$B>.3^86(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 325 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

------------------------------------------------------------------------
---
BugTraq-JP $B$K4X$9$k(B FAQ ($BF|K\8l(B):
http://www.securityfocus.com/archive/79/description
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B
$B!&(BBugTraq-JP $B$X$N;22CJ}K!!"C&B`J}K!$O$3$N(B FAQ $B$r$4;2>H$/$@$5$$(B
------------------------------------------------------------------------
---
SecurityFocus Newsletter $B%"!<%+%$%V(B ($B1Q8l(B):
http://www.securityfocus.com/archive/78
BugTraq $B$K4X$9$k(B FAQ ($B1Q8l(B):
http://www.securityfocus.com/archive/1/description
------------------------------------------------------------------------
---
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
$B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#
(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
$B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
$B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
------------------------------------------------------------------------
---
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^
(B
$B$9!#(B
------------------------------------------------------------------------
---
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
$BHG$r$4Ej9FD:$/$+!"4F=$<T(B (t.ogaswr (at) lac.co (dot) jp [email concealed]) $B$K$*CN$i$;$/$@$5$$!#(B
$B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
------------------------------------------------------------------------
---
This translation is encoded and posted in ISO-2022-JP.

$B86HG(B:
Date: Thu, 24 Nov 2005 09:34:27 -0700
Message-ID: <4385EB92.3070706 (at) securityfocus (dot) com [email concealed]>

SecurityFocus Newsletter #325
-----------------------------

This Issue is Sponsored By: SpiDynamics

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
1. Sony-baloney
2. Windows rootkits in 2005, part two
II. BUGTRAQ SUMMARY
1. Cisco IPSec Unspecified IKE Traffic Denial Of Service Vulnerabilities
2. Juniper Networks Routers ISAKMP IKE Traffic Multiple Unspecified Vulnerabilities
3. Secgo Software Crypto IP Gateway/Client IKEv1 Traffic Multiple Unspecified Vulnerabilities
4. Help Center Live Module.PHP Local File Include Vulnerability
5. Stonesoft StoneGate Firewall/VPN Client IKEv1 Traffic Multiple Unspecified Vulnerabilities
6. XOOPS Multiple Input Validation Vulnerabilities
7. Cisco Adaptive Security Applicance Failover Testing Denial of Service Weakness
8. GNU Mailman Attachment Scrubber UTF8 Filename Denial Of Service Vulnerability
9. Horde Unspecified Error Message Cross-Site Scripting Vulnerability
10. Wizz Forum Multiple SQL Injection Vulnerabilities
11. PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
12. PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
13. PHPsysInfo Multiple Input Validation Vulnerabilities
14. Peel rubid Parameter SQL Injection Vulnerability
15. Openswan IKE Traffic Denial Of Service Vulnerabilities
16. Codegrrl Protection.PHP Unspecified Code Execution Vulnerability
17. Cyphor Show.PHP SQL Injection Vulnerability
18. Walla TeleSite Multiple Input Validation Vulnerabilities
19. Sun Solaris LibIKE IKE Exchange Denial Of Service Vulnerability
20. PHPNuke Search Module SQL Injection Vulnerability
21. Multiple Vendor Antivirus Products Obscured File Name Scan Evasion Vulnerability
22. MyBulletinBoard Multiple HTML Injection Vulnerabilities
23. Pearl Forums Index.PHP Multiple SQL Injection Vulnerabilities
24. MyBulletinBoard Unspecified Denial Of Service Vulnerability
25. PNMToPNG Alphas_Of_Color Buffer Overflow Vulnerability
26. GDK-Pixbuf XPM Images Integer Overflow Vulnerability
27. GDK-Pixbuf/GTK XPM Images Infinite Loop Denial Of Service Vulnerability
28. First 4 Internet CodeSupport Uninstallation ActiveX Software Remote Code Execution Vulnerability
29. PADL Software MigtrationTools Insecure Temporary File Creation Vulnerability
30. First 4 Internet XCP-Aurora Unspecified Local Vulnerabilities
31. Pearl Forums Index.PHP Local File Include Vulnerability
32. Macromedia Breeze Communication Server and Live Server RTMP Data Validation Vulnerability
33. GDK-Pixbuf/GTK XPM Images Buffer Overflow Vulnerability
34. PHPWCMS Multiple Remote File Include Vulnerabilities
35. Macromedia Flash Communication Server MX RTMP Data Validation Vulnerability
36. Macromedia Contribute Publishing Server Insecure Shared Connection Key Encryption Weakness
37. Pollvote File Include Vulnerability
38. PHPWCMS Multiple Cross-Site Scripting Vulnerabilities
39. AlstraSoft Template Seller Pro Remote File Include Vulnerability
40. AlstraSoft Template Seller Pro SQL Injection Vulnerability
41. Ekinboard Title Post HTML Injection Vulnerability
42. Belkin Wireless Routers Remote Authentication Bypass Vulnerability
43. Apple iTunes 6 For Windows Arbitrary Local Code Execution Vulnerability
44. Ekinboard Profile.PHP Cross-Site Scripting Vulnerability
45. Multiple Vendor lpCommandLine Application Path Vulnerability
46. Floosietek FTGate IMAP Server Buffer Overflow Vulnerability
47. Oracle Database Windows XP Simple File Sharing Authentication Bypass Vulnerability
48. IBM Informix Dynamic Server Windows XP Simple File Sharing Authentication Bypass Vulnerability
49. IBM DB2 Windows XP Simple File Sharing Authentication Bypass Vulnerability
50. Cisco 7920 Wireless IP Phone Fixed SNMP Community String Vulnerability
51. Counterpane Password Safe Insecure Encryption Vulnerability
52. Cisco 7920 Wireless IP Phone VxWorks Remote Debugger Access Vulnerability
53. FreeFTPD User Command Buffer Overflow Vulnerability
54. AudienceView Error.ASP Cross-Site Scripting Vulnerability
55. Microsoft Windows Plug and Play Denial of Service Vulnerability
56. Mambo Open Source Remote File Include Vulnerability
57. Nortel Switched Firewall IKE Traffic Multiple Unspecified Vulnerabilities
58. Antharia OnContent // CMS Index.PHP SQL Injection Vulnerability
59. PHPWebThings MSG Parameter SQL Injection Vulnerability
60. Unclassified NewsBoard Forum.PHP SQL Injection Vulnerability
61. Arki-DB Index.PHP SQL Injection Vulnerability
62. Multiple Vendor TCP Acknowledgements Remote Denial Of Service Vulnerability
63. Uresk Links Admin Index.PHP Authentication Bypass Vulnerability
64. PHP Easy Download Edit.PHP Authentication Bypass Vulnerability
65. HP Jetdirect 635n IPv6/IPsec Print Server IKE Exchange Denial Of Service Vulnerability
66. Opera Web Browser HTML Form Status Bar Misrepresentation Vulnerability
67. Pmachine Pro Email This Entry Mail_autocheck.PHP Remote File Include Vulnerability
68. HP-UX IKE Exchange Denial Of Service Vulnerabilities
69. Senao SI-680H VOIP WIFI Phone VxWorks Remote Debugger Access Vulnerability
70. UTStarcom F1000 VOIP WIFI Phone Multiple Remote Access Vulnerabilities
71. Hitachi WirelessIP5000 Multiple Unauthorized Access Vulnerabilities
72. Zyxel P2000W v.1 VOIP WIFI Phone Information Disclosure Vulnerability
73. Check Point Firewall-1 and VPN-1 ISAKMP IKE Unspecified Denial of Service Vulnerability
74. Interspire ArticleLive NX Search Module SQL Injection Vulnerability
75. Revize CMS Query_results.JSP SQL Injection Vulnerability
76. Revize CMS Revize.XML Information Disclosure Vulnerability
77. WHM AutoPilot Account Cancellation Access Validation Vulnerability
78. Revize CMS HTTPTranslatorServlet Cross-Site Scripting Vulnerability
79. LiteSpeed ConfMgr.php Cross-Site Scripting Vulnerability
80. FreeFTPD Multiple Buffer Overflow Vulnerabilities
81. yaSSL Unspecified Certificate Chain Processing Vulnerability
82. Qualcomm Worldmail Server Directory Traversal Vulnerability
83. XMB Forum Member.PHP HTML Injection Vulnerability
84. VP-ASP Shopping Cart Shopadmin.ASP HTML Injection Vulnerability
85. Novell NetMail IMAP Unspecified Buffer Overflow Vulnerability
86. MailEnable IMAP Mailbox Name Buffer Overflow Vulnerability
87. Magic Winmail Server Multiple Input Validation Vulnerabilities
88. MailEnable IMAP Command Directory Traversal Vulnerability
89. SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Multiple Vulnerabilities Fixed
90. GNU gnump3d CGI And Cookie Parameter Directory Traversal Vulnerability
91. Hitachi Products Multiple Cross-Site Scripting Vulnerabilities
92. Hitachi Groupmax Mail Unspecified Malformed Email Message Denial Of Service Vulnerability
93. Hitachi Collaboration Schedule Unspecified Denial Of Service Vulnerability
94. PHP-Fusion Options.php and Viewforum.php SQL Injection Vulnerabilities
95. Exponent Content Management System Multiple Improper File Permission Vulnerabilities
96. PHPMyFAQ Multiple Cross-Site Scripting Vulnerabilities
III. SECURITYFOCUS NEWS
1. Texas puts Sony BMG in its sights
2. Sony BMG's copy-protection problems grow
3. Sony BMG faces digital-rights siege
4. Gold at the end of rainbow cracking?
5. Skype under scrutiny for bugs
6. Say hello to the Skype Trojan
7. Shared music abuse bug hits iTunes
8. US cybersecurity all at sea

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
----------------------------

II.BUGTRAQ SUMMARY
--------------------
1. Cisco IPSec Unspecified IKE Traffic Denial Of Service Vulnerabilities
BugTraq ID: 15401
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15401
$BMWLs(B:
$B3F<o$N(B Cisco IOS$B!"(BPIX Firewall$B!"(BFirewall Services Module (FWSM)$B!"(BVPN
3000 Series Concentrator$B!"$*$h$S(B MDS Series SanOS $B%j%j!<%9$O!"%5!<%S%9IT(B
$BG=>uBV$K4Y$k967b$r<u$1$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"(BCisco $B$N(B IPSec
$B<BAu$K$*$1$k%;%-%e%j%F%#>e$NITHw$KM3Mh$7$^$9!#$3$l$i$NLdBj$O!"0U?^E*$
K:n(B
$B@.$5$l$?(B IKE $B%H%i%U%#%C%/$K$h$j0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B967b$,@.8y$9$k$H!"LdBj$N$"$k%G%P%$%9$,$[$H$s$I$N>l9g:F5/F0$9$k$3$H$K$
J$j(B
$B$^$9!#(BCisco MDS Series $B%G%P%$%9$K$D$$$F$O!"1F6A$O(B IKE $B%W%m%;%9$,:F3+$5$l(B
$B$k$@$1$K$H$I$^$j$^$9!#(B

2. Juniper Networks Routers ISAKMP IKE Traffic Multiple Unspecified Vulnerabilities
BugTraq ID: 15402
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15402
$BMWLs(B:
$B3F<o$N(B Juniper Networks M$B!"(BT$B!"(BJ$B!"$*$h$S(B E Series Routers $B$O!"L$FCDj$NJ#(B
$B?t$NLdBj$N1F6A$r<u$1$^$9!#%P%C%U%!%*!<%P!<%U%m!<!"%U%)!<%^%C%H%9%H%j%
s%0!"(B
$B$*$h$S%5!<%S%9ITG=>uBV$K4Y$kLdBj$,Js9p$5$l$F$$$^$9!#(B

$B$3$l$i$NLdBj$O!"(BPROTOS ISAKMP Test Suite $B$r;HMQ$7$F8!=P$5$l$^$7$?!#$^$?!"(B
$B0U?^E*$K:n@.$5$l$?(B IKEv1 $B%H%i%U%#%C%/$N=hM}$K4XO"$7$F$$$^$9!#(B

