:: IT Security Neophyte Investigator's MEMO ::: 17日木曜日、大安

2013年1月17日木曜日

17日木曜日、大安

+ RHSA-2013:0165 Important: java-1.7.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2013-0165.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0422

+ UPDATE: APSB13-03 Security update: Hotfix available for ColdFusion
http://www.adobe.com/support/security/bulletins/apsb13-03.html

+ Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130116-asa1000v
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5419

+ Linux kernel 3.2.37 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.37

+ Oracle E-Business Suite CVE-2013-0397 Remote Security Vulnerability
http://www.securityfocus.com/bid/57351

+ Oracle MySQL Server CVE-2013-0367 Remote Security Vulnerability
http://www.securityfocus.com/bid/57408

+ Oracle MySQL Server CVE-2013-0389 Remote Security Vulnerability
http://www.securityfocus.com/bid/57417

ウイルスバスター2012 クラウドプログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1871

Advisory: SafeGuard Enterprise - Sophos releases patch for potential vulnerabilty in SGN 5.x and SGE/SDE 5.5x
http://www.sophos.com/en-us/support/knowledgebase/112655.aspx

Cisco Security Advisory: Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00067.html

DC4420 - 2013 CFP
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00068.html

[slackware-security] freetype (SSA:2013-015-01)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00063.html

「IPA重要インフラ情報セキュリティシンポジウム2013」開催のご案内
～今後の対策と戦略：制御システムとサイバー攻撃への取組みを中心に～
http://www.ipa.go.jp/security/event/2013/cip_sympo/index.html

「ブラウザーではJavaを無効に」――Javaの脆弱性に注意喚起相次ぐ
Java 7 Update 11への更新が急務、インストールされているバージョンの確認を
http://itpro.nikkeibp.co.jp/article/NEWS/20130117/450004/?ST=security

認証“改革”待ったなし
生体認証が世界に広がる
http://itpro.nikkeibp.co.jp/article/COLUMN/20121227/447065/?ST=security

ゾーホー、FWログ解析ソフト新版でPalo Alto/Blue Coatの上位ログをレポート化
http://itpro.nikkeibp.co.jp/article/NEWS/20130116/449908/?ST=security

Javaゼロデイ攻撃は米国を中心に蔓延、シマンテック調べ
http://itpro.nikkeibp.co.jp/article/NEWS/20130116/449721/?ST=security

JVNVU#92426910 Internet Explorer に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU92426910/

JVNTA13-015A Microsoft 製品における CVE-2012-4792 に対するアップデート
http://jvn.jp/cert/JVNTA13-015A/

86 Oracle Updates
https://isc.sans.edu/diary.html?storyid=14962

Samba Active Directory Domain Controller Access Control Flaw Lets Remote Authenticated Gain Write Access to Certain Objects
http://www.securitytracker.com/id/1028006

Cisco ASA 1000V Cloud Firewall H.323 Inspection Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028005

MySQL Multiple Bugs Let Remote Authenticated Users Take Full Control or Deny Service and Let Local Users Access and Modify Data
http://www.securitytracker.com/id/1028004

Oracle VM Bug Lets Local Users Deny Service and Partially Modify Data
http://www.securitytracker.com/id/1028003

Solaris Bugs Let Remote Users Partially Access Data and Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028002

Oracle Siebel Enterprise Bugs Let Remote Users Partially Deny Service, Access Data, and Modify Data
http://www.securitytracker.com/id/1028001

Oracle PeopleSoft and JD Edwards Products Bugs Let Remote Users Partially Access and Modify Data
http://www.securitytracker.com/id/1028000

Oracle E-Business Suite Bugs Let Remote Users Partially Access and Modify Data
http://www.securitytracker.com/id/1027999

Oracle Enterprise Manager Grid Control Multiple Bugs Let Remote Users Partially Access and Modify Data and Cause Partial Denial of Service Conditions
http://www.securitytracker.com/id/1027998

Oracle Supply Chain Products Suite Bug Lets Remote Users Partially Access Data
http://www.securitytracker.com/id/1027997

