thr3ads.net - Secure testing commits - [Secure-testing-commits] r12877

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Sep-23 21:14 UTC
[Secure-testing-commits] r12877 - data/CVE

Author: joeyh
Date: 2009-09-23 21:14:11 +0000 (Wed, 23 Sep 2009)
New Revision: 12877

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-09-23 18:32:53 UTC (rev 12876)
+++ data/CVE/list	2009-09-23 21:14:11 UTC (rev 12877)
@@ -1,16 +1,138 @@
-CVE-2009-3290 [linux-2.6: exploitable priviledge escalation in hypercall]
+CVE-2009-3334 (SQL injection vulnerability in the Lhacky! Extensions Cave
Joomla! ...)
+	TODO: check
+CVE-2009-3333 (PHP remote file inclusion vulnerability in koesubmit.php in the
...)
+	TODO: check
+CVE-2009-3332 (SQL injection vulnerability in the JBudgetsMagic
(com_jbudgetsmagic) ...)
+	TODO: check
+CVE-2009-3331 (Multiple PHP remote file inclusion vulnerabilities in DDL CMS
1.0 ...)
+	TODO: check
+CVE-2009-3330 (SQL injection vulnerability in index.php in cP Creator 2.7.1,
when ...)
+	TODO: check
+CVE-2009-3329 (Stack-based buffer overflow in Winplot 1.25.0.1 allows
user-assisted ...)
+	TODO: check
+CVE-2009-3328 (Cross-site scripting (XSS) vulnerability in sign.php in
WX-Guestbook ...)
+	TODO: check
+CVE-2009-3327 (Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208
allow ...)
+	TODO: check
+CVE-2009-3326 (SQL injection vulnerability in index.php in CMScontrol Content
...)
+	TODO: check
+CVE-2009-3325 (SQL injection vulnerability in the Focusplus Developments Survey
...)
+	TODO: check
+CVE-2009-3324 (PHP remote file inclusion vulnerability in
include/prodler.class.php ...)
+	TODO: check
+CVE-2009-3323 (Multiple PHP remote file inclusion vulnerabilities in BAnner
ROtation ...)
+	TODO: check
+CVE-2009-3322 (The Siemens Gigaset SE361 WLAN router allows remote attackers to
cause ...)
+	TODO: check
+CVE-2009-3321 (SQL injection vulnerability in SaphpLesson 4.3, when
magic_quotes_gpc ...)
+	TODO: check
+CVE-2009-3320 (Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas
...)
+	TODO: check
+CVE-2009-3319 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween
1.03 ...)
+	TODO: check
+CVE-2009-3318 (Directory traversal vulnerability in the Roland Breedveld Album
...)
+	TODO: check
+CVE-2009-3317 (PHP remote file inclusion vulnerability in pages/pageHeader.php
in ...)
+	TODO: check
+CVE-2009-3316 (SQL injection vulnerability in the JReservation
(com_jreservation) ...)
+	TODO: check
+CVE-2009-3315 (SQL injection vulnerability in admin/index.php in NeLogic Nephp
...)
+	TODO: check
+CVE-2009-3314 (SQL injection vulnerability in ladders.php in Elite Gaming
Ladders 3.2 ...)
+	TODO: check
+CVE-2009-3313 (Multiple SQL injection vulnerabilities in FMyClone 2.3 allow
remote ...)
+	TODO: check
+CVE-2009-3312 (PHP remote file inclusion vulnerability in php/init.poll.php in
...)
+	TODO: check
+CVE-2009-3311 (Cross-site scripting (XSS) vulnerability in index.php in ...)
+	TODO: check
+CVE-2009-3310 (SQL injection vulnerability in index.php in Zainu 1.0 allows
remote ...)
+	TODO: check
+CVE-2009-3309 (SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta
...)
+	TODO: check
+CVE-2009-3308 (SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1
allows ...)
+	TODO: check
+CVE-2009-3307 (Multiple PHP remote file inclusion vulnerabilities in FSphp
0.2.1 ...)
+	TODO: check
+CVE-2009-3306 (PHP remote file inclusion vulnerability in include/header.php in
...)
