Author: joeyh Date: 2012-05-22 21:14:33 +0000 (Tue, 22 May 2012) New Revision: 19294 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-05-22 18:09:06 UTC (rev 19293) +++ data/CVE/list 2012-05-22 21:14:33 UTC (rev 19294) @@ -1,3 +1,53 @@ +CVE-2012-2925 (SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 ...) + TODO: check +CVE-2012-2924 (PHP remote file inclusion vulnerability in admin/setup.inc.php in ...) + TODO: check +CVE-2012-2923 (SQL injection vulnerability in news.php4 in Hypermethod eLearning ...) + TODO: check +CVE-2012-2922 (The request_path function in includes/bootstrap.inc in Drupal 7.14 and ...) + TODO: check +CVE-2012-2921 (Universal Feed Parser (aka feedparser or python-feedparser) before ...) + TODO: check +CVE-2012-2920 (Cross-site scripting (XSS) vulnerability in the userphoto_options_page ...) + TODO: check +CVE-2012-2919 (Directory traversal vulnerability in Upload/engine.php in Chevereto ...) + TODO: check +CVE-2012-2918 (Cross-site scripting (XSS) vulnerability in Upload/engine.php in ...) + TODO: check +CVE-2012-2917 (Cross-site scripting (XSS) vulnerability in the Share and Follow ...) + TODO: check +CVE-2012-2916 (Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in ...) + TODO: check +CVE-2012-2915 (Stack-based buffer overflow in Lattice Semiconductor PAC-Designer ...) + TODO: check +CVE-2012-2914 (Cross-site scripting (XSS) vulnerability in captchademo.php in ...) + TODO: check +CVE-2012-2913 (Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet ...) + TODO: check +CVE-2012-2912 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) + TODO: check +CVE-2012-2911 (Cross-site scripting (XSS) vulnerability in backupDB.php in ...) + TODO: check +CVE-2012-2910 (Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware ...) + TODO: check +CVE-2012-2909 (Multiple cross-site scripting (XSS) vulnerabilities in Viscacha ...) + TODO: check +CVE-2012-2908 (Multiple SQL injection vulnerabilities in admin/bbcodes.php in ...) + TODO: check +CVE-2012-2907 (Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb ...) + TODO: check +CVE-2012-2906 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check +CVE-2012-2905 (Artiphp CMS 5.5.0 Neo (r422) stores database backups with predictable ...) + TODO: check +CVE-2012-2904 (player.swf in LongTail JW Player 5.9 allows remote attackers to ...) + TODO: check +CVE-2012-2903 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Address ...) + TODO: check +CVE-2012-2902 (Unrestricted file upload vulnerability in ...) + TODO: check +CVE-2012-2901 (Cross-site scripting (XSS) vulnerability in the Profile List in the ...) + TODO: check CVE-2012-2900 RESERVED CVE-2012-2899 @@ -680,8 +730,8 @@ RESERVED CVE-2012-2562 RESERVED -CVE-2012-2561 - RESERVED +CVE-2012-2561 (HP Business Service Management (BSM) 9.12 does not properly restrict ...) + TODO: check CVE-2012-2560 RESERVED CVE-2012-2559 @@ -1074,29 +1124,22 @@ RESERVED CVE-2010-5105 RESERVED -CVE-2010-5104 [TYPO3-SA-2010-022] - RESERVED +CVE-2010-5104 (The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) -CVE-2010-5103 [TYPO3-SA-2010-022] - RESERVED +CVE-2010-5103 (SQL injection vulnerability in the list module in TYPO3 4.2.x before ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) -CVE-2010-5102 [TYPO3-SA-2010-022] - RESERVED +CVE-2010-5102 (Directory traversal vulnerability in mod/tools/em/class.em_unzip.php ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) -CVE-2010-5101 [TYPO3-SA-2010-022] - RESERVED +CVE-2010-5101 (Directory traversal vulnerability in the TypoScript setup in TYPO3 ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) -CVE-2010-5100 [TYPO3-SA-2010-022] - RESERVED +CVE-2010-5100 (Multiple cross-site scripting (XSS) vulnerabilities in the Install ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) CVE-2010-5099 [TYPO3-SA-2010-022] RESERVED - typo3-src 4.3.9+dfsg1-1 (bug #607286) -CVE-2010-5098 [TYPO3-SA-2010-022] - RESERVED +CVE-2010-5098 (Cross-site scripting (XSS) vulnerability in the FORM content object in ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) -CVE-2010-5097 [TYPO3-SA-2010-022] - RESERVED +CVE-2010-5097 (Cross-site scripting (XSS) vulnerability in the click enlarge ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) CVE-2010-5096 [MyBB multiple SQL injection vulnerabilities] RESERVED @@ -1193,8 +1236,7 @@ RESERVED CVE-2012-2377 RESERVED -CVE-2012-2376 - RESERVED +CVE-2012-2376 (Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and ...) - php5 <not-affected> (Windows-specific vulnerability) CVE-2012-2375 RESERVED @@ -1264,37 +1306,34 @@ - pam-shield <unfixed> (low; bug #658830) [squeeze] - pam-shield <no-dsa> (Minor issue) CVE-2012-2349 - RESERVED + REJECTED CVE-2012-2348 - RESERVED + REJECTED CVE-2012-2347 - RESERVED + REJECTED CVE-2012-2346 - RESERVED + REJECTED CVE-2012-2345 - RESERVED + REJECTED CVE-2012-2344 - RESERVED + REJECTED CVE-2012-2343 - RESERVED + REJECTED CVE-2012-2342 - RESERVED + REJECTED CVE-2012-2341 (Cross-site request forgery (CSRF) vulnerability in the Take Control ...) NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6 NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2 NOT-FOR-US: Drupal Take Control -CVE-2012-2340 [Drupal SA-CONTRIB-2012-074] - RESERVED +CVE-2012-2340 (The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not ...) NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6 NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2 NOT-FOR-US: Drupal Contact Forms -CVE-2012-2339 [Drupal SA-CONTRIB-2012-073] - RESERVED +CVE-2012-2339 (Cross-site scripting (XSS) vulnerability in the Glossary module ...) NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6 NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2 NOT-FOR-US: Drupal Glossary -CVE-2012-2338 [galette SQL injection] - RESERVED +CVE-2012-2338 (SQL injection vulnerability in includes/picture.class.php in Galette ...) NOT-FOR-US: Galette NOTE: http://redmine.ulysses.fr/issues/250 NOTE: http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba @@ -1481,8 +1520,8 @@ NOT-FOR-US: Comodo Internet Security CVE-2012-2272 RESERVED -CVE-2012-2271 - RESERVED +CVE-2012-2271 (Buffer overflow in the InitLicenKeys function in a certain ActiveX ...) + TODO: check CVE-2012-2270 (Open redirect vulnerability in index.php (aka the Login Page) in ...) - owncloud <itp> (bug #648674) CVE-2012-2269 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 3.0.0 ...) @@ -3834,8 +3873,8 @@ RESERVED CVE-2012-1250 RESERVED -CVE-2012-1249 - RESERVED +CVE-2012-1249 (The iLunascape application 1.0.4.0 and earlier for Android does not ...) + TODO: check CVE-2012-1248 (app/config/core.php in baserCMS 1.6.15 and earlier does not properly ...) TODO: check CVE-2012-1247 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and ...) @@ -6342,14 +6381,14 @@ RESERVED CVE-2012-0300 RESERVED -CVE-2012-0299 - RESERVED -CVE-2012-0298 - RESERVED -CVE-2012-0297 - RESERVED -CVE-2012-0296 - RESERVED +CVE-2012-0299 (The file-management scripts in the management GUI in Symantec Web ...) + TODO: check +CVE-2012-0298 (The file-management scripts in the management GUI in Symantec Web ...) + TODO: check +CVE-2012-0297 (The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not ...) + TODO: check +CVE-2012-0296 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...) + TODO: check CVE-2012-0295 RESERVED CVE-2012-0294