[Secure-testing-commits] r9686 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Wed Aug 27 21:14:15 UTC 2008


Author: joeyh
Date: 2008-08-27 21:14:12 +0000 (Wed, 27 Aug 2008)
New Revision: 9686

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-08-27 20:50:14 UTC (rev 9685)
+++ data/CVE/list	2008-08-27 21:14:12 UTC (rev 9686)
@@ -1,3 +1,191 @@
+CVE-2008-3844 (Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, ...)
+	TODO: check
+CVE-2008-3843 (Request Validation (aka the ValidateRequest filters) in ASP.NET in ...)
+	TODO: check
+CVE-2008-3842 (Request Validation (aka the ValidateRequest filters) in ASP.NET in ...)
+	TODO: check
+CVE-2008-3841 (Cross-site scripting (XSS) vulnerability in admin/search_links.php in ...)
+	TODO: check
+CVE-2008-3840 (Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in ...)
+	TODO: check
+CVE-2008-3839 (Unspecified vulnerability in the NFS module in the kernel in Sun ...)
+	TODO: check
+CVE-2008-3838 (Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) ...)
+	TODO: check
+CVE-2008-3837
+	RESERVED
+CVE-2008-3836
+	RESERVED
+CVE-2008-3835
+	RESERVED
+CVE-2008-3834
+	RESERVED
+CVE-2008-3833
+	RESERVED
+CVE-2008-3832
+	RESERVED
+CVE-2008-3831
+	RESERVED
+CVE-2008-3830
+	RESERVED
+CVE-2008-3829
+	RESERVED
+CVE-2008-3828
+	RESERVED
+CVE-2008-3827
+	RESERVED
+CVE-2008-3826
+	RESERVED
+CVE-2008-3825
+	RESERVED
+CVE-2008-3824
+	RESERVED
+CVE-2008-3823
+	RESERVED
+CVE-2008-3822
+	RESERVED
+CVE-2008-3821
+	RESERVED
+CVE-2008-3820
+	RESERVED
+CVE-2008-3819
+	RESERVED
+CVE-2008-3818
+	RESERVED
+CVE-2008-3817
+	RESERVED
+CVE-2008-3816
+	RESERVED
+CVE-2008-3815
+	RESERVED
+CVE-2008-3814
+	RESERVED
+CVE-2008-3813
+	RESERVED
+CVE-2008-3812
+	RESERVED
+CVE-2008-3811
+	RESERVED
+CVE-2008-3810
+	RESERVED
+CVE-2008-3809
+	RESERVED
+CVE-2008-3808
+	RESERVED
+CVE-2008-3807
+	RESERVED
+CVE-2008-3806
+	RESERVED
+CVE-2008-3805
+	RESERVED
+CVE-2008-3804
+	RESERVED
+CVE-2008-3803
+	RESERVED
+CVE-2008-3802
+	RESERVED
+CVE-2008-3801
+	RESERVED
+CVE-2008-3800
+	RESERVED
+CVE-2008-3799
+	RESERVED
+CVE-2008-3798
+	RESERVED
+CVE-2008-3797
+	RESERVED
+CVE-2008-3796 (Swfdec 0.6 before 0.6.8 allows remote attackers to cause a denial of ...)
+	TODO: check
+CVE-2008-3795 (Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP ...)
+	TODO: check
+CVE-2008-3793
+	RESERVED
+CVE-2008-3792
+	RESERVED
+CVE-2008-3791
+	RESERVED
+CVE-2008-3788 (Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, ...)
+	TODO: check
+CVE-2008-3787 (SQL injection vulnerability in listing_view.php in Web Directory ...)
+	TODO: check
+CVE-2008-3786 (Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO ...)
+	TODO: check
+CVE-2008-3785 (Multiple SQL injection vulnerabilities in the com_content component in ...)
+	TODO: check
+CVE-2008-3784 (SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and ...)
+	TODO: check
+CVE-2008-3783 (Multiple SQL injection vulnerabilities in index.php in Matterdaddy ...)
+	TODO: check
+CVE-2008-3782 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
+	TODO: check
+CVE-2008-3781 (Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 ...)