+	TODO: check
+CVE-2009-3305
+	RESERVED
+CVE-2009-3304
+	RESERVED
+CVE-2009-3303
+	RESERVED
+CVE-2009-3302
+	RESERVED
+CVE-2009-3301
+	RESERVED
+CVE-2009-3300
+	RESERVED
+CVE-2009-3299
+	RESERVED
+CVE-2009-3298
+	RESERVED
+CVE-2009-3297
+	RESERVED
+CVE-2009-3296
+	RESERVED
+CVE-2009-3295
+	RESERVED
+CVE-2009-3294 (The popen API function in TSRM/tsrm_win32.c in PHP before
5.2.11, when ...)
+	TODO: check
+CVE-2009-3293 (Unspecified vulnerability in the imagecolortransparent function
in PHP ...)
+	TODO: check
+CVE-2009-3292 (Unspecified vulnerability in PHP before 5.2.11 has unknown
impact and ...)
+	TODO: check
+CVE-2009-3291 (The php_openssl_apply_verification_policy function in PHP before
...)
+	TODO: check
+CVE-2009-3289 (The g_file_copy function in glib 2.0 sets the permissions of a
target ...)
+	TODO: check
+CVE-2009-3287 (lib/thin/connection.rb in Thin web server before 1.2.4 relies on
the ...)
+	TODO: check
+CVE-2009-3285
+	RESERVED
+CVE-2009-3284 (Directory traversal vulnerability in phpspot PHP BBS, PHP Image
...)
+	TODO: check
+CVE-2009-3283 (Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP
Image ...)
+	TODO: check
+CVE-2009-3282
+	RESERVED
+CVE-2009-3281
+	RESERVED
+CVE-2009-3280 (Integer signedness error in the find_ie function in ...)
+	TODO: check
+CVE-2009-3279 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613,
3.1.0 ...)
+	TODO: check
+CVE-2009-3278 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613,
3.1.0 ...)
+	TODO: check
+CVE-2009-3277 (DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in
datavault ...)
+	TODO: check
+CVE-2009-3276 (Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in
WinFormsAdvansed ...)
+	TODO: check
+CVE-2009-3275
(Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs ...)
+	TODO: check
+CVE-2009-3274 (Mozilla Firefox 3.6a1, 3.5.2, and earlier 2.x and 3.x versions
on ...)
+	TODO: check
+CVE-2009-3273 (iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch,
does not ...)
+	TODO: check
+CVE-2009-3272 (Stack consumption vulnerability in WebKit.dll in WebKit in Apple
...)
+	TODO: check
+CVE-2009-3271 (Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause
a ...)
+	TODO: check
+CVE-2009-3290 (The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM
in the ...)
 	- linux-2.6 <unfixed> (high)
 	[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
 	- linux-2.6.24 <removed>
 	[etch] - linux-2.6.24 <not-affected> (introduced in 2.6.25)
 	NOTE: fixed in upstream 2.6.31
-CVE-2009-3288 [linux-2.6: scsi null ptr dereference]
+CVE-2009-3288 (The sg_build_indirect function in drivers/scsi/sg.c in Linux
kernel ...)
 	- linux-2.6 <unfixed> (medium)
 	[etch] - linux-2.6 <not-affected> (introduced in 2.6.28)
 	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.28)
 	- linux-2.6.24 <removed>
 	[etch] - linux-2.6.24 <not-affected> (introduced in 2.6.28)
-CVE-2009-3286 [linux-2.6: O_EXCL creates on NFSv4]
+CVE-2009-3286 (NFSv4 in the Linux kernel 2.6.18, and possibly other versions,
does ...)
 	- linux-2.6 2.6.30-1 (low)
 	- linux-2.6.24 <removed>
 CVE-2009-3270 (Microsoft Internet Explorer 7 through 7.0.6000.16711 allows
remote ...)
@@ -89,6 +211,7 @@
 CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
...)
 	TODO: check
 CVE-2009-3235 (Multiple stack-based buffer overflows in the Sieve plugin in
Dovecot ...)
