8日 火曜日、先勝

+ APSA13-01 Security Advisory for ColdFusion
http://www.adobe.com/support/security/advisories/apsa13-01.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0631

+ APSB13-02 Prenotification Security Advisory for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb13-02.html

+ HPSBOV02833 SSRT101043 rev.1 - OpenVMS running Java on Integrity Servers, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03596813-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5089

+ HPSBUX02829 SSRT100883 rev.1 - HP-UX Running X Font Server (xfs) Software, Local Denial of Service (DoS), Unauthorized Access
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03557425-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1699

+ Microsoft Security Advisory (2798897) Fraudulent Digital Certificates Could Allow Spoofing
http://technet.microsoft.com/en-us/security/advisory/2798897

+ マイクロソフト セキュリティ アドバイザリ (2798897) 不正なデジタル証明書により、なりすましが行われる
http://technet.microsoft.com/ja-jp/security/advisory/2798897

+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2794220) Internet Explorer の脆弱性により、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2794220

+ FreeBSD 9.1-RELEASE released
http://www.freebsd.org/releases/9.1R/relnotes-detailed.html

+ Linux kernel 3.2.36 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.36

+ Microsoft Internet Explorer 'CDwnBindInfo' Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4792

Check Point response to MAB XSS and CSRF vulnerabilities
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk91000&src=securityAlerts

パスワードマネージャー PC版プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1883

Advisory: SafeGuard Configuration Protection - a tool to avoid potential issues after upgrading clients running Sophos Anti-Virus has now been released
http://www.sophos.com/en-us/support/knowledgebase/118461.aspx

ProFTPD 1.3.5rc1 released
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5rc1

Internet Explorer の脆弱性の回避策について (KB2794220)(CVE-2012-4792)
http://www.ipa.go.jp/security/ciadr/vul/20130104-ms.html

今月の呼びかけ
http://www.ipa.go.jp/security/txt/2013/01outline.html

IEに危険な脆弱性が発覚、悪用した「ゼロデイ攻撃」が出現
パッチは未公開、攻撃を回避するツール「Fix it」は利用可能
http://itpro.nikkeibp.co.jp/article/NEWS/20130108/448101/?ST=security

シマンテック、エンドポイント向けセキュリティ新版で管理サーバーをクラウド提供
http://itpro.nikkeibp.co.jp/article/NEWS/20130107/447942/?ST=security

「適度に怖がろう」2013年セキュリティ事始め
http://itpro.nikkeibp.co.jp/article/COLUMN/20121227/447241/?ST=security

［セキュリティ/標的型攻撃］スマートフォンセキュリティに注目集まる
http://itpro.nikkeibp.co.jp/article/COLUMN/20121218/445204/?ST=security

2013年は「モバイル端末が狙われる」、McAfeeのサイバー脅威予測
http://itpro.nikkeibp.co.jp/article/NEWS/20121228/447327/?ST=security

JVNVU#92426910 Internet Explorer に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU92426910/

JVN#74829345 Android OS を搭載した複数の端末におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN74829345/

[security bulletin] HPSBOV02833 SSRT101043 rev.1 - OpenVMS running Java on Integrity Servers, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00021.html

[SECURITY] [DSA 2599-1] nss security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00019.html

Facebook for Android - Information Diclosure Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00027.html

Chrome for Android - Cookie theft from Chrome by malicious Android app
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00026.html

Chrome for Android - Bypassing SOP for Local Files By Symlinks
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00025.html

Chrome for Android - Android APIs exposed to JavaScript
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00024.html

Chrome for Android - Download Function Information Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00023.html

Chrome for Android - UXSS via com.android.browser.application_id Intent extra
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00022.html

[SECURITY] [DSA 2600-1] cups security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00020.html

[SECURITY] [DSA 2598-1] weechat security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00018.html

[SECURITY] [DSA 2597-1] rails security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00017.html

CFP: InfoSec Southwest 2013
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00016.html

TomatoCart 1.x | Unrestricted File Creation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00015.html

CVE-2012-6494 - Nexpose Security Console - Session Hijacking
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00014.html

CVE-2012-6493 - Nexpose Security Console - Cross-Site Request Forgery (CSRF)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00013.html

Simple Webserver 2.3-rc1 Directory Traversal
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00012.html

Aastra IP Telephone encrypted .tuz configuration file leakage
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00011.html

AST-2012-015: Denial of Service Through Exploitation of Device State Caching
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00010.html

AST-2012-014: Crashes due to large stack allocations when using TCP
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00009.html

[ MDVSA-2013:001 ] gnupg
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00008.html

ShakaCon 2013 - Call for Papers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00007.html

AthCon 2013 CFP OPEN
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00005.html

CubeCart 5.x | Multiple Cross Site Scripting Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00003.html

CubeCart 5.x | Cross Site Request Forgery (CSRF) Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00002.html

