Author: nion Date: 2009-05-27 09:37:55 +0000 (Wed, 27 May 2009) New Revision: 11980 Modified: data/CVE/list Log: - NFUs - new ocsinventory-server issue (CVE-2009-1769) Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-05-27 09:21:04 UTC (rev 11979) +++ data/CVE/list 2009-05-27 09:37:55 UTC (rev 11980) @@ -1,51 +1,52 @@ CVE-2009-1785 (Cross-site scripting (XSS) vulnerability in Ulteo Open Virtual Desktop ...) - TODO: check + NOT-FOR-US: Ulteo Open Virtual Desktop CVE-2009-1784 (The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus ...) - TODO: check + NOT-FOR-US: AVG anti-virus CVE-2009-1783 (Multiple FRISK Software F-Prot anti-virus products, including ...) - TODO: check + NOT-FOR-US: FRISK Software F-Prot anti-virus CVE-2009-1782 (Multiple F-Secure anti-virus products, including Anti-Virus for ...) - TODO: check + NOT-FOR-US: F-Secure anti-virus CVE-2009-1781 (Static code injection vulnerability in admin.php in Frax.dk Php ...) - TODO: check + NOT-FOR-US: Frax.dk Php Recommend CVE-2009-1780 (admin.php in Frax.dk Php Recommend 1.3 and earlier does not require ...) - TODO: check + NOT-FOR-US: Frax.dk Php Recommend CVE-2009-1779 (PHP remote file inclusion vulnerability in admin.php in Frax.dk Php ...) - TODO: check + NOT-FOR-US: Frax.dk Php Recommend CVE-2009-1778 (SQL injection vulnerability in the new user registration feature in ...) - TODO: check + NOT-FOR-US: BigACE CMS CVE-2009-1777 (CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail ...) - TODO: check + NOT-FOR-US: Matt Wright FormMail CVE-2009-1776 (Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in ...) - TODO: check + NOT-FOR-US: Matt Wright FormMail CVE-2009-1775 (Multiple cross-site scripting (XSS) vulnerabilities in Ulteo Open ...) - TODO: check + NOT-FOR-US: Ulteo Open Virtual Desktop CVE-2009-1774 (Directory traversal vulnerability in plugins/ddb/foot.php in ...) - TODO: check + NOT-FOR-US: Strawberry CVE-2009-1773 (activeCollab 2.1 Corporate allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: activeCollab CVE-2009-1772 (Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate ...) - TODO: check + NOT-FOR-US: activeCollab CVE-2009-1771 (index.php in Flyspeck CMS 6.8 does not require administrative ...) - TODO: check + NOT-FOR-US: Flyspeck CMS CVE-2009-1770 (Directory traversal vulnerability in ...) - TODO: check + NOT-FOR-US: Flyspeck CMS CVE-2009-1769 (The web interface in OCS Inventory NG 1.01 generates different error ...) - TODO: check + - ocsinventory-server <unfixed> (unimportant; bug #529344) + NOTE: README.Debian states Important: access to the reports server should be restricted CVE-2009-1768 (Directory traversal vulnerability in download.php in Rama Zaiten CMS ...) - TODO: check + NOT-FOR-US: Rama Zaiten CMS CVE-2009-1767 (admin/edituser.php in 2daybiz Template Monster Clone does not require ...) - TODO: check + NOT-FOR-US: 2daybiz Template Monster Clone CVE-2009-1766 (SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows ...) - TODO: check + NOT-FOR-US: LightOpenCMS CVE-2009-1765 (Multiple directory traversal vulnerabilities in pluck 4.6.2, when ...) - TODO: check + NOT-FOR-US: pluck CMS CVE-2009-1764 (SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows ...) - TODO: check + NOT-FOR-US: MaxCMS CVE-2009-1763 (Unspecified vulnerability in the Solaris Secure Digital slot driver ...) - TODO: check + NOT-FOR-US: Solaris CVE-2009-1762 (Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess ...) - TODO: check + NOT-FOR-US: Novell GroupWise CVE-2009-XXXX [radare-common insecure temp files handling] - radare-common (low) TODO: file bug @@ -334,7 +335,7 @@ CVE-2009-1636 RESERVED CVE-2009-1635 (Cross-site scripting (XSS) vulnerability in the WebAccess login page ...) - TODO: check + NOT-FOR-US: Novell GroupWise CVE-2009-1634 RESERVED CVE-2009-1633 [CIFS Unicode issue]