http://vrda.jpcert.or.jp/feed/ja/atom.xml VRDA (Vulnerability Response Decision Assistance)フィードは、組織におけるソフトウエア等の脆弱性マネジメント業務の効率化・省力化を支援することを目的として、公開されている脆弱性情報に関する分析情報を、情報の入手が容易で可読性の高い HTML フォーマットとアプリケーション等による機械処理に向いた XML フォーマットで配信しています。 2011-01-04T16:45:04+09:00 JPCERT Coordination Center kengine@jpcert.or.jp http://www.jpcert.or.jp/ 4506 1 http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4628_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4628_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4628 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4630_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4630_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4630 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4629_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4629_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4629 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4627_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4627_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4627 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4642_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4642_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4642 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4641_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4641_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4641 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4640_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 allow remote attackers to inject arbitrary web script or HTML via the rev parameter to (1) bin/viewrev/Main/WebHome and (2) bin/view/Blog, and the (3) register_first_name and (4) register_last_name parameters to bin/register/XWiki/Register. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4640_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4640 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4639_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD SQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4639_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4639 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4635_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4635_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4635 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4634_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD ** DISPUTED ** Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third party.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4634_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4634 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4265_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can ...<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4265_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4265 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4633_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vulnerability than CVE-2005-4614.1.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4633_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4633 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4522_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) editpost.php, (2) member.php, and (3) newreply.php.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4522_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4522 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4625_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4625_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4625 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4626_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4626_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4626 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4636_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD SQL injection vulnerability in detail.asp in Site2Nite Business e-Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4636_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4636 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3862_AD_2.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application...<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3862_AD_2.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-3862 2 Advisory 2 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4624_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4624_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4624 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4631_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4631_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4631 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4632_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. NOTE: the article parameter to pilot.asp is already covered by CVE-2008-2688.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4632_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4632 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4637_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php in the FeedList plugin 2.61.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4637_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4637 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4638_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-31T00:00:00+09:00 NIST NVD SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4638_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4638 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4616_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD Cross-site scripting (XSS) vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearch_ContentContent parameter.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4616_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4616 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4617_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4617_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4617 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4619_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4619_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4619 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3850_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3850_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-3850 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4614_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD SQL injection vulnerability in item.php in Ero Auktion 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-0723.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4614_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4614 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4615_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD Multiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) arac parameter to carsdetail.asp and the (2) marka parameter to twohandscars.asp.