[Secure-testing-commits] r15341 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Fri Sep 17 01:49:56 UTC 2010
Author: geissert
Date: 2010-09-17 01:49:55 +0000 (Fri, 17 Sep 2010)
New Revision: 15341
Modified:
data/CVE/list
Log:
new pixelpost and otrs issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-09-17 01:15:36 UTC (rev 15340)
+++ data/CVE/list 2010-09-17 01:49:55 UTC (rev 15341)
@@ -1,3 +1,11 @@
+CVE-2010-XXXX [pixelpost CSRF]
+ - pixelpost <unfixed>
+ TODO: check
+ NOTE: http://www.exploit-db.com/exploits/15014/
+ NOTE: an XSS is also mentioned, but it is via POST data
+CVE-2009-XXXX [pixelpost SQL injection and XSS]
+ - pixelpost <unfixed>
+ NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
CVE-2010-XXXX [python accept() implementation in async core is broken]
- python2.7 <unfixed>
- python3.1 <unfixed>
@@ -3438,8 +3446,11 @@
NOT-FOR-US: Cisco
CVE-2010-2081
RESERVED
-CVE-2010-2080
+CVE-2010-2080 [otrs XSS and DoS]
RESERVED
+ - otrs2 <unfixed>
+ TODO: check lenny
+ NOTE: http://otrs.org/advisory/OSA-2010-02-en/
CVE-2009-4879 (The Identity Server in Novell Access Manager before 3.1 SP1 allows ...)
NOT-FOR-US: Novell Access Manager
CVE-2009-4878 (Unspecified vulnerability in the Administration Console in Novell ...)
More information about the Secure-testing-commits
mailing list