thr3ads.net - Secure testing commits - [Secure-testing-commits] r11141

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2009-Feb-04 21:14 UTC
[Secure-testing-commits] r11141 - data/CVE

Author: joeyh
Date: 2009-02-04 21:14:35 +0000 (Wed, 04 Feb 2009)
New Revision: 11141

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-02-04 19:01:22 UTC (rev 11140)
+++ data/CVE/list	2009-02-04 21:14:35 UTC (rev 11141)
@@ -1,3 +1,177 @@
+CVE-2009-0417
+	RESERVED
+CVE-2009-0416 (The SSL certificate setup program (genSslCert.sh) in Standards
Based ...)
+	TODO: check
+CVE-2009-0415 (Untrusted search path vulnerability in trickle 1.07 allows local
users ...)
+	TODO: check
+CVE-2009-0413 (Cross-site scripting (XSS) vulnerability in RoundCube Webmail
...)
+	TODO: check
+CVE-2009-0412 (The ProcessLogin function in class.auth.php in Interspire
Shopping ...)
+	TODO: check
+CVE-2009-0411 (Google Chrome before 1.0.154.46 does not properly restrict
access from ...)
+	TODO: check
+CVE-2009-0410 (Off-by-one error in the SMTP daemon in GroupWise Internet Agent
(GWIA) ...)
+	TODO: check
+CVE-2009-0409 (SQL injection vulnerability in offline_auth.php in Max.Blog
1.0.6 and ...)
+	TODO: check
+CVE-2009-0408 (Cross-site request forgery (CSRF) vulnerability in osCommerce
2.2 RC ...)
+	TODO: check
+CVE-2009-0407 (SQL injection vulnerability in admin/login.php in PHP-CMS
Project 1 ...)
+	TODO: check
+CVE-2009-0406 (SQL injection vulnerability in index.php in Community CMS 0.4
and ...)
+	TODO: check
+CVE-2009-0405 (SQL injection vulnerability in articles.php in smartSite CMS 1.0
...)
+	TODO: check
+CVE-2009-0404 (Multiple cross-site scripting (XSS) vulnerabilities in
Bioinformatics ...)
+	TODO: check
+CVE-2009-0403 (SQL injection vulnerability in admin/authenticate.php in
Chipmunk ...)
+	TODO: check
+CVE-2009-0402 (SQL injection vulnerability in client/new_account.php in Domain
...)
+	TODO: check
+CVE-2009-0401 (SQL injection vulnerability in browsecats.php in E-Php CMS
allows ...)
+	TODO: check
+CVE-2009-0400 (SQL injection vulnerability in blog.php in SocialEngine 3.06
trial ...)
+	TODO: check
+CVE-2009-0399 (Chipmunk Blogger Script allows remote attackers to gain
administrator ...)
+	TODO: check
+CVE-2009-0398 (Array index error in the gst_qtp_trak_handler function in ...)
+	TODO: check
+CVE-2009-0397 (Heap-based buffer overflow in the qtdemux_parse_samples function
in ...)
+	TODO: check
+CVE-2009-0396 (The Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i,
K660i, ...)
+	TODO: check
+CVE-2009-0395 (SQL injection vulnerability in the login feature in NetArt Media
Car ...)
+	TODO: check
+CVE-2009-0394 (SQL injection vulnerability in login.php in Pre Lecture
Exercises ...)
+	TODO: check
+CVE-2009-0393 (Cross-site scripting (XSS) vulnerability in sysconf.cgi in
Motorola ...)
+	TODO: check
+CVE-2009-0392 (Directory traversal vulnerability in sysconf.cgi in Motorola
Wimax ...)
+	TODO: check
+CVE-2009-0391 (Unspecified vulnerability in IBM WebSphere Application Server
(WAS) ...)
+	TODO: check
+CVE-2009-0390 (Argument injection vulnerability in Enomaly Elastic Computing
Platform ...)
+	TODO: check
+CVE-2009-0389 (Multiple insecure method vulnerabilities in the Web On Windows
(WOW) ...)
+	TODO: check
+CVE-2009-0388
+	RESERVED
+CVE-2009-0387 (Array index error in the qtdemux_parse_samples function in ...)