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4615_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4615 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3878_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3878_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-3878 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3862_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application...<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3862_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-3862 2 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4342_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4342_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4342 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4608_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD Habari 0.6.5 allows remote attackers to obtain sensitive information via a direct request to (1) header.php and (2) comments_items.php in system/admin/, which reveals the installation path in an error message.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4608_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4608 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4321_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via vectors related to the GetDriverSettings method.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4321_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4321 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4276_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.0.2 allows remote attackers to inject arbitrary web script or HTML via the livezilla parameter in a track action to server.php.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4276_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4276 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4623_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote authenticated users to cause a denial of service (worker thread consumption) via shift-reload actions.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4623_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4623 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3708_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted static initializer.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3708_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-3708 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4258_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4258_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4258 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4507_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax...<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4507_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4507 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4622_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4622_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4622 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4607_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4607_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4607 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4606_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM) component in IBM Tivoli Storage Manager (TSM) 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows remote attackers to execute arbitrary commands via unknown vectors, related to a "script execution vulnerability."<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4606_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4606 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4161_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat build of the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (deadlock and system hang) by sending UDP traffic to a socket that has a crafted socket filter, a related issue to CVE-2010-4158.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4161_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4161 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4605_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows local users to overwrite arbitrary files via unknown vectors.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4605_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4605 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3923_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD Untrusted search path vulnerability in AttacheCase before 2.70 allows local users to gain privileges via a Trojan horse executable file in the current working directory.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3923_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-3923 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4612_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) usr_email parameters to user/1/hregister.html, (3) usr_email parameter to user/1/hlogin.html, (4) useremail parameter to user/1/forgotpass.html, and the (5) q parameter to search/1.html. NOTE: some of these details are obtained from third party information.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4612_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4612 2 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3848_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3848_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-3848 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3849_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3849_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-3849 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4610_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4610_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4610 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4158_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4158_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4158 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4352_AD_1.html 2010-12-30T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4352_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4352 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4618_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD Cross-site scripting (XSS) vulnerability in the Algis Info aiContactSafe component before 2.0.14 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4618_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4618 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4609_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4609_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4609 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4613_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-30T00:00:00+09:00 NIST NVD Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the site parameter to (1) index.php and (2) admin.php.