Author: joeyh
Date: 2009-10-13 21:14:23 +0000 (Tue, 13 Oct 2009)
New Revision: 13007
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-10-13 15:27:38 UTC (rev 13006)
+++ data/CVE/list 2009-10-13 21:14:23 UTC (rev 13007)
@@ -1,45 +1,266 @@
-CVE-2009-3692 [VBoxNetAdpCtl privilege escalation]
+CVE-2009-3695 (Algorithmic complexity vulnerability in the forms library in
Django ...)
+ TODO: check
+CVE-2009-3694 (Directory traversal vulnerability in config/config.php in
ezRecipe-Zee ...)
+ TODO: check
+CVE-2009-3693 (Directory traversal vulnerability in the Persits.XUpload.2
ActiveX ...)
+ TODO: check
+CVE-2009-3691 (Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM
...)
+ TODO: check
+CVE-2009-3690
+ RESERVED
+CVE-2009-3689
+ RESERVED
+CVE-2009-3688
+ RESERVED
+CVE-2009-3687
+ RESERVED
+CVE-2009-3686
+ RESERVED
+CVE-2009-3685
+ RESERVED
+CVE-2009-3684
+ RESERVED
+CVE-2009-3683
+ RESERVED
+CVE-2009-3682
+ RESERVED
+CVE-2009-3681
+ RESERVED
+CVE-2009-3680
+ RESERVED
+CVE-2009-3679
+ RESERVED
+CVE-2009-3678
+ RESERVED
+CVE-2009-3677
+ RESERVED
+CVE-2009-3676
+ RESERVED
+CVE-2009-3675
+ RESERVED
+CVE-2009-3674
+ RESERVED
+CVE-2009-3673
+ RESERVED
+CVE-2009-3672
+ RESERVED
+CVE-2009-3671
+ RESERVED
+CVE-2009-3670 (Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1
...)
+ TODO: check
+CVE-2009-3669 (SQL injection vulnerability in the foobla Suggestions ...)
+ TODO: check
+CVE-2009-3668 (Cross-site scripting (XSS) vulnerability in ardguest.php in
Ardguest ...)
+ TODO: check
+CVE-2009-3667 (SQL injection vulnerability in admin/index.php in AdsDX 3.05
allows ...)
+ TODO: check
+CVE-2009-3666 (Cross-site scripting (XSS) vulnerability in index.php in Nullam
Blog ...)
+ TODO: check
+CVE-2009-3665 (Multiple SQL injection vulnerabilities in index.php in Nullam
Blog ...)
+ TODO: check
+CVE-2009-3664 (Multiple directory traversal vulnerabilities in index.php in
Nullam ...)
+ TODO: check
+CVE-2009-3663 (Format string vulnerability in the h_readrequest function in
http.c in ...)
+ TODO: check
+CVE-2009-3662 (FileCopa FTP Server 5.01 allows remote attackers to cause a
denial of ...)
+ TODO: check
+CVE-2009-3661 (Multiple SQL injection vulnerabilities in the DJ-Catalog ...)
+ TODO: check
+CVE-2009-3660 (PHP remote file inclusion vulnerability in
libraries/database.php in ...)
+ TODO: check
+CVE-2009-3659 (SQL injection vulnerability in file/stats.php in BS Counter
2.5.3 ...)
+ TODO: check
+CVE-2009-3658 (Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX
control ...)
+ TODO: check
+CVE-2009-3657 (Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a
module ...)
+ TODO: check
+CVE-2009-3656 (Cross-site request forgery (CSRF) vulnerability in Shared
Sign-On 5.x ...)
+ TODO: check
+CVE-2009-3655 (Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote
attackers ...)
+ TODO: check
+CVE-2009-3654 (Unspecified vulnerability in Boost before 6.x-1.03, a module for
...)
+ TODO: check
+CVE-2009-3653 (Cross-site scripting (XSS) vulnerability in the additional links
...)
+ TODO: check
+CVE-2009-3652 (Cross-site scripting (XSS) vulnerability in Organic Groups (OG)
...)
