[Secure-testing-commits] r11620 - data/CVE
Kees Cook
kees at alioth.debian.org
Mon Apr 13 23:27:30 UTC 2009
Author: kees
Date: 2009-04-13 23:27:30 +0000 (Mon, 13 Apr 2009)
New Revision: 11620
Modified:
data/CVE/list
Log:
NFUs: 42
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-04-13 21:14:14 UTC (rev 11619)
+++ data/CVE/list 2009-04-13 23:27:30 UTC (rev 11620)
@@ -1,69 +1,69 @@
CVE-2009-1285
RESERVED
CVE-2008-6714 (admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: xeCMS
CVE-2008-6713 (World in Conflict (WIC) 1.008 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: World in Conflict
CVE-2008-6712 (The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and ...)
- TODO: check
+ NOT-FOR-US: Crysis
CVE-2008-6711 (Unspecified vulnerability in the Web administration interface in Avaya ...)
- TODO: check
+ NOT-FOR-US: Avaya Communication Manager
CVE-2008-6710 (Unspecified vulnerability in the Web administration interface in Avaya ...)
- TODO: check
+ NOT-FOR-US: Avaya Communication Manager
CVE-2008-6709 (Unspecified vulnerability in the Web management interface in Avaya SIP ...)
- TODO: check
+ NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6708 (Unspecified vulnerability in the Web management interface in Avaya SIP ...)
- TODO: check
+ NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6707 (The Web management interface in Avaya SIP Enablement Services (SES) ...)
- TODO: check
+ NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6706 (Multiple unspecified vulnerabilities in the Web management interface ...)
- TODO: check
+ NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6705 (The MultipacketReciever::RecievePacket function in S.T.A.L.K.E.R.: ...)
- TODO: check
+ NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6704 (Integer overflow in the NET_Compressor::Decompress function in ...)
- TODO: check
+ NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6703 (Stack-based buffer overflow in the IPureServer::_Recieve function in ...)
- TODO: check
+ NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6702 (S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6701 (NetScout (formerly Network General) Visualizer V2100 and InfiniStream ...)
- TODO: check
+ NOT-FOR-US: NetScout Visualizer
CVE-2008-6700 (Multiple cross-site scripting (XSS) vulnerabilities in Butterfly ...)
- TODO: check
+ NOT-FOR-US: Butterfly Organizer
CVE-2008-6699 (Cross-site scripting (XSS) vulnerability in Resource Library ...)
- TODO: check
+ NOT-FOR-US: Resource Library extension for TYPO3
CVE-2008-6698 (Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets ...)
- TODO: check
+ NOT-FOR-US: WorldCup Bets extension for TYPO3
CVE-2008-6697 (SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 ...)
- TODO: check
+ NOT-FOR-US: WorldCup Bets extension for TYPO3
CVE-2008-6696 (SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and ...)
- TODO: check
+ NOT-FOR-US: Fussballtippspiel extension for TYPO3
CVE-2008-6695 (SQL injection vulnerability in TIMTAB social bookmark icons ...)
- TODO: check
+ NOT-FOR-US: TIMTAB social bookmark icons extension for TYPO3
CVE-2008-6694 (SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1 for ...)
- TODO: check
+ NOT-FOR-US: Random Prayer extension for TYPO3
CVE-2008-6693 (SQL injection vulnerability in Download system (sb_downloader) ...)
- TODO: check
+ NOT-FOR-US: Download system extension for TYPO3
CVE-2008-6692 (SQL injection vulnerability in Diocese of Portsmouth Training Courses ...)
- TODO: check
+ NOT-FOR-US: Training Courses extension for TYPO3
CVE-2008-6691 (SQL injection vulnerability in Diocese of Portsmouth Calendar Today ...)
- TODO: check
+ NOT-FOR-US: Calendar Today extension for TYPO3
CVE-2008-6690 (Unspecified vulnerability in nepa-design.de Spam Protection ...)
- TODO: check
+ NOT-FOR-US: Spam Protection extension for TYPO3
CVE-2008-6689 (SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and ...)
- TODO: check
+ NOT-FOR-US: JobControl extension for TYPO3
CVE-2008-6688 (Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) ...)
- TODO: check
+ NOT-FOR-US: JobControl extension for TYPO3
CVE-2008-6687 (Cross-site scripting (XSS) vulnerability in DCD GoogleMap ...)
- TODO: check
+ NOT-FOR-US: DCD GoogleMap extension for TYPO3
CVE-2008-6686 (SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier ...)
- TODO: check
+ NOT-FOR-US: CoolURI extension for TYPO3
CVE-2008-6685 (Unspecified vulnerability in Frontend Filemanager (air_filemanager) ...)
