[Secure-testing-commits] r9483 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Thu Jul 31 21:14:10 UTC 2008
Author: joeyh
Date: 2008-07-31 21:14:09 +0000 (Thu, 31 Jul 2008)
New Revision: 9483
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-07-31 20:19:50 UTC (rev 9482)
+++ data/CVE/list 2008-07-31 21:14:09 UTC (rev 9483)
@@ -1,3 +1,135 @@
+CVE-2008-3421 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2008-3420 (Multiple SQL injection vulnerabilities in Mobius Web Publishing ...)
+ TODO: check
+CVE-2008-3419 (SQL injection vulnerability in ugroups.php in Youtuber Clone allows ...)
+ TODO: check
+CVE-2008-3418 (SQL injection vulnerability in browse.php in TriO 2.1 and earlier ...)
+ TODO: check
+CVE-2008-3417 (SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and ...)
+ TODO: check
+CVE-2008-3416 (SQL injection vulnerability in modules/members.php in IceBB before ...)
+ TODO: check
+CVE-2008-3415 (Directory traversal vulnerability in common.php in CMScout 2.05, when ...)
+ TODO: check
+CVE-2008-3414 (SQL injection vulnerability in line2.php in SiteAdmin allows remote ...)
+ TODO: check
+CVE-2008-3413 (SQL injection vulnerability in category.php in Greatclone GC Auction ...)
+ TODO: check
+CVE-2008-3412 (SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 ...)
+ TODO: check
+CVE-2008-3411 (The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 ...)
+ TODO: check
+CVE-2008-3410 (Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2008-3409 (Buffer overflow in Unreal Tournament 3 1.3beta4 and earlier allows ...)
+ TODO: check
+CVE-2008-3408 (Stack-based buffer overflow in CoolPlayer allows user-assisted remote ...)
+ TODO: check
+CVE-2008-3407 (phpLinkat 0.1 allows remote attackers to bypass authentication and ...)
+ TODO: check
+CVE-2008-3406 (SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows ...)
+ TODO: check
+CVE-2008-3405 (Directory traversal vulnerability in index.php in Ricardo Amaral ...)
+ TODO: check
+CVE-2008-3404 (Cross-site scripting (XSS) vulnerability in guestbook.js.php in ...)
+ TODO: check
+CVE-2008-3403 (SQL injection vulnerability in mojoClassified.cgi in MojoPersonals ...)
+ TODO: check
+CVE-2008-3402 (Multiple PHP remote file inclusion vulnerabilities in HIOX Browser ...)
+ TODO: check
+CVE-2008-3401 (PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX ...)
+ TODO: check
+CVE-2008-3400 (XRMS CRM 1.99.2 allows remote attackers to obtain configuration ...)
+ TODO: check
+CVE-2008-3399 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-3398 (Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 ...)
+ TODO: check
+CVE-2008-3397 (Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS ...)
+ TODO: check
+CVE-2008-3396 (Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote ...)
+ TODO: check
+CVE-2008-3395 (Calacode @Mail 5.41 on Linux uses weak world-readable permissions for ...)
+ TODO: check
+CVE-2008-3394 (Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in ...)
+ TODO: check
+CVE-2008-3393 (SQL injection vulnerability in events.cfm in BookMine allows remote ...)
+ TODO: check
+CVE-2008-3392 (Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 ...)
+ TODO: check
+CVE-2008-3391 (Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum ...)
+ TODO: check
+CVE-2008-3390 (Directory traversal vulnerability in libraries/general.init.php in ...)
+ TODO: check
+CVE-2008-3389
+ RESERVED
+CVE-2008-3388 (Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote ...)
+ TODO: check
+CVE-2008-3387 (SQL injection vulnerability in show.php in PHPFootball 1.6 allows ...)
+ TODO: check
+CVE-2008-3386 (SQL injection vulnerability in album.php in AlstraSoft Video Share ...)
+ TODO: check
+CVE-2008-3385 (Directory traversal vulnerability in include/head_chat.inc.php in php ...)
+ TODO: check
+CVE-2008-3384 (Multiple directory traversal vulnerabilities in help/help.php in ...)
+ TODO: check
+CVE-2008-3383 (SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote ...)
