Secure testing commits - Oct 2011 - r17406 - data/CVE

Author: joeyh
Date: 2011-10-11 09:14:17 +0000 (Tue, 11 Oct 2011)
New Revision: 17406

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-10-11 06:17:31 UTC (rev 17405)
+++ data/CVE/list	2011-10-11 09:14:17 UTC (rev 17406)
@@ -1,3 +1,155 @@
+CVE-2011-4030 (The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1,
and ...)
+	TODO: check
+CVE-2011-4029
+	RESERVED
+CVE-2011-4028
+	RESERVED
+CVE-2011-4027
+	RESERVED
+CVE-2011-4026
+	RESERVED
+CVE-2010-4963 (SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8
allows ...)
+	TODO: check
+CVE-2010-4962 (Unspecified vulnerability in the Webkit PDFs (webkitpdf)
extension ...)
+	TODO: check
+CVE-2010-4961 (SQL injection vulnerability in the Webkit PDFs (webkitpdf)
extension ...)
+	TODO: check
+CVE-2010-4960 (Cross-site scripting (XSS) vulnerability in the Branchenbuch
(aka ...)
+	TODO: check
+CVE-2010-4959 (SQL injection vulnerability in the login feature in Pre Projects
Pre ...)
+	TODO: check
+CVE-2010-4958 (SQL injection vulnerability in index.php in Prado Portal 1.2.0
allows ...)
+	TODO: check
+CVE-2010-4957 (SQL injection vulnerability in the Questionnaire
(ke_questionnaire) ...)
+	TODO: check
+CVE-2010-4956 (Cross-site scripting (XSS) vulnerability in the Questionnaire
...)
+	TODO: check
+CVE-2010-4955 (SQL injection vulnerability in board/board.php in APBoard
Developers ...)
+	TODO: check
+CVE-2010-4954 (SQL injection vulnerability in product_reviews_info.php in
xt:Commerce ...)
+	TODO: check
+CVE-2010-4953 (Unspecified vulnerability in the JW Calendar (jw_calendar)
extension ...)
+	TODO: check
+CVE-2010-4952 (SQL injection vulnerability in the FE user statistic (festat)
...)
+	TODO: check
+CVE-2010-4951 (Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox
...)
+	TODO: check
+CVE-2010-4950 (SQL injection vulnerability in the Event (event) extension
before ...)
+	TODO: check
+CVE-2010-4949 (Cross-site scripting (XSS) vulnerability in the (1) FreiChat
component ...)
+	TODO: check
+CVE-2010-4948 (PHP remote file inclusion vulnerability in
libs/adodb/adodb.inc.php in ...)
+	TODO: check
+CVE-2010-4947 (Cross-site scripting (XSS) vulnerability in
advanced_search_result.php ...)
+	TODO: check
+CVE-2010-4946 (SQL injection vulnerability in product_info.php in ALLPC 2.5
allows ...)
+	TODO: check
+CVE-2010-4945 (SQL injection vulnerability in the CamelcityDB
(com_camelcitydb2) ...)
+	TODO: check
+CVE-2010-4944 (SQL injection vulnerability in the Elite Experts
(com_elite_experts) ...)
+	TODO: check
+CVE-2010-4943 (Multiple PHP remote file inclusion vulnerabilities in Saurus CMS
4.7.0 ...)
+	TODO: check
+CVE-2010-4942 (SQL injection vulnerability in location.php in the eCal module
in ...)
+	TODO: check
+CVE-2010-4941 (SQL injection vulnerability in the Teams (com_teams) component
...)
+	TODO: check
+CVE-2010-4940 (SQL injection vulnerability in index.php in WAnewsletter 2.1.2
allows ...)
+	TODO: check
+CVE-2010-4939 (PHP remote file inclusion vulnerability in index.php in MailForm
1.2 ...)
+	TODO: check
+CVE-2010-4938 (SQL injection vulnerability in the Weblinks (com_weblinks)
component ...)
+	TODO: check
+CVE-2010-4937 (Multiple SQL injection vulnerabilities in the Amblog
(com_amblog) ...)
+	TODO: check
+CVE-2010-4936 (SQL injection vulnerability in the Slide Show (com_slideshow)
...)
