2012年12月4日火曜日

4日 火曜日、赤口


+ Mozilla Firefox 17.0.1 released
http://www.mozilla.org/en-US/firefox/all.html

+ CESA-2012:1512 Important CentOS 5 libxml2 Update
http://lwn.net/Alerts/527689/

+ CESA-2012:1512 Important CentOS 6 libxml2 Update
http://lwn.net/Alerts/527691/

+ Squid 3.2.4, 3.1.22 released
http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html
http://www.squid-cache.org/Versions/v3/3.1/RELEASENOTES.html

+ HPSBPI02807 SSRT100928 rev.1 - HP LaserJet Pro 400 Multi Function Printers, Remote Unauthorized Access
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03464042-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBPI02828 SSRT100778 rev.1 - HP LaserJet and Color LaserJet, Cross-Site Scripting (XSS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03556108-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HS12-027 Vulnerability in CA ARCserve Backup
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-027/index.html

+ HS12-026 DoS Vulnerability in JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-026/index.html

+ HS12-025 DoS Vulnerability in Hitachi Device Manager Software
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-025/index.html

+ HS12-028 Cosminexus HTTP Server, Hitachi Web Serverにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-028/index.html

+ Linux kernel 3.6.9, 3.4.21, 3.0.54 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.9
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.21
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.54

+ Buffalo LinkStation Information Disclosure and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/56784

+ Oracle MySQL Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56772

+ Oracle MySQL Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56772

+ Oracle MySQL Server Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56771

+ Oracle MySQL Server Heap Overflow Vulnerability
http://www.securityfocus.com/bid/56768

Multiple vulnerabilities in Web GUI of UTM-1 Edge, Safe@Office and ZoneAlarm appliances
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk65460&src=securityAlerts

Check Point response to "Off-Path TCP Sequence Number Inference Attack"
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk74640&src=securityAlerts

Check Point response to "DoS through hash table against Web Application Platforms" (CVE-2011-4838)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk66350&src=securityAlerts

[SECURITY] [DSA 2579-1] apache2 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00110.html

NGS000263 Technical Advisory: Symantec Messaging Gateway Easy CSRF to add a backdoor-administrat
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00121.html

NGS000268 Technical Advisory: Symantec Messaging Gateway - Out-of-band stored-XSS de
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00120.html

NGS000266 Technical Advisory: Symantec Messaging Gateway Arbitrary file download is possible with a
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00119.html

NGS000267 Technical Advisory: Symantec Messaging Gateway SSH with backdoor user account plus privil
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00118.html

NGS000241 Technical Advisory: SysAid Helpdesk Pro Blind SQL Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00117.html

NGS000330 Technical Advisory: Squiz CMS File Path Traversal
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00116.html

NGS000194 Technical Advisory: Nagios XI Network Monitor Blind SQL Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00115.html

NGS000196 Technical Advisory: Nagios XI Network Monitor OS Command Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00114.html

NGS000107 Technical Advisory: Oracle Gridengine sgepasswd Buffer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00113.html

NGS000193 Technical Advisory: DataArmor Full Disk Encryption Restricted Environment breakout
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00112.html

SilverStripe CMS - Multiple Vulnerabilities - Security Advisory - SOS-12-011
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00111.html

APPLE-SA-2012-11-29-1 Apple TV 5.1.1
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00109.html

VUPEN Security Research - Mozilla Firefox "imgRequestProxy" Remote Use-After-Free Vulner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00108.html

2012年12月の呼びかけ
「 ネット銀行を狙った不正なポップアップに注意! 」
~ “乱数表”や“合言葉”の正しい使われ方を知り、自己防衛を ~
http://www.ipa.go.jp/security/txt/2012/12outline.html

チェックしておきたい脆弱性情報<2012.12.04>
http://itpro.nikkeibp.co.jp/article/COLUMN/20121127/440066/?ST=security

ゼロ、2ちゃんねる遠隔操作ウイルス関連での警察への捜査協力内容を報告
http://itpro.nikkeibp.co.jp/article/NEWS/20121130/441301/?ST=security

JAXAで職員の端末がウイルス感染、最新国産ロケットの技術情報漏洩の可能性
http://itpro.nikkeibp.co.jp/article/NEWS/20121130/441142/?ST=security

