2013年1月31日木曜日
31日 木曜日、先勝
+ About the security content of Apple TV 5.2
http://support.apple.com/kb/HT5643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2619
+ About the security content of iOS 6.1 Software Update
http://support.apple.com/kb/HT5642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2619
+ Google Chrome 24.0.1312.57 released
http://googlechromereleases.blogspot.jp/2013/01/stable-channel-update_30.html
+ Opera 12.13 released
http://www.opera.com/docs/changelogs/unified/1213/
+ phpMyAdmin 3.5.6 released
http://sourceforge.net/p/phpmyadmin/news/2013/01/phpmyadmin-356-is-released/
+ UPDATE: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc
+ UPDATE: Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
+ HPSBST02839 SSRT101077 rev.1 - HP XP P9000 Command View Advanced Edition, Remote Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03650706-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3281
+ Algorithmic complexity vulnerability in Apache Ant
https://blogs.oracle.com/sunsecurity/entry/algorithmic_complexity_vulnerability_in_apache
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098
+ Multiple vulnerabilities in Wireshark
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5240
+ Multiple vulnerabilities in Apache HTTP server
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687
+ Multiple vulnerabilities in Firefox
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_firefox
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980
+ Multiple vulnerabilities in Thunderbird
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird7
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966
+ CVE-2012-3955 Denial of Service (DoS) vulnerability in ISC DHCP
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3955
+ CVE-2012-5166 Denial of Service vulnerability in ISC BIND
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5166_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166
+ CVE-2012-4244 Denial of Service vulnerability in ISC BIND
https://blogs.oracle.com/sunsecurity/entry/cve_2012_4244_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4244
+ Dovecot 2.1.14 released
http://www.dovecot.org/list/dovecot-news/2013-January/000239.html
+ Samba 4.0.2, 3.6.12 and 3.5.21 Security Releases Available for Download
http://samba.org/samba/history/samba-4.0.2.html
http://samba.org/samba/history/samba-3.6.12.html
http://samba.org/samba/history/samba-3.5.21.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214
+ Microsoft Internet Explorer Address Bar CVE-2013-1451 URI Spoofing Vulnerability
http://www.securityfocus.com/bid/57641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1451
+ GNU glibc 'regexec.c' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242
+ Buffalo TeraStation Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57634
チェックしておきたい脆弱性情報<2013.01.31>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130129/452665/?ST=security
栃木県管轄のWebサイトにサイバー攻撃、データベース改ざん被害
http://itpro.nikkeibp.co.jp/article/NEWS/20130130/452975/?ST=security
標的型攻撃対策ソフト「FFR yarai」に新版、例外リストを一元管理可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20130130/452909/?ST=security
米政府からの情報開示要求に対する、グーグルの保護策(WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20130130/452763/?ST=security
FP国家検定の試験問題が漏洩、実施前の問題をWebサイトに“公開”
http://itpro.nikkeibp.co.jp/article/NEWS/20130129/452522/?ST=security
JVNVU#90348117 Portable SDK for UPnP にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU90348117/
JVNDB-2012-001258 Apache HTTP Server の protocol.c における HTTPOnly cookies の値を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001258.html
JVNDB-2013-001059 Adobe Flash Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001259.html
JVNDB-2013-001319 Microsoft Internet Explorer 8 および 9 における Web サイトを偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001319.html
JVNDB-2013-001318 Microsoft Internet Explorer 8 および 9 における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001318.html
JVNDB-2013-001317 Apple iOS 6.1 未満の StoreKit におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001317.html
JVNDB-2013-001316 Apple iOS 6.1 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001316.html
JVNDB-2013-001315 Apple iOS および Apple TV のカーネルにおけるポインタの制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001315.html
JVNDB-2013-001314 Apple iOS 6.1 の Identity Services における認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001314.html
JVNDB-2013-001313 Apple iOS 6.1 未満で使用される WebKit におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001313.html
JVNDB-2013-001312 Apple iOS 6.1 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001312.html
JVNDB-2013-001311 Apple iOS 6.1 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001311.html
JVNDB-2013-001310 Apple iOS 6.1 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001310.html
JVNDB-2013-001309 Apple iOS 6.1 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001309.html
JVNDB-2013-001308 Apple iOS 6.1 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001308.html
JVNDB-2013-001307 Apple iOS 6.1 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001307.html
JVNDB-2013-001306 Apple iOS 6.1 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001306.html
JVNDB-2013-001305 Apple iOS 6.1 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001305.html
JVNDB-2013-001304 Apple iOS 6.1 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001304.html
JVNDB-2013-001303 Apple iOS 6.1 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001303.html
JVNDB-2013-001302 Apple iOS 6.1 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001302.html
[SECURITY] [DSA 2613-1] rails security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00124.html
Cisco Security Advisory: Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00123.html
Exposed UPNP Devices
https://isc.sans.edu/diary.html?storyid=15040
Getting Involved with the Local Community
https://isc.sans.edu/diary.html?storyid=15043
VLC Media Player ASF Movie Buffer Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028059
D-Link DCS cameras Unauthenticated remote access
http://cxsecurity.com/issue/WLB-2013010226
Buffalo TeraStation TS-Series multiple vulnerabilities
http://cxsecurity.com/issue/WLB-2013010225
Adobe Reader XI Heap Overflow
http://cxsecurity.com/issue/WLB-2013010224
Devise Type Conversion Security Bypass Vulnerability
http://secunia.com/advisories/51916/
Ubuntu update for nova
http://secunia.com/advisories/51992/
Ubuntu update for glance
http://secunia.com/advisories/51990/
Debian update for rails
http://secunia.com/advisories/51978/
Cisco Network Admission Control Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52016/
IBM InfoSphere Information Two Vulnerabilities
http://secunia.com/advisories/52020/
IBM InfoSphere Information Server Multiple Vulnerabilities
http://secunia.com/advisories/51985/
OpenStack Compute (Nova) Boot From Volume Arbitrary Volume Booting Vulnerability
http://secunia.com/advisories/51963/
OpenStack Glance Swift Backend Password Disclosure Security Issue
http://secunia.com/advisories/51957/
Samba SWAT Clickjacking Vulnerability
http://secunia.com/advisories/51994/
IRCD-Hybrid "try_parse_v4_netmask()" Denial of Service Vulnerability
http://secunia.com/advisories/51948/
Wireshark Multiple Vulnerabilities
http://secunia.com/advisories/51968/
Opera Multiple Vulnerabilities
http://secunia.com/advisories/52005/
IBM InfoSphere Information Server Java Denial of Service Vulnerability
http://secunia.com/advisories/52022/
VLC Media Player ASF Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/51995/
WordPress Poll Plugin "poll_id" and "pollid" SQL Injection Vulnerabilities
http://secunia.com/advisories/51942/
WordPress Poll Plugin Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/51925/
Ubuntu update for libvirt
http://secunia.com/advisories/52000/
WordPress Simple History Plugin RSS Feed "rss_secret" Disclosure Weakness
http://secunia.com/advisories/51998/
Microsoft Internet Explorer Address Bar CVE-2013-1451 URI Spoofing Vulnerability
http://www.securityfocus.com/bid/57641
Adobe Reader 'util.printf()' JavaScript Function Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/30035
Adobe Reader Unspecified Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/29420
Neon 'ne_xml*' expat XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/36080
IBM Eclipse Help System Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53884
OpenStack Compute (Nova) 'nova-volume' Security Bypass Vulnerability
http://www.securityfocus.com/bid/57613
Poweradmin 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55619
Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013
Linux Kernel 'dvb_net_ule()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38479
Linux Kernel USB interface Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39042
Linux Kernel 'tcp_rcv_state_process()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39016
Red Hat Enterprise Linux 'ptrace()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38702
Linux Kernel 'azx_position_ok()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38348
Sun Solaris XScreenSaver Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35733
Sun Solaris Sockets Direct Protocol (SDP) Driver 'sdp(7D)' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36904
Python 'expandtabs' Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/33187
Python Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/30491
Python 'Imageop' Module Argument Validation Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31932
Python 'stringobject.c' Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/28749
Python zlib Module Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/28715
NOS Microsystems getPlus Download Manager ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/32105
Adobe Acrobat and Reader 8.1.2 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32100
Linux Kernel dl2k Network Driver IOCTL Handling Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53965
Oracle Java Runtime Environment CVE-2012-3174 Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57312
Oracle Java Runtime Environment CVE-2013-0422 Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/57246
Ruby on Rails 'convert_json_to_yaml()' Method Security Vulnerability
http://www.securityfocus.com/bid/57575
Neon NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36079
FreeIPA CVE-2012-5484 Man in The Middle Security Vulnerability
http://www.securityfocus.com/bid/57529
Linux DiskQuota 'hosts_ctl()' Security Bypass Vulnerability
http://www.securityfocus.com/bid/55066
GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100
NetworkManager Permission Enforcement Multiple Local Vulnrabilities
http://www.securityfocus.com/bid/33966
Evolution Data Server 'ntlm_challenge()' Memory Contents Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34109
OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
http://www.securityfocus.com/bid/33150
GNOME Evolution S/MIME Email Signature Verification Vulnerability
http://www.securityfocus.com/bid/33720
Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/43673
ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55852
FreeType Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34550
TWiki and Foswiki 'MAKETEXT' Variable Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56950
Multiple Asterisk Products CVE-2012-5977 Denial of Service Vulnerability
http://www.securityfocus.com/bid/57105
Multiple Asterisk Products CVE-2012-5976 Stack Overflow Denial of Service Vulnerability
http://www.securityfocus.com/bid/57106
ProFTPD Race Condition Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57172
Drupal Drush Debian Packaging Module Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57643
Drupal Boxes Module 'subject' field HTML Injection Vulnerability