Charybdis: Improper assumptions in the server handshake code may lead to a remote crash
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00000.html

[SECURITY] [DSA 2596-1] mediawiki-extensions security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00156.html

[SECURITY] [DSA 2595-1] ghostscript security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00155.html

[SECURITY] [DSA 2594-1] virtualbox-ose security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00154.html

[SECURITY] [DSA 2593-1] moin security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00153.html

GnuPG 1.4.12 and lower - memory access errors and keyring database corruption
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00151.html

CubeCart 5.0.7 and lower versions | Insecure Backup File Handling
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00150.html

[SECURITY] [DSA 2592-1] elinks security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00149.html

[SECURITY] [DSA 2591-1] mahara security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00148.html

SonicWall Email Security 7.4.1.x - Persistent Web Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00147.html

Log Analyzer 3.6.0 - Cross Site Scripting Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00146.html

JVNDB-2013-001008 複数の Asterisk 製品におけるサービス運用妨害 (リソース消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001008.html

JVNDB-2012-005881 SWI-Prolog の os/pl-glob.c におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005881.html

JVNDB-2012-005880 SWI-Prolog の os/pl-os.c におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005880.html

JVNDB-2013-001007 複数の Asterisk 製品におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001007.html

JVNDB-2013-001006 Ruby on Rails 用 Authlogic gem における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001006.html

JVNDB-2013-001005 Ruby on Rails の Active Record コンポーネントにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001005.html

JVNDB-2012-005879 UNIX 上で稼働する Opera における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005879.html

JVNDB-2012-005878 Opera におけるアドレスフィールドを偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005878.html

JVNDB-2012-005877 Opera における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005877.html

JVNDB-2013-001004 e107 の e107_admin/download.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001004.html

JVNDB-2013-001003 e107 の e107_admin/newspost.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001003.html

JVNDB-2012-005866 GNU Grep おける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005866.html

JVNDB-2012-005865 MoinMoin におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005865.html

JVNDB-2012-005864 MoinMoin の theme/__init__.py におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005864.html

JVNDB-2012-005863 MoinMoin における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005863.html

JVNDB-2013-001002 MoinMoin の AttachFile アクションにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001002.html

JVNDB-2012-005862 ownCloud の bookmarks/js/bookmarks.js におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005862.html

JVNDB-2012-005861 ownCloud における user_webdavauth および user_ldap の設定を変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005861.html

JVNDB-2012-005860 Drupal 用 Context モジュールにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005860.html

JVNDB-2012-005859 Drupal 用 Nodewords: D6 Meta Tags モジュールにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005859.html

JVNDB-2012-005858 Drupal のファイルアップロード機能における保護メカニズムを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005858.html

JVNDB-2012-005857 Drupal におけるアップロードされたファイルに関する重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005857.html

JVNDB-2012-005856 Drupal における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005856.html

JVNDB-2013-001001 WordPress 用 WP PHP widget プラグインにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001001.html

JVNDB-2012-005853 ircd-ratbox および Charybdis の modules/m_capab.c おけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005853.html

JVNDB-2012-005851 Fail2ban の server/action.py における安全でない動作を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005851.html

JVNDB-2012-005850 Polycom HDX Video End Points におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005850.html

JVNDB-2012-005849 Belkin N900 ルータの WPA2 の実装における Wi-Fi ネットワークにアクセスされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005849.html

JVNDB-2012-005847 LemonLDAP::NG におけるアクセスコントロール制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005847.html

JVNDB-2012-005846 IBM SPSS Modeler における任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005846.html

JVNDB-2012-005845 i-GEN opLYNX の Central アプリケーションにおける認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005845.html

JVNDB-2012-005844 AgileBits 1Password におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005844.html

JVNDB-2012-005843 Cisco Unified IP Phone 7900 シリーズにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005843.html

JVNDB-2012-005842 SimpleInvoices におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005842.html

JVNDB-2012-005840 MediaWiki 用 RSS Reader 拡張機能におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005840.html

JVNDB-2012-005839 Cerberus FTP Server の管理用 Web インターフェースにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005839.html

JVNDB-2012-005838 Open Constructor における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005838.html

JVNDB-2012-005837 Open Constructor におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005837.html

JVNDB-2012-005836 Open Constructor におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005836.html

JVNDB-2012-005835 Open Constructor におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005835.html

JVNDB-2012-005834 複数の Samsung Galaxy デバイス上の Android 用 SamsungDive におけるデバイスの発見を妨害される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005834.html

JVNDB-2012-005833 Lookout の端末捜索機能における任意の位置データに偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005833.html

JVNDB-2012-005832 Android 用 AVG AntiVirus の Anti-theft サービスにおける任意の位置データに偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005832.html

JVNDB-2012-005831 複数の Samsung Galaxy デバイス上の Android 用 SamsungDive における任意の位置データに偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005831.html

