http://vrda.jpcert.or.jp/feed/en/atom.xml VRDA (Vulnerability Response Decision Assistance) Feed provides well-formatted analysis information on vulnerabilities for helping to make response decisions. These analysis information are provided in the two different formats: HTML for easy viewing and XML for automated processing. 2011-12-31T20:16:11+09:00 JPCERT Coordination Center kengine@jpcert.or.jp http://www.jpcert.or.jp/ 7246 1 http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5033_AD_1.html 2011-12-29T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service (crash) via a long string in an admin.list file.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5033_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5033 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4462_AD_1.html 2011-12-30T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4462_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4462 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4885_AD_1.html 2011-12-30T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4885_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4885 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4815_AD_1.html 2011-12-30T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4815_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4815 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4838_AD_1.html 2011-12-30T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4838_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4838 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3415_AD_1.html 2011-12-30T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3415_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-3415 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4461_AD_1.html 2011-12-30T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4461_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4461 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3417_AD_1.html 2011-12-30T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3417_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-3417 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4084_AD_1.html 2011-12-30T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 does not properly handle a large number of form parameters, which might allow remote attackers to cause a denial of service (CPU consumption) via a request that triggers storage of many parameters in a hash table.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4084_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4084 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3416_AD_1.html 2011-12-30T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3416_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-3416 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3414_AD_1.html 2011-12-30T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3414_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-3414 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5021_AD_2.html 2011-12-29T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service (ReDoS) filters, which allows remote attackers to bypass rulesets and add PHP sequences to a file via unspecified vectors.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5021_AD_2.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5021 2 Advisory 2 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5037_AD_1.html 2011-12-30T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5037_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5037 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5036_AD_1.html 2011-12-30T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5036_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5036 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5032_AD_1.html 2011-12-29T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD WMDrive.sys 3.4.181.224 in WinMount 3.5.1018 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted 0x87342000 IOCTL request to the WMDriver device.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5032_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5032 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5030_AD_1.html 2011-12-29T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, probably related to "names of entity bundles."<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5030_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5030 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5027_AD_1.html 2011-12-29T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5027_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5027 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5034_AD_1.html 2011-12-30T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5034_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5034 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5029_AD_1.html 2011-12-29T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.7.0 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry parameter to delete.php or (2) category parameter to index.php.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5029_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5029 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4615_AD_1.html 2011-12-29T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) maintenance.php.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4615_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4615 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5035_AD_1.html 2011-12-30T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD Oracle Glassfish 3.1.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5035_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5035 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5028_AD_1.html 2011-12-29T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5028_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5028 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5031_AD_1.html 2011-12-29T00:00:00+09:00 2011-12-30T00:00:00+09:00 NIST NVD Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalidatepassword in cApexWEB 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) dfuserid and (2) dfpassword parameters. NOTE: some of these details are obtained from third party information.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5031_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5031 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5023_AD_1.html 2011-12-29T00:00:00+09:00 2011-12-29T00:00:00+09:00 NIST NVD Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the search program, a different vulnerability than CVE-2011-3986.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5023_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5023 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5021_AD_1.html 2011-12-29T00:00:00+09:00 2011-12-29T00:00:00+09:00 NIST NVD PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service (ReDoS) filters, which allows remote attackers to bypass rulesets and add PHP sequences to an arbitrary file via unspecified vectors.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5021_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5021 2 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4165_AD_1.html 2011-12-29T00:00:00+09:00 2011-12-29T00:00:00+09:00 NIST NVD Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1263.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4165_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4165 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4164_AD_1.html 2011-12-29T00:00:00+09:00 2011-12-29T00:00:00+09:00 NIST NVD Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1214.