今日のセキュリティホール情報
□セキュリティホール情報
■NetSecurity
NetSecurity - セキュリティホール情報<2005/07/11>
NetSecurity - セキュリティホール情報<2005/07/08>
NetSecurity - 7月8日のWeb改竄情報
NetSecurity - 7月11日のWeb改竄情報
NetSecurity - 京葉ガスの子会社、328件の顧客情報を記載した書類が盗難被害に
■SIDfm - セキュリティ情報提供サービス
Linux Kernel の IA32 互換の execve() にバッファオーバーフローの問題
Bugzilla にプライベートのバグの概要や、非公開のバグの概要が漏洩する問題
Ettercap にフォーマットストリング攻撃を受ける問題
fuse に情報漏えいの問題
HT Editor の ELF/PE 解析処理に任意のコードを実行される問題
Bugzilla にプライベートのバグの概要や、非公開のバグの概要が漏洩する問題
■Secunia - Security and Virus Information
2005-07-11
Gentoo update for phpwebsite
Debian update for hteditor
Gentoo update for acroread
Debian update for fuse
Trustix update for zlib
SPiD "lang_path" File Inclusion Vulnerability
Bugzilla Two Information Disclosure Vulnerabilities
AIX ftpd Unspecified Denial of Service Vulnerability
Red Hat update for Adobe Acrobat Reader
SUSE update for php/pear XML::RPC
Slackware update for zlib
DownloadProtect "file" Disclosure of Sensitive Information
Debian update for drupal
phpWebSite PEAR XML_RPC PHP Code Execution
Debian update for ettercap
Debian update for egroupware
Debian update for ruby1.8
Gentoo update for phpgroupware/egroupware
Backup Manager Unspecified Insecure Temporary File Creation
MMS Ripper MMST Streams Buffer Overflow Vulnerability
Debian update for dhcpcd
MMS Ripper MMST Streams Buffer Overflow Vulnerability
Debian update for dhcpcd
dhcpcd Denial of Service Vulnerability
Linux Kernel IA32 Compatibility "execve()" Buffer Overflow
Id Board free "f" SQL Injection Vulnerability
eTrust SiteMinder Cross-Site Scripting Vulnerabilities
2005-07-08
Capturix ScanShare Exposure of Configuration Password
phpSecurePages "cfgProgDir" File Inclusion Vulnerability
Debian update for cvs
PunBB SQL Injection and PHP Code Execution Vulnerabilities
pngcntrp "kaiseki.cgi" Shell Command Injection Vulnerability
Lantronix SecureLinx SLC Console Manager File Download Vulnerability
OpenBSD update for zlib
Interspire ArticleLive 2005 "Username" Cross-Site Scripting Vulnerability
Novell Netmail Script Insertion Vulnerability
phpWebSite SQL Injection and Disclosure of Sensitive Information
Ampache XML-RPC PHP Code Execution Vulnerability
Simple PHP Blog Exposure of User Credentials
IBM Tivoli Management Framework Endpoint Denial of Service
phpSlash "author_id" User Profile Manipulation Vulnerability
Red Hat update for php
■SecurityFocus
SecurityFocus Newsletter #283 2005-01-03->2005-01-07
SecurityFocus Newsletter #284 2005-01-10->2005-01-14
■N.S.L. Security Report
■FrSIRT
08.07.2005 : Interspire ArticleLive 2005 Cross-Site Scripting Vulnerability
08.07.2005 : PhpAuction SQL Injection and Cross Site Scripting Vulnerabilities
08.07.2005 : PunBB Remote SQL Injection and Local File Inclusion Vulnerabilities
08.07.2005 : IBM AIX Ftpd Ephemeral Ports Remote Denial of Service Vulnerability
08.07.2005 : IBM Tivoli Management Framework Endpoint Denial of Service Issue
11.07.2005 : phpWebSite XML-RPC Library Remote Code Execution Vulnerability
11.07.2005 : Id Board Free "f" Parameter Remote SQL Injection Vulnerability
11.07.2005 : Lantronix SecureLinx SLC Remote File Disclosure Vulnerability
11.07.2005 : phpWishlist "login.php" Administrative Access Security Bypass
11.07.2005 : Pngren "kaiseki.cgi" Remote Command Execution Vulnerability
11.07.2005 : PhotoGal "news_file" Remote PHP File Inclusion Vulnerability
11.07.2005 : MailEnable Multiple Remote Denial of Service Vulnerabilities
11.07.2005 : Bugzilla Security Bypass and Information Disclosure Vulnerabilities
11.07.2005 : Netegrity SiteMinder Multiple Cross Site Scripting Vulnerabilities
11.07.2005 : SPiD "lang_path" Remote PHP File Inclusion Vulnerability
11.07.2005 : Dhcpcd "client.c" Remote Denial of Service Vulnerability
11.07.2005 : MMS Ripper (MMSRIP) MMST Streams Heap Overflow Vulnerability
11.07.2005 : Linux Kernel IA32 Compatibility "execve()" Buffer Overflow Issue
■US-CERT
US-CERT Technical Cyber Security Alert TA05-189A -- Targeted Trojan Email Attacks
■CIAC
P-240 ht (Released 07/08/2005)
P-241 PHP Security Update (Released 07/08/2005)
P-242 Adobe Reader Vulnerability (Released 07/11/2005)
P-243 'ruby 1.8' Vulnerability (Released 07/11/2005)
■情報元
情報セキュリティニュース / Computer Security News
セキュリティ情報
Stressful Angel