JVNDB-2012-005830 IBM Security AppScan Enterprise および Rational Policy Tester における SSL サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005830.html

JVNDB-2012-005829 IBM Security AppScan Enterprise および Rational Policy Tester における SSL サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005829.html

JVNDB-2012-005828 (JVNVU#92426910) Internet Explorer に任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005828.html

JVNDB-2012-005827 複数の日立製品に含まれる Collaboration - Bulletin board におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005827.html

JVNDB-2012-005818 Symfony における任意のサービスにアクセスされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005818.html

JVNDB-2012-005817 Symfony における URI の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005817.html

JVNDB-2012-005816 OpenStack Compute Folsom および Grizzly における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005816.html

JVNDB-2012-005815 OpenStack Keystone の tools/sample_data.sh における Amazon EC2 へのアクセス権を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005815.html

JVNDB-2012-005814 Ubuntu の Aptdaemon における任意のパッケージレポジトリの GPG キーをインストールされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005814.html

JVNDB-2012-005813 Ubuntu で使用される APT における重要なシェル情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005813.html

JVNDB-2012-005811 Ruby on Rails 用 Authlogic gem における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005811.html

JVNDB-2012-000112 (JVN#27691264) Android 版 Opera Mini ウェブブラウザおよび Opera Mobile ウェブブラウザにおいて任意のスクリプトが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000112.html

JVNDB-2012-005810 WordPress における有効なセッション識別子を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005810.html

JVNDB-2012-005809 Linux Kernel と一緒に配布される hypervkvpd におけるサービス運用妨害 (Daemon Exit) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005809.html

JVNDB-2012-005807 Citrix XenDesktop Virtual Desktop Agent における USB デバイスへのアクセス権を保持される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005807.html

JVNDB-2012-005806 Citrix XenApp の XML Service インターフェースにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005806.html

JVNDB-2012-005805 CA IdentityMinder におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005805.html

JVNDB-2012-005804 CA IdentityMinder における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005804.html

JVNDB-2012-005803 EMC Data Protection Advisor におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005803.html

JVNDB-2012-005802 IBM z/OS 上で稼働する Tivoli NetView における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005802.html

JVNDB-2012-005801 IBM Rational Automation Framework におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005801.html

A Bit About the NVIDIA Vulnerability
http://isc.sans.edu/diary.html?storyid=14833

Adobe ColdFusion Security Advisory
http://isc.sans.edu/diary.html?storyid=14827

D-link Wireless-G Router Year Issue (Y2K-plus-13)
http://isc.sans.edu/diary.html?storyid=14830

Blue for Reset?
http://isc.sans.edu/diary.html?storyid=14815

Patch pre-notification from Adobe and Microsoft
http://isc.sans.edu/diary.html?storyid=14821

"FixIt" Patch for CVE-2012-4792 Bypassed
http://isc.sans.edu/diary.html?storyid=14824

Memory acquisition traps
http://isc.sans.edu/diary.html?storyid=14803

New year and new CA compromised
http://isc.sans.edu/diary.html?storyid=14806

Starting the New Year on the right foot
http://isc.sans.edu/diary.html?storyid=14794

EMET 3.5: The Value of Looking Through an Attacker's Eyes
http://isc.sans.edu/diary.html?storyid=14797

VU#154201 Microsoft Internet Explorer CButton use-after-free vulnerability
http://www.kb.cert.org/vuls/id/154201

Symantec PGP Desktop Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027940

Adobe ColdFusion Bugs Let Remote Users Gain Access and Obtain Information
http://www.securitytracker.com/id/1027938

Xen Debugging Assert Validation Flaw Lets Local Guest Users Deny Service on the Host
http://www.securitytracker.com/id/1027937

Microsoft Windows Includes Some Invalid TURKTRUST Certificates
http://www.securitytracker.com/id/1027934

Ruby on Rails Input Validation Flaw in Active Record Extract Options Lets Remote Users Inject SQL Commands
http://www.securitytracker.com/id/1027933

Asterisk State Caching Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027932

Asterisk Stack Allocation Overflow Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027931

Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027930

VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027929

cPanel Input Validation Flaws in 'clientconf.html' and 'detailbw.html' Permit Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027928

NVIDIA Driver Stack Overflow Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027927

Polycom HDX Series Input Validation Flaw in Web Management Interface Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027926

SonicWALL Email Security Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027925

REMOTE: Enterasys NetSight nssyslogd.exe Buffer Overflow
http://www.exploit-db.com/exploits/23887

REMOTE: Allied Telesis AT-MCF2000M 3.0.2 Gaining Root Shell Access
http://www.exploit-db.com/exploits/23855

REMOTE: WordPress Plugin Advanced Custom Fields Remote File Inclusion
http://www.exploit-db.com/exploits/23856

REMOTE: Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability
http://www.exploit-db.com/exploits/23785

