thr3ads.net - Secure testing commits - [Secure-testing-commits] r11759

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2009-May-01 17:23 UTC
[Secure-testing-commits] r11759 - data/CVE

Author: jmm-guest
Date: 2009-05-01 17:23:52 +0000 (Fri, 01 May 2009)
New Revision: 11759

Modified:
   data/CVE/list
Log:
- bugnums
- new twiki issue
- NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-05-01 15:36:46 UTC (rev 11758)
+++ data/CVE/list	2009-05-01 17:23:52 UTC (rev 11759)
@@ -5,43 +5,43 @@
 CVE-2009-XXXX [Quagga bgpd crash related to 4-byte AS numbers]
 	- quagga <unfixed> (high; bug #526270)
 CVE-2009-1489 (includes/user.php in Fungamez RC1 allows remote attackers to
bypass ...)
-	TODO: check
+	NOT-FOR-US: Fungamez
 CVE-2009-1488 (Directory traversal vulnerability in admin/load.php in FunGamez
RC1 ...)
-	TODO: check
+	NOT-FOR-US: Fungamez
 CVE-2009-1487 (SQL injection vulnerability in pages/login.php in FunGamez RC1
allows ...)
-	TODO: check
+	NOT-FOR-US: Fungamez
 CVE-2009-1486 (Directory traversal vulnerability in pmscript.php in Flatchat
3.0 ...)
-	TODO: check
+	NOT-FOR-US: Flatchat
 CVE-2009-1485 (The logging feature in eMule Plus before 1.2e allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: eMule Plus
 CVE-2009-1484 (Cross-site scripting (XSS) vulnerability in the web mail
interface ...)
-	TODO: check
+	NOT-FOR-US: AXIGEN Mail Server
 CVE-2009-1483 (Unrestricted file upload vulnerability in upload-file.php in
Adam ...)
-	TODO: check
+	NOT-FOR-US: Adam Patterson Studio Lounge Address Book
 CVE-2009-1482 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	TODO: check
 CVE-2009-1481 (SQL injection vulnerability in action.asp in PuterJam''s
Blog (PJBlog3) ...)
-	TODO: check
+	NOT-FOR-US: PuterJam''s Blog
 CVE-2009-1480 (SQL injection vulnerability in index.php Pragyan CMS 2.6.4
allows ...)
-	TODO: check
+	NOT-FOR-US: Pragyan CMS
 CVE-2009-1479
 	RESERVED
 CVE-2009-1478 (Multiple unspecified vulnerabilities in the DTrace ioctl
handlers in ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2008-6774 (internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not
end ...)
-	TODO: check
+	NOT-FOR-US: YourPlace
 CVE-2008-6773 (Static code injection vulnerability in
user/internettoolbar/edit.php ...)
-	TODO: check
+	NOT-FOR-US: YourPlace
 CVE-2008-6772 (login/register_form.php in YourPlace 1.0.2 and earlier does not
check ...)
-	TODO: check
+	NOT-FOR-US: YourPlace
 CVE-2008-6771 (YourPlace 1.0.2 and earlier allows remote attackers to obtain
...)
-	TODO: check
+	NOT-FOR-US: YourPlace
 CVE-2008-6770 (YourPlace 1.0.2 and earlier stores sensitive information under
the web ...)
-	TODO: check
+	NOT-FOR-US: YourPlace
 CVE-2008-6769 (Unrestricted file upload vulnerability in upload.php in
YourPlace ...)
-	TODO: check
+	NOT-FOR-US: YourPlace
 CVE-2008-6768 (Unrestricted file upload vulnerability in
admin/editor/images.php in ...)
-	TODO: check
+	NOT-FOR-US: K&S Shopsoftware
 CVE-2009-1477
 	RESERVED
 CVE-2009-1476
@@ -71,55 +71,55 @@
 CVE-2009-1464
 	RESERVED
 CVE-2009-1463 (Static code injection vulnerability in razorCMS before 0.4
allows ...)