Oracle Fusion Middleware Bugs Let Remote Users Deny Service and Modify Data
http://www.securitytracker.com/id/1027996

Oracle Database Mobile Server Multiple Bugs Let Remote Users Gain Access and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1027995

Oracle Database Bug in Spatial Component Lets Remote Authenticated Users Gain Full Control
http://www.securitytracker.com/id/1027994

Wordtrainer .ORD File Buffer Overflow Exploit
http://www.securiteam.com/exploits/5BP3B1P8VU.html

win7 keylayout Blue Screen Exploit
http://www.securiteam.com/exploits/5SP391P8VW.html

TomatoCart Unrestricted File Creation Exploit
http://www.securiteam.com/exploits/5RP381P8VC.html

SnackAmp Malicious aiff File Denial of Service Exploit
http://www.securiteam.com/exploits/5QP371P8VI.html

ProQuiz CSRF Exploit
http://www.securiteam.com/exploits/5PP361P8VO.html

Oracle VM VirtualBox Local Denial of Service Exploit
http://www.securiteam.com/exploits/5OP351P8VU.html

Microsoft Internet Explorer CButton Object Use-After-Free Exploit
http://www.securiteam.com/exploits/5DP3E1P8US.html

LANDesk Lenovo ThinkManagement Console Remote Command Execution Exploit
http://www.securiteam.com/exploits/5CP3D1P8UU.html

IBM Lotus QuickR qp2 ActiveX Buffer Overflow Exploit
http://www.securiteam.com/exploits/5BP3C1P8UW.html

FlexNet License Server Manager lmgrd Buffer Overflow Exploit
http://www.securiteam.com/exploits/5ZP3A1P8UA.html

Apple Quicktime plugin - Windows 4.1.2 (Japanese) Remote Overflow Exploit
http://www.securiteam.com/exploits/5QP381P8US.html

Apple Quicktime plugin - Windows 4.1.2 (Japanese) Remote Overflow Vulnerability
http://www.securiteam.com/exploits/5PP371P8UU.html

REMOTE: Nagios3 history.cgi Host Command Execution
http://www.exploit-db.com/exploits/24159

Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability
http://cxsecurity.com/issue/WLB-2013010140

Java Applet JMX Remote Code Execution *youtube
http://cxsecurity.com/issue/WLB-2013010098

PHP-FPM universal SSRF bypass safe_mode/disabled_functions/open_basedir
http://cxsecurity.com/issue/WLB-2013010139

Oracle Application Framework Diagnostic Mode Bypass Vulnerability
http://cxsecurity.com/issue/WLB-2013010138

php-chart 1.0 PHP Code Exec
http://cxsecurity.com/issue/WLB-2013010137

Trimble Infrastructure GNSS Series Receivers XSS
http://cxsecurity.com/issue/WLB-2013010136

Novell NCP Pre-Auth Remote Stack-Based Buffer Overflow
http://cxsecurity.com/issue/WLB-2013010133

phpLiteAdmin 1.8.x & 1.9.x SQL Injection
http://cxsecurity.com/issue/WLB-2013010135

Snews CMS SQL Injection
http://cxsecurity.com/issue/WLB-2013010134

Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability
http://secunia.com/advisories/51897/

Trimble NetRS Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51859/

Rack Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/51815/

Oracle Application Server Single Sign-On Unspecified Data Manipulation Vulnerability
http://secunia.com/advisories/51895/

Barracuda Web Application Firewall Unspecified Script Insertion Vulnerability
http://secunia.com/advisories/51854/

Xen "xen_failsafe_callback()" IRET Handling Denial of Service Weakness
http://secunia.com/advisories/51834/

Debian update for qemu and qemu-kvm
http://secunia.com/advisories/51794/

Oracle Management Pack for Oracle GoldenGate Apache Tomcat Denial of Service Vulnerability
http://secunia.com/advisories/51880/

Oracle GoldenGate Veridata Apache Tomcat Denial of Service Vulnerability
http://secunia.com/advisories/51879/

Oracle Access Manager Data Manipulation Vulnerability
http://secunia.com/advisories/51878/