3. Secgo Software Crypto IP Gateway/Client IKEv1 Traffic Multiple Unspecified Vulnerabilities
BugTraq ID: 15403
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15403
$BMWLs(B:
Secgo Software Crypto IP Gateway $B$*$h$S(B Client $B$O!"(BIKEv1 $B<BAu$K$*$$$FL$(B
$BFCDj$NJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#%P%C%U%!%*!<%P!<%U%m!<$*$h$
S%5!<(B
$B%S%9ITG=>uBV$K4Y$kLdBj$J$I$,Js9p$5$l$F$$$^$9!#(B

$B$3$l$i$NLdBj$O!"(BPROTOS ISAKMP Test Suite $B$r;HMQ$7$F8!=P$5$l$^$7$?!#$^$?!"(B
$B0U?^E*$K:n@.$5$l$?(B IKEv1 $B%H%i%U%#%C%/$N=hM}$K4XO"$7$F$$$^$9!#(B

4. Help Center Live Module.PHP Local File Include Vulnerability
BugTraq ID: 15404
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15404
$BMWLs(B:
Help Center Live $B$K$O!"%m!<%+%k$G%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,$"$j(B
$B$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$
5$l(B
$B$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"=EMW$J>pJs$r3+<($9$k2DG=@-$,$"$j$^$9!#$3$
l$O!"(B
$BLdBj$N$"$k%3%s%T%e!<%?$KBP$7$F99$J$k967b$r;n$_$k$?$a$N<j=u$1$H$J$k2DG
=@-(B
$B$,$"$j$^$9!#(B

$B$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$NG$0U$N%U%!%$%k$r(B Web $B%5!<(B
$B%P$N8"8B$GFI$_<h$k2DG=@-$,$"$k$3$H$bN10U$9$Y$-$G$9!#(B

5. Stonesoft StoneGate Firewall/VPN Client IKEv1 Traffic Multiple Unspecified Vulnerabilities
BugTraq ID: 15405
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15405
$BMWLs(B:
Stonesoft StoneGate Firewall $B$*$h$S(BVPN Client $B$K$O!"(BIKEv1 $B<BAu$K$*$$$F(B
$BL$FCDj$NJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#%P%C%U%!%*!<%P!<%U%m!<!"%
U%)!<(B
$B%^%C%H%9%H%j%s%0!"$*$h$S%5!<%S%9ITG=>uBV$K4Y$kLdBj$,@x:_E*$KB8:_$7$F$
$$^(B
$B$9!#(B

$B$3$l$i$NLdBj$O!"(BPROTOS ISAKMP Test Suite $B$r;HMQ$7$F8!=P$5$l$^$7$?!#$^$?!"(B
$B0U?^E*$K:n@.$5$l$?(B IKEv1 $B%H%i%U%#%C%/$N=hM}$K4XO"$7$F$$$^$9!#(B

6. XOOPS Multiple Input Validation Vulnerabilities
BugTraq ID: 15406
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15406
$BMWLs(B:
XOOPS $B$K$O!"F~NOCM$NBEEv@-3NG'$K4XO"$9$kJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^(B

$B$9!#(B

XOOPS $B$K$O!"%G%#%l%/%H%j%H%i%P!<%5%k967b$r<u$1$k5?$$$,$"$j$^$9!#$3$NLdBj(B

$B$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM
3Mh(B
$B$7$^$9!#(B

XOOPS $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"(B
$B%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?%$%:=h(B
$BM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"$3$N%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#$KBP$9$k6<0R$r>7$
/!"(B
$B$"$k$$$O%G!<%?$,3+<($^$?$OJQ99$5$l$k2DG=@-$,$"$j$^$9!#967b<T$O$3$NLdB
j$r(B
$BMxMQ$7$FG$0U$N%3%^%s%I$r<B9T$9$k2DG=@-$b$"$j$^$9!#(B

7. Cisco Adaptive Security Applicance Failover Testing Denial of Service Weakness
BugTraq ID: 15407
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15407
$BMWLs(B:
Cisco Adaptive Security Appliances $B$K$O!"FCDj$N>u672<$G%5!<%S%9ITG=>uBV(B
$B$K4Y$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"(BARP $B1~Ez$NBEEv@-8!>Z$,==(B
$BJ,$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

7.0(0)$B!"(B7.0(2)$B!"$*$h$S(B 7.0(4) $B$,2TF0$7$F$$$k(B Cisco ASA $B%G%P%$%9$,$3$NLd(B
$BBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$
1$k(B
$B2DG=@-$,$"$j$^$9!#(B

8. GNU Mailman Attachment Scrubber UTF8 Filename Denial Of Service Vulnerability
BugTraq ID: 15408
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15408
$BMWLs(B:
GNU Mailman $B$K$O!"%5!<%S%9ITG=>uBV$K4Y$k967b$r<u$1$k5?$$$,$"$j$^$9!#E:IU(B
$B%U%!%$%k$N8!>Z!&=|5n%f!<%F%#%j%F%#$,$3$NLdBj$N1F6A$r<u$1$^$9!#(B

$B$3$NLdBj$O!"%a!<%j%s%0%j%9%H$N%]%9%H$K$h$j0z$-5/$3$5$l$k2DG=@-$,$"$j$
^$9!#(B
$B$^$?!"%"%W%j%1!<%7%g%s$,%[%9%H$9$k%a!<%j%s%0%j%9%H$NMxMQ$K1F6A$r5Z$\$
7$^(B
$B$9!#(B

9. Horde Unspecified Error Message Cross-Site Scripting Vulnerability
BugTraq ID: 15409
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15409
$BMWLs(B:
Horde $B$K$O!"L$FCDj$N%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^(B

$B$9!#$3$NLdBj$O!"(BHorde $B$K$h$k%(%i!<%a%C%;!<%8$N%l%s%@%j%s%0J}K!$K4XO"$7$F(B
$B$$$^$9!#(B

$B$3$NLdBj$NMxMQ$K@.8y$9$k$H!"(BHorde$B$r%[%9%H$7$F$$$k%5%$%H$N%;%-%e
%j%F%#%3(B
$B%s%F%-%9%HFb$G!"967b<T$,0-0U$"$k(B HTML $B$d%9%/%j%W%H%3!<%I$rB>$N%f!<%6$N%V(B
$B%i%&%6%;%C%7%g%s$KA^F~$9$k$3$H$r5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#$3$l$K$
h$j!"(B
Cookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$d$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$,(B
$B$"$j$^$9!#(B

10. Wizz Forum Multiple SQL Injection Vulnerabilities
BugTraq ID: 15410
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15410
$BMWLs(B:
Wizz Forum $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
$B$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NO(B
$BCM$KBP$9$k%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

11. PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
BugTraq ID: 15411
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-11-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15411
$BMWLs(B:
PHP cURL $B$*$h$S(B GD $B$K$O!"(Bsafe_mode $B$*$h$S(B open_basedir $B$N@)Ls$r2sHr2DG=(B
$B$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#967b$,@.8y$9$k$H!"=EMW$J>pJs$,3
+<((B
$B$5$l$k2DG=@-$,$"$j$^$9!#(B

PHP 4.4.0 $B$*$h$S(B 5.0.5 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F(B
$B$$$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

12. PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
BugTraq ID: 15413
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-11-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15413
$BMWLs(B:
Apache 2 $B$N(B PHP $B$K$O!"(B'virtual()' $B$r8F$S=P$9$H$-$K@)8B$,2sHr$5$l$kLdBj$,(B
$BB8:_$9$k5?$$$,$"$j$^$9!#967b$,@.8y$9$k$H!"=EMW$J>pJs$,3+<($5$l$k2DG=@
-$,(B
$B$"$j$^$9!#(B

PHP 4.4.0 $B$*$h$S(B 5.0.5 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F(B
$B$$$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

13. PHPsysInfo Multiple Input Validation Vulnerabilities
BugTraq ID: 15414
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15414
$BMWLs(B:
phpsysInfo $B$K$O!"F~NOCM$NBEEv@-3NG'$K4XO"$9$kJ#?t$NLdBj$,B8:_$9$k5?$$$,(B
$B$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@
Z$K(B
$B<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

phpSysinfo $B$O!"%m!<%+%k$+$i%U%!%$%k$r%$%s%/%k!<%I$5$l$kLdBj!"(BHTTP $B1~EzJ,(B
$B3d$NLdBj!"$*$h$S%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$kLdBj$,B8:_$9$
k5?(B
$B$$$,$"$j$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"(BWeb $B%5!<%P%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$B%3%s%F%-%9%HFb$G%U%!%$%k$K%"%/%;%9$9$k!"(BWeb $B%W%m%-%7%5!<%P$N%-%c%C%7%e$r(B
$B1x@w$9$k!"$*$h$SI8E*%f!<%6$N(B Web $B%V%i%&%6$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G(B
$BG$0U$N(B HTML $B$*$h$S%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#(B

$B$=$NB>$N967b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

Debian $B%7%9%F%`$K$*$$$F$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$OMxMQ$5$l$J(B
$B$$E@$KN10U$9$Y$-$G$9!#(B

14. Peel rubid Parameter SQL Injection Vulnerability
BugTraq ID: 15415
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15415
$BMWLs(B:
Peel $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$K(B
$B$h$j!"%j%b!<%H$N967b<T$,%G!<%?%Y!<%9%/%(%j$K0-0U$"$kF~NOCM$rEO$7!"%/%
(%j(B
$B$NO@M}9=B$$rA`:n$9$k$J$I$N967b$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

Peel 2.6 $B$*$h$S(B 2.7 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^(B
$B$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

15. Openswan IKE Traffic Denial Of Service Vulnerabilities
BugTraq ID: 15416
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15416
$BMWLs(B:
Openswan $B$K$O!"(BISAKMP $B<BAu$K$*$$$F%5!<%S%9ITG=>uBV$K4Y$kJ#?t$NLdBj$,B8:_(B
$B$9$k5?$$$,$"$j$^$9!#(B

$B$3$l$i$NLdBj$O!"(BPROTOS ISAKMP Test Suite $B$r;HMQ$7$F8!=P$5$l$^$7$?!#$^$?!"(B
$B0U?^E*$K:n@.$5$l$?(B IKEv1 $B%H%i%U%#%C%/$N=hM}$K4XO"$7$F$$$^$9!#(B

2.4.2 $B$h$jA0$N(B Openswan 2.x $B%j%j!<%9$,$3$l$i$NLdBj$N1F6A$r<u$1$k$3$H$,9M(B
$B$($i$l$^$9!#(B

16. Codegrrl Protection.PHP Unspecified Code Execution Vulnerability
BugTraq ID: 15417
$B%j%b!<%H$+$i$N:F8=@-(B: $BITL@(B
$B8xI=F|(B: 2005-11-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15417
$BMWLs(B:
$BL$FCDj$N(B Codegrrl $B%"%W%j%1!<%7%g%s$K$O!"%j%b!<%H$+$iG$0U$N%3!<%I$,<B9T$5(B
$B$l$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM
}$,(B
$BE,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"(BWeb $B%5!<%P%W%m%;%9$N%;%-%e%j%F%#%3%s%F%-%9%H(B
$BFb$GG$0U$N%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"%7%9%F%`$KBP$
9$k(B
$B6<0R$r>7$/2DG=@-$,$"$j$^$9!#B>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!
#(B

17. Cyphor Show.PHP SQL Injection Vulnerability
BugTraq ID: 15418
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15418
$BMWLs(B:
Cyphor $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj(B
$B$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?%$(B
$B%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

18. Walla TeleSite Multiple Input Validation Vulnerabilities
BugTraq ID: 15419
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15419
$BMWLs(B:
Walla TeleSite $B$K$O!"F~NOCM$NBEEv@-3NG'$K4XO"$9$kJ#?t$NLdBj$,B8:_$9$k5?(B
$B$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$
,E,(B
$B@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

Walla TeleSite $B$K$O!">pJs$*$h$S%Q%9$,3+<($5$l$kLdBj!"%U%!%$%k$,Ns5s$5$l(B
$B$kLdBj!"(BSQL $B9=J8$,CmF~$5$l$kLdBj!"I8E*%f!<%6$N(B Web $B%V%i%&%6$*$h$SLdBj$N(B
$B$"$k%3%s%T%e!<%?$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G%/%m%9%5%$%H%9%/%j%W%F%
#%s(B
$B%0967b$r<u$1$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$=$NB>$N967b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

Walla Telesite 3.0 $B$K$*$$$F$3$NLdBj$N1F6A$r<u$1$^$9!#$3$l$h$jA0$N%P!<%8%g(B
$B%s$b1F6A$r<u$1$^$9!#(B

