:: IT Security Neophyte Investigator's MEMO ::: 12日火曜日、先負

2013年2月12日火曜日

12日火曜日、先負

+ RHSA-2013:0250 Moderate: elinks security update
http://rhn.redhat.com/errata/RHSA-2013-0250.html
CVE-2012-4545

+ PHP 5.4.11 and 5.3.21 x64 (64 bit) for Windows
http://www.anindya.com/php-5-4-11-and-5-3-21-x64-64-bit-for-windows/

+ CESA-2013:0247 Important CentOS 5 java-1.7.0-openjdk Update
http://lwn.net/Alerts/537211/

+ CESA-2013:0245 Critical CentOS 6 java-1.6.0-openjdk Update
http://lwn.net/Alerts/537214/

+ CESA-2013:0247 Important CentOS 6 java-1.7.0-openjdk Update
http://lwn.net/Alerts/537215/

+ CESA-2013:0246 Important CentOS 5 java-1.6.0-openjdk Update
http://lwn.net/Alerts/537210/

+ CESA-2013:0241 Moderate CentOS 5 xen Update
http://lwn.net/Alerts/536962/

+ HPSBNS02843 SSRT101001 rev.1 - HP NonStop Servers running OSS Remote Operations, Unauthorized Disclosure of Information, Unauthorized Modification, Unauthorized Access to Files
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03654586-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Security issue in SSL VPN On-Demand applications
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk62410&src=securityAlerts

+ VMSA-2013-0002 VMware ESX, Workstation, Fusion, and View VMCI privilege escalation vulnerability
http://www.vmware.com/security/advisories/VMSA-2013-0002.html

+ VMSA-2013-0001.1 VMware vSphere security updates for the authentication service and third party libraries
http://www.vmware.com/security/advisories/VMSA-2013-0001.html

+ Dovecot 2.1.15 released
http://www.dovecot.org/list/dovecot-news/2013-February/000240.html

+ Linux kernel 3.7.7, 3.4.30, 3.0.63 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.7
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.30
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.63

+ Sudo 1.7.10p6 released
http://www.sudo.ws/sudo/dist/?M=D

+ OpenSSL 1.0.1e released
http://www.openssl.org/source/

+ Linux Kernel 'MSR' Driver Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57838
CVE-2013-0268

+ Cybozu Garoon CVE-2013-0701 Unspecified SQL Injection Vulnerabilitiy
http://www.securityfocus.com/bid/57866
CVE-2013-0701

Advisory: Sophos Anti-Virus for UNIX - Process memory limit recommendations on AIX systems
http://www.sophos.com/en-us/support/knowledgebase/118805.aspx

Adobe Flash Player の脆弱性対策について (APSB13-04)(CVE-2013-0633等)
http://www.ipa.go.jp/security/ciadr/vul/20130208-adobeflashplayer.html

チェックしておきたい脆弱性情報＜2013.02.12＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20130207/454961/?ST=security

最新サイバー攻撃に備える
情報共有が標的型攻撃を防ぐ
http://itpro.nikkeibp.co.jp/article/COLUMN/20130201/453548/?ST=security

最新サイバー攻撃に備える
【緊急寄稿】容疑者の逮捕が事件の終わりではない
遠隔操作ウイルス事件の容疑者逮捕に寄せて
http://itpro.nikkeibp.co.jp/article/COLUMN/20130210/455461/?ST=security

容疑者が逮捕された遠隔操作ウイルス、その経緯と正体
http://itpro.nikkeibp.co.jp/article/COLUMN/20130210/455421/?ST=security

情報セキュリティ（ID/アクセス管理）のSaaS化が進む
http://itpro.nikkeibp.co.jp/article/Interview/20130208/455183/?ST=security

スマホの盗難・紛失対策、“まさかの落とし穴”に注意
http://itpro.nikkeibp.co.jp/article/COLUMN/20130206/454681/?ST=security

懸念広がる「Java」のセキュリティ
http://itpro.nikkeibp.co.jp/article/COLUMN/20130208/455102/?ST=security

「Gmailにだまされるな」、Microsoftがネガティブキャンペーン開始
http://itpro.nikkeibp.co.jp/article/NEWS/20130208/455101/?ST=security

JVNVU#91189062 Nuance 製品に脆弱性
http://jvn.jp/cert/JVNVU91189062/

JVN#95863326 サイボウズガルーンにおけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN95863326/

