2012年11月16日金曜日
16日 金曜日、赤口
+ RHSA-2012:1461 Moderate: libproxy security update
http://rhn.redhat.com/errata/RHSA-2012-1461.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4505
+ RHSA-2012:1462 Important: mysql security update
http://rhn.redhat.com/errata/RHSA-2012-1462.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3197
+ CESA-2012:1462 Important CentOS 6 mysql Update
http://lwn.net/Alerts/525241/
+ CESA-2012:1461 Moderate CentOS 6 libproxy Update
http://lwn.net/Alerts/525243/
+ CESA-2012:1445 Low CentOS 5 kernel Update
http://lwn.net/Alerts/524986/
+ PSN-2012-11-769 2012-11 Network Management, Identity and Policy Control Security Advisories Released
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-11-769&viewMode=view
+ PSN-2012-11-768 2012-11 Security Bulletin: Steel-Belted Radius: Multiple OpenSSL Vulnerabilities
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-11-768&viewMode=view
+ PSN-2012-11-767 2012-11 Security Bulletin: NSM Products: Multiple vulnerabilities in Network and Security Manager products
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-11-767&viewMode=view
定期サーバメンテナンスのお知らせ(2012年11月22日)
http://www.trendmicro.co.jp/support/news.asp?id=1861
ウイルスバスター コーポレートエディション 10.5 Patch 4 (ビルド 2251) 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1863
Advisory: Tavis Ormandy finds vulnerabilities in Sophos Anti-Virus products
http://www.sophos.com/en-us/support/knowledgebase/118424.aspx
Shh/Updater-B: Identifying and fixing affected non-Sophos applications
http://www.sophos.com/en-us/support/knowledgebase/118348.aspx
PHP 5.5.0 Alpha1 released
http://www.php.net/archive/2012.php#id2012-11-15-1
[CVE-2012-5858] [CVE-2012-5859] DoS/Authorization Bypass - Kies Air
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00059.html
SEC Consult SA-20121115-0 :: Applicure dotDefender WAF format string vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00058.html
Re: Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00057.html
iDev Rentals v1.0 - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00056.html
Security advisory for Bugzilla 4.4rc1, 4.2.4, 4.0.9 and 3.6.12
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00055.html
Multiple vulnerabilities in BabyGekko
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00054.html
0-day vulnerabilities in Call of Duty MW3 and CryEngine 3
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00052.html
US-CERT Alert TA12-318A - Microsoft Updates for Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/Cert/2012-11/msg00000.html
「ネット銀行狙うウイルス」、裏の仕組みを知れば怖くない
http://itpro.nikkeibp.co.jp/article/COLUMN/20121116/437801/?ST=security
チェックしておきたい脆弱性情報<2012.11.16>
http://itpro.nikkeibp.co.jp/article/COLUMN/20121113/436943/?ST=security
情報漏洩防止Androidアプリ「セキュアカーテン」、キーウェアソリューションズが無償公開
http://itpro.nikkeibp.co.jp/article/NEWS/20121115/437549/?ST=security
Java 7の既知の脆弱性狙った攻撃による国内サイト改ざんが発生、JPCERT/CCが注意喚起
http://itpro.nikkeibp.co.jp/article/NEWS/20121115/437421/?ST=security
Skype、アカウント乗っ取りのおそれがある脆弱性を修正
http://itpro.nikkeibp.co.jp/article/NEWS/20121115/437401/?ST=security
アカウントを乗っ取って「懺悔」をツイートする辞書アプリ(WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20121115/437382/?ST=security
[セキュリティ/SNS/投資]標的型攻撃の対策に遅れ、サーバー統合への投資がいまだ旺盛
http://itpro.nikkeibp.co.jp/article/COLUMN/20121106/435344/?ST=security
情報窃盗に新手法、画像ファイルを盗むマルウエア
http://itpro.nikkeibp.co.jp/article/COLUMN/20121113/436942/?ST=security
JVNVU#558132 Dell OpenManage Server Administrator にクロスサイトスクリプティングの脆弱性
http://jvn.jp/cert/JVNVU558132/
JVNVU#795644 ArcGIS Server に SQL インジェクションの脆弱性
http://jvn.jp/cert/JVNVU795644/
JVNTA12-318A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA12-318A/
JVN#74829345 Android OS を搭載した複数の端末におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN74829345/
JVNDB-2012-000103 Android 版 Monacaデバッガーにおける情報管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000103.html
JVNDB-2012-003939 複数の Mozilla 製品の nsObjectLoadingContent::LoadObject 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003939.html
JVNDB-2012-003938 複数の Mozilla 製品の nsHTMLEditor::CollapseAdjacentTextNodes 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003938.html
JVNDB-2012-003936 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003936.html
JVNDB-2012-004636 Google Chrome で使用される Microsoft Windows のカーネルモードドライバにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004636.html
JVNDB-2012-003853 Open Technology Real Services にクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003853.html
JVNDB-2012-002926 Perl 用 Config::IniFiles モジュールにおける任意のファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002926.html
JVNDB-2012-002718 Linux Kernel の mm/hugetlb.c におけるサービス運用妨害 (メモリ消費またはシステムクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002718.html
JVNDB-2012-003258 Moodle のブログの実装におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003258.html
