[Secure-testing-commits] r11232 - data/CVE
white at alioth.debian.org
white at alioth.debian.org
Wed Feb 18 10:30:37 UTC 2009
Author: white
Date: 2009-02-18 10:30:36 +0000 (Wed, 18 Feb 2009)
New Revision: 11232
Modified:
data/CVE/list
Log:
NFUs; libpam-heimdal/libpam-krb5 issues fixed in sid
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-02-18 09:14:11 UTC (rev 11231)
+++ data/CVE/list 2009-02-18 10:30:36 UTC (rev 11232)
@@ -1,9 +1,9 @@
CVE-2009-0604 (SQL injection vulnerability in index.php in PHP Director 0.21 and ...)
- TODO: check
+ NOT-FOR-US: PHP Director
CVE-2009-0603 (Cross-site scripting (XSS) vulnerability in index.php in the Link ...)
- TODO: check
+ NOT-FOR-US: Link drupal module
CVE-2009-0602 (Unrestricted file upload vulnerability in upload.php in WikkiTikkiTavi ...)
- TODO: check
+ NOT-FOR-US: WikkiTikkiTavi
CVE-2009-0601 (Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on ...)
TODO: check
CVE-2009-0600 (Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers ...)
@@ -11,49 +11,49 @@
CVE-2009-0599 (Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through ...)
TODO: check
CVE-2009-0598 (SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 ...)
- TODO: check
+ NOT-FOR-US: PhpMesFilms
CVE-2009-0597 (SQL injection vulnerability in admin/index.php in w3b>cms (aka ...)
- TODO: check
+ NOT-FOR-US: w3b>cms
CVE-2009-0596 (Directory traversal vulnerability in skysilver/login.tpl.php in ...)
- TODO: check
+ NOT-FOR-US: phpSkelSite
CVE-2009-0595 (PHP remote file inclusion vulnerability in skysilver/login.tpl.php in ...)
- TODO: check
+ NOT-FOR-US: phpSkelSite
CVE-2009-0594 (Cross-site scripting (XSS) vulnerability in index.php in phpSkelSite ...)
- TODO: check
+ NOT-FOR-US: phpSkelSite
CVE-2009-0593 (SQL injection vulnerability in members.php in plx Auto Reminder 3.7 ...)
- TODO: check
+ NOT-FOR-US: plx Auto Reminder
CVE-2009-0592 (Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and ...)
- TODO: check
+ NOT-FOR-US: PNphpBB2
CVE-2008-6156 (SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 ...)
- TODO: check
+ NOT-FOR-US: AdMan
CVE-2008-6155 (SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 ...)
- TODO: check
+ NOT-FOR-US: Hispah Text Links Ads
CVE-2008-6154 (SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 ...)
- TODO: check
+ NOT-FOR-US: Hispah Text Links Ads
CVE-2008-6153 (SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo ...)
- TODO: check
+ NOT-FOR-US: Jay Patel Pixel8 Web Photo
CVE-2008-6152 (SQL injection vulnerability in deptdisplay.asp in SepCity Faculty ...)
- TODO: check
+ NOT-FOR-US: SepCity Faculty Portal
CVE-2008-6151 (SQL injection vulnerability in shpdetails.asp in SepCity Shopping Mall ...)
- TODO: check
+ NOT-FOR-US: SepCity Faculty Portal
CVE-2008-6150 (SQL injection vulnerability in classdis.asp in SepCity Classified Ads ...)
- TODO: check
+ NOT-FOR-US: SepCity Faculty Portal
CVE-2008-6149 (SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2008-6148 (SQL injection vulnerability in the Live Ticker (com_liveticker) module ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2008-6147 (ForumApp 3.3 stores sensitive information under the web root with ...)
- TODO: check
+ NOT-FOR-US: ForumApp
CVE-2008-6146 (SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, ...)
- TODO: check
+ NOT-FOR-US: DeluxeBB
CVE-2008-6145 (Multiple SQL injection vulnerabilities in the WEC Discussion Forum ...)
- TODO: check
+ NOT-FOR-US: WEC Discussion Forum (wec_discussion) extension TYPO3
CVE-2008-6144 (Multiple cross-site scripting (XSS) vulnerabilities in the WEC ...)
- TODO: check
+ NOT-FOR-US: WEC Discussion Forum (wec_discussion) extension TYPO3
CVE-2008-6143 (OwenPoll 1.0 allows remote attackers to bypass authentication and ...)
- TODO: check
+ NOT-FOR-US: OwenPoll
CVE-2008-6142 (Multiple SQL injection vulnerabilities in admin/usercheck.php in ...)
