http://vrda.jpcert.or.jp/feed_obsolete/ja/atom.xml VRDA (Vulnerability Response Decision Assistance)フィードは、組織におけるソフトウエア等の脆弱性マネジメント業務の効率化・省力化を支援することを目的として、公開されている脆弱性情報に関する分析情報を、情報の入手が容易で可読性の高い HTML フォーマットとアプリケーション等による機械処理に向いた XML フォーマットで配信しています。 2010-03-29T18:14:13+09:00 JPCERT Coordination Center kengine@jpcert.or.jp http://www.jpcert.or.jp/ 376 1 http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100329-001_AD_1.html 2010-03-29T18:08:00+09:00 2010-03-29T18:08:00+09:00 JPCERT/CC In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100329-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100329-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100325-001_AD_1.html 2010-03-25T14:25:00+09:00 2010-03-25T14:25:00+09:00 JPCERT/CC Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS® Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Remote code execution may also be possible.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100325-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100325-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100323-001_AD_1.html 2010-03-23T16:46:00+09:00 2010-03-23T16:46:00+09:00 JPCERT/CC WOFF デコーダの圧縮フォント展開処理に整数オーバーフローが含まれていることが、Intevydis のセキュリティ研究者 Evgeny Legerov 氏によって報告されました。この問題によって、ダウンロードフォントの保存に割り当てられるメモリバッファが不足する状況が発生します。攻撃者はこの脆弱性を悪用して被害者のブラウザをクラッシュさせ、そのシステム上で任意のコードを実行することが可能でした。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100323-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100323-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100318-001_AD_1.html 2010-03-19T14:54:00+09:00 2010-03-19T14:54:00+09:00 JPCERT/CC The stable channel has been updated to 4.1.249.1036 for Windows, and includes the following features and security fixes (since 4.0):<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100318-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100318-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100317-001_AD_1.html 2010-03-17T15:56:00+09:00 2010-03-17T15:56:00+09:00 JPCERT/CC この記事では Safari 4.0.5 のセキュリティコンテンツについて説明します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100317-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100317-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100316-001_AD_1.html 2010-03-16T16:10:00+09:00 2010-03-16T16:10:00+09:00 JPCERT/CC An important vulnerability was recently identified in Apache HTTP Server version 2.2.14 and earlier (CVE-2010-0425: mod_isapi module unload flaw). The flaw in mod_isapi could result in an attempt to unload the ISAPI dll when encountering various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using mod_isapi, a remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one process, this would result in a denial of service, and potentially allow arbitrary code execution. This vulnerability has been fixed in Apache httpd 2.2.15.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100316-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100316-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100315-001_AD_1.html 2010-03-15T18:14:00+09:00 2010-03-15T18:14:00+09:00 JPCERT/CC This flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE capabilities, allowing all file system access to be allowed even when permissions should have denied access.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100315-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100315-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100311-001_AD_1.html 2010-03-11T14:04:00+09:00 2010-03-11T14:04:00+09:00 JPCERT/CC Internet Explorer 6 および Internet Explorer 7 に存在する新たな脆弱性が報告され、マイクロソフトはその報告を現在調査中です。マイクロソフトの調査で、最新バージョンのブラウザーである Internet Explorer 8 は影響を受けないことを確認しています。この脆弱性の主な影響はリモートでのコードの実行です。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100311-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100311-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100310-001_AD_1.html 2010-03-10T15:39:00+09:00 2010-03-10T15:39:00+09:00 JPCERT/CC このセキュリティ情報は 2010 年 3 月に公開したセキュリティ情報の一覧です。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100310-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100310-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100308-001_AD_1.html 2010-03-08T14:31:00+09:00 2010-03-08T14:31:00+09:00 JPCERT/CC Autonomy KeyView SDK is a commercial SDK that provides many file format parsing libraries. It supports a large number of different document formats. KeyView is used by several popular vendors for processing documents.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100308-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100308-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100305-001_AD_1.html 2010-03-05T15:44:00+09:00 2010-03-05T15:44:00+09:00 JPCERT/CC Cisco Unified Communications Manager (formerly Cisco CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption of voice services. The Session Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP) and Computer Telephony Integration (CTI) Manager services are affected by these vulnerabilities.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100305-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100305-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN06874657_AD_1.html 2010-03-05T15:32:00+09:00 2010-03-05T15:32:00+09:00 JPCERT/CC OpenPNE には、アクセス制限回避が可能な脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN06874657_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#06874657 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100304-001_AD_1.html 2010-03-04T15:55:00+09:00 2010-03-04T15:55:00+09:00 JPCERT/CC Fixed in Apache httpd 2.2.15-dev *low: Request header information leak CVE-2010-0434 *moderate: mod_proxy_ajp DoS CVE-2010-0408<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100304-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100304-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100303-001_AD_1.html 2010-03-03T15:30:00+09:00 2010-03-03T15:30:00+09:00 JPCERT/CC iDefense Labs contacted IBM Lotus to report a potential buffer overflow vulnerability with the ActiveX control used by Lotus iNotes (formerly Lotus Domino Web Access).<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100303-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100303-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100302-001_AD_1.html 2010-03-02T15:34:00+09:00 2010-03-02T15:34:00+09:00 JPCERT/CC マイクロソフトは、サポートされるバージョンの Windows 2000、Windows XP および Windows Server 2003 の Internet Explorer に影響する、新たに一般公開された VBScript に存在する脆弱性の報告を現在調査中です。これまでのマイクロソフトの調査では、Windows 7、Windows Server 2008 R2、Windows Vista および Windows Server 2008 ではこの脆弱性が悪用される可能性はないと考えられます。主な脆弱性の影響は、「リモートでコードが実行される」です。マイクロソフトは現時点で、この報告された脆弱性を悪用しようとする攻撃を認識しておらず、またお客様が影響を受けたという報告は受けていません。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100302-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100302-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100301-001_AD_1.html 2010-03-01T15:15:00+09:00 2010-03-01T15:15:00+09:00 JPCERT/CC Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen). Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100301-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100301-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100226-001_AD_1.html 2010-02-26T16:34:00+09:00 2010-02-26T16:34:00+09:00 JPCERT/CC The search field within the Portlet Palette of IBM WebSphere Portal is vulnerable to Cross-Site Scripting (XSS).<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100226-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100226-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN73331060_AD_1.html 2010-02-25T15:28:00+09:00 2010-02-25T15:28:00+09:00 JPCERT/CC tDiary 付属のプラグイン tb-send.rb には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN73331060_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#73331060 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100225-001_AD_1.html 2010-02-25T09:40:00+09:00 2010-02-25T09:40:00+09:00 JPCERT/CC A critical vulnerability has been identified in the Adobe Download Manager. This vulnerability (CVE-2010-0189) could potentially allow an attacker to download and install unauthorized software onto a user's system. References:CVE-2010-0189<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100225-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100225-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100223-001_AD_1.html 2010-02-23T16:15:00+09:00 2010-02-23T16:15:00+09:00 JPCERT/CC The Management Center for Cisco Security Agents is affected by a directory traversal vulnerability and a SQL injection vulnerability. Successful exploitation of the directory traversal vulnerability may allow an authenticated attacker to view and download arbitrary files from the server hosting the Management Center. Successful exploitation of the SQL injection vulnerability may allow an authenticated attacker to execute SQL statements that can cause instability of the product or changes in the configuration. Additionally, the Cisco Security Agent is affected by a denial of service (DoS) vulnerability. Successful exploitation of the Cisco Security Agent agent DoS vulnerability may cause the affected system to crash. Repeated exploitation could result in a sustained DoS condition. These vulnerabilities are independent of each other.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100223-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100223-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100222-001_AD_1.html 2010-02-22T13:49:00+09:00 2010-02-22T13:49:00+09:00 JPCERT/CC Cisco ASA 5500 Series Adaptive Security Appliances are affected by the following vulnerabilities<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100222-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100222-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100219-002_AD_1.html 2010-02-19T15:35:00+09:00 2010-02-19T15:35:00+09:00 JPCERT/CC Firefox 3.5.8 で修正済み。MFSA 2010-05：SVG ドキュメントとバイナリ Content-Type の使用による XSS。MFSA 2010-04：window.dialogArguments がクロスドメインで読み取り可能なことによる XSS。MFSA 2010-03：HTML パーサの誤ったメモリ解放によるクラッシュ。MFSA 2010-02：Web ワーカーの配列処理におけるヒープ破損。MFSA 2010-01：メモリ破壊の形跡があるクラッシュ (rv:1.9.1.8/1.9.0.18)<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100219-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100219-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100219-001_AD_1.html 2010-02-19T15:23:00+09:00 2010-02-19T15:23:00+09:00 JPCERT/CC The Symantec Client Proxy integrated into older versions of Symantec AntiVirus and Symantec Client Security is vulnerable to a buffer overflow.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100219-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100219-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100217-001_AD_1.html 2010-02-17T14:42:00+09:00 2010-02-17T14:42:00+09:00 JPCERT/CC A critical vulnerability has been identified in Adobe Reader 9.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3 for Windows and Macintosh, and Adobe Reader 8.2 and Acrobat 8.2 for Windows and Macintosh. As described in Security Bulletin APSB10-06, this vulnerability (CVE-2010-0186) could subvert the domain sandbox and make unauthorized cross-domain requests. In addition, a critical vulnerability (CVE-2010-0188) has been identified that could cause the application to crash and could potentially allow an attacker to take control of the affected system.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100217-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100217-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100216-001_AD_1.html 2010-02-16T15:56:00+09:00 2010-02-16T15:56:00+09:00 JPCERT/CC Due to incorrect processing Squid is vulnerable to a denial of service attack when receiving specially crafted HTCP packets.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100216-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100216-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100215-002_AD_1.html 2010-02-15T15:42:00+09:00 2010-02-15T15:42:00+09:00 JPCERT/CC These notes contain changes between DEV300_m41 and DEV300_m60 + OOO320_m1 and OOO320_m12.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100215-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100215-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100215-001_AD_1.html 2010-02-15T15:23:00+09:00 2010-02-15T15:23:00+09:00 JPCERT/CC The stable channel has been updated to 4.0.249.89 for Windows.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100215-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100215-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU869993_AD_1.html 2010-02-12T17:45:00+09:00 2010-02-12T17:45:00+09:00 JPCERT/CC Panda ActiveScan のインストーラコンポーネントには、ダウンロードされたソフトウェアコンポーネントのデジタル署名を検証しない問題が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU869993_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#869993 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100212-002_AD_1.html 2010-02-12T14:49:00+09:00 2010-02-12T14:49:00+09:00 JPCERT/CC A potential security vulnerability has been identified with HP Network Node Manager (NNM). The vulnerability could be exploited remotely to execute arbitrary commands.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100212-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100212-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100212-001_AD_1.html 2010-02-12T14:32:00+09:00 2010-02-12T14:32:00+09:00 JPCERT/CC A critical vulnerability has been identified in Adobe Flash Player version 10.0.42.34 and earlier. This vulnerability (CVE-2010-0186) could subvert the domain sandbox and make unauthorized cross-domain requests.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100212-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100212-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100210-001_AD_1.html 2010-02-10T14:27:00+09:00 2010-02-10T14:27:00+09:00 JPCERT/CC このセキュリティ情報は 2010 年 2 月に公開したセキュリティ情報の一覧です。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100210-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100210-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100209-001_AD_1.html 2010-02-09T17:48:00+09:00 2010-02-09T17:48:00+09:00 JPCERT/CC Claimed Zero Day exploit in Samba.A user named "kcopedarookie" posted what they claim to be a video of a zero-day exploit in Samba on youtube yesterday.The video shows modifications to smbclient allowing /etc/passwd to be downloaded from a remote server.The issue is actually a default insecure configuration in Samba.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100209-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100209-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100208-001_AD_1.html 2010-02-08T14:52:00+09:00 2010-02-08T14:52:00+09:00 JPCERT/CC This Security Alert addresses security issue CVE-2010-0073, a vulnerability in the Node Manager component of Oracle WebLogic Server. This vulnerability may be remotely exploitable without authentication, i.e. it may be exploited over a network without the need for a username and password. A knowledgeable and malicious remote user can exploit this vulnerability which can result in impacting the availability, integrity and confidentiality of the targeted system.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100208-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100208-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100205-001_AD_1.html 2010-02-05T18:07:00+09:00 2010-02-05T18:07:00+09:00 JPCERT/CC There may be a potential security vulnerability with NetStorage that may allow remote attackers to execute arbitrary code on vulnerable installations of Novell NetStorage. Authentication is not required to exploit this vulnerability.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100205-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100205-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100204-001_AD_1.html 2010-02-04T15:19:00+09:00 2010-02-04T15:19:00+09:00 JPCERT/CC マイクロソフトは Windows XP を実行しているお客様、または Internet Explorer の保護モードを無効にしているお客様についての一般に公開された Internet Explorer に存在する脆弱性の報告を現在調査中です。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100204-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100204-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100203-001_AD_1.html 2010-02-03T17:33:00+09:00 2010-02-03T17:33:00+09:00 JPCERT/CC Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted DNS packets.