[Secure-testing-commits] r8196 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Thu Feb 21 22:07:58 UTC 2008
Author: thijs
Date: 2008-02-21 22:07:56 +0000 (Thu, 21 Feb 2008)
New Revision: 8196
Modified:
data/CVE/list
Log:
several new issues, most already fixed in sid
some NFU's
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-02-21 21:26:17 UTC (rev 8195)
+++ data/CVE/list 2008-02-21 22:07:56 UTC (rev 8196)
@@ -1,51 +1,54 @@
CVE-2008-0803 (Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan ...)
- TODO: check
+ NOT-FOR-US: LookStrike Lan Manager
CVE-2008-0802 (SQL injection vulnerability in index.php in the com_mediaslide ...)
- TODO: check
+ NOT-FOR-US: Joomla component
CVE-2008-0801 (Multiple SQL injection vulnerabilities in index.php in the ...)
- TODO: check
+ NOT-FOR-US: Joomla component
CVE-2008-0800 (SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) ...)
- TODO: check
+ NOT-FOR-US: Joomla component
CVE-2008-0799 (SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 ...)
- TODO: check
+ NOT-FOR-US: Joomla component
CVE-2008-0798 (Multiple directory traversal vulnerabilities in artmedic webdesign ...)
- TODO: check
+ NOT-FOR-US: artmedic webdesign
CVE-2008-0797 (Directory traversal vulnerability in lib/download.php in iTheora 1.0 ...)
- TODO: check
+ NOT-FOR-US: iTheora
CVE-2008-0796 (SQL injection vulnerability in threads.php in Nuboard 0.5 allows ...)
- TODO: check
+ NOT-FOR-US: Nuboard
CVE-2008-0795 (SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) ...)
- TODO: check
+ NOT-FOR-US: Joomla component
CVE-2008-0794 (Directory traversal vulnerability in user/header.php in Affiliate ...)
- TODO: check
+ NOT-FOR-US: Affiliate Market
CVE-2008-0793 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in ...)
- TODO: check
+ NOT-FOR-US: Tendenci CMS
CVE-2008-0792 (Multiple F-Secure anti-virus products, including Internet Security ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2008-0791 (ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote ...)
- TODO: check
+ NOT-FOR-US: Intermate WinIPDS
CVE-2008-0790 (Directory traversal vulnerability in ipdsserver.exe in Intermate ...)
- TODO: check
+ NOT-FOR-US: Intermate WinIPDS
CVE-2008-0789 (SQL injection vulnerability in countdown.php in LI-Scripts ...)
- TODO: check
+ NOT-FOR-US: LI Countdown
CVE-2008-0788 (Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2008-0787 (SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2008-0786 (CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 ...)
- TODO: check
+ - cacti 0.8.7b-1
+ [etch] - cacti <not-affected> (Not exploitable with Etch PHP version)
+ NOTE: this is prevented by PHP since 4.4.2/5.1.2.
CVE-2008-0785 (Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b ...)
- TODO: check
+ - cacti 0.8.7b-1
CVE-2008-0784 (graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows ...)
- TODO: check
+ - cacti 0.8.7b-1 (unimportant)
+ NOTE: paths on Debian already known
CVE-2008-0783 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 ...)
- TODO: check
+ - cacti 0.8.7b-1
CVE-2008-0782 (Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows ...)
- TODO: check
+ - moin 1.5.8-5.1
CVE-2008-0781 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ - moin 1.5.8-5.1
CVE-2008-0780 (Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through ...)
- TODO: check
+ - moin 1.5.8-5.1
CVE-2008-XXXX [diatheke remote command execution]
- sword 1.5.9-8 (high; bug #466449)
NOTE: CVE ID requested
@@ -64,7 +67,10 @@
CVE-2008-0778 (Multiple stack-based buffer overflows in an ActiveX control in ...)
NOT-FOR-US: QuickTime
CVE-2008-0777 (The sendfile system call in FreeBSD 5.5 through 7.0 does not check the ...)
- TODO: check
+ - kfreebsd-5 <removed>
+ [etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported)
+ - kfreebsd-6 <unfixed>
+ - kfreebsd-7 <unfixed>
CVE-2008-0776 (SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows ...)
NOT-FOR-US: iTechBids
CVE-2008-0775 (Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple ...)
@@ -350,7 +356,7 @@
CVE-2008-0643
RESERVED
CVE-2008-0642 (Cross-site scripting (XSS) vulnerability in files created by Adobe ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2008-0808 [XSS in the meta plugin in ikiwiki]
- ikiwiki 2.31.1 (low; bug #465110)
CVE-2008-0809 [XSS in the htmlscrubber in ikiwiki]
@@ -584,17 +590,17 @@
CVE-2008-0532
RESERVED
CVE-2008-0531 (Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2008-0530 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2008-0529 (Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2008-0528 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2008-0527 (The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2008-0526 (Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2008-0525 (PatchLink Update client for Unix, as used by Novell ZENworks Patch ...)
NOT-FOR-US: PatchLink Update client for Unix
CVE-2008-0524 (Cross-site request forgery (CSRF) vulnerability in the management ...)
@@ -652,7 +658,7 @@
- openldap2.2 <removed>
- openldap2 <not-affected> (slapd not built)
CVE-2007-6696 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...)
- TODO: check
+ - webcalendar <unfixed>
CVE-2007-6695 (Cross-site scripting (XSS) vulnerability in index.php in Drake CMS ...)
NOT-FOR-US: Drake CMS
CVE-2008-0664 (The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, ...)
More information about the Secure-testing-commits
mailing list