thr3ads.net - Secure testing commits - [Secure-testing-commits] r11022

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2009-Jan-22 21:14 UTC
[Secure-testing-commits] r11022 - data/CVE

Author: joeyh
Date: 2009-01-22 21:14:12 +0000 (Thu, 22 Jan 2009)
New Revision: 11022

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-01-22 17:19:01 UTC (rev 11021)
+++ data/CVE/list	2009-01-22 21:14:12 UTC (rev 11022)
@@ -1,3 +1,63 @@
+CVE-2009-0245 (Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS
...)
+	TODO: check
+CVE-2009-0244 (Directory traversal vulnerability in the OBEX FTP Service in the
...)
+	TODO: check
+CVE-2009-0243 (Microsoft Windows does not properly enforce the Autorun and ...)
+	TODO: check
+CVE-2008-5947 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-5946 (SQL injection vulnerability in readmore.php in PHP-Fusion 4.01
allows ...)
+	TODO: check
+CVE-2008-5945 (Nukeviet 2.0 Beta allows remote attackers to bypass
authentication and ...)
+	TODO: check
+CVE-2008-5944 (Cross-site scripting (XSS) vulnerability in modules.php in
NavBoard 16 ...)
+	TODO: check
+CVE-2008-5943 (Multiple directory traversal vulnerabilities in NavBoard 16
(2.6.0) ...)
+	TODO: check
+CVE-2008-5942 (Multiple cross-site scripting (XSS) vulnerabilities in MODx
before ...)
+	TODO: check
+CVE-2008-5941 (Cross-site request forgery (CSRF) vulnerability in MODx
0.9.6.1p2 and ...)
+	TODO: check
+CVE-2008-5940 (SQL injection vulnerability in index.php in MODx 0.9.6.2 and
earlier, ...)
+	TODO: check
+CVE-2008-5939 (Cross-site scripting (XSS) vulnerability in index.php in MODx
CMS ...)
+	TODO: check
+CVE-2008-5938 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-5937 (AyeView 2.20 allows user-assisted attackers to cause a denial of
...)
+	TODO: check
+CVE-2008-5936 (front-end/edit.php in mini-pub 0.3 and earlier allows remote
attackers ...)
+	TODO: check
+CVE-2008-5935 (Facto stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2008-5934 (SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows
...)
+	TODO: check
+CVE-2008-5933 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2008-5932 (CodeAvalanche FreeForum stores sensitive information under the
web ...)
+	TODO: check
+CVE-2008-5931 (The Net Guys ASPired2Blog stores sensitive information under the
web ...)
+	TODO: check
+CVE-2008-5930 (SQL injection vulnerability in admin/blog_comments.asp in The
Net Guys ...)
+	TODO: check
+CVE-2008-5929 (VP-ASP Shopping Cart 6.50 stores sensitive information under the
web ...)
+	TODO: check
+CVE-2008-5928 (SQL injection vulnerability in redir.php in Free Links Directory
...)
+	TODO: check
+CVE-2008-5927 (Multiple SQL injection vulnerabilities in admin/usercheck.php in
...)
+	TODO: check
+CVE-2008-5926 (Multiple SQL injection vulnerabilities in login.asp in ASP-DEv
...)
+	TODO: check
+CVE-2008-5925 (ASP-DEv XM Events Diary stores sensitive information under the
web ...)
+	TODO: check
+CVE-2008-5924 (SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM
Events ...)
+	TODO: check
+CVE-2008-5923 (SQL injection vulnerability in default.asp in ASP-DEv XM Events
Diary ...)
+	TODO: check
+CVE-2008-5922 (Multiple PHP remote file inclusion vulnerabilities in ...)
+	TODO: check
+CVE-2008-5921 (SQL injection vulnerability in albums.php in Umer Inc Songs
Portal ...)
+	TODO: check
 CVE-2009-XXXX [multiple security issues in typo3-src]
 	- typo3-src 4.2.4-1 (medium)
 	NOTE: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