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100203-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100203-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100202-002_AD_1.html 2010-02-02T15:21:00+09:00 2010-02-02T15:21:00+09:00 JPCERT/CC Updated Java JRE packages address several security issues.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100202-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100202-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100202-001_AD_1.html 2010-02-02T15:16:00+09:00 2010-02-02T15:16:00+09:00 JPCERT/CC An important vulnerability (CVE-2010-0185) has been identified in ColdFusion 9.0, which could allow access to collections created by the Solr Service to be accessed from any external machine using a specific URL. Adobe has provided a solution to the reported vulnerability. It is recommended that users update their product installations using the instructions provided below.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100202-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100202-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100201-001_AD_1.html 2010-02-01T18:36:00+09:00 2010-02-01T18:36:00+09:00 JPCERT/CC Multiple vulnerabilities exist in Cisco Unified MeetingPlace. This security advisory outlines the details of these vulnerabilities:Insufficient validation of SQL commands, Unauthorized account creation, User and password enumeration in Cisco MeetingTime, Privilege escalation in Cisco MeetingTime. Workarounds are not available for these vulnerabilities.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100201-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100201-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100129-002_AD_1.html 2010-01-29T18:20:00+09:00 2010-01-29T18:20:00+09:00 JPCERT/CC SECURITY: CVE-2010-0010 (cve.mitre.org) mod_proxy: Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long). Reported by Adam Zabrocki.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100129-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100129-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100129-001_AD_1.html 2010-01-29T13:41:00+09:00 2010-01-29T13:41:00+09:00 JPCERT/CC The following vulnerabilities have been fixed. See the security advisory for details and a workaround. Babi discovered several buffer overflows in the LWRES dissector. Versions affected: 0.9.15 to 1.0.10, 1.2.0 to 1.2.5<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100129-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100129-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU571860_AD_1.html 2010-01-29T11:55:00+09:00 2010-01-29T11:55:00+09:00 JPCERT/CC Linux カーネルには、IPv6 jumbogram の処理に脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU571860_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#571860 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100128-001_AD_1.html 2010-01-28T18:19:00+09:00 2010-01-28T18:19:00+09:00 JPCERT/CC The following security vulnerabilities have been reported in the Sun Java System Web Server and the Sun Java System Web Proxy Server.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100128-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100128-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100127-002_AD_1.html 2010-01-27T13:53:00+09:00 2010-01-27T13:53:00+09:00 JPCERT/CC The stable channel has been updated to 4.0.249.78 for Windows, and includes the following features and security fixes (since 3.0):<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100127-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100127-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100127-001_AD_1.html 2010-01-27T13:30:00+09:00 2010-01-27T13:30:00+09:00 JPCERT/CC 弊社製品において、次の脆弱性の存在が確認されました。URLフィルタエンジンでバッファのオーバフローが発生する可能性があります。これにより、一般保護違反 (GPF) または製品でクラッシュが発生する可能性があります。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100127-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100127-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100126-001_AD_1.html 2010-01-26T17:58:00+09:00 2010-01-26T17:58:00+09:00 JPCERT/CC These issues were fixed in Apache Tomcat 6.0.21 but the release votes for the 6.0.21, 6.0.22 and 6.0.23 release candidates did not pass. Therefore, although users must download 6.0.24 to obtain a version that includes fixes for these issues, versions 6.0.21 onwards are not included in the list of affected versions.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100126-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100126-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100125-004_AD_1.html 2010-01-25T10:24:00+09:00 2010-01-25T10:24:00+09:00 JPCERT/CC The SSH server implementation in Cisco IOS XR Software contains a vulnerability that an unauthenticated, remote user could exploit to cause a denial of service condition.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100125-004_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100125-004 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100125-003_AD_1.html 2010-01-25T09:51:00+09:00 2010-01-25T09:51:00+09:00 JPCERT/CC RealNetworks は、セキュリティ バグ フィックスを含む製品アップグレードの提供を開始します。これまでのところ、今回修正された脆弱性により、実際にマシンに障害が発生したという報告はありません。RealNetworks は、セキュリティの脆弱性を回避するために、お使いの製品を常に最新のバージョンにアップグレードすることをお勧めします。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100125-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100125-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100125-002_AD_1.html 2010-01-25T09:44:00+09:00 2010-01-25T09:44:00+09:00 JPCERT/CC マイクロソフトは、一般で報告された Windows カーネルに存在する脆弱性について、現在調査中です。マイクロソフトは現時点で、この報告された脆弱性を悪用しようとする攻撃を認識しておらず、またお客様が影響を受けたという報告は受けていません。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100125-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100125-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/CERTCC_VU144233_AD_1.html 2010-01-25T09:34:00+09:00 2010-01-25T09:34:00+09:00 CERT/CC Rockwell Automation Allen-Bradley MicroLogix programmable logic controllers (PLCs) do not adequately authenticate or authorize remote connections or commands. An attacker with network access can obtain the management password or issue commands that bypass the authentication mechanism.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/CERTCC_VU144233_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VU#144233 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100125-001_AD_1.html 2010-01-25T09:33:00+09:00 2010-01-25T09:33:00+09:00 JPCERT/CC Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.2.602 and earlier versions, on the Windows and Macintosh operating systems. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities. It is recommended that users update their installations to the latest version using the instructions provided below.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100125-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100125-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100121-001_AD_1.html 2010-01-21T09:14:00+09:00 2010-01-21T09:14:00+09:00 JPCERT/CC ここでは、セキュリティアップデート 2010-001 について説明します。このアップデートは、ソフトウェア・アップデート 環境設定、または サポートダウンロード からダウンロードしてインストールできます。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100121-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100121-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU360341_AD_1.html 2010-01-20T16:14:00+09:00 2010-01-20T16:14:00+09:00 JPCERT/CC BIND 9 に含まれている DNSSEC の検証コードに脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU360341_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#360341 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100119-001_AD_1.html 2010-01-19T16:41:00+09:00 2010-01-19T16:41:00+09:00 JPCERT/CC Fixed crash caused by certain invalid SSL data. Thanks go to Evgeny Legerov, Intevydis, for his assistance in locating this problem.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100119-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100119-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100118-001_AD_1.html 2010-01-18T14:23:00+09:00 2010-01-18T14:23:00+09:00 JPCERT/CC Modify compression code so it frees up structures without using the ex_data callbacks. This works around a problem where some applications call CRYPTO_free_all_ex_data() before application exit (e.g. when restarting) then use compression (e.g. SSL with compression) later. This results in significant per-connection memory leaks and has caused some security issues including CVE-2008-1678 and CVE-2009-4355.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100118-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100118-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU492515_AD_1.html 2010-01-15T14:43:00+09:00 2010-01-15T14:43:00+09:00 JPCERT/CC Microsoft Internet Explorer には、任意のコードが実行される脆弱性があります。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU492515_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#492515 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100114-002_AD_1.html 2010-01-14T16:58:00+09:00 2010-01-14T16:58:00+09:00 JPCERT/CC Integer underflow bugs in the AES and RC4 decryption operations of the crypto library of the MIT Kerberos software can cause crashes, heap corruption, or, under extraordinarily unlikely conditions, arbitrary code execution. Only releases krb5-1.3 and later are vulnerable, as earlier releases did not contain the functionality implemented by the vulnerable code.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100114-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100114-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100114-001_AD_1.html 2010-01-14T13:37:00+09:00 2010-01-14T13:37:00+09:00 JPCERT/CC このセキュリティ情報は 2010 年 1 月 13 日に公開したセキュリティ情報の一覧です。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100114-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100114-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100113-001_AD_1.html 2010-01-13T17:20:00+09:00 2010-01-13T17:20:00+09:00 JPCERT/CC A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of interdependencies) by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100113-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100113-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN22247093_AD_1.html 2010-01-12T15:49:00+09:00 2010-01-12T15:49:00+09:00 JPCERT/CC 有限会社シースリーが提供する WebCalenderC3 には、ディレクトリトラバーサルの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN22247093_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#22247093 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN33977065_AD_1.html 2010-01-12T15:42:00+09:00 2010-01-12T15:42:00+09:00 JPCERT/CC 有限会社シースリーが提供する WebCalenderC3 には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN33977065_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#33977065 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100112-002_AD_1.html 2010-01-12T13:25:00+09:00 2010-01-12T13:25:00+09:00 JPCERT/CC I personally don't have access to the full vendor bulletin, but word is out that Juniper JUNOS routers can be crashed or made to reboot with easily spoofed malformed packets.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100112-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100112-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100112-001_AD_1.html 2010-01-12T12:09:00+09:00 2010-01-12T12:09:00+09:00 JPCERT/CC ervice console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR) are updated to versions nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This patch fixes several security issues in the service console packages for NSS and NSPR.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100112-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100112-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100107-001_OT_1.html 2010-01-07T14:44:00+09:00 2010-01-07T14:44:00+09:00 JPCERT/CC The CIFS and AFP protocols have a memory consumption problem when their received lot's of malformed arbitrary requests on their respective services. Sending arbitrary crafted requests to these services will consumme all the memory available,create multiples abends and finally crash the whole server.... It could take couple of minutes to hours (Depend of the memory available on the server ).<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100107-001_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-100107-001 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN09872874_AD_1.html 2010-01-06T17:06:00+09:00 2010-01-06T17:06:00+09:00 JPCERT/CC Movable Type には、アクセス制限回避が可能な脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN09872874_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#09872874 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100105-001_AD_1.html 2010-01-05T16:02:00+09:00 2010-01-05T16:02:00+09:00 JPCERT/CC Secunia Research has discovered a vulnerability in PDF-XChange Viewer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error in PDFXCview.exe when parsing certain content and can be exploited to corrupt memory via a specially crafted PDF file. Successful exploitation allows execution of arbitrary code when a user views a malicious PDF document.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100105-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100105-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100104-002_AD_1.html 2010-01-04T17:59:00+09:00 2010-01-04T17:59:00+09:00 JPCERT/CC Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.14.4. This version fixes some problems: * some certificate authorities do not properly check the requests they are signing and hence allow spoofing via an embedded NUL in the CN entry. Some checks have been added to deal with "bogus" CNs (see below and doc/op/op.*).<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100104-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100104-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100104-001_AD_1.html 2010-01-04T17:44:00+09:00 2010-01-04T17:44:00+09:00 JPCERT/CC A null pointer dereference can occur in an error condition in the KDC cross-realm referral processing code in MIT krb5-1.7. This can cause the KDC to crash.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-100104-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-100104-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091225-001_OT_1.html 2009-12-25T13:53:00+09:00 2009-12-25T13:53:00+09:00 JPCERT/CC A vulnerability has been identified in Microsoft Internet Information Services (IIS), which could be exploited by attackers to compromise a vulnerable system. This issue is caused due to the server handling files with multiple extensions separated by the ";" character e.g. "malicious.asp;.jpg" as ASP pages, which could allow attackers to execute arbitrary code on a vulnerable web server by uploading a malicious file bypassing file extension protections and restrictions.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091225-001_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-091225-001 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091224-001_AD_1.html 2009-12-24T18:33:00+09:00 2009-12-24T18:33:00+09:00 JPCERT/CC The BIG-IP Application Security Manager (ASM) and Protocol Security Manager (PSM) "bd" daemon is vulnerable to a remote buffer overflow which could be exploited by remote attackers to cause a denial of service and may cause the system to crash and dump core.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091224-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091224-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091222-001_AD_1.html 2009-12-22T16:36:00+09:00 2009-12-22T16:36:00+09:00 JPCERT/CC Critical vulnerabilities have been identified in Adobe Flash Media Server (FMS) 3.5.2 and earlier versions. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091222-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091222-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091221-002_AD_1.html 2009-12-21T17:45:00+09:00 2009-12-21T17:45:00+09:00 JPCERT/CC Vulnerabilities have been fixed. See the security advisory for details and a workaround.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091221-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091221-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091221-001_AD_1.html 2009-12-21T17:41:00+09:00 2009-12-21T17:41:00+09:00 JPCERT/CC Multiple Security Vulnerabilities in the Adobe Flash Player for Solaris May Lead to a Denial of Service (DoS) or Arbitrary Code Execution (Adobe Security Bulletin APSB09-19)<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091221-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091221-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091218-002_AD_1.html 2009-12-18T18:28:00+09:00 2009-12-18T18:28:00+09:00 JPCERT/CC Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) Player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system of a targeted user.