JVNDB-2012-002714 Linux Kernel の rio_ioctl 関数における Ethernet アダプタへデータを書き込まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002714.html
JVNDB-2012-003384 dhcpcd の socket.c の get_packet メソッドにおけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003384.html
JVNDB-2012-003665 SPIP におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003665.html
JVNDB-2012-003521 Linux Kernel の net/core/sock.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003521.html
JVNDB-2012-002400 OpenSSL における整数アンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002400.html
JVNDB-2012-000103(JVN#56923652) Android 版 Monacaデバッガーにおける情報管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000103.html
JVNDB-2012-004918 複数の製品で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004918.html
JVNDB-2012-005361 (JVNVU#659615) Oberthur のスマートカードに問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005361.html
JVNDB-2012-005360 VMware Workstation および VMware Player におけるホスト OS の権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005360.html
JVNDB-2012-005359 VMware Workstation および VMware Player におけるホスト OS の権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005359.html
JVNDB-2012-005358 複数の VMware 製品で使用される VMware OVF Tool におけるフォーマットストリングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005358.html
JVNDB-2012-005357 IBM WebSphere Application Server におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005357.html
JVNDB-2012-005356 IBM WebSphere Application Server の Liberty Profile におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005356.html
JVNDB-2012-005355 IBM WebSphere Application Server の Liberty Profile における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005355.html
JVNDB-2012-005354 IBM Cognos Business Intelligence におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005354.html
JVNDB-2012-005353 IBM WebSphere Application Server および WebSphere Virtual Enterprise におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005353.html
JVNDB-2012-005352 (JVNTA12-318A) Microsoft .NET Framework のリフレクション実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005352.html
JVNDB-2012-005351 (JVNTA12-318A) Microsoft .NET Framework の Web プロキシ自動発見 (WPAD) 機能における任意の JavaScript コードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005351.html
JVNDB-2012-005350 (JVNTA12-318A) Microsoft Internet Explorer 9 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005350.html
JVNDB-2012-005349 (JVNTA12-318A) 複数の Microsoft Windows 製品のカーネルモードドライバにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005349.html
JVNDB-2012-005348 (JVNTA12-318A) Microsoft Excel におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005348.html
JVNDB-2012-005347 (JVNTA12-318A) Microsoft FTP Service for IIS における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005347.html
JVNDB-2012-005346 (JVNTA12-318A) Microsoft Internet Information Services における認証情報を発見される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005346.html
JVNDB-2012-005345 (JVNTA12-318A) 複数の Microsoft Windows 製品のカーネルモードドライバにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005345.html
JVNDB-2012-005344 (JVNTA12-318A) Microsoft .NET Framework の ADO.NET における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005344.html
JVNDB-2012-005343 (JVNTA12-318A) Microsoft .NET Framework における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005343.html
JVNDB-2012-005342 (JVNTA12-318A) Microsoft .NET Framework のリフレクションの実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005342.html
JVNDB-2012-005341 (JVNTA12-318A) Microsoft Excel における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005341.html
JVNDB-2012-005340 (JVNTA12-318A) Microsoft Excel における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005340.html
JVNDB-2012-005339 (JVNTA12-318A) Microsoft Excel におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005339.html
JVNDB-2012-005338 (JVNTA12-318A) Microsoft Internet Explorer 9 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005338.html
JVNDB-2012-005337 (JVNTA12-318A) Microsoft Internet Explorer 9 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005337.html
JVNDB-2012-005336 (JVNTA12-318A) Microsoft Windows の Windows シェルにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005336.html
JVNDB-2012-005335 (JVNTA12-318A) Microsoft Windows の Windows シェルにおける整数アンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005335.html
JVNDB-2012-005334 Adobe Flash Player および Adobe AIR におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005334.html
JVNDB-2012-005333 Adobe Flash Player および Adobe AIR におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005333.html
JVNDB-2012-005332 Adobe Flash Player および Adobe AIR における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005332.html
JVNDB-2012-005331 Adobe Flash Player および Adobe AIR におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005331.html
JVNDB-2012-005330 C3-ilex EOScada の EOSCoreScada.exe におけるサービス運用妨害 (デーモン再起動) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005330.html
