[Secure-testing-commits] r11575 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Apr 7 21:14:17 UTC 2009
Author: joeyh
Date: 2009-04-07 21:14:16 +0000 (Tue, 07 Apr 2009)
New Revision: 11575
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-04-07 14:54:17 UTC (rev 11574)
+++ data/CVE/list 2009-04-07 21:14:16 UTC (rev 11575)
@@ -1,3 +1,133 @@
+CVE-2009-1254
+ RESERVED
+CVE-2009-1253
+ RESERVED
+CVE-2009-1252
+ RESERVED
+CVE-2009-1251
+ RESERVED
+CVE-2009-1250
+ RESERVED
+CVE-2009-1249 (Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x ...)
+ TODO: check
+CVE-2009-1248 (Multiple PHP remote file inclusion vulnerabilities in Acute Control ...)
+ TODO: check
+CVE-2009-1247 (SQL injection vulnerability in login.php in Acute Control Panel 1.0.0 ...)
+ TODO: check
+CVE-2009-1246 (Multiple directory traversal vulnerabilities in Blogplus 1.0 allow ...)
+ TODO: check
+CVE-2009-1245 (Multiple SQL injection vulnerabilities in the insert_to_pastebin ...)
+ TODO: check
+CVE-2009-1244
+ RESERVED
+CVE-2009-1243 (net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an ...)
+ TODO: check
+CVE-2009-1242 (The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX ...)
+ TODO: check
+CVE-2008-6656 (Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b ...)
+ TODO: check
+CVE-2008-6655 (Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL ...)
+ TODO: check
+CVE-2008-6654 (Cross-site scripting (XSS) vulnerability in search_results.php in ...)
+ TODO: check
+CVE-2008-6653 (SQL injection vulnerability in webhosting.php in the Webhosting ...)
+ TODO: check
+CVE-2008-6652 (SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote ...)
+ TODO: check
+CVE-2008-6651 (Static code injection vulnerability in edithistory.php in OxYProject ...)
+ TODO: check
+CVE-2008-6650 (del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary ...)
+ TODO: check
+CVE-2008-6649 (SQL injection vulnerability in manager/image_details_editor.php in ...)
+ TODO: check
+CVE-2008-6648 (SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 ...)
+ TODO: check
+CVE-2008-6647 (SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 ...)
+ TODO: check
+CVE-2008-6646 (Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix ...)
+ TODO: check
+CVE-2008-6645 (Cross-site scripting (XSS) vulnerability in Opencosmo VisualSentinel ...)
+ TODO: check
+CVE-2008-6644 (Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke ...)
+ TODO: check
+CVE-2008-6643 (LokiCMS 0.3.4 and possibly earlier versions does not properly restrict ...)
+ TODO: check
+CVE-2008-6642 (SQL injection vulnerability in view.php in DotContent FluentCMS 4.x ...)
+ TODO: check
+CVE-2008-6641 (Multiple SQL injection vulnerabilities in Shader TV (Beta) allow ...)
+ TODO: check
+CVE-2008-6640 (Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote ...)
+ TODO: check
+CVE-2008-6639 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...)
+ TODO: check
+CVE-2008-6638 (Insecure method vulnerability in the Versalsoft HTTP Image Uploader ...)
+ TODO: check
+CVE-2008-6637 (Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in ...)
+ TODO: check
+CVE-2008-6636 (SQL injection vulnerability in skins/default.php in Geody Labs Dagger ...)
+ TODO: check
+CVE-2008-6635 (SQL injection vulnerability in skins/default.php in Geody Labs Dagger ...)
+ TODO: check
+CVE-2008-6634 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote ...)
+ TODO: check
+CVE-2008-6633 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote ...)
+ TODO: check
+CVE-2008-6632 (SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 ...)
+ TODO: check
+CVE-2008-6631 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2008-6630 (Directory traversal vulnerability in the wt_gallery extension 2.5.0 ...)
+ TODO: check
+CVE-2008-6629 (Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN ...)
+ TODO: check
+CVE-2008-6628 (SQL injection vulnerability in detail.php in WEBBDOMAIN Multi ...)
+ TODO: check
+CVE-2008-6627 (SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, ...)
+ TODO: check
+CVE-2008-6626 (SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and ...)
+ TODO: check
+CVE-2008-6625 (SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka ...)
+ TODO: check
+CVE-2008-6624 (SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02, ...)
+ TODO: check
+CVE-2008-6623 (SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka ...)
+ TODO: check
+CVE-2008-6622 (SQL injection vulnerability in choosecard.php in WEBBDOMAIN Post Card ...)
+ TODO: check
+CVE-2008-6621 (Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote ...)
+ TODO: check
+CVE-2008-6620 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2008-6619 (Unrestricted file upload vulnerability in class/ApplyDB.php in ...)
+ TODO: check
+CVE-2008-6618 (Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote ...)
+ TODO: check
+CVE-2008-6617 (Unrestricted file upload vulnerability in adm/visual/upload.php in ...)
+ TODO: check
+CVE-2008-6616 (Cross-site scripting (XSS) vulnerability in index.php in Zen Software ...)
+ TODO: check
+CVE-2008-6615 (SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 ...)
+ TODO: check
+CVE-2008-6614 (Multiple SQL injection vulnerabilities in microcms-admin-login.php in ...)
+ TODO: check
+CVE-2008-6613 (uploader.php in minimal-ablog 0.4 does not properly restrict access, ...)
+ TODO: check
+CVE-2008-6612 (Unrestricted file upload vulnerability in admin/uploader.php in ...)