+ TODO: check
+CVE-2008-3382 (SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds ...)
+ TODO: check
+CVE-2008-3381 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2008-3380 (Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in ...)
+ TODO: check
+CVE-2008-3379 (Cross-site scripting (XSS) vulnerability in Snark VisualPic 0.3.1 ...)
+ TODO: check
+CVE-2008-3378 (SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows ...)
+ TODO: check
+CVE-2008-3377 (SQL injection vulnerability in picture.php in phpTest 0.6.3 allows ...)
+ TODO: check
+CVE-2008-3376 (Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have ...)
+ TODO: check
+CVE-2008-3375 (The jrCookie function in includes/jamroom-misc.inc.php in JamRoom ...)
+ TODO: check
+CVE-2008-3374 (SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier ...)
+ TODO: check
+CVE-2008-3373 (The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 ...)
+ TODO: check
+CVE-2008-3372 (SQL injection vulnerability in search_form.php in Getacoder Clone ...)
+ TODO: check
+CVE-2008-3371 (Directory traversal vulnerability in install/help.php in TalkBack ...)
+ TODO: check
+CVE-2008-3370 (SQL injection vulnerability in the CUA Login Module in EMC Centera ...)
+ TODO: check
+CVE-2008-3369 (SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and ...)
+ TODO: check
+CVE-2008-3368 (PHP remote file inclusion vulnerability in tools/packages/import.php ...)
+ TODO: check
+CVE-2008-3367 (Cross-site scripting (XSS) vulnerability in RTE_popup_link.asp in Web ...)
+ TODO: check
+CVE-2008-3366 (SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 ...)
+ TODO: check
+CVE-2008-3365 (Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on ...)
+ TODO: check
+CVE-2008-3364 (Buffer overflow in the ObjRemoveCtrl Class ActiveX control in ...)
+ TODO: check
+CVE-2008-3363 (Directory traversal vulnerability in user_portal.php in the Dokeos ...)
+ TODO: check
+CVE-2008-3362 (Unrestricted file upload vulnerability in upload.php in the Giulio ...)
+ TODO: check
+CVE-2008-3361 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote web ...)
+ TODO: check
+CVE-2008-3360 (Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 ...)
+ TODO: check
+CVE-2008-3359 (SQL injection vulnerability in register.php in Steve Bourgeois and ...)
+ TODO: check
+CVE-2008-3358
+ RESERVED
+CVE-2008-3357
+ RESERVED
+CVE-2008-3356
+ RESERVED
CVE-2008-3355 (SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 ...)
NOT-FOR-US: Camera Life
CVE-2008-3354 (Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus ...)
@@ -583,8 +715,8 @@
RESERVED
CVE-2008-3101
RESERVED
-CVE-2008-3100
- RESERVED
+CVE-2008-3100 (Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve ...)
+ TODO: check
CVE-2008-3099
RESERVED
CVE-2008-3098
@@ -902,6 +1034,8 @@
CVE-2008-2936
RESERVED
CVE-2008-2935 [libxslt heap overflow]
+ RESERVED
+ {DSA-1624-1}
- libxslt <unfixed>
NOTE: http://www.ocert.org/advisories/ocert-2008-009.html
CVE-2008-2934 (Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to ...)
@@ -2510,6 +2644,7 @@
CVE-2008-2236
RESERVED
CVE-2008-2235 [opensc initializes CardOS cards with improper access rights]
+ RESERVED
- opensc <unfixed>
NOTE: http://www.opensc-project.org/security.html
CVE-2008-2234
@@ -3845,8 +3980,8 @@
NOTE: 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9, fixed in 2.6.24.7 and 2.6.25.2
CVE-2008-1668
RESERVED
-CVE-2008-1667
- RESERVED
+CVE-2008-1667 (The Probe Builder Service (aka PBOVISServer.exe) in European ...)
+ TODO: check
CVE-2008-1666 (Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7, ...)
NOT-FOR-US: HP Oracle for OpenView
CVE-2008-1665 (Multiple unspecified vulnerabilities in HP Select Identity (HPSI) ...)
@@ -4345,7 +4480,7 @@
CVE-2008-1448
RESERVED
CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, ...)