+	TODO: check
+CVE-2010-4935 (SQL injection vulnerability in poll.php in Entrans 0.3.2 and
earlier ...)
+	TODO: check
+CVE-2010-4934 (SQL injection vulnerability in video.php in Get Tube 4.51 and
earlier ...)
+	TODO: check
+CVE-2010-4933 (SQL injection vulnerability in filemgmt/singlefile.php in
Geeklog ...)
+	TODO: check
+CVE-2010-4932 (Cross-site scripting (XSS) vulnerability in search.php in
Entrans ...)
+	TODO: check
+CVE-2010-4931 (** DISPUTED ** Directory traversal vulnerability in maincore.php
in ...)
+	TODO: check
+CVE-2010-4930 (Cross-site scripting (XSS) vulnerability in index.php in @mail
Webmail ...)
+	TODO: check
+CVE-2010-4929 (SQL injection vulnerability in the Joostina (com_ezautos)
component ...)
+	TODO: check
+CVE-2010-4928 (Cross-site scripting (XSS) vulnerability in the Restaurant Guide
...)
+	TODO: check
+CVE-2010-4927 (SQL injection vulnerability in the Restaurant Guide ...)
+	TODO: check
+CVE-2010-4926 (SQL injection vulnerability in the TimeTrack (com_timetrack)
component ...)
+	TODO: check
+CVE-2010-4925 (SQL injection vulnerability in clic.php in the Partenaires
module 1.5 ...)
+	TODO: check
+CVE-2010-4924 (** DISPUTED ** PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2010-4923 (SQL injection vulnerability in book/detail.php in Virtue Netz
Virtue ...)
+	TODO: check
+CVE-2010-4922 (SQL injection vulnerability in contentAE.asp in Allinta CMS
22.07.2010 ...)
+	TODO: check
+CVE-2010-4921 (SQL injection vulnerability in inc_pollingboothmanager.asp in
DMXReady ...)
+	TODO: check
+CVE-2010-4920 (SQL injection vulnerability in detail.asp in Micronetsoft Rental
...)
+	TODO: check
+CVE-2010-4919 (SQL injection vulnerability in detail.asp in Micronetsoft RV
Dealer ...)
+	TODO: check
+CVE-2010-4918 (PHP remote file inclusion vulnerability in iJoomla Magazine ...)
+	TODO: check
+CVE-2010-4917 (SQL injection vulnerability in sources/search.php in A-Blog 2.0
allows ...)
+	TODO: check
+CVE-2010-4916 (Multiple SQL injection vulnerabilities in index.cfm in ColdGen
...)
+	TODO: check
+CVE-2010-4915 (SQL injection vulnerability in index.cfm in ColdGen
ColdBookmarks 1.22 ...)
+	TODO: check
+CVE-2010-4914 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2010-4913 (Cross-site scripting (XSS) vulnerability in the search feature
in ...)
+	TODO: check
+CVE-2010-4912 (SQL injection vulnerability in shop.php in UCenter Home 2.0
allows ...)
+	TODO: check
+CVE-2010-4911 (SQL injection vulnerability in classi/detail.php in PHP
Classifieds ...)
+	TODO: check
+CVE-2010-4910 (SQL injection vulnerability in index.cfm in ColdGen ColdCalendar
2.06 ...)
+	TODO: check
+CVE-2010-4909 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2010-4908 (SQL injection vulnerability in detail.php in Virtue Shopping
Mall ...)
+	TODO: check
+CVE-2010-4907 (Cross-site scripting (XSS) vulnerability in zp-core/admin.php in
...)
+	TODO: check
+CVE-2010-4906 (SQL injection vulnerability in zp-core/full-image.php in
Zenphoto 1.3 ...)
+	TODO: check
+CVE-2010-4905 (SQL injection vulnerability in article_details.php in Softbiz
Article ...)
+	TODO: check
+CVE-2010-4904 (SQL injection vulnerability in the Aardvertiser
(com_aardvertiser) ...)
+	TODO: check
+CVE-2010-4903 (SQL injection vulnerability in index.php in CubeCart 4.3.3
allows ...)
+	TODO: check
+CVE-2010-4902 (Multiple SQL injection vulnerabilities in the Clantools ...)
+	TODO: check
+CVE-2010-4901 (Multiple cross-site scripting (XSS) vulnerabilities in
char_map.php in ...)
