thr3ads.net - Secure testing commits - [Secure-testing-commits] r11383

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2009-Mar-12 21:14 UTC
[Secure-testing-commits] r11383 - data/CVE

Author: joeyh
Date: 2009-03-12 21:14:12 +0000 (Thu, 12 Mar 2009)
New Revision: 11383

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-03-12 17:15:23 UTC (rev 11382)
+++ data/CVE/list	2009-03-12 21:14:12 UTC (rev 11383)
@@ -1,4 +1,144 @@
-CVE-2009-0854 [dash: runs login scripts from the current directory]
+CVE-2009-0873 (The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris
before ...)
+	TODO: check
+CVE-2009-0872 (The NFS server in Sun Solaris 10, and OpenSolaris before
snv_111, does ...)
+	TODO: check
+CVE-2009-0871 (The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23,
and ...)
+	TODO: check
+CVE-2009-0870 (The NFSv4 Server module in the kernel in Sun Solaris 10, and
...)
+	TODO: check
+CVE-2009-0869 (Buffer overflow in the client in IBM Tivoli Storage Manager
(TSM) HSM ...)
+	TODO: check
+CVE-2009-0868 (CRLF injection vulnerability in the WebLink template in Fujitsu
...)
+	TODO: check
+CVE-2009-0867 (The HRM-S service in Fujitsu Enhanced Support Facility 3.0 and
3.0.1 ...)
+	TODO: check
+CVE-2009-0866 (pHNews Alpha 1 stores sensitive information under the web root
with ...)
+	TODO: check
+CVE-2009-0865 (Directory traversal vulnerability in the SnapShotToFile method
in the ...)
+	TODO: check
+CVE-2009-0864 (S-Cms 1.1 Stable allows remote attackers to bypass
authentication and ...)
+	TODO: check
+CVE-2009-0863 (SQL injection vulnerability in admin/delete_page.php in S-Cms
1.1 ...)
+	TODO: check
+CVE-2009-0862 (Cross-site scripting (XSS) vulnerability in the ...)
+	TODO: check
+CVE-2009-0861 (Cross-site scripting (XSS) vulnerability in phpDenora before
1.2.3 ...)
+	TODO: check
+CVE-2009-0860 (Cross-site scripting (XSS) vulnerability in the web user
interface in ...)
+	TODO: check
+CVE-2009-0859 (The shm_get_stat function in ipc/shm.c in the shm subsystem in
the ...)
+	TODO: check
+CVE-2009-0858 (The response_addname function in response.c in Daniel J.
Bernstein ...)
+	TODO: check
+CVE-2009-0857 (Cross-site scripting (XSS) vulnerability in /prm/reports in the
...)
+	TODO: check
+CVE-2009-0856 (Multiple cross-site scripting (XSS) vulnerabilities in sample
...)
+	TODO: check
+CVE-2009-0855 (Cross-site scripting (XSS) vulnerability in the administrative
console ...)
+	TODO: check
+CVE-2009-0853 (login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled,
allows ...)
+	TODO: check
+CVE-2009-0852 (showme.php in CelerBB 0.0.2 allows remote attackers to obtain
...)
+	TODO: check
+CVE-2009-0851 (Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when
...)
+	TODO: check
+CVE-2009-0850 (Cross-site scripting (XSS) vulnerability in BitDefender Internet
...)
+	TODO: check
+CVE-2009-0849 (Stack-based buffer overflow in the DtbClsLogin function in
NovaStor ...)
+	TODO: check
+CVE-2009-0848 (Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and
11.1 ...)
+	TODO: check
+CVE-2009-0847
+	RESERVED
+CVE-2009-0846
+	RESERVED
+CVE-2009-0845
+	RESERVED
+CVE-2009-0844
+	RESERVED
+CVE-2009-0843
+	RESERVED
+CVE-2009-0842
+	RESERVED
+CVE-2009-0841
+	RESERVED
+CVE-2009-0840
+	RESERVED
+CVE-2009-0839
+	RESERVED
+CVE-2009-0838 (The crypto pseudo device driver in Sun Solaris 10, and
OpenSolaris ...)
