2012年11月5日月曜日
5日 月曜日、赤口
楽天銀行などでも「偽の入力画面」、クレジットカード会社も標的に
不正送金も確認、ポップアップ画面で暗証番号などを聞き出す
http://itpro.nikkeibp.co.jp/article/NEWS/20121105/434862/?ST=security
「ZIPで配布」「便利ソフトの裏で動作」――遠隔操作ウイルスの実体
IPAが調査結果を公表、「基本的なウイルス対策が不可欠」
http://itpro.nikkeibp.co.jp/article/NEWS/20121105/434861/?ST=security
ネットバンキングなど狙う「ポップアップ型フィッシング詐欺」が多発、警視庁が注意喚起
http://itpro.nikkeibp.co.jp/article/NEWS/20121103/434801/?ST=security
米アップルがiOS 6のアップデート提供、Web閲覧の重大な脆弱性2点を解消
http://itpro.nikkeibp.co.jp/article/NEWS/20121102/434629/?ST=security
アクアシステムズがDB監査ソフト新版を出荷、SQL ServerやSaaSで利用可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20121102/434622/?ST=security
「Google Play」のAndroidアプリは4分の1が危険---米調査
http://itpro.nikkeibp.co.jp/article/NEWS/20121102/434599/?ST=security
「遠隔操作ウイルス」から身を守るには?
http://itpro.nikkeibp.co.jp/article/COLUMN/20121102/434543/?ST=security
JVN#55398821 Pebble におけるオープンリダイレクトの脆弱性
http://jvn.jp/jp/JVN55398821/
JVN#39563771 Pebble における HTTP ヘッダインジェクションの脆弱性
http://jvn.jp/jp/JVN39563771/
JVN#75492883 Pebble において記事が閲覧不能になる脆弱性
http://jvn.jp/jp/JVN75492883/
JVN#52264310 MosP勤怠管理システムにおける認証不備の脆弱性
http://jvn.jp/jp/JVN52264310/
JVN#23465354 MosP勤怠管理システムにおけるアクセス制限不備の脆弱性
http://jvn.jp/jp/JVN23465354/
JVNDB-2012-002713 Linux Kernel の mm/mremap.c 内の vma_to_resize 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002713.html
JVNDB-2011-004716 Linux kernel の add_del_listener 関数における サービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-004716.html
JVNDB-2011-005177 Linux Kernel の eCryptfs サブシステムにおけるファイルパーミッションを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005177.html
JVNDB-2012-002099 OpenSSL の asn1_d2i_read_bio 関数におけるバッファオーバーフロー攻撃を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002099.html
JVNDB-2012-001163 OpenSSL におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001163.html
JVNDB-2012-001021 OpenSSL の Server Gated Cryptography の実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001021.html
JVNDB-2012-001020 OpenSSL におけるサービス運用妨害 (表明違反) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001020.html
JVNDB-2012-001019 OpenSSL 内の SSL 3.0 の実装における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001019.html
JVNDB-2012-001018 OpenSSL におけるメモリ二重開放の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001018.html
JVNDB-2011-001246 OpenSSL の ssl/t1_lib.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001246.html
JVNDB-2010-002549 OpenSSL における共有秘密鍵の認証要求を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002549.html
JVNDB-2012-001017 OpenSSL の DTLS の実装における平文を復元される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001017.html
JVNDB-2012-005198 Axigen Free Mail Server にディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005198.html
JVNDB-2012-005197 Orion IPAM にクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005197.html
JVNDB-2012-005196 Drupal 用 Hotblocks モジュールの設定ページにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005196.html
JVNDB-2012-005195 Drupal 用 Hotblocks モジュールにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005195.html
JVNDB-2012-005194 TP-LINK TL-WR841N ルータ上で稼働する Web ベースの管理機能におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005194.html
JVNDB-2012-005193 Exim の dkim.c におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005193.html
JVNDB-2012-005192 Siemens SiPass integrated のサーバにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005192.html
JVNDB-2012-005191 Drupal 用 Announcements モジュール におけるノードのアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005191.html
JVNDB-2012-005190 Drupal 用 Email Field モジュールにおけるエンティティに格納されたアドレスに電子メールを送信される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005190.html
JVNDB-2012-005189 Drupal 用 Custom Publishing Options モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005189.html
JVNDB-2012-005188 Drupal 用 Mime Mail モジュールにおける任意のファイルを添付ファイルとして送信される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005188.html
JVNDB-2012-005187 Drupal 用 Shibboleth authentication モジュールにおけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005187.html
JVNDB-2012-005186 Drupal 用 Shorten URLs モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005186.html
