2013年1月30日水曜日
30日 水曜日、赤口
+ CESA-2013:0199 Important CentOS 6 libvirt Update
http://lwn.net/Alerts/534961/
+ Wireshark 1.8.5 released
http://www.wireshark.org/docs/relnotes/wireshark-1.8.5.html
+ Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
ウイルスバスタービジネスセキュリティサービス メンテナンスのお知らせ(2013年1月29日)
http://www.trendmicro.co.jp/support/news.asp?id=1902
Adobe Reader XI versions are vulnerable to a heap overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00121.html
XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget")
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00120.html
Unauthenticated remote access to D-Link DCS cameras
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00119.html
APPLE-SA-2013-01-28-2 Apple TV 5.2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00118.html
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00117.html
[KIS-2013-01] DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00116.html
Kohana Framework v2.3.3 - Directory Traversal Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00115.html
ESA-2013-010: EMC AlphaStor Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00114.html
Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00113.html
nCircle PureCloud Vulnerability Scanner - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00112.html
[ MDVSA-2013:005 ] perl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00111.html
[SE-2012-01] An issue with new Java SE 7 security features
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00110.html
IPA テクニカルウォッチ
『DOM Based XSS』に関するレポート
~DOM Based XSSに関する脆弱性の届出が急増~
http://www.ipa.go.jp/about/technicalwatch/20130129.html
RSAセキュリティ、あて先をホワイトリスト化して延命を図ったフィッシング攻撃を報告
http://itpro.nikkeibp.co.jp/article/NEWS/20130129/452642/?ST=security
JVNVU#95364469 Apple iOS における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU95364469/
JVNVU#90935667 Ruby on Rails の JSON 解析処理に脆弱性
http://jvn.jp/cert/JVNVU90935667/
JVNDB-2013-001301 Beijer ADP および H-Designer におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001301.html
JVNDB-2013-001300 Moodle で使用される TinyMCE 用 PHP Spellchecker における任意のアウトバウンド HTTP リクエストを誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001300.html
JVNDB-2013-001299 Moodle におけるコースレベルのカレンダーのサブスクリプションを削除される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001299.html
JVNDB-2013-001298 Moodle の blog/rsslib.php における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001298.html
JVNDB-2013-001297 Moodle の blog/rsslib.php における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001297.html
JVNDB-2013-001296 Moodle の messaging システムにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001296.html
JVNDB-2013-001295 Moodle における任意のユーザのサブミッションコメントを読まれるまたは改ざんされる脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001295.html
JVNDB-2013-001294 Moodle におけるオープンリダイレクトの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001294.html
JVNDB-2013-001293 Moodle の report/outline/index.php における隠し最終アクセス値を見つけられる脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001293.html
JVNDB-2013-001292 Moodle の backup/converter/moodle1/lib.php における任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001292.html
JVNDB-2013-001291 Moodle におけるカスタム結果を標準のサイト全体の成果に変換される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001291.html
JVNDB-2013-001290 GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY および Proficy Process Systems with CIMPLICITY における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001290.html
JVNDB-2013-001289 GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY および Proficy Process Systems with CIMPLICITY におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001289.html
JVNDB-2013-001288 GE Intelligent Platforms Proficy Real-Time Information Portal におけるユーザ名のリストを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001288.html
JVNDB-2013-001287 GE Intelligent Platforms Proficy Real-Time Information Portal における設定ファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001287.html
JVNDB-2013-001286 FreeIPA のクライアントにおけるドメイン参加の処理を偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001286.html
JVNDB-2013-001285 TripAdvisor for iOS における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001285.html
JVNDB-2013-001284 CoolPDF の Reader におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001284.html
JVNDB-2013-001283 HP Diagnostics Server におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001283.html
JVNDB-2013-001282 (JVNVU#92496224) WebYaST にホスト一覧を改ざんされる脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001282.html
JVNDB-2013-001281 (JVNVU#94409047) Foxit Advanced PDF Editor にバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001281.html
JVNDB-2013-001280 IBM WebSphere Application Server における脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001280.html
JVNDB-2013-001279 IBM WebSphere Application Server の Virtual Member Manager 管理コンソールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001279.html
JVNDB-2013-001278 IBM WebSphere Application Server の管理コンソールにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001278.html
JVNDB-2013-001277 IBM WebSphere Application Server の管理コンソールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001277.html
JVNDB-2013-001276 IBM WebSphere Application Server の管理コンソールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001276.html
JVNDB-2013-001093 (JVNVU#91613461) TL-WR841N に情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001093.html
Be Careful What you Wish For!
