Daily Vuln Watch Japan: 不正HTMLの挿入

ソフト名：Microsoft Office SharePoint Portal Server 2001/Portal Server 2003/Designer 2007/Server 2007/Designer 2010/Foundation 2010/Server 2010/Team Services, Microsoft Forefront Security for SharePoint, Microsoft Windows SharePoint Services 2.x/3.x

回避策：MS11-074 (KB2493987, KB2494001, KB2494007, KB2494022, KB2508964, KB2508965, KB2552998, KB2552999, KB2553001, KB2553002, KB2553003, KB2553005, KB2560885, KB2566449, KB2566450, KB2566456, KB2566954, KB2566958, KB2566960)にて対応

脆弱性：XSS, スクリプト挿入攻撃, 不正HTMLの実行, スクリプトコード実行, 不正HTMLの挿入

ソース：

http://office.microsoft.com/en-us/sharepoint-designer-help/

http://www.windowsmarketplace.com/

http://office.microsoft.com/en-us/sharepoint-help/

http://msdn.microsoft.com/en-gb/office/bb421303.aspx

http://sharepoint.microsoft.com/en-us/product/Related-Technologies/Pages/SharePoint-Foundation.aspx

http://sharepoint.microsoft.com/ja-jp/Pages/default.aspx

http://technet.microsoft.com/en-us/windowsserver/sharepoint/bb848085.aspx

http://office.microsoft.com/en-us/windows-sharepoint-services-help/

http://technet.microsoft.com/en-us/security/bulletin/ms11-074

http://secunia.com/advisories/45915/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0653

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1252

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1890

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1891

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1893

CVE：CVE-2011-0653, CVE-2011-1252, CVE-2011-1890, CVE-2011-1891, CVE-2011-1893

危険性：Medium Risk

Red Hat Fedora

ソフト名：Red Hat Fedora 14 (phpMyAdmin 3.3.0〜3.4.3.2)

回避策：FEDORA-2011-11594にて対応

脆弱性：XSS, スクリプト挿入攻撃, 不正HTMLの挿入

ソース：

http://fedoraproject.org/

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065824.html

http://secunia.com/advisories/45709/

http://secunia.com/advisories/45990/

http://dvw-j.blogspot.com/2011/08/phpmyadmin.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3181

CVE：CVE-2011-3181

危険性：Medium Risk

2011-09-13

LightNEasy

ソフト名：LightNEasy 3.2.4

回避策：未対応

脆弱性：XSS, スクリプト挿入攻撃, 不正HTMLの挿入

ソース：

http://www.lightneasy.org/index.php

http://www.rul3z.de/advisories/SSCHADV2011-013.txt

http://secunia.com/advisories/45955/

危険性：Medium Risk

phpMyAdmin Extension for TYPO3

ソフト名：phpMyAdmin Extension for TYPO3 4.11.2以下 (phpmyadmin)

回避策：4.11.3へのアップデート, TYPO3-EXT-SA-2011-005にて対応

脆弱性：XSS, スクリプト挿入攻撃, 不正HTMLの挿入

ソース：

http://typo3.org/extensions/repository/view/phpmyadmin/

http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-005/

http://secunia.com/advisories/45709/

http://secunia.com/advisories/45946/

http://dvw-j.blogspot.com/2011/08/phpmyadmin.html

危険性：Medium Risk

2011-09-06

GentleSource Short URL

ソフト名：GentleSource Short URL

回避策：未対応

脆弱性：XSS, スクリプト挿入攻撃, 不正HTMLの挿入

ソース：

http://www.gentlesource.com/short-url-script/

http://secunia.com/advisories/45890/

危険性：Medium Risk

2011-09-02

Drupal Bot Alarm Module

ソフト名：Drupal Bot Alarm Module 6.x-1.2未満

回避策：アップデートにて対応

脆弱性：XSS, CSRF, スクリプト挿入攻撃, 不正HTMLの挿入, 不正HTTPのリクエスト

ソース：

http://drupal.org/project/bot_alarm

http://drupal.org/node/1265750

http://secunia.com/advisories/45797/

危険性：Medium Risk

Drupal Taxonomy Views Integrator Module

ソフト名：Drupal Taxonomy Views Integrator Module 6.x-1.2未満

回避策：SA-CONTRIB-2011-038, アップデートにて対応

脆弱性：XSS, スクリプト挿入攻撃, 不正HTMLの挿入

ソース：

http://drupal.org/project/tvi

http://drupal.org/node/1265430

http://secunia.com/advisories/45775/

危険性：Medium Risk

2011-08-31

SUSE Studio Onsite

ソフト名：SUSE Studio Onsite 1.x

回避策：あり

脆弱性：XSS, システムアクセス, スクリプト挿入攻撃, シェルコマンドの挿入, 不正HTMLの挿入, ローカルコード実行

ソース：

http://www.suse.com/products/susestudio/

http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html

http://secunia.com/advisories/45754/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2225

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2226

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2644

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2645

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2646

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2647

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2648

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2649

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2650

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2651

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2652

CVE：CVE-2011-2225, CVE-2011-2226, CVE-2011-2644, CVE-2011-2645, CVE-2011-2646, CVE-2011-2647, CVE-2011-2648, CVE-2011-2649, CVE-2011-2650, CVE-2011-2651, CVE-2011-2652

危険性：Medium Risk

Daily Vuln Watch Japan

2011-09-30

Blogs MU

Red Hat Fedora

2011-09-28

Atlassian JIRA

SonicWALL ViewPoint

2011-09-27

Barracuda IM Firewall

FBC-Market

2011-09-23

phplist

TANDBERG C Series Endpoints, TANDBERG MXP Series Endpoint

Fortinet FortiAnalyzer

Drupal Views Bulk Operations Module

2011-09-20

SemanticScuttle

phpMyAdmin, phpMyAdmin Extension for TYPO3

2011-09-14

Microsoft Office SharePoint, Microsoft Windows SharePoint

Red Hat Fedora

2011-09-13

LightNEasy

phpMyAdmin Extension for TYPO3

2011-09-06

GentleSource Short URL

2011-09-02

Drupal Bot Alarm Module

Drupal Taxonomy Views Integrator Module

2011-08-31

SUSE Studio Onsite

Calendar

このブログを検索

ブログアーカイブ

Blogram投票ボタン

グーバーウォーク

参加ユーザー

JVNRSS Feed - Update Entry

ラベル

2011-09-30

2011-09-28

2011-09-27

2011-09-23

2011-09-20

2011-09-14

2011-09-13

2011-09-06

2011-09-02

2011-08-31

Calendar

このブログを検索

ブログ アーカイブ

Blogram投票ボタン

グーバーウォーク

参加ユーザー

JVNRSS Feed - Update Entry

ラベル

ブログアーカイブ