Author: joeyh
Date: 2010-09-20 21:14:47 +0000 (Mon, 20 Sep 2010)
New Revision: 15361
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-09-20 14:15:45 UTC (rev 15360)
+++ data/CVE/list 2010-09-20 21:14:47 UTC (rev 15361)
@@ -1,3 +1,81 @@
+CVE-2010-3467 (SQL injection vulnerability in modules/sections/index.php in
...)
+ TODO: check
+CVE-2010-3466 (Cross-site scripting (XSS) vulnerability in index.php in the
...)
+ TODO: check
+CVE-2010-3465 (Multiple cross-site scripting (XSS) vulnerabilities in XSE
Shopping ...)
+ TODO: check
+CVE-2010-3464 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2010-3463 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2010-3462 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2010-3461 (SQL injection vulnerability in the Publisher module in eNdonesia
8.4 ...)
+ TODO: check
+CVE-2010-3460 (Directory traversal vulnerability in the HTTP interface in
AXIGEN Mail ...)
+ TODO: check
+CVE-2010-3459 (Cross-site scripting (XSS) vulnerability in the Ajax WebMail
interface ...)
+ TODO: check
+CVE-2010-3458 (SQL injection vulnerability in
lib/toolkit/events/event.section.php in ...)
+ TODO: check
+CVE-2010-3457 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony
CMS ...)
+ TODO: check
+CVE-2010-3456 (Directory traversal vulnerability in download.php in
EnergyScripts ...)
+ TODO: check
+CVE-2010-3455 (Cross-site scripting (XSS) vulnerability in index.php in
AChecker 1.0 ...)
+ TODO: check
+CVE-2010-3454
+ RESERVED
+CVE-2010-3453
+ RESERVED
+CVE-2010-3452
+ RESERVED
+CVE-2010-3451
+ RESERVED
+CVE-2010-3450
+ RESERVED
+CVE-2010-3449
+ RESERVED
+CVE-2010-3448
+ RESERVED
+CVE-2010-3447
+ RESERVED
+CVE-2010-3446
+ RESERVED
+CVE-2010-3445
+ RESERVED
+CVE-2010-3444
+ RESERVED
+CVE-2010-3443
+ RESERVED
+CVE-2010-3442
+ RESERVED
+CVE-2010-3441
+ RESERVED
+CVE-2010-3440
+ RESERVED
+CVE-2010-3439
+ RESERVED
+CVE-2010-3438
+ RESERVED
+CVE-2010-3437
+ RESERVED
+CVE-2010-3436
+ RESERVED
+CVE-2010-3435
+ RESERVED
+CVE-2010-3434
+ RESERVED
+CVE-2010-3433
+ RESERVED
+CVE-2010-3432
+ RESERVED
+CVE-2010-3431
+ RESERVED
+CVE-2010-3430
+ RESERVED
+CVE-2010-3429
+ RESERVED
CVE-2010-XXXX [mingetty directory traversal]
- mingetty <unfixed> (medium; bug #597382)
CVE-2010-XXXX [config file world readable]
@@ -235,8 +313,8 @@
RESERVED
CVE-2010-3325
RESERVED
-CVE-2010-3324
- RESERVED
+CVE-2010-3324 (The toStaticHTML function in Microsoft Internet Explorer 8
allows ...)
+ TODO: check
CVE-2010-3323 (Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct
session ...)
NOT-FOR-US: Splunk
CVE-2010-3322 (The XML parser in Splunk 4.0.0 through 4.1.4 allows remote ...)
@@ -873,15 +951,19 @@
- mailscanner <unfixed> (bug #596403)
CVE-2010-3094 [drupal Actions cross site scripting]
RESERVED
+ {DSA-2113-1}
- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3093 [drupal Comment unpublishing bypass]
RESERVED
+ {DSA-2113-1}
- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3092 [drupal File download access bypass]
RESERVED
+ {DSA-2113-1}
- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3091 [drupal OpenID authentication bypass]
RESERVED
+ {DSA-2113-1}
- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3090 [mailman, will be rejected]
RESERVED
@@ -930,14 +1012,11 @@
{DSA-2103-1}
- smbind 0.4.7-5 (high)
NOTE: http://packetstormsecurity.org/1009-exploits/smbind-sql.txt
-CVE-2010-3075
- RESERVED
+CVE-2010-3075 (EncFS before 1.7.0 encrypts multiple blocks by means of the CFB
cipher ...)
- encfs 1.7.2-1 (bug #595998)
-CVE-2010-3074
- RESERVED
+CVE-2010-3074 (SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper
combination of ...)
- encfs 1.7.2-1 (bug #595998)
-CVE-2010-3073
- RESERVED
+CVE-2010-3073 (SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle
integer ...)
- encfs 1.7.2-1 (bug #595998)
CVE-2010-3072
RESERVED
@@ -1073,10 +1152,10 @@
REJECTED
CVE-2010-3013 (SQL injection vulnerability in groupadmin.php in Pligg before
1.1.1 ...)
NOT-FOR-US: Pligg
-CVE-2010-3012
- RESERVED
-CVE-2010-3011
- RESERVED
+CVE-2010-3012 (Cross-site scripting (XSS) vulnerability in HP System Management
...)
+ TODO: check
+CVE-2010-3011 (CRLF injection vulnerability in HP System Management Homepage
(SMH) ...)
+ TODO: check
CVE-2010-3010 (Cross-site scripting (XSS) vulnerability on the HP 3Com
OfficeConnect ...)
NOT-FOR-US: HP 3Com OfficeConnect
CVE-2010-3009 (Unspecified vulnerability in HP System Management Homepage (SMH)
for ...)
@@ -7829,7 +7908,7 @@
- icedove 3.0.6-1
- iceape 2.0.6-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-0653 (Opera permits cross-origin loading of CSS stylesheets even when
the ...)
+CVE-2010-0653 (Opera before 10.10 permits cross-origin loading of CSS
stylesheets ...)
NOT-FOR-US: Opera
CVE-2010-0652 (Microsoft Internet Explorer permits cross-origin loading of CSS
...)
NOT-FOR-US: Microsoft Internet Explorer
@@ -8538,6 +8617,7 @@
[lenny] - openttd 0.6.2-1+lenny2
CVE-2010-0405
RESERVED
+ {DSA-2112-1}
CVE-2010-0404 (Multiple SQL injection vulnerabilities in phpGroupWare (phpgw)
before ...)
{DSA-2046-1}
- phpgroupware 1:0.9.16.016+dfsg-1 (bug #584517)