2013年2月28日木曜日
28日 木曜日、先勝
+ RHSA-2013:0567 Important: kernel security update
http://rhn.redhat.com/errata/RHSA-2013-0567.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0871
+ RHSA-2013:0568 Important: dbus-glib security update
http://rhn.redhat.com/errata/RHSA-2013-0568.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0292
+ APSB13-08 Security updates available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb13-08.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0648
+ Cisco Unified Presence Server Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cups
+ Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm
+ Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-hcs
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 10 上の Adobe Flash Player の脆弱性用の更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801
+ Linux kernel 3.7.10 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10
+ Sudo 1.8.6p7, 1.7.10p7 released
http://www.sudo.ws/sudo/stable.html#1.8.6p7
http://www.sudo.ws/sudo/stable.html#1.7.10p7
+ Authentication bypass when clock is reset
http://www.sudo.ws/sudo/alerts/epoch_ticket.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775
+ Potential bypass of tty_tickets constraints
http://www.sudo.ws/sudo/alerts/tty_tickets.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776
ウイルスバスタービジネスセキュリティサービス メンテナンスのお知らせ(2013年3月2日)
http://www.trendmicro.co.jp/support/news.asp?id=1917
Advisory: SafeGuard Configuration Protection - a tool to avoid potential issues after upgrading clients running Sophos Anti-Virus has now been released
http://www.sophos.com/en-us/support/knowledgebase/118461.aspx
pgBadger 3 released : now with parallel parsing
http://www.postgresql.org/about/news/1450/
Adobe Flash Player の脆弱性対策について (APSB13-08)(CVE-2013-0643等)
http://www.ipa.go.jp/security/ciadr/vul/20130227-adobeflashplayer.html
「日本的経営と情報セキュリティ研究会」報告書を公開
http://www.ipa.go.jp/security/fy24/reports/nihontekikeiei/index.html
世界のセキュリティ・ラボから
サンドボックスを通過するPDF攻撃
http://itpro.nikkeibp.co.jp/article/COLUMN/20130227/459266/?ST=security
“誤認逮捕”を防ぐWebセキュリティ強化術
[4]DNSリバインディング
http://itpro.nikkeibp.co.jp/article/COLUMN/20130218/456766/?ST=security
アンドロイダーがAndroidの「安全アプリ」情報をAPIで無償提供、MDMとも連携
http://itpro.nikkeibp.co.jp/article/NEWS/20130227/459444/?ST=security
GMOグローバルサインが政治活動向け認証サービスを開発、政党には「寄付」で提供
http://itpro.nikkeibp.co.jp/article/NEWS/20130227/459428/?ST=security
Adobe Flashに複数のセキュリティ脆弱性、今月3回目の修正リリース
http://itpro.nikkeibp.co.jp/article/NEWS/20130227/459323/?ST=security
[CD 2013]クラウドやスマホなどITの最前線が分かる専門展開幕、90セッション超えるセミナーと展示を実施
http://itpro.nikkeibp.co.jp/article/COLUMN/20130222/458181/?ST=security
原子力発電所にもサイバー攻撃、施設が一時停止に追い込まれたケースも
http://itpro.nikkeibp.co.jp/article/Interview/20130226/459134/?ST=security
“誤認逮捕”を防ぐWebセキュリティ強化術
[3]HTTPヘッダーインジェクションとクリックジャッキング
http://itpro.nikkeibp.co.jp/article/COLUMN/20130218/456765/?ST=security
[SECURITY] [DSA 2634-1] python-django security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00144.html
[SECURITY] [DSA 2633-1] fusionforge security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00143.html
[ MDVSA-2013:015 ] apache
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00141.html
Denial of Service vulnerability in War FTP Daemon 1.82
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00142.html
[SECURITY] [DSA 2632-1] linux-2.6 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00140.html
[slackware-security] seamonkey (SSA:2013-056-01)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00139.html
JVN#16817324 複数のジャストシステム製品において任意のコードが実行される脆弱性
http://jvn.jp/jp/JVN16817324/index.html
JVNDB-2013-001544 (JVNVU#92991067) Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001544.html
JVNDB-2013-001543 (JVNVU#92991067) Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001543.html
JVNDB-2013-001698 (JVNVU#90797811) Dell PowerConnect 6248P にサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001698.html
JVNDB-2013-001697 (JVNVU#91334049) CS-Cart に検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001697.html
JVNDB-2013-001696 Apache HTTP Server の mod_proxy_balancer モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001696.html
JVNDB-2013-001695 Apache HTTP Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001695.html
JVNDB-2013-001694 CloudBees Jenkins におけるマスターの暗号化キーを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001694.html
JVNDB-2013-001693 Roundcube Webmail におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001693.html
JVNDB-2013-001692 JForum の jforum.page におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001692.html
JVNDB-2013-001691 Red Hat OpenShift Origin における任意のファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001691.html
JVNDB-2013-001690 Red Hat OpenShift Origin の rhc-chk.rb における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001690.html
JVNDB-2013-001689 Red Hat OpenShift Origin におけるオープンリダイレクトの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001689.html
JVNDB-2013-001688 Red Hat OpenShift Origin における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001688.html
JVNDB-2013-001687 Red Hat Enterprise Linux で使用される autofs におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001687.html
JVNDB-2013-001686 複数の OpenStack 製品におけるサービス運用妨害 (ディスク消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001686.html
JVNDB-2013-001685 複数の OpenStack 製品の store/swift.py における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001685.html
JVNDB-2013-001684 System Security Services Daemon におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001684.html
JVNDB-2013-001683 System Security Services Daemon における任意のファイルを作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001683.html
JVNDB-2013-001682 OpenConnect の http.c におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001682.html
JVNDB-2013-001681 3S CODESYS Gateway-Server におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001681.html
JVNDB-2013-001680 3S CODESYS Gateway-Server における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001680.html
JVNDB-2013-001679 3S CODESYS Gateway-Server における整数符号エラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001679.html
JVNDB-2013-001678 3S CODESYS Gateway-Server におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001678.html
JVNDB-2013-001677 3S CODESYS Gateway-Server における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001677.html
JVNDB-2013-001676 複数の Honeywell 製品の HscRemoteDeploy.dll における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001676.html
JVNDB-2013-001675 Bugzilla におけるプライベートプロダクト名を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001675.html
JVNDB-2013-001674 Bugzilla の show_bug.cgi におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001674.html
JVNDB-2013-001673 Novell GroupWise のクライアントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001673.html
JVNDB-2013-001672 Novell GroupWise のクライアント内の gwcls1.dll における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001672.html
JVNDB-2013-001671 (JVNVU#96946668) BigAntSoft BigAnt IM Message Server におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001671.html
JVNDB-2013-001670 (JVNVU#96946668) BigAntSoft BigAnt IM Message Server における任意のファイルを作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001670.html
JVNDB-2013-001669 (JVNVU#96946668) BigAntSoft BigAnt IM Message Server における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001669.html
JVNDB-2013-001668 IBM WebSphere Cast Iron における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001668.html
JVNDB-2013-001667 複数の VMware 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001667.html
JVNDB-2013-001666 Google Chrome の WebKit の MathML の実装における脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001666.html
JVNDB-2013-001665 Google Chrome の ICU 機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001665.html
JVNDB-2013-001664 Google Chrome で使用される Opus の src/opus_decoder.c における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001664.html
JVNDB-2013-001663 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001663.html
JVNDB-2013-001662 Google Chrome の PDF 機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001662.html
JVNDB-2013-001661 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001661.html
JVNDB-2013-001660 Google Chrome における任意のプログラムを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001660.html
JVNDB-2013-001659 Google Chrome で使用される FFmpeg の libavcodec におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001659.html
JVNDB-2013-001658 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001658.html
JVNDB-2013-001657 Google Chrome の IPC レイヤにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001657.html
JVNDB-2013-001656 Google Chrome における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001656.html
JVNDB-2013-001655 Google Chrome の IPC レイヤにおけるサービス運用妨害 (メモリ破損) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001655.html
JVNDB-2013-001654 Google Chrome における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001654.html
JVNDB-2013-001653 Google Chrome で使用される Skia におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001653.html
JVNDB-2013-001652 Google Chrome の developer-tools プロセスにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001652.html
JVNDB-2013-001651 Mac OS X 上で稼働する Google Chrome における脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001651.html
JVNDB-2013-001650 Google Chrome における脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001650.html
JVNDB-2013-001649 Google Chrome における脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001649.html
JVNDB-2013-001648 Google Chrome で使用される Skia におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001648.html
JVNDB-2013-001647 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001647.html
JVNDB-2013-001646 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001646.html
JVNDB-2013-001645 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001645.html
JVNDB-2013-001644 Google Chrome におけるサービス運用妨害 (メモリ破損) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001644.html
JVNDB-2013-000015 (JVN#16817324) 複数のジャストシステム製品において任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000015.html
Libxml2 Entity Expansion May Let Remote Users Deny Service
http://www.securitytracker.com/id/1028212
Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028210
McAfee VirusScan Enterprise Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028209
Cisco Cloud Portal nsAPI Permission Validation Flaw Lets Remote Authenticated Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1028208
Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1028207
Cisco ASA NAT Connections Table Memory Exhaustion Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028206
GIT 'git-imap-send' Certificate Validation Flaw Lets Remote Users Spoof an IMAP Server
http://www.securitytracker.com/id/1028205
Guest Diary: Dylan Johnson - There's value in them there logs!
