Author: joeyh
Date: 2010-01-07 21:14:19 +0000 (Thu, 07 Jan 2010)
New Revision: 13754
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-01-07 19:58:58 UTC (rev 13753)
+++ data/CVE/list 2010-01-07 21:14:19 UTC (rev 13754)
@@ -1,4 +1,306 @@
-CVE-2010-XXXX (NIS users shadow password leakage)
+CVE-2010-0219
+ RESERVED
+CVE-2010-0218
+ RESERVED
+CVE-2010-0217
+ RESERVED
+CVE-2010-0216
+ RESERVED
+CVE-2010-0215
+ RESERVED
+CVE-2010-0214
+ RESERVED
+CVE-2010-0213
+ RESERVED
+CVE-2010-0212
+ RESERVED
+CVE-2010-0211
+ RESERVED
+CVE-2010-0210
+ RESERVED
+CVE-2010-0209
+ RESERVED
+CVE-2010-0208
+ RESERVED
+CVE-2010-0207
+ RESERVED
+CVE-2010-0206
+ RESERVED
+CVE-2010-0205
+ RESERVED
+CVE-2010-0204
+ RESERVED
+CVE-2010-0203
+ RESERVED
+CVE-2010-0202
+ RESERVED
+CVE-2010-0201
+ RESERVED
+CVE-2010-0200
+ RESERVED
+CVE-2010-0199
+ RESERVED
+CVE-2010-0198
+ RESERVED
+CVE-2010-0197
+ RESERVED
+CVE-2010-0196
+ RESERVED
+CVE-2010-0195
+ RESERVED
+CVE-2010-0194
+ RESERVED
+CVE-2010-0193
+ RESERVED
+CVE-2010-0192
+ RESERVED
+CVE-2010-0191
+ RESERVED
+CVE-2010-0190
+ RESERVED
+CVE-2010-0189
+ RESERVED
+CVE-2010-0188
+ RESERVED
+CVE-2010-0187
+ RESERVED
+CVE-2010-0186
+ RESERVED
+CVE-2010-0185
+ RESERVED
+CVE-2010-0184
+ RESERVED
+CVE-2010-0183
+ RESERVED
+CVE-2010-0182
+ RESERVED
+CVE-2010-0181
+ RESERVED
+CVE-2010-0180
+ RESERVED
+CVE-2010-0179
+ RESERVED
+CVE-2010-0178
+ RESERVED
+CVE-2010-0177
+ RESERVED
+CVE-2010-0176
+ RESERVED
+CVE-2010-0175
+ RESERVED
+CVE-2010-0174
+ RESERVED
+CVE-2010-0173
+ RESERVED
+CVE-2010-0172
+ RESERVED
+CVE-2010-0171
+ RESERVED
+CVE-2010-0170
+ RESERVED
+CVE-2010-0169
+ RESERVED
+CVE-2010-0168
+ RESERVED
+CVE-2010-0167
+ RESERVED
+CVE-2010-0166
+ RESERVED
+CVE-2010-0165
+ RESERVED
+CVE-2010-0164
+ RESERVED
+CVE-2010-0163
+ RESERVED
+CVE-2010-0162
+ RESERVED
+CVE-2010-0161
+ RESERVED
+CVE-2010-0160
+ RESERVED
+CVE-2010-0159
+ RESERVED
+CVE-2010-0158 (SQL injection vulnerability in the JoomlaBamboo (JB) Simpla
Admin ...)
+ TODO: check
+CVE-2010-0157 (Directory traversal vulnerability in the Bible Study
(com_biblestudy) ...)