REMOTE: IBM Lotus iNotes dwa85W ActiveX Buffer Overflow
http://www.exploit-db.com/exploits/23736

REMOTE: IBM Lotus QuickR qp2 ActiveX Buffer Overflow
http://www.exploit-db.com/exploits/23737

REMOTE: Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability
http://www.exploit-db.com/exploits/23754

LOCAL: BlazeDVD 6.1 PLF Exploit DEP/ASLR Bypass (MSF)
http://www.exploit-db.com/exploits/23783

DoS/PoC: Foxit Reader <= 5.4.4.1128 Firefox Plugin npFoxitReaderPlugin.dll Stack Buffer Overflow
http://www.exploit-db.com/exploits/23944

DoS/PoC: Ettercap <= 0.7.5.1 Stack Overflow Vulnerability
http://www.exploit-db.com/exploits/23945

DoS/PoC: FoxPlayer v2.9.0 Denial of Service Vulnerability
http://www.exploit-db.com/exploits/23923

DoS/PoC: Astium VoIP PBX <= v2.1 build 25399 Remote Crash PoC
http://www.exploit-db.com/exploits/23830

DoS/PoC: Grep < 2.11 Integer Overflow Crash PoC
http://www.exploit-db.com/exploits/23779

DoS/PoC: Aktiv Player 2.80 Crash PoC
http://www.exploit-db.com/exploits/23780

DoS/PoC: Sony PC Companion 2.1 (DownloadURLToFile()) Stack-based Unicode Buffer Overflow
http://www.exploit-db.com/exploits/23565

AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution Vulnerability
http://www.securiteam.com/securitynews/5ZP2X0U8UE.html

Foxit Reader <= 5.4.4.1128 npFoxitReaderPlugin.dll Stack Buffer Overflow
http://cxsecurity.com/issue/WLB-2013010048

Drupal 6.x->7.18 getimagesize() <= Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2013010050

UploadiFive Arbitrary File Upload Vulnerability
http://cxsecurity.com/issue/WLB-2013010049

WordPress OpenInviter Information Disclosure
http://cxsecurity.com/issue/WLB-2013010047

Ettercap <= 0.7.5.1 Stack Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2013010046

bmby SQL Injection
http://cxsecurity.com/issue/WLB-2013010043

SimpleMachines Forum <= 2.0.3 File Disclosure
http://cxsecurity.com/issue/WLB-2013010045

GetSimple 3.1.2 cookie() grepped fake exploit
http://cxsecurity.com/issue/WLB-2013010044

Wordpress NextGEN Gallery plugin Cross-Site Scripting Vulnerability
http://cxsecurity.com/issue/WLB-2013010042

Wordpress wilderness SQL injection
http://cxsecurity.com/issue/WLB-2013010041

TomatoCart 1.x Cross Site Request Forgery bypass
http://cxsecurity.com/issue/WLB-2013010040

Adobe Flash Player 11.5.502.135 memory corruption
http://cxsecurity.com/issue/WLB-2012120127

TomatoCart 1.x include outdated and vulnerable Piwik extension < 0.5.5
http://cxsecurity.com/issue/WLB-2013010039

Elastix 2.3 PHP Code Injection
http://cxsecurity.com/issue/WLB-2013010032

FreePBX 2.7.0.3 & Elastix 2.3.0 SQL injection
http://cxsecurity.com/issue/WLB-2013010038

Nexpose Security Console Session Capture
http://cxsecurity.com/issue/WLB-2013010037

Nexpose Security Console Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2013010036

pfSense 2.0.1 XSS & CSRF & Command Execution
http://cxsecurity.com/issue/WLB-2013010035

ICEstate SQL Injection
http://cxsecurity.com/issue/WLB-2013010034

160By2 / Way2SMS Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2013010033

MyBB Profile Wii Friend Code 1.0 Cross Site Scripting and SQL Injection
http://cxsecurity.com/issue/WLB-2013010031

TomatoCart 1.x Unrestricted File Creation
http://cxsecurity.com/issue/WLB-2013010030

Enterasys NetSight nssyslogd.exe Buffer Overflow
http://cxsecurity.com/issue/WLB-2013010029

Ratbox IRCd Denial Of Service
http://cxsecurity.com/issue/WLB-2013010028

Simple Webserver 2.3-rc1 Directory Traversal
http://cxsecurity.com/issue/WLB-2013010027

WHMCS 5.x Authentication Bypass
http://cxsecurity.com/issue/WLB-2013010026

Simple Machines Forum 2.0.3 Path Disclosure
http://cxsecurity.com/issue/WLB-2013010025

Allied Telesis AT-MCF2000M 3.0.2 Gaining Root Shell Access
http://cxsecurity.com/issue/WLB-2013010024

Invision Power Services Invision Gallery 1.0.1 Multiple SQL Injection Vulnerabilities
http://cxsecurity.com/issue/WLB-2013010023