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4613_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4613 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3874_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-29T00:00:00+09:00 NIST NVD Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3874_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-3874 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3859_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-29T00:00:00+09:00 NIST NVD Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipc_msg_build function in net/tipc/msg.c and the verify_iovec function in net/core/iovec.c.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3859_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-3859 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4604_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-29T00:00:00+09:00 NIST NVD Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4604_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4604 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4602_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-29T00:00:00+09:00 NIST NVD The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4602_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4602 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4601_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-29T00:00:00+09:00 NIST NVD Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4601_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4601 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4343_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-29T00:00:00+09:00 NIST NVD drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4343_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4343 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4600_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-29T00:00:00+09:00 NIST NVD Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4600_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4600 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4565_AD_1.html 2010-12-29T00:00:00+09:00 2010-12-29T00:00:00+09:00 NIST NVD The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4565_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4565 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002563_AD_1.html 2010-12-27T15:40:47+09:00 2010-12-27T15:40:47+09:00 JVN iPedia 複数の VMware 製品の VMware-Tools アップデート機能には、ゲスト OS 上の権限を取得される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002563_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002563 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002562_AD_1.html 2010-12-27T15:38:13+09:00 2010-12-27T15:38:13+09:00 JVN iPedia 複数の VMware 製品の vmware-mount には、共有オブジェクトファイルに関する処理に不備があり、ライブラリを適切にロードしないため、権限を取得される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002562_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002562 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002561_AD_1.html 2010-12-27T15:36:22+09:00 2010-12-27T15:36:22+09:00 JVN iPedia 複数の VMware 製品の vmware-mount には、一時ファイルに関する処理に不備があるため、競合状態となり、権限を取得される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002561_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002561 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002560_AD_1.html 2010-12-27T15:33:27+09:00 2010-12-27T15:33:27+09:00 JVN iPedia 複数の VMware 製品の VMnc メディアコーデック内にあるフレーム復元機能には、不特定のサイズフィールドを適切に検証しないため、任意のコードを実行される、またはサービス運用妨害 (DoS) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002560_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002560 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002559_AD_1.html 2010-12-27T15:09:17+09:00 2010-12-27T15:09:17+09:00 JVN iPedia Apple QuickTime には、整数オーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002559_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002559 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002558_AD_1.html 2010-12-27T15:07:31+09:00 2010-12-27T15:07:31+09:00 JVN iPedia Windows 上で稼働する Apple QuickTime には、ユーザプロファイルの “Apple Computer” ディレクトリに対するパーミッションに関して不備があるため、重要な情報を取得される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002558_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002558 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002557_AD_1.html 2010-12-27T15:06:01+09:00 2010-12-27T15:06:01+09:00 JVN iPedia Windows 上で稼働する Apple QuickTime には、ヒープベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002557_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002557 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002556_AD_1.html 2010-12-27T15:03:30+09:00 2010-12-27T15:03:30+09:00 JVN iPedia Apple QuickTime には、整数符号エラーの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002556_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002556 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002555_AD_1.html 2010-12-27T15:02:14+09:00 2010-12-27T15:02:14+09:00 JVN iPedia Apple QuickTime には、任意のコードを実行される、またはサービス運用妨害 (DoS) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002555_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002555 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002554_AD_1.html 2010-12-27T14:59:05+09:00 2010-12-27T14:59:05+09:00 JVN iPedia Apple QuickTime には、任意のコードを実行される、またはサービス運用妨害 (DoS) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002554_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002554 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002553_AD_1.html 2010-12-27T11:49:20+09:00 2010-12-27T11:49:20+09:00 JVN iPedia CA PSFormX および CA WebScan ActiveX コントロールには、任意のコードを実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002553_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002553 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002552_AD_1.html 2010-12-27T11:44:39+09:00 2010-12-27T11:44:39+09:00 JVN iPedia CA eHealth Performance Manager には、悪質な HTML 検出を無効に設定している場合、リクエストに関する処理に不備があるため、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002552_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002552 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002631_AD_1.html 2010-12-27T11:41:53+09:00 2010-12-27T11:41:53+09:00 JVN iPedia CA eTrust PestPatrol の PestPatrol ActiveX コントロール (ppctl.dll) には、スタックペースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002631_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002631 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002630_AD_1.html 2010-12-27T11:38:57+09:00 2010-12-27T11:38:57+09:00 JVN iPedia CA Service Desk の Web インターフェイスには、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002630_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002630 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002629_AD_1.html 2010-12-27T11:36:03+09:00 2010-12-27T11:36:03+09:00 JVN iPedia 複数の CA 製品の Anti-Virus エンジン内にある arclib コンポーネントには、RAR アーカイブファイルに関する処理に不備があるため、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。 本脆弱性は、CVE-2009-3587 とは異なる脆弱性です。