kees at alioth.debian.org
2009-Mar-04 20:11 UTC
[Secure-testing-commits] r11324 - data/CVE
Author: kees Date: 2009-03-04 20:11:28 +0000 (Wed, 04 Mar 2009) New Revision: 11324 Modified: data/CVE/list Log: NFUs: 108 Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-03-04 09:14:13 UTC (rev 11323) +++ data/CVE/list 2009-03-04 20:11:28 UTC (rev 11324) @@ -3,99 +3,99 @@ CVE-2009-0751 (Yaws before 1.80 allows remote attackers to cause a denial of service ...) TODO: check CVE-2009-0750 (SQL injection vulnerability in login.php in the smNews example script ...) - TODO: check + NOT-FOR-US: txtSQL CVE-2008-6392 (SQL injection vulnerability in showads.php in Z1Exchange allows remote ...) - TODO: check + NOT-FOR-US: Z1Exchange CVE-2008-6391 (SQL injection vulnerability in main.asp in Jbook allows remote ...) - TODO: check + NOT-FOR-US: Jbook CVE-2008-6390 (SQL injection vulnerability in login.asp in Ocean12 Membership Manager ...) - TODO: check + NOT-FOR-US: Ocean12 Membership Manager Pro CVE-2008-6389 (SQL injection vulnerability in asadmin/default.asp in Rae Media ...) - TODO: check + NOT-FOR-US: Rae Media Contact Management Software CVE-2008-6388 (Rapid Classified 3.1 and 3.15 stores sensitive information under the ...) - TODO: check + NOT-FOR-US: Rapid Classified CVE-2008-6387 (Quick Tree View .NET 3.1 stores sensitive information under the web ...) - TODO: check + NOT-FOR-US: Quick Tree View .NET CVE-2008-6386 (Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange ...) - TODO: check + NOT-FOR-US: Z1Exchange CVE-2008-6385 (Cross-site scripting (XSS) vulnerability in index.php in W3matter ...) - TODO: check + NOT-FOR-US: W3matter RevSense CVE-2008-6384 (Multiple cross-site request forgery (CSRF) vulnerabilities in Comment ...) - TODO: check + NOT-FOR-US: Comment Mail CVE-2008-6383 (SQL injection vulnerability in SpeedTech Organization and Resource ...) - TODO: check + NOT-FOR-US: SpeedTech Organization and Resource Manager CVE-2008-6382 (ASP Portal 3.2.5 stores sensitive information under the web root with ...) - TODO: check + NOT-FOR-US: ASP Portal CVE-2008-6381 (SQL injection vulnerability in modules/adresses/viewcat.php in bcoos ...) - TODO: check + NOT-FOR-US: bcoos CVE-2008-6380 (SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 ...) - TODO: check + NOT-FOR-US: Active Web Helpdesk CVE-2008-6379 (SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows ...) - TODO: check + NOT-FOR-US: Gallery MX CVE-2008-6378 (SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx ...) - TODO: check + NOT-FOR-US: Calendar Mx Professional CVE-2008-6377 (PHP remote file inclusion vulnerability in include/global.php in Multi ...) - TODO: check + NOT-FOR-US: Multi SEO phpBB CVE-2008-6376 (SQL injection vulnerability in main.asp in Jbook allows remote ...) - TODO: check + NOT-FOR-US: Jbook CVE-2008-6375 (JBook stores sensitive information under the web root with ...) - TODO: check + NOT-FOR-US: JBook CVE-2008-6374 (CodefixerSoftware MailingListPro Free Edition stores sensitive ...) - TODO: check + NOT-FOR-US: MailingListPro Free Edition CVE-2008-6373 (Unspecified vulnerability in Nagios before 3.0.6 has unspecified ...) TODO: check CVE-2008-6372 (SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro ...) - TODO: check + NOT-FOR-US: Ocean12 FAQ Manager Pro CVE-2008-6371 (SQL injection vulnerability in login.asp in Ocean12 Membership Manager ...) - TODO: check + NOT-FOR-US: Ocean12 Membership Manager Pro CVE-2008-6370 (Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 ...) - TODO: check + NOT-FOR-US: Ocean12 Contact Manager Pro CVE-2008-6369 (SQL injection vulnerability in default.asp in Ocean12 Contact Manager ...) - TODO: check + NOT-FOR-US: Ocean12 Contact Manager Pro CVE-2008-6368 (SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m ...) - TODO: check + NOT-FOR-US: Chipmunk Guestbook CVE-2008-6367 (Unrestricted file upload vulnerability in Photos/create_album.php in ...) - TODO: check + NOT-FOR-US: Social Groupie CVE-2008-6366 (SQL injection vulnerability in logon.jsp in Ad Server Solutions ...) - TODO: check + NOT-FOR-US: Ad Server Solutions Affiliate Software Java CVE-2008-6365 (SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad ...) - TODO: check + NOT-FOR-US: Ad Server Solutions Ad Management Software Java CVE-2008-6364 (SQL injection vulnerability in logon_process.jsp in Ad Server ...) - TODO: check + NOT-FOR-US: Ad Server Solutions Banner Exchange Solution Java CVE-2008-6363 (Stack-based buffer overflow in DesignWorks Professional 4.3.1 and ...) - TODO: check + NOT-FOR-US: DesignWorks Professional CVE-2008-6362 (SQL injection vulnerability in sitepage.php in Multiple Membership ...) - TODO: check + NOT-FOR-US: Multiple Membership Script CVE-2008-6361 (Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 ...) - TODO: check + NOT-FOR-US: InSun Feed CMS CVE-2008-6360 (Cross-site scripting (XSS) vulnerability in the userranks feature in ...) - TODO: check + NOT-FOR-US: ImpressCMS CVE-2008-6359 (Cross-site scripting (XSS) vulnerability in index.php in Max''s ...) - TODO: check + NOT-FOR-US: Max''s Guestbook CVE-2008-6358 (SQL injection vulnerability in group_index.php in Social Groupie ...) - TODO: check + NOT-FOR-US: Social Groupie CVE-2008-6357 (MyCal Personal Events Calendar stores sensitive information under the ...) - TODO: check + NOT-FOR-US: MyCal Personal Events Calendar CVE-2008-6356 (evCal Events Calendar stores sensitive information under the web root ...) - TODO: check + NOT-FOR-US: evCal Events Calendar CVE-2008-6355 (The Net Guys ASPired2Protect stores sensitive information under the ...) - TODO: check + NOT-FOR-US: ASPired2poll CVE-2008-6354 (The Net Guys ASPired2poll stores sensitive information under the web ...) - TODO: check + NOT-FOR-US: ASPired2poll CVE-2008-6353 (SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote ...) - TODO: check + NOT-FOR-US: ASP-CMS CVE-2008-6352 (SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows ...) - TODO: check + NOT-FOR-US: Xpoze Pro CVE-2008-6351 (Cross-site scripting (XSS) vulnerability in listtest.php in ...) - TODO: check + NOT-FOR-US: TurnkeyForms Local Classifieds CVE-2008-6350 (SQL injection vulnerability in listtest.php in TurnkeyForms Local ...) - TODO: check + NOT-FOR-US: TurnkeyForms Local Classifieds CVE-2008-6349 (SQL injection vulnerability in survey_results_text.php in TurnkeyForms ...) - TODO: check + NOT-FOR-US: TurnkeyForms Business Survey Pro CVE-2008-6348 (Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery ...) - TODO: check + NOT-FOR-US: DevelopItEasy Photo Gallery CVE-2008-6347 (PHP remote file inclusion vulnerability in lib/onguma.class.php in the ...) - TODO: check + NOT-FOR-US: Onguma Time Sheet component for Joomla! CVE-2009-0748 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...) - linux-2.6 <unfixed> (low) [etch] - linux-2.6 <not-affected> (ext4 not yet present) @@ -117,125 +117,125 @@ - linux-2.6.24 <unfixed> (low) NOTE: Since the feature is experimental until 2.6.27, I don''t think we need to fix this CVE-2009-0744 (Apple Safari 4 Beta build 528.16 allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2009-0743 (Cross-site scripting (XSS) vulnerability in the edit account page in ...) - TODO: check + NOT-FOR-US: Cisco Unified MeetingPlace Web Conferencing CVE-2009-0742 (The username command in Cisco ACE Application Control Engine Module ...) - TODO: check + NOT-FOR-US: Cisco CVE-2008-6346 (Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) ...) - TODO: check + NOT-FOR-US: DR Wiki extension for TYPO3 CVE-2008-6345 (SQL injection vulnerability in Forum.php in SolarCMS 0.53.8 