[Secure-testing-commits] r12664 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Sun Aug 23 09:14:18 UTC 2009
Author: joeyh
Date: 2009-08-23 09:14:18 +0000 (Sun, 23 Aug 2009)
New Revision: 12664
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-23 04:02:17 UTC (rev 12663)
+++ data/CVE/list 2009-08-23 09:14:18 UTC (rev 12664)
@@ -1,3 +1,96 @@
+CVE-2009-2962
+ REJECTED
+ TODO: check
+CVE-2009-2925 (Directory traversal vulnerability in DJcalendar.cgi in DJCalendar ...)
+ TODO: check
+CVE-2009-2924 (Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 ...)
+ TODO: check
+CVE-2009-2923 (Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance ...)
+ TODO: check
+CVE-2009-2922 (Absolute path traversal vulnerability in pixaria.image.php in Pixaria ...)
+ TODO: check
+CVE-2009-2921 (Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP ...)
+ TODO: check
+CVE-2009-2920 (Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 ...)
+ TODO: check
+CVE-2009-2919 (Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 ...)
+ TODO: check
+CVE-2009-2918 (The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows ...)
+ TODO: check
+CVE-2009-2917 (Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote ...)
+ TODO: check
+CVE-2009-2916 (Format string vulnerability in the CNS_AddTxt function in logs.dll in ...)
+ TODO: check
+CVE-2009-2915 (SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery ...)
+ TODO: check
+CVE-2009-2914 (Cross-site scripting (XSS) vulnerability in index.php in XZero ...)
+ TODO: check
+CVE-2009-2913 (Cross-site scripting (XSS) vulnerability in index.php in XZero ...)
+ TODO: check
+CVE-2009-2912 (The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through ...)
+ TODO: check
+CVE-2009-2911
+ RESERVED
+CVE-2009-2910
+ RESERVED
+CVE-2009-2909
+ RESERVED
+CVE-2009-2908
+ RESERVED
+CVE-2009-2907
+ RESERVED
+CVE-2009-2906
+ RESERVED
+CVE-2009-2905
+ RESERVED
+CVE-2009-2904
+ RESERVED
+CVE-2009-2903
+ RESERVED
+CVE-2009-2902
+ RESERVED
+CVE-2009-2901
+ RESERVED
+CVE-2009-2900
+ RESERVED
+CVE-2009-2899
+ RESERVED
+CVE-2009-2898
+ RESERVED
+CVE-2009-2897
+ RESERVED
+CVE-2009-2896 (Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote ...)
+ TODO: check
+CVE-2009-2895 (SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate ...)
+ TODO: check
+CVE-2009-2894 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote ...)
+ TODO: check
+CVE-2009-2893 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2009-2892 (Multiple SQL injection vulnerabilities in header.php in Scripteen Free ...)
+ TODO: check
+CVE-2009-2891 (SQL injection vulnerability in list.php in PHP Scripts Now Riddles ...)
+ TODO: check
+CVE-2009-2890 (Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts ...)
+ TODO: check
+CVE-2009-2889 (Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts ...)
+ TODO: check
+CVE-2009-2888 (SQL injection vulnerability in index.php in PHP Scripts Now Hangman ...)
+ TODO: check
+CVE-2009-2887 (Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts ...)
+ TODO: check
+CVE-2009-2886 (SQL injection vulnerability in bios.php in PHP Scripts Now President ...)
+ TODO: check
+CVE-2009-2885 (SQL injection vulnerability in bios.php in PHP Scripts Now World's ...)
+ TODO: check
+CVE-2009-2884 (Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts ...)
+ TODO: check
+CVE-2009-2883 (SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, ...)
+ TODO: check
+CVE-2009-2882 (Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking ...)
+ TODO: check
+CVE-2009-2881 (Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote ...)
+ TODO: check
CVE-2009-XXXX [BackupPC ClientNameAlias ssh rsync backup security bypass]
- backuppc <unfixed> (low; bug #542218)
NOTE: no-dsa candidate
@@ -59,12 +152,15 @@
CVE-2009-2855 (The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 ...)
- squid <unfixed> (low; bug #534982)
CVE-2009-2854 (Wordpress before 2.8.3 does not check capabilities for certain ...)
+ {DSA-1871-1}
- wordpress 2.8.3-1
CVE-2009-2853 (Wordpress before 2.8.3 allows remote attackers to gain privileges via ...)
+ {DSA-1871-1}
- wordpress 2.8.3-1
CVE-2009-2852 (WP-Syntax plugin 0.9.1 and earlier for Wordpress, with ...)
NOT-FOR-US: WP-Syntax plugin
CVE-2009-2851 (Cross-site scripting (XSS) vulnerability in the administrator ...)