- TODO: check
+ NOT-FOR-US: Frontend Filemanager extension for TYPO3
CVE-2008-6684 (Unrestricted file upload vulnerability in editimage.php in Apartment ...)
- TODO: check
+ NOT-FOR-US: Apartment Search Script
CVE-2008-6683 (Cross-site scripting (XSS) vulnerability in listtest.php in Apartment ...)
- TODO: check
+ NOT-FOR-US: Apartment Search Script
CVE-2009-XXXX [mpg123 possible invalid read]
- mpg123 1.7.2-1 (low)
NOTE: http://secunia.com/advisories/34587/3/
@@ -87,11 +87,11 @@
CVE-2009-1277 (SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 ...)
NOT-FOR-US: Gravity Board
CVE-2009-1276 (XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2009-1275 (Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other ...)
- TODO: check
+ NOT-FOR-US: Apache Tiles
CVE-2008-6682 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...)
- TODO: check
+ NOT-FOR-US: Apache Struts 2.x
CVE-2008-6681 (Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo ...)
NOT-FOR-US: Dojo
CVE-2007-6726 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and ...)
@@ -113,7 +113,7 @@
CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux ...)
TODO: check
CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20 and ...)
- TODO: check
+ NOT-FOR-US: Frontend User Registration (sr_feuser_register) extension
CVE-2009-1263 (SQL injection vulnerability in sub_commententry.php in the BookJoomlas ...)
NOT-FOR-US: Joomla
CVE-2009-1262 (Format string vulnerability in Fortinet FortiClient 3.0.614, and ...)
@@ -137,7 +137,7 @@
CVE-2008-6678 (SQL injection vulnerability in asp/includes/contact.asp in QuickerSite ...)
NOT-FOR-US: QuickerSite
CVE-2008-6677 (Unrestricted file upload vulnerability in ...)
- TODO: check
+ NOT-FOR-US: QuickerSite
CVE-2008-6676 (QuickerSite 1.8.5 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: QuickerSite
CVE-2008-6675 (Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite ...)
@@ -280,7 +280,7 @@
CVE-2008-6631 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
NOT-FOR-US: BlogPHP
CVE-2008-6630 (Directory traversal vulnerability in the wt_gallery extension 2.5.0 ...)
- TODO: check
+ NOT-FOR-US: wt_gallery extension for TYPO3
CVE-2008-6629 (Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN ...)
NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6628 (SQL injection vulnerability in detail.php in WEBBDOMAIN Multi ...)
@@ -330,7 +330,7 @@
CVE-2008-6606 (SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows ...)
NOT-FOR-US: MatPo Link
CVE-2008-6605 (Cross-site request forgery (CSRF) vulnerability in the xslt script in ...)
- TODO: check
+ NOT-FOR-US: 2wire
CVE-2009-1241 (Unspecified vulnerability in ClamAV before 0.95 allows remote ...)
- clamav 0.95+dfsg-1
CVE-2009-1240 (Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 ...)
@@ -357,7 +357,7 @@
CVE-2008-6596 (SQL injection vulnerability in admin/index.php in PHCDownload 1.1 ...)
NOT-FOR-US: PHCDownload
CVE-2008-6595 (SQL injection vulnerability in the pmk_rssnewsexport extension for ...)
- TODO: check
+ NOT-FOR-US: pmk_rssnewsexport extension for TYPO3
CVE-2008-6594 (SQL injection vulnerability in the cm_rdfexport extension for TYPO3 ...)
TODO: check
CVE-2008-6593 (SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy ...)
@@ -375,7 +375,7 @@
CVE-2008-6587 (Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze ...)
TODO: check
CVE-2008-6586 (Cross-site request forgery (CSRF) vulnerability in gui/index.php in ...)
- TODO: check
+ NOT-FOR-US: ?Torrent (uTorrent) WebUI
CVE-2008-6585 (Cross-site request forgery (CSRF) vulnerability in html/admin.php in ...)
TODO: check
CVE-2008-6584 (html/index.php in TorrentFlux 2.3 allows remote authenticated users to ...)
@@ -7096,7 +7096,7 @@
CVE-2008-4917 (Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and ...)
NOT-FOR-US: VMware Workstation
CVE-2008-4916 (Unspecified vulnerability in a guest virtual device driver in VMware ...)
- TODO: check
+ NOT-FOR-US: VMWare
CVE-2008-4915 (The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and ...)
NOT-FOR-US: VMware Workstation
CVE-2008-4914 (Unspecified vulnerability in VMware ESXi 3.5 before ...)
More information about the Secure-testing-commits
mailing list