- TODO: check
+ NOT-FOR-US: FlexPHPic
CVE-2009-0591
RESERVED
CVE-2009-0590
@@ -87,19 +87,19 @@
CVE-2009-0576 (Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 ...)
TODO: check
CVE-2009-0575 (Cross-site scripting (XSS) vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Views Bulk Operations
CVE-2009-0574 (SQL injection vulnerability in index.php in Easy CafeEngine allows ...)
- TODO: check
+ NOT-FOR-US: Easy CafeEngine
CVE-2009-0573 (Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 ...)
- TODO: check
+ NOT-FOR-US: FotoWeb
CVE-2009-0572 (PHP remote file inclusion vulnerability in include/flatnux.php in ...)
- TODO: check
+ NOT-FOR-US: FlatnuX CMS
CVE-2009-0571 (admin.php in Ninja Designs Mailist 3.0 stores backup copies of ...)
- TODO: check
+ NOT-FOR-US: Ninja Designs Mailist
CVE-2009-0570 (Directory traversal vulnerability in send.php in Ninja Designs Mailist ...)
- TODO: check
+ NOT-FOR-US: Ninja Designs Mailist
CVE-2009-0569 (Buffer overflow in Becky! Internet Mail 2.48.02 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: Becky! Internet Mail
CVE-2009-0568
RESERVED
CVE-2009-0567
@@ -141,15 +141,15 @@
CVE-2009-0549
RESERVED
CVE-2009-0548 (Cross-site scripting (XSS) vulnerability in the Additional Report ...)
- TODO: check
+ NOT-FOR-US: Additional Report Settings interface in ESET Remote Administrator
CVE-2009-0547 (Evolution 2.22.3.1 checks S/MIME signatures against a copy of the ...)
TODO: check
CVE-2009-0546 (Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier ...)
- TODO: check
+ NOT-FOR-US: NewsGator FeedDemon
CVE-2009-0545 (cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: ZeroShell
CVE-2009-0544 (Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: PyCrypto ARC2 module
CVE-2009-0543 (ProFTPD Server 1.3.1, with NLS support enabled, allows remote ...)
TODO: check
CVE-2009-0542 (SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 ...)
@@ -165,61 +165,61 @@
CVE-2009-0537
RESERVED
CVE-2009-0536 (at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2009-0535 (Directory traversal vulnerability in export.php in Thyme 1.3 and ...)
- TODO: check
+ NOT-FOR-US: Thyme
CVE-2009-0534 (SQL injection vulnerability in FlexCMS allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: FlexCMS
CVE-2009-0533 (Cross-site scripting (XSS) vulnerability in password.php in Scripts ...)
- TODO: check
+ NOT-FOR-US: Sites EZ Reminder
CVE-2009-0532 (Cross-site scripting (XSS) vulnerability in password.php in Scripts ...)
- TODO: check
+ NOT-FOR-US: Scripts For Sites (SFS) EZ Baby
CVE-2009-0531 (SQL injection vulnerability in gallery/view.asp in A Better ...)
- TODO: check
+ NOT-FOR-US: A Better Member-Based ASP Photo Gallery
CVE-2009-0530 (Multiple PHP remote file inclusion vulnerabilities in SnippetMaster ...)
- TODO: check
+ NOT-FOR-US: SnippetMaster
CVE-2009-0529 (Cross-site scripting (XSS) vulnerability in index.php in SnippetMaster ...)
- TODO: check
+ NOT-FOR-US: SnippetMaster
CVE-2009-0528 (SQL injection vulnerability in frame.php in Rhadrix If-CMS 2.07 and ...)
- TODO: check
+ NOT-FOR-US: Rhadrix If-CMS
CVE-2009-0527 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: AdaptCMS
CVE-2009-0526 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
- TODO: check
+ NOT-FOR-US: AdaptCMS
CVE-2009-0525 (Cross-site scripting (XSS) vulnerability in the sajax_get_common_js ...)
- TODO: check
+ NOT-FOR-US: Sajax
CVE-2008-6141 (Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 ...)
- TODO: check
+ NOT-FOR-US: Avaya IP Softphone
CVE-2008-6140 (Unspecified vulnerability in the Session Initiation Protocol (SIP) ...)
- TODO: check
+ NOT-FOR-US: Avaya one-X Desktop Edition
CVE-2008-6139 (Directory traversal vulnerability in faqsupport/wce.download.php in ...)
- TODO: check
+ NOT-FOR-US: WebBiscuits Modules Controller
CVE-2008-6138 (PHP remote file inclusion vulnerability in adminhead.php in ...)
- TODO: check
+ NOT-FOR-US: WebBiscuits Modules Controller
CVE-2008-6137 (EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: EveryBlog
CVE-2008-6136 (Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for ...)
- TODO: check
+ NOT-FOR-US: EveryBlog
CVE-2008-6135 (Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a ...)
- TODO: check
+ NOT-FOR-US: EveryBlog
CVE-2008-6134 (SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for ...)
- TODO: check
+ NOT-FOR-US: EveryBlog
CVE-2008-6133 (SQL injection vulnerability in arsaprint.php in Full PHP Emlak Script ...)
- TODO: check
+ NOT-FOR-US: Full PHP Emlak Script
CVE-2008-6132 (Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 ...)
- TODO: check
+ NOT-FOR-US: phpScheduleIt
CVE-2008-6131 (Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: moziloWiki
CVE-2008-6130 (Cross-site scripting (XSS) vulnerability in index.php in moziloWiki ...)
- TODO: check
+ NOT-FOR-US: moziloWiki
CVE-2008-6129 (Directory traversal vulnerability in print.php in moziloWiki 1.0.1 and ...)
- TODO: check
+ NOT-FOR-US: moziloWiki
CVE-2008-6128 (Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: moziloCMS
CVE-2008-6127 (Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS ...)
- TODO: check
+ NOT-FOR-US: moziloCMS
CVE-2008-6126 (Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and ...)
- TODO: check
+ NOT-FOR-US: moziloCMS
CVE-2008-6125 (Unspecified vulnerability in the user editing interface in Moodle ...)
TODO: check
CVE-2008-6124 (SQL injection vulnerability in the hotpot_delete_selected_attempts ...)
@@ -227,29 +227,29 @@
CVE-2008-6123 (The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp ...)
TODO: check
CVE-2008-6122 (The web management interface in Netgear WGR614v9 allows remote ...)
- TODO: check
+ NOT-FOR-US: Netgear WGR614v9
CVE-2008-6121 (CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier ...)
- TODO: check
+ NOT-FOR-US: SocialEngine
CVE-2008-6120 (SQL injection vulnerability in profile_comments.php in SocialEngine ...)
- TODO: check
+ NOT-FOR-US: SocialEngine
CVE-2008-6119 (Static code injection vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Goople CMS
CVE-2008-6118 (win/content/upload.php in Goople CMS 1.7 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Goople CMS
CVE-2008-6117 (SQL injection vulnerability in homepage.php in PG Job Site Pro allows ...)
- TODO: check
+ NOT-FOR-US: PG Job Site Pro
CVE-2008-6116 (SQL injection vulnerability in the EXtrovert Software Thyme ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2008-6115 (SQL injection vulnerability in directory.php in Prozilla Hosting Index ...)
- TODO: check
+ NOT-FOR-US: Prozilla Hosting Index
CVE-2008-6114 (SQL injection vulnerability in product_details.php in the Mytipper ...)
- TODO: check
+ NOT-FOR-US: Mytipper Zogo-shop
CVE-2008-6113 (Cross-site scripting (XSS) vulnerability in SemanticScuttle before ...)
- TODO: check
+ NOT-FOR-US: SemanticScuttle
CVE-2008-6112 (Multiple directory traversal vulnerabilities in Ez Ringtone Manager ...)
- TODO: check
+ NOT-FOR-US: Ez Ringtone Manager
CVE-2008-6111 (SQL injection vulnerability in blog.php in NetArt Media Vlog System ...)
- TODO: check
+ NOT-FOR-US: NetArt Media Vlog System
CVE-2009-XXXX [nautilus: potential exploits via application launchers]
- nautilus <unfixed> (low; bug #515104)
NOTE: need to submit a request for CVE id
@@ -314,7 +314,7 @@
CVE-2009-0504
RESERVED
CVE-2009-0503 (IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2008-6110 (Unspecified vulnerability in SemanticScuttle before 0.90 has unknown ...)
NOT-FOR-US: SemanticScuttle
CVE-2008-6109 (Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not ...)
@@ -868,10 +868,10 @@
- fail2ban 0.8.3-2sid1 (low; bug #514163)
CVE-2009-0361 (Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in ...)
{DSA-1722-1 DSA-1721-1}
- TODO: check
+ - libpam-heimdal 3.10-2.1
CVE-2009-0360 (Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, ...)
{DSA-1721-1}
- TODO: check
+ - libpam-krb5 3.13-2
CVE-2009-0359 [Cross-site scripting via missing input sanitising]
RESERVED
{DTSA-194-1}
More information about the Secure-testing-commits
mailing list