2013年1月8日火曜日
8日 火曜日、先勝
+ APSA13-01 Security Advisory for ColdFusion
http://www.adobe.com/support/security/advisories/apsa13-01.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0631
+ APSB13-02 Prenotification Security Advisory for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb13-02.html
+ HPSBOV02833 SSRT101043 rev.1 - OpenVMS running Java on Integrity Servers, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03596813-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5089
+ HPSBUX02829 SSRT100883 rev.1 - HP-UX Running X Font Server (xfs) Software, Local Denial of Service (DoS), Unauthorized Access
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03557425-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1699
+ Microsoft Security Advisory (2798897) Fraudulent Digital Certificates Could Allow Spoofing
http://technet.microsoft.com/en-us/security/advisory/2798897
+ マイクロソフト セキュリティ アドバイザリ (2798897) 不正なデジタル証明書により、なりすましが行われる
http://technet.microsoft.com/ja-jp/security/advisory/2798897
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2794220) Internet Explorer の脆弱性により、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2794220
+ FreeBSD 9.1-RELEASE released
http://www.freebsd.org/releases/9.1R/relnotes-detailed.html
+ Linux kernel 3.2.36 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.36
+ Microsoft Internet Explorer 'CDwnBindInfo' Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4792
Check Point response to MAB XSS and CSRF vulnerabilities
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk91000&src=securityAlerts
パスワードマネージャー PC版プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1883
Advisory: SafeGuard Configuration Protection - a tool to avoid potential issues after upgrading clients running Sophos Anti-Virus has now been released
http://www.sophos.com/en-us/support/knowledgebase/118461.aspx
ProFTPD 1.3.5rc1 released
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5rc1
Internet Explorer の脆弱性の回避策について (KB2794220)(CVE-2012-4792)
http://www.ipa.go.jp/security/ciadr/vul/20130104-ms.html
今月の呼びかけ
http://www.ipa.go.jp/security/txt/2013/01outline.html
IEに危険な脆弱性が発覚、悪用した「ゼロデイ攻撃」が出現
パッチは未公開、攻撃を回避するツール「Fix it」は利用可能
http://itpro.nikkeibp.co.jp/article/NEWS/20130108/448101/?ST=security
シマンテック、エンドポイント向けセキュリティ新版で管理サーバーをクラウド提供
http://itpro.nikkeibp.co.jp/article/NEWS/20130107/447942/?ST=security
「適度に怖がろう」2013年セキュリティ事始め
http://itpro.nikkeibp.co.jp/article/COLUMN/20121227/447241/?ST=security
[セキュリティ/標的型攻撃]スマートフォンセキュリティに注目集まる
http://itpro.nikkeibp.co.jp/article/COLUMN/20121218/445204/?ST=security
2013年は「モバイル端末が狙われる」、McAfeeのサイバー脅威予測
http://itpro.nikkeibp.co.jp/article/NEWS/20121228/447327/?ST=security
JVNVU#92426910 Internet Explorer に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU92426910/
JVN#74829345 Android OS を搭載した複数の端末におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN74829345/
[security bulletin] HPSBOV02833 SSRT101043 rev.1 - OpenVMS running Java on Integrity Servers, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00021.html
[SECURITY] [DSA 2599-1] nss security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00019.html
Facebook for Android - Information Diclosure Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00027.html
Chrome for Android - Cookie theft from Chrome by malicious Android app
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00026.html
Chrome for Android - Bypassing SOP for Local Files By Symlinks
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00025.html
Chrome for Android - Android APIs exposed to JavaScript
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00024.html
Chrome for Android - Download Function Information Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00023.html
Chrome for Android - UXSS via com.android.browser.application_id Intent extra
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00022.html
[SECURITY] [DSA 2600-1] cups security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00020.html
[SECURITY] [DSA 2598-1] weechat security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00018.html
[SECURITY] [DSA 2597-1] rails security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00017.html
CFP: InfoSec Southwest 2013
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00016.html
TomatoCart 1.x | Unrestricted File Creation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00015.html
CVE-2012-6494 - Nexpose Security Console - Session Hijacking
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00014.html
CVE-2012-6493 - Nexpose Security Console - Cross-Site Request Forgery (CSRF)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00013.html
Simple Webserver 2.3-rc1 Directory Traversal
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00012.html
Aastra IP Telephone encrypted .tuz configuration file leakage
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00011.html
AST-2012-015: Denial of Service Through Exploitation of Device State Caching
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00010.html
AST-2012-014: Crashes due to large stack allocations when using TCP
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00009.html
[ MDVSA-2013:001 ] gnupg
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00008.html
ShakaCon 2013 - Call for Papers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00007.html
AthCon 2013 CFP OPEN
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00005.html
