:: IT Security Neophyte Investigator's MEMO ::: 13日木曜日、大安

2012年12月13日木曜日

13日木曜日、大安

+ Multiple Tomcat vulnerabilities in Oracle Health Sciences LabPas
https://blogs.oracle.com/sunsecurity/entry/multiple_tomcat_vulnerabilities_in_oracle
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534

+ マイクロソフトセキュリティアドバイザリ (2755801) Internet Explorer 10 上の Adobe Flash Player の脆弱性用の更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801

+ Tomcat 7.0.34 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

+ UltraMonkey-L7 3.0.4-3 released
http://sourceforge.jp/projects/ultramonkey-l7/releases/57612/note

ウイルスバスター for Mac バージョン2.0 プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1872

Advisory: Considerations for customers running Endpoint Security and Control 10 in advance of May maintenance release
http://www.sophos.com/en-us/support/knowledgebase/117226.aspx

Adobe Flash Player の脆弱性対策について(APSB12-27)(CVE-2012-5676等)
http://www.ipa.go.jp/security/ciadr/vul/20121212-adobeflashplayer.html

WindowsやIEなどに危険な脆弱性、Windows 8/RTやIE10も対象
マイクロソフトはパッチを公開、Wordにも深刻な脆弱性
http://itpro.nikkeibp.co.jp/article/NEWS/20121213/443944/?ST=security

「Shylock」マルウエアの新機能、研究者の検知を回避
http://itpro.nikkeibp.co.jp/article/COLUMN/20121210/443183/?ST=security

WindowsとFlashで相次ぎ緊急のセキュリティ脆弱性、遠隔操作の恐れ
http://itpro.nikkeibp.co.jp/article/NEWS/20121212/443829/?ST=security

警察庁、「遠隔操作ウイルス」捜査の情報提供に最大300万円の報奨金
http://itpro.nikkeibp.co.jp/article/NEWS/20121212/443701/?ST=security

マカフィーとインヴェンティット、Android端末向けセキュリティ分野で協業
http://itpro.nikkeibp.co.jp/article/NEWS/20121212/443663/?ST=security

スマホの安全対策、「パスワード」や「アクセス許可の確認」は3割未満
IPAがセキュリティ意識の調査、パソコンのウイルス対策は7割
http://itpro.nikkeibp.co.jp/article/NEWS/20121212/443545/?ST=security

悪質アプリの新手口、ダウンロードページに「利用規約」
まともなアプリに見せかける、実際は「連絡先」を勝手にアップロード
http://itpro.nikkeibp.co.jp/article/NEWS/20121212/443542/?ST=security

JVNTA12-346A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA12-346A/

JVNDB-2012-005681 IBM Informix におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005681.html

JVNDB-2012-005680 IBM Flex System CMM および IMM2 における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005680.html

JVNDB-2011-005209 複数の Rockwell Automation 製品におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005209.html

JVNDB-2011-005208 Post Oak AWAM Bluetooth Reader Traffic System におけるデバイスを偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005208.html

JVNDB-2012-005679 IBM Tivoli Monitoring におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005679.html

US-CERT Alert TA12-346A - Microsoft Updates for Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/Cert/2012-12/msg00000.html

Citrix XenDesktop Lets Remote Authenticated Users Bypass USB Redirection Policies
http://www.securitytracker.com/id/1027869

Citrix XenApp XML Service Interface Bug Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027868

Symantec Network Access Control Unquoted Search Path Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027864

Symantec Endpoint Protection Input Validation Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027863

HP OpenVMS LOGIN/ACMELOGIN Bug Lets Local and Remote Users Deny Service
http://www.securitytracker.com/id/1027861

VU#856892 Centreon 2.3.3 through 2.3.9-4 blind sqli injection vulnerability.
http://www.kb.cert.org/vuls/id/856892

VU#194604 IBM Power 5 Service Processor privilege escalation vulnerability
http://www.kb.cert.org/vuls/id/194604

VU#876780 D-Link DSL2730U router restricted telnet shell command whitelisting bypass
http://www.kb.cert.org/vuls/id/876780

Microsoft Internet Explorer 610 Mouse Tracking
http://cxsecurity.com/issue/WLB-2012120089

Snare For Linux Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012120093

Snare For Linux Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120092

SimpleInvoices 2011.1 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120091

gpEasy CMS XSS Vulnerability
http://cxsecurity.com/issue/WLB-2012120090

Axway Directory Traversal
http://cxsecurity.com/issue/WLB-2012120088

HP Data Protector DtbClsLogin Buffer Overflow
http://cxsecurity.com/issue/WLB-2012120087

REMOTE: Microsoft Internet Explorer 6-10 Mouse Tracking
http://www.exploit-db.com/exploits/23321

REMOTE: Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability (0day)
http://www.exploit-db.com/exploits/23323

MuPDF "pdf_repair_obj_stm()" Signedness Vulnerability
http://secunia.com/advisories/51544/

SumatraPDF "pdf_repair_obj_stm()" Signedness Vulnerability
http://secunia.com/advisories/51511/

Red Hat update for flash-plugin
http://secunia.com/advisories/51526/

WordPress Floating Social Media Links Plugin "wpp" Remote File Inclusion Vulnerabilities
http://secunia.com/advisories/51346/

OpenDocMan Checkout Security Bypass and SQL Injection Vulnerabilities
http://secunia.com/advisories/51446/

Microsoft Windows Flash Player Multiple Vulnerabilities
http://secunia.com/advisories/51536/