+	TODO: check
+CVE-2008-3780 (SQL injection vulnerability in recommend.php in Five Star Review ...)
+	TODO: check
+CVE-2008-3779 (Cross-site scripting (XSS) vulnerability in search/index.php in Five ...)
+	TODO: check
+CVE-2008-3778 (The remote management interface in SIP Enablement Services (SES) ...)
+	TODO: check
+CVE-2008-3777 (The SIP Enablement Services (SES) Server in Avaya SIP Enablement ...)
+	TODO: check
+CVE-2008-3776 (Directory traversal vulnerability in Fujitsu Web-Based Admin View ...)
+	TODO: check
+CVE-2008-3775 (Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the ...)
+	TODO: check
+CVE-2008-3774 (SQL injection vulnerability in index.php in Simasy CMS allows remote ...)
+	TODO: check
+CVE-2008-3773 (Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and ...)
+	TODO: check
+CVE-2008-3772 (SQL injection vulnerability in categories_portal.php in Pars4u ...)
+	TODO: check
+CVE-2008-3771 (Cross-site scripting (XSS) vulnerability in members.php in Pars4u ...)
+	TODO: check
+CVE-2008-3770 (Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, ...)
+	TODO: check
+CVE-2008-3769 (PHP remote file inclusion vulnerability in admin/create_order_new.php ...)
+	TODO: check
+CVE-2008-3768 (Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey ...)
+	TODO: check
+CVE-2008-3767 (SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows ...)
+	TODO: check
+CVE-2008-3766 (Realtime Internet Band Rehearsal Low-Latency (Internet) Connection ...)
+	TODO: check
+CVE-2008-3765 (SQL injection vulnerability in code.php in Quick Poll Script allows ...)
+	TODO: check
+CVE-2008-3764 (Eval injection vulnerability in chat.php in Turnkey PHP Live Helper ...)
+	TODO: check
+CVE-2008-3763 (Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live ...)
+	TODO: check
+CVE-2008-3762 (SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP ...)
+	TODO: check
+CVE-2008-3761 (hcmon.sys in VMware Workstation 6.0.0.45731 uses the METHOD_NEITHER ...)
+	TODO: check
+CVE-2008-3760 (Cross-site request forgery (CSRF) vulnerability in the sign-out page ...)
+	TODO: check
+CVE-2008-3759 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
+CVE-2008-3758 (Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla ...)
+	TODO: check
+CVE-2008-3757 (SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix ...)
+	TODO: check
+CVE-2008-3756 (SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing ...)
+	TODO: check
+CVE-2008-3755 (SQL injection vulnerability in view.php in YourFreeWorld Classifieds ...)
+	TODO: check
+CVE-2008-3754 (SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text ...)
+	TODO: check
+CVE-2008-3753 (SQL injection vulnerability in details.php in YourFreeWorld Programs ...)
+	TODO: check
+CVE-2008-3752 (SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange ...)
+	TODO: check
+CVE-2008-3751 (SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url ...)
+	TODO: check
+CVE-2008-3750 (SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator ...)
+	TODO: check
+CVE-2008-3749 (SQL injection vulnerability in tr.php in Banner Management Script ...)
+	TODO: check
+CVE-2008-3748 (SQL injection vulnerability in view_group.php in Active PHP Bookmarks ...)
+	TODO: check
 CVE-2008-XXXX [emacs-jabber: insecure temp files]
 	- emacs-jabber 0.7.91-2 (low; bug #496428)
 CVE-2008-XXXX [xastir: insecure temp files]
@@ -4,7 +192,7 @@
 	- xastir 1.9.2-1.1 (low; bug #496383)
 CVE-2008-XXXX [mon: insecure temp files]
 	- mon <unfixed> (medium; bug #496398)
-CVE-2008-3790 [ruby rexml DoS]
+CVE-2008-3790 (The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through ...)
