tag:blogger.com,1999:blog-2719932897967507132012-02-03T16:41:56.802+09:00情報セキュリティ新米調査員：お仕事のメモ代わりに調査結果をまとめています。Bouno Tokyonoreply@blogger.comBlogger5441100tag:blogger.com,1999:blog-271993289796750713.post-60579592228891384222012-02-03T11:15:00.002+09:002012-02-03T16:41:56.814+09:00<br />[ANNOUNCE] Apache Lucy (incubating) 0.3.0 released<br />http://incubator.apache.org/lucy/<br /><br />不正請求の画面でお困りのお客さまのトラブルを解決する<br />『おまかせ！不正請求クリーンナップサービス?』提供開始<br />～面倒な作業なしで専門の技術者が問題解決までご案内～<br />http://www.trendmicro.co.jp/support/news.asp?id=1732<br /><br />コンピュータウイルス・不正アクセスの届出状況[1月分]について<br />http://www.ipa.go.jp/security/txt/2012/02outline.html<br /><br />JVNVU#382755: Apple Mac OS X における複数の脆弱性に対するアップデート<br />http://jvn.jp/cert/JVNVU382755/index.html<br /><br />JVNVU#410281: Apple Mac OS X CoreText に解放済みメモリ使用 (use-after-free) の脆弱性<br />http://jvn.jp/cert/JVNVU410281/index.html<br /><br />JVNVU#403593: Apple Mac OS X ATS にメモリ破損の脆弱性<br />http://jvn.jp/cert/JVNVU403593/index.html<br /><br />Google、マルウエアスキャン機能「Bouncer」をAndroid Marketに導入<br />http://itpro.nikkeibp.co.jp/article/NEWS/20120203/380062/?ST=security<br /><br />Critical PHP bug patched<br />http://isc.sans.edu/diary.html?storyid=12520<br /><br />PHP php_register_variable_ex() Lets Remote Users Execute Arbitrary Code<br />http://www.securitytracker.com/id/1026631<br /><br />Novell iPrint Server "attributes-natural-language" Buffer Overflow Vulnerability<br />http://secunia.com/advisories/47805/<br /><br />Fortinet FortiOS (FortiGate) "fields_sorted_opt" Cross-Site Scripting Vulnerabilities<br />http://secunia.com/advisories/47693/<br /><br />libpng "png_formatted_warning()" Off-by-One Vulnerability<br />http://secunia.com/advisories/47827/<br /><br />TYPO3 Modern FAQ Extension Two Vulnerabilities<br />http://secunia.com/advisories/47823/<br /><br />pragmaMx "message" Script Insertion Vulnerability<br />http://secunia.com/advisories/47841/<br /><br />TYPO3 Kitchen recipe Extension SQL Injection Vulnerability<br />http://secunia.com/advisories/47437/<br /><br />Drupal Security Issue and Security Bypass Vulnerability<br />http://secunia.com/advisories/47796/<br /><br />HTC Products Wi-Fi Credentials Disclosure Weakness<br />http://secunia.com/advisories/47837/<br /><br />phpLDAPadmin "base" Cross-Site Scripting Vulnerability<br />http://secunia.com/advisories/47852/<br /><br />Ubuntu update for usbmuxd<br />http://secunia.com/advisories/47809/<br /><br />Red Hat update for openssl<br />http://secunia.com/advisories/47808/<br /><br />Blue Coat Reporter OpenSSL Two Vulnerabilities<br />http://secunia.com/advisories/47863/<br /><br />Blue Coat Reporter OpenSSL Two Vulnerabilities<br />http://secunia.com/advisories/47807/<br /><br />EMC Documentum Content Server Privilege Escalation Vulnerability<br />http://secunia.com/advisories/47860/<br /><div><br /></div><br /><br /><br /><br />+ libpng 1.5.8 released<br />http://www.libpng.org/pub/png/libpng.html<br />http://www.libpng.org/pub/png/src/libpng-1.5.8-README.txt<br /><br />+- libpng 1.5.4 through 1.5.7 contain a one-byte (stack) buffer-overrun bug in png_formatted_warning()<br />http://www.libpng.org/pub/png/libpng.html<br /><br />+ PHP 5.3.10 Released!<br />http://www.php.net/<br />http://www.php.net/releases/5_3_10.php<br />http://www.php.net/ChangeLog-5.php#5.3.10<br /><br />+ RHSA-2012:0095 Moderate: ghostscript security update<br />http://rhn.redhat.com/errata/RHSA-2012-0095.html<br /><br />+ RHSA-2012:0093 Critical: php security update<br />http://rhn.redhat.com/errata/RHSA-2012-0093.html<br /><br />+ RHSA-2012:0096 Moderate: ghostscript security update<br />http://rhn.redhat.com/errata/RHSA-2012-0096.html<br /><br />+- Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/51705<br /><br />+ PHP 'crypt()' Function Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/49376<br /><br />- Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830<br />http://www.php.net/<br />http://www.vupen.com/english/ADV-2012-0075.php<br />http://www.securityfocus.com/bid/51830<br /><br />- Memory leak/Denial of service.<br />http://www.samba.org/samba/security/CVE-2012-0817<br /><br />- PHP CVE-2012-0057 Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/51806<br /><br />[ANNOUNCE] Apache MRUnit 0.8.0-incubating released<br />http://www.apache.org/dyn/closer.cgi/incubator/mrunit/<br /><br />MySQL Connector/ODBC 5.1.10 is available!<br />http://dev.mysql.com/downloads/connector/odbc/5.1.html<br /><br />[ANNOUNCE] Slony-I 2.1.1 &amp; 1.2.23 released<br />http://www.slony.info/<br /><br />HPSBGN02740 SSRT100741 rev.1 - HP Operations Manager, Operations Agent, Performance Agent, Service Health Reporter, Service Health Optimizer, Performance Manager, Remote Execution of Arbitrary Code<br />https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&amp;javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03179825%25257CdocLocale%25253Dja_JP&amp;javax.portlet.begCacheTok=com.vignette.cachetoken&amp;javax.portlet.endCacheTok=com.vignette.cachetoken<br /><br />RHSA-2012:0092 Critical: php53 security update<br />http://rhn.redhat.com/errata/RHSA-2012-0092.html<br /><br />Code Audit Labs : [CAL-2012-0004] Opera - Integer Overflow Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37556<br /><br />Independant Researcher : Bugzilla - Spoofing Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37554<br /><br />Red Hat : [RHSA-2012:0079-01] Firefox - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37549<br /><br />Red Hat : [RHSA-2012:0080-01] Thunderbird - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37550<br /><br />Red Hat : [RHSA-2012:0084-01] SeaMonkey - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37551<br /><br />Red Hat : [RHSA-2012:0085-01] Thunderbird - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37552<br /><br />[security bulletin] HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Ex<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00011.html<br /><br />[ MDVSA-2012:012 ] apache<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00006.html<br /><br />GLSA (Gentoo Linux Security Advisory) publication changes<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00012.html<br /><br />[CAL-2012-0004] opera array integer overflow<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00010.html<br /><br />Fwd: RA-Guard: Advice on the implementation (feedback requested)<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00009.html<br /><br />APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00007.html<br /><br />Call For Paper<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00008.html<br /><br />新たな「Androidウイルス」出現、SymbianやWindows Mobileから移植<br />エフセキュアが報告、有料SMSにメッセージを勝手に送信<br />http://itpro.nikkeibp.co.jp/article/NEWS/20120202/380050/?ST=security<br /><br />ソリトン、標的型攻撃マルウエア対策ソフトを販売<br />http://itpro.nikkeibp.co.jp/article/NEWS/20120202/380016/?ST=security<br /><br />JVNDB-2012-001201 Drupal 用 Panels モジュールにおけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001201.html<br /><br />JVNDB-2012-001163 OpenSSL におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001163.html<br /><br />JVNDB-2012-001264 Sudo の sudo_debug 関数における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001264.html<br /><br />VU#410281 Apple Mac OS X CoreText embedded font vulnerability<br />http://www.kb.cert.org/vuls/id/410281<br /><br />VU#403593 Apple Mac OS X ATS data-font memory corruption vulnerability<br />http://www.kb.cert.org/vuls/id/403593<br /><br />REMOTE: Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://www.exploit-db.com/exploits/18449<br /><br />REMOTE: Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57<br />http://www.exploit-db.com/exploits/18448<br /><br />REMOTE: Webkit normalize bug for android 2.2 (CVE-2010-1759)<br />http://www.exploit-db.com/exploits/18446<br /><br />DoS/PoC: NetSarang Xlpd Printer Daemon 4 Denial of Service Vulnerability<br />http://www.exploit-db.com/exploits/18454<br /><br />DoS/PoC: OfficeSIP Server 3.1 Denial Of Service Vulnerability<br />http://www.exploit-db.com/exploits/18453<br /><br />Novell iPrint Server "attributes-natural-language" Remote Code Execution<br />http://www.vupen.com/english/ADV-2012-0081.php<br /><br />Samba "smbd" Daemon Memory Leak Remote Denial of Service Vulnerability<br />http://www.vupen.com/english/ADV-2012-0080.php<br /><br />Apple Mac OS X Code Execution and Security Bypass Vulnerabilities<br />http://www.vupen.com/english/ADV-2012-0079.php<br /><br />EMC Documentum Content Server Local Privilege Escalation Vulnerability<br />http://www.vupen.com/english/ADV-2012-0078.php<br /><br />Bugzilla Account Impersonation and Cross Site Request Forgery<br />http://www.vupen.com/english/ADV-2012-0077.php<br /><br />Mozilla Products Multiple Code Execution and Information Disclosure<br />http://www.vupen.com/english/ADV-2012-0076.php<br /><br />PHP "php_register_variable_ex()" Parameter Handling Memory Corruption<br />http://www.vupen.com/english/ADV-2012-0075.php<br /><br />PHP 'php_register_variable_ex()' Function Arbitrary Code Execution Vulnerability<br />http://www.securityfocus.com/bid/51830<br /><br />Mozilla Firefox/Thunderbird/Seamonkey Multiple Memory Corruption Vulnerabilities<br />http://www.securityfocus.com/bid/51756<br /><br />Mozilla Firefox IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/51786<br /><br />Mozilla Firefox/SeaMonkey/Thunderbird XSLT Stylesheets Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/51754<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey XUL Document Handling Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48360<br /><br />Apache Tomcat Hash Collision Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/51200<br /><br />Apache Tomcat Request Object Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/51442<br /><br />Apache Tomcat Parameter Handling Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/51447<br /><br />Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses<br />http://www.securityfocus.com/bid/49762<br /><br />Apache Tomcat AJP Protocol Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/49353<br /><br />Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/48667<br /><br />Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/48456<br /><br />glFusion 'users.php' SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/46575<br /><br />glFusion SQL Injection and Arbitrary File Upload Vulnerabilities<br />http://www.securityfocus.com/bid/51650<br /><br />Siemens SIMATIC WinCC Flexible Runtime 'HmiLoad.exe' Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/50828<br /><br />Apple Mac OS X Prior To 10.7.3 CoreText Use After Free Code Execution Vulnerability<br />http://www.securityfocus.com/bid/51812<br /><br />JBoss Operations Network Multiple Cross Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/51095<br /><br />HP Data Protector 'DBServer.exe' Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/47004<br /><br />Moodle Multiple Security Bypass Vulnerabilities<br />http://www.securityfocus.com/bid/51450<br /><br />Todd Miller Sudo 'Sudo_Debug()' Path Resolution Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/51719<br /><br />MIT Kerberos KDC TGS Handling NULL Pointer Dereference Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/50929<br /><br />BackupPC 'index.cgi' Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50406<br /><br />Polipo POST/PUT Requests HTTP Header Processing Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/49908<br /><br />Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/51705<br /><br />Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/51706<br /><br />Apache HTTP Server Scoreboard Local Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/51407<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey SVG Polygon Parsing Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48358<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey XUL Document Use-After-Free Vulnerability<br />http://www.securityfocus.com/bid/48373<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey 'Array.reduceRight()' Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48372<br /><br />Mozilla Firefox and Thunderbird CVE-2011-2364 Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/48367<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey Cookie Cross Domain Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/48376<br /><br />Oracle Sun Solaris CVE-2012-0099 Remote Security Vulnerability<br />http://www.securityfocus.com/bid/51500<br /><br />Suhosin Extension Transparent Cookie Encryption Stack Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/51574<br /><br />PHP 'crypt()' Function Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/49376<br /><br />PHP CVE-2012-0057 Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/51806<br /><br />RETIRED: Apple Mac OS X Prior to 10.7.3 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/51798<br /><br />Sunway ForceControl Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/49747<br /><br />OpenSSL OCSP Stapling 'ClientHello' Handshake Message Parsing Security Vulnerability<br />http://www.securityfocus.com/bid/46264<br /><br />OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/44884<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey Ogg Vorbis Files Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/51753<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey nsDOMAttribute Use After Free Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/51755<br /><br />OpenSSL Multiple Vulnerabilities<br />http://www.securityfocus.com/bid/51281<br /><div><br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/271993289796750713-6057959222889138422?l=isneophyte.blogspot.com' alt='' /></div>Bouno Tokyonoreply@blogger.com0tag:blogger.com,1999:blog-271993289796750713.post-30321742851995310702012-02-02T10:16:00.000+09:002012-02-02T16:33:44.675+09:00<br />Trend Micro ビジネスセキュリティ6.0 Service Pack 3 Critical Patch (build 4254)公開のお知らせ<br />http://www.trendmicro.co.jp/support/news.asp?id=1730<br /><br />「CRYPTRECシンポジウム2012」開催のお知らせ<br />http://www.ipa.go.jp/security/event/2012/crypt-sympo2012/index.html<br /><br />JVNVU#763355 HTC 製 Android 端末に Wi-Fi 認証情報漏えいの脆弱性<br />http://jvn.jp/cert/JVNVU763355/index.html<br /><br />JVN#33021167 Pocket WiFi (GP02) におけるクロスサイトリクエストフォージェリの脆弱性<br />http://jvn.jp/jp/JVN33021167/index.html<br /><br />Apple Mac OS X Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Information, and Conduct Cross-Site Scripting Attacks and Local Users Gain Elevated Privileges<br />http://www.securitytracker.com/id/1026627<br /><br />HP Data Protector Media Operations Lets Remote Users Execute Arbitrary Code<br />http://www.securitytracker.com/id/1026626<br /><br />EMC Documentum Content Server Lets Local Administrative Users Gain Elevated Privileges<br />http://www.securitytracker.com/id/1026624<br /><br />REMOTE: Webkit normalize bug for android 2.2 (CVE-2010-1759)<br />http://www.exploit-db.com/exploits/18446<br /><br />WebKit 'Node.normalize' Method Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/40665<br /><br />Wireshark Versions Prior to 1.4.5/1.2.16 Multiple Remote Vulnerabilities<br />http://www.securityfocus.com/bid/47392<br /><br />Subversion 'mod_dav_svn' Multiple Denial of Service and Information Disclosure Vulnerabilities<br />http://www.securityfocus.com/bid/48091<br /><br />PHP CVE-2011-2202 Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/48259<br /><br />cURL/libcURL GSS/Negotiate Feature Spoofing Security Vulnerability<br />http://www.securityfocus.com/bid/48434<br /><br />libTIFF ThunderCode Decoder Heap Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/46951<br /><br />PHP 'substr_replace()' Use After Free Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/46843<br /><br />FreeType Font Document Multiple Memory Corruption Vulnerabilities<br />http://www.securityfocus.com/bid/50155<br /><br />Apple iOS Libinfo Component CVE-2011-3441 Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/50641<br /><br />RoundCube Webmail '_mbox' Parameter Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/49229<br /><br />Apple iOS and Mac OS X CFNetwork Cross Domain Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/50115<br /><br />SquirrelMail Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/42399<br /><br />SquirrelMail Multiple HTML Injection, Cross Site Scripting, and Security Bypass Vulnerabilities<br />http://www.securityfocus.com/bid/48648<br /><br />Apple Safari ImageIO TIFF Image Handling Heap Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/48833<br /><br />Apple Mac OS X ColorSync (CVE-2011-0200) Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/48416<br /><br />SquirrelMail 'mail_fetch' Remote Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/40291<br /><br />Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/48456<br /><br />Apple iTunes CoreAudio (CVE-2011-3252) Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50065<br /><br />Mozilla Firefox and SeaMonkey 'Firefox Recovery Key.html' Insecure File Permissions Vulnerability<br />http://www.securityfocus.com/bid/51787<br /><br />PHP 'crypt()' Function Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/49376<br /><br />Apple QuickTime Prior To 7.7.1 'Flic' Movie File Handling Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50404<br /><br />Apple QuickTime Prior To 7.7.1 Movie File Handling Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50401<br /><br />PHP Prior to 5.3.7 Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities<br />http://www.securityfocus.com/bid/49249<br /><br />Apple QuickTime Prior To 7.7.1 Movie File Handling Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/50400<br /><br />Apple Mac OS X Keychain Certificate Settings Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/49429<br /><div><br /></div><br />About the security content of OS X Lion v10.7.3 and Security Update 2012-001<br />http://support.apple.com/kb/HT5130<br /><br />CentOS alert CESA-2012:0085 (thunderbird)<br />http://lwn.net/Alerts/478685/<br /><br />CentOS alert CESA-2012:0080 (thunderbird)<br />http://lwn.net/Alerts/478687/<br /><br />CentOS alert CESA-2012:0079 (firefox)<br />http://lwn.net/Alerts/478688/<br /><br />CentOS alert CESA-2012:0084 (seamonkey)<br />http://lwn.net/Alerts/478691/<br /><br />Firefox 10 is now available<br />http://mozilla.jp/firefox/10.0/releasenotes/<br /><br /><br /><br /><br />+- RHSA-2012:0084-1: Critical: seamonkey security update<br />http://rhn.redhat.com/errata/RHSA-2012-0084.html<br />対象名：Red Hat 4 (seamonkey パッケージ)<br />コメント：使用パッケージが対象ではない<br /><br />+ RHSA-2012:0086-1: Moderate: openssl security update<br />http://rhn.redhat.com/errata/RHSA-2012-0086.html<br />対象名：Red Hat 4 (openssl パッケージ)<br /><br />+? PHP 'socket_connect()' Function Stack Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/47950<br />CVE-2011-1938<br />対象名：PHP 5.x<br />コメント：少々古いが報告していないようです。<br /><br />- HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code<br />https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&amp;javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03179046%25257CdocLocale%25253Dja_JP&amp;javax.portlet.begCacheTok=com.vignette.cachetoken&amp;javax.portlet.endCacheTok=com.vignette.cachetoken<br /><br />[ANNOUNCE] JMeter 2.6 is released<br />http://jmeter.apache.org/docs/changes.html<br /><br />Multiple vulnerabilities in OpenEMR<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00003.html<br /><br />802.1X password exploit on many HTC Android devices<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00001.html<br /><br />ESA-2012-009: EMC Documentum Content Server privilege elevation vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00004.html<br /><br />Security advisory for Bugzilla 4.2rc2, 4.0.4, 3.6.8 and 3.4.14<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00002.html<br /><br />[Announce] Apache HTTP Server 2.2.22 Released<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00000.html<br /><br />XSS phpLDAPadmin: 1.2.0.5 (Debian package) and 1.2.2 (sourceforge)<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00005.html<br /><br />IPA重要インフラ情報セキュリティシンポジウム2012<br />http://www.ipa.go.jp/security/event/2012/cip_sympo/index.html<br /><br />IIJがDDoS対策の容量を拡大、1Gbps超える攻撃にも耐える<br />http://itpro.nikkeibp.co.jp/article/NEWS/20120201/379906/?ST=security<br /><br />Debian : [DSA-2399-1] php5 - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37546<br /><br />Hewlett-Packard : [HPSBMU02738 SSRT100748] HP - Network Automation - Unauthorized Access Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37547<br /><br />Hewlett-Packard : [HPSBUX02737 SSRT100747] HP-UX - Denial-Of-Service Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37548<br /><br />Ubuntu Security Notice : [USN-1351-1] AccountsService - Denial-Of-Service Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37545<br /><br />ISC Feature of the Week: ISC Search<br />http://isc.sans.edu/diary.html?storyid=12496<br /><br />Apple and Apache security fixes and releases<br />http://isc.sans.edu/diary.html?storyid=12502<br /><br />RHSA-2012:0085 Critical: thunderbird security update<br />http://rhn.redhat.com/errata/RHSA-2012-0085.html<br /><br />Bugzilla Bugs Permit Remote Cross-Site Request Forgery and Remote Authenticated Account Impersonation Attacks<br />http://www.securitytracker.com/id/1026623<br /><br />Novell iPrint 'attributes-natural-language' Buffer Overflow Lets Remote Users Execute Arbitrary Code<br />http://www.securitytracker.com/id/1026618<br /><br />Mozilla Thunderbird IPv6 Address Processing Lets Remote Users Bypass Same-Origin Restrictions to Obtain Error Messages<br />http://www.securitytracker.com/id/1026610<br /><br />Mozilla Seamonkey IPv6 Address Processing Lets Remote Users Bypass Same-Origin Restrictions to Obtain Error Messages<br />http://www.securitytracker.com/id/1026609<br /><br />RealNetworks RealPlayer Malformed AAC File Parsing Code Execution Vulnerability<br />http://www.securiteam.com/securitynews/5HP2V0A6AW.html<br /><br />RealNetworks RealPlayer genr Sample Size Parsing Code Execution Vulnerability<br />http://www.securiteam.com/securitynews/5JP2X0A6AS.html<br /><br />RealNetwork RealPlayer MPG Width Integer Underflow Code Execution Vulnerability<br />http://www.securiteam.com/securitynews/5KP2Y0A6AK.html<br /><br />RealNetworks RealPlayer ATRC Code Data Parsing Code Execution Vulnerability<br />http://www.securiteam.com/securitynews/5IP2W0A6AC.html<br /><br />VU#763355: 802.1X password exploit on many HTC Android devices<br />http://www.kb.cert.org/vuls/id/763355<br /><br />OpenEMR File Inclusion and Command Injection Vulnerabilities<br />http://secunia.com/advisories/47781/<br /><br />Red Hat update for thunderbird<br />http://secunia.com/advisories/47791/<br /><br />Red Hat update for firefox<br />http://secunia.com/advisories/47789/<br /><br />Red Hat update for thunderbird<br />http://secunia.com/advisories/47800/<br /><br />MiTalk Messenger for Android Security Bypass Security Issue<br />http://secunia.com/advisories/47767/<br /><br />Ubuntu update for accountsservice<br />http://secunia.com/advisories/47834/<br /><br />phpShowtime Directory and Image File Disclosure Weakness<br />http://secunia.com/advisories/47802/<br /><br />Pale Moon Multiple Vulnerabilities<br />http://secunia.com/advisories/47751/<br /><br />MindManager Insecure Library Loading Vulnerability<br />http://secunia.com/advisories/47797/<br /><br />GForge Community Edition / Advanced Server Multiple Cross-Site Scripting Vulnerabilities<br />http://secunia.com/advisories/47790/<br /><br />ManageEngine Applications Manager Multiple Cross-Site Scripting Vulnerabilities<br />http://secunia.com/advisories/47724/<br /><br />Red Hat update for seamonkey<br />http://secunia.com/advisories/47778/<br /><br />Red Hat update for JBoss products<br />http://secunia.com/advisories/47793/<br /><br />Ubuntu update for software-properties<br />http://secunia.com/advisories/47833/<br /><br />Mozilla Firefox / Thunderbird Multiple Vulnerabilities<br />http://secunia.com/advisories/47839/<br /><br />Mozilla SeaMonkey Multiple Vulnerabilities<br />http://secunia.com/advisories/47840/<br /><br />Mozilla Firefox / Thunderbird Multiple Vulnerabilities<br />http://secunia.com/advisories/47816/<br /><br />Emobile Pocket WiFi GP02 Cross-Site Request Forgery Vulnerability<br />http://secunia.com/advisories/47795/<br /><br />Bugzilla Spoofing and Cross-Site Request Forgery Vulnerabilities<br />http://secunia.com/advisories/47814/<br /><br />4images "cat_parent_id" Cross-Site Scripting Vulnerability<br />http://secunia.com/advisories/47811/<br /><br />Oracle Multiple Products Web Form Hash Collision Denial of Service Vulnerability<br />http://secunia.com/advisories/47819/<br /><br />Pligg CMS 'status' Parameter SQL Injection Vulnerability<br />2012-12-29<br />http://www.securityfocus.com/bid/51273<br /><br />PHP 'ZipArchive::addGlob' and 'ZipArchive::addPattern' Denial Of Service Vulnerabilities<br />http://www.securityfocus.com/bid/49252<br /><br />Mozilla Firefox/SeaMonkey/Thunderbird XSLT Stylesheets Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/51754<br /><br />Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/49616<br /><br />X.Org libXfont LZW Decompression 'BufCompressedFill()' Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/49124<br /><br />libpng Malformed cHRM Divide-By-Zero Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49744<br /><br />SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/49778<br /><br />PHP 'socket_connect()' Function Stack Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/47950<br /><br />PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/49241<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0447 Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/51757<br /><br />Mozilla Firefox/SeaMonkey/Thunderbird XPConnect Security Check Cross Domain Scripting Vulnerability<br />http://www.securityfocus.com/bid/51752<br /><br />Mozilla Firefox/SeaMonkey/Thunderbird Cross Domain Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/51765<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey Ogg Vorbis Files Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/51753<br /><div><br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/271993289796750713-3032174285199531070?l=isneophyte.blogspot.com' alt='' /></div>Bouno Tokyonoreply@blogger.com0tag:blogger.com,1999:blog-271993289796750713.post-28356333363937487012012-02-01T11:04:00.002+09:002012-02-01T16:53:18.294+09:00<br />RHSA-2012:0080<span class="Apple-tab-span" style="white-space: pre;"> </span>Critical: thunderbird security update<br />http://rhn.redhat.com/errata/RHSA-2012-0080.html<br /><br />RHSA-2012:0079<span class="Apple-tab-span" style="white-space: pre;"> </span>Critical: firefox security update<br />http://rhn.redhat.com/errata/RHSA-2012-0079.html<br /><br />MFSA 2012-09 Firefox Recovery Key.html is saved with unsafe permission<br />http://www.mozilla.org/security/announce/2012/mfsa2012-09.html<br /><br />MFSA 2012-08 Crash with malformed embedded XSLT stylesheets<br />http://www.mozilla.org/security/announce/2012/mfsa2012-08.html<br /><br />MFSA 2012-07 Potential Memory Corruption When Decoding Ogg Vorbis files<br />http://www.mozilla.org/security/announce/2012/mfsa2012-07.html<br /><br />MFSA 2012-06 Uninitialized memory appended when encoding icon images may cause information disclosure<br />http://www.mozilla.org/security/announce/2012/mfsa2012-06.html<br /><br />MFSA 2012-05 Frame scripts calling into untrusted objects bypass security checks<br />http://www.mozilla.org/security/announce/2012/mfsa2012-05.html<br /><br />MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal of nodes<br />http://www.mozilla.org/security/announce/2012/mfsa2012-04.html<br /><br />MFSA 2012-03 ＜iframe＞ element exposed across domains via name attribute<br />http://www.mozilla.org/security/announce/2012/mfsa2012-03.html<br /><br />MFSA 2012-02 Overly permissive IPv6 literal syntax<br />http://www.mozilla.org/security/announce/2012/mfsa2012-02.html<br /><br />MFSA 2012-01 Miscellaneous memory safety hazards (rv:10.0/ rv:1.9.2.26)<br />http://www.mozilla.org/security/announce/2012/mfsa2012-01.html<br /><br />FAXシステムメンテナンスのお知らせ<br />http://www.trendmicro.co.jp/support/news.asp?id=1728<br /><br />JVNDB-2011-003658 Support Incident Tracker の translate.php における重要な情報を取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003658.html<br /><br />JVNDB-2012-001257 Support Incident Tracker におけるクロスサイトリクエストフォージェリの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001257.html<br /><br />JVNDB-2012-001256 Support Incident Tracker におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001256.html<br /><br />JVNDB-2012-001255 Support Incident Tracker における SQL インジェクションの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001255.html<br /><br />JVNDB-2011-003657 Support Incident Tracker における任意の PHP コードを実行可能な言語ファイルに挿入される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003657.html<br /><br />JVNDB-2012-001254 Support Incident Tracker における SQL インジェクションの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001254.html<br /><br />JVNDB-2012-001253 Support Incident Tracker におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001253.html<br /><br />JVNDB-2012-001252 Support Incident Tracker の incident_attachments.php における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001252.html<br /><br />JVNDB-2012-001251 Support Incident Tracker におけるクロスサイトリクエストフォージェリの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001251.html<br /><br />JVNDB-2012-001250 Support Incident Tracker の move_uploaded_file.php における重要な情報を取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001250.html<br /><br />JVNDB-2012-001249 Support Incident Tracker の ftp_upload_file.php における任意の PHP コードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001249.html<br /><br />JVNDB-2012-001248 Support Incident Tracker の config.php における任意の PHP コードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001248.html<br /><br />JVNDB-2012-001247 Support Incident Tracker の incident_attachments.php における SQL インジェクションの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001247.html<br /><br />JVNDB-2012-001246 Support Incident Tracker の search.php におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001246.html<br /><br />JVNDB-2012-001245 Support Incident Tracker の ftp_upload_file.php における重要な情報を取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001245.html<br /><br />JVNDB-2012-000010 Pocket WiFi (GP02) におけるクロスサイトリクエストフォージェリの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000010.html<br /><br />JVNDB-2012-001244 OpenNMS におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001244.html<br /><br />JVNDB-2012-001243 Aryadad CMS の Default.aspx における SQL インジェクションの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001243.html<br /><br />JVNDB-2012-001242 WordPress 用 Theme Tuner プラグインにおける任意の PHP コードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001242.html<br /><br />JVNDB-2012-001241 Acidcat CMS におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001241.html<br /><br />JVNDB-2012-001240 Lead Capture Page System におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001240.html<br /><br />JVNDB-2012-001239 OpenSSH における重要な情報を取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001239.html<br /><br />JVNDB-2012-001238 Schneider Electric Modicon Quantum PLC におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001238.html<br /><br />JVNDB-2012-001237 Schneider Electric Modicon Quantum PLC におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001237.html<br /><br />JVNDB-2012-001236 Schneider Electric Modicon Quantum PLC におけるバッファオーバーフローの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001236.html<br /><br />JVN#33021167 Pocket WiFi (GP02) におけるクロスサイトリクエストフォージェリの脆弱性<br />http://jvn.jp/jp/JVN33021167/index.html<br /><br />「脆弱性体験学習ツールAppGoatハンズオンセミナー」開催のご案内<br />http://www.ipa.go.jp/security/vuln/seminar/lab_semi_appgoat_2012_1.html<br /><br />Mozilla Firefox IPv6 Address Processing Lets Remote Users Bypass Same-Origin Restrictions to Obtain Error Messages<br />http://www.securitytracker.com/id/1026608<br /><br />Mozilla Thunderbird Multiple Flaws Permit Remote Code Execution, Information Disclosure, and Cross-Site Scripting Attacks<br />http://www.securitytracker.com/id/1026607<br /><br />Mozilla Firefox Multiple Flaws Permit Remote Code Execution, Information Disclosure, and Cross-Site Scripting Attacks<br />http://www.securitytracker.com/id/1026605<br /><br />DoS/PoC: EdrawSoft Office Viewer Component ActiveX 5.6 (officeviewermme.ocx) BoF PoC<br />http://www.exploit-db.com/exploits/18440<br /><br />- DoS/PoC: sudo 1.8.0 - 1.8.3p1 Format String Vulnerability<br />http://www.exploit-db.com/exploits/18436<br /><br />LuraWave JP2 Browser Plug-In 'npjp2.dll' Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/51732<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey nsDOMAttribute Use After Free Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/51755<br /><br />Mozilla Firefox/SeaMonkey/Thunderbird XSLT Stylesheets Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/51754<br /><br />Mozilla Firefox/Thunderbird/Seamonkey Multiple Memory Corruption Vulnerabilities<br />http://www.securityfocus.com/bid/51756<br /><br />Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/51706<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey Ogg Vorbis Files Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/51753<br /><br />PHP 'exif_process_IFD_TAG()' Remote Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50907<br /><br />Adobe Flash Player CVE-2011-2140 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49083<br /><br />PHP CVE-2011-2202 Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/48259<br /><br /><br /><br /><br />+ Apache HTTP 2.2.22 released<br />http://www.apache.org/dist/httpd/Announcement2.2.html<br />http://ftp.meisei-u.ac.jp/mirror/apache/dist//httpd/CHANGES_2.2.22<br /><br />+ Postfix 2.9 Patchlevel 0, Postfix 2.8 Patchlevel 8 released<br />http://mirror.postfix.jp/postfix-release/index.html<br />http://mirror.postfix.jp/postfix-release/official/postfix-2.9.0.HISTORY<br />http://mirror.postfix.jp/postfix-release/official/postfix-2.8.8.HISTORY<br /><br />+ Suhosin Patch 0.9.10 released<br />http://www.hardened-php.net/suhosin/download.html<br />http://www.hardened-php.net/suhosin/download.html#suhosin_patch_0.9.10<br /><br />+ GnuPG 1.4.12 released<br />http://lists.gnupg.org/pipermail/gnupg-announce/2012q1/000313.html<br /><br />+ Critical: firefox security update<br />http://rhn.redhat.com/errata/RHSA-2012-0079.html<br /><br />++ Oracle Security Alert for CVE-2011-5035<br />http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html<br /><br />Linux kernel 3.3-rc2 released<br />http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=summary<br /><br />HS12-006 uCosminexus製品におけるクロスサイトスクリプティングの脆弱性<br />http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-006/index.html<br />http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-006/index.html<br /><br />HS12-005 JP1製品におけるクロスサイトスクリプティングの脆弱性<br />http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-005/index.html<br />http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-005/index.html<br /><br />HS12-004 JP1/IT Desktop Management - Managerにおけるクロスサイトスクリプティングの脆弱性<br />http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-004/index.html<br />http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-004/index.html<br /><br />[SECURITY] [DSA 2399-2] php5 regression fix<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-01/msg00190.html<br /><br />[SECURITY] [DSA 2399-1] php5 security update<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-01/msg00189.html<br /><br />VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-01/msg00188.html<br /><br />[security bulletin] HPSBUX02724 SSRT100650 rev.3 - HP-UX Running System Administration Manag<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-01/msg00187.html<br /><br />[security bulletin] HPSBUX02697 SSRT100591 rev.2 - HP-UX Running Java, Remote Unauthorized A<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-01/msg00186.html<br /><br />[security bulletin] HPSBUX02737 SSRT100747 rev.1 - HP-UX Running OpenSSL, Remote Denial of S<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-01/msg00185.html<br /><br />“500万台感染のAndroidウイルス”、正体はアドウエアの可能性大<br />広告を表示させてお金もうけ、端末の乗っ取りなどは行わない<br />http://itpro.nikkeibp.co.jp/article/NEWS/20120201/379863/?ST=security<br /><br />「高まるセキュリティの懸念、一人ひとりが適切な対応を」――官房長官<br />2月1日から「情報セキュリティ月間」開始<br />http://itpro.nikkeibp.co.jp/article/NEWS/20120201/379866/?ST=security<br /><br />JVNDB-2011-003656 Linux kernel の hfs_mac2asc 関数におけるスタックベースのバッファオーバーフローの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003656.html<br /><br />JVNDB-2012-001235 Linux kernel の NFS 実装におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001235.html<br /><br />JVNDB-2012-001234 Linux kernel におけるサービス運用妨害 (アサーションエラーおよび kernel oops) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001234.html<br /><br />JVNDB-2012-001233 Linux kernel におけるサービス運用妨害 (NULL ポインタデリファレンスおよび kernel oops) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001233.html<br /><br />JVNDB-2012-001232 Linux kernel の xfs_readlink 関数におけるバッファオーバーフローの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001232.html<br /><br />JVNDB-2012-001231 Linux kernel におけるサービス運用妨害 (NULL ポインタデリファレンスおよび OOPS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001231.html<br /><br />JVNDB-2012-001230 Linux kernel の tpm_read 関数 における TPM コマンドの結果を読まれる脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001230.html<br /><br />JVNDB-2012-001229 Linux kernel の mem_write 関数における権限を取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001229.html<br /><br />OSINT tactics: parsing from FOCA for Maltego<br />http://isc.sans.edu/diary/OSINT+tactics+parsing+from+FOCA+for+Maltego/12481<br /><br />Firefox 10 and VMWare advisories and updates<br />http://isc.sans.edu/diary/Firefox+10+and+VMWare+advisories+and+updates/12490<br /><br />RHSA-2012:0073<span class="Apple-tab-span" style="white-space: pre;"> </span>Low: Red Hat Enterprise Linux 4 - 30 day End Of Life Notice<br />http://rhn.redhat.com/errata/RHSA-2012-0073.html<br /><br />RHSA-2012:0079<span class="Apple-tab-span" style="white-space: pre;"> </span>Critical: firefox security update<br />http://rhn.redhat.com/errata/RHSA-2012-0079.html<br /><br />ProFTPD Response Pool Use-After-Free Code Execution Vulnerability<br />http://www.securiteam.com/unixfocus/5MP3Q0A60W.html<br /><br />InduSoft WebStudio CEServer Operation 0x15 Code Execution Vulnerability | 0 Comments and 0 Reactions<br />http://www.securiteam.com/securitynews/5NP3R0A60M.html<br /><br />InduSoft WebStudio Unauthenticated Operations Code Execution Vulnerabilityy | 0 Comments and 0 Reactions<br />http://www.securiteam.com/securitynews/5OP3S0A60C.html<br /><br />HP Data Protector LogBackupLocationStatus SQL Injection Vulnerabilty | 0 Comments and 0 Reactions<br />http://www.securiteam.com/securitynews/5PP3T0A60S.html<br /><br />TWiki Input Validation Flaw in 'Organization' Field Permits Cross-Site Scripting Attacks<br />http://www.securitytracker.com/id/1026604<br /><br />IBM SPSS SamplePower VsVIEW6 ActiveX Control Let Remote Users Execute Arbitrary Code<br />http://www.securitytracker.com/id/1026603<br /><br />IBM SPSS Data Collection ActiveX Controls Let Remote Users Execute Arbitrary Code<br />http://www.securitytracker.com/id/1026602<br /><br />FishEye / Crucible Webwork 2 Code Injection Vulnerability<br />http://secunia.com/advisories/47780/<br /><br />RESTEasy JAXB XML Entity References Information Disclosure Vulnerability<br />http://secunia.com/advisories/47832/<br /><br />RESTEasy XML Entity References Information Disclosure Vulnerability<br />http://secunia.com/advisories/47818/<br /><br />HostBill Ticket Subject Code Injection Vulnerability<br />http://secunia.com/advisories/47799/<br /><br />SilverStripe Page Title Script Insertion Vulnerability<br />http://secunia.com/advisories/47812/<br /><br />Debian update for php5<br />http://secunia.com/advisories/47785/<br /><br />VMware ESX Server Multiple Vulnerabilities<br />http://secunia.com/advisories/47758/<br /><br />VMware ESXi Server Python Multiple Vulnerabilities<br />http://secunia.com/advisories/47608/<br /><br />Hitachi JP1/IT Resource Management Unspecified Cross-Site Scripting Vulnerability<br />http://secunia.com/advisories/47825/<br /><br />Hitachi JP1/IT Service Level Management Unspecified Cross-Site Scripting Vulnerability<br />http://secunia.com/advisories/47804/<br /><br />Hitachi JP1/IT Desktop Management Unspecified Cross-Site Scripting Vulnerability<br />http://secunia.com/advisories/47774/<br /><br />Hitachi uCosminexus Products Unspecified Cross-Site Scripting Vulnerability<br />http://secunia.com/advisories/47815/<br /><br />Hitachi uCosminexus EUR Print Manager Unspecified Cross-Site Scripting Vulnerability<br />http://secunia.com/advisories/47773/<br /><br />HP Network Automation Unspecified Security Bypass Vulnerability<br />http://secunia.com/advisories/47826/<br /><br />HP Network Automation Unspecified Security Bypass Vulnerability<br />http://secunia.com/advisories/47738/<br /><br />TWiki User Organization Script Insertion Vulnerability<br />http://secunia.com/advisories/47784/<br /><br />Mibew Messenger Cross-Site Request Forgery Vulnerability<br />http://secunia.com/advisories/47787/<br /><br />LuraWave JP2 Browser Plug-In File Processing Buffer Overflow Vulnerability<br />http://secunia.com/advisories/47831/<br /><br />LuraWave JP2 ActiveX Control File Processing Buffer Overflow Vulnerability<br />http://secunia.com/advisories/47350/<br /><br />Image Hosting Script DPI "showseries" Cross-Site Scripting Vulnerability<br />http://secunia.com/advisories/47786/<br /><br />Debian update for curl<br />http://secunia.com/advisories/47764/<br /><br />sudo "sudo_debug()" Format String Privilege Escalation Vulnerability<br />http://secunia.com/advisories/47743/<br /><br />Red Hat update for php<br />http://secunia.com/advisories/47820/<br /><br />Red Hat update for ruby<br />http://secunia.com/advisories/47821/<br /><br />Red Hat update for ruby<br />http://secunia.com/advisories/47822/<br /><br />Apache httpOnly Cookie Disclosure<br />http://www.exploit-db.com/exploits/18442/<br /><br />Adobe Flash Player MP4 SequenceParameterSetNALUnit Remote Code Execution Exploit<br />http://www.exploit-db.com/exploits/18437/<br /><br />PHP CVE-2011-2202 Security Bypass Vulnerability<br />2012-02-01<br />http://www.securityfocus.com/bid/48259<br /><br />PHP Web Form Hash Collision Denial Of Service Vulnerability<br />2012-02-01<br />http://www.securityfocus.com/bid/51193<br /><br />PHP Exif Extension 'exif_read_data()' Function Remote Denial of Service Vulnerability<br />2012-02-01<br />http://www.securityfocus.com/bid/46365<br /><br />PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/49241<br /><br />Ruby Hash Collision Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/51198<br /><br />Ruby Random Number Values Security Weakness<br />http://www.securityfocus.com/bid/49126<br /><br />Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/51194<br /><br />Samba SWAT Cross Site Request Forgery Vulnerability<br />http://www.securityfocus.com/bid/48899<br /><br />Xen 'x86_64 __addr_ok()' Local Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/49370<br /><br />Samba 'client/mount.cifs.c' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/38326<br /><br />Samba 'etc/mtab' File Appending Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49939<br /><br />Linux Kernel NFS File Locking Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49141<br /><br />Linux Kernel 'fs/partitions/osf.c' Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/46878<br /><br />Linux Kernel 'ib_uverbs_poll_cq()' Function Local Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/46488<br /><br />PHP 'exif_process_IFD_TAG()' Remote Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50907<br /><br />PHP 'socket_connect()' Function Stack Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/47950<br /><br />Linux Kernel 'ib_uverbs_poll_cq()' Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/46073<br /><br />Linux Kernel SCTP Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49373<br /><br />Linux Kernel SCTP INIT/INIT-ACK Chunk Length Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47308<br /><br />Linux Kernel EFI Partition Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47343<br /><br />Linux Kernel Netfilter and Econet Local Information Disclosure Vulnerabilities<br />http://www.securityfocus.com/bid/46919<br /><br />Linux Kernel Request Handling 'cm.c' Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/46839<br /><br />Samba SWAT 'user' Field Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/48901<br /><br />Samba 'mount.cifs' Utility Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/37992<br /><br />Linux Kernel Signal Code Spoofing Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47003<br /><br />Linux Kernel GFS2 'fs/gfs2/file.c' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48677<br /><br />Linux Kernel 'inet_diag_bc_audit()' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48333<br /><br />Xen SAHF Emulation Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49375<br /><br />Linux Kernel FSGEOMETRY_V1 IOCTL Local Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/46417<br /><br />Expat XML Parsing Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/37203<br /><br />Python 'audioop' Module Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/40370<br /><br />Python 'audioop' Module Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/40863<br /><br />Linux Kernel 'agp_ioctl()' Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/47534<br /><br />Linux Kernel 'agp_allocate_memory/agp_create_user_memory' Local Privilege Escalation Vulnerabilities<br />http://www.securityfocus.com/bid/47535<br /><br />Python 'urllib' and 'urllib2' Modules Information Disclosure and Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/47024<br /><br />Python Multiple Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/44533<br /><br />Linux Kernel '/proc/[pid]/stat' Local Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/47791<br /><br />Linux Kernel '/proc/PID/io' Local Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/49408<br /><br />Linux Kernel 'next_pidmap()' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47497<br /><br />Linux Kernel Bluetooth 'l2cap_sock.c' and 'rfcomm/sock.c' Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/48441<br /><br />Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/36097<br /><br />Python CGIHTTPServer Module Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/46541<br /><br />Red Hat Xen Hypervisor Implementation Local Guest Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/48058<br /><br />Linux Kernel SSID Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/48538<br /><br />Linux Kernel OOPS 'qdisc_dev()' Dereference Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48641<br /><br />Linux Kernel 'agp_ioctl()' Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/47843<br /><br />Linux Kernel EFI Partition Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/47796<br /><br />Xen 'get_free_port()' Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48048<br /><br />Linux Kernel Multiple Local Information Disclosure Vulnerabilities<br />http://www.securityfocus.com/bid/46616<br /><br />Linux Kernel 'oops' on Reset NULL Pointer Dereference Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/46793<br /><br />Oracle Sun Solaris CVE-2012-0100 Local Security Vulnerability<br />http://www.securityfocus.com/bid/51475<br /><br />Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/50494<br /><br />Linux Kernel CVE-2012-0056 Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/51625<br /><br />MIT Kerberos KDC TGS Handling NULL Pointer Dereference Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/50929<br /><br />PostgreSQL 'intarray' Module 'gettoken()' Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/46084<br /><br />Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/50802<br /><br />Adobe Acrobat and Reader CVE-2011-0604 Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/46217<br /><br />RESTEasy JaxB XML Entity References Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/51766<br /><br />HostBill PHP Code Injection Vulnerability<br />http://www.securityfocus.com/bid/51763<br /><br />FishEye and Crucible Webwork 2 Framework Remote Code Injection Vulnerability<br />http://www.securityfocus.com/bid/51762<br /><br />SilverStripe 'Title' Parameter HTML Injection Vulnerability<br />http://www.securityfocus.com/bid/51761<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0447 Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/51757<br /><br />Mozilla Firefox/Thunderbird/Seamonkey Multiple Memory Corruption Vulnerabilities<br />http://www.securityfocus.com/bid/51756<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey nsDOMAttribute Use After Free Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/51755<br /><br />Mozilla Firefox/SeaMonkey/Thunderbird XSLT Stylesheets Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/51754<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey Ogg Vorbis Files Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/51753<br /><br />Mozilla Firefox/SeaMonkey/Thunderbird XPConnect Security Check Cross Domain Scripting Vulnerability<br />http://www.securityfocus.com/bid/51752<br /><br />Hitachi JP1 Products Unspecified Cross-Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/51749<br /><br />RESTEasy XML Entity References Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/51748<br /><br />Hitachi JP1/IT Desktop Management Manager Unspecified Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/51747<br /><br />HP Network Automation Remote Unauthorized Access Vulnerability<br />http://www.securityfocus.com/bid/51746<br /><br />Hitachi uCosminexus Products Unspecified Cross-Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/51745<br /><br />LuraWave JP2 ActiveX Control 'jp2_x.dll' Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/51744<br /><br />Clixint Technologies DPI 'showseries' Parameter Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/51734<br /><br />LuraWave JP2 Browser Plug-In 'npjp2.dll' Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/51732<br /><br />TWiki 'organization' Field HTML Injection Vulnerability<br />http://www.securityfocus.com/bid/51731<br /><br />Joomla! 