secunia.com/advisories/51131/

Visual Chile SQL Injection & Cross-Site Scripting Vulnerabilities
http://cxsecurity.com/issue/WLB-2012110004

CMS Etiko Arbitrary File Upload Vulnerability
http://cxsecurity.com/issue/WLB-2012110003

Opera 12.02 Local files disclosure (0day)
http://cxsecurity.com/issue/WLB-2012100252

UMPlayer 0.98 DLL Hijacking wintab32.dll Exploit
http://cxsecurity.com/issue/WLB-2012110002

bloofoxCMS 0.3.5 XSS Vulnerabilities
http://cxsecurity.com/issue/WLB-2012110001

Endpoint Protector Persistent Cross-Site Scripting
http://cxsecurity.com/issue/WLB-2012100262

Citrix XenServer 6.0.2 Privilege Escalation
http://cxsecurity.com/issue/WLB-2012100261

NetCat CMS v5.0.1 Multiple Web Vulnerabilities
http://cxsecurity.com/issue/WLB-2012100260

Joomla com_quiz sql/xss Vulnerability
http://cxsecurity.com/issue/WLB-2012100259

PG Dating Pro CMS 1.0 Cross Site Scripting & SQL Injection
http://cxsecurity.com/issue/WLB-2012100258

Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082

Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071

Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083

Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080

Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081

Oracle Java SE CVE-2012-5084 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56063

Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075

Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56076

Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061

Oracle Java SE CVE-2012-5086 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56039

Oracle Java SE CVE-2012-5089 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56059

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4195 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56302

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4194 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56301

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4196 Cross-Origin Security Bypass Vulnerability
http://www.securityfocus.com/bid/56306

Siemens SiPass Integrated 'SiPass server' Component Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55835

Oracle Java SE CVE-2012-5069 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56065

Oracle Java SE CVE-2012-5087 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56043

LetoDMS Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55823

radsecproxy Client Certificate Verification Security Bypass Vulnerability
http://www.securityfocus.com/bid/56105

NetCat CMS Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56340

LetoDMS Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/55822

Oracle Java SE CVE-2012-5070 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56079

Oracle Java SE CVE-2012-5085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56067

Oracle Java SE CVE-2012-5077 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56058

Oracle Java SE CVE-2012-5074 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56056

Oracle Java SE CVE-2012-5076 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56054

Oracle Java SE CVE-2012-5088 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56057

cgit 'Author' Field Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55724

Python keyring 'CryptedFileKeyring' component Password Encryption Weakness
http://www.securityfocus.com/bid/55815

TP-LINK TL-WR841N Router Local File Include Vulnerability
http://www.securityfocus.com/bid/56320

Mozilla Firefox/Thunderbird CVE-2012-3974 Local Code Execution Vulnerability
http://www.securityfocus.com/bid/55312

Oracle Java SE CVE-2012-0547 Remote Java Runtime Environment Weakness
http://www.securityfocus.com/bid/55339

KDE Konqueror Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55879

Adobe Flash Player APSB12-07 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/52748

Adobe Flash Player CVE-2012-0725 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52914

Adobe Flash Player CVE-2012-0768 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52297

Adobe Flash Player CVE-2012-0769 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52299

Adobe Flash Player CVE-2012-0724 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52916

Django 'HttpRequest.get_host()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56146

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-3972 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55310

Net-SNMP SNMP GET Request Denial of Service Vulnerability
http://www.securityfocus.com/bid/53255

Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56285

OptiPNG Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55566

bloofoxCMS Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56353

LibreOffice and OpenOffice Multiple NULL Pointer Dereference Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56352

Drupal Password Policy Module Password Hash Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56350

Cisco Unified MeetingPlace Web Conferencing SQL Injection and Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/56349

Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/56348

World of Phaos SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56347

Linux Kernel 'tcp_illinois_info()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56346

Axigen Mail Server 'fileName' Parameter Directory Traversal Vulnerability
http://www.securityfocus.com/bid/56343

SolarWinds Orion IP Address Manager (IPAM) 'search.aspx' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56342

:: IT Security Neophyte Investigator's MEMO ::

2012年11月1日木曜日

1日木曜日、友引

0 件のコメント:

コメントを投稿

2012年11月1日木曜日

1日 木曜日、友引

0 件のコメント:

コメントを投稿

1日木曜日、友引