[Secure-testing-commits] r12664 - data/CVE

Joey Hess joeyh at alioth.debian.org
Sun Aug 23 09:14:18 UTC 2009 

Author: joeyh
Date: 2009-08-23 09:14:18 +0000 (Sun, 23 Aug 2009)
New Revision: 12664

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-08-23 04:02:17 UTC (rev 12663)
+++ data/CVE/list	2009-08-23 09:14:18 UTC (rev 12664)
@@ -1,3 +1,96 @@
+CVE-2009-2962
+	REJECTED
+	TODO: check
+CVE-2009-2925 (Directory traversal vulnerability in DJcalendar.cgi in DJCalendar ...)
+	TODO: check
+CVE-2009-2924 (Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 ...)
+	TODO: check
+CVE-2009-2923 (Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance ...)
+	TODO: check
+CVE-2009-2922 (Absolute path traversal vulnerability in pixaria.image.php in Pixaria ...)
+	TODO: check
+CVE-2009-2921 (Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP ...)
+	TODO: check
+CVE-2009-2920 (Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 ...)
+	TODO: check
+CVE-2009-2919 (Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 ...)
+	TODO: check
+CVE-2009-2918 (The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows ...)
+	TODO: check
+CVE-2009-2917 (Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote ...)
+	TODO: check
+CVE-2009-2916 (Format string vulnerability in the CNS_AddTxt function in logs.dll in ...)
+	TODO: check
+CVE-2009-2915 (SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery ...)
+	TODO: check
+CVE-2009-2914 (Cross-site scripting (XSS) vulnerability in index.php in XZero ...)
+	TODO: check
+CVE-2009-2913 (Cross-site scripting (XSS) vulnerability in index.php in XZero ...)
+	TODO: check
+CVE-2009-2912 (The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through ...)
+	TODO: check
+CVE-2009-2911
+	RESERVED
+CVE-2009-2910
+	RESERVED
+CVE-2009-2909
+	RESERVED
+CVE-2009-2908
+	RESERVED
+CVE-2009-2907
+	RESERVED
+CVE-2009-2906
+	RESERVED
+CVE-2009-2905
+	RESERVED
+CVE-2009-2904
+	RESERVED
+CVE-2009-2903
+	RESERVED
+CVE-2009-2902
+	RESERVED
+CVE-2009-2901
+	RESERVED
+CVE-2009-2900
+	RESERVED
+CVE-2009-2899
+	RESERVED
+CVE-2009-2898
+	RESERVED
+CVE-2009-2897
+	RESERVED
+CVE-2009-2896 (Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote ...)
+	TODO: check
+CVE-2009-2895 (SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate ...)
+	TODO: check
+CVE-2009-2894 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote ...)
+	TODO: check
+CVE-2009-2893 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+	TODO: check
+CVE-2009-2892 (Multiple SQL injection vulnerabilities in header.php in Scripteen Free ...)
+	TODO: check
+CVE-2009-2891 (SQL injection vulnerability in list.php in PHP Scripts Now Riddles ...)
+	TODO: check
+CVE-2009-2890 (Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts ...)
+	TODO: check
+CVE-2009-2889 (Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts ...)
+	TODO: check
+CVE-2009-2888 (SQL injection vulnerability in index.php in PHP Scripts Now Hangman ...)
+	TODO: check
+CVE-2009-2887 (Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts ...)
+	TODO: check
+CVE-2009-2886 (SQL injection vulnerability in bios.php in PHP Scripts Now President ...)
+	TODO: check
+CVE-2009-2885 (SQL injection vulnerability in bios.php in PHP Scripts Now World's ...)
+	TODO: check
+CVE-2009-2884 (Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts ...)
+	TODO: check
+CVE-2009-2883 (SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, ...)
+	TODO: check
+CVE-2009-2882 (Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking ...)
+	TODO: check
+CVE-2009-2881 (Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote ...)
+	TODO: check
 CVE-2009-XXXX [BackupPC ClientNameAlias ssh rsync backup security bypass]
 	- backuppc <unfixed> (low; bug #542218)
 	NOTE: no-dsa candidate
@@ -59,12 +152,15 @@
 CVE-2009-2855 (The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 ...)
 	- squid <unfixed> (low; bug #534982)
 CVE-2009-2854 (Wordpress before 2.8.3 does not check capabilities for certain ...)
+	{DSA-1871-1}
 	- wordpress 2.8.3-1
 CVE-2009-2853 (Wordpress before 2.8.3 allows remote attackers to gain privileges via ...)
+	{DSA-1871-1}
 	- wordpress 2.8.3-1
 CVE-2009-2852 (WP-Syntax plugin 0.9.1 and earlier for Wordpress, with ...)