http://www.securityfocus.com/bid/57642
Drupal email2image Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/57639
GNU glibc 'regexec.c' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57638
QEMU KVM QXL Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57637
Buffalo TeraStation Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57634
Opera Web Browser Prior to 12.13 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57633
Cisco Network Admission Control CVE-2012-6029 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57632
Samba SWAT Cross Site Request Forgery and Clickjacking Vulnerabilities
http://www.securityfocus.com/bid/57631
WordPress Poll Plugin Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/57630
VLC Media Player ASF File Handling Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57629
WordPress Simple History Plugin RSS Feed Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57628
WordPress Poll Plugin Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/57624
2013年1月30日水曜日
30日 水曜日、赤口
+ CESA-2013:0199 Important CentOS 6 libvirt Update
http://lwn.net/Alerts/534961/
+ Wireshark 1.8.5 released
http://www.wireshark.org/docs/relnotes/wireshark-1.8.5.html
+ Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
ウイルスバスタービジネスセキュリティサービス メンテナンスのお知らせ(2013年1月29日)
http://www.trendmicro.co.jp/support/news.asp?id=1902
Adobe Reader XI versions are vulnerable to a heap overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00121.html
XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget")
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00120.html
Unauthenticated remote access to D-Link DCS cameras
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00119.html
APPLE-SA-2013-01-28-2 Apple TV 5.2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00118.html
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00117.html
[KIS-2013-01] DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00116.html
Kohana Framework v2.3.3 - Directory Traversal Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00115.html
ESA-2013-010: EMC AlphaStor Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00114.html
Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00113.html
nCircle PureCloud Vulnerability Scanner - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00112.html
[ MDVSA-2013:005 ] perl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00111.html
[SE-2012-01] An issue with new Java SE 7 security features
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00110.html
IPA テクニカルウォッチ
『DOM Based XSS』に関するレポート
~DOM Based XSSに関する脆弱性の届出が急増~
http://www.ipa.go.jp/about/technicalwatch/20130129.html
RSAセキュリティ、あて先をホワイトリスト化して延命を図ったフィッシング攻撃を報告
http://itpro.nikkeibp.co.jp/article/NEWS/20130129/452642/?ST=security
JVNVU#95364469 Apple iOS における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU95364469/
JVNVU#90935667 Ruby on Rails の JSON 解析処理に脆弱性
http://jvn.jp/cert/JVNVU90935667/
JVNDB-2013-001301 Beijer ADP および H-Designer におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001301.html
JVNDB-2013-001300 Moodle で使用される TinyMCE 用 PHP Spellchecker における任意のアウトバウンド HTTP リクエストを誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001300.html
JVNDB-2013-001299 Moodle におけるコースレベルのカレンダーのサブスクリプションを削除される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001299.html
JVNDB-2013-001298 Moodle の blog/rsslib.php における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001298.html
JVNDB-2013-001297 Moodle の blog/rsslib.php における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001297.html
JVNDB-2013-001296 Moodle の messaging システムにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001296.html
JVNDB-2013-001295 Moodle における任意のユーザのサブミッションコメントを読まれるまたは改ざんされる脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001295.html
JVNDB-2013-001294 Moodle におけるオープンリダイレクトの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001294.html
JVNDB-2013-001293 Moodle の report/outline/index.php における隠し最終アクセス値を見つけられる脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001293.html
JVNDB-2013-001292 Moodle の backup/converter/moodle1/lib.php における任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001292.html
JVNDB-2013-001291 Moodle におけるカスタム結果を標準のサイト全体の成果に変換される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001291.html
JVNDB-2013-001290 GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY および Proficy Process Systems with CIMPLICITY における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001290.html
JVNDB-2013-001289 GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY および Proficy Process Systems with CIMPLICITY におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001289.html
JVNDB-2013-001288 GE Intelligent Platforms Proficy Real-Time Information Portal におけるユーザ名のリストを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001288.html
JVNDB-2013-001287 GE Intelligent Platforms Proficy Real-Time Information Portal における設定ファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001287.html
JVNDB-2013-001286 FreeIPA のクライアントにおけるドメイン参加の処理を偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001286.html
JVNDB-2013-001285 TripAdvisor for iOS における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001285.html
JVNDB-2013-001284 CoolPDF の Reader におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001284.html
JVNDB-2013-001283 HP Diagnostics Server におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001283.html
JVNDB-2013-001282 (JVNVU#92496224) WebYaST にホスト一覧を改ざんされる脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001282.html
JVNDB-2013-001281 (JVNVU#94409047) Foxit Advanced PDF Editor にバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001281.html
JVNDB-2013-001280 IBM WebSphere Application Server における脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001280.html
JVNDB-2013-001279 IBM WebSphere Application Server の Virtual Member Manager 管理コンソールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001279.html
JVNDB-2013-001278 IBM WebSphere Application Server の管理コンソールにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001278.html
JVNDB-2013-001277 IBM WebSphere Application Server の管理コンソールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001277.html
JVNDB-2013-001276 IBM WebSphere Application Server の管理コンソールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001276.html
JVNDB-2013-001093 (JVNVU#91613461) TL-WR841N に情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001093.html
Be Careful What you Wish For!
https://isc.sans.edu/diary.html?storyid=15025
"Get Java Fixed Up"
https://isc.sans.edu/diary.html?storyid=15031
VU#922681 Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP
http://www.kb.cert.org/vuls/id/922681
libupnp Buffer Overflows Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028057
EMC AlphaStor Drive Control Program (DCP) Buffer Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028056
Ruby on Rails Input Validation Flaw in JSON Parser Lets Remote Users Bypass Authentication, Inject SQL Commands, Execute Arbitrary Code, and Deny Service
http://www.securitytracker.com/id/1028052
Apple iOS Multiple Bugs Let Remote Users Deny Service, Execute Arbitrary Code, and Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1028051
Apple TV Bugs Let Remote Users Deny Service and Local Users Access Kernel Memory
http://www.securitytracker.com/id/1028050
libvirt Use-After-Free May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028047
REMOTE: Ruby on Rails JSON Processor YAML Deserialization Code Execution
http://www.exploit-db.com/exploits/24434
DoS/PoC: Apple Quick Time Player (Windows) Version 7.7.3 Out of Bound Read
http://www.exploit-db.com/exploits/24437
Ubuntu update for libssh
http://secunia.com/advisories/51982/
Portable UPnP SDK "unique_service_name()" Buffer Overflow Vulnerabilities
http://secunia.com/advisories/51949/
IBM Tivoli Directory Integrator JSSE Denial of Service Vulnerability
http://secunia.com/advisories/52009/
IBM WebSphere Message Broker Java Multiple Vulnerabilities
http://secunia.com/advisories/52006/
Red Hat update for libvirt
http://secunia.com/advisories/52001/
Cisco IOS XR Unspecified Denial of Service Vulnerability
http://secunia.com/advisories/51989/
libvirt "virNetMessageFree()" Use-After-Free Vulnerability
http://secunia.com/advisories/52003/
Symfony YAML Component Two Vulnerabilities
http://secunia.com/advisories/51980/
Ubuntu update for ffmpeg
http://secunia.com/advisories/51991/
WordPress SolveMedia Plugin Cross-Site Request Forgery
http://secunia.com/advisories/51927/
FFmpeg Multiple Vulnerabilities
http://secunia.com/advisories/51975/
Apple TV Kernel Memory Access Vulnerability
http://secunia.com/advisories/52004/
Red Hat update for rubygem-activesupport
http://secunia.com/advisories/51999/
Apple iOS Multiple Vulnerabilities
http://secunia.com/advisories/52002/
Ubuntu update for libav
http://secunia.com/advisories/51993/
Ruby on Rails JSON Parser YAML Handling Vulnerability
http://secunia.com/advisories/51938/
Apple Quick Time Player 7.7.3 (Windows) Out of Bound Read
http://cxsecurity.com/issue/WLB-2013010223
Ruby on Rails JSON Processor YAML Deserialization Code Execution
http://cxsecurity.com/issue/WLB-2013010222
DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability
http://cxsecurity.com/issue/WLB-2013010221
Elgg 1.8.12, 1.7.16 XSS
http://cxsecurity.com/issue/WLB-2013010220
Kohana Framework 2.3.3 Directory Traversal
http://cxsecurity.com/issue/WLB-2013010219
nCircle PureCloud Vulnerability Scanner Bypass / Injection
http://cxsecurity.com/issue/WLB-2013010218
Fortinet FortiMail IBE Appliance Application Filter Bypass
http://cxsecurity.com/issue/WLB-2013010217
libupnp Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/57602
Oracle Java SE CVE-2012-5069 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56065
Sun Solaris sendfile(3EXT) and sendfilev(3EXT) Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36083
Oracle Solaris CVE-2012-0096 Remote Vulnerability
http://www.securityfocus.com/bid/51490
LibTIFF 'tif_lzw.c' Remote Buffer Underflow Vulnerability
http://www.securityfocus.com/bid/30832
Oracle Solaris CVE-2012-0098 Local Solaris Vulnerability
http://www.securityfocus.com/bid/51499
Oracle Sun Products Suite CVE-2012-3123 Remote Solaris Vulnerability
http://www.securityfocus.com/bid/54517
Oracle Solaris CVE-2012-0103 Local Solaris Vulnerability
http://www.securityfocus.com/bid/51494
Sun Solaris NFS Version 4 Kernel Module Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35714
JNLPAppletLauncher Arbitrary File Creation Vulnerability
http://www.securityfocus.com/bid/35946
Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061
Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083
Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082
Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081
Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080
Oracle Java SE CVE-2012-5083 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56025
Oracle Java SE CVE-2012-5084 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56063
Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075
Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56076
Oracle Java SE CVE-2012-5089 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56059
Oracle Java SE CVE-2012-3159 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56072
Oracle Java SE CVE-2012-3143 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56055
Oracle Java SE CVE-2012-1533 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56046
Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071
Oracle Java SE CVE-2012-1531 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56033
Oracle Java SE CVE-2012-1532 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56051
Ruby on Rails 'convert_json_to_yaml()' Method Security Vulnerability
