[Secure-testing-commits] r11022 - data/CVE

joeyh Thu, 22 Jan 2009 13:14:23 -0800

Author: joeyh
Date: 2009-01-22 21:14:12 +0000 (Thu, 22 Jan 2009)
New Revision: 11022


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-01-22 17:19:01 UTC (rev 11021)
+++ data/CVE/list       2009-01-22 21:14:12 UTC (rev 11022)
@@ -1,3 +1,63 @@
+CVE-2009-0245 (Cross-site scripting (XSS) vulnerability in Usagi Project 
MyNETS ...)
+       TODO: check
+CVE-2009-0244 (Directory traversal vulnerability in the OBEX FTP Service in 
the ...)
+       TODO: check
+CVE-2009-0243 (Microsoft Windows does not properly enforce the Autorun and ...)
+       TODO: check
+CVE-2008-5947 (PHP remote file inclusion vulnerability in ...)
+       TODO: check
+CVE-2008-5946 (SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 
allows ...)
+       TODO: check
+CVE-2008-5945 (Nukeviet 2.0 Beta allows remote attackers to bypass 
authentication and ...)
+       TODO: check
+CVE-2008-5944 (Cross-site scripting (XSS) vulnerability in modules.php in 
NavBoard 16 ...)
+       TODO: check
+CVE-2008-5943 (Multiple directory traversal vulnerabilities in NavBoard 16 
(2.6.0) ...)
+       TODO: check
+CVE-2008-5942 (Multiple cross-site scripting (XSS) vulnerabilities in MODx 
before ...)
+       TODO: check
+CVE-2008-5941 (Cross-site request forgery (CSRF) vulnerability in MODx 
0.9.6.1p2 and ...)
+       TODO: check
+CVE-2008-5940 (SQL injection vulnerability in index.php in MODx 0.9.6.2 and 
earlier, ...)
+       TODO: check
+CVE-2008-5939 (Cross-site scripting (XSS) vulnerability in index.php in MODx 
CMS ...)
+       TODO: check
+CVE-2008-5938 (PHP remote file inclusion vulnerability in ...)
+       TODO: check
+CVE-2008-5937 (AyeView 2.20 allows user-assisted attackers to cause a denial 
of ...)
+       TODO: check
+CVE-2008-5936 (front-end/edit.php in mini-pub 0.3 and earlier allows remote 
attackers ...)
+       TODO: check
+CVE-2008-5935 (Facto stores sensitive information under the web root with ...)
+       TODO: check
+CVE-2008-5934 (SQL injection vulnerability in index.php in CMS ISWEB 3.0 
allows ...)
+       TODO: check
+CVE-2008-5933 (Multiple cross-site scripting (XSS) vulnerabilities in 
index.php in ...)
+       TODO: check
+CVE-2008-5932 (CodeAvalanche FreeForum stores sensitive information under the 
web ...)
+       TODO: check
+CVE-2008-5931 (The Net Guys ASPired2Blog stores sensitive information under 
the web ...)
+       TODO: check
+CVE-2008-5930 (SQL injection vulnerability in admin/blog_comments.asp in The 
Net Guys ...)
+       TODO: check
+CVE-2008-5929 (VP-ASP Shopping Cart 6.50 stores sensitive information under 
the web ...)
+       TODO: check
+CVE-2008-5928 (SQL injection vulnerability in redir.php in Free Links 
Directory ...)
+       TODO: check
+CVE-2008-5927 (Multiple SQL injection vulnerabilities in admin/usercheck.php 
in ...)
+       TODO: check
+CVE-2008-5926 (Multiple SQL injection vulnerabilities in login.asp in ASP-DEv 
...)
+       TODO: check
+CVE-2008-5925 (ASP-DEv XM Events Diary stores sensitive information under the 
web ...)
+       TODO: check
+CVE-2008-5924 (SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM 
Events ...)
+       TODO: check
+CVE-2008-5923 (SQL injection vulnerability in default.asp in ASP-DEv XM Events 
Diary ...)
+       TODO: check
+CVE-2008-5922 (Multiple PHP remote file inclusion vulnerabilities in ...)
+       TODO: check
+CVE-2008-5921 (SQL injection vulnerability in albums.php in Umer Inc Songs 
Portal ...)
+       TODO: check
 CVE-2009-XXXX [multiple security issues in typo3-src]
        - typo3-src 4.2.4-1 (medium)
        NOTE: 
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
@@ -1150,16 +1210,16 @@
