[Secure-testing-commits] r15343 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Fri Sep 17 18:55:53 UTC 2010
Author: geissert
Date: 2010-09-17 18:55:47 +0000 (Fri, 17 Sep 2010)
New Revision: 15343
Modified:
data/CVE/list
Log:
some issues CVEified
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-09-17 15:45:42 UTC (rev 15342)
+++ data/CVE/list 2010-09-17 18:55:47 UTC (rev 15343)
@@ -1,11 +1,3 @@
-CVE-2010-XXXX [pixelpost CSRF]
- - pixelpost <unfixed>
- TODO: check
- NOTE: http://www.exploit-db.com/exploits/15014/
- NOTE: an XSS is also mentioned, but it is via POST data
-CVE-2009-XXXX [pixelpost SQL injection and XSS]
- - pixelpost <unfixed>
- NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
CVE-2010-XXXX [python accept() implementation in async core is broken]
- python2.7 <unfixed>
- python3.1 <unfixed>
@@ -200,10 +192,9 @@
RESERVED
CVE-2010-3307
RESERVED
-CVE-2010-3306
+CVE-2010-3305 [pixel CSRF]
RESERVED
-CVE-2010-3305
- RESERVED
+ - pixelpost <unfixed>
CVE-2010-3304 [dovecot Maildir ACL]
RESERVED
- dovecot <unfixed>
@@ -395,7 +386,7 @@
CVE-2006-7240 (gnome-power-manager 2.14.0 does not properly implement the ...)
- gnome-power-manager <unfixed>
TODO: check
-CVE-2010-XXXX [weborf directory traversal]
+CVE-2010-3306 [weborf directory traversal]
- weborf 0.12.3-1
NOTE: http://www.exploit-db.com/exploits/14925/
CVE-2010-3243
@@ -2895,10 +2886,14 @@
- webkit 1.2.1-3
- chromium-browser 5.0.375.55~r47796-1
NOTE: http://trac.webkit.org/changeset/58829
-CVE-2009-4900
+CVE-2009-4900 [pixelpost XSS]
RESERVED
-CVE-2009-4899
+ - pixelpost <unfixed>
+ NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
+CVE-2009-4899 [pixelpost SQL injection]
RESERVED
+ - pixelpost <unfixed>
+ NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
CVE-2009-4898 (Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 ...)
NOT-FOR-US: TWiki
CVE-2009-4897 (Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier ...)
@@ -10920,7 +10915,7 @@
CVE-2009-4099 (SQL injection vulnerability in the Google Calendar GCalendar ...)
NOT-FOR-US: Joomla! Component
CVE-2009-4098 (Unrestricted file upload vulnerability in banner-edit.php in OpenX ...)
- NOT-FOR-US: OpenX adserver
+ - openx <itp> (bug #513771)
CVE-2009-4097 (Stack-based buffer overflow in the MplayInputFile function in Serenity ...)
NOT-FOR-US: Serenity Audio Player
CVE-2009-4096 (RADIO istek scripti 2.5 stores sensitive information under the web ...)
@@ -22880,7 +22875,7 @@
CVE-2008-6164 (Cross-site scripting (XSS) vulnerability in index.php in DreamCost ...)
NOT-FOR-US: DreamCost HostAdmin
CVE-2008-6163 (SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 ...)
- NOT-FOR-US: OpenX
+ - openx <itp> (bug #513771)
CVE-2008-6162 (Bux.to Clone script allows remote attackers to bypass authentication ...)
NOT-FOR-US: Bux.to Clone script
CVE-2008-6161 (Cross-site scripting (XSS) vulnerability in WOW Raid Manager (WRM) ...)
@@ -24134,7 +24129,7 @@
CVE-2009-0292 (SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows ...)
NOT-FOR-US: SHOP-INET
CVE-2009-0291 (Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows ...)
- NOT-FOR-US: OpenX
+ - openx <itp> (bug #513771)
CVE-2009-0290 (Directory traversal vulnerability in common.php in SIR GNUBoard ...)
NOT-FOR-US: GNUBoard
CVE-2009-0289 (k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to ...)
More information about the Secure-testing-commits
mailing list