[Secure-testing-commits] r12629 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Tue Aug 18 07:50:58 UTC 2009
Author: derevko-guest
Date: 2009-08-18 07:50:58 +0000 (Tue, 18 Aug 2009)
New Revision: 12629
Modified:
data/CVE/list
Log:
- NFUs
- CVE id for OCS Inventory NG Server already requested
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-18 07:38:11 UTC (rev 12628)
+++ data/CVE/list 2009-08-18 07:50:58 UTC (rev 12629)
@@ -1,41 +1,42 @@
CVE-2009-2778 (Cross-site scripting (XSS) vulnerability in visitor/view.php in ...)
- TODO: check
+ NOT-FOR-US: GarageSales script
CVE-2009-2777 (SQL injection vulnerability in visitor/view.php in GarageSales Script ...)
- TODO: check
+ NOT-FOR-US: GarageSales Script
CVE-2009-2776 (SQL injection vulnerability in showresult.asp in Smart ASP Survey ...)
- TODO: check
+ NOT-FOR-US: Smart ASP Survey
CVE-2009-2775 (SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP ...)
- TODO: check
+ NOT-FOR-US: PHPArcadeScript
CVE-2009-2774 (SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail ...)
- TODO: check
+ NOT-FOR-US: PHP Paid 4 Mail
CVE-2009-2773 (PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail ...)
- TODO: check
+ NOT-FOR-US: PHP Paid 4 Mail
CVE-2009-2772 (Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate ...)
- TODO: check
+ NOT-FOR-US: PG Roommate Finder Solution
CVE-2009-2771 (Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 ...)
- TODO: check
+ NOT-FOR-US: Free Arcade Script
CVE-2009-2770 (PowerUpload 2.4 allows remote attackers to bypass authentication and ...)
- TODO: check
+ NOT-FOR-US: PowerUpload
CVE-2009-2769 (PHP remote file inclusion vulnerability in include/timesheet.php in ...)
- TODO: check
+ NOT-FOR-US: Ultrize TimeSheet
CVE-2009-2768 (The load_flat_shared_library function in fs/binfmt_flat.c in the flat ...)
TODO: check
CVE-2009-2767 (The init_posix_timers function in kernel/posix-timers.c in the Linux ...)
TODO: check
CVE-2009-2766 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not ...)
- TODO: check
+ NOT-FOR-US: DD-WRT
CVE-2009-2765 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other ...)
- TODO: check
+ NOT-FOR-US: DD-WRT
CVE-2009-2764 (Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2008-6975 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: DD-WRT
CVE-2008-6974 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: DD-WRT
CVE-2009-XXXX [Sql injection in OCS Inventory NG Server]
- ocsinventory-server <unfixed> (low; bug #541995)
NOTE: http://seclists.org/fulldisclosure/2009/Aug/0143.html
NOTE: Authentication is needed
+ NOTE: cve id already requested on oss-sec
CVE-2009-2763
RESERVED
CVE-2009-XXXX [logrotate race condition could lead to file disclosure]
@@ -442,7 +443,7 @@
CVE-2009-2678
RESERVED
CVE-2009-2677 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...)
- TODO: check
+ NOT-FOR-US: HP Insight Control Suite For Linux (aka ICE-LX)
CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE ...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
@@ -5532,7 +5533,7 @@
CVE-2008-6512 (Cross-domain vulnerability in the WorkerPool API in Google Gears ...)
NOT-FOR-US: Google Gears
CVE-2009-1048 (The web interface on the snom VoIP phones snom 300, snom 320, snom ...)
- TODO: check
+ NOT-FOR-US: snom VoIP phones
CVE-2009-1047 (Cross-site scripting (XSS) vulnerability in the Send by e-mail module ...)
NOT-FOR-US: Send by e-mail module for Drupal
CVE-2009-1046 (The console selection feature in the Linux kernel 2.6.28 before ...)
More information about the Secure-testing-commits
mailing list