SecurityFocus

SecurityFocus Newsletter #307 2005-07-11->2005-07-15 Nov 25 2005 08:19AM
Tsuneo Ogasawara (t ogaswr lac co jp)

$B>.3^86(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 307 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

------------------------------------------------------------------------
---
BugTraq-JP $B$K4X$9$k(B FAQ ($BF|K\8l(B):
http://www.securityfocus.com/archive/79/description
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B
$B!&(BBugTraq-JP $B$X$N;22CJ}K!!"C&B`J}K!$O$3$N(B FAQ $B$r$4;2>H$/$@$5$$(B
------------------------------------------------------------------------
---
SecurityFocus Newsletter $B%"!<%+%$%V(B ($B1Q8l(B):
http://www.securityfocus.com/archive/78
BugTraq $B$K4X$9$k(B FAQ ($B1Q8l(B):
http://www.securityfocus.com/archive/1/description
------------------------------------------------------------------------
---
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
$B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#
(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
$B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
$B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
------------------------------------------------------------------------
---
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^
(B
$B$9!#(B
------------------------------------------------------------------------
---
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
$BHG$r$4Ej9FD:$/$+!"4F=$<T(B (t.ogaswr (at) lac.co (dot) jp [email concealed]) $B$K$*CN$i$;$/$@$5$$!#(B
$B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
------------------------------------------------------------------------
---
This translation is encoded and posted in ISO-2022-JP.

$B86HG(B:
Date: Tue, 19 Jul 2005 18:04:29 -0600
Message-ID: <42DD950D.9020806 (at) securityfocus (dot) com [email concealed]>

SecurityFocus Newsletter #307
-----------------------------

This Issue is Sponsored By: VeriSign

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
1. If it isn't broken...
2. Microsoft and Claria, together at last?
3. Introduction to IPAudit
II. BUGTRAQ SUMMARY
1. ID Team ID Board SQL.CLS.PHP SQL Injection Vulnerability
2. Linux Kernel IA32 ExecVE Local Buffer Overflow Vulnerability
3. DHCPCD Remote Denial of Service Vulnerability
4. Web Wiz Forums Information Disclosure Vulnerability
5. Spid lang_path File Include Vulnerability
6. PPA ppa_root_path File Include Vulnerability
7. Backup Manager Insecure Temporary File Creation Vulnerability
8. DownloadProtect Download.PHP Directory Traversal Vulnerability
9. SoftiaCom WMailserver Local Information Disclosure Vulnerability
10. SoftiaCom WMailserver Remote Denial Of Service Vulnerability
11. Microsoft Windows Color Management Module ICC Profile Buffer Overflow Vulnerability
12. F5 BIG-IP Unspecified SSL Authentication Bypass Vulnerability
13. Microsoft Word Malformed Document Font Processing Buffer Overflow Vulnerability
14. Microsoft ASP.NET RPC/Encoded Remote Denial Of Service Vulnerability
15. SGI ArrayD ARShell Remote Privilege Escalation Vulnerability
16. Squito Gallery Photolist.INC.PHP File Include Vulnerability
17. Dragonfly Commerce Multiple SQL Injection Vulnerabilities
18. Check Point SecuRemote NG Local Information Disclosure Vulnerability
19. PHPsFTPd Inc.Login.PHP Privilege Escalation Vulnerability
20. DVBBS ShowErr.ASP Cross-Site Scripting Vulnerability
21. Moodle Unspecified Security Vulnerability
22. Microsoft Outlook Express Multiple Vulnerabilities
23. ASPNuke Comment_Post.ASP Cross-Site Scripting Vulnerability
24. XPVM Insecure Temporary File Creation Vulnerability
25. iPhotoAlbum Multiple File Include Vulnerabilities
26. Nokia Affix BTFTP Client Filename Remote Buffer Overflow Vulnerability
27. Nokia Affix BTSRV/BTOBEX Remote Command Execution Vulnerability
28. Linux-HA Heartbeat Insecure Temporary File Creation Vulnerability
29. SMS Insecure Temporary File Creation Vulnerability
30. ELMO Insecure Temporary File Creation Vulnerability
31. MIT Kerberos 5 Key Distribution Center Remote Single Byte Heap Overflow Vulnerability
32. Yawp Conf_Path Remote File Include Vulnerability
33. Oracle July Security Update Multiple Vulnerabilities
34. MIT Kerberos 5 KRB5_Recvauth Remote Pre-Authentication Double-Free Vulnerability
35. MIT Kerberos 5 Key Distribution Center Remote Denial of Service Vulnerability
36. Apple Mac OSX Unspecified TCP/IP Remote Denial Of Service Vulnerability
37. Mozilla Suite, Firefox And Thunderbird Multiple Vulnerabilities
38. MailEnable IMAP SELECT Request Buffer Overflow Vulnerability
39. Emilda Management.PHP Input Validation Vulnerability
40. WPS Wps_shop.CGI Remote Command Execution Vulnerability
41. Cisco ONS 15216 OADM Management Plane Telnet Service Remote Denial Of Service Vulnerability
42. Cisco Security Agent Crafted IP Packet Denial Of Service Vulnerability
43. Clearswift MIMEsweeper For Web ActiveX Bypass Vulnerability
44. ESi WebEOC Multiple Input Validation Privilege Escalation and Denial of Service Vulnerabilities
45. Cisco CallManager RISDC Remote Denial Of Service Vulnerability
46. Cisco CallManager CTI Manager Remote Denial Of Service Vulnerability
47. Cisco CallManager CCM.EXE Remote Denial Of Service Vulnerability
48. Cisco CallManager Multiple Failed Logins Remote Denial Of Service Vulnerability
49. SquirrelMail Variable Handling Vulnerability
50. Cisco CallManager AUPair Service Remote Heap Buffer Overflow Vulnerability
51. PHPCounter EpochPrefix Cross Site Scripting Vulnerabillity
52. NetPanzer Remote Denial of Service Vulnerability
53. Hosting Controller Multiple SQL Injection Vulnerabilities
54. Microsoft Windows Kernel Unspecified Remote Desktop Protocol Denial Of Service Vulnerability
55. Microsoft Windows Network Connections Manager Library Local Denial of Service Vulnerability
56. Class-1 Forum Users.PHP Cross Site Scripting Vulnerabilities
57. BitDefender Antivirus & Antispam for Linux and FreeBSD Mail Servers Scan Evasion Vulnerability
58. DG Remote Control Server Remote Denial of Service Vulnerability
59. Laffer IM.PHP File Include Vulnerability
60. Easy Software Products CUPS Access Control List Bypass Vulnerability
61. Simple Message Board Forum.CFM Cross-Site Scripting Vulnerability
62. Simple Message Board User.CFM Cross-Site Scripting Vulnerability
63. Simple Message Board Thread.CFM Cross-Site Scripting Vulnerability
64. Simple Message Board Search.CFM Cross-Site Scripting Vulnerability
65. Sophos Anti-Virus BZip2 Archive Handling Remote Denial Of Service Vulnerability
66. Macromedia JRun Unauthorized Session Access Vulnerability
67. Oracle HTTP Server Unspecified Malformed Request Denial Of Service Vulnerability
68. Oracle HTTP Server MOD_OSSO Partner Application Cookie Expiration Weakness
69. Nullsoft Winamp Malformed ID3v2 Tag Buffer Overflow Vulnerability
70. Oracle HTTP Server MOD_ORADAV ORAALTPASSWORD Obfuscation Weakness
71. Clever Copy Calendar.PHP Cross-Site Scripting Vulnerability
72. Oracle Webcache SSL Encryption Downgrade Weakness
73. MooseGallery Display.PHP File Include Vulnerability
74. Oracle9i 9.0.1.5 FIPS Single Sign-On Server Unspecified Cross-Site Scripting Vulnerability
75. Microsoft Internet Explorer JPEG Image Rendering Unspecified Buffer Overflow Vulnerability
76. Hosting Controller Multiple Remote Vulnerabilities
77. Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost Denial Of Service Vulnerability
78. Microsoft Internet Explorer JPEG Image Rendering Memory Consumption Denial Of Service Vulnerability
79. Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial Of Service Vulnerability
80. Sybase EAServer Remote Buffer Overflow Vulnerability
81. Microsoft MSN Messenger / Internet Explorer Image ICC Profile Processing Vulnerability
III. SECURITYFOCUS NEWS
1. Report: Squatters a major problem for credit-report site
2. Desktop port proliferation a security risk?
3. Microsoft to reward informants after Sasser conviction
4. Flawed USC admissions site allowed access to applicant data
5. Dell rejects spyware charge
6. Phlooding attack could leave enterprises high and dry
7. British government lost 150 PCs this year
8. Sophos glitch leaves PCs hanging

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
----------------------------------

II.BUGTRAQ SUMMARY
------------------
1. ID Team ID Board SQL.CLS.PHP SQL Injection Vulnerability
BugTraq ID: 14204
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-10
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14204
$BMWLs(B:
ID Board $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLd(B
$BBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?(B
$B%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

ID Board 1.1.3 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#(B
$B$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

2. Linux Kernel IA32 ExecVE Local Buffer Overflow Vulnerability
BugTraq ID: 14205
$B%j%b!<%H$+$i$N:F8=@-(B:$B$J$7(B
$B8xI=F|(B: 2005-07-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14205
$BMWLs(B:
Linux Kernel $B$K$O!"%m!<%+%k$+$i$N967b$K$h$j%P%C%U%!%*!<%P!<%U%m!<$,H/@8(B
$B$9$k2DG=@-$,$"$j$^$9!#$3$NLdBj$O!"(Bia32 $B%(%_%e%l!<%7%g%s$N%7%9%F%`%3!<%k(B
$B$K$*$1$k6%9g>uBV$KM3Mh$7$^$9!#$3$N$?$a!"%a%b%j$N%3%T!<A`:n$K$h$j3d$jE
v$F(B
$B:Q$_$N%a%b%j%P%C%U%!$G%*!<%P!<%U%m!<$,0z$-5/$3$5$l$^$9!#(B

$B%P%C%U%!%5%$%:$r<hF@$9$k$?$a$K4X?t8F$S=P$7$r(B 2 $B2s<B9T$9$k4V$K!"967b<T$,(B
$B%a%b%j$NFbMF$r2~$6$s$9$k5!2q$,B8:_$7$^$9!#$3$N6%9g>uBV$K$h$j!"%m!<%+%
k$N(B
$B967b<T$O=EMW$J%+!<%M%k%a%b%j$r>e=q$-$7!"%+!<%M%k%l%Y%k$G%^%7%s%3!<%I$
r<B(B
$B9T$7$?$j8"8B$r>:3J$5$;$?$j$9$k$3$H$,5v$5$l$F$7$^$$$^$9!#(B

$BJ#?t%W%m%;%C%5$N%3%s%T%e!<%?>e$G$O!"967b<T$O%a%b%j$NFbMF$rD>@\2~$6$s$
7!"(B
$B$3$N6%9g>uBV$rMxMQ$G$-$^$9!#C10l%W%m%;%C%5$N%3%s%T%e!<%?>e$G$O!"967b<
T$O(B
$B%V%m%C%-%s%04X?t8F$S=P$7$r;HMQ$7$F6%9g>uBV$rMxMQ$G$-$^$9!#(B

2.4.32-pre1 $B$h$jA0$N(B Linux 2.4$B!"$*$h$S(B 2.6.7 $B$h$jA0$N(B Linux 2.6 $B$K$*$$$F!"(B
$B$3$NLdBj$N1F6A$r<u$1$^$9!#(B

$B$3$NLdBj$N1F6A$r<u$1$k$N$O!"(Bia64 $B%O!<%I%&%'%"%W%i%C%H%U%)!<%`!"$^$?$O(B
ia32 $B$N%(%_%e%l!<%7%g%s$,2DG=$J(B amd64 $B%O!<%I%&%'%"%W%i%C%H%U%)!<%`>e$G<B(B
$B9T$9$k%3%s%T%e!<%?$N$_$G$9!#(B

3. DHCPCD Remote Denial of Service Vulnerability
BugTraq ID: 14206
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14206
$BMWLs(B:
dhcpcd $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$j$^(B
$B$9!#(B

$B$3$NLdBj$O!"0U?^E*$K:n@.$5$l$?%G!<%?$,=hM}$5$l!"%a%b%j$N%"%/%;%90cH?$
,0z(B
$B$-5/$3$5$l$k$3$H$K$h$jH/@8$7$^$9!#(B

dhcpcd 1.3.22pl4 $B$K$*$$$F!"LdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#A0(B
$B$N%P!<%8%g%s$bLdBj$N1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

