[Secure-testing-commits] r8858 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed May 21 09:14:19 UTC 2008
Author: joeyh
Date: 2008-05-21 09:14:15 +0000 (Wed, 21 May 2008)
New Revision: 8858
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-05-21 08:30:08 UTC (rev 8857)
+++ data/CVE/list 2008-05-21 09:14:15 UTC (rev 8858)
@@ -1,3 +1,239 @@
+CVE-2008-2398 (Cross-site scripting (XSS) vulnerability in index.php in AppServ Open ...)
+ TODO: check
+CVE-2008-2397 (Cross-site scripting (XSS) vulnerability in search-results.dot in ...)
+ TODO: check
+CVE-2008-2396 (PHP remote file inclusion vulnerability in index.php in Wajox Software ...)
+ TODO: check
+CVE-2008-2395 (SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00 beta ...)
+ TODO: check
+CVE-2008-2394 (Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow ...)
+ TODO: check
+CVE-2008-2393 (SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 ...)
+ TODO: check
+CVE-2008-2392 (Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier ...)
+ TODO: check
+CVE-2008-2391 (SubSonic allows remote attackers to bypass pagesize limits and cause a ...)
+ TODO: check
+CVE-2008-2390 (Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ...)
+ TODO: check
+CVE-2008-2389
+ RESERVED
+CVE-2008-2388
+ RESERVED
+CVE-2008-2387
+ RESERVED
+CVE-2008-2386
+ RESERVED
+CVE-2008-2385
+ RESERVED
+CVE-2008-2384
+ RESERVED
+CVE-2008-2383
+ RESERVED
+CVE-2008-2382
+ RESERVED
+CVE-2008-2381
+ RESERVED
+CVE-2008-2380
+ RESERVED
+CVE-2008-2379
+ RESERVED
+CVE-2008-2378
+ RESERVED
+CVE-2008-2377
+ RESERVED
+CVE-2008-2376
+ RESERVED
+CVE-2008-2375
+ RESERVED
+CVE-2008-2374
+ RESERVED
+CVE-2008-2373
+ RESERVED
+CVE-2008-2372
+ RESERVED
+CVE-2008-2371
+ RESERVED
+CVE-2008-2370
+ RESERVED
+CVE-2008-2369
+ RESERVED
+CVE-2008-2368
+ RESERVED
+CVE-2008-2367
+ RESERVED
+CVE-2008-2366
+ RESERVED
+CVE-2008-2365
+ RESERVED
+CVE-2008-2364
+ RESERVED
+CVE-2008-2363
+ RESERVED
+CVE-2008-2362
+ RESERVED
+CVE-2008-2361
+ RESERVED
+CVE-2008-2360
+ RESERVED
+CVE-2008-2359
+ RESERVED
+CVE-2008-2358
+ RESERVED
+CVE-2008-2357 (Stack-based buffer overflow in the split_redraw function in split.c in ...)
+ TODO: check
+CVE-2008-2356 (SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 ...)
+ TODO: check
+CVE-2008-2355 (Directory traversal vulnerability in index.php in WR-Meeting 1.0, when ...)
+ TODO: check
+CVE-2008-2354 (Unspecified vulnerability in the data export function in testMaker ...)
+ TODO: check
+CVE-2008-2353 (Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 ...)
+ TODO: check
+CVE-2008-2352 (Directory traversal vulnerability in index.php in Smeego 1.0, when ...)
+ TODO: check
+CVE-2008-2351 (Multiple SQL injection vulnerabilities in index.php in CMS ...)
+ TODO: check
+CVE-2008-2350 (Directory traversal vulnerability in highlight.php in bcoos 1.0.9 ...)
+ TODO: check
+CVE-2008-2349 (Zomplog 3.8.2 and earlier allows remote attackers to gain ...)
+ TODO: check
+CVE-2008-2348 (MeltingIce File System 1.0 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-2347 (MyPicGallery 1.0 allows remote attackers to bypass application ...)
+ TODO: check
+CVE-2008-2346 (AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-2345 (Unspecified vulnerability in the air_filemanager 0.6.0 and earlier ...)