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091218-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091218-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091218-001_AD_1.html 2009-12-18T18:18:00+09:00 2009-12-18T18:18:00+09:00 JPCERT/CC The PHP development team would like to announce the immediate availability of PHP 5.2.12. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091218-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091218-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091217-004_AD_1.html 2009-12-17T15:49:00+09:00 2009-12-17T15:49:00+09:00 JPCERT/CC The PostgreSQL Project today released minor versions updating all active branches of the PostgreSQL object-relational database system, including versions 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, and 7.4.27. This release fixes one moderate-risk and one low-risk security issue: an SSL authentication issue, and a privilege escalation issue with expression indexes. All PostgreSQL database administrators are urged to update your version of PostgreSQL at the earliest opportunity.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091217-004_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091217-004 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091217-003_AD_1.html 2009-12-17T15:41:00+09:00 2009-12-17T15:41:00+09:00 JPCERT/CC A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS).<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091217-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091217-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091217-002_AD_1.html 2009-12-17T15:31:00+09:00 2009-12-17T15:31:00+09:00 JPCERT/CC VMware vCenter and ESX update releases address cross-site scripting issues in the Help functionality of WebAccess. A vCenter Lab Manager release addresses the same issues which are present in the online Help functionality of Lab Manager and Stage Manager.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091217-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091217-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091217-001_AD_1.html 2009-12-17T15:11:00+09:00 2009-12-17T15:11:00+09:00 JPCERT/CC Firefox 3.5.6 では、以下の問題が修正されています。いくつかのセキュリティ問題 が修正されました。いくつかの安定性に関する問題が修正されました。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091217-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091217-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU508357_AD_1.html 2009-12-16T15:03:00+09:00 2009-12-16T15:03:00+09:00 JPCERT/CC Adobe Reader および Acrobat の Doc.media.newPlayer メソッドには、解放済みメモリを使用する (use-after-free) 脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU508357_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#508357 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN00152874_AD_1.html 2009-12-15T15:51:00+09:00 2009-12-15T15:51:00+09:00 JPCERT/CC Rocomotion が提供する P forum には、ディレクトリトラバーサルの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN00152874_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#00152874 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU228561_AD_1.html 2009-12-15T15:40:00+09:00 2009-12-15T15:40:00+09:00 JPCERT/CC Microsoft Windows に含まれている Indeo コーデックには、複数の脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU228561_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#228561 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091215-001_OT_1.html 2009-12-15T14:53:00+09:00 2009-12-15T14:53:00+09:00 JPCERT/CC A vulnerability has been identified in Mozilla Thunderbird, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a memory corruption error when processing floating point numbers e.g. via the Lightning or Thunderbrowse Add-ons, which could allow remote attackers to crash an affected application or execute arbitrary code by tricking a user into opening a malicious ICS file or visiting a specially crafted web page.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091215-001_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-091215-001 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091214-001_AD_1.html 2009-12-14T14:27:00+09:00 2009-12-14T14:27:00+09:00 JPCERT/CC InterSystems has corrected a security defect that an attacker could exploit to gain complete control of a system through the CSP Gateway.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091214-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091214-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091211-002_AD_1.html 2009-12-11T18:14:00+09:00 2009-12-11T18:14:00+09:00 JPCERT/CC トレンドマイクロURLフィルタリングエンジンはURLを評価する際、URLの標準化を行います。 非常に長いURL (最大長2319文字付近) を処理して標準化されたURLの文字数が定義済み最大数を超える場合、 無効なメモリアドレスにアクセスしようとしてバッファオーバーフローが発生し、 結果としてプログラムがクラッシュする可能性があります。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091211-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091211-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091211-001_AD_1.html 2009-12-11T14:30:00+09:00 2009-12-11T14:30:00+09:00 JPCERT/CC Symantec VRTSweb, a shared component shipped with many Symantec Veritas products, is susceptible to a remote code execution vulnerability.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091211-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091211-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091210-003_AD_1.html 2009-12-10T17:45:00+09:00 2009-12-10T17:45:00+09:00 JPCERT/CC Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091210-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091210-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091210-002_AD_1.html 2009-12-10T14:37:00+09:00 2009-12-10T14:37:00+09:00 JPCERT/CC Critical vulnerabilities have been identified in Adobe Flash Player version 10.0.32.18 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091210-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091210-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091210-001_AD_1.html 2009-12-10T14:30:00+09:00 2009-12-10T14:30:00+09:00 JPCERT/CC String#ljust, String#centerおよびString#rjustにヒープオーバーフローが発見されました。これはある稀なケースにおいて攻撃者に任意のコードの実行を許します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091210-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091210-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091209-005_AD_1.html 2009-12-09T17:21:00+09:00 2009-12-09T17:21:00+09:00 JPCERT/CC CVE-2009-1569 found by Carsten Eiram, Secunia Research. Novell iPrint Client "target-frame" Buffer Overflowgs()" function and Novell iPrint Client boundary error in the parsing of certain time information<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091209-005_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091209-005 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU568372_AD_1.html 2009-12-09T17:09:00+09:00 2009-12-09T17:09:00+09:00 JPCERT/CC NTP には、mode 7 パケットの処理に起因する脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU568372_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#568372 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN49602378_AD_1.html 2009-12-09T15:17:00+09:00 2009-12-09T15:17:00+09:00 JPCERT/CC SEIL/B1 には、PPP アクセスコンセントレータ (PPPAC) 機能の実装上の問題により、認証が適切に行われない可能性があります。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN49602378_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#49602378 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091209-004_AD_1.html 2009-12-09T14:56:00+09:00 2009-12-09T14:56:00+09:00 JPCERT/CC このセキュリティ情報は 2009 年 12 月 9 日に公開したセキュリティ情報の一覧です。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091209-004_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091209-004 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091209-003_AD_1.html 2009-12-09T14:08:00+09:00 2009-12-09T14:08:00+09:00 JPCERT/CC ここでは、Java for Mac OS X 10.6 Release 1 のセキュリティコンテンツについて説明します。これは、ソフトウェア・アップデート の環境設定、または サポートダウンロード からダウンロードしてインストールできます。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091209-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091209-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091209-002_AD_1.html 2009-12-09T14:02:00+09:00 2009-12-09T14:02:00+09:00 JPCERT/CC ここでは、Java for Mac OS X 10.5 Release 6 のセキュリティコンテンツについて説明します。これは、ソフトウェア・アップデート の環境設定、または サポートダウンロード からダウンロードしてインストールできます。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091209-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091209-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091209-001_AD_1.html 2009-12-09T09:36:00+09:00 2009-12-09T09:36:00+09:00 JPCERT/CC Multiple buffer and integer overflow vulnerabilities in Python (see python(1)) may allow a local or remote unprivileged user to execute arbitrary code with the privileges of the Python application or crash a Python application resulting in a Denial of Service (DoS).<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091209-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091209-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091208-002_AD_1.html 2009-12-08T17:56:00+09:00 2009-12-08T17:56:00+09:00 JPCERT/CC Two vulnerabilities have been identified in Linux Kernel, which could be exploited by local attackers to cause a denial of service or gain elevated privileges.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091208-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091208-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091208-001_OT_1.html 2009-12-08T17:31:00+09:00 2009-12-08T17:31:00+09:00 JPCERT/CC Input passed to the "language_path" parameter in components/core/connect.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091208-001_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-091208-001 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN36207497_AD_1.html 2009-12-08T17:04:00+09:00 2009-12-08T17:04:00+09:00 JPCERT/CC トランスウエアが提供する Active! mail 2003 には、Cookie が漏えいする脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN36207497_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#36207497 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN85821104_AD_1.html 2009-12-08T16:45:00+09:00 2009-12-08T16:45:00+09:00 JPCERT/CC トランスウエアが提供する Active! mail 2003 には、セッション ID が漏えいする脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN85821104_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#85821104 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN49083120_AD_1.html 2009-12-08T15:21:00+09:00 2009-12-08T15:21:00+09:00 JPCERT/CC トランスウエアが提供する Active! mail 2003 には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN49083120_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#49083120 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091207-001_OT_1.html 2009-12-07T16:58:00+09:00 2009-12-07T16:58:00+09:00 JPCERT/CC The vulnerability is caused due to a boundary error in the processing of PNG files. This can be exploited to cause a stack-based buffer overflow when a PNG file with e.g. a specially crafted "pHYs" chunk is opened.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091207-001_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-091207-001 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN79762947_AD_1.html 2009-12-07T11:16:00+09:00 2009-12-07T11:16:00+09:00 JPCERT/CC 株式会社ロックオンが提供する EC-CUBE には、情報漏えいの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN79762947_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#79762947 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091204-002_AD_1.html 2009-12-04T18:44:00+09:00 2009-12-04T18:44:00+09:00 JPCERT/CC Multiple Cross-Site Scripting (XSS) security vulnerabilities exist in Sun Java System Portal Server's Gateway that may allow remote users to execute arbitrary JavaScript code in a user's web browser.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091204-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091204-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091204-001_OT_1.html 2009-12-04T18:27:00+09:00 2009-12-04T18:27:00+09:00 JPCERT/CC A vulnerability has been identified in Adobe Illustrator, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a memory corruption error when processing Encapsulated Postscript (.eps) files containing overly long data, which could allow attackers to crash an affected application or execute arbitrary code by tricking a user into opening a specially crafted file.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091204-001_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-091204-001 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091203-003_AD_1.html 2009-12-03T16:24:00+09:00 2009-12-03T16:24:00+09:00 JPCERT/CC A potential vulnerability has been identified with the HP NonStop Servers. The vulnerability could be exploited locally resulting in an unauthorized access to data, Denial of Service (DoS), or execution of arbitrary code.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091203-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091203-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091203-002_AD_1.html 2009-12-03T15:23:00+09:00 2009-12-03T15:23:00+09:00 JPCERT/CC Novell eDirectory permits unauthenticated users to query the server for information about specific objects. The user can send a service request (NDS Verb 0x1) that has integer used in a memory allocation. A large integer can result in an integer wrap and a subsequent allocation returning an insufficient buffer, resulting in a heap-based buffer overflow.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091203-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091203-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091203-001_AD_1.html 2009-12-03T15:23:00+09:00 2009-12-03T15:23:00+09:00 JPCERT/CC This advisory describes security issues that the BlackBerry Attachment Service component of the BlackBerry Enterprise Server is susceptible to. The issues relate to the handling of malformed and possibly malicious PDF files.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091203-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091203-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091202-001_AD_1.html 2009-12-02T16:48:00+09:00 2009-12-02T16:48:00+09:00 JPCERT/CC IBM WebSphere Portal and IBM Lotus Web Content Management (WCM) periodically provides service releases integrating code fixes for the product.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091202-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091202-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091201-002_AD_1.html 2009-12-01T18:11:00+09:00 2009-12-01T18:11:00+09:00 JPCERT/CC A short time ago a "local root" exploit was posted to the full-disclosure mailing list; as the name suggests, this allows a local user to execute arbitrary code as root.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091201-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091201-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091201-001_AD_1.html 2009-12-01T18:05:00+09:00 2009-12-01T18:05:00+09:00 JPCERT/CC Rails 2.3.5 was released over the weekend which provides several bug-fixes and one security fix. It should be fully compatible with all prior 2.3.x releases and can be easily upgraded to with “gem update rails”. The most interesting bits can be summarized in three points.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091201-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091201-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU261869_AD_1.html 2009-12-01T17:18:00+09:00 2009-12-01T17:18:00+09:00 JPCERT/CC 複数の SSL VPN (Web VPN) 製品には、ウェブブラウザのセキュリティメカニズムを迂回可能な問題が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU261869_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#261869 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091130-002_AD_1.html 2009-11-30T15:41:00+09:00 2009-11-30T15:41:00+09:00 JPCERT/CC A security vulnerability in the BIND DNS software shipped with Solaris may allow a remote user who is able to perform recursive queries to cause a server that is configured to support DNSSEC validation and recursive client queries to return incorrect addresses for Internet hosts, thereby redirecting end users to unintended hosts or services.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091130-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091130-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091130-001_AD_1.html 2009-11-30T09:14:00+09:00 2009-11-30T09:14:00+09:00 JPCERT/CC A potential security vulnerability has been identified with HP-UX OpenSSL. The vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS).<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091130-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091130-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091127-001_AD_1.html 2009-11-27T17:42:00+09:00 2009-11-27T17:42:00+09:00 JPCERT/CC DASAUTO COMMAND CAN BE RUN BY NON-PRIVILEGED USERS<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091127-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091127-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091126-003_AD_1.html 2009-11-26T17:52:00+09:00 2009-11-26T17:52:00+09:00 JPCERT/CC Symantec’s Altiris Deployment Solution, Notification Server and Symantec Management Platform web consoles install a vulnerable ActiveX control. Exploitation of one of the methods used by this control could possibly lead to unauthorized information disclosure, system information corruption or potentially allow arbitrary code execution in the context of the user’s browser. Successful exploitation would require user interaction to download malicious code.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091126-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091126-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091126-002_AD_1.html 2009-11-26T17:06:00+09:00 2009-11-26T17:06:00+09:00 JPCERT/CC A security vulnerability in the timeout mechanism of Solaris sshd(1M) may allow a remote unprivileged user to cause a Denial of Service (DoS) condition. If this issue is exploited, the sshd(1M) daemon will stop accepting new ssh(1) connections.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091126-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091126-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091126-001_AD_1.html 2009-11-26T17:01:00+09:00 2009-11-26T17:01:00+09:00 JPCERT/CC Updated Java JRE packages and Tomcat packages address several security issues. Updates for the ESX Service Console and vMA include kernel, ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is also updated for ESXi userworlds.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091126-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091126-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091125-003_AD_1.html 2009-11-25T14:44:00+09:00 2009-11-25T14:44:00+09:00 JPCERT/CC A potential security vulnerability has been identified with HP Operations Manager for Windows. The vulnerability could be exploited remotely to gain unauthorized access.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091125-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091125-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091125-002_AD_1.html 2009-11-25T14:03:00+09:00 2009-11-25T14:03:00+09:00 JPCERT/CC Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. Added missing sanity checks around exif processing. Fixed a safe_mode bypass in tempnam(). Fixed a open_basedir bypass in posix_mkfifo(). Fixed bug #50063 (safe_mode_include_dir fails). Fixed bug #44683 (popen crashes when an invalid mode is passed).<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091125-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091125-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091125-001_AD_1.html 2009-11-25T13:38:00+09:00 2009-11-25T13:38:00+09:00 JPCERT/CC A nameserver with DNSSEC validation enabled may incorrectly add records to its cache from the additional section of responses received during resolution of a recursive client query. This behavior only occurs when processing client queries with checking disabled (CD) at the same time as requesting DNSSEC records (DO).<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091125-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091125-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091124-003_AD_1.html 2009-11-24T16:49:00+09:00 2009-11-24T16:49:00+09:00 JPCERT/CC この脆弱性は Internet Explorer の無効なポインター参照が原因で起こります。CSS/Style オブジェクトが削除された後でも、特定の状況でそのオブジェクトにアクセスすることができる可能性があります。特別な細工がされた攻撃で、解放されたオブジェクトにアクセスしようとしている Internet Explorer が攻撃者が提供したコードを実行する可能性があります。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091124-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091124-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091124-002_AD_1.html 2009-11-24T09:50:00+09:00 2009-11-24T09:50:00+09:00 JPCERT/CC A vulnerability has been identified in CubeCart, which could be exploited by attackers to manipulate and inject SQL queries. This issue is caused by an input validation error in the "includes/content/viewProd.inc.php" script when processing the "productId" parameter, which could be exploited by malicious people to conduct SQL injection attacks.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091124-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091124-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091124-001_AD_1.html 2009-11-24T09:35:00+09:00 2009-11-24T09:35:00+09:00 JPCERT/CC Two Security Vulnerabilities in SAMBA(7) May Allow Unauthorized Access to the Remote Root Filesystem or May Lead to a Denial of Service (DoS) Condition<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091124-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091124-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091119-002_AD_1.html 2009-11-19T17:52:00+09:00 2009-11-19T17:52:00+09:00 JPCERT/CC A vulnerability has been identified in Serv-U, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by a buffer overflow error when processing a hexadecimal hepresentation of a string using a TEA decoding algorithm, which could allow remote attackers to crash an affected server or execute arbitrary code via a specially crafted request.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091119-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091119-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091119-001_AD_1.html 2009-11-19T17:48:00+09:00 2009-11-19T17:48:00+09:00 JPCERT/CC A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to create a Denial of Service (DoS).<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091119-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091119-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN01245481_AD_1.html 2009-11-19T16:37:00+09:00 2009-11-19T16:37:00+09:00 JPCERT/CC Redmine には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN01245481_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#01245481 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN87341298_AD_1.html 2009-11-19T16:27:00+09:00 2009-11-19T16:27:00+09:00 JPCERT/CC Redmine には、クロスサイトリクエストフォージェリの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN87341298_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#87341298 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091118-002_AD_1.html 2009-11-18T17:32:00+09:00 2009-11-18T17:32:00+09:00 JPCERT/CC Fixed a security vulnerability (carried over from unreleased version 0.5.9.1)<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091118-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091118-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091118-001_AD_1.html 2009-11-18T17:29:00+09:00 2009-11-18T17:29:00+09:00 JPCERT/CC Secunia Research has discovered a vulnerability in Gimp, which can be exploited by malicious people to potentially compromise a user's system.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091118-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091118-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091117-002_AD_1.html 2009-11-17T18:27:00+09:00 2009-11-17T18:27:00+09:00 JPCERT/CC Multiple vulnerabilities have been identified in ToutVirtual VirtualIQ Pro, which could be exploited by remote attackers to bypass security restrictions, gain knowledge of sensitive information, manipulate data, or compromise a vulnerable system.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091117-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091117-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091117-001_AD_1.html 2009-11-17T18:17:00+09:00 2009-11-17T18:17:00+09:00 JPCERT/CC The problem is that any user not activated may request and receive their activation code via email by using the activation resend function. For those sites that require administrative approval, this is a bypass of the approval process and the administrator isn't even notified it occurred.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091117-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091117-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091116-003_AD_1.html 2009-11-16T18:12:00+09:00 2009-11-16T18:12:00+09:00 JPCERT/CC Fixed a heap buffer overflow during tag format conversion<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091116-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091116-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091116-002_AD_1.html 2009-11-16T13:19:00+09:00 2009-11-16T13:19:00+09:00 JPCERT/CC IBM WebSphere Application Server is vulnerable to cross-site scripting, caused by improper validation of user-supplied input in the Administration Console. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091116-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091116-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091116-001_AD_1.html 2009-11-16T13:11:00+09:00 2009-11-16T13:11:00+09:00 JPCERT/CC Microsoft Server Message Block (SMB) プロトコルに存在する可能性のあるサービス拒否の脆弱性が新たに一般で報告され、マイクロソフトが現在調査中です。この脆弱性は、ユーザーのシステムが制御されたり、ユーザーのシステム上に悪意のあるソフトウェアがインストールされるようなものではありません。マイクロソフトはこの脆弱性に対する詳細な悪用コードが一般に公開されていることを認識しています。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091116-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091116-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091113-003_AD_1.html 2009-11-13T17:32:00+09:00 2009-11-13T17:32:00+09:00 JPCERT/CC A vulnerability has been identified in GIMP, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by an integer overflow error in the "ReadImage()" [plug-ins/file-bmp/bmp-read.c] function when processing malformed BMP images, which could be exploited by attackers to crash an affected application or execute arbitrary code by tricking a user into opening a specially crafted image file.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091113-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091113-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091113-002_AD_1.html 2009-11-13T17:28:00+09:00 2009-11-13T17:28:00+09:00 JPCERT/CC 2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091113-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091113-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091113-001_AD_1.html 2009-11-13T09:45:00+09:00 2009-11-13T09:45:00+09:00 JPCERT/CC This document describes the security content of Safari 4.0.4.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091113-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091113-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091112-001_AD_1.html 2009-11-12T17:09:00+09:00 2009-11-12T17:09:00+09:00 JPCERT/CC A moderate vulnerability has been identified in Adobe Photoshop Elements versions 8.0 and 7.0. The vulnerability could allow a user with valid login credentials and/or physical access, who successfully exploits the vulnerability, to execute arbitrary commands with elevated privileges.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091112-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091112-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091111-003_AD_1.html 2009-11-11T16:00:00+09:00 2009-11-11T16:00:00+09:00 JPCERT/CC このセキュリティ情報は 2009 年 11 月 6 日に公開したセキュリティ情報の一覧です。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091111-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091111-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091111-002_AD_1.html 2009-11-11T15:53:00+09:00 2009-11-11T15:53:00+09:00 JPCERT/CC Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, and Denial of Service (DoS).<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091111-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091111-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091111-001_AD_1.html 2009-11-11T10:28:00+09:00 2009-11-11T10:28:00+09:00 JPCERT/CC セキュリティアップデート 2009-006 / Mac OS X v10.6.2 のセキュリティコンテンツについて説明します。これらは、Mac のシステム環境設定の「ソフトウェアアップデート」、または「サポートダウンロード」のページからダウンロードしてインストールできます。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091111-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091111-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091110-003_AD_1.html 2009-11-10T16:00:00+09:00 2009-11-10T16:00:00+09:00 JPCERT/CC Two security vulnerabilities exist in the Apache 2 mod_perl2(3) module components which affect the Apache 2.0 web server bundled with Solaris 10 and the Apache 2.2 web server bundled with OpenSolaris.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091110-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091110-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091110-002_AD_1.html 2009-11-10T15:27:00+09:00 2009-11-10T15:27:00+09:00 JPCERT/CC Disable renegotiation completely - this fixes a severe security problem at the cost of breaking all renegotiation.Renegotiation can be re-enabled by setting OPENSSL_ENABLE_UNSAFE_LEGACY_SESSION_RENEGOTATION at compile-time. This is really not recommended.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091110-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091110-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091110-001_AD_1.html 2009-11-10T14:30:00+09:00 2009-11-10T14:30:00+09:00 JPCERT/CC A vulnerability has been identified in components of the Citrix NetScaler, NetScaler Application Firewall and Access Gateway Enterprise Edition that, when triggered, results in a denial of service.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091110-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091110-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091106-003_AD_1.html 2009-11-06T17:57:00+09:00 2009-11-06T17:57:00+09:00 JPCERT/CC A security vulnerability in Solaris Sockets Direct Protocol (SDP) driver (sdp(7D)) may allow a local or remote unprivileged user to exhaust all kernel memory. This is a type of Denial of Service (DoS).<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091106-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091106-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091106-002_AD_1.html 2009-11-06T17:49:00+09:00 2009-11-06T17:49:00+09:00 JPCERT/CC A potential security vulnerability has been identified with HP Power Manager. The vulnerability could be exploited remotely to execute arbitrary code.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091106-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091106-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091106-001_AD_1.html 2009-11-06T17:38:00+09:00 2009-11-06T17:38:00+09:00 JPCERT/CC On November 3, 2009, Sun will release the following security updates: JDK and JRE 6 Update 17,JDK and JRE 5.0 Update 22,SDK and JRE 1.4.2_24,SDK and JRE 1.3.1_27<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091106-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091106-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091105-001_AD_1.html 2009-11-05T16:06:00+09:00 2009-11-05T16:06:00+09:00 JPCERT/CC Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.1.601 and earlier versions. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities. It is recommended that users update their installations using the instructions provided below.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091105-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091105-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN75694913_AD_1.html 2009-11-04T16:03:00+09:00 2009-11-04T16:03:00+09:00 JPCERT/CC Roundcube Webmail Project が提供する Roundcube Webmail には、クロスサイトリクエストフォージェリの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN75694913_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#75694913 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN72974205_AD_1.html 2009-11-04T15:54:00+09:00 2009-11-04T15:54:00+09:00 JPCERT/CC Roundcube Webmail Project が提供する Roundcube Webmail には、クロスサイトリクエストフォージェリの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN72974205_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#72974205 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091104-003_AD_1.html 2009-11-04T14:36:00+09:00 2009-11-04T14:36:00+09:00 JPCERT/CC Multiple security vulnerabilities in Adobe Reader versions 9.x before 9.1.4, 8.x before 8.1.7 and 7.x before 7.1.4 may allow remote unprivileged users to execute arbitrary code or crash the Adobe Reader application, thereby causing a Denial of Service (DoS) condition. These vulnerabilities may be exploited via specially crafted PDF files.