4. Web Wiz Forums Information Disclosure Vulnerability
BugTraq ID: 14207
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14207
$BMWLs(B:
Web Wiz Forums $B$O!">pJsO31L$NLdBj$N1F6A$r<u$1$^$9!#$3$NLdBj$O!"%a%C%;!<(B
$B%8$N7oL>$,I=<($5$l$kA0$K%f!<%6$N>ZL@=q$NBEEv@-3NG'$,E,@Z$K<B9T$5$l$J$
$$3(B
$B$H$KM3Mh$7$^$9!#967b<T$O!"1#$7%U%)!<%i%`$N%a%C%;!<%8$N7oL>$r<hF@$G$-$
^$9!#(B

Web Wiz Forums 8.0alpha $B$*$h$S(B 7.9 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H(B
$B$,Js9p$5$l$F$$$^$9!#$3$l$h$jA0$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$
^$9!#(B

5. Spid lang_path File Include Vulnerability
BugTraq ID: 14208
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14208
$BMWLs(B:
SPiD $B$O!"(BPHP $B$G5-=R$5$l$?%.%c%i%j!<4IM}%"%W%j%1!<%7%g%s$G$9!#(B

SPiD $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,$"$j$^$9!#$3$N(B

$BLdBj$O!"%f!<%6$K$h$kF~NOCM$NBEEv@-3NG'$KITHw$,$"$k$3$H$KM3Mh$7$^$9!#
(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N%5!<%P%5%$%I%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$
,$"(B
$B$j$^$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

6. PPA ppa_root_path File Include Vulnerability
BugTraq ID: 14209
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-10
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14209
$BMWLs(B:
PPA $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I$5$l$k2DG=@-$,$"$j$^$9!#$3$N
(B
$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$
H$K(B
$BM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N%5!<%P%5%$%I%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$
,$"(B
$B$j$^$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

7. Backup Manager Insecure Temporary File Creation Vulnerability
BugTraq ID: 14210
$B%j%b!<%H$+$i$N:F8=@-(B:$B$J$7(B
$B8xI=F|(B: 2005-07-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14210
$BMWLs(B:
Backup Manager $B$O!"%;%-%e%j%F%#>eITE,@Z$K0l;~%U%!%$%k$,:n@.$5$l$kLdBj$N(B
$B1F6A$r<u$1$^$9!#(B

$B$3$NLdBj$O!"%f!<%6$,(B CD-R $B$r>F$/$H$-$K5/$3$j$^$9!#$3$NLdBj$O!"967b<T$,0-(B
$B0U$"$k%7%s%\%j%C%/%j%s%/$r:n@.$9$k$3$H$r5v$7$F$7$^$$$^$9!#$3$N%7%s%\%
j%C(B
$B%/%j%s%/$O!"5?$$$r;}$?$J$$%f!<%6$,(B Backup Manager $B$r<B9T$9$k$H!"$3$N%f!<(B
$B%F%#%j%F%#$K$h$C$F=q$-9~$^$l$^$9!#(B

Backup Manager 0.5.8b $B$h$jA0$N%P!<%8%g%s$K$*$$$F!"LdBj$N1F6A$r<u$1$^$9(B

8. DownloadProtect Download.PHP Directory Traversal Vulnerability
BugTraq ID: 14211
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14211
$BMWLs(B:
DownloadProtect $B$O!"%G%#%l%/%H%j%H%i%P!<%5%k$NLdBj$N1F6A$r<u$1$^$9!#$3$N(B
$BLdBj$O!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#$
3$N(B
$BLdBj$O!"(B'file' $B%Q%i%a!<%?$r2p$7$F(B 'download.php' $B%9%/%j%W%H$G0z$-5/$3$5(B
$B$l$^$9!#(B

DownloadProtect 1.0.2b $B0JA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k(B
$B$3$H$,Js9p$5$l$F$$$^$9!#(B

9. SoftiaCom WMailserver Local Information Disclosure Vulnerability
BugTraq ID: 14212
$B%j%b!<%H$+$i$N:F8=@-(B:$B$J$7(B
$B8xI=F|(B: 2005-07-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14212
$BMWLs(B:
SoftiaCom WMailserver $B$K$O!"%m!<%+%k$G%U%!%$%k$,3+<($5$l$k5?$$$,$"$j$^$9!#(B
$B$3$N%"%W%j%1!<%7%g%s$G$O!"(BWindows $B%l%8%9%H%j$K%Q%9%o!<%I$,J]B8$5$l$^$9!#(B

$B%m!<%+%k$N967b<T$O$3$NLdBj$rMxMQ$7$F!"@x:_E*$K=EMW$J>pJs$r3+<($9$k2DG
=@-(B
$B$,$"$j$^$9!#(B

10. SoftiaCom WMailserver Remote Denial Of Service Vulnerability
BugTraq ID: 14213
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14213
$BMWLs(B:
SoftiaCom WMailserver $B$N@\B3=hM}%3!<%I$K$O!"%5!<%S%9ITG=>uBV$K4Y$kLdBj$,(B
$BB8:_$7$^$9!#(B

$B967b<T$,(B SMTP $B%5!<%S%9$K@\B3$7$FBgNL$N%G!<%?$rAw?.$G$-$k>l9g$K!"$3$N%"%W(B
$B%j%1!<%7%g%s$,M=4|$;$:=*N;$7$F$7$^$&$3$H$,Js9p$5$l$F$$$^$9!#(B

$B%j%b!<%H$N967b<T$O%"%W%j%1!<%7%g%s$r=*N;$5$;!"@55,%f!<%6$X$N%5!<%S%95
qH](B
$B$r>7$/$3$H$,$G$-$^$9!#(B

11. Microsoft Windows Color Management Module ICC Profile Buffer Overflow Vulnerability
BugTraq ID: 14214
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14214
$BMWLs(B:
Microsoft Windows $B$N%+%i!<%^%M%8%a%s%H%b%8%e!<%k(B (CMM) $B$K$O!"%P%C%U%!%*!<(B
$B%P!<%U%m!<$,H/@8$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%5%]!<%H$5$l$k$5$^$6$
^$J(B
$B2hA|7A<0$d%I%-%e%a%s%H7A<0$N(B ICC (International Color Consortium) $B%W%m%U%!(B
$B%$%k$N%?%02r@O$K4XO"$9$k6-3&%A%'%C%/(B $B$NITHw$KM3Mh$7$^$9!#(B

ICC $B%W%m%U%!%$%k$N%G!<%?$O!"(BJPEG$B!"(BGIF$B!"(BEXIF$B!"(BTIFF$B
!"(BPNG$B!"(BPICT$B!"(BPDF$B!"(B
PostScript$B!"(BSVG$B!"(BJDF$B!"(BCSS3 $B$J$I$N$5$^$6$^$J%U%!%$%k7A<0$KKd$a9~$^$l$F$$(B
$B$k2DG=@-$,$"$j$^$9!#$3$l$i$N7A<0$N0lIt$O!"967b7PO)$K$J$i$J$$2DG=@-$,$
"$j(B
$B$^$9!#FC$K!"(BMicrosoft $B$,%M%$%F%#%V$G%5%]!<%H$7$F$$$J$$7A<0$d!"=hM};~$KLd(B
$BBj$N5!G=$r8F$S=P$5$J$$FCDj$N7A<0$K$D$$$F$O!"967b7PO)$K$J$i$J$$2DG=@-$
,$"(B
$B$j$^$9!#(B

$B$3$NLdBj$NMxMQ$,@.8y$9$k$H!"%m%0%$%sCf$N%f!<%6$N%;%-%e%j%F%#%3%s%F%-%
9%H(B
$BFb$GG$0U$N%3!<%I$,<B9T$5$l$k2DG=@-$,$"$j$^$9!#$3$NLdBj$O!"0-0U$"$k%I%
-%e(B
$B%a%s%H$r%[%9%H$9$k(B Web $B%5%$%H$r2p$7$F!"EE;R%a!<%k$G0-0U$"$kFbMF$r%W%l%S%e!<(B
$B$7$?$j3+$$$?$j$9$k$J$I$N<jCJ$K$h$jMxMQ$5$l!"967b<T$,I8E*$K0-0U$"$k%I%
-%e(B
$B%a%s%H$rAw?.$9$k$3$H$r5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B$^$?!"$3$N5!G=$rMxMQ$9$k$=$NB>$N(B Microsoft $B@=$^$?$O%5!<%I%Q!<%F%#@=%"%W(B
$B%j%1!<%7%g%s$,LdBj$N1F6A$r<u$1$k2DG=@-$b$"$j$^$9!#LdBj$N$"$k%i%$%V%i%
j$O!"(B
$BB?$/$N%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$KF1:-$5$l$F$$$k2DG=@-$,$"$k$N$
G!"(B
Microsoft $B$N%Q%C%A$rE,MQ$7$F$b0MA3$H$7$FLdBj$N1F6A$r<u$1$k2DG=@-$,$"$j$^(B
$B$9!#8=;~E@$G$O!"$3$N$h$&$J1F6A$r5Z$\$9%Y%s%@$K$D$$$F!"(BSymantec $B$G$OG'<1(B
$B$7$F$$$^$;$s!#(B

12. F5 BIG-IP Unspecified SSL Authentication Bypass Vulnerability
BugTraq ID: 14215
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14215
$BMWLs(B:
F5 BIG-IP $B$K$O!"(BSSL $BG'>Z$,2sHr$5$l$kL$FCDj$NLdBj$,B8:_$9$k2DG=@-$,$"$j$^(B
$B$9!#(B

$B>ZL@=q%Y!<%9$NG'>Z$rMxMQ$7$FG'>Z=hM}$r9T$&$?$a$K(B BIG-IP $B$,@_Dj$5$l$F$$$k(B
$B>l9g$K!"967b<T$OI,MW$H$5$l$kG'>Z%A%'%C%/$r2sHr$G$-$k2DG=@-$,$"$k$H?d;
!$5(B
$B$l$^$9!#$3$l$K$h$j!"%j%b!<%H$N967b<T$,J]8n$5$l$F$$$k(B Web $B%5%$%H$K%"%/%;(B
$B%9$9$k$3$H$,5v$5$l$F$7$^$$$^$9!#J]8n$5$l$F$$$k(B Web $B%5%$%H$NFC@-$K$h$C$F(B
$B$O!"$5$^$6$^$J967b$,$5$i$K2C$($i$l$k2DG=@-$b$"$j$^$9!#(B

$B99$J$k>\:Y$O!"8=;~E@$G$O8xI=$5$l$F$$$^$;$s!#>\:Y$,8x3+$5$l<!Bh!"$3$N
(B BID
$B$O99?7$5$l$kM=Dj$G$9!#(B

BIP-IP 9.0.2 $B$+$i(B 9.1 $B$^$G$N%P!<%8%g%s$K$*$$$F!"LdBj$N1F6A$r<u$1$^$9!#(B

13. Microsoft Word Malformed Document Font Processing Buffer Overflow Vulnerability
BugTraq ID: 14216
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14216
$BMWLs(B:
Microsoft Word $B$O!"%j%b!<%H$+$i$N967b$K$h$k%P%C%U%!%*!<%P!<%U%m!<$NLdBj(B
$B$N1F6A$r<u$1$^$9!#(B

$B$3$NLdBj$O!"0U?^E*$K:n@.$5$l$?FCDj$NF~NOCM$,(B .doc $B%U%!%$%k$K4^$^$l$F$$$k(B
$B$H$-$K0z$-5/$3$5$l$^$9!#0U?^E*$K:n@.$5$l$?(B .doc $B%U%!%$%k$NFI$_<h$,9T$o$l(B
$B$k$H$-$K!"%U%!%$%kFb$N%G!<%?$NBEEv@-3NG'$,E,@Z$K<B9T$5$l$^$;$s!#$3$N$
?$a!"(B
$B967b<T$,%W%m%0%i%`$N=hM}$NN.$l$r@)8f$G$-$k$h$&$K$J$k2DG=@-$,$"$j$^$9!
#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"0U?^E*$K:n@.$5$l$?(B Word $B%U%!%$%k$K%"%/%;%9$r(B
$B;n$_$kI8E*%f!<%6$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#(B