再び起きた、NTTデータに絡む偽造カード事件
http://itpro.nikkeibp.co.jp/article/COLUMN/20121130/441081/?ST=security

JVN#83907168 複数の京セラ製携帯端末におけるメール受信時に再起動する問題
http://jvn.jp/jp/JVN83907168/

JVNVU#849841 Autonomy Keyview IDOL ライブラリに複数の脆弱性
http://jvn.jp/cert/JVNVU849841/

JVNDB-2012-005441 cups-pk-helper における重要なファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005441.html

JVNDB-2012-005587 Android 用 QuIC Graphics KGSL カーネルモードドライバにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005587.html

JVNDB-2012-005586 Android 用 QuIC Diagnostics カーネルモードドライバにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005586.html

JVNDB-2012-005585 Android 用 QuIC Diagnostics カーネルモードドライバにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005585.html

JVNDB-2012-000102 (JVN#74829345) Android OS を搭載した複数の端末におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000102.html

JVNDB-2012-005584 (JVNVU#849841) Autonomy Keyview IDOL ライブラリに複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005584.html

JVNDB-2012-005325 (JVNVU#795644) ArcGIS Server に SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005325.html

JVNDB-2012-005583 Performance Co-Pilot における任意のファイルを上書される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005583.html

JVNDB-2012-005582 Tivoli Endpoint Manager for Remote Control Broker におけるサービス運用妨害 (リソース消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005582.html

JVNDB-2012-005581 HP Integrated Lights-Out 3 および Integrated Lights-Out 4 における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005581.html

JVNDB-2012-000105 (JVN#83907168) 複数の京セラ製携帯端末におけるメール受信時に再起動する問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000105.html

JVNDB-2012-005268 (JVNVU#985625) 複数の Symantec 製品に脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005268.html

JVNDB-2012-005580 Google CityHash におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005580.html

JVNDB-2012-005579 Oracle Java SE および OpenJDK におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005579.html

JVNDB-2012-005540 (JVNVU#281284) Samsung 製プリンタに SNMP コミュニティ文字列がハードコードされている問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005540.html

JVNDB-2012-005577 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005577.html

JVNDB-2012-005576 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005576.html

JVNDB-2012-005575 Google Chrome で使用される libxml2 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005575.html

JVNDB-2012-005574 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005574.html

JVNDB-2012-005573 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005573.html

JVNDB-2012-005572 Mac OS X 上で稼働する Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005572.html

JVNDB-2012-005571 Google Chrome で使用される Skia におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005571.html

JVNDB-2012-005570 EMC Smarts Network Configuration Manager における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005570.html

JVNDB-2012-005569 EMC Smarts Network Configuration Manager のデフォルト設定における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005569.html

JVNDB-2012-005568 EMC RSA Adaptive Authentication On-Premise におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005568.html

JVNDB-2012-005567 MikroTik RouterOS におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005567.html

JVNDB-2012-005566 Open Solution Quick.Cart における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005566.html

JVNDB-2012-005565 Guitar Pro におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005565.html

JVNDB-2012-005564 X7 Chat におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005564.html

JVNDB-2012-005563 PHP Enter の admin/banners.php における horad.php への任意の PHP コード を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005563.html

JVNDB-2012-005562 Ramui Forum の gb/user/index.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005562.html

JVNDB-2012-005561 Joomla! 用 Jstore コンポーネントにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005561.html

JVNDB-2012-005560 Collabtive の admin.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005560.html

JVNDB-2012-005559 Collabtive におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005559.html

JVNDB-2012-005558 OpenText ECM におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005558.html

JVNDB-2012-005557 OpenText ECM におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005557.html

JVNDB-2012-005556 IBrowser TinyMCE プラグインの CMScout 内の ibrowser.php におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005556.html

JVNDB-2012-005555 Joomla! 用 CBE コンポーネントにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005555.html

JVNDB-2012-005554 M-Player におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005554.html

JVNDB-2012-005553 PHP-Fusion の downloads.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005553.html

JVNDB-2012-005552 GPSMapEdit におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005552.html

JVNDB-2012-005551 GreenBrowser におけるメモリ二重解放の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005551.html

JVNDB-2012-005550 File King Advanced File Managemen におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005550.html

JVNDB-2012-005549 YABSoft Advanced Image Hosting Script における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005549.html