19. Sun Solaris LibIKE IKE Exchange Denial Of Service Vulnerability
BugTraq ID: 15420
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-14
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15420
$BMWLs(B:
Sun Solaris $B$K$O!"%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$j$^$9!#(B'libike' IKE $B<B(B
$BAu$K$3$NLdBj$,B8:_$7!"(B'in.iked' $B%G!<%b%s$NMxMQ$K1F6A$r5Z$\$92DG=@-$,$"$j(B
$B$^$9!#(B

$B$3$NLdBj$O!"(BPROTOS ISAKMP Test Suite $B$r;HMQ$7$F8!=P$5$l$^$7$?!#$^$?!"0U(B
$B?^E*$K:n@.$5$l$?(B IKEv1 $B%H%i%U%#%C%/$N=hM}$K4XO"$7$F$$$^$9!#$3$NLdBj$O8"(B
$B8B$N$"$k%f!<%6$K$h$j%j%b!<%H$+$i0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

20. PHPNuke Search Module SQL Injection Vulnerability
BugTraq ID: 15421
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15421
$BMWLs(B:
PHPNuke $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj(B
$B$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?%$(B
$B%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

21. Multiple Vendor Antivirus Products Obscured File Name Scan Evasion Vulnerability
BugTraq ID: 15423
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15423
$BMWLs(B:
$B$5$^$6$^$J%Y%s%@$+$iDs6!$5$l$F$$$kJ#?t$N%&%$%k%9BP:v@=IJ$K$O!"0U?^E*$
K:n(B
$B@.$5$l$?%U%!%$%k$,8!=P$r2sHr$9$k$N$r5v$7$F$7$^$&5?$$$,$"$k$3$H$,Js9p$
5$l(B
$B$F$$$^$9!#(B

$B$3$NLdBj$O!"LdBj$N$"$k%"%W%j%1!<%7%g%s$,9*L/$K2C9)$5$l$?%U%!%$%kL>$r;
}$D(B
$B%U%!%$%k$r=hM}$9$k$H$-$KH/@8$7$^$9!#(B

$B$3$NLdBj$K$h$j!"0-0U$"$k%U%!%$%k$,8!=P$r2sHr$7!"<u?.<T$K$h$C$F3+$+$l$
k2D(B
$BG=@-$,$"$j$^$9!#(B

$B99?7(B: Symantec $B$O!"(BSymantec $B@=IJ$K$D$$$F8=:_$3$NLdBj$rD4::Cf$G$9!#8=;~E@(B
$B$G$O!"0-0U$"$k%U%!%$%k$,%9%-%c%s$r2sHr$9$k$N$+!"<+F0:o=|5!G=$,<:GT$9$
k$N(B
$B$+$OITL@$G$9!#>\:Y>pJs$,8x3+$5$l<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

22. MyBulletinBoard Multiple HTML Injection Vulnerabilities
BugTraq ID: 15424
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15424
$BMWLs(B:
MyBulletinBoard $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"(B
$B$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%
s%D(B
$B$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$
7$^(B
$B$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
l$i(B
$B$NLdBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N%l%s%@%j%s%0J}K!$r@)8f$9$k2DG
=@-(B
$B$b$"$j$^$9!#$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

23. Pearl Forums Index.PHP Multiple SQL Injection Vulnerabilities
BugTraq ID: 15425
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15425
$BMWLs(B:
Pearl Forums $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^(B
$B$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"(B
$BF~NOCM$KBP$9$k%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

24. MyBulletinBoard Unspecified Denial Of Service Vulnerability
BugTraq ID: 15426
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15426
$BMWLs(B:
MyBulletinBoard $B$K$O!"%5!<%S%9ITG=>uBV$K4Y$kL$FCDj$NLdBj$,B8:_$9$k5?$$$,(B
$B$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<
B9T(B
$B$5$l$J$$$?$a$KH/@8$9$k2DG=@-$,9b$$$3$H$,?dB,$5$l$^$9!#(B

$B$3$NLdBj$K$D$$$F$O$o$:$+$J>pJs$7$+8x3+$5$l$F$$$^$;$s!#>\:Y$,8x3+$5$l<
!Bh(B
$B$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

25. PNMToPNG Alphas_Of_Color Buffer Overflow Vulnerability
BugTraq ID: 15427
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15427
$BMWLs(B:
pnmtopng $B$K$O!"%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k5?$$$,$"$j$^$9!#$3$NLdBj(B
$B$O!"%f!<%6$,;XDj$7$?F~NO%G!<%?$r%5%$%:$,IT==J,$J%a%b%j%P%C%U%!$K%3%T!
<$9(B
$B$kA0$K!"6-3&%A%'%C%/$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B'-alpha'
$B%3%^(B
$B%s%I%i%$%s%*%W%7%g%s$,;HMQ$5$l$k$H$-$K$3$NLdBj$,H/@8$9$k$3$H$,Js9p$5$
l$F(B
$B$$$^$9!#(B

$B$3$NLdBj$K$h$j!"967b<T$O!"LdBj$N$"$k%f!<%F%#%j%F%#$K2r<a$5$l$k$H$-$KG
$(B
$B0U$N%^%7%s%3!<%I$r<B9T$9$k0-0U$"$k(B PNM $B%U%!%$%k$r:n@.$9$k$3$H$,2DG=$H$J(B
$B$j$^$9!#LdBj$N$"$k%f!<%F%#%j%F%#$r<B9T$7$F$$$k%f!<%6$N%;%-%e%j%F%#%3%
s%F(B
$B%-%9%HFb$G%3!<%I$,<B9T$5$l$^$9!#(B

26. GDK-Pixbuf XPM Images Integer Overflow Vulnerability
BugTraq ID: 15428
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15428
$BMWLs(B:
gdk-pixbuf $B$O!"%j%b!<%H$+$iMxMQ2DG=$J@0?t%*!<%P!<%U%m!<$NLdBj$N1F6A$r<u(B
$B$1$^$9!#(B

$BLdBj$N$"$k%i%$%V%i%j$r;HMQ$9$k%"%W%j%1!<%7%g%s$,0U?^E*$K:n@.$5$l$?(B
XPM
$B%U%!%$%k$r=hM}$9$k$H$-$K!"%"%W%j%1!<%7%g%s$,%/%i%C%7%e$7@55,%f!<%6$X$
N%5!<(B
$B%S%9ITG=>uBV$r>7$/$3$H$K$J$j$^$9!#967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$
"$k(B
$B%i%$%V%i%j$r;HMQ$9$k%"%W%j%1!<%7%g%s$N8"8B$GG$0U$N%3!<%I$r<B9T$9$k2DG
=@-(B
$B$,$"$j$^$9!#(B

27. GDK-Pixbuf/GTK XPM Images Infinite Loop Denial Of Service Vulnerability
BugTraq ID: 15429
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15429
$BMWLs(B:
gdk-pixbuf $B$*$h$S(B gtk2 $B$K$O!"%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$k$3$H$,Js9p(B
$B$5$l$F$$$^$9!#LdBj$N$"$k$$$:$l$+$N%i%$%V%i%j$r;HMQ$7$F$$$k%"%W%j%1!<%
7%g(B
$B%s$,0U?^E*$K:n@.$5$l$?(B XPM $B2hA|%U%!%$%k$r=hM}$9$k$H$-$K$3$NLdBj$,H/@8$7(B
$B$^$9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$H!"LdBj$N$"$k%i%$%V%i%j$r;HMQ$9$k%"%W%j%1!<%7%g%
s$,(B
$BL58B%k!<%W$K4Y$j!"%5!<%S%9ITG=>uBV$K4Y$j$^$9!#(B

28. First 4 Internet CodeSupport Uninstallation ActiveX Software Remote Code Execution Vulnerability
BugTraq ID: 15430
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15430
$BMWLs(B:
First 4 Internet CodeSupport $B$K$O!"%j%b!<%H$+$i%3!<%I$,<B9T$5$l$k5?$$$,(B
$B$"$j$^$9!#(B

CodeSupport $B%Q%C%1!<%8$K$O!"%j%b!<%H$N(B Web $B%5%$%H$+$iG$0U$N%3%s%F%s%D$,(B
$B%@%&%s%m!<%I$5$l<B9T$5$l$k2DG=@-$,$"$j$^$9!#%j%b!<%H$N%3%s%F%s%D$N%=!
<%9(B
$B$,?.Mj$5$l$k%=!<%9M3Mh$G$"$k$3$H$,8!>Z$5$l$J$$>l9g!"967b<T$O$3$NLdBj$
rMx(B
$BMQ$7$F%3%s%F%s%D$r%@%&%s%m!<%I$7$FG$0U$N%=!<%9$K$"$k0-0U$"$k%3!<%I$r<
B9T(B
$B$7!"I8E*$N%3%s%T%e!<%?$KBP$9$k6<0R$r%j%b!<%H$+$i>7$/2DG=@-$,$"$j$^$9!
#(B

29. PADL Software MigtrationTools Insecure Temporary File Creation Vulnerability
BugTraq ID: 15431
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15431
$BMWLs(B:
PADL Software MigrationTools $B$G$O!"0l;~%U%!%$%k$N:n@.$,%;%-%e%j%F%#>eE,(B
$B@Z$K9T$o$l$^$;$s!#%m!<%+%k$K%"%/%;%9$,2DG=$J967b<T$O$3$NLdBj$rMxMQ$9$
k$3(B
$B$H$K$h$j!"LdBj$N$"$k%3%s%T%e!<%?$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G=EMW$J>
pJs(B
$B$r<hF@$9$k2DG=@-$,$"$j$^$9!#(B

$B$3$N967b$K$h$j=EMW$J%U%!%$%k$,>e=q$-$5$l$k>l9g!"5!L)@-$,<:$o$l!"%5!<%
S%9(B
$BITG=>uBV$K4Y$k2DG=@-$,9b$$$H?dB,$5$l$^$9!#$=$NB>$N967b$,<B9T$5$l$k2DG
=@-(B
$B$b$"$j$^$9!#(B

MigrationTools 46 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#(B
$B$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

30. First 4 Internet XCP-Aurora Unspecified Local Vulnerabilities
BugTraq ID: 15432
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15432
$BMWLs(B:
First 4 Internet XCP-Aurora DRM $B%=%U%H%&%'%"$K$"$k%+!<%M%k%I%i%$%P$K$O!"(B
$BJ#?t$NL$FCDj$NLdBj$,B8:_$7$^$9!#$3$l$i$NLdBj$O%+!<%M%k%I%i%$%P$KB8:_$
7$F(B
$B$$$k$?$a!"%m!<%+%k$N967b<T$,$3$l$i$NLdBj$rMxMQ$7$F(B SYSTEM $B%l%Y%k$N8"8B$r(B
$B<hF@$9$k2DG=@-$,$"$j$^$9!#(B

$B%+!<%M%k%a%b%j$NGK2u$,H/@8$9$k$3$H$,Js9p$5$l$F$$$k$3$H$+$i!"$3$l$i$NL
d(B
$BBj$N$$$/$D$+$O%P%C%U%!%*!<%P!<%U%m!<$K4XO"$7$F$$$k2DG=@-$,$"$j!"%m!<%
+%k(B
$B%+!<%M%k$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%3!<%I$,<B9T$5$l$k2DG=@-$
,$"(B
$B$j$^$9!#(B

$B99$J$k>\:Y$O!"8=;~E@$G$O8xI=$5$l$F$$$^$;$s!#>\:Y$,8x3+$5$l<!Bh!"$3$N
(B BID
$B$O99?7$5$l$kM=Dj$G$9!#(B

31. Pearl Forums Index.PHP Local File Include Vulnerability
BugTraq ID: 15433
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15433
$BMWLs(B:
Pearl Forums $B$K$O!"%m!<%+%k$G%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$
$$3(B
$B$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"=EMW$J>pJs$r3+<($9$k2DG=@-$,$"$j$^$9!#$3$
l$O!"(B
$BLdBj$N$"$k%3%s%T%e!<%?$KBP$7$F99$J$k967b$r;n$_$k$?$a$N<j=u$1$H$J$k2DG
=@-(B
$B$,$"$j$^$9!#(B