+ TODO: check
+CVE-2010-0156
+ RESERVED
+CVE-2010-0155
+ RESERVED
+CVE-2010-0154
+ RESERVED
+CVE-2010-0153
+ RESERVED
+CVE-2010-0152
+ RESERVED
+CVE-2010-0151
+ RESERVED
+CVE-2010-0150
+ RESERVED
+CVE-2010-0149
+ RESERVED
+CVE-2010-0148
+ RESERVED
+CVE-2010-0147
+ RESERVED
+CVE-2010-0146
+ RESERVED
+CVE-2010-0145
+ RESERVED
+CVE-2010-0144
+ RESERVED
+CVE-2010-0143
+ RESERVED
+CVE-2010-0142
+ RESERVED
+CVE-2010-0141
+ RESERVED
+CVE-2010-0140
+ RESERVED
+CVE-2010-0139
+ RESERVED
+CVE-2010-0138
+ RESERVED
+CVE-2010-0137
+ RESERVED
+CVE-2010-0136
+ RESERVED
+CVE-2010-0135
+ RESERVED
+CVE-2010-0134
+ RESERVED
+CVE-2010-0133
+ RESERVED
+CVE-2010-0132
+ RESERVED
+CVE-2010-0131
+ RESERVED
+CVE-2010-0130
+ RESERVED
+CVE-2010-0129
+ RESERVED
+CVE-2010-0128
+ RESERVED
+CVE-2010-0127
+ RESERVED
+CVE-2010-0126
+ RESERVED
+CVE-2010-0125
+ RESERVED
+CVE-2010-0124
+ RESERVED
+CVE-2010-0123
+ RESERVED
+CVE-2010-0122
+ RESERVED
+CVE-2010-0121
+ RESERVED
+CVE-2010-0120
+ RESERVED
+CVE-2010-0119
+ RESERVED
+CVE-2010-0118
+ RESERVED
+CVE-2010-0117
+ RESERVED
+CVE-2010-0116
+ RESERVED
+CVE-2009-4585 (UranyumSoft Listing Service stores sensitive information under
the web ...)
+ TODO: check
+CVE-2009-4584 (admin.php in dB Masters Multimedia Links Directory 3.1.3 allows
remote ...)
+ TODO: check
+CVE-2009-4583 (SQL injection vulnerability in the DhForum (com_dhforum)
component for ...)
+ TODO: check
+CVE-2009-4582 (SQL injection vulnerability in detail.php in the Dictionary
module for ...)
+ TODO: check
+CVE-2009-4581 (Directory traversal vulnerability in modules/admincp.php in ...)
+ TODO: check
+CVE-2009-4580 (Multiple cross-site scripting (XSS) vulnerabilities in Hasta
Blog 2.3 ...)
+ TODO: check
+CVE-2009-4579 (Cross-site scripting (XSS) vulnerability in the Artist avenue
...)
+ TODO: check
+CVE-2009-4578 (Cross-site scripting (XSS) vulnerability in the Facileforms ...)
+ TODO: check
+CVE-2009-4577 (SQL injection vulnerability in the MDForum module 2.x through
2.07 for ...)
+ TODO: check
+CVE-2009-4576 (SQL injection vulnerability in the BeeHeard (com_beeheard)
component ...)
+ TODO: check
+CVE-2009-4575 (Cross-site scripting (XSS) vulnerability in the Q-Personel ...)
+ TODO: check
+CVE-2009-4574 (SQL injection vulnerability in country_escorts.php in I-Escorts
...)
+ TODO: check
+CVE-2009-4573 (Multiple cross-site scripting (XSS) vulnerabilities in the
Joomulus ...)
+ TODO: check
+CVE-2009-4572 (Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1
...)
+ TODO: check
+CVE-2009-4571 (Multiple SQL injection vulnerabilities in index.php in PhpShop
0.8.1 ...)
+ TODO: check
+CVE-2009-4570 (Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows
...)
+ TODO: check
+CVE-2009-4569 (SQL injection vulnerability in elkagroup Image Gallery allows
remote ...)
+ TODO: check
+CVE-2009-4568 (Cross-site scripting (XSS) vulnerability in Webmin before 1.500
and ...)
+ TODO: check
+CVE-2009-4567 (Multiple cross-site scripting (XSS) vulnerabilities in
editprofile.php ...)
