Secure testing commits - Feb 2012 - r18513 - data/CVE

Author: joeyh
Date: 2012-02-22 09:14:31 +0000 (Wed, 22 Feb 2012)
New Revision: 18513

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-02-22 08:51:29 UTC (rev 18512)
+++ data/CVE/list	2012-02-22 09:14:31 UTC (rev 18513)
@@ -1,3 +1,73 @@
+CVE-2012-1235 (Cross-site request forgery (CSRF) vulnerability in
Advantech/BroadWin ...)
+	TODO: check
+CVE-2012-1234 (SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0
allows ...)
+	TODO: check
+CVE-2012-1233
+	RESERVED
+CVE-2012-1232
+	RESERVED
+CVE-2012-1231
+	RESERVED
+CVE-2012-1230
+	RESERVED
+CVE-2012-1229
+	RESERVED
+CVE-2012-1228
+	RESERVED
+CVE-2012-1227 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+	TODO: check
+CVE-2012-1226 (Multiple directory traversal vulnerabilities in Dolibarr CMS
3.2.0 ...)
+	TODO: check
+CVE-2012-1225 (Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0
Alpha and ...)
+	TODO: check
+CVE-2012-1224 (Cross-site scripting (XSS) vulnerability in
system/classes/login.php ...)
+	TODO: check
+CVE-2012-1223 (RabidHamster R2/Extreme 1.65 and earlier uses a small search
space of ...)
+	TODO: check
+CVE-2012-1222 (Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and
...)
+	TODO: check
+CVE-2012-1221 (Directory traversal vulnerability in the telnet server in
RabidHamster ...)
+	TODO: check
+CVE-2012-1220 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
+CVE-2012-1219 (Multiple cross-site scripting (XSS) vulnerabilities in
freelancerKit ...)
+	TODO: check
+CVE-2012-1218 (Multiple SQL injection vulnerabilities in freelancerKit 2.35
allow ...)
+	TODO: check
+CVE-2012-1217 (Multiple cross-site scripting (XSS) vulnerabilities in STHS v2
Web ...)
+	TODO: check
+CVE-2012-1216 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+	TODO: check
+CVE-2012-1215 (Cross-site scripting (XSS) vulnerability in the Add friends
module in ...)
+	TODO: check
+CVE-2012-1214 (Cross-site scripting (XSS) vulnerability in the Add friends
module in ...)
+	TODO: check
+CVE-2012-1213 (Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in
...)
+	TODO: check
+CVE-2012-1212 (Cross-site scripting (XSS) vulnerability in the
smwfOnSfSetTargetName ...)
+	TODO: check
+CVE-2012-1211 (Cross-site scripting (XSS) vulnerability in pfile/kommentar.php
in ...)
+	TODO: check
+CVE-2012-1210 (SQL injection vulnerability in pfile/file.php in Powie pFile
1.02 ...)
+	TODO: check
+CVE-2012-1209 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2012-1208 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2012-1207 (Directory traversal vulnerability in ...)
+	TODO: check
+CVE-2012-1206 (Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow
remote ...)
+	TODO: check
+CVE-2012-1205 (PHP remote file inclusion vulnerability in relocate-upload.php
in ...)
+	TODO: check
+CVE-2012-1204
+	RESERVED
+CVE-2012-1203
+	RESERVED
+CVE-2012-1202
+	RESERVED
+CVE-2012-1201
+	RESERVED
 CVE-2012-1200 (Multiple PHP remote file inclusion vulnerabilities in Nova CMS
allow ...)
 	TODO: check
 CVE-2012-1199 (Multiple PHP remote file inclusion vulnerabilities in Basic
Analysis ...)
@@ -22,6 +92,7 @@
 	TODO: check
 CVE-2012-0869 [F*X XSS issues via various HTTP parameters in fup]
 	RESERVED
+	{DSA-2414-1}
 	- fex 20120215-1 (low; bug #660621)
 CVE-2012-1190 [phpMyAdmin PMASA-2012-1 XSS using a crafted database name]
 	RESERVED
@@ -436,22 +507,22 @@
 	NOT-FOR-US: OpenConf
 CVE-2012-1001
 	RESERVED
-CVE-2012-1000
-	RESERVED
-CVE-2012-0999
-	RESERVED
-CVE-2012-0998
-	RESERVED
-CVE-2012-0997
-	RESERVED
-CVE-2012-0996
-	RESERVED
-CVE-2012-0995
-	RESERVED
-CVE-2012-0994
-	RESERVED
-CVE-2012-0993
-	RESERVED
+CVE-2012-1000 (Multiple cross-site scripting (XSS) vulnerabilities in LEPTON
1.1.3 ...)