Oracle PeopleSoft Enterprise HRMS Two Vulnerabilities
http://secunia.com/advisories/51888/

Oracle E-Business Suite Multiple Vulnerabilities
http://secunia.com/advisories/51886/

Oracle Agile PLM Framework Information Disclosure Weakness
http://secunia.com/advisories/51887/

Piwik Unspecified Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51833/

Oracle JD Edwards EnterpriseOne Tools Enterprise Infrastructure SEC Information Disclosure
http://secunia.com/advisories/51890/

Oracle Siebel CRM Multiple Vulnerabilities
http://secunia.com/advisories/51891/

Oracle MySQL Server Multiple Vulnerabilities
http://secunia.com/advisories/51894/

Oracle Database Multiple Vulnerabilities
http://secunia.com/advisories/51876/

Oracle Enterprise Manager Grid Control Multiple Vulnerabilities
http://secunia.com/advisories/51884/

Oracle Database Mobile Server / Database Lite Multiple Vulnerabilities
http://secunia.com/advisories/51877/

Oracle VirtualBox Unspecified Privilege Escalation Vulnerability
http://secunia.com/advisories/51893/

Oracle PeopleSoft Enterprise PeopleTools Multiple Vulnerabilities
http://secunia.com/advisories/51889/

Red Hat update for JBoss Enterprise SOA Platform
http://secunia.com/advisories/51864/

Oracle Outside In Technology Paradox Database Stream Filter Vulnerabilities
http://secunia.com/advisories/50121/

Oracle Solaris Multiple Vulnerabilities
http://secunia.com/advisories/51892/

Sun Storage Common Array Manager Unspecified Information Disclosure Vulnerability
http://secunia.com/advisories/51875/

Oracle Java Runtime Environment CVE-2012-3174 Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57312

Oracle Java Runtime Environment CVE-2013-0422 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57246

Ruby on Rails CVE-2013-0155 Unsafe SQL Query Generation Vulnerability
http://www.securityfocus.com/bid/57192

QEMU CVE-2012-6075 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57420

Oracle E-Business Suite CVE-2013-0397 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57351

phpShop 'module_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/57320

PhpShop Cross-Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37227

HP PKI ActiveX Control Denial of Service Vulnerability
http://www.securityfocus.com/bid/51341

Pragyan CMS 'fileget' Parameter Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/51360

Orchard 'ReturnUrl' Parameter URI Redirection Vulnerability
http://www.securityfocus.com/bid/51260

WordPress Connections Plugin Unspecified Security Vulnerability
http://www.securityfocus.com/bid/51204

WordPress Age Verification plugin 'redirect_to' Parameter URI Redirection Vulnerability
http://www.securityfocus.com/bid/51357

dl Download Ticket Service Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/51347

phpShop 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/27570

Nagios Core 'get_history()' Function Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56879

Ettercap Multiple Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/57175

Oracle Java SE CVE-2012-5085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56067

FreeType Versions Prior to 2.4.11 Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/57041

Drupal Better Revisions Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54910

Drupal Activism Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/55288

Drupal Elegant Theme Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/55043

Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56812

Oracle E-Business Suite CVE-2013-0376 Remote Security Vulnerability
http://www.securityfocus.com/bid/57375

Oracle MySQL Server CVE-2013-0367 Remote Security Vulnerability
http://www.securityfocus.com/bid/57408

Oracle JD Edwards EnterpriseOne Tools CVE-2012-1678 Remote Security Vulnerability
http://www.securityfocus.com/bid/57413

Drupal Live CSS Module Arbitrary PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/57436

Schneider Electric Products Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57435

Xen 'xen_failsafe_callback()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57433

Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability
http://www.securityfocus.com/bid/57432

Rack Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/57430

Oracle MySQL Server CVE-2013-0389 Remote Security Vulnerability
http://www.securityfocus.com/bid/57417

:: IT Security Neophyte Investigator's MEMO ::

2013年1月17日木曜日

17日木曜日、大安

0 件のコメント:

コメントを投稿

2013年1月17日木曜日

17日 木曜日、大安

0 件のコメント:

コメントを投稿

17日木曜日、大安