CubeCart 5.x | Multiple Cross Site Scripting Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00003.html
CubeCart 5.x | Cross Site Request Forgery (CSRF) Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00002.html
Charybdis: Improper assumptions in the server handshake code may lead to a remote crash
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00000.html
[SECURITY] [DSA 2596-1] mediawiki-extensions security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00156.html
[SECURITY] [DSA 2595-1] ghostscript security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00155.html
[SECURITY] [DSA 2594-1] virtualbox-ose security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00154.html
[SECURITY] [DSA 2593-1] moin security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00153.html
GnuPG 1.4.12 and lower - memory access errors and keyring database corruption
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00151.html
CubeCart 5.0.7 and lower versions | Insecure Backup File Handling
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00150.html
[SECURITY] [DSA 2592-1] elinks security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00149.html
[SECURITY] [DSA 2591-1] mahara security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00148.html
SonicWall Email Security 7.4.1.x - Persistent Web Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00147.html
Log Analyzer 3.6.0 - Cross Site Scripting Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00146.html
JVNDB-2013-001008 複数の Asterisk 製品におけるサービス運用妨害 (リソース消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001008.html
JVNDB-2012-005881 SWI-Prolog の os/pl-glob.c におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005881.html
JVNDB-2012-005880 SWI-Prolog の os/pl-os.c におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005880.html
JVNDB-2013-001007 複数の Asterisk 製品におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001007.html
JVNDB-2013-001006 Ruby on Rails 用 Authlogic gem における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001006.html
JVNDB-2013-001005 Ruby on Rails の Active Record コンポーネントにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001005.html
JVNDB-2012-005879 UNIX 上で稼働する Opera における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005879.html
JVNDB-2012-005878 Opera におけるアドレスフィールドを偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005878.html
JVNDB-2012-005877 Opera における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005877.html
JVNDB-2013-001004 e107 の e107_admin/download.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001004.html
JVNDB-2013-001003 e107 の e107_admin/newspost.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001003.html
JVNDB-2012-005866 GNU Grep おける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005866.html
JVNDB-2012-005865 MoinMoin におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005865.html
JVNDB-2012-005864 MoinMoin の theme/__init__.py におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005864.html
JVNDB-2012-005863 MoinMoin における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005863.html
JVNDB-2013-001002 MoinMoin の AttachFile アクションにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001002.html
JVNDB-2012-005862 ownCloud の bookmarks/js/bookmarks.js におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005862.html
JVNDB-2012-005861 ownCloud における user_webdavauth および user_ldap の設定を変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005861.html
JVNDB-2012-005860 Drupal 用 Context モジュールにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005860.html
JVNDB-2012-005859 Drupal 用 Nodewords: D6 Meta Tags モジュールにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005859.html
JVNDB-2012-005858 Drupal のファイルアップロード機能における保護メカニズムを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005858.html
JVNDB-2012-005857 Drupal におけるアップロードされたファイルに関する重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005857.html
JVNDB-2012-005856 Drupal における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005856.html
JVNDB-2013-001001 WordPress 用 WP PHP widget プラグインにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001001.html
JVNDB-2012-005853 ircd-ratbox および Charybdis の modules/m_capab.c おけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005853.html
JVNDB-2012-005851 Fail2ban の server/action.py における安全でない動作を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005851.html
JVNDB-2012-005850 Polycom HDX Video End Points におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005850.html
JVNDB-2012-005849 Belkin N900 ルータの WPA2 の実装における Wi-Fi ネットワークにアクセスされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005849.html
JVNDB-2012-005847 LemonLDAP::NG におけるアクセスコントロール制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005847.html
JVNDB-2012-005846 IBM SPSS Modeler における任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005846.html
JVNDB-2012-005845 i-GEN opLYNX の Central アプリケーションにおける認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005845.html
JVNDB-2012-005844 AgileBits 1Password におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005844.html
JVNDB-2012-005843 Cisco Unified IP Phone 7900 シリーズにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005843.html
JVNDB-2012-005842 SimpleInvoices におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005842.html
JVNDB-2012-005840 MediaWiki 用 RSS Reader 拡張機能におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005840.html
JVNDB-2012-005839 Cerberus FTP Server の管理用 Web インターフェースにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005839.html
