[Secure-testing-commits] r11324 - data/CVE
kees at alioth.debian.org
kees at alioth.debian.org
Wed Mar 4 20:11:29 UTC 2009
Author: kees
Date: 2009-03-04 20:11:28 +0000 (Wed, 04 Mar 2009)
New Revision: 11324
Modified:
data/CVE/list
Log:
NFUs: 108
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-03-04 09:14:13 UTC (rev 11323)
+++ data/CVE/list 2009-03-04 20:11:28 UTC (rev 11324)
@@ -3,99 +3,99 @@
CVE-2009-0751 (Yaws before 1.80 allows remote attackers to cause a denial of service ...)
TODO: check
CVE-2009-0750 (SQL injection vulnerability in login.php in the smNews example script ...)
- TODO: check
+ NOT-FOR-US: txtSQL
CVE-2008-6392 (SQL injection vulnerability in showads.php in Z1Exchange allows remote ...)
- TODO: check
+ NOT-FOR-US: Z1Exchange
CVE-2008-6391 (SQL injection vulnerability in main.asp in Jbook allows remote ...)
- TODO: check
+ NOT-FOR-US: Jbook
CVE-2008-6390 (SQL injection vulnerability in login.asp in Ocean12 Membership Manager ...)
- TODO: check
+ NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2008-6389 (SQL injection vulnerability in asadmin/default.asp in Rae Media ...)
- TODO: check
+ NOT-FOR-US: Rae Media Contact Management Software
CVE-2008-6388 (Rapid Classified 3.1 and 3.15 stores sensitive information under the ...)
- TODO: check
+ NOT-FOR-US: Rapid Classified
CVE-2008-6387 (Quick Tree View .NET 3.1 stores sensitive information under the web ...)
- TODO: check
+ NOT-FOR-US: Quick Tree View .NET
CVE-2008-6386 (Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange ...)
- TODO: check
+ NOT-FOR-US: Z1Exchange
CVE-2008-6385 (Cross-site scripting (XSS) vulnerability in index.php in W3matter ...)
- TODO: check
+ NOT-FOR-US: W3matter RevSense
CVE-2008-6384 (Multiple cross-site request forgery (CSRF) vulnerabilities in Comment ...)
- TODO: check
+ NOT-FOR-US: Comment Mail
CVE-2008-6383 (SQL injection vulnerability in SpeedTech Organization and Resource ...)
- TODO: check
+ NOT-FOR-US: SpeedTech Organization and Resource Manager
CVE-2008-6382 (ASP Portal 3.2.5 stores sensitive information under the web root with ...)
- TODO: check
+ NOT-FOR-US: ASP Portal
CVE-2008-6381 (SQL injection vulnerability in modules/adresses/viewcat.php in bcoos ...)
- TODO: check
+ NOT-FOR-US: bcoos
CVE-2008-6380 (SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 ...)
- TODO: check
+ NOT-FOR-US: Active Web Helpdesk
CVE-2008-6379 (SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows ...)
- TODO: check
+ NOT-FOR-US: Gallery MX
CVE-2008-6378 (SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx ...)
- TODO: check
+ NOT-FOR-US: Calendar Mx Professional
CVE-2008-6377 (PHP remote file inclusion vulnerability in include/global.php in Multi ...)
- TODO: check
+ NOT-FOR-US: Multi SEO phpBB
CVE-2008-6376 (SQL injection vulnerability in main.asp in Jbook allows remote ...)
- TODO: check
+ NOT-FOR-US: Jbook
CVE-2008-6375 (JBook stores sensitive information under the web root with ...)
- TODO: check
+ NOT-FOR-US: JBook
CVE-2008-6374 (CodefixerSoftware MailingListPro Free Edition stores sensitive ...)
- TODO: check
+ NOT-FOR-US: MailingListPro Free Edition
CVE-2008-6373 (Unspecified vulnerability in Nagios before 3.0.6 has unspecified ...)
TODO: check
CVE-2008-6372 (SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro ...)
- TODO: check
+ NOT-FOR-US: Ocean12 FAQ Manager Pro
CVE-2008-6371 (SQL injection vulnerability in login.asp in Ocean12 Membership Manager ...)
- TODO: check
+ NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2008-6370 (Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 ...)
- TODO: check
+ NOT-FOR-US: Ocean12 Contact Manager Pro
CVE-2008-6369 (SQL injection vulnerability in default.asp in Ocean12 Contact Manager ...)