+ TODO: check
+CVE-2009-4566 (SQL injection vulnerability in index.php in Zenphoto 1.2.5
allows ...)
+ TODO: check
+CVE-2009-4565 (sendmail before 8.14.4 does not properly handle a
''\0'' character in a ...)
+ TODO: check
+CVE-2009-4564 (SQL injection vulnerability in index.php in Zenphoto 1.2.5, when
the ...)
+ TODO: check
+CVE-2009-4563 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2009-4562 (Cross-site scripting (XSS) vulnerability in zp-core/admin.php in
...)
+ TODO: check
+CVE-2009-4561 (Multiple SQL injection vulnerabilities in Admin/index.php in
WebLeague ...)
+ TODO: check
+CVE-2009-4560 (SQL injection vulnerability in profile.php in WebLeague 2.2.0
allows ...)
+ TODO: check
+CVE-2009-4559 (Cross-site scripting (XSS) vulnerability in the Submitted By
module ...)
+ TODO: check
+CVE-2009-4558 (The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before
...)
+ TODO: check
+CVE-2009-4557 (Cross-site scripting (XSS) vulnerability in the Image Assist
module ...)
+ TODO: check
+CVE-2009-4556 (Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total
Security ...)
+ TODO: check
+CVE-2009-4555 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+ TODO: check
+CVE-2009-4554 (Multiple cross-site scripting (XSS) vulnerabilities in Snitz
Forums ...)
+ TODO: check
+CVE-2009-4553 (Stack-based buffer overflow in iRehearse allows remote attackers
to ...)
+ TODO: check
+CVE-2009-4552 (Cross-site scripting (XSS) vulnerability in the Survey Pro
module for ...)
+ TODO: check
+CVE-2009-4551 (SQL injection vulnerability in the Survey Pro module for Miniweb
2.0 ...)
+ TODO: check
+CVE-2009-4550 (SQL injection vulnerability in the Kunena Forum (com_kunena)
component ...)
+ TODO: check
+CVE-2009-4549 (Stack-based buffer overflow in A2 Media Player Pro 2.51 allows
remote ...)
+ TODO: check
+CVE-2009-4548 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt
Helpdesk ...)
+ TODO: check
+CVE-2009-4547 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS
3.x ...)
+ TODO: check
+CVE-2009-4546 (globepersonnel_login.asp in Logoshows BBS 2.0 allows remote
attackers ...)
+ TODO: check
+CVE-2009-4545 (Logoshows BBS 2.0 stores sensitive information under the web
root with ...)
+ TODO: check
+CVE-2009-4544 (Cross-site scripting (XSS) vulnerability in kbase/kbase.php in
...)
+ TODO: check
+CVE-2009-4543 (PHP remote file inclusion vulnerability in index.php in
Cromosoft ...)
+ TODO: check
+CVE-2009-4542 (Cross-site scripting (XSS) vulnerability in newticket.php in
IsolSoft ...)
+ TODO: check
+CVE-2009-4541 (Multiple PHP remote file inclusion vulnerabilities in IsolSoft
Support ...)
+ TODO: check
+CVE-2009-4540 (SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows
...)
+ TODO: check
+CVE-2009-4539 (Cross-site scripting (XSS) vulnerability in main.php in
SQLiteManager ...)
+ TODO: check
+CVE-2010-XXXX
- eglibc 2.10.2-4 (medium; bug #560333)
- glibc <removed> (medium)
CVE-2010-0115
@@ -495,6 +797,7 @@
CVE-2009-4364 (Cross-site scripting (XSS) vulnerability in index.php in
ScriptsEz Ez ...)
NOT-FOR-US: ScriptsEz Ez Blog
CVE-2009-4363 (Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application
...)
+ {DSA-1966-1}
- horde3 3.3.6+debian0-1 (low)
CVE-2009-4362 (Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local
users ...)
