:: IT Security Neophyte Investigator's MEMO ::: 16日金曜日、赤口

2012年11月16日金曜日

16日金曜日、赤口

+ RHSA-2012:1461 Moderate: libproxy security update
http://rhn.redhat.com/errata/RHSA-2012-1461.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4505

+ RHSA-2012:1462 Important: mysql security update
http://rhn.redhat.com/errata/RHSA-2012-1462.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3197

+ CESA-2012:1462 Important CentOS 6 mysql Update
http://lwn.net/Alerts/525241/

+ CESA-2012:1461 Moderate CentOS 6 libproxy Update
http://lwn.net/Alerts/525243/

+ CESA-2012:1445 Low CentOS 5 kernel Update
http://lwn.net/Alerts/524986/

+ PSN-2012-11-769 2012-11 Network Management, Identity and Policy Control Security Advisories Released
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-11-769&viewMode=view

+ PSN-2012-11-768 2012-11 Security Bulletin: Steel-Belted Radius: Multiple OpenSSL Vulnerabilities
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-11-768&viewMode=view

+ PSN-2012-11-767 2012-11 Security Bulletin: NSM Products: Multiple vulnerabilities in Network and Security Manager products
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-11-767&viewMode=view

定期サーバメンテナンスのお知らせ（2012年11月22日）
http://www.trendmicro.co.jp/support/news.asp?id=1861

ウイルスバスターコーポレートエディション 10.5 Patch 4 (ビルド 2251) 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1863

Advisory: Tavis Ormandy finds vulnerabilities in Sophos Anti-Virus products
http://www.sophos.com/en-us/support/knowledgebase/118424.aspx

Shh/Updater-B: Identifying and fixing affected non-Sophos applications
http://www.sophos.com/en-us/support/knowledgebase/118348.aspx

PHP 5.5.0 Alpha1 released
http://www.php.net/archive/2012.php#id2012-11-15-1

[CVE-2012-5858] [CVE-2012-5859] DoS/Authorization Bypass - Kies Air
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00059.html

SEC Consult SA-20121115-0 :: Applicure dotDefender WAF format string vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00058.html

Re: Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00057.html

iDev Rentals v1.0 - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00056.html

Security advisory for Bugzilla 4.4rc1, 4.2.4, 4.0.9 and 3.6.12
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00055.html

Multiple vulnerabilities in BabyGekko
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00054.html

0-day vulnerabilities in Call of Duty MW3 and CryEngine 3
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00052.html

US-CERT Alert TA12-318A - Microsoft Updates for Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/Cert/2012-11/msg00000.html

「ネット銀行狙うウイルス」、裏の仕組みを知れば怖くない
http://itpro.nikkeibp.co.jp/article/COLUMN/20121116/437801/?ST=security

チェックしておきたい脆弱性情報＜2012.11.16＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20121113/436943/?ST=security

情報漏洩防止Androidアプリ「セキュアカーテン」、キーウェアソリューションズが無償公開
http://itpro.nikkeibp.co.jp/article/NEWS/20121115/437549/?ST=security

Java 7の既知の脆弱性狙った攻撃による国内サイト改ざんが発生、JPCERT/CCが注意喚起
http://itpro.nikkeibp.co.jp/article/NEWS/20121115/437421/?ST=security

Skype、アカウント乗っ取りのおそれがある脆弱性を修正
http://itpro.nikkeibp.co.jp/article/NEWS/20121115/437401/?ST=security

アカウントを乗っ取って「懺悔」をツイートする辞書アプリ（WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20121115/437382/?ST=security

［セキュリティ/SNS/投資］標的型攻撃の対策に遅れ、サーバー統合への投資がいまだ旺盛
http://itpro.nikkeibp.co.jp/article/COLUMN/20121106/435344/?ST=security

情報窃盗に新手法、画像ファイルを盗むマルウエア
http://itpro.nikkeibp.co.jp/article/COLUMN/20121113/436942/?ST=security

JVNVU#558132 Dell OpenManage Server Administrator にクロスサイトスクリプティングの脆弱性
http://jvn.jp/cert/JVNVU558132/

JVNVU#795644 ArcGIS Server に SQL インジェクションの脆弱性
http://jvn.jp/cert/JVNVU795644/

JVNTA12-318A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA12-318A/

JVN#74829345 Android OS を搭載した複数の端末におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN74829345/

