[Secure-testing-commits] r7861 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Wed Jan 9 13:04:24 UTC 2008
Author: nion
Date: 2008-01-09 13:04:24 +0000 (Wed, 09 Jan 2008)
New Revision: 7861
Modified:
data/CVE/list
Log:
NFUs
CVE-2008-0148, CVE-2008-0148 do not affect tutos2
CVE-2008-0101, CVE-2008-0100 fixed in whitedune 0.28.13-1, removing tmp cve entry
CVE-2008-0145 unimportant because of Debian php security policy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-01-09 11:46:37 UTC (rev 7860)
+++ data/CVE/list 2008-01-09 13:04:24 UTC (rev 7861)
@@ -1,65 +1,68 @@
CVE-2008-0159 (SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier ...)
- TODO: check
+ NOT-FOR-US: eggBlog
CVE-2008-0158 (Directory traversal vulnerability in index.php in Shop-Script 2.0 and ...)
- TODO: check
+ NOT-FOR-US: Shop-Script
CVE-2008-0157 (SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: FlexBB
CVE-2008-0156 (Absolute path traversal vulnerability in index.php in Million Dollar ...)
- TODO: check
+ NOT-FOR-US: Million Dollar Script
CVE-2008-0155 (Cross-site scripting (XSS) vulnerability in index.php in EvilBoard ...)
- TODO: check
+ NOT-FOR-US: EvilBoard
CVE-2008-0154 (SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) ...)
- TODO: check
+ NOT-FOR-US: EvilBoard
CVE-2008-0153 (telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Pragma TelnetServer
CVE-2008-0152 (SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier ...)
- TODO: check
+ NOT-FOR-US: SeattleLab SLNet RF Telnet Server
CVE-2008-0151 (Foxit WAC Server 2.1.0.910 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Foxit WAC Server
CVE-2008-0150 (Unspecified vulnerability in the LDAP authentication feature in Aruba ...)
- TODO: check
+ NOT-FOR-US: Aruba Mobility Controller
CVE-2008-0149 (TUTOS 1.3 allows remote attackers to read system information via a ...)
- TODO: check
+ - tutos <removed>
+ - tutos2 <not-affected> (vulnerable code not present)
CVE-2008-0148 (TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows ...)
- TODO: check
+ - tutos <removed>
+ - tutos2 <not-affected> (vulnerable code not present)
CVE-2008-0147 (SQL injection vulnerability in index.php in SmallNuke 2.0.4 and ...)
- TODO: check
+ NOT-FOR-US: SmallNuke
CVE-2008-0146 (Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL ...)
- TODO: check
+ NOT-FOR-US: W3-mSQL
CVE-2008-0145 (Unspecified vulnerability in glob in PHP before 4.4.8, when ...)
- TODO: check
+ - php4 <unfixed> (unimportant)
+ NOTE: open_basedir bypasses not supported
CVE-2008-0144 (PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 ...)
- TODO: check
+ NOT-FOR-US: NetRisk
CVE-2008-0143 (PHP remote file inclusion vulnerability in common/db.php in samPHPweb, ...)
- TODO: check
+ NOT-FOR-US: samPHPweb
CVE-2008-0142 (Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow ...)
- TODO: check
+ NOT-FOR-US: WebPortal CMS
CVE-2008-0141 (actions.php in WebPortal CMS 0.6-beta generates predictable passwords ...)
- TODO: check
+ NOT-FOR-US: WebPortal CMS
CVE-2008-0140 (Directory traversal vulnerability in error.php in Uebimiau Webmail ...)
- TODO: check
+ NOT-FOR-US: Uebimiau Webmail
CVE-2008-0139 (Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog ...)
- TODO: check
+ NOT-FOR-US: Loudblog
CVE-2008-0138 (PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php ...)
- TODO: check
+ NOT-FOR-US: XOOPS
CVE-2008-0137 (PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS ...)
- TODO: check
+ NOT-FOR-US: SNETWORKS
CVE-2008-0136 (Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: Snitz Forums 2000
CVE-2008-0135 (Snitz Forums 2000 3.4.06 and earlier stores sensitive information ...)
- TODO: check
+ NOT-FOR-US: Snitz Forums 2000
CVE-2008-0134 (Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz ...)
- TODO: check
+ NOT-FOR-US: Snitz Forums 2000
CVE-2008-0133 (Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier ...)
- TODO: check
+ NOT-FOR-US: Tribisur
CVE-2008-0132 (Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long ...)
- TODO: check
+ NOT-FOR-US: Pragma FortressSSH
CVE-2008-0131 (Cross-site scripting (XSS) vulnerability in login_form.asp in Instant ...)
- TODO: check
+ NOT-FOR-US: Instant Softwares Dating Site
CVE-2008-0130 (SQL injection vulnerability in login_form.asp in Instant Softwares ...)
- TODO: check
+ NOT-FOR-US: Instant Softwares Dating Site
CVE-2008-0129 (SQL injection vulnerability in starnet/addons/slideshow_full.php in ...)
- TODO: check
+ NOT-FOR-US: Site at School
CVE-2008-0128
RESERVED
CVE-2008-0127
@@ -115,17 +118,17 @@
CVE-2008-0102
RESERVED
CVE-2008-0101 (Format string vulnerability in the swDebugf function in DuneApp.cpp in ...)
- TODO: check
+ - whitedune 0.28.13-1 (medium)
CVE-2008-0100 (Stack-based buffer overflow in the Scene::errorf function in Scene.cpp ...)
- TODO: check
+ - whitedune 0.28.13-1 (medium)
CVE-2008-0099 (Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier ...)
- TODO: check
+ NOT-FOR-US: MyPHP Forum
CVE-2008-0098 (Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote ...)
- TODO: check
+ NOT-FOR-US: RealPlayer
CVE-2008-0097 (Format string vulnerability in the log function in Georgia SoftWorks ...)
- TODO: check
+ NOT-FOR-US: Georgia SoftWorks SSH2 Server
CVE-2008-0096 (Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) ...)
- TODO: check
+ NOT-FOR-US: Georgia SoftWorks SSH2 Server
CVE-2008-0095 (The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, ...)
TODO: check
CVE-2008-0094 (Multiple directory traversal vulnerabilities in MODx Content ...)
@@ -152,8 +155,6 @@
TODO: check
CVE-2008-XXXX [splitvt fails to drop group utmp priviledges]
- splitvt 1.6.6-4
-CVE-2008-XXXX [whitedune buffer overflow]
- - whitedune 0.28.13-1
CVE-2008-XXXX [wordpress information leak]
- wordpress 2.3.2-1 (bug #459305)
CVE-2008-0092 (Cross-site scripting (XSS) vulnerability in index.php in the search ...)
More information about the Secure-testing-commits
mailing list