$B$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$NG$0U$N%U%!%$%k$r(B Web $B%5!<(B
$B%P$N8"8B$GFI$_<h$k2DG=@-$,$"$k$3$H$bN10U$9$Y$-$G$9!#(B

32. Macromedia Breeze Communication Server and Live Server RTMP Data Validation Vulnerability
BugTraq ID: 15434
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15434
$BMWLs(B:
Macromedia Breeze Communication Server $B$*$h$S(B Live Server $B$O!"(BRTMP $B%G!<(B
$B%?$NBEEv@-8!>Z$r==J,$K9T$C$F$$$^$;$s!#967b$,@.8y$9$k$H!"%5!<%S%9ITG=>
uBV(B
$B$K4Y$k2DG=@-$,$"$j$^$9!#(B

33. GDK-Pixbuf/GTK XPM Images Buffer Overflow Vulnerability
BugTraq ID: 15435
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15435
$BMWLs(B:
gdk-pixbuf $B$*$h$S(B gtk2 $B$K$O!"%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k5?$$$,$"$j(B
$B$^$9!#(B

$BLdBj$N$"$k%i%$%V%i%j$r;HMQ$9$k%"%W%j%1!<%7%g%s$,0U?^E*$K:n@.$5$l$?(B
XPM
$B2hA|%U%!%$%k$r=hM}$9$k$H$-$K!"%R!<%WNN0h$G%P%C%U%!%*!<%P!<%U%m!<$,H/@
8$7(B
$B$^$9!#967b<T$O$3$NLdBj$rMxMQ$7$F!"I8E*%f!<%6$N%;%-%e%j%F%#%3%s%F%-%9%
HFb(B
$B$GG$0U$N%3!<%I$r<B9T$9$k$3$H$,2DG=$G$9!#(B

34. PHPWCMS Multiple Remote File Include Vulnerabilities
BugTraq ID: 15436
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15436
$BMWLs(B:
phpwcms $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I2DG=$JJ#?t$NLdBj$,B8:_$9(B
$B$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=
hM}(B
$B$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F=EMW$J>pJs$r3+<($9$k2DG=@-$,$"$j$^$9!#$
3$l(B
$B$O!"LdBj$N$"$k%3%s%T%e!<%?$KBP$7$F99$J$k967b$r;n$_$k$?$a$N<j=u$1$H$J$
k2D(B
$BG=@-$,$"$j$^$9!#(B

35. Macromedia Flash Communication Server MX RTMP Data Validation Vulnerability
BugTraq ID: 15437
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15437
$BMWLs(B:
Macromedia Flash Communication Server MX $B$O!"(BRTMP $B%G!<%?$NBEEv@-8!>Z$r==(B
$BJ,$K9T$C$F$$$^$;$s!#967b$,@.8y$9$k$H!"%5!<%S%9ITG=>uBV$K4Y$k2DG=@-$,$
"$j(B
$B$^$9!#(B

36. Macromedia Contribute Publishing Server Insecure Shared Connection Key Encryption Weakness
BugTraq ID: 15438
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15438
$BMWLs(B:
Macromedia CPS (Contribute Publishing Server) $B$O!"6&M-@\B3%-!<$N0E9f2=$K(B
$B%;%-%e%j%F%#>e$NLdBj$,$"$k5?$$$,B8:_$7$^$9!#$3$l$i$N@\B3%-!<$O6&M-(B
FTP
$B$N%m%0%$%sG'>Z>pJs$K;HMQ$5$l$F$$$^$9!#(B

$B$3$NLdBj$O!"%j%b!<%H$N967b<T$,%M%C%H%o!<%/%Q%1%C%H$N%3%s%F%s%D$rI|9f2
=$9(B
$B$k$3$H$r5v$7$F$7$^$$!"J?J8$N%3%s%F%s%D$H$7$FG'>ZMQ>pJs$,<hF@$5$l!"99$
J$k(B
$B967b$,9T$o$l$k2DG=@-$,$"$j$^$9!#(B

Macromedia CPS 1.11 $B$h$jA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k5?(B
$B$$$,$"$j$^$9!#(B

37. Pollvote File Include Vulnerability
BugTraq ID: 15439
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15439
$BMWLs(B:
Pollvote $B$K$O!"%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"(B
$B%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$
7$^(B
$B$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N(B PHP $B%3!<%I$r%m!<%+%k$*$h$S%j%b!<%H$+$i<B9T$9$k(B
$B2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$
j$^(B
$B$9!#(B

38. PHPWCMS Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15440
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15440
$BMWLs(B:
phpwcms $B$K$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0$K4XO"$9$kJ#?t$NLdBj$,B8:_$9$k5?(B
$B$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$
,E,(B
$B@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdB
j$N(B
$B$"$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9
T$9(B
$B$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N(B
$B967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

39. AlstraSoft Template Seller Pro Remote File Include Vulnerability
BugTraq ID: 15441
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15441
$BMWLs(B:
Template Seller Pro $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,(B
$B$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<
B9T(B
$B$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N(B PHP $B%3!<%I$r%j%b!<%H$+$i<B9T$9$k2DG=@-$,$"$j$^(B
$B$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

40. AlstraSoft Template Seller Pro SQL Injection Vulnerability
BugTraq ID: 15442
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15442
$BMWLs(B:
Template Seller Pro $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^(B
$B$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NO(B
$BCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

41. Ekinboard Title Post HTML Injection Vulnerability
BugTraq ID: 15443
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15443
$BMWLs(B:
Ekinboard $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$N(B
$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;HMQ$9$kA0$
K!"(B
$BF~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N%l%s%@%j%s%0J}K!$r@)8f$9$k2DG=@-$
b$"(B
$B$j$^$9!#$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

42. Belkin Wireless Routers Remote Authentication Bypass Vulnerability
BugTraq ID: 15444
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15444
$BMWLs(B:
$BFCDj$N(B Belkin $B%o%$%d%l%9%k!<%?$O!"%j%b!<%H$+$i$NG'>Z$,2sHr$5$l$kLdBj$,B8(B
$B:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O(B Web $B4IM}%$%s%?%U%'!<%9$NG'>Z%W%m%;%9$K(B
$B$*$1$kITHw$KM3Mh$7$^$9!#(B

$B$3$NLdBj$K$h$j!"%j%b!<%H$N967b<T$,LdBj$N$"$k%G%P%$%9$KBP$7$F4IM}<T%"%
/%;(B
$B%9$r<B9T$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B%U%!!<%`%&%'%"$N%P!<%8%g%s$,(B4.05.03 $B$*$h$S(B 4.03.03 $B$H$J$C$F$$$k(B Belkin
F5D7232-4$B!"$*$h$S(B F5D7230-4 $B%k!<%?$,$3$NLdBj$N1F6A$r<u$1$^$9!#3F<o$N%G%P(B
$B%$%94V$G%3!<%I$,:FMxMQ$5$l$F$$$k$?$aB>$N%G%P%$%9$b1F6A$r<u$1$k2DG=@-$
,$"(B
$B$j$^$9!#(B

43. Apple iTunes 6 For Windows Arbitrary Local Code Execution Vulnerability
BugTraq ID: 15446
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-11-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15446
$BMWLs(B:
Apple iTunes 6 for Windows $B$K$O!"G$0U$N%m!<%+%k%3!<%I$,<B9T$5$l$kLdBj$,(B
$BB8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$l$OLdBj$N$"$k%"%W%j%1!<%7%g%s$r<B9T$9$k%f!<%6$N%;%-%e%j%F%#%3%s%F%
-%9(B
$B%HFb$G0-0U$"$k%3!<%I$,<B9T$5$l$F$7$^$&@_7W>e$NITHw$KM3Mh$7$^$9!#(B

44. Ekinboard Profile.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 15447
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15447
$BMWLs(B:
Ekinboard $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$
$$3(B
$B$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

45. Multiple Vendor lpCommandLine Application Path Vulnerability
BugTraq ID: 15448
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15448
$BMWLs(B:
$BJ#?t$N%Y%s%@$+$iDs6!$5$l$F$$$k%"%W%j%1!<%7%g%s$K$O!"G$0U$N%m!<%+%k%3!
<%I(B
$B$,<B9T$5$l$k5?$$$,$"$j$^$9!#(B

$B$3$l$OLdBj$N$"$k%"%W%j%1!<%7%g%s$r<B9T$9$k%f!<%6$N%;%-%e%j%F%#%3%s%F%
-%9(B
$B%HFb$G0-0U$"$k%3!<%I$,<B9T$5$l$F$7$^$&@_7W>e$NITHw$KM3Mh$7$^$9!#(B

46. Floosietek FTGate IMAP Server Buffer Overflow Vulnerability
BugTraq ID: 15449
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15449
$BMWLs(B:
Floosietek FTGate $B$N(B IMAP $B%5!<%P$K%j%b!<%H$+$i%P%C%U%!%*!<%P!<%U%m!<$,0z(B
$B$-5/$3$5$l$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#967b$,@.8y$9$k$H!"%5!<%S%95
qH](B
$B$^$?$OG$0U$N%3!<%I<B9T$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

47. Oracle Database Windows XP Simple File Sharing Authentication Bypass Vulnerability
BugTraq ID: 15450
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15450
$BMWLs(B:
Oracle Database $B$O!"4J0W%U%!%$%k$N6&M-$rM-8z$K$7$F$$$k(B Microsoft Windows
XP $B%3%s%T%e!<%?>e$G<B9T$5$l$F$$$k>l9g$K!"G'>Z$,2sHr$5$l$kLdBj$N1F6A$r<u
(B
$B$1$^$9!#(B

$B$3$NLdBj$K$h$j967b<T$O!"(BWindows XP $B$N%2%9%H%"%+%&%s%H$KBP$9$k6<0R$r>7$/(B
$B2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$rH/8+$7$?8&5f<T$O!"LdBj$N$"$k(B Oracle $B%G!<%?%Y!<%9@=IJ$N3N>Z$r<((B
$B$7$?0lMw$rDs6!$7$F$$$^$;$s!#8=;~E@$G$O!"(BWindows XP $B$G<B9T$5$l$k$9$Y$F$N(B
$B%P!<%8%g%s$,1F6A$r<u$1$k$H?dB,$5$l$F$$$^$9!#$3$N?dB,$KH?$9$k>pJs$,8x3
+$5(B
$B$l$?>l9g!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

48. IBM Informix Dynamic Server Windows XP Simple File Sharing Authentication Bypass Vulnerability
BugTraq ID: 15451
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15451
$BMWLs(B:
IBM Informix Dynamic Server (IBM Informix IDS) $B$O!"4J0W%U%!%$%k6&M-$rM-(B
$B8z$K$7$F$$$k(B Microsoft Windows XP $B%3%s%T%e!<%?>e$G<B9T$5$l$F$$$k>l9g$K!"(B
$BG'>Z$,2sHr$5$l$kLdBj$N1F6A$r<u$1$^$9!#(B

$B$3$NLdBj$K$h$j967b<T$O!"(BWindows XP $B$N(B Guest $B%"%+%&%s%H$r;HMQ$7$F%G!<%?%Y!<(B
$B%9$KIT@5$K%"%/%;%9$9$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$rH/8+$7$?8&5f<T$O!"LdBj$N$"$k(B IBM Informix Dynamic Server $B@=IJ(B
$B$NJq3gE*$J0lMw$rDs6!$7$F$$$^$;$s!#8=;~E@$G$O!"(BWindows XP $B$G<B9T$5$l$k$9(B
$B$Y$F$N%P!<%8%g%s$,1F6A$r<u$1$k$H?dB,$5$l$F$$$^$9!#$3$N?dB,$KH?$9$k>pJ
s$,(B
$B8x3+$5$l$?>l9g!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

49. IBM DB2 Windows XP Simple File Sharing Authentication Bypass Vulnerability
BugTraq ID: 15452
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15452
$BMWLs(B:
IBM DB2 $B$O!"4J0W%U%!%$%k6&M-$rM-8z$K$7$F$$$k(B Microsoft Windows XP $B%3%s%T%e!<(B
$B%?>e$G<B9T$5$l$F$$$k>l9g$K!"G'>Z$,2sHr$5$l$kLdBj$N1F6A$r<u$1$^$9!#(B

