thr3ads.net - Secure testing commits - [Secure-testing-commits] r12852

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Sep-18 21:14 UTC
[Secure-testing-commits] r12852 - data/CVE

Author: joeyh
Date: 2009-09-18 21:14:14 +0000 (Fri, 18 Sep 2009)
New Revision: 12852

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-09-18 15:50:26 UTC (rev 12851)
+++ data/CVE/list	2009-09-18 21:14:14 UTC (rev 12852)
@@ -1,72 +1,96 @@
-CVE-2009-3236 [horder arbirary file upload]
+CVE-2009-3245
+	RESERVED
+CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in
Adobe ...)
+	TODO: check
+CVE-2009-3243 (Unspecified vulnerability in the TLS dissector in Wireshark
1.2.0 and ...)
+	TODO: check
+CVE-2009-3242 (Unspecified vulnerability in packet.c in the GSM A RR dissector
in ...)
+	TODO: check
+CVE-2009-3241 (Unspecified vulnerability in the OpcUa (OPC UA) dissector in
Wireshark ...)
+	TODO: check
+CVE-2009-3240 (Cross-site scripting (XSS) vulnerability in the Happy Linux
XF-Section ...)
+	TODO: check
+CVE-2009-3239 (Buffer overflow in the EMF parser implementation in
OpenOffice.org ...)
+	TODO: check
+CVE-2009-3238 (The get_random_int function in drivers/char/random.c in the
Linux ...)
+	TODO: check
+CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
...)
+	TODO: check
+CVE-2009-3235 (Multiple stack-based buffer overflows in the Sieve plugin in
Dovecot ...)
+	TODO: check
+CVE-2009-3228
+	RESERVED
+CVE-2005-4881
+	RESERVED
+CVE-2009-3236 (Unspecified vulnerability in the form library in Horde
Application ...)
 	- horde3 <unfixed> (medium; bug #547318)
-CVE-2008-7243
+CVE-2008-7243 (Cross-site request forgery (CSRF) vulnerability in page 34 in
MODx CMS ...)
 	NOT-FOR-US: MODx CMS
-CVE-2008-7242
+CVE-2008-7242 (Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS
...)
 	NOT-FOR-US: MODx CMS
-CVE-2008-7241
+CVE-2008-7241 (Cross-site request forgery (CSRF) vulnerability in PunBB before
1.2.17 ...)
 	NOT-FOR-US: PunBB
-CVE-2008-7240
+CVE-2008-7240 (Directory traversal vulnerability in include/unverified.inc.php
in ...)
 	NOT-FOR-US: Linux Web Shop (LWS) php User Base
 CVE-2009-XXXX [webkit: potential ssl certificate null character stripping
vulnerability]
 	- webkit <unfixed> (medium; bug #547217)
 	TODO: asked maintainer to check; follow-up
-CVE-2009-3234 [Buffer overflow in performance counters]
+CVE-2009-3234 (Buffer overflow in the perf_copy_attr function in ...)
 	- linux-2.6 <not-affected> (Introduced in 2.6.31)
 	- linux-2.6.24 <removed>
 	[etch] - linux-2.6.24 <not-affected> (Introduced in 2.6.31)
 	TODO: check when 2.6.31 enters unstable; working exploit code exists
[-linux-2.6 <unfixed> (high)]
-CVE-2009-3227
+CVE-2009-3227 (Cross-site scripting (XSS) vulnerability in index.php in
AlmondSoft ...)
 	NOT-FOR-US: AlmondSoft Almond Classifieds Ads Enterprise
-CVE-2009-3226
+CVE-2009-3226 (SQL injection vulnerability in index.php in AlmondSoft Almond
...)
 	NOT-FOR-US: AlmondSoft Almond Classifieds Ads Enterprise
-CVE-2009-3225
+CVE-2009-3225 (Multiple cross-site scripting (XSS) vulnerabilities in
AlmondSoft ...)
 	NOT-FOR-US: AlmondSoft Almond Classifieds Wap and Pro
-CVE-2009-3224
+CVE-2009-3224 (SQL injection vulnerability in index.php in Super Mod System,
when ...)
 	NOT-FOR-US: Super Mod System
-CVE-2009-3223
+CVE-2009-3223 (SQL injection vulnerability in ppc-add-keywords.php in Inout
Adserver ...)
 	NOT-FOR-US: Inout Adserver
-CVE-2009-3222
+CVE-2009-3222 (Cross-site scripting (XSS) vulnerability in index.php in ...)
 	NOT-FOR-US: FreeWebScriptz Honest Traffic
-CVE-2009-3221
+CVE-2009-3221 (Stack-based buffer overflow in Audio Lib Player (ALP) allows
remote ...)
