joeyh at alioth.debian.org
2009-Mar-03 21:14 UTC
[Secure-testing-commits] r11320 - data/CVE
Author: joeyh Date: 2009-03-03 21:14:11 +0000 (Tue, 03 Mar 2009) New Revision: 11320 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-03-03 20:53:20 UTC (rev 11319) +++ data/CVE/list 2009-03-03 21:14:11 UTC (rev 11320) @@ -1,3 +1,101 @@ +CVE-2009-0752 (Unspecified vulnerability in Movable Type Pro and Community Solution ...) + TODO: check +CVE-2009-0751 (Yaws before 1.80 allows remote attackers to cause a denial of service ...) + TODO: check +CVE-2009-0750 (SQL injection vulnerability in login.php in the smNews example script ...) + TODO: check +CVE-2008-6392 (SQL injection vulnerability in showads.php in Z1Exchange allows remote ...) + TODO: check +CVE-2008-6391 (SQL injection vulnerability in main.asp in Jbook allows remote ...) + TODO: check +CVE-2008-6390 (SQL injection vulnerability in login.asp in Ocean12 Membership Manager ...) + TODO: check +CVE-2008-6389 (SQL injection vulnerability in asadmin/default.asp in Rae Media ...) + TODO: check +CVE-2008-6388 (Rapid Classified 3.1 and 3.15 stores sensitive information under the ...) + TODO: check +CVE-2008-6387 (Quick Tree View .NET 3.1 stores sensitive information under the web ...) + TODO: check +CVE-2008-6386 (Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange ...) + TODO: check +CVE-2008-6385 (Cross-site scripting (XSS) vulnerability in index.php in W3matter ...) + TODO: check +CVE-2008-6384 (Multiple cross-site request forgery (CSRF) vulnerabilities in Comment ...) + TODO: check +CVE-2008-6383 (SQL injection vulnerability in SpeedTech Organization and Resource ...) + TODO: check +CVE-2008-6382 (ASP Portal 3.2.5 stores sensitive information under the web root with ...) + TODO: check +CVE-2008-6381 (SQL injection vulnerability in modules/adresses/viewcat.php in bcoos ...) + TODO: check +CVE-2008-6380 (SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 ...) + TODO: check +CVE-2008-6379 (SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows ...) + TODO: check +CVE-2008-6378 (SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx ...) + TODO: check +CVE-2008-6377 (PHP remote file inclusion vulnerability in include/global.php in Multi ...) + TODO: check +CVE-2008-6376 (SQL injection vulnerability in main.asp in Jbook allows remote ...) + TODO: check +CVE-2008-6375 (JBook stores sensitive information under the web root with ...) + TODO: check +CVE-2008-6374 (CodefixerSoftware MailingListPro Free Edition stores sensitive ...) + TODO: check +CVE-2008-6373 (Unspecified vulnerability in Nagios before 3.0.6 has unspecified ...) + TODO: check +CVE-2008-6372 (SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro ...) + TODO: check +CVE-2008-6371 (SQL injection vulnerability in login.asp in Ocean12 Membership Manager ...) + TODO: check +CVE-2008-6370 (Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 ...) + TODO: check +CVE-2008-6369 (SQL injection vulnerability in default.asp in Ocean12 Contact Manager ...) + TODO: check +CVE-2008-6368 (SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m ...) + TODO: check +CVE-2008-6367 (Unrestricted file upload vulnerability in Photos/create_album.php in ...) + TODO: check +CVE-2008-6366 (SQL injection vulnerability in logon.jsp in Ad Server Solutions ...) + TODO: check +CVE-2008-6365 (SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad ...) + TODO: check +CVE-2008-6364 (SQL injection vulnerability in logon_process.jsp in Ad Server ...) + TODO: check +CVE-2008-6363 (Stack-based buffer overflow in DesignWorks Professional 4.3.1 and ...) + TODO: check +CVE-2008-6362 (SQL injection vulnerability in sitepage.php in Multiple Membership ...) + TODO: check +CVE-2008-6361 (Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 ...) + TODO: check +CVE-2008-6360 (Cross-site scripting (XSS) vulnerability in the userranks feature in ...) + TODO: check +CVE-2008-6359 (Cross-site scripting (XSS) vulnerability in index.php in Max''s ...) + TODO: check +CVE-2008-6358 (SQL injection vulnerability in group_index.php in Social Groupie ...) + TODO: check +CVE-2008-6357 (MyCal Personal Events Calendar stores sensitive information under the ...) + TODO: check +CVE-2008-6356 (evCal Events Calendar stores sensitive information under the web root ...) + TODO: check +CVE-2008-6355 (The Net Guys ASPired2Protect stores sensitive information under the ...) + TODO: check +CVE-2008-6354 (The Net Guys ASPired2poll stores sensitive information under the web ...) + TODO: check +CVE-2008-6353 (SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote ...) + TODO: check +CVE-2008-6352 (SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows ...) + TODO: check +CVE-2008-6351 (Cross-site scripting (XSS) vulnerability in listtest.php in ...) + TODO: check +CVE-2008-6350 (SQL injection vulnerability in listtest.php in TurnkeyForms Local ...) + TODO: check +CVE-2008-6349 (SQL injection vulnerability in survey_results_text.php in TurnkeyForms ...) + TODO: check +CVE-2008-6348 (Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery ...) + TODO: check +CVE-2008-6347 (PHP remote file inclusion vulnerability in lib/onguma.class.php in the ...) + TODO: check CVE-2009-0748 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...) - linux-2.6 <unfixed> (low) [etch] - linux-2.6 <not-affected> (ext4 not yet present) @@ -148,7 +246,7 @@ [lenny] - dkim-milter 2.6.0.dfsg-1+lenny1 NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2508602&group_id=139420&atid=744358 NOTE: CVE id requested -CVE-2009-0749 [optipng array overflow] +CVE-2009-0749 (Use-after-free vulnerability in the GIFReadNextExtension function in ...) - optipng 0.6.2.1-1 (low) NOTE: http://secunia.com/advisories/34035/ CVE-2009-0741 (SQL injection vulnerability in Login.asp in Craft Silicon Banking at Home ...) @@ -1570,8 +1668,7 @@ NOTE: https://bugs.gentoo.org/show_bug.cgi?id=253493 NOTE: CVE id requested [lenny] - audacity 1.3.5-2+lenny1 -CVE-2009-0368 [opensc information leak] - RESERVED +CVE-2009-0368 (OpenSC before 0.11.7 allows physically proximate attackers to bypass ...) - opensc <unfixed> NOTE: Unclear yet which versions are affected, asked maintainer CVE-2009-0367 [wesnoth python sandbox escape]