$B$3$NLdBj$K$h$j967b<T$O!"(BWindows XP $B$N%2%9%H%"%+%&%s%H$r;HMQ$7$F%G!<%?%Y!<(B
$B%9$KIT@5$K%"%/%;%9$9$k2DG=@-$,$"$j$^$9!#(BGuest $B%"%+%&%s%H$H$7$F967b<T$rG'(B
$B>Z$9$k%+%9%?%`%/%i%$%"%s%H$G$3$NLdBj$,MxMQ$5$l$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$rH/8+$7$?8&5f<T$O!"LdBj$N$"$k(B IBM DB2 $B@=IJ$NJq3gE*$J0lMw$rDs6!(B
$B$7$F$$$^$;$s!#8=;~E@$G$O!"(BWindows XP $B$G<B9T$5$l$k$9$Y$F$N%P!<%8%g%s$,1F(B
$B6A$r<u$1$k$H?dB,$5$l$F$$$^$9!#$3$N?dB,$KH?$9$k>pJs$,8x3+$5$l$?>l9g!"$
3$N(B
BID $B$O99?7$5$l$kM=Dj$G$9!#(B

50. Cisco 7920 Wireless IP Phone Fixed SNMP Community String Vulnerability
BugTraq ID: 15454
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15454
$BMWLs(B:
Cisco 7920 Wireless IP Phone $B$K$O!"%G%U%)%k%H$G(B SNMP $B%3%_%e%K%F%#L>$,8G(B
$BDj$5$l$F$$$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$K$h$j%j%b!<%H$N967
b<T(B
$B$,%G%P%$%9$N@_Dj$rFI$_=P$7$FJQ99$9$k2DG=@-$,$"$j$^$9!#(B

$B%U%!!<%`%&%'%"(B 1.0(8) $B0JA0$r<B9T$7$F$$$k(B Cisco 7920 Wireless IP Phone $B$,(B
$B$3$NLdBj$N1F6A$r<u$1$^$9!#(B

51. Counterpane Password Safe Insecure Encryption Vulnerability
BugTraq ID: 15455
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15455
$BMWLs(B:
Counterpane Password Safe $B$K$O!"0E9f2=$,%;%-%e%j%F%#>eITE,@Z$K9T$o$l$F$$(B
$B$k$?$a%V%k!<%H%U%)!<%9967b(B ($BAmEv$j967b(B) $B$K$h$kI|9f2=$,MF0W$K$J$C$F$7$^$&(B
$BLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

Password Safe $B$G$O!"%V%k!<%H%U%)!<%9967b$K$h$k%Q%9%o!<%I$N?dB,967b$rF0E*(B
$B$K4KOB$9$k$?$a$K@_7W$5$l$F$$$k%-!<3HD%%"%k%4%j%:%`$,MxMQ$5$l$F$$$^$9!
#%i(B
$B%s%@%`$JCM$,(B Blowfish $B%"%k%4%j%:%`$K$h$C$F!"0E9f2=%-!<$H$7$F;HMQ$5$l$k%Q(B
$B%9%o!<%I$+$iGI@8$7$?CM$r;HMQ$7$F@i2s0E9f2=$5$l$^$9!#(BPassword Safe $B%G!<%?(B
$B%Y!<%9$KBP$7$F%V%k!<%H%U%)!<%9967b$r<B9T$7%Q%9%o!<%I$r?dB,$9$k$K$O!"9
67b(B
$B<T$OF1$8$h$&$K@i2s$N0E9f2=%9%F%C%W$r9T$&I,MW$,$"$j$^$9!#$3$l$OHs>o$KK
DBg(B
$B$J;~4V$H%j%=!<%9$rI,MW$H$9$k%V%k!<%H%U%)!<%9967b$H$J$j!"967b$,@.8y$9$
k2D(B
$BG=@-$ODc$/$J$j$^$9!#(B

$B$3$NLdBj$K$h$j!"(BPassword Safe $B%G!<%?%Y!<%9$K%"%/%;%9$G$-$k967b<T$,%V%k!<(B
$B%H%U%)!<%9967b$r9T$$!"K\Mh(B Password Safe $B$G0U?^$5$l$F$$$k$h$j$b3JCJ$K8z(B
$BN(E*$K%Q%9%o!<%I$r?dB,$G$-$k$h$&$K$J$j$^$9!#(BPassword Safe $B%G!<%?%Y!<%9$K(B
$B$"$k%G!<%?$r0-0U$"$k%f!<%6$,99$J$k967b$r9T$&$?$a$KMxMQ$9$k>l9g$,$"$j$
^$9!#(B

52. Cisco 7920 Wireless IP Phone VxWorks Remote Debugger Access Vulnerability
BugTraq ID: 15456
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15456
$BMWLs(B:
Cisco 7920 Wireless IP Phone $B$O!"%j%b!<%H%G%P%C%,$N@\B3$r5v2D$7$F$$$^$9!#(B
$B$3$NLdBj$rMxMQ$9$k967b$K@.8y$9$k$H!"%j%b!<%H$N967b<T$O%G%P%$%9$N%G%P%
C%0(B
$B>pJs$r<hF@$9$k!"$"$k$$$O%5!<%S%9ITG=>uBV$K4Y$i$;$k2DG=@-$,$"$j$^$9!#
(B

$B%U%!!<%`%&%'%"(B 2.0 $B0JA0$r<B9T$7$F$$$k(B Cisco 7920 Wireless IP Phone $B$,$3(B
$B$NLdBj$N1F6A$r<u$1$^$9!#(B

53. FreeFTPD User Command Buffer Overflow Vulnerability
BugTraq ID: 15457
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15457
$BMWLs(B:
freeFTPd $B$K$O!"%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k5?$$$,$"$j$^$9!#$3$NLdBj(B
$B$O!"%f!<%6$,;XDj$7$?%G!<%?$r8GDj%5%$%:$N%P%C%U%!$K3JG<$9$kA0$K!"6-3&%
A%'%C(B
$B%/$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F%5!<%P$r%/%i%C%7%e$5$;!"@55,%f!<%6$X$N%5!<%
S%9(B
$B5qH]$r>7$/2DG=@-$,$"$j$^$9!#(BSYSTEM $B8"8B$GG$0U$N%3!<%I$,<B9T$5$l$k2DG=@-(B
$B$b$"$j$^$9!#(B

54. AudienceView Error.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 15459
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15459
$BMWLs(B:
AudienceView $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^(B
$B$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$
l$J(B
$B$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

55. Microsoft Windows Plug and Play Denial of Service Vulnerability
BugTraq ID: 15460
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15460
$BMWLs(B:
Microsoft Windows $B$N(B Plug and Play $B%5!<%S%9$K$O!"%5!<%S%9ITG=>uBV$K4Y$k(B
$BLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"2>A[%a%b%j$N>CHq$r0z$-5/$3$
9%5!<(B
$B%S%9$X$N0U?^E*$K:n@.$5$l$?%j%/%(%9%H$K$h$jH/@8$7$^$9!#(B

Windows XP $B$G$O!"85!9@bL@$5$l$F$$$k967bJ}K!$r;HMQ$7$F$3$NLdBj$rMxMQ$9$k(B
$B$K$O!"967b<T$O%j%b!<%H%W%m%7!<%8%c%3!<%k(B (RPC) $B$r;HMQ$7$FG'>Z$9$kI,MW$,(B
$B$"$j$^$9!#(B

$B99?7(B: $B?.Mj$5$l$k>pJs8;$K$h$k$H!"(BMicrosoft Windows XP SP2 $B$NL>A0IU$-%Q%$(B
$B%W$d$=$NB>$N(B MSRPC $B%3!<%k$r2p$7$F$3$NLdBj$OF?L>$GMxMQ2DG=$G$"$k$3$H$,<((B
$B$5$l$F$$$^$9!#(BMicrosoft $B$,Ev=i@bL@$7$F$$$?967bJ}K!$H$OJL$NJ}K!$K$h$j$3$N(B
$BLdBj$,MxMQ$5$l$k2DG=@-$,$"$j$^$9!#(B

56. Mambo Open Source Remote File Include Vulnerability
BugTraq ID: 15461
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15461
$BMWLs(B:
Mambo $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,$"$j$^$9!#$3$N(B

$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$
H$K(B
$BM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N(B PHP $B%3!<%I$r%j%b!<%H$+$i<B9T$9$k2DG=@-$,$"$j$^(B
$B$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B99?7(B: $B$3$NLdBj$O8=:_MxMQ$5$l$F$$$k$3$H$,Js9p$5$l$F$$$^$9!#J#?t$N(B Web $B%5(B
$B%$%H$N304Q$,2~JQ$5$l!"$^$?!"$3$N(B BID $B$G@bL@$5$l$F$$$kLdBj$,967b<T$N;22C(B
$BJ}K!$H$7$F8@5Z$5$l$F$$$^$9!#(B

57. Nortel Switched Firewall IKE Traffic Multiple Unspecified Vulnerabilities
BugTraq ID: 15462
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15462
$BMWLs(B:
Nortel Switched Firewal $B$K$O!"(BIKEv1 $B$K$*$$$FL$FCDj$NJ#?t$NLdBj$,B8:_$9$k(B
$B5?$$$,$"$j$^$9!#(B

$B$3$l$i$NLdBj$N$$$/$D$+$K$h$j%j%b!<%H$+$i%3!<%I$,<B9T$5$l!"LdBj$N$"$k%
G%P(B
$B%$%9$,40A4$K@)8f$5$l$k2DG=@-$,$"$j$^$9!#$3$l$K$D$$$F$O!"L$8!>Z$G$9!#
(B

$B$3$l$i$NLdBj$O!"(BPROTOS ISAKMP Test Suite $B$r;HMQ$7$F8!=P$5$l$^$7$?!#$^$?!"(B
$B0U?^E*$K:n@.$5$l$?(B IKEv1 $B%H%i%U%#%C%/$N=hM}$K4XO"$7$F$$$^$9!#(B

58. Antharia OnContent // CMS Index.PHP SQL Injection Vulnerability
BugTraq ID: 15464
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15464
$BMWLs(B:
Antharia OnContent // CMS $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,(B
$B$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"(B
$BF~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

59. PHPWebThings MSG Parameter SQL Injection Vulnerability
BugTraq ID: 15465
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15465
$BMWLs(B:
phpWebThings $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3(B
$B$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5(B
$B%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

60. Unclassified NewsBoard Forum.PHP SQL Injection Vulnerability
BugTraq ID: 15466
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15466
$BMWLs(B:
Unclassified NewsBoard $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"(B
$B$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"(B
$BF~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

61. Arki-DB Index.PHP SQL Injection Vulnerability
BugTraq ID: 15467
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15467
$BMWLs(B:
Arki-DB $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj(B
$B$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?%$(B
$B%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

62. Multiple Vendor TCP Acknowledgements Remote Denial Of Service Vulnerability
BugTraq ID: 15468
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15468
$BMWLs(B:
$BJ#?t$N%Y%s%@$N@=IJ$K$O!"%j%b!<%H$+$i$N(B TCP $B$N<u?.3NG'$K$h$j%5!<%S%9ITG=(B
$B>uBV$K4Y$k5?$$$,$"$j$^$9!#(B

$BAw?.85$N%[%9%H$+$i$N%Q%1%C%H$r<B:]$K<u?.$9$kA0$K!"%j%b!<%H%T%"$,<u?.3
NG'(B
$B%Q%1%C%H$r56B$$9$k>l9g$K!"$3$NLdBj$,H/@8$7$^$9!#Aw?.$5$l$F$$$k%Q%1%C%
H$N(B
$B<u?.3NG'$r%5!<%P$,<u$1<h$k$H$9$0$K!"%/%i%$%"%s%H$,<u?.$7$?$HH=CG$7$F$
7$^(B
$B$$$^$9!#$3$l$i$N<u?.3NG'%Q%1%C%H$O!"%5!<%P$NDL?.>uBV$N@)8f5!9=$K1F6A$
rM?(B
$B$($^$9!#(B

$B$3$NLdBj$O!"%j%b!<%H$N967b<T$,%M%C%H%o!<%/%j%=!<%9$r2aEY$K>CHq$7!"@55
,%f!<(B
$B%6$X$N%5!<%S%95qH]$r>7$/$3$H$r5v$7$F$7$^$$$^$9!#(B