JVNDB-2012-005548 razorCMS の admin/core/admin_func.php におけるファイルを閲覧される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005548.html

JVNDB-2012-005539 OpenVAS Manager の manage_sql.c における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005539.html

JVNDB-2012-005538 ar web content manager におけるサービス運用妨害 (ディスク消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005538.html

JVNDB-2012-005537 ar web content manager の cookie_gen.php における任意のクッキーを生成される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005537.html

JVNDB-2012-005535 lighttpd の request.c におけるサービス運用妨害 (無限ループ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005535.html

JVNDB-2012-005532 Mahara の group/members.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005532.html

JVNDB-2012-005526 Firefox 用 Unity integration 拡張機能におけるサービス運用妨害 (Firefox クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005526.html

JVNDB-2012-005524 Xen の HVMOP_pagetable_dying ハイパーコールにおけるサービス運用妨害 (ハイパーバイザークラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005524.html

JVNDB-2012-005515 Nicola Asuni TCExam の admin/code/tce_select_users_popup.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005515.html

JVNDB-2012-005514 Nicola Asuni TCExam における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005514.html

JVNDB-2012-005505 Perl 用 CGI.pm モジュールにおける改行を挿入される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005505.html

Mobile Malware: Request for Field Reports
http://isc.sans.edu/diary.html?storyid=14620

John McAfee Exposes His Location in Photo About His Being on Run
http://isc.sans.edu/diary.html?storyid=14623

Recent SSH vulnerabilities
http://isc.sans.edu/diary.html?storyid=14626

Zero Day MySQL Buffer Overflow
http://isc.sans.edu/diary.html?storyid=14611

Collecting Logs from Security Devices at Home
http://isc.sans.edu/diary.html?storyid=14614

Snipping Leaks
http://isc.sans.edu/diary.html?storyid=14605

Google Chrome Heap Overflow in WebGL Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027830

MySQL Bug in UpdateXML() Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1027829

MySQL Heap Overflow May Let Remote Authenticated Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027828

MySQL Stack Overflow May Let Remote Authenticated Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027827

freeSSHd Bug Lets Remote Users Gain Access to the Target System
http://www.securitytracker.com/id/1027826

freeFTPd Bug Lets Remote Users Gain Access to the Target System
http://www.securitytracker.com/id/1027825

SSH Tectia Server Bug in input_userauth_passwd_changereq() Lets Remote Users Gain Access to the Target System
McAfee Email Gateway Bugs Permit Cross-Site Scripting and Denial of Service Attacks

REMOTE: MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot)
http://www.exploit-db.com/exploits/23073

REMOTE: IBM System Director Remote System Level Exploit
http://www.exploit-db.com/exploits/23074

REMOTE: FreeFTPD Remote Authentication Bypass Zeroday Exploit
http://www.exploit-db.com/exploits/23079

REMOTE: FreeSSHD Remote Authentication Bypass Zeroday Exploit
http://www.exploit-db.com/exploits/23080

REMOTE: MySQL Remote Preauth User Enumeration Zeroday
http://www.exploit-db.com/exploits/23081

REMOTE: SSH.com Communications SSH Tectia Authentication Bypass Remote Zeroday Exploit
http://www.exploit-db.com/exploits/23082

REMOTE: MySQL Windows Remote System Level Exploit (Stuxnet technique) 0day
http://www.exploit-db.com/exploits/23083

LOCAL: MySQL (Linux) Database Privilege Elevation Zeroday Exploit
http://www.exploit-db.com/exploits/23077

LOCAL: BlazeVideo HDTV Player Pro v6.6 Filename Handling Vulnerability
http://www.exploit-db.com/exploits/23052

DoS/PoC: Opera Web Browser 12.11 Crash PoC
http://www.exploit-db.com/exploits/23107

DoS/PoC: MySQL (Linux) Stack Based Buffer Overrun PoC Zeroday
http://www.exploit-db.com/exploits/23075

DoS/PoC: MySQL (Linux) Heap Based Overrun PoC Zeroday
http://www.exploit-db.com/exploits/23076

DoS/PoC: MySQL Denial of Service Zeroday PoC
http://www.exploit-db.com/exploits/23078

Opera Web Browser 12.11 WriteAV Vulnerability
http://cxsecurity.com/issue/WLB-2012120031

