Author: joeyh
Date: 2009-09-30 21:14:17 +0000 (Wed, 30 Sep 2009)
New Revision: 12912
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-09-30 21:03:52 UTC (rev 12911)
+++ data/CVE/list 2009-09-30 21:14:17 UTC (rev 12912)
@@ -1,3 +1,121 @@
+CVE-2009-3505 (SQL injection vulnerability in view_news.php in Vastal I-Tech
MMORPG ...)
+ TODO: check
+CVE-2009-3504 (SQL injection vulnerability in offers_buy.php in Alibaba Clone
3.0 ...)
+ TODO: check
+CVE-2009-3503 (Multiple SQL injection vulnerabilities in search.aspx in
BPowerHouse ...)
+ TODO: check
+CVE-2009-3502 (SQL injection vulnerability in music.php in BPowerHouse BPMusic
1.0 ...)
+ TODO: check
+CVE-2009-3501 (SQL injection vulnerability in students.php in BPowerHouse
BPStudents ...)
+ TODO: check
+CVE-2009-3500 (Multiple SQL injection vulnerabilities in BPowerHouse BPGames
1.0 ...)
+ TODO: check
+CVE-2009-3499 (SQL injection vulnerability in employee.aspx in BPowerHouse ...)
+ TODO: check
+CVE-2009-3498 (SQL injection vulnerability in php/update_article_hits.php in
HBcms ...)
+ TODO: check
+CVE-2009-3497 (SQL injection vulnerability in view_listing.php in Vastal I-Tech
Agent ...)
+ TODO: check
+CVE-2009-3496 (Cross-site scripting (XSS) vulnerability in view_mag.php in
Vastal ...)
+ TODO: check
+CVE-2009-3495 (SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD
Zone ...)
+ TODO: check
+CVE-2009-3494 (Multiple SQL injection vulnerabilities in index.php in T-HTB
Manager ...)
+ TODO: check
+CVE-2009-3493 (Multiple cross-site scripting (XSS) vulnerabilities in Zenas
...)
+ TODO: check
+CVE-2009-3492 (Multiple PHP remote file inclusion vulnerabilities in Loggix
Project ...)
+ TODO: check
+CVE-2009-3491 (SQL injection vulnerability in the Kinfusion SportFusion ...)
+ TODO: check
+CVE-2009-3490 (GNU Wget before 1.12 does not properly handle a
''\0'' character in a ...)
+ TODO: check
+CVE-2009-3489 (Adobe Photoshop Elements 8.0 installs the Adobe Active File
Monitor V8 ...)
+ TODO: check
+CVE-2009-3488 (Cross-site scripting (XSS) vulnerability in the Bibliography
(aka ...)
+ TODO: check
+CVE-2009-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the J-Web
...)
+ TODO: check
+CVE-2009-3486 (Multiple cross-site scripting (XSS) vulnerabilities in the J-Web
...)
+ TODO: check
+CVE-2009-3485 (Cross-site scripting (XSS) vulnerability in the J-Web interface
in ...)
+ TODO: check
+CVE-2009-3484 (Stack-based buffer overflow in Core FTP 2.1 build 1612 allows
...)
+ TODO: check
+CVE-2009-3483 (Heap-based buffer overflow in the Create New Site feature in
...)
+ TODO: check
+CVE-2009-3482 (TrustPort Antivirus before 2.8.0.2266 and PC Security before
...)
+ TODO: check
+CVE-2009-3481 (A certain interface in the iCRM Basic (com_icrmbasic) component
...)
+ TODO: check
+CVE-2009-3480 (SQL injection vulnerability in the iCRM Basic (com_icrmbasic)
...)
+ TODO: check
+CVE-2009-3479 (Cross-site scripting (XSS) vulnerability in Bibliography
(Biblio) 5.x ...)
+ TODO: check
+CVE-2009-3478 (Argument injection vulnerability in (1) ...)
+ TODO: check
+CVE-2009-3477 (The Blackberry Browser in RIM BlackBerry Device Software 4.5.0
before ...)
+ TODO: check
+CVE-2009-3476 (Buffer overflow in OpenSAML before 1.1.3 as used in Internet2
...)
+ TODO: check
+CVE-2009-3475 (Internet2 Shibboleth Service Provider software 1.3.x before
1.3.3 and ...)
+ TODO: check
+CVE-2009-3474 (OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as
used by ...)
+ TODO: check
+CVE-2009-3473 (IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER
privilege ...)
+ TODO: check
+CVE-2009-3472 (IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows
...)
+ TODO: check
+CVE-2009-3471 (IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 does
not ...)
+ TODO: check
+CVE-2009-3470 (IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10
...)