RFC 793 $B$GDj5A$5$l$F$$$k(B TCP $B%W%m%H%3%k$N;EMM$K$3$NLdBj$,B8:_$7$^$9$,!"(B
$BFCDjB??t$N%Y%s%@$N(B TCP $B<BAu$b$3$NLdBj$N1F6A$r<u$1$k$3$H$,?dB,$5$l$^$9!#(B
$B8D!9$N(B TCP $B%W%m%H%3%k<BAu$,1F6A$r<u$1$k$3$H$,Js9p$5$l<!Bh!"$3$N(B BID $B$O99(B
$B?7$5$l$kM=Dj$G$9!#(B

63. Uresk Links Admin Index.PHP Authentication Bypass Vulnerability
BugTraq ID: 15469
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15469
$BMWLs(B:
Uresk Links $B$K$O!"G'>Z$,2sHr$5$l$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%"%W%j%1!<%7%g%s$KBP$9$k4IM}<T8
"8B(B
$B$r<hF@$9$k$3$H$,2DG=$G$9!#(B

64. PHP Easy Download Edit.PHP Authentication Bypass Vulnerability
BugTraq ID: 15470
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15470
$BMWLs(B:
PHP Easy Download $B$K$O!"G'>Z$,2sHr$5$l$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%"%W%j%1!<%7%g%s$KBP$9$k4IM}<T8
"8B(B
$B$r<hF@$9$k$3$H$,2DG=$G$9!#(B

65. HP Jetdirect 635n IPv6/IPsec Print Server IKE Exchange Denial Of Service Vulnerability
BugTraq ID: 15471
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15471
$BMWLs(B:
HP Jetdirect 635n IPv6/IPsec Print Server $B$O!"%5!<%S%9ITG=>uBV$K4Y$kLdBj(B
$B$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"(BHP $B$N(B IPSec $B<BAu$K$*$1$k%;%-%e%j%F%#(B
$B>e$NITHw$KM3Mh$7$^$9!#$3$NLdBj$O!"0U?^E*$K:n@.$5$l$?(B IKE $B%H%i%U%#%C%/$K(B
$B$h$j0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"(BPROTOS ISAKMP Test Suite $B$r;HMQ$7$F8!=P$5$l$^$7$?!#$^$?!"0U(B
$B?^E*$K:n@.$5$l$?(B IKEv1 $B%H%i%U%#%C%/$N=hM}$K4XO"$7$F$$$^$9!#(B

66. Opera Web Browser HTML Form Status Bar Misrepresentation Vulnerability
BugTraq ID: 15472
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15472
$BMWLs(B:
Opera Web $B%V%i%&%6$K$O!"967b<T$,%V%i%&%6$N%9%F!<%?%9%P!<$r56Au$7!"%f!<%6(B
$B$,0-0U$"$k%5%$%H$X$N%j%s%/$r%/%j%C%/$9$k$h$&$K;E8~$1$k$3$H$r5v$7$F$7$
^$&(B
$BLdBj$,B8:_$9$k$3$H$,3NG'$5$l$F$$$^$9!#(B

HTML $B7A<0$NEE;R%a!<%k$r2p$7$F$3$NLdBj$,MxMQ$5$l$k2DG=@-$,9b$$$3$H$,?dB,(B

$B$5$l$^$9$,!"%5!<%I%Q!<%F%#@=$N(B Web $B%"%W%j%1!<%7%g%s$G$O(B HTML $B%?%0$rA^F~(B
$B$9$k967b$N$h$&$JB>$N967bJ}K!$bB8:_$7$^$9!#(B

67. Pmachine Pro Email This Entry Mail_autocheck.PHP Remote File Include Vulnerability
BugTraq ID: 15473
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15473
$BMWLs(B:
Pmachine Pro Email This Entry $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%U%!%$%k$,%$(B
$B%s%/%k!<%I$5$l$k5?$$$,$"$k$3$H$,Js9p$5$l$F$$$^$9!#(B

$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$
$$3(B
$B$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N(B PHP $B%3!<%I$r%j%b!<%H$+$i<B9T$9$k2DG=@-$,$"$j$^(B
$B$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

68. HP-UX IKE Exchange Denial Of Service Vulnerabilities
BugTraq ID: 15474
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15474
$BMWLs(B:
HP-UX $B$K$O!"%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"(BHP $B$N(B
IPSec $B<BAu$K$*$1$k%;%-%e%j%F%#>e$NITHw$KM3Mh$7$^$9!#$3$l$i$NLdBj$O!"0U?^(B

$BE*$K:n@.$5$l$?(B IKE $B%H%i%U%#%C%/$K$h$j0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"(BPROTOS ISAKMP Test Suite $B$r;HMQ$7$F8!=P$5$l$^$7$?!#$^$?!"0U(B
$B?^E*$K:n@.$5$l$?(B IKEv1 $B%H%i%U%#%C%/$N=hM}$K4XO"$7$F$$$^$9!#(B

69. Senao SI-680H VOIP WIFI Phone VxWorks Remote Debugger Access Vulnerability
BugTraq ID: 15475
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15475
$BMWLs(B:
Senao SI-680H VOIP WIFI Phone $B$O!"%j%b!<%H%G%P%C%,$N@\B3$r5v2D$7$F$$$^$9!#(B
$B$3$NLdBj$rMxMQ$9$k967b$K@.8y$9$k$H!"%j%b!<%H$N967b<T$O%G%P%$%9$N%G%P%
C%0(B
$B>pJs$r<hF@$9$k!"$"$k$$$O%5!<%S%9ITG=>uBV$K4Y$i$;$k2DG=@-$,$"$j$^$9!#
(B

0.03.0839 $B$h$jA0$N%U%!!<%`%&%'%"$,2TF0$7$F$$$k(B Senao SI-680H VOIP WIFI
Phone $B$K$3$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$=$NB>$N%P!<%8%g%s$K$bLdBj$,$"(B

$B$k2DG=@-$,$"$j$^$9(B

70. UTStarcom F1000 VOIP WIFI Phone Multiple Remote Access Vulnerabilities
BugTraq ID: 15476
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15476
$BMWLs(B:
UTStarcom F1000 VOIP WIFI Phone $B$O%j%b!<%H$+$i%"%/%;%9$5$l$kJ#?t$NLdBj$,(B
$BB8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$rMxMQ$9$k%j%b!<%H$N967b<T$O!"%j%b!<%
H$+(B
$B$iLdBj$N$"$k%G%P%$%9$KBP$9$k4IM}<T8"8B$r<hF@$9$k$3$H$,2DG=$H$J$j$^$9!
#(B

$B%=%U%H%&%'%"(B s2.0$B!"%U%!!<%`%&%'%"%P!<%8%g%s(B 5.5.1 $B$N(B UTStarcom F1000
VOIP WIFI Phone $B$,$3$l$i$NLdBj$N1F6A$r<u$1$^$9!#$=$NB>$N%P!<%8%g%s$*$h$S(B
$B%G%P%$%9$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

71. Hitachi WirelessIP5000 Multiple Unauthorized Access Vulnerabilities
BugTraq ID: 15477
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15477
$BMWLs(B:
WirelessIP5000 $B$K$O!"IT@5%"%/%;%9$r>7$/J#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^(B
$B$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"=EMW$J>pJs$dK\Mh8"8B$,I,MW$H$5$l$k>pJ
s$r(B
$B3+<($9$k!"%G%P%$%9$N@_Dj$rJQ99$9$k!"$"$k$$$O@55,%f!<%6$X$N%5!<%S%95qH
]$r(B
$B>7$/$3$H$,2DG=$G$9!#(B

72. Zyxel P2000W v.1 VOIP WIFI Phone Information Disclosure Vulnerability
BugTraq ID: 15478
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15478
$BMWLs(B:
Zyxel P2000W v.1 VOIP WIFI Phone $B$K$O!">pJs$,O31L$9$k5?$$$,$"$k$3$H$,Js(B
$B9p$5$l$F$$$^$9!#(B

$B967b<T$K$h$j=EMW$J>pJs$,3+<($5$l!"99$J$k967b$KMxMQ$5$l$k2DG=@-$,$"$j$
^$9!#(B
$B967b<T$O!"<hF@$7$?>pJs$r%5!<%S%9ITG=>uBV$K4Y$i$;$k967b$KMxMQ$9$k2DG=@
-$,(B
$B$"$j$^$9!#(B

73. Check Point Firewall-1 and VPN-1 ISAKMP IKE Unspecified Denial of Service Vulnerability
BugTraq ID: 15479
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15479
$BMWLs(B:
Check Point Firewall-1 $B$*$h$S(B VPN-1 $B$K$O!"(BIPSec $B$N<BAu$KL$FCDj$NJ#?t$NLd(B
$BBj$,B8:_$9$k$?$a%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!
"0U(B
$B?^E*$K:n@.$5$l$?(B IKE $B%H%i%U%#%C%/$K$h$j0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

74. Interspire ArticleLive NX Search Module SQL Injection Vulnerability
BugTraq ID: 15480
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15480
$BMWLs(B:
ArticleLive NX $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N(B
$B%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

75. Revize CMS Query_results.JSP SQL Injection Vulnerability
BugTraq ID: 15481
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15481
$BMWLs(B:
Revize CMS $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$N(B
$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K(B
$B%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

$B$=$NB>$N%9%/%j%W%H$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

76. Revize CMS Revize.XML Information Disclosure Vulnerability
BugTraq ID: 15482
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15482
$BMWLs(B:
Revize CMS $B$K$O!">pJs$,O31L$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"=EMW$J%U%!%$(B
$B%k$X$N%"%/%;%9$,E,@Z$K@)8B$5$l$F$$$J$$LdBj$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F=EMW$J>pJs$rFI$_=P$9$3$H$,2DG=$G$9!#<hF@$5$
l$?(B
$B>pJs$O!"%P%C%/%(%s%I%7%9%F%`$KBP$9$k99$J$k967b$N<j=u$1$H$J$k2DG=@-$,$
"$j(B
$B$^$9!#$=$NB>$N967b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

77. WHM AutoPilot Account Cancellation Access Validation Vulnerability
BugTraq ID: 15483
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15483
$BMWLs(B:
WHM AutoPilot $B$O!"(BWeb $B%[%9%H4D6-$r4JC1$K4IM}$G$-$k$h$&$K@_7W$5$l$?>&MQ$N(B
$B%9%/%j%W%H$G$9!#(B

WHM AutoPilot $B$K$O!"%"%+%&%s%H$N<h$j>C$78"8B$NBEEv@-8!>Z$KLdBj$,$"$k5?$$(B
$B$,$"$j$^$9!#$3$NLdBj$O!">5G'$5$l$F$$$k%f!<%6$N$_$,%f!<%6$+$i$N<h$j>C$
7MW(B
$B5a$N=hM}$r<B9T$9$k$h$&$K$J$C$F$$$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"G$0U$N%f!<%6$KBP$9$k<h$j>C$7MW5a$rH/9T$9$
k$3(B
$B$H$,2DG=$G$9!#$3$NLdBj$K$h$jI8E*$N(B Web $B%[%9%H%"%+%&%s%H$,5$IU$+$L$&$A$K(B
$BL58z$H$J$C$F$7$^$$%5!<%S%9ITG=>uBV$K4Y$k2DG=@-$,$"$j$^$9!#(B

2.5.20 $B0JA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

78. Revize CMS HTTPTranslatorServlet Cross-Site Scripting Vulnerability
BugTraq ID: 15484
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15484
$BMWLs(B:
Revize CMS $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$
$$3(B
$B$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

79. LiteSpeed ConfMgr.php Cross-Site Scripting Vulnerability
BugTraq ID: 15485
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15485
$BMWLs(B:
LiteSpeed Web Server $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$(B
$B$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$
K<B(B
$B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

80. FreeFTPD Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 15486
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15486
$BMWLs(B:
freeFTPd $B$K$O!"%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$kJ#?t$NLdBj$,B8:_$9$k5?$$(B
$B$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?%G!<%?$r8GDj%5%$%:$N%P%C%
U%!(B
$B$K3JG<$9$kA0$K6-3&%A%'%C%/$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F%5!<%P$r%/%i%C%7%e$5$;!"@55,%f!<%6$X$N%
5!<(B
$B%S%95qH]$r>7$/2DG=@-$,$"$j$^$9!#(BSYSTEM $B8"8B$GG$0U$N%3!<%I$,<B9T$5$l$k2D(B
$BG=@-$b$"$j$^$9!#(B

81. yaSSL Unspecified Certificate Chain Processing Vulnerability
BugTraq ID: 15487
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15487
$BMWLs(B:
yaSSL $B$K$O!"G'>Z%A%'!<%s$N=hM}$KL$FCDj$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3(B

$B$NLdBj$K4XO"$9$k>\:Y>pJs$O!"8=;~E@$G$O8x3+$5$l$F$$$^$;$s!#(B

$B$3$NLdBj$K$h$jITE,@Z$J>ZL@=q$,@\B3$NG'>Z$K;HMQ$5$l$k2DG=@-$,$"$j$^$9!
#96(B
$B7b<T$O56Au$7$?>ZL@=q$r;HMQ$7$F$5$^$6$^$J967b$r9T$&2DG=@-$,$"$j$^$9!#
(B

$B?.Mj$N$*$1$k(B Web $B%5%$%H$rAu$&$3$H$G0-0U$"$k%5%$%H$,$3$NLdBj$rMxMQ$7$F!"(B
$B%U%#%C%7%s%0967b$r9T$&2DG=@-$,$"$k$3$H$,?dB,$5$l$^$9!#$3$l$i$K$h$j%f!
<%6(B
$B$OG'>Z$d=EMW$J>pJs$d8D?M>pJs$NAw?.$J$I$NA`:n$r9T$C$F$7$^$&2DG=@-$,$"$
j$^(B
$B$9!#(B

$B$3$NLdBj$K4XO"$9$k>\:Y>pJs$*$h$S1F6A$O!"8=;~E@$G$O8x3+$5$l$F$$$^$;$s!
#>\(B
$B:Y$J>pJs$,8x3+$5$l<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

82. Qualcomm Worldmail Server Directory Traversal Vulnerability
BugTraq ID: 15488
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15488
$BMWLs(B:
Qualcomm Worldmail $B%5!<%P$K$O!"%G%#%l%/%H%j%H%i%P!<%5%k967b$r<u$1$k5?$$(B
$B$,$"$j$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$NB>$N%f!<%6$,=jM-$9$k%U%!%$%k$X$N%
"%/(B
$B%;%98"$r967b<T$,<hF@$9$k2DG=@-$,$"$j$^$9!#(B

$B$3$NJ}K!$K$h$j=EMW$J>pJs$,<hF@$^$?$OJQ99$5$l$k2DG=@-$,$"$j$^$9!#(B

Worldmail $B%5!<%P(B 3.0 $B$,$3$NLdBj$N1F6A$r<u$1$^$9!#$=$NB>$N%P!<%8%g%s$b1F(B
$B6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

83. XMB Forum Member.PHP HTML Injection Vulnerability
BugTraq ID: 15489
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15489
$BMWLs(B:
XMB Forum $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$N(B
$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;HMQ$9$kA0$
K!"(B
$BF~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N2r<aJ}K!$r@)8f$9$k2DG=@-$b$"$j$^$
9!#(B
$B$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

84. VP-ASP Shopping Cart Shopadmin.ASP HTML Injection Vulnerability
BugTraq ID: 15490
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15490
$BMWLs(B:
VP-ASP Shopping Cart $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j(B
$B$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;
HMQ(B
$B$9$kA0$K!"F~NOCM$NBEEv@-3NG'$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N2r<aJ}K!$r@)8f$9$k2DG=@-$b$"$j$^$
9!#(B
$B$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

85. Novell NetMail IMAP Unspecified Buffer Overflow Vulnerability
BugTraq ID: 15491
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15491
$BMWLs(B:
Novell NetMail $B$NL$FCDj$N(B IMAP $B%3%^%s%I$K$O!"%P%C%U%!%*!<%P!<%U%m!<$r0z(B
$B$-5/$3$9LdBj$,B8:_$9$k5?$$$,$"$j$^$9!#967b$,@.8y$9$k$H!"%5!<%S%95qH]$
r>7(B
$B$/!"$"$k$$$OG$0U$N%3!<%I$,<B9T$5$l$k2DG=@-$,$"$j$^$9!#(B

NetMail 3.52D $B$K$3$NLdBj$,B8:_$7$^$9$,!"$3$l$h$jA0$N%P!<%8%g%s$b1F6A$r<u(B
$B$1$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$K$D$$$F$N6qBNE*$J>\:Y$O!"8=;~E@$G$O8x3+$5$l$F$$$^$;$s!#>\:Y$
,8x(B
$B3+$5$l<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

86. MailEnable IMAP Mailbox Name Buffer Overflow Vulnerability
BugTraq ID: 15492
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15492
$BMWLs(B:
MailEnable $B$NJ#?t$N(B IMAP $B%3%^%s%I$K$O!"%P%C%U%!%*!<%P!<%U%m!<$r0z$-5/$3(B
$B$9LdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O3F%3%^%s%I$K;XDj$5$l$k%a!<%
k%\%C(B
$B%/%9L>$NJQ?t$KBP$9$k6-3&%A%'%C%/$,E,@Z$K9T$o$l$F$$$J$$$3$H$KM3Mh$7$^$
9!#(B

$B$3$NLdBj$O!"(BHotfix MEIMAPS-UPD0511010000.zip $B$,E,MQ$5$l$?(B MailEnable
Professional 1.6 $B$*$h$S(B Hotfix MEIMAPS-UPD0511010000.zip $B$,E,MQ$5$l$?(B
MailEnable Enterprise 1.1 $B$,$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#(B
$B$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9(B

87. Magic Winmail Server Multiple Input Validation Vulnerabilities
BugTraq ID: 15493
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15493
$BMWLs(B:
Magic Winmail Server $B$K$O!"F~NOCM$NBEEv@-3NG'$K4XO"$9$kJ#?t$NLdBj$,B8:_(B
$B$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%
:=h(B
$BM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

Magic Winmail Server $B$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj!"(BHTML $B%?%0$r(B
$BA^F~2DG=$JLdBj!"$*$h$S%G%#%l%/%H%j%H%i%P!<%5%k967b$r<u$1$kLdBj$N1F6A$
r<u(B
$B$1$^$9!#(B

88. MailEnable IMAP Command Directory Traversal Vulnerability
BugTraq ID: 15494
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15494
$BMWLs(B:
MailEnable $B$K$O!"FCDj$N(B IMAP $B%3%^%s%I$r=hM}$9$k$H$-$K%G%#%l%/%H%j%H%i%P!<(B
$B%5%k967b$r<u$1$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#967b$,@.8y$9$k$H!"%G!<%
?$,(B
$BGK2u$5$l$k2DG=@-$,$"$j$^$9!#(B

Hotfix MEIMAPS-UPD0511010000.zip $B$,E,MQ$5$l$F$$$k(B MailEnable
Professional 1.6 $B$*$h$S(B Hotfix MEIMAPS-UPD0511010000.zip $B$,E,MQ$5$l$F$$(B
$B$k(B MailEnable Enterprise 1.1 $B$,$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$(B
$B$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9(B

89. SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Multiple Vulnerabilities Fixed
BugTraq ID: 15495
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15495
$BMWLs(B:
$BJ#?t$N%;%-%e%j%F%#>e$NLdBj$dITHw$r2r>C$9$k$?$a$N(B SCO OpenServer Mozilla
Web $B%V%i%&%6$N%"%C%W%G!<%H$,8x3+$5$l$F$$$^$9!#(B

$B:#2s$N%j%j!<%9$O!"J#?t$N%;%-%e%j%F%#>e$NLdBj$HITHw$r4^$`?tB?$/$N%P%0$
r=$(B
$B@5$9$k$b$N$G$9!#(B

$B$3$N%a%s%F%J%s%9%Q%C%/$G=$@5$5$l$?%P%0$NB?$/$O!"%m!<%+%k$^$?$O%j%b!<%
H$N(B
$B967b<T$K$h$C$FMxMQ$5$l$k2DG=@-$N$"$k!"%;%-%e%j%F%#$K1F6A$r5Z$\$9LdBj$
G$9!#(B
$B$3$NLdBj$N7k2L$H$7$F!"%5!<%S%9ITG=>uBV$K4Y$k!"$J$j$9$^$7$,9T$o$l$k!"@
x:_(B
$BE*$K=EMW$J>pJs$,<hF@$5$l$k!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k!
"FC(B
$BDj$N%;%-%e%j%F%#@)8B$,2sHr$5$l$k!"FCDj$N%G!<%?$,A`:n$5$l$k!"%f!<%6%7%
9%F(B
$B%`$KBP$9$k6<0R$r>7$/!"$"$k$$$O%m!<%+%k$G8"8B>:3J$,0z$-5/$3$5$l$k$3$H$
,?d(B
$BB,$5$l$^$9!#(B

90. GNU gnump3d CGI And Cookie Parameter Directory Traversal Vulnerability
BugTraq ID: 15496
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15496
$BMWLs(B:
GNU gnump3d $B$K$O!"%G%#%l%/%H%j%H%i%P!<%5%k967b$r<u$1$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$K4X$9$k>\:Y$J>pJs$O$[$H$s$I8x3+$5$l$F$$$^$;$s!#967b<T$O$3$NL
dBj(B
$B$rMxMQ$7$FG$0U$N%U%!%$%k$rFI$_=P$9$"$k$$$OGK2u$9$k$3$H$,?dB,$5$l$^$9!
#$3(B
$B$NLdBj$O%P%C%/%(%s%I%7%9%F%`$KBP$9$k99$J$k967b$KMxMQ$5$l$k2DG=@-$,$"$
j$^(B
$B$9!#$=$NB>$N967b$b9T$o$l$k2DG=@-$b$"$j$^$9!#(B

91. Hitachi Products Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15498
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15498
$BMWLs(B:
Hitachi Collaboration Schedule $B$*$h$S(B Collaboration Calendar $B$K$O!"%/%m(B
$B%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$kL$FCDj$NJ#?t$NLdBj$,B8:_$9$k5?$$$
,$"(B
$B$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$
K<B(B
$B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdB
j$N(B
$B$"$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9
T$9(B
$B$k2DG=@-$,$"$j$^$9!#$3$l$i$NLdBj$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`(B
$B<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

92. Hitachi Groupmax Mail Unspecified Malformed Email Message Denial Of Service Vulnerability
BugTraq ID: 15499
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15499
$BMWLs(B:
Hitachi Groupmax Mail $B$K$O!"0U?^E*$K:n@.$5$l$?EE;R%a!<%k$r=hM}$9$k:]$K!"(B
$B%5!<%S%9ITG=>uBV$K4Y$kL$FCDj$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$FLdBj$N$"$k%a!<%k%5!<%P$r%/%i%C%7%
e$5(B
$B$;!"@55,%f!<%6$X$N%5!<%S%95qH]$r>7$/2DG=@-$,$"$j$^$9!#(B

$B>\:Y$J>pJs$O8=:_8x3+$5$l$F$$$^$;$s!#?7$7$$>pJs$,8x3+$5$l<!Bh!"$3$N(B
BID
$B$O99?7$5$l$kM=Dj$G$9!#(B

93. Hitachi Collaboration Schedule Unspecified Denial Of Service Vulnerability
BugTraq ID: 15500
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15500
$BMWLs(B:
Hitachi Collaboration Schedule $B$K$O!"%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$j$^(B
$B$9!#(B

Hitachi Collaboration Schedule $B$KIT@5$JJ#?t$NMW5a$,Aw?.$5$l$k$H$3$NLdBj(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B99$J$k>\:Y$ODs6!$5$l$F$$$^$;$s!#(B

94. PHP-Fusion Options.php and Viewforum.php SQL Injection Vulnerabilities
BugTraq ID: 15502
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15502
$BMWLs(B:
PHP-Fusion $B$NJ#?t$N(B PHP $B%9%/%j%W%H$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,(B
$BB8:_$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$K$h$kF~NOCM$r(B SQL $B%/%(%j(B
$B$G;HMQ$9$kA0$K!"F~NOCM$KBP$9$k%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$
KM3(B
$BMh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

95. Exponent Content Management System Multiple Improper File Permission Vulnerabilities
BugTraq ID: 15503
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15503
$BMWLs(B:
Exponent Content Management System $B$K$OJ#?t$N%;%-%e%j%F%#>e$NLdBj$,B8:_(B
$B$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6%U%!%$%k$N%U%!%$%k%Q!<%_%C%
7%g(B
$B%s$,E,@Z$K@_Dj$5$l$$$J$$$?$a$KH/@8$7$^$9!#(B