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4164_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4164 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4163_AD_1.html 2011-12-29T00:00:00+09:00 2011-12-29T00:00:00+09:00 NIST NVD Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4163_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4163 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5025_AD_1.html 2011-12-29T00:00:00+09:00 2011-12-29T00:00:00+09:00 NIST NVD Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5025_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5025 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5022_AD_1.html 2011-12-29T00:00:00+09:00 2011-12-29T00:00:00+09:00 NIST NVD SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5022_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5022 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5026_AD_1.html 2011-12-29T00:00:00+09:00 2011-12-29T00:00:00+09:00 NIST NVD Cross-site scripting (XSS) vulnerability in Winn GuestBook before 2.4.8d allows remote attackers to inject arbitrary web script or HTML via the name parameter.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5026_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5026 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003556_AD_1.html 2011-12-28T16:47:56+09:00 2011-12-28T16:47:56+09:00 JVN iPedia IDA Pro の IDAPython プラグインには、任意のコードを実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003556_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003556 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003555_AD_1.html 2011-12-28T16:44:29+09:00 2011-12-28T16:44:29+09:00 JVN iPedia NVIDIA Stereoscopic 3D ドライバは、名前付きパイプへ送られたコマンドを適切に処理しないため、権限を取得される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003555_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003555 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003554_AD_1.html 2011-12-28T16:40:58+09:00 2011-12-28T16:40:58+09:00 JVN iPedia WordPress 用の WP Symposium プラグインの uploadify/get_profile_avatar.php には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003554_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003554 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003553_AD_1.html 2011-12-28T16:40:17+09:00 2011-12-28T16:40:17+09:00 JVN iPedia IBM Lotus Domino の認証機能には、サービス運用妨害 (デーモンクラッシュ) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003553_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003553 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003552_AD_1.html 2011-12-28T15:58:39+09:00 2011-12-28T15:58:39+09:00 JVN iPedia 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) には、バッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003552_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003552 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003551_AD_1.html 2011-12-28T15:57:23+09:00 2011-12-28T15:57:23+09:00 JVN iPedia 7-Technologies (7T) の Interactive Graphical SCADA System (IGSS) には、バッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003551_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003551 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2010-002874_AD_1.html 2011-12-28T15:55:33+09:00 2011-12-28T15:55:33+09:00 JVN iPedia WellinTech KingView 内の HistorySvr.exe (HistoryServer.exe) の nettransdll.dll には、ヒープベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2010-002874_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002874 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003550_AD_1.html 2011-12-28T15:53:07+09:00 2011-12-28T15:53:07+09:00 JVN iPedia HP Managed Printing Administration には、重要な情報を取得される、データを変更される、またはサービス運用妨害 (DoS) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003550_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003550 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003549_AD_1.html 2011-12-28T15:51:16+09:00 2011-12-28T15:51:16+09:00 JVN iPedia HP Managed Printing Administration の hpmpa/jobDelivery/Default.asp には、ディレクトリトラバーサルの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003549_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003549 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003548_AD_1.html 2011-12-28T15:50:37+09:00 2011-12-28T15:50:37+09:00 JVN iPedia HP Managed Printing Administration の MPAUploader.dll には、スタックベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003548_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003548 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003547_AD_1.html 2011-12-28T15:49:19+09:00 2011-12-28T15:49:19+09:00 JVN iPedia HP Managed Printing Administration の MPAUploader.Uploader.1.UploadFiles メソッドには、ディレクトリトラバーサルの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003547_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003547 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003546_AD_1.html 2011-12-28T15:37:49+09:00 2011-12-28T15:37:49+09:00 JVN iPedia Trend Micro Control Manager の CmdProcessor.exe 内の cmdHandlerRedAlertController.dll の CGenericScheduler::AddTask 関数には、スタックベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003546_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003546 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003545_AD_1.html 2011-12-28T15:36:37+09:00 2011-12-28T15:36:37+09:00 JVN iPedia FreeBSD の telnetd の libtelnet/encrypt.c には、バッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003545_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003545 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003544_AD_1.html 2011-12-28T15:35:46+09:00 2011-12-28T15:35:46+09:00 JVN iPedia Pidgin の libpurple 内の oscar protocol プラグインの family_feedbag.c は、メッセージデータにおける UTF-8 の検証を実行しないため、サービス運用妨害 (アプリケーションクラッシュ) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003544_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003544 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003543_AD_1.html 2011-12-28T15:32:16+09:00 2011-12-28T15:32:16+09:00 JVN iPedia Mini-Stream RM-MP3 Converter には、スタックベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003543_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003543 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003542_AD_1.html 2011-12-28T15:31:40+09:00 2011-12-28T15:31:40+09:00 JVN iPedia Mini-Stream Ripper には、スタックベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003542_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003542 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003541_AD_1.html 2011-12-28T15:31:04+09:00 2011-12-28T15:31:04+09:00 JVN iPedia lighttpd の HTTP 認証機能 (http_auth.c) 内の base64_decode 関数には、整数符号エラーの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003541_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003541 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003540_AD_1.html 2011-12-28T14:30:30+09:00 2011-12-28T14:30:30+09:00 JVN iPedia QQPlayer には、スタックベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003540_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003540 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003539_AD_1.html 2011-12-28T14:29:23+09:00 2011-12-28T14:29:23+09:00 JVN iPedia QuiXplorer には、index.php の upload アクションを利用する実行可能な拡張子を持つファイルがアップロード後にアクセスされることで、任意のコードを実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003539_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003539 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003538_AD_1.html 2011-12-28T14:28:31+09:00 2011-12-28T14:28:31+09:00 JVN iPedia Joomla! 用 Fabrik (com_fabrik) コンポーネントの models/importcsv.php には、任意のコードを実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003538_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003538 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003537_AD_1.html 2011-12-28T14:27:36+09:00 2011-12-28T14:27:36+09:00 JVN iPedia Avid Media Composer の Phonetic Indexer には、スタックベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003537_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003537 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003536_AD_1.html 2011-12-28T14:24:39+09:00 2011-12-28T14:24:39+09:00 JVN iPedia Final Draft には、スタックベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003536_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003536 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003535_AD_1.html 2011-12-28T11:44:23+09:00 2011-12-28T11:44:23+09:00 JVN iPedia 複数の Attachmate Reflection で使用される Reflection FTP クライアント (rftpcom.dll) には、ヒープベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003535_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003535 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003534_AD_1.html 2011-12-28T11:41:19+09:00 2011-12-28T11:41:19+09:00 JVN iPedia xt:Commerce には、クロスサイトリクエストフォージェリの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003534_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003534 