 	- ruby1.8 <unfixed> (bug #496808)
 	- ruby1.9 <unfixed>
 CVE-2008-XXXX [apertium: insecure temp files]
@@ -30,7 +218,7 @@
 CVE-2008-XXXX [insecure temp file in ogle]
 	- ogle <unfixed> (unimportant; bug #496420; bug #496425)
 	NOTE: This only affects debugging scripts not present in standard path
-CVE-2008-3789 [samba group_mapping.ldb created world writeable]
+CVE-2008-3789 (Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb ...)
 	- samba <unfixed> (bug #496073; medium)
 	[etch] - samba <not-affected> (Only affects Samba 3.2.x)
 CVE-2008-XXXX [insecure temp file in nvi]
@@ -117,20 +305,20 @@
 	- lazarus 0.9.24-0-11 (low)
 CVE-2008-XXXX [crossfire-maps: insecure temp file]
 	- crossfire-maps 1.11.0-2 (low)
-CVE-2008-3794 [vlc mms handling buffer overflow]
+CVE-2008-3794 (Integer signedness error in the mms_ReceiveCommand function in ...)
 	- vlc 0.8.6.h-4 (medium; bug #496265)
-CVE-2008-3747
-	RESERVED
-CVE-2008-3746
-	RESERVED
-CVE-2008-3739
-	RESERVED
-CVE-2008-3738
-	RESERVED
-CVE-2008-3737
-	RESERVED
-CVE-2008-3736
-	RESERVED
+CVE-2008-3747 (The (1) get_edit_post_link and (2) get_edit_comment_link functions in ...)
+	TODO: check
+CVE-2008-3746 (neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of ...)
+	TODO: check
+CVE-2008-3739 (Cross-site scripting (XSS) vulnerability in (1) System Consultants ...)
+	TODO: check
+CVE-2008-3738 (Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier ...)
+	TODO: check
+CVE-2008-3737 (Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 ...)
+	TODO: check
+CVE-2008-3736 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...)
+	TODO: check
 CVE-2008-3735 (Cross-site scripting (XSS) vulnerability in index.php in PHPizabi ...)
 	NOT-FOR-US: PHPizabi
 CVE-2008-3734 (Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and ...)
@@ -228,7 +416,7 @@
 	- havp 20070509-1.1 (bug #496034)
 CVE-2008-3687 (Heap-based buffer overflow in the flask_security_label function in Xen ...)
 	- xen-3 <not-affected> (Not compiled with XSM:FLASK)
-CVE-2008-3686 (The rt6_fill_node function in Linux kernel 2.6.26-rc4, 2.6.26.2, and ...)
+CVE-2008-3686 (The rt6_fill_node function in net/ipv6/route.c in Linux kernel ...)
 	- linux-2.6.24 <not-affected> (Vulnerable code was introduced in 2.6.26)
 	- linux-2.6 <unfixed>
 	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.26)
@@ -283,33 +471,27 @@
 	NOTE: The code in question doesn't dereference the symlink, tested with Etch
 	NOTE: and Lenny. Given that it only takes a minute to test this, it's surprising
 	NOTE: that at least one vendor issued an advisory and upstream pushed a new release...
-CVE-2008-3740 [drupal XSS]
-	RESERVED
+CVE-2008-3740 (Cross-site scripting (XSS) vulnerability in the output filter in ...)
 	{DTSA-156-1}
 	- drupal5 5.10-1 (low; bug #495122)
 	- drupal-4.7 <removed>
-CVE-2008-3741 [drupal XSS]
-	RESERVED
+CVE-2008-3741 (The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 ...)
 	{DTSA-156-1}
 	- drupal5 5.10-1 (low; bug #495122)
 	- drupal-4.7 <removed>
-CVE-2008-3742 [drupal file uploads via blogApi]
-	RESERVED
+CVE-2008-3742 (Unrestricted file upload vulnerability in the BlogAPI module in Drupal ...)
 	{DTSA-156-1}
 	- drupal5 5.10-1 (medium; bug #495122)
 	- drupal-4.7 <removed>
-CVE-2008-3743 [drupal CSRF]
-	RESERVED
+CVE-2008-3743 (Multiple cross-site request forgery (CSRF) vulnerabilities in forms in ...)
