Author: geissert Date: 2010-09-17 18:55:47 +0000 (Fri, 17 Sep 2010) New Revision: 15343 Modified: data/CVE/list Log: some issues CVEified Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-09-17 15:45:42 UTC (rev 15342) +++ data/CVE/list 2010-09-17 18:55:47 UTC (rev 15343) @@ -1,11 +1,3 @@ -CVE-2010-XXXX [pixelpost CSRF] - - pixelpost <unfixed> - TODO: check - NOTE: http://www.exploit-db.com/exploits/15014/ - NOTE: an XSS is also mentioned, but it is via POST data -CVE-2009-XXXX [pixelpost SQL injection and XSS] - - pixelpost <unfixed> - NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/ CVE-2010-XXXX [python accept() implementation in async core is broken] - python2.7 <unfixed> - python3.1 <unfixed> @@ -200,10 +192,9 @@ RESERVED CVE-2010-3307 RESERVED -CVE-2010-3306 +CVE-2010-3305 [pixel CSRF] RESERVED -CVE-2010-3305 - RESERVED + - pixelpost <unfixed> CVE-2010-3304 [dovecot Maildir ACL] RESERVED - dovecot <unfixed> @@ -395,7 +386,7 @@ CVE-2006-7240 (gnome-power-manager 2.14.0 does not properly implement the ...) - gnome-power-manager <unfixed> TODO: check -CVE-2010-XXXX [weborf directory traversal] +CVE-2010-3306 [weborf directory traversal] - weborf 0.12.3-1 NOTE: http://www.exploit-db.com/exploits/14925/ CVE-2010-3243 @@ -2895,10 +2886,14 @@ - webkit 1.2.1-3 - chromium-browser 5.0.375.55~r47796-1 NOTE: http://trac.webkit.org/changeset/58829 -CVE-2009-4900 +CVE-2009-4900 [pixelpost XSS] RESERVED -CVE-2009-4899 + - pixelpost <unfixed> + NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/ +CVE-2009-4899 [pixelpost SQL injection] RESERVED + - pixelpost <unfixed> + NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/ CVE-2009-4898 (Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 ...) NOT-FOR-US: TWiki CVE-2009-4897 (Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier ...) @@ -10920,7 +10915,7 @@ CVE-2009-4099 (SQL injection vulnerability in the Google Calendar GCalendar ...) NOT-FOR-US: Joomla! Component CVE-2009-4098 (Unrestricted file upload vulnerability in banner-edit.php in OpenX ...) - NOT-FOR-US: OpenX adserver + - openx <itp> (bug #513771) CVE-2009-4097 (Stack-based buffer overflow in the MplayInputFile function in Serenity ...) NOT-FOR-US: Serenity Audio Player CVE-2009-4096 (RADIO istek scripti 2.5 stores sensitive information under the web ...) @@ -22880,7 +22875,7 @@ CVE-2008-6164 (Cross-site scripting (XSS) vulnerability in index.php in DreamCost ...) NOT-FOR-US: DreamCost HostAdmin CVE-2008-6163 (SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 ...) - NOT-FOR-US: OpenX + - openx <itp> (bug #513771) CVE-2008-6162 (Bux.to Clone script allows remote attackers to bypass authentication ...) NOT-FOR-US: Bux.to Clone script CVE-2008-6161 (Cross-site scripting (XSS) vulnerability in WOW Raid Manager (WRM) ...) @@ -24134,7 +24129,7 @@ CVE-2009-0292 (SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows ...) NOT-FOR-US: SHOP-INET CVE-2009-0291 (Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows ...) - NOT-FOR-US: OpenX + - openx <itp> (bug #513771) CVE-2009-0290 (Directory traversal vulnerability in common.php in SIR GNUBoard ...) NOT-FOR-US: GNUBoard CVE-2009-0289 (k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to ...)