+	{DSA-1893-1 DSA-1892-1}
 	- cyrus-imapd-2.2 2.2.13-17 (medium; bug #547947)
 	- kolab-cyrus-imapd <unfixed> (medium; bug #547712)
 	- dovecot 1:1.2.1-1 (medium; bug #546656)
@@ -169,8 +292,8 @@
 	NOT-FOR-US: ULoKI PHP Forum
 CVE-2009-3201 (Integer overflow in Media Player Classic 6.4.9 allows
user-assisted ...)
 	NOT-FOR-US: Media Player Classic
-CVE-2009-3200
-	RESERVED
+CVE-2009-3200 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613,
3.1.0 ...)
+	TODO: check
 CVE-2009-3199 (Uebimiau Webmail 3.2.0-2.0 stores sensitive information under
the web ...)
 	NOT-FOR-US: Uebimiau Webmail
 CVE-2009-3198 (Cross-site scripting (XSS) vulnerability in search.php in
JCE-Tech ...)
@@ -1191,8 +1314,8 @@
 	RESERVED
 CVE-2009-2940
 	RESERVED
-CVE-2009-2939
-	RESERVED
+CVE-2009-2939 (The postfix.postinst script in the Debian GNU/Linux and Ubuntu
postfix ...)
+	TODO: check
 CVE-2009-2938
 	RESERVED
 CVE-2009-2937 (Cross-site scripting (XSS) vulnerability in Planet 2.0 and
Planet ...)
@@ -1836,12 +1959,12 @@
 	RESERVED
 CVE-2009-2745
 	RESERVED
-CVE-2009-2744
-	RESERVED
-CVE-2009-2743
-	RESERVED
-CVE-2009-2742
-	RESERVED
+CVE-2009-2744 (Unspecified vulnerability in IBM WebSphere Application Server
(WAS) ...)
+	TODO: check
+CVE-2009-2743 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 does
not ...)
+	TODO: check
+CVE-2009-2742 (Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM
...)
+	TODO: check
 CVE-2009-2741 (Unspecified vulnerability in the wberuntimeear application in
the test ...)
 	NOT-FOR-US: IBM WebSphere Business Events 
 CVE-2009-2740 (kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention
...)
@@ -2408,7 +2531,7 @@
 CVE-2009-2633 (PHP remote file inclusion vulnerability in toolbar_ext.php in
the ...)
 	NOT-FOR-US: Joomla! component
 CVE-2009-2632 (Buffer overflow in the SIEVE script component (sieve/script.c),
as ...)
-	{DSA-1881-1}
+	{DSA-1893-1 DSA-1892-1 DSA-1881-1}
 	- cyrus-imapd-2.2 2.2.13-15 (medium)
 	- kolab-cyrus-imapd <unfixed> (medium; bug #547712)
 	- dovecot 1:1.2.1-1 (medium; bug #546656)
@@ -2781,7 +2904,7 @@
 	- sun-java6 6-15-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
-CVE-2009-2474 (neon before 0.28.6, when OpenSSL is used, does not properly
handle a ...)
+CVE-2009-2474 (neon before 0.28.6, when OpenSSL or GnuTLS is used, does not
properly ...)
 	- neon27 0.28.6-1 (low; bug #542926)
 	[lenny] - neon27 <no-dsa> (Minor issue)
 	- neon26 <unfixed> (low; bug #542926)
@@ -3764,9 +3887,9 @@
 	NOT-FOR-US: fuzzylime
 CVE-2008-6833 (Directory traversal vulnerability in commsrss.php in fuzzylime
(cms) ...)
 	NOT-FOR-US: fuzzylime
-CVE-2009-2140
-	RESERVED
-CVE-2009-2139 (Unspecified vulnerability in OpenOffice.org (OOo)
OpenOffice/Go-oo 2.x ...)
+CVE-2009-2140 (Multiple heap-based buffer overflows in ...)
+	TODO: check
+CVE-2009-2139 (Heap-based buffer overflow in
svtools/source/filter.vcl/wmf/enhwmf.cxx ...)
 	{DSA-1880-1}
 	- openoffice.org 1:3.1.1~ooo310m15-1
 CVE-2009-2138 (Multiple open redirect vulnerabilities in TBDev.NET 01-01-08
allow ...)
Secure testing commits - Sep 2009 - r12877 - data/CVE

[Secure-testing-commits] r12877 - data/CVE