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002629_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002629 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002628_AD_1.html 2010-12-27T11:32:27+09:00 2010-12-27T11:32:27+09:00 JVN iPedia 複数の CA 製品の Anti-Virus エンジン内にある arclib コンポーネントには、RAR アーカイブファイルに関する処理に不備があるため、サービス運用妨害 (DoS) 状態となる、または任意のコードを実行される脆弱性が存在します。 本脆弱性は、CVE-2009-3588 とは異なる脆弱性です。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002628_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002628 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002627_AD_1.html 2010-12-27T11:24:00+09:00 2010-12-27T11:24:00+09:00 JVN iPedia CA Host-Based Intrusion Prevention System (HIPS) の kmxIds.sys には、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002627_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002627 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002626_AD_1.html 2010-12-27T11:19:48+09:00 2010-12-27T11:19:48+09:00 JVN iPedia CA SiteMinder には、J2EE アプリケーションのクロスサイトスクリプティングに対する保護を回避される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002626_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002626 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002625_AD_1.html 2010-12-27T10:47:36+09:00 2010-12-27T10:47:36+09:00 JVN iPedia CA SiteMinder には、J2EE アプリケーションのクロスサイトスクリプティングに対する保護を回避される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002625_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002625 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002624_AD_1.html 2010-12-27T10:45:26+09:00 2010-12-27T10:45:26+09:00 JVN iPedia 複数の CA 製品の Data Transport Services 内にある dtscore library の token searching 機能には、スタックベースのバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002624_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002624 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002623_AD_1.html 2010-12-27T10:41:31+09:00 2010-12-27T10:41:31+09:00 JVN iPedia CA ARCserve Backup のメッセージエンジンは、ASCORE モジュールを適切に処理しないため、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002623_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002623 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002622_AD_1.html 2010-12-27T10:36:47+09:00 2010-12-27T10:36:47+09:00 JVN iPedia CA Internet Security Suite の vetmonnt.sys は、IOCTL コールを適切に検証しないため、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002622_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002622 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002621_AD_1.html 2010-12-27T10:34:21+09:00 2010-12-27T10:34:21+09:00 JVN iPedia CA Service Metric Analysis および Service Level Management の smmsnmpd サービスは、アクセスを適切に制限しないため、任意のコマンドを実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002621_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002621 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002620_AD_1.html 2010-12-27T10:30:20+09:00 2010-12-27T10:30:20+09:00 JVN iPedia 複数の CA 製品の CA Anti-Virus エンジン内にある Arclib library (arclib.dll) には、ウィルス検知を回避される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2009-002620_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2009-002620 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002551_AD_1.html 2010-12-24T16:19:05+09:00 2010-12-24T16:19:05+09:00 JVN iPedia Quagga の bgpd は、AS パスを適切に構文解析しないため、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002551_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002551 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002550_AD_1.html 2010-12-24T16:16:35+09:00 2010-12-24T16:16:35+09:00 JVN iPedia Adobe Illustrator には、DLL ハイジャック攻撃を誘導され、任意のコードを実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002550_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002550 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002549_AD_1.html 2010-12-24T16:13:54+09:00 2010-12-24T16:13:54+09:00 JVN iPedia OpenSSL は、J-PAKE が有効な際、J-PAKE プロトコル内のパブリックパラメータを適切に認証しないため、共有秘密鍵の認証要求を回避される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002549_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002549 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002548_AD_1.html 2010-12-24T16:11:18+09:00 2010-12-24T16:11:18+09:00 JVN iPedia OpenSSL は、SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG が有効な際、セッションキャッシュ内にある暗号スイートへの変更を適切に制限しないため、意図しない暗号スイートのダウングレードを強制的に実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002548_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002548 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002547_AD_1.html 2010-12-24T16:06:42+09:00 2010-12-24T16:06:42+09:00 JVN iPedia AWStats には、設定ファイルディレクトリを指定する際に、"\\" の処理に起因する脆弱性が存在します。これにより、攻撃者はネットワーク上に存在する任意の設定ファイルを指定することが可能です。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002547_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002547 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002546_AD_1.html 2010-12-24T16:04:08+09:00 2010-12-24T16:04:08+09:00 JVN iPedia PHP の getSymbol 関数には、脆弱性が存在します。 PHP の getSymbol 関数には、整数オーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002546_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002546 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002545_AD_1.html 2010-12-24T16:01:41+09:00 2010-12-24T16:01:41+09:00 JVN iPedia Internet Systems Consortium (ISC) が提供する BIND には、allow-query のアクセスコントロールの処理に脆弱性が存在します。 ISC から以下の脆弱性情報が公開されています。 When named is running as an authoritative server for a zone and receives a query for that zone data, it first checks for allow-query acls in the zone statement, then in that view, then in global options. If none of these exist, it defaults to allowing any query (allow-query {“any”};). With this bug, if the allow-query is not set in the zone statement, it failed to check in view or global options and fell back to the default of allowing any query. This means that queries that the zone owner did not wish to allow were incorrectly allowed. This bug doesn't affect allow-recursion or allow-query-cache acls, since they are not relevant to a zone for which the server is authoritative. ISC によると、9.6ESV-R2 は本脆弱性の影響をうけないとされています。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002545_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002545 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002544_AD_1.html 2010-12-24T15:36:01+09:00 2010-12-24T15:36:01+09:00 JVN iPedia Internet Systems Consortium (ISC) が提供する BIND named には、特定の状況下で、ゾーンデータの状態を insecure としてしまう脆弱性が存在します。 ISC から以下の脆弱性情報が公開されています。 ISC named, acting as a DNSSEC validator, was determining if an NS RRset is insecure based on a value that could mean either that the RRset is actually insecure or that there wasn't a matching key for the RRSIG in the DNSKEY RRset when resuming from validating the DNSKEY RRset. This can happen when in the middle of a DNSKEY algorithm rollover, when two different algorithms were used to sign a zone but only the new set of keys are in the zone DNSKEY RRset.