[Secure-testing-commits] r8663 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Thu May 1 21:14:17 UTC 2008
Author: joeyh
Date: 2008-05-01 21:14:15 +0000 (Thu, 01 May 2008)
New Revision: 8663
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-05-01 21:08:33 UTC (rev 8662)
+++ data/CVE/list 2008-05-01 21:14:15 UTC (rev 8663)
@@ -1,3 +1,169 @@
+CVE-2008-2042
+ RESERVED
+CVE-2008-2039
+ RESERVED
+CVE-2008-2038 (Multiple SQL injection vulnerabilities in admin/adminindex.php in ...)
+ TODO: check
+CVE-2008-2037 (Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts ...)
+ TODO: check
+CVE-2008-2036 (SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 ...)
+ TODO: check
+CVE-2008-2035 (Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) ...)
+ TODO: check
+CVE-2008-2034 (SQL injection vulnerability in wp-download_monitor/download.php in the ...)
+ TODO: check
+CVE-2008-2033 (Multiple unspecified vulnerabilities in ZoneMinder before 1.23.3 allow ...)
+ TODO: check
+CVE-2008-2032 (The FTP service in Acritum Femitter Server 1.03 allows remote ...)
+ TODO: check
+CVE-2008-2031 (VicFTPS 5.0 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2008-2030 (Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 ...)
+ TODO: check
+CVE-2008-2029 (Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) ...)
+ TODO: check
+CVE-2008-2028 (miniBB 2.2, and possibly earlier, when register_globals is enabled, ...)
+ TODO: check
+CVE-2008-2027 (Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA ...)
+ TODO: check
+CVE-2008-2026 (Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in ...)
+ TODO: check
+CVE-2008-2025
+ RESERVED
+CVE-2008-2024 (Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, ...)
+ TODO: check
+CVE-2008-2023 (Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 ...)
+ TODO: check
+CVE-2008-2022 (Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software ...)
+ TODO: check
+CVE-2008-2021 (Heap-based buffer overflow in Lhaplus before 1.57 allows remote ...)
+ TODO: check
+CVE-2008-2020 (The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 ...)
+ TODO: check
+CVE-2008-2019 (Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly ...)
+ TODO: check
+CVE-2008-2018 (The AssignUser function in template.class.php in PHPizabi 0.848b C1 ...)
+ TODO: check
+CVE-2008-2017 (Directory traversal vulnerability in Chilek Content Management System ...)
+ TODO: check
+CVE-2008-2016 (PHP remote file inclusion vulnerability in Chilek Content Management ...)
+ TODO: check
+CVE-2008-2015 (Multiple absolute path traversal vulnerabilities in certain ActiveX ...)
+ TODO: check
+CVE-2008-2014 (Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2008-2013 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 ...)
+ TODO: check
+CVE-2008-2012 (SQL injection vulnerability in index.php in the PostSchedule 1.0 ...)
+ TODO: check
+CVE-2008-2011 (Cross-site scripting (XSS) vulnerability in the National Rail ...)
+ TODO: check
+CVE-2008-2010 (Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 ...)
+ TODO: check
+CVE-2008-2009
+ RESERVED
+CVE-2008-2008 (Buffer overflow in the Display Names message feature in Cerulean ...)
+ TODO: check
+CVE-2008-2007
+ RESERVED
+CVE-2008-2006
+ RESERVED
+CVE-2008-2005
+ RESERVED
+CVE-2008-2004
+ RESERVED
+CVE-2008-2003 (BadBlue 2.72 Personal Edition stores multiple programs in the web ...)
+ TODO: check
+CVE-2008-2002 (Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola ...)
+ TODO: check
+CVE-2008-2001 (Apple Safari 3.1.1 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2008-2000 (Unspecified vulnerability in Apple Safari 3.1.1 allows remote ...)
+ TODO: check
+CVE-2008-1999 (Apple Safari 3.1.1 allows remote attackers to spoof the address bar by ...)
+ TODO: check
+CVE-2008-1998 (The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, ...)
+ TODO: check
+CVE-2008-1997 (Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 ...)
+ TODO: check
+CVE-2008-1996 (licq before 1.3.6 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2008-1995 (Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a ...)