[security bulletin] HPSBUX02824 SSRT100970 rev.2 - HP-UX Running Java, Remote Execution of Arbitrary Code, and Other Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00016.html
[security bulletin] HPSBMU02815 SSRT100715 rev.4 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00014.html
[security bulletin] HPSBMU02827 SSRT100924 rev.1 - HP Performance Insight with Sybase, Remote Denial of Service (DoS) and Loss of Data
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00013.html
APPLE-SA-2012-11-01-2 Safari 6.0.2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00012.html
[CVE-2012-5692] Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00017.html
APPLE-SA-2012-11-01-1 iOS 6.0.1
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00011.html
The shortcomings of anti-virus software
http://isc.sans.edu/diary.html?storyid=14437
Lamiabiocasa
http://isc.sans.edu/diary.html?storyid=14443
VU#111708 Fortigate UTM appliances share the same default CA certificate
http://www.kb.cert.org/vuls/id/111708
VU#802596 Pattern Insight multiple vulnerabilities
http://www.kb.cert.org/vuls/id/802596
Linux Kernel 'uname()' System Call Local Information Disclosure Vulnerability
http://www.securiteam.com/securitynews/6K0300K60E.html
HP Performance Insight Bugs with Sybase Database Let Remote Users Deny Service and Take Full Control of the Target System
http://www.securitytracker.com/id/1027719
ManageEngine SupportCenter Plus "description" Script Insertion Vulnerability
http://secunia.com/advisories/51176/
Wordpress All Video Gallery Plugin "vid" SQL Injection Vulnerabilities
http://secunia.com/advisories/50874/
Dokeos Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/51149/
WordPress Spider Catalog Plugin Two Script Insertion Vulnerabilities
http://secunia.com/advisories/51143/
MyBB Follower User Plugin "usid" SQL Injection Vulnerability
http://secunia.com/advisories/51134/
TP-LINK TL-WR841N Router "help/" Directory Traversal Vulnerability
http://secunia.com/advisories/51117/
HP Performance Insight Two Vulnerabilities
http://secunia.com/advisories/51136/
LibTIFF "ppm2tiff" Buffer Overflow Vulnerability
http://secunia.com/advisories/51133/
PgBouncer Add Database Request Denial of Service Vulnerability
http://secunia.com/advisories/51128/
MosP Two Security Bypass Vulnerabilities
http://secunia.com/advisories/51110/
Pebble Unspecified Redirection Weakness
http://secunia.com/advisories/51102/
EOScada Information Disclosure and Denial of Service Vulnerabilities
http://secunia.com/advisories/51171/
Apple iOS Multiple Vulnerabilities
http://secunia.com/advisories/51162/
Apple Safari Two Vulnerabilities
http://secunia.com/advisories/51157/
REMOTE: HP Intelligent Management Center UAM Buffer Overflow
http://www.exploit-db.com/exploits/22432
REMOTE: BigAnt Server 2.52 SP5 SEH Stack Overflow ROP-based exploit (ASLR + DEP bypass)
http://www.exploit-db.com/exploits/22466
LOCAL: Sysax FTP Automation Server 5.33 Local Privilege Escalation
http://www.exploit-db.com/exploits/22465
Pebble 2.6.4 Open Redirection
http://cxsecurity.com/issue/WLB-2012110018
Joomla com_parcoauto SQL injection Vulnerability
http://cxsecurity.com/issue/WLB-2012110017
pgbouncer 1.5.3-1 Denial of Service
http://cxsecurity.com/issue/WLB-2012110016
Dokeos 2.1.1 Multiple Cross-Site Scripting
http://cxsecurity.com/issue/WLB-2012110007
Splunk 4.3.x Denial Of Service
http://cxsecurity.com/issue/WLB-2012110015
DWC CmS Multiple Vulns
http://cxsecurity.com/issue/WLB-2012110014
DCForum Information Disclosure
http://cxsecurity.com/issue/WLB-2012110013
YSD Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110012
CheckPoint/Sofaware Firewall XSS & CSRF & Redirection & Disclosure
http://cxsecurity.com/issue/WLB-2012110011
eM Client 4 Vulnerable Runtime DLLs
http://cxsecurity.com/issue/WLB-2012110010
PrestaShop 1.5.1 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110009
HP Intelligent Management Center UAM Buffer Overflow
http://cxsecurity.com/issue/WLB-2012110008
Achievo 1.4.5 XSS & LFI & SQL Injection
http://cxsecurity.com/issue/WLB-2012110006
Oracle Java SE CVE-2012-5084 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56063
Oracle Java SE CVE-2012-5085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56067
Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081
Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075
Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071
Oracle Java SE CVE-2012-5077 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56058
Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061
Oracle Java Virtual Machine (JVM) CVE-2012-4416 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55501
Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083
Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080
Oracle Java SE CVE-2012-5069 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56065
Oracle Java SE CVE-2012-5086 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56039
Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56076
Oracle Java SE CVE-2012-5089 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56059
Oracle Solaris CVE-2012-5095 Local Security Vulnerability
http://www.securityfocus.com/bid/56029
Dokeos 'profile.php' Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56359
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3961 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55321
libfpx 'Free_All_Memory()' Function Double Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51131
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4196 Cross-Origin Security Bypass Vulnerability
http://www.securityfocus.com/bid/56306
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4195 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56302
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4194 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56301
PgBouncer 'add_database()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/56371
Check Point UTM-1 Edge and Safe Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/50189
Python Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51239
OpenJPEG Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55214
libdbus 'DBUS_SYSTEM_BUS_ADDRESS' Variable Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55517
HP SiteScope UploadFilesHandler Directory Traversal Vulnerability
http://www.securityfocus.com/bid/55273
HP SiteScope Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55269
LibreOffice and OpenOffice Multiple NULL Pointer Dereference Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56352
HP Intelligent Management Centre 'uam.exe' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55271
Oracle Java SE CVE-2012-5083 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56025
Oracle Java SE CVE-2012-1531 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56033
Oracle Java SE CVE-2012-3143 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56055
Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082
Oracle Java SE CVE-2012-0547 Remote Java Runtime Environment Weakness
http://www.securityfocus.com/bid/55339
Fortigate UTM appliances CA SSL Certificate Creation Security Bypass Vulnerability
http://www.securityfocus.com/bid/56382
Pattern Insight Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56381
WordPress All Video Gallery Plugin 'vid' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/56380
VBulletin ChangUonDyU - Advanced Statistics SQL Injection Vulnerability
http://www.securityfocus.com/bid/56379
Adobe Flash Player and AIR CVE-2012-5673 Unspecified Security Vulnerability
http://www.securityfocus.com/bid/56377
Adobe Flash Player and AIR CVE-2012-5287 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56376
Adobe Flash Player and AIR CVE-2012-5286 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56375
Adobe Flash Player and AIR CVE-2012-5285 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56374
LibTIFF 'TIFFScanlineSize()' Function Heap-based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56372
Pebble Unspecified URI Redirection Vulnerability
http://www.securityfocus.com/bid/56370
MosP CVE-2012-4021 Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/56369
MosP CVE-2012-4020 Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/56368
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