'com_crhotels' Component 'catid' Parameter Remote SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/51728<br /><div><br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/271993289796750713-2835633336393748701?l=isneophyte.blogspot.com' alt='' /></div>Bouno Tokyonoreply@blogger.com0tag:blogger.com,1999:blog-271993289796750713.post-85883269425639082192011-11-02T10:46:00.002+09:002011-11-02T11:02:32.843+09:00<div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: right;"><a href="http://2.bp.blogspot.com/-1QJxopJSBCI/TrCkjahHRBI/AAAAAAAAA4M/cmpkAEtdtD0/s1600/Google-20111102-%25E6%25A8%25AA%25E5%25B1%25B1%25E5%25A4%25A7%25E8%25A6%25B3%25E7%2594%259F%25E8%25AA%2595143%25E5%2591%25A8%25E5%25B9%25B4.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="78" src="http://2.bp.blogspot.com/-1QJxopJSBCI/TrCkjahHRBI/AAAAAAAAA4M/cmpkAEtdtD0/s200/Google-20111102-%25E6%25A8%25AA%25E5%25B1%25B1%25E5%25A4%25A7%25E8%25A6%25B3%25E7%2594%259F%25E8%25AA%2595143%25E5%2591%25A8%25E5%25B9%25B4.JPG" width="200" /></a></div><br />+ Multiple vulnerabilities in Adobe Flashplayer<br />http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer2<br /><br />+ Multiple vulnerabilities in Adobe Flashplayer<br />http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer1<br /><br />+ Multiple Buffer Overflow vulnerabilities in GIMP<br />http://blogs.oracle.com/sunsecurity/entry/multiple_buffer_overflow_vulnerabilities_in<br /><br />+ Microsoft Windows Kernel Word File Handling Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/50462<br /><br />+- Linux Kernel '/mm/oom_kill.c' Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50459<br /><br />HPSBMU02712 SSRT100649 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code<br />https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&amp;javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03054052%25257CdocLocale%25253Dja_JP&amp;javax.portlet.begCacheTok=com.vignette.cachetoken&amp;javax.portlet.endCacheTok=com.vignette.cachetoken<br /><br />Wireshark 1.6.3 Released<br />http://www.wireshark.org/docs/relnotes/wireshark-1.6.3.html<br /><br />[security bulletin] HPSBMU02712 SSRT100649 rev.1 - HP OpenView Network Node Manager (OV NNM), Re<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00005.html<br /><br />Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00009.html<br /><br />XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00008.html<br /><br />XSS Vulnerabilities in eFront<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00007.html<br /><br />[ MDVSA-2011:162 ] kdelibs4<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00006.html<br /><br />GDTelcom Speedtest ActiveX Control "FTPDownLoad Class"-ActiveX.dll Remote Denial of Service Vuln<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00004.html<br /><br />[ GLSA 201111-01 ] Chromium, V8: Multiple vulnerabilities<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00003.html<br /><br />IBSng all version Cross-Site Scripting Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00002.html<br /><br />CVE-2011-3682: 2WIRE-SINGTEL 2701HGV-E/2700HGV-2/2700HG GATEWAY ROUTER MANAGEMEN<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00001.html<br /><br />DDIVRT-2011-33 IBM WebSphere Application Server help Servlet Plug-in Bundle Directory Tr<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-11/msg00000.html<br /><br />Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC (*.oce)<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00215.html<br /><br />[SECURITY] [DSA 2333-1] phpldapadmin security update<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00212.html<br /><br />PlotLineControl ActiveX Control "LinePutPoint" Integer Overflow<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00214.html<br /><br />YaTFTPSvr TFTP Server Directory Traversal Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00216.html<br /><br />Apples Mail.app mail of death<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00213.html<br /><br />Securiteam<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://www.derkeiler.com/Mailing-Lists/Securiteam/<br /><br />[SECURITY] [DSA 2332-1] python-django security update<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00211.html<br /><br />[security bulletin] HPSBUX02707 SSRT100626 rev.2 - HP-UX Apache Web Server, Remote Denial of<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00210.html<br /><br />[security bulletin] HPSBUX02702 SSRT100606 rev.5 - HP-UX Apache Web Server, Remote Denial of<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00209.html<br /><br />シマンテックがAndroid端末用セキュリティソフトの新版<br />遠隔操作でアラームを鳴らす機能などを追加<br />http://itpro.nikkeibp.co.jp/article/NEWS/20111102/372023/?ST=security<br /><br />化学メーカーを狙った「標的型攻撃」が相次ぐ、国内企業も被害<br />世界中で48社がターゲットに、米シマンテックが報告<br />http://itpro.nikkeibp.co.jp/article/NEWS/20111102/372022/?ST=security<br /><br />JVN#98649286 CSWorks の LiveData Service におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvn.jp/jp/JVN98649286/index.html<br /><br />JVNDB-2011-000095 CSWorks の LiveData Service におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000095.html<br /><br />JVNDB-2011-002643 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002643.html<br /><br />JVNDB-2011-002642 Google Chrome における URL バーを偽造される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002642.html<br /><br />JVNDB-2011-002641 Google Chrome における MIME タイプに関する詳細不明な脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002641.html<br /><br />JVNDB-2011-002640 Linux 上で稼働する Google Chrome における PIC および PIE コンパイラオプションの使用に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002640.html<br /><br />JVNDB-2011-002639 Google Chrome における詳細不明な脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002639.html<br /><br />JVNDB-2011-002638 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002638.html<br /><br />JVNDB-2011-002637 Google Chrome にて使用される libxml2 におけるメモリ二重開放の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002637.html<br /><br />JVNDB-2011-002636 Google Chrome におけるサービス運用妨害 (out-of-bounds read) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002636.html<br /><br />JVNDB-2011-002635 Google Chrome にて使用される Google V8 におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002635.html<br /><br />JVNDB-2011-002634 Google Chrome における詳細不明な脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002634.html<br /><br />JVNDB-2011-002633 Google Chrome におけるサービス運用妨害 (out-of-bounds read) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002633.html<br /><br />JVNDB-2011-002632 Google Chrome にて使用される Google V8 における詳細不明な脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002632.html<br /><br />JVNDB-2011-002631 Google Chrome における、詳細不明な脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002631.html<br /><br />JVNDB-2011-002630 Google Chrome のサービス運用妨害の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002630.html<br /><br />JVNDB-2011-002629 Google Chrome における詳細不明な脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002629.html<br /><br />JVNDB-2011-002628 Google Chrome におけるサービス運用妨害 (out-of-bounds read) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002628.html<br /><br />JVNDB-2011-002627 Cisco IOS の cat6000-dot1x コンポーネントにおけるサービス運用妨害 (トラフィックストーム) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002627.html<br /><br />JVNDB-2011-002626 Cisco CiscoWorks Common Services における重要な情報を取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002626.html<br /><br />JVNDB-2011-002625 Cisco IOS の ethernet-lldp コンポーネントにおけるサービス運用妨害 (デバイスクラッシュ) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002625.html<br /><br />JVNDB-2011-002624 NexusPHP の thanks.php における SQL インジェクションの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002624.html<br /><br />JVNDB-2011-002623 OCS Inventory NG の ocsinventory におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002623.html<br /><br />JVNDB-2011-002622 OpenOffice.org および LibreOffice の oowriter におけるサービス運用妨害 (クラッシュ) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002622.html<br /><br />JVNDB-2011-002621 Simple Machines Forum におけるクロスサイトリクエストフォージェリの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002621.html<br /><br />JVNDB-2011-002620 KENT-WEB WEB FORUM におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002620.html<br /><br />JVNDB-2011-002619 IBM WebSphere ILOG Rule Team Server の content/error.jsp におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002619.html<br /><br />JVNDB-2011-002618 Simple Machines Forum における SQL インジェクションの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002618.html<br /><br />JVNDB-2011-002617 Novell ZENworks Handheld Management (ZHM) の ZfHSrvr.exe における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002617.html<br /><br />JVNDB-2011-002616 Novell ZENworks Handheld Management (ZHM) の ZfHSrvr.exe における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002616.html<br /><br />JVNDB-2011-000094 複数のスカイアークシステム製品におけるクロスサイトリクエストフォージェリの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000094.html<br /><br />JVNDB-2011-000093 複数のスカイアークシステム製品におけるアクセス制限不備の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000093.html<br /><br />JVNDB-2011-002615 Asterisk Open Source の chan_sip.c におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002615.html<br /><br />JVNDB-2011-002614 ATCOM Netvolution における SQL インジェクションの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002614.html<br /><br />JVNDB-2011-002613 BlackBerry Collaboration Service における任意のユーザアカウントへログインされる脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002613.html<br /><br />JVNDB-2011-002612 ATCOM Netvolution の default.asp における SQL インジェクションの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002612.html<br /><br />JVNDB-2011-002611 ATCOM Netvolution の default.asp におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002611.html<br /><br />JVNDB-2011-002610 ATCOM Netvolution におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002610.html<br /><br />JVNDB-2011-002609 ATCOM Netvolution の default.asp における SQL インジェクションの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002609.html<br /><br />JVNDB-2011-002608 MIT Kerberos の krb5_db2_lockout_audit 関数におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002608.html<br /><br />JVNDB-2011-002607 MIT Kerberos の lookup_lockout_policy 関数におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002607.html<br /><br />JVNDB-2011-002606 MIT Kerberos の krb5_ldap_lockout_audit 関数におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002606.html<br /><br />JVNDB-2011-002605 MIT Kerberos の kdb_ldap プラグインにおけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002605.html<br /><br />JVNDB-2011-002604 Empathy の theme_adium_append_message 関数におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002604.html<br /><br />JVNDB-2011-002603 Empathy の theme_adium_append_message 関数におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002603.html<br /><br />JVNDB-2011-002602 HP MFP Digital Sending ソフトウェアにおける重要なワークフローメタデータ情報を取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002602.html<br /><br />JVNDB-2011-002601 Linux kernel の napi_reuse_skb 関数におけるサービス運用妨害 (NULL ポインタデリファレンス) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002601.html<br /><br />JVNDB-2011-002600 Cisco Adaptive Security Appliances デバイスにおけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002600.html<br /><br />JVNDB-2011-002599 Cisco IOS の ipv6 コンポーネントにおけるフィンガープリンティング攻撃を誘導される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002599.html<br /><br />JVNDB-2011-002598 Cisco IOS の cat6000-dot1x コンポーネントにおけるサービス運用妨害 (トラフィックストーム) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002598.html<br /><br />Honeynet Project: Android Reverse Engineering (A.R.E.) Virtual Machine released<br />http://isc.sans.edu/diary.html?storyid=11926<br /><br />Secure languages &amp; frameworks<br />http://isc.sans.edu/diary.html?storyid=11929<br /><br />Linux Kernel clock_gettime() Negative Divisor Bug Lets Local Users Deny Service<br />http://www.securitytracker.com/id/1026261<br /><br />HP OpenView Network Node Manager Bugs Let Remote Users Execute Arbitrary Code<br />http://www.securitytracker.com/id/1026260<br /><br />Novell GroupWise Messenger Discloses Arbitrary Memory Contents to Remote Users<br />http://www.securitytracker.com/id/1026257<br /><br />IBM AIX BIND Multiple Vulnerabilities<br />http://secunia.com/advisories/46641/<br /><br />Gentoo update for chromium and v8<br />http://secunia.com/advisories/46636/<br /><br />NJStar Communicator MiniSmtp Packet Processing Buffer Overflow Vulnerability<br />http://secunia.com/advisories/46630/<br /><br />Joomla! Alameda Component "storeid" SQL Injection Vulnerability<br />http://secunia.com/advisories/46635/<br /><br />Squid DNS Replies Invalid Free Denial of Service Vulnerability<br />http://secunia.com/advisories/46609/<br /><br />CSWorks LiveData Service TCP Packets Processing Denial of Service Vulnerability<br />http://secunia.com/advisories/46625/<br /><br />Megatops YaTFTPSvr Directory Traversal Vulnerability<br />http://secunia.com/advisories/46665/<br /><br />Oracle Hyperion Enterprise Performance Management arsqls24.dll Buffer Overflow Vulnerability<br />http://secunia.com/advisories/46652/<br /><br />WordPress ClassiPress Theme "twitter_id" and "facebook_id" Script Insertion Vulnerabilities<br />http://secunia.com/advisories/46658/<br /><br />Joomla! Vik Real Estate Extension "contract" and "imm" SQL Injection Vulnerabilities<br />http://secunia.com/advisories/46661/<br /><br />Joomla! HM Community Component Script Insertion and SQL Injection Vulnerabilities<br />http://secunia.com/advisories/46656/<br /><br />Novell Messenger Server Process Memory Information Disclosure Vulnerability<br />http://secunia.com/advisories/46677/<br /><br />Gobby Two Weaknesses<br />http://secunia.com/advisories/46698/<br /><br />net6 Two Weaknesses<br />http://secunia.com/advisories/46605/<br /><br />Debian update for python-django<br />http://secunia.com/advisories/46614/<br /><br />Debian update for radvd<br />http://secunia.com/advisories/46639/<br /><br />Debian update for tor<br />http://secunia.com/advisories/46640/<br /><br />Ubuntu update for empathy<br />http://secunia.com/advisories/46684/<br /><br />Openswan Cryptographic Helper Use-After-Free Denial of Service Vulnerability<br />http://secunia.com/advisories/46681/<br /><br />WordPress Simple Balance Theme "s" Cross-Site Scripting Vulnerability<br />http://secunia.com/advisories/46671/<br /><br />eFront Multiple Vulnerabilities<br />http://secunia.com/advisories/46613/<br /><br />SUSE update for java-1_6_0-openjdk<br />http://secunia.com/advisories/46695/<br /><br />Debian update for phpldapadmin<br />http://secunia.com/advisories/46672/<br /><br />Fedora update for kernel<br />http://secunia.com/advisories/46687/<br /><br />Fujitsu Interstage HTTP Server Two Vulnerabilities<br />http://secunia.com/advisories/46648/<br /><br />NJStar Communicator 3.00 MiniSMTP Server Remote Exploit<br />http://www.exploit-db.com/exploits/18057<br /><br />Linux Kernel TCP Sequence Number Generation Security Weakness<br />http://www.securityfocus.com/bid/49289<br /><br />KDE KSSL Common Name SSL Certificate Spoofing Vulnerability<br />http://www.securityfocus.com/bid/49925<br /><br />Linux Kernel 'clock_gettime()' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50311<br /><br />Oracle Java SE CVE-2011-3553 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50246<br /><br />IBM WebSphere Application Server Administration Console Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/49362<br /><br />Oracle Java SE CVE-2011-3556 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50231<br /><br />Oracle Java SE CVE-2011-3561 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50250<br /><br />Oracle Java SE CVE-2011-3557 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50234<br /><br />Oracle Java SE CVE-2011-3558 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50242<br /><br />Oracle Java SE CVE-2011-3554 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50216<br /><br />Oracle Java SE CVE-2011-3551 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50224<br /><br />Oracle Java SE CVE-2011-3552 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50248<br /><br />Oracle Java SE CVE-2011-3548 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50211<br /><br />Oracle Java SE CVE-2011-3549 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50223<br /><br />Oracle Java SE CVE-2011-3547 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50243<br /><br />Oracle Java SE CVE-2011-3521 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50215<br /><br />Oracle Java SE CVE-2011-3545 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50220<br /><br />Oracle Java SE CVE-2011-3550 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50226<br /><br />Oracle Java SE CVE-2011-3546 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50239<br /><br />SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/49778<br /><br />Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/50218<br /><br />Oracle Java SE CVE-2011-3516 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50229<br /><br />KDE KSSL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/36229<br /><br />ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability<br />http://www.securityfocus.com/bid/37118<br /><br />Apache Tomcat AJP Protocol Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/49353<br /><br />ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability<br />http://www.securityfocus.com/bid/37865<br /><br />Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability<br />http://www.securityfocus.com/bid/33151<br /><br />Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/49279<br /><br />Google Chrome Prior to 14.0.835.202 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/49938<br /><br />Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/49658<br /><br />Google Chrome Prior to 15.0.874.102 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/50360<br /><br />Google Chrome Prior to 12.0.742.112 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/48479<br /><br />Google Chrome prior to 14.0.835.163 PDF File Handling Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49933<br /><br />Oracle Hyperion Financial Management 'TList6.ocx' ActiveX Control Insecure Method Vulnerability<br />http://www.securityfocus.com/bid/50476<br /><br />GE Proficy Historian Data Archiver Service Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50475<br /><br />GE Proficy Plant Application Components Remote Stack Based Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50474<br /><br />GE Proficy Historian Web Administrator Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50473<br /><br />HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities<br />http://www.securityfocus.com/bid/50471<br /><br />Symphony Multiple SQL Injection and Cross Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/50470<br /><br />eFront Multiple Cross Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/50469<br /><br />IBSng 'str' Parameter Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50468<br /><br />Google App Engine Python SDK 'FakeFile' Object Local Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/50464<br /><br />Microsoft Windows Kernel Word File Handling Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/50462<br /><br />Linux Kernel '/mm/oom_kill.c' Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50459<br /><br />Hyperic HQ Enterprise Cross Site Scripting and Multiple Unspecified Security Vulnerabilities<br />http://www.securityfocus.com/bid/50456<br /><br />vBulletin Multiple Remote File Include Vulnerabilities<br />http://www.securityfocus.com/bid/50455<br /><br />Domain Shop 'index.php' Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50454<br /><br />BroadWin WebAccess Client 'bwocxrun.ocx ' Multiple Remote Vulnerabilities<br />http://www.securityfocus.com/bid/49428<br /><br />Microsoft Windows AFD Driver CVE-2011-2005 Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/49941<br /><br />Apple QuickTime Prior To 7.7.1 'Flic' Movie File Handling Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50404<br /><br />phpLDAPadmin Cross Site Scripting and PHP Code Injection Vulnerabilities<br />http://www.securityfocus.com/bid/50331<br /><br />Apache APR 'apr_fnmatch()' Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47820<br /><br />Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/49957<br /><br />Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47929<br /><br />Django Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/49573<br /><br />NJStar Communicator MiniSMTP Server Remote Stack Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50452<br /><br />Joomla! Alameda Component 'storeid' Parameter SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50451<br /><br />Squid Proxy Caching Server CNAME Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50449<br /><br />Multiple SKYARC System Products Unspecified Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/50448<br /><br />Novell Messenger Server Memory Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/50443<br /><br />net6 Session Hijacking and Information Disclosure Vulnerabilities<br />http://www.securityfocus.com/bid/50442<br /><br />YaTFTPSvr TFTP Server Directory Traversal Vulnerability<br />http://www.securityfocus.com/bid/50441<br /><br />Openswan Crpyotgraphic Helper Use After Free Remote Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/50440<br /><br />Joomla! 'com_hmcommunity' Component Multiple Input Validation Vulnerabilities<br />http://www.securityfocus.com/bid/50439<br /><br />e107 CMS jbShop Plugin 'item_id' SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50438<br /><br />phpAlbum Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/50437<br /><br />Joomla Component JEEMA SMS Multiple SQL Injection Vulnerabilities<br />http://www.securityfocus.com/bid/50436<br /><br />Joomla Component Vik Real Estate Multiple SQL Injection Vulnerabilities<br />http://www.securityfocus.com/bid/50435<br /><br />WordPress WP Glossary Plugin 'ajax.php' SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50434<br /><br />WordPress Classipress Theme Multiple HTML Injection Vulnerabilities<br />http://www.securityfocus.com/bid/50433<br /><br />Barter Sites Joomla! Component Multiple HTML Injection Vulnerabilities<br />http://www.securityfocus.com/bid/50432<br /><br />PROMOTIC ActiveX Control 'GetPromoticSite' Method Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/50430<br /><br />GFI Faxmaker Divide-By-Zero Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50429<br /><br /><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/271993289796750713-8588326942563908219?l=isneophyte.blogspot.com' alt='' /></div>Bouno Tokyonoreply@blogger.com0tag:blogger.com,1999:blog-271993289796750713.post-21131364063532748342011-10-31T10:24:00.000+09:002011-10-31T16:13:30.813+09:00<br />JVN#56667137 複数のスカイアークシステム製品におけるクロスサイトリクエストフォージェリの脆弱性<br />http://jvn.jp/jp/JVN56667137/index.html<br /><br />JVN#41032068 複数のスカイアークシステム製品におけるアクセス制限不備の脆弱性<br />http://jvn.jp/jp/JVN41032068/index.html<br /><br />REMOTE: BroadWin WebAccess SCADA/HMI Client Remote Code Execution<br />http://www.exploit-db.com/exploits/18051<br /><br />DoS/PoC: Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC<br />http://www.exploit-db.com/exploits/18052<br /><br />DoS/PoC: Microsys PROMOTIC 8.1.4 ActiveX GetPromoticSite Unitialized Pointer<br />http://www.exploit-db.com/exploits/18049<br /><div><br /></div><br /><div class="separator" style="clear: both; text-align: right;"><a href="http://4.bp.blogspot.com/-Y7Ud_7xmI1M/Tq34gonxOMI/AAAAAAAAA4E/SAIhypc1lLU/s1600/Google-20111031-%25E3%2583%258F%25E3%2583%25AD%25E3%2583%25BC%25E3%2582%25A6%25E3%2582%25A3%25E3%2583%25B3.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="105" src="http://4.bp.blogspot.com/-Y7Ud_7xmI1M/Tq34gonxOMI/AAAAAAAAA4E/SAIhypc1lLU/s200/Google-20111031-%25E3%2583%258F%25E3%2583%25AD%25E3%2583%25BC%25E3%2582%25A6%25E3%2582%25A3%25E3%2583%25B3.JPG" width="200" /></a></div><br /><br />+ Linux Kernel Network Bridge NULL Pointer Dereference Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50417<br /><br />[ANNOUNCEMENT] Apache Commons Digester 3.1 released!<br />http://commons.apache.org/digester/download_digester.cgi<br /><br />[courier-announce] Courier and courier-imap builds 20111028<br />http://www.courier-mta.org/download.php<br /><br />UPDATE: HPSBUX02715 SSRT100623 rev.3 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges<br />https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&amp;javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03057703%25257CdocLocale%25253Dja_JP&amp;javax.portlet.begCacheTok=com.vignette.cachetoken&amp;javax.portlet.endCacheTok=com.vignette.cachetoken<br /><br />Benetl, a free ETL tool for postgreSQL, is out in version 3.8<br />http://www.postgresql.org/about/news.1361<br /><br />PostgreSQL Data Sync released<br />http://www.postgresql.org/about/news.1360<br /><br />LedgerSMB 1.3.0 Released<br />http://www.postgresql.org/about/news.1359<br /><br />Debian : [DSA-2329-1] torque - Buffer Overflow Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37003<br /><br />Hewlett-Packard : [HPSBMU02714 SSRT100244] - HP - Network Node Manager i - Information Disclosure Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36996<br /><br />High-Tech Bridge SA : [HTB23052] SPIP - Path Disclosure Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37002<br /><br />Red Hat : [RHSA-2011:1402-01] FreeType - Denial-Of-Service Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37004<br /><br />Red Hat : [RHSA-2011:1409-01] OpenSSL - Security Bypass Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37005<br /><br />Ubuntu Security Notice : [USN-1238-2] Puppet - Man-In-The-Middle Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37006<br /><br />Ubuntu Security Notice : [USN-1247-1] Nova - Information Disclosure Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37007<br /><br />Ubuntu Security Notice : [USN-1248-1] KDE-Libs - Spoofing Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37008<br /><br />VMware : [VMSA-2011-0013] Multiple Products - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37009<br /><br />ZDI : [ZDI-11-311] Apple - QuickTime - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37010<br /><br />ZDI : [ZDI-11-312] Apple - QuickTime - Code Execution Isshe<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37011<br /><br />ZDI : [ZDI-11-313] Apple - QuickTime - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37012<br /><br />ZDI : [ZDI-11-314] Apple - QuickTime - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37013<br /><br />ZDI : [ZDI-11-315] Apple - QuickTime - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37014<br /><br />ZDI : [ZDI-11-316] Apple - QuickTime - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37015<br /><br />Cisco : [cisco-sa-20111026-webex] Cisco - WebEx Player - Multiple Buffer Overflow Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36997<br /><br />Cisco : [cisco-sa-20111026-csa] Cisco - Security Agent - Multiple Code Execution Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36998<br /><br />Cisco : [cisco-sa-20111026-cucm] Cisco - Unified Communications Manager - Directory Traversal Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36999<br /><br />Cisco : [cisco-sa-20111026-uccx] Cisco - Unified Contact Center Express - Directory Traversal Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37000<br /><br />Cisco : [cisco-sa-20111026-camera] Cisco - Video Surveillance IP Cameras - Denial-Of-Service Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=37001<br /><br />Gentoo Linux : [GLSA 201110-24] Squid - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36982<br /><br />Gentoo Linux : [GLSA 201110-25] Pure-FTPd - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36983<br /><br />Gentoo Linux : [GLSA 201110-26] libxml2 - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36984<br /><br />Hewlett-Packard : [HPSBUX02700 SSRT100506] HP-UX - VEA - Denial-Of-Service and Code Execution Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36972<br /><br />Ubuntu Security Notice : [USN-1238-1] Puppet - Man-In-The-Middle Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36974<br /><br />Ubuntu Security Notice : [USN-1239-1] Linux kernel - EC2 - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36975<br /><br />Ubuntu Security Notice : [USN-1240-1] Linux kernel - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36976<br /><br />Ubuntu Security Notice : [USN-1241-1] Linux Kernel - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36977<br /><br />Ubuntu Security Notice : [USN-1242-1] Linux Kernel - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36978<br /><br />Ubuntu Security Notice : [USN-1243-1] Linux Kernel - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36979<br /><br />Ubuntu Security Notice : [USN-1245-1] Linux Kernel - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36980<br /><br />ZDI : [ZDI-11-308] Cisco - WebEx Player - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36985<br /><br />ZDI : [ZDI-11-309] Novell - iPrint Client - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36986<br /><br />ZDI : [ZDI-11-310] Adobe - Reader - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36987<br /><br />ZDI : [ZDI-11-296] Adobe - Reader - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36988<br /><br />ZDI : [ZDI-11-297] Adobe - Reader - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36989<br /><br />ZDI : [ZDI-11-298] Adobe - Reader - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36990<br /><br />ZDI : [ZDI-11-299] Adobe - Reader - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36991<br /><br />ZDI : [ZDI-11-300] Adobe - Reader - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36992<br /><br />ZDI : [ZDI-11-301] Adobe - Reader - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36993<br /><br />ZDI : [ZDI-11-302] Adobe - Reader - Buffer Overflow and Code Execution Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36994<br /><br />Cisco : Cisco Nexus OS (NX-OS) - Command Injection Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36968<br /><br />Gentoo Linux : [GLSA 201110-22] PostgreSQL - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36995<br /><br />Gentoo Linux : [GLSA 201110-23] Apache - mod_authnz_external - SQL Injection Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36995<br /><br />Independant Researcher : zFtp Server - Denial-Of-Service Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36981<br /><br />Mandriva : [MDVSA-2011:161] postgresql - Weak Encrypted Password Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36964<br /><br />Red Hat : [RHSA-2011:1401-01] xen - Denial-Of-Service Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36963<br /><br />Ubuntu Security Notice : [USN-1237-1] PAM - Multiple Denial-Of-Service Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36962<br /><br />Debian : [DSA-2326-1] PAM - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36966<br /><br />Debian : [DSA-2327-1] libfcgi-perl - Authentication Bypass Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36970<br /><br />Debian : [DSA 2328-1] Freetype - Denial-Of-Service and Code Execution Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36973<br /><br />Gentoo Linux : [GLSA 201110-21] Asterisk - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36971<br /><br />Independant Researcher : [TC-SA-2011-01] OmniTouch - Instant Communication Suite - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36965<br /><br />Debian : [DSA-2325-1] kfreebsd-8 - Buffer Overflow Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36967<br /><br />[SECURITY] [DSA 2323-1] radvd security update<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00205.html<br /><br />[SECURITY] [DSA 2331-1] tor security update<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00206.html<br /><br />[PT-2011-30] Disclosure of sensitive information in D-Link DIR-300 Router<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00204.html<br /><br />[PT-2011-29] Arbitrary file reading and arbitrary code execution in Router Manager for D-<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00203.html<br /><br />[PT-2011-21] SQL injection vulnerability in OneOrZero AIMS<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00202.html<br /><br />[PT-2011-20] Authorization bypass vulnerability in OneOrZero AIMS<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00201.html<br /><br />VMSA-2011-0013 VMware third party component updates for VMware vCenter Server, vCenter Updat<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00199.html<br /><br />[security bulletin] HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers (SRP), Local Unauthorize<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00198.html<br /><br />[security bulletin] HPSBUX02719 SSRT100658 rev.1 - HP-UX Running BIND, Remote Denial of Serv<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00197.html<br /><br />ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00196.html<br /><br />ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00195.html<br /><br />ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00194.html<br /><br />ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulner<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00192.html<br /><br />ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vu<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00193.html<br /><br />ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00191.html<br /><br />[SECURITY] [DSA 2330-1] simplesamlphp security update<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00190.html<br /><br />eFront &lt;= 3.6.10 (build 11944) Multiple Security Vulnerabilities<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00207.html<br /><br />[SECURITY] [DSA 2329-1] torque security update<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00174.html<br /><br />foofus.net security advisory - Toshiba eStudio Multifunction Printer Information Leakage<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00189.html<br /><br />APPLE-SA-2011-10-26-1 QuickTime 7.7.1<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00188.html<br /><br />[ GLSA 201110-26 ] libxml2: Multiple vulnerabilities<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00187.html<br /><br />[ GLSA 201110-25 ] Pure-FTPd: Multiple vulnerabilities<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00186.html<br /><br />[ GLSA 201110-24 ] Squid: Multiple vulnerabilities<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00185.html<br /><br />DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal [CVE-2011-33<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00184.html<br /><br />ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerab<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00183.html<br /><br />ZDI-11-309 : Novell iPrint Client nipplib.dll GetDriverSettings Remote Code Execution Vulner<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00182.html<br /><br />ZDI-11-308 : Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerabilit<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00181.html<br /><br />ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vu<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00180.html<br /><br />ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerabi<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00178.html<br /><br />ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00179.html<br /><br />ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulner<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00177.html<br /><br />ZDI-11-303 : Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00176.html<br /><br />SANS AppSec 2012 CFP is Open<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00175.html<br /><br />JVN#72640744 複数の D-Link 製品におけるバッファオーバーフローの脆弱性<br />http://jvn.jp/jp/JVN72640744/index.html<br /><br />JVNVU#402731 Enspire eClient に SQL インジェクションの脆弱性<br />http://jvn.jp/cert/JVNVU402731/index.html<br /><br />プレス発表<br />複数のD-Link製品におけるセキュリティ上の弱点（脆弱性）の注意喚起<br />http://www.ipa.go.jp/about/press/20111028.html<br /><br />The Sub Critical Control? Evidence Collection<br />http://isc.sans.edu/diary.html?storyid=11914<br /><br />IBM Lotus Sametime Configuration Servlet Lets Remote Users Obtain Configuration Data<br />http://www.securitytracker.com/id/1026255<br /><br />Cisco NX-OS Command Validation Flaw Lets Local Users Gain Elevated Privileges<br />http://www.securitytracker.com/id/1026254<br /><br />HP Power Manager 'formExportDataLogs' Buffer Overflow<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8482<br /><br />Apple Safari Webkit libxslt Arbitrary File Creation<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8481<br /><br />Ubuntu update for backuppc<br />http://secunia.com/advisories/46621/<br /><br />VMware vCenter Products JRE Multiple Vulnerabilities<br />http://secunia.com/advisories/46651/<br /><br />HP-UX update for BIND<br />http://secunia.com/advisories/46633/<br /><br />VMware ESX Server Multiple Vulnerabilities<br />http://secunia.com/advisories/46529/<br /><br />Enspire eClient Unspecified SQL Injection Vulnerability<br />http://secunia.com/advisories/46638/<br /><br />Tor TLS Certificate Reuse User De-Anonymisation Security Issue<br />http://secunia.com/advisories/46634/<br /><br />VMware ESXi Server "sblim-sfcb" Integer Overflow Vulnerability<br />http://secunia.com/advisories/46650/<br /><br />Gentoo update for libxml2<br />http://secunia.com/advisories/46601/<br /><br />BackupPC "num" Cross-Site Scripting Vulnerability<br />http://secunia.com/advisories/46615/<br /><br />Cisco NX-OS / Unified Computing System "section" and "less" Privilege Escalation Vulnerabilities<br />http://secunia.com/advisories/46569/<br /><br />D-Link Products SSH Server Buffer Overflow Vulnerability<br />http://secunia.com/advisories/46637/<br /><br />FFFTP Insecure Executable Loading Vulnerability<br />http://secunia.com/advisories/46649/<br /><br />IBM Lotus Sametime Configuration Servlet Authentication Security Issue<br />http://secunia.com/advisories/46647/<br /><br />SUSE update for kernel<br />http://secunia.com/advisories/46608/<br /><br />HP-UX BIND Requests Processing Remote Denial of Service Vulnerability<br />http://www.vupen.com/english/ADV-2011-2244.php<br /><br />Tor Security Update Fixes Multiple Information Disclosure Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2243.php<br /><br />IBM DB2 for Linux, UNIX and Windows "STMM" Security Vulnerability<br />http://www.vupen.com/english/ADV-2011-2242.php<br /><br />IBM Lotus Sametime Configuration Servlet Remote Information Disclosure<br />http://www.vupen.com/english/ADV-2011-2241.php<br /><br />VMware Products Code Execution and Denial of Service Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2240.php<br /><br />Enspire eClient Data Processing Remote SQL Injection Vulnerability<br />http://www.vupen.com/english/ADV-2011-2239.php<br /><br />Winamp Data Processing Multiple Heap and Integer Overflow Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2238.php<br /><br />LOCAL: Xorg 1.4 to 1.11.2 File Permission Change PoC<br />http://www.exploit-db.com/exploits/18040<br /><br />LOCAL: GTA SA-MP server.cfg Buffer Overflow<br />http://www.exploit-db.com/exploits/18038<br /><br />DoS/PoC: GFI Faxmaker - Fax Viewer v10.0[build 237] DoS (Poc).