:: IT Security Neophyte Investigator's MEMO ::: 28日木曜日、先勝

2013年2月28日木曜日

28日木曜日、先勝

+ RHSA-2013:0567 Important: kernel security update
http://rhn.redhat.com/errata/RHSA-2013-0567.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0871

+ RHSA-2013:0568 Important: dbus-glib security update
http://rhn.redhat.com/errata/RHSA-2013-0568.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0292

+ APSB13-08 Security updates available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb13-08.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0648

+ Cisco Unified Presence Server Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cups

+ Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm

+ Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-hcs

+ UPDATE: マイクロソフトセキュリティアドバイザリ (2755801) Internet Explorer 10 上の Adobe Flash Player の脆弱性用の更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801

+ Linux kernel 3.7.10 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10

+ Sudo 1.8.6p7, 1.7.10p7 released
http://www.sudo.ws/sudo/stable.html#1.8.6p7
http://www.sudo.ws/sudo/stable.html#1.7.10p7

+ Authentication bypass when clock is reset
http://www.sudo.ws/sudo/alerts/epoch_ticket.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775

+ Potential bypass of tty_tickets constraints
http://www.sudo.ws/sudo/alerts/tty_tickets.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776

ウイルスバスタービジネスセキュリティサービスメンテナンスのお知らせ(2013年3月2日)
http://www.trendmicro.co.jp/support/news.asp?id=1917

Advisory: SafeGuard Configuration Protection - a tool to avoid potential issues after upgrading clients running Sophos Anti-Virus has now been released
http://www.sophos.com/en-us/support/knowledgebase/118461.aspx

pgBadger 3 released : now with parallel parsing
http://www.postgresql.org/about/news/1450/

Adobe Flash Player の脆弱性対策について (APSB13-08)(CVE-2013-0643等)
http://www.ipa.go.jp/security/ciadr/vul/20130227-adobeflashplayer.html

「日本的経営と情報セキュリティ研究会」報告書を公開
http://www.ipa.go.jp/security/fy24/reports/nihontekikeiei/index.html

世界のセキュリティ・ラボから
サンドボックスを通過するPDF攻撃
http://itpro.nikkeibp.co.jp/article/COLUMN/20130227/459266/?ST=security

“誤認逮捕”を防ぐWebセキュリティ強化術
［4］DNSリバインディング
http://itpro.nikkeibp.co.jp/article/COLUMN/20130218/456766/?ST=security

アンドロイダーがAndroidの「安全アプリ」情報をAPIで無償提供、MDMとも連携
http://itpro.nikkeibp.co.jp/article/NEWS/20130227/459444/?ST=security

GMOグローバルサインが政治活動向け認証サービスを開発、政党には「寄付」で提供
http://itpro.nikkeibp.co.jp/article/NEWS/20130227/459428/?ST=security

Adobe Flashに複数のセキュリティ脆弱性、今月3回目の修正リリース
http://itpro.nikkeibp.co.jp/article/NEWS/20130227/459323/?ST=security

［CD 2013］クラウドやスマホなどITの最前線が分かる専門展開幕、90セッション超えるセミナーと展示を実施
http://itpro.nikkeibp.co.jp/article/COLUMN/20130222/458181/?ST=security

原子力発電所にもサイバー攻撃、施設が一時停止に追い込まれたケースも
http://itpro.nikkeibp.co.jp/article/Interview/20130226/459134/?ST=security

“誤認逮捕”を防ぐWebセキュリティ強化術
［3］HTTPヘッダーインジェクションとクリックジャッキング
http://itpro.nikkeibp.co.jp/article/COLUMN/20130218/456765/?ST=security

[SECURITY] [DSA 2634-1] python-django security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00144.html

[SECURITY] [DSA 2633-1] fusionforge security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00143.html

[ MDVSA-2013:015 ] apache
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00141.html

Denial of Service vulnerability in War FTP Daemon 1.82
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00142.html

[SECURITY] [DSA 2632-1] linux-2.6 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00140.html

[slackware-security] seamonkey (SSA:2013-056-01)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00139.html

JVN#16817324 複数のジャストシステム製品において任意のコードが実行される脆弱性
http://jvn.jp/jp/JVN16817324/index.html

JVNDB-2013-001544 (JVNVU#92991067) Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001544.html

