[Secure-testing-commits] r8196 - data/CVE

Thu Feb 21 22:07:58 UTC 2008

Author: thijs
Date: 2008-02-21 22:07:56 +0000 (Thu, 21 Feb 2008)
New Revision: 8196

Modified:
   data/CVE/list
Log:
several new issues, most already fixed in sid
some NFU's


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2008-02-21 21:26:17 UTC (rev 8195)
+++ data/CVE/list	2008-02-21 22:07:56 UTC (rev 8196)
@@ -1,51 +1,54 @@
 CVE-2008-0803 (Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan ...)
-	TODO: check
+	NOT-FOR-US: LookStrike Lan Manager
 CVE-2008-0802 (SQL injection vulnerability in index.php in the com_mediaslide ...)
-	TODO: check
+	NOT-FOR-US: Joomla component
 CVE-2008-0801 (Multiple SQL injection vulnerabilities in index.php in the ...)
-	TODO: check
+	NOT-FOR-US: Joomla component
 CVE-2008-0800 (SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) ...)
-	TODO: check
+	NOT-FOR-US: Joomla component
 CVE-2008-0799 (SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 ...)
-	TODO: check
+	NOT-FOR-US: Joomla component
 CVE-2008-0798 (Multiple directory traversal vulnerabilities in artmedic webdesign ...)
-	TODO: check
+	NOT-FOR-US: artmedic webdesign
 CVE-2008-0797 (Directory traversal vulnerability in lib/download.php in iTheora 1.0 ...)
-	TODO: check
+	NOT-FOR-US: iTheora
 CVE-2008-0796 (SQL injection vulnerability in threads.php in Nuboard 0.5 allows ...)
-	TODO: check
+	NOT-FOR-US: Nuboard
 CVE-2008-0795 (SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) ...)
-	TODO: check
+	NOT-FOR-US: Joomla component
 CVE-2008-0794 (Directory traversal vulnerability in user/header.php in Affiliate ...)
-	TODO: check
+	NOT-FOR-US: Affiliate Market
 CVE-2008-0793 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in ...)
-	TODO: check
+	NOT-FOR-US: Tendenci CMS
 CVE-2008-0792 (Multiple F-Secure anti-virus products, including Internet Security ...)
-	TODO: check
+	NOT-FOR-US: F-Secure
 CVE-2008-0791 (ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Intermate WinIPDS
 CVE-2008-0790 (Directory traversal vulnerability in ipdsserver.exe in Intermate ...)
-	TODO: check
+	NOT-FOR-US: Intermate WinIPDS
 CVE-2008-0789 (SQL injection vulnerability in countdown.php in LI-Scripts ...)
-	TODO: check
+	NOT-FOR-US: LI Countdown
 CVE-2008-0788 (Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2008-0787 (SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2008-0786 (CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 ...)
-	TODO: check
+	- cacti 0.8.7b-1
+	[etch] - cacti <not-affected> (Not exploitable with Etch PHP version)
+	NOTE: this is prevented by PHP since 4.4.2/5.1.2.
 CVE-2008-0785 (Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b ...)
-	TODO: check
+	- cacti 0.8.7b-1
 CVE-2008-0784 (graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows ...)
-	TODO: check
+	- cacti 0.8.7b-1 (unimportant)
+	NOTE: paths on Debian already known
 CVE-2008-0783 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 ...)
-	TODO: check
+	- cacti 0.8.7b-1
 CVE-2008-0782 (Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows ...)
-	TODO: check
+	- moin 1.5.8-5.1
 CVE-2008-0781 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	- moin 1.5.8-5.1
 CVE-2008-0780 (Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through ...)
-	TODO: check
+	- moin 1.5.8-5.1
 CVE-2008-XXXX [diatheke remote command execution]
 	- sword 1.5.9-8 (high; bug #466449)
 	NOTE: CVE ID requested
@@ -64,7 +67,10 @@
 CVE-2008-0778 (Multiple stack-based buffer overflows in an ActiveX control in ...)
 	NOT-FOR-US: QuickTime
 CVE-2008-0777 (The sendfile system call in FreeBSD 5.5 through 7.0 does not check the ...)
-	TODO: check
+	- kfreebsd-5 <removed>
+	[etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported)
+	- kfreebsd-6 <unfixed>
+	- kfreebsd-7 <unfixed>
 CVE-2008-0776 (SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows ...)
 	NOT-FOR-US: iTechBids
 CVE-2008-0775 (Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple ...)
@@ -350,7 +356,7 @@
 CVE-2008-0643
 	RESERVED
 CVE-2008-0642 (Cross-site scripting (XSS) vulnerability in files created by Adobe ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2008-0808 [XSS in the meta plugin in ikiwiki]
 	- ikiwiki 2.31.1 (low; bug #465110)
 CVE-2008-0809 [XSS in the htmlscrubber in ikiwiki]
@@ -584,17 +590,17 @@
 CVE-2008-0532
 	RESERVED
 CVE-2008-0531 (Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2008-0530 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2008-0529 (Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2008-0528 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2008-0527 (The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2008-0526 (Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2008-0525 (PatchLink Update client for Unix, as used by Novell ZENworks Patch ...)
 	NOT-FOR-US: PatchLink Update client for Unix
 CVE-2008-0524 (Cross-site request forgery (CSRF) vulnerability in the management ...)
@@ -652,7 +658,7 @@
 	- openldap2.2 <removed>
 	- openldap2 <not-affected> (slapd not built)
 CVE-2007-6696 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...)
-	TODO: check
+	- webcalendar <unfixed>
 CVE-2007-6695 (Cross-site scripting (XSS) vulnerability in index.php in Drake CMS ...)
 	NOT-FOR-US: Drake CMS
 CVE-2008-0664 (The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, ...)


