[Secure-testing-commits] r12596 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Fri Aug 14 21:14:15 UTC 2009
Author: joeyh
Date: 2009-08-14 21:14:15 +0000 (Fri, 14 Aug 2009)
New Revision: 12596
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-14 20:16:54 UTC (rev 12595)
+++ data/CVE/list 2009-08-14 21:14:15 UTC (rev 12596)
@@ -1,3 +1,11 @@
+CVE-2009-2763
+ RESERVED
+CVE-2009-2762 (wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2008-6973 (Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 ...)
+ TODO: check
+CVE-2008-6961 (mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before ...)
+ TODO: check
CVE-2009-XXXX [XSS in drupal printing module]
- drupal6 <unfixed> (unimportant)
NOTE: you need admin privs in orde to exploit this
@@ -2,25 +10,25 @@
NOTE: http://lampsecurity.org/drupal-print-module-vulnerabilities
-CVE-2009-2761
+CVE-2009-2761 (Unquoted Windows search path vulnerability in the scheduler ...)
NOT-FOR-US: Avira AntiVir
-CVE-2008-6972
+CVE-2008-6972 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content ...)
NOT-FOR-US: Drupal Content Construction Kit (third-party module)
-CVE-2008-6971
+CVE-2008-6971 (The password reset functionality in Simple Machines Forum (SMF) 1.0.x ...)
NOT-FOR-US: Simple Machines Forum
-CVE-2008-6970
+CVE-2008-6970 (SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 ...)
NOT-FOR-US: UBB.threads
-CVE-2008-6969
+CVE-2008-6969 (Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in ...)
NOT-FOR-US: Avactis Shopping Cart
-CVE-2008-6968
+CVE-2008-6968 (Multiple SQL injection vulnerabilities in submit.php in Pligg CMS ...)
NOT-FOR-US: Pligg CMS
-CVE-2008-6967
+CVE-2008-6967 (Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon ...)
NOT-FOR-US: Alt-N MDaemon
-CVE-2008-6966
+CVE-2008-6966 (AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does ...)
NOT-FOR-US: AJ Square AJ Auction Pro Platinum Skin #1
-CVE-2008-6965
+CVE-2008-6965 (AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, ...)
NOT-FOR-US: AJ Square AJ Auction OOPD
-CVE-2008-6964
+CVE-2008-6964 (SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows ...)
NOT-FOR-US: X7 Chat
-CVE-2008-6963
+CVE-2008-6963 (admin.php in TurnkeyForms Text Link Sales allows remote attackers to ...)
NOT-FOR-US: TurnkeyForms Text Link Sales
-CVE-2008-6962
+CVE-2008-6962 (Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, ...)
NOT-FOR-US: Avira AntiVir Premium
@@ -355,6 +363,7 @@
RESERVED
CVE-2009-2692 [linux-2.6: NULL pointer dereference due to incorrect proto_ops initializations]
RESERVED
+ {DSA-1862-1}
- linux-2.6 <unfixed> (high; bug #541403)
- linux-2.6.24 <removed>
CVE-2009-2691 [linux-2.6: /proc/$pid/maps exposed during initial setuid ELF loading]
@@ -2055,26 +2064,26 @@
NOT-FOR-US: phpCollegeExchange
CVE-2009-2095 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Mundi Mail
-CVE-2009-2094
- RESERVED
-CVE-2009-2093
- RESERVED
-CVE-2009-2092
- RESERVED
-CVE-2009-2091
- RESERVED
-CVE-2009-2090
- RESERVED
-CVE-2009-2089
- RESERVED
-CVE-2009-2088
- RESERVED
-CVE-2009-2087
- RESERVED
+CVE-2009-2094 (Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise ...)
+ TODO: check
+CVE-2009-2093 (SQL injection vulnerability in the console in IBM WebSphere Partner ...)
+ TODO: check
+CVE-2009-2092 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not ...)
+ TODO: check
+CVE-2009-2091 (The System Management/Repository component in IBM WebSphere ...)
+ TODO: check
+CVE-2009-2090 (Unspecified vulnerability in wsadmin in the System ...)
