Author: derevko-guest Date: 2010-01-10 13:43:17 +0000 (Sun, 10 Jan 2010) New Revision: 13778 Modified: data/CVE/list Log: - CVE-2009-4565: sendmail does not properly handle a ''\0'' character - sarg issues - NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-01-10 13:11:25 UTC (rev 13777) +++ data/CVE/list 2010-01-10 13:43:17 UTC (rev 13778) @@ -257,11 +257,11 @@ CVE-2009-4560 (SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows ...) NOT-FOR-US: WebLeague CVE-2009-4559 (Cross-site scripting (XSS) vulnerability in the Submitted By module ...) - TODO: check + NOT-FOR-US: module for Drupal CVE-2009-4558 (The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before ...) - TODO: check + NOT-FOR-US: module for Drupal CVE-2009-4557 (Cross-site scripting (XSS) vulnerability in the Image Assist module ...) - TODO: check + NOT-FOR-US: module for Drupal CVE-2009-4556 (Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security ...) NOT-FOR-US: Quick Heal products CVE-2009-4555 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) @@ -279,25 +279,25 @@ CVE-2009-4549 (Stack-based buffer overflow in A2 Media Player Pro 2.51 allows remote ...) NOT-FOR-US: A2 Media Player Pro CVE-2009-4548 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk ...) - TODO: check + NOT-FOR-US: ViArt Helpdesk CVE-2009-4547 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x ...) - TODO: check + NOT-FOR-US: ViArt CMS CVE-2009-4546 (globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers ...) - TODO: check + NOT-FOR-US: Logoshows BBS CVE-2009-4545 (Logoshows BBS 2.0 stores sensitive information under the web root with ...) - TODO: check + NOT-FOR-US: Logoshows BBS CVE-2009-4544 (Cross-site scripting (XSS) vulnerability in kbase/kbase.php in ...) - TODO: check + NOT-FOR-US: Cromosoft Technologies Facil Helpdesk CVE-2009-4543 (PHP remote file inclusion vulnerability in index.php in Cromosoft ...) - TODO: check + NOT-FOR-US: Cromosoft Technologies Facil Helpdesk CVE-2009-4542 (Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft ...) - TODO: check + NOT-FOR-US: IsolSoft Support Center CVE-2009-4541 (Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support ...) - TODO: check + NOT-FOR-US: IsolSoft Support Center CVE-2009-4540 (SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows ...) - TODO: check + NOT-FOR-US: Mini CMS CVE-2009-4539 (Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager ...) - TODO: check + NOT-FOR-US: SQLiteManager CVE-2010-XXXX [nis users shadow password leakage] - eglibc 2.10.2-4 (medium; bug #560333) - glibc <removed> (medium) @@ -468,6 +468,7 @@ CVE-2009-4481 (Unspecified vulnerability in radiusd in FreeRADIUS 1.1.7 allows remote ...) - freeradius <unfixed> TODO: check + NOTE: this disclosure has no actionable information CVE-2009-4480 (Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might ...) NOT-FOR-US: AzeoTech DAQFactory CVE-2009-4479 (LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial ...) @@ -513,14 +514,11 @@ CVE-2009-4459 (Redmine 0.8.7 and earlier uses the title tag before defining the ...) - redmine <unfixed> (bug #563940) CVE-2008-7250 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report ...) - - sarg <unfixed> - TODO: check + - sarg 2.2.5-1 (low) CVE-2008-7249 (Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and ...) - - sarg <unfixed> - TODO: check + - sarg 2.2.4-1 (medium) CVE-2009-4565 (sendmail before 8.14.4 does not properly handle a ''\0'' character in a ...) - - sendmail <unfixed> - TODO: check + - sendmail <unfixed> (medium; bug #564581) NOTE: http://www.sendmail.org/releases/8.14.4 CVE-2009-4458 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 ...) - freepbx <itp> (bug #464926) @@ -2640,7 +2638,7 @@ CVE-2009-3735 RESERVED CVE-2009-3734 (Unspecified vulnerability in the management console in the S2 Security ...) - TODO: check + NOT-FOR-US: S2 Security Linear eMerge Access Control System CVE-2009-XXXX [mandos 0600 file being included in initrd] - mandos 1.0.13-1 (bug #551907) CVE-2009-3733 (Directory traversal vulnerability in VMware Server 1.x before 1.0.10 ...) @@ -2648,7 +2646,7 @@ CVE-2009-3732 RESERVED CVE-2009-3731 (Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help ...) - TODO: check + NOT-FOR-US: WebWorks Help CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...) NOT-FOR-US: ReqWeb CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality ...)