Author: joeyh
Date: 2010-01-07 21:14:19 +0000 (Thu, 07 Jan 2010)
New Revision: 13754

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-01-07 19:58:58 UTC (rev 13753)
+++ data/CVE/list       2010-01-07 21:14:19 UTC (rev 13754)
@@ -1,4 +1,306 @@
-CVE-2010-XXXX (NIS users shadow password leakage)
+CVE-2010-0219
+       RESERVED
+CVE-2010-0218
+       RESERVED
+CVE-2010-0217
+       RESERVED
+CVE-2010-0216
+       RESERVED
+CVE-2010-0215
+       RESERVED
+CVE-2010-0214
+       RESERVED
+CVE-2010-0213
+       RESERVED
+CVE-2010-0212
+       RESERVED
+CVE-2010-0211
+       RESERVED
+CVE-2010-0210
+       RESERVED
+CVE-2010-0209
+       RESERVED
+CVE-2010-0208
+       RESERVED
+CVE-2010-0207
+       RESERVED
+CVE-2010-0206
+       RESERVED
+CVE-2010-0205
+       RESERVED
+CVE-2010-0204
+       RESERVED
+CVE-2010-0203
+       RESERVED
+CVE-2010-0202
+       RESERVED
+CVE-2010-0201
+       RESERVED
+CVE-2010-0200
+       RESERVED
+CVE-2010-0199
+       RESERVED
+CVE-2010-0198
+       RESERVED
+CVE-2010-0197
+       RESERVED
+CVE-2010-0196
+       RESERVED
+CVE-2010-0195
+       RESERVED
+CVE-2010-0194
+       RESERVED
+CVE-2010-0193
+       RESERVED
+CVE-2010-0192
+       RESERVED
+CVE-2010-0191
+       RESERVED
+CVE-2010-0190
+       RESERVED
+CVE-2010-0189
+       RESERVED
+CVE-2010-0188
+       RESERVED
+CVE-2010-0187
+       RESERVED
+CVE-2010-0186
+       RESERVED
+CVE-2010-0185
+       RESERVED
+CVE-2010-0184
+       RESERVED
+CVE-2010-0183
+       RESERVED
+CVE-2010-0182
+       RESERVED
+CVE-2010-0181
+       RESERVED
+CVE-2010-0180
+       RESERVED
+CVE-2010-0179
+       RESERVED
+CVE-2010-0178
+       RESERVED
+CVE-2010-0177
+       RESERVED
+CVE-2010-0176
+       RESERVED
+CVE-2010-0175
+       RESERVED
+CVE-2010-0174
+       RESERVED
+CVE-2010-0173
+       RESERVED
+CVE-2010-0172
+       RESERVED
+CVE-2010-0171
+       RESERVED
+CVE-2010-0170
+       RESERVED
+CVE-2010-0169
+       RESERVED
+CVE-2010-0168
+       RESERVED
+CVE-2010-0167
+       RESERVED
+CVE-2010-0166
+       RESERVED
+CVE-2010-0165
+       RESERVED
+CVE-2010-0164
+       RESERVED
+CVE-2010-0163
+       RESERVED
+CVE-2010-0162
+       RESERVED
+CVE-2010-0161
+       RESERVED
+CVE-2010-0160
+       RESERVED
+CVE-2010-0159
+       RESERVED
+CVE-2010-0158 (SQL injection vulnerability in the JoomlaBamboo (JB) Simpla 
Admin ...)
+       TODO: check
+CVE-2010-0157 (Directory traversal vulnerability in the Bible Study 
(com_biblestudy) ...)
