:: IT Security Neophyte Investigator's MEMO ::: 14日金曜日、赤口

2012年12月14日金曜日

14日金曜日、赤口

+ HPSBUX02832 SSRT101042 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03595351-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5089

+ SYM12-020 Security Advisories Relating to Symantec Products - Symantec Enterprise Security Manager Manager/Agent Local Elevation of Privilege
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20121213_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4350

+ Linux Kernel IPv6 CVE-2012-4444 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4444

+ Symantec Enterprise Security Manager/Agent CVE-2012-4350 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4350

phpMyAdmin 3.5.5-rc1 released
http://sourceforge.net/news/?group_id=23067&id=309988

ソフトクリエイト、偽装ARPの検疫ネットを月額制のレンタル/SaaSで提供
http://itpro.nikkeibp.co.jp/article/NEWS/20121213/444162/?ST=security

JVNVU#94754752 Centreon にブラインド SQL インジェクションの脆弱性
http://jvn.jp/cert/JVNVU94754752/

JVNVU#99536825 IBM POWER5 のサービス・プロセッサーに権限昇格の脆弱性
http://jvn.jp/cert/JVNVU99536825/

JVNVU#95945430 D-Link DSL-2730u に OS コマンドインジェクションの脆弱性
http://jvn.jp/cert/JVNVU95945430/

JVNDB-2012-005678 (JVNVU#90216056) ManageEngine AssetExplorer にクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005678.html

JVNDB-2012-005660 Wireshark の RTCP 解析機能におけるサービス運用妨害 (無限ループ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005660.html

JVNDB-2012-005712 Layton Helpbox におけるログインページの平文の認証情報を漏えいする脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005712.html

JVNDB-2012-005711 Layton Helpbox における ODBC データベースの認証情報を漏えいする脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005711.html

JVNDB-2012-005710 Layton Helpbox における任意のサポートチケットのデータを変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005710.html

JVNDB-2012-005709 Layton Helpbox における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005709.html

JVNDB-2012-005708 Layton Helpbox におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005708.html

JVNDB-2012-005707 Layton Helpbox における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005707.html

JVNDB-2012-005706 Google Chrome におけるサービス運用妨害 (スタックメモリ破損) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005706.html

JVNDB-2012-005705 Google Chrome における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005705.html

JVNDB-2012-005704 Google Chrome における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005704.html

JVNDB-2012-005703 Google Chrome における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005703.html

JVNDB-2012-005702 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005702.html

JVNDB-2012-005701 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005701.html

JVNDB-2012-005700 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005700.html

JVNDB-2012-005699 Adobe Flash Player および Adobe AIR における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005699.html

JVNDB-2012-005698 Adobe Flash Player および Adobe AIR におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005698.html

JVNDB-2012-005697 Adobe ColdFusion における共有ホスティングでのサンドボックスのパーミッションを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005697.html

JVNDB-2012-005696 (JVNTA12-346A) Microsoft Windows Server 2008 R2 および Windows Server 2012 におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005696.html

JVNDB-2012-005695 (JVNTA12-346A) 複数の Microsoft Windows 製品におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005695.html

JVNDB-2012-005694 (JVNTA12-346A) Microsoft Windows における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005694.html

JVNDB-2012-005693 (JVNTA12-346A) Microsoft Exchange Server 2007 および 2010 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005693.html

JVNDB-2012-005692 (JVNTA12-346A) 複数の Microsoft 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005692.html

JVNDB-2012-005691 (JVNTA12-346A) 複数の Microsoft Windows 製品のカーネルモードドライバにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005691.html

JVNDB-2012-005690 (JVNTA12-346A) 複数の Microsoft Windows 製品のカーネルモードドライバにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005690.html

JVNDB-2012-005689 (JVNTA12-346A) Microsoft Internet Explorer 9 および 10 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005689.html

JVNDB-2012-005688 (JVNTA12-346A) Microsoft Internet Explorer 9 および 10 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005688.html

JVNDB-2012-005687 (JVNTA12-346A) Microsoft Internet Explorer 6 から 10 における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005687.html

JVNDB-2012-005686 WordPress 用 Simple Gmail Login プラグインにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005686.html

JVNDB-2012-005685 WordPress 用 Video Lead Form プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005685.html

JVNDB-2012-005684 Symantec Network Access Control における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005684.html

JVNDB-2012-005683 Android のブラウザアプリにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005683.html

JVNDB-2012-005682 Unix および Linux 上で稼働する CA XCOM Data Transport における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005682.html

[security bulletin] HPSBUX02832 SSRT101042 rev.1 - HP-UX Running Java, Remote Unauthorized A
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00095.html

RVAsec 2013 CFP Now Open
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00094.html

Network Reconnaissance in IPv6 Networks (errata)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00093.html

Network Reconnaissance in IPv6 Networks
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00092.html

portable-phpMyAdmin (WordPress Plugin) Authentication Bypass (CVE-2012-5469)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00091.html

File Upload Concern in Front Account 2.3.13 and OpenDocMan 1.2.6.2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00089.html

OpenDocMan 1.2.6.2 - 3 Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00088.html

Addressbook v8.1.24.1 Group Name XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00087.html

[ MDVSA-2012:179 ] cups
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00086.html

FCKEditor File Upload Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00090.html

What if Tomorrow Was the Day?
http://isc.sans.edu/diary.html?storyid=14701

VU#871148 Huawei E585 pocket wifi 2 device contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/871148

Blue Coat Reporter Input Validation Hole Permits Cross-Site Scripting and Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1027873

