[Secure-testing-commits] r11345 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Fri Mar 6 21:14:17 UTC 2009
Author: joeyh
Date: 2009-03-06 21:14:16 +0000 (Fri, 06 Mar 2009)
New Revision: 11345
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-03-06 16:59:34 UTC (rev 11344)
+++ data/CVE/list 2009-03-06 21:14:16 UTC (rev 11345)
@@ -1,3 +1,65 @@
+CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the seccomp ...)
+ TODO: check
+CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7 and ...)
+ TODO: check
+CVE-2009-0833 (Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 ...)
+ TODO: check
+CVE-2009-0832 (SQL injection vulnerability in items.php in the E-Cart module 1.3 for ...)
+ TODO: check
+CVE-2009-0831 (SQL injection vulnerability in members.php in the Members CV (job) ...)
+ TODO: check
+CVE-2009-0830 (Cross-site scripting (XSS) vulnerability in QuoteBook allows remote ...)
+ TODO: check
+CVE-2009-0829 (Multiple SQL injection vulnerabilities in QuoteBook allow remote ...)
+ TODO: check
+CVE-2009-0828 (QuoteBook stores quotes.inc under the web root with insufficient ...)
+ TODO: check
+CVE-2009-0827 (PollHelper stores poll.inc under the web root with insufficient access ...)
+ TODO: check
+CVE-2009-0826 (BlogHelper stores common_db.inc under the web root with insufficient ...)
+ TODO: check
+CVE-2009-0825
+ RESERVED
+CVE-2009-0824
+ RESERVED
+CVE-2009-0823
+ RESERVED
+CVE-2009-0822
+ RESERVED
+CVE-2008-6415 (Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers ...)
+ TODO: check
+CVE-2008-6414 (SQL injection vulnerability in detail.php in AJ Auction Pro Platinum ...)
+ TODO: check
+CVE-2008-6413 (Cross-site scripting (XSS) vulnerability in the Answers module ...)
+ TODO: check
+CVE-2008-6412 (Unspecified vulnerability in Vignette Content Management 7.3.0.5, ...)
+ TODO: check
+CVE-2008-6411 (Explay CMS 2.1 and earlier allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-6410 (Directory traversal vulnerability in show.php in ol'bookmarks manager ...)
+ TODO: check
+CVE-2008-6409 (SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 ...)
+ TODO: check
+CVE-2008-6408 (PHP remote file inclusion vulnerability in frame.php in ol'bookmarks ...)
+ TODO: check
+CVE-2008-6407 (Directory traversal vulnerability in frame.php in ol'bookmarks manager ...)
+ TODO: check
+CVE-2008-6406 (Cross-site scripting (XSS) vulnerability in admin.php in DataLife ...)
+ TODO: check
+CVE-2008-6405 (SQL injection vulnerability in showcategory.php in Hotscripts Clone ...)
+ TODO: check
+CVE-2008-6404 (Cross-site scripting (XSS) vulnerability in add_calendars.php in ...)
+ TODO: check
+CVE-2008-6403 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-6402 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-6401 (SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote ...)
+ TODO: check
+CVE-2008-6400 (Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 ...)
+ TODO: check
+CVE-2008-6399 (Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows ...)
+ TODO: check
CVE-2009-0821 (Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause ...)
TODO: check
CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 ...)
@@ -394,7 +456,7 @@
NOT-FOR-US: Tours Manager
CVE-2009-XXXX [znc: authenticated users can obtain shell access]
- znc 0.066-1 (bug #516950)
-CVE-2009-0770 [dkim-milter: crash on revoked keys]
+CVE-2009-0770 (dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause a ...)
- dkim-milter 2.6.0.dfsg-2 (low)
[lenny] - dkim-milter 2.6.0.dfsg-1+lenny1
NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2508602&group_id=139420&atid=744358
@@ -758,7 +820,7 @@
CVE-2009-XXXX [debian-installer: no-root option in expert installer exposes locally exploitable security flaw]
- debian-installer <unfixed> (bug #517018; low)
NOTE: should a CVE be requested for this problem?
-CVE-2009-0753 [Http double slash request arbitrary file access vulnerability in mldonkey]
+CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 ...)
- mldonkey <unfixed> (bug #516829; medium)
NOTE: daemon is run as non-root and can only be exploited via localhost
CVE-2009-0648 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
@@ -11197,7 +11259,7 @@
RESERVED
CVE-2008-2464 (The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD ...)
NOT-FOR-US: NetBSD
-CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx, ...)
+CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx ...)
NOT-FOR-US: Microsoft Office Snapshot Viewer ActiveX
CVE-2008-2462 (Cross-site scripting (XSS) vulnerability in the viewfile documentation ...)
NOT-FOR-US: Caucho Resin
More information about the Secure-testing-commits
mailing list