:: IT Security Neophyte Investigator's MEMO ::: 18日月曜日、先負

2013年2月18日月曜日

18日月曜日、先負

+ UPDATE: APSA13-02 Security Advisory for Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa13-02.html

+ phpMyAdmin 3.5.7 is released
http://sourceforge.net/p/phpmyadmin/news/2013/02/phpmyadmin-357-is-released/

+ PSN-2013-02-847 2013-02 Network Management, Identity and Policy Control Security Advisories Released
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-02-847&viewMode=view

+ Linux kernel 3.7.9, 3.4.32, 3.0.65 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.9
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.32
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.65

+ Linux Kernel '__skb_recv_datagram()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57964

+ Apple iPhone Lock Screen Security Bypass Vulnerability
http://www.securityfocus.com/bid/57967

Mitigating the BEAST attack in R75.40VS
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk74100&src=securityAlerts

サーバメンテナンスのお知らせ　（2013年2月20日）
http://www.trendmicro.co.jp/support/news.asp?id=1911

定期サーバメンテナンスのお知らせ（2013年2月22日）
http://www.trendmicro.co.jp/support/news.asp?id=1910

Advisory: Sophos Anti-Virus for UNIX - Process memory limit recommendations on AIX systems
http://www.sophos.com/en-us/support/knowledgebase/118805.aspx

[ MDVSA-2013:012 ] postgresql
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00067.html

Empirum Password Obfuscation Design Flaw
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00068.html

最新サイバー攻撃に備える
スマホからの情報漏洩を防ぐ
http://itpro.nikkeibp.co.jp/article/COLUMN/20130201/453547/?ST=security

アドビのPDFリーダーに致命的なセキュリティ問題、修正プログラムは未公開
http://itpro.nikkeibp.co.jp/article/NEWS/20130215/456495/?ST=security

JVN#65458431 concrete5 におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN65458431/

JVN#02596643 3DM (3ware Disk Manager) におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN02596643/

JVNVU#92991067 Adobe Reader および Acrobat に脆弱性
http://jvn.jp/cert/JVNVU92991067/

JVNDB-2013-001571 Cisco Small Business ワイヤレスアクセスポイントにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001571.html

JVNDB-2013-001570 Cisco Nexus 7000 上で稼働する Cisco NX-OS におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001570.html

JVNDB-2013-001569 Cisco Unity Express におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001569.html

JVNDB-2013-001568 Cisco ATA 187 Analog Telephone Adaptor におけるオペレーティングシステムのコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001568.html

JVNDB-2013-001567 Cisco Catalyst スイッチ上で稼働する Cisco IOS におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001567.html

JVNDB-2013-001566 JSON gem におけるサービス運用妨害 (リソース消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001566.html

JVNDB-2013-001565 WordPress 用 Featurific For WordPress プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001565.html

JVNDB-2013-001564 WordPress 用 Lazyest Backup プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001564.html

JVNDB-2013-001563 SAP NetWeaver におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001563.html

JVNDB-2013-001562 SonicWALL Aventail における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001562.html

JVNDB-2013-001561 AXIS M10 Series Network Cameras M1054 におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001561.html

JVNDB-2013-001560 SAP NetWeaver におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001560.html

JVNDB-2013-001559 OrangeHRM における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001559.html

JVNDB-2013-001558 OrangeHRM におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001558.html

JVNDB-2013-001557 Joomla! における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001557.html

JVNDB-2013-001556 Joomla! における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001556.html

JVNDB-2013-001555 Joomla! における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001555.html

JVNDB-2013-001554 Ruby on Rails の ActiveRecord におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001554.html

JVNDB-2013-001553 Ruby on Rails の ActiveRecord における attr_protected 保護メカニズムを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001553.html

JVNDB-2013-001552 xNBD の xnbd-server および xndb-wrapperr における任意のファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001552.html

JVNDB-2013-001551 PostgreSQL におけるサービス運用妨害 (サーバクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001551.html

JVNDB-2013-001550 QXL Virtual GPU におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001550.html

JVNDB-2013-001549 IRCD-Hybrid におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001549.html

JVNDB-2013-001544 (JVNVU#92991067) Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001544.html

JVNDB-2013-001543 (JVNVU#92991067) Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001543.html

JVNDB-2013-000011 (JVN#02596643) 3DM (3ware Disk Manager) におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000011.html

JVNDB-2013-001548 Linux Kernel 用 Xen におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001548.html

JVNDB-2013-001547 Linux Kernel 用 Xen におけるサービス運用妨害 (ゲストクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001547.html

