Author: joeyh
Date: 2009-02-09 21:14:15 +0000 (Mon, 09 Feb 2009)
New Revision: 11170
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-02-09 20:13:54 UTC (rev 11169)
+++ data/CVE/list 2009-02-09 21:14:15 UTC (rev 11170)
@@ -1,3 +1,157 @@
+CVE-2009-0479 (Multiple SQL injection vulnerabilities in admin/admin_login.php
in ...)
+ TODO: check
+CVE-2009-0477 (Unspecified vulnerability in the process (aka proc) filesystem
in Sun ...)
+ TODO: check
+CVE-2009-0476 (Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll
7.11.1.0 ...)
+ TODO: check
+CVE-2009-0475
+ RESERVED
+CVE-2009-0474 (The web interface in the Rockwell Automation ControlLogix
1756-ENBT/A ...)
+ TODO: check
+CVE-2009-0473 (Open redirect vulnerability in the web interface in the
Rockwell ...)
+ TODO: check
+CVE-2009-0472 (Multiple cross-site scripting (XSS) vulnerabilities in the web
...)
+ TODO: check
+CVE-2009-0471 (Cross-site request forgery (CSRF) vulnerability in the HTTP
server in ...)
+ TODO: check
+CVE-2009-0470 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP
server ...)
+ TODO: check
+CVE-2009-0469 (Unspecified vulnerability in futomi's CGI Cafe Fulltext search
CGI ...)
+ TODO: check
+CVE-2009-0468 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+ TODO: check
+CVE-2009-0467 (Cross-site scripting (XSS) vulnerability in proxy.html in
Profense Web ...)
+ TODO: check
+CVE-2009-0466 (Cross-site scripting (XSS) vulnerability in Vivvo CMS before
4.1.1 ...)
+ TODO: check
+CVE-2009-0465 (The SaveDoc method in the All_In_The_Box.AllBox ActiveX control
in ...)
+ TODO: check
+CVE-2009-0464 (PHP remote file inclusion vulnerability in includes/header.php
in ...)
+ TODO: check
+CVE-2009-0463 (PHP remote file inclusion vulnerability in includes/header.php
in ...)
+ TODO: check
+CVE-2009-0462 (Multiple SQL injection vulnerabilities in
customer_login_check.asp in ...)
+ TODO: check
+CVE-2009-0461 (Whole Hog Password Protect: Enhanced 1.x allows remote
attackers to ...)
+ TODO: check
+CVE-2009-0460 (Whole Hog Ware Support 1.x allows remote attackers to bypass
...)
+ TODO: check
+CVE-2009-0459 (Multiple SQL injection vulnerabilities in
admin/login_submit.php in ...)
+ TODO: check
+CVE-2009-0458 (Multiple SQL injection vulnerabilities in
admin/login_submit.php in ...)
+ TODO: check
+CVE-2009-0457 (Multiple directory traversal vulnerabilities in AJA Portal 1.2
allow ...)
+ TODO: check
+CVE-2009-0456 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2009-0455
+ RESERVED
+CVE-2009-0454 (Multiple SQL injection vulnerabilities in DMXReady Online
Notebook ...)
+ TODO: check
+CVE-2009-0453 (Online Grades 3.2.4 allows remote attackers to obtain
configuration ...)
+ TODO: check
+CVE-2009-0452 (Multiple SQL injection vulnerabilities in parents/login.php in
Online ...)
+ TODO: check
+CVE-2009-0451 (SQL injection vulnerability in Skalfa SkaLinks 1.5 allows
remote ...)
+ TODO: check
+CVE-2009-0450 (Stack-based buffer overflow in BlazeVideo HDTV Player 3.5 and
earlier ...)
+ TODO: check
+CVE-2009-0449 (Buffer overflow in klim5.sys in Kaspersky Anti-Virus for
Workstations ...)
+ TODO: check
+CVE-2009-0448 (Directory traversal vulnerability in
admin/modules/aa/preview.php in ...)
+ TODO: check
+CVE-2009-0447 (Multiple SQL injection vulnerabilities in default.asp in
MyDesign ...)