JVNDB-2012-005838 Open Constructor における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005838.html
JVNDB-2012-005837 Open Constructor におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005837.html
JVNDB-2012-005836 Open Constructor におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005836.html
JVNDB-2012-005835 Open Constructor におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005835.html
JVNDB-2012-005834 複数の Samsung Galaxy デバイス上の Android 用 SamsungDive におけるデバイスの発見を妨害される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005834.html
JVNDB-2012-005833 Lookout の端末捜索機能における任意の位置データに偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005833.html
JVNDB-2012-005832 Android 用 AVG AntiVirus の Anti-theft サービスにおける任意の位置データに偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005832.html
JVNDB-2012-005831 複数の Samsung Galaxy デバイス上の Android 用 SamsungDive における任意の位置データに偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005831.html
JVNDB-2012-005830 IBM Security AppScan Enterprise および Rational Policy Tester における SSL サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005830.html
JVNDB-2012-005829 IBM Security AppScan Enterprise および Rational Policy Tester における SSL サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005829.html
JVNDB-2012-005828 (JVNVU#92426910) Internet Explorer に任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005828.html
JVNDB-2012-005827 複数の日立製品に含まれる Collaboration - Bulletin board におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005827.html
JVNDB-2012-005818 Symfony における任意のサービスにアクセスされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005818.html
JVNDB-2012-005817 Symfony における URI の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005817.html
JVNDB-2012-005816 OpenStack Compute Folsom および Grizzly における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005816.html
JVNDB-2012-005815 OpenStack Keystone の tools/sample_data.sh における Amazon EC2 へのアクセス権を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005815.html
JVNDB-2012-005814 Ubuntu の Aptdaemon における任意のパッケージレポジトリの GPG キーをインストールされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005814.html
JVNDB-2012-005813 Ubuntu で使用される APT における重要なシェル情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005813.html
JVNDB-2012-005811 Ruby on Rails 用 Authlogic gem における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005811.html
JVNDB-2012-000112 (JVN#27691264) Android 版 Opera Mini ウェブブラウザおよび Opera Mobile ウェブブラウザにおいて任意のスクリプトが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000112.html
JVNDB-2012-005810 WordPress における有効なセッション識別子を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005810.html
JVNDB-2012-005809 Linux Kernel と一緒に配布される hypervkvpd におけるサービス運用妨害 (Daemon Exit) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005809.html
JVNDB-2012-005807 Citrix XenDesktop Virtual Desktop Agent における USB デバイスへのアクセス権を保持される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005807.html
JVNDB-2012-005806 Citrix XenApp の XML Service インターフェースにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005806.html
JVNDB-2012-005805 CA IdentityMinder におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005805.html
JVNDB-2012-005804 CA IdentityMinder における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005804.html
JVNDB-2012-005803 EMC Data Protection Advisor におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005803.html
JVNDB-2012-005802 IBM z/OS 上で稼働する Tivoli NetView における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005802.html
JVNDB-2012-005801 IBM Rational Automation Framework におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005801.html
A Bit About the NVIDIA Vulnerability
http://isc.sans.edu/diary.html?storyid=14833
Adobe ColdFusion Security Advisory
http://isc.sans.edu/diary.html?storyid=14827
D-link Wireless-G Router Year Issue (Y2K-plus-13)
http://isc.sans.edu/diary.html?storyid=14830
Blue for Reset?
http://isc.sans.edu/diary.html?storyid=14815
Patch pre-notification from Adobe and Microsoft
http://isc.sans.edu/diary.html?storyid=14821
"FixIt" Patch for CVE-2012-4792 Bypassed
http://isc.sans.edu/diary.html?storyid=14824
Memory acquisition traps
http://isc.sans.edu/diary.html?storyid=14803
New year and new CA compromised
http://isc.sans.edu/diary.html?storyid=14806
Starting the New Year on the right foot
http://isc.sans.edu/diary.html?storyid=14794
EMET 3.5: The Value of Looking Through an Attacker's Eyes
http://isc.sans.edu/diary.html?storyid=14797
VU#154201 Microsoft Internet Explorer CButton use-after-free vulnerability
http://www.kb.cert.org/vuls/id/154201
Symantec PGP Desktop Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027940
Adobe ColdFusion Bugs Let Remote Users Gain Access and Obtain Information
http://www.securitytracker.com/id/1027938
Xen Debugging Assert Validation Flaw Lets Local Guest Users Deny Service on the Host
http://www.securitytracker.com/id/1027937
Microsoft Windows Includes Some Invalid TURKTRUST Certificates
http://www.securitytracker.com/id/1027934
Ruby on Rails Input Validation Flaw in Active Record Extract Options Lets Remote Users Inject SQL Commands
http://www.securitytracker.com/id/1027933
Asterisk State Caching Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027932
Asterisk Stack Allocation Overflow Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027931
Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027930
VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027929