<br />http://www.exploit-db.com/exploits/18043<br /><br />Oracle Solaris CVE-2011-2311 ZFS Component Local Vulnerability<br />http://www.securityfocus.com/bid/50266<br /><br />Oracle Solaris CVE-2011-2312 'ZFS' Sub Component Local Vulnerability<br />http://www.securityfocus.com/bid/50269<br /><br />Oracle Sun Products Suite CVE-2011-3536 Local Vulnerability<br />http://www.securityfocus.com/bid/50262<br /><br />Oracle Sun Products Suite CVE-2011-2286 Remote Vulnerability<br />http://www.securityfocus.com/bid/50265<br /><br />Oracle Solaris CVE-2011-2304 Remote Vulnerability<br />http://www.securityfocus.com/bid/50257<br /><br />Oracle Solaris CVE-2011-2313 Local Solaris Vulnerability<br />http://www.securityfocus.com/bid/50254<br /><br />Oracle Sun Solaris CVE-2011-3508 Remote Vulnerability<br />http://www.securityfocus.com/bid/50201<br /><br />Oracle Sun Solaris CVE-2011-3515 Local Vulnerability<br />http://www.securityfocus.com/bid/50235<br /><br />Oracle Sun Product Suite CVE-2011-3537 Local Vulnerability<br />http://www.securityfocus.com/bid/50259<br /><br />Oracle Sun Solaris CVE-2011-3535 Remote Vulnerability<br />http://www.securityfocus.com/bid/50255<br /><br />Oracle Sun Solaris CVE-2011-3534 Remote Vulnerability<br />http://www.securityfocus.com/bid/50251<br /><br />RETIRED: Linux Kernel kexec-tools Multiple Information Disclosure Vulnerabilities<br />http://www.securityfocus.com/bid/49944<br /><br />Linux Kernel CVE-2011-3589 kexec-tools 'mkdumprd' Utility Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/50415<br /><br />Empathy 'nickname' Field Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50323<br /><br />Oracle Java SE and Java for Business CVE-2010-3541 Remote Networking Vulnerability<br />http://www.securityfocus.com/bid/44032<br /><br />Oracle Java SE and Java for Business CVE-2010-4469 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/46400<br /><br />Cisco Nexus OS 'section' and 'less' Local Command Injection Vulnerabilities<br />http://www.securityfocus.com/bid/50347<br /><br />Oracle Java SE and Java for Business NTLM Credentials Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/46411<br /><br />Oracle Java SE and Java for Business Java Runtime Environment CVE-2010-4454 Remote Vulnerability<br />http://www.securityfocus.com/bid/46391<br /><br />Oracle Java SE and Java for Business CVE-2011-0871 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/48142<br /><br />Oracle Java SE and Java for Business CVE-2011-0802 Remote Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/48149<br /><br />Oracle Java SE and Java for Business CVE-2011-0864 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/48139<br /><br />Apache APR 'apr_fnmatch()' Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47820<br /><br />Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47929<br /><br />Oracle Java SE and Java for Business CVE-2010-3574 Remote Networking Vulnerability<br />http://www.securityfocus.com/bid/44011<br /><br />Microsoft Windows Local DNS Cache Poisoning Vulnerabilities<br />http://www.securityfocus.com/bid/50281<br /><br />radvd Multiple Local and Remote Vulnerabilities<br />http://www.securityfocus.com/bid/50395<br /><br />Oracle Java SE and Java for Business CVE-2010-3573 Same Origin Bypass Vulnerability<br />http://www.securityfocus.com/bid/44028<br /><br />Oracle Java SE and Java for Business CVE-2010-3571 ICC Profile Vulnerability<br />http://www.securityfocus.com/bid/43965<br /><br />Oracle Java SE and Java for Business CVE-2010-3572 Remote Sound Vulnerability<br />http://www.securityfocus.com/bid/44030<br /><br />Oracle Java SE and Java for Business CVE-2010-3570 Remote Deployment Toolkit Vulnerability<br />http://www.securityfocus.com/bid/44020<br /><br />Oracle Java SE and Java for Business 'defaultReadObject' Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/44016<br /><br />Oracle Java SE and Java for Business CVE-2010-3568 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/44012<br /><br />Oracle Java SE and Java for Business CVE-2010-3565 JPEGImageWriter.writeImage Vulnerability<br />http://www.securityfocus.com/bid/43985<br /><br />Oracle Java SE and Java for Business CVE-2010-3567 Remote 2D Vulnerability<br />http://www.securityfocus.com/bid/43992<br /><br />Oracle Java SE and Java for Business CVE-2010-3566 ICC Profile Vulnerability<br />http://www.securityfocus.com/bid/43988<br /><br />Oracle Java SE and Java for Business CVE-2010-3562 Remote 2D Vulnerability<br />http://www.securityfocus.com/bid/43979<br /><br />Oracle Java SE and Java for Business CVE-2010-3563 BasicServiceImpl Vulnerability<br />http://www.securityfocus.com/bid/43999<br /><br />Oracle Java SE and Java for Business CVE-2010-3561 Remote CORBA Vulnerability<br />http://www.securityfocus.com/bid/44013<br /><br />Oracle Java SE and Java for Business CVE-2010-3560 Remote Networking Vulnerability<br />http://www.securityfocus.com/bid/44024<br /><br />Oracle Java SE and Java for Business CVE-2010-3559 HeadspaceSoundbank.nGetName Vulnerability<br />http://www.securityfocus.com/bid/44026<br /><br />Oracle Java SE and Java for Business CVE-2010-3557 Remote Swing Vulnerability<br />http://www.securityfocus.com/bid/44014<br /><br />Oracle Java SE and Java for Business CVE-2010-3558 Remote Java Web Start Vulnerability<br />http://www.securityfocus.com/bid/44021<br /><br />Oracle Java SE and Java for Business CVE-2010-3556 Remote 2D Vulnerability<br />http://www.securityfocus.com/bid/43971<br /><br />Oracle Java SE and Java for Business CVE-2010-3554 Remote CORBA Vulnerability<br />http://www.securityfocus.com/bid/43994<br /><br />Oracle Java SE and Java for Business CVE-2010-3555 Remote ActiveX Plug-in Vulnerability<br />http://www.securityfocus.com/bid/44038<br /><br />Oracle Java SE and Java for Business CVE-2010-3553 Remote Swing Vulnerability<br />http://www.securityfocus.com/bid/44035<br /><br />Oracle Java SE and Java for Business CVE-2010-3552 Remote New Java Plug-in Vulnerability<br />http://www.securityfocus.com/bid/44023<br /><br />Oracle Java SE and Java for Business CVE-2010-3551 Remote Networking Vulnerability<br />http://www.securityfocus.com/bid/44009<br /><br />Oracle Java SE and Java for Business CVE-2010-3549 HTTP Response Splitting Vulnerability<br />http://www.securityfocus.com/bid/44027<br /><br />Oracle Java SE and Java for Business CVE-2010-3550 Remote Java Web Start Vulnerability<br />http://www.securityfocus.com/bid/44040<br /><br />Cisco IOS 'ethernet-lldp' Component Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50377<br /><br />MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/40235<br /><br />Oracle Java SE and Java for Business CVE-2010-3548 Remote JNDI Vulnerability<br />http://www.securityfocus.com/bid/44017<br /><br />Oracle Java SE and Java for Business CVE-2010-4472 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/46404<br /><br />Oracle Java SE and Java for Business CVE-2010-4470 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/46387<br /><br />Oracle Java SE and Java for Business CVE-2010-4471 Remote Security Vulnerability<br />http://www.securityfocus.com/bid/46399<br /><br />Oracle Java SE and Java for Business CVE-2010-4474 Remote Java DB Vulnerability<br />http://www.securityfocus.com/bid/46407<br /><br />Oracle Java SE and Java for Business CVE-2010-4467 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/46395<br /><br />Oracle Java SE and Java for Business CVE-2010-4422 Remote Vulnerability<br />http://www.securityfocus.com/bid/46402<br /><br />Oracle Java 'Applet2ClassLoader' Class Unsigned Applet Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/46388<br /><br />Oracle Java SE and Java for Business Java Runtime Environment Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/46386<br /><br />Oracle Java SE and Java for Business CVE-2010-4451 Vulnerability<br />http://www.securityfocus.com/bid/46405<br /><br />Oracle Java Floating-Point Value Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/46091<br /><br />Oracle Java SE and Java for Business CVE-2010-4473 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/46403<br /><br />Oracle Java SE and Java for Business CVE-2010-4475 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/46410<br /><br />Oracle Java SE and Java for Business CVE-2010-4468 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/46393<br /><br />Cisco IOS dot1x Port Handling Multiple Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/50375<br /><br />Oracle Java SE and Java for Business CVE-2010-4450 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/46397<br /><br />Oracle Java SE and Java for Business Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/46394<br /><br />Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/46406<br /><br />Oracle Java SE and Java for Business CVE-2010-4448 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/46398<br /><br />Oracle Java SE and Java for Business CVE-2010-4447 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/46409<br /><br />Linux Kernel 'CIFSFindNext()' Function Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49295<br /><br />Linux Kernel EFI Partition Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47343<br /><br />Linux Kernel CIFS Mount Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49626<br /><br />Linux Kernel Auerswald USB Device Driver Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/48687<br /><br />Oracle Java SE and Java for Business CVE-2011-0815 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/48143<br /><br />Oracle Java SE and Java for Business ICC Profile Multiple Remote Code Execution Vulnerabilities<br />http://www.securityfocus.com/bid/48137<br /><br />Oracle Java SE and Java for Business CVE-2011-0865 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/48147<br /><br />Oracle Java SE and Java for Business CVE-2011-0873 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/48148<br /><br />Oracle Java SE and Java for Business CVE-2011-0867 Remote Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/48144<br /><br />Oracle Java SE and Java for Business CVE-2011-0814 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/48145<br /><br />Linux Kernel EFI Partition Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/47796<br /><br />X.Org X11 File Read Permission Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/50196<br /><br />ISC BIND 9 Unspecified Packet Processing Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48566<br /><br />Multiple Browser Wild Card Certificate Spoofing Vulnerability<br />http://www.securityfocus.com/bid/42817<br /><br />libuser 'luseradd' Default Password Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/45791<br /><br />SBLIM-SFCB Multiple Buffer Overflow Vulnerabilities<br />http://www.securityfocus.com/bid/40475<br /><br />OpenSSL Ciphersuite Downgrade Security Weakness<br />http://www.securityfocus.com/bid/45164<br /><br />OpenSSL Ciphersuite Modification Allows Disabled Cipher Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/45254<br /><br />Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities<br />http://www.securityfocus.com/bid/36377<br /><br />Plici Search 'p48-search.html' Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50428<br /><br />SjXjV 'post.php' SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50426<br /><br />D-Link DIR-300 Unspecified Remote Code Execution and Remote File Disclosure Vulnerabilities<br />http://www.securityfocus.com/bid/50424<br /><br />simpleSAMLphp Multiple Remote Security Vulnerabilities<br />http://www.securityfocus.com/bid/50423<br /><br />Joomla! Techfolio Component 'catid' Parameter SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50422<br /><br />Opera Web Browser Escape Sequence Stack Buffer Overflow Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50421<br /><br />eFront 'professor.php' Script Multiple SQL Injection Vulnerabilities<br />http://www.securityfocus.com/bid/50419<br /><br />Empathy 'nickname' Field 'me-type' Event Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50418<br /><br />Linux Kernel Network Bridge NULL Pointer Dereference Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50417<br /><br />Tor Directory Remote Information Disclosure Vulnerability Bridge Enumeration Weaknesses<br />http://www.securityfocus.com/bid/50414<br /><br />FFFTP Insecure Excutable File Loading Arbitrary Code Execution Vulnerability<br />http://www.securityfocus.com/bid/50412<br /><br />Touhou Hisouten Unspecified Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50411<br /><br />IBM Lotus Sametime Configuration Servlet Authentication Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/50410<br /><br />bzexe '/tmp/$prog' Insecure Temporary File Creation Vulnerability<br />http://www.securityfocus.com/bid/50409<br /><br />Serendipity Karma Plugin Unspecified Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50408<br /><br />BackupPC 'index.cgi' Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50406<br /><br />D-Link Multiple Products Unspecified Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50405<br /><div><br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/271993289796750713-2113136406353274834?l=isneophyte.blogspot.com' alt='' /></div>Bouno Tokyonoreply@blogger.com0tag:blogger.com,1999:blog-271993289796750713.post-36917680506823824002011-10-28T09:48:00.002+09:002011-10-28T16:30:13.340+09:00<br />Trend Micro Mobile Security 7.0 Critical Patch 公開のお知らせ<br />http://www.trendmicro.co.jp/support/news.asp?id=1672<br /><br />VMSA-2011-0013: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX<br />http://www.vmware.com/security/advisories/VMSA-2011-0013.html<br /><br />UPDATE: HS11-019: DoS Vulnerability in Hitachi Web Server<br />http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-019/index.html<br /><br />UPDATE: HS11-019: Hitachi Web ServerにおけるRangeヘッダによるDoS脆弱性<br />http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-019/index.html<br /><br />プレス発表<br />複数のD-Link製品におけるセキュリティ上の弱点（脆弱性）の注意喚起<br />http://www.ipa.go.jp/about/press/20111028.html<br /><br />JVNVU#402731 Enspire eClient に SQL インジェクションの脆弱性<br />http://jvn.jp/cert/JVNVU402731/index.html<br /><br />JVN#50227837 東方緋想天におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvn.jp/jp/JVN50227837/index.html<br /><br />JVN#72640744 複数の D-Link 製品におけるバッファオーバーフローの脆弱性<br />http://jvn.jp/jp/JVN72640744/index.html<br /><br />JVN#62336482 FFFTP における実行ファイル読み込みに関する脆弱性<br />http://jvn.jp/jp/JVN62336482/index.html<br /><br />JVNDB-2011-000089 東方緋想天におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000089.html<br /><br />JVNDB-2011-000092 複数の D-Link 製品におけるバッファオーバーフローの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000092.html<br /><br />JVNDB-2011-000091 FFFTP における実行ファイル読み込みに関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000091.html<br /><br />JVNDB-2011-002597 Cisco CiscoWorks Common Services の Home Page コンポーネントにおける任意のコマンドを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002597.html<br /><br />JVNDB-2011-002596 Cisco Show and Share における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002596.html<br /><br />JVNDB-2011-002595 Cisco Show and Share における複数の管理者用ページにアクセスされる脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002595.html<br /><br />JVNDB-2011-002594 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002594.html<br /><br />JVNDB-2011-002593 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002593.html<br /><br />JVNDB-2011-002592 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002592.html<br /><br />JVNDB-2011-002591 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002591.html<br /><br />JVNDB-2011-002590 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002590.html<br /><br />JVNDB-2011-002589 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002589.html<br /><br />JVNDB-2011-002588 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002588.html<br /><br />JVNDB-2011-002587 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002587.html<br /><br />JVNDB-2011-002586 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002586.html<br /><br />JVNDB-2011-002585 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002585.html<br /><br />JVNDB-2011-002584 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002584.html<br /><br />JVNDB-2011-002583 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002583.html<br /><br />JVNDB-2011-002582 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002582.html<br /><br />JVNDB-2011-002581 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002581.html<br /><br />JVNDB-2011-002580 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002580.html<br /><br />JVNDB-2011-002579 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002579.html<br /><br />JVNDB-2011-002578 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002578.html<br /><br />JVNDB-2011-002577 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002577.html<br /><br />JVNDB-2011-002576 Windows 上で稼働する Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002576.html<br /><br />Critical Control 19: Data Recovery Capability<br />http://isc.sans.edu/diary.html?storyid=11905<br /><br />Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities<br />http://www.securityfocus.com/bid/36377<br /><div><br /></div><br /><br /><br /><br />+ HPSBUX02719 SSRT100658 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)<br />https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&amp;javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03070783%25257CdocLocale%25253Dja_JP&amp;javax.portlet.begCacheTok=com.vignette.cachetoken&amp;javax.portlet.endCacheTok=com.vignette.cachetoken<br />対象名：HP-UX B.11.11/11.23<br /><br />UPDATE: HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges<br />https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&amp;javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03057703%25257CdocLocale%25253Dja_JP&amp;javax.portlet.begCacheTok=com.vignette.cachetoken&amp;javax.portlet.endCacheTok=com.vignette.cachetoken<br /><br />「マニュアル」のGR4000/GS4000/GS3000マニュアル訂正資料(Ver.10-10-/K対応)を更新しました。<br />http://www.hitachi.co.jp/Prod/comp/network/manual/manualtop.html<br /><br />ウェブルートがセキュリティソフトの新版などを展示会に出展<br />http://itpro.nikkeibp.co.jp/article/NEWS/20111027/371598/?ST=security<br /><br />シマンテック、約2週間で社内のボットネットを洗い出すサービスを発表<br />http://itpro.nikkeibp.co.jp/article/NEWS/20111027/371549/?ST=security<br /><br />JVNDB-2011-002575 FreeBSD の "linux emulation" サポートにおけるバッファオーバーフローの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002575.html<br /><br />JVNDB-2011-002574 IBM DB2 Express Edition の FreeBSD の db2rspgn における権限を取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002574.html<br /><br />JVNDB-2011-002573 QNX Neutrino RTOS の runtime linker におけるファイルを上書きされる脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002573.html<br /><br />JVNDB-2011-002572 Oracle Solaris における Remote Quota Server の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002572.html<br /><br />JVNDB-2011-002571 Oracle OpenSSO における認証の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002571.html<br /><br />JVNDB-2011-002570 Oracle Sun Products Suite の Oracle Communications Unified コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002570.html<br /><br />JVNDB-2011-002569 Oracle OpenSSO における認証の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002569.html<br /><br />JVNDB-2011-002568 Oracle Sun Products Suite の Oracle Communications Unified コンポーネントおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002568.html<br /><br />JVNDB-2011-002567 Oracle Sun Products Suite の Oracle Waveset コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002567.html<br /><br />JVNDB-2011-002566 Oracle Solaris 11 Express における iSCSI DataMover の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002566.html<br /><br />JVNDB-2011-002565 racle Solaris における Kernel/Performance Counter BackEnd Module の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002565.html<br /><br />JVNDB-2011-002564 Oracle Solaris における Process File System (procfs) の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002564.html<br /><br />JVNDB-2011-002563 Oracle Solaris における LDAP library の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002563.html<br /><br />JVNDB-2011-002562 Oracle Solaris における ZFS の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002562.html<br /><br />Critical Control 18: Incident Response Capabilities<br />http://isc.sans.edu/diary.html?storyid=11899<br /><br />Software Update Potpourri<br />http://isc.sans.edu/diary.html?storyid=11902<br /><br />Trend Micro InterScan Web Security Lets Local Users Gain Elevated Privileges<br />http://www.securitytracker.com/id/1026252<br /><br />Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code<br />http://www.securitytracker.com/id/1026251<br /><br />HP-UX Containers Lets Local Users Gain Elevated Privileges<br />http://www.securitytracker.com/id/1026250<br /><br />VU#402731: Enspire eClient SQL injection allows authentication bypass<br />http://www.kb.cert.org/vuls/id/402731<br /><br />SUSE update for puppet<br />http://secunia.com/advisories/46628/<br /><br />Debian update for torque<br />http://secunia.com/advisories/46577/<br /><br />HP-UX Containers Unspecified Privilege Escalation Vulnerability<br />http://secunia.com/advisories/46617/<br /><br />Red Hat update for openssl<br />http://secunia.com/advisories/46629/<br /><br />Gentoo update for squid<br />http://secunia.com/advisories/46604/<br /><br />Gentoo update for pure-ftpd<br />http://secunia.com/advisories/46603/<br /><br />Apple QuickTime Multiple Vulnerabilities<br />http://secunia.com/advisories/46618/<br /><br />HP Network Node Manager i JMX Console Security Bypass Security Issue<br />http://secunia.com/advisories/46627/<br /><br />Libxml2 Two XSLT Double Free Vulnerabilities<br />http://secunia.com/advisories/46632/<br /><br />SPIP Unspecified SQL Injection Vulnerability<br />http://secunia.com/advisories/46622/<br /><br />Winamp Multiple Vulnerabilities<br />http://secunia.com/advisories/45279/<br /><br />Cisco Multiple Products Directory Traversal Vulnerability<br />http://secunia.com/advisories/46600/<br /><br />Trend Micro InterScan Web Security Suite "patchCmd" Privilege Escalation Vulnerability<br />http://secunia.com/advisories/46610/<br /><br />Cisco WebEx Player WRF File Processing Vulnerabilities<br />http://secunia.com/advisories/46607/<br /><br />Oracle Solaris Vino Framebuffer Update Handling Denial of Service Vulnerability<br />http://secunia.com/advisories/46619/<br /><br />Joomla! YJ Contact Us Component "view" Local File Inclusion Vulnerability<br />http://secunia.com/advisories/46588/<br /><br />Fedora update for radvd<br />http://secunia.com/advisories/46626/<br /><br />Online Subtitles Workshop "comment" Script Insertion Vulnerability<br />http://secunia.com/advisories/46616/<br /><br />Drupal Organic groups Module Security Bypass Vulnerability<br />http://secunia.com/advisories/46623/<br /><br />Cisco Video Surveillance IP Cameras RTSP TCP Packets Processing Denial of Service<br />http://secunia.com/advisories/46612/<br /><br />Cisco Video Surveillance IP Cameras RTSP TCP Packets Processing Denial of Service<br />http://secunia.com/advisories/46611/<br /><br />OpenLDAP "UTF8StringNormalize()" Off-by-One Denial of Service Vulnerability<br />http://secunia.com/advisories/46599/<br /><br />Cisco Security Agent Outside In Technology File Processing Vulnerabilities<br />http://secunia.com/advisories/46631/<br /><br />Novell iPrint Client "GetDriverSettings()" Buffer Overflow Vulnerability<br />http://secunia.com/advisories/46606/<br /><br />Winamp Data Processing Multiple Heap and Integer Overflow Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2238.php<br /><br />HP-UX Containers Local Unauthorized Access and Privilege Escalation<br />http://www.vupen.com/english/ADV-2011-2237.php<br /><br />Oracle Sun Solaris Vino GNOME Desktop Sharing Server Denial of Service<br />http://www.vupen.com/english/ADV-2011-2236.php<br /><br />OpenLDAP "UTF8StringNormalize()" Remote Off-by-one Buffer Overflow<br />http://www.vupen.com/english/ADV-2011-2235.php<br /><br />Cisco WebEx Player WRF and ATAS32 Buffer Overflow Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2234.php<br /><br />Cisco Security Agent Outside-In Remote Code Execution Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2233.php<br /><br />Cisco Video Surveillance IP Cameras Denial of Service Vulnerability<br />http://www.vupen.com/english/ADV-2011-2232.php<br /><br />Cisco Unified Contact Center Express Directory Traversal Vulnerability<br />http://www.vupen.com/english/ADV-2011-2231.php<br /><br />Organic Groups for Drupal Access Bypass Remote Unauthorized Access<br />http://www.vupen.com/english/ADV-2011-2230.php<br /><br />Apple QuickTime Multiple Code Execution and Information Disclosure<br />http://www.vupen.com/english/ADV-2011-2229.php<br /><br />Apple QuickTime Prior To 7.7.1 Pict File Handling Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50399<br /><br />RETIRED: Apple QuickTime Prior To 7.7.1 Multiple Arbitrary Code Execution Vulnerabilities<br />http://www.securityfocus.com/bid/50388<br /><br />Apple Mac OS X FLIC Files CVE-2011-3223 Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50101<br /><br />Apple QuickTime CVE-2011-3221 Movie File Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/50131<br /><br />Apple QuickTime Prior To 7.7.1 TKHD Atoms Handling Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/50403<br /><br />phpScheduleIt 'reserve.php' Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/31520<br /><br />Apple Mac OS X FlashPix Files CVE-2011-3222 Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50100<br /><br />Apple Mac OS X QuickTime Player CVE-2011-3228 Multiple Memory Corruption Vulnerabilities<br />http://www.securityfocus.com/bid/50127<br /><br />Apple Mac OS X QuickTime 'Save for Web' Feature HTML Injection Vulnerability<br />http://www.securityfocus.com/bid/50122<br /><br />Apple Mac OS X CoreMedia H.264 Encoded Movie Files Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50068<br /><br />Apple QuickTime CVE-2011-3220 Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/50130<br /><br />X.Org X11 File Read Permission Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/50196<br /><br />X.Org X11 Local Privilege Escalation Vulnerability and Memory Leak Vulnerability<br />http://www.securityfocus.com/bid/50002<br /><br />OpenSSL Internal Certificate Verification Routine Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/49469<br /><br />Linux Kernel GHASH Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50366<br /><br />torque 'job name' Argument Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/48374<br /><br />Vino Framebuffer Request Processing Multiple Remote Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/47681<br /><br />Mozilla Firefox RegExp Remote Integer Underflow Vulnerability<br />http://www.securityfocus.com/bid/49809<br /><br />libxml2 'XPATH' Expressions Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/45617<br /><br />Apple QuickTime Prior To 7.7.1 'Flic' Movie File Handling Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50404<br /><br />RoundCube Webmail Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50402<br /><br />Apple QuickTime Prior To 7.7.1 Movie File Handling Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50401<br /><br />Apple QuickTime Prior To 7.7.1 Movie File Handling Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/50400<br /><br />Enspire eClient Unspecified SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50398<br /><br />HP-UX Containers Unspecified Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/50396<br /><br />radvd Multiple Local and Remote Vulnerabilities<br />http://www.securityfocus.com/bid/50395<br /><br />Toshiba e-Studio Devices Password Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/50392<br /><br />eFront 3.6.10 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/50391<br /><br />SPIP Versions Prior to 1.9.2k Unspecified SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50390<br /><br />WordPress WPtouch Plugin 'ajax.php' SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50389<br /><div><br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/271993289796750713-3691768050682382400?l=isneophyte.blogspot.com' alt='' /></div>Bouno Tokyonoreply@blogger.com0tag:blogger.com,1999:blog-271993289796750713.post-92017555437897144262011-10-27T13:12:00.000+09:002011-10-27T13:12:21.760+09:00<br /><pre wrap="">About the security content of QuickTime 7.7.1</pre><pre wrap=""><a class="moz-txt-link-freetext" href="http://support.apple.com/kb/HT5016">http://support.apple.com/kb/HT5016</a><br /></pre><pre wrap=""><br /></pre><pre wrap="">上記 URL の QuickTime 7.7.1 のセキュリティアップデートの翻訳</pre><pre wrap=""><br /></pre><pre wrap=""><pre wrap="">1) QuickTime<br />　QuickTime が H.264 エンコードされた動画ファイルを取り扱う際にバッファオーバーフローが発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3219)<br /><br />2) QuickTime<br />　QuickTime が動画ファイルの URL データハンドラを取り扱う際に初期化されてないメモリへアクセスすることが原因で、メモリ上のコンテンツを取得される脆弱性。(CVE-2011-3220)<br /><br />3) QuickTime<br />　QuickTime が動画ファイルの atom 階層を取り扱う際に実装上の欠陥が存在することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-20113221)<br /><br />4) QuickTime<br />　QuickTime Player の "Save for Web" にクロスサイトスクリプティングの欠陥が存在することが原因で、ローカルドメインからスクリプトを注入される脆弱性。(CVE-2011-3218)<br /><br />5) QuickTime<br />　QuickTime が FlashPix ファイルを取り扱う際にバッファオーバーフローが発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3222)<br /><br />6) QuickTime<br />　QuickTime が FLIC ファイルを取り扱う際にバッファオーバーフローが発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3223)<br /><br />7) QuickTime<br />　QuickTime が動画ファイルを取り扱う際に複数のメモリ破壊が発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3228)<br /><br />8) QuickTime<br />　PICT ファイルの取り扱いにおいて整数オーバーフローが発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3247)<br /><br />9) QuickTime<br />　QuickTime の動画ファイルに埋め込まれたフォントテーブルの取り扱いにおいて署名問題が存在することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3248)<br /><br />10) QuickTime<br />　FLC エンコードされた動画ファイルの取り扱いにおいてバッファオーバーフローが発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3249)<br /><br />11) QuickTime<br />　JPEG2000 エンコードされた動画ファイルの取り扱いにおいて整数オーバーフローが発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3250)<br /><br />12) QuickTime<br />　QuickTime の動画ファイル内の TKHD atom の取り扱いにおいてメモリ破壊が発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3251)<br /></pre><pre wrap=""><br /></pre><pre wrap=""><br /></pre></pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/271993289796750713-9201755543789714426?l=isneophyte.blogspot.com' alt='' /></div>Bouno Tokyonoreply@blogger.com0tag:blogger.com,1999:blog-271993289796750713.post-31711829317791580132011-10-27T11:06:00.000+09:002011-10-27T16:31:14.900+09:00<br />Lotus Notes の一太郎ファイルビューアーにおけるバッファーオーバーフローの潜在的な脆弱性の問題<br />http://www-06.ibm.com/ibm/jp/security/info/lotus/si20111025a.html<br /><br />JVNVU#784211 Apple Quicktime における複数の脆弱性に対するアップデート<br />http://jvn.jp/cert/JVNVU784211/index.html<br /><br />JVNDB-2011-002561 Oracle Supply Chain Products Suite の Oracle Agile Product Supplier Collaboration for Process コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002561.html<br /><br />JVNDB-2011-002560 Oracle Industry Applications の Health Sciences - Oracle Thesaurus Management System コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002560.html<br /><br />JVNDB-2011-002559 Oracle Industry Applications の Health Sciences - Oracle Clinical、Remote Data Capture における脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002559.html<br /><br />JVNDB-2011-002558 Oracle Virtualization の Sun Ray コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002558.html<br /><br />JVNDB-2011-002557 Oracle Linux の Oracle Validated 処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002557.html<br /><br />JVNDB-2011-002556 複数の Oracle Sun 製品における Integrated Lights Out Manager CLI の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002556.html<br /><br />JVNDB-2011-002555 Oracle PeopleSoft Enterprise HRMS における JPM の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002555.html<br /><br />JVNDB-2011-002554 Oracle PeopleSoft Enterprise HRMS における Talent Acquisition Manager の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002554.html<br /><br />JVNDB-2011-002553 Oracle PeopleSoft Enterprise HRMS における Candidate Gateway の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002553.html<br /><br />JVNDB-2011-002552 Oracle PeopleSoft Enterprise PeopleTools におけるセキュリティの処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002529.html<br /><br />JVNDB-2011-002551 Oracle PeopleSoft Enterprise PeopleTools における Personalization の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002551.html<br /><br />JVNDB-2011-002550 Oracle PeopleSoft Enterprise HRMS における eDevelopment の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002550.html<br /><br />JVNDB-2011-002549 Oracle PeopleSoft Enterprise HRMS における eProfile の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025549.html<br /><br />JVNDB-2011-002548 Oracle Siebel CRM の Siebel Core - UIF Server コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025548.html<br /><br />JVNDB-2011-002547 Oracle Siebel CRM の Siebel Core - UIF Client コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025547.html<br /><br />JVNDB-2011-002546 Oracle Siebel CRM の Siebel Apps - Marketing コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025546.html<br /><br />JVNDB-2011-002545 Oracle Solaris における Zone の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025545.html<br /><br />JVNDB-2011-002544 Oracle Solaris における Kernel/Filesystem の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025544.html<br /><br />JVNDB-2011-002543 Oracle Solaris における DTrace Software Library の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025543.html<br /><br />JVNDB-2011-002542 Oracle Solaris における Network Status Monitor の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025542.html<br /><br />JVNDB-2011-002541 Oracle Solaris における ZFS の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025541.html<br /><br />JVNDB-2011-002540 Oracle Solaris における ZFS の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025540.html<br /><br />JVNDB-2011-002539 Oracle Solaris における libnsl の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025539.html<br /><br />JVNDB-2011-002538 Oracle Solaris における xscreensaver の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025538.html<br /><br />JVNDB-2011-002537 Oracle Solaris における ZFS の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025537.html<br /><br />JVNDB-2011-002536 Oracle Sun Products Suite の複数の製品における Web Container の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025536.html<br /><br />JVNDB-2011-002535 Oracle Database Server の Application Express コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025535.html<br /><br />JVNDB-2011-002534 Oracle Database Server の Core RDBMS コンポーネントおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025534.html<br /><br />JVNDB-2011-002533 Oracle Database Server の Database Vault コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025533.html<br /><br />JVNDB-2011-002532 Oracle Database Server の Database Vault コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025532.html<br /><br />JVNDB-2011-002531 Oracle Database Server の Oracle Text コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025531.html<br /><br />JVNDB-2011-002530 Oracle E-Business Suite の Oracle Applications Framework コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025530.html<br /><br />JVNDB-2011-002529 Oracle E-Business Suite の Oracle Application Object Library コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025529.html<br /><br />JVNDB-2011-002528 Oracle E-Business Suite の Oracle Application Object Library コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025528.html<br /><br />JVNDB-2011-002527 Oracle E-Business Suite の Oracle Application Object Library コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025527.html<br /><br />JVNDB-2011-002526 Oracle E-Business Suite の Oracle Application Object Library コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025526.html<br /><br />JVNDB-2011-002525 Oracle Fusion Middleware の Oracle Outside In Technology コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025525.html<br /><br />JVNDB-2011-002524 Oracle Fusion Middleware の Oracle Web Services Manager コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025524.html<br /><br />JVNDB-2011-002523 Oracle Fusion Middleware の Oracle Business Intelligence Enterprise Edition コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025523.html<br /><br />JVNDB-2011-002522 Oracle WebLogic Server における Web Services の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025522.html<br /><br />JVNDB-2011-002521 Oracle WebLogic Server における JMS の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025521.html<br /><br />JVNDB-2011-002520 Oracle WebLogic Server における WLS Security の処理に関する脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025520.html<br /><br />JVNDB-2011-002519 Oracle Fusion Middleware の Oracle Containers for J2EE コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025519.html<br /><br />JVNDB-2011-002518 Oracle Fusion Middleware の Oracle WebLogic Portal コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025158.html<br /><br />JVNDB-2011-002517 Oracle Fusion Middleware の Oracle Web Services Manager コンポーネントにおける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025157.html<br /><br />Critical Control 17:Penetration Tests and Red Team Exercises<br />http://isc.sans.edu/diary.html?storyid=11887<br /><br />Mozilla Firefox RegExp Remote Integer Underflow Vulnerability<br />http://www.securityfocus.com/bid/49809<br /><br />libxml2 'XPATH' Expressions Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/45617<br /><div><br /></div><br /><br /><br /><br />+- HPSBUX02715 SSRT100623 rev.1 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges<br />https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&amp;javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03057703%25257CdocLocale%25253Dja_JP&amp;javax.portlet.begCacheTok=com.vignette.cachetoken&amp;javax.portlet.endCacheTok=com.vignette.cachetoken<br /><br />+ GCC 4.6.2 released<br />http://gcc.gnu.org/gcc-4.6/<br /><br />+ SA46591: Linux Kernel XFS "xfs_readlink()" Buffer Overflow Vulnerability<br />http://secunia.com/advisories/46591/<br />http://www.securityfocus.com/bid/50370<br /><br />+ SA46584: Linux Kernel ghash NULL Pointer Dereference Vulnerability<br />http://secunia.com/advisories/46584/<br />http://www.securityfocus.com/bid/50366<br /><br />+ OpenLDAP 'UTF8StringNormalize()' Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50384<br /><br />++ Cisco IOS Fingerprinting ICMPv6 Echo Request Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/50379<br /><br />++ Cisco IOS 'ethernet-lldp' Component Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50377<br /><br />++ Cisco IOS dot1x Port Handling Multiple Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/50375<br /><br />- HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information<br />https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&amp;javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03057508%25257CdocLocale%25253Dja_JP&amp;javax.portlet.begCacheTok=com.vignette.cachetoken&amp;javax.portlet.endCacheTok=com.vignette.cachetoken<br /><br />- Multiple Denial of Service vulnerabilities in Vino GNOME desktop sharing server<br />http://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities<br /><br />[ANNOUNCE] Apache Archiva 1.4-M1 Released!