thr3ads.net - Secure testing commits - [Secure-testing-commits] r11749

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Apr-30 21:14 UTC
[Secure-testing-commits] r11749 - data/CVE

Author: joeyh
Date: 2009-04-30 21:14:15 +0000 (Thu, 30 Apr 2009)
New Revision: 11749

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-04-30 20:14:55 UTC (rev 11748)
+++ data/CVE/list	2009-04-30 21:14:15 UTC (rev 11749)
@@ -1,3 +1,41 @@
+CVE-2009-1489 (includes/user.php in Fungamez RC1 allows remote attackers to
bypass ...)
+	TODO: check
+CVE-2009-1488 (Directory traversal vulnerability in admin/load.php in FunGamez
RC1 ...)
+	TODO: check
+CVE-2009-1487 (SQL injection vulnerability in pages/login.php in FunGamez RC1
allows ...)
+	TODO: check
+CVE-2009-1486 (Directory traversal vulnerability in pmscript.php in Flatchat
3.0 ...)
+	TODO: check
+CVE-2009-1485 (The logging feature in eMule Plus before 1.2e allows remote
attackers ...)
+	TODO: check
+CVE-2009-1484 (Cross-site scripting (XSS) vulnerability in the web mail
interface ...)
+	TODO: check
+CVE-2009-1483 (Unrestricted file upload vulnerability in upload-file.php in
Adam ...)
+	TODO: check
+CVE-2009-1482 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2009-1481 (SQL injection vulnerability in action.asp in PuterJam''s
Blog (PJBlog3) ...)
+	TODO: check
+CVE-2009-1480 (SQL injection vulnerability in index.php Pragyan CMS 2.6.4
allows ...)
+	TODO: check
+CVE-2009-1479
+	RESERVED
+CVE-2009-1478 (Multiple unspecified vulnerabilities in the DTrace ioctl
handlers in ...)
+	TODO: check
+CVE-2008-6774 (internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not
end ...)
+	TODO: check
+CVE-2008-6773 (Static code injection vulnerability in
user/internettoolbar/edit.php ...)
+	TODO: check
+CVE-2008-6772 (login/register_form.php in YourPlace 1.0.2 and earlier does not
check ...)
+	TODO: check
+CVE-2008-6771 (YourPlace 1.0.2 and earlier allows remote attackers to obtain
...)
+	TODO: check
+CVE-2008-6770 (YourPlace 1.0.2 and earlier stores sensitive information under
the web ...)
+	TODO: check
+CVE-2008-6769 (Unrestricted file upload vulnerability in upload.php in
YourPlace ...)
+	TODO: check
+CVE-2008-6768 (Unrestricted file upload vulnerability in
admin/editor/images.php in ...)
+	TODO: check
 CVE-2009-1477
 	RESERVED
 CVE-2009-1476
@@ -118,14 +156,14 @@
 	NOT-FOR-US: SilverStripe
 CVE-2009-1432
 	RESERVED
-CVE-2009-1431
-	RESERVED
-CVE-2009-1430
-	RESERVED
-CVE-2009-1429
-	RESERVED
-CVE-2009-1428
-	RESERVED
+CVE-2009-1431 (XFR.EXE in the Intel File Transfer service in the console in
Symantec ...)
+	TODO: check
+CVE-2009-1430 (Multiple stack-based buffer overflows in IAO.EXE in the Intel
Alert ...)
+	TODO: check
+CVE-2009-1429 (The Intel LANDesk Common Base Agent (CBA) in Symantec Alert
Management ...)
+	TODO: check
+CVE-2009-1428 (Multiple cross-site scripting (XSS) vulnerabilities in
ccLgView.exe in ...)
+	TODO: check
 CVE-2009-1427
 	RESERVED
 CVE-2009-1426
@@ -647,6 +685,7 @@
 CVE-2009-1273 (pam_ssh 1.92 and possibly other versions, as used when PAM is
compiled ...)
 	- pam <not-affected> (we don''t compile pam with USE=ssh)
 CVE-2009-1272 (The php_zip_make_relative_path function in php_zip.c in PHP
5.2.x ...)
+	{DTSA-188-1}
 	- php5 5.2.6.dfsg.1-3
 	[etch] - php5 <not-affected> (this is caused by the fix for
CVE-2008-5658, which was not applied to php4)
 	- php4 <not-affected> (this is caused by the fix for CVE-2008-5658,
which was not applied to php4)
@@ -1843,6 +1882,7 @@
 CVE-2009-0947
 	RESERVED
 CVE-2009-0946 (Multiple integer overflows in FreeType 2.3.9 and earlier allow
remote ...)
+	{DSA-1784-1}
 	- freetype 2.3.9-4.1 (medium; bug #524925)
 CVE-2009-0945
 	RESERVED
@@ -2807,8 +2847,8 @@
 	RESERVED
 CVE-2009-0720
 	RESERVED
-CVE-2009-0719
-	RESERVED
+CVE-2009-0719 (Unspecified vulnerability in useradd in HP HP-UX B.11.11,
B.11.23, and ...)
+	TODO: check
 CVE-2009-0718 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5
...)
 	NOT-FOR-US: HP StorageWorks Storage Mirroring
 CVE-2009-0717 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5
...)
@@ -6157,8 +6197,8 @@
 	NOT-FOR-US: DrWeb Anti-virus
 CVE-2008-5525 (ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7
is ...)
 	- clamav <not-affected> (medium; bug #526041)
-        NOTE: this issue refers to a clamav antivirus bypass that occurs when
the user
-        NOTE: is using IE6 or IE7 to open a malicious page with an MZ header
+	NOTE: this issue refers to a clamav antivirus bypass that occurs when the user
+	NOTE: is using IE6 or IE7 to open a malicious page with an MZ header
 	NOTE: - all other browsers are not vulnerable
 	NOTE: - see http://xforce.iss.net/xforce/xfdb/47435 and bug report for details
 CVE-2008-5524 (CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6
or 7 ...)
@@ -8799,6 +8839,7 @@
 CVE-2008-4457 (SQL injection vulnerability in inc/inc_statistics.php in MemHT
Portal ...)
 	NOT-FOR-US: MemHT Portal
 CVE-2008-4456 (Cross-site scripting (XSS) vulnerability in the command-line
client in ...)
+	{DSA-1783-1}
 	- mysql-dfsg-5.0 5.0.51-1 (low)
 CVE-2008-4455 (Directory traversal vulnerability in index.php in EKINdesigns
MySQL ...)
 	NOT-FOR-US: EKINdesigns MySQL Quick Admin
@@ -10150,6 +10191,7 @@
 	- ssmtp 2.62-1.1 (low; bug #498366)
 	[etch] - ssmtp <no-dsa> (Minor issue, only affects rare corner cases)
 CVE-2008-3963 (MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6
does ...)
+	{DSA-1783-1}
 	- mysql-dfsg-5.0 5.0.51a-15 (low; bug #498362)
 CVE-2008-3964 (Multiple off-by-one errors in libpng before 1.2.32beta01, and
1.4 ...)
 	- libpng 1.2.27-2 (low; bug #501109)
Secure testing commits - Apr 2009 - r11749 - data/CVE

[Secure-testing-commits] r11749 - data/CVE