MARSOUM CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012120030

MySQL Remote Preauth User Enumeration Zeroday
http://cxsecurity.com/issue/WLB-2012120020

MySQL Denial of Service Zeroday PoC
http://cxsecurity.com/issue/WLB-2012120014

MySQL (Linux) Database Privilege Elevation Zeroday Exploit
http://cxsecurity.com/issue/WLB-2012120015

MySQL (Linux) Heap Based Overrun PoC Zeroday
http://cxsecurity.com/issue/WLB-2012120017

MySQL (Linux) Stack based buffer overrun PoC Zeroday
http://cxsecurity.com/issue/WLB-2012120016

RIM BlackBerry PlayBook OS 1.0.8.6067 Local File Access
http://cxsecurity.com/issue/WLB-2012120029

phpMyNewsletter 0.8 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120028

OurWebFTP 5.3.5 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120027

Libsyn Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120026

Kaseya 6.2 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120025

Tinymcpuk 0.3 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120024

Ncentral 8.x Multiple vulnerabilities
http://cxsecurity.com/issue/WLB-2012120023

FortiWeb 4kC,3kC,1kC & VA Cross Site Vulnerabilities
http://cxsecurity.com/issue/WLB-2012120022

Buffalo Linkstation Privilege Escalation & Information Disclosure
http://cxsecurity.com/issue/WLB-2012120021

FreeSSHD Remote Authentication Bypass Zeroday Exploit
http://cxsecurity.com/issue/WLB-2012120012

FreeSSHD 1.2.4~1.2.6 Remote Buffer Overflow DoS
http://cxsecurity.com/issue/WLB-2012120019

SSH Tectia (SSH.com Communications) Authentication Bypass Remote 0day
http://cxsecurity.com/issue/WLB-2012120018

MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot)
http://cxsecurity.com/issue/WLB-2012120010

IBM System Director Remote System Level Exploit 0day
http://cxsecurity.com/issue/WLB-2012120013

FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique)
http://cxsecurity.com/issue/WLB-2012120011

Liberated Syndication Cross-Site Scripting
http://cxsecurity.com/issue/WLB-2012120009

Axis Commerce 0.8.7.2 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120008

jsupload.cgi.pl 0.6.4 Directory Traversal
http://cxsecurity.com/issue/WLB-2012120007

DataArmor & DriveArmor Privilege Escalation and Decryption
http://cxsecurity.com/issue/WLB-2012120006

SysAid Helpdesk 8.5 Pro SQL Injection
http://cxsecurity.com/issue/WLB-2012120005

Oracle Gridengine sgepasswd Buffer Overflow
http://cxsecurity.com/issue/WLB-2012120004

Squiz CMS 11654 File Path Traversal
http://cxsecurity.com/issue/WLB-2012120003

Nagios XI Network Monitor 2011R1.9 SQL Injection
http://cxsecurity.com/issue/WLB-2012120002

Nagios XI Network Monitor 2011R1.9 OS Command Injection
http://cxsecurity.com/issue/WLB-2012120001

Oracle Exadata leaf switch logins
http://cxsecurity.com/issue/WLB-2012110236

Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities
http://cxsecurity.com/issue/WLB-2012110221

SilverStripe CMS 3.0.2 Cross Site Request Forgery & Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110235

WordPress Video Lead Form 0.5 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110234

WordPress TimelineJS_Nuweb Local File Inclusion
http://cxsecurity.com/issue/WLB-2012110234

UMPlayer Portable 0.95 Proof Of Concept
http://cxsecurity.com/issue/WLB-2012110232

WordPress Toolbox 1.4 SQL Injection
http://cxsecurity.com/issue/WLB-2012110233

Agilebits 1Password 3.9.9 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110230

Drupal Email Field 6.x XSS & Access Bypass
http://cxsecurity.com/issue/WLB-2012110229

Espacio Ecuador Cross Site Scripting & SQL Injection
http://cxsecurity.com/issue/WLB-2012110228

Elastix 2.3.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110227

BigDump 0.29b Shell Upload & SQL Injection
http://cxsecurity.com/issue/WLB-2012110226

Seventeen Design Cross Site Scripting & SQL Injection
http://cxsecurity.com/issue/WLB-2012110225

