Author: joeyh Date: 2010-04-23 21:14:16 +0000 (Fri, 23 Apr 2010) New Revision: 14553 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-04-23 20:00:37 UTC (rev 14552) +++ data/CVE/list 2010-04-23 21:14:16 UTC (rev 14553) @@ -1,3 +1,59 @@ +CVE-2010-1490 (Unspecified vulnerability in IBM Cognos 8 Business Intelligence before ...) + TODO: check +CVE-2009-4800 (Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 ...) + TODO: check +CVE-2009-4799 (Diskos CMS 6.x stores sensitive information under the web root with ...) + TODO: check +CVE-2009-4798 (Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote ...) + TODO: check +CVE-2009-4797 (SQL injection vulnerability in browse.php in JobHut 1.2 and earlier ...) + TODO: check +CVE-2009-4796 (Multiple SQL injection vulnerabilities in the ExecuteQueries function ...) + TODO: check +CVE-2009-4795 (Multiple SQL injection vulnerabilities in Xlight FTP Server before ...) + TODO: check +CVE-2009-4794 (Multiple SQL injection vulnerabilities in Community CMS 0.5 allow ...) + TODO: check +CVE-2009-4793 (Unrestricted file upload vulnerability in ...) + TODO: check +CVE-2009-4792 (SQL injection vulnerability in includes/content/member_content.php in ...) + TODO: check +CVE-2009-4791 (Multiple SQL injection vulnerabilities in Family Connections (aka ...) + TODO: check +CVE-2009-4790 (Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 ...) + TODO: check +CVE-2009-4789 (Multiple PHP remote file inclusion vulnerabilities in the MojoBlog ...) + TODO: check +CVE-2009-4788 (Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier ...) + TODO: check +CVE-2009-4787 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg ...) + TODO: check +CVE-2009-4786 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg before ...) + TODO: check +CVE-2009-4785 (SQL injection vulnerability in the Quick News (com_quicknews) ...) + TODO: check +CVE-2009-4784 (SQL injection vulnerability in the Joaktree (com_joaktree) component ...) + TODO: check +CVE-2009-4783 (Multiple SQL injection vulnerabilities in Theeta CMS, possibly 0.01, ...) + TODO: check +CVE-2009-4782 (Multiple cross-site scripting (XSS) vulnerabilities in Theeta CMS, ...) + TODO: check +CVE-2009-4781 (TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for ...) + TODO: check +CVE-2009-4780 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) + TODO: check +CVE-2009-4779 (Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and ...) + TODO: check +CVE-2009-4778 (Multiple unspecified vulnerabilities in the PDF distiller in the ...) + TODO: check +CVE-2009-4777 (Unspecified vulnerability in multiple versions of Hitachi ...) + TODO: check +CVE-2009-4776 (Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit ...) + TODO: check +CVE-2009-4775 (Format string vulnerability in Ipswitch WS_FTP Professional 12 before ...) + TODO: check +CVE-2009-4774 (Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 ...) + TODO: check CVE-2010-XXXX [cacti sql injection BONSAI-2010-0104] - cacti <unfixed> (bug #578909) NOTE: http://seclists.org/fulldisclosure/2010/Apr/272 @@ -9,8 +65,8 @@ [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.32) CVE-2010-1487 (IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in ...) NOT-FOR-US: IBM Lotus Notes -CVE-2010-1486 - RESERVED +CVE-2010-1486 (Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in ...) + TODO: check CVE-2010-1485 RESERVED CVE-2010-1484 @@ -376,8 +432,7 @@ RESERVED CVE-2010-1321 RESERVED -CVE-2010-1320 [krb5: double-free] - RESERVED +CVE-2010-1320 (Double free vulnerability in do_tgs_req.c in the Key Distribution ...) - krb5 1.8.1+dfsg-2 (bug #577490) [lenny] - krb5 <not-affected> (Only affects 1.7/1.8) NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt @@ -471,8 +526,8 @@ RESERVED CVE-2010-1279 RESERVED -CVE-2010-1278 - RESERVED +CVE-2010-1278 (Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in ...) + TODO: check CVE-2010-1277 (SQL injection vulnerability in the user.authenticate method in the API ...) - zabbix 1:1.8.2-1 (bug #577058) [lenny] - zabbix <not-affected> (vulnerable code not present) @@ -1143,10 +1198,10 @@ RESERVED CVE-2010-1034 RESERVED -CVE-2010-1033 - RESERVED -CVE-2010-1032 - RESERVED +CVE-2010-1033 (Multiple stack-based buffer overflows in a certain Tetradyne ActiveX ...) + TODO: check +CVE-2010-1032 (Unspecified vulnerability in HP HP-UX B.11.11 allows local users to ...) + TODO: check CVE-2010-1031 (Unspecified vulnerability in HP Insight Control for Linux (aka ...) NOT-FOR-US: HP Insight Control CVE-2010-1030 (Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules ...) @@ -1249,8 +1304,7 @@ NOT-FOR-US: Pulse CMS Basic CVE-2010-0992 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse ...) NOT-FOR-US: Pulse CMS Basic -CVE-2010-0991 [imlib2 issue] - RESERVED +CVE-2010-0991 (Multiple heap-based buffer overflows in imlib2 1.4.3 allow ...) - imlib2 <undetermined> NOTE: http://seclists.org/bugtraq/2010/Apr/196 TODO: check @@ -2496,8 +2550,8 @@ RESERVED CVE-2010-0594 RESERVED -CVE-2010-0593 - RESERVED +CVE-2010-0593 (The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, ...) + TODO: check CVE-2010-0592 (The CTI Manager service in Cisco Unified Communications Manager (aka ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2010-0591 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)