JVN#07629635 サイボウズガルーンにおける SQL インジェクションの脆弱性
http://jvn.jp/jp/JVN07629635/

JVNDB-2012-003305 ISC BIND におけるサービス運用妨害 (表明違反および Daemon Exit) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003305.html

JVNDB-2012-002592 ISC BIND にサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002592.html

JVNDB-2012-001355 複数の DNS ネームサーバの実装に問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001355.html

JVNDB-2012-005125 HP/H3C 製および Huawei 製ネットワーク機器にアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005125.html

JVNDB-2013-000008 (JVN#95863326) サイボウズガルーンにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000008.html

JVNDB-2013-000007 (JVN#07629635) サイボウズガルーンにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000007.html

JVNDB-2013-001445 WordPress 用 Audio Player プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001445.html

JVNDB-2013-001444 WordPress 用 WP-Table Reloaded モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001444.html

JVNDB-2013-001086 複数の Mozilla 製品におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001086.html

JVNDB-2013-001085 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001085.html

JVNDB-2013-001084 複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001084.html

JVNDB-2013-001064 複数の Mozilla 製品における ASLR 保護メカニズムを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001064.html

JVNDB-2013-001063 複数の Mozilla 製品におけるクリックジャッキング攻撃を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001063.html

JVNDB-2013-001062 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001062.html

JVNDB-2013-001061 複数の Mozilla 製品の AutoWrapperChanger クラスにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001061.html

JVNDB-2013-001060 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001060.html

JVNDB-2013-001027 (JVNTA13-010A) Oracle Java 7 に脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001027.html

JVNDB-2013-001083 複数の Mozilla 製品におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001083.html

JVNDB-2013-001082 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001082.html

JVNDB-2013-001081 複数の Mozilla 製品の ~nsHTMLEditRules の実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001081.html

JVNDB-2013-001080 複数の Mozilla 製品の nsSOCKSSocketInfo::ConnectToProxy 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001080.html

JVNDB-2013-001078 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001078.html

JVNDB-2013-001077 複数の Mozilla 製品の imgRequest::OnStopFrame 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001077.html

JVNDB-2013-001076 複数の Mozilla 製品の mozilla::TrackUnionStream::EndTrack の実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001076.html

JVNDB-2013-001075 複数の Mozilla 製品の CharDistributionAnalysis::HandleOneChar 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001075.html

JVNDB-2013-001074 複数の Mozilla 製品におけるアドレスバーを偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001074.html

JVNDB-2013-001079 複数の Mozilla 製品における Chrome 権限を持つ任意の JavaScript コードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001079.html

JVNDB-2013-001073 複数の Mozilla 製品における Chrome 権限を持つ任意の JavaScript コードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001073.html

JVNDB-2013-001072 複数の Mozilla 製品の obj_toSource 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001072.html

JVNDB-2013-001071 複数の Mozilla 製品の Vibrate ライブラリにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001071.html

JVNDB-2013-001070 複数の Mozilla 製品の ListenerManager の実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001070.html

JVNDB-2013-001069 複数の Mozilla 製品の serializeToStream の実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001069.html

JVNDB-2013-001068 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001068.html

JVNDB-2013-001066 複数の Mozilla 製品の JavaScript の実装における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001066.html

JVNDB-2013-001065 複数の Mozilla 製品におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001065.html

JVNDB-2013-001443 Cisco Unity Express におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001443.html

JVNDB-2013-001442 Cisco Webex Social におけるファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001442.html

JVNDB-2013-001441 Qt の QSharedMemory クラスにおける重要な情報を読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001441.html

JVNDB-2013-001440 HP LeftHand Virtual SAN Appliance hydra Software における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001440.html

JVNDB-2013-001439 HP LeftHand Virtual SAN Appliance hydra Software における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001439.html

JVNDB-2013-001438 HP LeftHand Virtual SAN Appliance hydra Software における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001438.html

JVNDB-2013-001437 HP LeftHand Virtual SAN Appliance hydra Software における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001437.html

JVNDB-2013-001436 HP XP P9000 Command View Advanced Edition におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001436.html

JVNDB-2013-001435 HP Network Node Manager i におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001435.html

JVNDB-2013-001434 RSA Archer SmartSuite Framework および RSA Archer eGRC におけるクリックジャッキング攻撃を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001434.html

