[Secure-testing-commits] r12912 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Sep 30 21:14:17 UTC 2009
Author: joeyh
Date: 2009-09-30 21:14:17 +0000 (Wed, 30 Sep 2009)
New Revision: 12912
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-09-30 21:03:52 UTC (rev 12911)
+++ data/CVE/list 2009-09-30 21:14:17 UTC (rev 12912)
@@ -1,3 +1,121 @@
+CVE-2009-3505 (SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG ...)
+ TODO: check
+CVE-2009-3504 (SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 ...)
+ TODO: check
+CVE-2009-3503 (Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse ...)
+ TODO: check
+CVE-2009-3502 (SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 ...)
+ TODO: check
+CVE-2009-3501 (SQL injection vulnerability in students.php in BPowerHouse BPStudents ...)
+ TODO: check
+CVE-2009-3500 (Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 ...)
+ TODO: check
+CVE-2009-3499 (SQL injection vulnerability in employee.aspx in BPowerHouse ...)
+ TODO: check
+CVE-2009-3498 (SQL injection vulnerability in php/update_article_hits.php in HBcms ...)
+ TODO: check
+CVE-2009-3497 (SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent ...)
+ TODO: check
+CVE-2009-3496 (Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal ...)
+ TODO: check
+CVE-2009-3495 (SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone ...)
+ TODO: check
+CVE-2009-3494 (Multiple SQL injection vulnerabilities in index.php in T-HTB Manager ...)
+ TODO: check
+CVE-2009-3493 (Multiple cross-site scripting (XSS) vulnerabilities in Zenas ...)
+ TODO: check
+CVE-2009-3492 (Multiple PHP remote file inclusion vulnerabilities in Loggix Project ...)
+ TODO: check
+CVE-2009-3491 (SQL injection vulnerability in the Kinfusion SportFusion ...)
+ TODO: check
+CVE-2009-3490 (GNU Wget before 1.12 does not properly handle a '\0' character in a ...)
+ TODO: check
+CVE-2009-3489 (Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 ...)
+ TODO: check
+CVE-2009-3488 (Cross-site scripting (XSS) vulnerability in the Bibliography (aka ...)
+ TODO: check
+CVE-2009-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the J-Web ...)
+ TODO: check
+CVE-2009-3486 (Multiple cross-site scripting (XSS) vulnerabilities in the J-Web ...)
+ TODO: check
+CVE-2009-3485 (Cross-site scripting (XSS) vulnerability in the J-Web interface in ...)
+ TODO: check
+CVE-2009-3484 (Stack-based buffer overflow in Core FTP 2.1 build 1612 allows ...)
+ TODO: check
+CVE-2009-3483 (Heap-based buffer overflow in the Create New Site feature in ...)
+ TODO: check
+CVE-2009-3482 (TrustPort Antivirus before 2.8.0.2266 and PC Security before ...)
+ TODO: check
+CVE-2009-3481 (A certain interface in the iCRM Basic (com_icrmbasic) component ...)
+ TODO: check
+CVE-2009-3480 (SQL injection vulnerability in the iCRM Basic (com_icrmbasic) ...)
+ TODO: check
+CVE-2009-3479 (Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x ...)
+ TODO: check
+CVE-2009-3478 (Argument injection vulnerability in (1) ...)
+ TODO: check
+CVE-2009-3477 (The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before ...)
+ TODO: check
+CVE-2009-3476 (Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 ...)
+ TODO: check
+CVE-2009-3475 (Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and ...)
+ TODO: check
+CVE-2009-3474 (OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by ...)
+ TODO: check
+CVE-2009-3473 (IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege ...)
+ TODO: check
+CVE-2009-3472 (IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows ...)
+ TODO: check
+CVE-2009-3471 (IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 does not ...)
+ TODO: check
+CVE-2009-3470 (IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 ...)
+ TODO: check
+CVE-2009-3469 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2009-3468 (Multiple unspecified vulnerabilities in Common Desktop Environment ...)
