□セキュリティホール情報

■SIDfm - セキュリティ情報提供サービス

BNC の getnickuserhost() 関数にバッファオーバーフローの問題
Winamp の IN_CDDA.dll に任意のコードを実行される問題
Sun Java プラグインにリモートから権限を昇格される問題
Apple iCal アラーム追加時にユーザに通知されない問題

■Secunia - Security and Virus Information

WinFTP Server Clear Text User Credential Disclosure
RediCart Exposure of Configuration File
PHPNews "mid" Parameter SQL Injection Vulnerability
Gentoo prozilla Multiple Buffer Overflow Vulnerabilities
ProZilla Multiple Buffer Overflow Vulnerabilities
Soldier of Fortune II Buffer Overflow Vulnerability
SugarCRM Unspecified Security Issues
KorWeblog "path" Directory Listing Information Disclosure Weakness
JSPWiki "query" Parameter Cross-Site Scripting Vulnerability
Zwiki Link Script Insertion Vulnerability
ZyXEL Prestige Routers Unprotected Reset Functionality
Halo Client Server List Browsing Denial of Service Vulnerability
W-Channel TC-IDE Shell Command Injection Vulnerabilities
PHPKIT SQL injection and Cross-Site Scripting Vulnerabilities
wmFrog Insecure Temporary File Creation Vulnerability
CoffeeCup Direct/Free FTP ActiveX Component Buffer Overflow Vulnerability
pdftohtml Multiple PDF Document Handling Vulnerabilities
Prevx Home Intrusion Prevention Feature Bypass Vulnerability
Apple iCal Calendar Alarm Program Execution Vulnerability
SecureCRT Arbitrary Configuration Folder Specification Vulnerability
Cyrus IMAP Server Multiple Vulnerabilities
Sun Java Plug-in Sandbox Security Bypass Vulnerability
wodFtpDLX ActiveX Component Buffer Overflow Vulnerability
Winamp "IN_CDDA.dll" Buffer Overflow Vulnerability
Fastream NETFile FTP/Web Server Multiple HEAD Requests Denial of Service
F-Secure Products Zip Archive Virus Detection Bypass Vulnerability
SecretSanta Security Bypass Vulnerability

■SecurityFocus

SecurityFocus Newsletter #276
SecurityFocus Microsoft Newsletter #216
SecurityFocus Linux Newsletter #211
SecurityFocus Newsletter #266 2004-9-6->2004-9-10 日本語版
WinampにリモートDoS攻撃の脆弱性

■US-CERT

US-CERT Cyber Security Bulletin SB04-329 -- Summary of Security Items from November 17 through November 23, 2004

■JPCERT/CC

JPCERT/CC REPORT 2004-11-25
[1] Samba 3.0.x のバッファオーバーフローの脆弱性
[2] sudo の脆弱性
[3] TWiki の脆弱性
[4] Internet Week 2004 参加申込について

■e-matters : e-matters

Cyrus IMAP Serverに複数のリモート脆弱性

■情報元

セキュリティ情報
SIDfm - セキュリティ情報提供サービス