-	TODO: check
+	NOT-FOR-US: razorCMS
 CVE-2009-1462 (The Security Manager in razorCMS before 0.4 does not verify the
...)
-	TODO: check
+	NOT-FOR-US: razorCMS
 CVE-2009-1461 (Cross-site scripting (XSS) vulnerability in the Create New Page
form ...)
-	TODO: check
+	NOT-FOR-US: razorCMS
 CVE-2009-1460 (razorCMS before 0.4 uses weak permissions for (1) ...)
-	TODO: check
+	NOT-FOR-US: razorCMS
 CVE-2009-1459 (Cross-site request forgery (CSRF) vulnerability in razorCMS
before 0.4 ...)
-	TODO: check
+	NOT-FOR-US: razorCMS
 CVE-2009-1458 (Multiple cross-site scripting (XSS) vulnerabilities in
admin/index.php ...)
-	TODO: check
+	NOT-FOR-US: razorCMS
 CVE-2009-1457 (Cross-site scripting (XSS) vulnerability in player.php in Nuke
...)
-	TODO: check
+	NOT-FOR-US: Nuke Evolution Xtreme
 CVE-2009-1456 (Directory traversal vulnerability in admin.php in Malleo 1.2.3
allows ...)
-	TODO: check
+	NOT-FOR-US: Malleo
 CVE-2009-1455 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
-	TODO: check
+	NOT-FOR-US: WebCollab
 CVE-2009-1454 (Cross-site scripting (XSS) vulnerability in tasks.php in
WebCollab ...)
-	TODO: check
+	NOT-FOR-US: WebCollab
 CVE-2009-1453 (SQL injection vulnerability in class.eport.php in Tiny Blogr
1.0.0 ...)
-	TODO: check
+	NOT-FOR-US: Tiny Blogr
 CVE-2009-1452 (Multiple PHP remote file inclusion vulnerabilities in
theme/format.php ...)
-	TODO: check
+	NOT-FOR-US: SMA-DB 
 CVE-2009-1451 (Cross-site scripting (XSS) vulnerability in startpage.php in
SMA-DB ...)
-	TODO: check
+	NOT-FOR-US: SMA-DB 
 CVE-2009-1450 (PHP remote file inclusion vulnerability in format.php in SMA-DB
0.3.12 ...)
-	TODO: check
+	NOT-FOR-US: SMA-DB 
 CVE-2008-6767 (wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote
...)
 	TODO: check
 CVE-2008-6766 (cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
 CVE-2008-6765 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to
access ...)
-	TODO: check
+	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
 CVE-2008-6764 (Cross-site scripting (XSS) vulnerability in login.php in
Silentum ...)
-	TODO: check
+	NOT-FOR-US: Silentum LoginSys
 CVE-2008-6763 (login2.php in Silentum LoginSys 1.0.0 allows remote attackers to
...)
-	TODO: check
+	NOT-FOR-US: Silentum LoginSys
 CVE-2008-6762 (Open redirect vulnerability in wp-admin/upgrade.php in
WordPress, ...)
 	TODO: check
 CVE-2008-6761 (Static code injection vulnerability in admin/install.php in ...)
-	TODO: check
+	NOT-FOR-US: Flexcustomer
 CVE-2008-6760 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to
obtain ...)
-	TODO: check
+	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
 CVE-2008-6759 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to
obtain ...)
-	TODO: check
+	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
 CVE-2008-6758 (Cross-site request forgery (CSRF) vulnerability in cart_save.php
in ...)
-	TODO: check
+	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
 CVE-2008-6757 (Cross-site scripting (XSS) vulnerability in manuals_search.php
in ...)
-	TODO: check
+	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
 CVE-2009-1449 (Stack-based buffer overflow in PortableApps CoolPlayer Portable
(aka ...)
 	NOT-FOR-US: CoolPlayer
 CVE-2009-1448 (Cross-site scripting (XSS) vulnerability in apricot.php in
LovPop.net ...)