- {DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
+ {DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
- bind9 1:9.5.0.dfsg-5 (high)
- glibc <unfixed> (low)
- dnsmasq 2.43-1 (medium; bug #490123)
@@ -4688,7 +4823,7 @@
NOT-FOR-US: PacketTrap Networks Tool Suite
CVE-2008-1310 (Directory traversal vulnerability in the TFTP server in PacketTrap ...)
NOT-FOR-US: PacketTrap Networks Tool Suite
-CVE-2008-1309 (The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll ...)
+CVE-2008-1309 (The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in ...)
NOT-FOR-US: RealPlayer
CVE-2008-1308 (SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 ...)
NOT-FOR-US: NukeC30 module for PHP-Nuke
@@ -74326,43 +74461,56 @@
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0661 (A system is running a version of software that was replaced with a ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0660 (A hacker utility, back door, or Trojan Horse is installed on a system, ...)
+CVE-1999-0660
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0659 (A Windows NT Primary Domain Controller (PDC) or Backup Domain ...)
+CVE-1999-0659
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0658 (DCOM is running. ...)
+CVE-1999-0658
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0657 (WinGate is being used. ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0656 (The ugidd service is running. ...)
+CVE-1999-0656 (The ugidd RPC interface, by design, allows remote attackers to ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0655 (A service may include useful information in its banner or help ...)
+CVE-1999-0655
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0654 (The OS/2 or POSIX subsystem in NT is enabled. ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0653 (A component service related to NIS+ is running. ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0652 (A database service is running, e.g. a SQL server, Oracle, or mySQL. ...)
+CVE-1999-0652
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0651 (The rsh/rlogin service is running. ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0650 (The netstat service is running, which provides sensitive information ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0649 (The FSP service is running. ...)
+CVE-1999-0649
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0648 (The X25 service is running. ...)
+CVE-1999-0648
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0647 (The bootparam (bootparamd) service is running. ...)
+CVE-1999-0647
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0646 (The LDAP service is running. ...)
+CVE-1999-0646
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0645 (The IRC service is running. ...)
+CVE-1999-0645
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0644 (The NNTP news service is running. ...)
+CVE-1999-0644
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0643 (The IMAP service is running. ...)
+CVE-1999-0643
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0642 (A POP service is running. ...)
+CVE-1999-0642
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0641 (The UUCP service is running. ...)
NOT-FOR-US: Data pre-dating the Security Tracker
@@ -74378,13 +74526,16 @@
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0635 (The echo service is running. ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0634 (The SSH service is running. ...)
+CVE-1999-0634
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0633 (The HTTP/WWW service is running. ...)
+CVE-1999-0633
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0632 (The RPC portmapper service is running. ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0631 (The NFS service is running. ...)
+CVE-1999-0631
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0630 (The NT Alerter and Messenger services are running. ...)
NOT-FOR-US: Data pre-dating the Security Tracker
@@ -74394,25 +74545,34 @@
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0624 (The rstat/rstatd service is running. ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0623 (The X Windows service is running. ...)
+CVE-1999-0623
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0622 (A component service related to DNS service is running. ...)
+CVE-1999-0622
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0621 (A component service related to NETBIOS is running. ...)
+CVE-1999-0621
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0620 (A component service related to NIS is running. ...)
+CVE-1999-0620
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0619 (The Telnet service is running. ...)
+CVE-1999-0619
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0618 (The rexec service is running. ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0617 (The SMTP service is running. ...)
+CVE-1999-0617
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0616 (The TFTP service is running. ...)
+CVE-1999-0616
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0615 (The SNMP service is running. ...)
+CVE-1999-0615
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0614 (The FTP service is running. ...)
+CVE-1999-0614
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0613 (The rpc.sprayd service is running. ...)
NOT-FOR-US: Data pre-dating the Security Tracker
@@ -74540,7 +74700,8 @@
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0532 (A DNS server allows zone transfers. ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0531 (An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO. ...)
+CVE-1999-0531
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0530 (A system is operating in "promiscuous" mode which allows it to perform ...)
NOT-FOR-US: Data pre-dating the Security Tracker
More information about the Secure-testing-commits
mailing list