+	TODO: check
+CVE-2012-0999 (SQL injection vulnerability in modules/news/rss.php in LEPTON
before ...)
+	TODO: check
+CVE-2012-0998 (Directory traversal vulnerability in account/preferences.php in
LEPTON ...)
+	TODO: check
+CVE-2012-0997 (Cross-site request forgery (CSRF) vulnerability in
admin/index.php in ...)
+	TODO: check
+CVE-2012-0996 (Multiple directory traversal vulnerabilities in 11in1 1.2.1
stable ...)
+	TODO: check
+CVE-2012-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto
1.4.2 ...)
+	TODO: check
+CVE-2012-0994 (SQL injection vulnerability in the Manage Albums feature in ...)
+	TODO: check
+CVE-2012-0993 (Eval injection vulnerability in ...)
+	TODO: check
 CVE-2012-0992 (interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote
...)
 	NOT-FOR-US: OpenEMR
 CVE-2012-0991 (Multiple directory traversal vulnerabilities in OpenEMR 4.1.0
allow ...)
@@ -728,8 +799,8 @@
 	RESERVED
 CVE-2012-0866
 	RESERVED
-CVE-2012-0865
-	RESERVED
+CVE-2012-0865 (Multiple open redirect vulnerabilities in CubeCart 3.0.20 and
earlier ...)
+	TODO: check
 CVE-2012-0864 [FORTIFY_SOURCE format string protection bypass]
 	RESERVED
 	- eglibc <unfixed> (low; bug #660611)
@@ -2610,30 +2681,30 @@
 	RESERVED
 CVE-2012-0245
 	RESERVED
-CVE-2012-0244
-	RESERVED
-CVE-2012-0243
-	RESERVED
-CVE-2012-0242
-	RESERVED
-CVE-2012-0241
-	RESERVED
-CVE-2012-0240
-	RESERVED
-CVE-2012-0239
-	RESERVED
-CVE-2012-0238
-	RESERVED
-CVE-2012-0237
-	RESERVED
-CVE-2012-0236
-	RESERVED
-CVE-2012-0235
-	RESERVED
-CVE-2012-0234
-	RESERVED
-CVE-2012-0233
-	RESERVED
+CVE-2012-0244 (Multiple SQL injection vulnerabilities in Advantech/BroadWin
WebAccess ...)
+	TODO: check
+CVE-2012-0243 (Buffer overflow in an ActiveX control in bwocxrun.ocx in ...)
+	TODO: check
+CVE-2012-0242 (Format string vulnerability in Advantech/BroadWin WebAccess
before 7.0 ...)
+	TODO: check
+CVE-2012-0241 (Advantech/BroadWin WebAccess before 7.0 allows remote attackers
to ...)
+	TODO: check
+CVE-2012-0240 (GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0
does not ...)
+	TODO: check
+CVE-2012-0239 (uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does
not ...)
+	TODO: check
+CVE-2012-0238 (Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin
...)
+	TODO: check
+CVE-2012-0237 (Advantech/BroadWin WebAccess before 7.0 allows remote attackers
to (1) ...)
+	TODO: check
+CVE-2012-0236 (Advantech/BroadWin WebAccess 7.0 and earlier allows remote
attackers ...)
+	TODO: check
+CVE-2012-0235 (Cross-site request forgery (CSRF) vulnerability in
Advantech/BroadWin ...)
+	TODO: check
+CVE-2012-0234 (SQL injection vulnerability in Advantech/BroadWin WebAccess
before 7.0 ...)
+	TODO: check
+CVE-2012-0233 (Cross-site scripting (XSS) vulnerability in Advantech/BroadWin
...)
+	TODO: check
 CVE-2012-0232
 	RESERVED
 CVE-2012-0231
@@ -2650,8 +2721,8 @@
 	RESERVED
 CVE-2012-0225
 	RESERVED
-CVE-2012-0224
-	RESERVED
+CVE-2012-0224 (Untrusted search path vulnerability in 7-Technologies (7T) AQUIS
1.5 ...)
+	TODO: check
 CVE-2012-0223
 	RESERVED
 CVE-2012-0222
@@ -2672,8 +2743,8 @@
 	RESERVED
 CVE-2011-4891
 	RESERVED
-CVE-2011-4890
-	RESERVED
+CVE-2011-4890 (The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1
allows ...)