+	TODO: check
+CVE-2009-0837 (Stack-based buffer overflow in Foxit Reader 3.0 before Build
1506, ...)
+	TODO: check
+CVE-2009-0836 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506,
...)
+	TODO: check
+CVE-2008-6450 (Cross-site scripting (XSS) vulnerability in Under Construction,
Baby ...)
+	TODO: check
+CVE-2008-6449 (Cross-site request forgery (CSRF) vulnerability in multiple
Century ...)
+	TODO: check
+CVE-2008-6448 (Cross-site scripting (XSS) vulnerability in install.cgi in
SKYARC ...)
+	TODO: check
+CVE-2008-6447 (Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft
EasyMail ...)
+	TODO: check
+CVE-2008-6446 (Static code injection vulnerability in the Guestbook component
in CMS ...)
+	TODO: check
+CVE-2008-6445 (Unspecified vulnerability in YourPlace before 1.0.1 has unknown
impact ...)
+	TODO: check
+CVE-2008-6444 (Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM
might ...)
+	TODO: check
+CVE-2008-6443 (SQL injection vulnerability in forum_duzen.php in phpKF allows
remote ...)
+	TODO: check
+CVE-2008-6442 (Insecure method vulnerability in Sina Inc. DLoader Class ActiveX
...)
+	TODO: check
+CVE-2008-6441 (Format string vulnerability in the Epic Games Unreal engine
client, as ...)
+	TODO: check
+CVE-2008-6440 (Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers
to ...)
+	TODO: check
+CVE-2008-6439 (Cross-site scripting (XSS) vulnerability in search_results.php
in ...)
+	TODO: check
+CVE-2008-6438 (SQL injection vulnerability in macgurublog_menu/macgurublog.php
in the ...)
+	TODO: check
+CVE-2008-6437 (Multiple cross-site scripting (XSS) vulnerabilities in
PHPFreeForum ...)
+	TODO: check
+CVE-2008-6436 (Cross-site scripting (XSS) vulnerability in the Web Server in
Xerox ...)
+	TODO: check
+CVE-2008-6435 (Multiple cross-site scripting (XSS) vulnerabilities in
phpSQLiteCMS 1 ...)
+	TODO: check
+CVE-2008-6434 (SQL injection vulnerability in index.cfm in Blue River
Interactive ...)
+	TODO: check
+CVE-2008-6433 (Cross-site scripting (XSS) vulnerability in index.cfm in Blue
River ...)
+	TODO: check
+CVE-2008-6431 (Multiple cross-site scripting (XSS) vulnerabilities in BMForum
5.6 ...)
+	TODO: check
+CVE-2008-6430 (SQL injection vulnerability in the MyContent (com_mycontent)
component ...)
+	TODO: check
+CVE-2008-6429 (SQL injection vulnerability in the PrayerCenter
(com_prayercenter) ...)
+	TODO: check
+CVE-2008-6428 (The CGI framework in Kaya 0.4.0 allows remote attackers to
inject ...)
+	TODO: check
+CVE-2008-6427 (SQL injection vulnerability in index.php in Hivemaker
Professional ...)
+	TODO: check
+CVE-2008-6425 (SQL injection vulnerability in news.php in ComicShout 2.8 allows
...)
+	TODO: check
+CVE-2008-6424 (Directory traversal vulnerability in FFFTP 1.96b allows remote
FTP ...)
+	TODO: check
+CVE-2008-6423 (Directory traversal vulnerability in passwiki.php in PassWiki
0.9.16 ...)
+	TODO: check
+CVE-2008-6422 (Multiple SQL injection vulnerabilities in PsychoStats 2.3,
2.3.1, and ...)
+	TODO: check
+CVE-2008-6421 (PHP remote file inclusion vulnerability in social_game_play.php
in ...)
+	TODO: check
+CVE-2008-6420 (Social Site Generator (SSG) 2.0 allows remote attackers to read
...)
