Author: derevko-guest Date: 2009-07-15 15:12:30 +0000 (Wed, 15 Jul 2009) New Revision: 12346 Modified: data/CVE/list Log: - NFUs - two minor wordpress issues - two minor tor issues - mysqld issue got a CVE Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-07-15 04:54:50 UTC (rev 12345) +++ data/CVE/list 2009-07-15 15:12:30 UTC (rev 12346) @@ -1,64 +1,62 @@ CVE-2009-XXXX [iceweasel: 0-day remote shellcode injection] - iceweasel <unfixed> (high; bug #537104) CVE-2009-2450 (The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online ...) - TODO: check + NOT-FOR-US: Tall Emu Online Armor Personal Firewall CVE-2009-2449 (Directory traversal vulnerability in ...) - TODO: check + NOT-FOR-US: ADbNewsSender CVE-2009-2448 (Cross-site scripting (XSS) vulnerability in ogp_show.php in Online ...) - TODO: check + NOT-FOR-US: Online Guestbook Pro CVE-2009-2447 (Multiple cross-site scripting (XSS) vulnerabilities in ogp_show.php in ...) - TODO: check -CVE-2009-2446 (Multiple format string vulnerabilities in the dispatch_command ...) - TODO: check + NOT-FOR-US: Online Guestbook Pro CVE-2009-2445 (Sun Java System Web Server (aka Sun ONE Web Server) 6.1, 6.1 SP10, 6.1 ...) - TODO: check + NOT-FOR-US: Sun ONE Web Server CVE-2009-2444 (Directory traversal vulnerability in maillinglist/setup/step1.php.inc ...) - TODO: check + NOT-FOR-US: ADbNewsSender CVE-2009-2443 (Siteframe 3.2.3, and other 3.2.x versions, allows remote attackers to ...) - TODO: check + NOT-FOR-US: Siteframe CVE-2009-2442 (Cross-site scripting (XSS) vulnerability in public/index.php in ...) - TODO: check + NOT-FOR-US: Linea21 CVE-2009-2441 (Cross-site scripting (XSS) vulnerability in ogp_show.php in Online ...) - TODO: check + NOT-FOR-US: Online Guestbook Pro CVE-2009-2440 (Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook ...) - TODO: check + NOT-FOR-US: JNM Guestbook CVE-2009-2439 (Multiple SQL injection vulnerabilities in Web Development House ...) - TODO: check + NOT-FOR-US: Web Development House Alibaba CVE-2009-2438 (Cross-site scripting (XSS) vulnerability in index.php in the search ...) - TODO: check + NOT-FOR-US: ClanSphere CVE-2009-2437 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: MyPHPDating CVE-2009-2436 (SQL injection vulnerability in page.php in Online Dating Software ...) - TODO: check + NOT-FOR-US: MyPHPDating CVE-2009-2435 (The Sametime server in IBM Lotus Instant Messaging and Web ...) - TODO: check + NOT-FOR-US: IBM Lotus CVE-2009-2434 (Buffer overflow in the syscall implementation in IBM AIX 5.3 allows ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2009-2433 (Stack-based buffer overflow in the AddFavorite method in Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2009-2432 (WordPress and WordPress MU before 2.8.1 allow remote attackers to ...) - TODO: check + - wordpress <unfixed> (low; bug #537146) CVE-2009-2431 (WordPress 2.7.1 places the username of a post''s author in an HTML ...) - TODO: check + - wordpress <unfixed> (low; bug #537146) CVE-2009-2430 (Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2009-2429 (SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in ...) - TODO: check + NOT-FOR-US: SmartFilter Web Gateway Security CVE-2009-2428 (Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow ...) - TODO: check + NOT-FOR-US: Tausch Ticket Script CVE-2009-2427 (SQL injection vulnerability in co-profile.php in Jobbr 2.2.7 allows ...) - TODO: check + NOT-FOR-US: Jobbr CVE-2009-2426 (The connection_edge_process_relay_cell_not_open function in ...) - TODO: check + - tor 0.2.0.35-1 (low; bug #537148) CVE-2009-2425 (Tor before 0.2.0.35 allows remote attackers to cause a denial of ...) - TODO: check + - tor 0.2.0.35-1 (low; bug #537148) CVE-2009-2424 (Cross-site scripting (XSS) vulnerability in search.php in Ebay Clone ...) - TODO: check + NOT-FOR-US: Ebay Clone 2009 CVE-2009-2423 (SQL injection vulnerability in category.php in Ebay Clone 2009 allows ...) - TODO: check + NOT-FOR-US: Ebay Clone 2009 CVE-2009-2422 (The example code for the digest authentication functionality ...) TODO: check -CVE-2009-XXXX [mysql: post-authentication format string vulnerability] +CVE-2009-2446 (Multiple format string vulnerabilities in the dispatch_command ...) - mysql-dfsg-5.0 <unfixed> (low; bug #536726) TODO: check lenny/sid; they are likely fixed according to the report, but i did not check CVE-2009-XXXX [libio-socket-ssl-perl: partial hostname matching vulnerability] @@ -134,7 +132,7 @@ CVE-2009-2387 (Unspecified vulnerability in the proc filesystem in Sun OpenSolaris ...) NOT-FOR-US: Sun OpenSolaris CVE-2009-2386 (Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer ...) - TODO: check + NOT-FOR-US: Awingsoft Awakening Winds3D Viewer plugin CVE-2009-2369 (Integer overflow in the wxImage::Create function in ...) TODO: check CVE-2009-2360 (Cross-site scripting (XSS) vulnerability in passwd/main.php in the ...) @@ -619,8 +617,6 @@ - kfreebsd-7 7.2-2 [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported) NOTE: http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc -CVE-2009-XXXX [Tor: Avoid crashing in the presence of certain malformed descriptors] - - tor 0.2.0.35-1 CVE-2009-2207 RESERVED CVE-2009-2206