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002544_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002544 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002543_AD_1.html 2010-12-24T15:19:06+09:00 2010-12-24T15:19:06+09:00 JVN iPedia Internet Systems Consortium (ISC) が提供する BIND ネームサーバには、サービス運用妨害 (DoS) 攻撃の脆弱性が存在します。 ISC から、以下の脆弱性情報が公開されています。 Adding certain types of signed negative responses to cache doesn't clear any matching RRSIG records already in cache. A subsequent lookup of the cached data can cause named to crash (INSIST).<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2010-002543_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2010-002543 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002506_AD_1.html 2010-12-24T11:50:50+09:00 2010-12-24T11:50:50+09:00 JVN iPedia CA eTrust Antivirus には、Internet Explorer 6 または 7 を使用している際、HTML ドキュメント内のマルウェアの検出を回避される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002506_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2008-002506 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002505_AD_1.html 2010-12-24T11:50:24+09:00 2010-12-24T11:50:24+09:00 JVN iPedia Windows 上で稼働する CA ARCserve Backup のサーバ内にある LDBserver サービスには、任意のコードを実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002505_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2008-002505 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002504_AD_1.html 2010-12-24T11:48:33+09:00 2010-12-24T11:48:33+09:00 JVN iPedia CA ARCserve Backup の asdbapi.dll には、検証に関する処理に不備があるため、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002504_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2008-002504 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002503_AD_1.html 2010-12-24T11:48:11+09:00 2010-12-24T11:48:11+09:00 JVN iPedia CA ARCserve Backup の asdbapi.dll のデータベースエンジンサービスには、検証に関する処理に不備があるため、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002503_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2008-002503 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002502_AD_1.html 2010-12-24T11:47:53+09:00 2010-12-24T11:47:53+09:00 JVN iPedia CA ARCserve Backup の asdbapi.dll のテープエンジンサービスには、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002502_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2008-002502 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002501_AD_1.html 2010-12-24T11:47:29+09:00 2010-12-24T11:47:29+09:00 JVN iPedia CA ARCserve Backup の RPC インターフェイス (asdbapi.dll) には、ディレクトリトラバーサルの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002501_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2008-002501 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002500_AD_1.html 2010-12-24T11:43:21+09:00 2010-12-24T11:43:21+09:00 JVN iPedia CA Service Desk および CMDB には、複数の Web フォームに関する処理に不備があるため、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002500_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2008-002500 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002499_AD_1.html 2010-12-24T11:42:55+09:00 2010-12-24T11:42:55+09:00 JVN iPedia CA ARCserve Backup for Laptops and Desktops のサーバ内の LGServer サービスの rxRPC.dll には、整数オーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002499_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2008-002499 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002498_AD_1.html 2010-12-24T11:42:26+09:00 2010-12-24T11:42:26+09:00 JVN iPedia 複数の CA 製品などで利用される CA Host-Based Intrusion Prevention System (HIPS) の kmxfw.sys ドライバは、IOCTL リクエストを適切に検証しないため、サービス運用妨害 (DoS) 状態となる、または権限を取得される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002498_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2008-002498 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002497_AD_1.html 2010-12-24T11:41:58+09:00 2010-12-24T11:41:58+09:00 JVN iPedia CA eTrust Secure Content Manager の HTTP Gateway Service (icihttp.exe) には、以下に関する処理において不備があるため、スタックベースのバッファオーバーフローの脆弱性が存在します。 (1) LIST コマンド内にあるファイルの "月" フィールド (2) PASV コマンド (3) LIST コマンド内にあるディレクトリ、ファイルおよびリンク<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002497_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2008-002497 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002496_AD_1.html 2010-12-24T11:41:32+09:00 2010-12-24T11:41:32+09:00 JVN iPedia CA Internet Security Suite の UmxEventCli.dll 内にある UmxEventCli.CachedAuditDataList.1 (UmxEventCliLib) ActiveX コントロールには、ディレクトリトラバーサルの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002496_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2008-002496 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002495_AD_1.html 2010-12-24T11:41:05+09:00 2010-12-24T11:41:05+09:00 JVN iPedia CA BrightStor ARCServe Backup のサーバ内の xdr 関数には、バッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002495_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2008-002495 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002494_AD_1.html 2010-12-24T11:40:39+09:00 2010-12-24T11:40:39+09:00 JVN iPedia CA BrightStor ARCServe Backup の caloggerd には、ディレクトリトラバーサルの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002494_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2008-002494 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002493_AD_1.html 2010-12-24T11:40:07+09:00 2010-12-24T11:40:07+09:00 JVN iPedia CA Secure Content Manager の eTrust Common Services (Transport) Daemon (eCSqdmn) には、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002493_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2008-002493 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002492_AD_1.html 2010-12-24T11:39:42+09:00 2010-12-24T11:39:42+09:00 JVN iPedia 複数の CA 製品の NetBackup サービスには、ファイルのアップロードの検証に関する処理に不備があるため、任意のコマンドを実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002492_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2008-002492 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002491_AD_1.html 2010-12-24T11:39:11+09:00 2010-12-24T11:39:11+09:00 JVN iPedia 複数の CA 製品の LGServer サービスには、コマンドの引数に関する処理に不備があるため、バッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2008-002491_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNDB-2008-002491 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4597_AD_1.html 2010-12-23T00:00:00+09:00 2010-12-24T00:00:00+09:00 NIST NVD Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4597_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4597 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4599_AD_1.html 2010-12-23T00:00:00+09:00 2010-12-24T00:00:00+09:00 NIST NVD Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4599_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4599 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4598_AD_1.html 2010-12-23T00:00:00+09:00 2010-12-24T00:00:00+09:00 NIST NVD Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4598_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4598 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3972_AD_1.html 2010-12-23T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD The TELNET_STREAM_CONTEXT::OnSendData function in the FTP protocol handler (ftpsvc.dll) for Microsoft Internet Information Services (IIS) 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted FTP request that triggers memory corruption. NOTE: some of these details are obtained from third party information.