+	TODO: check
+CVE-2008-6419 (Multiple SQL injection vulnerabilities in Social Site Generator
(SSG) ...)
+	TODO: check
+CVE-2008-6418 (SQL injection vulnerability in scrape.php in TorrentTrader
before ...)
+	TODO: check
+CVE-2008-6417 (Unspecified vulnerability in GreenSQL-Console before 0.3.5
allows ...)
+	TODO: check
+CVE-2008-6416 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2009-0854 (Untrusted search path vulnerability in dash 0.5.4, when used as
a ...)
 	- dash <not-affected> (Debian uses upstream''s patch to
implement -l)
 CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the
seccomp ...)
 	TODO: check
@@ -20,8 +160,8 @@
 	NOT-FOR-US: PollHelper
 CVE-2009-0826 (BlogHelper stores common_db.inc under the web root with
insufficient ...)
 	NOT-FOR-US: BlogHelper
-CVE-2009-0825
-	RESERVED
+CVE-2009-0825 (SQL injection vulnerability in system/rss.php in TinX/cms 3.x
before ...)
+	TODO: check
 CVE-2009-0824
 	RESERVED
 CVE-2009-0823
@@ -66,7 +206,7 @@
 	TODO: check
 CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before
1.2.11 ...)
 	NOT-FOR-US: phpScheduleIt
-CVE-2009-0819 (sql/item_xmlfunc.cc in MySQL before 5.1.32 allows remote
authenticated ...)
+CVE-2009-0819 (sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before
6.0.10 ...)
 	- mysql-dfsg-5.0 <not-affected> (Vulnerable code introduced in 5.1.5)
 	- mysql-dfsg-5.1 5.1.32-1
 CVE-2009-0818 (Cross-site scripting (XSS) vulnerability in the ...)
@@ -148,8 +288,7 @@
 	RESERVED
 CVE-2009-0782
 	RESERVED
-CVE-2009-0781 [tomcat XSS in examples]
-	RESERVED
+CVE-2009-0781 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in
the ...)
 	- tomcat5.5 <unfixed> (unimportant)
 	- tomcat6 <unfixed> (unimportant)
 	NOTE: Just examples on how to use Tomcat, not for production
@@ -535,10 +674,10 @@
 	RESERVED
 CVE-2009-0714
 	RESERVED
-CVE-2009-0713
-	RESERVED
-CVE-2009-0712
-	RESERVED
+CVE-2009-0713 (Unspecified vulnerability in WMI Mapper for HP Systems Insight
Manager ...)
+	TODO: check
+CVE-2009-0712 (Unspecified vulnerability in WMI Mapper for HP Systems Insight
Manager ...)
+	TODO: check
 CVE-2009-0711 (filter.php in PHPFootball 1.6 and earlier allows remote
attackers to ...)
 	NOT-FOR-US: PHPFootball
 CVE-2009-0710 (Multiple cross-site scripting (XSS) vulnerabilities in
PHPFootball 1.6 ...)
@@ -648,9 +787,9 @@
 	RESERVED
 CVE-2009-0661
 	RESERVED
-CVE-2009-0660
-	RESERVED
+CVE-2009-0660 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara
1.0 ...)
 	{DSA-1736-1}
+	TODO: check
 CVE-2009-0659 (Stack-based buffer overflow in the GetStatsFromLine function in
TPTEST ...)
 	NOT-FOR-US: TPTEST
 CVE-2009-0658 (Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0
and ...)
@@ -1225,8 +1364,8 @@
 	RESERVED
 CVE-2009-0538
 	RESERVED
-CVE-2009-0537
-	RESERVED
+CVE-2009-0537 (Integer overflow in the fts_build function in fts.c in libc in
(1) ...)
+	TODO: check
 CVE-2009-0536 (at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and
6.1.0 ...)
 	NOT-FOR-US: IBM AIX
 CVE-2009-0535 (Directory traversal vulnerability in export.php in Thyme 1.3 and
...)
