Author: geissert Date: 2010-09-17 01:49:55 +0000 (Fri, 17 Sep 2010) New Revision: 15341 Modified: data/CVE/list Log: new pixelpost and otrs issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-09-17 01:15:36 UTC (rev 15340) +++ data/CVE/list 2010-09-17 01:49:55 UTC (rev 15341) @@ -1,3 +1,11 @@ +CVE-2010-XXXX [pixelpost CSRF] + - pixelpost <unfixed> + TODO: check + NOTE: http://www.exploit-db.com/exploits/15014/ + NOTE: an XSS is also mentioned, but it is via POST data +CVE-2009-XXXX [pixelpost SQL injection and XSS] + - pixelpost <unfixed> + NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/ CVE-2010-XXXX [python accept() implementation in async core is broken] - python2.7 <unfixed> - python3.1 <unfixed> @@ -3438,8 +3446,11 @@ NOT-FOR-US: Cisco CVE-2010-2081 RESERVED -CVE-2010-2080 +CVE-2010-2080 [otrs XSS and DoS] RESERVED + - otrs2 <unfixed> + TODO: check lenny + NOTE: http://otrs.org/advisory/OSA-2010-02-en/ CVE-2009-4879 (The Identity Server in Novell Access Manager before 3.1 SP1 allows ...) NOT-FOR-US: Novell Access Manager CVE-2009-4878 (Unspecified vulnerability in the Administration Console in Novell ...)