https://isc.sans.edu/diary.html?storyid=15289
All I need Java for is ....
https://isc.sans.edu/diary.html?storyid=15283
REMOTE: Kordil EDMS v2.2.60rc3 Unauthenticated Arbitrary File Upload Vulnerability
http://www.exploit-db.com/exploits/24547
REMOTE: Glossword v1.8.8 - 1.8.12 Arbitrary File Upload Vulnerability
http://www.exploit-db.com/exploits/24548
REMOTE: PolarPearCms PHP File Upload Vulnerability
http://www.exploit-db.com/exploits/24549
LOCAL: Archlinux x86-64 3.3.x-3.7.x x86-64 sock_diag_handlers[] Local Root
http://www.exploit-db.com/exploits/24555
Linux Kernel 3.2 VFAT slab-based buffer overflow
http://cxsecurity.com/issue/WLB-2013020202
Archlinux/x86-64 3.1.x-3.7.x x86-64 CVE-2013-1763 sock_diag_handlers[] warez
http://cxsecurity.com/issue/WLB-2013020201
Linux Kernel 3.0/3.4 buffer overflow call_console_drivers() Function Log
http://cxsecurity.com/issue/WLB-2013020197
Brewthology 0.1 SQL Injection
http://cxsecurity.com/issue/WLB-2013020200
Gambas /tmp Directory Hijack
http://cxsecurity.com/issue/WLB-2013020199
War FTP Daemon 1.82 Denial Of Service
http://cxsecurity.com/issue/WLB-2013020198
WordPress Comment Rating Plugin Security Bypass Weakness and SQL Injection Vulnerability
http://secunia.com/advisories/52348/
War FTP Daemon "CDUP" Command Processing Denial of Service Vulnerability
http://secunia.com/advisories/52362/
Dell SonicWALL Scrutinizer Script Insertion and SQL Injection Vulnerabilities
http://secunia.com/advisories/52177/
Dell SonicWALL Scrutinizer Script Insertion and SQL Injection Vulnerabilities
http://secunia.com/advisories/52169/
TAO "id" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52327/
Debian update for fusionforge
http://secunia.com/advisories/52371/
OpenStack Compute (Nova) VNC Console Token Validation Security Bypass Weakness
http://secunia.com/advisories/52337/
DataTables TableTools Plugin Two "id" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/52333/
IP.Board IP.Blog Module ModCP Information Disclosure Security Issue
http://secunia.com/advisories/52405/
FusionForge Insecure File Permissions Security Issue
http://secunia.com/advisories/52318/
IBM Multiple Products Java Two Vulnerabilities
http://secunia.com/advisories/52402/
IP.Board IP.Gallery Module Gallery Profile Information Disclosure Security Issue
http://secunia.com/advisories/52397/
IP.Board IP.Downloads Module Two Security Issues
http://secunia.com/advisories/52382/
IP.Board IP.Calendar Module Denial of Service Vulnerability
http://secunia.com/advisories/52373/
Cisco ASA Xlate Table Exhaustion Denial of Service Vulnerability
http://secunia.com/advisories/52331/
IBM InfoSphere Guardium S-TAP for DB2 Component Privilege Escalation Vulnerability
http://secunia.com/advisories/52372/
Debian update for python-django
http://secunia.com/advisories/52350/
Citrix XenServer Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/52353/
Red Hat update for kernel
http://secunia.com/advisories/52399/
Microsoft Windows Flash Player Multiple Vulnerabilities
http://secunia.com/advisories/52392/
Red Hat update for dbus-glib
http://secunia.com/advisories/52375/
Adobe Flash Player Multiple Vulnerabilities
http://secunia.com/advisories/52374/
Libxml2 Entity Expansion Denial of Service Vulnerability
http://secunia.com/advisories/52277/
SAP NetWeaver Multiple Vulnerabilities
http://secunia.com/advisories/52385/
JustSystems Multiple Products Unspecified Code Execution Vulnerability
http://secunia.com/advisories/52379/
IBM Security Network Intrusion Prevention System OpenSSL Multiple Vulnerabilities
http://secunia.com/advisories/52334/
Piwigo User Collections Plugin ZeroClipboard Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52309/
Trac MultiProject Plugin Multiple Vulnerabilities
http://secunia.com/advisories/52266/
CS-Cart PayPal Payment Security Bypass Vulnerability
http://secunia.com/advisories/52393/
Cisco Cloud Portal nsAPI Interface Information Disclosure Security Issue
http://secunia.com/advisories/52376/
IBM System Storage TS3500 Tape Library Web Interface Security Bypass Vulnerability
http://secunia.com/advisories/52345/
Ubuntu update for kernel
http://secunia.com/advisories/52326/
Linux Kernel "__sock_diag_rcv_msg()" Privilege Escalation Vulnerability
http://secunia.com/advisories/52289/
EasyWebScripts eBay Clone Script Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/52329/
Debian update for linux-2.6
http://secunia.com/advisories/52336/
Gallery Multiple Vulnerabilities
http://secunia.com/advisories/52349/
MDaemon Multiple Vulnerabilities
http://secunia.com/advisories/52244/
McAfee VirusScan Enterprise Privilege Escalation Vulnerability
http://secunia.com/advisories/52386/
SUSE update for kernel
http://secunia.com/advisories/52365/
Ubuntu update for pidgin
http://secunia.com/advisories/52346/
Apache HTTP Server Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/52394/
Ubuntu update for thunderbird
http://secunia.com/advisories/52388/
Debian update for openjpeg
http://secunia.com/advisories/52387/
Adobe Flash Player CVE-2013-0643 Unspecified Security Vulnerability
http://www.securityfocus.com/bid/58185
Adobe Flash Player CVE-2013-0504 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/58184
Adobe Flash Player CVE-2013-0648 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58186
Cisco Unified Communications Domain Manager Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57567
dbus-glib CVE-2013-0292 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57985
Ruby on Rails Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/57084
Ruby on Rails CVE-2013-0156 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57187
Ruby on Rails CVE-2012-2660 SQL Injection Vulnerability
http://www.securityfocus.com/bid/53754
Ruby on Rails Active Record CVE-2012-2695 SQL Injection Vulnerability
http://www.securityfocus.com/bid/53970
Ruby on Rails 'authenticate_or_request_with_http_digest' Method Denial Of Service Vulnerability
http://www.securityfocus.com/bid/54704
Ruby on Rails CVE-2012-2694 Unsafe SQL Query Generation Vulnerability
http://www.securityfocus.com/bid/53976
OpenSSL CVE-2012-2131 Encoded ASN.1 Data Incomplete Fix Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53212
OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/51281
Dell SonicWALL Scrutinizer Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/57949
Dell SonicWALL Scrutinizer Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/57914
War FTP Daemon Log Messages Denial of Service Vulnerability
http://www.securityfocus.com/bid/58182
Oracle Java SE CVE-2012-1720 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53956
Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071
GnuTLS TLS And DTLS Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57736
Xen AMD IOMMU CVE-2013-0153 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57745
Xen OXenstored Daemon CVE-2013-0215 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57742
Xen Linux netback CVE-2013-0216 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57743
Xen Linux netback CVE-2013-0217 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57744
Xen Linux PCI Backend Drivers Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57740
Linux Kernel CVE-2013-1763 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/58137
Rsync Daemon Excludes Multiple File Access Vulnerabilities
http://www.securityfocus.com/bid/26639
GNOME Online Accounts CVE-2013-0240 SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/57753
Dnsmasq Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54353
Multiple OpenStack Products Information Disclosure and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/58022
Django 'HttpRequest.get_host()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56146
Django Denial of Service Vulnerability And Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/58061
Mozilla Firefox and Thunderbird 'loadSubScript()' Security Bypass Vulnerability
http://www.securityfocus.com/bid/50589
Mozilla Firefox and Thunderbird Shift-JIS Encoding HTML Injection Vulnerability
http://www.securityfocus.com/bid/50593
Mozilla Firefox and Thunderbird CVE-2011-3650 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50595
Drupal Creative Theme Social Icon HTML Injection Vulnerability
http://www.securityfocus.com/bid/58215
Drupal Fresh Theme HTML Injection Vulnerability
http://www.securityfocus.com/bid/58214
Drupal Best Responsive Theme HTML Injection Vulnerability
http://www.securityfocus.com/bid/58213
Drupal Professional Theme HTML Injection Vulnerability
http://www.securityfocus.com/bid/58212
Drupal Clean Theme Slide Gallery HTML Injection Vulnerability
http://www.securityfocus.com/bid/58211
Drupal Company Theme Slide Gallery HTML Injection Vulnerability
http://www.securityfocus.com/bid/58210
Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/58207
Cisco Prime Central for HCS Assurance CVE-2013-1135 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/58206
Cisco Unified Presence Server CVE-2013-1137 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/58205
Ganglia Web 'view_name' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/58204
Todd Miller Sudo Local Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/58203
