joeyh at alioth.debian.org
2009-Mar-06 21:14 UTC
[Secure-testing-commits] r11345 - data/CVE
Author: joeyh Date: 2009-03-06 21:14:16 +0000 (Fri, 06 Mar 2009) New Revision: 11345 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-03-06 16:59:34 UTC (rev 11344) +++ data/CVE/list 2009-03-06 21:14:16 UTC (rev 11345) @@ -1,3 +1,65 @@ +CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the seccomp ...) + TODO: check +CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7 and ...) + TODO: check +CVE-2009-0833 (Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 ...) + TODO: check +CVE-2009-0832 (SQL injection vulnerability in items.php in the E-Cart module 1.3 for ...) + TODO: check +CVE-2009-0831 (SQL injection vulnerability in members.php in the Members CV (job) ...) + TODO: check +CVE-2009-0830 (Cross-site scripting (XSS) vulnerability in QuoteBook allows remote ...) + TODO: check +CVE-2009-0829 (Multiple SQL injection vulnerabilities in QuoteBook allow remote ...) + TODO: check +CVE-2009-0828 (QuoteBook stores quotes.inc under the web root with insufficient ...) + TODO: check +CVE-2009-0827 (PollHelper stores poll.inc under the web root with insufficient access ...) + TODO: check +CVE-2009-0826 (BlogHelper stores common_db.inc under the web root with insufficient ...) + TODO: check +CVE-2009-0825 + RESERVED +CVE-2009-0824 + RESERVED +CVE-2009-0823 + RESERVED +CVE-2009-0822 + RESERVED +CVE-2008-6415 (Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers ...) + TODO: check +CVE-2008-6414 (SQL injection vulnerability in detail.php in AJ Auction Pro Platinum ...) + TODO: check +CVE-2008-6413 (Cross-site scripting (XSS) vulnerability in the Answers module ...) + TODO: check +CVE-2008-6412 (Unspecified vulnerability in Vignette Content Management 7.3.0.5, ...) + TODO: check +CVE-2008-6411 (Explay CMS 2.1 and earlier allows remote attackers to bypass ...) + TODO: check +CVE-2008-6410 (Directory traversal vulnerability in show.php in ol''bookmarks manager ...) + TODO: check +CVE-2008-6409 (SQL injection vulnerability in index.php in ol''bookmarks manager 0.7.5 ...) + TODO: check +CVE-2008-6408 (PHP remote file inclusion vulnerability in frame.php in ol''bookmarks ...) + TODO: check +CVE-2008-6407 (Directory traversal vulnerability in frame.php in ol''bookmarks manager ...) + TODO: check +CVE-2008-6406 (Cross-site scripting (XSS) vulnerability in admin.php in DataLife ...) + TODO: check +CVE-2008-6405 (SQL injection vulnerability in showcategory.php in Hotscripts Clone ...) + TODO: check +CVE-2008-6404 (Cross-site scripting (XSS) vulnerability in add_calendars.php in ...) + TODO: check +CVE-2008-6403 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2008-6402 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2008-6401 (SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote ...) + TODO: check +CVE-2008-6400 (Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 ...) + TODO: check +CVE-2008-6399 (Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows ...) + TODO: check CVE-2009-0821 (Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause ...) TODO: check CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 ...) @@ -394,7 +456,7 @@ NOT-FOR-US: Tours Manager CVE-2009-XXXX [znc: authenticated users can obtain shell access] - znc 0.066-1 (bug #516950) -CVE-2009-0770 [dkim-milter: crash on revoked keys] +CVE-2009-0770 (dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause a ...) - dkim-milter 2.6.0.dfsg-2 (low) [lenny] - dkim-milter 2.6.0.dfsg-1+lenny1 NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2508602&group_id=139420&atid=744358 @@ -758,7 +820,7 @@ CVE-2009-XXXX [debian-installer: no-root option in expert installer exposes locally exploitable security flaw] - debian-installer <unfixed> (bug #517018; low) NOTE: should a CVE be requested for this problem? -CVE-2009-0753 [Http double slash request arbitrary file access vulnerability in mldonkey] +CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 ...) - mldonkey <unfixed> (bug #516829; medium) NOTE: daemon is run as non-root and can only be exploited via localhost CVE-2009-0648 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) @@ -11197,7 +11259,7 @@ RESERVED CVE-2008-2464 (The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD ...) NOT-FOR-US: NetBSD -CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx, ...) +CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx ...) NOT-FOR-US: Microsoft Office Snapshot Viewer ActiveX CVE-2008-2462 (Cross-site scripting (XSS) vulnerability in the viewfile documentation ...) NOT-FOR-US: Caucho Resin