[Secure-testing-commits] r8455 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Mon Mar 31 12:34:31 UTC 2008


Author: nion
Date: 2008-03-31 12:34:30 +0000 (Mon, 31 Mar 2008)
New Revision: 8455

Modified:
   data/CVE/list
Log:
NFUs
cuteflow has an itp (CVE-2008-1493)
new plone3 issues CVE-2008-139[3-6]


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-03-31 11:57:00 UTC (rev 8454)
+++ data/CVE/list	2008-03-31 12:34:30 UTC (rev 8455)
@@ -73,27 +73,27 @@
 	NOTE: vulnerable code introduced later than 2.0.12.10, see: http://hg.quakenet.org/snircd/rev/1ee48bee2f20
 	NOTE: no other possible NULL ptr dereferences of p found and PoC not reproducible
 CVE-2008-1500 (Cross-site scripting (XSS) vulnerability in index.php in TinyPortal ...)
-	TODO: check
+	NOT-FOR-US: TinyPortal
 CVE-2008-1499 (Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2008-1498 (Stack-based buffer overflow in the IMAP service in NetWin Surgemail ...)
-	TODO: check
+	NOT-FOR-US: Surgemail
 CVE-2008-1497 (Stack-based buffer overflow in the IMAP service in NetWin SurgeMail ...)
-	TODO: check
+	NOT-FOR-US: Surgemail
 CVE-2008-1496 (Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and ...)
-	TODO: check
+	NOT-FOR-US: PEEL
 CVE-2008-1495 (Unrestricted file upload vulnerability in administrer/produits.php in ...)
-	TODO: check
+	NOT-FOR-US: PEEL
 CVE-2008-1494 (SQL injection vulnerability in inc/module/online.php in Easy-Clanpage ...)
-	TODO: check
+	NOT-FOR-US: Easy-Clanpage
 CVE-2008-1493 (Directory traversal vulnerability in login.php in Cuteflow Bin 1.5.0 ...)
-	TODO: check
+	- cuteflow <itp> (bug #465372)
 CVE-2008-1492 (Multiple directory traversal vulnerabilities in CoronaMatrix ...)
-	TODO: check
+	NOT-FOR-US: CoronaMatrix
 CVE-2008-1491 (Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ...)
-	TODO: check
+	NOT-FOR-US: ASUS Remote Console
 CVE-2008-1490 (Buffer overflow in a certain Aurigma ActiveX control in ...)
-	TODO: check
+	NOT-FOR-US: ImageUploader4
 CVE-2008-XXXX [policyd-weight tempfile race]
 	- policyd-weight 0.1.14.17-1 (low)
 	[etch] - policyd-weight 0.1.14-beta-6etch2
@@ -285,13 +285,13 @@
 CVE-2008-1397 (Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 ...)
 	NOT-FOR-US: Check Point VPN
 CVE-2008-1396 (Plone CMS 3.x uses invariant data (a client username and a server ...)
-	TODO: check
+	- plone3 <unfixed> (bug #473571)
 CVE-2008-1395 (Plone CMS does not record users' authentication states, and implements ...)
-	TODO: check
+	- plone3 <unfixed> (bug #473571)
 CVE-2008-1394 (Plone CMS before 3 places a base64 encoded form of the username and ...)
-	TODO: check
+	- plone3 <unfixed> (bug #473571)
 CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a base64 ...)
-	TODO: check
+	- plone3 <unfixed> (bug #473571)
 CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware Player ...)
 	NOT-FOR-US: Vmware
 CVE-2007-6711 (Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, ...)




More information about the Secure-testing-commits mailing list