+ TODO: check
+CVE-2009-2089 (The Migration component in IBM WebSphere Application Server (WAS) 6.1 ...)
+ TODO: check
+CVE-2009-2088 (The Servlet Engine/Web Container component in IBM WebSphere ...)
+ TODO: check
+CVE-2009-2087 (The Web Services functionality in IBM WebSphere Application Server ...)
+ TODO: check
CVE-2009-2086
- RESERVED
-CVE-2009-2085
- RESERVED
+ REJECTED
+CVE-2009-2085 (The Security component in IBM WebSphere Application Server (WAS) 6.1 ...)
+ TODO: check
CVE-2009-2084 (Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 ...)
{DSA-1776-1}
- slurm-llnl 1.3.15-1 (bug #524980)
@@ -2526,7 +2535,7 @@
NOT-FOR-US: IBM WebSphere
CVE-2009-1900 (The Configservice APIs in the Administrative Console component in IBM ...)
NOT-FOR-US: IBM WebSphere
-CVE-2009-1899 (Unspecified vulnerability in the System Management/Repository ...)
+CVE-2009-1899 (Unspecified vulnerability in the Administrative Configservice API in ...)
NOT-FOR-US: IBM WebSphere
CVE-2009-1898 (The secure login page in the Administrative Console component in IBM ...)
NOT-FOR-US: IBM WebSphere
@@ -3517,9 +3526,9 @@
NOTE: FEDORA-2009-3639 (http://lwn.net/Articles/331605)
CVE-2009-1547
RESERVED
-CVE-2009-1546 (Integer overflow in the Windows Media file handling functionality in ...)
+CVE-2009-1546 (Integer overflow in Avifil32.dll in the Windows Media file handling ...)
NOT-FOR-US: Microsoft Windows
-CVE-2009-1545 (Unspecified vulnerability in the Windows Media file handling ...)
+CVE-2009-1545 (Unspecified vulnerability in Avifil32.dll in the Windows Media file ...)
NOT-FOR-US: Microsoft Windows
CVE-2009-1544 (Double free vulnerability in the Workstation service in Microsoft ...)
NOT-FOR-US: Microsoft Windows
@@ -5865,9 +5874,9 @@
CVE-2009-0908 (Unspecified vulnerability in the ACE shared folders implementation in ...)
NOT-FOR-US: VmWare
CVE-2009-0907
- RESERVED
-CVE-2009-0906
- RESERVED
+ REJECTED
+CVE-2009-0906 (The Service Component Architecture (SCA) feature pack for IBM ...)
+ TODO: check
CVE-2009-0905
RESERVED
CVE-2009-0904 (The IBM Stax XMLStreamWriter in the Web Services component in IBM ...)
@@ -8106,7 +8115,7 @@
NOT-FOR-US: IBM AIX
CVE-2009-0369 (Microsoft Internet Explorer 7 allows remote attackers to trick a user ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2008-6045 (Session fixation vulnerability in xt:Commerce 3.0.4 and earlier allows ...)
+CVE-2008-6045 (Session fixation vulnerability in shopping_cart.php in xt:Commerce ...)
NOT-FOR-US: xt:Commerce
CVE-2008-6044 (Cross-site scripting (XSS) vulnerability in advanced_search_result.php ...)
NOT-FOR-US: xt:Commerce
@@ -12227,7 +12236,7 @@
NOT-FOR-US: The Gemini Portal
CVE-2008-4719 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: openEngine
-CVE-2008-4718 (Directory traversal vulnerability in help/mini.phpin X7 Chat 2.0.1 A1 ...)
+CVE-2008-4718 (Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 ...)
NOT-FOR-US: X7 Chat
CVE-2008-4717 (SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0 allows ...)
NOT-FOR-US: ZEELYRICS
@@ -12772,7 +12781,7 @@
NOT-FOR-US: SACphp
CVE-2008-4485 (Cross-site scripting (XSS) vulnerability in the ICAP patience page in ...)