$B$3$l$i$NLdBj$K$h$j!">pJs$,3+<($5$l$?$j!"LdBj$N$"$k(B Web $B%5%$%H$N%;%-%e%j(B
$B%F%#%3%s%F%-%9%H$G%9%/%j%W%H$,<B9T$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#(B

96. PHPMyFAQ Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15504
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15504
$BMWLs(B:
phpMyFAQ $B$K$O!"(BAdd Content $B%Z!<%8$N3F%Q%i%a!<%?$K%/%m%9%5%$%H%9%/%j%W%F%#(B
$B%s%0$NJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdB
j$N(B
$B$"$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9
T$9(B
$B$k2DG=@-$,$"$j$^$9!#$3$l$i$NLdBj$rMxMQ$9$k$3$H$K$h$C$F!"(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

III.SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Texas puts Sony BMG in its sights
$BCx<T(B: Robert Lemos
$B99?7(B: $B%F%-%5%9=#$N8!;vAmD9$O!"%F%-%5%9=#$,(B Sony BMG $B$rF1<R$N%3%T!<KI;_5;(B
$B=Q$,!VIT@5$J%9%Q%$%&%'%"!W$G$"$k$H$7$FDsAJ$7$?$3$H$rH/I=$7$^$7$?!#(B
EFF $B$O(B
$BF1F|9pAJ$rDs=P$7$F$$$^$9!#(B

http://www.securityfocus.com/news/11358

2. Sony BMG's copy-protection problems grow
$BCx<T(B: Robert Lemos
$B8&5f<T$?$A$,(B Sony BMG $B$N%3%T!<KI;_%=%U%H%&%'%"$K$OB?$/$N%;%-%e%j%F%#>e$N(B
$BLdBj$,B8:_$9$k$3$H$rH/8+$7!"J#?t$N5D0w$,%G%8%?%k%a%G%#%"$X$N2aEY$N@)L
s$K(B
$B$D$$$FHsFq$7$F$$$kCf!"(BSony BMG $B$OE9J^$+$i(B CD $B$r2s<}$7!"2~A1$5$l$?=|5n%D!<(B
$B%k$r8x3+$7!">CHq<T$,%G%#%9%/$rJVIJ$9$k5!2q$rDs6!$7$F$$$^$9!#(B

http://www.securityfocus.com/news/11357

3. Sony BMG faces digital-rights siege
$BCx<T(B: Robert Lemos
$B%&%$%k%9:n@.<T$K$h$C$F(B Sony BMG $B$N(B $B!H(Brootkit$B!I(B ($B%k!<%H%-%C%H(B) $B$,MxMQ$5$l(B
$B$F$$$k$H$$$&8=>u$r<u$1!"$3$N%3%s%F%s%DDs6!4k6H$KBP$9$k>CHq<T$*$h$S%;%
-%e(B
$B%j%F%#8&5f<T$?$A$N6l>p$OK!E*$J8e$m=b$rF@$^$7$?!#2;3Z6H3&$N5p?M$G$"$k
(B
Sony BMG $B$KBP$7!">/$J$/$H$b(B 5 $B7o$NAJ>Y$,4{$K5/$3$5$l$F$$$k$+:#8e5/$3$5$l(B
$B$kM=Dj$G$9!#(B

http://www.securityfocus.com/news/11356

4. Gold at the end of rainbow cracking?
$BCx<T(B: Robert Lemos
$B%Q%9%o!<%I%O%C%7%e$NBg5,LO$J%F!<%V%k$K$h$j!"@H<e$J%m%0%$%s>pJs$r2rFI$
9$k(B
$B$3$H$,6K$a$FMF0W$K$J$j$^$9!#0UM_$"$U$l$k?t?M$N?M!9$O!"$3$N%F!<%V%k$r%
$%s(B
$B%?!<%M%C%H$+$i%"%/%;%9$G$-$k$h$&$K$9$k$3$H$G2?$i$+$N%S%8%M%9$K$J$k$N$
G$O!"(B
$B$H9M$($F$$$^$9!#(B

http://www.securityfocus.com/news/11355

5. Skype under scrutiny for bugs
$BCx<T(B: John Leyden
$B9-$/;HMQ$5$l$F$$$k(B VoIP $B%3%_%e%K%1!<%7%g%s%=%U%H%&%'%"$G$"$k(B Skype $B$K4X(B
$BO"$9$k:G6a$N(B 2 $B7o$N?<9o$J%;%-%e%j%F%#>e$NLdBj$O!"%Y%s%@$K$H$C$F:G0-$N%?(B
$B%$%_%s%0$G5/$3$j$^$7$?!#(B

http://www.securityfocus.com/news/11354

6. Say hello to the Skype Trojan
$BCx<T(B: John Leyden
$B%&%$%k%9:n@.<T$O!"?M5$$N9b$$(B VoIP $B%=%U%H%&%'%"$G$"$k(B Skype $B$N:G?7%P!<%8%g(B
$B%s$K8+$;$+$1$??7$?$J%H%m%$$NLZGO$r;HMQ$7$F!"(BSkype $B%f!<%6$rI8E*$K$7$F$$$^(B
$B$9!#(B

http://www.securityfocus.com/news/11348

7. Shared music abuse bug hits iTunes
$BCx<T(B: John Leyden
$B%;%-%e%j%F%#8&5f<T$O!"?M5$$N9b$$(B Apple $B$N(B iTunes $B%W%m%0%i%`$GLdBj$rH/8+(B
$B$7$^$7$?!#$3$NLdBj$O!"6&M-$N2;3Z$r%@%&%s%m!<%I$9$k%$%s%?%U%'!<%9$G<B9
T$5(B
$B$l$k2DG=@-$,$"$j$^$9!#(B

http://www.securityfocus.com/news/11347

8. US cybersecurity all at sea
$BCx<T(B: John Leyden
$B9qEZ0BA4J]>c>J$K$h$k%"%a%j%+9qFb$N%5%$%P!<%;%-%e%j%F%#%j%9%/$N4IM}$OI
T==(B
$BJ,$G$"$k!"$H@h$NJF9qBgE}NN>pJs%;%-%e%j%F%#C4Ev8\Ld$OH/8@$7$F$$$^$9!#
(B

http://www.securityfocus.com/news/11345

--
$BK]Lu(B: LAC $BK]Lu%A!<%`(B
$B4F=$(B: $B>.3^8691M:(B (OGASAWARA Tsuneo)
LAC Co., Ltd.
http://www.lac.co.jp/index.html
0?l *?H?÷

 ?]0?Y

10 +0 *?H?÷


 ?
û0?0?k9ÊT?þP"2þ2ÙÛû?0
 *?H?÷


0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
980518000000Z
180518235959Z0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0?0
 *?H?÷



0?ªÐº¾-¸?ÔÊÒ¼v1Ê?Ø??V¼ÙooR6nuV
UÓßC?!e?~½!Þk2??4?A5ë?ë?ݪY?
Sm?Oíåâ*ZÁ¹Ä¦ÏÈEë¦]??>ðd$v¥Í«o¶Ø{Qa
n¦?Èâ·å4ÜA?ê @¾s?=kçu

0
 *?H?÷


?÷Îv\«??Ü?o49]?>kr,áÇ¢{@)¹x?ºLÅ£j^?n{ãòAf¾­û®¢Î?ó¢4?´²¶$òåÕàÈåbm?{˾»?|WÊð7©¯?î¾(?Ù&v ÍĝNð®Õ¾¯WjРBBBô
Ì¥x??&8?G0?0?kLÇêª?>qÓ?ø=:???0
 *?H?÷


0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
980518000000Z
280801235959Z0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0?0
 *?H?÷



0?ªÐº¾-¸?ÔÊÒ¼v1Ê?Ø??V¼ÙooR6nuV
UÓßC?!e?~½!Þk2??4?A5ë?ë?ݪY?
Sm?Oíåâ*ZÁ¹Ä¦ÏÈEë¦]??>ðd$v¥Í«o¶Ø{Qa
n¦?Èâ·å4ÜA?ê @¾s?=kçu

0
 *?H?÷


©OÃ
Çg¾,ËÙ¨Í-uç~?;rë~ë\- ?Ökm`|å®Å#\JЯ±]óǶ
Ûà?
ݼÇv?µÝOÃ?u¸
ÀæÉ[k¥¸?ܬ¤ÝríN¡÷O¼ÓêÈdt{Â?A?esXñ?<j±?ÉÄ?¼ÏEmEân"?þ¼1\
èòÙ0?¶0? 
%îs<û ?U??{?í¿0
 *?H?÷


0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
020404000000Z
070403235959Z0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CA0?0
 *?H?÷



0?¼+þîO×ùútüoÃøÊ?(v'È4 ˪r-É­ö?~?hòKïÉÿo½?îÓ??ÿ¨þîhU°¼ð°óåNhfisµ:V÷^uæo;êâd'\`?ÝÛ+·¼¶ª¡$)¯t¦?¯GöÕK~,e3îÛ¥<
KCp?ÙÙÂ??Äø(

£¤0¡0U

ÿ0

ÿ
0FU ?0=0;`?H
?øE

0,0*+

https://www.verisign.co.jp/rpa0U


ÿ
0 `?H
?øB


0 U0¤010UC1C2-1-40
 *?H?÷


\?Ïh??¿ÏÓ_n²N>?Qs?e¢w ~ü v1?ÿîv4YVÊæGèãTÓÈ?Î?«bMo]?¸¢±?_K??Çó[m³#ÕcÑU*¿þ·ÄUò´o:?¿ê§q^/=¯?
?òt)ÿÌõ
?¬ÕÕ?ô÷7ªÔ?pd{0?10?? 
d2?7Åw?É??¹?b?ñ0
 *?H?÷


0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CA0
050331000000Z
060331235959Z0ü10U
VeriSign Japan K.K.10UISP Service CA1503U,Terms of use at www.verisign.co.jp/rpa (c)011806U/Service Name - 5BF88D474BD2A6D3E7E073163F0C4D1210UHitachijoho10UTsuneo Ogasawara1!0 *?H?÷


t.ogaswr (at) lac.co (dot) jp0 [email concealed]?0
 *?H?÷



0?¿*E´\2ÅÍóDíÐÏÇ~?+Ü=Ù&-u4)~è§ÊÇ2ÉnAàÙWÍØoÓÐûÊfÚq³
.?³¥Hë¼ÀÚ×?!0¯6iÚ??±?rÙDÏdA[?Ùî?´q\~ãè?ú¨
Ä»ù?oÊi1¶+_ãr?#??>¥þ?IÁeA

£ä0á0 U00EU >0<0:
`?H
?øE
0,0*+

https://www.verisign.co.jp/rpa0U 0
`?H
?øB

?0ZUS0Q0O M K?Ihttp://onsitecrl.verisign.co.jp/VeriSi
gnJapanKKISPServiceCA/LatestCRL.crl0
`?H
?øE
 

ÿ0
 *?H?÷


TMΤ©ýäøpß˵"òΩ,Í˶Q??`puÏ?¥?F?ÿ¬ãÅz?¸íñ²Oð)ô2ð$³q?âüý |øu
ßx©?Ì0³Jçjñ^9?^ p('?öC¦^ã=?øîÍ?&´ª.àTaxz4ÓÄÇ«<v?òY³QúÄ1?90?5

0Þ0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CAd2?7Åw?É??¹?b?ñ0 + ±0 *?H?÷

1 *?H?÷


0 *?H?÷

1
060303084300Z0# *?H?÷

1râ#G??âÍ?;?ã?4?¸«Þ0R *?H?÷

1E0C0
*?H?÷
0*?H?÷
?0+0
*?H?÷

@0
*?H?÷

(0
 *?H?÷



?(¼F»©?bg?RÈÂ??ÉDz×{C6??»Ðݨ¶L?. E? ~?âéÐ/FSÅ '?mn°*¤â×à?oÁÌ$º?3FT=ú£ì¶àæ`-o@?lýôNèßÚ?OBä?ÂÂi?mmb8EZ¶DbT$Z{µAA!¦Ó;¾¡z

[ reply ]