[Secure-testing-commits] r8601 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Wed Apr 23 18:07:17 UTC 2008 

Author: nion
Date: 2008-04-23 18:07:16 +0000 (Wed, 23 Apr 2008)
New Revision: 8601

Modified:
   data/CVE/list
Log:
NFUs
CVE-2008-1891 non-issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-04-23 17:46:16 UTC (rev 8600)
+++ data/CVE/list	2008-04-23 18:07:16 UTC (rev 8601)
@@ -5,29 +5,29 @@
 	NOTE: PMASA-2008-3, CVE id requested
 	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_9/phpMyAdmin/libraries/tbl_replace_fields.inc.php?r1=11211&r2=11210&pathrev=11211
 CVE-2008-1914 (Stack-based buffer overflow in the AntServer module (AntServer.exe) in ...)
-	TODO: check
+	NOT-FOR-US: BigAnt Messenger
 CVE-2008-1913 (SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, ...)
-	TODO: check
+	NOT-FOR-US: Lasernet CMS
 CVE-2008-1912 (Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and ...)
-	TODO: check
+	NOT-FOR-US: DivX Player
 CVE-2008-1911 (SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 ...)
-	TODO: check
+	NOT-FOR-US: 1024 CMS
 CVE-2008-1910 (Stack-based buffer overflow in the database service (ibserver.exe) in ...)
-	TODO: check
+	NOT-FOR-US: Borland InterBase
 CVE-2008-1909 (SQL injection vulnerability in comment.php in PHP Knowledge Base ...)
-	TODO: check
+	NOT-FOR-US: PHPKB
 CVE-2008-1908 (Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow ...)
-	TODO: check
+	NOT-FOR-US: cpCommerce
 CVE-2008-1907 (Multiple SQL injection vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: cpCommerce
 CVE-2008-1906 (Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce ...)
-	TODO: check
+	NOT-FOR-US: cpCommerce
 CVE-2008-1905 (NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in ...)
-	TODO: check
+	NOT-FOR-US: Nero MediaHome
 CVE-2008-1904 (Cicoandcico CcMail 1.0.1 and earlier does not verify that the ...)
-	TODO: check
+	NOT-FOR-US: CcMail
 CVE-2008-1903 (PHP remote file inclusion vulnerability in news_show.php in Newanz ...)
-	TODO: check
+	NOT-FOR-US: Newanz NewsOffice
 CVE-2008-1902 (The GUI for aptlinex before 0.91 does not sufficiently warn the user ...)
 	- aptlinex 0.91-1 (low; bug #476572)
 	NOTE: the user gets a confirmation dialog
@@ -35,39 +35,42 @@
 	- aptlinex 0.91-1 (medium; bug #476588)
 	NOTE: code execution via /tmp/gambas-apt-exec is also possible, maintainer confirmed this
 CVE-2008-1900 (option_Update.asp in Carbon Communities 2.4 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: Carbon Communities
 CVE-2008-1899
 	RESERVED
 CVE-2008-1898 (WkImgSrv.dll 7.03.0616 in Microsoft Works 7 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Works
 CVE-2008-1897
 	RESERVED
 CVE-2008-1896 (Multiple cross-site scripting (XSS) vulnerabilities in Carbon ...)
-	TODO: check
+	NOT-FOR-US: Carbon Communities
 CVE-2008-1895 (Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and ...)
-	TODO: check
+	NOT-FOR-US: Carbon Communities
 CVE-2008-1894 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: BusinessObjects InfoView
 CVE-2008-1893 (PHP remote file inclusion vulnerability in index.php in W2B Online ...)
-	TODO: check
+	NOT-FOR-US: W2B Online Banking
 CVE-2008-1892 (Cross-site scripting (XSS) vulnerability in bs_auth.php in ...)
-	TODO: check
+	NOT-FOR-US: Blogator-script
 CVE-2008-1891 (Directory traversal vulnerability in WEBrick in Ruby 1.9.0 and ...)
-	TODO: check
+	- ruby1.8 <unfixed> (unimportant)
+	- ruby1.9 <unfixed> (unimportant)
+	NOTE: corner-case only exploitable if web application is run on windows fs
+
 CVE-2008-1890 (SQL injection vulnerability in the Jom Comment 2.0 build 345 component ...)
-	TODO: check
+	NOT-FOR-US: Jom Comment for Joomla!
 CVE-2008-1889 (SQL injection vulnerability in viewcat.php in XplodPHP AutoTutorials ...)
-	TODO: check
+	NOT-FOR-US: XplodPHP AutoTutorials
 CVE-2008-1888 (Cross-site scripting (XSS) vulnerability in Microsoft Windows ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-2008-1886 (The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in ...)
-	TODO: check
+	NOT-FOR-US: CDNetworks Nefficient Download
 CVE-2008-1885 (Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX ...)
-	TODO: check
+	NOT-FOR-US: NeffyLauncher
 CVE-2008-1884 (Directory traversal vulnerability in index.php in Wikepage Opus 13 ...)
-	TODO: check
+	NOT-FOR-US: Wikepage
 CVE-2008-1883 (The server in Blackboard Academic Suite 7.x stores MD5 password hashes ...)
-	TODO: check
+	NOT-FOR-US: Blackboard Academic Suite
 CVE-2008-1882
 	RESERVED
 CVE-2008-1881 (Stack-based buffer overflow in the ParseSSA function ...)

More information about the Secure-testing-commits mailing list