[Secure-testing-commits] r11170 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Mon Feb 9 21:14:15 UTC 2009


Author: joeyh
Date: 2009-02-09 21:14:15 +0000 (Mon, 09 Feb 2009)
New Revision: 11170

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-02-09 20:13:54 UTC (rev 11169)
+++ data/CVE/list	2009-02-09 21:14:15 UTC (rev 11170)
@@ -1,3 +1,157 @@
+CVE-2009-0479 (Multiple SQL injection vulnerabilities in admin/admin_login.php in ...)
+	TODO: check
+CVE-2009-0477 (Unspecified vulnerability in the process (aka proc) filesystem in Sun ...)
+	TODO: check
+CVE-2009-0476 (Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 ...)
+	TODO: check
+CVE-2009-0475
+	RESERVED
+CVE-2009-0474 (The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A ...)
+	TODO: check
+CVE-2009-0473 (Open redirect vulnerability in the web interface in the Rockwell ...)
+	TODO: check
+CVE-2009-0472 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
+	TODO: check
+CVE-2009-0471 (Cross-site request forgery (CSRF) vulnerability in the HTTP server in ...)
+	TODO: check
+CVE-2009-0470 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server ...)
+	TODO: check
+CVE-2009-0469 (Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI ...)
+	TODO: check
+CVE-2009-0468 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
+CVE-2009-0467 (Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web ...)
+	TODO: check
+CVE-2009-0466 (Cross-site scripting (XSS) vulnerability in Vivvo CMS before 4.1.1 ...)
+	TODO: check
+CVE-2009-0465 (The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ...)
+	TODO: check
+CVE-2009-0464 (PHP remote file inclusion vulnerability in includes/header.php in ...)
+	TODO: check
+CVE-2009-0463 (PHP remote file inclusion vulnerability in includes/header.php in ...)
+	TODO: check
+CVE-2009-0462 (Multiple SQL injection vulnerabilities in customer_login_check.asp in ...)
+	TODO: check
+CVE-2009-0461 (Whole Hog Password Protect: Enhanced 1.x allows remote attackers to ...)
+	TODO: check
+CVE-2009-0460 (Whole Hog Ware Support 1.x allows remote attackers to bypass ...)
+	TODO: check
+CVE-2009-0459 (Multiple SQL injection vulnerabilities in admin/login_submit.php in ...)
+	TODO: check
+CVE-2009-0458 (Multiple SQL injection vulnerabilities in admin/login_submit.php in ...)
+	TODO: check
+CVE-2009-0457 (Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow ...)
+	TODO: check
+CVE-2009-0456 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2009-0455
+	RESERVED
+CVE-2009-0454 (Multiple SQL injection vulnerabilities in DMXReady Online Notebook ...)
+	TODO: check
+CVE-2009-0453 (Online Grades 3.2.4 allows remote attackers to obtain configuration ...)
+	TODO: check
+CVE-2009-0452 (Multiple SQL injection vulnerabilities in parents/login.php in Online ...)
+	TODO: check
+CVE-2009-0451 (SQL injection vulnerability in Skalfa SkaLinks 1.5 allows remote ...)
+	TODO: check
+CVE-2009-0450 (Stack-based buffer overflow in BlazeVideo HDTV Player 3.5 and earlier ...)
+	TODO: check
+CVE-2009-0449 (Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations ...)
+	TODO: check
+CVE-2009-0448 (Directory traversal vulnerability in admin/modules/aa/preview.php in ...)
+	TODO: check
+CVE-2009-0447 (Multiple SQL injection vulnerabilities in default.asp in MyDesign ...)
+	TODO: check
+CVE-2009-0446 (SQL injection vulnerability in photo.php in WEBalbum 2.4b allows ...)
+	TODO: check
+CVE-2009-0445 (SQL injection vulnerability in index.php in Dreampics Gallery Builder ...)
+	TODO: check
+CVE-2009-0444 (Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, ...)
+	TODO: check
+CVE-2009-0443 (Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116 allows ...)
+	TODO: check
+CVE-2009-0442 (Directory traversal vulnerability in bbcode.php in PHPbbBook 1.3 and ...)
+	TODO: check
+CVE-2009-0441 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2009-0440
+	RESERVED
+CVE-2009-0439
+	RESERVED
+CVE-2009-0438
+	RESERVED
+CVE-2009-0437
+	RESERVED
+CVE-2009-0436
+	RESERVED
+CVE-2009-0435
+	RESERVED
+CVE-2009-0434
+	RESERVED
+CVE-2009-0433
+	RESERVED
+CVE-2009-0432
+	RESERVED
+CVE-2008-6090 (Directory traversal vulnerability in members.php in ScriptsEz Mini ...)
+	TODO: check
+CVE-2008-6089 (Directory traversal vulnerability in main.php in ScriptsEz Easy Image ...)
+	TODO: check
+CVE-2008-6088 (SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01 ...)
+	TODO: check
+CVE-2008-6087 (Cross-site scripting (XSS) vulnerability in topic.php in Camera Life ...)
+	TODO: check
+CVE-2008-6086 (SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows ...)
+	TODO: check
+CVE-2008-6085 (Integer overflow in multiple F-Secure anti-virus products, including ...)
+	TODO: check
+CVE-2008-6084 (Unrestricted file upload vulnerability in pages/download.php in Iamma ...)
+	TODO: check
+CVE-2008-6083 (Directory traversal vulnerability in header.php in TXTshop beta 1.0 ...)
+	TODO: check
+CVE-2008-6082 (Titan FTP Server 6.26 build 630 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2008-6081 (SQL injection vulnerability in contact.php in Simple Customer 1.2 ...)
+	TODO: check
+CVE-2008-6080 (Directory traversal vulnerability in download.php in the ionFiles ...)
+	TODO: check
+CVE-2008-6079 (Multiple unspecified vulnerabilities in imlib2 before 1.4.2 have ...)
+	TODO: check
+CVE-2008-6078 (SQL injection vulnerability in open.php in the Private Messaging ...)
+	TODO: check
+CVE-2008-6077 (SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a ...)
+	TODO: check
+CVE-2008-6076 (SQL injection vulnerability in the Daily Message (com_dailymessage) ...)
+	TODO: check
+CVE-2008-6075 (SQL injection vulnerability in aspkat.asp in Bahar Download Script 2.0 ...)
+	TODO: check
+CVE-2008-6074 (Directory traversal vulnerability in frame.php in phpcrs 2.06 and ...)
+	TODO: check
+CVE-2008-6073 (StorageCrypt 2.0.1 does not properly encrypt disks, which allows local ...)
+	TODO: check
+CVE-2008-6072 (Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, ...)
+	TODO: check
+CVE-2008-6071 (Heap-based buffer overflow in the DecodeImage function in ...)
+	TODO: check
+CVE-2008-6070 (Multiple heap-based buffer underflows in the ReadPALMImage function in ...)
+	TODO: check
+CVE-2008-6069 (SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 ...)
+	TODO: check
+CVE-2008-6068 (SQL injection vulnerability in the JoomlaDate (com_joomladate) ...)
+	TODO: check
+CVE-2003-1569 (GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote ...)
+	TODO: check
+CVE-2003-1568 (GoAhead WebServer before 2.1.6 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2002-2431 (Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows ...)
+	TODO: check
+CVE-2002-2430 (GoAhead WebServer before 2.1.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2002-2429 (webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to ...)
+	TODO: check
+CVE-2002-2428 (webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to ...)
+	TODO: check
+CVE-2002-2427 (The security handler in GoAhead WebServer before 2.1.1 allows remote ...)
+	TODO: check
 CVE-2008-XXXX [iceweasel-firegpg: Passphrase and Cleartext Recovery]
 	- iceweasel-firegpg <unfixed> (bug #514386)
 CVE-2009-0431 (SQL injection vulnerability in Default.asp in LinksPro Standard ...)
@@ -73,8 +227,8 @@
 	NOT-FOR-US: ADbNewsSender
 CVE-2008-6046 (SQL injection vulnerability in ADbNewsSender before 1.5.2 allows ...)
 	NOT-FOR-US: ADbNewsSender
-CVE-2009-0417
-	RESERVED
+CVE-2009-0417 (Cross-site scripting (XSS) vulnerability in the ...)
+	TODO: check
 CVE-2009-0416 (The SSL certificate setup program (genSslCert.sh) in Standards Based ...)
 	NOT-FOR-US: sblim-sfcb
 CVE-2009-0415 (Untrusted search path vulnerability in trickle 1.07 allows local users ...)
@@ -165,10 +319,10 @@
 	NOT-FOR-US: Joomla
 CVE-2009-0377 (SQL injection vulnerability in the beamospetition (com_beamospetition) ...)
 	NOT-FOR-US: Joomla
-CVE-2009-0376
-	RESERVED
-CVE-2009-0375
-	RESERVED
+CVE-2009-0376 (A DLL file in RealNetworks RealPlayer 11 allows remote attackers to ...)
+	TODO: check
+CVE-2009-0375 (A DLL file in RealNetworks RealPlayer 11 allows remote attackers to ...)
+	TODO: check
 CVE-2009-0374 (** DISPUTED ** ...)
 	NOT-FOR-US: Google Chrome
 CVE-2009-0373 (SQL injection vulnerability in the ElearningForce Flash Magazine ...)
@@ -265,7 +419,7 @@
 	- mahara 1.0.9-1 (low)
 	[lenny] - mahara 1.0.4-4
 	NOTE: CVE id requested
-CVE-2009-0478 [squid: denial of service]
+CVE-2009-0478 (Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 ...)
 	- squid 2.7.STABLE3-4.1 (medium; bug #514142)
 	- squid3 3.0.STABLE8-3 (medium)
 	[etch] - squid <not-affected> (Vulnerable code not present)
@@ -461,7 +615,7 @@
 	[etch] - gnumeric <no-dsa> (Minor issue)
 CVE-2009-0317 (Untrusted search path vulnerability in the Python language bindings ...)
 	- nautilus-python 0.4.3-3.2 (low; bug #513419)
-CVE-2009-0316 (Untrusted search path vulnerability in the Python module in vim allows ...)
+CVE-2009-0316 (Untrusted search path vulnerability in src/if_python.c in the Python ...)
 	- vim 2:7.2.025-2 (low; bug #493937)
 	[lenny] - vim 1:7.1.314-3+lenny2
 	NOTE: Could be fixed via next DSA with other issues
@@ -838,24 +992,24 @@
 	RESERVED
 CVE-2009-0215
 	RESERVED
-CVE-2009-0214
-	RESERVED
-CVE-2009-0213
-	RESERVED
-CVE-2009-0212
-	RESERVED
-CVE-2009-0211
-	RESERVED
-CVE-2009-0210
-	RESERVED
+CVE-2009-0214 (Unspecified vulnerability in the WebFGServer application in AREVA ...)
+	TODO: check
+CVE-2009-0213 (Unspecified vulnerability in the NETIO application in AREVA ...)
+	TODO: check
+CVE-2009-0212 (Unspecified vulnerability in the WebFGServer application in AREVA ...)
+	TODO: check
+CVE-2009-0211 (Unspecified vulnerability in the WebFGServer application in AREVA ...)
+	TODO: check
+CVE-2009-0210 (Buffer overflow in the MLF application in AREVA e-terrahabitat 5.7 and ...)
+	TODO: check
 CVE-2009-0209
 	RESERVED
 CVE-2009-0208
 	RESERVED
 CVE-2009-0207
 	RESERVED
-CVE-2009-0206
-	RESERVED
+CVE-2009-0206 (Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier ...)
+	TODO: check
 CVE-2009-0205
 	RESERVED
 CVE-2009-0204 (Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and ...)
@@ -4530,14 +4684,14 @@
 	RESERVED
 CVE-2008-4563
 	RESERVED
-CVE-2008-4562
-	RESERVED
+CVE-2008-4562 (Buffer overflow in the ovlaunch CGI program in HP OpenView Network ...)
+	TODO: check
 CVE-2008-4561
 	RESERVED
-CVE-2008-4560
-	RESERVED
-CVE-2008-4559
-	RESERVED
+CVE-2008-4560 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows ...)
+	TODO: check
+CVE-2008-4559 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows ...)
+	TODO: check
 CVE-2008-4557 (plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 ...)
 	NOT-FOR-US: CuteNews.ru
 CVE-2008-4556 (Stack-based buffer overflow in the adm_build_path function in sadmind ...)
@@ -13243,9 +13397,9 @@
 	NOT-FOR-US: CTSUEng.ocx
 CVE-2008-0954
 	RESERVED
-CVE-2008-0953 (Unspecified vulnerability in a certain ActiveX control in ...)
+CVE-2008-0953 (The StartApp function in the HPISDataManagerLib.Datamgr ActiveX ...)
 	NOT-FOR-US: ActiveX control
-CVE-2008-0952 (Unspecified vulnerability in a certain ActiveX control in ...)
+CVE-2008-0952 (The AppendStringToFile function in the HPISDataManagerLib.Datamgr ...)
 	NOT-FOR-US: ActiveX control
 CVE-2008-0951 (Microsoft Windows Vista does not properly enforce the ...)
 	NOT-FOR-US: Windows Vista
@@ -18590,19 +18744,19 @@
 	NOT-FOR-US: IBM Director
 CVE-2007-5611
 	RESERVED
-CVE-2007-5610 (Unspecified vulnerability in a certain ActiveX control in ...)
+CVE-2007-5610 (The DeleteSingleFile function in the HPISDataManagerLib.Datamgr ...)
 	NOT-FOR-US: ActiveX control
 CVE-2007-5609
 	RESERVED
-CVE-2007-5608 (Unspecified vulnerability in a certain ActiveX control in ...)
+CVE-2007-5608 (The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX ...)
 	NOT-FOR-US: ActiveX control
-CVE-2007-5607 (Unspecified vulnerability in a certain ActiveX control in ...)
+CVE-2007-5607 (Buffer overflow in the RegistryString function in the ...)
 	NOT-FOR-US: ActiveX control
-CVE-2007-5606 (Unspecified vulnerability in a certain ActiveX control in ...)
+CVE-2007-5606 (Buffer overflow in the MoveFile function in the ...)
 	NOT-FOR-US: ActiveX control
-CVE-2007-5605 (Unspecified vulnerability in a certain ActiveX control in ...)
+CVE-2007-5605 (Buffer overflow in the GetFileTime function in the ...)
 	NOT-FOR-US: ActiveX control
-CVE-2007-5604 (Unspecified vulnerability in a certain ActiveX control in ...)
+CVE-2007-5604 (Buffer overflow in the ExtractCab function in the ...)
 	NOT-FOR-US: ActiveX control
 CVE-2007-5603 (Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender ...)
 	NOT-FOR-US: SonicWall SSL-VPN NetExtender




More information about the Secure-testing-commits mailing list