Author: joeyh
Date: 2009-08-23 09:14:18 +0000 (Sun, 23 Aug 2009)
New Revision: 12664
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-08-23 04:02:17 UTC (rev 12663)
+++ data/CVE/list 2009-08-23 09:14:18 UTC (rev 12664)
@@ -1,3 +1,96 @@
+CVE-2009-2962
+ REJECTED
+ TODO: check
+CVE-2009-2925 (Directory traversal vulnerability in DJcalendar.cgi in
DJCalendar ...)
+ TODO: check
+CVE-2009-2924 (Multiple SQL injection vulnerabilities in Videos Broadcast
Yourself 2 ...)
+ TODO: check
+CVE-2009-2923 (Multiple directory traversal vulnerabilities in BitmixSoft
PHP-Lance ...)
+ TODO: check
+CVE-2009-2922 (Absolute path traversal vulnerability in pixaria.image.php in
Pixaria ...)
+ TODO: check
+CVE-2009-2921 (Multiple SQL injection vulnerabilities in login.php in MOC
Designs PHP ...)
+ TODO: check
+CVE-2009-2920 (Multiple cross-site scripting (XSS) vulnerabilities in Elvin
1.2.2 ...)
+ TODO: check
+CVE-2009-2919 (Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and
2.0.2 ...)
+ TODO: check
+CVE-2009-2918 (The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003
allows ...)
+ TODO: check
+CVE-2009-2917 (Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows
remote ...)
+ TODO: check
+CVE-2009-2916 (Format string vulnerability in the CNS_AddTxt function in
logs.dll in ...)
+ TODO: check
+CVE-2009-2915 (SQL injection vulnerability in 2fly_gift.php in 2FLY Gift
Delivery ...)
+ TODO: check
+CVE-2009-2914 (Cross-site scripting (XSS) vulnerability in index.php in XZero
...)
+ TODO: check
+CVE-2009-2913 (Cross-site scripting (XSS) vulnerability in index.php in XZero
...)
+ TODO: check
+CVE-2009-2912 (The (1) sendfile and (2) sendfilev functions in Sun Solaris 8
through ...)
+ TODO: check
+CVE-2009-2911
+ RESERVED
+CVE-2009-2910
+ RESERVED
+CVE-2009-2909
+ RESERVED
+CVE-2009-2908
+ RESERVED
+CVE-2009-2907
+ RESERVED
+CVE-2009-2906
+ RESERVED
+CVE-2009-2905
+ RESERVED
+CVE-2009-2904
+ RESERVED
+CVE-2009-2903
+ RESERVED
+CVE-2009-2902
+ RESERVED
+CVE-2009-2901
+ RESERVED
+CVE-2009-2900
+ RESERVED
+CVE-2009-2899
+ RESERVED
+CVE-2009-2898
+ RESERVED
+CVE-2009-2897
+ RESERVED
+CVE-2009-2896 (Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote
...)
+ TODO: check
+CVE-2009-2895 (SQL injection vulnerability in rss.php in Ultimate Regnow
Affiliate ...)
+ TODO: check
+CVE-2009-2894 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow
remote ...)
+ TODO: check
+CVE-2009-2893 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+ TODO: check
+CVE-2009-2892 (Multiple SQL injection vulnerabilities in header.php in
Scripteen Free ...)
+ TODO: check
+CVE-2009-2891 (SQL injection vulnerability in list.php in PHP Scripts Now
Riddles ...)
+ TODO: check
+CVE-2009-2890 (Cross-site scripting (XSS) vulnerability in results.php in PHP
Scripts ...)
+ TODO: check
+CVE-2009-2889 (Cross-site scripting (XSS) vulnerability in index.php in PHP
Scripts ...)
+ TODO: check
+CVE-2009-2888 (SQL injection vulnerability in index.php in PHP Scripts Now
Hangman ...)
+ TODO: check
+CVE-2009-2887 (Cross-site scripting (XSS) vulnerability in bios.php in PHP
Scripts ...)
+ TODO: check
+CVE-2009-2886 (SQL injection vulnerability in bios.php in PHP Scripts Now
President ...)
+ TODO: check
+CVE-2009-2885 (SQL injection vulnerability in bios.php in PHP Scripts Now
World''s ...)
+ TODO: check
+CVE-2009-2884 (Cross-site scripting (XSS) vulnerability in bios.php in PHP
Scripts ...)
+ TODO: check
+CVE-2009-2883 (SQL injection vulnerability in admin/login.php in SaphpLesson
4.0, ...)
+ TODO: check
+CVE-2009-2882 (Multiple cross-site scripting (XSS) vulnerabilities in PG
MatchMaking ...)
+ TODO: check
+CVE-2009-2881 (Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow
remote ...)
+ TODO: check
CVE-2009-XXXX [BackupPC ClientNameAlias ssh rsync backup security bypass]
- backuppc <unfixed> (low; bug #542218)
NOTE: no-dsa candidate
@@ -59,12 +152,15 @@
CVE-2009-2855 (The strListGetItem function in src/HttpHeaderTools.c in Squid
2.7 ...)
- squid <unfixed> (low; bug #534982)
CVE-2009-2854 (Wordpress before 2.8.3 does not check capabilities for certain
...)
+ {DSA-1871-1}
- wordpress 2.8.3-1
CVE-2009-2853 (Wordpress before 2.8.3 allows remote attackers to gain
privileges via ...)