Linux Kernel VFAT Filesystem Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/58200
IP.Board IP.Downloads Multiple Access Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/58199
Poppler Multiple Denial of Service and Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/58198
DataTables TableTools Plugin 'id' Parameter Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/58196
Gambas Insecure Temporary Directory Creation Vulnerability
http://www.securityfocus.com/bid/58192
FusionForge CVE-2013-1423 Multiple Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/58143
JBoss Web Services W3C XML Encryption Standard Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55770
Linux Kernel 'call_console_drivers()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/58118
Monkey 'master.log' Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/58140
Linux Kernel CVE-2013-0871 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57986
Adobe Acrobat And Reader CVE-2013-0640 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57931
Adobe Acrobat And Reader CVE-2013-0641 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57947
ZeroClipboard 'id' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/58116
IBM HTTP Server Multiple Modules Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/58119
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0774 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/58038
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0777 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58048
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0778 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58050
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0776 URI Spoofing Vulnerability
http://www.securityfocus.com/bid/58044
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0783 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/58037
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0775 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58042
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0773 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58041
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0780 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58043
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0765 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58036
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0782 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58047
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0779 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58051
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0784 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/58040
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0781 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58049
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0772 Out-of-Bounds Read Vulnerability
http://www.securityfocus.com/bid/58034
pigz Insecure File Permissions Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57971
CUPS 'Listen localhost:631' Option Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/57158
CUPS CVE-2012-5519 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56494
IBM InfoSphere Guardium CVE-2013-0490 Unspecified Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/58191
OpenStack Nova CVE-2013-0335 Security Bpyass Vulnerability
http://www.securityfocus.com/bid/58189
Brewthology 'r' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/58188
KMPlayer Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/58187
Multiple JustSystems Products CVE-2013-0707 Unspecified Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/58183
SAP CCMS Agent Code Injection Vulnerability
http://www.securityfocus.com/bid/58181
Libxml2 Entity Expansion Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/58180
Linux Kernel CVE-2013-1767 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/58177
IBM System Storage TS3500 Tape Library CVE-2012-5767 Security Bypass Vulnerability
http://www.securityfocus.com/bid/58176
Trac MultiProject Plugin Clickjacking and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/58173
Gallery Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/58172
Alt-N MDaemon STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability
http://www.securityfocus.com/bid/58171
Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/58165
JForum 'jforum.page' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/58164
2013年2月26日火曜日
26日 火曜日、大安
+ RHSA-2013:0517 Low: util-linux-ng security, bug fix and enhancement
http://rhn.redhat.com/errata/RHSA-2013-0517.html
+ RHSA-2013:0525 Moderate: pcsc-lite security and bug fix
http://rhn.redhat.com/errata/RHSA-2013-0525.html
+ RHSA-2013:0520 Low: dovecot security and bug fix
http://rhn.redhat.com/errata/RHSA-2013-0520.html
+ RHSA-2013:0512 Low: httpd security, bug fix, and enhancement
http://rhn.redhat.com/errata/RHSA-2013-0512.html
+ RHSA-2013:0519 Moderate: openssh security, bug fix and enhancement
http://rhn.redhat.com/errata/RHSA-2013-0519.html
+ RHSA-2013:0500 Low: hplip security, bug fix and enhancement
http://rhn.redhat.com/errata/RHSA-2013-0500.html
+ RHSA-2013:0506 Moderate: samba4 security, bug fix and enhancement
http://rhn.redhat.com/errata/RHSA-2013-0506.html
+ RHSA-2012:1418 Critical: kdelibs security
http://rhn.redhat.com/errata/RHSA-2012-1418.html
+ RHSA-2013:0508 Low: sssd security, bug fix and enhancement
http://rhn.redhat.com/errata/RHSA-2013-0508.html
+ RHSA-2013:0511 Moderate: pki-core security, bug fix and enhancement
http://rhn.redhat.com/errata/RHSA-2013-0511.html
+ RHSA-2013:0509 Low: rdma security, bug fix and enhancement
http://rhn.redhat.com/errata/RHSA-2013-0509.html
+ RHSA-2013:0514 Moderate: php security, bug fix and enhancement
http://rhn.redhat.com/errata/RHSA-2013-0514.html
+ RHSA-2013:0550 Moderate: bind security and enhancement
http://rhn.redhat.com/errata/RHSA-2013-0550.html
+ RHSA-2013:0505 Moderate: squid security and bug fix
http://rhn.redhat.com/errata/RHSA-2013-0505.html
+ RHSA-2013:0521 Moderate: pam security, bug fix, and enhancement
http://rhn.redhat.com/errata/RHSA-2013-0521.html
+ RHSA-2013:0499 Low: xinetd security and bug fix
http://rhn.redhat.com/errata/RHSA-2013-0499.html
+ RHSA-2013:0515 Moderate: openchange security, bug fix and enhancement
http://rhn.redhat.com/errata/RHSA-2013-0515.html
+ RHSA-2013:0276 Moderate: libvirt security, bug fix, and enhancement
http://rhn.redhat.com/errata/RHSA-2013-0276.html
+ RHSA-2013:0496 Important: Red Hat Enterprise Linux 6 kernel
http://rhn.redhat.com/errata/RHSA-2013-0496.html
+ RHSA-2013:0503 Moderate: 389-ds-base security, bug fix, and enhancement
http://rhn.redhat.com/errata/RHSA-2013-0503.html
+ RHSA-2013:0504 Low: dhcp security and bug fix
http://rhn.redhat.com/errata/RHSA-2013-0504.html
+ RHSA-2013:0526 Low: automake security
http://rhn.redhat.com/errata/RHSA-2013-0526.html
+ RHSA-2013:0516 Low: evolution security and bug fix
http://rhn.redhat.com/errata/RHSA-2013-0516.html
+ RHSA-2013:0502 Low: Core X11 clients security, bug fix, and enhancement
http://rhn.redhat.com/errata/RHSA-2013-0502.html
+ RHSA-2013:0277 Moderate: dnsmasq security, bug fix and enhancement
http://rhn.redhat.com/errata/RHSA-2013-0277.html
+ RHSA-2013:0528 Low: ipa security, bug fix and enhancement
http://rhn.redhat.com/errata/RHSA-2013-0528.html
+ RHSA-2013:0523 Low: ccid security and bug fix
http://rhn.redhat.com/errata/RHSA-2013-0523.html
+ RHSA-2013:0522 Moderate: gdb security and bug fix
http://rhn.redhat.com/errata/RHSA-2013-0522.html
+ CESA-2013:0271 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/539464/
+ CESA-2013:0272 Critical CentOS 6 thunderbird Update
http://lwn.net/Alerts/539465/
+ CESA-2013:0271 Critical CentOS 6 xulrunner Update
http://lwn.net/Alerts/539466/
+ CESA-2013:0271 Critical CentOS 6 libproxy Update
http://lwn.net/Alerts/539468/
+ CESA-2013:0274 Important CentOS 5 java-1.6.0-openjdk Update
http://lwn.net/Alerts/539471/
+ CESA-2013:0275 Important CentOS 6 java-1.7.0-openjdk Update
http://lwn.net/Alerts/539472/
+ CESA-2013:0275 Important CentOS 5 java-1.7.0-openjdk Update
http://lwn.net/Alerts/539473/
+ CESA-2013:0271 Critical CentOS 6 yelp Update
http://lwn.net/Alerts/539467/
+ CESA-2013:0273 Critical CentOS 6 java-1.6.0-openjdk Update
http://lwn.net/Alerts/539470/
+ HS13-004 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-004/index.html
+ HS13-004 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-004/index.html
+ Apache HTTP Server 2.2.24 Released
http://www.apache.org/dist/httpd/Announcement2.2.html
+ Linux kernel CVE-2013-1763 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/58137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1763
PHP 5.4.12 and 5.3.22 x64 (64 bit) for Windows
http://www.anindya.com/php-5-4-12-and-5-3-22-x64-64-bit-for-windows/
Anti-Virus / Anti-Bot / Application Control / URL Filtering update might fail on R75.40/R75.40VS/R75.45
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk90700&src=securityAlerts
Advisory: Accidental overwrite of a SafeGuard LAN Crypt key can occur under specific circumstances, preventing access to data. Patch now available.
