Author: joeyh
Date: 2009-03-12 21:14:12 +0000 (Thu, 12 Mar 2009)
New Revision: 11383
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-03-12 17:15:23 UTC (rev 11382)
+++ data/CVE/list 2009-03-12 21:14:12 UTC (rev 11383)
@@ -1,4 +1,144 @@
-CVE-2009-0854 [dash: runs login scripts from the current directory]
+CVE-2009-0873 (The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris
before ...)
+ TODO: check
+CVE-2009-0872 (The NFS server in Sun Solaris 10, and OpenSolaris before
snv_111, does ...)
+ TODO: check
+CVE-2009-0871 (The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23,
and ...)
+ TODO: check
+CVE-2009-0870 (The NFSv4 Server module in the kernel in Sun Solaris 10, and
...)
+ TODO: check
+CVE-2009-0869 (Buffer overflow in the client in IBM Tivoli Storage Manager
(TSM) HSM ...)
+ TODO: check
+CVE-2009-0868 (CRLF injection vulnerability in the WebLink template in Fujitsu
...)
+ TODO: check
+CVE-2009-0867 (The HRM-S service in Fujitsu Enhanced Support Facility 3.0 and
3.0.1 ...)
+ TODO: check
+CVE-2009-0866 (pHNews Alpha 1 stores sensitive information under the web root
with ...)
+ TODO: check
+CVE-2009-0865 (Directory traversal vulnerability in the SnapShotToFile method
in the ...)
+ TODO: check
+CVE-2009-0864 (S-Cms 1.1 Stable allows remote attackers to bypass
authentication and ...)
+ TODO: check
+CVE-2009-0863 (SQL injection vulnerability in admin/delete_page.php in S-Cms
1.1 ...)
+ TODO: check
+CVE-2009-0862 (Cross-site scripting (XSS) vulnerability in the ...)
+ TODO: check
+CVE-2009-0861 (Cross-site scripting (XSS) vulnerability in phpDenora before
1.2.3 ...)
+ TODO: check
+CVE-2009-0860 (Cross-site scripting (XSS) vulnerability in the web user
interface in ...)
+ TODO: check
+CVE-2009-0859 (The shm_get_stat function in ipc/shm.c in the shm subsystem in
the ...)
+ TODO: check
+CVE-2009-0858 (The response_addname function in response.c in Daniel J.
Bernstein ...)
+ TODO: check
+CVE-2009-0857 (Cross-site scripting (XSS) vulnerability in /prm/reports in the
...)
+ TODO: check
+CVE-2009-0856 (Multiple cross-site scripting (XSS) vulnerabilities in sample
...)
+ TODO: check
+CVE-2009-0855 (Cross-site scripting (XSS) vulnerability in the administrative
console ...)
+ TODO: check
+CVE-2009-0853 (login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled,
allows ...)
+ TODO: check
+CVE-2009-0852 (showme.php in CelerBB 0.0.2 allows remote attackers to obtain
...)
+ TODO: check
+CVE-2009-0851 (Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when
...)
+ TODO: check
+CVE-2009-0850 (Cross-site scripting (XSS) vulnerability in BitDefender
Internet ...)
+ TODO: check
+CVE-2009-0849 (Stack-based buffer overflow in the DtbClsLogin function in
NovaStor ...)
+ TODO: check
+CVE-2009-0848 (Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0
and 11.1 ...)
+ TODO: check
+CVE-2009-0847
+ RESERVED
+CVE-2009-0846
+ RESERVED
+CVE-2009-0845
+ RESERVED
+CVE-2009-0844
+ RESERVED
+CVE-2009-0843
+ RESERVED
+CVE-2009-0842
+ RESERVED
+CVE-2009-0841
+ RESERVED
+CVE-2009-0840
+ RESERVED
+CVE-2009-0839
+ RESERVED
+CVE-2009-0838 (The crypto pseudo device driver in Sun Solaris 10, and
OpenSolaris ...)
+ TODO: check
+CVE-2009-0837 (Stack-based buffer overflow in Foxit Reader 3.0 before Build
1506, ...)
+ TODO: check
+CVE-2009-0836 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506,
...)
+ TODO: check
+CVE-2008-6450 (Cross-site scripting (XSS) vulnerability in Under Construction,
Baby ...)
+ TODO: check
+CVE-2008-6449 (Cross-site request forgery (CSRF) vulnerability in multiple
Century ...)
+ TODO: check
+CVE-2008-6448 (Cross-site scripting (XSS) vulnerability in install.cgi in
SKYARC ...)
+ TODO: check
+CVE-2008-6447 (Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft
EasyMail ...)
+ TODO: check
+CVE-2008-6446 (Static code injection vulnerability in the Guestbook component
in CMS ...)
+ TODO: check
+CVE-2008-6445 (Unspecified vulnerability in YourPlace before 1.0.1 has unknown
impact ...)
+ TODO: check
+CVE-2008-6444 (Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM
might ...)
+ TODO: check
+CVE-2008-6443 (SQL injection vulnerability in forum_duzen.php in phpKF allows
remote ...)