+	TODO: check
+CVE-2009-0386 (Heap-based buffer overflow in the qtdemux_parse_samples function
in ...)
+	TODO: check
+CVE-2009-0384 (SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows
...)
+	TODO: check
+CVE-2009-0383 (delete.php in Max.Blog 1.0.6 does not properly restrict access,
which ...)
+	TODO: check
+CVE-2009-0382 (Unspecified vulnerability in Internationalization (i18n)
Translation ...)
+	TODO: check
+CVE-2009-0381 (SQL injection vulnerability in the BazaarBuilder Ecommerce
Shopping ...)
+	TODO: check
+CVE-2009-0380 (** DISPUTED ** ...)
+	TODO: check
+CVE-2009-0379 (SQL injection vulnerability in the Prince Clan Chess Club ...)
+	TODO: check
+CVE-2009-0378 (Cross-site scripting (XSS) vulnerability in index.php in the
...)
+	TODO: check
+CVE-2009-0377 (SQL injection vulnerability in the beamospetition
(com_beamospetition) ...)
+	TODO: check
+CVE-2009-0376
+	RESERVED
+CVE-2009-0375
+	RESERVED
+CVE-2009-0374 (** DISPUTED ** ...)
+	TODO: check
+CVE-2009-0373 (SQL injection vulnerability in the ElearningForce Flash Magazine
...)
+	TODO: check
+CVE-2009-0372 (Unrestricted file upload vulnerability in index.php in
Miltenovik ...)
+	TODO: check
+CVE-2009-0371 (Directory traversal vulnerability in post.php in SiteXS CMS
0.1.1 and ...)
+	TODO: check
+CVE-2009-0370 (Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through
6.1.2 ...)
+	TODO: check
+CVE-2009-0369 (Microsoft Internet Explorer 7 allows remote attackers to trick a
user ...)
+	TODO: check
+CVE-2008-6045 (Session fixation vulnerability in xt:Commerce 3.0.4 and earlier
allows ...)
+	TODO: check
+CVE-2008-6044 (Cross-site scripting (XSS) vulnerability in
advanced_search_result.php ...)
+	TODO: check
+CVE-2008-6043 (Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04
allow ...)
+	TODO: check
+CVE-2008-6042 (SQL injection vulnerability in the re_search module in
NetArtMedia ...)
+	TODO: check
+CVE-2008-6041 (Multiple cross-site scripting (XSS) vulnerabilities in Index.asp
in ...)
+	TODO: check
+CVE-2008-6040 (SQL injection vulnerability in index.php in Arcadem Pro 2.700
through ...)
+	TODO: check
+CVE-2008-6039 (Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier
allows ...)
+	TODO: check
+CVE-2008-6038 (SQL injection vulnerability in index.php in MapCal 0.1 allows
remote ...)
+	TODO: check
+CVE-2008-6037 (SQL injection vulnerability in view.php in AvailScript Article
Script ...)
+	TODO: check
+CVE-2008-6036 (PHP remote file inclusion vulnerability in main.inc.php in
BaseBuilder ...)
+	TODO: check
+CVE-2008-6035 (Cross-site scripting (XSS) vulnerability in dispatch.php in
Achievo ...)
+	TODO: check
+CVE-2008-6034 (Cross-site scripting (XSS) vulnerability in dispatch.php in
Achievo ...)
+	TODO: check
+CVE-2008-6033 (SQL injection vulnerability in comments.php in WSN Links 2.20
allows ...)
+	TODO: check
+CVE-2008-6032 (SQL injection vulnerability in comments.php in WSN Links Free
4.0.34P ...)
+	TODO: check
+CVE-2008-6031 (SQL injection vulnerability in vote.php in WSN Links 2.22 and
2.23 ...)
+	TODO: check
+CVE-2008-6030 (Multiple SQL injection vulnerabilities in NetArtMedia Jobs
Portal 1.3 ...)
+	TODO: check
+CVE-2008-6029 (SQL injection vulnerability in search.php in BuzzyWall 1.3.1 and
...)
+	TODO: check
+CVE-2008-6028 (SQL injection vulnerability in list.php in University of
Queensland ...)