+ TODO: check
+CVE-2009-3467
+ RESERVED
+CVE-2009-3466
+ RESERVED
+CVE-2009-3465
+ RESERVED
+CVE-2009-3464
+ RESERVED
+CVE-2009-3463
+ RESERVED
+CVE-2009-3462
+ RESERVED
+CVE-2009-3461
+ RESERVED
+CVE-2009-3460
+ RESERVED
+CVE-2009-3459
+ RESERVED
+CVE-2009-3458
+ RESERVED
+CVE-2009-3457 (Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) ...)
+ TODO: check
+CVE-2009-3456 (Google Chrome, possibly 3.0.195.21 and earlier, does not properly ...)
+ TODO: check
+CVE-2009-3455 (Apple Safari, possibly before 4.0.3, on Mac OS X does not properly ...)
+ TODO: check
+CVE-2009-3454 (Microsoft Internet Explorer does not properly handle a '\0' character ...)
+ TODO: check
+CVE-2009-3453 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...)
+ TODO: check
+CVE-2009-3452 (WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote ...)
+ TODO: check
+CVE-2009-3451 (Directory traversal vulnerability in WebCoreModule.ashx in RADactive ...)
+ TODO: check
+CVE-2009-3450 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2009-3449 (MP3 Collector 2.3 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2009-3448 (npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote ...)
+ TODO: check
+CVE-2009-3447 (Unrestricted file upload vulnerability in RADactive I-Load before ...)
+ TODO: check
CVE-2009-XXXX [ffmpeg missing input sanitization/crashes]
- ffmpeg <unfixed>
- ffmpeg-debian <removed>
@@ -475,7 +593,7 @@
RESERVED
CVE-2005-4881
RESERVED
-CVE-2009-3236 (Unspecified vulnerability in the form library in Horde Application ...)
+CVE-2009-3236 (The form library in Horde Application Framework 3.2 before 3.2.5 and ...)
{DSA-1897-1}
- horde3 3.3.5+debian0-1 (medium; bug #547318)
CVE-2008-7243 (Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS ...)
@@ -833,7 +951,7 @@
NOT-FOR-US: Uiga Church Portal
CVE-2009-3115 (SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers ...)
NOT-FOR-US: SolarWinds TFTP Server
-CVE-2009-3114 (The RSS reader widget in IBM Lotus Notes 8.5 saves items from an RSS ...)
+CVE-2009-3114 (The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from ...)
NOT-FOR-US: IBM Lotus Notes
CVE-2009-3113 (Unspecified vulnerability in OXID eShop Professional, Enterprise, and ...)
NOT-FOR-US: OXID eShop Professional
@@ -1735,8 +1853,7 @@
RESERVED
CVE-2009-2906
RESERVED
-CVE-2009-2905 [newt: buffer overflow]
- RESERVED
+CVE-2009-2905 (Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and ...)
{DSA-1894-1}
- newt <unfixed> (medium; bug #548198)
CVE-2009-2904
@@ -2579,12 +2696,12 @@
RESERVED
CVE-2009-2684
RESERVED
-CVE-2009-2683
- RESERVED
+CVE-2009-2683 (Unspecified vulnerability in the Sender module in HP Remote Graphics ...)
+ TODO: check
CVE-2009-2682 (Unspecified vulnerability in Role-Based Access Control (RBAC) in HP ...)
NOT-FOR-US: HP-UX
-CVE-2009-2681
- RESERVED
+CVE-2009-2681 (Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) ...)
+ TODO: check
CVE-2009-2680 (Unspecified vulnerability in the Remote Management Interface (RMI) for ...)
NOT-FOR-US: HP StorageWorks
CVE-2009-2679
@@ -51983,7 +52100,7 @@
NOT-FOR-US: Toshiba drivers for Windows
CVE-2006-3145 (Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows ...)
- netpbm-free <not-affected> (Debian's version is too old; affects 10.30 to 10.33 only)
-CVE-2006-3144 (PHP remote file inclusion vulnerability in microcms-include.php in IBD ...)
+CVE-2006-3144 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: IBD Micro CMS
CVE-2006-3143 (Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus ...)
NOT-FOR-US: Maximus SchoolMAX
More information about the Secure-testing-commits
mailing list