+ {DSA-1871-1}
- wordpress 2.8.3-1 (low)
CVE-2009-2850 (Multiple buffer overflows in NASA Common Data Format (CDF) allow ...)
NOT-FOR-US: NASA Common Data Format
@@ -503,8 +599,8 @@
RESERVED
CVE-2009-2733
RESERVED
-CVE-2009-2732
- RESERVED
+CVE-2009-2732 (The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier ...)
+ TODO: check
CVE-2009-2731
RESERVED
CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' ...)
@@ -691,8 +787,7 @@
RESERVED
CVE-2009-2695
RESERVED
-CVE-2009-2694
- RESERVED
+CVE-2009-2694 (The msn_slplink_process_msg function in ...)
{DSA-1870-1}
- pidgin 2.5.9-1 (medium; bug #542486)
- gaim <removed>
@@ -1736,6 +1831,7 @@
- wordpress 2.8.3-1 (unimportant; bug #536724)
NOTE: Minor information leak
CVE-2009-2334 (wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not ...)
+ {DSA-1871-1}
- wordpress 2.8.3-1 (low; bug #536724)
CVE-2009-2333 (Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and ...)
NOT-FOR-US: CMS Chainuk
@@ -4132,6 +4228,7 @@
CVE-2009-1450 (PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 ...)
NOT-FOR-US: SMA-DB
CVE-2008-6767 (wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote ...)
+ {DSA-1871-1}
- wordpress 2.8.3-1 (low; bug #531736)
NOTE: low impact, probably no-dsa
CVE-2008-6766 (cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote ...)
@@ -4143,6 +4240,7 @@
CVE-2008-6763 (login2.php in Silentum LoginSys 1.0.0 allows remote attackers to ...)
NOT-FOR-US: Silentum LoginSys
CVE-2008-6762 (Open redirect vulnerability in wp-admin/upgrade.php in WordPress, ...)
+ {DSA-1871-1}
- wordpress 2.8.3-1 (low; bug #531736)
NOTE: low impact, probably no-dsa
CVE-2008-6761 (Static code injection vulnerability in admin/install.php in ...)
@@ -7551,8 +7649,8 @@
NOT-FOR-US: Content Management Made Easy
CVE-2005-4878 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
- acidbase 1.2.1-1
-CVE-2009-0638
- RESERVED
+CVE-2009-0638 (The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 ...)
+ TODO: check
CVE-2009-0637 (The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI ...)
NOT-FOR-US: Cisco IOS
CVE-2009-0636 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP ...)
@@ -11973,6 +12071,7 @@
CVE-2008-XXXX [yzis insecure temp file]
- yzis 1.0~alpha1-2 (bug #504680)
CVE-2008-5113 (WordPress 2.6.3 relies on the REQUEST superglobal array in certain ...)
+ {DSA-1871-1}
- wordpress 2.5.1-10 (bug #504771)
CVE-2008-4990 (Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before ...)
NOT-FOR-US: Enomalism
@@ -12353,7 +12452,7 @@
CVE-2008-4797 (Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server ...)
NOT-FOR-US: Arihiro Kurata Kantan WEB Server
CVE-2008-4796 (The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 ...)
- {DSA-1691-1}
+ {DSA-1871-1 DSA-1691-1}
- libphp-snoopy 1.2.4-1 (bug #504168; medium)
- ampache 3.4.1-2 (bug #504169)
- mahara 1.0.5-2 (bug #504170)
@@ -12426,6 +12525,7 @@
- ekg 1:1.8~rc0-1 (low)
TODO: check other embedding packages
CVE-2008-4769 (Directory traversal vulnerability in the get_category_template ...)
+ {DSA-1871-1}
- wordpress 2.5.1-1
CVE-2008-4768 (SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to ...)
NOT-FOR-US: TLM CMS
@@ -13989,6 +14089,7 @@
NOTE: the rand() and mt_rand() functions were never said to be cryptographically strong
NOTE: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html
CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings about ...)
+ {DSA-1871-1}
- wordpress 2.5.1-8 (bug #500115)
CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that ...)
NOT-FOR-US: Joomla
@@ -20554,7 +20655,7 @@
- serendipity 1.3-1
NOTE: http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html
CVE-2008-1502 (The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in ...)
- {DSA-1691-1}
+ {DSA-1871-1 DSA-1691-1}
- egroupware 1.4.002.dfsg-2.1 (bug #471839)
- wordpress 2.5.0-1 (bug #504243)
- moodle 1.8.2-1.3 (bug #489533)
More information about the Secure-testing-commits
mailing list