thr3ads.net - Secure testing commits - [Secure-testing-commits] r12674

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Aug-24 21:14 UTC
[Secure-testing-commits] r12674 - data/CVE

Author: joeyh
Date: 2009-08-24 21:14:25 +0000 (Mon, 24 Aug 2009)
New Revision: 12674

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-08-24 19:34:25 UTC (rev 12673)
+++ data/CVE/list	2009-08-24 21:14:25 UTC (rev 12674)
@@ -1,3 +1,129 @@
+CVE-2009-2950
+	RESERVED
+CVE-2009-2949
+	RESERVED
+CVE-2009-2948
+	RESERVED
+CVE-2009-2947
+	RESERVED
+CVE-2009-2946
+	RESERVED
+CVE-2009-2945
+	RESERVED
+CVE-2009-2944
+	RESERVED
+CVE-2009-2943
+	RESERVED
+CVE-2009-2942
+	RESERVED
+CVE-2009-2941
+	RESERVED
+CVE-2009-2940
+	RESERVED
+CVE-2009-2939
+	RESERVED
+CVE-2009-2938
+	RESERVED
+CVE-2009-2937
+	RESERVED
+CVE-2009-2936
+	RESERVED
+CVE-2009-2935
+	RESERVED
+CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in
Programmed ...)
+	TODO: check
+CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before
2.0.3 ...)
+	TODO: check
+CVE-2009-2932 (Cross-site scripting (XSS) vulnerability in uddiclient/process
in the ...)
+	TODO: check
+CVE-2009-2931 (Directory traversal vulnerability in p.php in SlideShowPro
Director ...)
+	TODO: check
+CVE-2009-2930 (Cross-site scripting (XSS) vulnerability in the Search feature
in elka ...)
+	TODO: check
+CVE-2009-2929 (Multiple SQL injection vulnerabilities in TGS Content Management
0.x ...)
+	TODO: check
+CVE-2009-2928 (Cross-site scripting (XSS) vulnerability in login.php in TGS
Content ...)
+	TODO: check
+CVE-2009-2927 (SQL injection vulnerability in DetailFile.php in DigitalSpinners
DS ...)
+	TODO: check
+CVE-2009-2926 (Multiple SQL injection vulnerabilities in PHP Competition System
BETA ...)
+	TODO: check
+CVE-2008-7052 (Unrestricted file upload vulnerability in profile.php in Pre
Projects ...)
+	TODO: check
+CVE-2008-7051 (AJ Square AJ Article allows remote attackers to bypass
authentication ...)
+	TODO: check
+CVE-2008-7050 (The password_check function in auth/auth_phpbb3.php in WoW Raid
...)
+	TODO: check
+CVE-2008-7049 (Multiple SQL injection vulnerabilities in login.asp in
NatterChat 1.1 ...)
+	TODO: check
+CVE-2008-7048 (Multiple cross-site scripting (XSS) vulnerabilities in
NatterChat 1.12 ...)
+	TODO: check
+CVE-2008-7047 (NatterChat 1.1 allows remote attackers to bypass authentication
and ...)
+	TODO: check
+CVE-2008-7046 (AJ Square Free Polling Script (AJPoll) allows remote attackers
to ...)
+	TODO: check
+CVE-2008-7045 (AJ Square Free Polling Script (AJPoll) Database version allows
remote ...)
+	TODO: check
+CVE-2008-7044 (SQL injection vulnerability in admin/include/newpoll.php in AJ
Square ...)
+	TODO: check
+CVE-2008-7043 (Cross-site scripting (XSS) vulnerability in register.php in ...)
+	TODO: check
+CVE-2008-7042 (PHP remote file inclusion vulnerability in url.php in
FreshScripts ...)
+	TODO: check
+CVE-2008-7041 (AJ Classifieds allows remote attackers to bypass authentication
and ...)
+	TODO: check
+CVE-2008-7040 (SQL injection vulnerability in ahah/sf-profile.php in the Yellow
...)