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091104-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091104-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091104-002_AD_1.html 2009-11-04T14:19:00+09:00 2009-11-04T14:19:00+09:00 JPCERT/CC A security issue has been reported in the Jumi component for Joomla!, which can be exploited by malicious people to potentially compromise a vulnerable system. The security issue is caused due to a backdoor in the application and can be exploited to potentially execute arbitrary PHP code.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091104-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091104-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091104-001_AD_1.html 2009-11-04T14:07:00+09:00 2009-11-04T14:07:00+09:00 JPCERT/CC Symantec’s Altiris Deployment Solution and Notification Server web consoles install a vulnerable ActiveX control. Exploitation of this issue could possibly lead to unauthorized information disclosure, system information corruption or potentially allow arbitrary code execution in the context of the user’s browser. Successful exploitation requires user interaction.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091104-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091104-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/CERTCC_VU180065_AD_1.html 2009-11-04T09:27:00+09:00 2009-11-04T09:27:00+09:00 CERT/CC A vulnerability in the nginx web server may allow remote attackers to execute arbitrary code on an affected system.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/CERTCC_VU180065_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VU#180065 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091030-001_AD_1.html 2009-10-30T17:34:00+09:00 2009-10-30T17:34:00+09:00 JPCERT/CC VMware hosted products and ESX patches resolve two security issues.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091030-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091030-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091029-004_AD_1.html 2009-10-29T15:01:00+09:00 2009-10-29T15:01:00+09:00 JPCERT/CC Wireshark 1.0.10 fixes the following vulnerabilities: * The RADIUS dissector could crash. * The DCERPC/NT dissector could crash.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091029-004_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091029-004 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091029-003_AD_1.html 2009-10-29T14:26:00+09:00 2009-10-29T14:26:00+09:00 JPCERT/CC Wireshark 1.2.3 fixes the following vulnerabilities: * The Paltalk dissector could crash on alignment-sensitive processors. * The DCERPC/NT dissector could crash. * The SMB dissector could crash.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091029-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091029-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091029-002_AD_1.html 2009-10-29T13:15:00+09:00 2009-10-29T13:15:00+09:00 JPCERT/CC Opera 10.01 is a recommended security and stability upgrade. Opera highly recommends all users to upgrade to Opera 10.01 to take advantage of these improvements.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091029-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091029-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091029-001_AD_1.html 2009-10-29T09:43:00+09:00 2009-10-29T09:51:00+09:00 JPCERT/CC Firefox 3.5.4 では、いくつかのセキュリティ問題 が修正されました。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091029-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091029-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091028-003_OT_1.html 2009-10-28T17:05:00+09:00 2009-10-28T17:05:00+09:00 JPCERT/CC A vulnerability has been identified in Sun Java System Web Server, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable web server. This issue is caused by an unspecified buffer overflow error when processing user-supplied requests, which could allow remote attackers to crash an affected web server or execute arbitrary code via a specially crafted packet.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091028-003_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-091028-003 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN13011682_AD_1.html 2009-10-28T15:59:00+09:00 2009-10-28T15:59:00+09:00 JPCERT/CC SEIL/X シリーズおよび SEIL/B1 には、サービス運用妨害 (DoS) の脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN13011682_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#13011682 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN06362164_AD_1.html 2009-10-28T15:35:00+09:00 2009-10-28T15:35:00+09:00 JPCERT/CC SEIL/X シリーズおよび SEIL/B1 には、バッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN06362164_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#06362164 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091028-002_OT_1.html 2009-10-28T14:04:00+09:00 2009-10-28T14:04:00+09:00 JPCERT/CC A vulnerability has been identified in Novell eDirectory, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system. This issue is caused by a buffer overflow error in the "dhost" service when processing overly long HTTP requests, which could be exploited by remote attackers to crash a vulnerable server or execute arbitrary code via a specially crafted request.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091028-002_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-091028-002 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091028-001_AD_1.html 2009-10-28T09:10:00+09:00 2009-10-28T09:10:00+09:00 JPCERT/CC Tracking down a reason for crashes of a perl process while processing certain obfuscated spam messages, it turns out that an utf-8 character with a large (and invalid) codepoint is causing a perl 5.10.1 crash while matching such string to a particular regular expression.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091028-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091028-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091027-004_AD_1.html 2009-10-27T10:59:00+09:00 2009-10-27T10:59:00+09:00 JPCERT/CC Hot on the heels of the Snort 2.8.5 release, a new Snort tarball is now available that fixes a few issues: * Fixed syslog output when running on Windows. * Fixed potential segfault when printing IPv6 packets using the -v option. Thanks to Laurent Gaffie for reporting this issue. * Fixed segfault when additional policies were added during a configuration reload.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091027-004_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091027-004 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091027-003_AD_1.html 2009-10-27T10:47:00+09:00 2009-10-27T10:47:00+09:00 JPCERT/CC Potential security vulnerabilities have been identified with HP-UX running Tomcat-based Servlet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Tomcat-based Servlet Engine is contained in the Apache Web Server Suite.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091027-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091027-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091027-002_AD_1.html 2009-10-27T10:15:00+09:00 2009-10-27T10:15:00+09:00 JPCERT/CC This hotfix also includes 2 important security fixes: * A remote distributed Denial of Services (DoS) vulnerability allowed remote attackers to disable the Websense Email Security Web Administrator service. This vulnerability has been fixed. * A cross-site scripting (XSS) vulnerability in the Websense Email Security Web Administrator has been fixed.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091027-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091027-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091027-001_AD_1.html 2009-10-27T10:04:00+09:00 2009-10-27T10:04:00+09:00 JPCERT/CC The headline changes in this release are: * A fix for the Trackback Denial-of-Service attack that is currently being seen. * Removal of areas within the code where php code in variables was evaluated. * Switched the file upload functionality to be whitelisted for all users including Admins. * Retiring of the two importers of Tag data from old plugins.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091027-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091027-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN75368899_AD_1.html 2009-10-26T15:32:00+09:00 2009-10-26T15:53:00+09:00 JPCERT/CC Internet Protocol version 6 (IPv6) を実装した複数の製品には、サービス運用妨害 (DoS) の脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN75368899_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#75368899 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091026-002_AD_1.html 2009-10-26T10:10:00+09:00 2009-10-26T10:10:00+09:00 JPCERT/CC This Critical Patch Update contains 38 new security fixes across all products.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091026-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091026-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091026-001_AD_1.html 2009-10-26T09:10:00+09:00 2009-10-26T09:10:00+09:00 JPCERT/CC Updated DHCP and Kernel packages for ESX 3.5 and ESX 3.0.3 and updated Java JRE packages for ESX 3.5 address several security issues.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091026-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091026-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN33822756_AD_1.html 2009-10-21T09:13:00+09:00 2009-10-21T09:13:00+09:00 JPCERT/CC キヤノンITソリューションズが提供する ACCESSGUARDIAN には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN33822756_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#33822756 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN23108985_AD_1.html 2009-10-15T16:08:00+09:00 2009-10-15T16:08:00+09:00 JPCERT/CC サイボウズ株式会社が提供する複数の製品には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN23108985_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#23108985 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU257117_AD_1.html 2009-10-14T17:03:00+09:00 2009-10-14T17:03:00+09:00 JPCERT/CC Adobe Reader および Acrobat には、JavaScript メソッドの実行を制限する仕組みに脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU257117_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#257117 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091013-001_AD_1.html 2009-10-13T10:00:00+09:00 2009-10-13T10:00:00+09:00 JPCERT/CC Remote exploitation of a stack based buffer overflow vulnerability in IBM Corp.'s AIX could allow an attacker to execute arbitrary code with the privileges of the affected service. rpc.cmsd, more commonly known as the Calendar Manager Service Daemon, is an RPC application used to manage schedules and calendars. It operates over SUN RPC. The vulnerability is triggered when handling a request for remote procedure 21. This function takes two arguments, both of which are XDR strings. When copying the first argument into a stack based buffer, the code does not properly verify its length. This results in a stack based buffer overflow vulnerability.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091013-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091013-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091008-001_AD_1.html 2009-10-08T18:00:00+09:00 2009-10-08T18:00:00+09:00 JPCERT/CC If a user in /etc/passwd is misconfigured to have an empty home directory (::) and the automated [homes] share is enabled, or an explicit share is created with that username, then any client connecting to that share name will be able to access the whole filesystem from root (/) on downwards, subject to local file system permissions applied to the connecting user.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-091008-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-091008-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU676492_AD_1.html 2009-10-07T16:43:00+09:00 2009-10-07T16:43:00+09:00 JPCERT/CC Wireshark には、細工された erf ファイルの処理に脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU676492_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#676492 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN84396512_AD_1.html 2009-10-02T15:15:00+09:00 2009-10-02T15:15:00+09:00 JPCERT/CC SugarCRM Inc. が提供する SugarCRM には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN84396512_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#84396512 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090930-001_AD_1.html 2009-09-30T14:23:00+09:00 2009-09-30T14:23:00+09:00 JPCERT/CC Security Vulnerabilities in Solaris Trusted Extensions Common Desktop Environment (CDE) may allow an unprivileged local user to easily execute arbitrary commands with root privileges or to bypass Mandatory Access Control (MAC) policy.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090930-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090930-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN65914253_AD_1.html 2009-09-18T19:34:00+09:00 2009-09-18T19:34:00+09:00 JPCERT/CC phpspot が提供する複数の製品には、ディレクトリトラバーサルの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN65914253_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#65914253 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN53591199_AD_1.html 2009-09-18T18:38:00+09:00 2009-09-18T18:38:00+09:00 JPCERT/CC phpspot が提供する複数の製品には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN53591199_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#53591199 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN00425482_AD_1.html 2009-09-17T15:11:00+09:00 2009-09-17T15:11:00+09:00 JPCERT/CC はっぴぃ・りなっくすが提供する XF-Section は、コンテンツのカテゴリ分け機能などを提供する、XOOPS 用モジュールです。XF-Section には、クロスサイトスクリプティングの脆弱性が存在します。 XF-Section の開発は終了しているため、使用を停止してください。同等の機能が実装された他製品に切り替えることをお勧めします。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN00425482_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#00425482 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN39157969_AD_1.html 2009-09-17T15:05:00+09:00 2009-09-17T15:05:00+09:00 JPCERT/CC Opera には、サードパーティ Cookie の取り扱いに問題が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN39157969_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#39157969 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090917-001_AD_1.html 2009-09-17T10:37:00+09:00 2009-09-17T10:37:00+09:00 JPCERT/CC A heap overflow vulnerability in the w(1) utility may allow a local unprivileged user to execute arbitrary code with root privileges.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090917-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090917-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU180065_AD_1.html 2009-09-16T17:02:00+09:00 2009-09-16T17:02:00+09:00 JPCERT/CC Nginx ウェブサーバには、バッファアンダーランの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU180065_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#180065 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090914-001_AD_1.html 2009-09-14T15:35:00+09:00 2009-09-14T15:35:00+09:00 JPCERT/CC This document describes Security Update 2009-005, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090914-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090914-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU135940_AD_1.html 2009-09-11T15:34:00+09:00 2009-09-11T15:34:00+09:00 JPCERT/CC Microsoft Windows Vista および Server 2008 には、Server Message Block version 2 (SMBv2) メッセージの解析に起因する脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU135940_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#135940 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN05857667_AD_1.html 2009-09-11T15:30:00+09:00 2009-09-11T15:30:00+09:00 JPCERT/CC 株式会社ディーアイシーが提供する yoyaku_v41 には、OS コマンドインジェクションの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN05857667_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#05857667 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU336053_AD_1.html 2009-09-10T17:36:00+09:00 2009-09-10T17:36:00+09:00 JPCERT/CC Cyrus IMAP サーバには、バッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU336053_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#336053 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090910-001_AD_1.html 2009-09-10T16:14:00+09:00 2009-09-10T16:14:00+09:00 JPCERT/CC Firefox 3.5.3 では、いくつかのセキュリティ問題 が修正されました。