joeyh at alioth.debian.org
2009-Feb-05 21:14 UTC
[Secure-testing-commits] r11155 - data/CVE
Author: joeyh Date: 2009-02-05 21:14:14 +0000 (Thu, 05 Feb 2009) New Revision: 11155 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-02-05 19:40:57 UTC (rev 11154) +++ data/CVE/list 2009-02-05 21:14:14 UTC (rev 11155) @@ -1,3 +1,75 @@ +CVE-2009-0431 (SQL injection vulnerability in Default.asp in LinksPro Standard ...) + TODO: check +CVE-2009-0430 (Multiple cross-site scripting (XSS) vulnerabilities in Active Bids ...) + TODO: check +CVE-2009-0429 (Multiple SQL injection vulnerabilities in Active Bids allow remote ...) + TODO: check +CVE-2009-0428 (SQL injection vulnerability in ...) + TODO: check +CVE-2009-0427 (SQL injection vulnerability in ...) + TODO: check +CVE-2009-0426 (SQL injection vulnerability in ...) + TODO: check +CVE-2009-0425 (SQL injection vulnerability in index.php in Blue Eye CMS 1.0.0 and ...) + TODO: check +CVE-2009-0424 (Cross-site scripting (XSS) vulnerability in sign1.php in AN Guestbook ...) + TODO: check +CVE-2009-0423 (Directory traversal vulnerability in index.php in Php Photo Album ...) + TODO: check +CVE-2009-0422 (Dynamic variable evaluation vulnerability in lists/admin.php in ...) + TODO: check +CVE-2009-0421 (SQL injection vulnerability in the Eventing (com_eventing) 1.6.x ...) + TODO: check +CVE-2009-0420 (SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable ...) + TODO: check +CVE-2009-0419 (Microsoft XML Core Services, as used in Microsoft Expression Web, ...) + TODO: check +CVE-2009-0418 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX ...) + TODO: check +CVE-2008-6067 (SQL injection vulnerability in search_results.php in E-Shop Shopping ...) + TODO: check +CVE-2008-6066 (Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 ...) + TODO: check +CVE-2008-6065 (Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE ...) + TODO: check +CVE-2008-6064 (Multiple SQL injection vulnerabilities in DomPHP 0.81 allow remote ...) + TODO: check +CVE-2008-6063 (Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places ...) + TODO: check +CVE-2008-6062 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...) + TODO: check +CVE-2008-6061 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...) + TODO: check +CVE-2008-6060 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...) + TODO: check +CVE-2008-6059 (xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not ...) + TODO: check +CVE-2008-6058 (Syslserve 1.058 and earlier, and probably 1.059, allows remote ...) + TODO: check +CVE-2008-6057 (Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under ...) + TODO: check +CVE-2008-6056 (Multiple cross-site scripting (XSS) vulnerabilities in World Recipe ...) + TODO: check +CVE-2008-6055 (PreProjects Pre Classified Listings stores pclasp.mdb under the web ...) + TODO: check +CVE-2008-6054 (PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under ...) + TODO: check +CVE-2008-6053 (PreProjects Pre Resume Submitter stores onlineresume.mdb under the web ...) + TODO: check +CVE-2008-6052 (PreProjects Pre E-Learning Portal stores db_elearning.mdb under the ...) + TODO: check +CVE-2008-6051 (MetaCart Free stores metacart.mdb under the web root with insufficient ...) + TODO: check +CVE-2008-6050 (SQL injection vulnerability in the Tech Articles (com_tech_article) ...) + TODO: check +CVE-2008-6049 (SQL injection vulnerability in index.php in TinyMCE 2.0.1 allows ...) + TODO: check +CVE-2008-6048 (Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS ...) + TODO: check +CVE-2008-6047 (Cross-site scripting (XSS) vulnerability in ADbNewsSender before 1.5.2 ...) + TODO: check +CVE-2008-6046 (SQL injection vulnerability in ADbNewsSender before 1.5.2 allows ...) + TODO: check CVE-2009-0417 RESERVED CVE-2009-0416 (The SSL certificate setup program (genSslCert.sh) in Standards Based ...) @@ -61,8 +133,8 @@ NOT-FOR-US: Enomaly Elastic Computing Platform CVE-2009-0389 (Multiple insecure method vulnerabilities