cPanel Input Validation Flaws in 'clientconf.html' and 'detailbw.html' Permit Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027928
NVIDIA Driver Stack Overflow Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027927
Polycom HDX Series Input Validation Flaw in Web Management Interface Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027926
SonicWALL Email Security Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027925
REMOTE: Enterasys NetSight nssyslogd.exe Buffer Overflow
http://www.exploit-db.com/exploits/23887
REMOTE: Allied Telesis AT-MCF2000M 3.0.2 Gaining Root Shell Access
http://www.exploit-db.com/exploits/23855
REMOTE: WordPress Plugin Advanced Custom Fields Remote File Inclusion
http://www.exploit-db.com/exploits/23856
REMOTE: Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability
http://www.exploit-db.com/exploits/23785
REMOTE: IBM Lotus iNotes dwa85W ActiveX Buffer Overflow
http://www.exploit-db.com/exploits/23736
REMOTE: IBM Lotus QuickR qp2 ActiveX Buffer Overflow
http://www.exploit-db.com/exploits/23737
REMOTE: Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability
http://www.exploit-db.com/exploits/23754
LOCAL: BlazeDVD 6.1 PLF Exploit DEP/ASLR Bypass (MSF)
http://www.exploit-db.com/exploits/23783
DoS/PoC: Foxit Reader <= 5.4.4.1128 Firefox Plugin npFoxitReaderPlugin.dll Stack Buffer Overflow
http://www.exploit-db.com/exploits/23944
DoS/PoC: Ettercap <= 0.7.5.1 Stack Overflow Vulnerability
http://www.exploit-db.com/exploits/23945
DoS/PoC: FoxPlayer v2.9.0 Denial of Service Vulnerability
http://www.exploit-db.com/exploits/23923
DoS/PoC: Astium VoIP PBX <= v2.1 build 25399 Remote Crash PoC
http://www.exploit-db.com/exploits/23830
DoS/PoC: Grep < 2.11 Integer Overflow Crash PoC
http://www.exploit-db.com/exploits/23779
DoS/PoC: Aktiv Player 2.80 Crash PoC
http://www.exploit-db.com/exploits/23780
DoS/PoC: Sony PC Companion 2.1 (DownloadURLToFile()) Stack-based Unicode Buffer Overflow
http://www.exploit-db.com/exploits/23565
AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution Vulnerability
http://www.securiteam.com/securitynews/5ZP2X0U8UE.html
Foxit Reader <= 5.4.4.1128 npFoxitReaderPlugin.dll Stack Buffer Overflow
http://cxsecurity.com/issue/WLB-2013010048
Drupal 6.x->7.18 getimagesize() <= Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2013010050
UploadiFive Arbitrary File Upload Vulnerability
http://cxsecurity.com/issue/WLB-2013010049
WordPress OpenInviter Information Disclosure
http://cxsecurity.com/issue/WLB-2013010047
Ettercap <= 0.7.5.1 Stack Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2013010046
bmby SQL Injection
http://cxsecurity.com/issue/WLB-2013010043
SimpleMachines Forum <= 2.0.3 File Disclosure
http://cxsecurity.com/issue/WLB-2013010045
GetSimple 3.1.2 cookie() grepped fake exploit
http://cxsecurity.com/issue/WLB-2013010044
Wordpress NextGEN Gallery plugin Cross-Site Scripting Vulnerability
http://cxsecurity.com/issue/WLB-2013010042
Wordpress wilderness SQL injection
http://cxsecurity.com/issue/WLB-2013010041
TomatoCart 1.x Cross Site Request Forgery bypass
http://cxsecurity.com/issue/WLB-2013010040
Adobe Flash Player 11.5.502.135 memory corruption
http://cxsecurity.com/issue/WLB-2012120127
TomatoCart 1.x include outdated and vulnerable Piwik extension < 0.5.5
http://cxsecurity.com/issue/WLB-2013010039
Elastix 2.3 PHP Code Injection
http://cxsecurity.com/issue/WLB-2013010032
FreePBX 2.7.0.3 & Elastix 2.3.0 SQL injection
http://cxsecurity.com/issue/WLB-2013010038
Nexpose Security Console Session Capture
http://cxsecurity.com/issue/WLB-2013010037
Nexpose Security Console Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2013010036
pfSense 2.0.1 XSS & CSRF & Command Execution
http://cxsecurity.com/issue/WLB-2013010035
ICEstate SQL Injection
http://cxsecurity.com/issue/WLB-2013010034
160By2 / Way2SMS Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2013010033
MyBB Profile Wii Friend Code 1.0 Cross Site Scripting and SQL Injection
http://cxsecurity.com/issue/WLB-2013010031
TomatoCart 1.x Unrestricted File Creation
http://cxsecurity.com/issue/WLB-2013010030
Enterasys NetSight nssyslogd.exe Buffer Overflow
http://cxsecurity.com/issue/WLB-2013010029
Ratbox IRCd Denial Of Service
http://cxsecurity.com/issue/WLB-2013010028
Simple Webserver 2.3-rc1 Directory Traversal
http://cxsecurity.com/issue/WLB-2013010027
WHMCS 5.x Authentication Bypass
http://cxsecurity.com/issue/WLB-2013010026
Simple Machines Forum 2.0.3 Path Disclosure
http://cxsecurity.com/issue/WLB-2013010025
Allied Telesis AT-MCF2000M 3.0.2 Gaining Root Shell Access
http://cxsecurity.com/issue/WLB-2013010024
Invision Power Services Invision Gallery 1.0.1 Multiple SQL Injection Vulnerabilities
http://cxsecurity.com/issue/WLB-2013010023
Wordpress plugins WP PHP widget Full Path Disclosure vulnerability
http://cxsecurity.com/issue/WLB-2013010005
WordPress Advanced Custom Fields Remote File Inclusion
http://cxsecurity.com/issue/WLB-2013010022
WordPress Shopping Cart 8.1.14 Shell Upload & SQL Injection
http://cxsecurity.com/issue/WLB-2013010021
WordPress ReFlex Gallery 1.3 Shell Upload
http://cxsecurity.com/issue/WLB-2013010020
WordPress Xerte Online 0.32 Shell Upload
http://cxsecurity.com/issue/WLB-2013010019
WordPress Uploader 1.0.4 Shell Upload
http://cxsecurity.com/issue/WLB-2013010018
Asterisk Denial of Service Through Exploitation of Device
http://cxsecurity.com/issue/WLB-2013010017
Asterisk crashes due to large stack allocations when using TCP
http://cxsecurity.com/issue/WLB-2013010016
osTicket (v1.7-DPR3) PATH DISCLOSURE XSS Open Redirect Blind SQLi
http://cxsecurity.com/issue/WLB-2013010015
osTicket v1.6 ST (stable) CSRF+BLIND SQLi
http://cxsecurity.com/issue/WLB-2013010013
osTicket 1.7-RC2-3 gafe7853 CSRF PATH DISCLOSURE XSS Open Redirect
http://cxsecurity.com/issue/WLB-2013010014
e107 v1.0.2 Administrator CSRF Resulting in SQL Injection
http://cxsecurity.com/issue/WLB-2013010012
e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution
http://cxsecurity.com/issue/WLB-2013010011
Astium VoIP PBX <= v2.1 build 25399 Multiple Vulns Remote Root Exploit
http://cxsecurity.com/issue/WLB-2013010010
Astium VoIP PBX <= v2.1 build 25399 Remote Crash PoC
http://cxsecurity.com/issue/WLB-2013010009
MyBB plugin Profile Skype ID privilege escalation.
http://cxsecurity.com/issue/WLB-2013010008
Wordpress Sahifa theme 2.4.0 CSRF and Full Path Disclosure
http://cxsecurity.com/issue/WLB-2013010007
GnuPG 1.4.12 Database Corruption
http://cxsecurity.com/issue/WLB-2013010001
CrystalAdmin Html Injection Vulnerability
http://cxsecurity.com/issue/WLB-2013010006
CubeCart 5.x Cross Site Request Forgery (CSRF)
http://cxsecurity.com/issue/WLB-2013010004
CubeCart 5.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013010003
Satellite CMS cross site scripting Vulnerability
http://cxsecurity.com/issue/WLB-2013010002
Wordpress plugins NextGEN Public Uploader Full Path Disclosure Vulnerability
http://cxsecurity.com/issue/WLB-2012120239
Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free
http://cxsecurity.com/issue/WLB-2012120238
IBM Lotus QuickR qp2 ActiveX Buffer Overflow
http://cxsecurity.com/issue/WLB-2012120237
IBM Lotus iNotes dwa85W ActiveX Buffer Overflow
http://cxsecurity.com/issue/WLB-2012120236
BlazeDVD 6.1 PLF Exploit DEP/ASLR Bypass
http://cxsecurity.com/issue/WLB-2012120235
WordPress Photo Plus & Photo Search XSS & CSRF
http://cxsecurity.com/issue/WLB-2012120234
WordPress SB Uploader 3.9 Shell Upload
http://cxsecurity.com/issue/WLB-2012120232
MoinMoin Wiki 1.9.5 remote code execution vulnerability
http://cxsecurity.com/issue/WLB-2012120232
MoinMoin Wiki 1.9.5 XSS in rss link
http://cxsecurity.com/issue/WLB-2012120231
MoinMoin Wiki 1.9.5 path traversal
http://cxsecurity.com/issue/WLB-2012120230
WordPress themes RocketTheme Multiple vulnerabilities
http://cxsecurity.com/issue/WLB-2012120229
Enterprise Resource plannin (erp) SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012120228
Ubiquiti AirOS <= 5.5.2 Remote POST-Auth Root Command Execution
http://cxsecurity.com/issue/WLB-2012120227
Polycom HDX Video End Points Web Management Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120226
SonicWall Email Security 7.4.1.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120225
Log Analyzer 3.6.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120224
RealPlayer RealMedia File Handling Buffer Overflow
http://cxsecurity.com/issue/WLB-2012120223
WordPress Asset-Manager PHP File Upload
http://cxsecurity.com/issue/WLB-2012120222
WHM editfilter.html Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120221
C-Panel dir.html Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120220
cPanel & WHM 11.34.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120219
Joomla bch and Content Shell Upload
http://cxsecurity.com/issue/WLB-2012120218
Joomla Aclassif Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120217
MyBB Profile Wii Friend Code Plugin Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/51747/
Havalite "comment" Script Insertion Vulnerability
http://secunia.com/advisories/51722/
Perl Locale::Maketext Two Code Injection Vulnerabilities
http://secunia.com/advisories/51741/
TomatoCart Cross-Site Scripting and Arbitrary PHP Code Execution Vulnerabilities
http://secunia.com/advisories/51621/
Jenkins Cryptographic Key Disclosure Vulnerability
http://secunia.com/advisories/51712/
Symantec PGP Whole Disk Encryption 0x80022058 IOCTL Handling Privilege Escalation Vulnerability
http://secunia.com/advisories/51762/
ProFTPD Race Condition Privilege Escalation Security Issue
http://secunia.com/advisories/51761/
Nexpose Security Console Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/51732/
Debian update for weechat
http://secunia.com/advisories/51700/
concrete5 Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51608/
Debian update for rails
http://secunia.com/advisories/51700/
RPM Package Manager Signature Verification Bypass Security Issue
http://secunia.com/advisories/51706/
nginx Proxy Module Certificate Verification Security Issue
http://secunia.com/advisories/51708/
WordPress WPScientist Multiple Themes Arbitrary File Upload Vulnerability
http://secunia.com/advisories/51714/
Facebook Camera for iOS Certificate Verification Security Issue
http://secunia.com/advisories/51699/
WHMCompleteSolution Google Checkout Module SQL Injection Vulnerability
http://secunia.com/advisories/51719/
WHMCompleteSolution PayPal and Google Checkout Modules Vulnerabilities
http://secunia.com/advisories/51683/
SWI-Prolog "canoniseFileName()" and "expand()" Buffer Overflow Vulnerabilities
http://secunia.com/advisories/51709/
Red Hat update for JBoss Enterprise Web Server
http://secunia.com/advisories/51736/
osTicket Cross-Site Request Forgery and SQL Injection Vulnerabilities
http://secunia.com/advisories/51710/
WordPress Google Doc Embedder Plugin Arbitrary File Disclosure Vulnerability
http://secunia.com/advisories/50832/
Asterisk Two Denial of Service Vulnerabilities
http://secunia.com/advisories/51689/
NVIDIA Graphics Drivers for Windows "nvsr" Named Pipe Buffer Overflow Vulnerability
http://secunia.com/advisories/51629/
RuggedCom Rugged Operating System Web UI Two Vulnerabilities
http://secunia.com/advisories/51718/
CubeCart Multiple Vulnerabilities
http://secunia.com/advisories/51703/
CubeCart global.inc.php File Backup Security Issue
http://secunia.com/advisories/51703/
Ruby on Rails Method Parameters SQL Injection Vulnerability
http://secunia.com/advisories/51697/
e107 Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/51687/
WordPress WP Photo Album Plus Plugin Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51679/
WordPress ReFlex Gallery Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/51698/
WordPress Xerte Online Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/51691/
WordPress Shopping Cart Plugin Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/51690/
WordPress WP Photo Album Plus Plugin "wppa-searchstring" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51669/
ShadowIRCd Server Capability Negotiation Denial of Service Vulnerability
http://secunia.com/advisories/51716/
Charybdis Server Capability Negotiation Denial of Service Vulnerability
http://secunia.com/advisories/51677/
ircd-ratbox Server Capability Negotiation Denial of Service Vulnerability
http://secunia.com/advisories/51694/
Ubuntu update for moin
http://secunia.com/advisories/51696/
Debian update for moin
http://secunia.com/advisories/51676/
MoinMoin Multiple Vulnerabilities
http://secunia.com/advisories/51663/
Symfony _internal Route Arbitrary Controller/Service Execution Vulnerability
http://secunia.com/advisories/51662/
Symfony Double-URL-Encoded Path Security Rule Bypass Vulnerability
http://secunia.com/advisories/51660/
Debian update for mediawiki-extensions
http://secunia.com/advisories/51713/
IP.Board Unspecified Vulnerability
http://secunia.com/advisories/51705/
IBM SPSS Modeler XML Document Parsing Vulnerability
http://secunia.com/advisories/51715/
Debian update for virtualbox-ose
http://secunia.com/advisories/51671/
Debian update for ghostscript
http://secunia.com/advisories/51670/
Microsoft Internet Explorer "CDwnBindInfo" Use-After-Free Vulnerability
http://secunia.com/advisories/51695/
VLC Media Player HTML Subtitle Parsing Buffer Overflow Vulnerabilities
http://secunia.com/advisories/51692/
Debian update for elinks
http://secunia.com/advisories/51569/
IBM InfoSphere Guardium Multiple Vulnerabilities
http://secunia.com/advisories/51678/
MODx Login User Enumeration Weakness
http://secunia.com/advisories/51654/
i-GEN opLYNX Central Application Authentication Bypass Vulnerability
http://secunia.com/advisories/51673/
Debian update for mahara
http://secunia.com/advisories/51638/
SUSE update for opera
http://secunia.com/advisories/51649/
SUSE update for tomcat
http://secunia.com/advisories/51693/
Oracle Java SE CVE-2012-5089 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56059
Oracle Java SE CVE-2012-5077 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56058
Oracle Java SE CVE-2012-5087 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56043
Oracle Java SE CVE-2012-5084 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56063
Oracle Java SE CVE-2012-5085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56067
Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071
Oracle Java SE CVE-2012-5083 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56025
Oracle Java SE CVE-2012-5086 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56039
Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082
Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081
Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080
ProFTPD Race Condition Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57172
Oracle Java SE CVE-2012-5071 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56061
Oracle Java SE CVE-2012-3159 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56072
Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075
Oracle Java Virtual Machine (JVM) CVE-2012-4416 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55501
Oracle Java SE CVE-2012-1532 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56051
Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083
Oracle Java SE CVE-2012-1533 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56046
Oracle Java SE CVE-2012-3143 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56055
Oracle Java SE CVE-2012-1531 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56033
Jenkins Cryptographic Key Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57171
Google Chrome for Android Prior to 18.0.1025308 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55523
Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities
http://www.securityfocus.com/bid/56993
Inkscape XML External Entity Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56965
Freeciv Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/41352
TWiki and Foswiki 'MAKETEXT' Variable Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56950
MariaDB CVE-2012-4414 Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/55498
Oracle MySQL and MariaDB 'acl_get()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56769
Piwik 'form_url' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/39144
FoxMediaTools FoxPlayer '.m3u' File Denial of Service Vulnerability
http://www.securityfocus.com/bid/52839
Microsoft Internet Explorer 'CDwnBindInfo' Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57070
CUPS CVE-2012-5519 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56494
GnuPG CVE-2012-6085 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/57102
Ruby on Rails Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/57084
TomatoCart 'json.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/57156
WeeChat 'hook_process()' Function Remote Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/56584
WeeChat SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/46612
Firefox Foxit Reader Plugin 'npFoxitReaderPlugin.dll' Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57174
Facebook for Android 'LoginActivity' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57173
Symantec PGP Whole Disk Encryption Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57170
util-linux Package 'mount' and 'umount' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57168
TomatoCart Anti-CSRF Token Security Bypass Vulnerability
http://www.securityfocus.com/bid/57167
Havalite CMS 'comment' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/57169
Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/56871
RPM CVE-2012-6088 Signature Verification Security Bypass Vulnerability
http://www.securityfocus.com/bid/57138
Enterasys Network Management Suite 'nssyslogd.exe' Component Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51124
Zend Framework 'Zend_XmlRpc' Class Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54192
SWI-Prolog Multiple Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/57134
Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56812
Symfony Double-URL-Encoded Path Security Bypass Vulnerability
http://www.securityfocus.com/bid/57078
Drupal Nodewords: D6 Meta Tags Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56833
Drupal Context Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56997
ircd-ratbox 'm_capab.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/57085
WordPress Cimy User Manager Plugin Arbitrary File Disclosure Vulnerability
http://www.securityfocus.com/bid/56229
Adobe ColdFusion CVE-2013-0631 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57166
Adobe ColdFusion CVE-2013-0629 Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/57165
Adobe ColdFusion CVE-2013-0625 Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/57164
Eye-Fi Helper CVE-2011-4696 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/57163
Xen CVE-2013-0154 Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/57159
MyBB Profile Wii Friend Code Plugin SQL Injection and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/57157
WordPress Multiple WPScientist Themes Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/57152
Tiki Wiki CMS Groupware 'unserialize()' Multiple Remote PHP Code Execution Vulnerabilities
http://www.securityfocus.com/bid/57034
Opera Web Browser Prior to 12.10 Multiple Vulnerabilities
http://www.securityfocus.com/bid/56407
Opera Web Browser Buffer Overflow and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/56594
Multiple Asterisk Products CVE-2012-5976 Stack Overflow Denial of Service Vulnerability
http://www.securityfocus.com/bid/57106
djbdns dnscache SOA Requests Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/33818
Polycom HDX Video End Points Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57057
Dnsmasq Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54353
Opera Web Browser Prior to 12.12 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56980
Opera Web Browser Prior to 12.02 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55301
Opera Web Browser Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56788
Opera Web Browser Repeated Attempts Site Access Address Bar URI Spoofing Vulnerability
http://www.securityfocus.com/bid/56984
mediawiki-extensions 'RSS_Reader' Extension HTML Injection Vulnerability
http://www.securityfocus.com/bid/57083
Wordpress Advanced Custom Fields Plugin 'acf_abspath' Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/56528
Astium PBX Denial of Service Vulnerability
http://www.securityfocus.com/bid/57095
Adobe Acrobat and Reader APSB13-02 Advance Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/57155
Aastra 6753i '.tug' Configuraton File Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57151
Rapid7 Nexpose Multiple Session Hijacking and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/57150
MoinMoin CVE-2012-6495 Multiple Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/57147
Magento 'Zend_XmlRpc' Class Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57140
nginx CVE-2011-4968 Man in The Middle Vulnerability
http://www.securityfocus.com/bid/57139
Microsoft January 2013 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/57137
WordPress Google Doc Embedder Plugin Arbitrary File Disclosure Vulnerability
http://www.securityfocus.com/bid/57133
Lookout for Android CVE-2012-6336 Spoofing Vulnerability
http://www.securityfocus.com/bid/57130
AVG AntiVirus for Android CVE-2012-6335 Spoofing Vulnerability
http://www.securityfocus.com/bid/57129
Belkin Wireless Router Default WPS PIN Security Vulnerability
http://www.securityfocus.com/bid/57128
SamsungDive for Android CVE-2012-6334 Spoofing Vulnerability
http://www.securityfocus.com/bid/57127
WordPress Uploader Plugin Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/57112
Drupal Core 'getimagesize()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57108
phpCAS 'cURL' API Security Bypass Vulnerability
http://www.securityfocus.com/bid/56680
WordPress WP Photo Album Plus Plugin Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57072
LibTIFF 'TIFFScanlineSize()' Function Heap-based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56372
LibTIFF 't2p_read_tiff_init()' Function Heap-based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54601
LibTIFF TIFF Image Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55673
LibTIFF 'DOTRANGE' Tags Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56715
Google Chrome Prior to 23.0.1271.64 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56413
ISC BIND 9 DNS64 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/56817
Qt 'QSslSocket::sslErrors()' Certificate Validation Security Weakness
http://www.securityfocus.com/bid/57162
PMSoftware Simple Web Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/57143
ConnMan CVE-2012-6459 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57136
osTicket Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/57115
osTicket Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/57111
osTicket Open-Redirection and Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/57107
Multiple Asterisk Products CVE-2012-5977 Denial of Service Vulnerability
http://www.securityfocus.com/bid/57105
Moodle 'cURL' API Security Bypass Vulnerability
http://www.securityfocus.com/bid/57104
Zabbix 'cURL' API Security Bypass Vulnerability
http://www.securityfocus.com/bid/57103
WordPress WP Photo Album Plus Plugin Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57099
WordPress Xerte Online Plugin 'save.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/57098
Astium PBX 'logon.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/57097
MyBB User Profile Skype ID Plugin 'skype' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/57096
e107 'e107_admin/download.php' Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/57093
e107 '/e107_admin/newspost.php' Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/57092
CubeCart Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/57091
Red Hat Enterprise MRG Management Console Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53000
grep CVE-2012-5667 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/57033
Dojo Versions Prior to 1.4.2 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/38739
WordPress Sahifa Theme Multiple Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/57109
WordPress Shopping Cart Plugin Multiple SQL Injection and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/57101
ICCLIB CVE-2012-4405 Out-of-Bounds Memory Write Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55494
Oracle Oracle VM Virtual Box CVE-2012-3221 Local Security Vulnerability
http://www.securityfocus.com/bid/56045
JW Player Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/48214
BlazeVideo BlazeDVD Playlist Files Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/21337
IBM Lotus Quickr 'qp2.cab' ActiveX Control Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53678
IBM Lotus iNotes Upload Module ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53879
WHMCS Insecure Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/57145
SamsungDive for Android CVE-2012-6337 Spoofing Vulnerability
http://www.securityfocus.com/bid/57131
vBulletin 'url' Parameter URI Redirection Vulnerability
http://www.securityfocus.com/bid/57118
MoinMoin CVE-2012-6082 Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/57089
Symfony CVE-2012-6432 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57080
WordPress ReFlex Gallery Plugin 'php.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/57100
WordPress SB Uploader Plugin Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/57074
MoinMoin CVE-2012-6081 Multiple Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/57082
MoinMoin wiki CVE-2012-6080 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/57076
Pligg CMS 'status' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/51273
IBM Java Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55495
Fail2ban CVE-2012-5642 Arbitrary Log Content Injection Vulnerability
http://www.securityfocus.com/bid/56963
Mahara Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/56713
Mahara XML External Entity CVE-2012-2239 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56717
Mahara Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55916
Mahara 'query' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56718
Jenkins Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56651
NuSOAP 'cURL' API Security Bypass Vulnerability
http://www.securityfocus.com/bid/57053
FalconPL 'cURL' API Security Bypass Vulnerability
http://www.securityfocus.com/bid/57051
Real Networks RealPlayer Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56956
IBM InfoSphere Guardium Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/57086
IBM SPSS Modeler CVE-2012-5769 XML Parsing Unspecified Security Vulnerability
http://www.securityfocus.com/bid/57075
WordPress TwentyTen Theme 'loo.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/57073
MODx User Enumeration Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57069
ELinks CVE-2012-4545 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57065
SonicWall Email Security Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/57062
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