Wordpress plugins WP PHP widget Full Path Disclosure vulnerability
http://cxsecurity.com/issue/WLB-2013010005

WordPress Advanced Custom Fields Remote File Inclusion
http://cxsecurity.com/issue/WLB-2013010022

WordPress Shopping Cart 8.1.14 Shell Upload & SQL Injection
http://cxsecurity.com/issue/WLB-2013010021

WordPress ReFlex Gallery 1.3 Shell Upload
http://cxsecurity.com/issue/WLB-2013010020

WordPress Xerte Online 0.32 Shell Upload
http://cxsecurity.com/issue/WLB-2013010019

WordPress Uploader 1.0.4 Shell Upload
http://cxsecurity.com/issue/WLB-2013010018

Asterisk Denial of Service Through Exploitation of Device
http://cxsecurity.com/issue/WLB-2013010017

Asterisk crashes due to large stack allocations when using TCP
http://cxsecurity.com/issue/WLB-2013010016

osTicket (v1.7-DPR3) PATH DISCLOSURE XSS Open Redirect Blind SQLi
http://cxsecurity.com/issue/WLB-2013010015

osTicket v1.6 ST (stable) CSRF+BLIND SQLi
http://cxsecurity.com/issue/WLB-2013010013

osTicket 1.7-RC2-3 gafe7853 CSRF PATH DISCLOSURE XSS Open Redirect
http://cxsecurity.com/issue/WLB-2013010014

e107 v1.0.2 Administrator CSRF Resulting in SQL Injection
http://cxsecurity.com/issue/WLB-2013010012

e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution
http://cxsecurity.com/issue/WLB-2013010011

Astium VoIP PBX <= v2.1 build 25399 Multiple Vulns Remote Root Exploit
http://cxsecurity.com/issue/WLB-2013010010

Astium VoIP PBX <= v2.1 build 25399 Remote Crash PoC
http://cxsecurity.com/issue/WLB-2013010009

MyBB plugin Profile Skype ID privilege escalation.
http://cxsecurity.com/issue/WLB-2013010008

Wordpress Sahifa theme 2.4.0 CSRF and Full Path Disclosure
http://cxsecurity.com/issue/WLB-2013010007

GnuPG 1.4.12 Database Corruption
http://cxsecurity.com/issue/WLB-2013010001

CrystalAdmin Html Injection Vulnerability
http://cxsecurity.com/issue/WLB-2013010006

CubeCart 5.x Cross Site Request Forgery (CSRF)
http://cxsecurity.com/issue/WLB-2013010004

CubeCart 5.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013010003

Satellite CMS cross site scripting Vulnerability
http://cxsecurity.com/issue/WLB-2013010002

Wordpress plugins NextGEN Public Uploader Full Path Disclosure Vulnerability
http://cxsecurity.com/issue/WLB-2012120239

Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free
http://cxsecurity.com/issue/WLB-2012120238

IBM Lotus QuickR qp2 ActiveX Buffer Overflow
http://cxsecurity.com/issue/WLB-2012120237

IBM Lotus iNotes dwa85W ActiveX Buffer Overflow
http://cxsecurity.com/issue/WLB-2012120236

BlazeDVD 6.1 PLF Exploit DEP/ASLR Bypass
http://cxsecurity.com/issue/WLB-2012120235

WordPress Photo Plus & Photo Search XSS & CSRF
http://cxsecurity.com/issue/WLB-2012120234

WordPress SB Uploader 3.9 Shell Upload
http://cxsecurity.com/issue/WLB-2012120232

MoinMoin Wiki 1.9.5 remote code execution vulnerability
http://cxsecurity.com/issue/WLB-2012120232

MoinMoin Wiki 1.9.5 XSS in rss link
http://cxsecurity.com/issue/WLB-2012120231

MoinMoin Wiki 1.9.5 path traversal
http://cxsecurity.com/issue/WLB-2012120230

WordPress themes RocketTheme Multiple vulnerabilities
http://cxsecurity.com/issue/WLB-2012120229

Enterprise Resource plannin (erp) SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012120228

Ubiquiti AirOS <= 5.5.2 Remote POST-Auth Root Command Execution
http://cxsecurity.com/issue/WLB-2012120227

Polycom HDX Video End Points Web Management Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120226

SonicWall Email Security 7.4.1.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120225

Log Analyzer 3.6.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120224

RealPlayer RealMedia File Handling Buffer Overflow
http://cxsecurity.com/issue/WLB-2012120223

WordPress Asset-Manager PHP File Upload
http://cxsecurity.com/issue/WLB-2012120222

WHM editfilter.html Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120221

C-Panel dir.html Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120220

cPanel & WHM 11.34.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120219

Joomla bch and Content Shell Upload
http://cxsecurity.com/issue/WLB-2012120218

Joomla Aclassif Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120217

MyBB Profile Wii Friend Code Plugin Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/51747/