+ TODO: check
+CVE-2009-3469 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2009-3468 (Multiple unspecified vulnerabilities in Common Desktop
Environment ...)
+ TODO: check
+CVE-2009-3467
+ RESERVED
+CVE-2009-3466
+ RESERVED
+CVE-2009-3465
+ RESERVED
+CVE-2009-3464
+ RESERVED
+CVE-2009-3463
+ RESERVED
+CVE-2009-3462
+ RESERVED
+CVE-2009-3461
+ RESERVED
+CVE-2009-3460
+ RESERVED
+CVE-2009-3459
+ RESERVED
+CVE-2009-3458
+ RESERVED
+CVE-2009-3457 (Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall
(WAF) ...)
+ TODO: check
+CVE-2009-3456 (Google Chrome, possibly 3.0.195.21 and earlier, does not
properly ...)
+ TODO: check
+CVE-2009-3455 (Apple Safari, possibly before 4.0.3, on Mac OS X does not
properly ...)
+ TODO: check
+CVE-2009-3454 (Microsoft Internet Explorer does not properly handle a
''\0'' character ...)
+ TODO: check
+CVE-2009-3453 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus
...)
+ TODO: check
+CVE-2009-3452 (WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows
remote ...)
+ TODO: check
+CVE-2009-3451 (Directory traversal vulnerability in WebCoreModule.ashx in
RADactive ...)
+ TODO: check
+CVE-2009-3450 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2009-3449 (MP3 Collector 2.3 allows remote attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2009-3448 (npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows
remote ...)
+ TODO: check
+CVE-2009-3447 (Unrestricted file upload vulnerability in RADactive I-Load
before ...)
+ TODO: check
CVE-2009-XXXX [ffmpeg missing input sanitization/crashes]
- ffmpeg <unfixed>
- ffmpeg-debian <removed>
@@ -475,7 +593,7 @@
RESERVED
CVE-2005-4881
RESERVED
-CVE-2009-3236 (Unspecified vulnerability in the form library in Horde
Application ...)
+CVE-2009-3236 (The form library in Horde Application Framework 3.2 before 3.2.5
and ...)
{DSA-1897-1}
- horde3 3.3.5+debian0-1 (medium; bug #547318)
CVE-2008-7243 (Cross-site request forgery (CSRF) vulnerability in page 34 in
MODx CMS ...)
@@ -833,7 +951,7 @@
NOT-FOR-US: Uiga Church Portal
CVE-2009-3115 (SolarWinds TFTP Server 9.2.0.111 and earlier allows remote
attackers ...)
NOT-FOR-US: SolarWinds TFTP Server
-CVE-2009-3114 (The RSS reader widget in IBM Lotus Notes 8.5 saves items from an
RSS ...)
+CVE-2009-3114 (The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items
from ...)
NOT-FOR-US: IBM Lotus Notes
CVE-2009-3113 (Unspecified vulnerability in OXID eShop Professional,
Enterprise, and ...)
NOT-FOR-US: OXID eShop Professional
@@ -1735,8 +1853,7 @@
RESERVED
CVE-2009-2906
RESERVED
-CVE-2009-2905 [newt: buffer overflow]
- RESERVED
+CVE-2009-2905 (Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6,
and ...)
{DSA-1894-1}
- newt <unfixed> (medium; bug #548198)
CVE-2009-2904
@@ -2579,12 +2696,12 @@
RESERVED
CVE-2009-2684
RESERVED
-CVE-2009-2683
- RESERVED
+CVE-2009-2683 (Unspecified vulnerability in the Sender module in HP Remote
Graphics ...)
+ TODO: check
CVE-2009-2682 (Unspecified vulnerability in Role-Based Access Control (RBAC) in
HP ...)
NOT-FOR-US: HP-UX
-CVE-2009-2681
- RESERVED
+CVE-2009-2681 (Unspecified vulnerability in HP ProCurve Identity Driven Manager
(IDM) ...)
+ TODO: check
CVE-2009-2680 (Unspecified vulnerability in the Remote Management Interface
(RMI) for ...)
NOT-FOR-US: HP StorageWorks
CVE-2009-2679
@@ -51983,7 +52100,7 @@
NOT-FOR-US: Toshiba drivers for Windows
CVE-2006-3145 (Buffer overflow in pamtofits of NetPBM 10.30 through 10.33
allows ...)
- netpbm-free <not-affected> (Debian''s version is too old;
affects 10.30 to 10.33 only)
-CVE-2006-3144 (PHP remote file inclusion vulnerability in microcms-include.php
in IBD ...)
+CVE-2006-3144 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: IBD Micro CMS
CVE-2006-3143 (Cross-site scripting (XSS) vulnerability in icue_login.asp in
Maximus ...)
NOT-FOR-US: Maximus SchoolMAX