in the Web On Windows (WOW) ...) NOT-FOR-US: ActiveX -CVE-2009-0388 - RESERVED +CVE-2009-0388 (Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and ...) + TODO: check CVE-2009-0387 (Array index error in the qtdemux_parse_samples function in ...) - gst-plugins-good0.10 0.10.8-4.1 (bug #514177) [lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1 @@ -228,47 +300,40 @@ RESERVED CVE-2009-0359 RESERVED -CVE-2009-0358 [Mozilla: Directives to not cache pages ignored] - RESERVED +CVE-2009-0358 (Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) ...) - iceweasel 3.0 [etch] - iceweasel <not-affected> (Only affects Firefox 3.x) NOTE: Iceweasel in Lenny links against Xulrunner - xulrunner 1.9.0.5-1 [etch] - xulrunner <not-affected> (Only affects Xulrunner 1.9) -CVE-2009-0357 [Mozilla: XMLHttpRequest allows reading HTTPOnly cookies] - RESERVED +CVE-2009-0357 (Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not ...) - iceweasel 3.0 NOTE: Iceweasel in Lenny links against Xulrunner - xulrunner 1.9.0.5-1 - iceape 1.1.14-1.1 NOTE: Iceape in Lenny only provides XPCOM libs -CVE-2009-0356 [Mozilla: Information stealing via local shortcut files] - RESERVED +CVE-2009-0356 (Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the ...) - iceweasel 3.0 NOTE: Iceweasel in Lenny links against Xulrunner - xulrunner 1.9.0.5-1 - iceape 1.1.14-1.1 NOTE: Iceape in Lenny only provides XPCOM libs -CVE-2009-0355 [Firefox: Local file stealing with SessionStore] - RESERVED +CVE-2009-0355 (components/sessionstore/src/nsSessionStore.js in Mozilla Firefox ...) - iceweasel 3.0.6-1 -CVE-2009-0354 - RESERVED +CVE-2009-0354 (Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x ...) - iceweasel 3.0 [etch] - iceweasel <not-affected> (Only affects Firefox 3.x) NOTE: Iceweasel in Lenny links against Xulrunner - xulrunner 1.9.0.5-1 [etch] - xulrunner <not-affected> (Only affects Xulrunner 1.9) -CVE-2009-0353 [Mozilla: Layout engine crashes with evidence of memory corruption] - RESERVED +CVE-2009-0353 (Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, ...) - iceweasel 3.0 NOTE: Iceweasel in Lenny links against Xulrunner - xulrunner 1.9.0.5-1 - iceape 1.1.14-1.1 NOTE: Iceape in Lenny only provides XPCOM libs - icedove <unfixed> -CVE-2009-0352 [Mozilla: Javascript engine crashes with evidence of memory corruption] - RESERVED +CVE-2009-0352 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...) - iceweasel 3.0 NOTE: Iceweasel in Lenny links against Xulrunner - xulrunner 1.9.0.5-1 @@ -1204,16 +1269,16 @@ RESERVED CVE-2009-0063 RESERVED -CVE-2009-0062 - RESERVED -CVE-2009-0061 - RESERVED +CVE-2009-0062 (Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), ...) + TODO: check +CVE-2009-0061 (Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC ...) + TODO: check CVE-2009-0060 RESERVED -CVE-2009-0059 - RESERVED -CVE-2009-0058 - RESERVED +CVE-2009-0059 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless ...) + TODO: check +CVE-2009-0058 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless ...) + TODO: check CVE-2009-0057 (The Certificate Authority Proxy Function (CAPF) service in Cisco ...) NOT-FOR-US: Cisco CVE-2009-0056 (Cross-site request forgery (CSRF) vulnerability in the administration ...) @@ -4754,8 +4819,8 @@ NOT-FOR-US: MetaGauge CVE-2008-4420 RESERVED -CVE-2008-4419 - RESERVED +CVE-2008-4419 (Directory traversal vulnerability in the HP JetDirect web ...) + TODO: check CVE-2008-4418 (Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and ...) NOT-FOR-US: HP-UX CVE-2008-4417 @@ -5897,7 +5962,7 @@ NOT-FOR-US: Adobe Illustrator CVE-2008-3960 (Unspecified vulnerability in the JDBC Applet Server Service (aka ...) NOT-FOR-US: IBM DB2 UDB -CVE-2008-3959 (IBM DB2 UDB 8.1 before FixPak 16, and 8.2 before FixPak 9, allows ...) +CVE-2008-3959 (IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before ...) NOT-FOR-US: IBM DB2 UDB CVE-2008-3958 (IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a ...) NOT-FOR-US: IBM DB2 UDB