JVNDB-2013-001543 (JVNVU#92991067) Adobe Reader および Acrobat における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001543.html

JVNDB-2013-001698 (JVNVU#90797811) Dell PowerConnect 6248P にサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001698.html

JVNDB-2013-001697 (JVNVU#91334049) CS-Cart に検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001697.html

JVNDB-2013-001696 Apache HTTP Server の mod_proxy_balancer モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001696.html

JVNDB-2013-001695 Apache HTTP Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001695.html

JVNDB-2013-001694 CloudBees Jenkins におけるマスターの暗号化キーを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001694.html

JVNDB-2013-001693 Roundcube Webmail におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001693.html

JVNDB-2013-001692 JForum の jforum.page におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001692.html

JVNDB-2013-001691 Red Hat OpenShift Origin における任意のファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001691.html

JVNDB-2013-001690 Red Hat OpenShift Origin の rhc-chk.rb における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001690.html

JVNDB-2013-001689 Red Hat OpenShift Origin におけるオープンリダイレクトの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001689.html

JVNDB-2013-001688 Red Hat OpenShift Origin における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001688.html

JVNDB-2013-001687 Red Hat Enterprise Linux で使用される autofs におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001687.html

JVNDB-2013-001686 複数の OpenStack 製品におけるサービス運用妨害 (ディスク消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001686.html

JVNDB-2013-001685 複数の OpenStack 製品の store/swift.py における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001685.html

JVNDB-2013-001684 System Security Services Daemon におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001684.html

JVNDB-2013-001683 System Security Services Daemon における任意のファイルを作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001683.html

JVNDB-2013-001682 OpenConnect の http.c におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001682.html

JVNDB-2013-001681 3S CODESYS Gateway-Server におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001681.html

JVNDB-2013-001680 3S CODESYS Gateway-Server における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001680.html

JVNDB-2013-001679 3S CODESYS Gateway-Server における整数符号エラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001679.html

JVNDB-2013-001678 3S CODESYS Gateway-Server におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001678.html

JVNDB-2013-001677 3S CODESYS Gateway-Server における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001677.html

JVNDB-2013-001676 複数の Honeywell 製品の HscRemoteDeploy.dll における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001676.html

JVNDB-2013-001675 Bugzilla におけるプライベートプロダクト名を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001675.html

JVNDB-2013-001674 Bugzilla の show_bug.cgi におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001674.html

JVNDB-2013-001673 Novell GroupWise のクライアントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001673.html

JVNDB-2013-001672 Novell GroupWise のクライアント内の gwcls1.dll における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001672.html

JVNDB-2013-001671 (JVNVU#96946668) BigAntSoft BigAnt IM Message Server におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001671.html

JVNDB-2013-001670 (JVNVU#96946668) BigAntSoft BigAnt IM Message Server における任意のファイルを作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001670.html

JVNDB-2013-001669 (JVNVU#96946668) BigAntSoft BigAnt IM Message Server における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001669.html

JVNDB-2013-001668 IBM WebSphere Cast Iron における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001668.html

JVNDB-2013-001667 複数の VMware 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001667.html

JVNDB-2013-001666 Google Chrome の WebKit の MathML の実装における脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001666.html

JVNDB-2013-001665 Google Chrome の ICU 機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001665.html

JVNDB-2013-001664 Google Chrome で使用される Opus の src/opus_decoder.c における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001664.html

JVNDB-2013-001663 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001663.html

JVNDB-2013-001662 Google Chrome の PDF 機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001662.html

JVNDB-2013-001661 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001661.html

JVNDB-2013-001660 Google Chrome における任意のプログラムを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001660.html

JVNDB-2013-001659 Google Chrome で使用される FFmpeg の libavcodec におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001659.html

JVNDB-2013-001658 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001658.html

JVNDB-2013-001657 Google Chrome の IPC レイヤにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001657.html

JVNDB-2013-001656 Google Chrome における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001656.html

JVNDB-2013-001655 Google Chrome の IPC レイヤにおけるサービス運用妨害 (メモリ破損) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001655.html

JVNDB-2013-001654 Google Chrome における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001654.html

JVNDB-2013-001653 Google Chrome で使用される Skia におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001653.html

JVNDB-2013-001652 Google Chrome の developer-tools プロセスにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001652.html

