thr3ads.net - Secure testing commits - [Secure-testing-commits] r12750

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Sep-04 21:14 UTC
[Secure-testing-commits] r12750 - data/CVE

Author: joeyh
Date: 2009-09-04 21:14:43 +0000 (Fri, 04 Sep 2009)
New Revision: 12750

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-09-04 21:13:31 UTC (rev 12749)
+++ data/CVE/list	2009-09-04 21:14:43 UTC (rev 12750)
@@ -1,60 +1,66 @@
 CVE-2009-3068
 	NOT-FOR-US: Adobe RoboHelp Server
-CVE-2009-3067
+CVE-2009-3067 (Cross-site scripting (XSS) vulnerability in index.php in
Reservation ...)
 	NOT-FOR-US: Reservation Manager
-CVE-2009-3066
+CVE-2009-3066 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: PropertyWatchScript.com Property Watch
-CVE-2009-3065
+CVE-2009-3065 (PHP remote file inclusion vulnerability in
editor/edit_htmlarea.php in ...)
 	NOT-FOR-US: Ve-EDIT
-CVE-2009-3064
+CVE-2009-3064 (Directory traversal vulnerability in debugger/debug_php.php in
Ve-EDIT ...)
 	NOT-FOR-US: Ve-EDIT
-CVE-2009-3063
+CVE-2009-3063 (SQL injection vulnerability in the Game Server (com_gameserver)
...)
 	NOT-FOR-US: Joomla!
-CVE-2009-3062
+CVE-2009-3062 (SQL injection vulnerability in message_box.php in OSI Codes PHP
Live! ...)
 	NOT-FOR-US: OSI Codes PHP Live!
-CVE-2009-3061
+CVE-2009-3061 (SQL injection vulnerability in lesson.php in Alqatari Q R Script
1.0 ...)
 	NOT-FOR-US: Alqatari Q R Script
-CVE-2009-3060
+CVE-2009-3060 (Multiple cross-site scripting (XSS) vulnerabilities in Joker
Board ...)
 	NOT-FOR-US: Joker Board
-CVE-2009-3059
+CVE-2009-3059 (Multiple SQL injection vulnerabilities in Joker Board (aka
JBoard) 2.0 ...)
 	NOT-FOR-US: Joker Board
-CVE-2009-3058
+CVE-2009-3058 (Stack-based buffer overflow in akPlayer 1.9.0 allows remote
attackers ...)
 	NOT-FOR-US: akPlayer
-CVE-2009-3057
+CVE-2009-3057 (Multiple cross-site scripting (XSS) vulnerabilities in AOM
Software ...)
 	NOT-FOR-US: AOM Software Beex
-CVE-2009-3056
+CVE-2009-3056 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: KingCMS
-CVE-2009-3055
+CVE-2009-3055 (PHP remote file inclusion vulnerability in
engine/api/api.class.php in ...)
 	NOT-FOR-US: DataLife Engine
-CVE-2009-3054
+CVE-2009-3054 (SQL injection vulnerability in the Artetics.com Art Portal ...)
 	NOT-FOR-US: Joomla!
-CVE-2009-3053
+CVE-2009-3053 (Directory traversal vulnerability in the Agora (com_agora)
component ...)
 	NOT-FOR-US: Joomla!
-CVE-2009-3052
+CVE-2009-3052 (SQL injection vulnerability in
root/includes/prime_quick_style.php in ...)
 	NOT-FOR-US: Prime Quick Style addon
-CVE-2008-7166
+CVE-2008-7166 (Buffer overflow in the web interface in BitTorrent 6.0.1 (build
7859) ...)
 	NOT-FOR-US: web interface in BitTorrent 6.0.1 (build 7859)
-CVE-2008-7165
+CVE-2008-7165 (Cross-site request forgery in cp06_wifi_m_nocifr.cgi in the ...)
 	NOT-FOR-US: TELECOM ITALIA Alice Gate2 Plus Wi-Fi
-CVE-2008-7164
+CVE-2008-7164 (Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0
have ...)
 	NOT-FOR-US: Shareaza
-CVE-2008-7163
+CVE-2008-7163 (Directory traversal vulnerability in mods/Integrated/index.php
in ...)
 	NOT-FOR-US: SineCMS
-CVE-2008-7162
+CVE-2008-7162 (Buffer overflow in Hero Super Player 3000 allows remote
attackers to ...)
 	NOT-FOR-US: Hero Super Player
-CVE-2008-7161
+CVE-2008-7161 (Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build
040075,070111 ...)
 	NOT-FOR-US: Fortinet FortiGuard Fortinet
 CVE-2008-7159 [silc ASN1 encoding format string vulnerability]
+	RESERVED
+	{DSA-1879-1}
 	- silc-toolkit 1.1.10-1 (low)
 	- silc-client 1.1-2 (low)
 	- silc-server <not-affected> (Vulnerable code not present)
 	NOTE: silc-client uses libsilc from silc-toolkit since 1.1-2
 CVE-2009-3051 [silc various format string vulnerabilities]
+	RESERVED
+	{DSA-1879-1}
 	- silc-toolkit 1.1.10-1 (medium)
 	- silc-client 1.1-2 (medium)
 	- silc-server 1.1.2-1 (medium)
 	NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2
 CVE-2008-7160 [silcd format string vulnerability in http server]
+	RESERVED
+	{DSA-1879-1}
 	- silc-toolkit 1.1.10-1 (low)
 	- silc-client <not-affected> (Vulnerable code not present)
 	- silc-server 1.1.2-1 (low)
@@ -1987,7 +1993,7 @@
 	RESERVED
 CVE-2009-2522
 	RESERVED
-CVE-2009-2521
+CVE-2009-2521 (Stack consumption vulnerability in the FTP server in Microsoft
...)
 	NOT-FOR-US: Microsoft Internet Information Server
 CVE-2009-2520
 	RESERVED
@@ -3056,6 +3062,7 @@
 	RESERVED
 CVE-2009-2139
 	RESERVED
+	{DSA-1880-1}
 CVE-2009-2138 (Multiple open redirect vulnerabilities in TBDev.NET 01-01-08
allow ...)
 	NOT-FOR-US: TBDev.NET
 CVE-2009-2137 (Memory leak in the Ultra-SPARC T2 crypto provider device driver
(aka ...)
@@ -9914,8 +9921,10 @@
 CVE-2009-0202 (Array index error in FL21WIN.DLL in the PowerPoint Freelance
Windows ...)
 	NOT-FOR-US: Microsoft
 CVE-2009-0201 (Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1
might ...)
+	{DSA-1880-1}
 	TODO: check
 CVE-2009-0200 (Integer underflow in OpenOffice.org (OOo) before 3.1.1 might
allow ...)
+	{DSA-1880-1}
 	TODO: check
 CVE-2009-0199
 	RESERVED
@@ -62987,7 +62996,7 @@
 	NOT-FOR-US: Opera
 CVE-2005-3058 (Interpretation conflict in Fortinet FortiGate 2.8, running
FortiOS ...)
 	NOT-FOR-US: FortiGate
-CVE-2005-3057 (Unspecified vulnerability in the FTP component in FortiGate 2.8,
...)
+CVE-2005-3057 (The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and
v3beta, ...)
 	NOT-FOR-US: FortiGate
 CVE-2005-3056 [TWiki INCLUDE function allows arbitrary shell command execution
]
 	RESERVED
Secure testing commits - Sep 2009 - r12750 - data/CVE

[Secure-testing-commits] r12750 - data/CVE