JVNDB-2012-000103 Android 版 Monacaデバッガーにおける情報管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000103.html

JVNDB-2012-003939 複数の Mozilla 製品の nsObjectLoadingContent::LoadObject 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003939.html

JVNDB-2012-003938 複数の Mozilla 製品の nsHTMLEditor::CollapseAdjacentTextNodes 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003938.html

JVNDB-2012-003936 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003936.html

JVNDB-2012-004636 Google Chrome で使用される Microsoft Windows のカーネルモードドライバにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004636.html

JVNDB-2012-003853 Open Technology Real Services にクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003853.html

JVNDB-2012-002926 Perl 用 Config::IniFiles モジュールにおける任意のファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002926.html

JVNDB-2012-002718 Linux Kernel の mm/hugetlb.c におけるサービス運用妨害 (メモリ消費またはシステムクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002718.html

JVNDB-2012-003258 Moodle のブログの実装におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003258.html

JVNDB-2012-002714 Linux Kernel の rio_ioctl 関数における Ethernet アダプタへデータを書き込まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002714.html

JVNDB-2012-003384 dhcpcd の socket.c の get_packet メソッドにおけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003384.html

JVNDB-2012-003665 SPIP におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003665.html

JVNDB-2012-003521 Linux Kernel の net/core/sock.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003521.html

JVNDB-2012-002400 OpenSSL における整数アンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002400.html

JVNDB-2012-000103(JVN#56923652) Android 版 Monacaデバッガーにおける情報管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000103.html

JVNDB-2012-004918 複数の製品で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004918.html

JVNDB-2012-005361 (JVNVU#659615) Oberthur のスマートカードに問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005361.html

JVNDB-2012-005360 VMware Workstation および VMware Player におけるホスト OS の権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005360.html

JVNDB-2012-005359 VMware Workstation および VMware Player におけるホスト OS の権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005359.html

JVNDB-2012-005358 複数の VMware 製品で使用される VMware OVF Tool におけるフォーマットストリングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005358.html

JVNDB-2012-005357 IBM WebSphere Application Server におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005357.html

JVNDB-2012-005356 IBM WebSphere Application Server の Liberty Profile におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005356.html

JVNDB-2012-005355 IBM WebSphere Application Server の Liberty Profile における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005355.html

JVNDB-2012-005354 IBM Cognos Business Intelligence におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005354.html

JVNDB-2012-005353 IBM WebSphere Application Server および WebSphere Virtual Enterprise におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005353.html

JVNDB-2012-005352 (JVNTA12-318A) Microsoft .NET Framework のリフレクション実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005352.html

JVNDB-2012-005351 (JVNTA12-318A) Microsoft .NET Framework の Web プロキシ自動発見 (WPAD) 機能における任意の JavaScript コードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005351.html

JVNDB-2012-005350 (JVNTA12-318A) Microsoft Internet Explorer 9 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005350.html

JVNDB-2012-005349 (JVNTA12-318A) 複数の Microsoft Windows 製品のカーネルモードドライバにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005349.html

JVNDB-2012-005348 (JVNTA12-318A) Microsoft Excel におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005348.html

JVNDB-2012-005347 (JVNTA12-318A) Microsoft FTP Service for IIS における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005347.html

JVNDB-2012-005346 (JVNTA12-318A) Microsoft Internet Information Services における認証情報を発見される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005346.html

JVNDB-2012-005345 (JVNTA12-318A) 複数の Microsoft Windows 製品のカーネルモードドライバにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005345.html

JVNDB-2012-005344 (JVNTA12-318A) Microsoft .NET Framework の ADO.NET における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005344.html

JVNDB-2012-005343 (JVNTA12-318A) Microsoft .NET Framework における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005343.html

JVNDB-2012-005342 (JVNTA12-318A) Microsoft .NET Framework のリフレクションの実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005342.html

JVNDB-2012-005341 (JVNTA12-318A) Microsoft Excel における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005341.html

JVNDB-2012-005340 (JVNTA12-318A) Microsoft Excel における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005340.html

JVNDB-2012-005339 (JVNTA12-318A) Microsoft Excel におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005339.html

JVNDB-2012-005338 (JVNTA12-318A) Microsoft Internet Explorer 9 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005338.html

JVNDB-2012-005337 (JVNTA12-318A) Microsoft Internet Explorer 9 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005337.html

