Author: derevko-guest Date: 2009-08-18 07:50:58 +0000 (Tue, 18 Aug 2009) New Revision: 12629 Modified: data/CVE/list Log: - NFUs - CVE id for OCS Inventory NG Server already requested Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-08-18 07:38:11 UTC (rev 12628) +++ data/CVE/list 2009-08-18 07:50:58 UTC (rev 12629) @@ -1,41 +1,42 @@ CVE-2009-2778 (Cross-site scripting (XSS) vulnerability in visitor/view.php in ...) - TODO: check + NOT-FOR-US: GarageSales script CVE-2009-2777 (SQL injection vulnerability in visitor/view.php in GarageSales Script ...) - TODO: check + NOT-FOR-US: GarageSales Script CVE-2009-2776 (SQL injection vulnerability in showresult.asp in Smart ASP Survey ...) - TODO: check + NOT-FOR-US: Smart ASP Survey CVE-2009-2775 (SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP ...) - TODO: check + NOT-FOR-US: PHPArcadeScript CVE-2009-2774 (SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail ...) - TODO: check + NOT-FOR-US: PHP Paid 4 Mail CVE-2009-2773 (PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail ...) - TODO: check + NOT-FOR-US: PHP Paid 4 Mail CVE-2009-2772 (Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate ...) - TODO: check + NOT-FOR-US: PG Roommate Finder Solution CVE-2009-2771 (Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 ...) - TODO: check + NOT-FOR-US: Free Arcade Script CVE-2009-2770 (PowerUpload 2.4 allows remote attackers to bypass authentication and ...) - TODO: check + NOT-FOR-US: PowerUpload CVE-2009-2769 (PHP remote file inclusion vulnerability in include/timesheet.php in ...) - TODO: check + NOT-FOR-US: Ultrize TimeSheet CVE-2009-2768 (The load_flat_shared_library function in fs/binfmt_flat.c in the flat ...) TODO: check CVE-2009-2767 (The init_posix_timers function in kernel/posix-timers.c in the Linux ...) TODO: check CVE-2009-2766 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not ...) - TODO: check + NOT-FOR-US: DD-WRT CVE-2009-2765 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other ...) - TODO: check + NOT-FOR-US: DD-WRT CVE-2009-2764 (Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-6975 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) - TODO: check + NOT-FOR-US: DD-WRT CVE-2008-6974 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) - TODO: check + NOT-FOR-US: DD-WRT CVE-2009-XXXX [Sql injection in OCS Inventory NG Server] - ocsinventory-server <unfixed> (low; bug #541995) NOTE: http://seclists.org/fulldisclosure/2009/Aug/0143.html NOTE: Authentication is needed + NOTE: cve id already requested on oss-sec CVE-2009-2763 RESERVED CVE-2009-XXXX [logrotate race condition could lead to file disclosure] @@ -442,7 +443,7 @@ CVE-2009-2678 RESERVED CVE-2009-2677 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...) - TODO: check + NOT-FOR-US: HP Insight Control Suite For Linux (aka ICE-LX) CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE ...) - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) @@ -5532,7 +5533,7 @@ CVE-2008-6512 (Cross-domain vulnerability in the WorkerPool API in Google Gears ...) NOT-FOR-US: Google Gears CVE-2009-1048 (The web interface on the snom VoIP phones snom 300, snom 320, snom ...) - TODO: check + NOT-FOR-US: snom VoIP phones CVE-2009-1047 (Cross-site scripting (XSS) vulnerability in the Send by e-mail module ...) NOT-FOR-US: Send by e-mail module for Drupal CVE-2009-1046 (The console selection feature in the Linux kernel 2.6.28 before ...)