NOT-FOR-US: Blue Coat Security Gateway OS
-CVE-2008-4484 (main.php in Crux Gallery 1.32 and earlier assumes that the user is an ...)
+CVE-2008-4484 (main.php in Crux Gallery 1.32 and earlier allows remote attackers to ...)
NOT-FOR-US: Crux Gallery
CVE-2008-4483 (Directory traversal vulnerability in index.php in Crux Gallery 1.32 ...)
NOT-FOR-US: Crux Gallery
@@ -13122,7 +13131,7 @@
NOT-FOR-US: vbLOGIX Tutorial Script
CVE-2008-4349 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...)
NOT-FOR-US: s0nic Paranews
-CVE-2008-4348 (SQL injection vulnerability in photo.php in PHPortfolio allows remote ...)
+CVE-2008-4348 (SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, ...)
NOT-FOR-US: PHPortfolio
CVE-2008-4347 (SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows ...)
NOT-FOR-US: Powie pNews
@@ -13426,7 +13435,7 @@
NOT-FOR-US: Attachmax Dolphin
CVE-2008-4206 (PHP remote file inclusion vulnerability in config.php in Attachmax ...)
NOT-FOR-US: Attachmax Dolphin
-CVE-2008-4205 (SQL injection vulnerability in index.php in Attachmax Dolphin 2.1.0 ...)
+CVE-2008-4205 (SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 ...)
NOT-FOR-US: Attachmax Dolphin
CVE-2008-4204 (SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation ...)
NOT-FOR-US: SoftAcid Hotel Reservation System
@@ -13535,7 +13544,7 @@
NOT-FOR-US: Invision Power Board
CVE-2008-4170 (create_account.php in osCommerce 2.2 RC 2a allows remote attackers to ...)
NOT-FOR-US: osCommerce
-CVE-2008-4169 (SQL injection vulnerability in detaillist.php in iScripts EasyIndex ...)
+CVE-2008-4169 (SQL injection vulnerability in detaillist.php in iScripts EasyIndex, ...)
NOT-FOR-US: iScripts EasyIndex
CVE-2008-4168 (Cross-site scripting (XSS) vulnerability in verify_login.jsp in ...)
NOT-FOR-US: Pro2col Stingray FTS
@@ -13605,7 +13614,7 @@
NOT-FOR-US: PHP-Crawler
CVE-2008-4136 (Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote ...)
NOT-FOR-US: Michael Roth Software Personal FTP Server (PFT)
-CVE-2008-4135 (Symbian OS S60 3rd edition on the Nokia E90 Communicator and Nseries ...)
+CVE-2008-4135 (Symbian OS S60 3rd edition on the Nokia E90 Communicator 07.40.1.2 ...)
NOT-FOR-US: Symbian
CVE-2008-4134 (PHP remote file inclusion vulnerability in manager/static/view.php in ...)
NOT-FOR-US: phpRealty
@@ -16147,7 +16156,8 @@
NOT-FOR-US: Xerox CentreWare Web
CVE-2008-3121 (Multiple cross-site scripting (XSS) vulnerabilities in Xerox ...)
NOT-FOR-US: Xerox CentreWare Web
-CVE-2008-3120 (Directory traversal vulnerability in user_portal.php in Dokeos 1.8.5, ...)
+CVE-2008-3120
+ REJECTED
NOT-FOR-US: Dokeos
CVE-2008-3119 (SQL injection vulnerability in index.php in DreamPics Builder allows ...)
NOT-FOR-US: DreamPics Builder
@@ -29896,6 +29906,7 @@
CVE-2007-4484 (PHP remote file inclusion vulnerability in login.php in My_REFERER ...)
NOT-FOR-US: My_REFERER
CVE-2007-4483 (Cross-site scripting (XSS) vulnerability in index.php in the WordPress ...)
+ {DSA-1285-1}
- wordpress 2.1.3-1 (medium)
CVE-2007-4482 (Cross-site scripting (XSS) vulnerability in index.php in the Pool ...)
NOT-FOR-US: Pool 1.0.7 theme for WordPress
More information about the Secure-testing-commits
mailing list