- TODO: check
+ NOT-FOR-US: Ocean12 Contact Manager Pro
CVE-2008-6368 (SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m ...)
- TODO: check
+ NOT-FOR-US: Chipmunk Guestbook
CVE-2008-6367 (Unrestricted file upload vulnerability in Photos/create_album.php in ...)
- TODO: check
+ NOT-FOR-US: Social Groupie
CVE-2008-6366 (SQL injection vulnerability in logon.jsp in Ad Server Solutions ...)
- TODO: check
+ NOT-FOR-US: Ad Server Solutions Affiliate Software Java
CVE-2008-6365 (SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad ...)
- TODO: check
+ NOT-FOR-US: Ad Server Solutions Ad Management Software Java
CVE-2008-6364 (SQL injection vulnerability in logon_process.jsp in Ad Server ...)
- TODO: check
+ NOT-FOR-US: Ad Server Solutions Banner Exchange Solution Java
CVE-2008-6363 (Stack-based buffer overflow in DesignWorks Professional 4.3.1 and ...)
- TODO: check
+ NOT-FOR-US: DesignWorks Professional
CVE-2008-6362 (SQL injection vulnerability in sitepage.php in Multiple Membership ...)
- TODO: check
+ NOT-FOR-US: Multiple Membership Script
CVE-2008-6361 (Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 ...)
- TODO: check
+ NOT-FOR-US: InSun Feed CMS
CVE-2008-6360 (Cross-site scripting (XSS) vulnerability in the userranks feature in ...)
- TODO: check
+ NOT-FOR-US: ImpressCMS
CVE-2008-6359 (Cross-site scripting (XSS) vulnerability in index.php in Max's ...)
- TODO: check
+ NOT-FOR-US: Max's Guestbook
CVE-2008-6358 (SQL injection vulnerability in group_index.php in Social Groupie ...)
- TODO: check
+ NOT-FOR-US: Social Groupie
CVE-2008-6357 (MyCal Personal Events Calendar stores sensitive information under the ...)
- TODO: check
+ NOT-FOR-US: MyCal Personal Events Calendar
CVE-2008-6356 (evCal Events Calendar stores sensitive information under the web root ...)
- TODO: check
+ NOT-FOR-US: evCal Events Calendar
CVE-2008-6355 (The Net Guys ASPired2Protect stores sensitive information under the ...)
- TODO: check
+ NOT-FOR-US: ASPired2poll
CVE-2008-6354 (The Net Guys ASPired2poll stores sensitive information under the web ...)
- TODO: check
+ NOT-FOR-US: ASPired2poll
CVE-2008-6353 (SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: ASP-CMS
CVE-2008-6352 (SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows ...)
- TODO: check
+ NOT-FOR-US: Xpoze Pro
CVE-2008-6351 (Cross-site scripting (XSS) vulnerability in listtest.php in ...)
- TODO: check
+ NOT-FOR-US: TurnkeyForms Local Classifieds
CVE-2008-6350 (SQL injection vulnerability in listtest.php in TurnkeyForms Local ...)
- TODO: check
+ NOT-FOR-US: TurnkeyForms Local Classifieds
CVE-2008-6349 (SQL injection vulnerability in survey_results_text.php in TurnkeyForms ...)
- TODO: check
+ NOT-FOR-US: TurnkeyForms Business Survey Pro
CVE-2008-6348 (Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery ...)
- TODO: check
+ NOT-FOR-US: DevelopItEasy Photo Gallery
CVE-2008-6347 (PHP remote file inclusion vulnerability in lib/onguma.class.php in the ...)
- TODO: check
+ NOT-FOR-US: Onguma Time Sheet component for Joomla!
CVE-2009-0748 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...)
- linux-2.6 <unfixed> (low)
[etch] - linux-2.6 <not-affected> (ext4 not yet present)
@@ -117,125 +117,125 @@
- linux-2.6.24 <unfixed> (low)
NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
CVE-2009-0744 (Apple Safari 4 Beta build 528.16 allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2009-0743 (Cross-site scripting (XSS) vulnerability in the edit account page in ...)
- TODO: check
+ NOT-FOR-US: Cisco Unified MeetingPlace Web Conferencing
CVE-2009-0742 (The username command in Cisco ACE Application Control Engine Module ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2008-6346 (Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) ...)
- TODO: check
+ NOT-FOR-US: DR Wiki extension for TYPO3
CVE-2008-6345 (SQL injection vulnerability in Forum.php in SolarCMS 0.53.8 and 1.0 ...)