+	TODO: check
 CVE-2011-4889
 	RESERVED
 CVE-2011-4888
@@ -2902,8 +2973,8 @@
 	RESERVED
 CVE-2012-0201
 	RESERVED
-CVE-2012-0200
-	RESERVED
+CVE-2012-0200 (The server in IBM solidDB 6.5 before Interim Fix 6 does not
properly ...)
+	TODO: check
 CVE-2012-0199
 	RESERVED
 CVE-2012-0198
@@ -4120,18 +4191,18 @@
 	- unbound 1.4.14-1 (medium)
 CVE-2011-4527
 	RESERVED
-CVE-2011-4526
-	RESERVED
-CVE-2011-4525
-	RESERVED
-CVE-2011-4524
-	RESERVED
-CVE-2011-4523
-	RESERVED
-CVE-2011-4522
-	RESERVED
-CVE-2011-4521
-	RESERVED
+CVE-2011-4526 (Buffer overflow in an ActiveX control in Advantech/BroadWin
WebAccess ...)
+	TODO: check
+CVE-2011-4525 (Advantech/BroadWin WebAccess before 7.0 allows remote attackers
to ...)
+	TODO: check
+CVE-2011-4524 (Buffer overflow in Advantech/BroadWin WebAccess before 7.0
allows ...)
+	TODO: check
+CVE-2011-4523 (Cross-site scripting (XSS) vulnerability in bwview.asp in ...)
+	TODO: check
+CVE-2011-4522 (Cross-site scripting (XSS) vulnerability in bwerrdn.asp in ...)
+	TODO: check
+CVE-2011-4521 (SQL injection vulnerability in Advantech/BroadWin WebAccess
before 7.0 ...)
+	TODO: check
 CVE-2011-4520
 	RESERVED
 CVE-2011-4519
@@ -5175,12 +5246,12 @@
 	RESERVED
 CVE-2011-4188
 	RESERVED
-CVE-2011-4187
-	RESERVED
-CVE-2011-4186
-	RESERVED
-CVE-2011-4185
-	RESERVED
+CVE-2011-4187 (Buffer overflow in the GetDriverSettings function in nipplib.dll
in ...)
+	TODO: check
+CVE-2011-4186 (Heap-based buffer overflow in nipplib.dll in Novell iPrint
Client ...)
+	TODO: check
+CVE-2011-4185 (The GetPrinterURLList2 method in the ActiveX control in Novell
iPrint ...)
+	TODO: check
 CVE-2011-4184
 	RESERVED
 CVE-2011-4183
@@ -9038,18 +9109,23 @@
 	- qtnx <removed> (bug #637439)
 CVE-2011-2915
 	RESERVED
+	{DSA-2415-1}
 	- libmodplug 1:0.8.8.4-1
 CVE-2011-2914
 	RESERVED
+	{DSA-2415-1}
 	- libmodplug 1:0.8.8.4-1
 CVE-2011-2913
 	RESERVED
+	{DSA-2415-1}
 	- libmodplug 1:0.8.8.4-1
 CVE-2011-2912
 	RESERVED
+	{DSA-2415-1}
 	- libmodplug 1:0.8.8.4-1
 CVE-2011-2911
 	RESERVED
+	{DSA-2415-1}
 	- libmodplug 1:0.8.8.4-1
 CVE-2011-2910
 	RESERVED
@@ -11837,8 +11913,8 @@
 	RESERVED
 CVE-2011-1915 (SQL injection vulnerability in eClient 7.3.2.3 in Enspire
Distribution ...)
 	NOT-FOR-US: Enspire Distribution Management Solution
-CVE-2011-1914
-	RESERVED
+CVE-2011-1914 (Buffer overflow in the Advantech ADAM OLE for Process Control
(OPC) ...)
+	TODO: check
 CVE-2011-1913 (SQL injection vulnerability in the login form in the web
interface in ...)
 	NOT-FOR-US: Mercator SENTINEL
 CVE-2011-1912
@@ -12337,6 +12413,7 @@
 	RESERVED
 CVE-2011-1761 [modplug ABC buffer overflow]
 	RESERVED
+	{DSA-2415-1}
 	- libmodplug 1:0.8.8.4-1 (low; bug #625966)
 CVE-2011-1760 (utils/opcontrol in OProfile 0.9.6 and earlier might allow local
users ...)
 	{DSA-2254-2 DSA-2254-1}