+	TODO: check
+CVE-2008-6027 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2008-6026 (SQL injection vulnerability in tienda.php in BlueCUBE CMS allows
...)
+	TODO: check
+CVE-2008-6025 (Directory traversal vulnerability in scr/form.php in openElec
3.01 and ...)
+	TODO: check
+CVE-2008-6024 (Unspecified vulnerability in the NFSv4 client module in the
kernel on ...)
+	TODO: check
+CVE-2008-6023 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-6022 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-6021 (Multiple unspecified vulnerabilities in Attachmate Reflection
for ...)
+	TODO: check
+CVE-2008-6020 (SQL injection vulnerability in the Views module 6.x before
6.x-2.2 for ...)
+	TODO: check
+CVE-2008-6019 (SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0
allows ...)
+	TODO: check
+CVE-2008-6018 (Directory traversal vulnerability in index.php in MyPHPSite,
when ...)
+	TODO: check
+CVE-2008-6017 (SQL injection vulnerability in messages.php in I-Rater Basic
allows ...)
+	TODO: check
+CVE-2008-6016 (SQL injection vulnerability in questions.php in EsFaq 2.0 allows
...)
+	TODO: check
+CVE-2008-6015 (Multiple SQL injection vulnerabilities in search.php in EsFaq
2.0 ...)
+	TODO: check
+CVE-2008-6014 (SQL injection vulnerability in scripts/links.php in
Rianxosencabos CMS ...)
+	TODO: check
+CVE-2008-6013 (Multiple SQL injection vulnerabilities in Freeway before
1.4.3.210 ...)
+	TODO: check
+CVE-2008-6012 (Directory traversal vulnerability in index.php in Pritlog 0.4
and ...)
+	TODO: check
+CVE-2008-6011 (SQL injection vulnerability in index.php in SG Real Estate
Portal 2.0 ...)
+	TODO: check
+CVE-2008-6010 (Multiple directory traversal vulnerabilities in SG Real Estate
Portal ...)
+	TODO: check
+CVE-2008-6009 (SG Real Estate Portal 2.0 allows remote attackers to bypass ...)
+	TODO: check
+CVE-2008-6008 (hyBook Guestbook Script stores sensitive information under the
web ...)
+	TODO: check
+CVE-2008-6007 (SQL injection vulnerability in view_group.php in QuidaScript
BookMarks ...)
+	TODO: check
+CVE-2008-6006 (Multiple PHP remote file inclusion vulnerabilities in
Micronation ...)
+	TODO: check
 CVE-2009-XXXX [mahara: XSS in forum posts]
 	- mahara 1.0.9-1 (low)
 	[lenny] - mahara 1.0.4-4
@@ -3,7 +177,7 @@
 	NOTE: CVE id requested
 CVE-2009-XXXX [squid: denial of server]
-        - squid <unfixed> (bug #514142)
-        NOTE: http://www.squid-cache.org/Advisories/SQUID-2009_1.txt
-        NOTE: CVE id requested
+	- squid <unfixed> (bug #514142)
+	NOTE: http://www.squid-cache.org/Advisories/SQUID-2009_1.txt
+	NOTE: CVE id requested
 CVE-2009-XXXX [bugzilla: Insufficiently Random Numbers]
 	- bugzilla <unfixed> (bug filed)
@@ -192,7 +366,7 @@
 	- trickle <unfixed> (bug #513456; low)
 	[etch] - trickle <no-dsa> (Minor issue)
 	NOTE: CVE id requested
-CVE-2009-0385 [ffmpeg 4x issue]
+CVE-2009-0385 (Integer signedness error in the fourxm_read_header function in
...)
 	- ffmpeg-debian 0.svn20080206-16
 	- ffmpeg <removed> 
 	- mplayer 1.0~rc2-14
@@ -312,14 +486,14 @@
 	{DSA-1715-1 DTSA-187-1}
 	- moin 1.8.1-1.1 (low)
 	NOTE: http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad
-CVE-2009-0276
-	RESERVED
-CVE-2009-0274
-	RESERVED
-CVE-2009-0273
-	RESERVED
-CVE-2009-0272
-	RESERVED
+CVE-2009-0276 (Cross-domain vulnerability in the V8 JavaScript engine in Google
...)