- TODO: check
+ NOT-FOR-US: SolarCMS
CVE-2008-6344 (SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) ...)
- TODO: check
+ NOT-FOR-US: TU-Clausthal Staff extension for TYPO3
CVE-2008-6343 (Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN ...)
- TODO: check
+ NOT-FOR-US: TU-Clausthal ODIN extension for TYPO3
CVE-2008-6342 (Unspecified vulnerability in the TYPO3 Simple File Browser ...)
- TODO: check
+ NOT-FOR-US: Simple File Browser extension for TYPO3
CVE-2008-6341 (Cross-site scripting (XSS) vulnerability in the SB Universal Plugin ...)
- TODO: check
+ NOT-FOR-US: SB Universal Plugin extension for TYPO3
CVE-2008-6340 (Cross-site scripting (XSS) vulnerability in the Vox populi ...)
- TODO: check
+ NOT-FOR-US: Vox populi extension for TYPO3
CVE-2008-6338 (SQL injection vulnerability in the WEBERkommunal Facilities ...)
- TODO: check
+ NOT-FOR-US: WEBERkommunal Facilities extension for TYPO3
CVE-2008-6337 (SQL injection vulnerability in the Volunteer Management System ...)
- TODO: check
+ NOT-FOR-US: Volunteer Management System module for Joomla!
CVE-2008-6336 (Directory traversal vulnerability in download.php in Text Lines ...)
- TODO: check
+ NOT-FOR-US: Text Lines Rearrange Script
CVE-2008-6335 (Directory traversal vulnerability in download.php in eMetrix Online ...)
- TODO: check
+ NOT-FOR-US: eMetrix Online Keyword Research Tool
CVE-2008-6334 (Directory traversal vulnerability in download.php in eMetrix Extract ...)
- TODO: check
+ NOT-FOR-US: eMetrix Extract Website
CVE-2008-6333 (SQL injection vulnerability in news.php in RSS Simple News (RSSSN), ...)
- TODO: check
+ NOT-FOR-US: RSS Simple News
CVE-2008-6332 (SQL injection vulnerability in login.php in Simple Customer 1.2 allows ...)
- TODO: check
+ NOT-FOR-US: Simple Customer
CVE-2008-6331 (Multiple cross-site request forgery (CSRF) vulnerabilities in Streber ...)
- TODO: check
+ NOT-FOR-US: Streber
CVE-2008-6330 (SQL injection vulnerability in index.php in MyTopix 1.3.0 and earlier ...)
- TODO: check
+ NOT-FOR-US: MyTopix
CVE-2008-6329 (SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board ...)
- TODO: check
+ NOT-FOR-US: Pre ASP Job Board
CVE-2008-6328 (SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 ...)
- TODO: check
+ NOT-FOR-US: Butterfly Organizer
CVE-2008-6327 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: ProQuiz
CVE-2008-6326 (SQL injection vulnerability in login.php in Simple Customer as ...)
- TODO: check
+ NOT-FOR-US: Simple Customer
CVE-2008-6325 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz ...)
- TODO: check
+ NOT-FOR-US: Softbiz Classifieds Script
CVE-2008-6324 (SQL injection vulnerability in forummessages.cfm in CF_Forum allows ...)
- TODO: check
+ NOT-FOR-US: CF_Forum
CVE-2008-6323 (SQL injection vulnerability in forummessages.cfm in CFMSource ...)
- TODO: check
+ NOT-FOR-US: CFMSource CF_Auction
CVE-2008-6322 (SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows ...)
- TODO: check
+ NOT-FOR-US: CFMSource CFMBlog
CVE-2008-6321 (CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with ...)
- TODO: check
+ NOT-FOR-US: CF Shopkart
CVE-2008-6320 (SQL injection vulnerability in index.cfm in CF Shopkart 5.2.2 allows ...)
- TODO: check
+ NOT-FOR-US: CF Shopkart
CVE-2008-6319 (SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows ...)
- TODO: check
+ NOT-FOR-US: CF_Calendar
CVE-2008-6318 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: PHPmyGallery
CVE-2008-6317 (Directory traversal vulnerability in ...)
- TODO: check
+ NOT-FOR-US: PHPmyGallery
CVE-2008-6316 (Directory traversal vulnerability in _conf/core/common-tpl-vars.php in ...)