+ TODO: check
+CVE-2008-1994 (Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and ...)
+ TODO: check
+CVE-2008-1993 (Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, ...)
+ TODO: check
+CVE-2008-1992 (Acidcat CMS 3.4.1 does not properly restrict access to (1) ...)
+ TODO: check
+CVE-2008-1991 (Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in ...)
+ TODO: check
+CVE-2008-1990 (Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow ...)
+ TODO: check
+CVE-2008-1989 (PHP remote file inclusion vulnerability in 123flashchat.php in the 123 ...)
+ TODO: check
+CVE-2008-1988 (Unrestricted file upload vulnerability in the file_upload function in ...)
+ TODO: check
+CVE-2008-1987 (Cross-site scripting (XSS) vulnerability in search.php in ...)
+ TODO: check
+CVE-2008-1986 (Cross-site scripting (XSS) vulnerability in liste_article.php in Blog ...)
+ TODO: check
+CVE-2008-1985 (Cross-site scripting (XSS) vulnerability in base.php in DigitalHive ...)
+ TODO: check
+CVE-2008-1984 (The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure ...)
+ TODO: check
+CVE-2008-1983 (Cross-site scripting (XSS) vulnerability in Advanced Electron Forum ...)
+ TODO: check
+CVE-2008-1982 (SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) ...)
+ TODO: check
+CVE-2008-1981 (Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x ...)
+ TODO: check
+CVE-2008-1980 (Cross-site scripting (XSS) vulnerability in E-Publish 5.x before ...)
+ TODO: check
+CVE-2008-1979 (The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and ...)
+ TODO: check
+CVE-2008-1978 (Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before ...)
+ TODO: check
+CVE-2008-1977 (Cross-site request forgery (CSRF) vulnerability in the ...)
+ TODO: check
+CVE-2008-1976 (Multiple cross-site scripting (XSS) vulnerabilities in the Drupal ...)
+ TODO: check
+CVE-2008-1975 (SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote ...)
+ TODO: check
+CVE-2008-1973 (Heap-based buffer overflow in SubEdit Player build 4056 and 4066 ...)
+ TODO: check
+CVE-2008-1972 (Multiple cross-site scripting (XSS) vulnerabilities in the user ...)
+ TODO: check
+CVE-2008-1971 (phShoutBox Final 1.5 and earlier only checks passwords when specified ...)
+ TODO: check
+CVE-2008-1970 (muCommander before 0.8.2 stores credentials.xml with insecure ...)
+ TODO: check
+CVE-2008-1969 (Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 ...)
+ TODO: check
+CVE-2008-1968 (Multiple SQL injection vulnerabilities in Cezanne 7 allow remote ...)
+ TODO: check
+CVE-2008-1967 (Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in ...)
+ TODO: check
+CVE-2008-1966 (IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows ...)
+ TODO: check
+CVE-2008-1965 (Argument injection vulnerability in the cai: URI handler in ...)
+ TODO: check
+CVE-2008-1964 (** DISPUTED ** ...)
+ TODO: check
+CVE-2008-1963 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
+ TODO: check
+CVE-2008-1962 (Multiple directory traversal vulnerabilities in Aterr 0.9.1 allow ...)
+ TODO: check
+CVE-2008-1961 (SQL injection vulnerability in index.php in Voice Of Web AllMyGuests ...)
+ TODO: check
+CVE-2008-1960 (Cross-site scripting (XSS) vulnerability in cgi-bin/contray/search.cgi ...)
+ TODO: check
+CVE-2008-1959 (Stack-based buffer overflow in the get_remote_video_port_media ...)
+ TODO: check
+CVE-2008-1958 (Unrestricted file upload vulnerability in the ajout_cat mode in ...)
+ TODO: check
+CVE-2008-1957 (SQL injection vulnerability in news.php in Tr Script News 2.1 allows ...)
+ TODO: check
CVE-2008-XXXX [privilege escalation in wordpress]
- wordpress 2.2.3-1
NOTE: CVE id requested
@@ -3,10 +169,10 @@
NOTE: http://trac.wordpress.org/ticket/4748
NOTE: fixed in DSA-1564-1
-CVE-2008-2040 [peercast buffer overflow in HTTP::getAuthUserPass]
+CVE-2008-2040 (Stack-based buffer overflow in the HTTP::getAuthUserPass function ...)