@@ -1150,16 +1210,16 @@
 	RESERVED
 CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...)
 	TODO: check
-CVE-2009-0030
-	RESERVED
+CVE-2009-0030 (A certain Red Hat patch for SquirrelMail 1.4.8 sets the same
SQMSESSID ...)
+	TODO: check
 CVE-2009-0029 (The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc,
...)
 	TODO: check
 CVE-2009-0028
 	RESERVED
 CVE-2009-0027
 	RESERVED
-CVE-2009-0026
-	RESERVED
+CVE-2009-0026 (Multiple cross-site scripting (XSS) vulnerabilities in Apache
...)
+	TODO: check
 CVE-2009-0025 (BIND 9.4.3 and earlier does not properly check the return value
from ...)
 	{DSA-1703-1}
 	- bind9 <unfixed> (low; bug #511936)
@@ -1204,20 +1264,20 @@
 	RESERVED
 CVE-2009-0008
 	RESERVED
-CVE-2009-0007
-	RESERVED
-CVE-2009-0006
-	RESERVED
-CVE-2009-0005
-	RESERVED
-CVE-2009-0004
-	RESERVED
-CVE-2009-0003
-	RESERVED
-CVE-2009-0002
-	RESERVED
-CVE-2009-0001
-	RESERVED
+CVE-2009-0007 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows
remote ...)
+	TODO: check
+CVE-2009-0006 (Integer signedness error in Apple QuickTime before 7.6 allows
remote ...)
+	TODO: check
+CVE-2009-0005 (Unspecified vulnerability in Apple QuickTime before 7.6 allows
remote ...)
+	TODO: check
+CVE-2009-0004 (Buffer overflow in Apple QuickTime before 7.6 allows remote
attackers ...)
+	TODO: check
+CVE-2009-0003 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows
remote ...)
+	TODO: check
+CVE-2009-0002 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows
remote ...)
+	TODO: check
+CVE-2009-0001 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows
remote ...)
+	TODO: check
 CVE-2008-5622 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
 	- phpmyadmin 4:2.11.8.1-5
 CVE-2008-5621 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin
2.11.x ...)
@@ -2439,7 +2499,7 @@
 CVE-2008-5183 (cupsd in CUPS 1.3.9 and earlier allows local users, and possibly
...)
 	- cups <unfixed> (bug #506180)
 	[etch] - cupsys <not-affected> (RSS subscription code not yet present)
-CVE-2008-5297 (Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote DNS
...)
+CVE-2008-5297 (Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote
HTTP ...)
 	{DSA-1686-1}
 	- no-ip 2.1.7-11 (bug #506179)
 CVE-2008-5132 (SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT
...)
@@ -2560,7 +2620,7 @@
 	{DSA-1670-1}
 	- enscript 1.6.4-13 (bug #506261)
 CVE-2008-5077 (OpenSSL 0.9.8i and earlier does not properly check the return
value ...)
-	{DSA-1701-1}
+	{DSA-1701-1 DTSA-185-1}
 	- openssl 0.9.8g-15
 CVE-2008-5075 (Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0
(aka ...)
 	NOT-FOR-US: E-Uploader Pro
@@ -5420,12 +5480,12 @@
 	NOT-FOR-US: Interact
 CVE-2008-3867 (SQL injection vulnerability in spaces/emailuser.php in Interact
2.4.1 ...)
 	NOT-FOR-US: Interact
-CVE-2008-3866
-	RESERVED
-CVE-2008-3865
-	RESERVED
-CVE-2008-3864
-	RESERVED
+CVE-2008-3866 (The Trend Micro Personal Firewall service (aka TmPfw.exe) in
Trend ...)
+	TODO: check
+CVE-2008-3865 (Multiple heap-based buffer overflows in the ApiThread function
in the ...)
+	TODO: check
+CVE-2008-3864 (The ApiThread function in the firewall service (aka TmPfw.exe)
in ...)
+	TODO: check
 CVE-2008-3863 (Stack-based buffer overflow in the read_special_escape function
in ...)
 	{DSA-1670-1}
 	- enscript 1.6.4-13 (bug #506261)
Secure testing commits - Jan 2009 - r11022 - data/CVE

[Secure-testing-commits] r11022 - data/CVE