+ TODO: check
+CVE-2009-3651 (Cross-site scripting (XSS) vulnerability in the
"Monitor browsers'' ...)
+ TODO: check
+CVE-2009-3650 (Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and
earlier ...)
+ TODO: check
+CVE-2009-3649 (Cross-site scripting (XSS) vulnerability in forums/index.php in
Power ...)
+ TODO: check
+CVE-2009-3648 (Cross-site scripting (XSS) vulnerability in Service Links
6.x-1.0, a ...)
+ TODO: check
+CVE-2009-3647 (Cross-site scripting (XSS) vulnerability in emaullinks.php in
YABSoft ...)
+ TODO: check
+CVE-2009-3646 (InterVations NaviCOPA Web Server 3.01 allows remote attackers to
...)
+ TODO: check
+CVE-2009-3645 (SQL injection vulnerability in the JoomlaCache CB Resume Builder
...)
+ TODO: check
+CVE-2009-3644 (SQL injection vulnerability in the Soundset (com_soundset)
component ...)
+ TODO: check
+CVE-2009-3643 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote
attackers to ...)
+ TODO: check
+CVE-2009-3642 (Multiple SQL injection vulnerabilities in the Call Logging
feature in ...)
+ TODO: check
+CVE-2009-3641
+ RESERVED
+CVE-2009-3640
+ RESERVED
+CVE-2009-3639
+ RESERVED
+CVE-2009-3638
+ RESERVED
+CVE-2009-3637
+ RESERVED
+CVE-2009-3636
+ RESERVED
+CVE-2009-3635
+ RESERVED
+CVE-2009-3634
+ RESERVED
+CVE-2009-3633
+ RESERVED
+CVE-2009-3632
+ RESERVED
+CVE-2009-3631
+ RESERVED
+CVE-2009-3630
+ RESERVED
+CVE-2009-3629
+ RESERVED
+CVE-2009-3628
+ RESERVED
+CVE-2009-3627
+ RESERVED
+CVE-2009-3626
+ RESERVED
+CVE-2009-3625
+ RESERVED
+CVE-2009-3624
+ RESERVED
+CVE-2009-3623
+ RESERVED
+CVE-2009-3622
+ RESERVED
+CVE-2009-3621
+ RESERVED
+CVE-2009-3620
+ RESERVED
+CVE-2009-3619
+ RESERVED
+CVE-2009-3618
+ RESERVED
+CVE-2009-3617
+ RESERVED
+CVE-2009-3616
+ RESERVED
+CVE-2009-3615
+ RESERVED
+CVE-2009-3614
+ RESERVED
+CVE-2009-3613
+ RESERVED
+CVE-2009-3612
+ RESERVED
+CVE-2009-3611
+ RESERVED
+CVE-2009-3609
+ RESERVED
+CVE-2009-3608
+ RESERVED
+CVE-2009-3607
+ RESERVED
+CVE-2009-3606
+ RESERVED
+CVE-2009-3605
+ RESERVED
+CVE-2009-3604
+ RESERVED
+CVE-2009-3603
+ RESERVED
+CVE-2009-3591 (Dopewars 1.5.12 allows remote attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2009-3589 (incron 0.5.5 does not initialize supplementary groups when
running a ...)
+ TODO: check
+CVE-2009-3588 (Unspecified vulnerability in the arclib component in the
Anti-Virus ...)
+ TODO: check
+CVE-2009-3587 (Unspecified vulnerability in the arclib component in the
Anti-Virus ...)
+ TODO: check
+CVE-2009-3586
+ RESERVED
+CVE-2009-3585
+ RESERVED
+CVE-2009-3584
+ RESERVED
+CVE-2009-3583
+ RESERVED
+CVE-2009-3582
+ RESERVED
+CVE-2009-3581
+ RESERVED
+CVE-2009-3580
+ RESERVED
+CVE-2009-3578
+ RESERVED
+CVE-2009-3577
+ RESERVED
+CVE-2009-3576
+ RESERVED
+CVE-2009-3575 (Buffer overflow in DHTRoutingTableDeserializer.cc in aria2
0.15.3, ...)