+	TODO: check
+CVE-2010-4900 (Open redirect vulnerability in c.php in CMS WebManager-Pro 8.1
and ...)
+	TODO: check
+CVE-2010-4899 (SQL injection vulnerability in c.php in CMS WebManager-Pro
before 8.1 ...)
+	TODO: check
+CVE-2010-4898 (SQL injection vulnerability in the Gantry (com_gantry) component
...)
+	TODO: check
+CVE-2010-4897 (SQL injection vulnerability in comment.php in BlueCMS 1.6 allows
...)
+	TODO: check
+CVE-2010-4896 (Cross-site scripting (XSS) vulnerability in admin/index.asp in
Member ...)
+	TODO: check
+CVE-2010-4895 (Cross-site scripting (XSS) vulnerability in core/showsite.php in
...)
+	TODO: check
+CVE-2010-4894 (SQL injection vulnerability in core/showsite.php in chillyCMS
1.1.3 ...)
+	TODO: check
+CVE-2010-4893 (Cross-site scripting (XSS) vulnerability in foodvendors.php in
FestOS ...)
+	TODO: check
 CVE-2011-XXXX [lintian disclosure of file presense]
 	- lintian 2.5.2 (unimportant)
 	[squeeze] - lintian 2.4.3+squeeze1
@@ -428,8 +580,8 @@
 	RESERVED
 	{DSA-2314-1}
 	- puppet 2.7.3-3
-CVE-2011-3868
-	RESERVED
+CVE-2011-3868 (Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware
Player ...)
+	TODO: check
 CVE-2011-3867
 	REJECTED
 CVE-2011-3866 (Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not
properly ...)
@@ -1021,10 +1173,9 @@
 	NOTE: http://seclists.org/oss-sec/2011/q4/30 
 CVE-2011-3600
 	RESERVED
-CVE-2011-3599
-	RESERVED
-CVE-2011-3598 [phpPgAdmin XSS]
-	RESERVED
+CVE-2011-3599 (The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl,
when ...)
+	TODO: check
+CVE-2011-3598 (Multiple cross-site scripting (XSS) vulnerabilities in
phpPgAdmin ...)
 	- phppgadmin 5.0.3-1 (bug #644290)
 	NOTE: https://secunia.com/advisories/46248/
 CVE-2011-3597 [unsafe use of eval]
@@ -1070,8 +1221,8 @@
 	RESERVED
 	- kexec-tools <not-affected> (The flaw exists in kdump.init and mkdumprd
scrits, shipped only with Red Hat and Fedora)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=716439
-CVE-2011-3587
-	RESERVED
+CVE-2011-3587 (Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in
Plone ...)
+	TODO: check
 CVE-2011-3586
 	RESERVED
 	NOTE: Dupe of CVE-2011-3504, to be rejected
@@ -1734,24 +1885,19 @@
 	RESERVED
 CVE-2011-3328
 	RESERVED
-CVE-2011-3327
-	RESERVED
+CVE-2011-3327 (Heap-based buffer overflow in the ecommunity_ecom2str function
in ...)
 	{DSA-2316-1}
 	- quagga 0.99.19-1
-CVE-2011-3326
-	RESERVED
+CVE-2011-3326 (The ospf_flood function in ospf_flood.c in ospfd in Quagga
before ...)
 	{DSA-2316-1}
 	- quagga 0.99.19-1
-CVE-2011-3325
-	RESERVED
+CVE-2011-3325 (ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote
...)
 	{DSA-2316-1}
 	- quagga 0.99.19-1
-CVE-2011-3324
-	RESERVED
+CVE-2011-3324 (The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3
...)
 	{DSA-2316-1}
 	- quagga 0.99.19-1
-CVE-2011-3323
-	RESERVED
+CVE-2011-3323 (The OSPFv3 implementation in ospf6d in Quagga before 0.99.19
allows ...)
 	{DSA-2316-1}
 	- quagga 0.99.19-1
 CVE-2011-3322 (Core Server HMI Service (Coreservice.exe) in Scadatec Limited
Procyon ...)
@@ -3593,8 +3739,8 @@
 	RESERVED
 CVE-2011-2676
 	RESERVED
-CVE-2011-2675
-	RESERVED
+CVE-2011-2675 (Cross-site scripting (XSS) vulnerability in Enkai-kun before
110916 ...)