+	TODO: check
+CVE-2008-7039 (Cross-site scripting (XSS) vulnerability in admin/comments.php
in ...)
+	TODO: check
+CVE-2008-7038 (SQL injection vulnerability in the My_eGallery module for
PHP-Nuke ...)
+	TODO: check
+CVE-2008-7037 (The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06
for ...)
+	TODO: check
+CVE-2008-7036 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2008-7035 (Cross-site scripting (XSS) vulnerability in an unspecified
component ...)
+	TODO: check
+CVE-2008-7034 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-7033 (SQL injection vulnerability in the Simple Shop Galore
(com_simpleshop) ...)
+	TODO: check
+CVE-2008-7032 (Web Management Console Cross-site request forgery (CSRF)
vulnerability ...)
+	TODO: check
+CVE-2008-7031 (Heap-based buffer overflow in Foxit Remote Access Server (aka
WAC ...)
+	TODO: check
+CVE-2008-7030 (Multiple SQL injection vulnerabilities in Site2Nite Real Estate
Web ...)
+	TODO: check
+CVE-2008-7029 (Unrestricted file upload vulnerability in usercp.php in AlilG
...)
+	TODO: check
+CVE-2008-7028 (RPG.Board 0.8 Beta2 and earlier allows remote attackers to
bypass ...)
+	TODO: check
+CVE-2008-7027 (Libra File Manager 1.18 and earlier allows remote attackers to
bypass ...)
+	TODO: check
+CVE-2008-7026 (Unrestricted file upload vulnerability in filesystem3.class.php
in ...)
+	TODO: check
+CVE-2008-7025 (TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe
...)
+	TODO: check
+CVE-2008-7024 (admin.php in Arz Development The Gemini Portal 4.7 and earlier
allows ...)
+	TODO: check
+CVE-2008-7023 (Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly
other ...)
+	TODO: check
+CVE-2008-7022 (Insecure method vulnerability in ChilkatMail_v7_9.dll in the
Chilkat ...)
+	TODO: check
+CVE-2008-7021 (Unrestricted file upload vulnerability in editlogo.php in
AvailScript ...)
+	TODO: check
+CVE-2008-7020 (McAfee SafeBoot Device Encryption 4 build 4750 and earlier
stores ...)
+	TODO: check
+CVE-2008-7019 (Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass
...)
+	TODO: check
+CVE-2008-7018 (Cross-site scripting (XSS) vulnerability in NashTech Easy PHP
Calendar ...)
+	TODO: check
+CVE-2008-7017 (Cross-site scripting (XSS) vulnerability in analyse.php in
CAcert ...)
+	TODO: check
+CVE-2008-7016 (tnftpd before 20080929 splits large command strings into
multiple ...)
+	TODO: check
+CVE-2003-1574 (TikiWiki 1.6.1 allows remote attackers to bypass authentication
by ...)
+	TODO: check
 CVE-2009-XXXX [pidgin does not honour SSL/TLS]
 	- pidgin 2.6.1-1 (low; bug #542891)
 	[lenny] - pidgin <no-dsa> (Minor issue)
@@ -199,15 +325,19 @@
 CVE-2008-7004 (Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has
unknown ...)
 	NOT-FOR-US: Electronic Logbook
 CVE-2009-2849 (The md driver (drivers/md/md.c) in the Linux kernel before
2.6.30.2 ...)
+	{DSA-1872-1}
 	- linux-2.6 2.6.30-4 (medium)
 	- linux-2.6.24 <removed>
 CVE-2009-2848 (The execve function in the Linux kernel, possibly 2.6.30-rc6 and
...)
+	{DSA-1872-1}
 	- linux-2.6 <unfixed> (low)
 	- linux-2.6.24 <removed>
 CVE-2009-2847 (The do_sigaltstack function in kernel/signal.c in Linux kernel
2.6 ...)