+ TODO: check
+CVE-2009-0446 (SQL injection vulnerability in photo.php in WEBalbum 2.4b
allows ...)
+ TODO: check
+CVE-2009-0445 (SQL injection vulnerability in index.php in Dreampics Gallery
Builder ...)
+ TODO: check
+CVE-2009-0444 (Multiple PHP remote file inclusion vulnerabilities in GRBoard
1.8, ...)
+ TODO: check
+CVE-2009-0443 (Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116
allows ...)
+ TODO: check
+CVE-2009-0442 (Directory traversal vulnerability in bbcode.php in PHPbbBook
1.3 and ...)
+ TODO: check
+CVE-2009-0441 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2009-0440
+ RESERVED
+CVE-2009-0439
+ RESERVED
+CVE-2009-0438
+ RESERVED
+CVE-2009-0437
+ RESERVED
+CVE-2009-0436
+ RESERVED
+CVE-2009-0435
+ RESERVED
+CVE-2009-0434
+ RESERVED
+CVE-2009-0433
+ RESERVED
+CVE-2009-0432
+ RESERVED
+CVE-2008-6090 (Directory traversal vulnerability in members.php in ScriptsEz
Mini ...)
+ TODO: check
+CVE-2008-6089 (Directory traversal vulnerability in main.php in ScriptsEz Easy
Image ...)
+ TODO: check
+CVE-2008-6088 (SQL injection vulnerability in the Joomtracker
(com_joomtracker) 1.01 ...)
+ TODO: check
+CVE-2008-6087 (Cross-site scripting (XSS) vulnerability in topic.php in Camera
Life ...)
+ TODO: check
+CVE-2008-6086 (SQL injection vulnerability in album.php in Camera Life 2.6.2b4
allows ...)
+ TODO: check
+CVE-2008-6085 (Integer overflow in multiple F-Secure anti-virus products,
including ...)
+ TODO: check
+CVE-2008-6084 (Unrestricted file upload vulnerability in pages/download.php in
Iamma ...)
+ TODO: check
+CVE-2008-6083 (Directory traversal vulnerability in header.php in TXTshop beta
1.0 ...)
+ TODO: check
+CVE-2008-6082 (Titan FTP Server 6.26 build 630 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2008-6081 (SQL injection vulnerability in contact.php in Simple Customer
1.2 ...)
+ TODO: check
+CVE-2008-6080 (Directory traversal vulnerability in download.php in the
ionFiles ...)
+ TODO: check
+CVE-2008-6079 (Multiple unspecified vulnerabilities in imlib2 before 1.4.2
have ...)
+ TODO: check
+CVE-2008-6078 (SQL injection vulnerability in open.php in the Private
Messaging ...)
+ TODO: check
+CVE-2008-6077 (SQL injection vulnerability in loudblog/ajax.php in LoudBlog
0.8.0a ...)
+ TODO: check
+CVE-2008-6076 (SQL injection vulnerability in the Daily Message
(com_dailymessage) ...)
+ TODO: check
+CVE-2008-6075 (SQL injection vulnerability in aspkat.asp in Bahar Download
Script 2.0 ...)
+ TODO: check
+CVE-2008-6074 (Directory traversal vulnerability in frame.php in phpcrs 2.06
and ...)
+ TODO: check
+CVE-2008-6073 (StorageCrypt 2.0.1 does not properly encrypt disks, which
allows local ...)
+ TODO: check
+CVE-2008-6072 (Multiple unspecified vulnerabilities in GraphicsMagick before
1.1.14, ...)
+ TODO: check
+CVE-2008-6071 (Heap-based buffer overflow in the DecodeImage function in ...)
+ TODO: check
+CVE-2008-6070 (Multiple heap-based buffer underflows in the ReadPALMImage
function in ...)
+ TODO: check
+CVE-2008-6069 (SQL injection vulnerability in e107chat.php in the eChat plugin
4.2 ...)
+ TODO: check
+CVE-2008-6068 (SQL injection vulnerability in the JoomlaDate (com_joomladate)
...)
+ TODO: check
+CVE-2003-1569 (GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows
remote ...)