+ TODO: check
+CVE-2008-2344 (Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 ...)
+ TODO: check
+CVE-2008-2343 (News Manager 2.0 allows remote attackers to bypass restrictions and ...)
+ TODO: check
+CVE-2008-2342 (Directory traversal vulnerability in attachments.php in News Manager ...)
+ TODO: check
+CVE-2008-2341 (PHP remote file inclusion vulnerability in ch_readalso.php in News ...)
+ TODO: check
+CVE-2008-2340 (Multiple SQL injection vulnerabilities in News Manager 2.0 allow ...)
+ TODO: check
+CVE-2008-2339 (SQL injection vulnerability in index.php in Turnkey Web Tools SunShop ...)
+ TODO: check
+CVE-2008-2338 (Interspire ActiveKB 1.5 and earlier allows remote attackers to gain ...)
+ TODO: check
+CVE-2008-2337 (Multiple SQL injection vulnerabilities in IMGallery 2.5, when ...)
+ TODO: check
+CVE-2008-2336 (SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 ...)
+ TODO: check
+CVE-2008-2335 (Cross-site scripting (XSS) vulnerability in search_results.php in ...)
+ TODO: check
+CVE-2008-2334 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5 allow ...)
+ TODO: check
+CVE-2008-2333
+ RESERVED
+CVE-2008-2332
+ RESERVED
+CVE-2008-2331
+ RESERVED
+CVE-2008-2330
+ RESERVED
+CVE-2008-2329
+ RESERVED
+CVE-2008-2328
+ RESERVED
+CVE-2008-2327
+ RESERVED
+CVE-2008-2326
+ RESERVED
+CVE-2008-2325
+ RESERVED
+CVE-2008-2324
+ RESERVED
+CVE-2008-2323
+ RESERVED
+CVE-2008-2322
+ RESERVED
+CVE-2008-2321
+ RESERVED
+CVE-2008-2320
+ RESERVED
+CVE-2008-2319
+ RESERVED
+CVE-2008-2318
+ RESERVED
+CVE-2008-2317
+ RESERVED
+CVE-2008-2316
+ RESERVED
+CVE-2008-2315
+ RESERVED
+CVE-2008-2314
+ RESERVED
+CVE-2008-2313
+ RESERVED
+CVE-2008-2312
+ RESERVED
+CVE-2008-2311
+ RESERVED
+CVE-2008-2310
+ RESERVED
+CVE-2008-2309
+ RESERVED
+CVE-2008-2308
+ RESERVED
+CVE-2008-2307
+ RESERVED
+CVE-2008-2306
+ RESERVED
+CVE-2008-2305
+ RESERVED
+CVE-2008-2304
+ RESERVED
+CVE-2008-2303
+ RESERVED
+CVE-2008-2301 (SQL injection vulnerability in Kostenloses Linkmanagementscript allows ...)
+ TODO: check
+CVE-2008-2300 (Unspecified vulnerability in Citrix Presentation Server 4.5 and ...)
+ TODO: check
+CVE-2008-2299 (Unspecified vulnerability in SecureICA and ICA Basic encryption of ...)
+ TODO: check
+CVE-2008-2298 (Admin.php in Web Slider 0.6 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-2297 (The admin.php file in Rantx allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-2296 (PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in ...)
+ TODO: check
+CVE-2008-2295 (Cross-site scripting (XSS) vulnerability in rg_search.php in Rgboard ...)
+ TODO: check
+CVE-2008-2294 (Pet Grooming Management System 2.0 allows remote attackers to gain ...)
+ TODO: check
+CVE-2008-2293 (admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows ...)
+ TODO: check
+CVE-2008-2292 (Buffer overflow in the __snprint_value function in snmp_get in ...)
+ TODO: check
+CVE-2008-2291 (Unspecified vulnerability in axengine.exe in Symantec Altiris ...)
+ TODO: check
+CVE-2008-2290 (Unspecified vulnerability in the Agent user interface in Symantec ...)
+ TODO: check
+CVE-2008-2289 (Unspecified vulnerability in a tooltip element in Symantec Altiris ...)
