[Secure-testing-commits] r9138 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Jun 25 09:14:12 UTC 2008
Author: joeyh
Date: 2008-06-25 09:14:11 +0000 (Wed, 25 Jun 2008)
New Revision: 9138
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-06-24 21:29:44 UTC (rev 9137)
+++ data/CVE/list 2008-06-25 09:14:11 UTC (rev 9138)
@@ -1,13 +1,119 @@
+CVE-2008-2841 (Argument injection vulnerability in XChat 2.8.7b and earlier on ...)
+ TODO: check
+CVE-2008-2840 (Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and ...)
+ TODO: check
+CVE-2008-2839 (Cross-site scripting (XSS) vulnerability in the search module in ...)
+ TODO: check
+CVE-2008-2838 (Directory traversal vulnerability in index.php in Traindepot 0.1 ...)
+ TODO: check
+CVE-2008-2837 (SQL injection vulnerability in index.php in CMS-BRD allows remote ...)
+ TODO: check
+CVE-2008-2836 (PHP remote file inclusion vulnerability in send_reminders.php in ...)
+ TODO: check
+CVE-2008-2835 (SQL injection vulnerability in cgi-bin/igsuite in IGSuite 3.2.4 allows ...)
+ TODO: check
+CVE-2008-2834 (SQL injection vulnerability in projects.php in Scientific Image ...)
+ TODO: check
+CVE-2008-2833 (admin/upload.php in le.cms 1.4 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2008-2832 (Unrestricted file upload vulnerability in calendar_admin.asp in Full ...)
+ TODO: check
+CVE-2008-2831
+ RESERVED
+CVE-2008-2830 (ARDAgent in Apple Mac OS X 10.4 and 10.5 allows local users to gain ...)
+ TODO: check
+CVE-2008-2829 (php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete ...)
+ TODO: check
+CVE-2008-2826
+ RESERVED
+CVE-2008-2825 (Cross-site scripting (XSS) vulnerability in the embedded Web Server in ...)
+ TODO: check
+CVE-2008-2824 (Unspecified vulnerability in the Extensible Interface Platform in Web ...)
+ TODO: check
+CVE-2008-2823 (SQL injection vulnerability in newsarchive.php in PHPeasyblog ...)
+ TODO: check
+CVE-2008-2822 (Multiple directory traversal vulnerabilities in the FTP client in ...)
+ TODO: check
+CVE-2008-2821 (Directory traversal vulnerability in the FTP client in Glub Tech ...)
+ TODO: check
+CVE-2008-2820 (Directory traversal vulnerability in lang/lang-system.php in Open ...)
+ TODO: check
+CVE-2008-2819 (SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and ...)
+ TODO: check
+CVE-2008-2818 (Directory traversal vulnerability in Easy-Clanpage 3.0 b1 allows ...)
+ TODO: check
+CVE-2008-2817 (SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 ...)
+ TODO: check
+CVE-2008-2816 (SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin ...)
+ TODO: check
+CVE-2008-2815 (SQL injection vulnerability in shopping/index.php in MyMarket 1.72 ...)
+ TODO: check
+CVE-2008-2814 (Cross-site scripting (XSS) vulnerability in WallCity-Server Shoutcast ...)
+ TODO: check
+CVE-2008-2813 (Directory traversal vulnerability in index.php in WallCity-Server ...)
+ TODO: check
+CVE-2008-2812
+ RESERVED
+CVE-2008-2811
+ RESERVED
+CVE-2008-2810
+ RESERVED
+CVE-2008-2809
+ RESERVED
+CVE-2008-2808
+ RESERVED
+CVE-2008-2807
+ RESERVED
+CVE-2008-2806
+ RESERVED
+CVE-2008-2805
+ RESERVED
+CVE-2008-2804
+ RESERVED
+CVE-2008-2803
+ RESERVED
+CVE-2008-2802
+ RESERVED
+CVE-2008-2801
+ RESERVED
+CVE-2008-2800
+ RESERVED
+CVE-2008-2799
+ RESERVED
+CVE-2008-2798
+ RESERVED
+CVE-2008-2797 (Cross-site scripting (XSS) vulnerability in MainLayout.do in ...)
+ TODO: check
+CVE-2008-2796 (SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote ...)
+ TODO: check
+CVE-2008-2795 (Directory traversal vulnerability in the FTP and SFTP clients in IDM ...)
+ TODO: check
+CVE-2008-2794 (Unspecified vulnerability in the GUI in Symantec Altiris Notification ...)
+ TODO: check
+CVE-2008-2793 (SQL injection vulnerability in group_posts.php in ClipShare before ...)
+ TODO: check
+CVE-2008-2792 (SQL injection vulnerability in index.php in eroCMS 1.4 and earlier ...)
+ TODO: check
+CVE-2008-2791 (SQL injection vulnerability in product.detail.php in Kalptaru Infotech ...)
+ TODO: check
+CVE-2008-2790 (SQL injection vulnerability in detail.php in MountainGrafix easyTrade ...)
+ TODO: check
+CVE-2008-2789 (SQL injection vulnerability in pages/index.php in BASIC-CMS allows ...)
+ TODO: check
+CVE-2008-2788 (Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan ...)
+ TODO: check
+CVE-2008-2787 (Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan ...)
+ TODO: check
CVE-2008-XXXX [phpMyAdmin PMASA-2008-4 XSS]
- phpmyadmin 4:2.11.7~rc2-1 (unimportant)
NOTE: We haven't supported installations with register_globals enabled since a long time
-CVE-2008-2827 [rmtree() function follows symlinks and changes permissions]
+CVE-2008-2827 (The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly ...)