NOT-FOR-US: IBM AIX
@@ -708,6 +1011,7 @@
NOTE:
http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf
CVE-2010-0012 [transmission directory traversal when processing .torrent files]
RESERVED
+ {DSA-1967-1}
- transmission 1.77-1 (low)
TODO: check affected versions
NOTE: http://trac.transmissionbt.com/changeset/9829/
@@ -1119,7 +1423,7 @@
NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
CVE-2009-4169 (Cross-site scripting (XSS) vulnerability in wp-cumulus.php in
the ...)
NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
-CVE-2009-4168 (Cross-site scripting (XSS) vulnerability in tagcloud.swf in the
...)
+CVE-2009-4168 (Cross-site scripting (XSS) vulnerability in Roy Tanck
tagcloud.swf, as ...)
NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
CVE-2009-4167 (Unspecified vulnerability in the Automatic Base Tags for RealUrl
...)
NOT-FOR-US: TYPO3 extension
@@ -2335,8 +2639,8 @@
NOTE: might''ve been fixed earlier
CVE-2009-3735
RESERVED
-CVE-2009-3734
- RESERVED
+CVE-2009-3734 (Unspecified vulnerability in the management console in the S2
Security ...)
+ TODO: check
CVE-2009-XXXX [mandos 0600 file being included in initrd]
- mandos 1.0.13-1 (bug #551907)
CVE-2009-3733 (Directory traversal vulnerability in VMware Server 1.x before
1.0.10 ...)
@@ -2489,6 +2793,7 @@
CVE-2009-3702 (Multiple absolute path traversal vulnerabilities in PHP-Calendar
1.1 ...)
NOT-FOR-US: PHP-Calendar
CVE-2009-3701 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ {DSA-1966-1}
- horde3 3.3.6+debian0-1 (low)
NOTE: In order to successfully exploit this vulnerability the targeted user
has to be logged as an administrator.
CVE-2009-3700 (Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows
remote ...)
@@ -3790,6 +4095,7 @@
- linux-2.6 2.6.30-1 (low)
- linux-2.6.24 <removed> (low)
CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
...)
+ {DSA-1966-1}
- horde3 3.3.5+debian0-1 (low)
[lenny] - horde3 3.2.2+debian0-2+lenny1
NOTE: horde3 issue fixed in backport of latest DSA, DSA however did not fix
etch
@@ -6716,7 +7022,7 @@
NOT-FOR-US: NetBSD
CVE-2009-2482 (The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and
5.0 ...)
NOT-FOR-US: NetBSD OpenPAM
-CVE-2009-2481 (mt-wizard.cgi in Six Apart Movable Type before 4.261 when global
...)
+CVE-2009-2481 (mt-wizard.cgi in Six Apart Movable Type before 4.261, when
global ...)
NOT-FOR-US: Six Apart Movable Type
CVE-2009-2480 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six
Apart ...)
NOT-FOR-US: Six Apart Movable Type
@@ -19098,7 +19404,7 @@
NOT-FOR-US: Microsoft Office Excel
CVE-2008-4267
RESERVED
-CVE-2008-4266 (Arracy index vulnerability in Microsoft Office Excel 2000 SP3,
2002 ...)
+CVE-2008-4266 (Array index vulnerability in Microsoft Office Excel 2000 SP3,
2002 ...)
NOT-FOR-US: Microsoft Office Excel
CVE-2008-4265 (Microsoft Office Excel 2000 SP3 allows remote attackers to
execute ...)
NOT-FOR-US: Microsoft Office Excel
@@ -70758,7 +71064,7 @@
NOTE: From Chris Gragsone''s message on BUGTRAQ:
NOTE: "IPRoute, by David F. Mischler, is PC-based router software
NOTE: "for networks running the Internet Protocol (IP)."
-CVE-2001-1539 (The JavaScript settimeout function in Internet Explorer allows
remote ...)
+CVE-2001-1539 (Stack consumption vulnerability in Internet Explorer The
JavaScript ...)
NOT-FOR-US: MSIE
CVE-2001-1538 (SpeedXess HA-120 DSL router has a default administrative
password of ...)
NOT-FOR-US: SpeedXess HA-120 DSL router