JVNDB-2012-005329 C3-ilex EOScada の EOSDataServer.exe におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005329.html
JVNDB-2012-005328 C3-ilex EOScada の eosfailoverservice.exe における重要な平文情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005328.html
JVNDB-2012-005327 C3-ilex EOScada の eosfailoverservice.exe におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005327.html
JVNDB-2012-000102 (JVN#74829345) Android OS を搭載した複数の端末におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000102.html
JVNDB-2012-005326 (JVNVU#611988) Vanilla Forums にアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005326.html
JVNDB-2012-005325 (JVNVU#795644) ArcGIS for Server に SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005325.html
JVNDB-2012-004718 CA License における任意のファイルを変更または作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004718.html
JVNDB-2012-004717 CA License における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004717.html
JVNDB-2012-005324 Joomla! におけるクリックジャッキング攻撃の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005324.html
JVNDB-2012-005323 複数の OpenStack 製品の v2 API における保護されていないイメージを削除される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005323.html
JVNDB-2012-005322 Request Tracker における任意のファイルを作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005322.html
JVNDB-2012-005321 Request Tracker におけるクロスサイトリクエストフォージェリ (CSRF) 保護メカニズムを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005324.html
JVNDB-2012-005320 Request Tracker におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005320.html
JVNDB-2012-005319 Request Tracker 用 FAQ マネージャにおける任意のクラスの任意の記事を作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005319.html
JVNDB-2012-005318 Request Tracker における任意のメールヘッダを挿入される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005318.html
JVNDB-2012-005317 複数の OpenStack 製品の v1 API における保護されていないイメージを削除される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005317.html
JVNDB-2012-005316 ppm2tiff におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005316.html
JVNDB-2012-005315 Drupal の OpenID モジュールおける任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005315.html
JVNDB-2012-005314 Drupal における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005314.html
JVNDB-2012-005313 cgit の syntax-highlighting.sh における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005313.html
JVNDB-2012-005312 IcedTea-Web の IcedTeaScriptablePluginObject.cc における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005312.html
JVNDB-2012-005311 KDE の Konqueror におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005311.html
JVNDB-2012-005310 KDE の Konqueror におけるサービス運用妨害 (NULL ポインタデリファレンス) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005310.html
JVNDB-2012-005309 KDE の Konqueror におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005309.html
JVNDB-2012-005308 libproxy の lib/pac.c におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005308.html
JVNDB-2012-005307 libproxy の url.cpp におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005307.html
JVNDB-2012-005305 Advanced Productivity Software DTE Axiom における認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005305.html
JVNDB-2012-005304 Apple QuickTime におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005304.html
JVNDB-2012-005303 Apple QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005303.html
JVNDB-2012-005302 Apple QuickTime におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005302.html
JVNDB-2012-005301 Apple QuickTime におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005301.html
JVNDB-2012-005300 Apple QuickTime の ActiveX コントロールにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005300.html
JVNDB-2012-005299 Apple QuickTime のプラグインにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005299.html
JVNDB-2012-005298 Apple QuickTime におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005298.html
JVNDB-2012-005297 Apple QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005297.html
Another month another password disclosure breach
http://isc.sans.edu/diary.html?storyid=14515
Skype account hijack vulnerability fixed
http://isc.sans.edu/diary.html?storyid=14512
Horde Kronolith Input Validation Flaw in Portal Block Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027778
Horde Groupware Input Validation Hole Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027775
Bugzilla Flaws Permit Cross-Site Scripting and Information Disclosure Attacks
http://www.securitytracker.com/id/1027770
Firebird Null Pointer Dereference on Empty Query Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1027769
Xen Grant Table Hypercall Infinite Loop Lets Local Guest Administrative Users Deny Service
http://www.securitytracker.com/id/1027763
Xen HVMOP_pagetable_dying() Bug Lets Local Users Deny Service
http://www.securitytracker.com/id/1027762
Xen Memory Mapping Bug Lets Local Guest Administrative Users Deny Service
http://www.securitytracker.com/id/1027761