14. Microsoft ASP.NET RPC/Encoded Remote Denial Of Service Vulnerability
BugTraq ID: 14217
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14217
$BMWLs(B:
ASP.NET $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$k2DG=@-$,$"$j(B
$B$^$9!#$3$NLdBj$O!"(BRPC/$B%(%s%3!<%I7A<0$N%j%/%(%9%H$N=hM};~$K%5!<%
P$GL58B%k!<(B
$B%W$,0z$-5/$3$5$l$k2DG=@-$,$"$k$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$O!"(BRPC/$B%(%s%3!<%I7A<0$N(B Web $B%a%=%C%I$,(B 'IList' $B$+$iGI@8$9$kG[Ns(B
$B$d%*%V%8%'%/%H$r<u$1<h$k$H$-$K0z$-5/$3$5$l$^$9!#0U?^E*$K:n@.$5$l$?(B
XML
$B%j%/%(%9%H$,Aw?.$5$l$k$H!"(B'aspnet_wp.exe' $B<B9T2DG=%U%!%$%k$,L58B%k!<%W$K(B
$B4Y$j$^$9!#(B

$B%j%b!<%H$N967b<T$O!"$3$NLdBj$rMxMQ$7$FBgNL$N(B CPU $B%j%=!<%9$r>CHq$7!"@55,(B
$B%f!<%6$X$N%5!<%S%95qH]$r>7$/2DG=@-$,$"$j$^$9!#(B

15. SGI ArrayD ARShell Remote Privilege Escalation Vulnerability
BugTraq ID: 14218
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14218
$BMWLs(B:
SGI $B$N(B arshell $B$K$O!"%j%b!<%H$+$i8"8B>:3J$,0z$-5/$3$5$l$kL$FCDj$NLdBj$,(B
$BB8:_$9$k2DG=@-$,$"$j$^$9!#(B

arshell $B$r<B9T$9$k%f!<%6$O!"$"$kL$FCDj$N>u67$K$*$$$F!"%j%b!<%H$N%"%l%$%3(B
$B%s%T%e!<%?>e$G4IM}<T8"8B$G%3%^%s%I$r<B9T$G$-$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"967b<T$,%"%l%$$d%/%i%9%?Fb$NG$0U$N%3%s%T%e!<%?>e$G4IM}<T8
"8B(B
$B$r<hF@$9$k$3$H$r5v$7$F$7$^$$$^$9!#(B

$B99$J$k>\:Y$O!"8=;~E@$G$O8xI=$5$l$F$$$^$;$s!#>\:Y$,8x3+$5$l<!Bh!"$3$N
(B BID
$B$O99?7$5$l$kM=Dj$G$9!#(B

16. Squito Gallery Photolist.INC.PHP File Include Vulnerability
BugTraq ID: 14219
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14219
$BMWLs(B:
Squito Gallery $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I$5$l$k2DG=@-$,$"(B
$B$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9
T$5(B
$B$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N%5!<%P%5%$%I%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$
,$"(B
$B$j$^$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

17. Dragonfly Commerce Multiple SQL Injection Vulnerabilities
BugTraq ID: 14220
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14220
$BMWLs(B:
Dragonfly Commerce $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,(B
$B$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$k(B
$BA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

18. Check Point SecuRemote NG Local Information Disclosure Vulnerability
BugTraq ID: 14221
$B%j%b!<%H$+$i$N:F8=@-(B:$B$J$7(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14221
$BMWLs(B:
Check Point SecuRemote NG $B$O!"%m!<%+%k$G>pJs$,O31L$9$kLdBj$N1F6A$r<u$1$^(B
$B$9!#$3$NLdBj$K$h$j!"967b<T$,(B VPN $B%"%W%j%1!<%7%g%s$X$N%"%/%;%9$K;HMQ$5$l(B
$B$kG'>ZMQ>pJs$r3+<($9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B967b<T$O!"$3$NLdBj$rMxMQ$7$F<}=8$7$?>pJs$r;HMQ$7!"LdBj$N$"$k%3%s%T%e!
<%?(B
$B$d(B VPN $B$GJ]8n$5$l$F$$$k%M%C%H%o!<%/$K%"%/%;%9$7$?$j!"99$J$k967b$r2C$($?(B
$B$j$9$k2DG=@-$,$"$j$^$9!#(B

19. PHPsFTPd Inc.Login.PHP Privilege Escalation Vulnerability
BugTraq ID: 14222
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14222
$BMWLs(B:
PHPsFTPd $B$O!"8"8B>:3J$NLdBj$N1F6A$r<u$1$^$9!#(BPHPsFTPd $B$O!"8"8B>:3J$NLdBj(B
$B$N1F6A$r<u$1$^$9!#$3$NLdBj$O!"%m%0%$%s$N>ZL@=q$,=hM}$5$l$k$H$-$K(B
'inc.login.php' $B$G<:GT$,5/$3$k$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"4IM}<T$N%f!<%6L>$H%Q%9%o!<%I$r<hF@$G$-$^$
9!#(B
$B$3$l$K$h$j!"%P%C%/%(%s%I%7%9%F%`$KBP$7$F99$J$k967b$,2C$($i$l$k2DG=@-$
,$"(B
$B$j$^$9!#B>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

20. DVBBS ShowErr.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 14223
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14223
$BMWLs(B:
Dvbbs $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^$9!#$3$N(B

$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$
H$K(B
$BM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%
HFb(B
$B$G!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$GG$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$k2
DG=(B
$B@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b$,(B
$B0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

21. Moodle Unspecified Security Vulnerability
BugTraq ID: 14224
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14224
$BMWLs(B:
Moodle $B$K$O!"L$FCDj$N%;%-%e%j%F%#>e$NLdBj$,B8:_$7$^$9!#$3$NLdBj$O!"0-0U(B
$B$"$k%f!<%6$,%"%W%j%1!<%7%g%s$KBP$9$k6<0R$r>7$/$3$H$r5v$7$F$7$^$&2DG=@
-$,(B
$B$"$j$^$9!#(B

$B>\:Y$,ITL@$J$?$a!"99$J$k>pJs$O8=;~E@$G$ODs6!$5$l$F$$$^$;$s!#(B

$B>\:Y$,8x3+$5$l<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

22. Microsoft Outlook Express Multiple Vulnerabilities
BugTraq ID: 14225
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14225
$BMWLs(B:
Microsoft $B$O!"(BWindows XP $B$G<B9T$9$k(B Outlook Express 6.0 $B$K1F6A$r5Z$\$9$5(B
$B$^$6$^$JLdBj$r2r7h$9$k$?$a$N99?7$r%j%j!<%9$7$^$7$?!#$3$l$i$NLdBj$O!"%
j%b!<(B
$B%H$N967b<T$,%/%i%$%"%s%H$r%/%i%C%7%e$5$;$?$j=EMW$J>pJs$r3+<($7$?$j$9$
k$3(B
$B$H$r5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B%j%b!<%H$N967b<T$O!"0U?^E*$K:n@.$7$?EE;R%a!<%k%a%C%;!<%8$rAw?.$9$k$3$
H$K(B
$B$h$j!"%/%i%$%"%s%H$r%/%i%C%7%e$5$;$k2DG=@-$,$"$k$3$H$,Js9p$5$l$F$$$^$
9!#(B

$B$^$?!"%f!<%6$,J#?t$N%3%s%T%e!<%?$+$i$N(B 'watched' $B$H$$$&2qOC%9%l%C%I$K1~(B
$BEz$9$k$H!"%G%U%)%k%H$N%K%e!<%9%5!<%P%"%+%&%s%H$,3+<($5$l$k$3$H$,5v$5$
l$F(B
$B$7$^$&LdBj$bB8:_$7$^$9!#(B

$B>\:Y$,8x3+$5$l<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

23. ASPNuke Comment_Post.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 14226
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14226
$BMWLs(B:
ASPNuke $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^$9!#$3(B
$B$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$
3$H(B
$B$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%
HFb(B
$B$G!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$GG$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$k2
DG=(B
$B@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b$,(B
$B0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

24. XPVM Insecure Temporary File Creation Vulnerability
BugTraq ID: 14228
$B%j%b!<%H$+$i$N:F8=@-(B:$B$J$7(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14228
$BMWLs(B:
XPVM $B$G$O!"0l;~%U%!%$%k$N:n@.$,%;%-%e%j%F%#>eE,@Z$K9T$o$l$^$;$s!#(B

$B%m!<%+%k$N967b<T$O!"0l;~%U%!%$%k$,:n@.$5$l$k%G%#%l%/%H%j$K0-0U$"$k%7%
s%\(B
$B%j%C%/%j%s%/$r:n@.$9$k$3$H$K$h$C$F!"$3$NLdBj$rMxMQ$9$k2DG=@-$,9b$$$H9
M$((B
$B$i$l$^$9!#$3$N%W%m%0%i%`$,0l;~%U%!%$%k$r=hM}$7$h$&$H;n$_$k$H!"Be$o$j$
K0-(B
$B0U$"$k%7%s%\%j%C%/%j%s%/$K$h$j;XDj$5$l$?%U%!%$%k$,=hM}$5$l$F$7$^$$$^$
9!#(B

$BLdBj$rMxMQ$7$?967b$K$h$j=EMW$J%U%!%$%k$,>e=q$-$5$l$F$7$^$&$H!"%G!<%?$
,<:(B
$B$o$l$?$j%5!<%S%9ITG=>uBV$K4Y$C$?$j$9$k2DG=@-$,9b$$$H9M$($i$l$^$9!#$=$
NB>(B
$B$N967b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

25. iPhotoAlbum Multiple File Include Vulnerabilities
BugTraq ID: 14229
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14229
$BMWLs(B:
iPhotoAlbum $B$K$O!"%m!<%+%k$*$h$S%j%b!<%H$+$i%U%!%$%k$r%$%s%/%k!<%I2DG=$J(B
$BJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W(B
$B%m%;%9$N8"8B$GG$0U$N%5!<%P%5%$%I%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$
j$^(B
$B$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

26. Nokia Affix BTFTP Client Filename Remote Buffer Overflow Vulnerability
BugTraq ID: 14230
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14230
$BMWLs(B:
Nokia Affix $B$N(B btftp $B%/%i%$%"%s%H%=%U%H%&%'%"$K$O!"%j%b!<%H$+$i$N967b$K(B
$B$h$j%/%i%$%"%s%H%5%$%I$G%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k5?$$$,$"$j$^$
9!#(B
$B$3$NLdBj$O!"%U%!%$%kL>$N%G!<%?$r8GDjD9$N%a%b%j%P%C%U%!$K%3%T!<$9$kA0$
K!"(B
$B6-3&%A%'%C%/$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

OBEX File Transfer $B%5!<%P$r@)8f$G$-$k967b<T$O$3$NLdBj$rMxMQ$7$F!"0-0U$"(B
$B$k%5!<%P$K@\B3$9$k1F6A$r<u$1$k%/%i%$%"%s%H$N%;%-%e%j%F%#%3%s%F%-%9%HF
b$G(B
$BG$0U$N%3!<%I$r<B9T$7!"%G%#%l%/%H%j$N0lMw$r%j%/%(%9%H$9$k2DG=@-$,$"$j$
^$9!#(B

27. Nokia Affix BTSRV/BTOBEX Remote Command Execution Vulnerability
BugTraq ID: 14232
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14232
$BMWLs(B:
Nokia Affix $B$N(B btsrv/btobex $B$K$O!"%j%b!<%H$+$i%3%^%s%I$r<B9T$5$l$k5?$$$,(B
$B$"$k$HJs9p$5$l$F$$$^$9!#$3$NLdBj$O!"967b<T$,@)8f$9$k%G!<%?$r(B 'system()'
$B$N8F$S=P$7$G;HMQ$9$kA0$NF~NOCM$N%5%K%?%$%:=hM}$KITHw$,$"$k$3$H$KM3Mh$
7$^(B
$B$9!#(B

$BLdBj$N$"$k%5!<%S%9$O4IM}<T8"8B$G<B9T$5$l$k$?$a!"$3$NLdBj$NMxMQ$K$h$j!
"Ld(B
$BBj$N$"$k%=%U%H%&%'%"$r<B9T$9$kI8E*%3%s%T%e!<%?$N5!G=$,40A4$KB;$J$o$l$
k2D(B
$BG=@-$,$"$j$^$9!#(B

28. Linux-HA Heartbeat Insecure Temporary File Creation Vulnerability
BugTraq ID: 14233
$B%j%b!<%H$+$i$N:F8=@-(B:$B$J$7(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14233
$BMWLs(B:
heartbeat $B$G$O!"0l;~%U%!%$%k$N:n@.$,%;%-%e%j%F%#>eE,@Z$K9T$o$l$^$;$s!#(B