JVNDB-2012-005336 (JVNTA12-318A) Microsoft Windows の Windows シェルにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005336.html

JVNDB-2012-005335 (JVNTA12-318A) Microsoft Windows の Windows シェルにおける整数アンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005335.html

JVNDB-2012-005334 Adobe Flash Player および Adobe AIR におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005334.html

JVNDB-2012-005333 Adobe Flash Player および Adobe AIR におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005333.html

JVNDB-2012-005332 Adobe Flash Player および Adobe AIR における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005332.html

JVNDB-2012-005331 Adobe Flash Player および Adobe AIR におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005331.html

JVNDB-2012-005330 C3-ilex EOScada の EOSCoreScada.exe におけるサービス運用妨害 (デーモン再起動) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005330.html

JVNDB-2012-005329 C3-ilex EOScada の EOSDataServer.exe におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005329.html

JVNDB-2012-005328 C3-ilex EOScada の eosfailoverservice.exe における重要な平文情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005328.html

JVNDB-2012-005327 C3-ilex EOScada の eosfailoverservice.exe におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005327.html

JVNDB-2012-000102 (JVN#74829345) Android OS を搭載した複数の端末におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000102.html

JVNDB-2012-005326 (JVNVU#611988) Vanilla Forums にアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005326.html

JVNDB-2012-005325 (JVNVU#795644) ArcGIS for Server に SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005325.html

JVNDB-2012-004718 CA License における任意のファイルを変更または作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004718.html

JVNDB-2012-004717 CA License における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004717.html

JVNDB-2012-005324 Joomla! におけるクリックジャッキング攻撃の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005324.html

JVNDB-2012-005323 複数の OpenStack 製品の v2 API における保護されていないイメージを削除される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005323.html

JVNDB-2012-005322 Request Tracker における任意のファイルを作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005322.html

JVNDB-2012-005321 Request Tracker におけるクロスサイトリクエストフォージェリ (CSRF) 保護メカニズムを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005324.html

JVNDB-2012-005320 Request Tracker におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005320.html

JVNDB-2012-005319 Request Tracker 用 FAQ マネージャにおける任意のクラスの任意の記事を作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005319.html

JVNDB-2012-005318 Request Tracker における任意のメールヘッダを挿入される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005318.html

JVNDB-2012-005317 複数の OpenStack 製品の v1 API における保護されていないイメージを削除される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005317.html

JVNDB-2012-005316 ppm2tiff におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005316.html

JVNDB-2012-005315 Drupal の OpenID モジュールおける任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005315.html

JVNDB-2012-005314 Drupal における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005314.html

JVNDB-2012-005313 cgit の syntax-highlighting.sh における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005313.html

JVNDB-2012-005312 IcedTea-Web の IcedTeaScriptablePluginObject.cc における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005312.html

JVNDB-2012-005311 KDE の Konqueror におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005311.html

JVNDB-2012-005310 KDE の Konqueror におけるサービス運用妨害 (NULL ポインタデリファレンス) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005310.html

JVNDB-2012-005309 KDE の Konqueror におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005309.html

JVNDB-2012-005308 libproxy の lib/pac.c におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005308.html

JVNDB-2012-005307 libproxy の url.cpp におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005307.html

JVNDB-2012-005305 Advanced Productivity Software DTE Axiom における認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005305.html

JVNDB-2012-005304 Apple QuickTime におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005304.html

JVNDB-2012-005303 Apple QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005303.html

JVNDB-2012-005302 Apple QuickTime におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005302.html

JVNDB-2012-005301 Apple QuickTime におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005301.html

JVNDB-2012-005300 Apple QuickTime の ActiveX コントロールにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005300.html

JVNDB-2012-005299 Apple QuickTime のプラグインにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005299.html

JVNDB-2012-005298 Apple QuickTime におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005298.html

JVNDB-2012-005297 Apple QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005297.html

Another month another password disclosure breach
http://isc.sans.edu/diary.html?storyid=14515

Skype account hijack vulnerability fixed
http://isc.sans.edu/diary.html?storyid=14512

Horde Kronolith Input Validation Flaw in Portal Block Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027778

Horde Groupware Input Validation Hole Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027775

Bugzilla Flaws Permit Cross-Site Scripting and Information Disclosure Attacks
http://www.securitytracker.com/id/1027770

Firebird Null Pointer Dereference on Empty Query Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1027769