and 1.0 ...) - TODO: check + NOT-FOR-US: SolarCMS CVE-2008-6344 (SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) ...) - TODO: check + NOT-FOR-US: TU-Clausthal Staff extension for TYPO3 CVE-2008-6343 (Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN ...) - TODO: check + NOT-FOR-US: TU-Clausthal ODIN extension for TYPO3 CVE-2008-6342 (Unspecified vulnerability in the TYPO3 Simple File Browser ...) - TODO: check + NOT-FOR-US: Simple File Browser extension for TYPO3 CVE-2008-6341 (Cross-site scripting (XSS) vulnerability in the SB Universal Plugin ...) - TODO: check + NOT-FOR-US: SB Universal Plugin extension for TYPO3 CVE-2008-6340 (Cross-site scripting (XSS) vulnerability in the Vox populi ...) - TODO: check + NOT-FOR-US: Vox populi extension for TYPO3 CVE-2008-6338 (SQL injection vulnerability in the WEBERkommunal Facilities ...) - TODO: check + NOT-FOR-US: WEBERkommunal Facilities extension for TYPO3 CVE-2008-6337 (SQL injection vulnerability in the Volunteer Management System ...) - TODO: check + NOT-FOR-US: Volunteer Management System module for Joomla! CVE-2008-6336 (Directory traversal vulnerability in download.php in Text Lines ...) - TODO: check + NOT-FOR-US: Text Lines Rearrange Script CVE-2008-6335 (Directory traversal vulnerability in download.php in eMetrix Online ...) - TODO: check + NOT-FOR-US: eMetrix Online Keyword Research Tool CVE-2008-6334 (Directory traversal vulnerability in download.php in eMetrix Extract ...) - TODO: check + NOT-FOR-US: eMetrix Extract Website CVE-2008-6333 (SQL injection vulnerability in news.php in RSS Simple News (RSSSN), ...) - TODO: check + NOT-FOR-US: RSS Simple News CVE-2008-6332 (SQL injection vulnerability in login.php in Simple Customer 1.2 allows ...) - TODO: check + NOT-FOR-US: Simple Customer CVE-2008-6331 (Multiple cross-site request forgery (CSRF) vulnerabilities in Streber ...) - TODO: check + NOT-FOR-US: Streber CVE-2008-6330 (SQL injection vulnerability in index.php in MyTopix 1.3.0 and earlier ...) - TODO: check + NOT-FOR-US: MyTopix CVE-2008-6329 (SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board ...) - TODO: check + NOT-FOR-US: Pre ASP Job Board CVE-2008-6328 (SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 ...) - TODO: check + NOT-FOR-US: Butterfly Organizer CVE-2008-6327 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote ...) - TODO: check + NOT-FOR-US: ProQuiz CVE-2008-6326 (SQL injection vulnerability in login.php in Simple Customer as ...) - TODO: check + NOT-FOR-US: Simple Customer CVE-2008-6325 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz ...) - TODO: check + NOT-FOR-US: Softbiz Classifieds Script CVE-2008-6324 (SQL injection vulnerability in forummessages.cfm in CF_Forum allows ...) - TODO: check + NOT-FOR-US: CF_Forum CVE-2008-6323 (SQL injection vulnerability in forummessages.cfm in CFMSource ...) - TODO: check + NOT-FOR-US: CFMSource CF_Auction CVE-2008-6322 (SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows ...) - TODO: check + NOT-FOR-US: CFMSource CFMBlog CVE-2008-6321 (CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with ...) - TODO: check + NOT-FOR-US: CF Shopkart CVE-2008-6320 (SQL injection vulnerability in index.cfm in CF Shopkart 5.2.2 allows ...) - TODO: check + NOT-FOR-US: CF Shopkart CVE-2008-6319 (SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows ...) - TODO: check + NOT-FOR-US: CF_Calendar CVE-2008-6318 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: PHPmyGallery CVE-2008-6317 (Directory traversal vulnerability in ...) - TODO: check + NOT-FOR-US: PHPmyGallery CVE-2008-6316 (Directory traversal vulnerability in _conf/core/common-tpl-vars.php in ...) - TODO: check + NOT-FOR-US: PHPmyGallery CVE-2008-6315 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: PHPmyGallery CVE-2008-6314 (SQL injection vulnerability in tag_board.php in the Tag Board module ...) - TODO: check + NOT-FOR-US: Tag Board module CVE-2008-6313 (Directory traversal vulnerability in addedit-render.php in phpAddEdit ...) - TODO: check + NOT-FOR-US: phpAddEdit CVE-2008-6312 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote ...) - TODO: check + NOT-FOR-US: ProQuiz CVE-2008-6311 (SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 ...) - TODO: check + NOT-FOR-US: Butterfly Organizer CVE-2008-6310 (SQL injection vulnerability in index.php in W3matter RevSense 1.0 ...) - TODO: check + NOT-FOR-US: W3matter RevSense CVE-2008-6309 (SQL injection vulnerability in index.php in W3matter AskPert allows ...) - TODO: check + NOT-FOR-US: W3matter AskPert CVE-2008-6308 (Multiple directory traversal vulnerabilities in Private Messaging ...) - TODO: check + NOT-FOR-US: Private Messaging System CVE-2008-6307 (E-topbiz Link Back Checker 1 allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: E-topbiz Link Back Checker CVE-2008-6306 (Cross-site scripting (XSS) vulnerability in signinform.php in Softbiz ...) - TODO: check + NOT-FOR-US: Softbiz Classifieds Script CVE-2008-6305 (PHP remote file inclusion vulnerability in init.php in Free Directory ...) - TODO: check + NOT-FOR-US: Free Directory Script CVE-2008-6304 (SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1, when ...) - TODO: check + NOT-FOR-US: xt:Commerce CVE-2008-6303 (SQL injection vulnerability in tourview.php in ToursManager allows ...) - TODO: check + NOT-FOR-US: ToursManager CVE-2008-6302 (TurnkeyForms Local Classifieds allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: TurnkeyForms Local Classifieds CVE-2008-6301 (SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox ...) - TODO: check + NOT-FOR-US: Small ShoutBox module CVE-2008-6300 (Galatolo WebManager 1.3a allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: Galatolo WebManager CVE-2008-6299 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2008-6298 (Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows ...) - TODO: check + NOT-FOR-US: sISAPILocation CVE-2008-6297 (Cross-site scripting (XSS) vulnerability in order.php in DHCart allows ...) - TODO: check + NOT-FOR-US: DHCart CVE-2008-6296 (admin.php in Maran PHP Shop allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: Maran PHP Shop CVE-2008-6295 (Multiple cross-site scripting (XSS) vulnerabilities in Camera Life ...) - TODO: check + NOT-FOR-US: Camera Life CVE-2008-6294 (admin/Index.php in Acc Statistics 1.1 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Acc Statistics CVE-2008-6293 (admin/Index.php in Acc Real Estate 4.0 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Acc Real Estate CVE-2008-6292 (Acc Autos 4.0 allows remote attackers to bypass authentication and ...) - TODO: check + NOT-FOR-US: Acc Autos CVE-2008-6291 (Acc PHP eMail 1.1 allows remote attackers to bypass authentication and ...) - TODO: check + NOT-FOR-US: Acc PHP eMail CVE-2008-6290 (Directory traversal vulnerability in includefile.php in nicLOR Sito, ...) - TODO: check + NOT-FOR-US: nicLOR Sito CVE-2008-6289 (SQL injection vulnerability in cityview.php in Tours Manager 1.0 ...) - TODO: check + NOT-FOR-US: Tours Manager CVE-2009-XXXX [avahi-daemon: denial of service] - avahi <unfixed> (bug #517683) NOTE: CVE id requested @@ -2239,7 +2239,7 @@ CVE-2009-0209 RESERVED CVE-2009-0208 (Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, ...) - TODO: check + NOT-FOR-US: HP Virtual Rooms Client CVE-2009-0207 RESERVED CVE-2009-0206 (Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier ...) @@ -2281,7 +2281,7 @@ CVE-2009-0188 RESERVED CVE-2009-0187 (Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and ...) - TODO: check + NOT-FOR-US: Orbit Downloader CVE-2009-0186 RESERVED CVE-2009-0185