https://isc.sans.edu/diary.html?storyid=15025
"Get Java Fixed Up"
https://isc.sans.edu/diary.html?storyid=15031
VU#922681 Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP
http://www.kb.cert.org/vuls/id/922681
libupnp Buffer Overflows Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028057
EMC AlphaStor Drive Control Program (DCP) Buffer Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028056
Ruby on Rails Input Validation Flaw in JSON Parser Lets Remote Users Bypass Authentication, Inject SQL Commands, Execute Arbitrary Code, and Deny Service
http://www.securitytracker.com/id/1028052
Apple iOS Multiple Bugs Let Remote Users Deny Service, Execute Arbitrary Code, and Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1028051
Apple TV Bugs Let Remote Users Deny Service and Local Users Access Kernel Memory
http://www.securitytracker.com/id/1028050
libvirt Use-After-Free May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028047
REMOTE: Ruby on Rails JSON Processor YAML Deserialization Code Execution
http://www.exploit-db.com/exploits/24434
DoS/PoC: Apple Quick Time Player (Windows) Version 7.7.3 Out of Bound Read
http://www.exploit-db.com/exploits/24437
Ubuntu update for libssh
http://secunia.com/advisories/51982/
Portable UPnP SDK "unique_service_name()" Buffer Overflow Vulnerabilities
http://secunia.com/advisories/51949/
IBM Tivoli Directory Integrator JSSE Denial of Service Vulnerability
http://secunia.com/advisories/52009/
IBM WebSphere Message Broker Java Multiple Vulnerabilities
http://secunia.com/advisories/52006/
Red Hat update for libvirt
http://secunia.com/advisories/52001/
Cisco IOS XR Unspecified Denial of Service Vulnerability
http://secunia.com/advisories/51989/
libvirt "virNetMessageFree()" Use-After-Free Vulnerability
http://secunia.com/advisories/52003/
Symfony YAML Component Two Vulnerabilities
http://secunia.com/advisories/51980/
Ubuntu update for ffmpeg
http://secunia.com/advisories/51991/
WordPress SolveMedia Plugin Cross-Site Request Forgery
http://secunia.com/advisories/51927/
FFmpeg Multiple Vulnerabilities
http://secunia.com/advisories/51975/
Apple TV Kernel Memory Access Vulnerability
http://secunia.com/advisories/52004/
Red Hat update for rubygem-activesupport
http://secunia.com/advisories/51999/
Apple iOS Multiple Vulnerabilities
http://secunia.com/advisories/52002/
Ubuntu update for libav
http://secunia.com/advisories/51993/
Ruby on Rails JSON Parser YAML Handling Vulnerability
http://secunia.com/advisories/51938/
Apple Quick Time Player 7.7.3 (Windows) Out of Bound Read
http://cxsecurity.com/issue/WLB-2013010223
Ruby on Rails JSON Processor YAML Deserialization Code Execution
http://cxsecurity.com/issue/WLB-2013010222
DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability
http://cxsecurity.com/issue/WLB-2013010221
Elgg 1.8.12, 1.7.16 XSS
http://cxsecurity.com/issue/WLB-2013010220
Kohana Framework 2.3.3 Directory Traversal
http://cxsecurity.com/issue/WLB-2013010219
nCircle PureCloud Vulnerability Scanner Bypass / Injection
http://cxsecurity.com/issue/WLB-2013010218
Fortinet FortiMail IBE Appliance Application Filter Bypass
http://cxsecurity.com/issue/WLB-2013010217
libupnp Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/57602
Oracle Java SE CVE-2012-5069 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56065
Sun Solaris sendfile(3EXT) and sendfilev(3EXT) Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36083
Oracle Solaris CVE-2012-0096 Remote Vulnerability
http://www.securityfocus.com/bid/51490
LibTIFF 'tif_lzw.c' Remote Buffer Underflow Vulnerability
http://www.securityfocus.com/bid/30832
Oracle Solaris CVE-2012-0098 Local Solaris Vulnerability
http://www.securityfocus.com/bid/51499
Oracle Sun Products Suite CVE-2012-3123 Remote Solaris Vulnerability
http://www.securityfocus.com/bid/54517
Oracle Solaris CVE-2012-0103 Local Solaris Vulnerability
http://www.securityfocus.com/bid/51494
Sun Solaris NFS Version 4 Kernel Module Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35714
JNLPAppletLauncher Arbitrary File Creation Vulnerability
http://www.securityfocus.com/bid/35946
Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061
Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083
Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082
Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081
Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080
Oracle Java SE CVE-2012-5083 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56025
Oracle Java SE CVE-2012-5084 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56063
Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075
Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56076
Oracle Java SE CVE-2012-5089 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56059
Oracle Java SE CVE-2012-3159 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56072
Oracle Java SE CVE-2012-3143 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56055
Oracle Java SE CVE-2012-1533 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56046
Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071
Oracle Java SE CVE-2012-1531 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56033
Oracle Java SE CVE-2012-1532 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56051
Ruby on Rails 'convert_json_to_yaml()' Method Security Vulnerability
http://www.securityfocus.com/bid/57575
libvirt 'virNetMessageFree()' Function Use After Free Code Execution Vulnerability
http://www.securityfocus.com/bid/57578
libvirt 'virNetServerProgramDispatchCall()' Function Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/55541
RETIRED: Apple iPhone/iPad/iPod touch Prior to iOS 6.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/57572
WordPress Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57554
WordPress Plupload Plugin 'id' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57555
Elgg 'params[twitter_username]' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/57569
ZoneMinder Remote Multiple Arbitrary Command Execution Vulnerabilities
http://www.securityfocus.com/bid/57544
D-Link DCS Cameras Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/57611
IRCD-Hybrid 'try_parse_v4_netmask()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/57610
pfSense 'username' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/57605
FFmpeg Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/57600
Multiple Hunt CCTV Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57579
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