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090910-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090910-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN62211338_AD_1.html 2009-09-09T15:20:00+09:00 2009-09-09T15:20:00+09:00 JPCERT/CC Microsoft Windows の Windows Media Format Runtime には、特定のファイルの解析に起因するバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN62211338_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#62211338 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090909-002_AD_1.html 2009-09-09T13:58:00+09:00 2009-09-09T13:58:00+09:00 JPCERT/CC Security Vulnerabilities in libxml2 Library Related to Parsing of Element Declarations, Notation and Enumeration Attribute Types may Lead to a Denial of Service (DoS)<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090909-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090909-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090909-001_AD_1.html 2009-09-09T13:38:00+09:00 2009-09-09T13:38:00+09:00 JPCERT/CC The vulnerabilities described in this advisory can potentially affect systems and applications that run an implementation of TCP protocol (RFC793 et al.). The issues were found by the Sockstress tool developed by Outpost24.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090909-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090909-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090907-001_AD_1.html 2009-09-07T15:21:00+09:00 2009-09-07T15:21:00+09:00 JPCERT/CC Several security issues are resolved with the latest VMnc codec.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090907-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090907-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090904-001_AD_1.html 2009-09-04T14:30:00+09:00 2009-09-04T14:30:00+09:00 JPCERT/CC This document describes the security content of Java for Mac OS X 10.5 Update 5.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090904-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090904-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN57040664_AD_1.html 2009-09-02T15:21:00+09:00 2009-09-02T15:21:00+09:00 JPCERT/CC ジャストシステムが提供する ATOK には、スクリーンロックの制限を回避可能な脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN57040664_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#57040664 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090902-001_AD_1.html 2009-09-02T14:49:00+09:00 2009-09-02T14:49:00+09:00 JPCERT/CC Multiple vulnerabilities have been identified in OpenOffice.org, which could be exploited by attackers to compromise a vulnerable system.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090902-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090902-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090901-001_AD_1.html 2009-09-01T13:02:00+09:00 2009-09-01T13:02:00+09:00 JPCERT/CC The Microsoft IIS FTP server contains a stack buffer overflow in the handling of directory names, which may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable system.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090901-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090901-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN68640473_AD_1.html 2009-08-27T15:20:00+09:00 2009-08-27T15:20:00+09:00 JPCERT/CC bingo!CMS core および bingo!CMS には、クロスサイトリクエストフォージェリの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN68640473_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#68640473 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090826-001_OT_1.html 2009-08-26T13:29:00+09:00 2009-08-26T13:29:00+09:00 JPCERT/CC Updated VMware Hosted products address security issues in libpng and the Apace HTTP Server.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090826-001_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-090826-001 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN31035930_AD_1.html 2009-08-26T13:20:00+09:00 2009-08-26T13:20:00+09:00 JPCERT/CC SugarCRM Inc. が提供する SugarCRM には、SQL インジェクションの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN31035930_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#31035930 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN20478978_AD_1.html 2009-08-21T15:21:00+09:00 2009-08-21T15:21:00+09:00 JPCERT/CC サイトカレンダ mycaljp には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN20478978_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#20478978 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090821-001_AD_1.html 2009-08-21T15:17:00+09:00 2009-08-21T15:17:00+09:00 JPCERT/CC SSL で保護された通信の情報漏えいの問題が修正されました。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090821-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090821-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090820-002_AD_1.html 2009-08-20T14:02:00+09:00 2009-08-20T14:02:00+09:00 JPCERT/CC A vulnerability exists in the Cisco Firewall Services Module (FWSM) for the Catalyst 6500 Series Switches and Cisco 7600 Series Routers. The vulnerability may cause the FWSM to stop forwarding traffic and may be triggered while processing multiple, crafted ICMP messages.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090820-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090820-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090820-001_AD_1.html 2009-08-20T13:58:00+09:00 2009-08-20T13:58:00+09:00 JPCERT/CC Cisco IOS XR contains multiple vulnerabilities in the Border Gateway Protocol (BGP) feature.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090820-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090820-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN21388501_AD_1.html 2009-08-20T10:01:00+09:00 2009-08-20T10:01:00+09:00 JPCERT/CC Adobe が提供する ColdFusion には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN21388501_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#21388501 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090814-004_AD_1.html 2009-08-17T10:18:00+09:00 2009-08-17T10:18:00+09:00 JPCERT/CC This document describes the security content of Security Update 2009-004, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090814-004_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090814-004 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090814-003_AD_1.html 2009-08-17T10:11:00+09:00 2009-08-17T10:11:00+09:00 JPCERT/CC 特別に作成された URL がリクエストされると、ユーザーがリクエストしたパスワードのリセットを確認するためのセキュリティチェックを攻撃者が回避できる可能性があります。その結果、データベースにキーを持たない最初のアカウント (通常は管理者アカウント) のパスワードがリセットされ、新しいパスワードがそのアカウントのメールアドレスに送られます。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090814-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090814-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090814-002_AD_1.html 2009-08-17T10:00:00+09:00 2009-08-17T10:00:00+09:00 JPCERT/CC 本件では Safari 4.0.3 のセキュリティコンテンツについて説明します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090814-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090814-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090814-001_AD_1.html 2009-08-17T09:51:00+09:00 2009-08-17T09:51:00+09:00 JPCERT/CC Memcached is a database-caching applications available for multiple operating systems.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090814-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090814-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090806-001_AD_1.html 2009-08-06T17:30:00+09:00 2009-08-06T17:30:00+09:00 JPCERT/CC This document describes the security content of Security Update 2009-003 / Mac OS X v10.5.8, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090806-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090806-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN15267895_AD_1.html 2009-08-05T15:45:00+09:00 2009-08-05T15:45:00+09:00 JPCERT/CC FreeNAS には、クロスサイトリクエストフォージェリの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN15267895_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#15267895 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN89791790_AD_1.html 2009-08-05T15:40:00+09:00 2009-08-05T15:40:00+09:00 JPCERT/CC FreeNAS には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN89791790_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#89791790 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090804-003_AD_1.html 2009-08-04T15:45:00+09:00 2009-08-04T15:45:00+09:00 JPCERT/CC Firefox 3.5.2 では、いくつかのセキュリティ問題 が修正されました。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090804-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090804-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090804-002_AD_1.html 2009-08-04T15:42:00+09:00 2009-08-04T15:42:00+09:00 JPCERT/CC Firefox 3.0.13 では、Firefox 3.0.12 で見つかったいくつかの問題が修正されています。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090804-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090804-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090804-001_AD_1.html 2009-08-04T15:11:00+09:00 2009-08-04T15:11:00+09:00 JPCERT/CC Recent versions of Cisco IOS Software support RFC4893 ("BGP Support for Four-octet AS Number Space") and contain two remote denial of service (DoS) vulnerabilities when handling specific Border Gateway Protocol (BGP) updates.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090804-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090804-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN80436657_AD_1.html 2009-07-31T16:36:00+09:00 2009-07-31T16:36:00+09:00 JPCERT/CC 株式会社ディーアイシーが提供する yoyaku_v41 には、OS コマンドインジェクションの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN80436657_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#80436657 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN59748723_AD_1.html 2009-07-29T17:11:00+09:00 2009-07-29T17:11:00+09:00 JPCERT/CC Sun Microsystems が提供する MySQL Connector/J には、SQL インジェクションの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN59748723_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#59748723 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090729-002_AD_1.html 2009-07-29T16:56:00+09:00 2009-07-29T16:56:00+09:00 JPCERT/CC このセキュリティ更新プログラムは、責任ある開示方法で報告された Visual Studio に含まれている、パブリック バージョンの Microsoft Active Template Library (ATL) のいくつかの脆弱性を解決します。このセキュリティ更新プログラムは、特にコンポーネントおよびコントロールの開発者に向けられたものです。ATL を使用してコンポーネントおよびコントロールを作成、配布する開発者はこのセキュリティ情報で提供している更新プログラムをインストールし、このセキュリティ情報で説明している脆弱性の影響を受けないコンポーネントおよびコントロールを作成するためのガイダンスに従い、お客様に配布する必要があります。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090729-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090729-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090729-001_AD_1.html 2009-07-29T15:42:00+09:00 2009-07-29T15:42:00+09:00 JPCERT/CC Receipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against a zone for which that machine is a master. Launching the attack against slave zones does not trigger the assert.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090729-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090729-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090728-003_OT_1.html 2009-07-28T18:02:00+09:00 2009-07-28T18:02:00+09:00 JPCERT/CC Multiple vulnerabilities have been identified in Squid, which could be exploited by remote attackers to cause a denial of service.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090728-003_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-090728-003 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090728-002_AD_1.html 2009-07-28T17:53:00+09:00 2009-07-28T17:53:00+09:00 JPCERT/CC Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms. This security advisory outlines the details of the following vulnerabilities: * Malformed HTTP or HTTPS authentication response denial of service vulnerability * SSH connections denial of service vulnerability * Crafted HTTP or HTTPS request denial of service vulnerability * Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090728-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090728-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090728-001_AD_1.html 2009-07-28T14:18:00+09:00 2009-07-28T14:18:00+09:00 JPCERT/CC A security vulnerability in the Sun Java System Access Manager Policy Agent may allow a local or remote unprivileged user to crash the Sun Java System Web Proxy Server, when this is the deployment container that the Agent is running in. This is a type of Denial of Service (DoS).<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090728-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090728-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN29852698_AD_1.html 2009-07-24T16:53:00+09:00 2009-07-24T16:53:00+09:00 JPCERT/CC futomi's CGI Cafe が提供する RevoCounter CGI (アニメーションカウンター) には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN29852698_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#29852698 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090723-002_AD_1.html 2009-07-23T13:44:00+09:00 2009-07-23T13:44:00+09:00 JPCERT/CC Firefox 3.0.12 において、SVG 要素上で watch と __defineSetter__ を利用したクラッシュとリモートコード実行できる等の脆弱性が修正されました。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090723-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090723-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090723-001_AD_1.html 2009-07-23T10:08:00+09:00 2009-07-23T10:08:00+09:00 JPCERT/CC Adobe Flash contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090723-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090723-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090715-002_AD_1.html 2009-07-15T17:48:00+09:00 2009-07-15T17:48:00+09:00 JPCERT/CC マイクロソフトは現在、Microsoft Office Web コンポーネントに存在する責任ある開示方法で報告された脆弱性を調査中です。攻撃者がこの脆弱性を悪用した場合、ローカルのユーザーと同じユーザー権限を取得する可能性があります。Internet Explorer を使用している場合、リモートでコードが実行され、ユーザーの操作を必要としない可能性があります。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090715-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090715-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU410676_AD_1.html 2009-07-15T17:33:00+09:00 2009-07-15T17:33:00+09:00 JPCERT/CC ISC DHCP dhclient には、バッファオーバーフローの脆弱性が存在します。 なお、ISC によると 3.0 系および 2.0 系はサポート対象外とのことです。詳しくは ISC が提供する情報をご確認ください。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU410676_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#410676 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090715-001_OT_1.html 2009-07-15T16:41:00+09:00 2009-07-15T16:41:00+09:00 JPCERT/CC A bug discovered last week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler was disclosed publicly yesterday. It is a critical vulnerability that can be used to execute malicious code.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090715-001_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-090715-001 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN31110006_AD_1.html 2009-07-14T15:31:00+09:00 2009-07-14T15:31:00+09:00 JPCERT/CC Perl CGI's By Mrs.Shiromuku が提供する shiromuku(fs6)DIARY には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN31110006_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#31110006 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090713-001_AD_1.html 2009-07-13T15:44:00+09:00 2009-07-13T15:44:00+09:00 JPCERT/CC There are five security vulnerabilities in the Tomcat JSP/Servlet container that affect Tomcat 5.5 bundled in Solaris 9 and Solaris 10 and Tomcat 6 bundled in OpenSolaris.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090713-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090713-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090709-001_AD_1.html 2009-07-09T14:35:00+09:00 2009-07-09T14:35:00+09:00 JPCERT/CC An issue in WebKit's handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090709-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090709-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090707-001_AD_1.html 2009-07-07T13:37:00+09:00 2009-07-07T13:37:00+09:00 JPCERT/CC マイクロソフトは現在、Microsoft Video ActiveX コントロールに存在する非公開で報告された脆弱性を調査中です。攻撃者がこの脆弱性を悪用した場合、ローカルのユーザーと同じ権限を取得する可能性があります。Internet Explorer を使用している場合、リモートでコードが実行され、ユーザーの操作を必要としない可能性があります。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090707-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090707-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090706-003_AD_1.html 2009-07-06T18:20:00+09:00 2009-07-06T18:20:00+09:00 JPCERT/CC ウイルスバスターコーポレートエディションおよびウイルスバスタービジネスセキュリティクライアントにおいて、非常に長いパスの処理に問題があり、バッファオーバーフローが発生します。悪意あるリモート攻撃者が、この脆弱性を悪用し、該当クライアントのリアルタイム検索サービスを停止させる可能性があります。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090706-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090706-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090706-002_OT_1.html 2009-07-06T13:06:00+09:00 2009-07-06T13:06:00+09:00 JPCERT/CC It appears that the attackers are exploiting web sites which have older installations of some Cold Fusion applications. These applications have vulnerable installations of FCKEditor, which is a very popular HTML text editor, or CKFinder, which is an Ajax file manager. The vulnerable installations allow the attackers to upload ASP or Cold Fusion shells which further allow them to take complete control over the server.