- peercast <unfixed> (medium; bug #478573)
- gnome-peercast <removed>
NOTE: CVE id requested
NOTE: etch version tested with PoC, affected
-CVE-2008-1974 [XSS in addevent.php]
+CVE-2008-1974 (Cross-site scripting (XSS) vulnerability in addevent.php in Horde ...)
{DSA-1560-1}
- kronolith2 2.1.8-1
@@ -90,8 +256,7 @@
TODO: check
CVE-2008-1915 (SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0 allows ...)
TODO: check
-CVE-2008-1930 [wordpress integrity protection vulnerability]
- RESERVED
+CVE-2008-1930 (The cookie authentication method in WordPress 2.5 relies on a hash of ...)
- wordpress 2.5.1-1 (medium; bug #477910)
NOTE: only exploitable in blogs that allow user registering
[etch] - wordpress <not-affected> (Vulnerable code was introduced in 2.5)
@@ -142,6 +307,7 @@
CVE-2008-1898 (WkImgSrv.dll 7.03.0616 in Microsoft Works 7 allows remote attackers to ...)
NOT-FOR-US: Microsoft Works
CVE-2008-1897 (The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, ...)
+ {DSA-1563-1}
- asterisk 1:1.4.19.1~dfsg-1 (medium)
CVE-2008-1896 (Multiple cross-site scripting (XSS) vulnerabilities in Carbon ...)
NOT-FOR-US: Carbon Communities
@@ -184,7 +350,7 @@
- iceweasel <unfixed> (unimportant)
NOTE: browser dos not treated as security issues
NOTE: cant reproduce on 2.0.0.12-1 and 2.0.0.14-2, already fixed?
-CVE-2008-2041 [unspecified egroupware issue]
+CVE-2008-2041 (Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have ...)
- egroupware <unfixed> (bug #476977)
TODO: request CVE id
CVE-2008-1876 (PHP remote file inclusion vulnerability in index.php in VisualPic ...)
@@ -476,14 +642,14 @@
RESERVED
CVE-2008-1739
RESERVED
-CVE-2008-1738
- RESERVED
-CVE-2008-1737
- RESERVED
-CVE-2008-1736
- RESERVED
-CVE-2008-1735
- RESERVED
+CVE-2008-1738 (Rising Antivirus 2008 before 20.38.20 allows local users to cause a ...)
+ TODO: check
+CVE-2008-1737 (Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime ...)
+ TODO: check
+CVE-2008-1736 (Comodo Firewall Pro before 3.0 does not properly validate certain ...)
+ TODO: check
+CVE-2008-1735 (BitDefender Antivirus 2008 20080118 and earlier allows local users to ...)
+ TODO: check
CVE-2008-1734 (Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux ...)
NOT-FOR-US: PHP Toolkit (Gentoo specific)
CVE-2008-1733 (SQL injection vulnerability in puarcade.class.php 2.2 and earlier in ...)
@@ -640,12 +806,10 @@
RESERVED
CVE-2008-1672
RESERVED
-CVE-2008-1671 [start_kdeinit multiple vulnerabilities]
- RESERVED
+CVE-2008-1671 (start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, ...)
- kdelibs 4:3.5.9.dfsg.1-4 (low; bug #478024)
NOTE: unimportant, opinions?
-CVE-2008-1670
- RESERVED
+CVE-2008-1670 (Heap-based buffer overflow in the progressive PNG Image loader ...)
- kdelibs <not-affected> (Vulnerable code introduce in kde 4.0)
- kde4libs 4:4.0.72-1 (bug #478283)
CVE-2008-1669
@@ -1292,7 +1456,7 @@
CVE-2008-1381
RESERVED
CVE-2008-1380 (The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird ...)