$B%m!<%+%k$N967b<T$O!"0l;~%U%!%$%k$,:n@.$5$l$k%G%#%l%/%H%j$K0-0U$"$k%7%
s%\(B
$B%j%C%/%j%s%/$r:n@.$9$k$3$H$K$h$C$F!"$3$NLdBj$rMxMQ$9$k2DG=@-$,9b$$$H9
M$((B
$B$i$l$^$9!#$3$N%W%m%0%i%`$,0l;~%U%!%$%k$r=hM}$7$h$&$H;n$_$k$H!"Be$o$j$
K0-(B
$B0U$"$k%7%s%\%j%C%/%j%s%/$K$h$j;XDj$5$l$?%U%!%$%k$,=hM}$5$l$F$7$^$$$^$
9!#(B

$BLdBj$rMxMQ$7$?967b$K$h$j=EMW$J%U%!%$%k$,>e=q$-$5$l$F$7$^$&$H!"%G!<%?$
,<:(B
$B$o$l$?$j%5!<%S%9ITG=>uBV$K4Y$C$?$j$9$k2DG=@-$,9b$$$H9M$($i$l$^$9!#$=$
NB>(B
$B$N967b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

29. SMS Insecure Temporary File Creation Vulnerability
BugTraq ID: 14234
$B%j%b!<%H$+$i$N:F8=@-(B:$B$J$7(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14234
$BMWLs(B:
SMS $B$G$O!"0l;~%U%!%$%k$N:n@.$,%;%-%e%j%F%#>eE,@Z$K9T$o$l$^$;$s!#(B

$B%m!<%+%k$N967b<T$O!"0l;~%U%!%$%k$,:n@.$5$l$k%G%#%l%/%H%j$K0-0U$"$k%7%
s%\(B
$B%j%C%/%j%s%/$r:n@.$9$k$3$H$K$h$C$F!"$3$NLdBj$rMxMQ$9$k2DG=@-$,9b$$$H9
M$((B
$B$i$l$^$9!#$3$N%W%m%0%i%`$,0l;~%U%!%$%k$r=hM}$7$h$&$H;n$_$k$H!"Be$o$j$
K0-(B
$B0U$"$k%7%s%\%j%C%/%j%s%/$K$h$j;XDj$5$l$?%U%!%$%k$,=hM}$5$l$F$7$^$$$^$
9!#(B

$BLdBj$rMxMQ$7$?967b$K$h$j=EMW$J%U%!%$%k$,>e=q$-$5$l$F$7$^$&$H!"%G!<%?$
,<:(B
$B$o$l$?$j%5!<%S%9ITG=>uBV$K4Y$C$?$j$9$k2DG=@-$,9b$$$H9M$($i$l$^$9!#$=$
NB>(B
$B$N967b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

30. ELMO Insecure Temporary File Creation Vulnerability
BugTraq ID: 14235
$B%j%b!<%H$+$i$N:F8=@-(B:$B$J$7(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14235
$BMWLs(B:
ELMO $B$G$O!"0l;~%U%!%$%k$N:n@.$,%;%-%e%j%F%#>eE,@Z$K9T$o$l$^$;$s!#(B

$B%m!<%+%k$N967b<T$O!"0l;~%U%!%$%k$,:n@.$5$l$k%G%#%l%/%H%j$K0-0U$"$k%7%
s%\(B
$B%j%C%/%j%s%/$r:n@.$9$k$3$H$K$h$C$F!"$3$NLdBj$rMxMQ$9$k2DG=@-$,9b$$$H9
M$((B
$B$i$l$^$9!#$3$N%W%m%0%i%`$,0l;~%U%!%$%k$r=hM}$7$h$&$H;n$_$k$H!"Be$o$j$
K0-(B
$B0U$"$k%7%s%\%j%C%/%j%s%/$K$h$j;XDj$5$l$?%U%!%$%k$,=hM}$5$l$F$7$^$$$^$
9!#(B

$BLdBj$rMxMQ$7$?967b$K$h$j=EMW$J%U%!%$%k$,>e=q$-$5$l$F$7$^$&$H!"%G!<%?$
,<:(B
$B$o$l$?$j%5!<%S%9ITG=>uBV$K4Y$C$?$j$9$k2DG=@-$,9b$$$H9M$($i$l$^$9!#$=$
NB>(B
$B$N967b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

31. MIT Kerberos 5 Key Distribution Center Remote Single Byte Heap Overflow Vulnerability
BugTraq ID: 14236
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14236
$BMWLs(B:
Kerberos 5 $B$N(B Key Distribution Center (KDC) $B$N<BAu$O!"%j%b!<%H$+$i$N967b(B
$B$K$h$j%7%s%0%k%P%$%H$N%R!<%W$G%*!<%P!<%U%m!<$,H/@8$9$kLdBj$N1F6A$r<u$
1$^(B
$B$9!#(B

$B%j%b!<%H$NG'>Z$5$l$F$$$J$$967b<T$O$3$NLdBj$rMxMQ$7$F!"0U?^E*$K:n@.$7$
?%G!<(B
$B%?$r4^$`%j%/%(%9%H$r!"(BTCP $B$d(B UDP $B$r2p$7$FLdBj$N$"$k%3%s%T%e!<%?$KAw?.$G(B
$B$-$^$9!#$3$l$K$h$j!"%a%b%j$,GK2u$5$l$?$j%*!<%P!<%U%m!<$,0z$-5/$3$5$l$
k2D(B
$BG=@-$,$"$j$^$9!#(B

$BG$0U$N%3!<%I$,<B9T$5$l$?>l9g$O!"967b<T$,(B Kerberos $BNN0hA4BN$KBP$7$F40A4$J(B
$B%"%/%;%9$r<B9T$G$-$k$h$&$K$J$k2DG=@-$,$"$j$^$9!#(B

MIT Kerberos 5 krb5-1.4.1 $B0JA0$N$9$Y$F$N%j%j!<%9$K$*$$$F!"LdBj$N1F6A$r<u(B
$B$1$^$9!#(BKerberos 5 $B$r;HMQ$9$k%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$b1F6A$r<u(B
$B$1$k2DG=@-$,$"$j$^$9!#(B

32. Yawp Conf_Path Remote File Include Vulnerability
BugTraq ID: 14237
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14237
$BMWLs(B:
Yawp $B$O!"%j%b!<%H$+$i%U%!%$%k$r%$%s%/%k!<%I2DG=$JLdBj$N1F6A$r<u$1$^$9!#(B

$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$
$$3(B
$B$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N%5!<%P%5%$%I%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$
,$"(B
$B$j$^$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B%m!<%+%k$N(B PHP $B$N@_Dj$G(B 'register_globals' $B$H(B 'allow_url_fopen' $B$,%*%s$K(B
$B$J$C$F$$$k>l9g$G$b!"(BPHP5 $B$r;HMQ$9$k$H$-$K0MA3$H$7$FLdBj$rMxMQ2DG=$G$"$k(B
$BE@$KN10U$9$Y$-$G$9!#(B

33. Oracle July Security Update Multiple Vulnerabilities
BugTraq ID: 14238
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14238
$BMWLs(B:
Oracle Database Server$B!"(BOracle Enterprise Manager$B!"(BOracle Application
Server$B!"(BOracle Collaboration Suite$B!"(BOracle E-Business $B%9%$!<%H$*$h$S$=$N(B
$B%"%W%j%1!<%7%g%s!"(BOracle Workflow$B!"(BOracle Forms and Reports$B!"(BOracle
JInitiator$B!"(BOracle Developer Suite$B!"$*$h$S(B Oracle Express Server $B$O!"J#(B
$B?t$NLdBj$N1F6A$r<u$1$^$9!#(B

$B%Y%s%@$,8!=P$7$?LdBj$O!"(BOracle $B@=IJ$N$9$Y$F$N%;%-%e%j%F%#4XO"%W%m%Q%F%#(B
$B$K1F6A$7!"%m!<%+%k$*$h$S%j%b!<%H$+$iMxMQ2DG=$J6<0R$r>7$-$^$9!#(B

Oracle $B$O$3$l$iLdBj$r2r7h$9$k$?$a!"(BCritical Patch Update $B%"%I%P%$%6%j$r(B
2005 $BG/(B 7 $B7n$K%j%j!<%9$7$F$$$^$9!#$3$N(B Critical Patch Update $B$K$h$j!"%5(B
$B%]!<%H$5$l$k%j%j!<%9$K$D$$$FLdBj$,2r7h$5$l$^$9!#%5%]!<%H$5$l$J$$A0$N%
j%j!<(B
$B%9$b!"$3$NLdBj$N1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

34. MIT Kerberos 5 KRB5_Recvauth Remote Pre-Authentication Double-Free Vulnerability
BugTraq ID: 14239
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14239
$BMWLs(B:
MIT Kerberos 5 $B$K$O!"%j%b!<%H$+$i%a%b%j$,Fs=E$K3+J|$5$l$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"2?$i$+$NG'>Z$,<B9T$5$l$kA0$K%j%b!<%H$N967b<T$K$h$j0z$-5/$
3$5(B
$B$l$k2DG=@-$,$"$j$^$9!#$3$NLdBj$O!"(B'revcauth_common()' $B%X%k%Q4X?t$KB8:_$7(B
$B$^$9!#(B

$B%j%b!<%H$N967b<T$O!"G'>Z$,9T$o$l$kA0$K$3$NLdBj$r0z$-5/$3$92DG=@-$,$"$
j$^(B
$B$9!#LdBj$N$"$k4X?t$G;HMQ$5$l$k%3!<%I%Q%9$N$?$a$K!"LdBj$NMxMQ$,K8$2$i$
l$k(B
$B2DG=@-$,$"$j$^$9!#$7$+$7!"7k2LE*$K$O$3$NLdBj$,MxMQ$5$l!"LdBj$N$"$k%5!
<%S(B
$B%9$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%3!<%I$,<B9T$5$l$k2DG=@-$,$"$k$
H?d(B
$B;!$5$l$^$9!#(B

Kerberos $B$N(B Key Distribution Center (KDC) $B%3%s%T%e!<%?>e$G$3$NLdBj$NMxMQ(B
$B$,@.8y$9$k$H!"(BKerberos $BNN0hA4BN$KBP$9$k6<0R$,>7$+$l$k2DG=@-$,$"$kE@$KN1(B
$B0U$9$Y$-$G$9!#(B

35. MIT Kerberos 5 Key Distribution Center Remote Denial of Service Vulnerability
BugTraq ID: 14240
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14240
$BMWLs(B:
Kerberos 5 $B$N(B Key Distribution Center (KDC) $B$N<BAu$O!"%j%b!<%H$+$i$N967b(B
$B$K$h$j%5!<%S%9ITG=>uBV$K4Y$kLdBj$N1F6A$r<u$1$^$9!#$3$NLdBj$O!"(BTCP $B$r2p$7(B
$B$F%j%b!<%H$+$i$N%j%/%(%9%H$r=hM}$9$k$H$-!"$3$N%"%W%j%1!<%7%g%s$G$O=i4
|2=(B
$B$5$l$F$$$J$$%a%b%j$,%i%s%@%`%"%I%l%9$G2rJ|$5$l$k$h$&$K;n9T$5$l$k$?$a$
K0z(B
$B$-5/$3$5$l$^$9!#(B

$B6qBNE*$K$O!"%<%m$N%3%s%]!<%M%s%H$r4^$`%W%j%s%7%W%kL>$,=hM}$5$l$k$H$-$
K!"(B
$B$3$NLdBj$,0z$-5/$3$5$l$^$9!#(B

MIT Kerberos 5 krb5-1.4.1 $B0JA0$N$9$Y$F$N%j%j!<%9$K$*$$$F!"LdBj$N1F6A$r<u(B
$B$1$^$9!#(BKerberos 5 $B$r;HMQ$9$k%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$b1F6A$r<u(B
$B$1$k2DG=@-$,$"$j$^$9!#(B