http://www.securityfocus.com/bid/57575
libvirt 'virNetMessageFree()' Function Use After Free Code Execution Vulnerability
http://www.securityfocus.com/bid/57578
libvirt 'virNetServerProgramDispatchCall()' Function Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/55541
RETIRED: Apple iPhone/iPad/iPod touch Prior to iOS 6.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/57572
WordPress Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57554
WordPress Plupload Plugin 'id' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57555
Elgg 'params[twitter_username]' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/57569
ZoneMinder Remote Multiple Arbitrary Command Execution Vulnerabilities
http://www.securityfocus.com/bid/57544
D-Link DCS Cameras Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/57611
IRCD-Hybrid 'try_parse_v4_netmask()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/57610
pfSense 'username' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/57605
FFmpeg Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/57600
Multiple Hunt CCTV Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57579
2013年1月29日火曜日
29日 火曜日、大安
+ RHSA-2013:0199 Important: libvirt security update
http://rhn.redhat.com/errata/RHSA-2013-0199.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0170
+ HS13-002 Vulnerability about User Authentication in Operational Management Function of Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-002/index.html
+ HS13-002 Cosminexus運用管理機能におけるユーザ認証の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-002/index.html
+ libpng 1.5.14, 1.2.50 released
http://www.libpng.org/pub/png/src/libpng-1.5.14-README.txt
http://www.libpng.org/pub/png/src/libpng-1.2.50-README.txt
+ Linux kernel 3.7.5, 3.4.28, 3.0.61 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.5
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.28
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.61
+ iOS 6.1 Software Update
http://support.apple.com/kb/DL1624
+ Apple iPhone/iPad/iPod touch Prior to iOS 6.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/57572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0974
トレンドマイクロQ&A検索ページで発生している障害について
http://www.trendmicro.co.jp/support/news.asp?id=1901
InterScan Webmanager SCCの管理画面閲覧不可障害について
http://www.trendmicro.co.jp/support/news.asp?id=1900
Trend Micro Deep Security 8.0 Service Pack 2 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1895
「情報セキュリティエコノミクスシンポジウム2013」開催のご案内
~ 情報セキュリティエコノミクスは何に役立つか ~
http://www.ipa.go.jp/security/event/2013/eco_sympo/index.html
ソフトウェア等の脆弱性関連情報に関する届出状況
[2012年第4四半期(10月~12月)]
http://www.ipa.go.jp/security/vuln/report/vuln2012q4.html
JVNVU#92496224 WebYaST にホスト一覧を改ざんされる脆弱性
http://jvn.jp/cert/JVNVU92496224/index.html
JVNVU#94409047 Foxit Advanced PDF Editor にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU94409047/index.html
JVNDB-2012-005828 (JVNVU#92426910) (JVNTA13-015A) Internet Explorer に任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005828.html
JVNDB-2013-001027 (JVNTA13-010A) Oracle Java 7 に脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001027.html
JVNDB-2013-001059 Adobe Flash Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001059.html
JVNDB-2013-001275 ISC BIND におけるサービス運用妨害 (表明違反および named デーモンの終了) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001275.html
JVNDB-2013-001274 Cisco Wireless LAN Controller における無線管理の設定を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001274.html
JVNDB-2013-001273 Cisco Wireless LAN Controller における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001273.html
JVNDB-2013-001272 Cisco Wireless LAN Controller におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001272.html
JVNDB-2013-001271 Cisco Wireless LAN Controller におけるサービス運用妨害 (デバイスリロード) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001271.html
JVNDB-2013-001270 複数の Rockwell Automation 製品におけるサービス運用妨害 (制御および通信の停止) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001270.html
JVNDB-2013-001269 複数の Rockwell Automation 製品における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001269.html
JVNDB-2013-001268 複数の Rockwell Automation 製品におけるリプレイ攻撃の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001268.html
JVNDB-2013-001267 複数の Rockwell Automation 製品におけるサービス運用妨害 (制御および通信の停止) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001267.html
JVNDB-2013-001266 複数の Rockwell Automation 製品におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001266.html
JVNDB-2013-001265 複数の Rockwell Automation 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001265.html
JVNDB-2013-001264 複数の Rockwell Automation 製品におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001264.html
JVNDB-2013-001263 複数の Rockwell Automation 製品におけるサービス運用妨害 (制御および通信の停止) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001263.html
JVNDB-2013-001262 ProFTPD における任意のファイルの所有権を変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001262.html
JVNDB-2012-005920 FreeType の _bdf_parse_glyphs 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001260.html
JVNDB-2012-005919 FreeType の _bdf_parse_glyphs 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005919.html
JVNDB-2012-005918 FreeType におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005918.html
JVNDB-2013-001028 (JVNVU#97486520) Dell OpenManage Server Administrator にクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001028.html
JVNDB-2013-001261 Mac OS X 上の Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001261.html
JVNDB-2013-001260 Google Chrome における脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001260.html
JVNDB-2013-001259 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001259.html
JVNDB-2013-001258 Google Chrome における脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001258.html
JVNDB-2013-001257 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001257.html
iOS 6.1 Released
https://isc.sans.edu/diary.html?storyid=15022
VU#628463 Ruby on Rails 3.0 and 2.3 JSON Parser vulnerability
http://www.kb.cert.org/vuls/id/628463
Cisco Adaptive Security Appliance CIFS UNC Handling Denial of Service Vulnerability
http://secunia.com/advisories/51955/
Elgg Twitter Widget Plugin "params[twitter_username]" Script Insertion Vulnerability
http://secunia.com/advisories/52007/
Cisco Unified Communications Domain Manager (CUCDM) Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51954/
Cisco WebEx Social Information Disclosure and Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51996/
Hitachi Cosminexus Operational Management Function Security Bypass Security Issue
http://secunia.com/advisories/51950/
ImageCMS "q" SQL Injection Vulnerability
http://secunia.com/advisories/51913/
SUSE update for java-1_7_0-openjdk
http://secunia.com/advisories/52008/
FFmpeg Multiple Vulnerabilities
http://secunia.com/advisories/51964/
DoS/PoC: PHP Weby Directory Software 1.2 Multiple Vulnerabilities
http://www.exploit-db.com/exploits/24433
Hunt CCTV (and generics brands) Insufficient Authentication
http://cxsecurity.com/issue/WLB-2013010216
Moodle 'cURL' API Security Bypass Vulnerability
http://www.securityfocus.com/bid/57104
QEMU CVE-2012-6075 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57420
Broadcom BCM4325 and BCM4329 Wireless Chipset Out of Bound Read Denial of Service Vulnerability
http://www.securityfocus.com/bid/56184
Google Chrome Prior to 22.0.1229.79 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55676
Google Chrome Prior to 20.0.1132.43 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54203
Zabbix 'cnf' Parameter Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/57471
WebKit Multiple Unspecified Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55534
Google Chrome Prior to 21 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54749
Google Chrome Prior to 18.0.1025.142 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52762
Drupal Core Path Disclosure Vulnerability
http://www.securityfocus.com/bid/53454
Perl CVE-2012-5195 Heap-Based Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56287
FFmpeg Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/55355
Google Chrome Prior to 23.0.1271.97 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56903
WebYaST CVE-2012-0435 Hosts List Modification Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57511
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0744 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57218
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0752 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57241
OSClass Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/51721
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0743 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57258
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0762 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57193
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0764 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57211
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0760 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57199
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0766 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57194
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0770 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57207
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0745 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57244
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0763 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57197
Ruby multi_xml CVE-2013-0175 Remote Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/57281
Rack Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/57430
JBoss Web Services W3C XML Encryption Standard Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55770
Apache CXF Elements Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/53877
JBoss Enterprise Application Platform Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/54915
JBoss 'twiddle.sh' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54631
JBoss Enterprise BRMS Platform JGroups Diagnostics Service Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54183
Apple iPhone/iPad/iPod touch Prior to iOS 6.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/57572
Elgg 'params[twitter_username]' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/57569
Cisco WebEx Social CVE-2013-1107 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57568
Hitachi Cosminexus Products Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/57566
Oracle Java Runtime Environment Unsigned Java Code Security Bypass Vulnerability
http://www.securityfocus.com/bid/57563
2013年1月28日月曜日
28日 月曜日、仏滅
+ BIND 9.9.3b1, 9.8.5b1, 9.6-ESV-R9b1 released
https://kb.isc.org/article/AA-00866
https://kb.isc.org/article/AA-00865
https://kb.isc.org/article/AA-00864
+ BIND 9 with DNS64 enabled can unexpectedly terminate when resolving domains in RPZ
https://www.isc.org/software/bind/advisories/cve-2012-5689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5689
+ Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-asacx
Check Point response to OpenSSH CBC Mode Information Disclosure Vulnerability (CVE-2008-5161)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk36343&src=securityAlerts
Check Point's Response to "FireWall-1 RDP Bypass Vulnerability" (CA-2001-17)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk63580&src=securityAlerts
パスワードマネージャーのプログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1898
[SECURITY] [DSA 2612-1] ircd-ratbox security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00108.html
WordPress SolveMedia 1.1.0 CSRF Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00109.html
英当局がソニーに25万ポンドの罰金、2011年のプレステネット情報流出で
http://itpro.nikkeibp.co.jp/article/NEWS/20130125/451961/?ST=security
JVNDB-2011-003567 Oracle Glassfish におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003567.html
JVNDB-2012-001078 Apache Tomcat におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001078.html
JVNDB-2012-003837 Apache HTTP Server の mod_negotiation モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003837.html
JVNDB-2012-002094 Apache HTTP Server の envvars における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002094.html
JVNDB-2012-004762 Wireshark の LDP 解析機能におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004762.html
JVNDB-2012-004761 Wireshark の PPP 解析機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004761.html
JVNDB-2012-004760 Wireshark の HSRP 解析機能 におけるサービス運用妨害 (無限ループ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004760.html
JVNDB-2012-004016 Wireshark の epan/dissectors/packet-drda.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004016.html
JVNDB-2012-002959 Apache Commons Compress および Apache Ant におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002959.html
JVNDB-2013-001256 Elefant CMS の apps/admin/handlers/versions.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001256.html
JVNDB-2013-001255 WikidForum の advanced search における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001255.html
JVNDB-2013-001254 DIY-CMS の modules/poll/index.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001254.html
JVNDB-2013-001253 DiY-CMS の mod.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001253.html
JVNDB-2013-001252 DiY-CMS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001252.html
JVNDB-2013-001251 PHP Ticket System における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001251.html
JVNDB-2013-001250 eFront における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001250.html
JVNDB-2013-001249 Joomla! 用 nBill コンポーネントにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001249.html
JVNDB-2013-001248 gpEasy CMS の index.php/Admin_Preferences におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001248.html
JVNDB-2013-001247 WordPress 用 Organizer プラグインにおけるインストールパスを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001247.html
JVNDB-2013-001246 WordPress 用 Organizer プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001246.html
JVNDB-2013-001245 NetArt Media Car Portal におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001245.html
JVNDB-2013-001244 NetArt Media Car Portal における任意の PHP コードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001244.html
JVNDB-2013-001243 NetArt Media Car Portal におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001243.html
JVNDB-2013-001242 ChurchCMS の admin.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001242.html
JVNDB-2013-001241 PHP Volunteer Management におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001241.html
JVNDB-2013-001240 PHP Volunteer Management における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001240.html
JVNDB-2012-005915 GnuPG の g10/import.c における公開鍵リングのデータベースを破壊される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005915.html
JVNDB-2013-001239 Sitecom WLM-2501 におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001239.html
JVNDB-2013-001238 WordPress 用 Advanced Text Widget プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001238.html
JVNDB-2013-000004 (JVN#24343509) WebSphere Application Server (WAS) におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000004.html
HP JetDirect Vulnerabilities Discussed
https://isc.sans.edu/diary.html?storyid=15016
Blocking SSH to Limit Security Exposures
https://isc.sans.edu/diary.html?storyid=15013
Vulnerability Scans via Search Engines (Request for Logs)
https://isc.sans.edu/diary.html?storyid=15010
ISC BIND DNS64 and Response Policy Zones (RPZ) Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028046
WordPress Bugs Permit Cross-Site Scripting and Port Scanning Attacks
http://www.securitytracker.com/id/1028045
JBoss Multiple Bugs Let Remote Users Execute Arbitrary Code, Hijack User Sessions or Credentials, and Gain Elevated Privileges
http://www.securitytracker.com/id/1028042
SAP NetWeaver SPML Service XML External Entity Flaw Lets Remote Users Obtain Files
http://www.securitytracker.com/id/1028041
ProFTPD MKD/XMKD Race Condition Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028040
Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication
http://www.securitytracker.com/id/1028039
VU#806908 SUSE WebYaST remotely accessible hosts list vulnerability
http://www.kb.cert.org/vuls/id/806908
VU#275219 Foxit Advanced PDF Editor 3 contains a stack buffer overrun vulnerability
http://www.kb.cert.org/vuls/id/275219
LOCAL: Windows Manage Memory Payload Injection
http://www.exploit-db.com/exploits/24366
Photodex ProShow Producer 5.0.3297 ExpandMacroFilename() Local Buffer Overflow
http://cxsecurity.com/issue/WLB-2013010215
pkp CMS SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2013010214
stateart SQL injection Vulnerability
http://cxsecurity.com/issue/WLB-2013010213
4Dee SQL injection Vulnerability
http://cxsecurity.com/issue/WLB-2013010212
Nyatapol SQL Injection
http://cxsecurity.com/issue/WLB-2013010211
Wikidforum 2.10 Cross Site Scripting & SQL Injection
http://cxsecurity.com/issue/WLB-2012030102
Sitecom WLM-2501 Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012030113
WordPress SolveMedia 1.1.0 Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2013010210
iCart Pro 4.0.1 SQL Injection
http://cxsecurity.com/issue/WLB-2013010209
SQLiteManager 1.2.4 PHP Code Injection
http://cxsecurity.com/issue/WLB-2013010208
KMPlayer 3.5.0.77 Denial Of Service
http://cxsecurity.com/issue/WLB-2013010207
NSBuilder SQL injection and HTML injection Vulnerability
http://cxsecurity.com/issue/WLB-2013010206
DIY CMS v1.0 Poll Multiple Web Vulnerabilities
http://cxsecurity.com/issue/WLB-2012040238
Wordpress Zingiri Web Shop Plugin <= 2.4.0 Multiple XSS Vulnerabilities
http://cxsecurity.com/issue/WLB-2013010205
PHP Ticket System Beta 1 SQL Injection
http://cxsecurity.com/issue/WLB-2012040202
PHP Volunteer Management id 1.0.2 Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2013010204
ImageCMS 4.0.0b SQL Injection
http://cxsecurity.com/issue/WLB-2013010203
Windows 7/8 Attacking the Address Space Randomization
http://cxsecurity.com/issue/WLB-2013010194
Windows Manage Memory Payload Injection
http://cxsecurity.com/issue/WLB-2013010202
Aloaha PDF Crypter 3.5.0.1164 File Overwrite
http://cxsecurity.com/issue/WLB-2013010201
SonicWALL GMS 6 Arbitrary File Upload
http://cxsecurity.com/issue/WLB-2013010200
Movable Type 4.2x / 4.3x Web Upgrade Remote Code Execution
http://cxsecurity.com/issue/WLB-2013010199
Novell eDirectory 8 Buffer Overflow
http://cxsecurity.com/issue/WLB-2013010198
ZoneMinder Video Server packageControl Command Execution
http://cxsecurity.com/issue/WLB-2013010197
Barracuda SSL VPN Authentication Bypass
http://cxsecurity.com/issue/WLB-2013010196
Barracuda Networks SSHd Backdoor Accounts
http://cxsecurity.com/issue/WLB-2013010195
django CMS page_attribute Template Tag Script Insertion Vulnerability
http://secunia.com/advisories/51953/
SUSE update for WebYaST and SUSE Studio Standard Edition
http://secunia.com/advisories/51947/
Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform
http://secunia.com/advisories/51984/
F5 Products XML Entity References Information Disclosure Vulnerability
http://secunia.com/advisories/51986/
WordPress Multiple Vulnerabilities
http://secunia.com/advisories/51967/
F5 Products "defaultQuery" SQL Injection Vulnerability
http://secunia.com/advisories/51867/
IBM InfoSphere BigInsights Java Two Vulnerabilities
http://secunia.com/advisories/51914/
Perforce Web Client (P4Web) Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51924/
iTop Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51702/
ISC BIND AAAA Record Lookup Handling Assertion Failure Vulnerability
http://secunia.com/advisories/51969/
Debian update for ircd-ratbox
http://secunia.com/advisories/51802/
Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951
Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0763 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57197
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0762 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57193
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0752 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57241
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0745 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57244
Oracle Java Runtime Environment CVE-2012-3174 Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57312
Oracle Java Runtime Environment CVE-2013-0422 Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/57246
F5 BIG-IP CVE-2012-3000 SQL Injection Vulnerability
http://www.securityfocus.com/bid/57500
Spring Framework Expression Language JSP Attributes Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49543
Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56812
JBoss Cache 'NonManagedConnectionFactory.java' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51392
Xen 'xen_failsafe_callback()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57433
Samba CVE-2013-0172 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/57329
Ruby multi_xml CVE-2013-0175 Remote Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/57281
TWiki and Foswiki 'MAKETEXT' Variable Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56950
Qt 'QSslSocket::sslErrors()' Certificate Validation Security Weakness
http://www.securityfocus.com/bid/57162
Bacula Console ACL Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/55505
Drupal Keyboard Shortcut Utility Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/57527
Drupal Video Module Arbitrary PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/57525
Drupal User Relationships Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/57528
Drupal Search API Sorts Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/57530
Movable Type Multiple SQL Injection and Command Injection Vulnerabilities
http://www.securityfocus.com/bid/57490
Foxit Advanced PDF Editor CVE-2013-0107 Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57558
2013年1月25日金曜日
25日 金曜日、先勝
+ CESA-2013:0188 Important CentOS 6 ipa Update
http://lwn.net/Alerts/533939/
+ CESA-2013:0189 Important CentOS 5 ipa-client Update
http://lwn.net/Alerts/533938/
+ Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-asacx
+ UPDATE: Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone
+ UPDATE: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc
+ Sudo 1.8.6p5 released
http://www.sudo.ws/sudo/stable.html#1.8.6p5
ServerProtect for Linux 3.0 Critical Patch build 1366 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1894
AIU保険がサイバーリスク保険発売、攻撃・不正に包括対応
http://itpro.nikkeibp.co.jp/article/NEWS/20130124/451744/?ST=security
SEC Consult SA-20130124-0 :: Critical SSH Backdoor in multiple Barracuda Networks Products
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00107.html
IPv6: How to avoid security issues with VPN leaks on dual-stack networks
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00106.html
New Blog Post: Attacking the Windows 7/8 Address Space Randomization
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00105.html
CVE ID Syntax Change - Call for Public Feedback
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00101.html
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00100.html
CVE-2013-0805 / CSNC-2013-001
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00102.html
SQL Injection Vulnerability in ImageCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00104.html
Cross-Site Scripting (XSS) vulnerability in gpEasy
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00103.html
JVNDB-2012-005749 Apache Tomcat における security-constraint のチェックを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005749.html
JVNDB-2013-001237 Movable Type の mt-upgrade.cgi における eval インジェクションおよび SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001237.html
JVNDB-2013-001236 Nagios Core の history.cgi におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001236.html
JVNDB-2013-001235 Apache CloudStack および Citrix CloudPlatform における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001235.html
JVNDB-2013-001234 iOS 用 Call of Duty Elite における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001234.html
JVNDB-2012-005913 Linux Kernel の KVM サブシステムにおけるサービス運用妨害 (カーネル OOPS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005913.html
JVNDB-2013-001233 Oracle MySQL および MariaDB における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001233.html
JVNDB-2013-001232 Linux Kernel の Reliable Datagram Sockets プロトコルの実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001232.html
JVNDB-2013-001231 Microsoft Internet Explorer におけるファイルの存在についての重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001231.html
JVNDB-2012-005912 Linux Kernel の Near Field Communication Controller Interface におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005912.html
JVNDB-2012-005911 Linux Kernel の KVM サブシステムにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005911.html
JVNDB-2012-005910 Linux Kernel の macvtap デバイスドライバにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005910.html
JVNDB-2012-005467 複数の Mozilla 製品の nsWindow::OnExposeEvent 関数におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005467.html
Barracuda "Back Door"
https://isc.sans.edu/diary.html?storyid=15004
Barracuda Web Filter SSH Backdoor Lets Remote Users Access the System
http://www.securitytracker.com/id/1028038
Barracuda Web Application Firewall SSH Backdoor Lets Remote Users Access the System
http://www.securitytracker.com/id/1028037
Barracuda SSL VPN SSH Backdoor Lets Remote Users Access the System
http://www.securitytracker.com/id/1028036
Barracuda Link Balancer SSH Backdoor Lets Remote Users Access the System
http://www.securitytracker.com/id/1028035
Xen Nested HVM Memory Leak Lets Local Users Deny Service
http://www.securitytracker.com/id/1028032
Red Hat Enterprise IPA Certificate Validation Flaw Lets Remote Users Access the System in Certain Cases
http://www.securitytracker.com/id/1028028
REMOTE: Java Applet Method Handle Remote Code Execution
http://www.exploit-db.com/exploits/24308
REMOTE: Java Applet AverageRangeStatisticImpl Remote Code Execution
http://www.exploit-db.com/exploits/24309
REMOTE: ZoneMinder Video Server packageControl Command Execution
http://www.exploit-db.com/exploits/24310
REMOTE: SonicWALL GMS 6 Arbitrary File Upload
http://www.exploit-db.com/exploits/24322
REMOTE: Novell eDirectory 8 Buffer Overflow
http://www.exploit-db.com/exploits/24323
DoS/PoC: Aloaha PDF Crypter (3.5.0.1164) ActiveX Arbitrary File Overwrite
http://www.exploit-db.com/exploits/24319
SUSE update for tomcat6 and libtcnative
http://secunia.com/advisories/51960/
SUSE update for Multiple Packages
http://secunia.com/advisories/51817/
SUSE update for tomcat
http://secunia.com/advisories/51972/
SUSE update for Multiple Packages
http://secunia.com/advisories/51898/
Cisco Wireless LAN Controllers Multiple Vulnerabilities
http://secunia.com/advisories/51965/
Drupal Search API Sorts Module Field Labels Script Insertion Vulnerability
http://secunia.com/advisories/51977/
Red Hat update for ipa
http://secunia.com/advisories/51871/
Drupal User Relationships Module Relationship Names Script Insertion Vulnerability
http://secunia.com/advisories/51979/
SUSE update for flash-player
http://secunia.com/advisories/51946/
SUSE update for icinga
http://secunia.com/advisories/51944/
FreeIPA Two Information Disclosure Security Issues
http://secunia.com/advisories/51907/
FreeIPA Insecure CA Certificate Handling Security Issue
http://secunia.com/advisories/51756/
SSSD Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/51928/
SUSE update for libqt4
http://secunia.com/advisories/51952/
SUSE update for mysql-community-server
http://secunia.com/advisories/51961/
Red Hat update for JBoss Operations Network
http://secunia.com/advisories/51966/
TripAdvisor for iOS Login Credentials Disclosure Security Issue
http://secunia.com/advisories/51410/
GE Intelligent Platforms Products Two Vulnerabilities
http://secunia.com/advisories/51936/
Google Web Toolkit Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51941/
SAP NetWeaver SPML XML Entity References Information Disclosure Vulnerability
http://secunia.com/advisories/51573/
SUSE update for libtiff
http://secunia.com/advisories/51973/
SUSE update for squid3
http://secunia.com/advisories/51974/
Windows 7/8 Attacking the Address Space Randomization
http://cxsecurity.com/issue/WLB-2013010194
Drupal CurvyCorners Cross-site Scripting
http://cxsecurity.com/issue/WLB-2013010193
php_chat Remote File inclusion Vulnerability
http://cxsecurity.com/issue/WLB-2013010192
webingroup CMS SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2013010191
Chisimba SQL Injection
http://cxsecurity.com/issue/WLB-2013010190
PHP Weby directory 1.2 Blind SQL injection && CSRF
http://cxsecurity.com/issue/WLB-2013010189
Drupal Video 7.x PHP Code Execution
http://cxsecurity.com/issue/WLB-2013010188
Drupal Search API Sorts 7.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013010187
Drupal User Relationships 6.x / 7.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013010186
Drupal CurvyCorners 6.x / 7.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013010185
iTop Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013010184
Drupal Keyboard Shortcut Utility 7.x Access Bypass
http://cxsecurity.com/issue/WLB-2013010183
WordPress Chocolate Theme XSS & Denial Of Service & Shell Upload
http://cxsecurity.com/issue/WLB-2013010182
Weboptima CMS Add Administrator & Shell Upload
http://cxsecurity.com/issue/WLB-2013010181
ircd-ratbox 'm_capab.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/57085
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0759 Address Bar URI Spoofing Vulnerability
http://www.securityfocus.com/bid/57228
Adobe Shockwave Player CVE-2012-0759 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52006
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0757 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57236
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0771 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57198
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0770 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57207
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0767 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57195
Mozilla Firefox and SeaMonkey CVE-2013-0751 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57260
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0749 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57205
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0769 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57203
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5829 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56636
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0760 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57199
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0768 Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57204
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0747 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57240
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0743 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57258
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0748 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57234
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0750 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57235
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0746 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57238
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0758 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57232
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0766 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57194
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0753 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57209
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0744 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57218
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0761 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57196
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0756 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57215
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0764 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57211
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0754 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57217
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0755 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57213
Novell eDirectory Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57038
Multiple SonicWALL Products CVE-2013-1359 Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/57445
PLIB 'ulSetError()' Function Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51152
PLIB 'ssgParser.cxx' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55839
Adobe Flash Player and AIR CVE-2012-5676 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56892
Adobe Flash Player and AIR CVE-2012-5678 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56898
Adobe Flash Player and AIR CVE-2012-5677 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/56896
MariaDB CVE-2012-4414 Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/55498
Oracle MySQL and MariaDB 'acl_get()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56769
FreeIPA CVE-2012-5484 Man in The Middle Security Vulnerability
http://www.securityfocus.com/bid/57529
Adobe Flash Player and AIR CVE-2012-5280 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56546
Adobe Flash Player and AIR CVE-2012-5278 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56547
Adobe Flash Player and AIR CVE-2012-5274 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56542
Adobe Flash Player and AIR CVE-2012-5279 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56554
Adobe Flash Player and AIR CVE-2012-5276 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56544
Adobe Flash Player and AIR CVE-2012-5277 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56545
Adobe Flash Player and AIR CVE-2012-5275 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56543
Linux Kernel IPv6 CVE-2012-4444 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56891
Xen 'extent_order' Values Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56798
Linux Kernel ASLR Security Bypass Weakness
http://www.securityfocus.com/bid/52687
ADP and H-designer CVE-2013-4696 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57546
Aloaha PDF Crypter ActiveX Arbitrary File Overwrite Vulnerability
http://www.securityfocus.com/bid/57543
FreeIPA Cross-Realm Trust key Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57542
Barracuda SSL VPN Multiple Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/57540
SSSD Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/57539
Google Web Toolkit CVE-2012-5920 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57538
Multiple Barracuda Products Security Bypass and Backdoor Unauthorized Access Vulnerabilities
http://www.securityfocus.com/bid/57537
TripAdvisor for iOS Man in the Middle Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57535
2013年1月24日木曜日
24日 木曜日、赤口
+ RHSA-2013:0188 Important: ipa security update
http://rhn.redhat.com/errata/RHSA-2013-0188.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5484
+ Google Chrome 24.0.1312.56 released
http://googlechromereleases.blogspot.jp/2013/01/stable-channel-update_22.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0843
+ CESA-2013:0168 Moderate CentOS 5 kernel Update
http://lwn.net/Alerts/533699/
+ CESA-2013:0169 Moderate CentOS 6 vino Update
http://lwn.net/Alerts/533564/
+ CESA-2013:0180 Important CentOS 5 mysql Update
http://lwn.net/Alerts/533696/
+ UPDATE: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc
+ UPDATE: Cisco Prime LAN Management Solution Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms
+ HPSBMU02841 SSRT100724 rev.1 - HP Diagnostics Server, Remote Execution of Arbitrary Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03645497-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ Multiple Tomcat vulnerabilities in Oracle Health Sciences Clinical Development Center
https://blogs.oracle.com/sunsecurity/entry/multiple_tomcat_vulnerabilities_in_oracle1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534
+ RHSA-2013:0189 Important: ipa-client security update
http://rhn.redhat.com/errata/RHSA-2013-0189.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5484
+ RHSA-2013:0180 Important: mysql security update
http://rhn.redhat.com/errata/RHSA-2013-0180.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611
+ RHSA-2013:0168 Moderate: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-0168.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515
+ SA51906 Linux Kernel "xen_failsafe_callback()" IRET Handling Denial of Service Weakness
http://secunia.com/advisories/51906/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0190
+ Cisco Wireless LAN Controller Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57524
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1105
+ PHP 'openssl_encrypt()' Function Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57462
ウイルスバスターコーポレートエディション 10.6 Service Pack 2 公開停止のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1893
DC4420 - London DEFCON - January 2013 meet. Tuesday 29th January 2013
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00099.html
[slackware-security] mysql (SSA:2013-022-01)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00098.html
[security bulletin] HPSBMU02841 SSRT100724 rev.1 - HP Diagnostics Server, Remote Execution of Arbitrary Code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00097.html
Wordpress Valums Uploader - File Upload Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00095.html
CVE-2013-1402 - DigiLIBE Management Console - Execution After Redirect (EAR) Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00094.html
SEC Consult SA-20130122-1 :: F5 BIG-IP SQL injection vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00093.html
SEC Consult SA-20130122-0 :: F5 BIG-IP XML External Entity Injection vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00092.html
Wordpress Developer Formatter CSRF Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00091.html
Looking for security contacts
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00090.html
[SECURITY] [DSA 2611-1] movabletype-opensource security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00089.html
[HITB-Announce] REMINDER: #HITB2013AMS Call for Papers Closes 8th Feb
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00088.html
[SECURITY] [DSA 2610-1] ganglia security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00087.html
コンピュータウイルス・不正アクセス届出状況および相談受付状況 [2012年年間]
http://www.ipa.go.jp/security/txt/2013/2012outline.html
世界のセキュリティ・ラボから
数値重視は禁物、高度なマルウエアのリスク
http://itpro.nikkeibp.co.jp/article/COLUMN/20130121/450633/?ST=security
データ漏洩の実態~フォレンジック調査で見た真実
[第7回]データ漏洩の84%で痕跡を発見、セキュリティにおけるログの威力を認識しよう
tpro.nikkeibp.co.jp/article/COLUMN/20130123/451361/?ST=security
ハイパーギア、Webを動的に書き換えて情報漏洩を防ぐソフトを発表
http://itpro.nikkeibp.co.jp/article/NEWS/20130123/451482/?ST=security
日本HP、スマホのSSOログインを簡素化するソフト製品群を発売
http://itpro.nikkeibp.co.jp/article/NEWS/20130123/451468/?ST=security
農水省がサイバー攻撃調査委の議事公表、「省内の対応も検証」
http://itpro.nikkeibp.co.jp/article/NEWS/20130123/451241/?ST=security
安全対策は「セキュリティを盲信しない」
http://itpro.nikkeibp.co.jp/article/COLUMN/20130112/449246/?ST=security
日本オラクルがDBセキュリティ製品、不正アクセス防御と監査向けログ管理を統合して提供
http://itpro.nikkeibp.co.jp/article/NEWS/20130122/451081/?ST=security
JVNDB-2012-005828 (JVNVU#92426910) (JVNTA13-015A) Internet Explorer に任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005828.html
JVNDB-2013-001230 Cisco WebEx Training Center における権限による制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001230.html
JVNDB-2013-001229 Cisco WebEx Training Center におけるハンズオンラボセッションの予約を削除される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001229.html
JVNDB-2013-001228 EMC AlphaStor の Device Manager におけるフォーマットストリングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001228.html
JVNDB-2013-001227 EMC AlphaStor の Device Manager における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001227.html
JVNDB-2013-001226 Siemens SIMATIC RF-MANAGER および RF-MANAGER Basic におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001226.html
JVNDB-2013-001225 CODESYS Runtime System の Runtime Toolkit におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001225.html
JVNDB-2013-001224 CODESYS Runtime System の Runtime Toolkit におけるコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001224.html
JVNDB-2013-001223 EMC Avamar Client および EMC Avamar Plugin における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001223.html
JVNDB-2013-001222 Schneider Electric Interactive Graphical SCADA System におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001222.html
JVNDB-2013-001221 Schneider Electric Software Update Utility のクライアントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001221.html
JVNDB-2012-005801 IBM Rational Automation Framework におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005801.html
JVNDB-2013-001220 Cisco Nexus 7000 シリーズのスイッチ上で稼働する Cisco NX-OS におけるサービス運用妨害 (メモリ消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001220.html
JVNDB-2013-001219 uTorrent の create torrent dialog 機能におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001219.html
JVNDB-2013-001218 Cisco Adaptive Security Appliances におけるサービス運用妨害 (デバイスクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001218.html
JVNDB-2012-005908 IBM Intelligent Operations Center におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005908.html
JVNDB-2013-001217 IBM TFIM および TFIMBG における OpenID プロバイダのデータを偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001217.html
JVNDB-2013-001216 Cisco Adaptive Security Appliances におけるサービス運用妨害 (デバイスクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001216.html
JVNDB-2013-001215 RPM の lib/package.c における RPM の署名確認を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001215.html
JVNDB-2013-001214 Firefly Media Server におけるサービス運用妨害 (NULL ポインタデリファレンス) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001214.html
JVNDB-2012-005907 Inkscape のラスタ化プロセスにおける任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005907.html
JVNDB-2013-001213 JBoss Enterprise Portal Platform の GateIn Portal におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001213.html
JVNDB-2013-001212 Red Hat Enterprise Linux で使用される SquirrelMail におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001212.html
JVNDB-2013-001211 EMC NetWorker の nsrindexd におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001211.html
JVNDB-2013-001210 IBM Tivoli Federated Identity Manager におけるパスワードを破られる脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001210.html
JVNDB-2013-001209 Samba における LDAP ディレクトリオブジェクトの変更上の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001209.html
JVNDB-2013-001208 Windows 上の Cisco VPN Client におけるサービス運用妨害 (カーネルフォルト および システムクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001208.html
JVNDB-2013-001207 SpecView の Web サーバにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001207.html
JVNDB-2013-001206 GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001206.html
JVNDB-2013-001205 Cisco WebEx Training Center におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001205.html
JVNDB-2013-001204 Cisco WebEx Social におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001204.html
JVNDB-2013-001203 Linux 上の Cisco Prime LAN Management Solution における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001203.html
JVNDB-2013-001202 Cisco TelePresence Video Communication Server における会議を作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001202.html
JVNDB-2013-001201 Cisco ASA 1000V Cloud Firewall 用 ASA ソフトウェアにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001201.html
JVNDB-2013-000003 (JVN#99681273) μ-s およびネットマニア版 PHPウェブログシステムにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000003.html
JVNDB-2013-001014 (JVNTA13-008A) Microsoft .NET Framework の Windows Forms コンポーネントにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001014.html
JVNDB-2013-001017 (JVNTA13-008A) Microsoft .NET Framework における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001017.html
JVNDB-2012-005815 OpenStack Keystone の tools/sample_data.sh における Amazon EC2 へのアクセス権を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005815.html
JVNDB-2012-005882 TWiki および Foswiki におけるサービス運用妨害 (メモリ消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005882.html
JVNDB-2013-001200 Oracle E-Business Suite の Oracle Applications Framework におけるブックマーク可能なページの処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001200.html
JVNDB-2013-001199 Oracle E-Business Suite の Oracle Payroll における給与明細書表示の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001199.html
JVNDB-2013-001198 Oracle E-Business Suite の Oracle アプリケーション・テクノロジ・スタックにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001198.html
JVNDB-2013-001197 Oracle E-Business Suite の Oracle Applications Framework における Diagnostics の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001197.html
JVNDB-2013-001196 Oracle E-Business Suite の Human Resources におけるセキュリティ・グループの処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001196.html
JVNDB-2013-001195 Oracle E-Business Suite の Oracle Universal Work Queue における UWQ Server Issue の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001195.html
JVNDB-2013-001194 Oracle E-Business Suite の Oracle Marketing におけるキャンペーン管理の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001194.html
JVNDB-2013-001193 Oracle E-Business Suite の Oracle CRM Technical Foundation における Application Framework の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001193.html
JVNDB-2013-001192 Oracle E-Business Suite の Oracle Applications Framework における Diagnostics の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001192.html
JVNDB-2013-001191 複数の Oracle Enterprise Manager 製品における User Interface Framework の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001191.html
JVNDB-2013-001190 複数の Oracle Enterprise Manager 製品における Storage Management の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001190.html
JVNDB-2013-001189 複数の Oracle Enterprise Manager 製品における Resource Manager の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001189.html
JVNDB-2013-001188 複数の Oracle Enterprise Manager 製品における Policy Framework の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001188.html
JVNDB-2013-001187 複数の Oracle Enterprise Manager 製品における Enterprise Configuration Management の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001187.html
JVNDB-2013-001186 複数の Oracle Enterprise Manager 製品における Distributed/Cross DB Features の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001186.html
JVNDB-2013-001185 複数の Oracle Enterprise Manager 製品における Distributed/Cross DB Features の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001185.html
JVNDB-2013-001184 複数の Oracle Enterprise Manager 製品における Distributed/Cross DB Features の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001184.html
JVNDB-2013-001183 複数の Oracle Enterprise Manager 製品における Database Cloning の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001183.html
JVNDB-2013-001182 複数の Oracle Enterprise Manager 製品における Content Management の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001182.html
JVNDB-2013-001181 Oracle Enterprise Manager Grid Control の APM における Business Transaction Management の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001181.html
JVNDB-2013-001180 Oracle Enterprise Manager Grid Control の APM における Business Transaction Management の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001180.html
JVNDB-2013-001179 Oracle Enterprise Manager Grid Control の APM における Business Transaction Management の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001179.html
JVNDB-2013-001178 Oracle Siebel CRM における Highly Interactive Web UI の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001178.html
JVNDB-2013-001177 Oracle Siebel CRM における Siebel Core - Server Infrastructure の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001177.html
JVNDB-2013-001176 Oracle Siebel CRM における Siebel Core - Server Infrastructure の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001176.html
JVNDB-2013-001175 Oracle Siebel CRM における Siebel Calendar の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001175.html
JVNDB-2013-001174 Oracle Siebel CRM における Siebel Calendar の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001174.html
JVNDB-2013-001173 Oracle Siebel CRM における Security の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001173.html
JVNDB-2013-001172 Oracle Siebel CRM における Siebel Apps - Multi-channel Technologies の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001172.html
JVNDB-2013-001171 Oracle Siebel CRM における Siebel Apps - Multi-channel Technologies の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001171.html
JVNDB-2013-001170 Oracle Siebel CRM における Siebel Core - Server Infrastructure の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001170.html
JVNDB-2013-001169 Oracle Siebel CRM における Siebel UI Framework の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001169.html
JVNDB-2013-001168 Oracle PeopleSoft Products の PeopleSoft PeopleTools における PIA Core Technology の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001168.html
JVNDB-2013-001167 Oracle PeopleSoft Products の PeopleSoft PeopleTools における PIA Core Technology の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001167.html
JVNDB-2013-001166 Oracle PeopleSoft Products の PeopleSoft PeopleTools における PeopleBooks - PSOL の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001166.html
JVNDB-2013-001165 Oracle PeopleSoft Products の PeopleSoft PeopleTools における PeopleCode の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001165.html
JVNDB-2013-001164 Oracle PeopleSoft Products の PeopleSoft PeopleTools における Portal の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001164.html
JVNDB-2013-001163 Oracle PeopleSoft Products の PeopleSoft PeopleTools における Portal の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001163.html
JVNDB-2013-001162 Oracle PeopleSoft Products の PeopleSoft PeopleTools における Security の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001162.html
JVNDB-2013-001161 Oracle PeopleSoft Products の PeopleSoft PeopleTools における Rich Text Editor の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001161.html
JVNDB-2013-001160 Oracle PeopleSoft Products の PeopleSoft HRMS における Mobile Company Directory の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001160.html
JVNDB-2013-001159 Oracle PeopleSoft Products の PeopleSoft HRMS における Candidate Gateway の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001159.html
JVNDB-2013-001158 Oracle PeopleSoft Products の PeopleSoft PeopleTools における Security の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001158.html
JVNDB-2013-001157 Oracle PeopleSoft Products の PeopleSoft PeopleTools における Query の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001157.html
JVNDB-2013-001156 Oracle Fusion Middleware の Oracle Application Server Single Sign-On における脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001156.html
JVNDB-2013-001155 Oracle Fusion Middleware の Oracle Outside In Technology における Outside In Filters の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001155.html
JVNDB-2013-001154 Oracle Fusion Middleware の Oracle Outside In Technology における Outside In Filters の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001154.html
JVNDB-2013-001153 Oracle Fusion Middleware の Oracle Access Manager における OAM Webgate の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001153.html
JVNDB-2013-001152 Oracle Supply Chain Products Suite の Oracle Agile PLM Framework における Security の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001152.html
Using Metasploit for Patch Sanity Checks
https://isc.sans.edu/diary.html?storyid=14992
Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code
http://www.securitytracker.com/id/1028027
F5 BIG-IP Input Validation Flaws Lets Remote Users Inject SQL Commands and Download Files
http://www.securitytracker.com/id/1028025
Movable Type Flaw in 'mt-upgrade.cgi' Lets Remote Users Inject SQL and Other Commands
http://www.securitytracker.com/id/1028022
EMC Avamar Unsafe Directory Permissions Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028021
EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028020
F5 BIG-IP 11.2.0 SQL Injection
http://cxsecurity.com/issue/WLB-2013010171
F5 BIG-IP 11.2.0 XML External Entity Injection
http://cxsecurity.com/issue/WLB-2013010172
Java Applet Method Handle Remote Code Execution
http://cxsecurity.com/issue/WLB-2013010174
Java Applet AverageRangeStatisticImpl Remote Code Execution
http://cxsecurity.com/issue/WLB-2013010175
Xampp Dos And Full Path Disclosur
http://cxsecurity.com/issue/WLB-2013010180
phpMiniAdmin 1.8.120510 Multiple XSS
http://cxsecurity.com/issue/WLB-2013010179
Adult Webmaster Script Password Disclosure
http://cxsecurity.com/issue/WLB-2013010178
Cardoza WordPress Poll 34.05 SQL Injection
http://cxsecurity.com/issue/WLB-2013010177
DigiLIBE Management Console 3.4 Execution After Redirect
http://cxsecurity.com/issue/WLB-2013010176
Perforce P4web 2011 / 2012 Web Client Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013010173
Paypal.com Blind SQL Injection
http://cxsecurity.com/issue/WLB-2013010170
Wordpress Developer Formatter CSRF Vulnerability
http://cxsecurity.com/issue/WLB-2013010169
EMC AlphaStor 4.0 Code Execution
http://cxsecurity.com/issue/WLB-2013010167
EMC Avamar Client Privilege Elevation
http://cxsecurity.com/issue/WLB-2013010168
SUSE update for otrs
http://secunia.com/advisories/51956/
IBM WebSphere Application Server Multiple Vulnerabilities
http://secunia.com/advisories/51945/
IBM WebSphere Application Server Multiple Vulnerabilities
http://secunia.com/advisories/51931/
SUSE update for freeradius-server
http://secunia.com/advisories/51962/
SUSE update for nagios
http://secunia.com/advisories/51958/
SAP NetWeaver SDM Multiple Vulnerabilities
http://secunia.com/advisories/51740/
SUSE update for acroread
http://secunia.com/advisories/51959/
Proficy Real-Time Information Portal Two Information Disclosure Security Issues
http://secunia.com/advisories/51746/
SUSE update for opera
http://secunia.com/advisories/51929/
Red Hat update for mysql
http://secunia.com/advisories/51937/
ownCloud Multiple Vulnerabilities
http://secunia.com/advisories/51872/
SUSE update for horde3-kronolith
http://secunia.com/advisories/51908/
SUSE update for freetype2
http://secunia.com/advisories/51900/
gpEasy CMS "section" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51899/
WordPress Developer Formatter Plugin Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/51912/
Red Hat update for kernel
http://secunia.com/advisories/51934/
Cisco TelePresence Video Communication Server Policy Service Access Bypass Vulnerability
http://secunia.com/advisories/51933/
Linux Kernel "xen_failsafe_callback()" IRET Handling Denial of Service Weakness
http://secunia.com/advisories/51906/
Performance Co-Pilot Two Insecure Temporary Files Security Issues
http://secunia.com/advisories/51932/
Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/51935/
Ubuntu update for kernel
http://secunia.com/advisories/51939/
Apache OFBiz Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51812/
EMC AlphaStor Command Injection and Format String Vulnerabilities
http://secunia.com/advisories/51930/
Xen Two Nested Virtualization Denial of Service Vulnerabilities
http://secunia.com/advisories/51874/
EMC Avamar Cache Files Insecure Permissions Security Issue
http://secunia.com/advisories/51926/
Ubuntu update for mysql-5.1, mysql-5.5, and mysql-dfsg-5.1
http://secunia.com/advisories/51904/
Ubuntu update for vino
http://secunia.com/advisories/51902/
Lenovo Bluetooth with Enhanced Data Rate Software Insecure Library Loading Vulnerability
http://secunia.com/advisories/51846/
myu-s Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51755/
PDF-XChange Viewer JPEG Stream Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/51855/
Red Hat update for vino
http://secunia.com/advisories/51919/
Debian update for ganglia
http://secunia.com/advisories/51837/
Linux Kernel ASLR Security Bypass Weakness
http://www.securityfocus.com/bid/52687
Linux Kernel IPv6 CVE-2012-4444 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56891
Xen 'extent_order' Values Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56798
Performance Co-Pilot Multiple Vulnerabilities
http://www.securityfocus.com/bid/55041
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5830 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56641
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0759 Address Bar URI Spoofing Vulnerability
http://www.securityfocus.com/bid/57228
Xen 'HVMOP_set_mem_access' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56799
Xen Bitmap Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56796
Xen 'XENMEM_exchange' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56797
Xen Grant Table Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56794
HP Diagnostics Server 'magentservice.exe' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55159
WeeChat Color Decoding Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56482
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0767 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57195
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0770 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57207
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4218 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56640
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0769 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57203
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0749 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57205
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0768 Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57204
Mozilla Firefox and SeaMonkey CVE-2013-0751 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57260
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0747 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57240
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0760 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57199
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0746 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57238
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0743 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57258
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0748 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57234
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0750 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57235
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0753 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57209
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0758 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57232