http://www.sophos.com/en-us/support/knowledgebase/113822.aspx
「CRYPTRECシンポジウム2013」開催のお知らせ
http://www.ipa.go.jp/security/event/2013/crypt-sympo/index.html
「暗号鍵の適切な運用・管理に係る課題調査」報告書の公開
http://www.ipa.go.jp/security/fy24/reports/key-management/index.html
“誤認逮捕”を防ぐWebセキュリティ強化術
[2]CSRFとクロスサイトスクリプティング
http://itpro.nikkeibp.co.jp/article/COLUMN/20130218/456764/?ST=security
Eugrid、端末にデータを残さずにクラウドを利用してアプリを実行するソフトを出荷
http://itpro.nikkeibp.co.jp/article/NEWS/20130225/458529/?ST=security
Microsoftにもサイバー攻撃、「Mac事業部門」などでJava脆弱性の影響受ける
http://itpro.nikkeibp.co.jp/article/NEWS/20130225/458467/?ST=security
JVNVU#90797811 Dell PowerConnect 6248P にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU90797811/
JVNVU#91334049 CS-Cart に検証不備の脆弱性
http://jvn.jp/cert/JVNVU91334049/
[SECURITY] [DSA 2629-1] openjpeg security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00128.html
VUPEN Security Research - Microsoft Windows OLE Automation Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00127.html
DC4420 - London DEFCON Tuesday 26th Feb 2013
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00126.html
[SE-2012-01] New security issues affecting Oracles Java SE 7u15
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00125.html
NoSuchCon CFP 2.0 / 15-17 May 2013 / Paris, France
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00124.html
[SECURITY] [DSA 2631-1] squid3 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00123.html
[Onapsis Security Advisory 2013-005] SAP CCMS Agent Code Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00134.html
[Onapsis Security Advisory 2013-006] SAP SMD Agent Code Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00133.html
[Onapsis Security Advisory 2013-004] SAP J2EE Core Service Arbitrary File Access
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00132.html
[Onapsis Security Advisory 2013-003] SAP Enterprise Portal Cross-Site-Scripting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00131.html
[Onapsis Security Advisory 2013-002] SAP SDM Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00130.html
[Onapsis Security Advisory 2013-001] SAP Portal PDC Information Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00129.html
[ MDVSA-2013:014 ] java-1.6.0-openjdk
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00122.html
Why I think you should try Bro
https://isc.sans.edu/diary.html?storyid=15259
Mass-Customized Malware Lures: Don't trust your cat!
https://isc.sans.edu/diary.html?storyid=15265
Trustwave Trustkeeper Phish
https://isc.sans.edu/diary.html?storyid=15271
Punkspider enumerates web application vulnerabilities
https://isc.sans.edu/diary.html?storyid=15274
Kerberos Null Pointer Dereference in KDC PKINIT Code Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028204
REMOTE: Java Applet JMX Remote Code Execution
http://www.exploit-db.com/exploits/24539
fusionforge multiple privilege escalations
http://cxsecurity.com/issue/WLB-2013020185
Java Applet JMX Remote Code Execution
http://cxsecurity.com/issue/WLB-2013020184
WordPress plugin smart-flv jwplayer.swf XSS
http://cxsecurity.com/issue/WLB-2013020183
Honeywell Multiple Products ActiveX Control Remote Code Execution Vulnerability
http://secunia.com/advisories/52389/
Kerberos KDC "pkinit_check_kdc_pkid()" NULL Pointer Dereference Denial of Service Vulnerability
http://secunia.com/advisories/52390/
SUSE update for openssl
http://secunia.com/advisories/52292/
SUSE update for RubyOnRails
http://secunia.com/advisories/52259/
SUSE update for openssl
http://secunia.com/advisories/52314/
GIT "git-imap-send" SSL Certificate Verification Security Issue
http://secunia.com/advisories/52361/
SUSE update for acroread
http://secunia.com/advisories/52304/
Samsung Galaxy S III Emergency Contacts Home Button "Passcode Lock" Bypass Weakness
http://secunia.com/advisories/52384/
Ruby REXML Denial of Service Vulnerability
http://secunia.com/advisories/52363/
Apache Maven / Apache Maven Wagon SSL Certificate Verification Security Issue
http://secunia.com/advisories/52381/
Debian update for squid3
http://secunia.com/advisories/52370/
Hitachi Cosminexus Products Oracle Java Multiple Vulnerabilities
http://secunia.com/advisories/52354/
Microsoft Windows Object Linking and Embedding (OLE) Automation Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57863
PCSC-Lite 'atrhandler.c' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45450
Linux-PAM 'pam_env' Module Multiple Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/50343
Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/48003
Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/50709
'pam_ssh_agent_auth' Module CVE-2012-5536 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/58097
util-linux Package 'mount' and 'umount' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57168
Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51706
Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
http://www.securityfocus.com/bid/50802
Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/55131
Linux Kernel 'ext4_ext_insert_extent()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50322
Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50494
Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407
Oracle Java SE CVE-2013-1475 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57694
Oracle Enterprise Manager Grid Control CVE-2013-0354 HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/57361
Red Hat Certificate System Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56843
OpenJPEG Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54373
OpenJPEG Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55214
OpenJPEG Gray16 TIFF Image File Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53012
Xinetd CVE-2012-0862 Security Bypass Vulnerability
http://www.securityfocus.com/bid/53720
GNU Automake Local Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/54418
CCID Card Serial Number Integer Overflow Vulnerability
http://www.securityfocus.com/bid/45806
GNOME Evolution CVE-2011-3201 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/58086
ibacm Denial of Service And Insecure File Permissions Vulnerabilities
http://www.securityfocus.com/bid/55890
Squid 'cachemgr.cgi' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/56957
Oracle Enterprise Manager Grid Control CVE-2013-0355 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57382
ISC DHCP IPv6 Lease Expiration Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/55530
ISC DHCP Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/54665
389 Directory Server Access Bypass Vulnerability
http://www.securityfocus.com/bid/55690
XFree86 x11perf CVE-2011-2504 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/58082
Dnsmasq Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54353
Linux GNU Debugger 'debug_gdb_scripts' Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/50829
Transmission 'UTP_ProcessIncoming()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57872
Adobe Acrobat And Reader CVE-2013-0640 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57931
Adobe Acrobat And Reader CVE-2013-0641 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57947
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0778 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58050
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0773 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58041
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0776 URI Spoofing Vulnerability
http://www.securityfocus.com/bid/58044
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0775 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58042
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0765 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58036
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0777 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58048
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0782 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58047
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0780 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58043
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0779 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58051
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0783 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/58037
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0774 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/58038
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0784 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/58040
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0781 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58049
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0772 Out-of-Bounds Read Vulnerability
http://www.securityfocus.com/bid/58034
Oracle Enterprise Manager Grid Control CVE-2013-0358 SQL Injection Vulnerability
http://www.securityfocus.com/bid/57336
Oracle Enterprise Manager Grid Control CVE-2012-3219 Open Redirection Vulnerability
http://www.securityfocus.com/bid/57349
Oracle Enterprise Manager Grid Control CVE-2013-0353 SQL Injection Vulnerability
http://www.securityfocus.com/bid/57373
Oracle Enterprise Manager Grid Control CVE-2013-0373 SQL Injection Vulnerability
http://www.securityfocus.com/bid/57370
Oracle Enterprise Manager Grid Control CVE-2013-0374 Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/57368
Oracle Java SE CVE-2013-0431 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57726
Oracle Enterprise Manager Grid Control CVE-2013-0352 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57365
Oracle Database Server CVE-2012-3220 Remote Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57372
Pidgin 'libpurple' Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/57954
Pidgin 'Libpurple' CVE-2013-0271 Arbitrary File Overwrite Vulnerability
http://www.securityfocus.com/bid/57952
Pidgin 'libpurple' CVE-2013-0272 HTTP Header Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57951
Linux Kernel CVE-2013-0228 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57940
Linux Kernel '__skb_recv_datagram()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57964
OpenConnect VPN Gateway Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57884
FreeIPA CVE-2012-5484 Man in The Middle Security Vulnerability
http://www.securityfocus.com/bid/57529
Oracle Enterprise Manager Grid Control CVE-2013-0372 SQL Injection Vulnerability
http://www.securityfocus.com/bid/57378
Boost UTF-8 'utf_traits::decode()' Function Input Validation Vulnerability