+ TODO: check
+CVE-2009-3571 (Unspecified vulnerability in OpenOffice.org (OOo) has unknown
impact ...)
+ TODO: check
+CVE-2009-3570 (Unspecified vulnerability in OpenOffice.org (OOo) has
unspecified ...)
+ TODO: check
+CVE-2009-3569 (Stack-based buffer overflow in OpenOffice.org (OOo) allows
remote ...)
+ TODO: check
+CVE-2009-3568 (Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module
for ...)
+ TODO: check
+CVE-2009-3692 (Unspecified vulnerability in the VBoxNetAdpCtl configuration
tool in ...)
- virtualbox-ose <unfixed>
[lenny] - virtualbox-ose <not-affected> (vulnerable code not present)
-CVE-2009-3602 [NSEC3 validation bypass in Unbound]
+CVE-2009-3602 (Unbound before 1.3.4 does not properly verify signatures for
NSEC3 ...)
- unbound <unfixed> (low)
NOTE: http://unbound.net/pipermail/unbound-users/2009-October/000852.html
CVE-2009-3610 [possible DoS in django caused by regex starving resources]
+ RESERVED
{DSA-1905-1}
- python-django 1.1.1-1 (medium; bug #550457)
[etch] - python-django <not-affected> (introduced in 1.0)
[lenny] - python-django 1.0.2-1+lenny2
-CVE-2009-3601
+CVE-2009-3601 (Cross-site scripting (XSS) vulnerability in demo_page.php in
Scriptsez ...)
NOT-FOR-US: Scriptsez Ultimate Poll
-CVE-2009-3600
+CVE-2009-3600 (HUBScript 1.0 allows remote attackers to obtain configuration
...)
NOT-FOR-US: HUBScript
-CVE-2009-3599
+CVE-2009-3599 (Cross-site scripting (XSS) vulnerability in single_winner1.php
in ...)
NOT-FOR-US: HUBScript
-CVE-2009-3598
+CVE-2009-3598 (Cross-site scripting (XSS) vulnerability in survey_result.php in
...)
NOT-FOR-US: eCardMAX FormXP
-CVE-2009-3597
+CVE-2009-3597 (Digitaldesign CMS 0.1 stores sensitive information under the web
root ...)
NOT-FOR-US: Digitaldesign CMS
-CVE-2009-3596
+CVE-2009-3596 (JoxTechnology Ajox Poll does not properly restrict access to
...)
NOT-FOR-US: JoxTechnology Ajox Poll
-CVE-2009-3595
+CVE-2009-3595 (SQL injection vulnerability in results.php in VS PANEL 7.5.5
allows ...)
NOT-FOR-US: VS PANEL
-CVE-2009-3594
+CVE-2009-3594 (Cross-site scripting (XSS) vulnerability in bpost.php in BLOB
Blog ...)
NOT-FOR-US: BLOB Blog System
-CVE-2009-3593
+CVE-2009-3593 (Multiple cross-site scripting (XSS) vulnerabilities in
Freelancers 1.0 ...)
NOT-FOR-US: Freelancers
-CVE-2009-3592
+CVE-2009-3592 (Cross-site scripting (XSS) vulnerability in customer/home.php in
...)
NOT-FOR-US: Qualiteam X-Cart
-CVE-2009-3590
+CVE-2009-3590 (SQL injection vulnerability in showcat.php in VS PANEL 7.3.6
allows ...)
NOT-FOR-US: VS PANEL
-CVE-2009-3574
+CVE-2009-3574 (Tuniac 090517c allows remote attackers to cause a denial of
service ...)
NOT-FOR-US: Tuniac
-CVE-2009-3573
+CVE-2009-3573 (Multiple insecure method vulnerabilities in the PDIControl.PDI.1
...)
NOT-FOR-US: ActiveX
-CVE-2009-3572
+CVE-2009-3572 (OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does
not ...)
