2013年1月28日月曜日
28日 月曜日、仏滅
+ BIND 9.9.3b1, 9.8.5b1, 9.6-ESV-R9b1 released
https://kb.isc.org/article/AA-00866
https://kb.isc.org/article/AA-00865
https://kb.isc.org/article/AA-00864
+ BIND 9 with DNS64 enabled can unexpectedly terminate when resolving domains in RPZ
https://www.isc.org/software/bind/advisories/cve-2012-5689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5689
+ Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-asacx
Check Point response to OpenSSH CBC Mode Information Disclosure Vulnerability (CVE-2008-5161)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk36343&src=securityAlerts
Check Point's Response to "FireWall-1 RDP Bypass Vulnerability" (CA-2001-17)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk63580&src=securityAlerts
パスワードマネージャーのプログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1898
[SECURITY] [DSA 2612-1] ircd-ratbox security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00108.html
WordPress SolveMedia 1.1.0 CSRF Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00109.html
英当局がソニーに25万ポンドの罰金、2011年のプレステネット情報流出で
http://itpro.nikkeibp.co.jp/article/NEWS/20130125/451961/?ST=security
JVNDB-2011-003567 Oracle Glassfish におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003567.html
JVNDB-2012-001078 Apache Tomcat におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001078.html
JVNDB-2012-003837 Apache HTTP Server の mod_negotiation モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003837.html
JVNDB-2012-002094 Apache HTTP Server の envvars における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002094.html
JVNDB-2012-004762 Wireshark の LDP 解析機能におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004762.html
JVNDB-2012-004761 Wireshark の PPP 解析機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004761.html
JVNDB-2012-004760 Wireshark の HSRP 解析機能 におけるサービス運用妨害 (無限ループ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004760.html
JVNDB-2012-004016 Wireshark の epan/dissectors/packet-drda.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004016.html
JVNDB-2012-002959 Apache Commons Compress および Apache Ant におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002959.html
JVNDB-2013-001256 Elefant CMS の apps/admin/handlers/versions.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001256.html
JVNDB-2013-001255 WikidForum の advanced search における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001255.html
JVNDB-2013-001254 DIY-CMS の modules/poll/index.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001254.html
JVNDB-2013-001253 DiY-CMS の mod.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001253.html
JVNDB-2013-001252 DiY-CMS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001252.html
JVNDB-2013-001251 PHP Ticket System における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001251.html
JVNDB-2013-001250 eFront における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001250.html
JVNDB-2013-001249 Joomla! 用 nBill コンポーネントにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001249.html
JVNDB-2013-001248 gpEasy CMS の index.php/Admin_Preferences におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001248.html
JVNDB-2013-001247 WordPress 用 Organizer プラグインにおけるインストールパスを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001247.html
JVNDB-2013-001246 WordPress 用 Organizer プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001246.html
JVNDB-2013-001245 NetArt Media Car Portal におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001245.html
JVNDB-2013-001244 NetArt Media Car Portal における任意の PHP コードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001244.html
JVNDB-2013-001243 NetArt Media Car Portal におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001243.html
JVNDB-2013-001242 ChurchCMS の admin.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001242.html
JVNDB-2013-001241 PHP Volunteer Management におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001241.html
JVNDB-2013-001240 PHP Volunteer Management における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001240.html
JVNDB-2012-005915 GnuPG の g10/import.c における公開鍵リングのデータベースを破壊される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005915.html
JVNDB-2013-001239 Sitecom WLM-2501 におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001239.html
JVNDB-2013-001238 WordPress 用 Advanced Text Widget プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001238.html
JVNDB-2013-000004 (JVN#24343509) WebSphere Application Server (WAS) におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000004.html
HP JetDirect Vulnerabilities Discussed
https://isc.sans.edu/diary.html?storyid=15016
Blocking SSH to Limit Security Exposures
https://isc.sans.edu/diary.html?storyid=15013
Vulnerability Scans via Search Engines (Request for Logs)
https://isc.sans.edu/diary.html?storyid=15010
ISC BIND DNS64 and Response Policy Zones (RPZ) Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028046
WordPress Bugs Permit Cross-Site Scripting and Port Scanning Attacks
http://www.securitytracker.com/id/1028045
JBoss Multiple Bugs Let Remote Users Execute Arbitrary Code, Hijack User Sessions or Credentials, and Gain Elevated Privileges
http://www.securitytracker.com/id/1028042
SAP NetWeaver SPML Service XML External Entity Flaw Lets Remote Users Obtain Files
http://www.securitytracker.com/id/1028041
ProFTPD MKD/XMKD Race Condition Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028040
Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication
http://www.securitytracker.com/id/1028039
VU#806908 SUSE WebYaST remotely accessible hosts list vulnerability
http://www.kb.cert.org/vuls/id/806908
VU#275219 Foxit Advanced PDF Editor 3 contains a stack buffer overrun vulnerability