http://www.securityfocus.com/bid/57675
Oracle Java SE CVE-2013-0435 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57729
sthttpd 'thttpd.log' Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/58127
Oracle Java SE CVE-2013-0441 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57692
Oracle Java SE CVE-2013-0428 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57713
Oracle Java SE CVE-2013-0440 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57712
Oracle Java SE CVE-2013-0434 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57730
Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57778
Oracle Java SE CVE-2013-0445 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57689
Oracle Java SE CVE-2013-0443 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57702
Oracle Java SE CVE-2013-0442 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57687
Oracle Java SE CVE-2013-0432 Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57727
Oracle Java SE CVE-2013-0433 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57719
Oracle Java SE CVE-2013-0429 Remote Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57710
cURL/libcURL 'Curl_sasl_create_digest_md5_message()' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57842
Qt Shared Memory Segments Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/57772
CometChat Remote Code Execution and Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/57979
Oracle Java SE CVE-2013-0427 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57724
Oracle Java SE CVE-2013-0426 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57711
Oracle Java SE CVE-2013-1481 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57718
Oracle Java SE CVE-2013-0450 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57703
Oracle Java SE CVE-2013-0424 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57715
Oracle Java SE CVE-2013-0409 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57728
Oracle Java SE CVE-2013-0425 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57709
Oracle Java SE CVE-2012-1541 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57697
Oracle Java SE CVE-2013-1476 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57696
Oracle Java SE CVE-2013-1486 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/58029
webfs 'webfsd.log' Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/58126
Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/58073
Squid 'cachemgr.cgi' Incomplete Fix Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57646
WiFilet For iPhone/iPad Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/58154
Oracle Java Runtime Environment Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/58153
IBM Lotus Domino Unspecified Open Redirection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/58152
MTP Poll Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/58150
MTP Guestbook Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/58149
MTP Image Gallery 'title' Parameter Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/58146
FusionForge CVE-2013-1423 Multiple Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/58143
WordPress Smart Flv Plugin 'jwplayer.swf' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/58135
GIT 'git-imap-send' Command SSL Certificate Validation Spoofing Vulnerability
http://www.securityfocus.com/bid/58148
Monkey 'master.log' Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/58140
SkunkWeb 'sw.log' Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/58138
Linux kernel CVE-2013-1763 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/58137
Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/58136
Rix4Web 'dir_link' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/58132
Photodex ProShow Producer Multiple DLL Loading Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/58131
IPMap Local File Include and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/58130
Kayako Fusion Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/58129
2013年2月25日月曜日
25日 月曜日、仏滅
+ Apache 2.4.4 released
http://www.apache.org/dist/httpd/CHANGES_2.4.4
LNK_CAPCHAW.SM の誤警告情報
http://www.trendmicro.co.jp/support/news.asp?id=1915
InterScan Web Security Virtual Appliance 5.6 Patch 1 公開停止のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1916
最新サイバー攻撃に備える
業務データの損失を防ぐ
http://itpro.nikkeibp.co.jp/article/COLUMN/20130201/453546/?ST=security
“誤認逮捕”を防ぐWebセキュリティ強化術
[1]なりすましの攻撃手法
http://itpro.nikkeibp.co.jp/article/COLUMN/20130218/456763/?ST=security
「中国軍のサイバー攻撃関与の“偽報告書”」出回る、シマンテックが注意喚起
http://itpro.nikkeibp.co.jp/article/NEWS/20130222/458261/?ST=security
一段と深刻化するサイバー攻撃、Facebook、Appleも標的に
http://itpro.nikkeibp.co.jp/article/COLUMN/20130222/458081/?ST=security
米国のID詐欺、2012年は被害者数・被害額ともに過去3年で最多
http://itpro.nikkeibp.co.jp/article/NEWS/20130222/458103/?ST=security
JVNDB-2013-001062 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001062.html
JVNDB-2013-001061 複数の Mozilla 製品の AutoWrapperChanger クラスにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001061.html
JVNDB-2013-001060 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001060.html
JVNDB-2013-001059 Adobe Flash Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001059.html
JVNDB-2013-001048 Adobe Reader および Acrobat における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001048.html
JVNDB-2013-001039 Adobe Reader および Acrobat におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001039.html
JVNDB-2013-001055 Adobe Reader および Acrobat におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001055.html
JVNDB-2013-001046 Adobe Reader および Acrobat におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001046.html
JVNDB-2013-001364 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment におけるサウンドの処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001364.html
JVNDB-2013-001052 Adobe Reader および Acrobat におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001052.html
JVNDB-2013-001362 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における AWT の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001362.html
JVNDB-2013-001033 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001033.html
JVNDB-2013-001042 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001042.html
JVNDB-2013-001041 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001041.html
JVNDB-2013-001390 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における 2D の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001390.html
JVNDB-2013-001387 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における CORBA の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001387.html
JVNDB-2013-001386 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における CORBA の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001386.html
JVNDB-2013-001384 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における Deployment の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001384.html
JVNDB-2013-001040 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001040.html
JVNDB-2013-001381 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における JMX の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001381.html
JVNDB-2013-001051 Adobe Reader および Acrobat におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001051.html
JVNDB-2013-001032 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001032.html
JVNDB-2013-001391 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における Deployment の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001391.html
JVNDB-2013-001388 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における AWT の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001388.html
JVNDB-2013-001378 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における JSSE の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001378.html
JVNDB-2013-001377 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における AWT の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001377.html
JVNDB-2013-001376 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における CORBA の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001376.html
JVNDB-2013-001367 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment (JRE) における JSSE の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001367.html
JVNDB-2013-001357 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における Deployment の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001357.html
JVNDB-2013-001360 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における JAX-WS の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001360.html
JVNDB-2013-001401 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における JAXP の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001401.html
JVNDB-2013-001400 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における Networking の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001400.html
JVNDB-2013-001399 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における AWT の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001399.html
JVNDB-2013-001398 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment におけるクライアントのインストールプロセスの処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001398.html
JVNDB-2013-001397 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における CORBA の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001397.html
JVNDB-2013-001395 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における Libraries の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001395.html
JVNDB-2013-001394 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における Libraries の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001394.html
JVNDB-2013-001392 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における Libraries の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001392.html
JVNDB-2013-001382 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における Libraries の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001382.html
JVNDB-2013-001375 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における RMI の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001375.html
JVNDB-2013-001374 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における Deployment の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001374.html
JVNDB-2013-001639 複数の IBM 製品におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001639.html
JVNDB-2013-001638 複数の IBM 製品におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001638.html
JVNDB-2013-001637 IBM Data Studio および他の製品で使用される IEHS におけるソースコードを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001637.html
JVNDB-2013-001636 (JVNTA13-051A) Oracle Java SE の Java Runtime Environment における Deployment の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001636.html
JVNDB-2013-001372 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における Deployment の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001372.html
JVNDB-2013-001370 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における JMX の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001370.html
JVNDB-2013-001635 (JVNTA13-051A) Oracle Java SE の Java Runtime Environment における JMX の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001635.html
JVNDB-2013-001634 (JVNTA13-051A) Oracle Java SE の Java Runtime Environment におけるライブラリの処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001634.html
JVNDB-2013-001633 (JVNTA13-051A) Oracle Java SE の Java Runtime Environment におけるライブラリの処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001633.html
JVNDB-2013-001369 (JVNTA13-032A) Oracle Java SE の Java Runtime Environment における Deployment の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001369.html
JVNDB-2013-001460 (JVNTA13-051A) TLS プロトコルおよび DTLS プロトコルにおける識別攻撃およびプレーンテキストリカバリ攻撃を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001460.html
JVNDB-2013-001585 Cisco Unified MeetingPlace のサーバにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001585.html
JVNDB-2013-001054 Adobe Reader および Acrobat におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001054.html
JVNDB-2013-001053 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001053.html
JVNDB-2013-001044 Adobe Reader および Acrobat における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001044.html
JVNDB-2013-001043 Adobe Reader および Acrobat におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001043.html
JVNDB-2013-001037 Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001037.html
JVNDB-2013-001035 Adobe Reader および Acrobat におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001035.html
JVNDB-2013-001034 Adobe Reader および Acrobat における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001034.html
JVNDB-2013-001544 (JVNVU#92991067) Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001544.html
JVNDB-2013-001543 (JVNVU#92991067) Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001543.html
CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage / Public Service Annou
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00118.html
OSEC-2013-01: nagios metacharacter filtering omission
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00119.html
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (Resource Manager) (CVE-2013-0358)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00117.html
TeamSHATTER Security Advisory: Cross-site scripting in Oracle EM (advReplicationAdmin) (CVE-
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00120.html
TeamSHATTER Security Advisory: Oracle EM Segment Advisor Arbitrary URL redirection/phishing (CVE-
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00116.html
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (streams queue) (CVE-2013-0373)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00115.html
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (SCPLBL_COLLECTED parameters) (CVE-201
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00114.html
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (dBClone) (CVE-2013-0374)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00113.html
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (advReplicationAdmin) (CVE-2013-03
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00112.html
TeamSHATTER Security Advisory: HTTP Response Splitting in Oracle EM (policyViewSettings) (CVE-20
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00111.html
TeamSHATTER Security Advisory: Oracle Database GeoRaster API overflow (CVE-2012-3220)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00110.html
TeamSHATTER Security Advisory: Oracle EM Cross Site Scripting in XDBResource cancelURL parameter (CV
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00109.html
Samsung Galaxy S3 partial screen-lock bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00121.html
"My Computer is Acting Strangely"
https://isc.sans.edu/diary.html?storyid=15256
VMware releases new and updated security advisories
https://isc.sans.edu/diary.html?storyid=15244
Zendesk breach affects Tumblr/Pinterest/Twitter
https://isc.sans.edu/diary.html?storyid=15247
When web sites go bad: bible . org compromise
https://isc.sans.edu/diary.html?storyid=15250
What has Iran been up to lately?
https://isc.sans.edu/diary.html?storyid=15253
IBM HTTP Server (IHS) Input Validation Flaws in Optional Modules Permit Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1028203
VMware vCenter Server Lets Remote Users Create Large Log Entries and Deny Service
http://www.securitytracker.com/id/1028202
VMware vCenter Server NFC Protocol Implementation Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028200
VMware ESX/ESXi NFC Protocol Implementation Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028199
Linux Kernel Extended Verification Module Bug Lets Local Users Deny Service
http://www.securitytracker.com/id/1028196
Linux Kernel Vhost Descriptor Flaw Lets Local Guest Users Gain Host Privileges
http://www.securitytracker.com/id/1028195
Linux Kernel Null Pointer Dereference in cipso_v4_validate() Lets Local Users Deny Service
http://www.securitytracker.com/id/1028194
Linux Kernel PROT_NONE Bug Lets Local Users Deny Service
http://www.securitytracker.com/id/1028193
GNU Project Debugger (GDB) Untrusted File Loading Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028191
REMOTE: MS13-009 Microsoft Internet Explorer SLayoutRun Use-After-Free
http://www.exploit-db.com/exploits/24538
VMware vCenter Server Large Log Entries Denial of Service Vulnerability
http://secunia.com/advisories/52364/
Raidsonic ICY BOX NAS-4220-B / NAS-5220 Two Security Issues
http://secunia.com/advisories/52216/
Brother HL5370 PJL JOB Insufficient Password Complexity Security Issue
http://secunia.com/advisories/51918/
Red Hat update for Red Hat Subscription Asset Manager
http://secunia.com/advisories/52360/
Red Hat update for Red Hat CloudForms
http://secunia.com/advisories/52359/
WordPress Password Protected Plugin "redirect_to" Redirection Weakness
http://secunia.com/advisories/52335/
Invensys Wonderware Intelligence Tableau Server Multiple Vulnerabilities
http://secunia.com/advisories/52369/
Tableau Server Ruby on Rails JSON Parser YAML Handling Vulnerability
http://secunia.com/advisories/52368/
Tableau Server Ruby on Rails XML Parameter Parsing Vulnerability
http://secunia.com/advisories/52367/
Linux Kernel "call_console_drivers()" Function Log Prefix Stripping Denial of Service
http://secunia.com/advisories/52366/
ownCloud Multiple Vulnerabilities
http://secunia.com/advisories/52303/
IBM HTTP Server Multiple Modules Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/52207/
SAP Xcelsius Dashboard Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/52278/
SUSE update for MozillaFirefox
http://secunia.com/advisories/52201/
VMware Products Multiple Vulnerabilities
http://secunia.com/advisories/52332/
Linux Kernel Bluetooth HIDP "hidp_setup_hid()" Information Disclosure Vulnerability
http://secunia.com/advisories/52340/
Atlassian JIRA SOAP API Arbitrary File Overwrite Vulnerability
http://secunia.com/advisories/52341/
SUSE update for postgresql
http://secunia.com/advisories/52248/
Geeklog Two Script Insertion Vulnerabilities
http://secunia.com/advisories/52264/
Red Hat update for hplip
http://secunia.com/advisories/52325/
Ubuntu update for openjdk-6
http://secunia.com/advisories/52355/
Ubuntu update for kernel
http://secunia.com/advisories/52316/
Red Hat update for acroread
http://secunia.com/advisories/52356/
Red Hat update for bind
http://secunia.com/advisories/52358/
Ubuntu update for nova
http://secunia.com/advisories/52338/
Red Hat update for Red Hat Directory Server
http://secunia.com/advisories/52339/
Ubuntu update for openssl
http://secunia.com/advisories/52352/
Ubuntu update for ruby
http://secunia.com/advisories/52351/
Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/52320/
Linux Kernel 3.3-3.8 sock_diag out-of-bounds
http://cxsecurity.com/issue/WLB-2013020182
Kayako Fusion 4.51.1891 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013020181
Nagios NRPE 2.13 Code Execution
http://cxsecurity.com/issue/WLB-2013020180
Rix4Web Portal Remote Blind SQL Injection
http://cxsecurity.com/issue/WLB-2013020179
MS13-009 Microsoft Internet Explorer SLayoutRun Use-After-Free
http://cxsecurity.com/issue/WLB-2013020178
IPMap 2.5 Shell Upload
http://cxsecurity.com/issue/WLB-2013020177
nginx 1.3.13 world-readable logdir
http://cxsecurity.com/issue/WLB-2013020162
Linux Kernel 3.7.4 evm NULL pointer dereference
http://cxsecurity.com/issue/WLB-2013020161
Himalayan IT Goverment SQL Injection
http://cxsecurity.com/issue/WLB-2013020172
Ruby on Rails CVE-2013-0156 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57187
Ruby on Rails CVE-2013-0155 Unsafe SQL Query Generation Vulnerability
http://www.securityfocus.com/bid/57192
Ruby on Rails 'convert_json_to_yaml()' Method Security Vulnerability
http://www.securityfocus.com/bid/57575
OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158
Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57778
Oracle Java SE CVE-2013-1486 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/58029
Oracle Java SE CVE-2013-1487 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/58031
Samba SWAT Cross Site Request Forgery and Clickjacking Vulnerabilities
http://www.securityfocus.com/bid/57631
Oracle Java SE CVE-2013-1484 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/58027
Oracle Java SE CVE-2013-1485 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/58028
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0779 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58051
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0776 URI Spoofing Vulnerability
http://www.securityfocus.com/bid/58044
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0781 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58049
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0782 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58047
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0774 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/58038
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0777 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58048
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0778 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58050
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0765 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58036
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0773 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58041
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0775 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58042
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0780 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58043
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0783 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/58037
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0772 Out-of-Bounds Read Vulnerability
http://www.securityfocus.com/bid/58034
Linux Kernel CVE-2013-0871 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57986
sthttpd 'thttpd.log' Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/58127
webfs 'webfsd.log' Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/58126
Varnish 'access.log' Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/58125
Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/58124
Dell PowerConnect 6248P CVE-2013-0120 Denial of Service Vulnerability
http://www.securityfocus.com/bid/58122
WordPress Password Protected Plugin 'redirect_to' Parameter Open Redirection Vulnerability
http://www.securityfocus.com/bid/58120
Linux Kernel 'call_console_drivers()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/58118
SAP Xcelsius Dashboard Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/58117
Geeklog Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/58114
Ebay Clone Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/58113
Linux Kernel Bluetooth HIDP Information Disclosure Vulnerability
http://www.securityfocus.com/bid/58112
2013年2月22日金曜日
22日 金曜日、先勝
+ Google Chrome 25.0.1364.97 released
http://googlechromereleases.blogspot.jp/2013/02/stable-channel-update_21.html
+ Linux kernel 3.4.33, 3.0.66 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.33
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.66
+ PHP 5.4.12 and PHP 5.3.22 released
http://php.net/archive/2013.php#id2013-02-21-1
Anti-Virus / Anti-Bot / Application Control / URL Filtering update might fail on R75.40/R75.40VS/R75.45
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk90700&src=securityAlerts
Advisory: Sophos Anti-Virus for UNIX - Process memory limit recommendations on AIX systems
http://www.sophos.com/en-us/support/knowledgebase/118805.aspx
日本電気製「Universal RAID Utility」の脆弱性対策について
http://www.ipa.go.jp/about/press/20130221.html
アドビがPDFリーダーの修正版、既知の致命的な脆弱性に対応
http://itpro.nikkeibp.co.jp/article/NEWS/20130221/457821/?ST=security
JVNVU#92991067 Adobe Reader および Acrobat に脆弱性
http://jvn.jp/cert/JVNVU92991067/
JVN#75585394 NEC Universal RAID Utility におけるアクセス制限不備の脆弱性
http://jvn.jp/jp/JVN75585394/
JVNTA13-051A Oracle Java に複数の脆弱性
http://jvn.jp/cert/JVNTA13-051A/
JVNDB-2013-001632 IBM WebSphere Message Broker におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001632.html
JVNDB-2013-001631 複数の IBM 製品におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001631.html
JVNDB-2013-001630 複数の IBM 製品における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001630.html
JVNDB-2013-001629 複数の IBM 製品における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001629.html
JVNDB-2013-001628 複数の IBM 製品における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001628.html
JVNDB-2013-001627 IBM WebSphere Message Broker におけるサービス運用妨害 (無限ループ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001627.html
JVNDB-2013-001626 IBM WebSphere Message Broker における認証されていないメッセージの送信を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001626.html
JVNDB-2013-001027 (JVNTA13-010A) Oracle Java 7 に脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001027.html
JVNDB-2013-001625 IBM Netezza の WebAdmin アプリケーションにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001625.html
JVNDB-2013-001624 IBM Netezza の WebAdmin アプリケーションにおける認証情報を発見される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001624.html
JVNDB-2013-001145 Oracle MySQL の MySQL Server における Server Optimizer の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001145.html
JVNDB-2013-001623 IBM SAN Volume Controller および Storwize の管理 GUI における認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001623.html
JVNDB-2013-001141 Oracle MySQL の MySQL Server における Server Replication の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001141.html
JVNDB-2013-001146 Oracle MySQL の MySQL Server における Information Schema の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001146.html
JVNDB-2013-001150 Oracle MySQL の MySQL Server における Server Locking の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001150.html
JVNDB-2013-001148 Oracle MySQL の MySQL Server における Server Replication の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001148.html
JVNDB-2013-001622 Cisco Unity Connection におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001622.html
JVNDB-2013-001621 複数の Cisco 製品のコマンドラインインターフェイスにおける root 権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001621.html
JVNDB-2013-001620 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001620.html
JVNDB-2013-001619 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001619.html
JVNDB-2013-001618 複数の Mozilla 製品におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001618.html
JVNDB-2013-001617 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001617.html
JVNDB-2013-001616 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001616.html
JVNDB-2013-001615 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001615.html
JVNDB-2013-001614 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001614.html
JVNDB-2013-001613 複数の Mozilla 製品の nsDisplayBoxShadowOuter::Paint 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001613.html
JVNDB-2013-001612 複数の Mozilla 製品におけるアドレスバーを偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001612.html
JVNDB-2013-001611 複数の Mozilla 製品の nsImageLoadingContent::OnStopContainer 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001611.html
JVNDB-2013-001610 複数の Mozilla 製品における脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001610.html
JVNDB-2013-001609 複数の Mozilla 製品の COW および SOW の実装における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001609.html
JVNDB-2013-001608 複数の Mozilla 製品におけるプロセスメモリから重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001608.html
JVNDB-2013-001607 複数の Mozilla 製品におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001607.html
JVNDB-2013-001606 Linux Kernel の net/core/datagram.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001606.html
JVNDB-2013-000012 (JVN#75585394) NEC Universal RAID Utility におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000012.html
TeamSHATTER Security Advisory: Oracle 11g Stealth Password Cracking Vulnerability (CVE-2012-
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00104.html
TeamSHATTER Security Advisory: SQL Injection in Oracle Alter FBA Table (CVE-2012-1751)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00103.html
[security bulletin] HPSBMU02836 SSRT101056 rev.1 - HP ArcSight Connector Appliance and ArcSight
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00102.html
NBC site redirecting to Exploit kit
https://isc.sans.edu/diary.html?storyid=15223
Fake Mandiant APT Report Used as Malware Lure
https://isc.sans.edu/diary.html?storyid=15226
SSHD rootkit in the wild
https://isc.sans.edu/diary.html?storyid=15229
It's a Dangerous Web Out There
https://isc.sans.edu/diary.html?storyid=15232
Red Hat Directory Server Bug in ACI with Certificate Groups Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1028190
OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028187
Red Hat update for openssh
http://secunia.com/advisories/52312/
SAP NetWeaver GRMGApp XML External Entity and Security Bypass Vulnerabilities
http://secunia.com/advisories/52272/
Red Hat update for kernel
http://secunia.com/advisories/52328/
Drupal Ubercart Module "full name" Script Insertion Vulnerability
http://secunia.com/advisories/52298/
Drupal Ubercart Views Module "full name" Script Insertion Vulnerability
http://secunia.com/advisories/52299/
Linux Kernel Extended Verification Module NULL Pointer Dereference Local Denial of Service
http://secunia.com/advisories/52202/
SAP NetWeaver Exportability Check Service Directory Traversal Vulnerability
http://secunia.com/advisories/52256/
WordPress Contact Form Plugin "cntctfrm_contact_email" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52250/
WordPress Contact Form Plugin "cntctfrm_contact_message" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52179/
Red Hat update for JBoss Enterprise SOA Platform
http://secunia.com/advisories/52306/
WordPress Pretty Link Lite Plugin "get-file" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52246/
SUSE update for postgresql91
http://secunia.com/advisories/52290/
Red Hat update for openchange
http://secunia.com/advisories/52317/
Red Hat update for httpd
http://secunia.com/advisories/52319/
Debian update for postgresql
http://secunia.com/advisories/52287/
Red Hat update for pam
http://secunia.com/advisories/52291/
Red Hat update for squid
http://secunia.com/advisories/52324/
Red Hat update for pcsc-lite
http://secunia.com/advisories/52281/
Red Hat update for pki-core
http://secunia.com/advisories/52313/
Red Hat update for 389-ds-base
http://secunia.com/advisories/52323/
Red Hat update for samba4
http://secunia.com/advisories/52321/
Red Hat update for dhcp
http://secunia.com/advisories/52322/
Piwigo Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/52228/
NEC Universal RAID Utility Unrestricted Access Permissions Security Issue
http://secunia.com/advisories/52241/
Red Hat update for sssd
http://secunia.com/advisories/52315/
Red Hat update for dovecot
http://secunia.com/advisories/52311/
Drupal Display Suite Module Script Insertion Vulnerability
http://secunia.com/advisories/52297/
Red Hat update for java-1.7.0-oracle
http://secunia.com/advisories/52121/
Red Hat update for java-1.6.0-sun
http://secunia.com/advisories/52307/
Ubuntu update for keystone
http://secunia.com/advisories/52288/
Drupal Taxonomy Manager Module Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/52300/
Drupal Varnish HTTP Accelerator Integration Module Script Insertion Vulnerabilities
http://secunia.com/advisories/52295/
Drupal Menu Reference Module Menu Link Title Script Insertion Vulnerability
http://secunia.com/advisories/52296/
Drupal Image Derivatives Generation Denial of Service Vulnerability
http://secunia.com/advisories/52302/