Havalite "comment" Script Insertion Vulnerability
http://secunia.com/advisories/51722/

Perl Locale::Maketext Two Code Injection Vulnerabilities
http://secunia.com/advisories/51741/

TomatoCart Cross-Site Scripting and Arbitrary PHP Code Execution Vulnerabilities
http://secunia.com/advisories/51621/

Jenkins Cryptographic Key Disclosure Vulnerability
http://secunia.com/advisories/51712/

Symantec PGP Whole Disk Encryption 0x80022058 IOCTL Handling Privilege Escalation Vulnerability
http://secunia.com/advisories/51762/

ProFTPD Race Condition Privilege Escalation Security Issue
http://secunia.com/advisories/51761/

Nexpose Security Console Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/51732/

Debian update for weechat
http://secunia.com/advisories/51700/

concrete5 Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51608/

Debian update for rails
http://secunia.com/advisories/51700/

RPM Package Manager Signature Verification Bypass Security Issue
http://secunia.com/advisories/51706/

nginx Proxy Module Certificate Verification Security Issue
http://secunia.com/advisories/51708/

WordPress WPScientist Multiple Themes Arbitrary File Upload Vulnerability
http://secunia.com/advisories/51714/

Facebook Camera for iOS Certificate Verification Security Issue
http://secunia.com/advisories/51699/

WHMCompleteSolution Google Checkout Module SQL Injection Vulnerability
http://secunia.com/advisories/51719/

WHMCompleteSolution PayPal and Google Checkout Modules Vulnerabilities
http://secunia.com/advisories/51683/

SWI-Prolog "canoniseFileName()" and "expand()" Buffer Overflow Vulnerabilities
http://secunia.com/advisories/51709/

Red Hat update for JBoss Enterprise Web Server
http://secunia.com/advisories/51736/

osTicket Cross-Site Request Forgery and SQL Injection Vulnerabilities
http://secunia.com/advisories/51710/

WordPress Google Doc Embedder Plugin Arbitrary File Disclosure Vulnerability
http://secunia.com/advisories/50832/

Asterisk Two Denial of Service Vulnerabilities
http://secunia.com/advisories/51689/

NVIDIA Graphics Drivers for Windows "nvsr" Named Pipe Buffer Overflow Vulnerability
http://secunia.com/advisories/51629/

RuggedCom Rugged Operating System Web UI Two Vulnerabilities
http://secunia.com/advisories/51718/

CubeCart Multiple Vulnerabilities
http://secunia.com/advisories/51703/

CubeCart global.inc.php File Backup Security Issue
http://secunia.com/advisories/51703/

Ruby on Rails Method Parameters SQL Injection Vulnerability
http://secunia.com/advisories/51697/

e107 Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/51687/

WordPress WP Photo Album Plus Plugin Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51679/

WordPress ReFlex Gallery Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/51698/

WordPress Xerte Online Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/51691/

WordPress Shopping Cart Plugin Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/51690/

WordPress WP Photo Album Plus Plugin "wppa-searchstring" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51669/

ShadowIRCd Server Capability Negotiation Denial of Service Vulnerability
http://secunia.com/advisories/51716/

Charybdis Server Capability Negotiation Denial of Service Vulnerability
http://secunia.com/advisories/51677/

ircd-ratbox Server Capability Negotiation Denial of Service Vulnerability
http://secunia.com/advisories/51694/

Ubuntu update for moin
http://secunia.com/advisories/51696/

Debian update for moin
http://secunia.com/advisories/51676/

MoinMoin Multiple Vulnerabilities
http://secunia.com/advisories/51663/

Symfony _internal Route Arbitrary Controller/Service Execution Vulnerability
http://secunia.com/advisories/51662/

Symfony Double-URL-Encoded Path Security Rule Bypass Vulnerability
http://secunia.com/advisories/51660/

Debian update for mediawiki-extensions
http://secunia.com/advisories/51713/

IP.Board Unspecified Vulnerability
http://secunia.com/advisories/51705/

IBM SPSS Modeler XML Document Parsing Vulnerability
http://secunia.com/advisories/51715/

Debian update for virtualbox-ose
http://secunia.com/advisories/51671/

Debian update for ghostscript
http://secunia.com/advisories/51670/

Microsoft Internet Explorer "CDwnBindInfo" Use-After-Free Vulnerability
http://secunia.com/advisories/51695/

VLC Media Player HTML Subtitle Parsing Buffer Overflow Vulnerabilities
http://secunia.com/advisories/51692/

Debian update for elinks
http://secunia.com/advisories/51569/

IBM InfoSphere Guardium Multiple Vulnerabilities
http://secunia.com/advisories/51678/

MODx Login User Enumeration Weakness
http://secunia.com/advisories/51654/

i-GEN opLYNX Central Application Authentication Bypass Vulnerability
http://secunia.com/advisories/51673/