Xen Grant Table Hypercall Infinite Loop Lets Local Guest Administrative Users Deny Service
http://www.securitytracker.com/id/1027763

Xen HVMOP_pagetable_dying() Bug Lets Local Users Deny Service
http://www.securitytracker.com/id/1027762

Xen Memory Mapping Bug Lets Local Guest Administrative Users Deny Service
http://www.securitytracker.com/id/1027761

Xen priq Range Check Flaw Lets Local Guest Administrative Users Deny Service on the Host Operating System
http://www.securitytracker.com/id/1027760

Xen Timer Overflow Lets Local Guest Administrative Users Deny Service on the Host System
http://www.securitytracker.com/id/1027759

Red Hat Storage Temporary File Symlink Flaw in GlusterFS Lets Local Users Gain Root Privileges
http://www.securitytracker.com/id/1027756

GEGL Heap Overflow in PPM Image Processing Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027754

REMOTE: Oracle Database Client System Analyzer Arbitrary File Upload
http://www.exploit-db.com/exploits/22714

REMOTE: Novell NetIQ Privileged User Manager 2.3.1 auth.dll pa_modify_accounts() RCE
http://www.exploit-db.com/exploits/22737

REMOTE: Novell NetIQ Privileged User Manager 2.3.1 ldapagnt.dll ldapagnt_eval() Perl Code Evaluation RCE
http://www.exploit-db.com/exploits/22738

DoS/PoC: Broadcom DoS on BCM4325 and BCM4329 Devices
http://www.exploit-db.com/exploits/22739

DoS/PoC: Novell Groupwise Internet Agent LDAP BIND Request Overflow Vulnerability
http://www.exploit-db.com/exploits/22707

Dell OpenManage Server Administrator Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51297/

IBM Lotus Notes / Lotus Domino Java Multiple Vulnerabilities
http://secunia.com/advisories/51277/

IBM Tivoli Management Framework Java Multiple Vulnerabilities
http://secunia.com/advisories/51278/

Drupal Smiley and Smileys Modules Script Insertion Vulnerability
http://secunia.com/advisories/51261/

Drupal RESTful Web Services Module Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/51272/

The FAQ Manager Two SQL Injection Vulnerabilities
http://secunia.com/advisories/51288/

Drupal User Read-Only Module Security Bypass Security Issue
http://secunia.com/advisories/51273/

Drupal Chaos tool suite Module Node Title Script Insertion Vulnerability
http://secunia.com/advisories/51259/

MantisBT Cloned Issue Notes Disclosure Security Issue
http://secunia.com/advisories/51300/

IBM Tivoli Monitoring Java Multiple Vulnerabilities
http://secunia.com/advisories/51252/

WordPress post-views Plugin "search_input" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50982/

Novell Privileged User Manager Security Bypass Vulnerabilities
http://secunia.com/advisories/51291/

SUSE update for opera
http://secunia.com/advisories/51311/

Horde Multiple Products Portal Block Script Insertion Vulnerabilities
http://secunia.com/advisories/51233/

Red Hat update for mysql
http://secunia.com/advisories/51309/

Red Hat update for libproxy
http://secunia.com/advisories/51308/

Apple Mac OS X DirectoryService Remote Code Execution
http://cxsecurity.com/issue/WLB-2012110105

Microsoft Office 2007 RTF Mismatch Remote Code Execution
http://cxsecurity.com/issue/WLB-2012110106

Microsoft Excel Record Trusted Counter Remote Code Execution
http://cxsecurity.com/issue/WLB-2012110104

RealNetworks RealPlayer RV40 Remote Code Execution Vulnerability
http://cxsecurity.com/issue/WLB-2012110103

Bugzilla Informartion Leak & Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110102

Oracle Database Client System Analyzer Arbitrary File Upload
http://cxsecurity.com/issue/WLB-2012110101

BabyGekko 1.2.2e XSS & SQL Injection & LFI
http://cxsecurity.com/issue/WLB-2012110100

ReciPHP 1.1 SQL Injection
http://cxsecurity.com/issue/WLB-2012110099

Drupal RESTful Web Services 7.x Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012110098

Drupal Smiley / Smileys 6.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110097

Drupal User Read-Only 6.x / 7.x Access Bypass
http://cxsecurity.com/issue/WLB-2012110096