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003533_AD_1.html 2011-12-28T11:40:28+09:00 2011-12-28T11:40:28+09:00 JVN iPedia Ctek SkyRouter の apps/a3/cfg_ethping.cgi には、任意のコマンドを実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003533_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003533 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003532_AD_1.html 2011-12-28T11:36:37+09:00 2011-12-28T11:36:37+09:00 JVN iPedia 3S CoDeSys の Control サービス内にある CmpWebServer.dll モジュールには、サービス運用妨害 (NULL ポインタデリファレンス) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003532_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003532 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003531_AD_1.html 2011-12-28T11:35:22+09:00 2011-12-28T11:35:22+09:00 JVN iPedia 3S CoDeSys の GatewayService コンポーネントには、整数オーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003531_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003531 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003530_AD_1.html 2011-12-28T11:34:30+09:00 2011-12-28T11:34:30+09:00 JVN iPedia 3S CoDeSys の CmpWebServer コンポーネントには、スタックベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003530_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003530 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003529_AD_1.html 2011-12-28T11:31:34+09:00 2011-12-28T11:31:34+09:00 JVN iPedia Wuzly の管理機能には、認証を回避される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003529_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003529 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003528_AD_1.html 2011-12-28T11:31:02+09:00 2011-12-28T11:31:02+09:00 JVN iPedia Wuzly には、SQL インジェクションの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003528_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003528 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003527_AD_1.html 2011-12-28T11:30:36+09:00 2011-12-28T11:30:36+09:00 JVN iPedia Wuzly の blog_system/data_functions.php には、ディレクトリトラバーサルの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003527_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003527 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003526_AD_1.html 2011-12-28T11:30:07+09:00 2011-12-28T11:30:07+09:00 JVN iPedia Wuzly には、クロスサイトリクエストフォージェリの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003526_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003526 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003525_AD_1.html 2011-12-28T11:29:40+09:00 2011-12-28T11:29:40+09:00 JVN iPedia Wuzly には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003525_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003525 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003524_AD_1.html 2011-12-28T11:23:47+09:00 2011-12-28T11:23:47+09:00 JVN iPedia RPM には、rpmio/rpmpgp.c の (1) regionSwab 関数、(2) headerLoad 関数、および (3) multiple 関数に関する処理に不備があるため、サービス運用妨害 (メモリ破損) 状態となる、および任意のコードを実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003524_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003524 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003523_AD_1.html 2011-12-28T11:12:57+09:00 2011-12-28T11:12:57+09:00 JVN iPedia Cyrus IMAPd の NNTP サーバ (nntpd) 内の imap/nntpd.c には、認証を回避される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003523_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003523 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003522_AD_1.html 2011-12-28T11:08:54+09:00 2011-12-28T11:08:54+09:00 JVN iPedia OpenStack Compute (Nova) には、EC2 API および S3/RegisterImage メソッドが有効であるとき、ディレクトリトラバーサルの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003522_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003522 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5001_AD_1.html 2011-12-25T00:00:00+09:00 2011-12-28T00:00:00+09:00 NIST NVD Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2009-5111_AD_1.html 2011-12-27T00:00:00+09:00 2011-12-28T00:00:00+09:00 NIST NVD GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2009-5111_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2009-5111 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2009-5110_AD_1.html 2011-12-27T00:00:00+09:00 2011-12-28T00:00:00+09:00 NIST NVD dhttpd allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2009-5110_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2009-5110 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2007-6750_AD_1.html 2011-12-27T00:00:00+09:00 2011-12-28T00:00:00+09:00 NIST NVD The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2007-6750_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2007-6750 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2010-5081_AD_2.html 2011-12-25T00:00:00+09:00 2011-12-28T00:00:00+09:00 NIST NVD Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 allows remote attackers to execute arbitrary code via a long URL in a .pls file.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2010-5081_AD_2.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-5081 2 Advisory 2 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003521_AD_1.html 2011-12-27T16:46:16+09:00 2011-12-27T16:46:16+09:00 JVN iPedia IBM Rational Rhapsody およびその他の製品で使用される Blueberry BB FlashBack の Recorder.dll に含まれる Blueberry FlashBack ActiveX コントロールは、TestCompatibilityRecordMode メソッドを適切に実装していないため、任意のコードを実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003521_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003521 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003520_AD_1.html 2011-12-27T16:45:17+09:00 2011-12-27T16:45:17+09:00 JVN iPedia IBM Rational Rhapsody およびその他の製品で使用される Blueberry BB FlashBack の Recorder.dll に含まれる Blueberry FlashBack ActiveX コントロールは、InsertMarker メソッドを適切に実装していないため、任意のコードを実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003520_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003520 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003519_AD_1.html 2011-12-27T16:44:29+09:00 2011-12-27T16:44:29+09:00 JVN iPedia IBM Rational Rhapsody およびその他の製品で使用される Blueberry BB FlashBack の Recorder.dll に含まれる Blueberry FlashBack ActiveX コントロールは、(1) Start、(2) PauseAndSave、(3) InsertMarker、および (4) InsertSoundToFBRAtMarker メソッドを適切に実装していないため、任意のコードを実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003519_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003519 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003518_AD_1.html 2011-12-27T11:17:04+09:00 2011-12-27T11:17:04+09:00 JVN iPedia Tor には、ニックネーム設定オプション無しでリレーとして構成され、ローカルホスト名をニックネームの値として使う場合、重要な情報を取得される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003518_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003518 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003517_AD_1.html 2011-12-27T11:13:42+09:00 2011-12-27T11:13:42+09:00 JVN iPedia Tor には、以前に構成され、現在は構成されていない到達可能なブリッジを使い続けることによって、重要な情報を取得される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003517_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003517 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003516_AD_1.html 2011-12-27T11:10:22+09:00 2011-12-27T11:10:22+09:00 JVN iPedia Tor には、ブリッジとして構成され、クライアントとは異なるプロセスで回路をセットアップするとき、ブリッジを列挙される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003516_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003516 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003515_AD_1.html 2011-12-27T11:06:31+09:00 2011-12-27T11:06:31+09:00 JVN iPedia Tor には、ブリッジとして構成され、ディレクトリ取得のための Tor TLS 接続の代わりに、直接的な DirPort アクセスを利用する場合、ブリッジを列挙される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003515_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003515 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003514_AD_1.html 2011-12-27T11:04:57+09:00 2011-12-27T11:04:57+09:00 JVN iPedia Tor には、ヒープベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003514_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003514 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003513_AD_1.html 2011-12-27T11:01:47+09:00 2011-12-27T11:01:47+09:00 JVN iPedia Tor は、ブリッジとして構成される場合、開始した OR 接続内のセルの Command フィールドで CREATE および CREATE_FAST の値を受け取るため、ブリッジを列挙される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003513_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003513 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003512_AD_1.html 2011-12-27T10:54:48+09:00 2011-12-27T10:54:48+09:00 JVN iPedia Tor は、クライアントまたはブリッジとして構成されるとき、OR 接続中に発信されるデータに TLS の証明書チェーンが含まれるため、匿名化のためのプロパティを無効にされる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003512_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003512 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003511_AD_1.html 2011-12-27T10:46:30+09:00 2011-12-27T10:46:30+09:00 JVN iPedia PmWiki の scripts/pagelist.php 内の PageListSort 関数には、任意のコードを実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003511_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003511 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003510_AD_1.html 2011-12-27T09:43:17+09:00 2011-12-27T09:43:17+09:00 JVN iPedia Power2Go には、バッファオーバーフローの脆弱性が存在します。 