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3972_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-3972 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3973_AD_1.html 2010-12-23T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3973_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-3973 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4347_AD_1.html 2010-12-22T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4347_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4347 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4113_AD_1.html 2010-12-22T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD Unspecified vulnerability in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via unknown vectors.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4113_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4113 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3268_AD_1.html 2010-12-22T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3268_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-3268 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4594_AD_1.html 2010-12-22T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly process TCP connection requests, which allows remote attackers to cause a denial of service (memory consumption and HTTP-AS hang) by making many connection requests that trigger "queue size delta errors," related to a "timing hole" issue.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4594_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4594 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4519_AD_1.html 2010-12-23T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable all Views or (2) disable all Views.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4519_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4519 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4277_AD_1.html 2010-12-22T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD Cross-site scripting (XSS) vulnerability in lembedded-video.php in the Embedded Video plugin 4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the content parameter to wp-admin/post.php.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4277_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4277 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3905_AD_1.html 2010-12-22T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3905_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-3905 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4112_AD_1.html 2010-12-22T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD HP Insight Management Agents before 8.6 allows remote attackers to obtain sensitive information via an unspecified request that triggers disclosure of the full path.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4112_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4112 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3970_AD_1.html 2010-12-22T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD Unspecified vulnerability in Microsoft Windows has unknown impact and attack vectors, as reported by Moti and Xu Hao.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3970_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-3970 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3971_AD_1.html 2010-12-22T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 7 and 8 and possibly other products, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via multiple @import calls in a crafted document.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3971_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-3971 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4111_AD_1.html 2010-12-22T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4111_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4111 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4110_AD_1.html 2010-12-22T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform on Integrity servers allows local users to gain privileges or cause a denial of service via unknown vectors.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4110_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4110 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4595_AD_1.html 2010-12-22T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4595_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4595 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4346_AD_1.html 2010-12-22T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4346_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4346 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4590_AD_1.html 2010-12-22T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD Cross-site scripting (XSS) vulnerability in HTTP Access Services (HTTP-AS) in the Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4590_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4590 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4573_AD_1.html 2010-12-22T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is present, does not properly configure the SFCB authentication mode, which allows remote attackers to obtain access via an arbitrary username and password.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4573_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4573 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4591_AD_1.html 2010-12-22T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4591_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4591 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4593_AD_1.html 2010-12-22T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does not properly maintain a certain reference count, which allows remote authenticated users to cause a denial of service (IP address exhaustion) by making invalid attempts to establish sessions with the same VPN ID from multiple devices.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4593_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4593 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4114_AD_1.html 2010-12-22T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD Cross-site scripting (XSS) vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.6x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-4114_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert CVE-2010-4114 1 Advisory 1 false http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3881_AD_1.html 2010-12-23T00:00:00+09:00 2010-12-23T00:00:00+09:00 NIST NVD arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.<br><br><a href="http://vrda.jpcert.or.jp/feed/ja/NISTNVD_CVE-2010-3881_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert