:: IT Security Neophyte Investigator's MEMO ::: 11日金曜日、仏滅

2013年1月11日金曜日

11日金曜日、仏滅

+ Google Chrome 24.0.1312.52 released
http://googlechromereleases.blogspot.jp/2013/01/stable-channel-update.html

+ UPDATE: APSA13-01 Security Advisory for ColdFusion
http://www.adobe.com/support/security/advisories/apsa13-01.html

+ HPSBMU02838 SSRT100789 rev.1 - HP Serviceguard on Linux, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03621178-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3252

+ Oracle Critical Patch Update Pre-Release Announcement - January 2013
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

+ UPDATE: JVNTA13-008A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-008A/

+ UPDATE: JVNVU#97486520 Dell OpenManage Server Administrator にクロスサイトスクリプティングの脆弱性
http://jvn.jp/cert/JVNVU97486520/

+ UPDATE: JVNVU#96946668 BigAnt IM Message Server および関連コンポーネントに複数の脆弱性
http://jvn.jp/cert/JVNVU96946668/

+ Cisco Linksys Routers Unauthenticated Root Access Security Vulnerability
http://www.securityfocus.com/bid/57257

+ Google Chrome Prior to 24.0.1312.52 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0831

Advisory: SafeGuard Enterprise - Sophos has released a patch for an API synchronization issue causing the wrong domain NetBIOS name
http://www.sophos.com/en-us/support/knowledgebase/111296.aspx

チェックしておきたい脆弱性情報＜2013.01.11＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20130109/448526/?ST=security

ドコモがジュニア向けスマートフォンを発表、月額2980円の専用パケット料金も提供
http://itpro.nikkeibp.co.jp/article/NEWS/20130110/448862/?ST=security

「攻撃の手口がアダルトからスマホ機能改善へ」トレンドマイクロのネット脅威報告書
http://itpro.nikkeibp.co.jp/article/NEWS/20130110/448801/?ST=security

日本IBM、ログとNetFlowの相関分析で脅威を検知するソフトを出荷
http://itpro.nikkeibp.co.jp/article/NEWS/20130110/448752/?ST=security

DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00047.html

Detailed examples of two vulnerabilities in whitelisting software: SE46 (Cryptzone) and Application
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00046.html

[ MDVSA-2013:004 ] tomcat5
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00043.html

Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00045.html

OrangeHRM 2.7.1 Vacancy Name Persistent XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00044.html

[slackware-security] seamonkey (SSA:2013-009-03)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00041.html

[slackware-security] mozilla-thunderbird (SSA:2013-009-02)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00042.html

[slackware-security] mozilla-firefox (SSA:2013-009-01)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00040.html

ISC Monthly Threat Update New Format
https://isc.sans.edu/diary.html?storyid=14905

Java is still exploitable and is likely going to remain so.
https://isc.sans.edu/diary.html?storyid=14899

What Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!
https://isc.sans.edu/diary.html?storyid=14902

VU#625617 Java 7 fails to restrict access to privileged code
http://www.kb.cert.org/vuls/id/625617

Oracle Java Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027972

Xen VT-d Hardware Interrupt Remapping Bug Lets Local Users Deny Service
http://www.securitytracker.com/id/1027965

Accusoft Prizm Content Connect Arbitrary File Upload and Code Execution
http://cxsecurity.com/issue/WLB-2013010091

Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability
http://cxsecurity.com/issue/WLB-2013010090

interuse SQL Injection
http://cxsecurity.com/issue/WLB-2013010089

Ficha Sql Injection And Blind Injection
http://cxsecurity.com/issue/WLB-2013010088

Microsoft Internet Explorer Option Element Use-After-Free
http://cxsecurity.com/issue/WLB-2013010087

Nero MediaHome 4.5.8.0 Denial Of Service
http://cxsecurity.com/issue/WLB-2013010086

eXtplorer 2.1 Arbitrary File Upload Vulnerability
http://cxsecurity.com/issue/WLB-2013010085

Honeywell Tema Remote Installer ActiveX Remote Code Execution
http://cxsecurity.com/issue/WLB-2013010084

Drupal Payment 7.x Access Bypass
http://cxsecurity.com/issue/WLB-2013010083

Quick.Cms 5.0 / Quick.Cart 6.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013010082

Samsung Kies 2.5.0.12114_1 Buffer Overflow
http://cxsecurity.com/issue/WLB-2013010081

Watson Management Console 4.11.2.G Directory Traversal
http://cxsecurity.com/issue/WLB-2013010080

WeBid 1.0.6 SQL Injection
http://cxsecurity.com/issue/WLB-2013010079

Colloquy 1.3.5 / 1.3.6 Denial Of Service
http://cxsecurity.com/issue/WLB-2013010078

TinyBrowser Multiple vulnerabilities
http://cxsecurity.com/issue/WLB-2013010077

Oracle Java Unspecified Code Execution Vulnerability
http://secunia.com/advisories/51820/

Drupal Payment Module Payment Access Security Bypass Security Issue
http://secunia.com/advisories/51807/

Cisco Unified IP Phone Kernel System Call Validation Vulnerability
http://secunia.com/advisories/51768/

Drupal Search API Module Cross-Site Scripting and Script Insertion Vulnerabilities
http://secunia.com/advisories/51806/

Adiscon LogAnalyzer "viewid" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51816/

Ettercap "scan_load_hosts()" Buffer Overflow Vulnerability
http://secunia.com/advisories/51731/

WordPress GRAND FlAGallery Plugin Directory Enumeration Weakness
http://secunia.com/advisories/51601/

Zoom Player JPEG Image Processing Code Execution Vulnerability
http://secunia.com/advisories/51796/

Red Hat update for JBoss Enterprise Portal Platform
http://secunia.com/advisories/51810/

Oracle Solaris tcsd Denial of Service Vulnerability
http://secunia.com/advisories/51805/

Debian update for rails
http://secunia.com/advisories/51804/

Red Hat update for acroread
http://secunia.com/advisories/51811/

Debian update for emacs23
http://secunia.com/advisories/51748/

CiscoWorks Prime LAN Management Solution (LMS) Command Injection Vulnerability
http://secunia.com/advisories/51814/

Red Hat update for JBoss Enterprise Application Platform
http://secunia.com/advisories/51800/

REMOTE: Internet Explorer 8 Fixed Col Span ID full ASLR & DEP bypass
http://www.exploit-db.com/exploits/24017

REMOTE: eXtplorer v2.1 Arbitrary File Upload Vulnerability
http://www.exploit-db.com/exploits/24018

REMOTE: Ruby on Rails XML Processor YAML Deserialization Code Execution
http://www.exploit-db.com/exploits/24019

REMOTE: Microsoft Internet Explorer Option Element Use-After-Free
http://www.exploit-db.com/exploits/24020

REMOTE: Honeywell Tema Remote Installer ActiveX Remote Code Execution
http://www.exploit-db.com/exploits/24021

DoS/PoC: Nero MediaHome 4.5.8.0 Denial Of Service Vulnerability
http://www.exploit-db.com/exploits/24022

DoS/PoC: Colloquy 1.3.5 and 1.3.6 Denial of Service Vulnerability
http://www.exploit-db.com/exploits/24023

Adobe Flash Player and AIR CVE-2013-0630 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57184

GnuPG CVE-2012-6085 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/57102

Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
http://www.securityfocus.com/bid/56403

Microsoft Internet Explorer Option Element CVE-2011-1996 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/49961

Linux Kernel 'binfmt_script.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55878

Honeywell EBI TEMA Remote Installer ActiveX Control Arbitrary File Download Vulnerability
http://www.securityfocus.com/bid/50078

eXtplorer 'ext_find_user()' Function Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/57058

Ettercap Multiple Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/57175

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0770 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57207

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0749 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57205

Microsoft .NET Framework CVE-2013-0004 Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57113

TrouSerS CVE-2012-0698 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/55459

Ruby on Rails CVE-2013-0155 Unsafe SQL Query Generation Vulnerability
http://www.securityfocus.com/bid/57192

Ruby on Rails CVE-2013-0156 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57187

cronie CVE-2012-6097 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57191

Adobe Acrobat and Reader APSB13-02 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57155

Cisco Linksys Routers Unauthenticated Root Access Security Vulnerability
http://www.securityfocus.com/bid/57257

WordPress Gallery Plugin 'filename_1' Parameter Remote Arbitrary File Access Vulnerability
http://www.securityfocus.com/bid/57256

OrangeHRM 'vacancy name' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/57252

Google Chrome Prior to 24.0.1312.52 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57251

WeBid 'toocheckout' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/57250

Adiscon LogAnalyzer 'viewid' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57248

Oracle Java Runtime Environment Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57246

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0747 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57240

:: IT Security Neophyte Investigator's MEMO ::

2013年1月11日金曜日

11日金曜日、仏滅

0 件のコメント:

コメントを投稿

2013年1月11日金曜日

11日 金曜日、仏滅

0 件のコメント:

コメントを投稿

11日金曜日、仏滅