+       TODO: check
+CVE-2010-0156
+       RESERVED
+CVE-2010-0155
+       RESERVED
+CVE-2010-0154
+       RESERVED
+CVE-2010-0153
+       RESERVED
+CVE-2010-0152
+       RESERVED
+CVE-2010-0151
+       RESERVED
+CVE-2010-0150
+       RESERVED
+CVE-2010-0149
+       RESERVED
+CVE-2010-0148
+       RESERVED
+CVE-2010-0147
+       RESERVED
+CVE-2010-0146
+       RESERVED
+CVE-2010-0145
+       RESERVED
+CVE-2010-0144
+       RESERVED
+CVE-2010-0143
+       RESERVED
+CVE-2010-0142
+       RESERVED
+CVE-2010-0141
+       RESERVED
+CVE-2010-0140
+       RESERVED
+CVE-2010-0139
+       RESERVED
+CVE-2010-0138
+       RESERVED
+CVE-2010-0137
+       RESERVED
+CVE-2010-0136
+       RESERVED
+CVE-2010-0135
+       RESERVED
+CVE-2010-0134
+       RESERVED
+CVE-2010-0133
+       RESERVED
+CVE-2010-0132
+       RESERVED
+CVE-2010-0131
+       RESERVED
+CVE-2010-0130
+       RESERVED
+CVE-2010-0129
+       RESERVED
+CVE-2010-0128
+       RESERVED
+CVE-2010-0127
+       RESERVED
+CVE-2010-0126
+       RESERVED
+CVE-2010-0125
+       RESERVED
+CVE-2010-0124
+       RESERVED
+CVE-2010-0123
+       RESERVED
+CVE-2010-0122
+       RESERVED
+CVE-2010-0121
+       RESERVED
+CVE-2010-0120
+       RESERVED
+CVE-2010-0119
+       RESERVED
+CVE-2010-0118
+       RESERVED
+CVE-2010-0117
+       RESERVED
+CVE-2010-0116
+       RESERVED
+CVE-2009-4585 (UranyumSoft Listing Service stores sensitive information under 
the web ...)
+       TODO: check
+CVE-2009-4584 (admin.php in dB Masters Multimedia Links Directory 3.1.3 allows 
remote ...)
+       TODO: check
+CVE-2009-4583 (SQL injection vulnerability in the DhForum (com_dhforum) 
component for ...)
+       TODO: check
+CVE-2009-4582 (SQL injection vulnerability in detail.php in the Dictionary 
module for ...)
+       TODO: check
+CVE-2009-4581 (Directory traversal vulnerability in modules/admincp.php in ...)
+       TODO: check
+CVE-2009-4580 (Multiple cross-site scripting (XSS) vulnerabilities in Hasta 
Blog 2.3 ...)
+       TODO: check
+CVE-2009-4579 (Cross-site scripting (XSS) vulnerability in the Artist avenue 
...)
+       TODO: check
+CVE-2009-4578 (Cross-site scripting (XSS) vulnerability in the Facileforms ...)
+       TODO: check
+CVE-2009-4577 (SQL injection vulnerability in the MDForum module 2.x through 
2.07 for ...)
+       TODO: check
+CVE-2009-4576 (SQL injection vulnerability in the BeeHeard (com_beeheard) 
component ...)
+       TODO: check
+CVE-2009-4575 (Cross-site scripting (XSS) vulnerability in the Q-Personel ...)
+       TODO: check
+CVE-2009-4574 (SQL injection vulnerability in country_escorts.php in I-Escorts 
...)
+       TODO: check
+CVE-2009-4573 (Multiple cross-site scripting (XSS) vulnerabilities in the 
Joomulus ...)
+       TODO: check
+CVE-2009-4572 (Cross-site request forgery (CSRF) vulnerability in PhpShop 
0.8.1 ...)
+       TODO: check
+CVE-2009-4571 (Multiple SQL injection vulnerabilities in index.php in PhpShop 
0.8.1 ...)
+       TODO: check
+CVE-2009-4570 (Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 
allows ...)
+       TODO: check
+CVE-2009-4569 (SQL injection vulnerability in elkagroup Image Gallery allows 
remote ...)
+       TODO: check
+CVE-2009-4568 (Cross-site scripting (XSS) vulnerability in Webmin before 1.500 
and ...)
+       TODO: check
+CVE-2009-4567 (Multiple cross-site scripting (XSS) vulnerabilities in 
editprofile.php ...)
+       TODO: check
+CVE-2009-4566 (SQL injection vulnerability in index.php in Zenphoto 1.2.5 
allows ...)
+       TODO: check
+CVE-2009-4565 (sendmail before 8.14.4 does not properly handle a '\0' 
character in a ...)
