[Secure-testing-commits] r15341 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Fri Sep 17 01:49:56 UTC 2010


Author: geissert
Date: 2010-09-17 01:49:55 +0000 (Fri, 17 Sep 2010)
New Revision: 15341

Modified:
   data/CVE/list
Log:
new pixelpost and otrs issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-09-17 01:15:36 UTC (rev 15340)
+++ data/CVE/list	2010-09-17 01:49:55 UTC (rev 15341)
@@ -1,3 +1,11 @@
+CVE-2010-XXXX [pixelpost CSRF]
+	- pixelpost <unfixed>
+	TODO: check
+	NOTE: http://www.exploit-db.com/exploits/15014/
+	NOTE: an XSS is also mentioned, but it is via POST data
+CVE-2009-XXXX [pixelpost SQL injection and XSS]
+	- pixelpost <unfixed>
+	NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
 CVE-2010-XXXX [python accept() implementation in async core is broken]
 	- python2.7 <unfixed>
 	- python3.1 <unfixed>
@@ -3438,8 +3446,11 @@
 	NOT-FOR-US: Cisco
 CVE-2010-2081
 	RESERVED
-CVE-2010-2080
+CVE-2010-2080 [otrs XSS and DoS]
 	RESERVED
+	- otrs2 <unfixed>
+	TODO: check lenny
+	NOTE: http://otrs.org/advisory/OSA-2010-02-en/
 CVE-2009-4879 (The Identity Server in Novell Access Manager before 3.1 SP1 allows ...)
 	NOT-FOR-US: Novell Access Manager
 CVE-2009-4878 (Unspecified vulnerability in the Administration Console in Novell ...)




More information about the Secure-testing-commits mailing list