<br />http://archiva.apache.org/docs/1.4-M1/release-notes.html<br /><br />[ANNOUNCE] Apache Derby 10.8.2.2 released<br />http://db.apache.org/derby/derby_downloads.html<br /><br />RHSA-2011:1409<span class="Apple-tab-span" style="white-space: pre;"> </span>Moderate: openssl security update<br />http://rhn.redhat.com/errata/RHSA-2011-1409.html<br /><br />About the security content of QuickTime 7.7.1<br />http://support.apple.com/kb/HT5016<br /><br />Google Chrome 15.0.874.106 released<br />http://googlechromereleases.blogspot.com/2011/10/stable-channel-update_26.html<br /><br />CESA-2011:1402 (freetype)<br />http://lwn.net/Alerts/464550/<br /><br />HPSBUX02702 SSRT100606 rev.5 - HP-UX Apache Web Server, Remote Denial of Service (DoS)<br />https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&amp;javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c02997184%25257CdocLocale%25253Dja_JP&amp;javax.portlet.begCacheTok=com.vignette.cachetoken&amp;javax.portlet.endCacheTok=com.vignette.cachetoken<br /><br />PHP 5.4 beta2 released<br />http://www.php.net/archive/2011.php#id-1<br /><br />ZDI-11-302 : Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerabil<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00173.html<br /><br />ZDI-11-301 : Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00172.html<br /><br />ZDI-11-300 : Adobe Reader U3D PICT 10h Encoding Remote Code Execution Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00171.html<br /><br />ZDI-11-299 : Adobe Reader PICT Parsing Remote Code Execution Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00170.html<br /><br />ZDI-11-298 : Adobe Reader U3D IFF RGBA Parsing Remote Code Execution Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00169.html<br /><br />ZDI-11-297 : Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00168.html<br /><br />ZDI-11-296 : Adobe Reader BMP Image RLE Decoding Remote Code Execution Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00166.html<br /><br />Cisco Security Advisory: Cisco Security Agent Remote Code Execution Vulnerabilities<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00167.html<br /><br />Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00165.html<br /><br />Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00164.html<br /><br />Cisco Security Advisory: Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00163.html<br /><br />Cisco Security Advisory: Cisco Unified Communications Manager Directory Traversal Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00162.html<br /><br />[security bulletin] HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-U<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00161.html<br /><br />Path disclosure in SPIP<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00160.html<br /><br />[ GLSA 201110-23 ] Apache mod_authnz_external: SQL injection<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00159.html<br /><br />Androidを狙う新手口、アプリをアップデートするとウイルスに<br />エフセキュアが報告、インストール時に追加のアクセス許可<br />http://itpro.nikkeibp.co.jp/article/NEWS/20111027/371504/?ST=security<br /><br />衆院事務局がウイルス感染問題で初会合、「報道でサイバー攻撃の可能性を認識」<br />http://itpro.nikkeibp.co.jp/article/NEWS/20111027/371481/?ST=security<br /><br />Cisco Video Surveillance IP Cameras RTSP Processing Flaw Lets Remote Users Deny Service<br />http://www.securitytracker.com/id/1026248<br /><br />Cisco WebEx Player Buffer Overflows Let Remote Users Execute Arbitrary Code<br />http://www.securitytracker.com/id/1026244<br /><br />Cisco Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files<br />http://www.securitytracker.com/id/1026243<br /><br />Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code<br />http://www.securitytracker.com/id/1026242<br /><br />WordPress BackWPUp Remote Code Execution Vulnerability<br />http://www.securiteam.com/securitynews/6U03G1P2UA.html<br /><br />Linux Kernel XFS "xfs_readlink()" Buffer Overflow Vulnerability<br />http://secunia.com/advisories/46591/<br /><br />WordPress NextGEN Gallery Plugin Cross-Site Scripting and Request Forgery Vulnerabilities<br />http://secunia.com/advisories/46602/<br /><br />phpMyFAQ Code Injection Vulnerability<br />http://secunia.com/advisories/46582/<br /><br />Ubuntu update for linux-ti-omap4<br />http://secunia.com/advisories/46571/<br /><br />Ubuntu update for linux<br />http://secunia.com/advisories/46585/<br /><br />Ubuntu update for linux-mvl-dove<br />http://secunia.com/advisories/46587/<br /><br />Ubuntu update for linux-ec2<br />http://secunia.com/advisories/46589/<br /><br />Ubuntu update for linux<br />http://secunia.com/advisories/46590/<br /><br />Ubuntu update for linux-lts-backport-maverick<br />http://secunia.com/advisories/46595/<br /><br />Ubuntu update for linux-fsl-imx51<br />http://secunia.com/advisories/46598/<br /><br />Ubuntu update for nova<br />http://secunia.com/advisories/46597/<br /><br />Google Chrome Multiple Vulnerabilities<br />http://secunia.com/advisories/46594/<br /><br />OpenStack Compute (Nova) "EC2_SECRET_KEY" Credentials Disclosure Weakness<br />http://secunia.com/advisories/46576/<br /><br />SUSE update for hplip<br />http://secunia.com/advisories/46593/<br /><br />Linux Kernel ghash NULL Pointer Dereference Vulnerability<br />http://secunia.com/advisories/46584/<br /><br />Ubuntu update for kde4libs<br />http://secunia.com/advisories/46592/<br /><br />Gentoo update for mod_authnz_external<br />http://secunia.com/advisories/46581/<br /><br />IBM WebSphere ILOG Rule Team Server Unspecified Cross-Site Scripting Vulnerability<br />http://secunia.com/advisories/46574/<br /><br />HP Network Node Manager i (NNMi) Remote Information Disclosure<br />http://www.vupen.com/english/ADV-2011-2228.php<br /><br />IBM WebSphere ILOG Rule Team Server Cross Site Scripting Vulnerability<br />http://www.vupen.com/english/ADV-2011-2227.php<br /><br />phpMyFAQ ImageManager Library Remote PHP Code Injection Vulnerability<br />http://www.vupen.com/english/ADV-2011-2226.php<br /><br />Google Chrome Multiple Memory Corruption and Information Disclosure<br />http://www.vupen.com/english/ADV-2011-2225.php<br /><br />Novell iPrint Client for Windows Activex Remote Code Execution Vulnerability<br />http://www.vupen.com/english/ADV-2011-2224.php<br /><br />Novell ZENworks 7 Handheld Management Directory Traversal Vulnerability<br />http://www.vupen.com/english/ADV-2011-2223.php<br /><br />Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/49279<br /><br />libxml2 'XPATH' Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/44779<br /><br />libxml2 Invalid XPath Multiple Memory Corruption Vulnerabilities<br />http://www.securityfocus.com/bid/48056<br /><br />Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/49658<br /><br />GNU libc glob(3) 'pattern' Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47671<br /><br />Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability<br />http://www.securityfocus.com/bid/46767<br /><br />Squid 'DNS' Reply Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/42645<br /><br />Squid Web Proxy Cache HTCP Request Processing Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/38212<br /><br />Squid Web Proxy Cache Authentication Header Parsing Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/36091<br /><br />Squid Proxy String Processing NULL Pointer Dereference Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/42982<br /><br />Squid Header-Only Packets Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/37522<br /><br />Squid Proxy Gopher Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49356<br /><br />Squid Multiple Remote Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/35812<br /><br />Cisco WebEx WRF and ATAS32 File Format Multiple Remote Buffer Overflow Vulnerabilities<br />http://www.securityfocus.com/bid/50373<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey CVE-2011-3000 HTTP Response Splitting Vulnerability<br />http://www.securityfocus.com/bid/49849<br /><br />Mozilla Firefox CVE-2011-2995 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49810<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey Enter Key Dialog Bypass Weakness<br />http://www.securityfocus.com/bid/49811<br /><br />Mozilla Firefox/SeaMonkey/Thunderbird CVE-2011-2999 Cross Domain Scripting Vulnerability<br />http://www.securityfocus.com/bid/49848<br /><br />Adobe Acrobat and Reader CVE-2011-2441 Multiple Remote Stack Buffer Overflow Vulnerabilities<br />http://www.securityfocus.com/bid/49581<br /><br />Novell iPrint Client 'nipplib.dll' Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/50367<br /><br />X.Org X11 Local Privilege Escalation Vulnerability and Memory Leak Vulnerability<br />http://www.securityfocus.com/bid/50002<br /><br />Oracle Java SE CVE-2011-3545 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50220<br /><br />Oracle Java SE CVE-2011-3521 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50215<br /><br />Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/50218<br /><br />Adobe Acrobat and Reader CVE-2011-2436 Remote Heap Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49578<br /><br />Apple iTunes CoreAudio (CVE-2011-3252) Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50065<br /><br />Apple Mac OS X CoreMedia H.264 Encoded Movie Files Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50068<br /><br />OpenSSL Internal Certificate Verification Routine Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/49469<br /><br />Red Hat Linux Kernel CVE-2011-3347 VLAN Packets Handling Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50312<br /><br />Red Hat Linux Kernel Ethernet Bridge Interface Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50313<br /><br />Linux Kernel TCP Sequence Number Generation Security Weakness<br />http://www.securityfocus.com/bid/49289<br /><br />Linux Kernel Generic Receive Offload (GRO) CVE-2011-2723 Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48929<br /><br />Adobe Acrobat and Reader CVE-2011-2433 Remote Heap Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49576<br /><br />Adobe Acrobat and Reader CVE-2011-2435 Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49575<br /><br />Adobe Acrobat and Reader U3D Tiff Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49572<br /><br />Adobe Acrobat and Reader CVE-2011-2434 Remote Heap Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49577<br /><br />Adobe Acrobat and Reader CVE-2011-2438 Multiple Remote Stack Buffer Overflow Vulnerabilities<br />http://www.securityfocus.com/bid/49580<br /><br />Adobe Acrobat and Reader CVE-2011-2437 Remote Heap Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49579<br /><br />Oracle Outside In Technology Microsoft CAB File Parsing Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/47437<br /><br />Oracle Outside In Technology Lotus 123 File Parsing Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/47435<br /><br />Retired: Microsoft Outlook Web Access Session Replay Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/50361<br /><br />IBM WebSphere ILOG Rule Team Server 'project' Parameter Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50056<br /><br />FreeType Font Document Multiple Memory Corruption Vulnerabilities<br />http://www.securityfocus.com/bid/50155<br /><br />KDE KSSL Common Name SSL Certificate Spoofing Vulnerability<br />http://www.securityfocus.com/bid/49925<br /><br />Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49534<br /><br />phpMyFAQ 'ajax_create_folder.php' Code Injection Vulnerability<br />http://www.securityfocus.com/bid/50385<br /><br />OpenLDAP 'UTF8StringNormalize()' Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50384<br /><br />NextGEN Gallery for WordPress Cross Site Scripting and Cross Site Request Forgery Vulnerabilities<br />http://www.securityfocus.com/bid/50383<br /><br />Online Subtitles Workshop 'video_comments.php' HTML Injection Vulnerability<br />http://www.securityfocus.com/bid/50382<br /><br />XAMPP Multiple Cross Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/50381<br /><br />Trendmicro IWSS 3.1 Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/50380<br /><br />Cisco IOS Fingerprinting ICMPv6 Echo Request Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/50379<br /><br />Cisco Adaptive Security Appliances (ASA) 5500 'platform-sw' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50378<br /><br />Cisco IOS 'ethernet-lldp' Component Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50377<br /><br />Cisco CiscoWorks Common Services Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/50376<br /><br />Cisco IOS dot1x Port Handling Multiple Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/50375<br /><br />PrestaShop Presta2PhpList Module 'list' SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50374<br /><br />Multiple Cisco Products (CVE-2011-3315) Directory Traversal Vulnerability<br />http://www.securityfocus.com/bid/50372<br /><br />Cisco Video Surveillance 2421, 2500, and 2600 Series IP Cameras Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50371<br /><br />Linux Kernel 'xfs_readlink()' Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/50370<br /><br />Novell ZENworks Handheld Management 'Common.dll' Directory Traversal Vulnerability<br />http://www.securityfocus.com/bid/50369<br /><br />IBM WebSphere ILOG Rule Team Server Unspecified Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50368<br /><br />Linux Kernel GHASH Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50366<br /><br />vtiger CRM 'index.php' Multiple Cross Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/50364<br /><br /><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/271993289796750713-3171182931779158013?l=isneophyte.blogspot.com' alt='' /></div>Bouno Tokyonoreply@blogger.com0tag:blogger.com,1999:blog-271993289796750713.post-15902784293452879272011-10-26T17:28:00.000+09:002011-10-26T17:28:03.344+09:00<br />+ Linux kernel 3.0.8 released<br />http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.8<br /><br />+ Important: freetype security update<br />http://rhn.redhat.com/errata/RHSA-2011-1402.html<br /><br />+ Sudo 1.7.8p1, 1.8.3p1 released<br />http://www.sudo.ws/sudo/stable.html#1.7.8p1<br />http://www.sudo.ws/sudo/stable.html#1.8.3p1<br /><br />- Linux Kernel 'net/can/raw.c' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47835<br /><br />- Linux Kernel 'bcm_release()' NULL Pointer Dereference Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47503<br /><br />? Linux Kernel 'perf' Utility Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/49140<br /><br />? Linux Kernel KSM Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48101<br /><br />Google Chrome 15.0.874.102 released<br />http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html<br /><br />SafeSyncモバイルクライアント バージョン1.3（iOS/Android）にログインできない現象について<br />http://www.trendmicro.co.jp/support/news.asp?id=1671<br /><br />zFtp Server &lt;= 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00155.html<br /><br />[ GLSA 201110-22 ] PostgreSQL: Multiple vulnerabilities<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00156.html<br /><br />[SECURITY] [DSA 2328-1] freetype security update<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00154.html<br /><br />[security bulletin] HPSBUX02700 SSRT100506 rev.2 - HP-UX running VEA, Remote Denial of Servi<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00153.html<br /><br />[ MDVSA-2011:161 ] postgresql<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00152.html<br /><br />[ GLSA 201110-21 ] Asterisk: Multiple vulnerabilities<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00151.html<br /><br />[SECURITY] [DSA 2327-1] libfcgi-perl security-update<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00150.html<br /><br />「DMで偽サイトに誘導」――Twitter悪用のフィッシングに注意<br />英ソフォスが報告、目的はパスワードの奪取<br />http://itpro.nikkeibp.co.jp/article/NEWS/20111026/371422/?ST=security<br /><br />テラス、SSHリモート操作を動画記録する監査証跡SaaSを開始<br />http://itpro.nikkeibp.co.jp/article/NEWS/20111025/371350/?ST=security<br /><br />JVNDB-2011-002516 Apple Mac OS X のオープンディレクトリにおけるパスワードデータを閲覧される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002516.html<br /><br />JVNDB-2011-002515 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002515.html<br /><br />JVNDB-2011-002514 Apple Mac OS X の libsecurity における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002514.html<br /><br />JVNDB-2011-002513 Apple Mac OS X のオープンディレクトリにおけるパスワード要求を回避される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002513.html<br /><br />JVNDB-2011-002512 Apple Mac OS X の SMB ファイルサーバコンポーネントにおける閲覧制限を回避される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002512.html<br /><br />JVNDB-2011-002511 Apple Mac OS X の User Documentation コンポーネントにおける任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002511.html<br /><br />JVNDB-2011-002510 Apple Mac OS X の QuickTime におけるバッファオーバーフローの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002510.html<br /><br />JVNDB-2011-002509 Apple Mac OS X の QuickTime におけるバッファオーバーフローの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002509.html<br /><br />JVNDB-2011-002508 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002508.html<br /><br />JVNDB-2011-002507 Apple Mac OS X の QuickTime における重要な情報を取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002507.html<br /><br />JVNDB-2011-002506 Django の CSRF 保護メカニズムにおける認証されずに偽造されたリクエストを誘発される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002506.html<br /><br />JVNDB-2011-002505 Django におけるキャッシュポイズニング攻撃を誘発される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002505.html<br /><br />JVNDB-2011-002504 Django の URLField 実装内にある verify_exists 機能における任意の GET リクエストを誘発される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002504.html<br /><br />JVNDB-2011-002503 Django の URLField 実装内にある verify_exists 機能におけるサービス運用妨害 (リソース消費) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002503.html<br /><br />JVNDB-2011-002502 Django の django.contrib.sessions におけるセッションを変更される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002502.html<br /><br />JVNDB-2011-002501 Cisco TelePresence Video Communication Servers の管理インターフェイスにおけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002501.html<br /><br />JVNDB-2011-002500 HP Data Protector における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002500.html<br /><br />JVNDB-2011-002499 HP Data Protector における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002499.html<br /><br />JVNDB-2011-002498 HP Data Protector における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002498.html<br /><br />JVNDB-2011-002497 HP Data Protector における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002497.html<br /><br />JVNDB-2011-002496 HP Data Protector における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002496.html<br /><br />JVNDB-2011-002495 HP Data Protector における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002495.html<br /><br />JVNDB-2011-002494 Apple Mac OS X の Application Firewall のデバッグログ機能における権限を取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002494.html<br /><br />JVNDB-2011-002493 Apple iOS および Apple TV のカーネルにおけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002493.html<br /><br />JVNDB-2011-002492 Apple iOS および Mac OS X の CFNetwork における重要な情報を取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002492.html<br /><br />JVNDB-2011-002491 Mac OS X 上で稼動する Apple Safari のプライベートブラウズ機能におけるユーザを追跡可能な脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002491.html<br /><br />JVNDB-2011-002490 Mac OS X 上で動作する Apple Safari の SSL 実装における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002490.html<br /><br />JVNDB-2011-002489 Mac OS X 上で動作する Apple Safari における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002489.html<br /><br />JVNDB-2011-002488 Apple Safari におけるディレクトリトラバーサルの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002488.html<br /><br />JVNDB-2011-002487 Apple Mac OS X の Apple Type Services (ATS) における整数符号エラーの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002487.html<br /><br />JVNDB-2011-002486 Apple Mac OS の Open Directory におけるパスワード変更の制限を回避される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002486.html<br /><br />Critical Control 17:Penetration Tests and Red Team Exercises<br />http://isc.sans.edu/diary.html?storyid=11887<br /><br />Recurring reporting made easy?<br />http://isc.sans.edu/diary.html?storyid=11884<br /><br />VMware ESXi and ESX updates to third party libraries and ESX Service Console<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8480<br /><br />HP MFP Digital Sending Software Running on Window Local Information Disclosure<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8479<br /><br />astersik open source 1.8.7 Remote crash vulnerability<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8478<br /><br />OCS Inventory NG 2.0.1 Persistent XSS<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8477<br /><br />ibm db2 9.7 Exploiting the linker<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8476<br /><br />Linux Kernel ext4 Extent Splitting Bug in ext4_ext_convert_to_initialized() Lets Local Users Deny Service<br />http://www.securitytracker.com/id/1026240<br /><br />Xen Buffer Overflow in SCSI Emulation Lets a Local Guest User Cause the Guest to Crash<br />http://www.securitytracker.com/id/1026238<br /><br />Cisco Network Registrar Default Credentials Vulnerability<br />http://www.securiteam.com/securitynews/6L03H1F2UE.html<br /><br />Cisco IOS XR Software IP Packet Vulnerability<br />http://www.securiteam.com/securitynews/6P03L1F2UU.html<br /><br />Cisco Media Experience Engine 5600 Default Credentials Vulnerability<br />http://www.securiteam.com/securitynews/6N03J1F2UM.html<br /><br />Cisco IOS XR Software SSHv1 Denial of Service Vulnerability<br />http://www.securiteam.com/securitynews/6K03G1F2UK.html<br /><br />Cisco Unified IP Phones 7900 Series Multiple Vulnerabilities<br />http://www.securiteam.com/securitynews/6M03I1F2UW.html<br /><br />Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability<br />http://www.securiteam.com/securitynews/6Q03M1F2UO.html<br /><br />Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities<br />http://www.securiteam.com/securitynews/6O03K1F2UC.html<br /><br />PrestaShop Presta2PhpList Module "list" SQL Injection Vulnerability<br />http://secunia.com/advisories/46531/<br /><br />Red Hat update for freetype<br />http://secunia.com/advisories/46596/<br /><br />McAfee Web Gateway Unspecified Cross-Site Scripting Vulnerability<br />http://secunia.com/advisories/46570/<br /><br />Gentoo update for postgresql<br />http://secunia.com/advisories/46568/<br /><br />Alcatel-Lucent OmniTouch 8400 Instant Communication Suite Multiple Vulnerabilities<br />http://secunia.com/advisories/46562/<br /><br />Alcatel-Lucent Business integrated Communication Solution Multiple Vulnerabilities<br />http://secunia.com/advisories/46565/<br /><br />Ubuntu update for puppet<br />http://secunia.com/advisories/46578/<br /><br />Zope Unspecified Vulnerability<br />http://secunia.com/advisories/46586/<br /><br />Novell Netware HTTP Server ByteRange Filter Denial of Service Vulnerability<br />http://secunia.com/advisories/46572/<br /><br />zFTPServer "CWD" Denial of Service Vulnerability<br />http://secunia.com/advisories/46559/<br /><br />Puppet "certdnsnames" Puppet Master Impersonation Vulnerability<br />http://secunia.com/advisories/46550/<br /><br />Wing FTP Server Unspecified Information Disclosure Vulnerability<br />http://secunia.com/advisories/46413/<br /><br />Wing FTP Server Unspecified Information Disclosure Vulnerability<br />http://secunia.com/advisories/46558/<br /><br />SUSE update for etherape<br />http://secunia.com/advisories/46567/<br /><br />SUSE update for fail2ban<br />http://secunia.com/advisories/46555/<br /><br />Alsbtain Bulletin "act" Local File Inclusion Vulnerability<br />http://secunia.com/advisories/46566/<br /><br />Gentoo update for asterisk<br />http://secunia.com/advisories/46548/<br /><br />Ubuntu update for pam<br />http://secunia.com/advisories/46580/<br /><br />Debian update for libfcgi-perl<br />http://secunia.com/advisories/46579/<br /><br />Debian update for pam<br />http://secunia.com/advisories/46549/<br /><br />Debian update for freetype<br />http://secunia.com/advisories/46544/<br /><br />SUSE update for cyrus-imapd<br />http://secunia.com/advisories/46347/<br /><br />SUSE update for opera<br />http://secunia.com/advisories/46552/<br /><br />PacketFence "p" and "destination_url" Cross-Site Scripting Vulnerabilities<br />http://secunia.com/advisories/46553/<br /><br />Red Hat update for xen<br />http://secunia.com/advisories/46554/<br /><br />SUSE update for clamav<br />http://secunia.com/advisories/46563/<br /><br />Novell NetWare Apache Requests Processing Remote Denial of Service<br />http://www.vupen.com/english/ADV-2011-2222.php<br /><br />Zope Security Update Fixes Unspecified Remote Vulnerability<br />http://www.vupen.com/english/ADV-2011-2221.php<br /><br />BlueZone Desktop Multiple Malformed files Local Denial of Service Vulnerabilities<br />http://www.exploit-db.com/exploits/18030<br /><br />Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49534<br /><br />FreeType Font Document Multiple Memory Corruption Vulnerabilities<br />http://www.securityfocus.com/bid/50155<br /><br />Linux Kernel SSID Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/48538<br /><br />Linux Kernel 'net/can/raw.c' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47835<br /><br />Apache 'mod_authnz_external' Module SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/48653<br /><br />Linux Kernel 'agp_allocate_memory/agp_create_user_memory' Local Privilege Escalation Vulnerabilities<br />http://www.securityfocus.com/bid/47535<br /><br />Linux Kernel 'next_pidmap()' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47497<br /><br />Linux Kernel 'bcm_release()' NULL Pointer Dereference Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47503<br /><br />GNU libc glob(3) 'GLOB_LIMIT' Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/43819<br /><br />Linux Kernel I/O-Warrior USB Device Heap Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/46069<br /><br />Linux Kernel 'fs/partitions/ldm.c' Buffer Overflow and Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/46512<br /><br />Linux Kernel 'agp_ioctl()' Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/47534<br /><br />Linux Kernel EFI Partition Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47343<br /><br />Linux Kernel Unix Socket Backlog Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/46637<br /><br />Linux Kernel Comedi Driver Local Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/49411<br /><br />Linux Kernel CIFS Mount Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49626<br /><br />Linux Kernel 'perf' Utility Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/49140<br /><br />Linux Kernel 'taskstats' Access Restriction Local Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/50314<br /><br />Linux Kernel 'fs/befs/linuxvfs.c' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49256<br /><br />Linux Kernel '/proc/PID/io' Local Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/49408<br /><br />Linux kernel l2cap Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/48472<br /><br />Red Hat Linux Kernel VLAN Packets Handling Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48907<br /><br />Linux Kernel 'inet_diag_bc_audit()' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48333<br /><br />Linux Kernel OOPS 'qdisc_dev()' Dereference Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48641<br /><br />Linux Kernel eCryptfs Multiple Vulnerabilities<br />http://www.securityfocus.com/bid/49108<br /><br />Linux Kernel IPv6 Fragment Identification Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48802<br /><br />Linux Kernel Generic Receive Offload (GRO) CVE-2011-2723 Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48929<br /><br />Linux Kernel TCP Sequence Number Generation Security Weakness<br />http://www.securityfocus.com/bid/49289<br /><br />Linux Kernel 'CIFSFindNext()' Function Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49295<br /><br />Linux Kernel KSM Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48101<br /><br />Linux Kernel EXT4 Extent Format File Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48697<br /><br />PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/37333<br /><br />Linux Kernel Validate 'map_count' Variable Local Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/46492<br /><br />PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/37973<br /><br />Linux Kernel 'inotify_init1()' Double Free Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47296<br /><br />Linux Kernel 'oops' on Reset NULL Pointer Dereference Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/46793<br /><br />Linux Kernel EFI Partition Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/47796<br /><br />Linux Kernel 'drivers/media/radio/si4713-i2c.c' Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/48804<br /><br />Linux Kernel 'mremap()' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47321<br /><br />Linux Kernel 'x25_parse_facilities()' Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/44642<br /><br />Linux Kernel NFS File Locking Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49141<br /><br />Linux Kernel SCTP INIT/INIT-ACK Chunk Length Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47308<br /><br />Perl Safe Module 'reval()' and 'rdo()' CVE-2010-1447 Restriction-Bypass Vulnerabilities<br />http://www.securityfocus.com/bid/40305<br /><br />PostgreSQL 'intarray' Module 'gettoken()' Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/46084<br /><br />PostgreSQL Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/40215<br /><br />PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/43747<br /><br />PostgreSQL 'RESET ALL' Unauthorized Access Vulnerability<br />http://www.securityfocus.com/bid/40304<br /><br />PostgreSQL Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/36314<br /><br />PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/34090<br /><br />PostgreSQL JOIN Hashtable Size Integer Overflow Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/38619<br /><br />PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/49241<br /><br />PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/37334<br /><br />QEMU 'scsi_disk_emulate_command()' Function Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49545<br /><br />Linux Kernel Netfilter 'ipt_CLUSTERIP.c' Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/46921<br /><br />Linux Kernel Acorn Econet Protocol Implementation Local Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/47990<br /><br />Red Hat Linux Kernel Ethernet Bridge Interface Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50313<br /><br />Linux Kernel 'clock_gettime()' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50311<br /><br />Red Hat Linux Kernel CVE-2011-3347 VLAN Packets Handling Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50312<br /><br />Xen DMA Requests IOMMU Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49146<br /><br />Linux Kernel Auerswald USB Device Driver Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/48687<br /><br />Python CGIHTTPServer Module Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/46541<br /><br />Linux Kernel 'taskstats.c' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48383<br /><br />Pango HarfBuzz Engine Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49723<br /><br />Linux Kernel CIFS Local Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/47381<br /><br />Linux Kernel 'drivers/char/tpm/tpm.c' Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/46866<br /><br />Opera Web Browser Tree Traversing Use-After-Free Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/50320<br /><br />Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/49303<br /><br />Perl Fast CGI Module CGI Variables Authentication Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/49549<br /><br />RETIRED: SAP Management Console OSExecute Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/50348<br /><br />phpLDAPadmin 'functions.php' Remote PHP Code Injection Vulnerability<br />http://www.securityfocus.com/bid/50331<br /><br />Joomla YJ Contact us Component 'view' Parameter Local File Include Vulnerability<br />http://www.securityfocus.com/bid/50362<br /><br />Microsoft Outlook Web Access Session Replay Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/50361<br /><br />Google Chrome Prior to 15.0.874.102 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/50360<br /><br />OpenStack Nova 'EC2_SECRET_KEY' Man In The Middle Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/50359<br /><br />Zope 2.12.20/2.13.6 and Prior Unspecified Security Vulnerability<br />http://www.securityfocus.com/bid/50357<br /><br />Puppet 'certdnsnames' Certificate Validation Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/50356<br /><br />Wing FTP Server Versions Prior to 4.0.1 Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/50355<br /><br />PacketFence Multiple Cross Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/50353<br /><br />BlueZone Desktop File Processing Multiple Remote Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/50352<br /><br />BlueZone Desktop '.ztf' File Processing Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50351<br /><br />Alsbtain Bulletin Multiple Local File Include Vulnerabilities<br />http://www.securityfocus.com/bid/50350<br /><br /><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/271993289796750713-1590278429345287927?l=isneophyte.blogspot.com' alt='' /></div>Bouno Tokyonoreply@blogger.com0tag:blogger.com,1999:blog-271993289796750713.post-6503996805273026992011-10-25T10:05:00.000+09:002011-10-25T16:32:06.981+09:00<br />+ Linux kernel 3.0.8 released<br />http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.8<br /><br />CESA-2011:1401 (xen)<br />http://lwn.net/Alerts/464281/<br /><br />ウイルスバスター 月額版 サーバメンテナンスのお知らせ（2011年11月1日）<br />http://www.trendmicro.co.jp/support/news.asp?id=1670<br /><br />JVNVU#659251 MIT Kerberos 5 KDC に複数の脆弱性<br />http://jvn.jp/cert/JVNVU659251/index.html<br /><br />JVN#80971236 WEB FORUM におけるクロスサイトスクリプティングの脆弱性<br />http://jvn.jp/jp/JVN80971236/index.html<br /><br />JVN#89764731 WEB FORUM におけるクロスサイトスクリプティングの脆弱性<br />http://jvn.jp/jp/JVN89764731/index.html<br /><br />JVN#36684331 WEB FORUM におけるクロスサイトスクリプティングの脆弱性<br />http://jvn.jp/jp/JVN36684331/index.html<br /><br />JVNDB-2011-002485 HP Data Protector における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002485.html<br /><br />JVNDB-2011-000082 WEB FORUM におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000082.html<br /><br />JVNDB-2011-000081 WEB FORUM におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000081.html<br /><br />JVNDB-2011-000080 WEB FORUM におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000080.html<br /><br />JVNDB-2011-002484 Apple Mac OS X の QuickTime Player におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002484.html<br /><br />JVNDB-2011-002483 Apple Mac OS X の MediaKit における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002483.html<br /><br />JVNDB-2011-002482 Apple Mac OS X の kernel におけるアクセス制限を回避される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002482.html<br /><br />JVNDB-2011-002481 Apple Mac OS X の kernel におけるアクセス制限を回避される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002481.html<br /><br />JVNDB-2011-002480 Apple Mac OS X の IOGraphics におけるパスワード要求を回避される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002480.html<br /><br />JVNDB-2011-002479 Apple Mac OS X の File Systems コンポーネントにおける WebDAV セッションをハイジャックされる脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002479.html<br /><br />JVNDB-2011-002478 Apple Mac OS X の CoreStorage における重要な情報を取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002478.html<br /><br />JVNDB-2011-002477 Apple Mac OS X の CoreProcesses コンポーネントにおけるアクセス制限を回避される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002477.html<br /><br />JVNDB-2011-002476 Apple Mac OS X の CFNetwork におけるユーザを追跡可能な脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002476.html<br /><br />JVNDB-2011-002475 Apple Mac OS X の Apple Type Services (ATS) におけるバッファオーバーフローの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002475.html<br /><br />JVNDB-2011-002474 pple Mac OS X の Apple Type Services (ATS) における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002474.html<br /><br />JVNDB-2011-002473 Apple Mac OS X の CoreMedia における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002473.html<br /><br />JVNDB-2011-002472 D-Link DCS-2121 カメラの /etc/rc.d/rc.local におけるシェルアクセスを取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002472.html<br /><br />JVNDB-2011-002471 D-Link DCS-2121 カメラの recorder_test.cgi における任意のコマンドを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002471.html<br /><br />JVNDB-2011-002470 Apple iOS の設定コンポーネントにおける重要な情報を取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002470.html<br /><br />JVNDB-2011-002469 Apple iOS の設定コンポーネントにおける詳細不明な影響を受ける脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002469.html<br /><br />JVNDB-2011-002468 Apple iOS のホームスクリーンコンポーネントにおける重要な状態情報を取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002468.html<br /><br />JVNDB-2011-002467 Apple iOS の UIKit アラートコンポーネントにおけるサービス運用妨害 (デバイスハング) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002467.html<br /><br />JVNDB-2011-002466 Apple iOS の WiFi コンポーネントにおける重要な情報を取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002466.html<br /><br />JVNDB-2011-002465 Apple iOS および Apple TV の Data Security コンポーネントにおける重要な情報を取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002465.html<br /><br />JVNDB-2011-002464 Apple iOS および Safari で使用される WebKit におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002464.html<br /><br />JVNDB-2011-002463 Apple iOS のキーボードコンポーネントにおける重要な情報を取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002463.html<br /><br />JVNDB-2011-002462 Apple iOS の CalDAV における重要な情報を取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002462.html<br /><br />JVNDB-2011-002461 Apple iOS のカレンダーにおけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002461.html<br /><br />JVNDB-2011-002460 Apple iOS の CFNetwork における重要な情報を取得される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002460.html<br /><br />JVNDB-2011-002459 Apple iOS の CoreGraphics の FreeType における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002459.html<br /><br />JVNDB-2011-002458 Apple iOS の Data Access コンポーネントにおけるアクセス制限を回避される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002458.html<br /><br />JVNDB-2011-002457 Apple iOS の OfficeImport におけるバッファオーバーフローの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002457.html<br /><br />JVNDB-2011-002456 Apple iOS の OfficeImport におけるメモリ二重解放の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002456.html<br /><br />JVNDB-2011-002455 OneOrZero AIMS に複数の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002455.html<br /><br />JVNDB-2011-002454 複数の Apple 製品で使用される WebKit におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002454.html<br /><br />JVNDB-2011-002453 複数の Apple 製品で使用される WebKit におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002453.html<br /><br />JVNDB-2011-002452 Apple iTunes で使用される CoreFoundation におけるサービス運用妨害 (DoS) の脆弱性<span class="Apple-tab-span" style="white-space: pre;"> </span>7.6<span class="Apple-tab-span" style="white-space: pre;"> </span>2011/10/12<span class="Apple-tab-span" style="white-space: pre;"> </span>2011/10/24<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002452.html<br /><br />SA46583 Linux-PAM "pam_env" Module Two Vulnerabilities<br />http://secunia.com/advisories/46583/<br /><div><br /></div><br /><br /><br /><br />+ Postfix stable release 2.8.6, 2.7.7, 2.6.13, 2.5.16<br />http://www.postfix.org/announcements/postfix-2.8.6.html<br />http://mirror.postfix.jp/postfix-release/official/postfix-2.8.6.HISTORY<br />http://mirror.postfix.jp/postfix-release/official/postfix-2.7.7.HISTORY<br />http://mirror.postfix.jp/postfix-release/official/postfix-2.6.13.HISTORY<br />http://mirror.postfix.jp/postfix-release/official/postfix-2.5.16.HISTORY<br /><br />+ Linux kernel 3.1 released<br />http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1<br /><br />- Moderate: xen security and bug fix update<br />http://rhn.redhat.com/errata/RHSA-2011-1401.html<br /><br />- libpng 'pngerror.c' Off-By-One Error Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/48474<br /><br />- Linux-PAM 'pam_env' Module Multiple Local Privilege Escalation Vulnerabilities<br />http://www.securityfocus.com/bid/50343<br /><br />[ANNOUNCEMENT] Apache Commons-DbUtils 1.4 released!<br />http://commons.apache.org/dbutils/download_dbutils.cgi<br /><br />[ANNOUNCE] Benetl, a free ETL tool for postgreSQL, out in version 3.8<br />http://www.benetl.net/<br /><br />UPDATE: HPSBUX02700 SSRT100506 rev.2 - HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code<br />https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&amp;javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c02962262%25257CdocLocale%25253Dja_JP&amp;javax.portlet.begCacheTok=com.vignette.cachetoken&amp;javax.portlet.endCacheTok=com.vignette.cachetoken<br /><br />Gentoo Linux : [GLSA 201110-20] Clam AntiVirus - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36941<br /><br />Mandriva : [MDVSA-2011:159] krb5 - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36942<br /><br />Mandriva : [MDVSA-2011:160] krb5 - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36943<br /><br />Gentoo Linux : [GLSA 201110-17] Avahi - Denial-Of-Service Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36938<br /><br />Gentoo Linux : [GLSA 201110-18] rgmanager - Privilege Escalation Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36939<br /><br />Gentoo Linux : [GLSA 201110-19] X.Org - X Server - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36940<br /><br />Mandriva : [MDVSA-2011:157] freetype2 - Code Execution and Denial-Of-Service Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36945<br /><br />Mandriva : [MDVSA-2011:158] phpmyadmin - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36946<br /><br />Red Hat : [RHSA-2011:1386-01] Kernel - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36959<br /><br />Red Hat : [RHSA-2011:1391-01] httpd - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36960<br /><br />Red Hat : [RHSA-2011:1392-01] httpd - Security Bypass Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36961<br /><br />Stefan Schurtz : [SSCHADV2011-033] Metasploit - Cross-site Scripting Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36950<br /><br />Ubuntu Security Notice : [USN-1236-1] Linux Kernel - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36931<br /><br />Ubuntu Security Notice : [USN-1235-1] Open-iSCSI - File Overwrite Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36932<br /><br />Ubuntu Security Notice : [Ubuntu: 1232-3] X.Org - X server - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36933<br /><br />Gentoo Linux : [GLSA 201110-14] D-Bus - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36935<br /><br />Gentoo Linux : [GLSA 201110-15] GnuPG - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36936<br /><br />Gentoo Linux : [GLSA 201110-16] Cyrus IMAP Server - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36937<br /><br />Hewlett-Packard : [HPSBMU02716 SSRT100651] HP Data Protector Notebook Extension - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36947<br /><br />Hewlett-Packard : [HPSBPI02711 SSRT100647] HP - MFP Digital Sending Software - Information Disclosure Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36948<br /><br />HTB Team : [HTB23050] Tine - Cross-site Scripting Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36952<br /><br />Independant Researcher : Oracle Database - Buffer Overflow Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36954<br /><br />Independant Researcher : Oracle Database Server - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36955<br /><br />Independant Researcher : Oracle Database Server - SQL Injection Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36956<br /><br />Red Hat : [RHSA-2011:1385-01] kdelibs and kdelibs3 - Spoofing Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36958<br /><br />Stefan Schurtz : [SSCHADV2011-031] Yet Another CMS - SQL Injection and Cross-site Scripting Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36957<br /><br />Ubuntu Security Notice : [USN-1192-3] Firefox - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36934<br /><br />Debian : [DSA 2324-1] Wireshark - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36944<br /><br />[SECURITY] [DSA 2326-1] pam security update<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00145.html<br /><br />TC-SA-2011-01: Multiple vulnerabilities in OmniTouch Instant Communication Suite<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00149.html<br /><br />[SECURITY] [DSA 2325-1] kfreebsd-8 security update<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00144.html<br /><br />[ GLSA 201110-20 ] Clam AntiVirus: Multiple vulnerabilities<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00143.html<br /><br />phpLDAPadmin &lt;= 1.2.1.1 (query_engine) Remote PHP Code Injection Exploit<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00148.html<br /><br />jara 1.6 sql injection vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00147.html<br /><br />[ MDVSA-2011:160 ] krb5<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00142.html<br /><br />[ MDVSA-2011:159 ] krb5<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00141.html<br /><br />[ GLSA 201110-18 ] rgmanager: Privilege escalation<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00140.html<br /><br />[ GLSA 201110-17 ] Avahi: Denial of Service<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00139.html<br /><br />[CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues.<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00146.html<br /><br />[ GLSA 201110-16 ] Cyrus IMAP Server: Multiple vulnerabilities<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00138.html<br /><br />[ GLSA 201110-15 ] GnuPG: User-assisted execution of arbitrary code<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00137.html<br /><br />[ GLSA 201110-14 ] D-Bus: Multiple vulnerabilities<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00136.html<br /><br />またもやYouTubeで乗っ取り、今度はマイクロソフトが被害<br />動画を全て消去、コメント欄には「アダルト動画まだ？」<br />http://itpro.nikkeibp.co.jp/article/NEWS/20111025/371321/?ST=security<br /><br />Critical Control 16: Secure Network Engineering<br />http://isc.sans.edu/diary.html?storyid=11878<br /><br />Vulnerability Note VU#659251 Multiple MIT KRB5 KDC daemon vulnerabilities<br />http://www.kb.cert.org/vuls/id/659251<br /><br />FreeType Type 1 Font Processing Flaw Lets Remote Users Deny Service<br />http://www.securitytracker.com/id/1026237<br /><br />FreeType Multiple Vulnerabilities<br />http://secunia.com/advisories/46575/<br /><br />phpLDAPadmin Cross-Site Scripting and Code Injection Vulnerabilities<br />http://secunia.com/advisories/46551/<br /><br />Gentoo update for dbus<br />http://secunia.com/advisories/46547/<br /><br />Gentoo update for gnupg<br />http://secunia.com/advisories/46541/<br /><br />Gentoo update for avahi<br />http://secunia.com/advisories/46503/<br /><br />Gentoo update for rgmanager<br />http://secunia.com/advisories/46498/<br /><br />SUSE update for krb5<br />http://secunia.com/advisories/46546/<br /><br />Gentoo update for cyrus-imapd<br />http://secunia.com/advisories/46530/<br /><br />Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities<br />http://secunia.com/advisories/46473/<br /><br />Cyclope Internet Filtering Proxy Request Processing Denial of Service Vulnerability<br />http://secunia.com/advisories/46556/<br /><br />Toshiba E-Studio Multifunction Printers Management Interface Security Bypass Vulnerability<br />http://secunia.com/advisories/46408/<br /><br />Linux Kernel ext4 Extent Splitting Denial of Service Vulnerability<br />http://secunia.com/advisories/46489/<br /><br />TYPO3 PMK SlimBox Extension Cross-Site Scripting and File Disclosure Vulnerabilities<br />http://secunia.com/advisories/46437/<br /><br />TYPO3 PMK Shadowbox Extension Cross-Site Scripting and File Disclosure Vulnerabilities<br />http://secunia.com/advisories/46499/<br /><br />Debian update for kfreebsd-8<br />http://secunia.com/advisories/46564/<br /><br />Jara "id" SQL Injection Vulnerability<br />http://secunia.com/advisories/46493/<br /><br />OpenEMR Multiple SQL Injection Vulnerabilities<br />http://secunia.com/advisories/46560/<br /><br />WordPress Chennai Theme "s" Cross-Site Scripting Vulnerability<br />http://secunia.com/advisories/46561/<br /><br />Joomla! Freestyle FAQs and Testimonials Components Unspecified SQL Injection Vulnerability<br />http://secunia.com/advisories/46573/<br /><br />Gentoo update for xorg-server<br />http://secunia.com/advisories/46496/<br /><br />LOCAL: Cytel Studio 9.0 (CY3 File) Stack Buffer Overflow<br />http://www.exploit-db.com/exploits/18027<br /><br />DoS/PoC: BlueZone Malformed .zft file Local Denial of Service<br />http://www.exploit-db.com/exploits/18029<br /><br />DoS/PoC: zFTP Server "cwd/stat" Remote Denial-of-Service<br />http://www.exploit-db.com/exploits/18028<br /><br />McAfee Web Gateway Web Acces Cross Site Scripting Vulnerability<br />http://www.vupen.com/english/ADV-2011-2220.php<br /><br />Alcatel-Lucent Instant Communication Suite Cross Site Scripting Issues<br />http://www.vupen.com/english/ADV-2011-2219.php<br /><br />Oracle AutoVue AutoVueX ActiveX Multiple Code Execution Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2218.php<br /><br />FreeType Type 1 Fonts Processing Multiple Code Execution Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2217.php<br /><br />PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/49241<br /><br />JBoss Enterprise Application Platform Multiple Vulnerabilities<br />http://www.securityfocus.com/bid/39710<br /><br />FreeType 'src/psaux/t1decode.c' Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/48619<br /><br />libpng PNG File Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/48618<br /><br />libpng 'pngerror.c' Off-By-One Error Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/48474<br /><br />libpng Buffer Overflow and Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/48660<br /><br />Linux Kernel epoll Subsystem 'eventpoll.c' Multiple Local Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/46630<br /><br />LibTIFF Multiple Buffer Overflow Vulnerabilities<br />http://www.securityfocus.com/bid/47338<br /><br />Asterisk Manager Interface Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/46897<br /><br />Asterisk SIP Authentication Request User Enumeration Weakness<br />http://www.securityfocus.com/bid/48485<br /><br />Asterisk Multiple Remote Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/48431<br /><br />Asterisk Uninitalized Variable SIP Channel Driver Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50177<br /><br />Asterisk UPDTL Packets Buffer Overflow Vulnerabilities<br />http://www.securityfocus.com/bid/46474<br /><br />Asterisk Manager Interface Arbitrary Command Execution Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/47537<br /><br />Asterisk TCP/TLS Server NULL Pointer Dereference Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/46898<br /><br />QEMU 'scsi_disk_emulate_command()' Function Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49545<br /><br />Oracle Database 'CTXSYS.DRVDISP' Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50199<br /><br />ClamAV Prior to 0.96.5 Multiple Vulnerabilities<br />http://www.securityfocus.com/bid/45152<br /><br />Symantec Veritas Enterprise Administrator Service Multiple Buffer Overflow Vulnerabilities<br />http://www.securityfocus.com/bid/49014<br /><br />Symantec Backup Exec for Windows Servers Unauthorized Access Vulnerability<br />http://www.securityfocus.com/bid/47824<br /><br />ClamAV Hash Manager Off-By-One Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48891<br /><br />bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/43331<br /><br />ClamAV 'vba_read_project_strings()' Double Free Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/46470<br /><br />ClamAV 'find_stream_bounds()' PDF File Processing Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/43555<br /><br />Linux-HA OCF Resource Agents 'LD_LIBRARY_PATH' Multiple Local Privilege Escalation Vulnerabilities<br />http://www.securityfocus.com/bid/44359<br /><br />Avahi 'avahi-core/socket.c' Zero Size Packet Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/41075<br /><br />Avahi 'avahi-core/socket.c' NULL UDP Packet Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/46446<br /><br />FreeType Font Document Multiple Memory Corruption Vulnerabilities<br />http://www.securityfocus.com/bid/50155<br /><br />Cyrus IMAP Server SIEVE Script Local Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/36296<br /><br />Cyrus IMAP Server 'index_get_ids()' NULL Pointer Dereference Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/49659<br /><br />Opera Web Browser SVG Layout Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/50044<br /><br />MIT Kerberos Multiple Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/50273<br /><br />MIT Kerberos krb5-appl FTP Daemon EGID Remote Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/48571<br /><br />GnuPG 'GPGSM Tool' Certificate Importing Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/41945<br /><br />Apple QuickTime CVE-2011-0247 H.264 Movie Files Multiple Buffer Overflow Vulnerabilities<br />http://www.securityfocus.com/bid/49030<br /><br />Wireshark Lua Script File Arbitrary Code Execution Vulnerability<br />http://www.securityfocus.com/bid/49528<br /><br />D-Bus Nested Variants Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/45377<br /><br />D-Bus Configuration Insecure Temporary File Creation Vulnerability<br />http://www.securityfocus.com/bid/48460<br /><br />D-Bus Message Byte Order Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48216<br /><br />Multiple Cytel Products Remote Buffer Overflow Vulnerabilities<br />http://www.securityfocus.com/bid/49924<br /><br />FreeBSD UNIX Domain Socket Local Privilege Escalation Vulnerabiity<br />http://www.securityfocus.com/bid/49862<br /><br />Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1985) Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/49968<br /><br />SAP Management Console OSExecute Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/50348<br /><br />Cisco Nexus OS 'section' and 'less' Local Command Injection Vulnerabilities<br />http://www.securityfocus.com/bid/50347<br /><br />Alcatel-Lucent OmniTouch 8400 Instant Communications Suite Multiple Input Validation Vulnerabilities<br />http://www.securityfocus.com/bid/50346<br /><br />zFTP Server 'cwd/stat' Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50345<br /><br />InverseFlow Multiple Cross Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/50344<br /><br />Linux-PAM 'pam_env' Module Multiple Local Privilege Escalation Vulnerabilities<br />http://www.securityfocus.com/bid/50343<br /><br />McAfee Web Gateway Web Access Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50341<br /><br />e107 'cmd' Parameter Remote Command Execution Vulnerability<br />http://www.securityfocus.com/bid/50339<br /><br />Joomla! Freestyle FAQs and Freestyle Testimonials Components Unspecified SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50338<br /><br />OpenEMR Multiple SQL Injection Vulnerabilities<br />http://www.securityfocus.com/bid/50336<br /><br />WordPress ThemeCity 's' Parameter Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50334<br /><br />Oracle AutoVue 'AutoVueX.ocx' ActiveX Control 'Export3DBom()' Insecure Method Vulnerability<br />http://www.securityfocus.com/bid/50333<br /><br />Oracle AutoVue 'AutoVueX.ocx' ActiveX Control 'ExportEdaBom()' Insecure Method Vulnerability<br />http://www.securityfocus.com/bid/50332<br /><br />phpLDAPadmin 0.9.4b 'common.php' Local File Include Vulnerability<br />http://www.securityfocus.com/bid/50328<br /><div><br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/271993289796750713-650399680527302699?l=isneophyte.blogspot.com' alt='' /></div>Bouno Tokyonoreply@blogger.com0tag:blogger.com,1999:blog-271993289796750713.post-31370459069032922352011-10-24T10:52:00.000+09:002011-10-24T16:27:54.086+09:00<br />+ Postfix stable release 2.8.6, 2.7.7, 2.6.13, 2.5.16<br />http://www.postfix.org/announcements/postfix-2.8.6.html<br />http://mirror.postfix.jp/postfix-release/official/postfix-2.8.6.HISTORY<br />http://mirror.postfix.jp/postfix-release/official/postfix-2.7.7.HISTORY<br />http://mirror.postfix.jp/postfix-release/official/postfix-2.6.13.HISTORY<br />http://mirror.postfix.jp/postfix-release/official/postfix-2.5.16.HISTORY<br /><br />UPDATE: Security updates available for Adobe Reader and Acrobat<br />http://www.adobe.com/support/security/bulletins/apsb11-24.html<br /><br />CESA-2011:1386 (kernel)<br />http://lwn.net/Alerts/464073/<br /><br />CESA-2011:1392 (httpd)<br />http://lwn.net/Alerts/464072/<br /><br />Thunderbird Beta Channel: latest update available<br />http://www.mozilla.org/thunderbird/all-beta.html<br />http://www.mozilla.org/thunderbird/8.0beta/releasenotes/<br /><br />phpMyAdmin 3.4.7 is released<br />http://sourceforge.net/news/?group_id=23067&amp;id=304138<br /><br />SA46491: Gentoo update for clamav<br />http://secunia.com/advisories/46491/<br /><br />Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1985) Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/49968<br /><div><br /></div><div><br /></div><div><br /></div><div><br /></div><br />+ MySQL Community Server 5.5.17 has been released<br />http://dev.mysql.com/tech-resources/interviews/thomas-ulin-mysql-55.html<br />http://dev.mysql.com/doc/refman/5.5/en/news-5-5-17.html<br /><br />+ Linux kernel 3.0.5, 3.0.6, 3.0.7 released<br />http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.5<br />http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.6<br />http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.7<br /><br />+ Sudo 1.7.8, 1.8.3 released<br />http://www.sudo.ws/sudo/news.html<br />http://www.sudo.ws/sudo/stable.html#1.7.8<br />http://www.sudo.ws/sudo/stable.html#1.8.3<br /><br />+ Linux Kernel 'ext4_ext_insert_extent()' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50322<br /><br />++ [CPUOct2011] Oracle Critical Patch Update Advisory - October 2011<br />http://www.oracle.com/technetwork/jp/topics/ojkb155517-518195-ja.html<br /><br />[ANNOUNCE] Apache OpenWebBeans 1.1.2 release<br />http://www.apache.org/dyn/closer.cgi/openwebbeans/1.1.2/<br /><br />Apache Subversion 1.7.1 Released<br />http://subversion.apache.org/download/#recommended-release<br /><br />HPSBMP02713 SSRT100651 rev.2 - Replaced by Document ID c03058866 - HPSBMU02716 SSRT100651<br />https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&amp;javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03054543%25257CdocLocale%25253Dja_JP&amp;javax.portlet.begCacheTok=com.vignette.cachetoken&amp;javax.portlet.endCacheTok=com.vignette.cachetoken<br /><br />HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code<br />https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&amp;javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03058866%25257CdocLocale%25253Dja_JP&amp;javax.portlet.begCacheTok=com.vignette.cachetoken&amp;javax.portlet.endCacheTok=com.vignette.cachetoken<br /><br />HPSBOV02497 SSRT090245 rev.4 - HP TCP/IP Services for OpenVMS Running NTP, Remote Execution of Arbitrary Code, Denial of Service (DoS)<br />https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&amp;javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c01961959%25257CdocLocale%25253Dja_JP&amp;javax.portlet.begCacheTok=com.vignette.cachetoken&amp;javax.portlet.endCacheTok=com.vignette.cachetoken<br /><br />HPSBPI02711 SSRT100647 rev.1 - HP MFP Digital Sending Software Running on Windows, Local Information Disclosure<br />https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&amp;javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03052686%25257CdocLocale%25253Dja_JP&amp;javax.portlet.begCacheTok=com.vignette.cachetoken&amp;javax.portlet.endCacheTok=com.vignette.cachetoken<br /><br />FreeBSD 9.0-RC1 released<br />http://www.freebsd.org/news/newsflash.html#event20111023:01<br /><br />チャットサポートの一時的な停止につきまして（2011年11月5日）<br />http://www.trendmicro.co.jp/support/news.asp?id=1668<br /><br />ペンタセキュリティ、WAFに仮想アプライアンス版を追加<br />http://itpro.nikkeibp.co.jp/article/NEWS/20111021/371202/?ST=security<br /><br />TeamSHATTER Security Advisory: SQL Injection Vulnerability in Oracle DROP INDEX for spatial datatype<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00135.html<br /><br />TeamSHATTER Security Advisory: Database Vault Account Management Vulnerabilites<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00134.html<br /><br />TeamSHATTER Security Advisory: Buffer Overflow in Oracle Database (CTXSYS.DRVDISP.TABLEFUNC_ASOWN fu<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00133.html<br /><br />[ MDVSA-2011:158 ] phpmyadmin<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00132.html<br /><br />VUPEN Security Research - Microsoft Internet Explorer "X-UA-COMPATIBLE" Use-after <br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00130.html<br /><br />[ MDVSA-2011:157 ] freetype2<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00129.html<br /><br />inCommand Technologies, Inc. Cross-site Scripting Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00131.html<br /><br />Metasploit 4.1.0 Web UI stored XSS vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00128.html<br /><br />tcpdump and IPv6<br />http://isc.sans.edu/diary.html?storyid=11872<br /><br />Oracle Java SE Critical Patch Update<br />http://isc.sans.edu/diary.html?storyid=11869<br /><br />Red Hat update for kernel<br />http://secunia.com/advisories/46543/<br /><br />Elgg pg/search SQL Injection Vulnerability<br />http://secunia.com/advisories/46514/<br /><br />Google Chrome NSS Insecure Library Loading Vulnerability<br />http://secunia.com/advisories/46471/<br /><br />GNOME Empathy Nickname Script Insertion Vulnerability<br />http://secunia.com/advisories/46510/<br /><br />Network Security Services Insecure Library Loading Vulnerability<br />http://secunia.com/advisories/46557/<br /><br />Red Hat update for httpd<br />http://secunia.com/advisories/46456/<br /><br />Red Hat update for httpd<br />http://secunia.com/advisories/46542/<br /><br />WHMCompleteSolution "templatefile" Local File Inclusion Vulnerability<br />http://secunia.com/advisories/46312/<br /><br />Ubuntu update for linux<br />http://secunia.com/advisories/46539/<br /><br />Ubuntu update for open-iscsi<br />http://secunia.com/advisories/46535/<br /><br />Pre Studio Business Cards Designer "id" SQL Injection Vulnerability<br />http://secunia.com/advisories/46545/<br /><br />Joomla! Multiple NoNumber Extensions Local File Inclusion and PHP Code Execution<br />http://secunia.com/advisories/46459/<br /><br />SUSE update for ldns<br />http://secunia.com/advisories/46470/<br /><br />Debian update for wireshark<br />http://secunia.com/advisories/46482/<br /><br />Schneider Electric Products UnitelWay Device Driver Privilege Escalation Vulnerability<br />http://secunia.com/advisories/46534/<br /><br />Check Point Products ByteRange Filter Denial of Service Vulnerability<br />http://secunia.com/advisories/46474/<br /><br />Ubuntu update for acpid<br />http://secunia.com/advisories/46540/<br /><br />Medium severity flaw in QNX Neutrino RTOS<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8475<br /><br />MS11-064 TCP/IP Stack Denial of Service<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8474<br /><br />MS11-077 .fon Kernel-Mode Buffer Overrun PoC<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8473<br /><br />Mozilla Firefox Array.reduceRight() Integer Overflow Exploit<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8472<br /><br />HP Onboard Administrator (OA), Remote Unauthorized Access<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8471<br /><br />Citect Buffer Overflow in UnitelWay Driver Lets Local Users Gain Elevated Privileges<br />http://www.securitytracker.com/id/1026234<br /><br />REMOTE:&nbsp;Oracle AutoVue 20.0.1 AutoVueX ActiveX Control SaveViewStateToFile Vulnerability<br />http://www.exploit-db.com/exploits/18016<br /><br />REMOTE: HP Power Manager 'formExportDataLogs' Buffer Overflow<br />http://www.exploit-db.com/exploits/18015<br /><br />DoS/PoC:&nbsp;Google Chrome Denial Of Service (DoS)<br />http://www.exploit-db.com/exploits/18025<br /><br />DoS/PoC:&nbsp;MS11-077 Win32k Null Pointer De-reference Vulnerability POC<br />http://www.exploit-db.com/exploits/18024<br /><br />DoS/PoC:&nbsp;Google Chrome PoC, killing thread<br />http://www.exploit-db.com/exploits/18019<br /><br />DoS/PoC:&nbsp;Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe DoS (Poc)<br />http://www.exploit-db.com/exploits/18017<br /><br />Schneider Electric Products UnitelWay Device Driver Local Buffer Overflow<br />http://www.vupen.com/english/ADV-2011-2216.php<br /><br />OCS Inventory NG Data Processing Cross Site Scripting Vulnerability<br />http://www.vupen.com/english/ADV-2011-2215.php<br /><br />IBM WebSphere Application Server for z/OS WS-Security Vulnerability<br />http://www.vupen.com/english/ADV-2011-2214.php<br /><br />Oracle Database Server Database Vault 'DV_ACCTMGR' Privileges Remote Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/50219<br /><br />Oracle Database 'CTXSYS.DRVDISP' Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/50199<br /><br />Oracle Database CVE-2011-3512 SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50203<br /><br />TYPO3 pdf_generator2 Extension Remote Commend Execution and Remote File Disclosure Vulnerabilities<br />http://www.securityfocus.com/bid/50304<br /><br />Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/49303<br /><br />Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/49957<br /><br />Red Hat Linux Kernel CVE-2011-3347 VLAN Packets Handling Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50312<br /><br />phpMyAdmin Setup Interface Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50175<br /><br />phpMyAdmin Tracking Feature Multiple Cross Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/49306<br /><br />Progea Movicon Multiple Heap Based Buffer Overflow and Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/49605<br /><br />Cisco TelePresence Video Communication Server 'User-Agent' HTTP Header HTML Injection Vulnerability<br />http://www.securityfocus.com/bid/50084<br /><br />Apple iOS Free Type Font Document Multiple Memory Corruption Vulnerabilities<br />http://www.securityfocus.com/bid/50155<br /><br />X.Org X11 Local Privilege Escalation Vulnerability and Memory Leak Vulnerability<br />http://www.securityfocus.com/bid/50002<br /><br />HP Power Manager 'formExportDataLogs' Buffer Overflow Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/37867<br /><br />Oracle Java SE CVE-2011-3558 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50242<br /><br />Oracle Java SE CVE-2011-3548 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50211<br /><br />Oracle Java SE CVE-2011-3551 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50224<br /><br />Elgg 'limit' Parameter SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50327<br /><br />SportsPHool 'mainnav' Parameter Remote File Include Vulnerability<br />http://www.securityfocus.com/bid/50325<br /><br />Mozilla NSS 'NSS_NoDB_Init()' Insecure Library Loading Arbitrary Code Execution Vulnerability<br />http://www.securityfocus.com/bid/50324<br /><br />Empathy 'nickname' Field Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50323<br /><br />Linux Kernel 'ext4_ext_insert_extent()' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50322<br /><br />Oracle AutoVue 'AutoVueX.ocx' ActiveX Control 'SaveViewStateToFile()' Insecure Method Vulnerability<br />http://www.securityfocus.com/bid/50321<br /><br />Opera Web Browser Tree Traversing Use-After-Free Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/50320<br /><div><br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/271993289796750713-3137045906903292235?l=isneophyte.blogspot.com' alt='' /></div>Bouno Tokyonoreply@blogger.com0tag:blogger.com,1999:blog-271993289796750713.post-11789114412478671112011-10-21T10:47:00.000+09:002011-10-21T16:59:36.225+09:00<div class="separator" style="clear: both; text-align: justify;"></div><div class="separator" style="clear: both; text-align: justify;">2011/10/20 Samba 3.6.1がリリースされました</div><div class="separator" style="clear: both; text-align: justify;">http://wiki.samba.gr.jp/mediawiki/index.php?title=%E3%83%A1%E3%82%A4%E3%83%B3%E3%83%9A%E3%83%BC%E3%82%B8</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">ウイルスバスター2012 プログラムアップデートのお知らせ</div><div class="separator" style="clear: both; text-align: justify;">http://www.trendmicro.co.jp/support/news.asp?id=1667</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">UPDATE: Oracle Critical Patch Update Advisory - October 2011</div><div class="separator" style="clear: both; text-align: justify;">http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">ソフトウェア等の脆弱性関連情報に関する届出状況</div><div class="separator" style="clear: both; text-align: justify;">[2011年第3四半期（7月～9月）]</div><div class="separator" style="clear: both; text-align: justify;">http://www.ipa.go.jp/security/vuln/report/vuln2011q3.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNVU#819894: libpng における sCAL チャンクの処理に脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvn.jp/cert/JVNVU819894/index.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNVU#707943: Windows プログラムの DLL 読み込みに脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvn.jp/cert/JVNVU707943/index.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVN#44724673: Java Web Start において許可されていないシステムクラスが実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvn.jp/jp/JVN44724673/index.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNTA11-286A: Apple Mac OS Xにおける複数の脆弱性に対するアップデート</div><div class="separator" style="clear: both; text-align: justify;">http://jvn.jp/cert/JVNTA11-286A/index.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNTA11-284A: Microsoft 製品における複数の脆弱性に対するアップデート</div><div class="separator" style="clear: both; text-align: justify;">http://jvn.jp/cert/JVNTA11-284A/index.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002451 Microsoft Internet Explorer 8 における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002451.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002450 Microsoft Internet Explorer 9 における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002450.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002449 Microsoft Internet Explorer 6 における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002449.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002448 Microsoft Internet Explorer 6 から 8 における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002448.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002447 Microsoft Internet Explorer 6 から 9 における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002447.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002446 Microsoft Internet Explorer 6 から 9 における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002446.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002445 Microsoft Windows XP および Windows Server 2003 の afd.sys における権限昇格の脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002445.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002444 Microsoft Windows XP および Windows Server 2003 における権限昇格の脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002444.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002443 Microsoft Forefront UAG の MicrosoftClient.jar における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002443.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002442 Microsoft Forefront UAG 2010 におけるクロスサイトスクリプティングの脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002442.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002441 Microsoft Forefront UAG 2010 におけるクロスサイトスクリプティングの脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002441.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002440 Microsoft Forefront UAG 2010 における CRLF インジェクションの脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002440.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002439 Microsoft .NET Framework および Silverlight における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002439.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002438 Microsoft Windows のカーネルモードドライバ内にある win32k.sys における権限昇格の脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002438.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002437 Microsoft Windows の win32k.sys のバッファオーバーフローの脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002437.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002436 Microsoft Windows の win32k.sys におけるサービス運用妨害 (システムハング) の脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002436.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002435 Microsoft Windows の win32k.sys における権限昇格またはサービス運用妨害 (DoS) の脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002435.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002434 Microsoft Windows Vista および Windows 7 の Windows Media Center における権限昇格の脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002434.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002433 Microsoft Windows の Microsoft Active Accessibility コンポーネントにおける権限昇格の脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002433.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002432 複数の Microsoft 製品における任意のファイルを読まれる脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002432.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002431 Microsoft Windows SharePoint Services および SharePoint Foundation におけるクロスサイトスクリプティングの脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002431.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002430 複数の Microsoft SharePoint 製品の EditForm.aspx におけるクロスサイトスクリプティングの脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002430.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002429 複数の Microsoft SharePoint 製品におけるクロスサイトスクリプティングの脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002429.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002428 Microsoft Internet Explorer における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002428.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002427 Microsoft Internet Explorer における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002427.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002426 Microsoft Host Integration Server におけるサービス運用妨害 (SNA サーバサービスの休止) の脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002426.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002425 Microsoft Host Integration Server におけるサービス運用妨害 (SNA サーバサービスの休止) の脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002425.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002424 Apple iTunes で使用される CoreMedia におけるバッファオーバーフローの脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002424.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002423 Apple iTunes で使用される WebKit における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002423.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002422 Apple iTunes で使用される WebKit における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002422.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002421 Apple iTunes で使用される WebKit における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002421.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002420 Apple iTunes で使用される WebKit における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002420.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002419 Apple iTunes で使用される WebKit における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002419.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002418 Apple iTunes で使用される WebKit における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002418.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002417 Apple iTunes で使用される WebKit における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002417.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002416 Apple iTunes で使用される WebKit における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002416.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002415 Apple iTunes で使用される WebKit における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002415.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002414 Apple iTunes で使用される WebKit における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002414.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002413 Apple iTunes で使用される WebKit における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002413.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002412 複数の Microsoft SharePoint 製品におけるクロスサイトスクリプティングの脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002412.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002411 Microsoft Office 2003 および 2007 における権限昇格の脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002411.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002410 Microsoft Office 2007 および 2010 における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002410.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002409 Windows Server 2003 および 2008 の WINS における権限昇格の脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002409.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002408 Microsoft Excel 2003 における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002408.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002407 複数の Microsoft Excel 製品における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002407.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002406 複数の Microsoft Excel 製品における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002406.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002405 複数の Microsoft Excel 製品における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002405.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002404 複数の Microsoft Excel 製品における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002404.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002403 Microsoft Windows における権限昇格の脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002403.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002402 Adobe Reader および Acrobat における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002402.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002401 Adobe Reader および Acrobat の CoolType.dll におけるスタックベースのバッファオーバーフローの脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002401.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002400 Adobe Reader および Acrobat における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002400.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JVNDB-2011-002399 Adobe Reader および Acrobat における任意のコードを実行される脆弱性</div><div class="separator" style="clear: both; text-align: justify;">http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002399.html</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">Independant Researcher : Django - Multiple Issues</div><div class="separator" style="clear: both; text-align: justify;">http://www.criticalwatch.com/support/security-advisories.aspx?AID=36928</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">Red Hat : [RHSA-2011:1379-01] krb5 - Denial-Of-Service Issue</div><div class="separator" style="clear: both; text-align: justify;">http://www.criticalwatch.com/support/security-advisories.aspx?AID=36924</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">Red Hat : [RHSA-2011:1380-01] java-1.6.0-openjdk - Multiple Issues</div><div class="separator" style="clear: both; text-align: justify;">http://www.criticalwatch.com/support/security-advisories.aspx?AID=36925</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">Red Hat : [RHSA-2011:1384-01] java-1.6.0-sun - Multiple Issues</div><div class="separator" style="clear: both; text-align: justify;">http://www.criticalwatch.com/support/security-advisories.aspx?AID=36926</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">Red Hat : QEMU - Buffer Overflow Issue</div><div class="separator" style="clear: both; text-align: justify;">http://www.criticalwatch.com/support/security-advisories.aspx?AID=36927</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">Cisco : [cisco-sa-20111019-sns] Cisco Show and Share - Multiple Issues</div><div class="separator" style="clear: both; text-align: justify;">http://www.criticalwatch.com/support/security-advisories.aspx?AID=36929</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">New Flash Click Jacking Exploit</div><div class="separator" style="clear: both; text-align: justify;">http://isc.sans.edu/diary.html?storyid=11857</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">JBoss Worm</div><div class="separator" style="clear: both; text-align: justify;">http://isc.sans.edu/diary.html?storyid=11860</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">Check Point UTM-1 Edge / Safe@Office WebUI Multiple Vulnerabilities</div><div class="separator" style="clear: both; text-align: justify;">http://secunia.com/advisories/46486/</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">DoS/Poc: Opera ＜= 11.51 Use After Free Crash PoC</div><div class="separator" style="clear: both; text-align: justify;">http://www.exploit-db.com/exploits/18014</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">HP Power Manager 'formExportDataLogs' Buffer Overflow Remote Code Execution Vulnerability</div><div class="separator" style="clear: both; text-align: justify;">http://www.securityfocus.com/bid/37867</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">Oracle Java SE CVE-2011-3558 Remote Java Runtime Environment Vulnerability</div><div class="separator" style="clear: both; text-align: justify;">http://www.securityfocus.com/bid/50242</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">Oracle Java SE CVE-2011-3548 Remote Java Runtime Environment Vulnerability</div><div class="separator" style="clear: both; text-align: justify;">http://www.securityfocus.com/bid/50211</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">Oracle Java SE CVE-2011-3551 Remote Java Runtime Environment Vulnerability</div><div class="separator" style="clear: both; text-align: justify;">http://www.securityfocus.com/bid/50224</div><div><br /></div><br /><div class="separator" style="clear: both; text-align: right;"><a href="http://4.bp.blogspot.com/-UCKB7-rCRPw/TqDX0LX_TNI/AAAAAAAAA34/4iSqnWr2vCI/s1600/Google-20111021-%25E3%2583%25A1%25E3%2582%25A2%25E3%2583%25AA%25E3%2583%25BC%25E3%2583%2596%25E3%2583%25AC%25E3%2582%25A2%25E7%2594%259F%25E8%25AA%2595100%25E5%2591%25A8%25E5%25B9%25B4.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="132" src="http://4.bp.blogspot.com/-UCKB7-rCRPw/TqDX0LX_TNI/AAAAAAAAA34/4iSqnWr2vCI/s320/Google-20111021-%25E3%2583%25A1%25E3%2582%25A2%25E3%2583%25AA%25E3%2583%25BC%25E3%2583%2596%25E3%2583%25AC%25E3%2582%25A2%25E7%2594%259F%25E8%25AA%2595100%25E5%2591%25A8%25E5%25B9%25B4.JPG" width="320" /></a></div>+ Samba 3.6.1 Available for Download<br />http://www.samba.org/samba/history/samba-3.6.1.html<br />http://www.samba.org/samba/history/<br /><br />+ Important: kernel security, bug fix, and enhancement update<br />http://rhn.redhat.com/errata/RHSA-2011-1386.html<br /><br />+ Moderate: httpd security and bug fix update<br />http://rhn.redhat.com/errata/RHSA-2011-1392.html<br /><br />+ Linux Kernel 'taskstats' Access Restriction Local Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/50314<br />http://www.redhat.com/security/data/cve/CVE-2011-2494.html<br /><br />+ Linux Kernel 'clock_gettime()' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50311<br /><br />- Linux Kernel EXT4 Extent Format File Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48697<br /><br />RHSA-2011:1391 Moderate: httpd security and bug fix update<br />http://rhn.redhat.com/errata/RHSA-2011-1391.html<br /><br />CESA-2011:1380 (java-1.6.0-openjdk)<br />http://lwn.net/Alerts/463927/<br /><br />CESA-2011:1385 (kdelibs)<br />http://lwn.net/Alerts/463929/<br /><br />[SECURITY] [DSA 2324-1] wireshark security update<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00127.html<br /><br />GotRoot Security Challenge<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00126.html<br /><br />[security bulletin] HPSBPI02711 SSRT100647 rev.1 - HP MFP Digital Sending Software Running on Wi<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00120.html<br /><br />OCS Inventory NG 2.0.1 Persistent XSS (CVE-2011-4024)<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00125.html<br /><br />Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overf<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00124.html<br /><br />Yet Another CMS 1.0 SQL Injection &amp; XSS vulnerabilities<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00119.html<br /><br />Cisco Security Advisory: CiscoWorks Common Services Arbitrary Command Execution Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00118.html<br /><br />Cisco Security Advisory: Cisco Show and Share Security Vulnerabilities<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00117.html<br /><br />[security bulletin] HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00123.html<br /><br />Multiple vulnerabilities in Tine 2.0<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00122.html<br /><br />ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerabili<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00116.html<br /><br />DNS Poisoning via Port Exhaustion<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00121.html<br /><br />[ GLSA 201110-13 ] Tor: Multiple vulnerabilities<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00115.html<br /><br />MITKRB5-SA-2011-006 KDC denial of service vulnerabilities [CVE-2011-1527 CVE-<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00114.html<br /><br />Critical Control 13: Limitation and Control of Network Ports, Protocols, and Services<br />http://isc.sans.edu/diary.html?storyid=11845<br /><br />Evil Printers Sending Mail<br />http://isc.sans.edu/diary.html?storyid=11848<br /><br />IBM WebSphere Application Server for z/OS JAX-WS Applications Unspecified Vulnerability<br />http://secunia.com/advisories/46469/<br /><br />KaiBB Cross-Site Scripting and SQL Injection Vulnerabilities<br />http://secunia.com/advisories/45311/<br /><br />wizmall "BID" and "UID" SQL Injection Vulnerabilities<br />http://secunia.com/advisories/46440/<br /><br />wizmall Two File Disclosure Vulnerabilities<br />http://secunia.com/advisories/46484/<br /><br />Splunk Cross-Site Scripting and Denial of Service Vulnerabilities<br />http://secunia.com/advisories/46462/<br /><br />Fedora update for java-1.6.0-openjdk<br />http://secunia.com/advisories/46538/<br /><br />Honeywell EBI Temaline Remote Installer ActiveX Control "DownloadURL()" Insecure Method<br />http://secunia.com/advisories/46497/<br /><br />Fedora update for tomcat6<br />http://secunia.com/advisories/46537/<br /><br />HP MFP Digital Sending Software Workflow Metadata Information Disclosure Weakness<br />http://secunia.com/advisories/46532/<br /><br />CiscoWorks Common Services Home Page Component Command Injection Vulnerability<br />http://secunia.com/advisories/46533/<br /><br />Cisco Show and Share Security Bypass Security Issue and File Upload Vulnerability<br />http://secunia.com/advisories/46465/<br /><br />Red Hat update for krb5<br />http://secunia.com/advisories/46480/<br /><br />Red Hat update for java-1.6.0-sun<br />http://secunia.com/advisories/46490/<br /><br />Simple PHP Forum Script "id" SQL Injection Vulnerability<br />http://secunia.com/advisories/46485/<br /><br />Microsoft Internet Explorer DOM Modification Race Code Execution Vulnerability<br />http://www.securiteam.com/windowsntfocus/6O03H002UW.html<br /><br />Microsoft Internet Explorer layout-grid-char style Code Execution Vulnerability<br />http://www.securiteam.com/windowsntfocus/6P03I002UQ.html<br /><br />Lotus Notes XLS viewer malformed BIFF record heap overflow Vulnerability<br />http://www.securiteam.com/windowsntfocus/6T03M002UC.html<br /><br />7T Interactive Graphical SCADA System Memory Corruption Vulnerability<br />http://www.securiteam.com/securitynews/6S03L002US.html<br /><br />Oracle Java ICC Profile Multi-Language 'curv' Tag Parsing Code Execution Vulnerability<br />http://www.securiteam.com/securitynews/6R03K002US.html<br /><br />Oracle Java ICC Profile 'bfd ' Tag Parsing Code Execution Vulnerability<br />http://www.securiteam.com/securitynews/6Q03J002UU.html<br /><br />Avaya Identity Engines Ignition Server Remote Code Execution Vulnerability<br />http://www.vupen.com/english/ADV-2011-2213.php<br /><br />MIT Kerberos Packets Processing Remote Denial of Service Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2212.php<br /><br />HP MFP Digital Sending Software Local Information Disclosure<br />http://www.vupen.com/english/ADV-2011-2211.php<br /><br />Novell ZENworks Configuration Management Multiple Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2210.php<br /><br />Novell ZENworks Handheld Management Code Execution and Dir Traversal<br />http://www.vupen.com/english/ADV-2011-2209.php<br /><br />Cisco Show and Share Unauthorized Access and Code Execution<br />http://www.vupen.com/english/ADV-2011-2208.php<br /><br />Cisco CiscoWorks Common Services Command Execution Vulnerability<br />http://www.vupen.com/english/ADV-2011-2207.php<br /><br />Oracle Java Multiple Remote Code Execution and Security Bypass<br />http://www.vupen.com/english/ADV-2011-2206.php<br /><br />Oracle and Sun Products Multiple Code Execution and Security Bypass<br />http://www.vupen.com/english/ADV-2011-2205.php<br /><br />DoS/PoC: UnrealIRCd 3.2.8.1 Local Configuration Stack Overflow<br />http://www.exploit-db.com/exploits/18011<br /><br />DoS/PoC: Opera ＜= 11.52 Stack Overflow<br />http://www.exploit-db.com/exploits/18008<br /><br />DoS/PoC: Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow<br />http://www.exploit-db.com/exploits/18007<br /><br />DoS/PoC: Opera ＜= 11.52 PoC Denial of Service<br />http://www.exploit-db.com/exploits/18006<br /><br />SUSE Linux 'scsi_discovery tool' Insecure Temporary File Creation Vulnerability<br />http://www.securityfocus.com/bid/36887<br /><br />Linux Kernel '/proc/PID/io' Local Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/49408<br /><br />Linux Kernel TCP Sequence Number Generation Security Weakness<br />http://www.securityfocus.com/bid/49289<br /><br />Linux Kernel SCTP INIT/INIT-ACK Chunk Length Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47308<br /><br />Linux Kernel Auerswald USB Device Driver Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/48687<br /><br />Wireshark Lua Script File Arbitrary Code Execution Vulnerability<br />http://www.securityfocus.com/bid/49528<br /><br />acpid Multiple Local Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/45915<br /><br />Linux Kernel 'CIFSFindNext()' Function Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49295<br /><br />Xen DMA Requests IOMMU Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49146<br /><br />Linux Kernel Generic Receive Offload (GRO) CVE-2011-2723 Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48929<br /><br />Linux Kernel eCryptfs Multiple Vulnerabilities<br />http://www.securityfocus.com/bid/49108<br /><br />Linux Kernel 'taskstats.c' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48383<br /><br />Linux Kernel CIFS Local Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/47381<br /><br />Linux Kernel 'mremap()' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47321<br /><br />Linux Kernel IPv6 Fragment Identification Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48802<br /><br />Linux Kernel 'drivers/char/tpm/tpm.c' Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/46866<br /><br />Linux Kernel EXT4 Extent Format File Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48697<br /><br />Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/49616<br /><br />Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/49957<br /><br />Oracle Java SE CVE-2011-3544 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50218<br /><br />Oracle Java SE CVE-2011-3521 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50215<br /><br />SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/49778<br /><br />Oracle Java SE CVE-2011-3552 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50248<br /><br />Oracle Java SE CVE-2011-3557 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50234<br /><br />Oracle Java SE CVE-2011-3547 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50243<br /><br />Oracle Java SE CVE-2011-3560 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50236<br /><br />Oracle Java SE CVE-2011-3554 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50216<br /><br />Oracle Java SE CVE-2011-3556 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50231<br /><br />OCS Inventory NG Unspecified HTML Injection Vulnerability<br />http://www.securityfocus.com/bid/50011<br /><br />Oracle Java SE CVE-2011-3551 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50224<br /><br />KDE KSSL Common Name SSL Certificate Spoofing Vulnerability<br />http://www.securityfocus.com/bid/49925<br /><br />Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/48667<br /><br />Apache Tomcat AJP Protocol Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/49353<br /><br />Apache Tomcat NIO Connector Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/46164<br /><br />Apache Tomcat SecurityManager Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/46177<br /><br />Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/48456<br /><br />Apache Tomcat HTML Manager Interface HTML Injection Vulnerability<br />http://www.securityfocus.com/bid/46174<br /><br />ldns 'rr.c' Remote Heap Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49748<br /><br />Oracle Java SE CVE-2011-3548 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50211<br /><br />Oracle Java SE CVE-2011-3558 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50242<br /><br />Mozilla Firefox/SeaMonkey CVE-2011-2993 Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/49248<br /><br />Mozilla Firefox and Thunderbird CVE-2011-2991 JavaScript Memory-Corruption Vulnerabiility<br />http://www.securityfocus.com/bid/49243<br /><br />Cyclope Internet Filtering Proxy 'user' HTML Injection Vulnerability<br />http://www.securityfocus.com/bid/50317<br /><br />MetaSploit Framework 'project[name]' Field HTML Injection Vulnerability<br />http://www.securityfocus.com/bid/50315<br /><br />Linux Kernel 'taskstats' Access Restriction Local Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/50314<br /><br />Red Hat Linux Kernel Ethernet Bridge Interface Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50313<br /><br />Red Hat Linux Kernel CVE-2011-3347 VLAN Packets Handling Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50312<br /><br />Linux Kernel 'clock_gettime()' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50311<br /><br />IBM WebSphere Application Server JAX-WS Unspecified Vulnerability<br />http://www.securityfocus.com/bid/50310<br /><br />PreProjects Pre Studio Business Cards Designer 'page.php' SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50309<br /><br />Skype Technologies Skype Client for Windows File Transfer Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50308<br /><br />Tine Multiple Cross Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/50307<br /><br />TYPO3 pmkshadowbox and pmkslimbox Cross Site Scripting and Arbitrary File Download Vulnerabilities<br />http://www.securityfocus.com/bid/50306<br /><br />Oracle DataDirect Multiple Native Wire Protocol ODBC Driver Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50305<br /><br />TYPO3 pdf_generator2 Extension Remote Commend Execution and Remote File Disclosure Vulnerabilities<br />http://www.securityfocus.com/bid/50304<br /><br />Novell ZENworks Handheld Management Multiple Unspecified Remote Code Execution Vulnerabilities<br />http://www.securityfocus.com/bid/50303<br /><br />wizmall Multiple SQL Injection Vulnerabilities<br />http://www.securityfocus.com/bid/50302<br /><br />osCommerce Remote File Upload and File Disclosure Vulnerabilities<br />http://www.securityfocus.com/bid/50301<br /><br />wizmall Multiple Remote File Disclosure Vulnerabilities<br />http://www.securityfocus.com/bid/50300<br /><br />KaiBB SQL Injection and Cross Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/50299<br /><br />Splunk Web component Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50298<br /><br />Splunk 'segment' Parameter Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50296<br /><br />Innovate Portal 'cat' Parameter Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50295<br /><br />CMS Mini 'name' Parameter Directory Traversal Vulnerability<br />http://www.securityfocus.com/bid/50294<br /><br />Uiga Personal Portal SQL Injection and Cross Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/50293<br /><br />Simple Free PHP Forum Script 'index.php' SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50292<br /><br />fims File Management System 'password' Parameter SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50291<br /><br />fims File Management System 'f' Parameter Arbitrary File Download Vulnerability<br />http://www.securityfocus.com/bid/50290<br /><br />OpenEMR 'add_edit_issue.php' SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50289<br /><div><br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/271993289796750713-1178911441247867111?l=isneophyte.blogspot.com' alt='' /></div>Bouno Tokyonoreply@blogger.com0tag:blogger.com,1999:blog-271993289796750713.post-19229844456545301212011-10-20T10:08:00.000+09:002011-10-20T16:25:42.842+09:00ウイルスバスター2011 プログラムアップデートのお知らせ<br />http://www.trendmicro.co.jp/support/news.asp?id=1665<br /><br />1. 