36. Apple Mac OSX Unspecified TCP/IP Remote Denial Of Service Vulnerability
BugTraq ID: 14241
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14241
$BMWLs(B:
Apple Mac OS X $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$k5?$$(B
$B$,$"$j$^$9!#$3$NLdBj$O!"(BNULL $B%]%$%s%?$K$h$k;2>HFI$_=P$7$KM3Mh$7!"0U?^E*(B
$B$K:n@.$5$l$?L$FCDj%?%$%W$N(B TCP/IP $B%Q%1%C%H$,=hM}$5$l$k$H$-$K%+!<%M%k$G0z(B
$B$-5/$3$5$l$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"I8E*%3%s%T%e!<%?>e$G%+!<%M%k%Q%
K%C(B
$B%/$r0z$-5/$3$7!";v<B>e@55,%f!<%6$X$N%5!<%S%95qH]$r>7$/2DG=@-$,$"$j$^$
9!#(B

37. Mozilla Suite, Firefox And Thunderbird Multiple Vulnerabilities
BugTraq ID: 14242
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-13
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14242
$BMWLs(B:
Mozilla Foundation $B$O!"(BMozilla Suite$B!"(BFirefox$B!"$*$h$S(B Thunderbird $B$N%;%-%e(B
$B%j%F%#>e$NLdBj$rFCDj$9$k(B 12 $B7o$N%;%-%e%j%F%#%"%I%P%$%6%j$r%j%j!<%9$7$^$7(B
$B$?!#(B

$B$3$l$i$NLdBj$O!"967b<T$,LdBj$N$"$k%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#%3%s%
F%-(B
$B%9%HFb$GG$0U$N%^%7%s%3!<%I$r<B9T$7$?$j!"%;%-%e%j%F%#%A%'%C%/$r2sHr$7$
?$j!"(B
$BI8E*$N(B Web $B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G%9%/%j%W%H%3!<%I$r<B9T$7(B
$B$F5!L)>pJs$r3+<($9$k$3$H$r5v$7$F$7$^$$$^$9!#$^$?!"B>$N967b$r<B9T$9$k2
DG=(B
$B@-$b$"$j$^$9!#(B

$B$3$l$i$NLdBj$O!"(BFirefox 1.0.5 $B$*$h$S(BMozilla Suite 1.7.9 $B$G2r7h$5$l$^$7$?!#(B
Thunderbird $B$O!"8=;~E@$G$O=$@5$5$l$F$$$^$;$s!#(B

$B99$J$kJ,@O$,40N;<!Bh!"$3$N(B BID $B$K<($9LdBj$O8DJL$N(B BID $B$KJ,3d$5$l$kM=Dj$G(B
$B$9!#$=$N8e!"$3$N(B BID $B$OGK4~$5$l$^$9!#(B

$B$5$i$K!"(BNetscape $B$b(B MFSA 2005-47 $B$K<($5$l$F$$$kLdBj$N1F6A$r<u$1$k$HJs9p(B
$B$5$l$F$$$^$9!#(BNetscape $B$O(B Mozilla $B$+$iGI@8$7$F$$$k$3$H$+$i!"(BNetscape $B$O(B
Mozilla Firefox $B$K1F6A$r5Z$\$9BgItJ,$^$?$O$9$Y$F$NLdBj$N1F6A$r<u$1$k2DG=(B
$B@-$,$"$j$^$9!#$3$l$K$D$$$F$O!"8=;~E@$G$O8!>Z$5$l$F$$$^$;$s!#(B

38. MailEnable IMAP SELECT Request Buffer Overflow Vulnerability
BugTraq ID: 14243
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-13
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14243
$BMWLs(B:
MailEnable $B$N(B IMAP $B%5!<%P$K$O!"%j%b!<%H$+$i$N967b$K$h$j%9%?%C%/>e$G%P%C(B
$B%U%!%*!<%P!<%U%m!<$,H/@8$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$
7$?(B
$B%G!<%?$r8GDjD9$N%a%b%j%P%C%U%!$K%3%T!<$9$kA0$K!"6-3&%A%'%C%/$,E,@Z$K<
B9T(B
$B$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%"%W%j%1!<%7%g%s$N%;%
-%e(B
$B%j%F%#%3%s%F%-%9%HFb$GG$0U$N%^%7%s%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$
3$N(B
$BLdBj$O!"967b<T$,(B System $B%l%Y%k$N8"8B$r<hF@$7!"I8E*%3%s%T%e!<%?$N5!G=$r40(B
$BA4$KB;$M$k$3$H$r5v$7$F$7$^$$$^$9!#(B

39. Emilda Management.PHP Input Validation Vulnerability
BugTraq ID: 14244
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-13
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14244
$BMWLs(B:
Emilda $B$O!"F~NOCM$NBEEv@-3NG'$NLdBj$N1F6A$r<u$1$^$9!#(B

$B967b<T$O!"(B'user_id' $B%Q%i%a!<%?$KG$0U$NCM$r;XDj$7$F!"%f!<%6$N>pJs$rA`:n$G(B
$B$-$^$9!#$3$l$K$h$j!"@09g@-$d5!L)@-$,B;$J$o$l$k2DG=@-$,$"$j$^$9!#(B

$B%Y%s%@$O!"(BEmilda 1.2.3 $B$G$3$NLdBj$r2r7h$7$F$$$^$9!#(B

40. WPS Wps_shop.CGI Remote Command Execution Vulnerability
BugTraq ID: 14245
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-13
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14245
$BMWLs(B:
WPS $B$K$O!"%j%b!<%H$+$iG$0U$N%3%^%s%I$,<B9T$5$l$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?CM$,(B 'wps_shop.cgi' $B%9%/%j%W%H$KEO$5$l$k$H$-(B
$B$K0z$-5/$3$5$l$k$3$H$,Js9p$5$l$F$$$^$9!#(B

$B$3$N$?$a!"967b<T$OG$0U$N%3!<%I$r;XDj$7$F%5!<%P$N%;%-%e%j%F%#%3%s%F%-%
9%H(B
$BFb$G<B9T$9$k$3$H$,$G$-$^$9!#(B

$B$3$NLdBj$K$h$j!"LdBj$N$"$k%3%s%T%e!<%?$N(B Web $B%5!<%P$N%;%-%e%j%F%#%3%s%F(B
$B%-%9%HFb$G!"%j%b!<%H$+$i$NIT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$
9!#(B

41. Cisco ONS 15216 OADM Management Plane Telnet Service Remote Denial Of Service Vulnerability
BugTraq ID: 14246
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-13
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14246
$BMWLs(B:
Cisco ONS 15216 OADM $B$K$O!"%G%P%$%94IM}MQ$H%G!<%?Aw?.MQ$K8DJL$N%G!<%?%W(B
$B%l!<%s$,B8:_$7$^$9!#(B

$B0-0U$"$k%G!<%?%9%H%j!<%`$,(B Cisco ONS 15216 OADM Telnet $B%;%C%7%g%s$KAw?.(B
$B$5$l$k$H!"(BCisco ONS 15216 OADM $B4IM}%$%s%?%U%'!<%9$X$N%"%/%;%9$K;HMQ$5$l(B
$B$k(B Telnet $B%5!<%S%9$,<:GT$9$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$,0z$-5/$3$5$l$k$H!"(BTelnet $B%5!<%S%9$O$=$N8e$N@55,$N%j%/%(%9%H$K(B
$B1~Ez$7$J$/$J$j$^$9!#$?$@$7!"%G!<%?%W%l!<%s(B ($B$3$N%G%P%$%9$K$h$C$F@Z$jBX$((B
$B$i$lAw?.$5$l$k%M%C%H%o!<%/%H%i%U%#%C%/(B) $B$O967b$N1F6A$r<u$1$^$;$s!#(B

$B$3$NLdBj$O!"(B2.2.2 $B0JA0$N%=%U%H%&%'%"%j%j!<%9$r<B9T$9$k(B Cisco ONS 15216
OADM $B%G%P%$%9$KB8:_$7$^$9!#(B

42. Cisco Security Agent Crafted IP Packet Denial Of Service Vulnerability
BugTraq ID: 14247
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-13
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14247
$BMWLs(B:
Cisco Security Agent (CSA) $B$K$O!"%5!<%S%9ITG=>uBV$K4Y$kLdBj$,B8:_$9$k$H(B
$BJs9p$5$l$F$$$^$9!#$3$NLdBj$O!"0-0U$"$k(B IP $B%Q%1%C%H$K$h$C$F0z$-5/$3$5$l$k(B
$B2DG=@-$,$"$j$^$9!#(B

$BLdBj$NMxMQ$,@.8y$9$k$H!"(BCisco Security Agent $B%=%U%H%&%'%"$N%[%9%H$G$"$k(B
Microsoft Windows $B%*%Z%l!<%F%#%s%0%7%9%F%`$,%/%i%C%7%e$7$^$9!#$3$NLdBj$O!"(B
Windows XP $B0J30$N(B Windows $B%*%Z%l!<%F%#%s%0%7%9%F%`>e$GF0:n$9$k(B CSA 4.5
$B$K$N$_1F6A$r5Z$\$7$^$9!#(B

43. Clearswift MIMEsweeper For Web ActiveX Bypass Vulnerability
BugTraq ID: 14248
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-13
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14248
$BMWLs(B:
MIMEsweeper For Web $B$K$O!"%;%-%e%j%F%#@)8B$,2sHr$5$l$k2DG=@-$,$"$j$^$9!#(B

$B$3$N%"%W%j%1!<%7%g%s$G$O!"(BActiveX $B%3!<%I$r4^$`0U?^E*$K:n@.$5$l$?%U%!%$%k(B
$B$X$N%U%#%k%?E,MQ$KITHw$,$"$k$3$H$,Js9p$5$l$F$$$^$9!#(B

$B$3$N%"%W%j%1!<%7%g%s$NFC@-$K$h$j!"J]8n$5$l$F$$$k%f!<%6$K$"$?$+$b0BA4$
G$"(B
$B$k$+$N$h$&$J8m2r$r>7$-!"$3$l$K$h$j$5$^$6$^$J967b$,0z$-5/$3$5$l$k2DG=@
-$,(B
$B$"$j$^$9!#(B

MIMEsweeper For Web 5.1 $B$h$j$bA0$N%P!<%8%g%s$K$*$$$F!"LdBj$N1F6A$r<u$1$^(B
$B$9!#(B

44. ESi WebEOC Multiple Input Validation Privilege Escalation and Denial of Service Vulnerabilities
BugTraq ID: 14249
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-13
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14249
$BMWLs(B:
WebEOC $B$O!"J#?t$NLdBj$N1F6A$r<u$1$^$9!#(B

WebEOC $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0!"(BSQL $B9=J8$rCmF~2DG=$JLdBj!">p(B
$BJsO31L!"8"8B>:3J!"%"%/%;%9$NBEEv@-3NG'$NITHw!"$*$h$S%5!<%S%9ITG=>uBV$
K4Y(B
$B$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$l$i$NLdBj$O!"F~NOCM$NBEEv@-3NG'!"%"%/%;%9$NBEEv@-3NG'$J$I$N@_7W>e$
NIT(B
$BHw$KM3Mh$7$^$9!#(B

$B%Y%s%@$O!"(BWebEOC 6.0.2 $B$G$3$l$i$NLdBj$r2r7h$7$F$$$^$9!#(B

45. Cisco CallManager RISDC Remote Denial Of Service Vulnerability
BugTraq ID: 14250
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14250
$BMWLs(B:
CallManager $B$N(B RISDC (Realtime Information Server Data Collection) $B%5!<(B
$B%S%9$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$k2DG=@-$,$"$j$
^$9!#(B

$B$3$NLdBj$O!"(BCisco $B%f!<%6$N$_$,MxMQ$G$-$k(B Cisco $B%P%0(B CSCed37403 $B$GJs9p$5(B
$B$l$F$$$^$9!#(B

$BLdBj$N$"$k%5!<%S%9$KBP$7$F967b<T$,(B TCP $B@\B3$N:n@.$HGK4~$r7+$jJV$9$H!"Bg(B
$BNL$N%a%b%j%j%=!<%9$,>CHq$5$l!"99$J$k@\B3$,5qH]$5$l$k2DG=@-$,$"$j$^$9!
#(B

$B$3$NLdBj$O!"Ev=i(B BID 14227 $B$GJs9p$5$l$^$7$?!#(B

46. Cisco CallManager CTI Manager Remote Denial Of Service Vulnerability
BugTraq ID: 14251
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14251
$BMWLs(B:
CallManager CTI Manager $B%5!<%S%9$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9IT(B
$BG=>uBV$K4Y$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"(BCisco $B%f!<%6$N$_$,MxMQ$G$-$k(B Cisco $B%P%0(B CSCee00116 $B$GJs9p$5(B
$B$l$F$$$^$9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$HLdBj$N$"$k%"%W%j%1!<%7%g%s$,:F5/F0$5$;$i$l!"@55
,%f!<(B
$B%6$X$N%5!<%S%95qH]$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"Ev=i(B BID 14227 $B$GJs9p$5$l$^$7$?!#(B