Xen priq Range Check Flaw Lets Local Guest Administrative Users Deny Service on the Host Operating System
http://www.securitytracker.com/id/1027760
Xen Timer Overflow Lets Local Guest Administrative Users Deny Service on the Host System
http://www.securitytracker.com/id/1027759
Red Hat Storage Temporary File Symlink Flaw in GlusterFS Lets Local Users Gain Root Privileges
http://www.securitytracker.com/id/1027756
GEGL Heap Overflow in PPM Image Processing Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027754
REMOTE: Oracle Database Client System Analyzer Arbitrary File Upload
http://www.exploit-db.com/exploits/22714
REMOTE: Novell NetIQ Privileged User Manager 2.3.1 auth.dll pa_modify_accounts() RCE
http://www.exploit-db.com/exploits/22737
REMOTE: Novell NetIQ Privileged User Manager 2.3.1 ldapagnt.dll ldapagnt_eval() Perl Code Evaluation RCE
http://www.exploit-db.com/exploits/22738
DoS/PoC: Broadcom DoS on BCM4325 and BCM4329 Devices
http://www.exploit-db.com/exploits/22739
DoS/PoC: Novell Groupwise Internet Agent LDAP BIND Request Overflow Vulnerability
http://www.exploit-db.com/exploits/22707
Dell OpenManage Server Administrator Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51297/
IBM Lotus Notes / Lotus Domino Java Multiple Vulnerabilities
http://secunia.com/advisories/51277/
IBM Tivoli Management Framework Java Multiple Vulnerabilities
http://secunia.com/advisories/51278/
Drupal Smiley and Smileys Modules Script Insertion Vulnerability
http://secunia.com/advisories/51261/
Drupal RESTful Web Services Module Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/51272/
The FAQ Manager Two SQL Injection Vulnerabilities
http://secunia.com/advisories/51288/
Drupal User Read-Only Module Security Bypass Security Issue
http://secunia.com/advisories/51273/
Drupal Chaos tool suite Module Node Title Script Insertion Vulnerability
http://secunia.com/advisories/51259/
MantisBT Cloned Issue Notes Disclosure Security Issue
http://secunia.com/advisories/51300/
IBM Tivoli Monitoring Java Multiple Vulnerabilities
http://secunia.com/advisories/51252/
WordPress post-views Plugin "search_input" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50982/
Novell Privileged User Manager Security Bypass Vulnerabilities
http://secunia.com/advisories/51291/
SUSE update for opera
http://secunia.com/advisories/51311/
Horde Multiple Products Portal Block Script Insertion Vulnerabilities
http://secunia.com/advisories/51233/
Red Hat update for mysql
http://secunia.com/advisories/51309/
Red Hat update for libproxy
http://secunia.com/advisories/51308/
Apple Mac OS X DirectoryService Remote Code Execution
http://cxsecurity.com/issue/WLB-2012110105
Microsoft Office 2007 RTF Mismatch Remote Code Execution
http://cxsecurity.com/issue/WLB-2012110106
Microsoft Excel Record Trusted Counter Remote Code Execution
http://cxsecurity.com/issue/WLB-2012110104
RealNetworks RealPlayer RV40 Remote Code Execution Vulnerability
http://cxsecurity.com/issue/WLB-2012110103
Bugzilla Informartion Leak & Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110102
Oracle Database Client System Analyzer Arbitrary File Upload
http://cxsecurity.com/issue/WLB-2012110101
BabyGekko 1.2.2e XSS & SQL Injection & LFI
http://cxsecurity.com/issue/WLB-2012110100
ReciPHP 1.1 SQL Injection
http://cxsecurity.com/issue/WLB-2012110099
Drupal RESTful Web Services 7.x Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012110098
Drupal Smiley / Smileys 6.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110097
Drupal User Read-Only 6.x / 7.x Access Bypass
http://cxsecurity.com/issue/WLB-2012110096
Java Applet JAX-WS Remote Code Execution *youtube
http://cxsecurity.com/issue/WLB-2012110079
iDev Rentals Multiple Web Vulnerabilities
http://cxsecurity.com/issue/WLB-2012110095
friendsinwar FAQ Manager SQL Injection (authbypass) Vulnerability
http://cxsecurity.com/issue/WLB-2012110089
Myrephp Realty Manager Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012110094
Myrephp Vacation Rental Software Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012110093
Myrephp Business Directory Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012110092
Narcissus Remote Command Execution Vulnerability
http://cxsecurity.com/issue/WLB-2012110091
dotProject <= 2.1.6 Remote File Inclusion Vulnerability
http://cxsecurity.com/issue/WLB-2012110090
Novell Groupwise Internet Agent LDAP BIND Request Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2012110088
IrfanView TIF Image Decompression Buffer Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2012110087
IrfanView RLE Image Decompression Buffer Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2012110086
joomla com_autostand shell upload vulnerability
http://cxsecurity.com/issue/WLB-2012110085
Huawei Weak Password Encryption
http://cxsecurity.com/issue/WLB-2012110084
RSA Data Protection Manager XSS & Broken Restriction