2011年 第3四半期 脆弱性対策情報データベース JVN iPediaの登録状況（総括）<br />http://www.ipa.go.jp/security/vuln/report/JVNiPedia2011q3.html<br /><br />WEB FORUM におけるクロスサイトスクリプティングの脆弱性<br />http://jvn.jp/jp/JVN80971236/<br /><br />JVN#89764731: WEB FORUM におけるクロスサイトスクリプティングの脆弱性<br />http://jvn.jp/jp/JVN89764731/<br /><br />WEB FORUM におけるクロスサイトスクリプティングの脆弱性<br />http://www.jpcert.or.jp/<br /><br />Critical Control 13: Limitation and Control of Network Ports, Protocols, and Services<br />http://isc.sans.edu/diary.html?storyid=11845<br /><br />Evil Printers Sending Mail<br />http://isc.sans.edu/index.html<br /><br />HP MFP Digital Sending Software Lets Local Users Obtain Potentially Sensitive Information<br />http://www.securitytracker.com/id/1026228<br /><div><br /></div><br /><br /><br /><br />++ Microsoft Windows Local DNS Cache Poisoning Vulnerabilities<br />http://www.securityfocus.com/bid/50281<br /><div><br /></div><br />+ Moderate: kdelibs and kdelibs3 security update<br />http://rhn.redhat.com/errata/RHSA-2011-1385.html<br /><br />DHCP 4.2.3 released<br />https://www.isc.org/software/dhcp/423<br /><br />HPSBNS02701 SSRT100598 rev.1 - HP NonStop Servers running Samba, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification, Unauthorized Access to Files, Cross Site Scripting (XSS)<br />https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&amp;javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03008543%25257CdocLocale%25253Dja_JP&amp;javax.portlet.begCacheTok=com.vignette.cachetoken&amp;javax.portlet.endCacheTok=com.vignette.cachetoken<br /><br />NTP 4.2.6p5-RC1 released<br />http://support.ntp.org/bin/view/Main/SoftwareDownloads<br />http://archive.ntp.org/ntp4/ChangeLog-stable-rc<br /><br />ウイルスバスター モバイル for Androidでオンラインユーザ登録が行えない現象について<br />http://www.trendmicro.co.jp/support/news.asp?id=1666<br /><br />Trend Micro ServerProtect for NetApp 5.8 Patch 1 公開のお知らせ<br />http://www.trendmicro.co.jp/support/news.asp?id=1664<br /><br />UPDATE: Oracle Critical Patch Update Advisory - October 2011<br />http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html<br /><br />HS11-023: Multiple vulnerabilities were found in JP1/Cm2/Network Node Manager i.<br />http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-023/index.html<br /><br />UPDATE: HS11-019: Hitachi Web ServerにおけるRangeヘッダによるDoS脆弱性<br />http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-019/index.html<br /><br />Independant Researcher : Dolphin - PHP Code Injection Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36922<br /><br />Independant Researcher : Site () School - SQL Injection &amp; Cross-site Scripting Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36923<br /><br />Mandriva : [MDVSA-2011:156] tomcat5 - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36914<br /><br />Positive Technologies : [PT-2011-14] BoonEx Dolphin - SQL Injection Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36921<br /><br />Red Hat : [RHSA-2011:1377-01] postgresql - Authentication Bypass Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36917<br /><br />Red Hat : [RHSA-2011:1378-01] postgresql84 - Authentication Bypass Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36918<br /><br />SuSE : [SUSE-SA:2011:041] Linux - kernel - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36919<br /><br />Ubuntu Security Notice : [USN-1231-1] PHP - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36920<br /><br />Gentoo Linux : [GLSA 201110-13] Tor - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36913<br /><br />Independant Researcher : [JVNDB-2011-000085]- DAEMON Tools IOCTL - Denial-Of-Service Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36903<br /><br />Independant Researcher : Java - DNS Poisoning Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36912<br /><br />Independant Researcher : X.Org - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36915<br /><br />Mandriva : [MDVSA-2011:155] SystemTap - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36905<br /><br />Mandriva : [MDVSA-2011:154] SystemTap - Denial-Of-Service Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36907<br /><br />Mandriva : [MDVSA-2011:153] libxfont - Buffer Overflow Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36908<br /><br />Mandriva : [MDVSA-2011:152] ncompress - Integer Underflow Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36909<br /><br />Mandriva : [MDVSA-2011:151] libpng - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36910<br /><br />ZDI : [ZDI-11-295] Apple - QuickTime - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36916<br /><br />Asterisk : [AST-2011-012] Asterisk - Denial-Of-Service Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36904<br /><br />Independant Researcher : [foofus-20111016] Toshiba - EStudio Multifunction Printer - Authentication Bypass Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36901<br /><br />Independant Researcher : WordPress - Simple:Press Forum - Code Execution and Full Path Disclosure Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36906<br /><br />Mandriva : [MDVSA-2011:149] Cyrus IMAP Server - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36885<br /><br />Mandriva : [MDVSA-2011:150] squid - Denial-Of-Service Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36891<br /><br />Sense of Security : [SOS-11-012] WordPress - BackWPUp plugin - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36890<br /><br />Slackware Linux : [SSA:2011-284-01] Slackware - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36882<br /><br />Gentoo Linux : [GLSA 201110-12] Unbound - Multiple Denial-Of-Service Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36892<br /><br />Red Hat : [RHSA-2011:1371-01] Pidgin - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36883<br /><br />Red Hat : [RHSA-2011:1369-01] httpd - Excessive Memory Usage Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36884<br /><br />Ubuntu Security Notice : [USN-1230-1] Quassel - Information Disclosure Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36881<br /><br />ZDI : [ZDI-11-290] Microsoft - Internet Explorer - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36886<br /><br />ZDI : [ZDI-11-289] Microsoft - Internet Explorer - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36887<br /><br />ZDI : [ZDI-11-288] Microsoft - Internet Explorer - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36888<br /><br />ZDI : [ZDI-11-287] Microsoft - Internet Explorer - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36889<br /><br />Gentoo Linux : [GLSA 201110-08] feh - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36893<br /><br />Gentoo Linux : [GLSA 201110-09] Conky - Privilege Escalation Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36894<br /><br />Gentoo Linux : [GLSA 201110-10] GNU Wget - File Overwrite Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36895<br /><br />Gentoo Linux : [GLSA 201110-11] Adobe - Flash Player - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36896<br /><br />Facebookのパスワードが1万件以上流出の恐れ、真偽は未確認<br />パスワードの使い回しは禁物、サービスごとに変更を<br />http://itpro.nikkeibp.co.jp/article/NEWS/20111020/371101/?ST=security<br /><br />JPCERT/CC WEEKLY REPORT<br />http://www.jpcert.or.jp/wr/2011/wr114001.html<br /><br />The old new Stuxnet...DuQu?<br />http://isc.sans.edu/diary.html?storyid=11836<br /><br />Oracle Critical Patch Update<br />http://isc.sans.edu/diary.html?storyid=11839<br /><br />Cisco Show and Share Lets Remote Users Access Some Administrative Pages and Remote Authenticated Users Execute Arbitrary Code<br />http://www.securitytracker.com/id/1026227<br /><br />CiscoWorks Common Services Home Page Input Validation Flaw Lets Remote Users Execute Arbitrary Commands<br />http://www.securitytracker.com/id/1026226<br /><br />Oracle OpenSSO Bugs Let Remote Users Deny Service and Partially Access Data<br />http://www.securitytracker.com/id/1026225<br /><br />Oracle Communications Unified Communications Suite Lets Local Users Gain Elevated Privileges<br />http://www.securitytracker.com/id/1026224<br /><br />Oracle Waveset User Administration Bug Lets Remote Users Partially Access and Modify Data and Partially Deny Service<br />http://www.securitytracker.com/id/1026223<br /><br />Sun GlassFish Enterprise Server Web Container Bug Lets Remote Users Deny Service<br />http://www.securitytracker.com/id/1026222<br /><br />Microsoft Publisher 'Pubconv.dll' Memory Corruption Error Lets Remote Users Execute Arbitrary Code<br />http://www.securitytracker.com/id/1026220<br /><br />Oracle Java Runtime Environment (JRE) Lets Remote Users Decrypt SSL/TLS Traffic<br />http://www.securitytracker.com/id/1026216<br /><br />Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service<br />http://www.securitytracker.com/id/1026215<br /><br />Kerberos KDC Null Pointer Dereference Bugs Let Remote Users Deny Service<br />http://www.securitytracker.com/id/1026213<br /><br />Check Point Safe@Office Input Validation Flaws Permits Cross-Site Scripting and Cross-Site Request Forgery Attacks<br />http://www.securitytracker.com/id/1026212<br /><br />Solaris Lets Remote Users Gain Full Control and Local Users Access and Modify Data and Deny Service<br />http://www.securitytracker.com/id/1026211<br /><br />Sun Ray Authentication Component Flaw Lets Remote Users Partially Access and Modify Data and Cause Partial Denail of Service Conditions<br />http://www.securitytracker.com/id/1026210<br /><br />Oracle Linux Lets Remote Authenticated Users Partially Access and Modifiy Data<br />http://www.securitytracker.com/id/1026209<br /><br />Oracle Health Sciences Industry Applications Bugs Let Remote Users Partially Modify Data<br />http://www.securitytracker.com/id/1026207<br /><br />Ubuntu update for krb5<br />http://secunia.com/advisories/46488/<br /><br />Oracle Integrated Lights Out Manager Information Disclosure Vulnerability<br />http://secunia.com/advisories/46509/<br /><br />Moodle Multiple Vulnerabilities<br />http://secunia.com/advisories/46427/<br /><br />Oracle OpenSSO Two Vulnerabilities<br />http://secunia.com/advisories/46527/<br /><br />Oracle OpenSSO Data Manipulation Vulnerability<br />http://secunia.com/advisories/46528/<br /><br />Novell ZENworks Configuration Management AdminStudio ActiveX Controls Vulnerabilities<br />http://secunia.com/advisories/46466/<br /><br />Kerberos KDC Multiple Denial of Service Vulnerabilities<br />http://secunia.com/advisories/46494/<br /><br />Oracle Communications Unified Two Vulnerabilities<br />http://secunia.com/advisories/46526/<br /><br />Yet Another CMS Two SQL Injection Vulnerabilities<br />http://secunia.com/advisories/46483/<br /><br />Ubuntu update for xorg-server<br />http://secunia.com/advisories/46495/<br /><br />Red Hat update for java-1.6.0-openjdk<br />http://secunia.com/advisories/46481/<br /><br />Dolphin "eval()" PHP Code Execution Vulnerability<br />http://secunia.com/advisories/46457/<br /><br />Dolphin "iIDcat" SQL Injection Vulnerability<br />http://secunia.com/advisories/46500/<br /><br />Oracle Waveset User Administration Vulnerability<br />http://secunia.com/advisories/46525/<br /><br />Oracle Solaris Multiple Vulnerabilities<br />http://secunia.com/advisories/46522/<br /><br />Oracle Sun Java System Application Server Denial of Service Vulnerability<br />http://secunia.com/advisories/46524/<br /><br />Oracle Glassfish Products Denial of Service Vulnerability<br />http://secunia.com/advisories/46523/<br /><br />Oracle WebLogic Server Information Disclosure and Privilege Escalation Vulnerabilities<br />http://secunia.com/advisories/46520/<br /><br />Oracle WebLogic Portal Unspecified Vulnerability<br />http://secunia.com/advisories/46519/<br /><br />Oracle Outside In Technology Denial of Service Weakness<br />http://secunia.com/advisories/46518/<br /><br />Oracle Business Intelligence BI Platform Security Unspecified Vulnerability<br />http://secunia.com/advisories/46517/<br /><br />Oracle Application Server Multiple Vulnerabilities<br />http://secunia.com/advisories/46516/<br /><br />Oracle JRockit Multiple Vulnerabilities<br />http://secunia.com/advisories/46521/<br /><br />Oracle Java SE Multiple Vulnerabilities<br />http://secunia.com/advisories/46512/<br /><br />Sun Ray Server Software Authentication Unspecified Vulnerability<br />http://secunia.com/advisories/46511/<br /><br />Gentoo update for tor<br />http://secunia.com/advisories/46472/<br /><br />SUSE update for gimp<br />http://secunia.com/advisories/46479/<br /><br />Fedora update for awstats<br />http://secunia.com/advisories/46478/<br /><br />Fedora update for ldns<br />http://secunia.com/advisories/46476/<br /><br />Fedora update for quagga<br />http://secunia.com/advisories/46475/<br /><br />Oracle PeopleSoft Enterprise Human Resource Management System Multiple Vulnerabilities<br />http://secunia.com/advisories/46505/<br /><br />Oracle PeopleSoft PeopleTools Two Vulnerabilities<br />http://secunia.com/advisories/46515/<br /><br />Oracle Agile PLM for Process Information Disclosure Vulnerability<br />http://secunia.com/advisories/46507/<br /><br />Oracle Siebel CRM Three Vulnerabilities<br />http://secunia.com/advisories/46506/<br /><br />Oracle E-Business Suite Multiple Vulnerabilities<br />http://secunia.com/advisories/46504/<br /><br />Oracle Remote Data Capture RDC Help Data Manipulation Vulnerability<br />http://secunia.com/advisories/46508/<br /><br />Oracle Thesaurus Management System TMS Help Data Manipulation Vulnerability<br />http://secunia.com/advisories/46513/<br /><br />Oracle Database Multiple Vulnerabilities<br />http://secunia.com/advisories/46502/<br /><br />X.Org xserver File Locking Weakness and Security Issue<br />http://secunia.com/advisories/46460/<br /><br />Avaya Identity Engines Ignition Server GIOP Processing Security Bypass Vulnerability<br />http://secunia.com/advisories/46501/<br /><br />Avaya Identity Engines Ignition Server GIOP Processing Security Bypass Vulnerability<br />http://secunia.com/advisories/46492/<br /><br />Mozilla Firefox/SeaMonkey CVE-2011-2990 Information Disclosure and Security Bypass Vulnerabilities<br />http://www.securityfocus.com/bid/49246<br /><br />Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2011-2987 Heap Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49226<br /><br />Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2011-2988 Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49242<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey CVE-2011-0084 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49213<br /><br />Mozilla Firefox and Thunderbird CVE-2011-2989 WebGL Memory-Corruption Vulnerabiility<br />http://www.securityfocus.com/bid/49239<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey CVE-2011-2985 Multiple Memory Corruption Vulnerabilities<br />http://www.securityfocus.com/bid/49224<br /><br />Oracle Java SE CVE-2011-3555 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50237<br /><br />Oracle Java SE CVE-2011-3549 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50223<br /><br />Oracle Java SE CVE-2011-3545 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50220<br /><br />Oracle Java SE CVE-2011-3550 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50226<br /><br />Oracle Java SE CVE-2011-3552 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50248<br /><br />Oracle Java SE CVE-2011-3557 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50234<br /><br />Oracle Java SE CVE-2011-3556 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50231<br /><br />KDE KSSL Common Name SSL Certificate Spoofing Vulnerability<br />http://www.securityfocus.com/bid/49925<br /><br />Oracle Java SE CVE-2011-3546 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50239<br /><br />Oracle Java SE CVE-2011-3561 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50250<br /><br />Oracle Java SE CVE-2011-3547 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50243<br /><br />Oracle Java SE CVE-2011-3516 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50229<br /><br />Oracle Java SE CVE-2011-3553 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50246<br /><br />Oracle Java SE CVE-2011-3558 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50242<br /><br />Oracle Java SE CVE-2011-3551 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50224<br /><br />Oracle Java SE CVE-2011-3548 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50211<br /><br />Oracle Java SE CVE-2011-3554 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50216<br /><br />Oracle Java SE CVE-2011-3560 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50236<br /><br />Oracle Java SE CVE-2011-3544 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50218<br /><br />Oracle Java SE CVE-2011-3521 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50215<br /><br />SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/49778<br /><br />MIT Kerberos Multiple Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/50273<br /><br />Oracle Java SE and Java for Business CVE-2010-4448 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/46398<br /><br />FreeBSD UNIX Domain Socket Local Privilege Escalation Vulnerabiity<br />http://www.securityfocus.com/bid/49862<br /><br />Tor Multiple Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/45953<br /><br />Tor Unspecified Buffer Overflow, Denial of Service and Information Disclosure Vulnerabilities<br />http://www.securityfocus.com/bid/45832<br /><br />Tor Directory Authority 'src/or/policies.c' Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/46618<br /><br />Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/48456<br /><br />Apache Tomcat AJP Protocol Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/49353<br /><br />AWStats 'awredir.pl' Multiple Cross-Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/49749<br /><br />ldns 'rr.c' Remote Heap Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49748<br /><br />Quagga Multiple Remote Security Vulnerabilities<br />http://www.securityfocus.com/bid/49784<br /><br />OpenOffice Microsoft Word File Format Importer Multiple Unspecified Security Vulnerabilities<br />http://www.securityfocus.com/bid/49969<br /><br />Opera Web Browser Information Disclosure and Unspecified Vulnerabilities<br />http://www.securityfocus.com/bid/49388<br /><br />apt SSL Certificate Validation Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/50288<br /><br />Plone CMFEditions Component (CVE-2011-4030) Remote Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/50287<br /><br />Boonex Dolphin 'xml/get_list.php' SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50286<br /><br />Cisco Show and Share CVE-2011-2585 Arbitrary File Upload Vulnerability<br />http://www.securityfocus.com/bid/50285<br /><br />CiscoWorks Common Services Remote Command Injection Vulnerability<br />http://www.securityfocus.com/bid/50284<br /><br />Moodle Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/50283<br /><br />Cisco Show and Share Anonymous Access Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/50282<br /><br />Microsoft Windows Local DNS Cache Poisoning Vulnerabilities<br />http://www.securityfocus.com/bid/50281<br /><br />WHMCompleteSolution 'cart.php' Local File Disclosure Vulnerability<br />http://www.securityfocus.com/bid/50280<br /><br />D-Link DCS-2121 Password Field Remote Command Execution Vulnerability<br />http://www.securityfocus.com/bid/50277<br /><br />1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability<br />http://www.securityfocus.com/bid/50275<br /><br />Novell ZENworks Configuration Management AdminStudio Remote Code Execution Vulnerabilities<br />http://www.securityfocus.com/bid/50274<br /><br />Yet Another CMS Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/50272<br /><br />Oracle Sun Products Suite CVE-2011-2292 Local Solaris Vulnerability<br />http://www.securityfocus.com/bid/50268<br /><br />Oracle PeopleSoft CVE-2011-3529 Remote PeopleSoft Enterprise HRMS Vulnerability<br />http://www.securityfocus.com/bid/50267<br /><br />Oracle Sun Products Suite CVE-2011-2286 Remote Vulnerability<br />http://www.securityfocus.com/bid/50265<br /><br />Oracle Sun Products Suite CVE-2011-3507 Remote Oracle Communications Unified Vulnerability<br />http://www.securityfocus.com/bid/50264<br /><br />Oracle PeopleSoft Products CVE-2011-2315 Remote PeopleSoft Enterprise PeopleTools Vulnerability<br />http://www.securityfocus.com/bid/50263<br /><br />Oracle Sun Products Suite CVE-2011-3536 Local Vulnerability<br />http://www.securityfocus.com/bid/50262<br /><br />Oracle Sun Product Suite CVE-2011-3537 Local Vulnerability<br />http://www.securityfocus.com/bid/50259<br /><br />Oracle Sun Products Suite CVE-2011-3506 Remote Oracle OpenSSO Vulnerability<br />http://www.securityfocus.com/bid/50252<br /><br />Oracle PeopleSoft Products CVE-2011-3533 Remote PeopleSoft Enterprise HRMS Vulnerability<br />http://www.securityfocus.com/bid/50249<br /><br />Oracle Sun Solaris CVE-2011-3542 Local Vulnerability<br />http://www.securityfocus.com/bid/50244<br /><br />Oracle PeopleSoft Products CVE-2011-3527 Remote PeopleSoft Enterprise HRMS Vulnerability<br />http://www.securityfocus.com/bid/50241<br /><br />Oracle E-Business Suite CVE-2011-3519 Remote Oracle Applications Framework Vulnerability<br />http://www.securityfocus.com/bid/50233<br /><br />Oracle Supply Chain Products Suite CVE-2011-3532 Remote Oracle Agile Product Supplier Collaboration<br />http://www.securityfocus.com/bid/50227<br /><br />Oracle E-Business Suite CVE-2011-2303 Remote Oracle Application Object Library Vulnerability<br />http://www.securityfocus.com/bid/50225<br /><br />Oracle E-Business Suite CVE-2011-2302 Remote Oracle Application Object Library Vulnerability<br />http://www.securityfocus.com/bid/50221<br /><br />Oracle Database Server CVE-2011-3511 Remote Database Vault Vulnerability<br />http://www.securityfocus.com/bid/50219<br /><br />Oracle Fusion Middleware CVE-2011-3523 Remote Oracle Web Services Manager Vulnerability<br />http://www.securityfocus.com/bid/50209<br /><br />Oracle Fusion Middleware CVE-2011-2319 Remote Oracle WebLogic Server Vulnerability<br />http://www.securityfocus.com/bid/50206<br /><br />Oracle Fusion Middleware CVE-2011-2255 Remote Oracle WebLogic Portal Vulnerability<br />http://www.securityfocus.com/bid/50205<br /><br />Opera 11.52 released<br />http://www.opera.com/docs/changelogs/windows/1152/<br /><br />CESA-2011:1377 (postgresql)<br />http://lwn.net/Alerts/463689/<br /><br />CESA-2011:1378 (postgresql84)<br />http://lwn.net/Alerts/463690/<br /><br />phpMyAdmin 3.4.7-rc1 is released<br />http://sourceforge.net/news/?group_id=23067&amp;id=304070<br /><div><br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/271993289796750713-1922984445654530121?l=isneophyte.blogspot.com' alt='' /></div>Bouno Tokyonoreply@blogger.com0tag:blogger.com,1999:blog-271993289796750713.post-1650753798222496792011-10-19T11:00:00.001+09:002011-10-19T11:05:03.177+09:00<br />RHSA-2011:1379-1: Moderate: krb5 security update<br />http://rhn.redhat.com/errata/RHSA-2011-1379.html<br /><div><br /></div><br /><br /><br /><br />+ J2SE JDK/JRE 1.6.0_29 released<br />http://www.oracle.com/technetwork/java/javase/6u29-relnotes-507960.html<br /><br />+ Oracle Critical Patch Update Advisory - October 2011<br />http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html<br /><br />+ Oracle Java SE Critical Patch Update Advisory - October 2011<br />http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html<br /><br />+ Critical: java-1.6.0-openjdk security update<br />http://rhn.redhat.com/errata/RHSA-2011-1380.html<br /><br />- SA46468: HP Data Protector Multiple Unspecified Vulnerabilities<br />http://secunia.com/advisories/46468/<br /><br />- PHP Prior to 5.3.7 Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities<br />http://www.securityfocus.com/bid/49249<br /><br />- PHP CVE-2011-2202 Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/48259<br /><br />- PHP 'socket_connect()' Function Stack Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/47950<br /><br />BIND 9.9.0a3 released<br />https://www.isc.org/software/bind/990a3<br /><br />UPDATE: Cisco IOS Software Data-Link Switching Vulnerability<br />http://www.cisco.com/warp/public/707/cisco-sa-20110928-dlsw.shtml<br /><br />UPDATE: Cisco IOS Software IP Service Level Agreement Vulnerability<br />http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-ipsla<br /><br />ウイルスバスター for Mac プログラムアップデートのお知らせ<br />http://www.trendmicro.co.jp/support/news.asp?id=1634<br /><br />[ MDVSA-2011:156 ] tomcat5<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00113.html<br /><br />Dolphin ＜= 7.0.7 (member_menu_queries.php) Remote PHP Code Injection<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00112.html<br /><br />Site@School 2.4.10 SQL Injection &amp; XSS vulnerabilities<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00111.html<br /><br />[PT-2011-14] SQL injection vulnerability in BoonEx Dolphin<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00110.html<br /><br />「セサミストリート」でアダルト動画！？YouTubeで乗っ取り発覚<br />不適切な動画が20分間掲載、プロフィルも改ざん<br />http://itpro.nikkeibp.co.jp/article/NEWS/20111019/371021/?ST=security<br /><br />Critical Control 12 : Malware Defense<br />http://isc.sans.edu/diary.html?storyid=11830<br /><br />ClamAV Recursion Level Handling Vulnerability<br />http://secunia.com/advisories/46455/<br /><br />TYPO3 phpMyAdmin Extension Cross-Site Scripting Vulnerability<br />http://secunia.com/advisories/46463/<br /><br />Joomla! Information Disclosure Vulnerabilities<br />http://secunia.com/advisories/46421/<br /><br />SUSE update for cups<br />http://secunia.com/advisories/46409/<br /><br />SUSE update for cups<br />http://secunia.com/advisories/46448/<br /><br />SUSE update for libopenssl<br />http://secunia.com/advisories/46452/<br /><br />SUSE update for libopenssl<br />http://secunia.com/advisories/46453/<br /><br />GNUBoard URL SQL Injection Vulnerability<br />http://secunia.com/advisories/46443/<br /><br />SUSE update for php5<br />http://secunia.com/advisories/46425/<br /><br />SUSE update for kdelibs4<br />http://secunia.com/advisories/46439/<br /><br />SUSE update for wireshark<br />http://secunia.com/advisories/46449/<br /><br />SUSE update for libreoffice<br />http://secunia.com/advisories/46450/<br /><br />SUSE update for popt<br />http://secunia.com/advisories/46451/<br /><br />SUSE update for tomcat6<br />http://secunia.com/advisories/46454/<br /><br />Microsoft Office Publisher Document Insertion Buffer Overflow Vulnerability<br />http://secunia.com/advisories/46438/<br /><br />Ubuntu update for php5<br />http://secunia.com/advisories/46374/<br /><br />Piwik Multiple Unspecified Vulnerabilities<br />http://secunia.com/advisories/46461/<br /><br />Asterisk SIP Channel Driver Uninitialised Variables Denial of Service Vulnerability<br />http://secunia.com/advisories/46420/<br /><br />WordPress WP Photo Album Plus Plugin "wppa-album" SQL Injection Vulnerability<br />http://secunia.com/advisories/46467/<br /><br />HP Data Protector Multiple Unspecified Vulnerabilities<br />http://secunia.com/advisories/46468/<br /><br />Oracle Fusion Middleware Bugs Let Remote Users Partially Access and Modify Data and Remote and Local Users Partially Deny Service<br />http://www.securitytracker.com/id/1026206<br /><br />Piwik Data Processing Multiple Unspecified Remote Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2204.php<br /><br />Microsoft Publisher "Pubconv.dll" Document Insertion Memory Corruption<br />http://www.vupen.com/english/ADV-2011-2203.php<br /><br />HP Data Protector Notebook Extension Multiple Remote Code Execution<br />http://www.vupen.com/english/ADV-2011-2202.php<br /><br />phpMyAdmin "phpmyadmin.css.php" Remote Path Disclosure Vulnerability<br />http://www.vupen.com/english/ADV-2011-2201.php<br /><br />phpMyAdmin Setup Interface Data Processing Cross Site Scripting<br />http://www.vupen.com/english/ADV-2011-2200.php<br /><br />Check Point UTM-1 Edge and Safe@Office WebUI Multiple Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2199.php<br /><br />Microsys Promotic Directory Traversal and Buffer Overflow Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2198.php<br /><br />OPC Systems .NET Remote Procedural Call Denial of Service Vulnerability<br />http://www.vupen.com/english/ADV-2011-2197.php<br /><br />Honeywell TEMA Remote Installer ActiveX Code Execution Vulnerability<br />http://www.vupen.com/english/ADV-2011-2196.php<br /><br />atvise webMI HTTP Requests Processing Multiple Remote Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2195.php<br /><br />IRAI AUTOMGEN Project File Processing Buffer Overflow Vulnerability<br />http://www.vupen.com/english/ADV-2011-2194.php<br /><br />Asterisk SIP Channel Driver Unitialized Variable Denial of Service Vulnerability<br />http://www.vupen.com/english/ADV-2011-2193.php<br /><br />Joomla! Data Processing Multiple Information Disclosure Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2192.php<br /><br />Drupal Cumulus Module Data Processing Cross Site Scripting Vulnerability<br />http://www.vupen.com/english/ADV-2011-2191.php<br /><br />Drupal Certificate Login Module Remote SQL Injection Vulnerability<br />http://www.vupen.com/english/ADV-2011-2190.php<br /><br />OneOrZero AIMS Authentication Bypass and SQL Injection Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2189.php<br /><br />D-Link DIR-685 Xtreme N Storage Router WPA/WPA2 Encryption Issue<br />http://www.vupen.com/english/ADV-2011-2188.php<br /><br />GoAhead Webserver Multiple Parameter Cross Site Scripting Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2187.php<br /><br />REMOTE: Apple Safari Webkit libxslt Arbitrary File Creation<br />http://www.exploit-db.com/exploits/17993<br /><br />Oracle Sun Products Suite CVE-2011-2292 Local Solaris Vulnerability<br />http://www.securityfocus.com/bid/50268<br /><br />Oracle PeopleSoft CVE-2011-3529 Remote PeopleSoft Enterprise HRMS Vulnerability<br />http://www.securityfocus.com/bid/50267<br /><br />Oracle Sun Products Suite CVE-2011-2286 Remote Vulnerability<br />http://www.securityfocus.com/bid/50265<br /><br />Oracle Sun Products Suite CVE-2011-3507 Remote Oracle Communications Unified Vulnerability<br />http://www.securityfocus.com/bid/50264<br /><br />Oracle PeopleSoft Products CVE-2011-2315 Remote PeopleSoft Enterprise PeopleTools Vulnerability<br />http://www.securityfocus.com/bid/50263<br /><br />Oracle Sun Products Suite CVE-2011-3536 Local Vulnerability<br />http://www.securityfocus.com/bid/50262<br /><br />Oracle Sun Product Suite CVE-2011-3537 Local Vulnerability<br />http://www.securityfocus.com/bid/50259<br /><br />Oracle Sun Products Suite CVE-2011-3506 Remote Oracle OpenSSO Vulnerability<br />http://www.securityfocus.com/bid/50252<br /><br />Oracle PeopleSoft Products CVE-2011-3533 Remote PeopleSoft Enterprise HRMS Vulnerability<br />http://www.securityfocus.com/bid/50249<br /><br />Oracle Sun Solaris CVE-2011-3542 Local Vulnerability<br />http://www.securityfocus.com/bid/50244<br /><br />Oracle PeopleSoft Products CVE-2011-3527 Remote PeopleSoft Enterprise HRMS Vulnerability<br />http://www.securityfocus.com/bid/50241<br /><br />Oracle E-Business Suite CVE-2011-3519 Remote Oracle Applications Framework Vulnerability<br />http://www.securityfocus.com/bid/50233<br /><br />Oracle Supply Chain Products Suite CVE-2011-3532 Remote Oracle Agile Product Supplier Collaboration<br />http://www.securityfocus.com/bid/50227<br /><br />Oracle E-Business Suite CVE-2011-2303 Remote Oracle Application Object Library Vulnerability<br />http://www.securityfocus.com/bid/50225<br /><br />Oracle E-Business Suite CVE-2011-2302 Remote Oracle Application Object Library Vulnerability<br />http://www.securityfocus.com/bid/50221<br /><br />Oracle Database Server CVE-2011-3511 Remote Database Vault Vulnerability<br />http://www.securityfocus.com/bid/50219<br /><br />Oracle Fusion Middleware CVE-2011-3523 Remote Oracle Web Services Manager Vulnerability<br />http://www.securityfocus.com/bid/50209<br /><br />Oracle Fusion Middleware CVE-2011-2319 Remote Oracle WebLogic Server Vulnerability<br />http://www.securityfocus.com/bid/50206<br /><br />Oracle Fusion Middleware CVE-2011-2255 Remote Oracle WebLogic Portal Vulnerability<br />http://www.securityfocus.com/bid/50205<br /><br />RETIRED: Oracle October 2011 Critical Patch Update Multiple Vulnerabilities<br />http://www.securityfocus.com/bid/50119<br /><br />Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/49303<br /><br />Symantec IM Manager Code Injection Vulnerability<br />http://www.securityfocus.com/bid/49742<br /><br />Apple Mac OS X FlashPix Files CVE-2011-3222 Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50100<br /><br />Oracle Solaris CVE-2011-2312 'ZFS' Sub Component Local Vulnerability<br />http://www.securityfocus.com/bid/50269<br /><br />X.Org X11 Local Privilege Escalation Vulnerability and Memory Leak Vulnerability<br />http://www.securityfocus.com/bid/50002<br /><br />RETIRED: Oracle Java SE Critical Patch Update October 2011 Advance Notification<br />http://www.securityfocus.com/bid/50118<br /><br />SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/49778<br /><br />Oracle Linux CVE-2011-2306 Oracle Validation Security Vulnerability<br />http://www.securityfocus.com/bid/50194<br /><br />PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/49241<br /><br />Multiple Cisco Products CVE-2011-2738 Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/49627<br /><br />Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/48667<br /><br />Apache Tomcat HTTP DIGEST Authentication CVE-2011-1184 Multiple Security Weaknesses<br />http://www.securityfocus.com/bid/49762<br /><br />Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/48456<br /><br />Apache Tomcat AJP Protocol Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/49353<br /><br />Quagga Multiple Remote Security Vulnerabilities<br />http://www.securityfocus.com/bid/49784<br /><br />ClamAV Recursion Level Handling Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50183<br /><br />rpm-python RPM File Handling Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49799<br /><br />Joomla! 'com_jfuploader' Arbitrary File Upload Vulnerability<br />http://www.securityfocus.com/bid/44559<br /><br />phpMyAdmin Setup Interface Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50175<br /><br />PHP 'ZipArchive::addGlob' and 'ZipArchive::addPattern' Denial Of Service Vulnerabilities<br />http://www.securityfocus.com/bid/49252<br /><br />PHP Prior to 5.3.7 Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities<br />http://www.securityfocus.com/bid/49249<br /><br />PHP Versions Prior to 5.3.3/5.2.14 Multiple Vulnerabilities<br />http://www.securityfocus.com/bid/41991<br /><br />PHP CVE-2011-2202 Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/48259<br /><br />PHP 'socket_connect()' Function Stack Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/47950<br /><br />WebKit 'libxslt' Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48840<br /><br />Avaya Identity Engines Ignition Server Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/50271<br /><br />Oracle Solaris CVE-2011-3539 Local Solaris Vulnerability<br />http://www.securityfocus.com/bid/50270<br /><br />Oracle Solaris CVE-2011-2311 ZFS Component Local Vulnerability<br />http://www.securityfocus.com/bid/50266<br /><br />Oracle Sun Products CVE-2011-3522 Local SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade Vulnerability<br />http://www.securityfocus.com/bid/50261<br /><br />Oracle Siebel CRM CVE-2011-2316 Siebel Apps - Marketing Remote Vulnerability<br />http://www.securityfocus.com/bid/50260<br /><br />Oracle Sun Products CVE-2011-2327 Local Oracle Communications Unified Vulnerability<br />http://www.securityfocus.com/bid/50258<br /><br />Oracle Solaris CVE-2011-2304 Remote Vulnerability<br />http://www.securityfocus.com/bid/50257<br /><br />Oracle Siebel CRM CVE-2011-3518 Siebel Core - UIF Client Remote Vulnerability<br />http://www.securityfocus.com/bid/50256<br /><br />Oracle Sun Solaris CVE-2011-3535 Remote Vulnerability<br />http://www.securityfocus.com/bid/50255<br /><br />Oracle Solaris CVE-2011-2313 Local Solaris Vulnerability<br />http://www.securityfocus.com/bid/50254<br /><br />Oracle PeopleSoft Products CVE-2011-3528 Remote PeopleSoft Enterprise HRMS Vulnerability<br />http://www.securityfocus.com/bid/50253<br /><br />Oracle Sun Solaris CVE-2011-3534 Remote Vulnerability<br />http://www.securityfocus.com/bid/50251<br /><br />Oracle Java SE CVE-2011-3561 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50250<br /><br />Oracle Java SE CVE-2011-3552 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50248<br /><br />Oracle PeopleSoft CVE-2011-3520 PeopleSoft Enterprise PeopleTools Remote Vulnerability<br />http://www.securityfocus.com/bid/50247<br /><br />Oracle Java SE CVE-2011-3553 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50246<br /><br />Oracle Industry Applications CVE-2011-3538 Remote Sun Ray Vulnerability<br />http://www.securityfocus.com/bid/50245<br /><br />Oracle Java SE CVE-2011-3547 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50243<br /><br />Oracle Java SE CVE-2011-3558 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50242<br /><br />Oracle Industry Applications CVE-2011-2309 Remote Health Sciences - Oracle Clinical, Remote Data Cap<br />http://www.securityfocus.com/bid/50240<br /><br />Oracle Java SE CVE-2011-3546 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50239<br /><br />Oracle PeopleSoft CVE-2011-3530 PeopleSoft Enterprise HRMS Remote Vulnerability<br />http://www.securityfocus.com/bid/50238<br /><br />Oracle Java SE CVE-2011-3555 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50237<br /><br />Oracle Java SE CVE-2011-3560 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50236<br /><br />Oracle Sun Solaris CVE-2011-3515 Local Vulnerability<br />http://www.securityfocus.com/bid/50235<br /><br />Oracle Java SE CVE-2011-3557 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50234<br /><br />Oracle E-Business Suite CVE-2011-2308 Oracle Application Object Library Remote Vulnerability<br />http://www.securityfocus.com/bid/50232<br /><br />Oracle Java SE CVE-2011-3556 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50231<br /><br />Oracle Siebel CRM CVE-2011-3526 Remote Siebel Core - UIF Server Vulnerability<br />http://www.securityfocus.com/bid/50230<br /><br />Oracle Java SE CVE-2011-3516 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50229<br /><br />Oracle Waveset CVE-2011-2310 Remote Vulnerability<br />http://www.securityfocus.com/bid/50228<br /><br />Oracle Java SE CVE-2011-3550 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50226<br /><br />Oracle Java SE CVE-2011-3551 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50224<br /><br />Oracle Java SE CVE-2011-3549 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50223<br /><br />Oracle Database CVE-2011-2322 Remote Database Vault Vulnerability<br />http://www.securityfocus.com/bid/50222<br /><br />Oracle Java SE CVE-2011-3545 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50220<br /><br />Oracle Java SE CVE-2011-3544 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50218<br /><br />Oracle E-Business Suite CVE-2011-3513 Oracle Application Object Library Remote Vulnerability<br />http://www.securityfocus.com/bid/50217<br /><br />Oracle Java SE CVE-2011-3554 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50216<br /><br />Oracle Java SE and Java for Business CVE-2011-3521 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50215<br /><br />Oracle Sun Solaris CVE-2011-3543 Remote Vulnerability<br />http://www.securityfocus.com/bid/50214<br /><br />Oracle Fusion Middleware CVE-2011-3510 Remote Oracle Business Intelligence Enterprise Edition Vulner<br />http://www.securityfocus.com/bid/50213<br /><br />Oracle Fusion Middleware CVE-2011-2237 Remote Oracle Web Services Manager Vulnerability<br />http://www.securityfocus.com/bid/50212<br /><br />Oracle Java SE CVE-2011-3548 Remote Java Runtime Environment Vulnerability<br />http://www.securityfocus.com/bid/50211<br /><br />Oracle Fusion Middleware CVE-2011-2318 Oracle WebLogic Server Local Vulnerability<br />http://www.securityfocus.com/bid/50210<br /><br />Oracle OpenSSO CVE-2011-3517 Remote Vulnerability<br />http://www.securityfocus.com/bid/50208<br /><br />Oracle Fusion Middleware CVE-2011-3541 Oracle Outside In Technology Local Vulnerability<br />http://www.securityfocus.com/bid/50207<br /><br />Oracle Database CVE-2011-3512 Remote Core RDBMS Vulnerability<br />http://www.securityfocus.com/bid/50203<br /><br />Oracle Fusion Middleware CVE-2011-2314 Oracle Containers for J2EE Remote Vulnerability<br />http://www.securityfocus.com/bid/50202<br /><br />Oracle Sun Solaris CVE-2011-3508 Remote Vulnerability<br />http://www.securityfocus.com/bid/50201<br /><br />Oracle Database CVE-2011-2301 Oracle Text Local Vulnerability<br />http://www.securityfocus.com/bid/50199<br /><br />Oracle Fusion Middleware CVE-2011-2320 Remote WebLogic Server Vulnerability<br />http://www.securityfocus.com/bid/50198<br /><br />Oracle Database CVE-2011-3525 Remote Application Express Vulnerability<br />http://www.securityfocus.com/bid/50197<br /><br />X.Org X11 File Read Permission Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/50196<br /><br />Site@School 'index.php' Cross Site Scripting and SQL Injection Vulnerabilities<br />http://www.securityfocus.com/bid/50195<br /><br />X.Org X11 File Enumeration Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/50193<br /><br />PAM 'update-motd' Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/50192<br /><br />Joomla NoNumber! Extension Manager Plugin Local File Include and PHP code Injection Vulnerabilities<br />http://www.securityfocus.com/bid/50191<br /><br />TYPO3 T3blog Extension Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50190<br /><br />Check Point UTM-1 Edge and Safe Multiple Unspecified Security Vulnerabilities<br />http://www.securityfocus.com/bid/50189<br /><br />Joomla! Unspecified Information Disclosure Vulnerabilities<br />http://www.securityfocus.com/bid/50188<br /><br />Boonex Dolphin 'member_menu_queries.php' PHP Code Injection Vulnerability<br />http://www.securityfocus.com/bid/50185<br /><br />Piwik Prior to 1.6 Multiple Unspecified Security Vulnerabilities<br />http://www.securityfocus.com/bid/50182<br /><br />HP Data Protector Unspecified Remote Code Execution Vulnerabilities<br />http://www.securityfocus.com/bid/50181<br /><div><br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/271993289796750713-165075379822249679?l=isneophyte.blogspot.com' alt='' /></div>Bouno Tokyonoreply@blogger.com0tag:blogger.com,1999:blog-271993289796750713.post-69322637330800661962011-10-18T10:17:00.001+09:002011-10-18T16:18:16.844+09:00<br />CESA-2011:1371 (pidgin)<br />http://lwn.net/Alerts/463346/<br /><br />PMASA-2011-16: XSS in setup.<br />http://www.phpmyadmin.net/home_page/security/PMASA-2011-16.php<br /><br />プレス発表<br />脅威を増す標的型のサイバー攻撃に関する注意喚起<br />～セキュリティ対応状況の確認と対策の徹底を～<br />http://www.ipa.go.jp/about/press/20111018.html<br /><br />日本オラクル、DBファイアウォール製品を11月出荷<br />http://itpro.nikkeibp.co.jp/article/NEWS/20111018/370976/?ST=security<br /><br />Linux Kernel Null Pointer Dereference in AppArmor Lets Local Users Deny Service<br />http://www.securitytracker.com/id/1026200<br /><br />phpMyAdmin Input Validation Flaw in Setup Interface Permits Cross-Site Scripting Attacks<br />http://www.securitytracker.com/id/1026199<br /><br />Logsurfer Double Free Memory Error in prepare_exec() Lets Local Users Deny Service<br />http://www.securitytracker.com/id/1026198<br /><br />GNUBoard Input Validation Flaw in '/bbs/tb.php' Lets Remote Users Inject SQL Commands<br />http://www.securitytracker.com/id/1026197<br /><br />Asterisk SIP Channel Driver Uninitialized Variable Access Bug Lets Remote Users Deny Service<br />http://www.securitytracker.com/id/1026191<br /><div><br /></div><div><br /></div><div><br /></div><div><br /></div><br />+ RHSA-2011:1377-1: Moderate: postgresql security update<br />http://rhn.redhat.com/errata/RHSA-2011-1377.html<br /><br />- SA46423: Linux Kernel "apparmor_setprocattr()" Denial of Service Vulnerability<br />http://secunia.com/advisories/46423/<br />http://www.securityfocus.com/bid/50172<br /><br />- RHSA-2011:1378-1: Moderate: postgresql84 security update<br />http://rhn.redhat.com/errata/RHSA-2011-1378.html<br /><br />* libpng 'pngerror.c' Off-By-One Error Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/48474<br /><br />[ANNOUNCE] PostgreSQL Data Sync released (new software)<br />http://www.sqlmaestro.com/products/postgresql/datasync/<br /><br />Apache James Mime4j 0.7.1 released<br />http://james.apache.org/newsarchive.html#a111711<br /><br />Apache James Protocols 1.6-beta1 released<br />http://james.apache.org/newsarchive.html#a111611<br /><br />Data Exfiltration and Output Devices - An Overlooked Threat<br />http://www.cert.org/blogs/insider_threat/2011/10/data_exfiltration_and_output_devices_-_an_overlooked_threat.html<br /><br />[ MDVSA-2011:155 ] systemtap<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00109.html<br /><br />[ MDVSA-2011:154 ] systemtap<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00104.html<br /><br />AST-2011-012: Remote crash vulnerability in SIP channel driver<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00108.html<br /><br />ZDI-11-290 : Microsoft Internet Explorer SetExpandedClipRect Remote,Code Execution Vulnerabi<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00107.html<br /><br />[ MDVSA-2011:153 ] libxfont<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00103.html<br /><br />ZDI-11-289 : Microsoft Internet Explorer swapNode Handling Remote Code,Execution Vulnerabili<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00106.html<br /><br />ZDI-11-288 : Microsoft Internet Explorer Select Element Insufficient,Type Checking Remote Co<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00105.html<br /><br />[ MDVSA-2011:152 ] ncompress<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00102.html<br /><br />[ MDVSA-2011:151 ] libpng<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00096.html<br /><br />[Announcement] ClubHack Magazine - Call for Articles<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00101.html<br /><br />WordPress Plugin BackWPUp 2.1.4 - Security Advisory - SOS-11-012<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00100.html<br /><br />DAEMON Tools IOCTL local denial-of-service vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00099.html<br /><br />foofus.net Security Advisory - Toshiba eStudio Multifunction Printer Authentication Bypass<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00098.html<br /><br />[ MDVSA-2011:150 ] squid<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00095.html<br /><br />ZDI-11-287 : Internet Explorer Select Element Cache Remote Code Execution Vulnerability<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00094.html<br /><br />[ GLSA 201110-12 ] Unbound: Denial of Service<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00093.html<br /><br />[slackware-security] httpd (SSA:2011-284-01)<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00092.html<br /><br />[ MDVSA-2011:149 ] cyrus-imapd<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00091.html<br /><br />半年で900件の「標的型攻撃」、警察庁が発表<br />ウイルスで盗んだメールを悪用する「標的型メール」も出現<br />http://itpro.nikkeibp.co.jp/article/NEWS/20111018/370961/?ST=security<br /><br />JVNDB-2011-002375 GoAhead Webserver にクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002375.html<br /><br />JVNDB-2011-002374 D-Link DIR-685 Xtreme N Storage Router の暗号化通信に脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002374.html<br /><br />JVNDB-2011-002373 Quagga の ecommunity_ecom2str 関数におけるにおけるヒープベースのバッファオーバーフローの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002373.html<br /><br />JVNDB-2011-002372 Quagga の ospf_flood 関数におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002372.html<br /><br />JVNDB-2011-000088 iOS 上の Safari におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000088.html<br /><br />Critical Control 11: Account Monitoring and Control<br />http://isc.sans.edu/diary.html?storyid=11824<br /><br />WordPress BackWPup Plugin "BackWPupJobTemp" File Inclusion Vulnerability<br />http://secunia.com/advisories/46435/<br /><br />Linux Kernel "apparmor_setprocattr()" Denial of Service Vulnerability<br />http://secunia.com/advisories/46423/<br /><br />phpMyAdmin "setup.php" Cross-Site Scripting Vulnerability<br />http://secunia.com/advisories/46431/<br /><br />Logsurfer "prepare_exec()" Double-Free Vulnerability<br />http://secunia.com/advisories/46389/<br /><br />WordPress WordPress Users Plugin "uid" SQL Injection Vulnerability<br />http://secunia.com/advisories/46442/<br /><br />Novell Open Enterprise Server DSfW Group Policy Object Security Bypass Security Issue<br />http://secunia.com/advisories/46444/<br /><br />BlueZone Desktop iSeries Printer ZAP File Processing Buffer Overflow<br />http://secunia.com/advisories/46382/<br /><br />aSgbookPHP URL Cross-Site Scripting Vulnerability<br />http://secunia.com/advisories/46464/<br /><br />Fedora update for puppet<br />http://secunia.com/advisories/46458/<br /><br />Gentoo update for unbound<br />http://secunia.com/advisories/46433/<br /><br />Novell Open Enterprise Server Configuration Lets Remote Authenticated Users Gain Elevated Privileges<br />http://www.securitytracker.com/id/1026190<br /><br />REMOTE: Apple Safari file:// Arbitrary Code Execution<br />http://www.exploit-db.com/exploits/17986/<br /><br />RETIRED: Apple Safari Prior to 5.1.1 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/50089<br /><br />Microsoft Internet Explorer 'SwapNode()' CVE-2011-2000 Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49965<br /><br />Apple Safari CVE-2011-3230 'file://' Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/50162<br /><br />SystemTap DWARF Expression Handling Two Divide-By-Zero Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/47934<br /><br />WordPress Light Post Plugin 'abspath' Parameter Remote File Include Vulnerability<br />http://www.securityfocus.com/bid/50080<br /><br />Microsoft Internet Explorer Select Element CVE-2011-1999 Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49964<br /><br />X.Org libXfont LZW Decompression 'BufCompressedFill()' Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/49124<br /><br />GNU gzip LZW Compression Remote Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/37886<br /><br />Microsoft Internet Explorer Virtual Function Table CVE-2011-2001 Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49966<br /><br />Linux Kernel 'CIFSFindNext()' Function Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49295<br /><br />Linux Kernel 'FUSE_NOTIFY_INVAL_ENTRY' Message Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49527<br /><br />Linux Kernel 'fs/befs/linuxvfs.c' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49256<br /><br />Microsoft Internet Explorer Option Element CVE-2011-1996 Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49961<br /><br />Libpurple Yahoo Protocol 'YMSG' NULL Pointer Dereference Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/46837<br /><br />Pidgin 'silc_private_message()' Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49912<br /><br />Unbound 'sock_list' Structure Allocation Remote Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/38701<br /><br />Unbound DNS Resolver Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47986<br /><br />Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49534<br /><br />ldns 'rr.c' Remote Heap Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49748<br /><br />Netzip Classic '.zip' File Parsing Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/46059<br /><br />libpng PNG File Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/48618<br /><br />libpng 'pngerror.c' Off-By-One Error Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/48474<br /><br />Puppet Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/49909<br /><br />Openswan IKE Packet NULL Pointer Dereference Remote Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/49984<br /><br />libpng Buffer Overflow and Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/48660<br /><br />Microsoft Windows TCP/IP QOS CVE-2011-1965 Remote Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/48990<br /><br />Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/49616<br /><br />Apple Safari 'libxml' (CVE-2011-0216) Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48832<br /><br />RETIRED: Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities<br />http://www.securityfocus.com/bid/50086<br /><br />RETIRED: Apple Mac OS X Prior to 10.7.2 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/50085<br /><br />Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability<br />http://www.securityfocus.com/bid/49949<br /><br />Adobe Flash Player CVE-2011-2110 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/48268<br /><br />Adobe Flash Player CVE-2011-0579 Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/47847<br /><br />Adobe Flash Player CVE-2011-0620 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/47807<br /><br />Adobe Flash Player CVE-2011-0609 'SWF' File Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/46860<br /><br />FlexNet License Server Manager Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/49191<br /><br />Adobe Flash Player CVE-2011-2429 Security Control Bypass Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/49718<br /><br />Adobe Flash Player CVE-2011-2428 Logic Error Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/49716<br /><br />Adobe Flash Player CVE-2011-2430 Streaming Media Logic Error Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/49717<br /><br />Adobe Flash Player CVE-2011-2427 AVM Stack Overflow Vulnerability<br />http://www.securityfocus.com/bid/49715<br /><br />Adobe Flash Player CVE-2011-2444 Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/49710<br /><br />Adobe Flash Player CVE-2011-2424 Multiple Memory Corruption Vulnerabilities<br />http://www.securityfocus.com/bid/49186<br /><br />Adobe Flash Player CVE-2011-2426 AVM Stack Overflow Vulnerability<br />http://www.securityfocus.com/bid/49714<br /><br />Adobe Flash Player CVE-2011-2139 Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/49086<br /><br />Adobe Flash Player CVE-2011-2425 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49085<br /><br />Adobe Flash Player CVE-2011-2417 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49084<br /><br />Adobe Flash Player CVE-2011-2140 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49083<br /><br />Adobe Flash Player 'flash.display' Class Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49082<br /><br />Adobe Flash Player CVE-2011-2136 Remote Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49079<br /><br />Adobe Flash Player CVE-2011-2416 Remote Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49081<br /><br />Adobe Flash Player 'BitmapData.scroll' Remote Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49080<br /><br />Adobe Flash Player CVE-2011-2415 Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49077<br /><br />Adobe Flash Player CVE-2011-2134 Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49074<br /><br />Adobe Flash Player CVE-2011-2137 Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49075<br /><br />Adobe Flash Player CVE-2011-2414 Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49076<br /><br />Adobe Flash Player CVE-2011-2107 Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/48107<br /><br />Adobe Flash Player CVE-2011-2130 Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49073<br /><br />Adobe Flash Player CVE-2011-0628 Remote Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/47961<br /><br />Adobe Flash Player ActionScript Virtual Machine CVE-2011-0618 Remote Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/47815<br /><br />Adobe Flash Player CVE-2011-0625 Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/47813<br /><br />Adobe Flash Player CVE-2011-0626 Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/47814<br /><br />Adobe Flash Player CVE-2011-0624 Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/47812<br /><br />Adobe Flash Player CVE-2011-0623 Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/47811<br /><br />Adobe Flash Player CVE-2011-0621 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/47808<br /><br />Adobe Flash Player CVE-2011-0619 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/47806<br /><br />Adobe Flash Player CVE-2011-0622 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/47809<br /><br />Adobe Flash Player CVE-2011-0627 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/47810<br /><br />Adobe Flash Player CVE-2011-0611 'SWF' File Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/47314<br /><br />Adobe Flash Player CVE-2011-0608 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/46283<br /><br />Adobe Acrobat and Reader CVE-2011-0589 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/46202<br /><br />Adobe Flash Player CVE-2011-0607 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/46282<br /><br />Adobe Flash Player CVE-2011-0574 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/46193<br /><br />Adobe Flash Player CVE-2011-0575 DLL Loading Arbitrary Code Execution Vulnerability<br />http://www.securityfocus.com/bid/46197<br /><br />Adobe Flash Player CVE-2011-0558 Remote Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/46194<br /><br />Adobe Flash Player CVE-2011-0578 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/46195<br /><br />Adobe Flash Player Font Parsing Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/46196<br /><br />Adobe Flash Player CVE-2011-0573 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/46192<br /><br />Adobe Flash Player CVE-2011-0572 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/46191<br /><br />Adobe Flash Player CVE-2011-0571 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/46190<br /><br />Adobe Flash Player CVE-2011-0561 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/46189<br /><br />Adobe Flash Player CVE-2011-0560 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/46188<br /><br />FlexNet License Server Manager 'lmadmin' Component Heap Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/48927<br /><br />Adobe Flash Player CVE-2011-0559 Remote Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/46186<br /><br />OcoMon Multiple Unspecified SQL Injection Vulnerabilities<br />http://www.securityfocus.com/bid/47424<br /><br />Novell GroupWise Internet Agent 'TZID' Variable Parsing Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/46025<br /><br />Conky 'tmp/.cesf' Insecure Temporary File Creation Vulnerability<br />http://www.securityfocus.com/bid/46184<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey 'Array.reduceRight()' Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48372<br /><br />feh '--wget-timestamp' Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/41161<br /><br />feh 'feh_unique_filename()' Predictable Filename Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/46182<br /><br />Adobe Acrobat and Reader CVE-2011-2438 Multiple Remote Stack Buffer Overflow Vulnerabilities<br />http://www.securityfocus.com/bid/49580<br /><br />Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/49303<br /><br />Microsoft Excel Conditional Expression CVE-2011-1989 Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/49518<br /><br />Linux Kernel 'drivers/media/dvb/ttpci/av7110_ca' IOCTL Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/45986<br /><br />Linux Kernel 'drivers/scsi/bfa/bfa_core.c' Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/45262<br /><br />Linux Kernel CVE-2010-4073 Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/45073<br /><br />Microsoft Windows Kernel '.fon' Font File Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/49975<br /><br />Ruby on Rails 'WEBrick::HTTPRequest' Module HTTP Header Injection Vulnerability<br />http://www.securityfocus.com/bid/46423<br /><br />Linux Kernel Generic Receive Offload (GRO) Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47056<br /><br />Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/49957<br /><br />Linux Kernel NFS Access Control List (ACL) Allocation Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/46766<br /><br />Linux Kernel 'ethtool.c' Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/45972<br /><br />Linux Kernel 'task_show_regs()' Local Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/46421<br /><br />Linux Kernel SCTP Local Race Condition Vulnerability<br />http://www.securityfocus.com/bid/45661<br /><br />Linux Kernel Validate 'map_count' Variable Local Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/46492<br /><br />Linux Kernel 'install_special_mapping()' Local Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/45323<br /><br />Linux Kernel IGB Panic VLAN Packet Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/45208<br /><br />Linux Kernel Unix Socket Backlog Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/46637<br /><br />Linux Kernel 'posix-cpu-timers.c' Local Race Condition Vulnerability<br />http://www.securityfocus.com/bid/45028<br /><br />Xen 'fixup_page_fault()' Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/45099<br /><br />PtokaX Directory Traversal And Security Bypass Vulnerabilities<br />http://www.securityfocus.com/bid/50179<br /><br />Dominant Creature BBG RPG 'msg.php' Parameter Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50178<br /><br />Asterisk Uninitalized Variable SIP Channel Driver Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50177<br /><br />BackWPup Plugin for WordPress 'wp_export_generate.php' Local and Remote File Include Vulnerabilities<br />http://www.securityfocus.com/bid/50176<br /><br />phpMyAdmin Setup Interface Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50175<br /><br />WordPress Users Plugin "uid" Parameter SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50174<br /><br />Gnuboard 'board.php' SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50173<br /><br />Linux Kernel 'apparmor_setprocattr()' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50172<br /><br />Logsurfer 'prepare_exec()' Double Free Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50171<br /><br />Novell Open Enterprise Server DSfW Domain Group Policy Object Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/50170<br /><br />Multiple Toshiba e-Studio Devices Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/50168<br /><br />asgbookphp 'index.php' Cross Site Scripting Vulnerability<br />http://www.securityfocus.com/bid/50167<br /><br />BlueZone Desktop '.zap' File Processing Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50166<br /><br />RuubikCMS 'f' Parameter Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/50165<br /><br />WordPress WP Photo Album Plus Plugin 'wppa-album' Parameter SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50164<br /><br />Apple Safari 'safari-extension://' URL Handling Directory Traversal Vulnerability<br />http://www.securityfocus.com/bid/50163<br /><br />Apple iOS Free Type Font Document Multiple Memory Corruption Vulnerabilities<br />http://www.securityfocus.com/bid/50155<br /><br />Quassel Core Insecure File Permissions Vulnerability<br />http://www.securityfocus.com/bid/50148<br /><br />Sybase M-Business Anywhere Multiple Unspecified Remote Privilege Escalation Vulnerabilities<br />http://www.securityfocus.com/bid/50145<br /><br />WordPress Contact Form Plugin 'wpcf_easyform_formid' Parameter SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50142<br /><br />Xenon 'id' Parameter Multiple SQL Injection Vulnerabilities<br />http://www.securityfocus.com/bid/50141<br /><br />EC-CUBE Multiple Unspecified SQL Injection Vulnerabilities<br />http://www.securityfocus.com/bid/50140<br /><br />DBD::mysqlPP Unspecified SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50139<br /><br />Joomla! Directory Tree Component SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50138<br /><br />PROMOTIC Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/50133<br /><br />Joomla! eTree Component 'id' Parameter Multiple SQL Injection Vulnerabilities<br />http://www.securityfocus.com/bid/50132<br /><br />Apple Mac OS X Prior to 10.7.2 CVE-2011-3221 Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/50131<br /><div><br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/271993289796750713-6932263733080066196?l=isneophyte.blogspot.com' alt='' /></div>Bouno Tokyonoreply@blogger.com0tag:blogger.com,1999:blog-271993289796750713.post-9231600630025887182011-10-17T09:49:00.003+09:002011-10-17T16:14:10.626+09:00<br />- TCP and UDP Ports required to access vCenter Server, ESX hosts, and other network components<br />http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&amp;docType=kc&amp;externalId=1012382&amp;sliceId=1&amp;docTypeID=DT_KB_1_1<br /><br />プレス発表<br />第7回IPA情報セキュリティ標語・ポスターコンクール　受賞作品決定<br />～大賞として、標語部門は「セキュリティ　ぼくと世界の　かけ橋だ」、<br />　 ポスター部門は「ネットで世界と人と気持ちもつながっている」を選定～<br />http://www.ipa.go.jp/about/press/20111017.html<br /><br />JVN#41657660 iOS 上の Safari におけるクロスサイトスクリプティングの脆弱性<br />http://jvn.jp/jp/JVN41657660/index.html<br /><div><br /></div><div><br /></div><div><br /></div><div><br /></div><br />+ MS11-064 : Vulnerabilities in TCP/IP Stack Could<br />http://www.exploit-db.com/exploits/17981/<br /><br />Fixed in Apache Tomcat 6.0.34 (not yet released)<br />http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.34_(not_yet_released)<br /><br />The Apache Software Foundation Statement on Apache OpenOffice.org<br />https://blogs.apache.org/foundation/entry/the_apache_software_foundation_statement<br /><br />Hosted Email Security　製品メンテナンス延期のお知らせ<br />http://www.trendmicro.co.jp/support/news.asp?id=1663<br /><br />プレス発表<br />「EC-CUBE」におけるセキュリティ上の弱点（脆弱性）の注意喚起<br />http://www.ipa.go.jp/about/press/20111014.html<br /><br />カスペルスキーが法人向けセキュリティソフトの新版を発表<br />http://itpro.nikkeibp.co.jp/article/NEWS/20111014/370819/?ST=security<br /><br />JVNDB-2011-002371 Perl モジュール Crypt::DSA における署名を偽装される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002371.html<br /><br />JVNDB-2011-002370 Quagga の ospfd 内の ospf_packet.c におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002370.html<br /><br />JVNDB-2011-002369 Quagga の ospf6_lsa.c 内にある ospf6_lsa_is_changed 関数におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002369.html<br /><br />JVNDB-2011-002368 Quagga の ospf6d 内にある OSPFv3 実装におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002368.html<br /><br />JVNDB-2011-000087 EC-CUBE における SQL インジェクションの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000087.html<br /><br />JVNDB-2011-000086 DBD::mysqlPP における SQL インジェクションの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000086.html<br /><br />JVNDB-2010-002869 Novell GroupWise の GroupWise Internet Agent (GWIA) におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002869.html<br /><br />JVNDB-2010-002868 Novell GroupWise の GroupWise Internet Agent (GWIA) におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002868.html<br /><br />JVNDB-2011-002367 phpPgAdmin におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002367.html<br /><br />JVNDB-2011-002366 Novell GroupWise の GroupWise Internet Agent における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002366.html<br /><br />JVNDB-2011-002365 Novell GroupWise の GroupWise Internet Agent における整数符号エラーの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002365.html<br /><br />JVNDB-2011-002364 Novell GroupWise の WebAccess におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002364.html<br /><br />JVNDB-2011-002363 Novell Identity Manager におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002363.html<br /><br />JVNDB-2011-002362 Novell Identity Manager におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002362.html<br /><br />JVNDB-2011-002361 Novell GroupWise の GWIA 内にある gwia.exe におけるスタックベースのバッファオーバーフローの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002361.html<br /><br />JVNDB-2011-002360 Novell GroupWise の GWIA 内にある gwwww1.dll におけるヒープベースのバッファオーバーフローの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002360.html<br /><br />JVNDB-2011-002359 複数の VMware 製品におけるバッファオーバーフローの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002359.html<br /><br />[PTResearch] SAP DIAG Decompress plugin for Wireshark<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00090.html<br /><br />DC4420 - London DEFCON - October meet - Tuesday October 18th 2011<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00089.html<br /><br />[ GLSA 201110-11 ] Adobe Flash Player: Multiple vulnerabilities<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00088.html<br /><br />[ GLSA 201110-10 ] Wget: User-assisted file creation or overwrite<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00087.html<br /><br />[ GLSA 201110-09 ] Conky: Privilege escalation<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00086.html<br /><br />[ GLSA 201110-08 ] feh: Multiple vulnerabilities<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00085.html<br /><br />DNS Sinkhole Parser Script Update<br />http://isc.sans.edu/diary.html?storyid=11818<br /><br />BXR 0.6.8 SQL injection vulnerability<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8470<br /><br />Pre Podcast Portal SQL Injection<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8469<br /><br />Prado Portal XSS vulnerability<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8468<br /><br />APBoard 2.1.0 SQL Injection<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8467<br /><br />xt:Commerce Gambio 2008 - 2010 SQL Injection<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8466<br /><br />Sybase M-Business Anywhere Bugs Let Remote Users Gain Elevated Access Rights<br />http://www.securitytracker.com/id/1026189<br /><br />Opera Nested SVG Content Processing Code Execution Vulnerability<br />http://secunia.com/advisories/46375/<br /><br />Gentoo update for feh<br />http://secunia.com/advisories/46356/<br /><br />Ubuntu update for quassel<br />http://secunia.com/advisories/46445/<br /><br />Sybase M-Business Anywhere Two Unspecified Privilege Escalation Vulnerabilities<br />http://secunia.com/advisories/46424/<br /><br />WordPress Contact Form Plugin "wpcf_easyform_formid" SQL Injection Vulnerability<br />http://secunia.com/advisories/46434/<br /><br />EC-CUBE Two Unspecified SQL Injection Vulnerabilities<br />http://secunia.com/advisories/46446/<br /><br />PROMOTIC Directory Traversal and ActiveX Control Buffer Overflow Vulnerabilities<br />http://secunia.com/advisories/46430/<br /><br />Joomla! eTree Component "id" and "user_id" SQL Injection Vulnerabilities<br />http://secunia.com/advisories/46441/<br /><br />Red Hat update for pidgin<br />http://secunia.com/advisories/46376/<br /><br />Gentoo update for conky<br />http://secunia.com/advisories/46353/<br /><br />Gentoo update for wget<br />http://secunia.com/advisories/46324/<br /><br />Gentoo update for adobe-flash<br />http://secunia.com/advisories/46322/<br /><br />Fedora update for openswan<br />http://secunia.com/advisories/46384/<br /><br />Fedora update for cyrus-imapd<br />http://secunia.com/advisories/46388/<br /><br />Sybase M-Business Anywhere Unauthorized Access Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2186.php<br /><br />Opera Browser SVG Data Processing Remote Code Execution<br />http://www.vupen.com/english/ADV-2011-2185.php<br /><br />Apple Numbers for iOS Excel Document Code Execution Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2184.php<br /><br />Apple Pages for iOS Word Document Code Execution Vulnerability<br />http://www.vupen.com/english/ADV-2011-2183.php<br /><br />Apple Safari Multiple Code Execution and Information Disclosure<br />http://www.vupen.com/english/ADV-2011-2182.php<br /><br />Apple OS X Multiple Code Execution and Information Disclosure<br />http://www.vupen.com/english/ADV-2011-2181.php<br /><br />Apple TV Multiple Code Execution and Information Disclosure<br />http://www.vupen.com/english/ADV-2011-2180.php<br /><br />Apple iOS Multiple Code Execution and Information Disclosure<br />http://www.vupen.com/english/ADV-2011-2179.php<br /><br />Apple iTunes Multiple Remote Code Execution Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2178.php<br /><br />BlackBerry Enterprise Server Collaboration Service Unauthorized Access<br />http://www.vupen.com/english/ADV-2011-2177.php<br /><br />Google App Engine SDK for Python Code Execution Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2176.php<br /><br />Hitachi JP1/Cm2/Network Node Manager i Multiple Vulnerabilities<br />http://www.vupen.com/english/ADV-2011-2175.php<br /><br />VMware ESXi and ESX Multiple Code Execution and Denial of Service<br />http://www.vupen.com/english/ADV-2011-2174.php<br /><br />DoS/PoC: BlueZone Desktop .zap file Local Denial of Service Vulnerability<br />http://www.exploit-db.com/exploits/17982/<br /><br />DoS/PoC: MS11-064 TCP/IP Stack Denial of Service<br />http://www.exploit-db.com/exploits/17981/<br /><br />phpMyAdmin 3.4.6 is released<br />http://sourceforge.net/news/?group_id=23067&amp;id=304006<br /><div><br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/271993289796750713-923160063002588718?l=isneophyte.blogspot.com' alt='' /></div>Bouno Tokyonoreply@blogger.com0tag:blogger.com,1999:blog-271993289796750713.post-66291931526863635702011-10-14T10:05:00.004+09:002011-10-14T16:32:03.808+09:00<br />- Moderate: pidgin security update<br />http://rhn.redhat.com/errata/RHSA-2011-1371.html<br /><br />bind10-devel-20111014 now available<br />https://lists.isc.org/mailman/listinfo/bind10-users<br /><br />[ANNOUNCE] pgpoolAdmin 3.1.0 released<br />http://pgfoundry.org/projects/pgpool/<br /><br />Squid 3.1.16 released<br />http://www.squid-cache.org/Versions/v3/3.1/<br /><br />Squid 3.2.0.13 released<br />http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html<br /><br />JVNVU#800227 OneOrZero AIMS に複数の脆弱性<br />http://jvn.jp/cert/JVNVU800227/index.html<br /><br />JVN#44496332 EC-CUBE における SQL インジェクションの脆弱性<br />http://jvn.jp/jp/JVN44496332/index.html<br /><br />JVN#51216285 DBD::mysqlPP における SQL インジェクションの脆弱性<br />http://jvn.jp/jp/JVN51216285/index.html<br /><br />JVNTA11-286A Apple Mac OS Xにおける複数の脆弱性に対するアップデート<br />http://jvn.jp/cert/JVNTA11-286A/index.html<br /><br />JVNVU#971123 Apple Mac OS Xにおける複数の脆弱性に対するアップデート<br />http://jvn.jp/cert/JVNVU971123/index.html<br /><br />JVNTA11-284A Microsoft 製品における複数の脆弱性に対するアップデート<br />http://jvn.jp/cert/JVNTA11-284A/index.html<br /><br />HTB Team : [HTB23049] Pretty Link WordPress Plugin - Cross-site Scripting Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36873<br /><br />HTB Team : [HTB23048] BugFree - Cross-site Scripting Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36874<br /><br />Independant Researcher : Internet Explorer - Multiple Code Execution Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36879<br /><br />SEC Consult : [SEC Consult SA-20111012-0] Microsoft Forefront UAG - Remote Access Agent Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36880<br /><br />Apple : [APPLE-SA-2011-10-12-6 ] iOS - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36876<br /><br />Apple : [APPLE-SA-2011-10-12-5 ] iOS - Memory Corruption Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36877<br /><br />Apple : [APPLE-SA-2011-10-12-2] Apple TV - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36878<br /><br />Emaze Networks : ZOHO - ManageEngine ADSelfService and Administrative Access - Authentication Bypass Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36855<br /><br />Hewlett-Packard : [HPSBMU02710 SSRT100601] HP - Onboard Administrator (OA) - Security Bypass Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36857<br /><br />iDEFENSE : Microsoft - Internet Explorer - Memory Corruption Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36875<br /><br />Mandriva : [MDVSA-2011:148] Samba - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36864<br /><br />Red Hat : [RHSA-2011:1364-01] kdelibs - Spoofing Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36854<br /><br />Ubuntu Security Notice : [USN-1227-1] Linux - kernel - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36853<br /><br />Debian : [DSA-2319-1] Policykit - Privilege Escalation Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36846<br /><br />Debian : [DSA-2320-1] dokuwiki - Cross-site Scripting Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36847<br /><br />Debian : [DSA-2321-1] Moin - Cross-site Scripting Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36848<br /><br />Debian : [DSA-2322-1] Bugzilla - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36849<br /><br />Gentoo Linux : [GLSA 201110-06] PHP - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36859<br /><br />Independant Researcher : Google - App Engine SDK - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36863<br /><br />Mandriva : [MDVSA-2011:145] libxml2 - Double Free Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36850<br /><br />Mandriva : [MDVSA-2011:146] CUPS - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36851<br /><br />Mandriva : [MDVSA-2011:147] CUPS - Buffer Overflow Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36852<br /><br />Microsoft : [MS11-078] .NET Framework and Microsoft Silverlight - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36865<br /><br />Microsoft : [MS11-081] Internet Explorer - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36866<br /><br />Microsoft : [MS11-075] Microsoft - Active Accessibility - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36867<br /><br />Microsoft : [MS11-076] Windows - Media Center - Code Execution Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36868<br /><br />Microsoft : [MS11-077] Windows - Kernel - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36869<br /><br />Microsoft : [MS11-079] Microsoft - Frontend Unified Access Gateway - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36870<br /><br />Microsoft : [MS11-080] Anciallary Function Driver - Privilege Escalation Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36871<br /><br />Microsoft : [MS11-082] Host Integration Server - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36872<br /><br />Gentoo Linux : [GLSA 201110-07] vsftpd - Denial-Of-Service Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36858<br /><br />Gentoo Linux : [GLSA 201110-05] GnuTLS - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36860<br /><br />Gentoo Linux : [GLSA 201110-04] Dovecot - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36861<br /><br />Gentoo Linux : [GLSA 201110-03] - Bugzilla - Multiple Issues<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36862<br /><br />NGS Secure Research : Apple - OSX and iPhone ImageIO - Heap Overflow Issue<br />http://www.criticalwatch.com/support/security-advisories.aspx?AID=36856<br /><br />Critical Control 9 - Controlled Access Based on the Need to Know<br />http://isc.sans.edu/diary.html?storyid=11812<br /><div><br /></div><br /><br /><br /><br />Oracle Critical Patch Update Pre-Release Announcement - October 2011<br />http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html<br /><br />Oracle Java SE Critical Patch Update Pre-Release Announcement - October 2011<br />http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html<br /><br />JVN#07414354 DAEMON Tools におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvn.jp/jp/JVN07414354/index.html<br /><br />JVNDB-2011-002358 Cherokee の Cherokee-admin におけるクロスサイトリクエストフォージェリの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002358.html<br /><br />JVNDB-2011-002357 Cherokee の generate_admin_password 関数における admin パスワードを推測される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002357.html<br /><br />JVNDB-2011-002356 Linux kernel の net/core/net_namespace.c におけるサービス運用妨害 (メモリ破損) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002356.html<br /><br />JVNDB-2011-002355 Plone で使用される Zope における任意のコマンドを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002355.html<br /><br />JVNDB-2011-002354 Plone の CMFEditions コンポーネントにおけるサブオブジェクトにアクセスされる脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002354.html<br /><br />JVNDB-2011-002353 gitolite の Admin Defined Commands (ADC) 機能におけるディレクトリトラバーサルの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002353.html<br /><br />JVNDB-2011-002352 EtherApe の add_conversation 関数におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002352.html<br /><br />JVNDB-2011-000085 DAEMON Tools におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000085.html<br /><br />JVNDB-2011-000084 Pligg におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000084.html<br /><br />JVNDB-2011-000083 Plume におけるクロスサイトスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000083.html<br /><br />JVNDB-2011-002351 Apache HTTP Server の mod_proxy モジュールにおけるイントラネットサーバにリクエストを送信される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002351.html<br /><br />JVNDB-2011-002350 IBM AIX の QLogic adapters 用 Fibre Channel ドライバにおけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002350.html<br /><br />JVNDB-2011-002349 Check Point の 複数の製品における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002349.html<br /><br />JVNDB-2011-002348 Exim の src/dkim.c 内の dkim_exim_verify_finish 関数における任意のコードを実行される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002348.html<br /><br />JVNDB-2011-002347 Ted Felix acpid の acpid.c におけるサービス運用妨害 (デーモンハング) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002347.html<br /><br />JVNDB-2011-002346 Linux kernel の net/dns_resolver/dns_key.c におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002346.html<br /><br />JVNDB-2011-002345 RealNetworks RealPlayer の ActiveX コントロールにおけるクロスゾーンスクリプティングの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002345.html<br /><br />JVNDB-2011-002344 Adobe Photoshop Elements におけるバッファオーバーフローの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002344.html<br /><br />JVNDB-2011-002343 Quassel の CtcpParser::packedReply メソッドにおけるサービス運用妨害 (クラッシュ) の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002343.html<br /><br />JVNDB-2011-002342 VMware の Spring Framework および Spring Security におけるセキュリティ制限を回避される脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002342.html<br /><br />JVNDB-2011-002341 UPnP 対応の複数のルータにアクセス制限不備の脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002341.html<br /><br />JVNDB-2011-002340 Iceni Argus にバッファオーバーフローの脆弱性<br />http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002340.html<br /><br />iDefense Security Advisory 10.12.11: Apple Mobile OfficeImport Framework Word Document Parsing Memor<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00084.html<br /><br />iDefense Security Advisory 10.12.11: Apple MobileSafari Attachment Viewing Cross Site Scripting Vuln<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00083.html<br /><br />Multiple G-WAN vulnerabilities<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00082.html<br /><br />SEC Consult SA-20111012-0 :: Client-side remote file upload &amp; command execution in M<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00080.html<br /><br />VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00079.html<br /><br />Security-Assessment.com Advisory: Destination Search Admin Console Access Control Bypass<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00081.html<br /><br />Two Remote Code Execution Vulnerabilities in Internet Explorer<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00078.html<br /><br />iDefense Security Advisory 10.11.11: Microsoft Internet Explorer Object Handling Memory Corruption V<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00076.html<br /><br />APPLE-SA-2011-10-12-6 Numbers for iOS v1.5<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00075.html<br /><br />APPLE-SA-2011-10-12-5 Pages for iOS v1.5<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00074.html<br /><br />APPLE-SA-2011-10-12-4 Safari 5.1.1<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00077.html<br /><br />APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00073.html<br /><br />APPLE-SA-2011-10-12-2 Apple TV Software Update 4.4<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00071.html<br /><br />APPLE-SA-2011-10-12-1 iOS 5 Software Update<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00072.html<br /><br />CORE-2011-0106: Microsoft Publisher 2007 Pubconv.dll Memory Corruption<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00070.html<br /><br />Multiple vulnerabilities in BugFree<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00067.html<br /><br />Multiple vulnerabilities in Pretty Link WordPress Plugin<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00068.html<br /><br />LedgerSMB 1.3.0 released, includes anti-XSRF framework<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00066.html<br /><br />[ MDVSA-2011:148 ] samba<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00064.html<br /><br />Google App Enging SDK Code Execution Vulnerability (CVE 2011-1364)<br />http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00065.html<br /><br />Joomla Camelcitydb2 2.2 SQL Injection<br />http://securityreason.com/securityalert/8465<br /><br />E-Xoopport Samsara 3.1 eCal Module Blind SQL Injection<br />http://securityreason.com/securityalert/8464<br /><br />Joomla Component Multiple Blind SQL Injection Vulnerabilities<br />http://securityreason.com/securityalert/8463<br /><br />WAnewsletter v 2.1.2 SQL Injection Vulnerability<br />http://securityreason.com/securityalert/8462<br /><br />Joomla Slideshow SQL Injection<br />http://securityreason.com/securityalert/8461<br /><br />Virtue Book Store SQL Injection<br />http://securityreason.com/securityalert/8460<br /><br />Nuked-Klan Partenaires NK 1.5 Blind SQL Injection<br />http://securityreason.com/securityalert/8459<br /><br />Joomla Restaurant Guide Cross Site Scripting / Local File Inclusion / SQL Injection<br />http://securityreason.com/securityalert/8458<br /><br />GeekLog 1.3.8 SQL Injection<br />http://securityreason.com/securityalert/8457<br /><br />Amblog 1.0 Joomla Component Multiple SQL Injection Vulnerabilities<br />http://securityreason.com/securityalert/8456<br /><br />Atmail WebMail &lt; v6.2.0 Reflected XSS<br />http://securityreason.com/securityalert/8455<br /><br />TimeTrack 1.2.4 Joomla Component Multiple SQL Injection Vulnerabilities<br />http://securityreason.com/securityalert/8454<br /><br />allinta CMS SQL injection vulnerability<br />http://securityreason.com/securityalert/8453<br /><br />Cisco TelePresence Video Communication Server Input Validation Flaw Permits Cross-Site Scripting Attacks<br />http://www.securitytracker.com/id/1026186<br /><br />Mac OS X Multiple Flaws Lets Local Users Gain Elevated Privileges and Remote Users Execute Arbitrary Code and Deny Service<br />http://www.securitytracker.com/id/1026184<br /><br />VU#800227: OneOrZero AIMS authentication bypass and SQLi vulnerabilities<br />http://www.kb.cert.org/vuls/id/800227<br /><br />D-Link DIR-685 Xtreme N Storage Router Encryption Failure Weakness<br />http://secunia.com/advisories/46380/<br /><br />WordPress Pretty Link Plugin Multiple Cross-Site Scripting Vulnerabilities<br />http://secunia.com/advisories/46432/<br /><br />IBM OS/400 HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness<br />http://secunia.com/advisories/46414/<br /><br />DAEMON Tools Unspecified Denial of Service Vulnerability<br />http://secunia.com/advisories/46416/<br /><br />Apple TV Multiple Vulnerabilities<br />http://secunia.com/advisories/46415/<br /><br />WordPress teachPress Plugin "root" Two Local File Inclusion Vulnerabilities<br />http://secunia.com/advisories/46436/<br /><br />Apple iOS Multiple Vulnerabilities<br />http://secunia.com/advisories/46377/<br /><br />Simple Machines Forum Multiple Vulnerabilities<br />http://secunia.com/advisories/46386/<br /><br />VMware ESX / ESXi Server Multiple Vulnerabilities<br />http://secunia.com/advisories/46397/<br /><br />BugFree Multiple Cross-Site Scripting Vulnerabilities<br />http://secunia.com/advisories/46428/<br /><br />Apple Safari Multiple Vulnerabilities<br />http://secunia.com/advisories/46412/<br /><br />Drupal Certificate Login Module SQL Injection Vulnerability<br />http://secunia.com/advisories/46393/<br /><br />Minitube Insecure Temporary Files Security Issue<br />http://secunia.com/advisories/46429/<br /><br />Apple Mac OS X Multiple Vulnerabilities<br />http://secunia.com/advisories/46417/<br /><br />Apple Pages for iOS OfficeArtMetafileHeader Record Parsing Vulnerability<br />http://secunia.com/advisories/46418/<br /><br />Apple Numbers for iOS Two Vulnerabilities<br />http://secunia.com/advisories/46419/<br /><br />Fedora update for phpPgAdmin<br />http://secunia.com/advisories/46426/<br /><br />REMOTE: PcVue 10.0 SV.UIGrdCtrl.1 'LoadObject()/SaveObject()' Trusted DWORD Vulnerability<br />http://www.exploit-db.com/exploits/17975/<br /><br />REMOTE: Mozilla Firefox Array.reduceRight() Integer Overflow<br />http://www.exploit-db.com/exploits/17976/<br /><br />REMOTE: JBoss AS Remote Exploit v2<br />http://www.exploit-db.com/exploits/17977/<br /><br />DoS/PoC: MS11-077 .fon Kernel-Mode Buffer Overrun PoC<br />http://www.exploit-db.com/exploits/17978/<br /><br />Linux Kernel Unix Sockets Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/45037<br /><br />Linux Kernel Futex Macros Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/44754<br /><br />Xen 'drivers/xen/blkback/blkback.c' Local Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/45029<br /><br />Linux Kernel 'CHELSIO_GET_QSET_NUM' Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/43221<br /><br />XFS Deleted Inode Local Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/42527<br /><br />Linux Kernel 'net/sched/act_police.c' File Memory Leak Local Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/42529<br /><br />Linux Kernel Xen Hypervisor Implementation Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/43578<br /><br />Linux Kernel 'execve()' Memory Expansion 'OOM-killer' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/45004<br /><br />Linux Kernel 'hci_uart_tty_open()' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/45014<br /><br />Xen 'vbd_create()' Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/45795<br /><br />Linux Kernel 'net/core/filter.c' Local Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/44758<br /><br />Linux Kernel 'net/' Subsystem Socket Filter CVE-2010-4161 Local Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/45064<br /><br />Linux Kernel 'drivers/scsi/gdth.c' IOCTL Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/44648<br /><br />Linux Kernel 'ipc/sem.c' Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/43809<br /><br />Linux Kernel 'SNDRV_HDSP_IOCTL_GET_CONFIG_INFO' IOCTL Local Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/45058<br /><br />Linux Kernel 'hdsp.c' IOCTL Local Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/45063<br /><br />Linux Kernel TIOCGICOUNT 'serial_core.c' Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/43806<br /><br />Linux Kernel 'hmid_ds structure' Local Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/45054<br /><br />Linux Kernel 'inet_diag.c' Netlink Message Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/44665<br /><br />Linux Kernel Multiple 'net/' Subsystems Local Information Disclosure Vulnerabilities<br />http://www.securityfocus.com/bid/44630<br /><br />Linux Kernel Reliable Datagram Sockets (RDS) Protocol Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/44219<br /><br />Linux Kernel Reliable Datagram Sockets (RDS) Protocol Local Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/44549<br /><br />Linux Kernel 'setup_arg_pages()' Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/44301<br /><br />Linux Kernel Heap Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/44354<br /><br />Linux Kernel ALSA 'sound/core/control.c' Local Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/43787<br /><br />Xen 'blkback/blktap/netback' Leaked Kernel Thread Local Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/45039<br /><br />Linux Kernel 'sctp_outq_flush()' Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/43480<br /><br />Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/43353<br /><br />Linux Kernel 'XFS_IOC_FSGETXATTR' Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/43022<br /><br />Linux Kernel GFS2 Directory Rename NULL Pointer Dereference Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/42124<br /><br />Linux Kernel EXT4 Multiple Local Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/42477<br /><br />Linux Kernel 'io_submit_one()' NULL Pointer Dereference Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/44755<br /><br />Linux Kernel USB interface Local Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/39042<br /><br />Linux Kernel 'ecryptfs_uid_hash()' Local Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/42237<br /><br />WebKit Multiple Unspecifeid Remote Code Execution Vulnerabilities<br />http://www.securityfocus.com/bid/50066<br /><br />Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities<br />http://www.securityfocus.com/bid/50086<br /><br />Linux Kernel 'mpt2sas' Local Privilege Escalation and Information Disclosure Vulnerabilities<br />http://www.securityfocus.com/bid/47185<br /><br />'glibc' Library 'locale/programs/locale.c' Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/47370<br /><br />GNU glibc 'fnmatch()' Function Stack Corruption Vulnerability<br />http://www.securityfocus.com/bid/46563<br /><br />MIT Kerberos KDC LDAP File Descriptor Leak Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/46265<br /><br />MIT Kerberos 5 1.3.x Checksum Multiple Remote Security Bypass Vulnerabilities<br />http://www.securityfocus.com/bid/45118<br /><br />MIT Kerberos KDC Principal Name LDAP Request NULL Pointer Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/46271<br /><br />WordPress Filedownload Local File Disclosure Vulnerability<br />http://www.securityfocus.com/bid/49669<br /><br />PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/49241<br /><br />PcVue ActiveX Control Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/49795<br /><br />phpPgAdmin Multiple Cross-Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/49914<br /><br />Microsoft Internet Explorer Option Element CVE-2011-1996 Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49961<br /><br />Microsoft Forefront Unified Access Gateway 'MicrosoftClient.Jar' Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/49983<br /><br />Microsoft Internet Explorer Select Element CVE-2011-1999 Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49964<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey 'Array.reduceRight()' Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48372<br /><br />Microsoft Silverlight &amp; .NET Framework Inheritance Restriction Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/49999<br /><br />Microsoft Windows Active Accessibility DLL Loading Arbitrary Code Execution Vulnerability<br />http://www.securityfocus.com/bid/49976<br /><br />Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/45015<br /><br />Simple Machines Forum Cross-Site Scripting and Spoofing Vulnerabilities<br />http://www.securityfocus.com/bid/50103<br /><br />Apple Mac OS X CVE-2011-0231 Security Vulnerability<br />http://www.securityfocus.com/bid/50098<br /><br />Supermicro IPMI Web Interface Multiple Security Bypass Vulnerabilities<br />http://www.securityfocus.com/bid/50097<br /><br />WordPress Pretty Link Plugin Multiple Cross Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/50096<br /><br /><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/271993289796750713-6629193152686363570?l=isneophyte.blogspot.com' alt='' /></div>Bouno Tokyonoreply@blogger.com0tag:blogger.com,1999:blog-271993289796750713.post-89106763531954951082011-10-13T14:48:00.000+09:002011-10-13T14:48:39.495+09:00About the security content of iOS 5 Software Update<br /><br />http://support.apple.com/kb/HT4999<br /><br />上記 URL の iOS のセキュリティアップデートの翻訳<br /><br /><span class="Apple-style-span" style="font-family: monospace; white-space: pre-wrap;">1) CalDAV</span><br /><pre wrap="">　CalDAV が信頼あるサーバによる SSL 証明書をチェックしていないことが原因で、CalDAV カレンダーサーバからユーザの認証情報または他の機密情報を妨害される脆弱性。(CVE-2011-3253)<br /><br />2) Calendar<br />　カレンダーが招待状を取り扱う際にスクリプト挿入問題が存在することが原因で、ローカルドメインにスクリプトを挿入される脆弱性。(CVE-2011-3254)<br /><br />3) CFNetwork<br />　ユーザの AppleID のパスワードとユーザをロギングしたファイルがシステム上のアプリケーションから読み込み可能なことが原因で、重要な情報を取得される脆弱性。(CVE-2011-3255)<br /><br />4) CFNetwork<br />　CFNetwork が HTTP クッキーを取り扱い際の問題が原因で、ドメイン外のサーバにクッキー情報を送信してしまう脆弱性。(CVE-2011-3246)<br /><br />5) CoreFoundation<br />　CoreFoundation が文字列のトークン化処理の際にメモリ破壊が発生することが原因で、アプリケーションが異常終了したり任意のコードを実行されたりする脆弱性。(CVE-2011-0259)<br /><br />6) CoreGraphics<br />　freetype に複数のメモリ破壊が存在することが原因で、細工されたフォントを処理する際に任意コードを実行される脆弱性。(CVE-2011-3256)</pre><pre wrap="">7) CoreMedia<br />　CoreMedia がクロスサイト・リダイレクトを取り扱う際にクロスオリジン問題が存在することが原因で、他のサイトから動画データを取得される脆弱性。(CVE-2011-0187)<br /><br />8) Data Access<br />　同一のサーバに接続する複数の Exchange メールサーバのアカウントを設定されている場合に、セッションが異なるアカウントに対応する正当なクッキー情報を受信することが原因で、異なるアカウントでのデータが正しく同期されない脆弱性。(CVE-2011-3257)<br /><br />9) Data Security<br />　DigiNotar によって処理される複数の証明書によって不正な証明書問題が存在することが原因で、ユーザの認証情報または他の機密情報を妨害される脆弱性。<br /><br />10) Data Security<br />　MD5 ハッシュアルゴリズムを用いてサインされた証明書が iOS によって受理された場合に、このアルゴリズムに脆弱であることが原因で、重要な情報を取得される脆弱性。(CVE-2011-3427)<br /><br />11) Data Security<br />　SSL の SSLv3 及び TLS 1.0 だけがサポートされている場合に、これらが脆弱であることが原因で、SSL 接続を複合化される脆弱性。(CVE-2011-3389)<br /><br />12) Home screen<br />　four-finger アプリでアプリケーションを切り替える時に、表示が前のアプリケーションの状態を表示することが原因で、アプリケーションの重要な情報を取得される脆弱性。(CVE-2011-3431)<br /><br />13) ImageIO<br />　TIFF が CCITT Group 4 でエンコードされた TIFF 画像を取り扱う際にバッファオーバーフローが発生することが原因で、アプリケーションが異常終了したり任意のコードを実行されたりする脆弱性。(CVE-2011-0192)<br /><br />14) ImageIO<br />　ImageIO がCCITT Group 4 でエンコードされた TIFF 画像を取り扱う際にヒープオーバーフローが発生することが原因で、アプリケーションが異常終了したり任意のコードを実行されたりする脆弱性。(CVE-2011-0241)<br /><br />15) International Components for Unicode<br />　ICU生成処理においてほとんど大文字の長い文字列とキーを照合する際にバッファオーバーフローが発生することが原因で、アプリケーションが異常終了したり任意のコードを実行されたりする脆弱性。(CVE-2011-0206)<br /><br />16) Kernal<br />　カーネルが失敗した TCP 接続からメモリを即座に再要求することに失敗することが原因で、端末がリセットする脆弱性。(CVE-2011-3259)<br /><br />17) Kernel<br />　IPV6 ソケットオプションを取り扱う際に NULL ポインタ逆参照が発生することが原因で、システムがリセットする脆弱性。(CVE-2011-1132)<br /><br />18) Keyboards<br />　パスワードの最後の文字を入力したキーボードが次に使用されたときに表示することが原因で、パスワードの最後の文字を特定される脆弱性。(CVE-2011-3245)<br /><br />19) libxml<br />　libxml が XML データを取り扱う際に１バイトヒープオーバーフローが発生することが原因で、アプリケーションが異常終了したり任意のコードを実行されたりする脆弱性。(CVE-2011-0216)<br /><br />20) OfficeImport<br />　OfficeImport がマイクロソフト Word ファイルを取り扱う際にバッファオーバーフローが発生することが原因で、アプリケーションが異常終了したり任意のコードを実行されたりする脆弱性。(CVE-2011-3260)<br /><br />21) OfficeImport<br />　OfficeImport が Excel ファイルを取り扱い際に二重メモリ解放が発生することが原因で、アプリケーションが異常終了したり任意のコードを実行されたりする脆弱性。(CVE-2011-3261)<br /><br />22) OfficeImport<br />　OfficeImport がマイクロソフト Office ファイルを取り扱う際にメモリ破壊が発生することが原因で、アプリケーションが異常終了したり任意のコードを実行されたりする脆弱性。(CVE-2011-0208)<br /><br />23) OfficeImport<br />　OfficeImport が Excel ファイルを取り扱う際にメモリ破壊が発生することが原因で、アプリケーションが異常終了したり任意のコードを実行されたりする脆弱性。(CVE-2011-0184)<br /><br />24) Safari<br />　iOS は HTTP Content-Disposition ヘッダーの 'attachment' 値をサポートしていないが、このヘッダー値で供給されたファイル内のスクリプトはサーバ上の他のリソースにフルアクセスできることで、サイトスクリプティング攻撃を許す脆弱性。(CVE-2011-3426)<br /><br />25) Settings<br />　ベアレンタル制限機能はパスコートによって設定を保護されているが、そのパスコードがディスク上にプレインテキストで保持されていることが原因で、端末への物理的な攻撃によりパスコードを回収される脆弱性。(CVE-2011-3429)<br /><br />26) Settings<br />　設定プロファイル経由で適用された設定が英語以外の言語下では適切に機能しないことが原因で、設定が結果として適切な表示をしない脆弱性。(CVE-2011-3430)<br /><br />27) UIKit Alerts<br />　非常に長い tel: URI の受理ダイアログを描画する時に、最大テキスト長を超えていると iOS がハングする脆弱性。(CVE-2011-3432)<br /><br />28) WebKit<br />　WebKit に複数のメモリ破壊の問題が存在することが原因で、アプリケーションが異常終了したり任意のコードを実行されたりする脆弱性。(CVE-2011-0218, CVE-2011-0221, CVE-2011-0222, CVE-2011-0225, CVE-2011-0232, CVE-2011-0233, CVE-2011-0234, CVE-2011-0235, CVE-2011-0238, CVE-2011-0254, CVE-2011-0255, CVE-2011-0981, CVE-2011-0983, CVE-2011-1109, CVE-2011-1114, CVE-2011-1115, CVE-2011-1117, CVE-2011-1121, CVE-2011-1188, CVE-2011-1203, CVE-2011-1204, CVE-2011-1288, CVE-2011-1293, CVE-2011-1296, CVE-2011-1449, CVE-2011-1451, CVE-2011-1453, CVE-2011-1457, CVE-2011-1462, CVE-2011-1797, CVE-2011-2338, CVE-2011-2339, CVE-2011-2341, CVE-2011-2351, CVE-2011-2352, CVE-2011-2354, CVE-2011-2356, CVE-2011-2359, CVE-2011-2788, CVE-2011-2790, CVE-2011-2792, CVE-2011-2797, CVE-2011-2799, CVE-2011-2809, CVE-2011-2813, CVE-2011-2814, CVE-2011-2816, CVE-2011-2817, CVE-2011-2818, CVE-2011-2820, CVE-2011-2823, CVE-2011-2827, CVE-2011-2831, CVE-2011-3232, CVE-2011-3234, CVE-2011-3235, CVE-2011-3236, CVE-2011-3237, CVE-2011-3244)<br /><br />29) WebKit<br />　ユーザ名を埋め込まれた URL を取り扱う際にクロスオリジン問題が存在することが原因で、クロスサイトスクリプティング攻撃を受ける脆弱性。(CVE-2011-0242)<br /><br />30) WebKit<br />　DOM ノードを取り扱う際にクロスオリジン問題が存在することが原因で、クロスサイトスクリプティング攻撃を受ける脆弱性。(CVE-2011-1295)<br /><br />31) WebKit<br />　DOM 履歴オブジェクトを取り扱う際に URL スヌーフィング問題が存在することが原因で、アドレスバーに異なる URL を表示される脆弱性。(CVE-2011-1107)<br /><br />32) WebKit<br />　WebKit が libxslt を使用する際に設定問題が存在することが原因で、任意のコードを実行される脆弱性。(CVE-2011-1774)<br /><br />33) WebKit<br />　WebKit が HTML 5 のドラッグ＆ドロップを取り扱う際にクロスオリジン問題が存在することが原因で、重要な情報を取得される脆弱性。(CVE-2011-0166)<br /><br />34) WebKit<br />　Web Workers を取り扱い際にクロスオリジン問題が存在することが原因で、重要な情報を取得される脆弱性。(CVE-2011-1190)<br /><br />35) WebKit<br />　window.open メソッドを取り扱う際にクロスオリジン問題が存在することが原因で、クロスサイトスクリプティング攻撃を受ける脆弱性。(CVE-2011-2805)<br /><br />36) WebKit<br />　機能していない DOM ウィンドウを取り扱う際にクロスオリジン問題が存在すること原因で、クロスサイトスクリプティング攻撃を受ける脆弱性。(CVE-2011-3243)<br /><br />37) WebKit<br />　document.documentURI 属性を取り扱う際にクロスサイトオリジン問題が存在することが原因で、クロスサイトスクリプティング攻撃を受ける脆弱性。(CVE-2011-2819)<br /><br />38) WebKit<br />　以前にロードしたイベントを取り扱う際にクロスオリジン問題が存在することが原因で、フレーム内でユーザが閲覧した URL を追跡される脆弱性。(CVE-2011-2800)<br /><br />39) WiFi<br />　パスコードや暗号化されたキーを含む WiFi 認証情報がシステムのアプリケーションから読み込み可能なファイルに記録されることが原因で、認証情報を取得される脆弱性。(CVE-2011-3434)<br /></pre><pre wrap=""></pre><br /><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/271993289796750713-8910676353195495108?l=isneophyte.blogspot.com' alt='' /></div>Bouno Tokyonoreply@blogger.com0tag:blogger.com,1999:blog-271993289796750713.post-75149986599541592102011-10-13T10:43:00.000+09:002011-10-13T16:22:22.251+09:00<br />About the security content of Numbers for iOS v1.5<br />http://support.apple.com/kb/HT5004<br /><br />About the security content of Pages for iOS v1.5<br />http://support.apple.com/kb/HT5003<br /><br />About the security content of Safari 5.1.1<br />http://support.apple.com/kb/HT5000<br /><br />About the security content of OS X Lion v10.7.2 and Security Update 2011-006<br />http://support.apple.com/kb/HT5002<br /><br />About the security content of Apple TV Software Update 4.4<br />http://support.apple.com/kb/HT5001<br /><br />About the security content of iOS 5 Software Update<br />http://support.apple.com/kb/HT4999<br /><br />VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console<br />http://www.vmware.com/security/advisories/VMSA-2011-0012.html<br /><br />ソニーPSNなどに9万件超の「なりすまし」、不正侵入は確認されず<br />正規ユーザーのアカウントでログイン試行、カード情報の漏洩もなし<br />http://itpro.nikkeibp.co.jp/article/NEWS/20111013/370625/?ST=security<br /><br />IEに危険な脆弱性、Webアクセスでウイルス感染の恐れ<br />セキュリティ情報8件が公開、2件は深刻度が「緊急」<br />http://itpro.nikkeibp.co.jp/article/NEWS/20111013/370624/?ST=security<br /><br />JVNVU#756679 BlueZ-hcidump におけるヒープオーバーフローの脆弱性<br />http://jvn.jp/cert/JVNVU756679/index.html<br /><br />JVNVU#377475 VLC Media Player に脆弱性<br />http://jvn.jp/cert/JVNVU377475/index.html<br /><br />JVNVU#585859 Apple Safari における複数の脆弱性に対するアップデート<br />http://jvn.jp/cert/JVNVU585859/index.html<br /><br />JVNVU#971123 Apple Mac OS Xにおける複数の脆弱性に対するアップデート<br />http://jvn.jp/cert/JVNVU971123/index.html<br /><br />JVNVU#727187 Apple TV における複数の脆弱性に対するアップデート<br />http://jvn.jp/cert/JVNVU727187/index.html<br /><br />JVNVU#177979 Apple iOS における複数の脆弱性に対するアップデート<br />http://jvn.jp/cert/JVNVU177979/index.html<br /><br />JVN#07414354 DAEMON Tools におけるサービス運用妨害 (DoS) の脆弱性<br />http://jvn.jp/jp/JVN07414354/index.html<br /><br />JVN#04013920 Pligg におけるクロスサイトスクリプティングの脆弱性<br />http://jvn.jp/jp/JVN04013920/index.html<br /><br />Critical OS X Vulnerability Patched<br />http://isc.sans.edu/diary.html?storyid=11797<br /><br />Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Deny Service and Let Local Users Obtain Information<br />http://www.securitytracker.com/id/1026180<br /><br />BlackBerry Enterprise Server Collaboration Service Bug Lets Remote Users Impersonate Intra-organization Messages<br />http://www.securitytracker.com/id/1026179<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey 'Array.reduceRight()' Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48372<br /><br />Microsoft Silverlight &amp; .NET Framework Inheritance Restriction Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/49999<br /><br />Microsoft Windows Active Accessibility DLL Loading Arbitrary Code Execution Vulnerability<br />http://www.securityfocus.com/bid/49976<br /><br />Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/45015<br /><div><br /></div><br /><br /><br /><br />+ PSN-2011-10-392: Cross-site scripting injection in J-Web administrator logs<br />https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&amp;txtAlertNumber=PSN-2011-10-392&amp;viewMode=view<br /><br />+ PSN-2011-10-391: Junos kernel crash in Next-Gen MVPN scenario<br />https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&amp;txtAlertNumber=PSN-2011-10-391&amp;viewMode=view<br /><br />+? Apache APR 'apr_fnmatch()' Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47820<br /><br />++ ActivePerl 5.14.2.1402 released<br />http://www.activestate.com/activeperl/downloads<br /><br />- PHP 'grapheme_extract()' NULL Pointer Dereference Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/46429<br /><br />[ANN] Apache log4net 1.2.11 Released<br />http://logging.apache.org/log4net/release/release-notes.html<br /><br />2269637: セキュリティで保護されていないライブラリのロードにより、リモートでコードが実行される<br />http://technet.microsoft.com/ja-jp/security/advisory/2269637<br /><br />Cisco Security Response: Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability<br />http://www.cisco.com/en/US/products/products_security_response09186a0080b98d0b.html<br /><br />Sybase IQが、IMJのSaaS型インハウスSEOツール「MTL KEYWORDS」のデータベースとして採用<br />http://www.sybase.jp/detail?id=1095188&amp;contentOnly=true<br /><br />New Insider Threat Demonstration Series Launched<br />http://www.cert.org/insider_threat/demonstrations/ITDS01.mp4<br /><br />Insider Threat Control Technical Note Released<br />http://www.cert.org/archive/pdf/11tn024.pdf<br /><br />FFRが標的型攻撃マルウエアの有無を検査するサービスを開始<br />http://itpro.nikkeibp.co.jp/article/NEWS/20111012/370599/?ST=security<br /><br />エフセキュアがセキュリティソフトの新バージョンを発表<br />http://itpro.nikkeibp.co.jp/article/NEWS/20111012/370555/?ST=security<br /><br />Critical Control 8 - Controlled Use of Administrative Privileges<br />http://isc.sans.edu/diary.html?storyid=11794<br /><br />Apple Safari Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Execute Arbitrary Code, and Bypass Cookie Restrictions<br />http://www.securitytracker.com/id/1026178<br /><br />SilverStripe URL Cross-Site Scripting Vulnerability<br />http://secunia.com/advisories/46390/<br /><br />ManageEngine ADSelfService Plus Security Bypass Vulnerability<br />http://secunia.com/advisories/46381/<br /><br />SUSE update for libqt4<br />http://secunia.com/advisories/46371/<br /><br />Contao URL "getPageIdFromURL()" Cross-Site Scripting Vulnerability<br />http://secunia.com/advisories/46396/<br /><br />Hitachi JP1/Cm2/Network Node Manager Unspecified Vulnerabilities<br />http://secunia.com/advisories/46411/<br /><br />WordPress Light Post Plugin "abspath" File Inclusion Vulnerability<br />http://secunia.com/advisories/46422/<br /><br />SUSE update for Qt<br />http://secunia.com/advisories/46410/<br /><br />Google App Engine SDK for Python Cross-Site Request Forgery Vulnerability<br />http://secunia.com/advisories/46357/<br /><br />SUSE update for tomcat5<br />http://secunia.com/advisories/46407/<br /><br />MyBB MyStatus Plugin "statid" SQL Injection Vulnerability<br />http://secunia.com/advisories/46360/<br /><br />BlackBerry Enterprise Server Instant Messaging User Impersonation Vulnerability<br />http://secunia.com/advisories/46370/<br /><br />Apple iTunes Multiple Vulnerabilities<br />http://secunia.com/advisories/46339/<br /><br />POSH Cross-Site Scripting and File Inclusion Vulnerabilities<br />http://secunia.com/advisories/46354/<br /><br />Red Hat update for kdelibs<br />http://secunia.com/advisories/46383/<br /><br />DMXready Polling Booth Manager SQL Injection<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8452<br /><br />iJoomla Magazine 3.0.1 Remote File Inclusion<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8451<br /><br />A-Blog v2.0 (sources/search.php) SQL Injection Exploit<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8450<br /><br />ColdGen - coldbookmarks v1.22 Remote 0day SQL Injection vulnerability<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8449<br /><br />ColdUserGroup 1.06 Blind SQL Injection<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8448<br /><br />PHP Classifieds ADS Blind SQL Injection<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8447<br /><br />UCenter Home 2.0 -(0day) Remote SQL Injection Vulnerability<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8446<br /><br />ColdGen - coldcalender v2.06 Remote 0day SQL Injection<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8445<br /><br />Mechbunny PaysiteReviewCMS Permanent XSS Vulnerabilities<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8444<br /><br />Virtue Shopping Mall (detail.php prodid) SQL Injection Vulnerability<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8443<br /><br />Zenphoto 1.3 Security problems<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8442<br /><br />CubeCart 4.3.3 SQL Injection and XSS<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8441<br /><br />Joomla Component Clantools version 1.2.3 Multiple Blind SQL Injection Vulnerability<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8440<br /><br />MySource Matrix 3.28.3 (height) Remote Reflected XSS Vulnerability<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8439<br /><br />CMS WebManager-Pro Vulnerabilities<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8438<br /><br />chillyCMS Multiple Vulnerabilities<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8437<br /><br />HINNENDAHL.COM Gaestebuch 1.2 Remote File Inclusion Vulnerability<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8436<br /><br />MODx Revolution 2.0.2-pl Reflected Cross-site Scripting<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8435<br /><br />Auto CMS XSS vulnerability<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8434<br /><br />ApPHP Calendar XSS CSRF<span class="Apple-tab-span" style="white-space: pre;"> </span><br />http://securityreason.com/securityalert/8433<br /><br />REMOTE: Mozilla Firefox Array.reduceRight() Integer Overflow Exploit<br />http://www.exploit-db.com/exploits/17974/<br /><br />Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1985) Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/49968<br /><br />AzeoTech DAQFactory Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48955<br /><br />Microsoft Windows Kernel 'Win32k.sys' TrueType Font File Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49973<br /><br />Microsoft Windows Kernel '.fon' Font File Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/49975<br /><br />Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-2011) Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/49981<br /><br />Microsoft Internet Explorer Virtual Function Table CVE-2011-2001 Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49966<br /><br />Microsoft Windows AFD Driver CVE-2011-2005 Local Privilege Escalation Vulnerability<br />http://www.securityfocus.com/bid/49941<br /><br />Microsoft Internet Explorer Body Element CVE-2011-2000 Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49965<br /><br />Microsoft Internet Explorer Select Element CVE-2011-1999 Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49964<br /><br />Microsoft Internet Explorer Option Element CVE-2011-1996 Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49961<br /><br />Microsoft Internet Explorer 'Jscript9.dll' CVE-2011-1998 Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49963<br /><br />Microsoft Internet Explorer 'OLEAuto32.dll' CVE-2011-1995 Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49960<br /><br />Microsoft Internet Explorer Uninitalized Object CVE-2011-1993 Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49947<br /><br />Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/39635<br /><br />Microsoft Internet Explorer OnLoad Event CVE-2011-1997 Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/49962<br /><br />Apple QuickTime CVE-2011-0252 STTS Atoms Heap Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/49038<br /><br />PHP 'OpenSSL' Extension Multiple Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/46977<br /><br />Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability<br />http://www.securityfocus.com/bid/46767<br /><br />PHP 'Intl' Extension 'NumberFormatter::setSymbol()' Function Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/46968<br /><br />WebKit 'libxslt' Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48840<br /><br />Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/49279<br /><br />Webkit Address Bar URI Spoofing Vulnerability<br />http://www.securityfocus.com/bid/47020<br /><br />Google Chrome Prior to 13.0.782.107 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/48960<br /><br />Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/49658<br /><br />WebKit 'HTML5' Drag and Drop Cross-Origin Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/46811<br /><br />PHP 'Zip' Extension 'zip_fread()' Function Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/46975<br /><br />WebKit Embedded URL Cross Domain Scripting Vulnerability<br />http://www.securityfocus.com/bid/48859<br /><br />Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities<br />http://www.securityfocus.com/bid/41544<br /><br />Apache Tomcat SecurityManager Security Bypass Vulnerability<br />http://www.securityfocus.com/bid/46177<br /><br />Apache Tomcat HTML Manager Interface HTML Injection Vulnerability<br />http://www.securityfocus.com/bid/46174<br /><br />FreeType 'src/psaux/t1decode.c' Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/48619<br /><br />Apache Tomcat NIO Connector Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/46164<br /><br />WebKit CVE-2011-1797 Memory Corruption Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48858<br /><br />Google Chrome Prior to 12.0.742.112 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/48479<br /><br />ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/45133<br /><br />Apache APR 'apr_fnmatch()' Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/47820<br /><br />Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/49303<br /><br />Python 'audioop' Module Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/40370<br /><br />ISC BIND 9 Unspecified Packet Processing Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48566<br /><br />WebKit CVE-2011-1457 Memory Corruption Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48856<br /><br />WebKit CVE-2011-1462 Memory Corruption Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48857<br /><br />WebKit CVE-2011-1453 Memory Corruption Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48855<br /><br />PHP 'Zip' Extension 'stream_get_contents()' Function Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/46969<br /><br />PHP Stream Component Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/46970<br /><br />Google Chrome Prior to 11.0.696.57 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/47604<br /><br />WebKit MathML Tags Use-After-Free Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48824<br /><br />Google Chrome Prior to 10.0.648.204 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/47029<br /><br />WebKit CVE-2011-1288 Memory Corruption Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48854<br /><br />WebKit CVE-2011-0222 Memory Corruption Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48844<br /><br />WebKit CVE-2011-0225 Memory Corruption Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48845<br /><br />WebKit CVE-2011-0232 Memory Corruption Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48846<br /><br />WebKit FrameOwner Element Memory Corruption Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48847<br /><br />WebKit Malformed XHTML Tags Use After Free Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/48823<br /><br />WebKit CVE-2011-0235 Memory Corruption Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48848<br /><br />WebKit CVE-2011-0238 Memory Corruption Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48850<br /><br />WebKit CVE-2011-0255 Memory Corruption Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48853<br /><br />WebKit 'NamedNodeMap.cpp' Memory Corruption Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48852<br /><br />Google Chrome prior to 9.0.597.94 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/46262<br /><br />WebKit Multiple Unspecifeid Remote Code Execution Vulnerabilities<br />http://www.securityfocus.com/bid/50066<br /><br />Google Chrome prior to 10.0.648.127 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/46785<br /><br />Google Chrome prior to 9.0.597.107 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/46614<br /><br />WebKit CVE-2011-0221 Memory Corruption Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48843<br /><br />WebKit CVE-2011-0218 Memory Corruption Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/48842<br /><br />Apple Mac OS X Quicklook Office File Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/48440<br /><br />Apple Mac OS X QuickLook Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/46965<br /><br />Apple Mac OS X IPV6 Socket Options (CVE-2010-1132) Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48422<br /><br />Apple Mac OS X QuickTime Cross Domain Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/46992<br /><br />Apple Mac OS X ICU (CVE-2011-0206) Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/48429<br /><br />Mozilla Firefox/Thunderbird/SeaMonkey CVE-2011-3232 YARR Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/49850<br /><br />libTIFF CCITT Group 4 Encoded TIFF Image Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/46658<br /><br />Apple Safari ImageIO TIFF Image Handling Heap Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/48833<br /><br />SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability<br />http://www.securityfocus.com/bid/49778<br /><br />PHP 'shmop_read()' Remote Integer Overflow Vulnerability<br />http://www.securityfocus.com/bid/46786<br /><br />PHP Exif Extension 'exif_read_data()' Function Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/46365<br /><br />PHP 'phar/phar_object.c' Format String Vulnerability<br />http://www.securityfocus.com/bid/46854<br /><br />OTRS Unspecified Remote Command Execution Vulnerability<br />http://www.securityfocus.com/bid/46947<br /><br />libzip '_zip_name_locate()' NULL Pointer Dereference Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/46354<br /><br />PHP 'grapheme_extract()' NULL Pointer Dereference Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/46429<br /><br />PHP 'zend_strtod()' Function Floating-Point Value Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/45668<br /><br />PHP 'open_basedir' Security-Bypass Vulnerability<br />http://www.securityfocus.com/bid/44723<br /><br />GNU Mailman 'Full name' Field Multiple Cross Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/46464<br /><br />ISC BIND Key Algorithm Rollover Security Vulnerability<br />http://www.securityfocus.com/bid/45137<br /><br />ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability<br />http://www.securityfocus.com/bid/37118<br /><br />ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability<br />http://www.securityfocus.com/bid/37865<br /><br />Apple Mac OS X CoreFoundation (CVE-2011-0259) Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/50067<br /><br />Python 'urllib' and 'urllib2' Modules Information Disclosure and Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/47024<br /><br />Apple Mac OS X CoreMedia H.264 Encoded Movie Files Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/50068<br /><br />Python 'audioop' Module Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/40863<br /><br />libpng Buffer Overflow and Denial of Service Vulnerabilities<br />http://www.securityfocus.com/bid/48660<br /><br />jabberd XML Parsing Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48250<br /><br />ISC BIND 9 Large RRSIG RRsets Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48007<br /><br />libpng PNG File Denial Of Service Vulnerability<br />http://www.securityfocus.com/bid/48618<br /><br />Apple Mobile OfficeImport Framework Excel Record Memory Corruption Vulnerability<br />http://www.securityfocus.com/bid/44799<br /><br />Apple Mac OS X QuickLook Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/44812<br /><br />Apple Mobile Safari for iOS 4.2.1 Unspecified Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/46832<br /><br />Linux Kernel TCP Sequence Number Generation Security Weakness<br />http://www.securityfocus.com/bid/49289<br /><br />Linux Kernel Generic Receive Offload (GRO) CVE-2011-2723 Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48929<br /><br />Samba 'etc/mtab' File Appending Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49939<br /><br />Adobe Flash Media Server NULL Pointer Dereference Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49103<br /><br />Samba 'client/mount.cifs.c' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/38326<br /><br />OPC Systems.NET RPC Packet Remote Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50047<br /><br />Linux Kernel 'drivers/media/radio/si4713-i2c.c' Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/48804<br /><br />Linux Kernel 'fs/befs/linuxvfs.c' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49256<br /><br />Linux Kernel 'inet_diag_bc_audit()' Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48333<br /><br />Linux kernel l2cap Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/48472<br /><br />Linux Kernel 'CIFSFindNext()' Function Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/49295<br /><br />Linux Kernel EFI Partition Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/47796<br /><br />Linux Kernel EXT4 Extent Format File Local Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/48697<br /><br />Google App Engine SDK Cross Site Request Forgery Vulnerability And Command Execution Weaknesses<br />http://www.securityfocus.com/bid/50075<br /><br />TUGZip ZIP File Remote Buffer Overflow Vulnerability<br />http://www.securityfocus.com/bid/31913<br /><br />Joomla! JCE Component Multiple Directory Traversal Vulnerabilities<br />http://www.securityfocus.com/bid/49338<br /><br />Microsoft Publisher '.pub' File 'pubconv.dll' Memory Corruption Remote Code Execution Vulnerability<br />http://www.securityfocus.com/bid/50090<br /><br />Apple Safari Prior to 5.1.1 Multiple Security Vulnerabilities<br />http://www.securityfocus.com/bid/50089<br /><br />WebKit Inactive DOM Windows Cross Domain Scripting Vulnerability<br />http://www.securityfocus.com/bid/50088<br /><br />Apple Kernel TCP Exhaustion Denial of Service Vulnerability<br />http://www.securityfocus.com/bid/50087<br /><br />Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities<br />http://www.securityfocus.com/bid/50086<br /><br />Cisco TelePresence Video Communication Server 'User-Agent' HTTP Header HTML Injection Vulnerability<br />http://www.securityfocus.com/bid/50084<br /><br />BugFree Multiple Cross Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/50083<br /><br />WordPress GD Star Rating Plugin 'de' Parameter SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50082<br /><br />Filmis SQL Injection and Cross Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/50081<br /><br />WordPress Light Post Plugin 'abspath' Parameter Remote File Include Vulnerability<br />http://www.securityfocus.com/bid/50080<br /><br />Hitachi JP1/Cm2/Network Node Manager Multiple Unspecified Remote Vulnerabilities<br />http://www.securityfocus.com/bid/50079<br /><br />Honeywell EBI TEMA Remote Installer ActiveX Control Arbitrary File Download Vulnerability<br />http://www.securityfocus.com/bid/50078<br /><br />POSH Local File Include and Cross Site Scripting Vulnerabilities<br />http://www.securityfocus.com/bid/50077<br /><br />MyBB MyStatus 'statid' Parameter SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50073<br /><br />Joomla! Sgicatalog Component 'id' Parameter SQL Injection Vulnerability<br />http://www.securityfocus.com/bid/50072<br /><div><br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/271993289796750713-7514998659954159210?l=isneophyte.blogspot.com' alt='' /></div>Bouno Tokyonoreply@blogger.com0tag:blogger.com,1999:blog-271993289796750713.post-69890905822991155562011-10-12T11:56:00.001+09:002011-10-12T11:56:29.795+09:00<br />About the security content of iTunes 10.5<br />http://support.apple.com/kb/HT4981<br /><div><br /></div><div>上記 URL の iTunes のセキュリティアップデートの翻訳</div><div><br /></div><div><pre wrap="">1) CoreFoundation<br />　文字列のトークン化の取り扱いの際にメモリ破壊が発生することが原因で、中間者攻撃を許しアプリケーションが異常終了したり任意のコードを実行される脆弱性。(CVE-2011-0259)<br /><br />2) ColorSync<br />　埋め込み ColorSync プロファイルを持つ画像を取り扱い際に整数オーバーフローが発生することが原因で、アプリケーションが異常終了したり任意のコードを実行される脆弱性。(CVE-2011-0200)<br /><br />3) CoreAudio<br />　拡張音声コードでエンコードされた音声ストリームを取り扱う際にバッファオーバーフローが発生することが原因で、アプリケーションが異常終了したり任意のコードを実行される脆弱性。(CVE-2011-3252)<br /><br />4) CoreMedia<br />　H.264 エンコードされた動画ファイルを取り扱う際にバッファオーバーフローが発生することが原因で、アプリケーションが異常終了したり任意のコードを実行される脆弱性。(CVE-2011-3219)<br /><br />5) ImageIO<br />　ImageIO が TIFF 画像を取り扱う際にヒープオーバーフローが発生することが原因で、アプリケーションが異常終了したり任意のコードを実行される脆弱性。(CVE-2011-0204)<br /><br />6) ImageIO<br />　ImageIO が TIFF 画像を取り扱う際に再入可能問題が存在することが原因で、アプリケーションが異常終了したり任意のコードを実行される脆弱性。(CVE-2011-0215)<br /><br />7) WebKit<br />　WebKit に存在する複数のメモリ破壊が原因で、中間者攻撃を許しアプリケーションが異常終了したり任意のコードを実行される脆弱性。(CVE-2010-1823, CVE-2011-0164, CVE-2011-0218, CVE-2011-0221, CVE-2011-0222, CVE-2011-0223, CVE-2011-0225, CVE-2011-0232, CVE-2011-0233, CVE-2011-0234, CVE-2011-0235, CVE-2011-0237, CVE-2011-0238, CVE-2011-0240, CVE-2011-0253, CVE-2011-0254, CVE-2011-0255, CVE-2011-0981, CVE-2011-0983, CVE-2011-1109, CVE-2011-1114, CVE-2011-1115, CVE-2011-1117, CVE-2011-1121, CVE-2011-1188, CVE-2011-1203, CVE-2011-1204, CVE-2011-1288, CVE-2011-1293, CVE-2011-1296, CVE-2011-1440, CVE-2011-1449, CVE-2011-1451, CVE-2011-1453, CVE-2011-1457, CVE-2011-1462, CVE-2011-1797, CVE-2011-2338, CVE-2011-2339, CVE-2011-2341, CVE-2011-2351, CVE-2011-2352, CVE-2011-2354, CVE-2011-2356, CVE-2011-2359, CVE-2011-2788, CVE-2011-2790, CVE-2011-2792, CVE-2011-2797, CVE-2011-2799, CVE-2011-2809, CVE-2011-2811, CVE-2011-2813, CVE-2011-2814, CVE-2011-2815, CVE-2011-2816, CVE-2011-2817, CVE-2011-2818, CVE-2011-2820, CVE-2011-2823, CVE-2011-2827, CVE-2011-2831, CVE-2011-3232, CVE-2011-3233, CVE-2011-3234, CVE-2011-3235, CVE-2011-3236, CVE-2011-32