 	{DTSA-156-1}
 	- drupal5 <not-affected> (Vulnerable code not present)
 	- drupal-4.7 <removed>
-CVE-2008-3744 [drupal CSRF]
-	RESERVED
+CVE-2008-3744 (Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal ...)
 	{DTSA-156-1}
 	- drupal5 5.10-1 (low; bug #495122)
 	- drupal-4.7 <removed>
-CVE-2008-3745 [drupal upload module privilege escalation]
-	RESERVED
+CVE-2008-3745 (The Upload module in Drupal 6.x before 6.4 allows remote authenticated ...)
 	{DTSA-156-1}
 	- drupal5 <not-affected> (Vulnerable code only present in 6.x)
 	- drupal-4.7 <removed>
@@ -611,8 +793,8 @@
 	RESERVED
 CVE-2008-3527
 	RESERVED
-CVE-2008-3526
-	RESERVED
+CVE-2008-3526 (Integer overflow in the sctp_setsockopt_auth_key function in ...)
+	TODO: check
 CVE-2008-3525
 	RESERVED
 CVE-2008-3524
@@ -1132,8 +1314,7 @@
 	RESERVED
 CVE-2008-3282
 	RESERVED
-CVE-2008-3281
-	RESERVED
+CVE-2008-3281 (libxml2 2.6.32 and earlier does not properly detect recursion during ...)
 	{DSA-1631-1 DTSA-158-1}
 	- libxml2 2.6.32.dfsg-3 (medium)
 CVE-2008-3280
@@ -1247,7 +1428,7 @@
 	- wordpress <not-affected> (Code was only present in svn versions)
 CVE-2008-3232 (Unspecified vulnerability in dotclear before 1.2.8 has unknown impact ...)
 	NOT-FOR-US: dotclear
-CVE-2008-3231 (xine allows user-assisted attackers to cause a denial of service ...)
+CVE-2008-3231 (xine before 1.1.5 allows user-assisted attackers to cause a denial of ...)
 	- xine-lib 1.1.14-2 (bug #492870; low)
 CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a ...)
 	- ffmpeg-debian <unfixed>
@@ -3084,8 +3265,8 @@
 	RESERVED
 CVE-2008-2434
 	RESERVED
-CVE-2008-2433
-	RESERVED
+CVE-2008-2433 (The web management console in Trend Micro OfficeScan 7.0 through 8.0, ...)
+	TODO: check
 CVE-2008-2432
 	RESERVED
 CVE-2008-2431
@@ -3331,8 +3512,7 @@
 	RESERVED
 CVE-2008-2328
 	RESERVED
-CVE-2008-2327 [libtiff buffer undeflow]
-	RESERVED
+CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode and (2) ...)
 	{DSA-1632-1 DTSA-160-1}
 	- tiff <unfixed> (medium)
 	NOTE: maintainer informed
@@ -4859,7 +5039,7 @@
 	- linux-2.6 2.6.25-2 (low)
 	- linux-2.6.24 2.6.24-6~etchnhalf.2
 	NOTE: 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9, fixed in 2.6.24.7 and 2.6.25.2
-CVE-2008-1668 (Unspecified vulnerability in ftpd (aka wu-ftpd 2.4.x) in HP-UX B.11.11 ...)
+CVE-2008-1668 (ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns ...)
 	TODO: check
 CVE-2008-1667 (The Probe Builder Service (aka PBOVISServer.exe) in European ...)
 	NOT-FOR-US: Probe Builder 2.2
@@ -21824,8 +22004,8 @@
 	NOT-FOR-US: sldimdownload ActiveX control
 CVE-2007-1683 (Stack-based buffer overflow in the DoWebMenuAction function in the ...)
 	NOT-FOR-US: IncrediMail
-CVE-2007-1682
-	RESERVED
+CVE-2007-1682 (Multiple stack-based buffer overflows in the FileManager ActiveX ...)
+	TODO: check
 CVE-2007-1681 (Format string vulnerability in libwebconsole_services.so in Sun Java ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2007-1680 (Stack-based buffer overflow in the createAndJoinConference function in ...)




More information about the Secure-testing-commits mailing list