JVNDB-2013-001651 Mac OS X 上で稼働する Google Chrome における脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001651.html

JVNDB-2013-001650 Google Chrome における脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001650.html

JVNDB-2013-001649 Google Chrome における脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001649.html

JVNDB-2013-001648 Google Chrome で使用される Skia におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001648.html

JVNDB-2013-001647 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001647.html

JVNDB-2013-001646 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001646.html

JVNDB-2013-001645 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001645.html

JVNDB-2013-001644 Google Chrome におけるサービス運用妨害 (メモリ破損) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001644.html

JVNDB-2013-000015 (JVN#16817324) 複数のジャストシステム製品において任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000015.html

Libxml2 Entity Expansion May Let Remote Users Deny Service
http://www.securitytracker.com/id/1028212

Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028210

McAfee VirusScan Enterprise Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028209

Cisco Cloud Portal nsAPI Permission Validation Flaw Lets Remote Authenticated Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1028208

Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1028207

Cisco ASA NAT Connections Table Memory Exhaustion Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028206

GIT 'git-imap-send' Certificate Validation Flaw Lets Remote Users Spoof an IMAP Server
http://www.securitytracker.com/id/1028205

Guest Diary: Dylan Johnson - There's value in them there logs!
https://isc.sans.edu/diary.html?storyid=15289

All I need Java for is ....
https://isc.sans.edu/diary.html?storyid=15283

REMOTE: Kordil EDMS v2.2.60rc3 Unauthenticated Arbitrary File Upload Vulnerability
http://www.exploit-db.com/exploits/24547

REMOTE: Glossword v1.8.8 - 1.8.12 Arbitrary File Upload Vulnerability
http://www.exploit-db.com/exploits/24548

REMOTE: PolarPearCms PHP File Upload Vulnerability
http://www.exploit-db.com/exploits/24549

LOCAL: Archlinux x86-64 3.3.x-3.7.x x86-64 sock_diag_handlers[] Local Root
http://www.exploit-db.com/exploits/24555

Linux Kernel 3.2 VFAT slab-based buffer overflow
http://cxsecurity.com/issue/WLB-2013020202

Archlinux/x86-64 3.1.x-3.7.x x86-64 CVE-2013-1763 sock_diag_handlers[] warez
http://cxsecurity.com/issue/WLB-2013020201

Linux Kernel 3.0/3.4 buffer overflow call_console_drivers() Function Log
http://cxsecurity.com/issue/WLB-2013020197

Brewthology 0.1 SQL Injection
http://cxsecurity.com/issue/WLB-2013020200

Gambas /tmp Directory Hijack
http://cxsecurity.com/issue/WLB-2013020199

War FTP Daemon 1.82 Denial Of Service
http://cxsecurity.com/issue/WLB-2013020198

WordPress Comment Rating Plugin Security Bypass Weakness and SQL Injection Vulnerability
http://secunia.com/advisories/52348/

War FTP Daemon "CDUP" Command Processing Denial of Service Vulnerability
http://secunia.com/advisories/52362/

Dell SonicWALL Scrutinizer Script Insertion and SQL Injection Vulnerabilities
http://secunia.com/advisories/52177/

Dell SonicWALL Scrutinizer Script Insertion and SQL Injection Vulnerabilities
http://secunia.com/advisories/52169/

TAO "id" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52327/

Debian update for fusionforge
http://secunia.com/advisories/52371/

OpenStack Compute (Nova) VNC Console Token Validation Security Bypass Weakness
http://secunia.com/advisories/52337/

DataTables TableTools Plugin Two "id" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/52333/

IP.Board IP.Blog Module ModCP Information Disclosure Security Issue
http://secunia.com/advisories/52405/

FusionForge Insecure File Permissions Security Issue
http://secunia.com/advisories/52318/

IBM Multiple Products Java Two Vulnerabilities
http://secunia.com/advisories/52402/

IP.Board IP.Gallery Module Gallery Profile Information Disclosure Security Issue
http://secunia.com/advisories/52397/

IP.Board IP.Downloads Module Two Security Issues
http://secunia.com/advisories/52382/

IP.Board IP.Calendar Module Denial of Service Vulnerability
http://secunia.com/advisories/52373/

Cisco ASA Xlate Table Exhaustion Denial of Service Vulnerability
http://secunia.com/advisories/52331/