+ TODO: check
+CVE-2003-1568 (GoAhead WebServer before 2.1.6 allows remote attackers to cause
a ...)
+ TODO: check
+CVE-2002-2431 (Unspecified vulnerability in GoAhead WebServer before 2.1.4
allows ...)
+ TODO: check
+CVE-2002-2430 (GoAhead WebServer before 2.1.1 allows remote attackers to cause
a ...)
+ TODO: check
+CVE-2002-2429 (webs.c in GoAhead WebServer before 2.1.4 allows remote
attackers to ...)
+ TODO: check
+CVE-2002-2428 (webs.c in GoAhead WebServer before 2.1.4 allows remote
attackers to ...)
+ TODO: check
+CVE-2002-2427 (The security handler in GoAhead WebServer before 2.1.1 allows
remote ...)
+ TODO: check
CVE-2008-XXXX [iceweasel-firegpg: Passphrase and Cleartext Recovery]
- iceweasel-firegpg <unfixed> (bug #514386)
CVE-2009-0431 (SQL injection vulnerability in Default.asp in LinksPro Standard
...)
@@ -73,8 +227,8 @@
NOT-FOR-US: ADbNewsSender
CVE-2008-6046 (SQL injection vulnerability in ADbNewsSender before 1.5.2
allows ...)
NOT-FOR-US: ADbNewsSender
-CVE-2009-0417
- RESERVED
+CVE-2009-0417 (Cross-site scripting (XSS) vulnerability in the ...)
+ TODO: check
CVE-2009-0416 (The SSL certificate setup program (genSslCert.sh) in Standards
Based ...)
NOT-FOR-US: sblim-sfcb
CVE-2009-0415 (Untrusted search path vulnerability in trickle 1.07 allows
local users ...)
@@ -165,10 +319,10 @@
NOT-FOR-US: Joomla
CVE-2009-0377 (SQL injection vulnerability in the beamospetition
(com_beamospetition) ...)
NOT-FOR-US: Joomla
-CVE-2009-0376
- RESERVED
-CVE-2009-0375
- RESERVED
+CVE-2009-0376 (A DLL file in RealNetworks RealPlayer 11 allows remote
attackers to ...)
+ TODO: check
+CVE-2009-0375 (A DLL file in RealNetworks RealPlayer 11 allows remote
attackers to ...)
+ TODO: check
CVE-2009-0374 (** DISPUTED ** ...)
NOT-FOR-US: Google Chrome
CVE-2009-0373 (SQL injection vulnerability in the ElearningForce Flash
Magazine ...)
@@ -265,7 +419,7 @@
- mahara 1.0.9-1 (low)
[lenny] - mahara 1.0.4-4
NOTE: CVE id requested
-CVE-2009-0478 [squid: denial of service]
+CVE-2009-0478 (Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to
3.1.0.4 ...)
- squid 2.7.STABLE3-4.1 (medium; bug #514142)
- squid3 3.0.STABLE8-3 (medium)
[etch] - squid <not-affected> (Vulnerable code not present)
@@ -461,7 +615,7 @@
[etch] - gnumeric <no-dsa> (Minor issue)
CVE-2009-0317 (Untrusted search path vulnerability in the Python language
bindings ...)
- nautilus-python 0.4.3-3.2 (low; bug #513419)
-CVE-2009-0316 (Untrusted search path vulnerability in the Python module in vim
allows ...)
+CVE-2009-0316 (Untrusted search path vulnerability in src/if_python.c in the
Python ...)
- vim 2:7.2.025-2 (low; bug #493937)
[lenny] - vim 1:7.1.314-3+lenny2
NOTE: Could be fixed via next DSA with other issues
@@ -838,24 +992,24 @@
RESERVED
CVE-2009-0215
RESERVED
-CVE-2009-0214
- RESERVED
-CVE-2009-0213
- RESERVED
-CVE-2009-0212
- RESERVED
-CVE-2009-0211
- RESERVED
-CVE-2009-0210
- RESERVED
+CVE-2009-0214 (Unspecified vulnerability in the WebFGServer application in
AREVA ...)
+ TODO: check
+CVE-2009-0213 (Unspecified vulnerability in the NETIO application in AREVA ...)