JVNDB-2013-001433 RSA Archer SmartSuite Framework および RSA Archer eGRC におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001433.html

JVNDB-2013-001432 RSA Archer SmartSuite Framework および RSA Archer eGRC における同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001432.html

JVNDB-2013-001431 RSA Archer SmartSuite Framework および RSA Archer eGRC におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001431.html

JVNDB-2013-001430 JBoss EAP および EWP における管理者パスワードおよび Sucker パスワードを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001430.html

JVNDB-2013-001429 libssh の publickey_from_privatekey 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001429.html

JVNDB-2013-001428 複数の JBoss Enterprise 製品におけるロールによる制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001428.html

JVNDB-2013-001427 複数の JBoss Enterprise 製品における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001427.html

JVNDB-2013-001426 複数の JBoss Enterprise 製品における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001426.html

JVNDB-2013-001425 複数の JBoss Enterprise 製品における MBean メソッドを呼び出される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001425.html

JVNDB-2013-001424 複数の JBoss Enterprise 製品におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001424.html

JVNDB-2013-000006 (JVN#91387819) moraダウンローダーにおける実行ファイル読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000006.html

[ MDVSA-2013:010 ] java-1.6.0-openjdk
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00043.html

Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00046.html

Multiple Vulnerabilities in Linksys WAG200G
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00045.html

Multiple Vulnerabilities in Linksys WRT160Nv2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00044.html

[SECURITY] [DSA 2612-2] ircd-ratbox update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00042.html

[SECURITY] [DSA 2619-1] xen-qemu-dm-4.0 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00041.html

I Read It Somewhere (IRIS) citations management tool <= v1.3 (post auth) Remote Command Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00047.html

[ MDVSA-2013:009 ] libssh
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00040.html

[SECURITY] [DSA 2618-1] ircd-hybrid security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00037.html

Mathematica9.0.1 on Linux /tmp/MathLink vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00039.html

[slackware-security] curl (SSA:2013-038-01)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00038.html

DIMVA 2013 - Extended deadline for paper submission: February 17, 2013!
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00036.html

Is This Chinese Registrar Really Trying to XSS Me?
https://isc.sans.edu/diary.html?storyid=15136

Is it Spam or Is it Malware?
https://isc.sans.edu/diary.html?storyid=15121

Microsoft February Patch Tuesday Advance Notification
https://isc.sans.edu/diary.html?storyid=15127

Rails attr_protected Bug Lets Remote Users Bypass Security Restrictions
http://www.securitytracker.com/id/1028110

Rails Serialized Attributes Processing Flaw Lets Remote Users Execute Arbitrary Code and Deny Service
http://www.securitytracker.com/id/1028109

HP NonStop Server OSS Remote Operations Flaw Lets Remote Authenticated Users Access and Modify Data and Deny Service
http://www.securitytracker.com/id/1028107

FFmpeg Buffer and Integer Overflows Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028103

VMware ESX/ESXi 'VMCI.SYS' Driver Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028101

VMware Workstation, Fusion, and View 'VMCI.SYS' Driver Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028100

Cisco Unified Communications Domain Manager Parameter Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1028098

Cisco Carrier Routing System Packet Processing Bug Lets Remote Users Partially Deny Service
http://www.securitytracker.com/id/1028097

Cisco NX-OS Nexus 7000 M1-Series Packet Processing Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028096

Cisco NAC Appliance Input Validation Flaw in Web Authentication Function Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1028095

Cisco IOS Software HTTP Server Socket Handling Bug Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028094

cURL Buffer Overflow in Curl_sasl_create_digest_md5_message() Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028093

Apache CXF WSS4JInInterceptor always allows HTTP Get requests
http://cxsecurity.com/issue/WLB-2013020071

Apache CXF Authentication bypass in the case of WS-SecurityPolicy
http://cxsecurity.com/issue/WLB-2013020072

Microsoft Windows Kernel Proof Of Concept [MS13-005]
http://cxsecurity.com/issue/WLB-2013020053

Google Chrome Silent HTTP Authentication
http://cxsecurity.com/issue/WLB-2013020073

IP.Gallery 4.2.x and 5.0.x persistent XSS vulnerability
http://cxsecurity.com/issue/WLB-2013020070

TP-LINK Admin Panel Multiple Cross Site Request Forgery vulnerabilities
http://cxsecurity.com/issue/WLB-2013020069

