26日 水曜日、赤口

+ HS12-033 Cosminexus HTTP Server, Hitachi Web ServerにおけるCookieヘッダに関する脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-033/index.html

+ HS12-032 Cosminexus HTTP Server, Hitachi Web ServerにおけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-032/index.html

+ HS12-031 Cosminexus HTTP Server, Hitachi Web Serverにおけるメモリ使用量が増加する問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-031/index.html

+ HS12-030 Cosminexus HTTP Server, Hitachi Web ServerにおけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-030/index.html

+ HS12-029 Collaboration - Bulletin boardにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-029/index.html

Interscan Webmanager URLデータベース誤登録のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1880

チェックしておきたい脆弱性情報＜2012.12 26＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20121221/446024/?ST=security

Santa's Gift... The Twelve Days of Cyber Christmas
http://isc.sans.edu/diary.html?storyid=14755

EMC Data Protection Advisor Lets Remote Authenticated Users View Files on the Target System.
http://www.securitytracker.com/id/1027922

FreeType Multiple Bugs in BDF Implementation Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027921

REMOTE: Microsoft SQL Server Database Link Crawling Command Execution
http://www.exploit-db.com/exploits/23649

REMOTE: IBM Lotus Notes Client URL Handler Command Injection
http://www.exploit-db.com/exploits/23650

REMOTE: WordPress WP-Property PHP File Upload Vulnerability
http://www.exploit-db.com/exploits/23651

REMOTE: WordPress Asset-Manager PHP File Upload Vulnerability
http://www.exploit-db.com/exploits/23652

PHP-CGI Argument Injection Remote Code Execution
http://cxsecurity.com/issue/WLB-2012120212

EMC Data Protection Information Disclosure
http://cxsecurity.com/issue/WLB-2012120211

Microsoft SQL Server Database Link Crawling Command Execution
http://cxsecurity.com/issue/WLB-2012120210

IBM Lotus Notes Client URL Handler Command Injection
http://cxsecurity.com/issue/WLB-2012120209

CubeCart 5.0.7 Open URL Redirection
http://cxsecurity.com/issue/WLB-2012120208

CubeCart 4.4.6 Open URL Redirection
http://cxsecurity.com/issue/WLB-2012120207

CubeCart 4.4.6 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120206

CubeCart 4.4.6 Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012120205

CubeCart 4.4.6 Local File Inclusion
http://cxsecurity.com/issue/WLB-2012120204

CubeCart 4.4.6 SQL Injection
http://cxsecurity.com/issue/WLB-2012120203

CubeCart 4.x / 5.x Privilege Escalation
http://cxsecurity.com/issue/WLB-2012120202

WordPress W3 Total Cache Data Disclosure
http://cxsecurity.com/issue/WLB-2012120201

Feindura CMS 2.0.4 Shell Upload
http://cxsecurity.com/issue/WLB-2012120200

City Directory Review And Rating Script SQL Injection
http://cxsecurity.com/issue/WLB-2012120199

WordPress Rokbox Themes Content Spoofing and XSS
http://cxsecurity.com/issue/WLB-2012120198

MyBB AwayList SQL Injection
http://cxsecurity.com/issue/WLB-2012120197

Rugged Operating System Private Key Disclosure Vulnerability
http://www.securityfocus.com/bid/55123

IBM Lotus Notes CVE-2012-2174 URL Handler Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54070

PHP 'php-cgi' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53388

WordPress WP-Property Plugin 'uploadify.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53787

WordPress WP-UserOnline URL HTML Injection Vulnerability
http://www.securityfocus.com/bid/41335

Oracle Java SE CVE-2012-5069 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56065

Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075

Oracle Java SE CVE-2012-5083 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56025

FreeType Versions Prior to 2.4.11 Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/57041