Debian update for mahara
http://secunia.com/advisories/51638/

SUSE update for opera
http://secunia.com/advisories/51649/

SUSE update for tomcat
http://secunia.com/advisories/51693/

Oracle Java SE CVE-2012-5089 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56059

Oracle Java SE CVE-2012-5077 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56058

Oracle Java SE CVE-2012-5087 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56043

Oracle Java SE CVE-2012-5084 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56063

Oracle Java SE CVE-2012-5085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56067

Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071

Oracle Java SE CVE-2012-5083 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56025

Oracle Java SE CVE-2012-5086 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56039

Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082

Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081

Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080

ProFTPD Race Condition Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57172

Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061

Oracle Java SE CVE-2012-3159 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56072

Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075

Oracle Java Virtual Machine (JVM) CVE-2012-4416 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55501

Oracle Java SE CVE-2012-1532 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56051

Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083

Oracle Java SE CVE-2012-1533 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56046

Oracle Java SE CVE-2012-3143 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56055

Oracle Java SE CVE-2012-1531 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56033

Jenkins Cryptographic Key Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57171

Google Chrome for Android Prior to 18.0.1025308 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55523

Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities
http://www.securityfocus.com/bid/56993

Inkscape XML External Entity Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56965

Freeciv Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/41352

TWiki and Foswiki 'MAKETEXT' Variable Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56950

MariaDB CVE-2012-4414 Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/55498

Oracle MySQL and MariaDB 'acl_get()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56769

Piwik 'form_url' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39144

FoxMediaTools FoxPlayer '.m3u' File Denial of Service Vulnerability
http://www.securityfocus.com/bid/52839

Microsoft Internet Explorer 'CDwnBindInfo' Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57070

CUPS CVE-2012-5519 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56494

GnuPG CVE-2012-6085 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/57102

Ruby on Rails Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/57084

TomatoCart 'json.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/57156

WeeChat 'hook_process()' Function Remote Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/56584

WeeChat SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/46612

Firefox Foxit Reader Plugin 'npFoxitReaderPlugin.dll' Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57174

Facebook for Android 'LoginActivity' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57173

Symantec PGP Whole Disk Encryption Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57170

util-linux Package 'mount' and 'umount' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57168

TomatoCart Anti-CSRF Token Security Bypass Vulnerability
http://www.securityfocus.com/bid/57167

Havalite CMS 'comment' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/57169

Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/56871

RPM CVE-2012-6088 Signature Verification Security Bypass Vulnerability
http://www.securityfocus.com/bid/57138

Enterasys Network Management Suite 'nssyslogd.exe' Component Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51124

Zend Framework 'Zend_XmlRpc' Class Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54192

SWI-Prolog Multiple Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/57134

Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56812

Symfony Double-URL-Encoded Path Security Bypass Vulnerability
http://www.securityfocus.com/bid/57078

Drupal Nodewords: D6 Meta Tags Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56833

Drupal Context Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56997

ircd-ratbox 'm_capab.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/57085

WordPress Cimy User Manager Plugin Arbitrary File Disclosure Vulnerability
http://www.securityfocus.com/bid/56229

Adobe ColdFusion CVE-2013-0631 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57166

Adobe ColdFusion CVE-2013-0629 Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/57165

Adobe ColdFusion CVE-2013-0625 Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/57164

Eye-Fi Helper CVE-2011-4696 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/57163

Xen CVE-2013-0154 Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/57159

MyBB Profile Wii Friend Code Plugin SQL Injection and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/57157

WordPress Multiple WPScientist Themes Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/57152

Tiki Wiki CMS Groupware 'unserialize()' Multiple Remote PHP Code Execution Vulnerabilities
http://www.securityfocus.com/bid/57034

Opera Web Browser Prior to 12.10 Multiple Vulnerabilities
http://www.securityfocus.com/bid/56407

Opera Web Browser Buffer Overflow and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56594

Multiple Asterisk Products CVE-2012-5976 Stack Overflow Denial of Service Vulnerability
http://www.securityfocus.com/bid/57106

djbdns dnscache SOA Requests Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/33818

Polycom HDX Video End Points Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57057

Dnsmasq Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54353

Opera Web Browser Prior to 12.12 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56980

Opera Web Browser Prior to 12.02 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55301

Opera Web Browser Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56788

Opera Web Browser Repeated Attempts Site Access Address Bar URI Spoofing Vulnerability
http://www.securityfocus.com/bid/56984

mediawiki-extensions 'RSS_Reader' Extension HTML Injection Vulnerability
http://www.securityfocus.com/bid/57083

Wordpress Advanced Custom Fields Plugin 'acf_abspath' Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/56528

Astium PBX Denial of Service Vulnerability
http://www.securityfocus.com/bid/57095

Adobe Acrobat and Reader APSB13-02 Advance Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/57155

Aastra 6753i '.tug' Configuraton File Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57151