47. Cisco CallManager CCM.EXE Remote Denial Of Service Vulnerability
BugTraq ID: 14252
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14252
$BMWLs(B:
CallManager $B$N(B 'ccm.exe' $B%W%m%;%9$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9(B
$BITG=>uBV$K4Y$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"(BCisco $B%f!<%6$N$_$,MxMQ$G$-$k(B Cisco $B%P%0(B CSCee00118 $B$GJs9p$5(B
$B$l$F$$$^$9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$HLdBj$N$"$k%"%W%j%1!<%7%g%s$,:F5/F0$5$;$i$l!"@55
,%f!<(B
$B%6$X$N%5!<%S%95qH]$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"Ev=i(B BID 14227 $B$GJs9p$5$l$^$7$?!#(B

48. Cisco CallManager Multiple Failed Logins Remote Denial Of Service Vulnerability
BugTraq ID: 14253
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14253
$BMWLs(B:
CallManager $B$K$O!"(BMLA (Multi Level Admin) $B$,M-8z$K$J$C$F$$$k$H$-$K%j%b!<(B
$B%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"(BCisco $B%f!<%6$N$_$,MxMQ$G$-$k(B Cisco $B%P%0(B CSCef47060 $B$GJs9p$5(B
$B$l$F$$$^$9!#(B

$B967b<T$O!"LdBj$N$"$k%5!<%S%9$X$N%m%0%$%s$N;n9T$H<:GT$r7+$jJV$9$3$H$K$
h$j!"(B
$B$3$NLdBj$rMxMQ$9$k2DG=@-$,$"$j$^$9!#Ls(B 750 MB $B$N%a%b%j$,>CHq$5$l$k2DG=@-(B
$B$,$"$k$HJs9p$5$l$F$$$^$9!#$3$l$K$h$j%5!<%P$N%Q%U%)!<%^%s%9$,Dc2<$7$F!
"@5(B
$B5,%f!<%6$X$N%5!<%S%95qH]$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"Ev=i(B BID 14227 $B$GJs9p$5$l$^$7$?!#(B

49. SquirrelMail Variable Handling Vulnerability
BugTraq ID: 14254
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-13
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14254
$BMWLs(B:
SquirrelMail $B$O!"JQ?t$,%;%-%e%j%F%#>eE,@Z$K=hM}$5$l$J$$LdBj$N1F6A$r<u$1(B
$B$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"%f!<%6@_Dj$N3+<($dA`:n$r9T$C$?$j!"(B'www
-data'
$B$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%U%!%$%k$K=q$-9~$s$@$j!"%/%m%9%5%
$%H(B
$B%9%/%j%W%F%#%s%0$J$I$N967b$r<B9T$7$?$j$G$-$k$3$H$,Js9p$5$l$F$$$^$9!#
(B

$B>\:Y$,ITL@$J$?$a!"99$J$k>pJs$O8=;~E@$G$OJs9p$5$l$F$$$^$;$s!#>\:Y$,99?
7$5(B
$B$l<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

50. Cisco CallManager AUPair Service Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 14255
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14255
$BMWLs(B:
CallManager $B$N(B aupair $B%5!<%S%9$K$O!"%j%b!<%H$+$i$N967b$K$h$k%P%C%U%!%*!<(B
$B%P!<%U%m!<$K4XO"$9$kL$FCDj$NLdBj$,B8:_$9$k2DG=@-$,$"$j$^$9!#$3$NLdBj$
O!"(B
$B%f!<%6$,;XDj$7$?%G!<%?$r8GDjD9$N%a%b%j%P%C%U%!$K%3%T!<$9$kA0$K!"6-3&%
A%'%C(B
$B%/$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$O!"(BCisco $B%f!<%6$N$_$,MxMQ$G$-$k(B Cisco $B%P%0(B CSCsa75554 $B$GJs9p$5(B
$B$l$F$$$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%"%W%j%1!<%7%g%s$N%;%
-%e(B
$B%j%F%#%3%s%F%-%9%HFb$GG$0U$N%^%7%s%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#L
dBj(B
$B$rMxMQ$7$h$&$H$7$F<:GT$7$?>l9g!"LdBj$N$"$k%W%m%;%9$,%/%i%C%7%e$7$F!"@
55,(B
$B%f!<%6$X$N%5!<%S%95qH]$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"Ev=i(B BID 14227 $B$GJs9p$5$l$^$7$?!#(B

51. PHPCounter EpochPrefix Cross Site Scripting Vulnerabillity
BugTraq ID: 14256
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-13
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14256
$BMWLs(B:
$B967b<T$,%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<B9T$9$k$3$H$r5v$7$F$7$^$&L
dBj(B
$B$,B8:_$7$^$9!#(B

$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$
$$3(B
$B$H$KM3Mh$7$^$9!#(B

52. NetPanzer Remote Denial of Service Vulnerability
BugTraq ID: 14257
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-13
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14257
$BMWLs(B:
netPanzer $B$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$kLdBj$N1F6A$r(B
$B<u$1$^$9!#(B

$B967b$,@.8y$9$k$H!"%5!<%P$,%/%i%C%7%e$7!"@55,%f!<%6$X$N%5!<%S%95qH]$,0
z$-(B
$B5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

netPanzer 0.8 $B0JA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

53. Hosting Controller Multiple SQL Injection Vulnerabilities
BugTraq ID: 14258
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-13
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14258
$BMWLs(B:
Hosting Controller $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^(B
$B$9!#(B

$B$3$NLdBj$O!"%j%b!<%H$N967b<T$,%/%(%j$NO@M}9=B$$rA`:n$9$k$3$H$r5v$7$F$
7$^(B
$B$$$^$9!#967b<T$O=EMW$J>pJs$KIT@5$K%"%/%;%9$9$k2DG=@-$,$"$k$3$H$,Js9p$
5$l(B
$B$F$$$^$9!#%P%C%/%(%s%I%G!<%?%Y!<%9$N5!G=$dLdBj$N$"$k%/%(%j$NFC@-$K$h$
j!"(B
$BB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

54. Microsoft Windows Kernel Unspecified Remote Desktop Protocol Denial Of Service Vulnerability
BugTraq ID: 14259
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14259
$BMWLs(B:
Microsoft Windows $B$N%+!<%M%k$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>u(B
$BBV$K4Y$kL$FCDj$NLdBj$,Js9p$5$l$F$$$^$9!#$3$NLdBj$O!"%j%b!<%H$N967b<T$
,Ld(B
$BBj$N$"$k%3%s%T%e!<%?$r%/%i%C%7%e$5$;$k$3$H$r5v$7$F$7$^$&$3$H$r!"(B
Microsoft $B$O3NG'$7$F$$$^$9!#$3$NLdBj$O!"0U?^E*$K:n@.$5$l$?%j%b!<%H%G%9%/(B
$B%H%C%W$N%j%/%(%9%H$,E,@Z$K=hM}$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B>\:Y$,8x3+$5$l<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

55. Microsoft Windows Network Connections Manager Library Local Denial of Service Vulnerability
BugTraq ID: 14260
$B%j%b!<%H$+$i$N:F8=@-(B:$B$J$7(B
$B8xI=F|(B: 2005-07-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14260
$BMWLs(B:
netman.dll $B$O!"%m!<%+%k$G$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$kLdBj$N1F6A$r(B
$B<u$1$^$9!#(B

$B967b$,@.8y$9$k$H!"(BNetwork Connections Service $B$,%5!<%S%9ITG=>uBV$K4Y$k2D(B
$BG=@-$,$"$j$^$9!#(B

Wuauserv$B!"(BBrowser$B!"(BCryptSvc$B!"(BTrkWks$B!"(Bdmserver$B
!"(Bseclogon$B!"(Blanmanserver$B!"(B
ShellHWDetection$B!"(BAudioSrv$B!"(BWZCSVC$B!"(Blanmanworkstation $B$J$I$N$5$^$6$^$J%5!<(B
$B%S%9$b!"$3$NLdBj$NMxMQ$K$h$j%"%/%;%9$G$-$J$/$J$k2DG=@-$,$"$j$^$9!#(B

56. Class-1 Forum Users.PHP Cross Site Scripting Vulnerabilities
BugTraq ID: 14261
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14261
$BMWLs(B:
class-1 Forum $B$K$O!"967b<T$,%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<B9T$9$k$3(B
$B$H$r5v$7$F$7$^$&J#?t$NLdBj$,B8:_$7$^$9!#(B

$B$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$
l$J(B
$B$$$3$H$KM3Mh$7$^$9!#(B

57. BitDefender Antivirus & Antispam for Linux and FreeBSD Mail Servers Scan Evasion Vulnerability
BugTraq ID: 14262
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14262
$BMWLs(B:
BitDefender Antivirus & Antispam for Linux and FreeBSD Mail Servers $B$K$O!"(B
$B%"%s%A%&%$%k%9%9%-%c%s$,2sHr$5$l$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"0-0U$"$kFbMF$,8!CN$5$l$:$KEO$5$l$k$3$H$r5v$7$F$7$^$&$?$a!
"$"(B
$B$?$+$b0BA4$G$"$k$+$N$h$&$J8m2r$,@8$8$^$9!#1F6A$r<u$1$k%f!<%6$,0-0U$"$
kE:(B
$BIU%U%!%$%k$r3+$/$H!"0-0U$"$k%3!<%I$N46@w$,0z$-5/$3$5$l$^$9!#(B

BitDefender Antivirus & Antispam for Linux and FreeBSD Mail Servers
1.6.1 $B0JA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

58. DG Remote Control Server Remote Denial of Service Vulnerability
BugTraq ID: 14263
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14263
$BMWLs(B:
DG Remote Control Server $B$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K(B
$B4Y$kLdBj$N1F6A$r<u$1$^$9!#(B

$B967b<T$O!"$3$N%"%W%j%1!<%7%g%s$N%j%9%K%s%0%]!<%H$KBgNL$N%G!<%?$rAw?.$
9$k(B
$B$3$H$K$h$j!"%5!<%S%9ITG=>uBV$r0z$-5/$3$9$3$H$,$G$-$^$9!#(B

$B$3$NLdBj$O!"%P%C%U%!%*!<%P!<%U%m!<>uBV$r>7$$$F%j%b!<%H%"%/%;%9$r0z$-5
/$3(B
$B$92DG=@-$,$"$j$^$9$,!"$3$l$K$D$$$F$OL$8!>Z$G$9!#(B

DG Remote Control Server 1.6.2 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

59. Laffer IM.PHP File Include Vulnerability
BugTraq ID: 14264
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14264
$BMWLs(B:
Laffer $B$K$O!"%j%b!<%H$+$i(B PHP $B%U%!%$%k$,%$%s%/%k!<%I$5$l$k2DG=@-$,$"$j$^(B
$B$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$
l$J(B
$B$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N(B PHP $B%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h(B
$B$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

60. Easy Software Products CUPS Access Control List Bypass Vulnerability
BugTraq ID: 14265
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14265
$BMWLs(B:
CUPS $B$K$O!"%"%/%;%9%3%s%H%m!<%k%j%9%H(B (ACL) $B$,2sHr$5$l$k2DG=@-$,$"$j$^$9!#(B
$B$3$NLdBj$O!"<u$1<h$C$?%W%j%s%H%8%g%V$KBP$7$F(B ACL $B$,E,@Z$KE,MQ$5$l$J$$$3(B
$B$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$O!"967b<T$,@_Dj$5$l$?(B ACL $B$r2sHr$7$F%W%j%s%?$G%8%g%V$r<B9T$7!"(B
$B@_Dj$5$l$?G'>Z%A%'%C%/$d(B IP $B@)8B$r>J$/$3$H$r5v$7$F$7$^$$$^$9!#(B

61. Simple Message Board Forum.CFM Cross-Site Scripting Vulnerability
BugTraq ID: 14266
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14266
$BMWLs(B:
Simple Message Board $B$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$N1F6A$r<u$1(B
$B$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$
5$l(B
$B$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$GG$0U$N%9%
/%j(B
$B%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>Z(B
$BMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

62. Simple Message Board User.CFM Cross-Site Scripting Vulnerability
BugTraq ID: 14267
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14267
$BMWLs(B:
Simple Message Board $B$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$N1F6A$r<u$1(B
$B$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$
5$l(B
$B$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$GG$0U$N%9%
/%j(B
$B%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>Z(B
$BMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