Power2Go には、プロジェクトファイルの解析処理に問題があり、バッファオーバーフローの脆弱性が存在します。 なお、本脆弱性を使用した攻撃コードが公開されています。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003510_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003510 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003509_AD_1.html 2011-12-27T09:42:42+09:00 2011-12-27T09:42:42+09:00 JVN iPedia Support Incident Tracker (SiT!) には、複数の脆弱性が存在します。 SiT! には、悪意あるファイルのアップロード、SQL インジェクション、クロスサイトスクリプティング、クロスサイトリクエストフォージェリの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003509_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003509 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3841_AD_1.html 2011-12-27T00:00:00+09:00 2011-12-27T00:00:00+09:00 NIST NVD Cross-site scripting (XSS) vulnerability in uploadify/get_profile_avatar.php in the WP Symposium plugin before 11.12.08 for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3841_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-3841 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4537_AD_1.html 2011-12-27T00:00:00+09:00 2011-12-27T00:00:00+09:00 NIST NVD Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11355 and earlier allow remote attackers to execute arbitrary code or cause a denial of service via a crafted packet to TCP port (1) 12397 or (2) 12399.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4537_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4537 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4167_AD_1.html 2011-12-27T00:00:00+09:00 2011-12-27T00:00:00+09:00 NIST NVD Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4167_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4167 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4166_AD_1.html 2011-12-27T00:00:00+09:00 2011-12-27T00:00:00+09:00 NIST NVD Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4166_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4166 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4169_AD_1.html 2011-12-27T00:00:00+09:00 2011-12-27T00:00:00+09:00 NIST NVD Unspecified vulnerability in HP Managed Printing Administration before 2.6.4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4169_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4169 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4168_AD_1.html 2011-12-27T00:00:00+09:00 2011-12-27T00:00:00+09:00 NIST NVD Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4168_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4168 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4536_AD_1.html 2011-12-27T00:00:00+09:00 2011-12-27T00:00:00+09:00 NIST NVD Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka HistoryServer.exe) in WellinTech KingView 6.53 and 65.30.2010.18018 allows remote attackers to execute arbitrary code via a crafted op-code 3 packet.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4536_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4536 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4784_AD_1.html 2011-12-27T00:00:00+09:00 2011-12-27T00:00:00+09:00 NIST NVD The NVIDIA Stereoscopic 3D driver before 7.17.12.7565 does not properly handle commands sent to a named pipe, which allows local users to gain privileges via a crafted application.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4784_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4784 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4783_AD_1.html 2011-12-27T00:00:00+09:00 2011-12-27T00:00:00+09:00 NIST NVD The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swig_runtime_data files in the current working directory.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4783_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4783 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4050_AD_1.html 2011-12-27T00:00:00+09:00 2011-12-27T00:00:00+09:00 NIST NVD Buffer overflow in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11200 allows remote attackers to cause a denial of service via a crafted packet to TCP port 12401.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4050_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4050 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003508_AD_1.html 2011-12-26T16:32:41+09:00 2011-12-26T16:32:41+09:00 JVN iPedia Sielco Sistemi Winlog PRO および Winlog Lite には、バッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003508_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003508 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003507_AD_1.html 2011-12-26T16:32:03+09:00 2011-12-26T16:32:03+09:00 JVN iPedia Moodle の Calendar コンポーネント内の calendar/set.php には、CRLF インジェクションの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003507_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003507 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003506_AD_1.html 2011-12-26T16:31:10+09:00 2011-12-26T16:31:10+09:00 JVN iPedia phpMyAdmin には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003506_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003506 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003505_AD_1.html 2011-12-26T16:30:22+09:00 2011-12-26T16:30:22+09:00 JVN iPedia phpMyAdmin の libraries/display_export.lib.php には、(1) server、(2) database、および (3) table セクションのエクスポートパネルに関する処理に不備があるため、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003505_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003505 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003504_AD_1.html 2011-12-26T16:29:36+09:00 2011-12-26T16:29:36+09:00 JVN iPedia phpMyAdmin のセットアップインターフェース内にある libraries/config/ConfigFile.class.php には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003504_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003504 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-000110_AD_1.html 2011-12-26T12:01:50+09:00 2011-12-26T12:01:50+09:00 JVN iPedia WordPress 日本語版には、クロスサイトスクリプティングの脆弱性が存在します。 WordPress.Org が提供する WordPress は、ウェブログシステムです。 WordPress 日本語版には、クロスサイトスクリプティングの脆弱性が存在します。 この脆弱性情報は、情報セキュリティ早期警戒パートナーシップに基づき下記の方が IPA に報告し、JPCERT/CC が開発者との調整を行いました。 報告者: 川原 勝広 氏、株式会社神戸デジタル・ラボ 福井 公三 氏、三井物産セキュアディレクション株式会社 吉田 裕也 氏<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-000110_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-000110 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-000109_AD_1.html 2011-12-26T12:01:21+09:00 2011-12-26T12:01:21+09:00 JVN iPedia WordPress には、任意の PHP コードが実行可能な脆弱性が存在します。 WordPress.Org が提供する WordPress は、ウェブログシステムです。 WordPress には、任意の PHP コードが実行可能な脆弱性が存在します。 この脆弱性情報は、情報セキュリティ早期警戒パートナーシップに基づき下記の方が IPA に報告し、JPCERT/CC が開発者との調整を行いました。 報告者: 三井物産セキュアディレクション株式会社 寺田 健 氏<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-000109_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-000109 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-000108_AD_1.html 2011-12-26T12:00:41+09:00 2011-12-26T12:00:41+09:00 JVN iPedia メールフォームプラグインには、クロスサイトスクリプティングの脆弱性が存在します。 メールフォームプラグインは、Movable Type 用のプラグインです。メールフォームプラグインには、クロスサイトスクリプティングの脆弱性が存在します。 この脆弱性情報は、情報セキュリティ早期警戒パートナーシップに基づき下記の方が IPA に報告し、JPCERT/CC が開発者との調整を行いました。 報告者: 株式会社　サイバーディフェンス研究所 福森 大喜 氏<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-000108_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-000108 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5011_AD_1.html 2011-12-25T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD Multiple cross-site request forgery (CSRF) vulnerabilities in xt:Commerce 3.0.4 SP2.1 and possibly earlier allow remote attackers to hijack the authentication of Amins for requests that (1) set a New user to Adim via the cID parameter to a statusconfirm action in admin/customers.php and (2) grant permissions to users via the cID parameter to a save action in admin/accounting.php.