IBM InfoSphere Guardium S-TAP for DB2 Component Privilege Escalation Vulnerability
http://secunia.com/advisories/52372/

Debian update for python-django
http://secunia.com/advisories/52350/

Citrix XenServer Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/52353/

Red Hat update for kernel
http://secunia.com/advisories/52399/

Microsoft Windows Flash Player Multiple Vulnerabilities
http://secunia.com/advisories/52392/

Red Hat update for dbus-glib
http://secunia.com/advisories/52375/

Adobe Flash Player Multiple Vulnerabilities
http://secunia.com/advisories/52374/

Libxml2 Entity Expansion Denial of Service Vulnerability
http://secunia.com/advisories/52277/

SAP NetWeaver Multiple Vulnerabilities
http://secunia.com/advisories/52385/

JustSystems Multiple Products Unspecified Code Execution Vulnerability
http://secunia.com/advisories/52379/

IBM Security Network Intrusion Prevention System OpenSSL Multiple Vulnerabilities
http://secunia.com/advisories/52334/

Piwigo User Collections Plugin ZeroClipboard Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52309/

Trac MultiProject Plugin Multiple Vulnerabilities
http://secunia.com/advisories/52266/

CS-Cart PayPal Payment Security Bypass Vulnerability
http://secunia.com/advisories/52393/

Cisco Cloud Portal nsAPI Interface Information Disclosure Security Issue
http://secunia.com/advisories/52376/

IBM System Storage TS3500 Tape Library Web Interface Security Bypass Vulnerability
http://secunia.com/advisories/52345/

Ubuntu update for kernel
http://secunia.com/advisories/52326/

Linux Kernel "__sock_diag_rcv_msg()" Privilege Escalation Vulnerability
http://secunia.com/advisories/52289/

EasyWebScripts eBay Clone Script Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/52329/

Debian update for linux-2.6
http://secunia.com/advisories/52336/

Gallery Multiple Vulnerabilities
http://secunia.com/advisories/52349/

MDaemon Multiple Vulnerabilities
http://secunia.com/advisories/52244/

McAfee VirusScan Enterprise Privilege Escalation Vulnerability
http://secunia.com/advisories/52386/

SUSE update for kernel
http://secunia.com/advisories/52365/

Ubuntu update for pidgin
http://secunia.com/advisories/52346/

Apache HTTP Server Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/52394/

Ubuntu update for thunderbird
http://secunia.com/advisories/52388/

Debian update for openjpeg
http://secunia.com/advisories/52387/

Adobe Flash Player CVE-2013-0643 Unspecified Security Vulnerability
http://www.securityfocus.com/bid/58185

Adobe Flash Player CVE-2013-0504 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/58184

Adobe Flash Player CVE-2013-0648 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58186

Cisco Unified Communications Domain Manager Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57567

dbus-glib CVE-2013-0292 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57985

Ruby on Rails Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/57084

Ruby on Rails CVE-2013-0156 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57187

Ruby on Rails CVE-2012-2660 SQL Injection Vulnerability
http://www.securityfocus.com/bid/53754

Ruby on Rails Active Record CVE-2012-2695 SQL Injection Vulnerability
http://www.securityfocus.com/bid/53970

Ruby on Rails 'authenticate_or_request_with_http_digest' Method Denial Of Service Vulnerability
http://www.securityfocus.com/bid/54704

Ruby on Rails CVE-2012-2694 Unsafe SQL Query Generation Vulnerability
http://www.securityfocus.com/bid/53976

OpenSSL CVE-2012-2131 Encoded ASN.1 Data Incomplete Fix Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53212

OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764

OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/51281

Dell SonicWALL Scrutinizer Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/57949

Dell SonicWALL Scrutinizer Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/57914

War FTP Daemon Log Messages Denial of Service Vulnerability
http://www.securityfocus.com/bid/58182

Oracle Java SE CVE-2012-1720 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53956

Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071

GnuTLS TLS And DTLS Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57736

Xen AMD IOMMU CVE-2013-0153 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57745

Xen OXenstored Daemon CVE-2013-0215 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57742

Xen Linux netback CVE-2013-0216 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57743

Xen Linux netback CVE-2013-0217 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57744

Xen Linux PCI Backend Drivers Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57740

Linux Kernel CVE-2013-1763 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/58137