Java Applet JAX-WS Remote Code Execution *youtube
http://cxsecurity.com/issue/WLB-2012110079

iDev Rentals Multiple Web Vulnerabilities
http://cxsecurity.com/issue/WLB-2012110095

friendsinwar FAQ Manager SQL Injection (authbypass) Vulnerability
http://cxsecurity.com/issue/WLB-2012110089

Myrephp Realty Manager Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012110094

Myrephp Vacation Rental Software Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012110093

Myrephp Business Directory Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012110092

Narcissus Remote Command Execution Vulnerability
http://cxsecurity.com/issue/WLB-2012110091

dotProject <= 2.1.6 Remote File Inclusion Vulnerability
http://cxsecurity.com/issue/WLB-2012110090

Novell Groupwise Internet Agent LDAP BIND Request Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2012110088

IrfanView TIF Image Decompression Buffer Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2012110087

IrfanView RLE Image Decompression Buffer Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2012110086

joomla com_autostand shell upload vulnerability
http://cxsecurity.com/issue/WLB-2012110085

Huawei Weak Password Encryption
http://cxsecurity.com/issue/WLB-2012110084

RSA Data Protection Manager XSS & Broken Restriction
http://cxsecurity.com/issue/WLB-2012110083

OpenVAS Command Injection
http://cxsecurity.com/issue/WLB-2012110082

WordPress WP E-Commerce 3.8.9 SQL Injection / Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110081

Eventy CMS 1.8 Plus Cross Site Scripting & SQL Injection
http://cxsecurity.com/issue/WLB-2012110080

Adobe Flash Player and AIR CVE-2012-5275 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56543

Adobe Flash Player and AIR CVE-2012-5280 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56546

Adobe Flash Player and AIR CVE-2012-5279 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56554

Adobe Flash Player and AIR CVE-2012-5278 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56547

Adobe Flash Player and AIR CVE-2012-5277 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56545

Adobe Flash Player and AIR CVE-2012-5276 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56544

Adobe Flash Player and AIR CVE-2012-5274 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56542

CoDeSys Buffer Overflow Vulnerability and Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50849

TYPO3 Core TYPO3-SA-2012-005 Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/56472

RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/56450

RETIRED: Adobe Flash Player and AIR APSB12-24 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56412

Oracle MySQL Server CVE-2012-3166 Remote Security Vulnerability
http://www.securityfocus.com/bid/56028

Microsoft Word CVE-2012-0183 RTF Data Handling Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53344

Microsoft IIS CVE-2012-2531 Password Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56439

Microsoft .NET Framework CVE-2012-4776 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56463

HT Editor File Open Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47095

cgit 'Author' Field Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55724

cgit 'syntax-highlighting.sh' Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/56315

IBM Java Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55495

Microsoft Excel CVE-2012-2543 Buffer Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56431

Apple Mac OS X CVE-2012-0650 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56240

Real Networks RealPlayer CVE-2012-0925 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51887

LibTIFF TIFF Image Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55673

LibTIFF 'TIFFScanlineSize()' Function Heap-based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56372

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4194 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56301

Mozilla Firefox/Thunderbird CVE-2012-3974 Local Code Execution Vulnerability
http://www.securityfocus.com/bid/55312

Debian 'openvswitch-pki' Package Multiple Insecure File Permissions Vulnerabilities
http://www.securityfocus.com/bid/54789

WeeChat Color Decoding Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56482

OpenStack Glance CVE-2012-4573 Arbitrary File Deletion Vulnerability
http://www.securityfocus.com/bid/56437

catdoc 'src/xlsparse.c' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56466

Xen PV Domain Builder Kernel Decompression Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/56289

Oracle Database and Enterprise Manager Grid Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45883

Linux Kernel ASLR Security Bypass Weakness
http://www.securityfocus.com/bid/52687

Linux Kernel EXT4 'ext4_fill_flex_info()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53414

Xen 64-bit PV Guests Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53961

libxml2 CVE-2012-2807 Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54718

Google Chrome Prior to 19 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53540

libproxy CVE-2012-4505 Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55910

Novell GroupWise Internet Agent CVE-2012-0271 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/55551

Oracle MySQL Server CVE-2012-3163 Remote MySQL Security Vulnerability
http://www.securityfocus.com/bid/56036

Oracle MySQL Server CVE-2012-3160 Local Security Vulnerability
http://www.securityfocus.com/bid/56027

Oracle MySQL Server CVE-2012-3158 Remote Security Vulnerability
http://www.securityfocus.com/bid/56017

Oracle MySQL Server CVE-2012-1689 Remote Security Vulnerability
http://www.securityfocus.com/bid/54547

