Author: joeyh Date: 2009-04-07 21:14:16 +0000 (Tue, 07 Apr 2009) New Revision: 11575 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-04-07 14:54:17 UTC (rev 11574) +++ data/CVE/list 2009-04-07 21:14:16 UTC (rev 11575) @@ -1,3 +1,133 @@ +CVE-2009-1254 + RESERVED +CVE-2009-1253 + RESERVED +CVE-2009-1252 + RESERVED +CVE-2009-1251 + RESERVED +CVE-2009-1250 + RESERVED +CVE-2009-1249 (Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x ...) + TODO: check +CVE-2009-1248 (Multiple PHP remote file inclusion vulnerabilities in Acute Control ...) + TODO: check +CVE-2009-1247 (SQL injection vulnerability in login.php in Acute Control Panel 1.0.0 ...) + TODO: check +CVE-2009-1246 (Multiple directory traversal vulnerabilities in Blogplus 1.0 allow ...) + TODO: check +CVE-2009-1245 (Multiple SQL injection vulnerabilities in the insert_to_pastebin ...) + TODO: check +CVE-2009-1244 + RESERVED +CVE-2009-1243 (net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an ...) + TODO: check +CVE-2009-1242 (The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX ...) + TODO: check +CVE-2008-6656 (Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b ...) + TODO: check +CVE-2008-6655 (Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL ...) + TODO: check +CVE-2008-6654 (Cross-site scripting (XSS) vulnerability in search_results.php in ...) + TODO: check +CVE-2008-6653 (SQL injection vulnerability in webhosting.php in the Webhosting ...) + TODO: check +CVE-2008-6652 (SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote ...) + TODO: check +CVE-2008-6651 (Static code injection vulnerability in edithistory.php in OxYProject ...) + TODO: check +CVE-2008-6650 (del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary ...) + TODO: check +CVE-2008-6649 (SQL injection vulnerability in manager/image_details_editor.php in ...) + TODO: check +CVE-2008-6648 (SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 ...) + TODO: check +CVE-2008-6647 (SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 ...) + TODO: check +CVE-2008-6646 (Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix ...) + TODO: check +CVE-2008-6645 (Cross-site scripting (XSS) vulnerability in Opencosmo VisualSentinel ...) + TODO: check +CVE-2008-6644 (Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke ...) + TODO: check +CVE-2008-6643 (LokiCMS 0.3.4 and possibly earlier versions does not properly restrict ...) + TODO: check +CVE-2008-6642 (SQL injection vulnerability in view.php in DotContent FluentCMS 4.x ...) + TODO: check +CVE-2008-6641 (Multiple SQL injection vulnerabilities in Shader TV (Beta) allow ...) + TODO: check +CVE-2008-6640 (Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote ...) + TODO: check +CVE-2008-6639 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...) + TODO: check +CVE-2008-6638 (Insecure method vulnerability in the Versalsoft HTTP Image Uploader ...) + TODO: check +CVE-2008-6637 (Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in ...) + TODO: check +CVE-2008-6636 (SQL injection vulnerability in skins/default.php in Geody Labs Dagger ...) + TODO: check +CVE-2008-6635 (SQL injection vulnerability in skins/default.php in Geody Labs Dagger ...) + TODO: check +CVE-2008-6634 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote ...) + TODO: check +CVE-2008-6633 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote ...) + TODO: check +CVE-2008-6632 (SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 ...) + TODO: check +CVE-2008-6631 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) + TODO: check +CVE-2008-6630 (Directory traversal vulnerability in the wt_gallery extension 2.5.0 ...) + TODO: check +CVE-2008-6629 (Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN ...) + TODO: check +CVE-2008-6628 (SQL injection vulnerability in detail.php in WEBBDOMAIN Multi ...) + TODO: check +CVE-2008-6627 (SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, ...) + TODO: check +CVE-2008-6626 (SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and ...) + TODO: check +CVE-2008-6625 (SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka ...) + TODO: check +CVE-2008-6624 (SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02, ...) + TODO: check +CVE-2008-6623 (SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka ...) + TODO: check +CVE-2008-6622 (SQL injection vulnerability in choosecard.php in WEBBDOMAIN Post Card ...) + TODO: check +CVE-2008-6621 (Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote ...) + TODO: check +CVE-2008-6620 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check +CVE-2008-6619 (Unrestricted file upload vulnerability in class/ApplyDB.php in ...) + TODO: check +CVE-2008-6618 (Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote ...) + TODO: check +CVE-2008-6617 (Unrestricted file upload vulnerability in adm/visual/upload.php in ...) + TODO: check +CVE-2008-6616 (Cross-site scripting (XSS) vulnerability in index.php in Zen Software ...) + TODO: check +CVE-2008-6615 (SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 ...) + TODO: check +CVE-2008-6614 (Multiple SQL injection vulnerabilities in microcms-admin-login.php in ...) + TODO: check +CVE-2008-6613 (uploader.php in minimal-ablog 0.4 does not properly restrict access, ...) + TODO: check +CVE-2008-6612 (Unrestricted file upload vulnerability in admin/uploader.php in ...) + TODO: check +CVE-2008-6611 (SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows ...) + TODO: check +CVE-2008-6610 (Absolute path traversal vulnerability in phpcksec.php in Stefan Ott ...) + TODO: check +CVE-2008-6609 (Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott ...) + TODO: check +CVE-2008-6608 (Multiple SQL injection vulnerabilities in DevelopItEasy Events ...) + TODO: check +CVE-2008-6607 (Cross-site scripting (XSS) vulnerability in view.php in MatPo Link 1.2 ...) + TODO: check +CVE-2008-6606 (SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows ...) + TODO: check +CVE-2008-6605 (Cross-site request forgery (CSRF) vulnerability in the xslt script in ...) + TODO: check CVE-2009-1241 (Unspecified vulnerability in ClamAV before 0.95 allows remote ...) - clamav 0.95+dfsg-1 CVE-2009-1240 (Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 ...) @@ -75,7 +205,7 @@ NOT-FOR-US: Arcadwy Arcade Script CVE-2009-1228 (Cross-site scripting (XSS) vulnerability in register.php in Arcadwy ...) NOT-FOR-US: Arcadwy Arcade Script -CVE-2009-1227 (Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI ...) +CVE-2009-1227 (** DISPUTED ** ...) NOT-FOR-US: Check Point CVE-2009-1226 (core/admin/delete.php in Podcast Generator 1.1 and earlier does not ...) NOT-FOR-US: Podcast Generator @@ -322,10 +452,10 @@ - phpmyadmin 4:3.1.3.1-1 [etch] - phpmyadmin <not-affected> (Vulnerable code not present) [lenny] - phpmyadmin <not-affected> (Vulnerable code not present) -CVE-2009-1147 - RESERVED -CVE-2009-1146 - RESERVED +CVE-2009-1147 (Unspecified vulnerability in vmci.sys in the Virtual Machine ...) + TODO: check +CVE-2009-1146 (Unspecified vulnerability in an ioctl in hcmon.sys in VMware ...) + TODO: check CVE-2009-1145 RESERVED CVE-2009-1144 @@ -1042,12 +1172,12 @@ NOT-FOR-US: F5 BIG-IP CVE-2008-6473 (_blogadata/include/init_pass2.php in Blogator-script 0.95 allows ...) NOT-FOR-US: Blogator-script -CVE-2009-0910 - RESERVED -CVE-2009-0909 - RESERVED -CVE-2009-0908 - RESERVED +CVE-2009-0910 (Heap-based buffer overflow in the VNnc Codec in VMware Workstation ...) + TODO: check +CVE-2009-0909 (Heap-based buffer overflow in the VNnc Codec in VMware Workstation ...) + TODO: check +CVE-2009-0908 (Unspecified vulnerability in the ACE shared folders implementation in ...) + TODO: check CVE-2009-0907 RESERVED CVE-2009-0906 @@ -2716,8 +2846,8 @@ NOT-FOR-US: Adobe Flash Player CVE-2009-0519 (Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 ...) NOT-FOR-US: Adobe Flash Player -CVE-2009-0518 - RESERVED +CVE-2009-0518 (VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 ...) + TODO: check CVE-2009-0517 (Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and ...) NOT-FOR-US: phpSlash CVE-2009-0516 (SQL injection vulnerability in the classified page (classified.php) in ...) @@ -6317,7 +6447,7 @@ NOT-FOR-US: JSCAPE Secure FTP Applet CVE-2008-5123 (SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows ...) NOT-FOR-US: CCleague Pro -CVE-2008-5122 (SQL injection vulnerability in ContentRatingGraph.aspx in Ektron ...) +CVE-2008-5122 (SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in ...) NOT-FOR-US: Ektron CMS400.NET CVE-2008-5121 (dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 ...) NOT-FOR-US: Citrix Deterministic Network Enhancer @@ -6735,8 +6865,8 @@ [etch] - nagios2 <no-dsa> (CSRF can only cause DoS and needs admin''s browser) CVE-2008-4917 (Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and ...) NOT-FOR-US: VMware Workstation -CVE-2008-4916 - RESERVED +CVE-2008-4916 (Unspecified vulnerability in a guest virtual device driver in VMware ...) + TODO: check CVE-2008-4915 (The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and ...) NOT-FOR-US: VMware Workstation CVE-2008-4914 (Unspecified vulnerability in VMware ESXi 3.5 before ...) @@ -9527,7 +9657,7 @@ NOT-FOR-US: Turnkey PHP Live Helper CVE-2008-3762 (SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP ...) NOT-FOR-US: Turnkey PHP Live Helper -CVE-2008-3761 (hcmon.sys in VMware Workstation 6.0.0.45731 uses the METHOD_NEITHER ...) +CVE-2008-3761 (hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 ...) NOT-FOR-US: VMware Workstation NOTE: we only share a package to build VMware CVE-2008-3760 (Cross-site request forgery (CSRF) vulnerability in the sign-out page ...) @@ -9552,7 +9682,7 @@ NOT-FOR-US: YourFreeWorld CVE-2008-3750 (SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator ...) NOT-FOR-US: YourFreeWorld -CVE-2008-3749 (SQL injection vulnerability in tr.php in Banner Management Script ...) +CVE-2008-3749 (SQL injection vulnerability in tr.php in YourFreeWorld Banner ...) NOT-FOR-US: Banner Management Script CVE-2008-3748 (SQL injection vulnerability in view_group.php in Active PHP Bookmarks ...) NOT-FOR-US: Active PHP Bookmarks