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5011_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5011 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4862_AD_1.html 2011-12-25T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, and Heimdal 1.5.1 and earlier allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4862_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4862 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5006_AD_1.html 2011-12-25T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD Stack-based buffer overflow in QQPlayer 3.2.845 allows remote attackers to execute arbitrary code via a crafted PnSize value in a MOV file.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5006_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5006 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5005_AD_1.html 2011-12-25T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension using the upload action to index.php, then accessing it via a direct request to the file in an unspecified directory.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5005_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5005 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3838_AD_1.html 2011-12-24T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to fp.php, (2) epage parameter to newpage.php, (3) epost parameter to newpost.php, and (4) username parameter to login.php in admin/; or the (5) username parameter to mobile/login.php.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3838_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-3838 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5004_AD_1.html 2011-12-25T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5004_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5004 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5003_AD_1.html 2011-12-25T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndexer.exe) in Avid Media Composer 5.5.3 and earlier allows remote attackers to execute arbitrary code via a long request to TCP port 4659.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3839_AD_1.html 2011-12-24T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3839_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-3839 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5009_AD_1.html 2011-12-25T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5009_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5009 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5008_AD_1.html 2011-12-25T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5008_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5008 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5010_AD_1.html 2011-12-25T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5010_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5010 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4362_AD_1.html 2011-12-24T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4362_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4362 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2010-5081_AD_1.html 2011-12-25T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 allows remote attackers to execute arbitrary code via a long URL in a .pls file.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2010-5081_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-5081 2 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4601_AD_1.html 2011-12-25T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4601_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4601 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3378_AD_1.html 2011-12-24T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3378_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-3378 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5002_AD_1.html 2011-12-25T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD Multiple stack-based buffer overflows in Final Draft 8 before 8.02 allow remote attackers to execute arbitrary code via a .fdx or .fdxt file with long (1) Word, (2) Transition, (3) Location, (4) Extension, (5) SceneIntro, (6) TimeOfDay, and (7) Character elements.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5012_AD_1.html 2011-12-25T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206 allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5012_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5012 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3372_AD_1.html 2011-12-24T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3372_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-3372 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3837_AD_1.html 2011-12-24T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD Directory traversal vulnerability in blog_system/data_functions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the preview parameter to index.php.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3837_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-3837 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3836_AD_1.html 2011-12-24T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD Multiple cross-site request forgery (CSRF) vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator, (2) perform cross-site scripting (XSS), (3) perform SQL injection, or have other unspecified impact via unknown vectors.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3836_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-3836 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3835_AD_1.html 2011-12-24T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD Multiple cross-site scripting (XSS) vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to (1) admin/login.php and (2) admin/404.php; the (3) q parameter to search.php; the (4) theme_name parameter to theme_settings.php, (5) extension_name parameter to extension_settings.php, (6) q parameter to search.php, (7) type parameter to comments.php, sort parameter to (8) pages.php and (9) posts.php, and the (10) type and (11) q parameter t...<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3835_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-3835 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-1388_AD_1.html 2011-12-23T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the TestCompatibilityRecordMode method, which allows remote attackers to execute arbitrary code via unspecified vectors.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-1388_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-1388 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-1391_AD_1.html 2011-12-23T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the InsertMarker method, which allows remote attackers to execute arbitrary code via unspecified vectors.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-1391_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-1391 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-1392_AD_1.html 2011-12-23T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the (1) Start, (2) PauseAndSave, (3) InsertMarker, and (4) InsertSoundToFBRAtMarker methods, which allows remote attackers to execute arbitrary code via unspecified vectors.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-1392_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-1392 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2009-5109_AD_1.html 2011-12-25T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long entry in a .pls file.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2009-5109_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2009-5109 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4596_AD_1.html 2011-12-23T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4596_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4596 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5007_AD_1.html 2011-12-25T00:00:00+09:00 2011-12-26T00:00:00+09:00 NIST NVD Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier allows remote attackers to execute arbitrary code via a long URI to TCP port 8080.