Oracle MySQL CVE-2012-1690 Remote MySQL Server Vulnerability
http://www.securityfocus.com/bid/53074

Oracle MySQL Server CVE-2012-3150 Remote Security Vulnerability
http://www.securityfocus.com/bid/55990

Oracle MySQL Server CVE-2012-3173 Remote MySQL Security Vulnerability
http://www.securityfocus.com/bid/56041

Oracle MySQL CVE-2012-2749 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/55120

Oracle MySQL Server CVE-2012-3177 Remote Security Vulnerability
http://www.securityfocus.com/bid/56005

Oracle MySQL Server CVE-2012-3167 Remote Security Vulnerability
http://www.securityfocus.com/bid/56018

Oracle MySQL Server CVE-2012-3180 Remote Security Vulnerability
http://www.securityfocus.com/bid/56003

Oracle MySQL Server CVE-2012-0540 Remote Security Vulnerability
http://www.securityfocus.com/bid/54551

Oracle MySQL CVE-2012-1703 Remote MySQL Server Vulnerability
http://www.securityfocus.com/bid/53058

Oracle MySQL Server CVE-2012-1734 Remote Security Vulnerability
http://www.securityfocus.com/bid/54540

Oracle MySQL CVE-2012-1688 Remote MySQL Server Vulnerability
http://www.securityfocus.com/bid/53067

Oracle MySQL Server CVE-2012-3197 Remote Security Vulnerability
http://www.securityfocus.com/bid/56021

CryENGINE Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56476

Call of Duty: Modern Warfare 3 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/56475

Perl CGI.pm 'Set-Cookie' and 'P3P' Headers HTTP Header Injection Vulnerability
http://www.securityfocus.com/bid/56562

Samsung Kies Air Denial of Service and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/56560

Make or Break 'login.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/56559

Applicure dotDefender Format String Vulnerability
http://www.securityfocus.com/bid/56558

WordPress post-views Plugin 'search_input' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56555

Multiple Horde Products Multiple Unspecified HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56541

NetIQ Privileged User Manager 'ldapagnt_eval()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56539

NetIQ Privileged User Manager Admin Password Change Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/56535

ReciPHP 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/56531

Opera Web Browser Prior to 12.10 Multiple Vulnerabilities
http://www.securityfocus.com/bid/56407

Gajim '_ssl_verify_callback()' Function SSL Certificate Validation Spoofing Vulnerability
http://www.securityfocus.com/bid/56481

SWFUpload 'movieName' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54245

Xen PyGrub Kernel Decompression Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53650

Microsoft System Center Configuration Manager CVE-2012-2536 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55430

YUI 'SWF' File Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56385

Invision Power Board 'core.php' PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/56288

nspluginwrapper Private Browsing Flash Player Storage Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/48487

A-PDF All to MP3 Converter '.wav' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/43301

Drupal User Read-Only Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/56548

Multiple Drupal Modules HTML Injection Vulnerability
http://www.securityfocus.com/bid/56540

Drupal Chaos Tool Suite Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56538

Drupal Table of Contents Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/56537

Drupal RESTful Web Services Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56536

idev-Rentals Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56529

Wordpress Advanced Custom Fields Plugin 'acf_abspath' Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/56528

WordPress Buddystream Plugin Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56526

WordPress Amazon Associate Plugin 'callback' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56525

BabyGekko Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/56523

Firebird 'TraceDSQLPrepare::prepare()' Function NULL Pointer Denial of Service Vulnerability
http://www.securityfocus.com/bid/56521

MantisBT Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56520

MYREphp Vacation Rental Software Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/56519

Dell OpenManage Server Administrator CVE-2012-4955 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56518

Dotproject 'gantt.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/56517

SAP Netweaver Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/56516

Myrephp Business Directory SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56514

WordPress DX-Contribute Plugin Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56513

MYRE Realty Manager SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56512

Narcissus Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/56511

WordPress UK Cookie Plugin Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56509

WordPress WP-Filebase Plugin Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/56507

Bugzilla Multiple Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56504

ManageEngine Exchange Reporter Plus Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56503

Xen Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56498

:: IT Security Neophyte Investigator's MEMO ::

2012年11月16日金曜日

16日金曜日、赤口

0 件のコメント:

コメントを投稿

2012年11月16日金曜日

16日 金曜日、赤口

0 件のコメント:

コメントを投稿

16日金曜日、赤口