 	NOT-FOR-US: Audio Lib Player (ALP)
-CVE-2009-3220
+CVE-2009-3220 (PHP remote file inclusion vulnerability in cp_html2txt.php in
All In ...)
 	NOT-FOR-US: All In One Control Panel
-CVE-2009-3219
+CVE-2009-3219 (Directory traversal vulnerability in a.php in AR Web Content
Manager ...)
 	NOT-FOR-US: AR Web Content Manager
-CVE-2009-3218
+CVE-2009-3218 (SQL injection vulnerability in control/login.php in AR Web
Content ...)
 	NOT-FOR-US: AR Web Content Manager
-CVE-2009-3217
+CVE-2009-3217 (SQL injection vulnerability in the admin module in iWiccle 1.01
allows ...)
 	NOT-FOR-US: iWiccle
-CVE-2009-3216
+CVE-2009-3216 (Multiple directory traversal vulnerabilities in iWiccle 1.01,
when ...)
 	NOT-FOR-US: iWiccle
-CVE-2009-3215
+CVE-2009-3215 (SQL injection vulnerability in IXXO Cart Standalone before
3.9.6.1, ...)
 	NOT-FOR-US: IXXO Cart Standalone
-CVE-2009-3214
+CVE-2009-3214 (Multiple stack-based buffer overflows in Photodex ProShow Gold
...)
 	NOT-FOR-US: Photodex ProShow Gold
-CVE-2009-3213
+CVE-2009-3213 (Stack-based buffer overflow in broid 1.0 Beta 3a allows remote
...)
 	NOT-FOR-US: broid
-CVE-2009-3212
+CVE-2009-3212 (SQL injection vulnerability in VivaPrograms Infinity Script
2.x.x, ...)
 	NOT-FOR-US: VivaPrograms Infinity Script
-CVE-2009-3211
+CVE-2009-3211 (Directory traversal vulnerability in VivaPrograms Infinity
Script ...)
 	NOT-FOR-US: VivaPrograms Infinity Script
-CVE-2009-3210
+CVE-2009-3210 (Multiple cross-site scripting (XSS) vulnerabilities in the Print
(aka ...)
 	NOT-FOR-US: Print (aka Printer, e-mail and PDF versions) Drupal module (3rd
party module)
-CVE-2009-3209
+CVE-2009-3209 (SQL injection vulnerability in remove.php in PHP eMail Manager
3.3.0 ...)
 	NOT-FOR-US: PHP eMail Manager
-CVE-2009-3208
+CVE-2009-3208 (Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow
remote ...)
 	NOT-FOR-US: phpfreeBB
-CVE-2009-3207
+CVE-2009-3207 (The ImageCache module 5.x before 5.x-2.5 and 6.x before ...)
 	NOT-FOR-US: ImageCache module for Drupal (3rd party module)
-CVE-2009-3206
+CVE-2009-3206 (Multiple cross-site scripting (XSS) vulnerabilities in the
ImageCache ...)
 	NOT-FOR-US: ImageCache module for Drupal (3rd party module)
-CVE-2009-3205
+CVE-2009-3205 (SQL injection vulnerability in main.php in CBAuthority allows
remote ...)
 	NOT-FOR-US: CBAuthority
-CVE-2009-3204
+CVE-2009-3204 (Multiple cross-site scripting (XSS) vulnerabilities in Stiva
Forum 1.0 ...)
 	NOT-FOR-US: Stiva Forum
-CVE-2009-3203
+CVE-2009-3203 (SQL injection vulnerability in store.php in AJ Auction Pro OOPD
2.x ...)
 	NOT-FOR-US: AJ Auction Pro OOPD
-CVE-2009-3202
+CVE-2009-3202 (Cross-site scripting (XSS) vulnerability in search.php in ULoKI
PHP ...)
 	NOT-FOR-US: ULoKI PHP Forum
 CVE-2009-3201 (Integer overflow in Media Player Classic 6.4.9 allows
user-assisted ...)
 	NOT-FOR-US: Media Player Classic
@@ -104,7 +128,7 @@
 	NOT-FOR-US: Crazy Star plugin 2.0 for Discuz!
 CVE-2009-3184 (Multiple SQL injection vulnerabilities in index.php in Pirates
of The ...)
 	NOT-FOR-US: Pirates of The Caribbean
-CVE-2009-3233 [changetrack command injection]
+CVE-2009-3233 (changetrack 4.3 allows local users to execute arbitrary commands
via ...)
 	- changetrack 4.5-2 (medium; bug #546791)
 CVE-2008-7228 (Multiple format string vulnerabilities in White_Dune before ...)