NOT-FOR-US: OpenBSD
-CVE-2009-3567
+CVE-2009-3567 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Kayako SupportSuite and eSupport
-CVE-2009-3579 [jetty persistent XSS in sample cookies]
+CVE-2009-3579 (Cross-site scripting (XSS) vulnerability in the CookieDump.java
sample ...)
- jetty <unfixed> (unimportant)
NOTE: http://www.coresecurity.com/content/jetty-persistent-xss
NOTE: only an example application
@@ -51,8 +272,8 @@
RESERVED
CVE-2009-3565
RESERVED
-CVE-2009-3564
- RESERVED
+CVE-2009-3564 (puppetmasterd in puppet 0.24.6 does not reset supplementary
groups ...)
+ TODO: check
CVE-2009-3563
RESERVED
CVE-2009-3562 (Cross-site scripting (XSS) vulnerability in Xerver HTTP Server
4.32 ...)
@@ -93,8 +314,8 @@
NOT-FOR-US: DataWizard Technologies FtpXQ FTP Server
CVE-2009-3544 (Xerver HTTP Server 4.32 allows remote attackers to obtain the
source ...)
NOT-FOR-US: Xerver HTTP Server
-CVE-2009-3527
- RESERVED
+CVE-2009-3527 (Race condition in the Pipe (IPC) close function in FreeBSD 6.3
and 6.4 ...)
+ TODO: check
CVE-2009-3526
RESERVED
CVE-2009-XXXX [php5''s pear is vulnerable to symlink attacks]
@@ -300,8 +521,8 @@
RESERVED
CVE-2009-3460
RESERVED
-CVE-2009-3459
- RESERVED
+CVE-2009-3459 (Unspecified vulnerability in Adobe Reader and Acrobat 9.1.3 and
...)
+ TODO: check
CVE-2009-3458
RESERVED
CVE-2009-3457 (Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall
(WAF) ...)
@@ -1904,8 +2125,7 @@
RESERVED
CVE-2009-2949
RESERVED
-CVE-2009-2948 [samba: local password disclosure]
- RESERVED
+CVE-2009-2948 (mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3
before ...)
- samba 2:3.4.2-1 (medium; bug #550423)
CVE-2009-2947 (Cross-site scripting (XSS) vulnerability in Xapian Omega before
1.0.16 ...)
{DSA-1882-1}
@@ -2086,14 +2306,12 @@
RESERVED
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <removed> (medium)
-CVE-2009-2908 [linux-2.6: ecryptfs null ptr dereference]
- RESERVED
+CVE-2009-2908 (The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the
Linux ...)
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <removed> (medium)
CVE-2009-2907
RESERVED
-CVE-2009-2906 [samba: remote dos]
- RESERVED
+CVE-2009-2906 (smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before
3.3.8, ...)
- samba 2:3.4.2-1 (low; bug #550423)
CVE-2009-2905 (Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6,
and ...)
{DSA-1894-1}
@@ -2111,10 +2329,10 @@
RESERVED
CVE-2009-2899
RESERVED
-CVE-2009-2898
- RESERVED
-CVE-2009-2897
- RESERVED
+CVE-2009-2898 (Cross-site scripting (XSS) vulnerability in the Alerts list
feature in ...)
+ TODO: check
+CVE-2009-2897 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2009-2896 (Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote
...)
NOT-FOR-US: KMPlayer: http://www.kmplayer.com
CVE-2009-2895 (SQL injection vulnerability in rss.php in Ultimate Regnow
Affiliate ...)
@@ -2333,7 +2551,7 @@
NOT-FOR-US: Apple iPhone OS
CVE-2009-2814 (Cross-site scripting (XSS) vulnerability in the Wiki Server in
Apple ...)
NOT-FOR-US: Apple Mac OS X
-CVE-2009-2813 (The SMB (aka Samba) subsystem in Apple Mac OS X 10.5.8, when
Windows ...)
+CVE-2009-2813 (Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and
...)
- samba 2:3.4.2-1 (unimportant; bug #550422)
NOTE: requires an administrator to manually configure a user account without
NOTE: a home dir, otherwise, this is ineffective
@@ -2888,8 +3106,7 @@
CVE-2009-2700 (src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x
does not ...)