+ TODO: check
+CVE-2009-0212 (Unspecified vulnerability in the WebFGServer application in
AREVA ...)
+ TODO: check
+CVE-2009-0211 (Unspecified vulnerability in the WebFGServer application in
AREVA ...)
+ TODO: check
+CVE-2009-0210 (Buffer overflow in the MLF application in AREVA e-terrahabitat
5.7 and ...)
+ TODO: check
CVE-2009-0209
RESERVED
CVE-2009-0208
RESERVED
CVE-2009-0207
RESERVED
-CVE-2009-0206
- RESERVED
+CVE-2009-0206 (Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and
earlier ...)
+ TODO: check
CVE-2009-0205
RESERVED
CVE-2009-0204 (Cross-site scripting (XSS) vulnerability in HP Select Access
6.1 and ...)
@@ -4530,14 +4684,14 @@
RESERVED
CVE-2008-4563
RESERVED
-CVE-2008-4562
- RESERVED
+CVE-2008-4562 (Buffer overflow in the ovlaunch CGI program in HP OpenView
Network ...)
+ TODO: check
CVE-2008-4561
RESERVED
-CVE-2008-4560
- RESERVED
-CVE-2008-4559
- RESERVED
+CVE-2008-4560 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53
allows ...)
+ TODO: check
+CVE-2008-4559 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53
allows ...)
+ TODO: check
CVE-2008-4557 (plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru
1.1.1 ...)
NOT-FOR-US: CuteNews.ru
CVE-2008-4556 (Stack-based buffer overflow in the adm_build_path function in
sadmind ...)
@@ -13243,9 +13397,9 @@
NOT-FOR-US: CTSUEng.ocx
CVE-2008-0954
RESERVED
-CVE-2008-0953 (Unspecified vulnerability in a certain ActiveX control in ...)
+CVE-2008-0953 (The StartApp function in the HPISDataManagerLib.Datamgr ActiveX
...)
NOT-FOR-US: ActiveX control
-CVE-2008-0952 (Unspecified vulnerability in a certain ActiveX control in ...)
+CVE-2008-0952 (The AppendStringToFile function in the
HPISDataManagerLib.Datamgr ...)
NOT-FOR-US: ActiveX control
CVE-2008-0951 (Microsoft Windows Vista does not properly enforce the ...)
NOT-FOR-US: Windows Vista
@@ -18590,19 +18744,19 @@
NOT-FOR-US: IBM Director
CVE-2007-5611
RESERVED
-CVE-2007-5610 (Unspecified vulnerability in a certain ActiveX control in ...)
+CVE-2007-5610 (The DeleteSingleFile function in the HPISDataManagerLib.Datamgr
...)
NOT-FOR-US: ActiveX control
CVE-2007-5609
RESERVED
-CVE-2007-5608 (Unspecified vulnerability in a certain ActiveX control in ...)
+CVE-2007-5608 (The DownloadFile function in the HPISDataManagerLib.Datamgr
ActiveX ...)
NOT-FOR-US: ActiveX control
-CVE-2007-5607 (Unspecified vulnerability in a certain ActiveX control in ...)
+CVE-2007-5607 (Buffer overflow in the RegistryString function in the ...)
NOT-FOR-US: ActiveX control
-CVE-2007-5606 (Unspecified vulnerability in a certain ActiveX control in ...)
+CVE-2007-5606 (Buffer overflow in the MoveFile function in the ...)
NOT-FOR-US: ActiveX control
-CVE-2007-5605 (Unspecified vulnerability in a certain ActiveX control in ...)
+CVE-2007-5605 (Buffer overflow in the GetFileTime function in the ...)
NOT-FOR-US: ActiveX control
-CVE-2007-5604 (Unspecified vulnerability in a certain ActiveX control in ...)
+CVE-2007-5604 (Buffer overflow in the ExtractCab function in the ...)
NOT-FOR-US: ActiveX control
CVE-2007-5603 (Stack-based buffer overflow in the SonicWall SSL-VPN
NetExtender ...)
NOT-FOR-US: SonicWall SSL-VPN NetExtender
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