+ TODO: check
+CVE-2008-6442 (Insecure method vulnerability in Sina Inc. DLoader Class
ActiveX ...)
+ TODO: check
+CVE-2008-6441 (Format string vulnerability in the Epic Games Unreal engine
client, as ...)
+ TODO: check
+CVE-2008-6440 (Cerberus Helpdesk before 4.0 (Build 600) allows remote
attackers to ...)
+ TODO: check
+CVE-2008-6439 (Cross-site scripting (XSS) vulnerability in search_results.php
in ...)
+ TODO: check
+CVE-2008-6438 (SQL injection vulnerability in macgurublog_menu/macgurublog.php
in the ...)
+ TODO: check
+CVE-2008-6437 (Multiple cross-site scripting (XSS) vulnerabilities in
PHPFreeForum ...)
+ TODO: check
+CVE-2008-6436 (Cross-site scripting (XSS) vulnerability in the Web Server in
Xerox ...)
+ TODO: check
+CVE-2008-6435 (Multiple cross-site scripting (XSS) vulnerabilities in
phpSQLiteCMS 1 ...)
+ TODO: check
+CVE-2008-6434 (SQL injection vulnerability in index.cfm in Blue River
Interactive ...)
+ TODO: check
+CVE-2008-6433 (Cross-site scripting (XSS) vulnerability in index.cfm in Blue
River ...)
+ TODO: check
+CVE-2008-6431 (Multiple cross-site scripting (XSS) vulnerabilities in BMForum
5.6 ...)
+ TODO: check
+CVE-2008-6430 (SQL injection vulnerability in the MyContent (com_mycontent)
component ...)
+ TODO: check
+CVE-2008-6429 (SQL injection vulnerability in the PrayerCenter
(com_prayercenter) ...)
+ TODO: check
+CVE-2008-6428 (The CGI framework in Kaya 0.4.0 allows remote attackers to
inject ...)
+ TODO: check
+CVE-2008-6427 (SQL injection vulnerability in index.php in Hivemaker
Professional ...)
+ TODO: check
+CVE-2008-6425 (SQL injection vulnerability in news.php in ComicShout 2.8
allows ...)
+ TODO: check
+CVE-2008-6424 (Directory traversal vulnerability in FFFTP 1.96b allows remote
FTP ...)
+ TODO: check
+CVE-2008-6423 (Directory traversal vulnerability in passwiki.php in PassWiki
0.9.16 ...)
+ TODO: check
+CVE-2008-6422 (Multiple SQL injection vulnerabilities in PsychoStats 2.3,
2.3.1, and ...)
+ TODO: check
+CVE-2008-6421 (PHP remote file inclusion vulnerability in social_game_play.php
in ...)
+ TODO: check
+CVE-2008-6420 (Social Site Generator (SSG) 2.0 allows remote attackers to read
...)
+ TODO: check
+CVE-2008-6419 (Multiple SQL injection vulnerabilities in Social Site Generator
(SSG) ...)
+ TODO: check
+CVE-2008-6418 (SQL injection vulnerability in scrape.php in TorrentTrader
before ...)
+ TODO: check
+CVE-2008-6417 (Unspecified vulnerability in GreenSQL-Console before 0.3.5
allows ...)
+ TODO: check
+CVE-2008-6416 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2009-0854 (Untrusted search path vulnerability in dash 0.5.4, when used as
a ...)
- dash <not-affected> (Debian uses upstream's patch to implement -l)
CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the
seccomp ...)
TODO: check
@@ -20,8 +160,8 @@
NOT-FOR-US: PollHelper
CVE-2009-0826 (BlogHelper stores common_db.inc under the web root with
insufficient ...)
NOT-FOR-US: BlogHelper
-CVE-2009-0825
- RESERVED
+CVE-2009-0825 (SQL injection vulnerability in system/rss.php in TinX/cms 3.x
before ...)
+ TODO: check
CVE-2009-0824
RESERVED
CVE-2009-0823
@@ -66,7 +206,7 @@
TODO: check
CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before
1.2.11 ...)
NOT-FOR-US: phpScheduleIt
-CVE-2009-0819 (sql/item_xmlfunc.cc in MySQL before 5.1.32 allows remote
authenticated ...)
+CVE-2009-0819 (sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before
6.0.10 ...)
- mysql-dfsg-5.0 <not-affected> (Vulnerable code introduced in 5.1.5)
- mysql-dfsg-5.1 5.1.32-1
CVE-2009-0818 (Cross-site scripting (XSS) vulnerability in the ...)
@@ -148,8 +288,7 @@
RESERVED
CVE-2009-0782
RESERVED
-CVE-2009-0781 [tomcat XSS in examples]
- RESERVED
+CVE-2009-0781 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in
the ...)
- tomcat5.5 <unfixed> (unimportant)
- tomcat6 <unfixed> (unimportant)
NOTE: Just examples on how to use Tomcat, not for production
@@ -535,10 +674,10 @@
RESERVED
CVE-2009-0714
RESERVED
-CVE-2009-0713
- RESERVED
-CVE-2009-0712
- RESERVED
+CVE-2009-0713 (Unspecified vulnerability in WMI Mapper for HP Systems Insight
Manager ...)