http://cxsecurity.com/issue/WLB-2012110083
OpenVAS Command Injection
http://cxsecurity.com/issue/WLB-2012110082
WordPress WP E-Commerce 3.8.9 SQL Injection / Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110081
Eventy CMS 1.8 Plus Cross Site Scripting & SQL Injection
http://cxsecurity.com/issue/WLB-2012110080
Adobe Flash Player and AIR CVE-2012-5275 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56543
Adobe Flash Player and AIR CVE-2012-5280 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56546
Adobe Flash Player and AIR CVE-2012-5279 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56554
Adobe Flash Player and AIR CVE-2012-5278 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56547
Adobe Flash Player and AIR CVE-2012-5277 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56545
Adobe Flash Player and AIR CVE-2012-5276 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56544
Adobe Flash Player and AIR CVE-2012-5274 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56542
CoDeSys Buffer Overflow Vulnerability and Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50849
TYPO3 Core TYPO3-SA-2012-005 Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/56472
RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/56450
RETIRED: Adobe Flash Player and AIR APSB12-24 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56412
Oracle MySQL Server CVE-2012-3166 Remote Security Vulnerability
http://www.securityfocus.com/bid/56028
Microsoft Word CVE-2012-0183 RTF Data Handling Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53344
Microsoft IIS CVE-2012-2531 Password Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56439
Microsoft .NET Framework CVE-2012-4776 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56463
HT Editor File Open Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47095
cgit 'Author' Field Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55724
cgit 'syntax-highlighting.sh' Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/56315
IBM Java Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55495
Microsoft Excel CVE-2012-2543 Buffer Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56431
Apple Mac OS X CVE-2012-0650 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56240
Real Networks RealPlayer CVE-2012-0925 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51887
LibTIFF TIFF Image Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55673
LibTIFF 'TIFFScanlineSize()' Function Heap-based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56372
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4194 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56301
Mozilla Firefox/Thunderbird CVE-2012-3974 Local Code Execution Vulnerability
http://www.securityfocus.com/bid/55312
Debian 'openvswitch-pki' Package Multiple Insecure File Permissions Vulnerabilities
http://www.securityfocus.com/bid/54789
WeeChat Color Decoding Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56482
OpenStack Glance CVE-2012-4573 Arbitrary File Deletion Vulnerability
http://www.securityfocus.com/bid/56437
catdoc 'src/xlsparse.c' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56466
Xen PV Domain Builder Kernel Decompression Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/56289
Oracle Database and Enterprise Manager Grid Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45883
Linux Kernel ASLR Security Bypass Weakness
http://www.securityfocus.com/bid/52687
Linux Kernel EXT4 'ext4_fill_flex_info()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53414
Xen 64-bit PV Guests Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53961
libxml2 CVE-2012-2807 Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54718
Google Chrome Prior to 19 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53540
libproxy CVE-2012-4505 Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55910
Novell GroupWise Internet Agent CVE-2012-0271 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/55551
Oracle MySQL Server CVE-2012-3163 Remote MySQL Security Vulnerability
http://www.securityfocus.com/bid/56036
Oracle MySQL Server CVE-2012-3160 Local Security Vulnerability
http://www.securityfocus.com/bid/56027
Oracle MySQL Server CVE-2012-3158 Remote Security Vulnerability
http://www.securityfocus.com/bid/56017
Oracle MySQL Server CVE-2012-1689 Remote Security Vulnerability
http://www.securityfocus.com/bid/54547
Oracle MySQL CVE-2012-1690 Remote MySQL Server Vulnerability
http://www.securityfocus.com/bid/53074
Oracle MySQL Server CVE-2012-3150 Remote Security Vulnerability
http://www.securityfocus.com/bid/55990
Oracle MySQL Server CVE-2012-3173 Remote MySQL Security Vulnerability
http://www.securityfocus.com/bid/56041
Oracle MySQL CVE-2012-2749 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/55120
Oracle MySQL Server CVE-2012-3177 Remote Security Vulnerability