+       TODO: check
+CVE-2009-4564 (SQL injection vulnerability in index.php in Zenphoto 1.2.5, 
when the ...)
+       TODO: check
+CVE-2009-4563 (Cross-site request forgery (CSRF) vulnerability in ...)
+       TODO: check
+CVE-2009-4562 (Cross-site scripting (XSS) vulnerability in zp-core/admin.php 
in ...)
+       TODO: check
+CVE-2009-4561 (Multiple SQL injection vulnerabilities in Admin/index.php in 
WebLeague ...)
+       TODO: check
+CVE-2009-4560 (SQL injection vulnerability in profile.php in WebLeague 2.2.0 
allows ...)
+       TODO: check
+CVE-2009-4559 (Cross-site scripting (XSS) vulnerability in the Submitted By 
module ...)
+       TODO: check
+CVE-2009-4558 (The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 
...)
+       TODO: check
+CVE-2009-4557 (Cross-site scripting (XSS) vulnerability in the Image Assist 
module ...)
+       TODO: check
+CVE-2009-4556 (Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total 
Security ...)
+       TODO: check
+CVE-2009-4555 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
...)
+       TODO: check
+CVE-2009-4554 (Multiple cross-site scripting (XSS) vulnerabilities in Snitz 
Forums ...)
+       TODO: check
+CVE-2009-4553 (Stack-based buffer overflow in iRehearse allows remote 
attackers to ...)
+       TODO: check
+CVE-2009-4552 (Cross-site scripting (XSS) vulnerability in the Survey Pro 
module for ...)
+       TODO: check
+CVE-2009-4551 (SQL injection vulnerability in the Survey Pro module for 
Miniweb 2.0 ...)
+       TODO: check
+CVE-2009-4550 (SQL injection vulnerability in the Kunena Forum (com_kunena) 
component ...)
+       TODO: check
+CVE-2009-4549 (Stack-based buffer overflow in A2 Media Player Pro 2.51 allows 
remote ...)
+       TODO: check
+CVE-2009-4548 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt 
Helpdesk ...)
+       TODO: check
+CVE-2009-4547 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt 
CMS 3.x ...)
+       TODO: check
+CVE-2009-4546 (globepersonnel_login.asp in Logoshows BBS 2.0 allows remote 
attackers ...)
+       TODO: check
+CVE-2009-4545 (Logoshows BBS 2.0 stores sensitive information under the web 
root with ...)
+       TODO: check
+CVE-2009-4544 (Cross-site scripting (XSS) vulnerability in kbase/kbase.php in 
...)
+       TODO: check
+CVE-2009-4543 (PHP remote file inclusion vulnerability in index.php in 
Cromosoft ...)
+       TODO: check
+CVE-2009-4542 (Cross-site scripting (XSS) vulnerability in newticket.php in 
IsolSoft ...)
+       TODO: check
+CVE-2009-4541 (Multiple PHP remote file inclusion vulnerabilities in IsolSoft 
Support ...)
+       TODO: check
+CVE-2009-4540 (SQL injection vulnerability in page.php in Mini CMS 1.0.1 
allows ...)
+       TODO: check
+CVE-2009-4539 (Cross-site scripting (XSS) vulnerability in main.php in 
SQLiteManager ...)
+       TODO: check
+CVE-2010-XXXX
        - eglibc 2.10.2-4 (medium; bug #560333)
        - glibc <removed> (medium)
 CVE-2010-0115
@@ -495,6 +797,7 @@
 CVE-2009-4364 (Cross-site scripting (XSS) vulnerability in index.php in 
ScriptsEz Ez ...)
        NOT-FOR-US: ScriptsEz Ez Blog   
 CVE-2009-4363 (Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application 
...)
+       {DSA-1966-1}
        - horde3 3.3.6+debian0-1 (low)
 CVE-2009-4362 (Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local 
users ...)