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0757 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57236
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0766 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57194
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0771 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57198
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0761 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57196
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0744 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57218
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4213 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56638
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0754 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57217
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0756 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57215
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0755 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57213
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0764 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57211
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5829 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56636
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4214 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56628
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4217 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56639
git-extras Multiple Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/57480
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4205 Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56621
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-4201 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56618
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4202 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56614
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5836 Denial of Service Vulnerability
http://www.securityfocus.com/bid/56616
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5843 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/56612
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4204 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56613
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5842 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/56611
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5835 Integer Overflow Vulnerability
http://www.securityfocus.com/bid/56643
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5838 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56644
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5833 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56642
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5839 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56637
WeeChat 'hook_process()' Function Remote Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/56584
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4216 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56634
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4215 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56633
Mozilla Firefox, SeaMonkey, and Thunderbird HZ-GB-2312 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56632
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4212 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56630
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4208 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56627
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4209 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56629
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5840 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56635
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-5841 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56631
Google Chrome Prior to 23.0.1271.91 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56684
Oracle MySQL and MariaDB 'acl_get()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56769
MariaDB CVE-2012-4414 Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/55498
libotr2 Package Multiple Heap Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54907
bogofilter Base64 Encoding '=' Character Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41339
Xen 'xen_failsafe_callback()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57433
Performance Co-Pilot CVE-2012-5530 Multiple Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/56656
Oracle MySQL CVE-2012-2749 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/55120
Sleuth Kit CVE-2012-5619 Detection Evasion Security Bypass Weakness
http://www.securityfocus.com/bid/56810
Qt 'QSslSocket::sslErrors()' Certificate Validation Security Weakness
http://www.securityfocus.com/bid/57162
MoinMoin CVE-2012-6081 Multiple Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/57082
MoinMoin CVE-2012-6082 Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/57089
MoinMoin wiki CVE-2012-6080 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/57076
Ruby on Rails CVE-2013-0156 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57187
Ruby on Rails CVE-2013-0155 Unsafe SQL Query Generation Vulnerability
http://www.securityfocus.com/bid/57192
Oracle Java SE CVE-2012-5076 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56054
Oracle Java SE CVE-2012-5088 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56057
Nagios Core 'get_history()' Function Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56879
Xen 'set_msi_source_id()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57223
Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
http://www.securityfocus.com/bid/56813
Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56814
Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
http://www.securityfocus.com/bid/56402
Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56812
IBM WebSphere Application Server CVE-2012-3330 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/56459
Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
http://www.securityfocus.com/bid/56403
IBM WebSphere Application Server CVE-2012-4853 Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56458
Oracle MySQL CVE-2012-2122 User Login Security Bypass Vulnerability
http://www.securityfocus.com/bid/53911
Drupal User Relationships Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/57528
Drupal Keyboard Shortcut Utility Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/57527
Drupal CurvyCorners Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57526
Drupal Video Module Arbitrary PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/57525
Cisco Wireless LAN Controller Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57524
SAP NetWeaver SDM Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57523
gpEasy CMS 'section' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57522
iTop CVE-2013-0805 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/57520
IBM WebSphere Application Server CVE-2013-0461 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57509
Movable Type Multiple SQL Injection and Command Injection Vulnerabilities
http://www.securityfocus.com/bid/57490
Vino Framebuffer Request Processing Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/47681
Vino CVE-2012-4429 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55548
Oracle MySQL Server CVE-2013-0367 Remote Security Vulnerability
http://www.securityfocus.com/bid/57408
Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability
http://www.securityfocus.com/bid/57416
Oracle MySQL Server CVE-2012-0572 Remote Security Vulnerability
http://www.securityfocus.com/bid/57385
Oracle MySQL Server CVE-2012-0574 Remote Security Vulnerability
http://www.securityfocus.com/bid/57414
Oracle MySQL Server CVE-2012-0578 Remote Security Vulnerability
http://www.securityfocus.com/bid/57334
Oracle MySQL Server CVE-2012-5060 Remote Security Vulnerability
http://www.securityfocus.com/bid/57411
Oracle MySQL Server CVE-2013-0371 Remote Security Vulnerability
http://www.securityfocus.com/bid/57415
Oracle MySQL Server Heap Overflow Vulnerability
http://www.securityfocus.com/bid/56768
Oracle MySQL Server CVE-2013-0385 Local Security Vulnerability
http://www.securityfocus.com/bid/57412
Oracle MySQL Server CVE-2012-5096 Remote Security Vulnerability
http://www.securityfocus.com/bid/57400
Oracle MySQL Server CVE-2013-0386 Remote Security Vulnerability
http://www.securityfocus.com/bid/57418
Oracle MySQL Server CVE-2013-0389 Remote Security Vulnerability
http://www.securityfocus.com/bid/57417
Oracle MySQL Server CVE-2013-0375 Remote Security Vulnerability
http://www.securityfocus.com/bid/57391
Oracle MySQL Server CVE-2013-0368 Remote Security Vulnerability
http://www.securityfocus.com/bid/57397
Oracle MySQL Server CVE-2013-0383 Remote Security Vulnerability
http://www.securityfocus.com/bid/57405
Oracle MySQL Server CVE-2012-1705 Remote Security Vulnerability
http://www.securityfocus.com/bid/57410
Oracle MySQL Server CVE-2012-1702 Remote Security Vulnerability
http://www.securityfocus.com/bid/57388
Linux Kernel CVE-2012-5517 NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56527
Linux Kernel KVM CVE-2012-4461 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56414
Linux Kernel 'tcp_illinois_info()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56346
Linux Kernel 'uname()' System Call Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55855
Linux Kernel 'binfmt_script.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55878
Linux Kernel 'ext4_convert_unwritten_exten()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56238
Linux Kernel hypervkvpd 'hv_kvp_daemon.c' Netlink Packet Processing Denial of Service Vulnerability
http://www.securityfocus.com/bid/56710
PHP 'openssl_encrypt()' Function Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57462
IBM Tivoli Federated Identity Manager 'OpenID' Attribute Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/56390
IBM Intelligent Operations Center HTML Injection Vulnerability
http://www.securityfocus.com/bid/56970
Cisco VPN Client for Windows CVE-2012-5429 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57483
Perforce P4Web Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/57514
WebYaST CVE-2012-0435 Hosts List Modification Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57511
GE Proficy Real-Time Information Portal Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/57506
GE Proficy CIMPLICITY Directory Traversal and Remote Command Execution Vulnerabilities
http://www.securityfocus.com/bid/57505
Lenovo Bluetooth with Enhanced Data Rate Software DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/57504
Adult Webmaster PHP Starter Script Password Disclosure Vulnerability
http://www.securityfocus.com/bid/57503
Google Chrome Prior to 24.0.1312.56 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57502
F5 BIG-IP CVE-2012-3000 SQL Injection Vulnerability
http://www.securityfocus.com/bid/57500
DigiLIBE CVE-2013-1402 Execution-After-Redirect Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57499
myu-s and PHP WeblogSystem Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57498
ownCloud Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57497
Xen CVE-2013-0151 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57495
Xen CVE-2013-0152 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57494
PDF-XChange Viewer PDF File Handling Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57491
Cisco WebEx Training Center CVE-2013-1110 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57488
登録:
投稿 (Atom)