Author: joeyh
Date: 2009-05-04 21:14:20 +0000 (Mon, 04 May 2009)
New Revision: 11785
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-05-04 20:58:31 UTC (rev 11784)
+++ data/CVE/list 2009-05-04 21:14:20 UTC (rev 11785)
@@ -1,3 +1,65 @@
+CVE-2009-1512 (Static code injection vulnerability in X-Forum 0.6.2 allows
remote ...)
+ TODO: check
+CVE-2009-1511 (GDI+ in Microsoft Windows XP SP3 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2009-1510 (Multiple directory traversal vulnerabilities in KoschtIT Image
Gallery ...)
+ TODO: check
+CVE-2009-1509 (SQL injection vulnerability in ajaxp_backend.php in MyioSoft
...)
+ TODO: check
+CVE-2009-1508 (SQL injection vulnerability in the xforum_validateUser function
in ...)
+ TODO: check
+CVE-2009-1507 (The Node Access User Reference module 5.x before 5.x-2.0-beta4
and 6.x ...)
+ TODO: check
+CVE-2009-1506 (SQL injection vulnerability in classes/Xp.php in eLitius 1.0
allows ...)
+ TODO: check
+CVE-2009-1505 (SQL injection vulnerability in News Page 5.x before 5.x-1.2
module, a ...)
+ TODO: check
+CVE-2009-1504 (Absolute Form Processor XE 1.5 allows remote attackers to bypass
...)
+ TODO: check
+CVE-2009-1503 (Multiple SQL injection vulnerabilities in login.php in Tiger
Document ...)
+ TODO: check
+CVE-2009-1502 (Directory traversal vulnerability in plugin.php in S-Cms 1.1
Stable ...)
+ TODO: check
+CVE-2009-1501 (Cross-site scripting (XSS) vulnerability in the Exif module
5.x-1.x ...)
+ TODO: check
+CVE-2009-1500 (SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta
allows ...)
+ TODO: check
+CVE-2009-1499 (SQL injection vulnerability in the MailTo (aka com_mailto)
component ...)
+ TODO: check
+CVE-2009-1498 (Directory traversal vulnerability in inc/profilemain.php in Game
Maker ...)
+ TODO: check
+CVE-2009-1497 (Stack-based buffer overflow in srt2smi.exe in Gretech Online
Movie ...)
+ TODO: check
+CVE-2009-1496 (Directory traversal vulnerability in the Cmi Marketplace ...)
+ TODO: check
+CVE-2009-1495 (Web File Explorer 3.1 stores sensitive information under the web
root ...)
+ TODO: check
+CVE-2008-6787 (SQL injection vulnerability in administrator/index.php in
Lizardware ...)
+ TODO: check
+CVE-2008-6786 (Multiple directory traversal vulnerabilities in geekigeeki.py in
...)
+ TODO: check
+CVE-2008-6785 (Unrestricted file upload vulnerability in Mini File Host 1.5
allows ...)
+ TODO: check
+CVE-2008-6784 (SQL injection vulnerability in directory.php in Scripts For
Sites ...)
+ TODO: check
+CVE-2008-6783 (SQL injection vulnerability in directory.php in Sites for
Scripts ...)
+ TODO: check
+CVE-2008-6782 (SQL injection vulnerability in directory.php in Sites for
Scripts ...)
+ TODO: check
+CVE-2008-6781 (SQL injection vulnerability in directory.php in Sites for
Scripts ...)
+ TODO: check
+CVE-2008-6780 (SQL injection vulnerability in directory.php in Scripts for
Sites ...)
+ TODO: check
+CVE-2008-6779 (SQL injection vulnerability in the Sarkilar module for PHP-Nuke
allows ...)
+ TODO: check
+CVE-2008-6778 (SQL injection vulnerability in viewfaqs.php in Scripts for Sites
(SFS) ...)
+ TODO: check
+CVE-2008-6777 (Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and
earlier ...)
+ TODO: check
+CVE-2008-6776 (SQL injection vulnerability in viewcomments.php in Scripts For
Sites ...)
+ TODO: check
+CVE-2008-6775 (HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers
to ...)
+ TODO: check
CVE-2009-XXXX [jetty: Vulnerability in ResourceHandler and DefaultServlet with
aliases]
- jetty <unfixed>
NOTE: http://jira.codehaus.org/browse/JETTY-1004
@@ -294,10 +356,9 @@
RESERVED
CVE-2009-1373
RESERVED
-CVE-2009-1365
- RESERVED
-CVE-2009-1364 [libwmf: use after free in embedded gd library]
- RESERVED
+CVE-2009-1365 (Unspecified vulnerability in Adobe Flash Media Server (FMS)
before ...)
+ TODO: check
+CVE-2009-1364 (Use-after-free vulnerability in the embedded GD library in
libwmf ...)
- libwmf <unfixed> (low; bug #526434)
CVE-2009-1363
RESERVED
@@ -721,7 +782,7 @@
[etch] - php5 <not-affected> (this is caused by the fix for
CVE-2008-5658, which was not applied to php4)
- php4 <not-affected> (this is caused by the fix for CVE-2008-5658,
which was not applied to php4)
CVE-2009-1271 (The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x
before ...)