63. Simple Message Board Thread.CFM Cross-Site Scripting Vulnerability
BugTraq ID: 14268
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14268
$BMWLs(B:
Simple Message Board $B$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$N1F6A$r<u$1(B
$B$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$
5$l(B
$B$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$GG$0U$N%9%
/%j(B
$B%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>Z(B
$BMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

64. Simple Message Board Search.CFM Cross-Site Scripting Vulnerability
BugTraq ID: 14269
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14269
$BMWLs(B:
Simple Message Board $B$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$N1F6A$r<u$1(B
$B$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$
5$l(B
$B$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$GG$0U$N%9%
/%j(B
$B%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>Z(B
$BMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

65. Sophos Anti-Virus BZip2 Archive Handling Remote Denial Of Service Vulnerability
BugTraq ID: 14270
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14270
$BMWLs(B:
Sophos Anti-Virus $B$K$O!"(B'Scan inside archive files' $B$,@_Dj$5$l$F$$$k>l9g(B
$B$K!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$j$^$9!#$3$
N@_(B
$BDj$O%G%U%)%k%H$G$O$"$j$^$;$s!#(B

$B$3$NLdBj$O!"(BBZip2 $B%"!<%+%$%V$K4^$^$l$k(B 'Extra field length' $B$NCM$N%5%K%?(B
$B%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#7k2LE*$K!"$3$NLdBj$NMxM
Q$K(B
$B$h$j@55,%f!<%6$X$NE,@Z$J%5!<%S%9$,5qH]$5$l$k2DG=@-$,$"$j$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"967b8e$K<u?.$9$k%U%!%$%k$N%9%-%c%s$,?k9T$
5$l(B
$B$k$3$H$rAK;_$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"967b<T$,(B Anti-Virus $B$N%9%-%c(B
$B%s$r2sHr$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#(B

66. Macromedia JRun Unauthorized Session Access Vulnerability
BugTraq ID: 14271
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14271
$BMWLs(B:
Macromedia JRun $B$O!"%f!<%6$N%;%C%7%g%s$,B>$N%f!<%6$H$N4V$G6&M-$5$l$k$3$H(B
$B$r5v$7$F$7$^$&LdBj$N1F6A$r<u$1$^$9!#(B

$BFCDj$N>u672<$K$*$$$F!"(B2 $B?M$N%f!<%6$,F10l%;%C%7%g%s$r6&M-$9$k2DG=@-$,$"$j(B
$B$^$9!#$3$l$K$h$j!"%f!<%6%"%+%&%s%H$KBP$7$F6<0R$r>7$/$J$I$N$5$^$6$^$J9
67b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O967b<T$,0z$-5/$3$9$3$H$,$G$-$:!"$^$l$KH/@8$9$k$b$N$G$"$kE@$
KN1(B
$B0U$9$Y$-$G$9!#(B

JRun 4.0$B!"(BColdFusion MX 7.0 Enterprise Multi-Server Edition$B!"$*$h$S(B
ColdFusion MX 6.1 Enterprise with JRun $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^(B
$B$9!#(B

67. Oracle HTTP Server Unspecified Malformed Request Denial Of Service Vulnerability
BugTraq ID: 14272
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14272
$BMWLs(B:
Oracle HTTP Server $B$K$O!"%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"(B7 $B7n$N(B Oracle Critical Patch Update $B$N%Q%C%A$N(B Readme $B$GJs9p(B
$B$5$l$F$$$^$9!#$3$NLdBj$K$D$$$F!"(BOracle $B$O99$J$k>pJs$r%j%j!<%9$7$F$$$^$;(B
$B$s!#(B

68. Oracle HTTP Server MOD_OSSO Partner Application Cookie Expiration Weakness
BugTraq ID: 14273
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14273
$BMWLs(B:
Oracle HTTP Server $B$N(B mod_osso $B%7%s%0%k%5%$%s%*%s%b%8%e!<%k$G$O!"%Q!<%H(B
$B%J!<%"%W%j%1!<%7%g%s$N(B Cookie $B$N4|8B@Z$l$,E,@Z$K9T$o$l$^$;$s!#$3$N$?$a!"(B
$B0-0U$"$k%f!<%6$,%Q!<%H%J!<%"%W%j%1!<%7%g%s$N(B Cookie $B$KIT@5%"%/%;%9$9$k<j(B
$BCJ$r;}$D>l9g$K!"%;%-%e%j%F%#>e$N6<0R$,>7$+$l$k2DG=@-$,$"$j$^$9!#%"%W%
j%1!<(B
$B%7%g%s$N(B Cookie $B$O4|8B@Z$l$K$J$k$3$H$,!"M=4|$5$l$F$$$^$9!#(B

$B$3$NLdBj$O!"(B7 $B7n$N(B Oracle Critical Patch Update $B$N%Q%C%A$N(B Readme $B$GJs9p(B
$B$5$l$F$$$^$9!#$3$NLdBj$K$D$$$F!"(BOracle $B$O99$J$k>pJs$r%j%j!<%9$7$F$$$^$;(B
$B$s!#$3$NLdBj$O!"(B7 $B7n$N(B Oracle Critical Patch Update $B$N(B DB10 $B$NLdBj$K4XO"(B
$B$7$F$$$k2DG=@-$,$"$j$^$9$,!"$3$l$K$D$$$F$OL$8!>Z$G$9!#99$J$k>pJs$,8x3
+$5(B
$B$l<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

69. Nullsoft Winamp Malformed ID3v2 Tag Buffer Overflow Vulnerability
BugTraq ID: 14276
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14276
$BMWLs(B:
Winamp $B$G$O!"(BID3v2 $B$N5!G=$G%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k2DG=@-$,$"$j(B
$B$^$9!#$3$NLdBj$O!"F~NO%G!<%?$r8GDjD9$N%a%b%j%P%C%U%!$K%3%T!<$9$kA0$K!
"6-(B
$B3&%A%'%C%/$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"0-0U$"$k(B MP3 $B%U%!%$%k$rG[I[$7!"5?(B
$B$$$r;}$?$J$$%f!<%6$,LdBj$N$"$k%"%W%j%1!<%7%g%s$r;HMQ$7$F$3$N$h$&$J%U%
!%$(B
$B%k$r=hM}$9$k$h$&$K;E8~$1$k2DG=@-$,$"$j$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%"%W%j%1!<%7%g%s$r<B9T$9$k%f!<%
6$N(B
$B8"8B$GG$0U$N%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#(B

$B%P!<%8%g%s(B 5.03a$B!"(B5.09$B!"$*$h$S(B 5.09 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H(B
$B$,Js9p$5$l$F$$$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!
#(B

70. Oracle HTTP Server MOD_ORADAV ORAALTPASSWORD Obfuscation Weakness
BugTraq ID: 14277
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14277
$BMWLs(B:
Oracle HTTP Server $B$N(B mod_oradav $B%b%8%e!<%k$K$O!"%;%-%e%j%F%#>e$NLdBj$,(B
$BB8:_$7$^$9!#0E9f2=$5$l$J$1$l$P$J$i$J$$(B ORAALTPASSWORD $B$,!"1#JC$5$l$F$7$^(B
$B$$$^$9!#$3$N$?$a!"1#JC$5$l$?%Q%9%o!<%I$K%"%/%;%9$G$-$k0-0U$"$k%f!<%6$
O!"(B
$BMF0W$K%Q%9%o!<%I$r%G%3!<%I$9$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"(B7 $B7n$N(B Oracle Critical Patch Update $B$N%Q%C%A$N(B Readme $B$GJs9p(B
$B$5$l$F$$$^$9!#$3$NLdBj$K$D$$$F!"(BOracle $B$O99$J$k>pJs$r%j%j!<%9$7$F$$$^$;(B
$B$s!#(B

71. Clever Copy Calendar.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14278
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14278
$BMWLs(B:
Clever Copy $B$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$N1F6A$r<u$1$^$9!#$3$N(B
$BLdBj$O!"%f!<%6$,;XDj$7$?(B URI $B$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$K(B
$BM3Mh$7$^$9!#$3$N$?$a!"F0E*$K@8@.$7$?(B Web $B%3%s%F%s%D$GF~NOCM$,=PNO$5$l$F(B
$B$7$^$$$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$GG$0U$N%9%
/%j(B
$B%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>Z(B
$BMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

72. Oracle Webcache SSL Encryption Downgrade Weakness
BugTraq ID: 14279
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14279
$BMWLs(B:
Oracle Webcache $B$G$O!"%;%-%e%j%F%#>e$NLdBj$,Js9p$5$l$F$$$^$9!#(BOracle
HTTP Server $B$N@_Dj$h$j$b6/EY$,Dc$$(B SSL $B$N0E9f2=$,!"%I%-%e%a%s%H$KE,MQ$5(B
$B$l$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B$3$N$?$a$K!"$"$?$+$b0BA4$G$"$k$+$N$h$&$J8m2r$,@8$8$k2DG=@-$,$"$j$^$9!
#(B

$B$3$NLdBj$O!"(B7 $B7n$N(B Oracle Critical Patch Update $B$N%Q%C%A$N(B Readme $B$GJs9p(B
$B$5$l$F$$$^$9!#$3$NLdBj$K$D$$$F!"(BOracle $B$O99$J$k>pJs$r%j%j!<%9$7$F$$$^$;(B
$B$s!#(B

73. MooseGallery Display.PHP File Include Vulnerability
BugTraq ID: 14280
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14280
$BMWLs(B:
MooseGallery $B$K$O!"%j%b!<%H$+$i(B PHP $B%U%!%$%k$,%$%s%/%k!<%I$5$l$k2DG=@-$,(B
$B$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<
B9T(B
$B$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N(B PHP $B%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h(B
$B$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

74. Oracle9i 9.0.1.5 FIPS Single Sign-On Server Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 14281
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14281
$BMWLs(B:
Oracle Database Server $B$N(B Single Sign-On Server (SSO) $B$K$O!"%/%m%9%5%$%H(B
$B%9%/%j%W%F%#%s%0$K4XO"$9$kL$FCDj$NLdBj$,B8:_$7$^$9!#(B

$BI8E*%f!<%6$,0-0U$"$k(B HTML $B$d%9%/%j%W%H%3!<%I$r4^$`%j%s%/$K%"%/%;%9$9$k$h(B
$B$&$K;E8~$1$k$3$H$K$h$C$F!"$3$NLdBj$,MxMQ$5$l$k2DG=@-$,$"$j$^$9!#LdBj$
,Mx(B
$BMQ$5$l$k$H!"@55,%f!<%6$N(B Cookie $B$KM3Mh$9$kG'>ZMQ>pJs$,@`<h$5$l$k2DG=@-$,(B
$B$"$j$^$9!#$=$NB>$N967b$,9T$o$l$k2DG=@-$b$"$j$^$9!#(B

$B$3$NLdBj$O!"(B7 $B7n$N(B Oracle Critical Patch Update $B$N%Q%C%A$N(B Readme $B$GJs9p(B
$B$5$l$F$$$^$9!#$3$NLdBj$K$D$$$F!"(BOracle $B$O99$J$k>pJs$r%j%j!<%9$7$F$$$^$;(B
$B$s!#(B

75. Microsoft Internet Explorer JPEG Image Rendering Unspecified Buffer Overflow Vulnerability
BugTraq ID: 14282
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14282
$BMWLs(B:
Microsoft Internet Explorer $B$G;HMQ$5$l$k(B JPEG $B2hA|%l%s%@%j%s%0%i%$%V%i%j(B
$B$K$O!"%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"F~N
O%G!<(B
$B%?$r8GDjD9$N%a%b%j%P%C%U%!$K%3%T!<$9$kA0$K!"6-3&%A%'%C%/$,E,@Z$K<B9T$
5$l(B
$B$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$O!"%V%i%&%6$KBP$7$F%i%s%@%`$JF~NOCM$r:n@.$9$k$3$H$K$h$C$F8!=
P$5(B
$B$l$^$7$?!#8=;~E@$G$O!"99$J$kD4::$O9T$o$l$F$$$^$;$s!#>\:Y$,8x3+$5$l<!B
h!"(B
$B$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

$B$3$NLdBj$NMxMQ$,@.8y$9$k$H!"LdBj$N$"$k%V%i%&%6$r<B9T$9$k%f!<%6$N%;%-%
e%j(B
$B%F%#%3%s%F%-%9%HFb$GG$0U$N%3!<%I$,<B9T$5$l$k2DG=@-$,$"$j$^$9!#(B