+ {DSA-1871-1}
- wordpress 2.8.3-1
CVE-2009-2852 (WP-Syntax plugin 0.9.1 and earlier for Wordpress, with ...)
NOT-FOR-US: WP-Syntax plugin
CVE-2009-2851 (Cross-site scripting (XSS) vulnerability in the administrator
...)
+ {DSA-1871-1}
- wordpress 2.8.3-1 (low)
CVE-2009-2850 (Multiple buffer overflows in NASA Common Data Format (CDF) allow
...)
NOT-FOR-US: NASA Common Data Format
@@ -503,8 +599,8 @@
RESERVED
CVE-2009-2733
RESERVED
-CVE-2009-2732
- RESERVED
+CVE-2009-2732 (The checkHTTPpassword function in http.c in ntop 3.3.10 and
earlier ...)
+ TODO: check
CVE-2009-2731
RESERVED
CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a
''\0'' ...)
@@ -691,8 +787,7 @@
RESERVED
CVE-2009-2695
RESERVED
-CVE-2009-2694
- RESERVED
+CVE-2009-2694 (The msn_slplink_process_msg function in ...)
{DSA-1870-1}
- pidgin 2.5.9-1 (medium; bug #542486)
- gaim <removed>
@@ -1736,6 +1831,7 @@
- wordpress 2.8.3-1 (unimportant; bug #536724)
NOTE: Minor information leak
CVE-2009-2334 (wp-admin/admin.php in WordPress and WordPress MU before 2.8.1
does not ...)
+ {DSA-1871-1}
- wordpress 2.8.3-1 (low; bug #536724)
CVE-2009-2333 (Multiple directory traversal vulnerabilities in CMS Chainuk 1.2
and ...)
NOT-FOR-US: CMS Chainuk
@@ -4132,6 +4228,7 @@
CVE-2009-1450 (PHP remote file inclusion vulnerability in format.php in SMA-DB
0.3.12 ...)
NOT-FOR-US: SMA-DB
CVE-2008-6767 (wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote
...)
+ {DSA-1871-1}
- wordpress 2.8.3-1 (low; bug #531736)
NOTE: low impact, probably no-dsa
CVE-2008-6766 (cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows
remote ...)
@@ -4143,6 +4240,7 @@
CVE-2008-6763 (login2.php in Silentum LoginSys 1.0.0 allows remote attackers to
...)
NOT-FOR-US: Silentum LoginSys
CVE-2008-6762 (Open redirect vulnerability in wp-admin/upgrade.php in
WordPress, ...)
+ {DSA-1871-1}
- wordpress 2.8.3-1 (low; bug #531736)
NOTE: low impact, probably no-dsa
CVE-2008-6761 (Static code injection vulnerability in admin/install.php in ...)
@@ -7551,8 +7649,8 @@
NOT-FOR-US: Content Management Made Easy
CVE-2005-4878 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
- acidbase 1.2.1-1
-CVE-2009-0638
- RESERVED
+CVE-2009-0638 (The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before
3.1(16), 3.2 ...)
+ TODO: check
CVE-2009-0637 (The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based
CLI ...)
NOT-FOR-US: Cisco IOS
CVE-2009-0636 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when
SIP ...)
@@ -11973,6 +12071,7 @@
CVE-2008-XXXX [yzis insecure temp file]
- yzis 1.0~alpha1-2 (bug #504680)
CVE-2008-5113 (WordPress 2.6.3 relies on the REQUEST superglobal array in
certain ...)
+ {DSA-1871-1}
- wordpress 2.5.1-10 (bug #504771)
CVE-2008-4990 (Enomaly Elastic Computing Platform (ECP), formerly Enomalism,
before ...)
NOT-FOR-US: Enomalism
@@ -12353,7 +12452,7 @@
CVE-2008-4797 (Directory traversal vulnerability in Arihiro Kurata Kantan WEB
Server ...)
NOT-FOR-US: Arihiro Kurata Kantan WEB Server
CVE-2008-4796 (The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy
1.2.3 ...)
- {DSA-1691-1}
+ {DSA-1871-1 DSA-1691-1}
- libphp-snoopy 1.2.4-1 (bug #504168; medium)
- ampache 3.4.1-2 (bug #504169)
- mahara 1.0.5-2 (bug #504170)
@@ -12426,6 +12525,7 @@
- ekg 1:1.8~rc0-1 (low)
TODO: check other embedding packages
CVE-2008-4769 (Directory traversal vulnerability in the get_category_template
...)
+ {DSA-1871-1}
- wordpress 2.5.1-1
CVE-2008-4768 (SQL injection vulnerability in TLM CMS 3.1 allows remote
attackers to ...)
NOT-FOR-US: TLM CMS
@@ -13989,6 +14089,7 @@
NOTE: the rand() and mt_rand() functions were never said to be
cryptographically strong
NOTE: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html
CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings
about ...)
+ {DSA-1871-1}
- wordpress 2.5.1-8 (bug #500115)
CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables
that ...)
NOT-FOR-US: Joomla
@@ -20554,7 +20655,7 @@
- serendipity 1.3-1
NOTE:
http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html
CVE-2008-1502 (The _bad_protocol_once function in
phpgwapi/inc/class.kses.inc.php in ...)
- {DSA-1691-1}
+ {DSA-1871-1 DSA-1691-1}
- egroupware 1.4.002.dfsg-2.1 (bug #471839)
- wordpress 2.5.0-1 (bug #504243)
- moodle 1.8.2-1.3 (bug #489533)