@@ -418,8 +418,10 @@
 	- libdbd-pg-perl 2.1.3-1
 CVE-2009-1340
 	RESERVED
-CVE-2009-1339
+CVE-2009-1339 [twiki: CSRF Vulnerability with Image Tag]
 	RESERVED
+        - twiki <unfixed> (bug #526258)
+        NOTE: We should probably request removal from unstable, replaced by
foswiki
 CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the Linux
...)
 	- linux-2.6 <unfixed>
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
@@ -6223,7 +6225,7 @@
 CVE-2008-5520 (AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet
Explorer ...)
 	NOT-FOR-US: AhnLab V3
 CVE-2008-5519 (The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache
Tomcat ...)
-	- tomcat5.5 <unfixed>
+	- tomcat5.5 <unfixed> (bug #523054)
 CVE-2008-5518 (Multiple directory traversal vulnerabilities in the web
administration ...)
 	- geronimo <itp> (bug #481869)
 CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.6 allows
remote ...)
@@ -8851,7 +8853,7 @@
 	NOT-FOR-US: MemHT Portal
 CVE-2008-4456 (Cross-site scripting (XSS) vulnerability in the command-line
client in ...)
 	{DSA-1783-1}
-	- mysql-dfsg-5.0 5.0.51-1 (low)
+	- mysql-dfsg-5.0 5.0.51-1 (low; bug #526254)
 CVE-2008-4455 (Directory traversal vulnerability in index.php in EKINdesigns
MySQL ...)
 	NOT-FOR-US: EKINdesigns MySQL Quick Admin
 CVE-2008-4454 (Directory traversal vulnerability in EKINdesigns MySQL Quick
Admin ...)
@@ -10098,6 +10100,7 @@
 	NOT-FOR-US: The Real Estate Script
 CVE-2008-3950 (Off-by-one error in the ...)
 	- webkit <not-affected> (Vulnerable code not present)
+        NOTE: bug #500306
 CVE-2008-3949 (Emacs 22.1 and 22.2 imports Python script from the current
working ...)
 	- emacs22 22.2+2-4 (low; bug #499568)
 	- emacs21 <not-affected> (doesn''t provide the python
functionality)
@@ -13828,7 +13831,7 @@
 CVE-2008-2421 (Cross-site scripting (XSS) vulnerability in the Web GUI in SAP
Web ...)
 	NOT-FOR-US: Web GUI in SAP Web Application Server (WAS)
 CVE-2008-2419 (Mozilla Firefox 2.0.0.14 allows remote attackers to cause a
denial of ...)
-	NOTE: Mozilla bug 435130, not reproducible by upstream
+	NOTE: Mozilla bug 435130, not reproducible by upstream, Debian bug #484484 
 CVE-2008-2418 (Race condition in the STREAMS Administrative Driver (sad) in Sun
...)
 	NOT-FOR-US: STREAMS Administrative Driver SUN
 CVE-2008-2417 (SQL injection vulnerability in showQAnswer.asp in How2ASP.net
Webboard ...)
@@ -16239,7 +16242,7 @@
 	NOTE: doesn''t apply to v3
 	NOTE: more a security enhancement
 CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a
base64 ...)
-	- plone3 <unfixed> (low; bug #473571)
+	- plone3 <unfixed> (low; bug #473571; bug #486333)
 	[lenny] - plone3 <no-dsa> (Only an issue if not following best
practices, see bug #473571)
 CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware
Player ...)
 	- vmware-package <unfixed> (low; bug #486177)
@@ -32120,7 +32123,7 @@
 	{DSA-1283-1 DTSA-39-1}
 	- php5 5.2.0-11 (medium)
 CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in
src/encode.c ...)
-	- sqlite 2.8.17-2.1 (unimportant; bug #441233)
+	- sqlite 2.8.17-2.1 (unimportant; bug #441233; bug #526328)
 	NOTE: this is really just an "unsafe" API, not really a security
issue against sqlite itself.
 	NOTE: SQLite 3 no longer contains the affected function.
 CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the
bundled ...)
Secure testing commits - May 2009 - r11759 - data/CVE

[Secure-testing-commits] r11759 - data/CVE