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-5007_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-5007 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-2769_AD_1.html 2011-12-23T00:00:00+09:00 2011-12-23T00:00:00+09:00 NIST NVD Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-2769_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-2769 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4897_AD_1.html 2011-12-23T00:00:00+09:00 2011-12-23T00:00:00+09:00 NIST NVD Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sensitive information by reading this value.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4897_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4897 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4894_AD_1.html 2011-12-23T00:00:00+09:00 2011-12-23T00:00:00+09:00 NIST NVD Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4894_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4894 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-2768_AD_1.html 2011-12-23T00:00:00+09:00 2011-12-23T00:00:00+09:00 NIST NVD Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-2768_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-2768 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-2778_AD_1.html 2011-12-23T00:00:00+09:00 2011-12-23T00:00:00+09:00 NIST NVD Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by (1) establishing a SOCKS connection to SocksPort or (2) leveraging a SOCKS proxy configuration.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-2778_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-2778 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3990_AD_1.html 2011-12-22T00:00:00+09:00 2011-12-23T00:00:00+09:00 NIST NVD Cross-site scripting (XSS) vulnerability in plugin/comment.inc.php in PukiWiki Plus! 1.4.7plus-u2-i18n and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3990_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-3990 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4895_AD_1.html 2011-12-23T00:00:00+09:00 2011-12-23T00:00:00+09:00 NIST NVD Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easier for remote attackers to enumerate bridges by observing circuit building.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4895_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4895 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4896_AD_1.html 2011-12-23T00:00:00+09:00 2011-12-23T00:00:00+09:00 NIST NVD Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4896_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4896 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4780_AD_1.html 2011-12-22T00:00:00+09:00 2011-12-23T00:00:00+09:00 NIST NVD Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4780_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4780 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4782_AD_1.html 2011-12-22T00:00:00+09:00 2011-12-23T00:00:00+09:00 NIST NVD Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4782_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4782 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4634_AD_1.html 2011-12-22T00:00:00+09:00 2011-12-23T00:00:00+09:00 NIST NVD Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted col...<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4634_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4634 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003503_AD_1.html 2011-12-22T15:43:41+09:00 2011-12-22T15:43:41+09:00 JVN iPedia Mac OS X 上で稼働する Mozilla Firefox および Thunderbird は、.jar ファイルを実行可能なファイルとして見なさないため、アクセス制限を回避される脆弱性が存在します。 本脆弱性は Mac OS X 上での CVE-2011-2372 の不正確な修正に起因する脆弱性です。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003503_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003503 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003502_AD_1.html 2011-12-22T15:43:14+09:00 2011-12-22T15:43:14+09:00 JVN iPedia 複数の Mozilla 製品には、サービス運用妨害 (アプリケーションクラッシュ) 状態となる、またはその他の詳細不明な影響を受ける脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003502_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003502 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003501_AD_1.html 2011-12-22T15:42:34+09:00 2011-12-22T15:42:34+09:00 JVN iPedia Mac OS X 上で稼働する複数の Mozilla 製品は、プラグインによる特定の DOM フレームの削除を適切に処理しないため、サービス運用妨害 (不正なポインタデリファレンスおよびアプリケーションクラッシュ) 状態となる、またはその他の詳細不明な影響を受ける脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003501_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003501 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003500_AD_1.html 2011-12-22T15:42:08+09:00 2011-12-22T15:42:08+09:00 JVN iPedia 複数の Mozilla 製品には、Web ページ上でのキー入力をキャプチャされる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003500_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003500 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003499_AD_1.html 2011-12-22T15:41:36+09:00 2011-12-22T15:41:36+09:00 JVN iPedia 複数の Mozilla 製品で使用される YARR 正規表現ライブラリには、サービス運用妨害 (アプリケーションクラッシュ) 状態となる、または任意のコードを実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003499_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003499 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003498_AD_1.html 2011-12-22T15:41:11+09:00 2011-12-22T15:41:11+09:00 JVN iPedia 複数の Mozilla 製品のブラウザエンジンには、サービス運用妨害 (メモリ破損およびアプリケーションクラッシュ) 状態となる、または任意のコードを実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003498_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003498 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003497_AD_1.html 2011-12-22T15:40:43+09:00 2011-12-22T15:40:43+09:00 JVN iPedia 複数の Mozilla 製品の SVG 実装は、DOMAttrModified イベントハンドラを適切に処理しないため、サービス運用妨害 (領域外メモリアクセス) 状態となる、または詳細不明な影響を受ける脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003497_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003497 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2010-002873_AD_1.html 2011-12-22T12:06:04+09:00 2011-12-22T12:06:04+09:00 JVN iPedia Research In Motion (RIM) BlackBerry Desktop Software のオフラインバックアップメカニズムは、PBKDF2 の単一反復を使用するため、.ipd ファイルを復号される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2010-002873_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002873 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2009-002701_AD_1.html 2011-12-22T12:05:12+09:00 2011-12-22T12:05:12+09:00 JVN iPedia Research In Motion (RIM) BlackBerry Enterprise Server (BES) および BlackBerry Professional Software の Attachment Service コンポーネント内にある PDF Distiller には、サービス運用妨害 (メモリ破損) 状態となる、または任意のコードを実行される脆弱性が存在します。 本脆弱性は、CVE-2008-3246、CVE-2009-0176、CVE-2009-0219、CVE-2009-2643、および CVE-2009-2646 とは異なる脆弱性です。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2009-002701_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002701 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2009-002700_AD_1.html 2011-12-22T12:04:36+09:00 2011-12-22T12:04:36+09:00 JVN iPedia BlackBerry 8800 上の Research In Motion (RIM) BlackBerry Browser には、サービス運用妨害 (アプリケーションハング) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2009-002700_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002700 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-000107_AD_1.html 2011-12-22T12:03:57+09:00 2011-12-22T12:03:57+09:00 JVN iPedia PukiWiki Plus! には、クロスサイトスクリプティングの脆弱性が存在します。 PukiWiki Plus! には、フォームに入力された文字列をウェブページに出力する際の処理に問題があり、クロスサイトスクリプティングの脆弱性が存在します。 この脆弱性情報は、情報セキュリティ早期警戒パートナーシップに基づき下記の方が IPA に報告し、JPCERT/CC が開発者との調整を行いました。 報告者: 慶應義塾大学武田圭史研究室 中安　恒樹 氏<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-000107_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-000107 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-000106_AD_1.html 2011-12-22T12:01:17+09:00 2011-12-22T12:01:17+09:00 JVN iPedia Apache Struts には、クロスサイトスクリプティングの脆弱性が存在するウェブアプリケーションを作り出す問題があります。 Apache Software Foundation が提供する Apache Struts は、Java のウェブアプリケーションを開発するためのソフトウェアフレームワークです。 Apache Struts には、クロスサイトスクリプティングの脆弱性が存在するウェブアプリケーションを作り出す問題があります。 この脆弱性情報は、情報セキュリティ早期警戒パートナーシップに基づき下記の方が IPA に報告し、JPCERT/CC が開発者との調整を行いました。 報告者: 株式会社ユービーセキュア 杉山 俊春 氏<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-000106_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-000106 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2009-002699_AD_1.html 2011-12-22T11:59:43+09:00 2011-12-22T11:59:43+09:00 JVN iPedia RIM BlackBerry Device Software の Blackberry Browser は、X.509 証明書のサブジェクトの Common Name (CN) フィールド内のドメイン名に '\0' 文字を含む "hidden" 文字を適切に処理しないため、任意の SSL サーバになりすまされる脆弱性が存在します。 