- TODO: check
+ NOT-FOR-US: PHPmyGallery
CVE-2008-6315 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: PHPmyGallery
CVE-2008-6314 (SQL injection vulnerability in tag_board.php in the Tag Board module ...)
- TODO: check
+ NOT-FOR-US: Tag Board module
CVE-2008-6313 (Directory traversal vulnerability in addedit-render.php in phpAddEdit ...)
- TODO: check
+ NOT-FOR-US: phpAddEdit
CVE-2008-6312 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: ProQuiz
CVE-2008-6311 (SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 ...)
- TODO: check
+ NOT-FOR-US: Butterfly Organizer
CVE-2008-6310 (SQL injection vulnerability in index.php in W3matter RevSense 1.0 ...)
- TODO: check
+ NOT-FOR-US: W3matter RevSense
CVE-2008-6309 (SQL injection vulnerability in index.php in W3matter AskPert allows ...)
- TODO: check
+ NOT-FOR-US: W3matter AskPert
CVE-2008-6308 (Multiple directory traversal vulnerabilities in Private Messaging ...)
- TODO: check
+ NOT-FOR-US: Private Messaging System
CVE-2008-6307 (E-topbiz Link Back Checker 1 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: E-topbiz Link Back Checker
CVE-2008-6306 (Cross-site scripting (XSS) vulnerability in signinform.php in Softbiz ...)
- TODO: check
+ NOT-FOR-US: Softbiz Classifieds Script
CVE-2008-6305 (PHP remote file inclusion vulnerability in init.php in Free Directory ...)
- TODO: check
+ NOT-FOR-US: Free Directory Script
CVE-2008-6304 (SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1, when ...)
- TODO: check
+ NOT-FOR-US: xt:Commerce
CVE-2008-6303 (SQL injection vulnerability in tourview.php in ToursManager allows ...)
- TODO: check
+ NOT-FOR-US: ToursManager
CVE-2008-6302 (TurnkeyForms Local Classifieds allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: TurnkeyForms Local Classifieds
CVE-2008-6301 (SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox ...)
- TODO: check
+ NOT-FOR-US: Small ShoutBox module
CVE-2008-6300 (Galatolo WebManager 1.3a allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Galatolo WebManager
CVE-2008-6299 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2008-6298 (Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows ...)
- TODO: check
+ NOT-FOR-US: sISAPILocation
CVE-2008-6297 (Cross-site scripting (XSS) vulnerability in order.php in DHCart allows ...)
- TODO: check
+ NOT-FOR-US: DHCart
CVE-2008-6296 (admin.php in Maran PHP Shop allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Maran PHP Shop
CVE-2008-6295 (Multiple cross-site scripting (XSS) vulnerabilities in Camera Life ...)
- TODO: check
+ NOT-FOR-US: Camera Life
CVE-2008-6294 (admin/Index.php in Acc Statistics 1.1 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Acc Statistics
CVE-2008-6293 (admin/Index.php in Acc Real Estate 4.0 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Acc Real Estate
CVE-2008-6292 (Acc Autos 4.0 allows remote attackers to bypass authentication and ...)
- TODO: check
+ NOT-FOR-US: Acc Autos
CVE-2008-6291 (Acc PHP eMail 1.1 allows remote attackers to bypass authentication and ...)
- TODO: check
+ NOT-FOR-US: Acc PHP eMail
CVE-2008-6290 (Directory traversal vulnerability in includefile.php in nicLOR Sito, ...)
- TODO: check
+ NOT-FOR-US: nicLOR Sito
CVE-2008-6289 (SQL injection vulnerability in cityview.php in Tours Manager 1.0 ...)
- TODO: check
+ NOT-FOR-US: Tours Manager
CVE-2009-XXXX [avahi-daemon: denial of service]
- avahi <unfixed> (bug #517683)
NOTE: CVE id requested
@@ -2239,7 +2239,7 @@
CVE-2009-0209
RESERVED
CVE-2009-0208 (Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, ...)
- TODO: check
+ NOT-FOR-US: HP Virtual Rooms Client
CVE-2009-0207
RESERVED
CVE-2009-0206 (Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier ...)
@@ -2281,7 +2281,7 @@
CVE-2009-0188
RESERVED
CVE-2009-0187 (Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and ...)
- TODO: check
+ NOT-FOR-US: Orbit Downloader
CVE-2009-0186
RESERVED
CVE-2009-0185
More information about the Secure-testing-commits
mailing list