 	- whitedune <not-affected> (bug #546903)
@@ -224,21 +248,21 @@
 	NOT-FOR-US: VirtueMart
 CVE-2008-7203 (Valve Software Half-Life Counter-Strike 1.6 allows remote
attackers to ...)
 	NOT-FOR-US: Valve Software Half-Life Counter-Strike
-CVE-2009-3232 [pam-auth-update does not prohibit selecting an empty set of
modules]
+CVE-2009-3232 (pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and
Debian ...)
 	- pam 1.0.1-10 (bug #519927)
 	[lenny] - pam <not-affected> (pam-auth-update not yet present)
 	[etch] - pam <not-affected> (pam-auth-update not yet present)
-CVE-2009-3229 [postgresql: Authenticated non-superusers can shut down the
backend server by re-LOAD-ing libraries]
+CVE-2009-3229 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3
before ...)
 	- postgresql-8.4 8.4.1-1
 	- postgresql-8.3 8.3.8-1
 	- postgresql-8.1 <not-affected>
 	- postgresql-7.4 <not-affected>
-CVE-2009-3230 [postgresql: fix CVE-2007-6600 failed to include protection
against misuse of RESET SESSION AUTHORIZATION]
+CVE-2009-3230 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3
before ...)
 	- postgresql-8.4 8.4.1-1
 	- postgresql-8.3 8.3.8-1
 	- postgresql-8.1 <removed>
 	- postgresql-7.4 <removed>
-CVE-2009-3231 [postgresql: LDAP authentication issue]
+CVE-2009-3231 (The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2
...)
 	- postgresql-8.4 8.4.1-1
 	- postgresql-8.3 8.3.8-1
 	- postgresql-8.1 <not-affected>
@@ -1089,8 +1113,8 @@
 	RESERVED
 CVE-2009-2938
 	RESERVED
-CVE-2009-2937
-	RESERVED
+CVE-2009-2937 (Cross-site scripting (XSS) vulnerability in Planet 2.0 and
Planet ...)
+	TODO: check
 CVE-2009-2936
 	RESERVED
 CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows
remote ...)
@@ -1990,8 +2014,8 @@
 	RESERVED
 CVE-2009-2708
 	RESERVED
-CVE-2009-2707
-	RESERVED
+CVE-2009-2707 (Unspecified vulnerability in ia32el (aka the IA 32 emulation
...)
+	TODO: check
 CVE-2009-2706
 	RESERVED
 CVE-2008-6911 (SQL injection vulnerability in the authenticateUser function in
...)
@@ -2294,7 +2318,7 @@
 	NOT-FOR-US: Joomla! component
 CVE-2009-2633 (PHP remote file inclusion vulnerability in toolbar_ext.php in
the ...)
 	NOT-FOR-US: Joomla! component
-CVE-2009-2632 (Buffer overflow in the SIEVE script component (sieve/script.c)
in ...)
+CVE-2009-2632 (Buffer overflow in the SIEVE script component (sieve/script.c),
as ...)
 	{DSA-1881-1}
 	- cyrus-imapd-2.2 2.2.13-15 (medium)
 CVE-2009-2631
@@ -4308,8 +4332,7 @@
 CVE-2009-1884 (Off-by-one error in the bzinflate function in Bzip2.xs in the
...)
 	- libcompress-raw-bzip2-perl 2.018-1 (medium; bug #542777)
 	[lenny] - libcompress-raw-bzip2-perl 2.011-2lenny1
-CVE-2009-1883 [linux-2.6: crypt missing cap check]
-	RESERVED
+CVE-2009-1883 (The z90crypt_unlocked_ioctl function in the z90crypt driver in
the ...)
 	- linux-2.6 2.6.19-1
 	- linux-2.6.24 <removed>
 	[etch] - linux-2.6.24 <not-affected> (problem was fixed before first
upload)
@@ -10545,10 +10568,10 @@
 	RESERVED
 CVE-2009-0202 (Array index error in FL21WIN.DLL in the PowerPoint Freelance
Windows ...)
 	NOT-FOR-US: Microsoft
-CVE-2009-0201 (Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1
might ...)
+CVE-2009-0201 (Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1
and ...)
 	{DSA-1880-1}
 	- openoffice.org 1:3.1.1~ooo310m15-1
-CVE-2009-0200 (Integer underflow in OpenOffice.org (OOo) before 3.1.1 might
allow ...)
+CVE-2009-0200 (Integer underflow in OpenOffice.org (OOo) before 3.1.1 and ...)
 	{DSA-1880-1}
 	- openoffice.org 1:3.1.1~ooo310m15-1
 CVE-2009-0199 (Heap-based buffer overflow in the VMnc media codec in vmnc.dll
in ...)
Secure testing commits - Sep 2009 - r12852 - data/CVE

[Secure-testing-commits] r12852 - data/CVE