本問題は、CVE-2009-2408 と関連する問題です。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2009-002699_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002699 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2009-002698_AD_1.html 2011-12-22T11:58:38+09:00 2011-12-22T11:58:38+09:00 JVN iPedia BlackBerry Desktop Manager 用の Research In Motion (RIM) Lotus Notes コネクタの lnresobject.dll にある特定の ActiveX コントロールには、サービス運用妨害 (Internet Explorer クラッシュ) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2009-002698_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002698 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2009-002697_AD_1.html 2011-12-22T11:55:15+09:00 2011-12-22T11:55:15+09:00 JVN iPedia Research In Motion (RIM) BlackBerry Enterprise Server (BES) および BlackBerry Professional Software 内の Attachment Service コンポーネントの PDF Distiller には、サービス運用妨害 (メモリ破損) 状態となる、または任意のコードを実行される脆弱性が存在します。 本脆弱性は、CVE-2008-3246 および CVE-2009-0219 とは異なる脆弱性です。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2009-002697_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002697 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2009-002696_AD_1.html 2011-12-22T11:54:04+09:00 2011-12-22T11:54:04+09:00 JVN iPedia Research In Motion (RIM) BlackBerry Enterprise Server (BES) および BlackBerry Professional Software 内の Attachment Service コンポーネントの PDF Distiller には、サービス運用妨害 (メモリ破損) 状態となる、または任意のコードを実行される脆弱性が存在します。 本脆弱性は、CVE-2008-3246 および CVE-2009-0219 とは異なる脆弱性です。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2009-002696_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002696 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2009-002695_AD_1.html 2011-12-22T11:53:09+09:00 2011-12-22T11:53:09+09:00 JVN iPedia Research In Motion (RIM) BlackBerry 8800 には、サービス運用妨害 (メモリ消費およびブラウザクラッシュ) 状態となる脆弱性が存在します。 本問題は、CVE-2009-1692 に関連する可能性があります。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2009-002695_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002695 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2009-002694_AD_1.html 2011-12-22T11:51:19+09:00 2011-12-22T11:51:19+09:00 JVN iPedia Research in Motion (RIM) BlackBerry Enterprise Server (BES)、BlackBerry Professional Software、および BlackBerry Unite! の Attachment Service 内にある PDF distiller は、初期化されていないポインタ上で delete 操作を実行するため、任意のコードを実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2009-002694_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002694 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2009-002693_AD_1.html 2011-12-22T11:50:30+09:00 2011-12-22T11:50:30+09:00 JVN iPedia Research in Motion (RIM) BlackBerry Enterprise Server (BES)、BlackBerry Professional Software、および BlackBerry Unite! の Attachment Service 内の PDF Distiller には、ヒープベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2009-002693_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002693 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003496_AD_1.html 2011-12-22T11:49:33+09:00 2011-12-22T11:49:33+09:00 JVN iPedia Control Microsystems ClearSCADA および Serck Control SCX にて使用される ClearSCADA には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003496_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003496 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003495_AD_1.html 2011-12-22T11:34:27+09:00 2011-12-22T11:34:27+09:00 JVN iPedia Control Microsystems ClearSCADA および Serck Control SCX にて使用される ClearSCADA には、サービス運用妨害 (クラッシュ) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003495_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003495 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003494_AD_1.html 2011-12-22T11:29:17+09:00 2011-12-22T11:29:17+09:00 JVN iPedia WellinTech KingView の KVWebSvr.dll 内にある ActiveX コントロールには、スタックベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003494_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003494 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003493_AD_1.html 2011-12-22T11:25:06+09:00 2011-12-22T11:25:06+09:00 JVN iPedia Invensys Wonderware InBatch の InBatch BatchField ActiveX コントロールには、バッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003493_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003493 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003492_AD_1.html 2011-12-22T11:22:58+09:00 2011-12-22T11:22:58+09:00 JVN iPedia Progea Movicon の TCPUploadServer.exe は、重要な関数に対して認証を要求しないため、重要な情報を取得される、ファイルを消去される、任意のプログラムを実行される、またはサービス運用妨害 (クラッシュ) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003492_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003492 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003491_AD_1.html 2011-12-22T11:20:57+09:00 2011-12-22T11:20:57+09:00 JVN iPedia Invensys Wonderware Information Server には、スタックベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003491_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003491 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003490_AD_1.html 2011-12-22T11:08:08+09:00 2011-12-22T11:08:08+09:00 JVN iPedia Sunway pNetPower の AngelServer.exe 6.0.11.3 には、ヒープベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003490_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003490 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003489_AD_1.html 2011-12-22T11:07:12+09:00 2011-12-22T11:07:12+09:00 JVN iPedia Sunway ForceControl の httpsvr.exe 6.0.5.3 には、ヒープベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003489_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003489 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003488_AD_1.html 2011-12-22T11:02:52+09:00 2011-12-22T11:02:52+09:00 JVN iPedia 7-Technologies Interactive Graphical SCADA System (IGSS) の Open Database Connectivity (ODBC) service (Odbcixv9se.exe) には、スタックベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003488_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003488 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003487_AD_1.html 2011-12-22T11:02:01+09:00 2011-12-22T11:02:01+09:00 JVN iPedia Ecava IntegraXor には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003487_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003487 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003486_AD_1.html 2011-12-22T11:01:27+09:00 2011-12-22T11:01:27+09:00 JVN iPedia Rockwell Automation FactoryTalk Diagnostics Viewer には任意のコードを実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003486_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003486 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003485_AD_1.html 2011-12-22T11:00:50+09:00 2011-12-22T11:00:50+09:00 JVN iPedia AzeoTech DAQFactory は、特定のシグナルに対して認証を実行しないため、サービス運用妨害 (システム再起動またはシャットダウン) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003485_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003485 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003484_AD_1.html 2011-12-22T11:00:11+09:00 2011-12-22T11:00:11+09:00 JVN iPedia Rockwell Automation RSLinx Classic の EDS Hardware Installation Tool 内の RSHWare.exe における RSEds.dll には、バッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003484_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003484 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2010-002872_AD_1.html 2011-12-22T10:54:13+09:00 2011-12-22T10:54:13+09:00 JVN iPedia Invensys Foxboro の I/A シリーズバッチ､およびその他の製品で使用される Invensys Wonderware InBatch の lm_tcp service には、バッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2010-002872_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002872 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4453_AD_1.html 2011-12-22T00:00:00+09:00 2011-12-22T00:00:00+09:00 NIST NVD The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4453_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4453 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4037_AD_1.html 2011-12-22T00:00:00+09:00 2011-12-22T00:00:00+09:00 NIST NVD Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog Lite before 2.07.09 allows user-assisted remote attackers to execute arbitrary code via invalid data in unspecified fields of a project file.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4037_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4037 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4203_AD_1.html 2011-12-22T00:00:00+09:00 2011-12-22T00:00:00+09:00 NIST NVD CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-4203_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-4203 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003483_AD_1.html 2011-12-21T15:48:03+09:00 2011-12-21T15:48:03+09:00 JVN iPedia Unbound の validator/val_nsec3.c は、NSEC3-signed ゾーンの検証処理を適切に行わないため、サービス運用妨害 (デーモンクラッシュ) 状態となる脆弱性が存在します。 本脆弱性は、CVE-2011-4528 とは異なる脆弱性です。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003483_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003483 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003482_AD_1.html 2011-12-21T15:38:12+09:00 2011-12-21T15:38:12+09:00 JVN iPedia Unbound には、複数のサービス運用妨害 (DoS) の脆弱性が存在します。 詳しくは、NLnet Labsが提供する情報 をご確認ください。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003482_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003482 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003481_AD_1.html 2011-12-21T15:36:51+09:00 2011-12-21T15:36:51+09:00 JVN iPedia D-Link DIR-300 ルータは、パスワードを平文で保存するため、重要な情報を取得される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003481_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003481 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003480_AD_1.html 2011-12-21T15:32:12+09:00 2011-12-21T15:32:12+09:00 JVN iPedia zFTPServer Suite には、ディレクトリトラバーサルの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003480_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003480 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003479_AD_1.html 2011-12-21T15:30:59+09:00 2011-12-21T15:30:59+09:00 JVN iPedia NOE 771 デバイス上で動作する Schneider Electric Quantum Ethernet Module の modbus_125_handler 関数には、任意のファームウェアアップデートをインストールされる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003479_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003479 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003478_AD_1.html 2011-12-21T15:29:06+09:00 2011-12-21T15:29:06+09:00 JVN iPedia NOE 771 デバイス上で動作する Schneider Electric Quantum Ethernet Module の ComputePassword 関数は、MAC アドレスの計算処理により fwupgrade アカウント用のパスワードを作成するため、アクセス権を取得される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003478_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003478 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003477_AD_1.html 2011-12-21T15:28:15+09:00 2011-12-21T15:28:15+09:00 JVN iPedia Quantum 140NOE771 および 140CPU65 モジュール、Premium TSXETY および TSXP57 モジュール、M340 BMXNOE01 および BMXP3420 モジュール、STB DIO STBNIC2212 および STBNIP2 モジュール内で利用される Schneider Electric Quantum Ethernet Module は、(1) AUTCSE、(2) AUT_CSE、(3) fdrusers、(4) ftpuser、(5) loader、(6) nic2212、(7) nimrohs2212、(8) nip2212、(9) noe77111_v500、(10) ntpupdate、(11) pcfactory、(12) sysdiag、(13) target、(14) test、 (15) USER、および (16) webserver アカウント用の ハードコードされたパスワードを使用するため、アクセス権を取得される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003477_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003477 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003476_AD_1.html 2011-12-21T15:27:07+09:00 2011-12-21T15:27:07+09:00 JVN iPedia Winamp の in_mod.dll プラグインには、ヒープベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003476_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003476 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003475_AD_1.html 2011-12-21T15:25:39+09:00 2011-12-21T15:25:39+09:00 JVN iPedia HomeSeer HS2 の Web インターフェースの /ctrl には、クロスサイトリクエストフォージェリの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003475_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003475 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003474_AD_1.html 2011-12-21T15:24:56+09:00 2011-12-21T15:24:56+09:00 JVN iPedia HomeSeer HS2 の Web インターフェースには、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003474_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003474 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003473_AD_1.html 2011-12-21T15:23:42+09:00 2011-12-21T15:23:42+09:00 JVN iPedia HomeSeer HS2 の Web インターフェースには、ディレクトリトラバーサルの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003473_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003473 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003472_AD_1.html 2011-12-21T15:22:30+09:00 2011-12-21T15:22:30+09:00 JVN iPedia Pidgin の libpurple 内にある SILC プロトコルプラグインの ops.c における silc_channel_message 関数は、メッセージデータにおける UTF-8 の検証を実行しないため、サービス運用妨害 (アプリケーションクラッシュ) 状態となる脆弱性が存在します。 本脆弱性は、CVE-2011-3594 とは異なる脆弱性です。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003472_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003472 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003471_AD_1.html 2011-12-21T15:03:33+09:00 2011-12-21T15:03:33+09:00 JVN iPedia Pidgin の libpurple 内の XMPP プロトコルプラグインは、(1) voice-chat および (2) video-chat スタンザ内の欠けたフィールドを適切に処理しないため、サービス運用妨害 (アプリケーションクラッシュ) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003471_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003471 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003470_AD_1.html 2011-12-21T14:51:20+09:00 2011-12-21T14:51:20+09:00 JVN iPedia JasPer の libjasper/jpc/jpc_cs.c 内の jpc_crg_getparms 関数には、特定のサイズ計算時に不適切なデータ型を使用するため、ヒープベースのバッファオーバーフローの誘発、および任意のコードを実行される、またはサービス運用妨害 (ヒープメモリ破損) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003470_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003470 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003469_AD_1.html 2011-12-21T14:37:52+09:00 2011-12-21T14:37:52+09:00 JVN iPedia JasPer の libjasper/jpc/jpc_cs.c 内の jpc_cox_getcompparms 関数には、ヒープベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003469_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003469 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003468_AD_1.html 2011-12-21T14:34:52+09:00 2011-12-21T14:34:52+09:00 JVN iPedia EMC RSA SecurID Software Token には、検索パスに関する処理に不備があるため、権限を取得される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003468_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003468 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003467_AD_1.html 2011-12-21T14:21:53+09:00 2011-12-21T14:21:53+09:00 JVN iPedia 7 Technologies IGSS およびその他の製品で使用されている、SafeNet Sentinel HASP run-time installer および SafeNet Sentinel HASP SDK の、Admin Control Center には、Firefox で使用される際に、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/en/JVNiPedia_JVNDB-2011-003467_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2011-003467 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3666_AD_1.html 2011-12-21T00:00:00+09:00 2011-12-21T00:00:00+09:00 NIST NVD Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-2372 on Mac OS X.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3666_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-3666 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3658_AD_1.html 2011-12-21T00:00:00+09:00 2011-12-21T00:00:00+09:00 NIST NVD The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3658_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-3658 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3663_AD_1.html 2011-12-21T00:00:00+09:00 2011-12-21T00:00:00+09:00 NIST NVD Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page by using SVG animation accessKey events within that web page.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3663_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-3663 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3661_AD_1.html 2011-12-21T00:00:00+09:00 2011-12-21T00:00:00+09:00 NIST NVD YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3661_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-3661 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3664_AD_1.html 2011-12-21T00:00:00+09:00 2011-12-21T00:00:00+09:00 NIST NVD Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3664_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-3664 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3660_AD_1.html 2011-12-21T00:00:00+09:00 2011-12-21T00:00:00+09:00 NIST NVD Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3660_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2011-3660 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3665_AD_1.html 2011-12-21T00:00:00+09:00 2011-12-21T00:00:00+09:00 NIST NVD Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling.<br><br><a href="http://vrda.jpcert.or.jp/feed/en/NISTNVD_CVE-2011-3665_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert