[Secure-testing-commits] r11320 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Tue Mar 3 21:14:12 UTC 2009 

Author: joeyh
Date: 2009-03-03 21:14:11 +0000 (Tue, 03 Mar 2009)
New Revision: 11320

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-03-03 20:53:20 UTC (rev 11319)
+++ data/CVE/list	2009-03-03 21:14:11 UTC (rev 11320)
@@ -1,3 +1,101 @@
+CVE-2009-0752 (Unspecified vulnerability in Movable Type Pro and Community Solution ...)
+	TODO: check
+CVE-2009-0751 (Yaws before 1.80 allows remote attackers to cause a denial of service ...)
+	TODO: check
+CVE-2009-0750 (SQL injection vulnerability in login.php in the smNews example script ...)
+	TODO: check
+CVE-2008-6392 (SQL injection vulnerability in showads.php in Z1Exchange allows remote ...)
+	TODO: check
+CVE-2008-6391 (SQL injection vulnerability in main.asp in Jbook allows remote ...)
+	TODO: check
+CVE-2008-6390 (SQL injection vulnerability in login.asp in Ocean12 Membership Manager ...)
+	TODO: check
+CVE-2008-6389 (SQL injection vulnerability in asadmin/default.asp in Rae Media ...)
+	TODO: check
+CVE-2008-6388 (Rapid Classified 3.1 and 3.15 stores sensitive information under the ...)
+	TODO: check
+CVE-2008-6387 (Quick Tree View .NET 3.1 stores sensitive information under the web ...)
+	TODO: check
+CVE-2008-6386 (Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange ...)
+	TODO: check
+CVE-2008-6385 (Cross-site scripting (XSS) vulnerability in index.php in W3matter ...)
+	TODO: check
+CVE-2008-6384 (Multiple cross-site request forgery (CSRF) vulnerabilities in Comment ...)
+	TODO: check
+CVE-2008-6383 (SQL injection vulnerability in SpeedTech Organization and Resource ...)
+	TODO: check
+CVE-2008-6382 (ASP Portal 3.2.5 stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2008-6381 (SQL injection vulnerability in modules/adresses/viewcat.php in bcoos ...)
+	TODO: check
+CVE-2008-6380 (SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 ...)
+	TODO: check
+CVE-2008-6379 (SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows ...)
+	TODO: check
+CVE-2008-6378 (SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx ...)
+	TODO: check
+CVE-2008-6377 (PHP remote file inclusion vulnerability in include/global.php in Multi ...)
+	TODO: check
+CVE-2008-6376 (SQL injection vulnerability in main.asp in Jbook allows remote ...)
+	TODO: check
+CVE-2008-6375 (JBook stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2008-6374 (CodefixerSoftware MailingListPro Free Edition stores sensitive ...)
+	TODO: check
+CVE-2008-6373 (Unspecified vulnerability in Nagios before 3.0.6 has unspecified ...)
+	TODO: check
+CVE-2008-6372 (SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro ...)
+	TODO: check
+CVE-2008-6371 (SQL injection vulnerability in login.asp in Ocean12 Membership Manager ...)
+	TODO: check
+CVE-2008-6370 (Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 ...)
+	TODO: check
+CVE-2008-6369 (SQL injection vulnerability in default.asp in Ocean12 Contact Manager ...)
+	TODO: check
+CVE-2008-6368 (SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m ...)
+	TODO: check
+CVE-2008-6367 (Unrestricted file upload vulnerability in Photos/create_album.php in ...)
+	TODO: check
+CVE-2008-6366 (SQL injection vulnerability in logon.jsp in Ad Server Solutions ...)
+	TODO: check
+CVE-2008-6365 (SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad ...)
+	TODO: check
+CVE-2008-6364 (SQL injection vulnerability in logon_process.jsp in Ad Server ...)
+	TODO: check
+CVE-2008-6363 (Stack-based buffer overflow in DesignWorks Professional 4.3.1 and ...)
+	TODO: check
+CVE-2008-6362 (SQL injection vulnerability in sitepage.php in Multiple Membership ...)
+	TODO: check
+CVE-2008-6361 (Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 ...)
+	TODO: check
+CVE-2008-6360 (Cross-site scripting (XSS) vulnerability in the userranks feature in ...)
+	TODO: check
+CVE-2008-6359 (Cross-site scripting (XSS) vulnerability in index.php in Max's ...)
+	TODO: check
+CVE-2008-6358 (SQL injection vulnerability in group_index.php in Social Groupie ...)
+	TODO: check
+CVE-2008-6357 (MyCal Personal Events Calendar stores sensitive information under the ...)
+	TODO: check
+CVE-2008-6356 (evCal Events Calendar stores sensitive information under the web root ...)
+	TODO: check
+CVE-2008-6355 (The Net Guys ASPired2Protect stores sensitive information under the ...)
+	TODO: check
+CVE-2008-6354 (The Net Guys ASPired2poll stores sensitive information under the web ...)
+	TODO: check
+CVE-2008-6353 (SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote ...)
+	TODO: check
+CVE-2008-6352 (SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows ...)
+	TODO: check
+CVE-2008-6351 (Cross-site scripting (XSS) vulnerability in listtest.php in ...)
+	TODO: check
+CVE-2008-6350 (SQL injection vulnerability in listtest.php in TurnkeyForms Local ...)
+	TODO: check
+CVE-2008-6349 (SQL injection vulnerability in survey_results_text.php in TurnkeyForms ...)
+	TODO: check
+CVE-2008-6348 (Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery ...)
+	TODO: check
+CVE-2008-6347 (PHP remote file inclusion vulnerability in lib/onguma.class.php in the ...)
+	TODO: check
 CVE-2009-0748 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...)
 	- linux-2.6 <unfixed> (low)
 	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
@@ -148,7 +246,7 @@
 	[lenny] - dkim-milter 2.6.0.dfsg-1+lenny1
 	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2508602&group_id=139420&atid=744358
 	NOTE: CVE id requested
-CVE-2009-0749 [optipng array overflow]
+CVE-2009-0749 (Use-after-free vulnerability in the GIFReadNextExtension function in ...)
 	- optipng 0.6.2.1-1 (low)
 	NOTE: http://secunia.com/advisories/34035/
 CVE-2009-0741 (SQL injection vulnerability in Login.asp in Craft Silicon Banking at Home ...)
@@ -1570,8 +1668,7 @@
 	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=253493
 	NOTE: CVE id requested
 	[lenny] - audacity 1.3.5-2+lenny1
-CVE-2009-0368 [opensc information leak]
-	RESERVED
+CVE-2009-0368 (OpenSC before 0.11.7 allows physically proximate attackers to bypass ...)
 	- opensc <unfixed>
 	NOTE: Unclear yet which versions are affected, asked maintainer
 CVE-2009-0367 [wesnoth python sandbox escape]

More information about the Secure-testing-commits mailing list