+ TODO: check
+CVE-2009-0712 (Unspecified vulnerability in WMI Mapper for HP Systems Insight
Manager ...)
+ TODO: check
CVE-2009-0711 (filter.php in PHPFootball 1.6 and earlier allows remote
attackers to ...)
NOT-FOR-US: PHPFootball
CVE-2009-0710 (Multiple cross-site scripting (XSS) vulnerabilities in
PHPFootball 1.6 ...)
@@ -648,9 +787,9 @@
RESERVED
CVE-2009-0661
RESERVED
-CVE-2009-0660
- RESERVED
+CVE-2009-0660 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara
1.0 ...)
{DSA-1736-1}
+ TODO: check
CVE-2009-0659 (Stack-based buffer overflow in the GetStatsFromLine function in
TPTEST ...)
NOT-FOR-US: TPTEST
CVE-2009-0658 (Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat
9.0 and ...)
@@ -1225,8 +1364,8 @@
RESERVED
CVE-2009-0538
RESERVED
-CVE-2009-0537
- RESERVED
+CVE-2009-0537 (Integer overflow in the fts_build function in fts.c in libc in
(1) ...)
+ TODO: check
CVE-2009-0536 (at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and
6.1.0 ...)
NOT-FOR-US: IBM AIX
CVE-2009-0535 (Directory traversal vulnerability in export.php in Thyme 1.3
and ...)
@@ -2431,10 +2570,10 @@
RESERVED
CVE-2009-0235
RESERVED
-CVE-2009-0234
- RESERVED
-CVE-2009-0233
- RESERVED
+CVE-2009-0234 (The DNS Resolver Cache Service (aka DNSCache) in Windows DNS
Server in ...)
+ TODO: check
+CVE-2009-0233 (The DNS Resolver Cache Service (aka DNSCache) in Windows DNS
Server in ...)
+ TODO: check
CVE-2009-0232
RESERVED
CVE-2009-0231
@@ -2517,8 +2656,8 @@
RESERVED
CVE-2009-0192
RESERVED
-CVE-2009-0191
- RESERVED
+CVE-2009-0191 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506,
...)
+ TODO: check
CVE-2009-0190
RESERVED
CVE-2009-0189
@@ -2822,10 +2961,10 @@
NOT-FOR-US: Microsoft
CVE-2009-0095 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does
not ...)
NOT-FOR-US: Microsoft
-CVE-2009-0094
- RESERVED
-CVE-2009-0093
- RESERVED
+CVE-2009-0094 (The WINS server in Microsoft Windows 2000 SP4 and Server 2003
SP1 and ...)
+ TODO: check
+CVE-2009-0093 (Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003
SP1 and ...)
+ TODO: check
CVE-2009-0092
RESERVED
CVE-2009-0091
@@ -2840,16 +2979,16 @@
RESERVED
CVE-2009-0086
RESERVED
-CVE-2009-0085
- RESERVED
+CVE-2009-0085 (The Secure Channel (aka SChannel) authentication component in
...)
+ TODO: check
CVE-2009-0084
RESERVED
-CVE-2009-0083
- RESERVED
-CVE-2009-0082
- RESERVED
-CVE-2009-0081
- RESERVED
+CVE-2009-0083 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and
Server ...)
+ TODO: check
+CVE-2009-0082 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3,
Server 2003 ...)
+ TODO: check
+CVE-2009-0081 (The graphics device interface (GDI) implementation in the
kernel in ...)
+ TODO: check
CVE-2009-0080
RESERVED
CVE-2009-0079
@@ -3592,8 +3731,8 @@
CVE-2009-0028 (The clone system call in the Linux kernel 2.6.28 and earlier
allows ...)
- linux-2.6 <unfixed>
- linux-2.6.24 <unfixed>
-CVE-2009-0027
- RESERVED
+CVE-2009-0027 (The request handler in JBossWS in JBoss Enterprise Application
...)
+ TODO: check
CVE-2009-0026 (Multiple cross-site scripting (XSS) vulnerabilities in Apache
...)
NOT-FOR-US: Apache Jackrabbit
CVE-2009-0025 (BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly
check ...)
@@ -6192,8 +6331,8 @@
RESERVED
CVE-2008-4564
RESERVED
-CVE-2008-4563
- RESERVED
+CVE-2008-4563 (Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used
by the ...)
+ TODO: check
CVE-2008-4562 (Buffer overflow in the ovlaunch CGI program in HP OpenView
Network ...)
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-4561
@@ -9066,8 +9205,7 @@
{DSA-1641-1}
- phpmyadmin 4:2.11.8~rc1-1 (low)
NOTE: exploitation circumstances are rare or require other
vulnerabilities to be present already. may fix combined with another issue but
doesn't warrant DSA on its own
-CVE-2008-3547 [openttd remote buffer overflow]
- RESERVED
+CVE-2008-3547 (Buffer overflow in the server in OpenTTD 0.6.1 and earlier
allows ...)
- openttd 0.6.2-1 (medium; bug #493714)
CVE-2008-3421 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
NOT-FOR-US: Blackboard Academic Suite
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