+ TODO: check
+CVE-2008-6611 (SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows ...)
+ TODO: check
+CVE-2008-6610 (Absolute path traversal vulnerability in phpcksec.php in Stefan Ott ...)
+ TODO: check
+CVE-2008-6609 (Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott ...)
+ TODO: check
+CVE-2008-6608 (Multiple SQL injection vulnerabilities in DevelopItEasy Events ...)
+ TODO: check
+CVE-2008-6607 (Cross-site scripting (XSS) vulnerability in view.php in MatPo Link 1.2 ...)
+ TODO: check
+CVE-2008-6606 (SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows ...)
+ TODO: check
+CVE-2008-6605 (Cross-site request forgery (CSRF) vulnerability in the xslt script in ...)
+ TODO: check
CVE-2009-1241 (Unspecified vulnerability in ClamAV before 0.95 allows remote ...)
- clamav 0.95+dfsg-1
CVE-2009-1240 (Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 ...)
@@ -75,7 +205,7 @@
NOT-FOR-US: Arcadwy Arcade Script
CVE-2009-1228 (Cross-site scripting (XSS) vulnerability in register.php in Arcadwy ...)
NOT-FOR-US: Arcadwy Arcade Script
-CVE-2009-1227 (Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI ...)
+CVE-2009-1227 (** DISPUTED ** ...)
NOT-FOR-US: Check Point
CVE-2009-1226 (core/admin/delete.php in Podcast Generator 1.1 and earlier does not ...)
NOT-FOR-US: Podcast Generator
@@ -322,10 +452,10 @@
- phpmyadmin 4:3.1.3.1-1
[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2009-1147
- RESERVED
-CVE-2009-1146
- RESERVED
+CVE-2009-1147 (Unspecified vulnerability in vmci.sys in the Virtual Machine ...)
+ TODO: check
+CVE-2009-1146 (Unspecified vulnerability in an ioctl in hcmon.sys in VMware ...)
+ TODO: check
CVE-2009-1145
RESERVED
CVE-2009-1144
@@ -1042,12 +1172,12 @@
NOT-FOR-US: F5 BIG-IP
CVE-2008-6473 (_blogadata/include/init_pass2.php in Blogator-script 0.95 allows ...)
NOT-FOR-US: Blogator-script
-CVE-2009-0910
- RESERVED
-CVE-2009-0909
- RESERVED
-CVE-2009-0908
- RESERVED
+CVE-2009-0910 (Heap-based buffer overflow in the VNnc Codec in VMware Workstation ...)
+ TODO: check
+CVE-2009-0909 (Heap-based buffer overflow in the VNnc Codec in VMware Workstation ...)
+ TODO: check
+CVE-2009-0908 (Unspecified vulnerability in the ACE shared folders implementation in ...)
+ TODO: check
CVE-2009-0907
RESERVED
CVE-2009-0906
@@ -2716,8 +2846,8 @@
NOT-FOR-US: Adobe Flash Player
CVE-2009-0519 (Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2009-0518
- RESERVED
+CVE-2009-0518 (VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 ...)
+ TODO: check
CVE-2009-0517 (Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and ...)
NOT-FOR-US: phpSlash
CVE-2009-0516 (SQL injection vulnerability in the classified page (classified.php) in ...)
@@ -6317,7 +6447,7 @@
NOT-FOR-US: JSCAPE Secure FTP Applet
CVE-2008-5123 (SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows ...)
NOT-FOR-US: CCleague Pro
-CVE-2008-5122 (SQL injection vulnerability in ContentRatingGraph.aspx in Ektron ...)
+CVE-2008-5122 (SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in ...)
NOT-FOR-US: Ektron CMS400.NET
CVE-2008-5121 (dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 ...)
NOT-FOR-US: Citrix Deterministic Network Enhancer
@@ -6735,8 +6865,8 @@
[etch] - nagios2 <no-dsa> (CSRF can only cause DoS and needs admin's browser)
CVE-2008-4917 (Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and ...)
NOT-FOR-US: VMware Workstation
-CVE-2008-4916
- RESERVED
+CVE-2008-4916 (Unspecified vulnerability in a guest virtual device driver in VMware ...)
+ TODO: check
CVE-2008-4915 (The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and ...)
NOT-FOR-US: VMware Workstation
CVE-2008-4914 (Unspecified vulnerability in VMware ESXi 3.5 before ...)
@@ -9527,7 +9657,7 @@
NOT-FOR-US: Turnkey PHP Live Helper
CVE-2008-3762 (SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP ...)
NOT-FOR-US: Turnkey PHP Live Helper
-CVE-2008-3761 (hcmon.sys in VMware Workstation 6.0.0.45731 uses the METHOD_NEITHER ...)
+CVE-2008-3761 (hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 ...)
NOT-FOR-US: VMware Workstation
NOTE: we only share a package to build VMware
CVE-2008-3760 (Cross-site request forgery (CSRF) vulnerability in the sign-out page ...)
@@ -9552,7 +9682,7 @@
NOT-FOR-US: YourFreeWorld
CVE-2008-3750 (SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator ...)
NOT-FOR-US: YourFreeWorld
-CVE-2008-3749 (SQL injection vulnerability in tr.php in Banner Management Script ...)
+CVE-2008-3749 (SQL injection vulnerability in tr.php in YourFreeWorld Banner ...)
NOT-FOR-US: Banner Management Script
CVE-2008-3748 (SQL injection vulnerability in view_group.php in Active PHP Bookmarks ...)
NOT-FOR-US: Active PHP Bookmarks
More information about the Secure-testing-commits
mailing list