+	TODO: check
+CVE-2009-0274 (Unspecified vulnerability in WebAccess in Novell GroupWise 6.5,
7.0, ...)
+	TODO: check
+CVE-2009-0273 (Multiple cross-site scripting (XSS) vulnerabilities in Novell
...)
+	TODO: check
+CVE-2009-0272 (Cross-site request forgery (CSRF) vulnerability in Novell
GroupWise ...)
+	TODO: check
 CVE-2009-0269 (fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux
kernel ...)
 	- linux-2.6 <unfixed>
 	[etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
@@ -448,7 +622,7 @@
 	NOT-FOR-US: 53KF Web IM
 CVE-2009-0246 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows
user-assisted ...)
 	NOT-FOR-US: easyHDR PRO
-CVE-2009-0414 [tor buffer overflow]
+CVE-2009-0414 (Unspecified vulnerability in Tor before 0.2.0.33 has unspecified
...)
 	- tor 0.2.0.33-1
 CVE-2009-0245 (Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS
...)
 	NOT-FOR-US: Usagi Project MyNETS
@@ -519,10 +693,11 @@
 CVE-2009-0257 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3
4.0.0 ...)
 	{DSA-1711-1}
 	- typo3-src 4.2.4-1
-CVE-2009-0258 (Unspecified vulnerability in the Indexed Search Engine ...)
+CVE-2009-0258 (The Indexed Search Engine (indexed_search) system extension in
TYPO3 ...)
 	{DSA-1711-1}
 	- typo3-src 4.2.4-1
-CVE-2009-0242 (Ganglia 3.1.1 allows remote attackers to cause a denial of
service via ...)
+CVE-2009-0242
+	REJECTED
 	- ganglia-monitor-core <not-affected> (Only affects 3.1.1 branch,
currently in experimental under different name)
 	- ganglia-monitor <unfixed> (low; bug #512637)
 CVE-2009-0241 (Stack-based buffer overflow in the process_path function in ...)
@@ -601,8 +776,8 @@
 	RESERVED
 CVE-2009-0205
 	RESERVED
-CVE-2009-0204
-	RESERVED
+CVE-2009-0204 (Cross-site scripting (XSS) vulnerability in HP Select Access 6.1
and ...)
+	TODO: check
 CVE-2009-0203
 	RESERVED
 CVE-2009-0202
@@ -641,10 +816,10 @@
 	RESERVED
 CVE-2009-0185
 	RESERVED
-CVE-2009-0184
-	RESERVED
-CVE-2009-0183
-	RESERVED
+CVE-2009-0184 (Multiple buffer overflows in the torrent parsing implementation
in ...)
+	TODO: check
+CVE-2009-0183 (Stack-based buffer overflow in Remote Control Server in Free
Download ...)
+	TODO: check
 CVE-2009-0182 (Buffer overflow in VUPlayer 2.49 and earlier allows
user-assisted ...)
 	NOT-FOR-US: VUPlayer
 CVE-2009-0181 (Buffer overflow in VUPlayer allows user-assisted attackers to
have an ...)
@@ -1672,8 +1847,7 @@
 	RESERVED
 CVE-2009-0035
 	RESERVED
-CVE-2009-0034 [sudo: privilege escalation]
-	RESERVED
+CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly
interpret ...)
 	- sudo 1.6.9p17-2 (medium)
 	[etch] - sudo <not-affected> (Vulnerable code not present)
 CVE-2009-0033
@@ -1894,7 +2068,7 @@
 	RESERVED
 CVE-2008-5518
 	RESERVED
-CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.5 allows
remote ...)
+CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.6 allows
remote ...)
 	{DSA-1708-1}
 	- git-core 1:1.5.6.5-2 (low; bug #512330)
 CVE-2008-5516 (The web interface in git (gitweb) 1.5.x before 1.5.5 allows
remote ...)
@@ -2855,10 +3029,10 @@
 CVE-2008-5625 (PHP 5 before 5.2.7 does not enforce the error_log safe_mode ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: http://securityreason.com/achievement_securityalert/57
-CVE-2008-5312 (mailscanner 4.55.10 might allow local users to overwrite
arbitrary ...)