Adobe Photoshop Camera Raw Buffer Overflow/Underflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027872

OracleBI Discoverer 10.1.2.48.18 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120098

WordPress portable-phpMyAdmin 1.3.0 Authentication Bypass
http://cxsecurity.com/issue/WLB-2012120097

Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability
http://cxsecurity.com/issue/WLB-2012120096

Secure Transport Path Traversal Vulnerability
http://cxsecurity.com/issue/WLB-2012120095

MyBB TipsOfTheDay Plugin Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012120094

WordPress Knews Multilingual Newsletters Plugin Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/51543/

IBM Rational Publishing Engine Multiple Vulnerabilities
http://secunia.com/advisories/51574/

IBM Lotus Foundations Start Script Insertion and PHP Command Injection Vulnerabilities
http://secunia.com/advisories/51572/

MyBB Profile Blogs Plugin Script Insertion and SQL Injection Vulnerabilities
http://secunia.com/advisories/51533/

Centreon "menu" SQL Injection Vulnerability
http://secunia.com/advisories/51532/

MyBB Tips Of The Day Plugin Script Insertion and SQL Injection Vulnerabilities
http://secunia.com/advisories/51499/

N-able N-central Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/51444/

SUSE update for libxml2
http://secunia.com/advisories/51579/

SUSE update for chromium
http://secunia.com/advisories/51580/

Ubuntu update for apt
http://secunia.com/advisories/51568/

UBB.threads Unspecified Security Bypass Vulnerability
http://secunia.com/advisories/51552/

Adobe Camera Raw Plug-in TIFF Image Processing Two Vulnerabilities
http://secunia.com/advisories/49929/

BlueCoat Reporter Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/51566/

Red Hat update for JBoss Enterprise BRMS Platform
http://secunia.com/advisories/51577/

Avaya Aura System Manager Denial of Service and Buffer Overflow Vulnerabilities
http://secunia.com/advisories/51578/

REMOTE: PostgreSQL for Linux Payload Execution
http://www.exploit-db.com/exploits/23360

DoS/PoC: Cisco Wireless Lan Controller 7.2.110.0 Multiple Vulnerabilities
http://www.exploit-db.com/exploits/23361

Oracle Java SE CVE-2012-5084 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56063

Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082

Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081

Oracle Java SE CVE-2012-5083 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56025

Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071

Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080

Oracle Java SE CVE-2012-5077 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56058

Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061

Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56076

Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083

Oracle Java SE CVE-2012-5069 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56065

Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075

Oracle Java Virtual Machine (JVM) CVE-2012-4416 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55501

Oracle Java SE CVE-2012-3159 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56072

Oracle Java SE CVE-2012-5085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56067

Oracle Java SE CVE-2012-3143 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56055

Oracle Java SE CVE-2012-1532 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56051

Oracle Java SE CVE-2012-1533 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56046

Oracle Java SE CVE-2012-1531 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56033

FCKEditor 'FileUpload()' Function Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/56735

Drupal Basic webmail Module Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/55871

Joomla! Predictable Password Generation And Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/52750

Centreon 'menu' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/56911

IBM WebSphere Portal Theme Component 'LayerLoader.jsp' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/56593

PHP 'php-cgi' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53388

OpenStack Nova CVE-2012-5625 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56904

Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013

IBM Eclipse Help System Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53884

SSH Tectia Server Unauthorized Password Change Security Bypass Vulnerability
http://www.securityfocus.com/bid/56783

freeSSHd Authentication Mechanism Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/56785

Wireshark Information Disclosure and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56729

FreeFTPD 'SFTP' Authentication Mechanism Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/56782

HP Linux Imaging and Printing System SNMP Protocol Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45833

Apache CXF Elements Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/53877

D-Bus Nested Variants Denial of Service Vulnerability
http://www.securityfocus.com/bid/45377

bogofilter CVE-2012-5468 Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56804

Qt 'XmlHttpRequest' Object Insecure Redirection Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56807

Perl CGI.pm 'Set-Cookie' and 'P3P' Headers HTTP Header Injection Vulnerability
http://www.securityfocus.com/bid/56562

Xen CVE-2012-5514 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56803

Xen 'extent_order' Values Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56798

Xen Grant Table Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56794

Xen 'HVMOP_set_mem_access' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56799

Xen 'XENMEM_exchange' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56797

Xen Bitmap Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56796

Drupal Chaos Tool Suite Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56538

ISC BIND 9 DNS64 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/56817

Squashfs Stack-Based and Heap-Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54610

Linux Kernel IPv6 CVE-2012-4444 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56891

Siemens ProcessSuite and Invensys Wonderware InTouch Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56934

N-able N-central Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56933

MyBB MyYoutube Plugin SQL Injection Vulnerability
http://www.securityfocus.com/bid/56932

MyBB DyMy User Agent Plugin SQL Injection Vulnerability
http://www.securityfocus.com/bid/56931

Ubuntu 'unity-firefox-extension' Package Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56930

Cisco Wireless LAN Controller Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56929

Huawei E585 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56927

WordPress Knews Multilingual Newsletters Plugin Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56926

Adobe Photoshop Camera Raw CVE-2012-5680 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56924

Symantec Enterprise Security Manager/Agent CVE-2012-4350 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56915

:: IT Security Neophyte Investigator's MEMO ::

2012年12月14日金曜日

14日金曜日、赤口

0 件のコメント:

コメントを投稿

2012年12月14日金曜日

14日 金曜日、赤口

0 件のコメント:

コメントを投稿

14日金曜日、赤口