[Secure-testing-commits] r11155 - data/CVE

Thu, 05 Feb 2009 13:14:21 -0800 

Author: joeyh
Date: 2009-02-05 21:14:14 +0000 (Thu, 05 Feb 2009)
New Revision: 11155

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-02-05 19:40:57 UTC (rev 11154)
+++ data/CVE/list       2009-02-05 21:14:14 UTC (rev 11155)
@@ -1,3 +1,75 @@
+CVE-2009-0431 (SQL injection vulnerability in Default.asp in LinksPro Standard 
...)
+       TODO: check
+CVE-2009-0430 (Multiple cross-site scripting (XSS) vulnerabilities in Active 
Bids ...)
+       TODO: check
+CVE-2009-0429 (Multiple SQL injection vulnerabilities in Active Bids allow 
remote ...)
+       TODO: check
+CVE-2009-0428 (SQL injection vulnerability in ...)
+       TODO: check
+CVE-2009-0427 (SQL injection vulnerability in ...)
+       TODO: check
+CVE-2009-0426 (SQL injection vulnerability in ...)
+       TODO: check
+CVE-2009-0425 (SQL injection vulnerability in index.php in Blue Eye CMS 1.0.0 
and ...)
+       TODO: check
+CVE-2009-0424 (Cross-site scripting (XSS) vulnerability in sign1.php in AN 
Guestbook ...)
+       TODO: check
+CVE-2009-0423 (Directory traversal vulnerability in index.php in Php Photo 
Album ...)
+       TODO: check
+CVE-2009-0422 (Dynamic variable evaluation vulnerability in lists/admin.php in 
...)
+       TODO: check
+CVE-2009-0421 (SQL injection vulnerability in the Eventing (com_eventing) 
1.6.x ...)
+       TODO: check
+CVE-2009-0420 (SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 
Stable ...)
+       TODO: check
+CVE-2009-0419 (Microsoft XML Core Services, as used in Microsoft Expression 
Web, ...)
+       TODO: check
+CVE-2009-0418 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP 
HP-UX ...)
+       TODO: check
+CVE-2008-6067 (SQL injection vulnerability in search_results.php in E-Shop 
Shopping ...)
+       TODO: check
+CVE-2008-6066 (Multiple PHP remote file inclusion vulnerabilities in Meet#Web 
0.8 ...)
+       TODO: check
+CVE-2008-6065 (Oracle Database Server 10.1, 10.2, and 11g grants directory 
WRITE ...)
+       TODO: check
+CVE-2008-6064 (Multiple SQL injection vulnerabilities in DomPHP 0.81 allow 
remote ...)
+       TODO: check
+CVE-2008-6063 (Microsoft Word 2007, when the "Save as PDF" add-on is 
enabled, places ...)
+       TODO: check
+CVE-2008-6062 (Cross-site scripting (XSS) vulnerability in ActionScript in 
arbitrary ...)
+       TODO: check
+CVE-2008-6061 (Cross-site scripting (XSS) vulnerability in ActionScript in 
arbitrary ...)
+       TODO: check
+CVE-2008-6060 (Cross-site scripting (XSS) vulnerability in ActionScript in 
arbitrary ...)
+       TODO: check
+CVE-2008-6059 (xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does 
not ...)
+       TODO: check
+CVE-2008-6058 (Syslserve 1.058 and earlier, and probably 1.059, allows remote 
...)
+       TODO: check
+CVE-2008-6057 (Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb 
under ...)
+       TODO: check
+CVE-2008-6056 (Multiple cross-site scripting (XSS) vulnerabilities in World 
Recipe ...)
+       TODO: check
+CVE-2008-6055 (PreProjects Pre Classified Listings stores pclasp.mdb under the 
web ...)
+       TODO: check
+CVE-2008-6054 (PreProjects Pre Courier and Cargo Business stores dbcourior.mdb 
under ...)
+       TODO: check
+CVE-2008-6053 (PreProjects Pre Resume Submitter stores onlineresume.mdb under 
the web ...)
+       TODO: check
+CVE-2008-6052 (PreProjects Pre E-Learning Portal stores db_elearning.mdb under 
the ...)
+       TODO: check
+CVE-2008-6051 (MetaCart Free stores metacart.mdb under the web root with 
insufficient ...)
+       TODO: check
+CVE-2008-6050 (SQL injection vulnerability in the Tech Articles 
(com_tech_article) ...)
+       TODO: check
+CVE-2008-6049 (SQL injection vulnerability in index.php in TinyMCE 2.0.1 
allows ...)
+       TODO: check
+CVE-2008-6048 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
TangoCMS ...)
+       TODO: check
+CVE-2008-6047 (Cross-site scripting (XSS) vulnerability in ADbNewsSender 
before 1.5.2 ...)
+       TODO: check
+CVE-2008-6046 (SQL injection vulnerability in ADbNewsSender before 1.5.2 
allows ...)
+       TODO: check
 CVE-2009-0417
        RESERVED
 CVE-2009-0416 (The SSL certificate setup program (genSslCert.sh) in Standards 
Based ...)
@@ -61,8 +133,8 @@
        NOT-FOR-US: Enomaly Elastic Computing Platform
 CVE-2009-0389 (Multiple insecure method vulnerabilities in the Web On Windows 
(WOW) ...)
        NOT-FOR-US: ActiveX
-CVE-2009-0388
-       RESERVED
+CVE-2009-0388 (Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 