- qt4-x11 4:4.5.3-1 (medium; bug #545793)
[etch] - qt4-x11 <not-affected> (QSsl* classes were introduced in Qt
4.3)
-CVE-2009-2699 [apr DoS on Solaris]
- RESERVED
+CVE-2009-2699 (The Solaris pollset feature in the Event Port backend in ...)
- apr <not-affected> (does not affect Linux or kFreeBSD)
CVE-2009-2698 (The udp_sendmsg function in the UDP implementation in (1) ...)
{DSA-1872-1}
@@ -2933,8 +3150,8 @@
RESERVED
CVE-2009-2685
RESERVED
-CVE-2009-2684
- RESERVED
+CVE-2009-2684 (Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect
and ...)
+ TODO: check
CVE-2009-2683 (Unspecified vulnerability in the Sender module in HP Remote
Graphics ...)
NOT-FOR-US: HP Remote Graphics
CVE-2009-2682 (Unspecified vulnerability in Role-Based Access Control (RBAC) in
HP ...)
@@ -38228,7 +38445,7 @@
NOT-FOR-US: Oracle
CVE-2007-2109 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3
have ...)
NOT-FOR-US: Oracle
-CVE-2007-2108 (Unspecified vulnerability in the Core RDBMS component Oracle
Database ...)
+CVE-2007-2108 (Unspecified vulnerability in the Core RDBMS component in Oracle
...)
NOT-FOR-US: Oracle
CVE-2006-7196 (Cross-site scripting (XSS) vulnerability in the calendar
application ...)
- tomcat5.5 5.5.16-1 (unimportant)
@@ -39806,7 +40023,7 @@
NOT-FOR-US: IBM Rational ClearQuest
CVE-2007-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
NOT-FOR-US: Cisco
-CVE-2007-1466 (Integer overflow in the the WP6GeneralTextPacket::_readContents
...)
+CVE-2007-1466 (Integer overflow in the WP6GeneralTextPacket::_readContents
function ...)
- libwpd 0.8.9-1 (medium)
[etch] - libwpd 0.8.7-6
CVE-2007-1465 (Stack-based buffer overflow in dproxy.c for dproxy 0.1 through
0.5 ...)
@@ -69452,7 +69669,7 @@
NOT-FOR-US: Liberum
CVE-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp
in ...)
NOT-FOR-US: Liberum
-CVE-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded
uername ...)
+CVE-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded
username ...)
NOT-FOR-US: Fortinet firewall
CVE-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of
service ...)
NOT-FOR-US: NEXTWEB
@@ -70042,7 +70259,7 @@
NOT-FOR-US: Woppoware
CVE-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5)
...)
NOT-FOR-US: Woppoware
-CVE-2005-1649 (The IpV6 support in Windows XP SP2, 2003 Server SP1, and
Longhorn, ...)
+CVE-2005-1649 (The IPv6 support in Windows XP SP2, 2003 Server SP1, and
Longhorn, ...)
NOT-FOR-US: Windows
CVE-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat
database ...)
NOT-FOR-US: GASoft
@@ -72423,7 +72640,7 @@
NOT-FOR-US: AIX
CVE-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to
overwrite ...)
- sharutils 1:4.2.1-13
-CVE-2005-0989 (The find_replen function in jsstr.c in the the Javascript engine
for ...)
+CVE-2005-0989 (The find_replen function in jsstr.c in the Javascript engine for
...)
{DSA-781-1}
- mozilla 2:1.7.7-1 (bug #306001)
- mozilla-firefox 1.0.2-3
@@ -72865,7 +73082,7 @@
NOT-FOR-US: SurgeMail
CVE-2005-0845 (Directory traversal vulnerability in the Webmail interface in
...)
NOT-FOR-US: SurgeMail
-CVE-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the
memory or ...)
+CVE-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the
memory of ...)
NOT-FOR-US: Nortel Contivity
CVE-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a
allows ...)
NOT-FOR-US: Phorum