@@ -2431,10 +2570,10 @@
 	RESERVED
 CVE-2009-0235
 	RESERVED
-CVE-2009-0234
-	RESERVED
-CVE-2009-0233
-	RESERVED
+CVE-2009-0234 (The DNS Resolver Cache Service (aka DNSCache) in Windows DNS
Server in ...)
+	TODO: check
+CVE-2009-0233 (The DNS Resolver Cache Service (aka DNSCache) in Windows DNS
Server in ...)
+	TODO: check
 CVE-2009-0232
 	RESERVED
 CVE-2009-0231
@@ -2517,8 +2656,8 @@
 	RESERVED
 CVE-2009-0192
 	RESERVED
-CVE-2009-0191
-	RESERVED
+CVE-2009-0191 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506,
...)
+	TODO: check
 CVE-2009-0190
 	RESERVED
 CVE-2009-0189
@@ -2822,10 +2961,10 @@
 	NOT-FOR-US: Microsoft
 CVE-2009-0095 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not
...)
 	NOT-FOR-US: Microsoft
-CVE-2009-0094
-	RESERVED
-CVE-2009-0093
-	RESERVED
+CVE-2009-0094 (The WINS server in Microsoft Windows 2000 SP4 and Server 2003
SP1 and ...)
+	TODO: check
+CVE-2009-0093 (Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003
SP1 and ...)
+	TODO: check
 CVE-2009-0092
 	RESERVED
 CVE-2009-0091
@@ -2840,16 +2979,16 @@
 	RESERVED
 CVE-2009-0086
 	RESERVED
-CVE-2009-0085
-	RESERVED
+CVE-2009-0085 (The Secure Channel (aka SChannel) authentication component in
...)
+	TODO: check
 CVE-2009-0084
 	RESERVED
-CVE-2009-0083
-	RESERVED
-CVE-2009-0082
-	RESERVED
-CVE-2009-0081
-	RESERVED
+CVE-2009-0083 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and
Server ...)
+	TODO: check
+CVE-2009-0082 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 ...)
+	TODO: check
+CVE-2009-0081 (The graphics device interface (GDI) implementation in the kernel
in ...)
+	TODO: check
 CVE-2009-0080
 	RESERVED
 CVE-2009-0079
@@ -3592,8 +3731,8 @@
 CVE-2009-0028 (The clone system call in the Linux kernel 2.6.28 and earlier
allows ...)
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <unfixed>
-CVE-2009-0027
-	RESERVED
+CVE-2009-0027 (The request handler in JBossWS in JBoss Enterprise Application
...)
+	TODO: check
 CVE-2009-0026 (Multiple cross-site scripting (XSS) vulnerabilities in Apache
...)
 	NOT-FOR-US: Apache Jackrabbit
 CVE-2009-0025 (BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly
check ...)
@@ -6192,8 +6331,8 @@
 	RESERVED
 CVE-2008-4564
 	RESERVED
-CVE-2008-4563
-	RESERVED
+CVE-2008-4563 (Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by
the ...)
+	TODO: check
 CVE-2008-4562 (Buffer overflow in the ovlaunch CGI program in HP OpenView
Network ...)
 	NOT-FOR-US: HP OpenView Network Node Manager
 CVE-2008-4561
@@ -9066,8 +9205,7 @@
 	{DSA-1641-1}
 	- phpmyadmin 4:2.11.8~rc1-1 (low)
 	NOTE: exploitation circumstances are rare or require other vulnerabilities to
be present already. may fix combined with another issue but doesn''t
warrant DSA on its own
-CVE-2008-3547 [openttd remote buffer overflow]
-	RESERVED
+CVE-2008-3547 (Buffer overflow in the server in OpenTTD 0.6.1 and earlier
allows ...)
 	- openttd 0.6.2-1 (medium; bug #493714)
 CVE-2008-3421 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
 	NOT-FOR-US: Blackboard Academic Suite
Secure testing commits - Mar 2009 - r11383 - data/CVE

[Secure-testing-commits] r11383 - data/CVE