JVNDB-2013-001546 Xen におけるサービス運用妨害 (ホストのメモリ消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001546.html

JVNDB-2013-001545 Qemu の e1000 デバイスドライバにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001545.html

JVNDB-2013-001542 (JVNTA13-043A) Adobe Shockwave Player におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001542.html

JVNDB-2013-001541 (JVNTA13-043A) Adobe Shockwave Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001541.html

HP ArcSight Connector Appliance and Logger Vulnerabilities
https://isc.sans.edu/diary.html?storyid=15178

Adobe Acrobat and Reader Security Update Planed this Week
https://isc.sans.edu/diary.html?storyid=15181

Fedora RedHat Vulnerabilty Released
https://isc.sans.edu/diary.html?storyid=15172

Looking for some packets going to tcp/8520
https://isc.sans.edu/diary.html?storyid=15169

Linux Kernel Race Condition Lets Local Users Gain Kernel Level Privileges
http://www.securitytracker.com/id/1028147

Linux Kernel Infinite Loop in __skb_recv_datagram() Lets Local Users Deny Service
http://www.securitytracker.com/id/1028146

Symantec PGP Desktop Buffer Overflows Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028145

HP ArcSight Connectors Bugs Permits Cross-Site Scripting Attacks, Command Injection, and Information Disclosure Attacks
http://www.securitytracker.com/id/1028144

Apple iPhone Bug Lets Local Users Bypass the Lock Screen to Access the Phone Application
http://www.securitytracker.com/id/1028143

Linux Kernel "__skb_recv_datagram()" Denial of Service Vulnerability
http://secunia.com/advisories/52170/

SUSE update for blender
http://secunia.com/advisories/52195/

SUSE update for gnome-online-accounts
http://secunia.com/advisories/52198/

Pacemaker Authentication Request Processing Denial of Service Vulnerability
http://secunia.com/advisories/52171/

IBM InfoSphere DataStage Information Server Web Console Script Insertion Vulnerabilities
http://secunia.com/advisories/52187/

Apple iOS for iPhone Emergency Call Sleep Button "Passcode Lock" Bypass Weakness
http://secunia.com/advisories/52173/

Mahara Flowplayer Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52074/

Ubuntu update for OpenJDK
http://secunia.com/advisories/52206/

ArcSight Connectors / Logger Information Disclosure and Command Injection Vulnerabilities
http://secunia.com/advisories/52229/

Niagara Framework Web Interface Security Bypass Vulnerability
http://secunia.com/advisories/52208/

Ubuntu update for Qt
http://secunia.com/advisories/52217/

Ubuntu update for kernel
http://secunia.com/advisories/52199/

SUSE update for flash-player
http://secunia.com/advisories/52197/

OpenEMR Multiple Vulnerabilities
http://secunia.com/advisories/52145/

Linux Kernel race condition with PTRACE_SETREGS (CVE-2013-0871)
http://cxsecurity.com/issue/WLB-2013020115

Linux Kernel 3.4/3.8 Local DOS (endless loop with interrupts disabled)
http://cxsecurity.com/issue/WLB-2013020110

Empirum Password Obfuscation
http://cxsecurity.com/issue/WLB-2013020114

IBM Lotus Domino 8.5.3 XSS & CSRF & Redirection
http://cxsecurity.com/issue/WLB-2013020113

Cometchat Cross Site Scripting / Code Execution
http://cxsecurity.com/issue/WLB-2013020112

SAP Netweaver Message Server Buffer Overflow
http://cxsecurity.com/issue/WLB-2013020111

Sonar v.3.4.1 => Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013020088

chillyCMS 1.3.0 Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2013020109

Ultra Light Forum Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013020108

Raidsonic IB-NAS5220 / IB-NAS4220-B XSS / Authentication Bypass
http://cxsecurity.com/issue/WLB-2013020107

Photodex ProShow Producer 5.0.3297 Memory Corruption
http://cxsecurity.com/issue/WLB-2013020106

Edimax EW-7206APg & EW-7209APg Redirection / XSS / Header Injection
http://cxsecurity.com/issue/WLB-2013020105

TP-Link TL-WA701N / TL-WA701ND Directory Traversal & XSS
http://cxsecurity.com/issue/WLB-2013020104

DoS/PoC: SAP Netweaver Message Server Multiple Vulnerabilities
http://www.exploit-db.com/exploits/24511

IBM Lotus Domino HTTP Response Splitting and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55095

PostgreSQL 'enum_recv()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/57844

HP Arcsight Multiple Products HTML Injection Vulnerability
http://www.securityfocus.com/bid/54824

Linux Kernel '__skb_recv_datagram()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57964

Flowplayer 'linkUrl' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/48651

Adobe Flash Player and AIR CVE-2013-1373 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57917

Adobe Flash Player and AIR CVE-2013-1368 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57922

Adobe Flash Player and AIR CVE-2013-1370 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57919

Adobe Flash Player and AIR CVE-2013-0638 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57926

Adobe Flash Player and AIR CVE-2013-0639 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/57925

Adobe Flash Player and AIR CVE-2013-1374 Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57932

Adobe Flash Player and AIR CVE-2013-1369 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57918

Adobe Flash Player and AIR CVE-2013-1372 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57912

Adobe Flash Player and AIR CVE-2013-0637 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57929

Adobe Flash Player and AIR CVE-2013-0644 Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57933

Adobe Flash Player and AIR CVE-2013-0649 Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57930

Adobe Flash Player and AIR CVE-2013-0642 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57923

Adobe Flash Player and AIR CVE-2013-1365 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57921

Adobe Flash Player and AIR CVE-2013-1367 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57924

Adobe Flash Player and AIR CVE-2013-1366 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57920

Adobe Flash Player and AIR CVE-2013-0645 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57916

WordPress NextGEN Gallery Plugin Path Disclosure Vulnerability
http://www.securityfocus.com/bid/57957

Oracle Java SE CVE-2013-0438 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57708

Oracle Java SE CVE-2013-1478 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57686

Oracle Java SE CVE-2013-0409 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57728

Oracle Java SE CVE-2013-0432 Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57727

Oracle Java SE CVE-2013-0433 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57719

Oracle Java SE CVE-2013-1476 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57696

Oracle Java SE CVE-2013-1481 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57718

Oracle Java SE CVE-2013-0423 Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57716

Oracle Java SE CVE-2013-1480 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57691

Oracle Java SE CVE-2013-0419 Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57714

Oracle Java SE CVE-2013-0450 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57703

Oracle Java SE CVE-2012-3342 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57700

Oracle Java SE CVE-2013-1473 Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57731

Oracle Java SE CVE-2013-0441 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57692

Oracle Java SE CVE-2013-0449 Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57704

Oracle Java SE CVE-2013-0448 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57723

Oracle Java SE CVE-2013-1475 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57694

Oracle Java SE CVE-2013-0446 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57699

Oracle Java SE CVE-2013-0443 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57702

Oracle Java SE CVE-2013-0445 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57689

Oracle Java SE CVE-2013-0440 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57712

Oracle Java SE CVE-2013-0444 Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57701

Oracle Java SE CVE-2013-0442 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57687

Oracle Java SE CVE-2012-1541 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57697

Oracle Java SE CVE-2013-0351 Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57720

Oracle Java SE CVE-2012-3213 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57717

Oracle Java SE CVE-2013-0428 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57713

Oracle Java SE CVE-2013-0429 Remote Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57710

Oracle Java SE CVE-2013-0434 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57730

Oracle Java SE CVE-2013-0430 Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57722

Oracle Java SE CVE-2013-0435 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57729

Linux Kernel hypervkvpd 'hv_kvp_daemon.c' Netlink Packet Processing Denial of Service Vulnerability
http://www.securityfocus.com/bid/56710

Linux Kernel 'ext4_convert_unwritten_exten()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56238

Linux Kernel hypervkvpd 'hv_kvp_daemon.c' Netlink Packet Spoofing Denial of Service Vulnerability
http://www.securityfocus.com/bid/56734

Xen 'xen_failsafe_callback()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57433

dbus-glib CVE-2013-0292 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57985

pyrad Password Hash Information Disclosure Vulnerability and Packet Spoofing Vulnerability
http://www.securityfocus.com/bid/57984

CometChat Remote Code Execution and Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/57979

HP Arcsight Multiple Products CVE-2012-5199 Local Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/57975

pigz Insecure File Permissions Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57971

Edimax EW-7206APg And EW-7209APg Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57970

TP-Link TL-WA701N and TL-WA701ND Directory Traversal and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/57969

Apple iPhone Lock Screen Security Bypass Vulnerability
http://www.securityfocus.com/bid/57967

:: IT Security Neophyte Investigator's MEMO ::

2013年2月18日月曜日

18日月曜日、先負

0 件のコメント:

コメントを投稿

2013年2月18日月曜日

18日 月曜日、先負

0 件のコメント:

コメントを投稿

18日月曜日、先負