+CVE-2008-5312 (mailscanner 4.55.10 and other versions before 4.74.16-1 might
allow ...)
 	- mailscanner 4.74.16-1 (bug #506353)
 	NOTE: there is no difference apart from the versions to CVE-2008-5313
-CVE-2008-5313 (mailscanner 4.68.8 might allow local users to overwrite
arbitrary ...)
+CVE-2008-5313 (mailscanner 4.68.8 and other versions before 4.74.16-1 might
allow ...)
 	- mailscanner 4.74.16-1 (bug #506353)
 	NOTE: there is no difference apart from the versions to CVE-2008-5312
 CVE-2008-5175 (Directory traversal vulnerability in the FTP client in AceFTP
Freeware ...)
@@ -2954,7 +3128,7 @@
 CVE-2008-5141 (flamethrower in flamethrower 0.1.8 allows local users to
overwrite ...)
 	{DSA-1676-1}
 	- flamethrower 0.1.8-2 (low; bug #506350)
-CVE-2008-5140 (trend-autoupdate.new in mailscanner 4.55.10 allows local users
to ...)
+CVE-2008-5140 (trend-autoupdate.new in mailscanner 4.55.10 and other versions
before ...)
 	- mailscanner 4.57.6-1 (unimportant)
 	NOTE: script should only be used when the private Trend Micro antivirus is
installed
 CVE-2008-5139 (updatejail in jailer 0.4 allows local users to overwrite
arbitrary ...)
@@ -3085,8 +3259,8 @@
 	RESERVED
 CVE-2008-5083
 	RESERVED
-CVE-2008-5082
-	RESERVED
+CVE-2008-5082 (The verifyProof function in the Token Processing System (TPS)
...)
+	TODO: check
 CVE-2008-5081 (The originates_from_local_legacy_unicast_socket function ...)
 	{DSA-1690-1 DTSA-189-1}
 	- avahi 0.6.23-3 (bug #508700; low)
@@ -3344,8 +3518,8 @@
 	- yzis 1.0~alpha1-2 (bug #504680)
 CVE-2008-5113 (WordPress 2.6.3 relies on the REQUEST superglobal array in
certain ...)
 	- wordpress 2.5.1-10 (bug #504771)
-CVE-2008-4990
-	RESERVED
+CVE-2008-4990 (Enomaly Elastic Computing Platform (ECP), formerly Enomalism,
before ...)
+	TODO: check
 CVE-2008-4989 (The _gnutls_x509_verify_certificate function in
lib/x509/verify.c in ...)
 	- gnutls26 2.4.2-3
 	- gnutls13 <removed>
@@ -3425,8 +3599,8 @@
 	RESERVED
 CVE-2008-4915 (The CPU hardware emulation in VMware Workstation 6.0.5 and
earlier and ...)
 	NOT-FOR-US: VMware Workstation
-CVE-2008-4914
-	RESERVED
+CVE-2008-4914 (Unspecified vulnerability in VMware ESXi 3.5 before ...)
+	TODO: check
 CVE-2008-4913 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.3
and ...)
 	NOT-FOR-US: LokiCMS
 CVE-2008-4912 (SQL injection vulnerability in popup_img.php in the fotogalerie
module ...)
@@ -52593,7 +52767,7 @@
 	NOT-FOR-US: Data ONTAP
 CVE-2005-3326 (SQL injection vulnerability in usercp.php in MyBulletinBoard
(MyBB) ...)
 	NOT-FOR-US: MyBB (aka MyBulletinBoard)
-CVE-2005-3325 (SQL injection vulnerability in base_qry_main.php in Analysis
Console ...)
+CVE-2005-3325 (Multiple SQL injection vulnerabilities in (1) acid_qry_main.php
in ...)
 	{DSA-893-1}
 	- acidbase 1.2.1-1 (bug #335998; bug #336788; medium)
 	NOTE: the fix from 1.2-2 did not address the problem fully
Secure testing commits - Feb 2009 - r11141 - data/CVE

[Secure-testing-commits] r11141 - data/CVE
