Author: geissert
Date: 2010-12-07 01:59:18 +0000 (Tue, 07 Dec 2010)
New Revision: 15655
Modified:
data/CVE/list
Log:
three, old, piwigo issues
piwik is ITP
IO::Socket::SSL issue by dkg
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-12-07 00:47:21 UTC (rev 15654)
+++ data/CVE/list 2010-12-07 01:59:18 UTC (rev 15655)
@@ -1,3 +1,5 @@
+CVE-2010-XXXX [IO::Socket::SSL verify peer mode ignored if no cert supplied]
+ - libio-socket-ssl-perl <unfixed> (bug #606058)
CVE-2010-XXXX [cakephp controller/component/security.php unsafe unserialize]
- cakephp <unfixed>
NOTE:
https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb
@@ -1326,6 +1328,7 @@
{DSA-2126-1}
- linux-2.6 2.6.32-28 (low)
CVE-2010-3872 (The apr_status_t fcgid_header_bucket_read function in
fcgid_bucket.c ...)
+ - libapache2-mod-fcgid <unfixed> (bug #605484)
TODO: check
CVE-2010-3871 (Cross-site scripting (XSS) vulnerability in ...)
- mahara <not-affected> (Vulnerable feature introduced in 1.3)
@@ -4222,7 +4225,7 @@
[lenny] - mediawiki <no-dsa> (Minor issue)
NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
CVE-2010-2786 (Directory traversal vulnerability in Piwik 0.6 through 0.6.3
allows ...)
- NOT-FOR-US: Piwik
+ - piwik <itp> (bug #506933)
CVE-2010-2785 (The IRC Protocol component in KVIrc 3.x and 4.x before r4693
does not ...)
{DSA-2078-1}
- kvirc 4:4.0.0-3
@@ -7149,7 +7152,8 @@
CVE-2010-1708 (Multiple SQL injection vulnerabilities in agentadmin.php in Free
...)
NOT-FOR-US: Free Realty
CVE-2010-1707 (Multiple cross-site scripting (XSS) vulnerabilities in
register.php in ...)
- NOT-FOR-US: Piwigo
+ - piwigo <undetermined>
+ TODO: check
CVE-2010-1706 (Multiple SQL injection vulnerabilities in login.php in 2daybiz
Auction ...)
NOT-FOR-US: 2daybiz Auction Script
CVE-2010-1705 (SQL injection vulnerability in casting_view.php in Modelbook
allows ...)
@@ -13708,7 +13712,8 @@
CVE-2009-4040 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before
2.0.17 and ...)
NOT-FOR-US: phpMyFAQ
CVE-2009-4039 (Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6
allows ...)
- NOT-FOR-US: Piwigo
+ - piwigo <undetermined>
+ TODO: check
CVE-2009-4038 (Multiple cross-site scripting (XSS) vulnerabilities in NCH
Software ...)
NOT-FOR-US: NCH Software Axon Virtual PBX
CVE-2009-4037 (Multiple SQL injection vulnerabilities in FrontAccounting (FA)
before ...)
@@ -17387,7 +17392,8 @@
CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in
Programmed ...)
NOT-FOR-US: Programmed Integration PIPL
CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before
2.0.3 ...)
- NOT-FOR-US: Piwigo
+ - piwigo <undetermined>
+ TODO: check
CVE-2009-2932 (Cross-site scripting (XSS) vulnerability in uddiclient/process
in the ...)
NOT-FOR-US: SAP NetWeaver
CVE-2009-2931 (Directory traversal vulnerability in p.php in SlideShowPro
Director ...)