1.0.5 and ...)
+       TODO: check
 CVE-2009-0387 (Array index error in the qtdemux_parse_samples function in ...)
        - gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
        [lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
@@ -228,47 +300,40 @@
        RESERVED
 CVE-2009-0359
        RESERVED
-CVE-2009-0358 [Mozilla: Directives to not cache pages ignored]
-       RESERVED
+CVE-2009-0358 (Mozilla Firefox 3.x before 3.0.6 does not properly implement 
the (1) ...)
        - iceweasel 3.0
        [etch] - iceweasel <not-affected> (Only affects Firefox 3.x)
        NOTE: Iceweasel in Lenny links against Xulrunner
        - xulrunner 1.9.0.5-1
        [etch] - xulrunner <not-affected> (Only affects Xulrunner 1.9)
-CVE-2009-0357 [Mozilla: XMLHttpRequest allows reading HTTPOnly cookies]
-       RESERVED
+CVE-2009-0357 (Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not 
...)
        - iceweasel 3.0
        NOTE: Iceweasel in Lenny links against Xulrunner
        - xulrunner 1.9.0.5-1
        - iceape 1.1.14-1.1  
        NOTE: Iceape in Lenny only provides XPCOM libs
-CVE-2009-0356 [Mozilla: Information stealing via local shortcut files]
-       RESERVED
+CVE-2009-0356 (Mozilla Firefox before 3.0.6 and SeaMonkey do not block links 
to the ...)
        - iceweasel 3.0
        NOTE: Iceweasel in Lenny links against Xulrunner
        - xulrunner 1.9.0.5-1
        - iceape 1.1.14-1.1  
        NOTE: Iceape in Lenny only provides XPCOM libs
-CVE-2009-0355 [Firefox:  Local file stealing with SessionStore]
-       RESERVED
+CVE-2009-0355 (components/sessionstore/src/nsSessionStore.js in Mozilla 
Firefox ...)
        - iceweasel 3.0.6-1
-CVE-2009-0354
-       RESERVED
+CVE-2009-0354 (Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla 
Firefox 3.x ...)
        - iceweasel 3.0
        [etch] - iceweasel <not-affected> (Only affects Firefox 3.x)
        NOTE: Iceweasel in Lenny links against Xulrunner
        - xulrunner 1.9.0.5-1
        [etch] - xulrunner <not-affected> (Only affects Xulrunner 1.9)
-CVE-2009-0353 [Mozilla: Layout engine crashes with evidence of memory 
corruption]
-       RESERVED
+CVE-2009-0353 (Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, 
...)
        - iceweasel 3.0
        NOTE: Iceweasel in Lenny links against Xulrunner
        - xulrunner 1.9.0.5-1
        - iceape 1.1.14-1.1  
        NOTE: Iceape in Lenny only provides XPCOM libs
        - icedove <unfixed>
-CVE-2009-0352 [Mozilla: Javascript engine crashes with evidence of memory 
corruption]
-       RESERVED
+CVE-2009-0352 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x 
before ...)
        - iceweasel 3.0
        NOTE: Iceweasel in Lenny links against Xulrunner
        - xulrunner 1.9.0.5-1
@@ -1204,16 +1269,16 @@
        RESERVED
 CVE-2009-0063
        RESERVED
-CVE-2009-0062
-       RESERVED
-CVE-2009-0061
-       RESERVED
+CVE-2009-0062 (Unspecified vulnerability in the Cisco Wireless LAN Controller 
(WLC), ...)
+       TODO: check
+CVE-2009-0061 (Unspecified vulnerability in the Wireless LAN Controller (WLC) 
TSEC ...)
+       TODO: check
 CVE-2009-0060
        RESERVED
-CVE-2009-0059
-       RESERVED
-CVE-2009-0058
-       RESERVED
+CVE-2009-0059 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 
Wireless ...)
+       TODO: check
+CVE-2009-0058 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 
Wireless ...)
+       TODO: check
 CVE-2009-0057 (The Certificate Authority Proxy Function (CAPF) service in 
Cisco ...)
        NOT-FOR-US: Cisco
 CVE-2009-0056 (Cross-site request forgery (CSRF) vulnerability in the 
administration ...)
@@ -4754,8 +4819,8 @@
        NOT-FOR-US: MetaGauge
 CVE-2008-4420
        RESERVED
-CVE-2008-4419
-       RESERVED
+CVE-2008-4419 (Directory traversal vulnerability in the HP JetDirect web ...)
+       TODO: check
 CVE-2008-4418 (Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, 
and ...)
        NOT-FOR-US: HP-UX
 CVE-2008-4417
@@ -5897,7 +5962,7 @@
        NOT-FOR-US: Adobe Illustrator
 CVE-2008-3960 (Unspecified vulnerability in the JDBC Applet Server Service 
(aka ...)
        NOT-FOR-US: IBM DB2 UDB
-CVE-2008-3959 (IBM DB2 UDB 8.1 before FixPak 16, and 8.2 before FixPak 9, 
allows ...)
+CVE-2008-3959 (IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 
before ...)
        NOT-FOR-US: IBM DB2 UDB
 CVE-2008-3958 (IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause 
a ...)
        NOT-FOR-US: IBM DB2 UDB


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to