[Secure-testing-commits] r8615 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Fri Apr 25 21:14:17 UTC 2008
Author: joeyh
Date: 2008-04-25 21:14:16 +0000 (Fri, 25 Apr 2008)
New Revision: 8615
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-04-25 19:42:08 UTC (rev 8614)
+++ data/CVE/list 2008-04-25 21:14:16 UTC (rev 8615)
@@ -1,12 +1,89 @@
+CVE-2008-1956 (Cross-site scripting (XSS) vulnerability in index.php in Wikepage Opus ...)
+ TODO: check
+CVE-2008-1955 (Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER ...)
+ TODO: check
+CVE-2008-1954 (SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and ...)
+ TODO: check
+CVE-2008-1953 (Cross-site scripting (XSS) vulnerability in the Sitedesigner before ...)
+ TODO: check
+CVE-2008-1952
+ RESERVED
+CVE-2008-1951
+ RESERVED
+CVE-2008-1950
+ RESERVED
+CVE-2008-1949
+ RESERVED
+CVE-2008-1948
+ RESERVED
+CVE-2008-1947
+ RESERVED
+CVE-2008-1946
+ RESERVED
+CVE-2008-1945
+ RESERVED
+CVE-2008-1944
+ RESERVED
+CVE-2008-1943
+ RESERVED
+CVE-2008-1942 (Foxit Reader 2.2 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2008-1941 (Cross-site scripting (XSS) vulnerability in the profile update feature ...)
+ TODO: check
+CVE-2008-1940 (The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and ...)
+ TODO: check
+CVE-2008-1939 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow ...)
+ TODO: check
+CVE-2008-1938 (Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly ...)
+ TODO: check
+CVE-2008-1937 (The user form processing (userform.py) in MoinMoin before 1.6.3, when ...)
+ TODO: check
+CVE-2008-1936 (SQL injection vulnerability in index.php in Classifieds Caffe allows ...)
+ TODO: check
+CVE-2008-1935 (SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! ...)
+ TODO: check
+CVE-2008-1934 (SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1 ...)
+ TODO: check
+CVE-2008-1933 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
+ TODO: check
+CVE-2008-1932 (Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and ...)
+ TODO: check
+CVE-2008-1931 (Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before ...)
+ TODO: check
+CVE-2008-1929
+ RESERVED
+CVE-2008-1928 (Buffer overflow in Imager 0.42 through 0.63 allows attackers to cause ...)
+ TODO: check
+CVE-2008-1926 (Argument injection vulnerability in login (login-utils/login.c) in ...)
+ TODO: check
+CVE-2008-1923 (The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision ...)
+ TODO: check
+CVE-2008-1922
+ RESERVED
+CVE-2008-1921 (SQL injection vulnerability in store_pages/category_list.php in 5th ...)
+ TODO: check
+CVE-2008-1920 (Heap-based buffer overflow in the boxelyRenderer module in the ...)
+ TODO: check
+CVE-2008-1919 (SQL injection vulnerability in listtest.php in YourFreeWorld Apartment ...)
+ TODO: check
+CVE-2008-1918 (SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and ...)
+ TODO: check
+CVE-2008-1917 (Multiple cross-site scripting (XSS) vulnerabilities in AMFPHP 1.2 ...)
+ TODO: check
+CVE-2008-1916 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart ...)
+ TODO: check
+CVE-2008-1915 (SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0 allows ...)
+ TODO: check
CVE-2008-1930 [wordpress integrity protection vulnerability]
+ RESERVED
- wordpress <unfixed> (medium; bug #477910)
NOTE: only exploitable in blogs that allow user registering
-CVE-2008-1927
+CVE-2008-1927 (Double free vulnerability in Perl 5.8.8 allows context-dependent ...)
{DSA-1556-1}
- perl <unfixed>
-CVE-2008-1925 [remote trigger buffer overflow]
+CVE-2008-1925 (Buffer overflow in InspIRCd before 1.1.18, when using the namesx and ...)
- inspircd 1.1.18+dfsg-1 (low)
-CVE-2008-1924 [phpMyAdmin file disclosure]
+CVE-2008-1924 (Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running ...)
{DSA-1557-1}
- phpmyadmin 4:2.11.5.2-1
NOTE: PMASA-2008-3, CVE id requested
@@ -47,8 +124,8 @@
RESERVED
CVE-2008-1898 (WkImgSrv.dll 7.03.0616 in Microsoft Works 7 allows remote attackers to ...)
NOT-FOR-US: Microsoft Works
-CVE-2008-1897
- RESERVED
+CVE-2008-1897 (The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, ...)
+ TODO: check
CVE-2008-1896 (Multiple cross-site scripting (XSS) vulnerabilities in Carbon ...)
NOT-FOR-US: Carbon Communities
CVE-2008-1895 (Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and ...)
@@ -316,16 +393,16 @@
- mt-daapd 0.9~r1696-1.3 (medium; bug #476241)
CVE-2008-1770
RESERVED
-CVE-2008-1769
- RESERVED
-CVE-2008-1768
- RESERVED
+CVE-2008-1769 (VLC before 0.8.6f allow remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2008-1768 (Multiple integer overflows in VLC before 0.8.6f allow remote attackers ...)
+ TODO: check
CVE-2008-1767
RESERVED
CVE-2008-1766 (Multiple unspecified vulnerabilities in phpBB before 3.0.1 have ...)
- phpbb2 <unfixed> (low)
-CVE-2008-1765
- RESERVED
+CVE-2008-1765 (Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and ...)
+ TODO: check
CVE-2008-1764 (Unspecified vulnerability in Opera before 9.27 has unknown impact and ...)
NOT-FOR-US: Opera
CVE-2008-1763 (SQL injection vulnerability in _blogadata/include/sond_result.php in ...)
@@ -1170,12 +1247,10 @@
CVE-2008-1387 (ClamAV before 0.93 allows remote attackers to cause a denial of ...)
- clamav 0.92.1~dfsg2-1
[etch] - clamav <not-affected> (Vulnerable code not present)
-CVE-2008-1386 [serendipity xss]
- RESERVED
+CVE-2008-1386 (Multiple cross-site scripting (XSS) vulnerabilities in the installer ...)
- serendipity 1.3.1-1
NOTE: http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html
-CVE-2008-1385 [serendipity xss]
- RESERVED
+CVE-2008-1385 (Cross-site scripting (XSS) vulnerability in the Top Referrers (aka ...)
- serendipity 1.3.1-1
NOTE: http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html
NOTE: One of these two issues seems very theoretical, other one needs further assessment
@@ -5405,8 +5480,8 @@
RESERVED
CVE-2007-6256
RESERVED
-CVE-2007-6255
- RESERVED
+CVE-2007-6255 (Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in ...)
+ TODO: check
CVE-2007-6254 (Stack-based buffer overflow in the SAP Business Objects ...)
NOT-FOR-US: SAP
CVE-2007-6253 (Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client ...)
@@ -38147,7 +38222,7 @@
- imagemagick 6:6.2.4.5-0.6 (bug #345238; medium)
NOTE: Exploitable through Gnus and Thunderbird.
- graphicsmagick 1.1.7-1
-CVE-2006-0053 (Unspecified vulnerability in Imager (libimager-perl) before 5.0-1 ...)
+CVE-2006-0053 (Imager (libimager-perl) before 0.50 allows user-assisted attackers to ...)
{DSA-1028-1}
- libimager-perl 0.50-1 (bug #359661)
CVE-2006-0052 (The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, ...)
More information about the Secure-testing-commits
mailing list