 	NOT-FOR-US: WP-Syntax plugin
 CVE-2009-2851 (Cross-site scripting (XSS) vulnerability in the administrator ...)
+	{DSA-1871-1}
 	- wordpress 2.8.3-1 (low)
 CVE-2009-2850 (Multiple buffer overflows in NASA Common Data Format (CDF) allow ...)
 	NOT-FOR-US: NASA Common Data Format
@@ -503,8 +599,8 @@
 	RESERVED
 CVE-2009-2733
 	RESERVED
-CVE-2009-2732
-	RESERVED
+CVE-2009-2732 (The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier ...)
+	TODO: check
 CVE-2009-2731
 	RESERVED
 CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' ...)
@@ -691,8 +787,7 @@
 	RESERVED
 CVE-2009-2695
 	RESERVED
-CVE-2009-2694
-	RESERVED
+CVE-2009-2694 (The msn_slplink_process_msg function in ...)
 	{DSA-1870-1}
 	- pidgin 2.5.9-1 (medium; bug #542486)
 	- gaim <removed>
@@ -1736,6 +1831,7 @@
 	- wordpress 2.8.3-1 (unimportant; bug #536724)
 	NOTE: Minor information leak
 CVE-2009-2334 (wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not ...)
+	{DSA-1871-1}
 	- wordpress 2.8.3-1 (low; bug #536724)
 CVE-2009-2333 (Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and ...)
 	NOT-FOR-US: CMS Chainuk
@@ -4132,6 +4228,7 @@
 CVE-2009-1450 (PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 ...)
 	NOT-FOR-US: SMA-DB 
 CVE-2008-6767 (wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote ...)
+	{DSA-1871-1}
 	- wordpress 2.8.3-1 (low; bug #531736)
 	NOTE: low impact, probably no-dsa
 CVE-2008-6766 (cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote ...)
@@ -4143,6 +4240,7 @@
 CVE-2008-6763 (login2.php in Silentum LoginSys 1.0.0 allows remote attackers to ...)
 	NOT-FOR-US: Silentum LoginSys
 CVE-2008-6762 (Open redirect vulnerability in wp-admin/upgrade.php in WordPress, ...)
+	{DSA-1871-1}
 	- wordpress 2.8.3-1 (low; bug #531736)
 	NOTE: low impact, probably no-dsa
 CVE-2008-6761 (Static code injection vulnerability in admin/install.php in ...)
@@ -7551,8 +7649,8 @@
 	NOT-FOR-US: Content Management Made Easy
 CVE-2005-4878 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
 	- acidbase 1.2.1-1
-CVE-2009-0638
-	RESERVED
+CVE-2009-0638 (The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 ...)
+	TODO: check
 CVE-2009-0637 (The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI ...)
 	NOT-FOR-US: Cisco IOS
 CVE-2009-0636 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP ...)
@@ -11973,6 +12071,7 @@
 CVE-2008-XXXX [yzis insecure temp file]
 	- yzis 1.0~alpha1-2 (bug #504680)
 CVE-2008-5113 (WordPress 2.6.3 relies on the REQUEST superglobal array in certain ...)
+	{DSA-1871-1}
 	- wordpress 2.5.1-10 (bug #504771)
 CVE-2008-4990 (Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before ...)
 	NOT-FOR-US: Enomalism
@@ -12353,7 +12452,7 @@
 CVE-2008-4797 (Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server ...)
 	NOT-FOR-US: Arihiro Kurata Kantan WEB Server
 CVE-2008-4796 (The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 ...)
-	{DSA-1691-1}
+	{DSA-1871-1 DSA-1691-1}
 	- libphp-snoopy 1.2.4-1 (bug #504168; medium)
 	- ampache 3.4.1-2 (bug #504169)
 	- mahara 1.0.5-2 (bug #504170)
@@ -12426,6 +12525,7 @@
 	- ekg 1:1.8~rc0-1 (low)
 	TODO: check other embedding packages
 CVE-2008-4769 (Directory traversal vulnerability in the get_category_template ...)
+	{DSA-1871-1}
 	- wordpress 2.5.1-1
 CVE-2008-4768 (SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to ...)
 	NOT-FOR-US: TLM CMS
@@ -13989,6 +14089,7 @@
 	NOTE: the rand() and mt_rand() functions were never said to be cryptographically strong
 	NOTE: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html
 CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings about ...)
+	{DSA-1871-1}
 	- wordpress 2.5.1-8 (bug #500115)
 CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that ...)
 	NOT-FOR-US: Joomla
@@ -20554,7 +20655,7 @@
 	- serendipity 1.3-1
 	NOTE: http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html
 CVE-2008-1502 (The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in ...)
-	{DSA-1691-1}
+	{DSA-1871-1 DSA-1691-1}
 	- egroupware 1.4.002.dfsg-2.1 (bug #471839)
 	- wordpress 2.5.0-1 (bug #504243)
 	- moodle 1.8.2-1.3 (bug #489533)

More information about the Secure-testing-commits mailing list