- {DSA-1558-1 DSA-1555-1}
+ {DSA-1562-1 DSA-1558-1 DSA-1555-1}
- iceweasel 2.0.0.14-1
- icedove <unfixed>
- iceape 1.1.9-2
@@ -1912,8 +2076,7 @@
[sarge] - dovecot <not-affected> (Vulnerable code not present)
NOTE: exploitable through code introduced in 1.0.11
NOTE: http://www.dovecot.org/list/dovecot-news/2008-March/000064.html
-CVE-2008-1293 [ldm information disclosure]
- RESERVED
+CVE-2008-1293 (ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 pass the -ac ...)
{DSA-1561-1 DTSA-118-1}
- ldm 2:0.1~bzr20080308-1 (bug #469462)
- ltsp 5.0.40~bzr20071229-1
@@ -1987,8 +2150,8 @@
RESERVED
CVE-2008-1104
RESERVED
-CVE-2008-1103
- RESERVED
+CVE-2008-1103 (Multiple unspecified vulnerabilities in Blender have unknown impact ...)
+ TODO: check
CVE-2008-1102 (Stack-based buffer overflow in the imb_loadhdr function in Blender ...)
- blender 2.45-5 (medium; bug #477808)
CVE-2008-1101 (Buffer overflow in kvdocve.dll in the KeyView document viewing engine ...)
@@ -2840,8 +3003,8 @@
NOT-FOR-US: Mihalism Multi Host
CVE-2008-0713
RESERVED
-CVE-2008-0712
- RESERVED
+CVE-2008-0712 (Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ...)
+ TODO: check
CVE-2008-0711 (Unspecified vulnerability in the embedded management console in HP ...)
NOT-FOR-US: HP iLO-2 management processors
CVE-2008-0710
@@ -2866,7 +3029,7 @@
NOT-FOR-US: Magnolia CE
CVE-2008-0700 (Cross-site scripting (XSS) vulnerability in search.php in Crux ...)
NOT-FOR-US: CruxCMS
-CVE-2008-0699 (Unspecified vulnerability in SYSPROC.ADMIN_SP_C in IBM DB2 UDB before ...)
+CVE-2008-0699 (Unspecified vulnerability in the ADMIN_SP_C procedure ...)
NOT-FOR-US: IBM DB2
CVE-2008-0698 (Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 ...)
NOT-FOR-US: IBM DB2
@@ -3564,7 +3727,7 @@
{DSA-1510-1}
- ghostscript 8.61.dfsg.1-1.1 (medium; bug #468190)
CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 ...)
- {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1565-1}
+ {DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1}
- linux-2.6 <unfixed>
CVE-2008-XXXX [exempi buffer overflow in GIF ReadHeader() function]
- exempi 1.99.7-1 (bug #454297)
@@ -5618,7 +5781,7 @@
{DSA-1476-1}
- pulseaudio 0.9.9-1
CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that ...)
- {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1565-1}
+ {DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1}
- linux-2.6 2.6.24-4
CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont ...)
{DSA-1466-2 DTSA-110-1}
@@ -11528,8 +11691,10 @@
CVE-2007-4155 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
- vmware-package 0.16
CVE-2007-4154 (SQL injection vulnerability in options.php in WordPress 2.2.1 allows ...)
+ {DSA-1564-1}
- wordpress 2.2.2-1
CVE-2007-4153 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 ...)
+ {DSA-1564-1}
- wordpress 2.2.2-1 (low)
NOTE: see issue 4690 and 4691 in wordpress trac
CVE-2007-4152 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...)
@@ -12770,6 +12935,7 @@
CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent ...)
NOT-FOR-US: Adobe Apollo
CVE-2007-3639 (WordPress before 2.2.2 allows remote attackers to redirect visitors to ...)
+ {DSA-1564-1}
- wordpress 2.2.2-1
CVE-2007-3638 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote ...)
NOT-FOR-US: Yahoo! Messenger
@@ -20657,6 +20823,7 @@
{DTSA-33-1}
- wordpress 2.1.0-1 (low)
CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service ...)
+ {DSA-1564-1}
- wordpress 2.1.0-1 (low)
CVE-2007-0539 (The wp_remote_fopen function in WordPress before 2.1 allows remote ...)
{DTSA-33-1}
More information about the Secure-testing-commits
mailing list