+	{DSA-1872-1}
 	- linux-2.6 2.6.30-6 (low)
 	- linux-2.6.24 <removed>
 CVE-2009-2846 (The eisa_eeprom_read function in the parisc isa-eeprom component
...)
+	{DSA-1872-1}
 	- linux-2.6 2.6.30-6 (low)
 	- linux-2.6.24 <removed>
 CVE-2009-2844 (cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1
and ...)
@@ -789,6 +919,7 @@
 	RESERVED
 CVE-2009-2698
 	RESERVED
+	{DSA-1872-1}
 CVE-2009-2697
 	RESERVED
 CVE-2009-2696
@@ -1418,13 +1549,11 @@
 	- sun-java6 6-15-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 	- openjdk-6 <unfixed> (medium; bug #542210)
-CVE-2009-2474 [neon: Improper verification of x590v3 certificate with NUL
(zero) byte in certain fields]
-	RESERVED
+CVE-2009-2474 (neon before 0.28.6, when OpenSSL is used, does not properly
handle a ...)
 	- neon27 0.28.6-1 (medium; bug #542926)
 	- neon26 <unfixed> (medium; bug #542926)
 	- neon <removed> (medium; bug #542926)
-CVE-2009-2473 [neon: billion laughs DoS attack]
-	RESERVED
+CVE-2009-2473 (neon before 0.28.6, when expat is used, does not properly detect
...)
 	- neon27 <not-affected> (neon27 is compiled to use libxml2 instead of
expat)
 	- neon26 <not-affected> (neon26 is compiled to use libxml2 instead of
expat)
 	- neon <removed>
@@ -2583,8 +2712,8 @@
 	NOT-FOR-US: Apple Safari
 CVE-2009-2057 (Microsoft Internet Explorer before 8 uses the HTTP Host header
to ...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2009-2056
-	RESERVED
+CVE-2009-2056 (Cisco IOS XR 3.8.1 and earlier allows remote authenticated users
to ...)
+	TODO: check
 CVE-2009-2055 (Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to
cause a ...)
 	NOT-FOR-US: Cisco IOS
 CVE-2009-2054
@@ -3048,8 +3177,8 @@
 	NOTE: can be exploited only if magic_quotes is off
 CVE-2009-3870
 	REJECTED
-CVE-2009-1879
-	RESERVED
+CVE-2009-1879 (Cross-site scripting (XSS) vulnerability in index.template.html
in the ...)
+	TODO: check
 CVE-2009-1878 (Session fixation vulnerability in Adobe ColdFusion 8.0.1 and
earlier ...)
 	NOT-FOR-US: Adobe ColdFusion
 CVE-2009-1877 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion
8.0.1 and ...)
@@ -5509,8 +5638,8 @@
 	NOT-FOR-US: Cisco Adaptive Security Appliances
 CVE-2009-1155 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX
Security ...)
 	NOT-FOR-US: Cisco Adaptive Security Appliances
-CVE-2009-1154
-	RESERVED
+CVE-2009-1154 (Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause
a ...)
+	TODO: check
 CVE-2009-1153
 	RESERVED
 CVE-2009-1152 (Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and
possibly ...)
@@ -50144,7 +50273,7 @@
 	NOT-FOR-US: Tradingeye Shop
 CVE-2006-3140 (SQL injection vulnerability in index.php in openCI 1.0 BETA
0.20.1 and ...)
 	NOT-FOR-US: openCI
-CVE-2006-3139 (Multiple SQL injection vulnerabilities in war.php in Virtual War
1.5.0 ...)
+CVE-2006-3139 (Multiple SQL injection vulnerabilities in war.php in Virtual War
...)
 	NOT-FOR-US: Virtual War
 CVE-2006-3138 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyDirectory ...)
 	NOT-FOR-US: phpMyDirectory
Secure testing commits - Aug 2009 - r12674 - data/CVE

[Secure-testing-commits] r12674 - data/CVE