Rapid7 Nexpose Multiple Session Hijacking and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/57150

MoinMoin CVE-2012-6495 Multiple Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/57147

Magento 'Zend_XmlRpc' Class Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57140

nginx CVE-2011-4968 Man in The Middle Vulnerability
http://www.securityfocus.com/bid/57139

Microsoft January 2013 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/57137

WordPress Google Doc Embedder Plugin Arbitrary File Disclosure Vulnerability
http://www.securityfocus.com/bid/57133

Lookout for Android CVE-2012-6336 Spoofing Vulnerability
http://www.securityfocus.com/bid/57130

AVG AntiVirus for Android CVE-2012-6335 Spoofing Vulnerability
http://www.securityfocus.com/bid/57129

Belkin Wireless Router Default WPS PIN Security Vulnerability
http://www.securityfocus.com/bid/57128

SamsungDive for Android CVE-2012-6334 Spoofing Vulnerability
http://www.securityfocus.com/bid/57127

WordPress Uploader Plugin Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/57112

Drupal Core 'getimagesize()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57108

phpCAS 'cURL' API Security Bypass Vulnerability
http://www.securityfocus.com/bid/56680

WordPress WP Photo Album Plus Plugin Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57072

LibTIFF 'TIFFScanlineSize()' Function Heap-based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56372

LibTIFF 't2p_read_tiff_init()' Function Heap-based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54601

LibTIFF TIFF Image Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55673

LibTIFF 'DOTRANGE' Tags Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56715

Google Chrome Prior to 23.0.1271.64 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56413

ISC BIND 9 DNS64 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/56817

Qt 'QSslSocket::sslErrors()' Certificate Validation Security Weakness
http://www.securityfocus.com/bid/57162

PMSoftware Simple Web Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/57143

ConnMan CVE-2012-6459 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57136

osTicket Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/57115

osTicket Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/57111

osTicket Open-Redirection and Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/57107

Multiple Asterisk Products CVE-2012-5977 Denial of Service Vulnerability
http://www.securityfocus.com/bid/57105

Moodle 'cURL' API Security Bypass Vulnerability
http://www.securityfocus.com/bid/57104

Zabbix 'cURL' API Security Bypass Vulnerability
http://www.securityfocus.com/bid/57103

WordPress WP Photo Album Plus Plugin Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57099

WordPress Xerte Online Plugin 'save.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/57098

Astium PBX 'logon.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/57097

MyBB User Profile Skype ID Plugin 'skype' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/57096

e107 'e107_admin/download.php' Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/57093

e107 '/e107_admin/newspost.php' Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/57092

CubeCart Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/57091

Red Hat Enterprise MRG Management Console Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53000

grep CVE-2012-5667 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/57033

Dojo Versions Prior to 1.4.2 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/38739

WordPress Sahifa Theme Multiple Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/57109

WordPress Shopping Cart Plugin Multiple SQL Injection and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/57101

ICCLIB CVE-2012-4405 Out-of-Bounds Memory Write Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55494

Oracle Oracle VM Virtual Box CVE-2012-3221 Local Security Vulnerability
http://www.securityfocus.com/bid/56045

JW Player Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/48214

BlazeVideo BlazeDVD Playlist Files Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/21337

IBM Lotus Quickr 'qp2.cab' ActiveX Control Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53678

IBM Lotus iNotes Upload Module ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53879

WHMCS Insecure Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/57145

SamsungDive for Android CVE-2012-6337 Spoofing Vulnerability
http://www.securityfocus.com/bid/57131

vBulletin 'url' Parameter URI Redirection Vulnerability
http://www.securityfocus.com/bid/57118

MoinMoin CVE-2012-6082 Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/57089

Symfony CVE-2012-6432 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57080

WordPress ReFlex Gallery Plugin 'php.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/57100

WordPress SB Uploader Plugin Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/57074

MoinMoin CVE-2012-6081 Multiple Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/57082

MoinMoin wiki CVE-2012-6080 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/57076

Pligg CMS 'status' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/51273

IBM Java Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55495

Fail2ban CVE-2012-5642 Arbitrary Log Content Injection Vulnerability
http://www.securityfocus.com/bid/56963

Mahara Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/56713

Mahara XML External Entity CVE-2012-2239 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56717

Mahara Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55916

Mahara 'query' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56718

Jenkins Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56651

NuSOAP 'cURL' API Security Bypass Vulnerability
http://www.securityfocus.com/bid/57053

FalconPL 'cURL' API Security Bypass Vulnerability
http://www.securityfocus.com/bid/57051

Real Networks RealPlayer Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56956

IBM InfoSphere Guardium Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/57086

IBM SPSS Modeler CVE-2012-5769 XML Parsing Unspecified Security Vulnerability
http://www.securityfocus.com/bid/57075

WordPress TwentyTen Theme 'loo.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/57073

MODx User Enumeration Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57069

ELinks CVE-2012-4545 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57065

SonicWall Email Security Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/57062