http://www.kb.cert.org/vuls/id/275219
LOCAL: Windows Manage Memory Payload Injection
http://www.exploit-db.com/exploits/24366
Photodex ProShow Producer 5.0.3297 ExpandMacroFilename() Local Buffer Overflow
http://cxsecurity.com/issue/WLB-2013010215
pkp CMS SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2013010214
stateart SQL injection Vulnerability
http://cxsecurity.com/issue/WLB-2013010213
4Dee SQL injection Vulnerability
http://cxsecurity.com/issue/WLB-2013010212
Nyatapol SQL Injection
http://cxsecurity.com/issue/WLB-2013010211
Wikidforum 2.10 Cross Site Scripting & SQL Injection
http://cxsecurity.com/issue/WLB-2012030102
Sitecom WLM-2501 Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012030113
WordPress SolveMedia 1.1.0 Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2013010210
iCart Pro 4.0.1 SQL Injection
http://cxsecurity.com/issue/WLB-2013010209
SQLiteManager 1.2.4 PHP Code Injection
http://cxsecurity.com/issue/WLB-2013010208
KMPlayer 3.5.0.77 Denial Of Service
http://cxsecurity.com/issue/WLB-2013010207
NSBuilder SQL injection and HTML injection Vulnerability
http://cxsecurity.com/issue/WLB-2013010206
DIY CMS v1.0 Poll Multiple Web Vulnerabilities
http://cxsecurity.com/issue/WLB-2012040238
Wordpress Zingiri Web Shop Plugin <= 2.4.0 Multiple XSS Vulnerabilities
http://cxsecurity.com/issue/WLB-2013010205
PHP Ticket System Beta 1 SQL Injection
http://cxsecurity.com/issue/WLB-2012040202
PHP Volunteer Management id 1.0.2 Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2013010204
ImageCMS 4.0.0b SQL Injection
http://cxsecurity.com/issue/WLB-2013010203
Windows 7/8 Attacking the Address Space Randomization
http://cxsecurity.com/issue/WLB-2013010194
Windows Manage Memory Payload Injection
http://cxsecurity.com/issue/WLB-2013010202
Aloaha PDF Crypter 3.5.0.1164 File Overwrite
http://cxsecurity.com/issue/WLB-2013010201
SonicWALL GMS 6 Arbitrary File Upload
http://cxsecurity.com/issue/WLB-2013010200
Movable Type 4.2x / 4.3x Web Upgrade Remote Code Execution
http://cxsecurity.com/issue/WLB-2013010199
Novell eDirectory 8 Buffer Overflow
http://cxsecurity.com/issue/WLB-2013010198
ZoneMinder Video Server packageControl Command Execution
http://cxsecurity.com/issue/WLB-2013010197
Barracuda SSL VPN Authentication Bypass
http://cxsecurity.com/issue/WLB-2013010196
Barracuda Networks SSHd Backdoor Accounts
http://cxsecurity.com/issue/WLB-2013010195
django CMS page_attribute Template Tag Script Insertion Vulnerability
http://secunia.com/advisories/51953/
SUSE update for WebYaST and SUSE Studio Standard Edition
http://secunia.com/advisories/51947/
Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform
http://secunia.com/advisories/51984/
F5 Products XML Entity References Information Disclosure Vulnerability
http://secunia.com/advisories/51986/
WordPress Multiple Vulnerabilities
http://secunia.com/advisories/51967/
F5 Products "defaultQuery" SQL Injection Vulnerability
http://secunia.com/advisories/51867/
IBM InfoSphere BigInsights Java Two Vulnerabilities
http://secunia.com/advisories/51914/
Perforce Web Client (P4Web) Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51924/
iTop Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51702/
ISC BIND AAAA Record Lookup Handling Assertion Failure Vulnerability
http://secunia.com/advisories/51969/
Debian update for ircd-ratbox
http://secunia.com/advisories/51802/
Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951
Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0763 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57197
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0762 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57193
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0752 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57241
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0745 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57244
Oracle Java Runtime Environment CVE-2012-3174 Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57312
Oracle Java Runtime Environment CVE-2013-0422 Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/57246
F5 BIG-IP CVE-2012-3000 SQL Injection Vulnerability
http://www.securityfocus.com/bid/57500
Spring Framework Expression Language JSP Attributes Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49543
Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56812
JBoss Cache 'NonManagedConnectionFactory.java' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51392
Xen 'xen_failsafe_callback()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57433
Samba CVE-2013-0172 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/57329
Ruby multi_xml CVE-2013-0175 Remote Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/57281
TWiki and Foswiki 'MAKETEXT' Variable Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56950
Qt 'QSslSocket::sslErrors()' Certificate Validation Security Weakness
http://www.securityfocus.com/bid/57162
Bacula Console ACL Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/55505
Drupal Keyboard Shortcut Utility Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/57527
Drupal Video Module Arbitrary PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/57525
Drupal User Relationships Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/57528
Drupal Search API Sorts Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/57530
Movable Type Multiple SQL Injection and Command Injection Vulnerabilities
http://www.securityfocus.com/bid/57490
Foxit Advanced PDF Editor CVE-2013-0107 Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57558
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