        RESERVED
 CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...)
        TODO: check
-CVE-2009-0030
-       RESERVED
+CVE-2009-0030 (A certain Red Hat patch for SquirrelMail 1.4.8 sets the same 
SQMSESSID ...)
+       TODO: check
 CVE-2009-0029 (The ABI in the Linux kernel 2.6.28 and earlier on s390, 
powerpc, ...)
        TODO: check
 CVE-2009-0028
        RESERVED
 CVE-2009-0027
        RESERVED
-CVE-2009-0026
-       RESERVED
+CVE-2009-0026 (Multiple cross-site scripting (XSS) vulnerabilities in Apache 
...)
+       TODO: check
 CVE-2009-0025 (BIND 9.4.3 and earlier does not properly check the return value 
from ...)
        {DSA-1703-1}
        - bind9 <unfixed> (low; bug #511936)
@@ -1204,20 +1264,20 @@
        RESERVED
 CVE-2009-0008
        RESERVED
-CVE-2009-0007
-       RESERVED
-CVE-2009-0006
-       RESERVED
-CVE-2009-0005
-       RESERVED
-CVE-2009-0004
-       RESERVED
-CVE-2009-0003
-       RESERVED
-CVE-2009-0002
-       RESERVED
-CVE-2009-0001
-       RESERVED
+CVE-2009-0007 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows 
remote ...)
+       TODO: check
+CVE-2009-0006 (Integer signedness error in Apple QuickTime before 7.6 allows 
remote ...)
+       TODO: check
+CVE-2009-0005 (Unspecified vulnerability in Apple QuickTime before 7.6 allows 
remote ...)
+       TODO: check
+CVE-2009-0004 (Buffer overflow in Apple QuickTime before 7.6 allows remote 
attackers ...)
+       TODO: check
+CVE-2009-0003 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows 
remote ...)
+       TODO: check
+CVE-2009-0002 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows 
remote ...)
+       TODO: check
+CVE-2009-0001 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows 
remote ...)
+       TODO: check
 CVE-2008-5622 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
...)
        - phpmyadmin 4:2.11.8.1-5
 CVE-2008-5621 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 
2.11.x ...)
@@ -2439,7 +2499,7 @@
 CVE-2008-5183 (cupsd in CUPS 1.3.9 and earlier allows local users, and 
possibly ...)
        - cups <unfixed> (bug #506180)
        [etch] - cupsys <not-affected> (RSS subscription code not yet present)
-CVE-2008-5297 (Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote 
DNS ...)
+CVE-2008-5297 (Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote 
HTTP ...)
        {DSA-1686-1}
        - no-ip 2.1.7-11 (bug #506179)
 CVE-2008-5132 (SQL injection vulnerability in inc/ajax/ajax_rating.php in 
MemHT ...)
@@ -2560,7 +2620,7 @@
        {DSA-1670-1}
        - enscript 1.6.4-13 (bug #506261)
 CVE-2008-5077 (OpenSSL 0.9.8i and earlier does not properly check the return 
value ...)
-       {DSA-1701-1}
+       {DSA-1701-1 DTSA-185-1}
        - openssl 0.9.8g-15
 CVE-2008-5075 (Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 
(aka ...)
        NOT-FOR-US: E-Uploader Pro
@@ -5420,12 +5480,12 @@
        NOT-FOR-US: Interact
 CVE-2008-3867 (SQL injection vulnerability in spaces/emailuser.php in Interact 
2.4.1 ...)
        NOT-FOR-US: Interact
-CVE-2008-3866
-       RESERVED
-CVE-2008-3865
-       RESERVED
-CVE-2008-3864
-       RESERVED
+CVE-2008-3866 (The Trend Micro Personal Firewall service (aka TmPfw.exe) in 
Trend ...)
+       TODO: check
+CVE-2008-3865 (Multiple heap-based buffer overflows in the ApiThread function 
in the ...)
+       TODO: check
+CVE-2008-3864 (The ApiThread function in the firewall service (aka TmPfw.exe) 
in ...)
+       TODO: check
 CVE-2008-3863 (Stack-based buffer overflow in the read_special_escape function 
in ...)
        {DSA-1670-1}
        - enscript 1.6.4-13 (bug #506261)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11022 - data/CVE

Reply via email to