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090706-002_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-090706-002 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090706-001_AD_1.html 2009-07-06T10:40:00+09:00 2009-07-06T10:40:00+09:00 JPCERT/CC An input validation flaw in the asn1_decode_generaltime function in MIT Kerberos 5 before 1.6.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090706-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090706-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090702-003_OT_1.html 2009-07-02T17:41:00+09:00 2009-07-02T17:41:00+09:00 JPCERT/CC NetBSD has issued an update for ntp. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090702-003_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-090702-003 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090702-002_OT_1.html 2009-07-02T15:10:00+09:00 2009-07-02T15:10:00+09:00 JPCERT/CC Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090702-002_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-090702-002 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090702-001_OT_1.html 2009-07-02T15:05:00+09:00 2009-07-02T15:05:00+09:00 JPCERT/CC A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to bypass certain security restrictions.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090702-001_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-090702-001 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090701-001_AD_1.html 2009-07-01T14:18:00+09:00 2009-07-01T14:18:00+09:00 JPCERT/CC Multiple vulnerabilities have been identified in HP-UX, which could be exploited by attackers to bypass security restrictions, gain knowledge of sensitive information, cause a denial of service or compromise a vulnerable system. These issues are caused by errors in the Apache Web Server Suite.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090701-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090701-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090630-001_OT_1.html 2009-06-30T16:18:00+09:00 2009-06-30T16:18:00+09:00 JPCERT/CC A vulnerability has been identified in HP OpenView Network Node Manager (OV NNM) for Linux, which could be exploited by remote attackers to compromise a vulnerable system.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090630-001_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-090630-001 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN32788272_AD_1.html 2009-06-25T16:33:00+09:00 2009-06-25T16:33:00+09:00 JPCERT/CC レッツPHP! が提供する PHP-I-BOARD には、ディレクトリトラバーサルの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN32788272_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#32788272 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN20219071_AD_1.html 2009-06-25T16:30:00+09:00 2009-06-25T16:30:00+09:00 JPCERT/CC レッツPHP! が提供する PHP-I-BOARD には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN20219071_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#20219071 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN93827000_AD_1.html 2009-06-25T16:27:00+09:00 2009-06-25T16:27:00+09:00 JPCERT/CC レッツPHP! が提供する Tree BBS には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN93827000_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#93827000 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN08369659_AD_1.html 2009-06-24T16:16:00+09:00 2009-06-24T16:16:00+09:00 JPCERT/CC Movable Type には、アクセス制限回避が可能な脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN08369659_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#08369659 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN86472161_AD_1.html 2009-06-24T16:10:00+09:00 2009-06-24T16:10:00+09:00 JPCERT/CC Movable Type には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN86472161_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#86472161 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN12244807_AD_1.html 2009-06-22T19:27:00+09:00 2009-06-22T19:27:00+09:00 JPCERT/CC XOOPS マニアが提供する PukiWikiMod には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN12244807_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#12244807 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN87239696_AD_1.html 2009-06-18T15:47:00+09:00 2009-06-18T15:47:00+09:00 JPCERT/CC Apple が提供する iPhone OS には、サービス運用妨害 (DoS) の脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN87239696_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#87239696 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090612-002_AD_1.html 2009-06-12T13:28:00+09:00 2009-06-12T13:28:00+09:00 JPCERT/CC Firefox 3.0.11 では、Firefox 3.0.10 で見つかったいくつかの問題が修正されています。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090612-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090612-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090612-001_AD_1.html 2009-06-12T13:20:00+09:00 2009-06-12T13:20:00+09:00 JPCERT/CC Ruby標準ライブラリの一つであるBigDecimalに、DoS(Denial Of Service)状態を引き起こしてしまう脆弱性が存在することが発見されました。 BigDecimalオブジェクトから浮動小数点数(Float)への変換に問題があり、攻撃者はsegmentation faultsを引き起こすことができます。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090612-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090612-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN63832775_AD_1.html 2009-06-09T15:15:00+09:00 2009-06-09T15:15:00+09:00 JPCERT/CC The Apache Software Foundation が提供する Apache Tomcat には、情報漏えいの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN63832775_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#63832775 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN87272440_AD_1.html 2009-06-09T15:10:00+09:00 2009-06-09T15:10:00+09:00 JPCERT/CC The Apache Software Foundation が提供する Apache Tomcat には、サービス運用妨害（DoS）の脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN87272440_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#87272440 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN20689557_AD_1.html 2009-06-08T15:12:00+09:00 2009-06-08T15:12:00+09:00 JPCERT/CC SerendipityNZ Limited が提供する Serene Bach には、セッション ID が推測可能である脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN20689557_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#20689557 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090604-001_OT_1.html 2009-06-04T16:41:00+09:00 2009-06-04T16:41:00+09:00 JPCERT/CC If Tomcat receives a request with invalid headers via the Java AJP connector, it does not return an error and instead closes the AJP connection.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090604-001_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-090604-001 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN01115659_AD_1.html 2009-05-29T15:56:00+09:00 2009-05-29T15:56:00+09:00 JPCERT/CC MT312 が提供する携帯対応掲示板 REP-BBS には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN01115659_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#01115659 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN70836284_AD_1.html 2009-05-29T15:53:00+09:00 2009-05-29T15:53:00+09:00 JPCERT/CC MT312 が提供する写メール掲示板 IMG-BBS には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN70836284_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#70836284 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN62527913_AD_1.html 2009-05-29T15:42:00+09:00 2009-05-29T15:42:00+09:00 JPCERT/CC Cisco Systems が提供する複数の製品には、ディレクトリトラバーサルの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN62527913_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#62527913 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090529-001_AD_1.html 2009-05-29T11:09:00+09:00 2009-05-29T11:09:00+09:00 JPCERT/CC マイクロソフトは、Microsoft DirectX に存在する脆弱性に関する新たに公開された報告を現在調査中です。この脆弱性で、特別な細工がされた QuickTime メディアファイルをユーザーが開いた場合、リモートでコードが実行される可能性があります。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090529-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090529-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090526-001_OT_1.html 2009-05-26T11:02:00+09:00 2009-05-26T11:02:00+09:00 JPCERT/CC A vulnerability has been identified in Apple QuickTime, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090526-001_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-090526-001 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU710316_AD_1.html 2009-05-22T17:15:00+09:00 2009-05-22T17:15:00+09:00 JPCERT/CC NSD にはバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU710316_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#710316 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN57036470_AD_1.html 2009-05-22T15:27:00+09:00 2009-05-22T15:27:00+09:00 JPCERT/CC 有限会社アドシステムズが提供するＷｅｂ会議室予約 フリー（無料）版 leger には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN57036470_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#57036470 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN42927215_AD_1.html 2009-05-21T15:17:00+09:00 2009-05-21T15:17:00+09:00 JPCERT/CC 有限会社アップルップルが提供する a-News には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN42927215_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#42927215 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU787932_AD_1.html 2009-05-21T14:59:00+09:00 2009-05-21T14:59:00+09:00 JPCERT/CC Microsoft Internet Information Services (IIS) には認証回避の脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU787932_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#787932 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN02331156_AD_1.html 2009-05-20T15:12:00+09:00 2009-05-20T15:12:00+09:00 JPCERT/CC Hewlett-Packard が提供する HP System Management Homepage (SMH) には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN02331156_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#02331156 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU853097_AD_1.html 2009-05-19T17:09:00+09:00 2009-05-19T17:09:00+09:00 JPCERT/CC ntpd にはバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU853097_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#853097 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN28521500_AD_1.html 2009-05-18T15:11:00+09:00 2009-05-18T15:11:00+09:00 JPCERT/CC CGI RESCUE が提供する Trees には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN28521500_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#28521500 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090518-001_OT_1.html 2009-05-18T13:47:00+09:00 2009-05-18T13:47:00+09:00 JPCERT/CC If you're in the security business long enough, this one will sound extremely familiar: Apparently, adding certain Unicode characters to an URL makes it possible to bypass authentication in Microsoft IIS6 with WebDav and access or even upload files in folders which are supposed to be password protected.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090518-001_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-090518-001 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090515-001_OT_1.html 2009-05-15T14:09:00+09:00 2009-05-15T14:09:00+09:00 JPCERT/CC Sun Java Runtime Environment is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090515-001_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-090515-001 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN73653977_AD_1.html 2009-05-13T15:11:00+09:00 2009-05-13T15:11:00+09:00 JPCERT/CC Sun Microsystems が提供する Sun GlassFish Enterprise Server および Sun Java System Application Server には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN73653977_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#73653977 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN43233160_AD_1.html 2009-05-11T15:27:00+09:00 2009-05-11T15:27:00+09:00 JPCERT/CC SKIPユーザグループが提供する SKIP には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN43233160_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#43233160 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN03114223_AD_1.html 2009-05-11T15:15:00+09:00 2009-05-11T15:15:00+09:00 JPCERT/CC SKIPユーザグループが提供する SKIP には、SQL インジェクションの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN03114223_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#03114223 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090501-001_AD_1.html 2009-05-01T10:58:00+09:00 2009-05-01T10:58:00+09:00 JPCERT/CC The version of Alert Management System 2 (AMS2) used by some versions of Symantec System Center, Symantec Antivirus Server, and Symantec AntiVirus Central Quarantine Server contains four vulnerabilities.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090501-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090501-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU970180_AD_1.html 2009-04-30T16:22:00+09:00 2009-04-30T16:22:00+09:00 JPCERT/CC Adobe Reader および Acrobat には JavaScript メソッドである customDictionaryOpen() と getAnnots() に脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU970180_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#970180 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090427-003_OT_1.html 2009-04-27T16:27:00+09:00 2009-04-27T16:27:00+09:00 JPCERT/CC Debian aptが取得したパッケージのPGP署名を検証するが、期限切れの鍵で署名されていても処理を続行してしまうという脆弱性。 debian/ubuntuではgpgvという専用コマンドをつかっているがそのコマンドがそもそも期限切れを警告しない。aptの0.7.21で修正が施された<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090427-003_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-090427-003 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN28020230_AD_1.html 2009-04-27T15:57:00+09:00 2009-04-27T15:57:00+09:00 JPCERT/CC CGI RESCUE が提供する Webメーラーには、HTTP ヘッダインジェクションの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN28020230_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#28020230 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN76370393_AD_1.html 2009-04-27T15:53:00+09:00 2009-04-27T15:53:00+09:00 JPCERT/CC CGI RESCUE が提供するフォームメールには、管理者の設定とは異なる内容でメールの送信が可能な脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN76370393_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#76370393 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN36982346_AD_1.html 2009-04-27T15:49:00+09:00 2009-04-27T15:49:00+09:00 JPCERT/CC CGI RESCUE が提供する簡易BBS22 は、電子掲示板スクリプトです。簡易BBS22 には、管理者の設定とは異なる内容でメールの送信が可能な脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN36982346_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#36982346 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN11396739_AD_1.html 2009-04-27T15:21:00+09:00 2009-04-27T15:21:00+09:00 JPCERT/CC CGI RESCUE が提供する簡易BBS には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN11396739_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#11396739 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090427-002_AD_1.html 2009-04-27T13:36:00+09:00 2009-04-27T13:36:00+09:00 JPCERT/CC Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and cross-site request forgery attacks, and potentially to compromise a user's system.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090427-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090427-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090427-001_AD_1.html 2009-04-27T13:10:00+09:00 2009-04-27T13:10:00+09:00 JPCERT/CC Some vulnerabilities, security issues, and a weakness have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, conduct cross-site scripting and cross-site request forgery attacks, and potentially compromise a user's system.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090427-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090427-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN97248625_AD_1.html 2009-04-24T15:27:00+09:00 2009-04-24T15:27:00+09:00 JPCERT/CC Movable Type には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN97248625_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#97248625 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN82744714_AD_1.html 2009-04-16T15:22:00+09:00 2009-04-16T15:22:00+09:00 JPCERT/CC LovPop.net が提供する apricot.php は、ウェブページのアクセスログ解析を行うためのソフトウェアです。apricot.php には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN82744714_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#82744714 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090415-001_AD_1.html 2009-04-15T16:59:00+09:00 2009-04-15T16:59:00+09:00 JPCERT/CC A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of interdependencies) by those security patches.