Linksys WRT160Nv2 Multiple Vulns
http://cxsecurity.com/issue/WLB-2013020068

DIR-615 - Hardware revision H1 Multiple Vulns
http://cxsecurity.com/issue/WLB-2013020067

Linksys WAG200G Multiple Vulns
http://cxsecurity.com/issue/WLB-2013020066

Schneider Electric Accutech Manager Heap Overflow PoC
http://cxsecurity.com/issue/WLB-2013020065

Wordpress post2pdf-converter v2 Plugin SQL Injection
http://cxsecurity.com/issue/WLB-2013020064

Wordpress smart-map v2 Plugin SQL Injection
http://cxsecurity.com/issue/WLB-2013020063

Wordpress plugin myftp-ftp-like-plugin-for-wordpress 2 SQL Injection
http://cxsecurity.com/issue/WLB-2013020061

Wordpress theme pinboard 1.0.6 XSS
http://cxsecurity.com/issue/WLB-2013020062

Facebook Friends private information disclosure
http://cxsecurity.com/issue/WLB-2013020059

SmodBIP 2.16 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013020047

SmodBIP 2.18 => Database Backup Disclosure & FPD
http://cxsecurity.com/issue/WLB-2013020052

IrIsT Local File Inclusion Scanner
http://cxsecurity.com/issue/WLB-2013020060

D-LINK DIR-300 / DIR-600 Remote Root
http://cxsecurity.com/issue/WLB-2013020058

OpenSSL SSL, TLS and DTLS Plaintext Recovery Attack
http://cxsecurity.com/issue/WLB-2013020057

Mathematica9.0.1 on Linux /tmp/MathLink vulnerability
http://cxsecurity.com/issue/WLB-2013020056

Bohemian Arbitary File Upload
http://cxsecurity.com/issue/WLB-2013020055

webAssist Sql Injection Vulnerabilit
http://cxsecurity.com/issue/WLB-2013020054

cURL Buffer Overflow
http://cxsecurity.com/issue/WLB-2013020051

Easy Live Shop System SQL Injection
http://cxsecurity.com/issue/WLB-2013020050

Air Disk Wireless 1.9 LFI / Command Injection
http://cxsecurity.com/issue/WLB-2013020049

WordPress Audio Player SWF Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013020048

Lockstep Systems Backup for Workgroups Login Buffer Overflow Vulnerability
http://secunia.com/advisories/50260/

Cisco Unified MeetingPlace Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52109/

WordPress Pinboard Theme "tab" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52079/

IP.Board IP.Gallery Module Image Title Script Insertion Vulnerability
http://secunia.com/advisories/52144/

Apache CXF SOAP URIMappingInterceptor and Plaintext UsernameTokens Security Issues
http://secunia.com/advisories/51988/

SUSE update for MySQL
http://secunia.com/advisories/52159/

OpenStack Keystone HTTP Request Processing Denial of Service Vulnerability
http://secunia.com/advisories/52139/

InfoSphere Master Data Management Collaboration Server Multiple Vulnerabilities
http://secunia.com/advisories/52140/

SUSE update for kernel
http://secunia.com/advisories/52160/

IBM Tivoli Application Dependency Discovery Manager Web UI Portal Multiple Vulnerabilities
http://secunia.com/advisories/52128/

Ganglia Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/52100/

Nuance PDF Reader Multiple Vulnerabilities
http://secunia.com/advisories/52119/

Red Hat update for java-1.6.0-openjdk
http://secunia.com/advisories/52155/

Red Hat update for java-1.7.0-openjdk
http://secunia.com/advisories/52154/

Debian update for xen-qemu-dm-4.0
http://secunia.com/advisories/52038/

ezStats Multiple Products Information Disclosure Weakness
http://secunia.com/advisories/52097/

ezStats2 for Battlefield 3 Information Disclosure and Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/52104/

ActiveFax (ActFax) LPD/LPR and RAW Server Buffer Overflow Vulnerabilities
http://secunia.com/advisories/52096/

D-Link DIR-300 / DIR-600 Multiple Vulnerabilities
http://secunia.com/advisories/52080/

Rack "Rack::Session::Cookie" Information Disclosure Security Issue
http://secunia.com/advisories/52134/

Rack Insecure File Access Security Issue
http://secunia.com/advisories/52033/

Puppet Cross-Site Request Forgery and Information Disclosure
http://secunia.com/advisories/52127/

FFmpeg Multiple Vulnerabilities
http://secunia.com/advisories/52093/

SiteGo Multiple Vulnerabilities
http://secunia.com/advisories/52123/

Cybozu Garoon Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/52114/

Cybozu Garoon Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/52042/

Red Hat update for flash-plugin
http://secunia.com/advisories/52078/

CubeCart "unserialize()" Configuration Manipulation Vulnerability
http://secunia.com/advisories/52072/

VMware Multiple Products VMCI Privilege Escalation Vulnerability
http://secunia.com/advisories/52131/

Red Hat update for xen
http://secunia.com/advisories/52118/

WordPress Audio Player Plugin "playerID" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52083/

Debian update for ircd-hybrid
http://secunia.com/advisories/52106/

FreeBSD ftpd GLOB_LIMIT Resource Exhaustion Denial of Service
http://secunia.com/advisories/52025/

Microsoft Windows Flash Player Two Vulnerabilities
http://secunia.com/advisories/52117/

Adobe Flash Player Two Vulnerabilities
http://secunia.com/advisories/52116/

REMOTE: FreeFloat FTP 1.0 Raw Commands Buffer Overflow
http://www.exploit-db.com/exploits/24479

DoS/PoC: MS13-005 HWND_BROADCAST PoC
http://www.exploit-db.com/exploits/24485

DoS/PoC: Google Chrome Silent HTTP Authentication
http://www.exploit-db.com/exploits/24486

DoS/PoC: cURL Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/24487

DoS/PoC: Schneider Electric Accutech Manager Heap Overflow PoC
http://www.exploit-db.com/exploits/24474

Oracle Java SE CVE-2013-1476 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57696

ELinks CVE-2012-4545 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57065

Oracle Java SE CVE-2013-0434 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57730

Oracle Java SE CVE-2013-0433 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57719

Oracle Java SE CVE-2013-0432 Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57727

Oracle Java SE CVE-2013-0435 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57729

Oracle Java SE CVE-2013-0428 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57713

Oracle Java SE CVE-2013-0440 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57712

Oracle Java SE CVE-2013-0424 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57715

Oracle Java SE CVE-2013-0425 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57709

Oracle Java SE CVE-2013-0450 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57703

Oracle Java SE CVE-2013-1475 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57694

Oracle Java SE CVE-2013-0443 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57702

Oracle Java SE CVE-2013-0426 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57711

Oracle Java SE CVE-2013-0429 Remote Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57710

Oracle Java SE CVE-2013-1480 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57691

Oracle Java SE CVE-2013-0441 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57692

Oracle Java SE CVE-2013-0442 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57687

Oracle Java SE CVE-2013-1478 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57686

D-Link DIR-615 Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/57882

Mozilla Firefox/Thunderbird/SeaMonkey Marquee Elements Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47646

Debian 'android-tools' Package Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/56653

libxslt 'generate-id()' Function Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47668

Google Chrome prior to 10.0.648.127 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/46785

Mozilla Firefox/Thunderbird/SeaMonkey HTML Frameset Tag Interger Overflow Vulnerability
http://www.securityfocus.com/bid/47648

Mozilla Firefox/Thunderbird/SeaMonkey HTML Content Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47641

Mozilla Firefox/Thunderbird/SeaMonkey Out-Of-Memory Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47651

Mozilla Firefox/Thunderbird/SeaMonkey HTML Content (CVE-2011-0081) Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47653

Mozilla Firefox/Thunderbird/SeaMonkey HTML Iframe Tag Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47647

Multiple Fortinet FortiMail IBE Appliances Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57601

Oracle Java SE CVE-2013-0431 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57726

Oracle Java SE CVE-2013-0444 Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57701

Oracle Java SE CVE-2013-0445 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57689

Mozilla Firefox/SeaMonkey 'nsTreeRange' Dangling Pointer Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47663

Mozilla Firefox/Thunderbird/SeaMonkey Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47655

Mozilla Firefox/Thunderbird/SeaMonkey 'resource:' Protocol Directory Traversal Vulnerability
http://www.securityfocus.com/bid/47666

Mozilla Firefox/Thunderbird/SeaMonkey Cross-Domain JavaScript Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47656

Mozilla Firefox/Thunderbird/SeaMonkey Double Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47654

Mozilla Firefox/SeaMonkey 'OnChannelRedirect' Method Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47659

