[Secure-testing-commits] r11345 - data/CVE

joeyh Fri, 06 Mar 2009 13:14:23 -0800

Author: joeyh
Date: 2009-03-06 21:14:16 +0000 (Fri, 06 Mar 2009)
New Revision: 11345


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-03-06 16:59:34 UTC (rev 11344)
+++ data/CVE/list       2009-03-06 21:14:16 UTC (rev 11345)
@@ -1,3 +1,65 @@
+CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the 
seccomp ...)
+       TODO: check
+CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7 
and ...)
+       TODO: check
+CVE-2009-0833 (Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 
0.31 ...)
+       TODO: check
+CVE-2009-0832 (SQL injection vulnerability in items.php in the E-Cart module 
1.3 for ...)
+       TODO: check
+CVE-2009-0831 (SQL injection vulnerability in members.php in the Members CV 
(job) ...)
+       TODO: check
+CVE-2009-0830 (Cross-site scripting (XSS) vulnerability in QuoteBook allows 
remote ...)
+       TODO: check
+CVE-2009-0829 (Multiple SQL injection vulnerabilities in QuoteBook allow 
remote ...)
+       TODO: check
+CVE-2009-0828 (QuoteBook stores quotes.inc under the web root with 
insufficient ...)
+       TODO: check
+CVE-2009-0827 (PollHelper stores poll.inc under the web root with insufficient 
access ...)
+       TODO: check
+CVE-2009-0826 (BlogHelper stores common_db.inc under the web root with 
insufficient ...)
+       TODO: check
+CVE-2009-0825
+       RESERVED
+CVE-2009-0824
+       RESERVED
+CVE-2009-0823
+       RESERVED
+CVE-2009-0822
+       RESERVED
+CVE-2008-6415 (Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote 
attackers ...)
+       TODO: check
+CVE-2008-6414 (SQL injection vulnerability in detail.php in AJ Auction Pro 
Platinum ...)
+       TODO: check
+CVE-2008-6413 (Cross-site scripting (XSS) vulnerability in the Answers module 
...)
+       TODO: check
+CVE-2008-6412 (Unspecified vulnerability in Vignette Content Management 
7.3.0.5, ...)
+       TODO: check
+CVE-2008-6411 (Explay CMS 2.1 and earlier allows remote attackers to bypass 
...)
+       TODO: check
+CVE-2008-6410 (Directory traversal vulnerability in show.php in ol'bookmarks 
manager ...)
+       TODO: check
+CVE-2008-6409 (SQL injection vulnerability in index.php in ol'bookmarks 
manager 0.7.5 ...)
+       TODO: check
+CVE-2008-6408 (PHP remote file inclusion vulnerability in frame.php in 
ol'bookmarks ...)
+       TODO: check
+CVE-2008-6407 (Directory traversal vulnerability in frame.php in ol'bookmarks 
manager ...)
+       TODO: check
+CVE-2008-6406 (Cross-site scripting (XSS) vulnerability in admin.php in 
DataLife ...)
+       TODO: check
+CVE-2008-6405 (SQL injection vulnerability in showcategory.php in Hotscripts 
Clone ...)
+       TODO: check
+CVE-2008-6404 (Cross-site scripting (XSS) vulnerability in add_calendars.php 
in ...)
+       TODO: check
+CVE-2008-6403 (PHP remote file inclusion vulnerability in ...)
+       TODO: check
+CVE-2008-6402 (PHP remote file inclusion vulnerability in ...)
+       TODO: check
+CVE-2008-6401 (SQL injection vulnerability in sayfa.php in JETIK-WEB allows 
remote ...)
+       TODO: check
+CVE-2008-6400 (Cross-site scripting (XSS) vulnerability in refbase before 
0.9.5 ...)
+       TODO: check
+CVE-2008-6399 (Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 
allows ...)
+       TODO: check
 CVE-2009-0821 (Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to 
cause ...)
        TODO: check
 CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before 
1.2.11 ...)
@@ -394,7 +456,7 @@
        NOT-FOR-US: Tours Manager
 CVE-2009-XXXX [znc: authenticated users can obtain shell access]
        - znc 0.066-1 (bug #516950)
-CVE-2009-0770 [dkim-milter: crash on revoked keys]
+CVE-2009-0770 (dkim-milter 2.6.0 through 2.8.0 allows remote attackers to 
cause a ...)
        - dkim-milter 2.6.0.dfsg-2 (low)
        [lenny] - dkim-milter 2.6.0.dfsg-1+lenny1
        NOTE: 
http://sourceforge.net/tracker/index.php?func=detail&aid=2508602&group_id=139420&atid=744358
@@ -758,7 +820,7 @@
 CVE-2009-XXXX [debian-installer: no-root option in expert installer exposes 
locally exploitable security flaw]
        - debian-installer <unfixed> (bug #517018; low)
        NOTE: should a CVE be requested for this problem?
-CVE-2009-0753 [Http double slash request arbitrary file access vulnerability 
in mldonkey]
+CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through 
2.9.7 ...)
        - mldonkey <unfixed> (bug #516829; medium)
        NOTE: daemon is run as non-root and can only be exploited via localhost
 CVE-2009-0648 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
the ...)
@@ -11197,7 +11259,7 @@
        RESERVED
 CVE-2008-2464 (The mld_input function in sys/netinet6/mld6.c in the kernel in 
NetBSD ...)
        NOT-FOR-US: NetBSD
-CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in 
snapview.ocx, ...)
+CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in 
snapview.ocx ...)
        NOT-FOR-US: Microsoft Office Snapshot Viewer ActiveX
 CVE-2008-2462 (Cross-site scripting (XSS) vulnerability in the viewfile 
documentation ...)
        NOT-FOR-US: Caucho Resin


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11345 - data/CVE

Reply via email to