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090415-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090415-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN33846134_AD_1.html 2009-04-08T14:08:00+09:00 2009-04-08T14:08:00+09:00 JPCERT/CC ジャストシステムが提供する一太郎シリーズはワープロソフトです。この一太郎シリーズには、リッチテキストファイルの読込み処理に問題があり、バッファオーバーフローを起こす脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN33846134_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#33846134 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN74747784_AD_1.html 2009-04-02T15:41:00+09:00 2009-04-02T15:41:00+09:00 JPCERT/CC XOOPS Cube Project が提供する XOOPS Cube Legacy には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN74747784_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#74747784 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090402-001_AD_1.html 2009-04-02T14:51:00+09:00 2009-04-02T14:51:00+09:00 JPCERT/CC JP1/VERITAS NetBackupのCommunications Setupに特権昇格の脆弱性が存在します。本脆弱性を悪用することで，非特権の正当なシステムユーザがVeritas Network Daemonを使用することにより，そのシステム上で特権の昇格が行えます。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090402-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090402-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN63511247_AD_1.html 2009-03-31T15:23:00+09:00 2009-03-31T15:23:00+09:00 JPCERT/CC futomi's CGI Cafe が提供する高機能アクセス解析CGI Professional 版には、管理者権限が奪取可能である脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN63511247_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#63511247 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090330-005_AD_1.html 2009-03-30T15:07:00+09:00 2009-03-30T15:07:00+09:00 JPCERT/CC Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java Runtime Environment (JRE) could allow an attacker to execute arbitrary code with the privileges of the current user.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090330-005_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090330-005 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090330-004_AD_1.html 2009-03-30T15:02:00+09:00 2009-03-30T15:02:00+09:00 JPCERT/CC Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java Web Start could allow an attacker to execute arbitrary code with privileges of the current user.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090330-004_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090330-004 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090330-003_AD_1.html 2009-03-30T14:56:00+09:00 2009-03-30T14:59:00+09:00 JPCERT/CC Remote exploitation of a heap corruption vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090330-003_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090330-003 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090330-002_AD_1.html 2009-03-30T14:50:00+09:00 2009-03-30T14:57:00+09:00 JPCERT/CC Remote exploitation of a heap corruption vulnerability in Sun Microsystems Inc.'s Java Web Start could allow an attacker to execute arbitrary code with privileges of the current user.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090330-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090330-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090330-001_AD_1.html 2009-03-30T14:39:00+09:00 2009-03-30T14:39:00+09:00 JPCERT/CC Remote exploitation of an integer signedness vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090330-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090330-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090319-001_AD_1.html 2009-03-19T15:05:00+09:00 2009-03-19T15:05:00+09:00 JPCERT/CC iDefense Labs contacted IBM Lotus to report a potential keyview buffer overflow vulnerability in Lotus Notes. In specific situations it was found that there is the possibility to execute arbitrary code.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090319-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090319-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN23558374_AD_1.html 2009-03-16T15:13:00+09:00 2009-03-16T15:13:00+09:00 JPCERT/CC futomi's CGI Cafe が提供する高機能アクセス解析CGI Standard 版 (Ver. 3.x 系) にはクロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN23558374_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#23558374 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090316-001_AD_1.html 2009-03-16T14:29:00+09:00 2009-03-16T14:29:00+09:00 JPCERT/CC 2009年3月11日、弊社の一部製品に脆弱性の存在を確認いたしました。この脆弱性が悪用されると任意のコードが実行され、パソコンが不正に操作される危険性があります。弊社ではこの問題を調査中です。なお、2009年3月16日現在におきまして、本件に起因する実際の被害は確認しておりません。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090316-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090316-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090311-001_AD_1.html 2009-03-11T15:23:00+09:00 2009-03-11T15:23:00+09:00 JPCERT/CC A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090311-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090311-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN84899898_AD_1.html 2009-03-10T15:31:00+09:00 2009-03-10T15:31:00+09:00 JPCERT/CC futomi's CGI Cafe が提供する MP Form Mail CGI には、管理者権限が奪取可能である脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN84899898_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#84899898 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU649212_AD_1.html 2009-03-04T17:30:00+09:00 2009-03-04T17:30:00+09:00 JPCERT/CC libpng にはエレメントポインタが適切に初期化されない脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU649212_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#649212 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090303-002_AD_1.html 2009-03-03T10:44:00+09:00 2009-03-03T10:44:00+09:00 JPCERT/CC The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine Cisco ACE Module and Cisco ACE 4710 Application Control Engine contain multiple vulnerabilities.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090303-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090303-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090303-001_AD_1.html 2009-03-03T10:13:00+09:00 2009-03-03T10:13:00+09:00 JPCERT/CC Multiple vulnerabilities exist in the Cisco Application Networking Manager (ANM) and Cisco Application Control Engine (ACE) Device Manager applications. These vulnerabilities are independent of each other. Successful exploitation of these vulnerabilities may result in unauthorized system or host operating system access.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090303-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090303-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090302-001_AD_1.html 2009-03-02T17:54:00+09:00 2009-03-02T17:54:00+09:00 JPCERT/CC Cisco Unified MeetingPlace Web Conferencing servers may contain an authentication bypass vulnerability that could allow an unauthenticated user to gain administrative access to the MeetingPlace application. Cisco has released free software updates that address this vulnerability.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090302-001_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-090302-001 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN66905322_AD_1.html 2009-03-02T17:39:00+09:00 2009-03-02T17:39:00+09:00 JPCERT/CC The Apache Software Foundation が提供する Apache Tomcat には、情報漏えいの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN66905322_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#66905322 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090225-001_OT_1.html 2009-02-25T17:33:00+09:00 2009-02-25T17:33:00+09:00 JPCERT/CC A potential vulnerability has been identified in Adobe Flash Player 10.0.12.36 and earlier that could allow an attacker who successfully exploits this potential vulnerability to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit this potential vulnerability. Additional vulnerabilities have been addressed in this update. Adobe recommends users update to the most current version of Flash Player available for their platform.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090225-001_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-090225-001 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN91591874_AD_1.html 2009-02-25T15:17:00+09:00 2009-02-25T15:17:00+09:00 JPCERT/CC PEAK XOOPS が提供する piCal には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN91591874_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#91591874 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090224-002_OT_1.html 2009-02-24T17:30:00+09:00 2009-02-24T17:30:00+09:00 JPCERT/CC <br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090224-002_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-090224-002 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090224-001_OT_1.html 2009-02-24T16:59:00+09:00 2009-02-24T16:59:00+09:00 JPCERT/CC Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090224-001_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-090224-001 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN16767117_AD_1.html 2009-02-23T16:05:00+09:00 2009-02-23T16:05:00+09:00 JPCERT/CC ソニー製ネットワークカメラ SNC シリーズの ActiveX コントロールは、ネットワーク経由でブラウザ上から映像をモニタリングするためのソフトウェアです。この ActiveXコントロールには、設定変数の一部の処理が適切に行われないため、ヒープバッファオーバーフローの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN16767117_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#16767117 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN29641290_AD_1.html 2009-02-12T17:39:00+09:00 2009-02-12T17:39:00+09:00 JPCERT/CC Becky! Internet Mail はメールクライアントソフトです。Becky! Internet Mail には、メールを閲覧した際の開封確認の処理に問題があり、バッファオーバーフローを起こす脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN29641290_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#29641290 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN45184501_AD_1.html 2009-02-10T15:47:00+09:00 2009-02-10T15:47:00+09:00 JPCERT/CC マイクロソフトが提供する検索プラットフォームである FAST ESP には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN45184501_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#45184501 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN80771386_AD_1.html 2009-01-27T15:48:00+09:00 2009-01-27T15:48:00+09:00 JPCERT/CC futomi's CGI Cafe が提供する全文検索CGI には管理者権限が奪取可能である脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN80771386_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#80771386 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090122-001_OT_1.html 2009-01-22T10:50:00+09:00 2009-01-22T10:50:00+09:00 JPCERT/CC <br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-090122-001_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-090122-001 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN93431860_AD_1.html 2009-01-20T18:19:00+09:00 2009-01-20T18:19:00+09:00 JPCERT/CC Oracle（旧 BEA Systems, Inc.）が提供する Oracle WebLogic Server には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN93431860_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#93431860 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN28344798_AD_1.html 2009-01-15T15:25:00+09:00 2009-01-15T15:25:00+09:00 JPCERT/CC Cisco IOS に含まれるウェブ管理インターフェースには、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN28344798_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#28344798 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN72630020_AD_1.html 2009-01-09T16:24:00+09:00 2009-01-09T16:24:00+09:00 JPCERT/CC オープンソースのコンテンツ管理システムである MODx には、SQL インジェクションの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN72630020_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#72630020 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN66828183_AD_1.html 2009-01-09T16:18:00+09:00 2009-01-09T16:18:00+09:00 JPCERT/CC オープンソースのコンテンツ管理システムである MODx には、クロスサイトリクエストフォージェリの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN66828183_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#66828183 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN10170564_AD_1.html 2009-01-09T16:12:00+09:00 2009-01-09T16:12:00+09:00 JPCERT/CC オープンソースのコンテンツ管理システムである MODx には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN10170564_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#10170564 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN71945722_AD_1.html 2009-01-08T15:26:00+09:00 2009-01-08T15:26:00+09:00 JPCERT/CC Movable Type Enterprise には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN71945722_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#71945722 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN36802959_AD_1.html 2009-01-07T17:29:00+09:00 2009-01-07T17:29:00+09:00 JPCERT/CC オープンソースの SNS ソフトウェアである MyNETS には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN36802959_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#36802959 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN17298485_AD_1.html 2008-12-25T19:32:00+09:00 2008-12-25T19:32:00+09:00 JPCERT/CC Seasar プロジェクトが提供する Java 用テンプレートエンジンである Mayaa には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN17298485_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#17298485 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN98063934_AD_1.html 2008-12-25T19:20:00+09:00 2008-12-25T19:20:00+09:00 JPCERT/CC サッポロワークスが提供する BlackJumboDog には、認証回避が可能な脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN98063934_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#98063934 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU696644_AD_1.html 2008-12-25T12:04:00+09:00 2008-12-25T12:04:00+09:00 JPCERT/CC Microsoft SQL Server の sp_replwritetovarbin 拡張ストアド プロシージャのパラメータ処理に脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU696644_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#696644 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN50327700_AD_1.html 2008-12-19T15:55:00+09:00 2008-12-19T15:55:00+09:00 JPCERT/CC PHP には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN50327700_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#50327700 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-081218-002_AD_1.html 2008-12-18T17:17:00+09:00 2008-12-18T17:17:00+09:00 JPCERT/CC <br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-081218-002_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert VRDA-081218-002 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-081218-001_OT_1.html 2008-12-18T17:09:00+09:00 2008-12-18T17:09:00+09:00 JPCERT/CC <br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-081218-001_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-081218-001 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN07468800_AD_1.html 2008-12-12T00:00:00+09:00 2008-12-12T00:00:00+09:00 JPCERT/CC futomi's CGI Cafe が提供する高機能アクセス解析CGI には、セッション ID が推測可能である脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN07468800_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#07468800 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU926676_AD_1.html 2008-12-12T00:00:00+09:00 2008-12-12T00:00:00+09:00 JPCERT/CC Word 97 ファイル形式用のワードパッドテキストコンバータの処理に問題があり、任意のコードを実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVNVU926676_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVNVU#926676 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN02216739_AD_1.html 2008-12-03T16:12:00+09:00 2008-12-03T16:12:00+09:00 JPCERT/CC Movable Type Enterprise には、クロスサイトスクリプティングの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN02216739_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#02216739 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN70599814_AD_1.html 2008-11-26T17:35:00+09:00 2008-11-26T17:35:00+09:00 JPCERT/CC アイ・オー・データ製 LAN 接続型ハードディスクである HDL-F シリーズのウェブ管理画面には、クロスサイトリクエストフォージェリの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN70599814_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#70599814 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-081121-001_OT_1.html 2008-11-21T15:34:00+09:00 2008-11-21T15:34:00+09:00 JPCERT/CC <br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VRDA-081121-001_OT_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Other VRDA-081121-001 1 Other 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN86833991_AD_1.html 2008-11-21T15:18:00+09:00 2008-11-21T15:18:00+09:00 JPCERT/CC CGI RESCUE が提供する簡易BBS2000 には、ディレクトリトラバーサルの脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN86833991_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#86833991 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN47875752_AD_1.html 2008-11-17T17:21:00+09:00 2008-11-17T17:21:00+09:00 JPCERT/CC ガンホー・オンライン・エンターテイメント株式会社が提供する LoadPrgAx ActiveX コントロールには、任意の Java プログラムが実行される脆弱性が存在します。<br><br><a href="http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_JVN47875752_AD_1.html" target="_self">Vulnerability Analysis Summary</a><br>Analysis Information Source Type : Advisory, Alert JVN#47875752 1 Advisory 1 false http://vrda.jpcert.or.jp/feed_obsolete/ja/JPCERTCC_VU277313_AD_1.html 2008-1