Outlook web design SQL injection Vulnerability
http://cxsecurity.com/issue/WLB-2013020154
OpenEMR 4.1.1 (site param) Remote XSS Vulnerability
http://cxsecurity.com/issue/WLB-2013020153
E107 CMS Persistant XSS vulnerability
http://cxsecurity.com/issue/WLB-2013020152
phpMyRecipes 1.2.2 SQL Injection
http://cxsecurity.com/issue/WLB-2013020144
glFusion 1.2.2 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013020145
WordPress Pretty Link 1.6.3 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013020151
Alt-N MDaemon WorldClient Credential Disclosure
http://cxsecurity.com/issue/WLB-2013020150
Alt-N MDaemon WebAdmin Remote Code Execution
http://cxsecurity.com/issue/WLB-2013020149
Alt-N MDaemon WorldClient / WebAdmin Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2013020148
Alt-N MDaemon Email Body Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013020147
Alt-N MDaemon WorldClient Username Enumeration
http://cxsecurity.com/issue/WLB-2013020146
REMOTE: BigAnt Server 2 SCH And DUPF Buffer Overflow
http://www.exploit-db.com/exploits/24527
REMOTE: BigAnt Server DUPF Command Arbitrary File Upload
http://www.exploit-db.com/exploits/24528
REMOTE: OpenEMR PHP File Upload Vulnerability
http://www.exploit-db.com/exploits/24529
Multiple OpenStack Products Information Disclosure and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/58022
Red Hat CloudForms Multiple Insecure File Permissions and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/56819
Ruby on Rails Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/57084
Oracle Database Server CVE-2012-1751 SQL Injection Vulnerability
http://www.securityfocus.com/bid/55950
RDoc CVE-2013-0256 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57785
Rack Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/57430
Adobe Acrobat And Reader CVE-2013-0641 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57947
Adobe Acrobat And Reader CVE-2013-0640 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57931
ISC BIND 9 DNS64 CVE-2012-5689 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57556
389 Directory Server Certificate Groups Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52044
Oracle Java SE CVE-2013-1486 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/58029
Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57778
libvirt 'virNetMessageFree()' Function Use After Free Code Execution Vulnerability
http://www.securityfocus.com/bid/57578
IBM Netezza WebAdmin Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57839
Ruby on Rails CVE-2013-0276 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/57896
libupnp Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/57602
OpenSSL Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/57755
JSON Denial of Service and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/57899
Ruby CVE-2012-5371 Hash Collision Denial of Service Vulnerability
http://www.securityfocus.com/bid/56484
Xen Linux PCI Backend Drivers Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57740
GIMP XWD File Handling Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56647
Ruby on Rails CVE-2013-0277 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57898
Jenkins Cross-Site Scripting, Security Bypass, and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/57994
ibacm Denial of Service And Insecure File Permissions Vulnerabilities
http://www.securityfocus.com/bid/55890
ZoneMinder 'view' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/48949
SSSD Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/57539
Samba 'Perl-Based DCE/RPC IDL' Compiler Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52973
ISC DHCP IPv6 Lease Expiration Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/55530
HP Linux Imaging and Printing Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/48892
Oracle Java SE CVE-2013-1485 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/58028
Oracle Java SE CVE-2013-1484 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/58027
Linux Kernel CVE-2013-0311 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/58053
Linux Kernel CVE-2013-0309 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/58046
Xen 'xen_failsafe_callback()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57433
Linux Kernel CVE-2013-0310 NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/58052
Linux Kernel 'ext4_convert_unwritten_exten()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56238
Dnsmasq Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54353
Xinetd CVE-2012-0862 Security Bypass Vulnerability
http://www.securityfocus.com/bid/53720
util-linux Package 'mount' and 'umount' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57168
Red Hat Certificate System Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56843
Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/27409
Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/55131
Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
http://www.securityfocus.com/bid/56753
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0775 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58042
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0782 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58047
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0776 URI Spoofing Vulnerability
http://www.securityfocus.com/bid/58044
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0780 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58043
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0783 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/58037
389 Directory Server Access Bypass Vulnerability
http://www.securityfocus.com/bid/55690
Oracle Java SE CVE-2013-0423 Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57716
Oracle Java SE CVE-2013-0419 Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57714
Oracle Java SE CVE-2013-0438 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57708
Oracle Java SE CVE-2013-1473 Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57731
Oracle Java SE CVE-2012-3342 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57700
Oracle Java SE CVE-2013-0446 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57699
Oracle Java SE CVE-2013-0409 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57728
Oracle Java SE CVE-2012-3213 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57717
Oracle Java SE CVE-2013-1480 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57691
Oracle Java SE CVE-2013-0351 Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57720
Oracle Java SE CVE-2013-0428 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57713
Oracle Java SE CVE-2013-1481 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57718
Oracle Java SE CVE-2013-0427 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57724
Oracle Java SE CVE-2013-0424 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57715
Oracle Java SE CVE-2013-0426 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57711
Oracle Java SE CVE-2013-0443 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57702
Oracle Java SE CVE-2013-0435 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57729
Oracle Java SE CVE-2013-0440 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57712
Oracle Java SE CVE-2013-0425 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57709
Oracle Java SE CVE-2013-1476 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57696
Oracle Java SE CVE-2013-0434 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57730
Oracle Java SE CVE-2013-0429 Remote Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57710
Oracle Java SE CVE-2013-0450 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57703
Oracle Java SE CVE-2013-0441 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57692
Oracle Java SE CVE-2013-0432 Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57727
Oracle Java SE CVE-2013-0433 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57719
Oracle Java SE CVE-2013-0445 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57689
Oracle Java SE CVE-2013-1478 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57686
Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/58073
Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/56408
Drupal Banckle Chat Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/57942
Drupal Core Image Derivatives Denial of Service Vulnerability
http://www.securityfocus.com/bid/58069
Drupal Ubercart Views and Ubercart Modules 'full name' field HTML Injection Vulnerability
http://www.securityfocus.com/bid/58065
Drupal Menu Reference Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/58067
Drupal Manager Change For Organic Groups Module 'autocomplete' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57941
Drupal Taxonomy Manager Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/58068
Drupal Yandex.Metrics Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/58064
Drupal Display Suite Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/58066
Drupal Varnish HTTP Accelerator Integration Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/58062
SSH Tectia Server Unauthorized Password Change Security Bypass Vulnerability
http://www.securityfocus.com/bid/56783
Google Chrome Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/58101
Katello CVE-2012-6116 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/58098
Katello CVE-2012-5561 Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/58096
phpMyRecipes 'r_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/58094
WordPress Contact Form Plugin 'cntctfrm_contact_emai' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/58093
Web Cookbook SQL Injection and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/58092
WordPress Contact Form Plugin 'contact_form.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/58089
NEC Universal RAID Utility CVE-2013-0706 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/58087
OpenEMR 'site' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/58085
Alt-N MDaemon WebAdmin Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/58084
FreeIPA CVE-2012-4546 Certificate Revocation List Security Vulnerability
http://www.securityfocus.com/bid/58083
XFree86 x11perf CVE-2011-2504 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/58082
Alt-N MDaemon WorldClient User Enumeration Weakness
http://www.securityfocus.com/bid/58075
Alt-N MDaemon WorldClient Authentication Credentials Information Disclosure Vulnerability
http://www.securityfocus.com/bid/58074
登録:
投稿 (Atom)