{DTSA-142-1}
- perl 5.10.0-11 (bug #487319; medium)
[etch] - perl <not-affected> (doesn't change link target permissions)
NOTE: affects other packages like debsums, see bugreport
NOTE: CVE id requested
-CVE-2008-2828 [tmsnc buffer overflow in UBX handling]
+CVE-2008-2828 (Stack-based buffer overflow in tmsnc allows remote attackers to cause ...)
- tmsnc 0.3.2-1.1 (low; bug #487222)
CVE-2008-2786 (Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack ...)
TODO: check
@@ -132,12 +238,10 @@
RESERVED
CVE-2008-2727
RESERVED
-CVE-2008-2726 [integer overflow in rb_ary_splice()]
- RESERVED
+CVE-2008-2726 (Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and ...)
- ruby1.9 1.9.0.2-1
- ruby1.8 1.8.7.22-1
-CVE-2008-2725 [integer overflow in rb_ary_splice()]
- RESERVED
+CVE-2008-2725 (Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and ...)
- ruby1.9 1.9.0.2-1
- ruby1.8 1.8.7.22-1
CVE-2008-2718 (Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 ...)
@@ -272,24 +376,19 @@
NOT-FOR-US: yBlog
CVE-2008-2668 (Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 ...)
NOT-FOR-US: yBlog
-CVE-2008-2666 [php ftok() safe mode bypass]
- RESERVED
+CVE-2008-2666 (Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier ...)
- php5 <unfixed> (unimportant)
NOTE: safe mode not supported
-CVE-2008-2665 [php posix_access() safe mode bypass]
- RESERVED
+CVE-2008-2665 (Directory traversal vulnerability in the posix_access function in PHP ...)
- php5 <unfixed> (unimportant)
NOTE: safe mode not supported
-CVE-2008-2664 [unsafe use of alloca in rb_str_format()]
- RESERVED
+CVE-2008-2664 (The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before ...)
- ruby1.9 1.9.0.2-1
- ruby1.8 1.8.7.22-1
-CVE-2008-2663 [integer overflows in rb_ary_store()]
- RESERVED
+CVE-2008-2663 (Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 ...)
- ruby1.9 1.9.0.2-1
- ruby1.8 1.8.7.22-1
-CVE-2008-2662 [Integer overflows in rb_str_buf_append()]
- RESERVED
+CVE-2008-2662 (Multiple integer overflows in the rb_str_buf_append function in Ruby ...)
- ruby1.9 1.9.0.2-1
- ruby1.8 1.8.7.22-1
CVE-2008-2661
@@ -539,7 +638,7 @@
NOT-FOR-US: NASA Ames Research Center BigView
CVE-2008-2541 (Multiple stack-based buffer overflows in the HTTP Gateway Service ...)
NOT-FOR-US: CA eTrust
-CVE-2008-2540 (Apple Safari does not prompt the user before downloading an object ...)
+CVE-2008-2540 (Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt ...)
NOT-FOR-US: Apple Safari
CVE-2008-2539 (The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 ...)
NOT-FOR-US: Sun Solaris 8
@@ -763,8 +862,8 @@
RESERVED
CVE-2008-2428 (Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic ...)
TODO: check
-CVE-2008-2427
- RESERVED
+CVE-2008-2427 (Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView ...)
+ TODO: check
CVE-2008-2426 (Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 ...)
{DSA-1594-1}
- imlib2 1.4.0-1.1 (medium; bug #483816)
@@ -1023,10 +1122,10 @@
RESERVED
CVE-2008-2308
RESERVED
-CVE-2008-2307
- RESERVED
-CVE-2008-2306
- RESERVED
+CVE-2008-2307 (Unspecified vulnerability in WebKit in Apple Safari before 3.1.2 on ...)
+ TODO: check
+CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret the ...)
+ TODO: check
CVE-2008-2305
RESERVED
CVE-2008-2304
@@ -1815,8 +1914,7 @@
NOT-FOR-US: Web Calendar Pro
CVE-2008-1953 (Cross-site scripting (XSS) vulnerability in the Sitedesigner before ...)
NOT-FOR-US: Sitedesigner
-CVE-2008-1952
- RESERVED
+CVE-2008-1952 (The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in ...)
- xen-3 <unfixed> (high; bug #487095)
- xen-unstable <not-affected> (Vulnerable code not present, introduced in changeset 17630)
TODO: check that next upload includes changes until changeset 17643 or higher
@@ -1964,7 +2062,7 @@
NOT-FOR-US: W2B Online Banking
CVE-2008-1892 (Cross-site scripting (XSS) vulnerability in bs_auth.php in ...)
NOT-FOR-US: Blogator-script
-CVE-2008-1891 (Directory traversal vulnerability in WEBrick in Ruby 1.9.0 and ...)
+CVE-2008-1891 (Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and ...)
- ruby1.8 1.9.0.1-1 (unimportant)
- ruby1.9 <unfixed> (unimportant)
NOTE: corner-case only exploitable if web application is run on windows fs
@@ -12511,7 +12609,7 @@
[etch] - linux-2.6 <not-affected> (Introduced in 2.6.20)
CVE-2007-4566 (Multiple buffer overflows in the login mechanism in sidvault in Alpha ...)
NOT-FOR-US: SIDVault
-CVE-2007-4565 (fetchmail before 6.3.9 allows context-dependent attackers to cause a ...)
+CVE-2007-4565 (sink.c in fetchmail before 6.3.9 allows context-dependent attackers to ...)
{DSA-1377-2}
- fetchmail 6.3.8-8 (bug #440006; low)
[etch] - fetchmail <no-dsa> (Hardly a security problem)
More information about the Secure-testing-commits
mailing list