VLC Media Player SWF Video Decoding Use-After-Free Vulnerability
http://secunia.com/advisories/51464/

Oracle Solaris Mozilla Firefox Multiple Vulnerabilities
http://secunia.com/advisories/51562/

Oracle Solaris GNOME Structured File Library "ole_info_read_metabat()" Buffer Overflow
http://secunia.com/advisories/51561/

Oracle Solaris Thunderbird Multiple Vulnerabilities
http://secunia.com/advisories/51563/

IBM SPSS Modeler Text Analytics Server SSL Certificate Verification Security Issue
http://secunia.com/advisories/51523/

Oracle Solaris Webmin Multiple Vulnerabilities
http://secunia.com/advisories/51515/

HP OpenVMS LOGIN / ACMELOGIN Denial of Service Vulnerabilities
http://secunia.com/advisories/51559/

Citrix XenApp XML Service Interface Code Execution Vulnerability
http://secunia.com/advisories/51538/

Citrix XenDesktop USB Redirection Policy Security Issue
http://secunia.com/advisories/51524/

Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/51549/

Adobe Flash Player / AIR Multiple Vulnerabilities
http://secunia.com/advisories/51560/

Avaya Aura System Manager GNU C Library stdlib Functions Integer Overflow Weaknesses
http://secunia.com/advisories/51556/

Adobe ColdFusion Sandbox Permissions Security Bypass Vulnerability
http://secunia.com/advisories/51551/

Cerberus FTP Server Web Admin Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51547/

Debian update for bogofilter
http://secunia.com/advisories/51521/

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-1970 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55266

Mozilla Firefox/SeaMonkey CVE-2012-3976 Address Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/55313

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3957 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55341

Novell File Reporter 'NFRAgent.exe' Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56579

Mozilla Firefox/Thunderbird CVE-2012-3974 Local Code Execution Vulnerability
http://www.securityfocus.com/bid/55312

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-3972 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55310

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3960 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55325

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3968 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55276

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-1971 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55264

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3963 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55340

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3964 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55322

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1975 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55318

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3961 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55321

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3962 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55342

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1974 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55317

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3970 Use-After-Free Memory CorruptionVulnerability
http://www.securityfocus.com/bid/55278

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-3969 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55292

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1972 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55314

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1976 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55319

Google Chrome Prior to 23.0.1271.95 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56741

Apple Mac OS X Intel GPU Driver Unspecified Security Vulnerability
http://www.securityfocus.com/bid/56752

Google Chrome Prior to 23.0.1271.91 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56684

bash-doc Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/32733

CUPS CVE-2012-5519 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56494

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3966 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55274

Mozilla Firefox/Thunderbird/Seamonkey MFSA 2012-42 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/54580

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1962 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/54575

Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability
http://www.securityfocus.com/bid/54585

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3958 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55323

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1960 Out of Bounds Memory Corruption Vulnerability
http://www.securityfocus.com/bid/54572

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3978 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55306

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3967 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55277

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3959 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55324

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3956 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55320

Mozilla Firefox/Thunderbird Web Console CVE-2012-3980 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55257

VLC Media Player 'swf' File Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56861

Webmin Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/55446

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1973 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55316

Mozilla Firefox, SeaMonkey, and Thunderbird Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/54578

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1957 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54583

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1955 Location Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/54586

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-1961 Clickjacking Vulnerability
http://www.securityfocus.com/bid/54584

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1959 Security Bypass Vulnerability
http://www.securityfocus.com/bid/54576

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-1964 Clickjacking Vulnerability
http://www.securityfocus.com/bid/54581

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1958 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/54574

Mozilla Firefox, SeaMonkey, and Thunderbird Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54582

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1967 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/54573

Mozilla Firefox CVE-2012-1966 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54577

Mozilla Firefox CVE-2012-1965 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54579

LibGSF Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/21358

Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/56408

Multiple Rockwell Automation Products CVE-2012-4690 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/56872

Adobe Flash Player and AIR CVE-2012-5677 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/56896

Adobe ColdFusion CVE-2012-5675 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56900

Adobe Flash Player and AIR CVE-2012-5678 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56898

Adobe Flash Player and AIR CVE-2012-5676 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56892

Squashfs Stack-Based and Heap-Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54610

Perl CGI.pm 'Set-Cookie' and 'P3P' Headers HTTP Header Injection Vulnerability
http://www.securityfocus.com/bid/56562

Xen 'XENMEM_exchange' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56797

Xen Grant Table Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56794

Xen Bitmap Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56796

Xen 'get_page_from_gfn()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56805

WeeChat 'hook_process()' Function Remote Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/56584

WeeChat Color Decoding Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56482

gksu-polkit CVE-2012-5617 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56918

Ubuntu APT Insecure File Permissions Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56917

MyBB Tips Of The Day Plugin SQL Injection and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56916

D-Link DSL2730U Telnet Shell Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/56914

WordPress Floating Social Media Links Plugin 'wpp' Parameter Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/56913

OpenDocMan Security Bypass and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/56912

Centreon 'menu' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/56911

IBM Server Firmware Power 5 CVE-2012-4856 Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56910

Cerberus FTP Server Web Admin Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56906

:: IT Security Neophyte Investigator's MEMO ::

2012年12月13日木曜日

13日木曜日、大安

0 件のコメント:

コメントを投稿

2012年12月13日木曜日

13日 木曜日、大安

0 件のコメント:

コメントを投稿

13日木曜日、大安