Author: kees Date: 2009-10-24 04:14:44 +0000 (Sat, 24 Oct 2009) New Revision: 13083 Modified: data/CVE/list Log: NFUs: 56 Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-10-24 00:19:42 UTC (rev 13082) +++ data/CVE/list 2009-10-24 04:14:44 UTC (rev 13083) @@ -1,37 +1,37 @@ CVE-2009-3760 (Static code injection vulnerability in config/writeconfig.php in the ...) - TODO: check + NOT-FOR-US: Citrix XenCenterWeb CVE-2009-3759 (Multiple cross-site request forgery (CSRF) vulnerabilities in sample ...) - TODO: check + NOT-FOR-US: Citrix XenCenterWeb CVE-2009-3758 (SQL injection vulnerability in login.php in sample code in the ...) - TODO: check + NOT-FOR-US: Citrix XenCenterWeb CVE-2009-3757 (Multiple cross-site scripting (XSS) vulnerabilities in sample code in ...) - TODO: check + NOT-FOR-US: Citrix XenCenterWeb CVE-2009-3756 (phpBMS 0.96 allows remote attackers to obtain sensitive information ...) - TODO: check + NOT-FOR-US: phpBMS CVE-2009-3755 (Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 ...) - TODO: check + NOT-FOR-US: phpBMS CVE-2009-3754 (Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote ...) - TODO: check + NOT-FOR-US: phpBMS CVE-2009-3753 (Unrestricted file upload vulnerability in Opial 1.0 allows remote ...) - TODO: check + NOT-FOR-US: Opial CVE-2009-3752 (SQL injection vulnerability in home.php in Opial 1.0 allows remote ...) - TODO: check + NOT-FOR-US: Opial CVE-2009-3751 (Cross-site scripting (XSS) vulnerability in home.php in Opial 1.0 ...) - TODO: check + NOT-FOR-US: Opial CVE-2009-3750 (SQL injection vulnerability in read.php in ToyLog 0.1 allows remote ...) - TODO: check + NOT-FOR-US: ToyLog CVE-2009-3749 (The Web Administrator service (STEMWADM.EXE) in Websense Personal ...) - TODO: check + NOT-FOR-US: Websense Personal Email Manager CVE-2009-3748 (Multiple cross-site scripting (XSS) vulnerabilities in the Web ...) - TODO: check + NOT-FOR-US: Websense Personal Email Manager CVE-2009-3747 (Cross-site scripting (XSS) vulnerability in index.php in TBmnetCMS 1.0 ...) - TODO: check + NOT-FOR-US: TBmnetCMS CVE-2009-3746 (XScreenSaver in Sun Solaris 10, when the accessibility feature is ...) - TODO: check + NOT-FOR-US: XScreenSaver in Sun Solaris 10 CVE-2009-3745 (Cross-site scripting (XSS) vulnerability in the help pages in IBM ...) - TODO: check + NOT-FOR-US: IBM Rational AppScan Enterprise Edition CVE-2009-3744 (rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows remote ...) - TODO: check + NOT-FOR-US: EMC RepliStor CVE-2009-3743 RESERVED CVE-2009-3742 @@ -821,41 +821,41 @@ CVE-2009-3410 RESERVED CVE-2009-3409 (Unspecified vulnerability in the PeopleSoft Enterprise HCM (TAM) ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2009-3408 (Unspecified vulnerability in the Oracle Application Object Library ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2009-3407 (Unspecified vulnerability in the Portal component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Application Server CVE-2009-3406 (Unspecified vulnerability in the JD Edwards Tools component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2009-3405 (Unspecified vulnerability in the JD Edwards Tools component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2009-3404 (Unspecified vulnerability in the PeopleSoft PeopleTools & Enterprise ...) - TODO: check + NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2009-3403 (Unspecified vulnerability in the JRockit component in BEA Product ...) - TODO: check + NOT-FOR-US: BEA Product Suite CVE-2009-3402 (Unspecified vulnerability in the Oracle Applications Framework ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2009-3401 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2009-3400 (Unspecified vulnerability in the Oracle Advanced Benefits component in ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2009-3399 (Unspecified vulnerability in the WebLogic Server component in BEA ...) - TODO: check + NOT-FOR-US: BEA Product Suite CVE-2009-3398 RESERVED CVE-2009-3397 (Unspecified vulnerability in the Oracle Application Object Library ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2009-3396 (Unspecified vulnerability in the WebLogic Server component in BEA ...) - TODO: check + NOT-FOR-US: BEA Product Suite CVE-2009-3395 (Unspecified vulnerability in the AutoVue component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2009-3394 RESERVED CVE-2009-3393 (Unspecified vulnerability in the Oracle Application Object Library ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2009-3392 (Unspecified vulnerability in the Agile Engineering Data Management ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2009-XXXX [merkaartor merkaartor.log minor symlink attack] - merkaartor 0.14+svnfixes~20090912-2 (unimportant; bug #548546) [lenny] - merkaartor <not-affected> (vulnerable code not present) @@ -5280,31 +5280,31 @@ CVE-2009-2003 (Ascad Networks Password Protector SD 1.3.1 allows remote attackers to ...) NOT-FOR-US: Ascad Networks Password Protector CVE-2009-2002 (Unspecified vulnerability in the WebLogic Portal component in BEA ...) - TODO: check + NOT-FOR-US: BEA Product Suite CVE-2009-2001 (Unspecified vulnerability in the PL/SQL component in Oracle Database ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2009-2000 (Unspecified vulnerability in the