Mozilla Firefox/SeaMonkey CVE-2011-0067 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47667

Mozilla Firefox/SeaMonkey OBJECT 'mObserverList' Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47662

Oracle Java SE CVE-2013-0427 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57724

SSSD Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/57539

vsftpd FTP Server 'ls.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46617

PostgreSQL 'enum_recv()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/57844

WordPress Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57554

Ruby on Rails 'convert_json_to_yaml()' Method Security Vulnerability
http://www.securityfocus.com/bid/57575

Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/57876

'glibc' Library 'locale/programs/locale.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47370

GNU glibc 'fnmatch()' Function Stack Corruption Vulnerability
http://www.securityfocus.com/bid/46563

Apache Tomcat NIO Connector Denial of Service Vulnerability
http://www.securityfocus.com/bid/46164

RETIRED: VLC Media Player ASF File Handling Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57629

VLC Media Player ASF File Handling Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57333

GNU glibc Dynamic Linker '$ORIGIN' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44154

Oracle MySQL Server Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56771

Oracle MySQL Server Heap Overflow Vulnerability
http://www.securityfocus.com/bid/56768

Oracle MySQL and MariaDB 'acl_get()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56769

Oracle MySQL Server Username Enumeration Weakness
http://www.securityfocus.com/bid/56766

PostgreSQL Multiple Privilege Escalation and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/27163

libssh CVE-2013-0176 Denial of Service Vulnerability
http://www.securityfocus.com/bid/57571

ISC DHCP 'dhclient' Shell Characters in Response Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47176

Schneider Electric Accutech Manager Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57651

QEMU CVE-2012-6075 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57420

ircd-ratbox 'm_capab.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/57085

RedHat Multiple JBoss Enterprise Products CVE-2012-5629 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57890

Cisco Linksys WRT160N Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57887

IBM InfoSphere Master Data Management Collaboration Server Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/57886

Lockstep Systems Backup for Workgroups Login Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57883

Linksys WAG200G Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57879

Apache CXF CVE-2012-5633 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57874

Freefloat FTP Server Raw Commands Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57888

IRIS Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/57891

WordPress Pinboard Theme 'tab' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57873

Broadcom UPnP Stack 'SetConnectionType()' Function Format String Vulnerability
http://www.securityfocus.com/bid/57649

Mathematica '/tmp/MathLink' Symlink Attack Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40169

Linux Kernel 'MSR' Driver Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57838

Squid 'cachemgr.cgi' Incomplete Fix Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57646

Squid 'cachemgr.cgi' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/56957

Linux Kernel KVM CVE-2012-4461 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56414

RETIRED: MatrixSSL TLS Implementation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57837

Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57778

Microsoft Windows CVE-2013-0008 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57135

libvirt 'virNetMessageFree()' Function Use After Free Code Execution Vulnerability
http://www.securityfocus.com/bid/57578

CHICKEN Multiple Local Security Vulnerabilities
http://www.securityfocus.com/bid/57679

RoundCube Webmail Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57849

libexif Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/54437

GNU libc glob(3) 'GLOB_LIMIT' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/43819

Adobe Flash Player CVE-2013-0633 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57788

Adobe Flash Player CVE-2013-0634 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57787

cURL/libcURL 'Curl_sasl_create_digest_md5_message()' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57842

Xen PV Domain Builder Kernel Decompression Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/56289

IBM Tivoli Application Dependency Discovery Manager Web UI Portal Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57878

TP-LINK TL-WR2543ND Admin Panel Multiple Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/57877

Cybozu Garoon CVE-2013-0702 Unspecified Cross Site Scripting Vulnerabilitiy
http://www.securityfocus.com/bid/57871

Ganglia Web CVE-2013-0275 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/57870

FFmpeg Prior to 1.0.2 Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/57868

Cybozu Garoon CVE-2013-0701 Unspecified SQL Injection Vulnerabilitiy
http://www.securityfocus.com/bid/57866

Rack 'Rack::File()' Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/57862

Rack Timing Attack Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57860

Air Disk Free Local File Include and Command Injection Vulnerabilities
http://www.securityfocus.com/bid/57859

:: IT Security Neophyte Investigator's MEMO ::

2013年2月12日火曜日

12日火曜日、先負

0 件のコメント:

コメントを投稿

2013年2月12日火曜日

12日 火曜日、先負

0 件のコメント:

コメントを投稿

12日火曜日、先負