Rsync Daemon Excludes Multiple File Access Vulnerabilities
http://www.securityfocus.com/bid/26639

GNOME Online Accounts CVE-2013-0240 SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/57753

Dnsmasq Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54353

Multiple OpenStack Products Information Disclosure and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/58022

Django 'HttpRequest.get_host()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56146

Django Denial of Service Vulnerability And Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/58061

Mozilla Firefox and Thunderbird 'loadSubScript()' Security Bypass Vulnerability
http://www.securityfocus.com/bid/50589

Mozilla Firefox and Thunderbird Shift-JIS Encoding HTML Injection Vulnerability
http://www.securityfocus.com/bid/50593

Mozilla Firefox and Thunderbird CVE-2011-3650 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50595

Drupal Creative Theme Social Icon HTML Injection Vulnerability
http://www.securityfocus.com/bid/58215

Drupal Fresh Theme HTML Injection Vulnerability
http://www.securityfocus.com/bid/58214

Drupal Best Responsive Theme HTML Injection Vulnerability
http://www.securityfocus.com/bid/58213

Drupal Professional Theme HTML Injection Vulnerability
http://www.securityfocus.com/bid/58212

Drupal Clean Theme Slide Gallery HTML Injection Vulnerability
http://www.securityfocus.com/bid/58211

Drupal Company Theme Slide Gallery HTML Injection Vulnerability
http://www.securityfocus.com/bid/58210

Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/58207

Cisco Prime Central for HCS Assurance CVE-2013-1135 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/58206

Cisco Unified Presence Server CVE-2013-1137 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/58205

Ganglia Web 'view_name' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/58204

Todd Miller Sudo Local Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/58203

Linux Kernel VFAT Filesystem Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/58200

IP.Board IP.Downloads Multiple Access Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/58199

Poppler Multiple Denial of Service and Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/58198

DataTables TableTools Plugin 'id' Parameter Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/58196

Gambas Insecure Temporary Directory Creation Vulnerability
http://www.securityfocus.com/bid/58192

FusionForge CVE-2013-1423 Multiple Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/58143

JBoss Web Services W3C XML Encryption Standard Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55770

Linux Kernel 'call_console_drivers()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/58118

Monkey 'master.log' Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/58140

Linux Kernel CVE-2013-0871 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57986

Adobe Acrobat And Reader CVE-2013-0640 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57931

Adobe Acrobat And Reader CVE-2013-0641 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57947

ZeroClipboard 'id' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/58116

IBM HTTP Server Multiple Modules Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/58119

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0774 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/58038

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0777 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58048

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0778 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58050

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0776 URI Spoofing Vulnerability
http://www.securityfocus.com/bid/58044

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0783 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/58037

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0775 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58042

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0773 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58041

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0780 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58043

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0765 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58036

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0782 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58047

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0779 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58051

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0784 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/58040

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0781 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/58049

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0772 Out-of-Bounds Read Vulnerability
http://www.securityfocus.com/bid/58034

pigz Insecure File Permissions Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57971

CUPS 'Listen localhost:631' Option Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/57158

CUPS CVE-2012-5519 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56494

IBM InfoSphere Guardium CVE-2013-0490 Unspecified Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/58191

OpenStack Nova CVE-2013-0335 Security Bpyass Vulnerability
http://www.securityfocus.com/bid/58189

Brewthology 'r' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/58188

KMPlayer Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/58187

Multiple JustSystems Products CVE-2013-0707 Unspecified Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/58183

SAP CCMS Agent Code Injection Vulnerability
http://www.securityfocus.com/bid/58181

Libxml2 Entity Expansion Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/58180

Linux Kernel CVE-2013-1767 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/58177

IBM System Storage TS3500 Tape Library CVE-2012-5767 Security Bypass Vulnerability
http://www.securityfocus.com/bid/58176

Trac MultiProject Plugin Clickjacking and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/58173

Gallery Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/58172

Alt-N MDaemon STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability
http://www.securityfocus.com/bid/58171

Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/58165

JForum 'jforum.page' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/58164

:: IT Security Neophyte Investigator's MEMO ::

2013年2月28日木曜日

28日木曜日、先勝

0 件のコメント:

コメントを投稿

2013年2月28日木曜日

28日 木曜日、先勝

0 件のコメント:

コメントを投稿

28日木曜日、先勝