:: IT Security Neophyte Investigator's MEMO ::: 24日火曜日、先負

2013年9月24日火曜日

24日火曜日、先負

+ About the security content of Apple TV 6.0
http://support.apple.com/kb/HT5935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5128

+ CESA-2013:1274 Important CentOS 6 hplip Update
http://lwn.net/Alerts/567677/

+ CESA-2013:1272 Important CentOS 6 libvirt Update
http://lwn.net/Alerts/567678/

+ CESA-2013:1270 Important CentOS 6 polkit Update
http://lwn.net/Alerts/567679/

+ CESA-2013:1273 Important CentOS 6 spice-gtk Update
http://lwn.net/Alerts/567680/

+ phpMyAdmin 4.0.7 is released
http://sourceforge.net/p/phpmyadmin/news/2013/09/phpmyadmin-407-is-released/

+ UPDATE: Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm

+ HPSBGN02925 rev.1 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03918632-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HS13-020 Multiple vulnerabilities in Java bundled with JP1/Cm2/Network Node Manager i
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-020/index.html

+ HS13-019 Multiple vulnerabilities in JP1/Cm2/Network Node Manager i
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-019/index.html

+ HS13-020 JP1/Cm2/Network Node Manager iが同梱するJavaにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-020/index.html

+ HS13-019 JP1/Cm2/Network Node Manager iにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-019/index.html

+ libpng 1.6.6 released
http://www.libpng.org/pub/png/src/libpng-1.6.6-README.txt

+ MySQL 5.1.72 released
http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-72.html

+ PHP 5.4.20 released
http://php.net/archive/2013.php#id2013-09-19-2

+ Tcl/Tk 8.6.1 released
http://www.tcl.tk/software/tcltk/8.6.html

+ Apple iOS Lets Local Users Bypass Passcode Lock to Access Photos
http://www.securitytracker.com/id/1029072

+ BIND 9.9.4、9.8.6、9.6-ESV-R10 released
http://article.gmane.org/gmane.network.dns.bind.announce/459/match=
http://article.gmane.org/gmane.network.dns.bind.announce/457/match=
http://article.gmane.org/gmane.network.dns.bind.announce/458/match=

+ REMOTE: CA BrightStor ARCserve Tape Engine 0x8A Buffer Overflow
http://www.exploit-db.com/exploits/28480

+ REMOTE: MS13-069 Microsoft Internet Explorer CCaret Use-After-Free
http://www.exploit-db.com/exploits/28481

+ REMOTE: MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution
http://www.exploit-db.com/exploits/28482

+ Apache Struts 2.3.15.2 released
http://struts.apache.org/release/2.3.x/docs/version-notes-23152.html

+ Apache Struts "action:" Action Mapping Security Bypass Vulnerability
http://secunia.com/advisories/54919/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4310

+ Microsoft Internet Explorer CCaret Use-After-Free
http://cxsecurity.com/issue/WLB-2013090151

+ Microsoft Windows Theme File Handling Arbitrary Code Execution
http://cxsecurity.com/issue/WLB-2013090150

+ Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/62587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4316

+ Apache Struts CVE-2013-4310 Security Bypass Vulnerability
http://www.securityfocus.com/bid/62584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4310

+ Apple iOS 7 for iPhone Emergency Calling Function Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/62599

PostgreSQL Code Factory 13.9 released
http://www.postgresql.org/about/news/1483/

JVNDB-2013-000092 SEIL シリーズにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000092.html

JVNDB-2013-000091 SEIL シリーズにおける RADIUS 認証に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000091.html

JVNDB-2013-000090 D-Link DES-3810 シリーズにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000090.html

JVNDB-2013-000089 D-Link DWL-2100AP におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000089.html

世界のセキュリティ・ラボから
高度なAndroidマルウエア「Obad.a」、ボットネットで拡散
http://itpro.nikkeibp.co.jp/article/COLUMN/20130917/504843/?ST=security

3万円台の低価格Raspberry Piロボット「ラピロ」
［1］歩いて物をつかめるかわいいロボット
http://itpro.nikkeibp.co.jp/article/COLUMN/20130917/504908/?ST=security

クライアントソフトウエアの脆弱性対策
第1回　基本対策を取らないユーザーたち、狙われるクライアント
http://itpro.nikkeibp.co.jp/article/COLUMN/20130917/505093/?ST=security

拡大する「バックドア」問題、RSAが暗号ツールへの注意を呼びかけ
http://itpro.nikkeibp.co.jp/article/NEWS/20130920/506064/?ST=security

MDMのMobileIronがiOS 7に対応へ
http://itpro.nikkeibp.co.jp/article/NEWS/20130920/506063/?ST=security

テレコムスクエアのサーバーに不正アクセス、10万件近くのカード情報が流出した可能性
http://itpro.nikkeibp.co.jp/article/NEWS/20130920/505983/?ST=security

インタビュー＆トーク
標的型攻撃の攻撃者を特定し、攻撃のコストを上げて顧客を守る---これが我々のミッションだ
米クラウドストライク
バイスプレジデントインテリジェンス
アダム・メイヤーズ氏
http://itpro.nikkeibp.co.jp/article/Interview/20130913/504663/?ST=security

VU#521348 KnowledgeView Editorial and Management application cross-site scripting vulnerability
http://www.kb.cert.org/vuls/id/521348

VU#705004 NETELLER Direct Payment API vulnerable to parameter manipulation
http://www.kb.cert.org/vuls/id/705004

VU#920038 Dell iDRAC 6 is vulnerable to a cross-site scripting (XSS) attack
http://www.kb.cert.org/vuls/id/920038

REMOTE: GLPI install.php Remote Command Execution
http://www.exploit-db.com/exploits/28483

REMOTE: Linksys WRT110 Remote Command Execution
http://www.exploit-db.com/exploits/28484

DoS/PoC: SolarWinds Server and Application Monitor ActiveX (Pepco32c) Buffer Overflow
http://www.exploit-db.com/exploits/28463

DoS/PoC: Share KM 1.0.19 - Remote Denial Of Service
http://www.exploit-db.com/exploits/28451

:: IT Security Neophyte Investigator's MEMO ::

2013年9月24日火曜日

24日火曜日、先負

0 件のコメント:

コメントを投稿

2013年9月24日火曜日

24日 火曜日、先負

0 件のコメント:

コメントを投稿

24日火曜日、先負