Mikrotik Router Denial Of Service
http://cxsecurity.com/issue/WLB-2012050016

MODx CSRF, AoF, DoS and IAA vulnerabilities
http://cxsecurity.com/issue/WLB-2012110224

Safend Data Protector 3.4.5586.9772 Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012110223

Network Shutdown Module <= 3.21 (sort_values) Remote PHP Code Injection
http://cxsecurity.com/issue/WLB-2012110222

FreeFTPd SFTP Authentication Security Bypass Vulnerability
http://secunia.com/advisories/51454/

Fortinet FortiWeb "mkey" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51430/

Axis Two Script Insertion Vulnerabilities
http://secunia.com/advisories/51477/

Oracle MySQL Server Multiple Vulnerabilities
http://secunia.com/advisories/51427/

OurWebFTP Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51449/

Pale Moon Multiple Vulnerabilities
http://secunia.com/advisories/51485/

Fortinet FortiOS (FortiGate) "conversationContext" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51431/

JSUpload "writeItemContent()" Arbitrary File Disclosure Vulnerability
http://secunia.com/advisories/51405/

Debian update for libssh
http://secunia.com/advisories/51432/

Debian update for libxml2
http://secunia.com/advisories/51421/

MODx Forgot Manager Login Plugin Security Bypass Security Issue
http://secunia.com/advisories/51400/

ForeScout CounterACT Redirection and Cross-site Scripting Vulnerabilities
http://secunia.com/advisories/51417/

Hitachi Multiple Products Apache HTTP Server Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51458/

IBM Lotus Symphony Multiple Vulnerabilities
http://secunia.com/advisories/51451/

IBM WebSphere Message Broker File System Permissions Security Issue
http://secunia.com/advisories/51452/

IBM DOORS Web Access Java Multiple Vulnerabilities
http://secunia.com/advisories/51453/

WordPress Video Lead Form Plugin "errMsg" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51419/

Dovecot IMAP Multiple Keyword Search Denial Of Service Vulnerability
http://secunia.com/advisories/51455/

Ubuntu update for lynx-cur
http://secunia.com/advisories/51442/

McAfee Email Gateway Security Bypass Security Issue and Script Insertion Vulnerability
http://secunia.com/advisories/51441/

Mahara "query" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51404/

Elastix "Page" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51428/

Ubuntu update for linux, linux-ti-omap4, and linux-lts-backport-oneiric
http://secunia.com/advisories/51409/

MariaDB Buffer Overflow Vulnerability
http://secunia.com/advisories/51443/

Apple TV Two Vulnerabilities
http://secunia.com/advisories/51445/

Ushahidi Predictable Forgotten Password Challenge Security Issue
http://secunia.com/advisories/51310/

Google Chrome Two Vulnerabilities
http://secunia.com/advisories/51447/

Red Hat update for libxml2
http://secunia.com/advisories/51448/

Ubuntu update for perl
http://secunia.com/advisories/51457/

Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/56692

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4213 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56638

Mozilla Firefox, SeaMonkey, and Thunderbird HZ-GB-2312 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56632

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5840 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56635

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5839 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56637

Mozilla Firefox CVE-2012-4210 Style Inspector Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56646

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5842 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/56611

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4214 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56628

OpenStack Keystone CVE-2012-5571 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56726

OpenStack Token Expiration Security Bypass Vulnerability
http://www.securityfocus.com/bid/56727

IBM Director CIM Server Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34065

Symfony CVE-2012-5574 Arbitrary File Access Vulnerability
http://www.securityfocus.com/bid/56685

ModSecurity POST Parameters Security Bypass Vulnerability
http://www.securityfocus.com/bid/56096

libssh Multiple Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56604

WeeChat 'hook_process()' Function Remote Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/56584

Perl CGI.pm 'Set-Cookie' and 'P3P' Headers HTTP Header Injection Vulnerability
http://www.securityfocus.com/bid/56562

Linux Kernel KVM CVE-2012-4461 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56414

AWStats 'awredir.pl' Unspecified Security Vulnerability
http://www.securityfocus.com/bid/56280

cgit 'syntax-highlighting.sh' Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/56315

Moodle Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56505

Google Chrome Prior to 23.0.1271.91 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56684

Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53946

Oracle Java SE CVE-2012-1725 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53954

Oracle Java SE CVE-2012-1716 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53947

Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951

Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952

Oracle Java SE CVE-2012-1721 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53959

Oracle Java SE CVE-2012-1719 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53950

Oracle Java SE CVE-2012-1720 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53956

Oracle GlassFish Server Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53136

Oracle Java SE CVE-2012-1722 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53953

Symantec Messaging Gateway CVE-2012-0308 Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/55137

MyBB kingchat Plugin 'username' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/56787

freeSSHd Authentication Mechanism Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/56785

Buffalo LinkStation Information Disclosure and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/56784

SSH Tectia Server Unauthorized Password Change Security Bypass Vulnerability
http://www.securityfocus.com/bid/56783

Axis Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56781

WordPress WP-Realty Plugin 'language' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/56780

FirePass SSL VPN 'sessionId' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/56779

N-able N-central Multiple Security Bypass and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56778

Oracle MySQL CVE-2012-5614 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/56776

Oracle MySQL Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56772

Oracle MySQL Server Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56771

Oracle MySQL Server Heap Overflow Vulnerability
http://www.securityfocus.com/bid/56768

FreeFTPD 'SFTP' Authentication Mechanism Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/56782

phpMyNewsLetter Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56773

Multiple Fortinet FortiDB Appliances Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56775

Multiple Fortinet FortiWeb Appliances Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56774

Kaseya Agent 'TempPath' Registry Key HTML Injection Vulnerability
http://www.securityfocus.com/bid/56770

TinyMCPUK 'test' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56767

Oracle MySQL Server Username Enumeration Weakness
http://www.securityfocus.com/bid/56766

Nagios XI 'visApi.php' Multiple Command Injection Vulnerabilities
http://www.securityfocus.com/bid/54263

Oracle Java SE CVE-2012-5089 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56059

Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061

Oracle Java SE CVE-2012-5069 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56065

Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/55131

TLS Protocol CVE-2012-4929 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55704

Linux Kernel 'uname()' System Call Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55855

Linux Kernel 'tcp_illinois_info()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56346

Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071

Oracle Java SE CVE-2012-5085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56067

Oracle Java SE CVE-2012-5086 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56039

Oracle Java SE CVE-2012-5084 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56063

Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082

Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081

Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080

Oracle Java SE CVE-2012-5077 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56058

Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083

Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075

Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56076

Oracle Java Virtual Machine (JVM) CVE-2012-4416 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55501

ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55852

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4196 Cross-Origin Security Bypass Vulnerability
http://www.securityfocus.com/bid/56306

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4195 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56302

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4194 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56301

Perl Digest Module 'Digest->new()' Code Injection Vulnerability
http://www.securityfocus.com/bid/49911

Perl CVE-2012-5195 Heap-Based Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56287

Perl 'decode_xs()' and 'File::Glob::bsd_glob()' Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/49858

Wireshark Information Disclosure and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56729

ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55522

PHP Enter 'banners.php' PHP Code Injection Vulnerability
http://www.securityfocus.com/bid/53426

M-Player '.mp3' File Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51318

GPSMapEdit LST File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51327

Advanced File Management 'users.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51339

Ramui Forum Script 'query' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53411

Joomla! 'com_jstore' Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/44053

razorCMS File and Directory Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/51344

YABSoft Advanced Image Hosting Script 'view_comments.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/51394

PHP-Fusion 'downloads.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51365

OpenText LiveLink Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/43420

GreenBrowser Search Bar Short Cut Button Double Free Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51393

RSA NetWitness Informer Cross Site Request Forgery and Clickjacking Vulnerabilities
http://www.securityfocus.com/bid/56786

WordPress Zingiri Forums Plugin 'language' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/56777

OurWebFTP '/index.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56763

Post Oak Traffic Systems AWAM Bluetooth Reader Insufficient Entropy Vulnerability
http://www.securityfocus.com/bid/56762

Nagios XI Network Monitor Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/56761

SmartCMS SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56760

Dovecot 'mail-search.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/56759

Google Chrome OS Prior to 23.0.1271.94 CVE-2012-5129 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56756

IBM Lotus Symphony Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56755

Free Hosting Manager 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/56754

JsUpload '/tmp/uploader' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/56749

Ushahidi Forgotten Reset Password Security Bypass Vulnerability
http://www.securityfocus.com/bid/56748

SilverStripe HTML Injection and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/56747

0 件のコメント:

コメントを投稿