+	TODO: check
 CVE-2011-2674 (BaserCMS before 1.6.12 does not properly restrict additions to
the ...)
 	TODO: check
 CVE-2011-2673 (Cross-site scripting (XSS) vulnerability in BaserCMS before
1.6.13.2 ...)
@@ -3619,12 +3765,12 @@
 	[lenny] - asterisk <not-affected>
 CVE-2011-2664 (Unspecified vulnerability in Check Point Multi-Domain Management
/ ...)
 	NOT-FOR-US: Check Point Multi-Domain Management
-CVE-2011-2663
-	RESERVED
-CVE-2011-2662
-	RESERVED
-CVE-2011-2661
-	RESERVED
+CVE-2011-2663 (Array index error in GroupWise Internet Agent (GWIA) in Novell
...)
+	TODO: check
+CVE-2011-2662 (Integer signedness error in GroupWise Internet Agent (GWIA) in
Novell ...)
+	TODO: check
+CVE-2011-2661 (Multiple cross-site scripting (XSS) vulnerabilities in WebAccess
in ...)
+	TODO: check
 CVE-2011-2660 (The modify_resolvconf_suse script in the vpnc package before
...)
 	TODO: check
 CVE-2011-2659
@@ -4689,8 +4835,8 @@
 	RESERVED
 CVE-2011-2228
 	RESERVED
-CVE-2011-2227
-	RESERVED
+CVE-2011-2227 (Cross-site scripting (XSS) vulnerability in Novell Identity
Manager ...)
+	TODO: check
 CVE-2011-2226 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2,
as ...)
 	TODO: check
 CVE-2011-2225 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE
...)
@@ -4705,10 +4851,10 @@
 	NOT-FOR-US: Novell Data Synchronizer
 CVE-2011-2220 (Stack-based buffer overflow in NFREngine.exe in Novell File
Reporter ...)
 	NOT-FOR-US: Novell File Reporter
-CVE-2011-2219
-	RESERVED
-CVE-2011-2218
-	RESERVED
+CVE-2011-2219 (Unspecified vulnerability in GroupWise Internet Agent (GWIA) in
Novell ...)
+	TODO: check
+CVE-2011-2218 (Unspecified vulnerability in GroupWise Internet Agent (GWIA) in
Novell ...)
+	TODO: check
 CVE-2011-2217 (Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) ...)
 	NOT-FOR-US: VMware
 CVE-2011-2213 (The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the
Linux ...)
@@ -4754,8 +4900,7 @@
 	- curl 7.21.6-2 (high; bug #631615)
 CVE-2011-2191 (Cross-site request forgery (CSRF) vulnerability in
Cherokee-admin in ...)
 	TODO: check
-CVE-2011-2189
-	RESERVED
+CVE-2011-2189 (net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier
does ...)
 	- linux-2.6 2.6.35-1 (low)
 	[lenny] - linux-2.6 <no-dsa> (attacker needs elevated CAP_SYS_ADMIN
privileges to abuse this)
 	[squeeze] - linux-2.6 <no-dsa> (attacker needs elevated CAP_SYS_ADMIN
privileges to abuse this)
@@ -6214,8 +6359,8 @@
 	RESERVED
 CVE-2011-1697
 	RESERVED
-CVE-2011-1696
-	RESERVED
+CVE-2011-1696 (Cross-site scripting (XSS) vulnerability in Novell Identity
Manager ...)
+	TODO: check
 CVE-2011-1695
 	RESERVED
 CVE-2011-1694
@@ -10196,10 +10341,10 @@
 	RESERVED
 CVE-2011-0335 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows
...)
 	NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-0334
-	RESERVED
-CVE-2011-0333
-	RESERVED
+CVE-2011-0334 (Stack-based buffer overflow in gwia.exe in GroupWise Internet
Agent ...)
+	TODO: check
+CVE-2011-0333 (Heap-based buffer overflow in the
NgwiCalVTimeZoneBody::ParseSelf ...)
+	TODO: check
 CVE-2011-0332 (Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit
Phantom ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2011-0331 (Use-after-free vulnerability in the addOSPLext method in the
Honeywell ...)