Authentication component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2009-1999 (Unspecified vulnerability in the Business Intelligence Enterprise ...) - TODO: check + NOT-FOR-US: Oracle Application Server CVE-2009-1998 (Unspecified vulnerability in the Oracle Communications Order and ...) - TODO: check + NOT-FOR-US: Oracle Industry Applications CVE-2009-1997 (Unspecified vulnerability in the Authentication component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2009-1996 RESERVED CVE-2009-1995 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2009-1994 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2009-1993 (Unspecified vulnerability in the Application Express component in ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2009-1992 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2009-1991 (Unspecified vulnerability in the Oracle Text component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2009-1990 (Unspecified vulnerability in the Business Intelligence Enterprise ...) - TODO: check + NOT-FOR-US: Oracle Application Server CVE-2009-1989 (Unspecified vulnerability in the PeopleSoft Enterprise FMS component ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2009-1988 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS eProfile ...) @@ -5314,7 +5314,7 @@ CVE-2009-1986 (Unspecified vulnerability in the Oracle Applications Manager component ...) NOT-FOR-US: Oracle Applications Manager CVE-2009-1985 (Unspecified vulnerability in the Network Authentication component in ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2009-1984 (Unspecified vulnerability in the Application Install component in ...) NOT-FOR-US: Oracle E-Business Suite CVE-2009-1983 (Unspecified vulnerability in the Oracle iStore component in Oracle ...) @@ -5326,7 +5326,7 @@ CVE-2009-1980 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: Oracle E-Business Suite CVE-2009-1979 (Unspecified vulnerability in the Network Authentication component in ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2009-1978 (Unspecified vulnerability in the Oracle Secure Backup component in ...) NOT-FOR-US: Oracle Secure Backup CVE-2009-1977 (Unspecified vulnerability in the Oracle Secure Backup component in ...) @@ -5340,9 +5340,9 @@ CVE-2009-1973 (Unspecified vulnerability in the Virtual Private Database component in ...) NOT-FOR-US: Oracle Database CVE-2009-1972 (Unspecified vulnerability in the Auditing component in Oracle Database ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2009-1971 (Unspecified vulnerability in the Data Pump component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2009-1970 (Unspecified vulnerability in the Listener component in Oracle Database ...) NOT-FOR-US: Oracle Database CVE-2009-1969 (Unspecified vulnerability in the Auditing component in Oracle Database ...) @@ -5354,9 +5354,9 @@ CVE-2009-1966 (Unspecified vulnerability in the Config Management component in (1) ...) NOT-FOR-US: Oracle Database CVE-2009-1965 (Unspecified vulnerability in the Net Foundation Layer component in ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2009-1964 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2009-1963 (Unspecified vulnerability in the Network Foundation component in ...) NOT-FOR-US: Oracle Database CVE-2008-6832 (Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA ...) @@ -6755,7 +6755,7 @@ CVE-2009-1480 (SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows ...) NOT-FOR-US: Pragyan CMS CVE-2009-1479 (Directory traversal vulnerability in client/desktop/default.htm in ...) - TODO: check + NOT-FOR-US: Boxalino CVE-2009-1478 (Multiple unspecified vulnerabilities in the DTrace ioctl handlers in ...) NOT-FOR-US: Solaris CVE-2008-6774 (internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end ...) @@ -8600,7 +8600,7 @@ CVE-2009-1019 (Unspecified vulnerability in the Network Authentication component in ...) NOT-FOR-US: Oracle Database CVE-2009-1018 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2009-1017 (Unspecified vulnerability in the BI Publisher component in Oracle ...) NOT-FOR-US: Oracle Application Server CVE-2009-1016 (Unspecified vulnerability in the WebLogic Server component in BEA ...) @@ -8622,7 +8622,7 @@ CVE-2009-1008 (Unspecified vulnerability in the Outside In Technology component in ...) NOT-FOR-US: Oracle Application Server CVE-2009-1007 (Unspecified vulnerability in the Data Mining component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2009-1006 (Unspecified vulnerability in the JRockit component in BEA Product ...) NOT-FOR-US: BEA Product Suite CVE-2009-1005 (Unspecified vulnerability in the Oracle Data Service Integrator ...) @@ -17868,9 +17868,9 @@ - linux-2.6 2.6.26-5 [etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.26) CVE-2008-3685 (Directory traversal vulnerability in aws_tmxn.exe in the Admin Agent ...) - TODO: check + NOT-FOR-US: EMC Documentum ApplicationXtender Workflow CVE-2008-3684 (Heap-based buffer overflow in aws_tmxn.exe in the Admin Agent service ...) - TODO: check + NOT-FOR-US: EMC Documentum ApplicationXtender Workflow CVE-2008-3683 (Unspecified vulnerability in the FTP subsystem in Sun Java System Web ...) NOT-FOR-US: Sun Java System Web Proxy Server CVE-2008-3682 (SQL injection vulnerability in dpage.php in YPN PHP Realty allows ...)