        NOT-FOR-US: IBM AIX
@@ -708,6 +1011,7 @@
        NOTE: 
http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf
 CVE-2010-0012 [transmission directory traversal when processing .torrent files]
        RESERVED
+       {DSA-1967-1}
        - transmission 1.77-1 (low)
        TODO: check affected versions
        NOTE: http://trac.transmissionbt.com/changeset/9829/
@@ -1119,7 +1423,7 @@
        NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
 CVE-2009-4169 (Cross-site scripting (XSS) vulnerability in wp-cumulus.php in 
the ...)
        NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
-CVE-2009-4168 (Cross-site scripting (XSS) vulnerability in tagcloud.swf in the 
...)
+CVE-2009-4168 (Cross-site scripting (XSS) vulnerability in Roy Tanck 
tagcloud.swf, as ...)
        NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
 CVE-2009-4167 (Unspecified vulnerability in the Automatic Base Tags for 
RealUrl ...)
        NOT-FOR-US: TYPO3 extension
@@ -2335,8 +2639,8 @@
        NOTE: might've been fixed earlier
 CVE-2009-3735
        RESERVED
-CVE-2009-3734
-       RESERVED
+CVE-2009-3734 (Unspecified vulnerability in the management console in the S2 
Security ...)
+       TODO: check
 CVE-2009-XXXX [mandos 0600 file being included in initrd]
        - mandos 1.0.13-1 (bug #551907)
 CVE-2009-3733 (Directory traversal vulnerability in VMware Server 1.x before 
1.0.10 ...)
@@ -2489,6 +2793,7 @@
 CVE-2009-3702 (Multiple absolute path traversal vulnerabilities in 
PHP-Calendar 1.1 ...)
        NOT-FOR-US: PHP-Calendar
 CVE-2009-3701 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+       {DSA-1966-1}
        - horde3 3.3.6+debian0-1 (low)
        NOTE: In order to successfully exploit this vulnerability the targeted 
user has to be logged as an administrator.
 CVE-2009-3700 (Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows 
remote ...)
@@ -3790,6 +4095,7 @@
        - linux-2.6 2.6.30-1 (low)
        - linux-2.6.24 <removed> (low)
 CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 
...)
+       {DSA-1966-1}
        - horde3 3.3.5+debian0-1 (low)
        [lenny] - horde3 3.2.2+debian0-2+lenny1
        NOTE: horde3 issue fixed in backport of latest DSA, DSA however did not 
fix etch
@@ -6716,7 +7022,7 @@
        NOT-FOR-US: NetBSD
 CVE-2009-2482 (The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 
5.0 ...)
        NOT-FOR-US: NetBSD OpenPAM
-CVE-2009-2481 (mt-wizard.cgi in Six Apart Movable Type before 4.261 when 
global ...)
+CVE-2009-2481 (mt-wizard.cgi in Six Apart Movable Type before 4.261, when 
global ...)
        NOT-FOR-US: Six Apart Movable Type
 CVE-2009-2480 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in 
Six Apart ...)
        NOT-FOR-US: Six Apart Movable Type
@@ -19098,7 +19404,7 @@
        NOT-FOR-US: Microsoft Office Excel
 CVE-2008-4267
        RESERVED
-CVE-2008-4266 (Arracy index vulnerability in Microsoft Office Excel 2000 SP3, 
2002 ...)
+CVE-2008-4266 (Array index vulnerability in Microsoft Office Excel 2000 SP3, 
2002 ...)
        NOT-FOR-US: Microsoft Office Excel
 CVE-2008-4265 (Microsoft Office Excel 2000 SP3 allows remote attackers to 
execute ...)
        NOT-FOR-US: Microsoft Office Excel
@@ -70758,7 +71064,7 @@
        NOTE: From Chris Gragsone's message on BUGTRAQ:
        NOTE: "IPRoute, by David F. Mischler, is PC-based router software
        NOTE: "for networks running the Internet Protocol (IP)."
-CVE-2001-1539 (The JavaScript settimeout function in Internet Explorer allows 
remote ...)
+CVE-2001-1539 (Stack consumption vulnerability in Internet Explorer The 
JavaScript ...)
        NOT-FOR-US: MSIE
 CVE-2001-1538 (SpeedXess HA-120 DSL router has a default administrative 
password of ...)
        NOT-FOR-US: SpeedXess HA-120 DSL router


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to