Author: kees Date: 2009-09-10 22:02:04 +0000 (Thu, 10 Sep 2009) New Revision: 12785 Modified: data/CVE/list Log: NFUs: 50 Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-09-10 21:14:14 UTC (rev 12784) +++ data/CVE/list 2009-09-10 22:02:04 UTC (rev 12785) @@ -1,71 +1,105 @@ +CVE-2009-3162 + NOT-FOR-US: Multi Website +CVE-2009-3161 + NOT-FOR-US: IBM WebSphere MQ +CVE-2009-3160 + NOT-FOR-US: IBM WebSphere MQ +CVE-2009-3159 + NOT-FOR-US: IBM WebSphere MQ +CVE-2009-3158 + NOT-FOR-US: simplePHPWeb +CVE-2009-3157 + NOT-FOR-US: Calendar module for Drupal +CVE-2009-3156 + NOT-FOR-US: Date module for Drupal +CVE-2009-3155 + NOT-FOR-US: Almond Classifieds component for Joomla! +CVE-2009-3154 + NOT-FOR-US: Almond Classifieds component for Joomla! +CVE-2009-3153 + NOT-FOR-US: x10 MP3 Search engine +CVE-2009-3152 + NOT-FOR-US: NTSOFT BBS E-Market Professional +CVE-2009-3151 + NOT-FOR-US: Ultrize TimeSheet +CVE-2009-3150 + NOT-FOR-US: Multi Website +CVE-2009-3149 + NOT-FOR-US: Elgg +CVE-2009-3148 + NOT-FOR-US: PortalXP Teacher Edition +CVE-2009-3147 + NOT-FOR-US: ReviewPost Pro +CVE-2009-3146 + NOT-FOR-US: ArticleFriend Script CVE-2009-3125 RESERVED CVE-2009-3124 (Directory traversal vulnerability in get_message.cgi in QuarkMail ...) - TODO: check + NOT-FOR-US: QuarkMail CVE-2009-3123 (Directory traversal vulnerability in gallery/gallery.php in Wap-Motor ...) - TODO: check + NOT-FOR-US: Wap-Motor CVE-2009-3122 (The Ajax Table module 5.x for Drupal does not perform access control, ...) - TODO: check + NOT-FOR-US: Ajax Table module module for Drupal CVE-2009-3121 (Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x ...) - TODO: check + NOT-FOR-US: Ajax Table module module for Drupal CVE-2009-3120 (Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE ...) - TODO: check + NOT-FOR-US: BIGACE Web CMS CVE-2009-3119 (SQL injection vulnerability in screen.php in the Download System mSF ...) - TODO: check + NOT-FOR-US: PHP-Fusion CVE-2009-3118 (SQL injection vulnerability in mod/poll/comment.php in the vote module ...) - TODO: check + NOT-FOR-US: Danneo CMS CVE-2009-3117 (SQL injection vulnerability in category.php in Snow Hall Silurus ...) - TODO: check + NOT-FOR-US: Snow Hall Silurus System CVE-2009-3116 (SQL injection vulnerability in index.php in Uiga Church Portal allows ...) - TODO: check + NOT-FOR-US: Uiga Church Portal CVE-2009-3115 (SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers ...) - TODO: check + NOT-FOR-US: SolarWinds TFTP Server CVE-2009-3114 (The RSS reader widget in IBM Lotus Notes 8.5 saves items from an RSS ...) - TODO: check + NOT-FOR-US: IBM Lotus Notes CVE-2009-3113 (Unspecified vulnerability in OXID eShop Professional, Enterprise, and ...) - TODO: check + NOT-FOR-US: OXID eShop Professional CVE-2009-3112 (Unspecified vulnerability in OXID eShop Professional, Enterprise, and ...) - TODO: check + NOT-FOR-US: OXID eShop Professional CVE-2009-3111 (The rad_decode function in FreeRADIUS before 1.1.8 allows remote ...) TODO: check CVE-2008-7202 (Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail ...) - TODO: check + NOT-FOR-US: OpenWebMail CVE-2008-7201 (Lantronix MSS485-T allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Lantronix MSS485-T CVE-2008-7200 (Double free vulnerability in Deliantra server engine before 2.4 has ...) - TODO: check + NOT-FOR-US: Deliantra server engine CVE-2008-7199 (Phoenix Contact FL IL 24 BK-PAC allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Phoenix Contact FL IL 24 BK-PAC CVE-2008-7198 (Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have ...) - TODO: check + NOT-FOR-US: phpns CVE-2008-7197 (Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have ...) - TODO: check + NOT-FOR-US: G15Daemon CVE-2008-7196 (Unspecified vulnerability in metashell before 0.03 has unknown impact ...) - TODO: check + NOT-FOR-US: metashell CVE-2008-7195 (Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used ...) - TODO: check + NOT-FOR-US: Fujitsu Interstage HTTP Server CVE-2008-7194 (Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used ...) - TODO: check + NOT-FOR-US: Fujitsu Interstage HTTP Server CVE-2008-7193 (PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows ...) - TODO: check + NOT-FOR-US: PHPKIT CVE-2008-7192 (Cross-site request forgery (CSRF) vulnerability in index.php in ...) - TODO: check + NOT-FOR-US: WoltLab Burning Board CVE-2008-7191 (Unspecified vulnerability in Polipo before 1.0.4 allows remote ...) TODO: check CVE-2008-7190 (Unspecified vulnerability in Adium before 1.2 has unknown impact and ...) - TODO: check + NOT-FOR-US: Adium CVE-2008-7189 (Multiple unspecified vulnerabilities in Local Media Browser before 0.1 ...) - TODO: check + NOT-FOR-US: Local Media Browser CVE-2008-7188 (ClipShare 2.6 does not properly restrict access to certain ...) - TODO: check + NOT-FOR-US: ClipShare CVE-2008-7187 (Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Coppermine Photo Gallery CVE-2008-7186 (Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to ...) - TODO: check + NOT-FOR-US: Coppermine Photo Gallery CVE-2007-6730 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) - TODO: check + NOT-FOR-US: ZyXEL P-330W CVE-2007-6729 (Cross-site scripting (XSS) vulnerability in the web management ...) - TODO: check + NOT-FOR-US: ZyXEL P-330W CVE-2009-3110 (Race condition in the file transfer functionality in Symantec Altiris ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2009-3109 (Unspecified vulnerability in the AClient agent in Symantec Altiris ...) @@ -2958,7 +2992,7 @@ CVE-2009-2267 RESERVED CVE-2009-2266 (OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote ...) - TODO: check + NOT-FOR-US: OXID eShop CVE-2009-2281 [Heap-based buffer underflow in the readPostBody function in cgiutil.c ...] RESERVED - mapserver 5.4.2-1 (medium; bug #535340) @@ -3142,7 +3176,7 @@ CVE-2009-2206 RESERVED CVE-2009-2205 (Stack-based buffer overflow in the Java Web Start command launcher in ...) - TODO: check + NOT-FOR-US: Mac OS X CVE-2009-2204 (Unspecified vulnerability in the CoreTelephony component in Apple ...) NOT-FOR-US: Apple iPhone OS CVE-2009-2203