Internet Explorer 6 SP2 $B$K$*$$$F!"$3$NLdBj$,Js9p$5$l$^$7$?!#$3$l$h$jA0$N(B
$B%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

76. Hosting Controller Multiple Remote Vulnerabilities
BugTraq ID: 14283
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14283
$BMWLs(B:
Hosting Controller $B$K$O!"J#?t$NLdBj$,B8:_$9$k5?$$$,$"$k$HJs9p$5$l$F$$$^(B
$B$9!#$3$l$i$NLdBj$K$h$j!"967b<T$,(B SQL $B9=J8$rCmF~$9$k967b$r<B9T$7$?$j!"%9(B
$B%/%j%W%H$KIT@5$K%"%/%;%9$7$?$j!"8"8B$r>:3J$5$;$?$j!"%5!<%S%9ITG=>uBV$
r0z(B
$B$-5/$3$7$?$j$9$k2DG=@-$,$"$j$^$9!#(B

Hosting Controller 6.1 hotfix 2.1 $B$K$*$$$F!"$3$l$i$NLdBj$N1F6A$r<u$1$^$9!#(B

77. Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost Denial Of Service Vulnerability
BugTraq ID: 14284
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14284
$BMWLs(B:
Microsoft Internet Explorer $B$G;HMQ$5$l$k(B JPEG $B2hA|%l%s%@%j%s%0%i%$%V%i%j(B
$B$K$O!"%5!<%S%9ITG=>uBV$K4Y$kL$FCDj$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$
NLd(B
$BBj$O!"(BBID 14282 $B$K<($5$l$F$$$kLdBj$KN`;w$7$F$$$k$3$H$,Js9p$5$l$F$$$^$9!#(B

$B$3$NLdBj$O!"%V%i%&%6$KBP$7$F%i%s%@%`$JF~NOCM$r:n@.$9$k$3$H$K$h$C$F8!=
P$5(B
$B$l$^$7$?!#8=;~E@$G$O!"99$J$kD4::$O9T$o$l$F$$$^$;$s!#>\:Y$,8x3+$5$l<!B
h!"(B
$B$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

$BLdBj$NMxMQ$,@.8y$9$k$H!"LdBj$N$"$k(B Web $B%V%i%&%6$,%/%i%C%7%e$7$F$7$^$$$^(B
$B$9!#G$0U$N%3!<%I$,<B9T$5$l$k2DG=@-$b$"$j$^$9$,!"$3$l$K$D$$$F$OL$8!>Z$
G$9!#(B

Internet Explorer 6 SP2 $B$K$*$$$F!"$3$NLdBj$,Js9p$5$l$^$7$?!#$3$l$h$jA0$N(B
$B%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

78. Microsoft Internet Explorer JPEG Image Rendering Memory Consumption Denial Of Service Vulnerability
BugTraq ID: 14285
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14285
$BMWLs(B:
Microsoft Internet Explorer $B$G;HMQ$5$l$k(B JPEG $B2hA|%l%s%@%j%s%0%i%$%V%i%j(B
$B$K$O!"%5!<%S%9ITG=>uBV$K4Y$kL$FCDj$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"%V%i%&%6$KBP$7$F%i%s%@%`$JF~NOCM$r:n@.$9$k$3$H$K$h$C$F8!=
P$5(B
$B$l$^$7$?!#8=;~E@$G$O!"99$J$kD4::$O9T$o$l$F$$$^$;$s!#>\:Y$,8x3+$5$l<!B
h!"(B
$B$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

$BLdBj$NMxMQ$,@.8y$9$k$H!"BgNL$N%a%b%j$,>CHq$5$l!"LdBj$N$"$k(B Web $B%V%i%&%6(B
$B$,%/%i%C%7%e$7$F$7$^$$$^$9!#(B

Internet Explorer 6 SP2 $B$K$*$$$F!"$3$NLdBj$,Js9p$5$l$^$7$?!#$3$l$h$jA0$N(B
$B%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

79. Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial Of Service Vulnerability
BugTraq ID: 14286
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14286
$BMWLs(B:
Microsoft Internet Explorer $B$G;HMQ$5$l$k(B JPEG $B2hA|%l%s%@%j%s%0%i%$%V%i%j(B
$B$K$O!"%5!<%S%9ITG=>uBV$K4Y$kL$FCDj$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"%V%i%&%6$KBP$7$F%i%s%@%`$JF~NOCM$r:n@.$9$k$3$H$K$h$C$F8!=
P$5(B
$B$l$^$7$?!#8=;~E@$G$O!"99$J$kD4::$O9T$o$l$F$$$^$;$s!#>\:Y>pJs$,8x3+$5$
l<!(B
$BBh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

$BLdBj$NMxMQ$,@.8y$9$k$H!"LdBj$N$"$k(B Web $B%V%i%&%6$,%/%i%C%7%e$7$F$7$^$$$^(B
$B$9!#$^$?!"$3$NLdBj$K$h$jBgNL$N(B CPU $B%j%=!<%9$,>CHq$5$l$k$3$H$bJs9p$5$l$F(B
$B$$$^$9!#(B

Internet Explorer 6 SP2 $B$K$*$$$F!"$3$NLdBj$,Js9p$5$l$^$7$?!#$3$l$h$jA0$N(B
$B%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

80. Sybase EAServer Remote Buffer Overflow Vulnerability
BugTraq ID: 14287
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14287
$BMWLs(B:
Sybase EAServer $B$O!"%j%b!<%H$+$i$N967b$K$h$k%P%C%U%!%*!<%P!<%U%m!<$NLdBj(B
$B$N1F6A$r<u$1$^$9!#(B

$B$3$NLdBj$O!"%5!<%P$N(B Web $B%3%s%=!<%k$GH/@8$7$^$9!#967b$,@.8y$9$k$H!"8GDj(B
$BD9$N%P%C%U%!$G%*!<%P!<%U%m!<$,0z$-5/$3$5$l!"(B'jagsrv.exe' $B%W%m%;%9$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$GG$0U$N%3!<%I$,<B9T$5$l$k2DG=@-$,$"$j$^$9!#$3$l$
K$h(B
$B$j!"967b<T$,8"8B$r>:3J$5$;$k$3$H$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B$3$N967b$r<B9T$9$kA0$K!"967b<T$,G'>ZMQ>pJs$rDs6!$9$kI,MW$,$"$kE@$KN10
U$9(B
$B$Y$-$G$9!#(B

81. Microsoft MSN Messenger / Internet Explorer Image ICC Profile Processing Vulnerability
BugTraq ID: 14288
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14288
$BMWLs(B:
Microsoft Internet Explorer $B$*$h$S(B MSN Instant Messenger $B$O!"0U?^E*$K:n(B
$B@.$5$l$?(B ICC $B%W%m%U%!%$%k%G!<%?$,2hA|%G!<%?$KKd$a9~$^$l$F$$$k>l9g$K!"$3(B
$B$N%G!<%?$N=hM};~$K%/%i%C%7%e$9$k2DG=@-$,$"$k$HJs9p$5$l$F$$$^$9!#$3$NL
dBj(B
$B$O!"@0?t=hM}$NITHw$KM3Mh$9$k2DG=@-$,$"$j$^$9!#4Q;!$5$l$?%/%i%C%7%e$O!
"%a(B
$B%b%jFI$_<h$j$N;n9T$K$*$1$k%"%/%;%90cH?(B ($B$*$=$i$/NN0h30$NG[Ns$X$N%"%/%;%9(B)
$B$KM3Mh$9$k$HJs9p$5$l$F$$$^$9!#$3$l$O!"LdBj$,B(:B$KMxMQ2DG=$G$O$J$$$3$
H$r(B
$B<($7$F$$$^$9!#$?$@$7!"%G!<%?$r=q$-9~$`<jCJ$,B8:_$9$k2DG=@-$O0MA3$H$7$
F$"(B
$B$j$^$9!#(B

III.SECURITYFOCUS NEWS
----------------------
1. Report: Squatters a major problem for credit-report site
$BCx<T(B: Robert Lemos
$B@/I\$N(B AnnualCreditReport.com $B%5%$%H$GL5NA$N?.MQ%l%]!<%H$r<hF@$7$h$&$H$9(B
$B$k>CHq<T$O!"%9%Z%k%_%9$N$?$a$K6bA,E*B;<:$rHo$C$?$j8D?M>pJs$,O31L$7$?$
j$9(B
$B$k2DG=@-$,$"$k$3$H$,Js9p$5$l$F$$$^$9!#(B

http://www.securityfocus.com/news/11251

2. Desktop port proliferation a security risk?
$BCx<T(B: Robert Lemos
$B%f!<%6$,%U%!%$%"%&%)!<%k$N%]!<%H$r3+$/I,MW$N$"$k(B Peer-to-Peer $B%=%U%H%&%'(B
$B%"%"%W%j%1!<%7%g%s$,0lHLE*$K$J$C$F$-$F$$$^$9!#$7$+$7!"%G%9%/%H%C%W$N%
;%-%e(B
$B%j%F%#$X$N1F6A$O!"$^$@ITF)L@$G$9!#(B

http://www.securityfocus.com/news/11248

3. Mi$BCx<T(B: crosoft to reward informants after Sasser conviction
$BCx<T(B: Robert Lemos
$B99?7(B: Sasser $B%o!<%`$*$h$S85$H$J$k(B Netsky $B%&%$%k%9$N:n<T$KBP$7$F!"%I%$%D(B
$B$N:[H==j$,<B7:H=7h$r2<$7$?$3$H$r<u$1!"(BMicrosoft $B$O!">pJsDs6!<T(B 2 $BL>$K(B 25
$BK|%I%k$rJ,G[$9$kM=Dj$G$9!#(B

http://www.securityfocus.com/news/11242

4. Flawed USC admissions site allowed access to applicant data
$BCx<T(B: Robert Lemos
$B99?7(B: $BFn%+%j%U%)%k%K%"Bg3X$N%*%s%i%$%sF~3X4j=q%7%9%F%`$N%W%m%0%i%_%s%0(B
$B%(%i!<$K$h$j!"F~3X4uK><T$N>pJs$,C/$G$b%"%/%;%92DG=$J>uBV$K$J$C$F$7$^$
$$^(B
$B$7$?!#(B

http://www.securityfocus.com/news/11239

5. Dell rejects spyware charge
$BCx<T(B: John Leyden
Dell $B$O!"%f!<%6$N1\Mw798~$rC5$kHQ$o$7$$%"%W%j%1!<%7%g%s$r%3%s%T%e!<%?$K(B

$B%$%s%9%H!<%k$7$F=P2Y$7$F$$$k$N$G$O$J$$$+$H$$$&5?OG$rH]Dj$7$^$7$?!#(B

http://www.securityfocus.com/news/11250

6. Phlooding attack could leave enterprises high and dry
$BCx<T(B: John Leyden
$B%;%-%e%j%F%#$N6<0R$K$D$$$F0u>]E*$JMQ8l$r?7$7$/:n$j=P$9(B IT $B%;%-%e%j%F%#6H(B
$B3&$NG=NO$OBg$7$?$b$N$G$9!#(B

http://www.securityfocus.com/news/11249

7. British government lost 150 PCs this year
$BCx<T(B: John Oates
$B1Q9qFbL3>J$O!":#G/$KF~$C$F$+$iB>$N$I$N>J$h$j$bB?$/$N%3%s%T%e!<%?$rJ6<
:$7(B
$B$F$$$^$9!#<#0B$rC4$C$F$$$k0lJ}$G!"=jM-$9$k:b;:$N4IM}$OF@0U$G$O$J$$$h$
&$G(B
$B$9!#(B

http://www.securityfocus.com/news/11246

8. Sophos glitch leaves PCs hanging
$BCx<T(B: John Leyden
Microsoft $B$,:G6a8x3+$7$?%;%-%e%j%F%#99?7$K$h$C$F!"(BSophos $B$N<gNO@=IJ$G$"(B
$B$k%"%s%A%&%$%k%9%9%-%c%s%=%U%H%&%'%"$N%f!<%6$OLdBj$rJz$($k$3$H$K$J$j$
^$7(B
$B$?!#(B

http://www.securityfocus.com/news/11247

--
$BK]Lu(B: LAC $BK]Lu%A!<%`(B
$B4F=$(B: $B>.3^8691M:(B (OGASAWARA Tsuneo)
LAC Co., Ltd.
http://www.lac.co.jp/index.html

[ reply ]