http://www.securityfocus.com/bid/56005
Oracle MySQL Server CVE-2012-3167 Remote Security Vulnerability
http://www.securityfocus.com/bid/56018
Oracle MySQL Server CVE-2012-3180 Remote Security Vulnerability
http://www.securityfocus.com/bid/56003
Oracle MySQL Server CVE-2012-0540 Remote Security Vulnerability
http://www.securityfocus.com/bid/54551
Oracle MySQL CVE-2012-1703 Remote MySQL Server Vulnerability
http://www.securityfocus.com/bid/53058
Oracle MySQL Server CVE-2012-1734 Remote Security Vulnerability
http://www.securityfocus.com/bid/54540
Oracle MySQL CVE-2012-1688 Remote MySQL Server Vulnerability
http://www.securityfocus.com/bid/53067
Oracle MySQL Server CVE-2012-3197 Remote Security Vulnerability
http://www.securityfocus.com/bid/56021
CryENGINE Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56476
Call of Duty: Modern Warfare 3 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/56475
Perl CGI.pm 'Set-Cookie' and 'P3P' Headers HTTP Header Injection Vulnerability
http://www.securityfocus.com/bid/56562
Samsung Kies Air Denial of Service and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/56560
Make or Break 'login.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/56559
Applicure dotDefender Format String Vulnerability
http://www.securityfocus.com/bid/56558
WordPress post-views Plugin 'search_input' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56555
Multiple Horde Products Multiple Unspecified HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56541
NetIQ Privileged User Manager 'ldapagnt_eval()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56539
NetIQ Privileged User Manager Admin Password Change Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/56535
ReciPHP 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/56531
Opera Web Browser Prior to 12.10 Multiple Vulnerabilities
http://www.securityfocus.com/bid/56407
Gajim '_ssl_verify_callback()' Function SSL Certificate Validation Spoofing Vulnerability
http://www.securityfocus.com/bid/56481
SWFUpload 'movieName' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54245
Xen PyGrub Kernel Decompression Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53650
Microsoft System Center Configuration Manager CVE-2012-2536 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55430
YUI 'SWF' File Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56385
Invision Power Board 'core.php' PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/56288
nspluginwrapper Private Browsing Flash Player Storage Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/48487
A-PDF All to MP3 Converter '.wav' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/43301
Drupal User Read-Only Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/56548
Multiple Drupal Modules HTML Injection Vulnerability
http://www.securityfocus.com/bid/56540
Drupal Chaos Tool Suite Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56538
Drupal Table of Contents Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/56537
Drupal RESTful Web Services Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56536
idev-Rentals Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56529
Wordpress Advanced Custom Fields Plugin 'acf_abspath' Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/56528
WordPress Buddystream Plugin Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56526
WordPress Amazon Associate Plugin 'callback' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56525
BabyGekko Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/56523
Firebird 'TraceDSQLPrepare::prepare()' Function NULL Pointer Denial of Service Vulnerability
http://www.securityfocus.com/bid/56521
MantisBT Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56520
MYREphp Vacation Rental Software Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/56519
Dell OpenManage Server Administrator CVE-2012-4955 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56518
Dotproject 'gantt.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/56517
SAP Netweaver Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/56516
Myrephp Business Directory SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56514
WordPress DX-Contribute Plugin Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56513
MYRE Realty Manager SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56512
Narcissus Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/56511
WordPress UK Cookie Plugin Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56509
WordPress WP-Filebase Plugin Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/56507
Bugzilla Multiple Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56504
ManageEngine Exchange Reporter Plus Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56503
Xen Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56498
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