20日 火曜日、仏滅

+ APSB12-25 Security update: Hotfix available for ColdFusion 10 for Windows
http://www.adobe.com/support/security/bulletins/apsb12-25.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5674

+ HPSBHF02821 SSRT100934 rev.1 - HP Integrated Lights-Out iLO3 and iLO4, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03515413-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3271

+ Zimbra Collaboration Suite Open Source Edition 8.0.1 GA Release
http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.1.pdf

Advisory: Tavis Ormandy finds vulnerabilities in Sophos Anti-Virus products
http://www.sophos.com/en-us/support/knowledgebase/118424.aspx

Advisory: Shh/Updater-B False positives
http://www.sophos.com/en-us/support/knowledgebase/118311.aspx

Shh/Updater-B: Identifying and fixing affected non-Sophos applications
http://www.sophos.com/en-us/support/knowledgebase/118348.aspx

セキュアブレインがポップアップ型フィッシング詐欺を防ぐ金融機関向けソリューション
http://itpro.nikkeibp.co.jp/article/NEWS/20121119/438401/?ST=security

エムコマース、接続PCの履歴を記録するUSBメモリー型ストレージを販売
http://itpro.nikkeibp.co.jp/article/NEWS/20121119/438323/?ST=security

JVNVU#273371 Novell File Reporter に複数の脆弱性
http://jvn.jp/cert/JVNVU273371/

n.runs-SA-2012.004 - SPLUNK Unauthenticated remote DoS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00069.html

CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00068.html

[ MDVSA-2012:172 ] libproxy
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00065.html

Manage Engine Exchange Reporter v4.1 - Multiple Web Vulnerabilites
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00067.html

Akeni LAN v1.2.118 - Filter Bypass Vulnerability (Local)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00066.html

[SECURITY] [DSA 2575-1] tiff security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00064.html

Splunk Input Validation Flaws in Splunk Web Interface Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027785

Splunk Flaw in spunkd Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027784

ManageEngine ServiceDesk Plus "ciName" Script Insertion Vulnerability
http://secunia.com/advisories/51350/

RSA Data Protection Manager Multiple Vulnerabilities
http://secunia.com/advisories/51349/

RSA Data Protection Manager Multiple Vulnerabilities
http://secunia.com/advisories/51289/

Novell File Reporter Multiple Vulnerabilities
http://secunia.com/advisories/51296/

Sophos UTM Cross-Site Scripting and Buffer Overflow Vulnerabilities
http://secunia.com/advisories/51339/

Joomla! jNews Component Open Flash Chart Arbitrary File Creation Vulnerability
http://secunia.com/advisories/51333/

WeeChat Plugins Shell Command Injection Vulnerability
http://secunia.com/advisories/51294/

Liferay Portal Multiple Vulnerabilities
http://secunia.com/advisories/51338/

IBM Business Process Manager Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51345/

IBM IMS Audit Management Expert Java Multiple Vulnerabilities
http://secunia.com/advisories/51342/

WordPress vTiger CRM Lead Capture Plugin Unspecified Vulnerability
http://secunia.com/advisories/51305/

Debian update for tiff
http://secunia.com/advisories/51321/

SUSE update for java-1_5_0-ibm
http://secunia.com/advisories/51315/

SUSE update for java-1_4_2-ibm
http://secunia.com/advisories/51313/

Splunk Multiple Vulnerabilities
http://secunia.com/advisories/51351/

Splunk Multiple Vulnerabilities
http://secunia.com/advisories/51337/

Belkin N900 N450 N300 Insecure Default WPA2 Passphrase
http://cxsecurity.com/issue/WLB-2012110134

Splunk 4.x Denial Of Service
http://cxsecurity.com/issue/WLB-2012110133

razorCMS 1.2 Path Traversal Vulnerability
http://cxsecurity.com/issue/WLB-2012010077

Havalite CMS 1.0.4 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012040189

Omni-Secure 5 / 6 / 7 Remote File Disclosure
http://cxsecurity.com/issue/WLB-2012110132

Manage Engine Exchange Reporter 4.1 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110131

WordPress List Communities SQL Injection
http://cxsecurity.com/issue/WLB-2012110130

WordPress ArribaLaEsteban SQL Injection
http://cxsecurity.com/issue/WLB-2012110129

Agencia e XSS / LFI / SQL Injection
http://cxsecurity.com/issue/WLB-2012110128

Skype Account Service Session Token Bypass *youtube
http://cxsecurity.com/issue/WLB-2012110127

Skype Account Service Reset Credentials *youtube
http://cxsecurity.com/issue/WLB-2012110126

RealNetworks RealPlayer RV20 Frame Size Array Remote Code Execution
http://cxsecurity.com/issue/WLB-2012110125

Akeni LAN v1.2.118 Filter Bypass Vulnerability
http://cxsecurity.com/issue/WLB-2012110124

WeBid <=1.0.5 Cross Site Scripting Vulnerabilities
http://cxsecurity.com/issue/WLB-2012110123

WeBid 1.0.4 Directory Traversal
http://cxsecurity.com/issue/WLB-2012110122

REMOTE: NFR Agent FSFUI Record File Upload RCE
http://www.exploit-db.com/exploits/22787

Xen PV Domain Builder Kernel Decompression Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/56289

Xen 'TMEM hypercall' CVE-2012-3497 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55410

Xen Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56498

Xen CVE-2012-4411 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/55442

Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56581

Novell File Reporter 'NFRAgent.exe' Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56579

Real Networks RealPlayer RV20 Frame Size Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51884

Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56285

Moodle Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56505

Open Flash Chart 'ofc_upload_image.php' Remote PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/37314

YUI 'SWF' File Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56385

IBM Business Process Manager Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56583

libproxy CVE-2012-4504 Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55909

Oracle Java SE CVE-2012-1719 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53950

Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951

Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53946

Oracle Java SE CVE-2012-1725 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53954

Oracle Java SE CVE-2012-1720 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53956

Oracle Java SE CVE-2012-1716 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53947

Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952

LibTIFF 'TIFFScanlineSize()' Function Heap-based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56372

Multiple Belkin Wireless Routers Default WPA2 Password Security Vulnerability
http://www.securityfocus.com/bid/56591

Adobe ColdFusion (CVE-2012-5674) Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/56590

Liferay Portal Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56589

WeBid 'loader.php' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/56588

Sophos UTM Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56586

WeeChat 'hook_process()' Function Remote Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/56584