- {DSA-1775-1}
+ {DSA-1789-1 DSA-1775-1}
- php5 5.2.9.dfsg.1-1
- php4 <not-affected> (the JSON extension was introduced in php5.2)
- php-json-ext <unfixed>
@@ -2466,6 +2527,7 @@
{DSA-1769-1}
- openjdk-6 <unfixed>
CVE-2009-0792 (Multiple integer overflows in icc.c in the International Color
...)
+ {DTSA-198-1}
- argyll 1.0.3-3 (medium; bug #523472; bug #524802)
- ghostscript 8.64~dfsg-1.1 (medium; bug #524915)
CVE-2009-0791
@@ -2575,6 +2637,7 @@
[lenny] - poppler <no-dsa> (Application crash only, could be fixed with
further issues)
[etch] - poppler <no-dsa> (Application crash only, could be fixed with
further issues)
CVE-2009-0754 (PHP 4.4.4, 5.1.6, and other versions, when running on Apache,
allows ...)
+ {DSA-1789-1}
- php4 <removed> (low)
- php5 5.2.9.dfsg.1-1 (low; bug #523049)
CVE-2008-6398 (sng_regress in SNG 1.0.2 allows local users to overwrite
arbitrary ...)
@@ -3514,13 +3577,13 @@
{DSA-1748-1}
- libsoup 2.2.105-4 (medium; bug #520039)
CVE-2009-0584 (icc.c in the International Color Consortium (ICC) Format library
(aka ...)
- {DSA-1746-1}
+ {DSA-1746-1 DTSA-198-1}
- ghostscript 8.64~dfsg-1.1 (medium; bug #522416)
- argyll 1.0.3-2 (bug #522448)
- gs-gpl <removed>
- gs-esp <removed>
CVE-2009-0583 (Multiple integer overflows in icc.c in the International Color
...)
- {DSA-1746-1}
+ {DSA-1746-1 DTSA-198-1}
- ghostscript 8.64~dfsg-1.1 (medium; bug #522416)
- argyll 1.0.3-2 (bug #522448)
- gs-gpl <removed>
@@ -4932,6 +4995,7 @@
CVE-2009-0197 (Integer overflow in the FORMATS Plugin before 4.23 for IrfanView
...)
NOT-FOR-US: IrfanView
CVE-2009-0196 (Heap-based buffer overflow in the big2_decode_symbol_dict
function ...)
+ {DTSA-198-1}
- ghostscript 8.64~dfsg-1.1 (medium; bug #524803)
CVE-2009-0195 (Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS
1.3.9, ...)
TODO: check
@@ -5522,6 +5586,7 @@
CVE-2008-5815 (SQL injection vulnerability in Acomment.php in phpAlumni allows
remote ...)
NOT-FOR-US: phpAlumni
CVE-2008-5814 (Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7
and ...)
+ {DSA-1789-1}
- php5 <unfixed> (low; bug #523028)
- php4 <unfixed> (low; bug #523028)
CVE-2008-5813 (SQL injection vulnerability in inc/rubriques.php in SPIP 1.8
before ...)
@@ -6175,7 +6240,7 @@
CVE-2008-5558 (Asterisk Open Source 1.2.26 through 1.2.30.3 and Business
Edition ...)
- asterisk 1:1.4.0~dfsg-1 (bug #509686)
CVE-2008-5557 (Heap-based buffer overflow in ...)
- {DTSA-188-1}
+ {DSA-1789-1 DTSA-188-1}
- php5 5.2.6.dfsg.1-1 (bug #511493)
[lenny] - php5 5.2.6.dfsg.1-1+lenny1
NOTE: according to bug report, this was fixed in lenny prior to the release,
but was not marked as such at the time
@@ -6677,7 +6742,7 @@
CVE-2008-5617 (The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1
does ...)
- rsyslog 3.18.6-1 (bug #508027)
CVE-2008-5624 (PHP 5 before 5.2.7 does not properly initialize the page_uid and
...)
- {DTSA-188-1}
+ {DSA-1789-1 DTSA-188-1}
- php5 5.2.6.dfsg.1-1 (bug #508021)
TODO: check php4
CVE-2008-5660 (Format string vulnerability in the vinagre_utils_show_error
function ...)
@@ -6866,7 +6931,7 @@
CVE-2007-6719 (SQL injection vulnerability in Wiz-Ad 1.3 allows remote
attackers to ...)
NOT-FOR-US: Wiz-Ad
CVE-2008-5658 (Directory traversal vulnerability in the ZipArchive::extractTo
...)
- {DTSA-188-1}
+ {DSA-1789-1 DTSA-188-1}
- php5 5.2.6.dfsg.1-3 (bug #507857)
- php4 <unfixed>
CVE-2008-5323 (Cross-site scripting (XSS) vulnerability in index.php in Wysi
Wiki Wyg ...)
@@ -14604,9 +14669,11 @@
[etch] - libid3tag <no-dsa> (Minor issue)
NOTE: totally different approach to fix the bug, see Kurts comments in the bug
report
CVE-2008-2108 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before
5.2.5, ...)
+ {DSA-1789-1}
- php5 5.2.2-1 (low)
NOTE: http://www.sektioneins.de/advisories/SE-2008-02.txt
CVE-2008-2107 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before
5.2.5, ...)
+ {DSA-1789-1}
- php5 5.2.2-1 (low)
NOTE: closely related to CVE-2008-2108
CVE-2008-2106 (Call of Duty 4 (CoD4) 1.5 and earlier allows remote
authenticated ...)