+ TODO: check
+CVE-2008-2288 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 ...)
+ TODO: check
+CVE-2008-2287 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 ...)
+ TODO: check
+CVE-2008-2286 (SQL injection vulnerability in axengine.exe in Symantec Altiris ...)
+ TODO: check
+CVE-2008-2285 (The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not ...)
+ TODO: check
+CVE-2008-2284 (PHP remote file inclusion vulnerability in fusebox5.php in Fusebox ...)
+ TODO: check
+CVE-2008-2283 (IDAutomation allows remote attackers to overwrite arbitrary files via ...)
+ TODO: check
+CVE-2008-2282 (admin.php in Internet Photoshow and Internet Photoshow Special Edition ...)
+ TODO: check
+CVE-2008-2281 (Cross-zone scripting vulnerability in the Print Table of Links feature ...)
+ TODO: check
+CVE-2005-4875 (TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive ...)
+ TODO: check
CVE-2008-2280 (Cross-site scripting (XSS) vulnerability in admin/index.php in Script ...)
NOT-FOR-US: PHP PicEngine
CVE-2008-2279 (Freelance Auction Script 1.0 stores user passwords in plaintext in the ...)
@@ -12,7 +248,7 @@
NOT-FOR-US: sr_feuser_register extension for TYPO3
CVE-2008-2273 (Unspecified vulnerability in the TACACS authentication component in ...)
NOT-FOR-US: TACACS authentication component in Aruba Mobility Controller
-CVE-2008-2272 (Mltiple cross-site scripting (XSS) vulnerabilities in the web ...)
+CVE-2008-2272 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
NOT-FOR-US: Aruba Mobility Controller
CVE-2008-2271 (The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before ...)
NOT-FOR-US: Site Documentation Drupal module
@@ -70,10 +306,10 @@
RESERVED
CVE-2008-2243
RESERVED
-CVE-2008-2242
- RESERVED
-CVE-2008-2241
- RESERVED
+CVE-2008-2242 (Multiple buffer overflows in xdr functions in the server in CA ...)
+ TODO: check
+CVE-2008-2241 (Directory traversal vulnerability in caloggerd in CA BrightStor ...)
+ TODO: check
CVE-2008-2240
RESERVED
CVE-2008-2239
@@ -237,6 +473,7 @@
- libconvert-uulib-perl <not-affected> (Code patched by libconver-uulib upstream to use mkstemp)
NOTE: See CVE-2004-2265, where the problem occured as well
CVE-2008-2302 [Cross-site scripting (XSS) by missing escaping]
+ RESERVED
- python-django 0.96.2-1 (bug #481164; low)
CVE-2008-2162 (Cross-site scripting (XSS) vulnerability in SonicWall Email Security ...)
NOT-FOR-US: SonicWall Email Security
@@ -709,16 +946,13 @@
RESERVED
CVE-2008-1951
RESERVED
-CVE-2008-1950
- RESERVED
+CVE-2008-1950 (Integer signedness error in the _gnutls_ciphertext2compressed function ...)
{DSA-1581-1}
- gnutls13 <unfixed> (low)
-CVE-2008-1949
- RESERVED
+CVE-2008-1949 (The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in ...)
{DSA-1581-1}
- gnutls13 <unfixed> (low)
-CVE-2008-1948
- RESERVED
+CVE-2008-1948 (The _gnutls_server_name_recv_params function in lib/ext_server_name.c ...)
{DSA-1581-1}
- gnutls13 <unfixed> (medium)
CVE-2008-1947
@@ -1377,8 +1611,8 @@
RESERVED
CVE-2008-1661
RESERVED
-CVE-2008-1660
- RESERVED
+CVE-2008-1660 (Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and ...)
+ TODO: check
CVE-2008-1659 (Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 ...)
NOT-FOR-US: HP LDAP-UX
CVE-2008-1658 (Format string vulnerability in the grant helper ...)
@@ -2709,8 +2943,8 @@
RESERVED
CVE-2008-1105
RESERVED
-CVE-2008-1104
- RESERVED
+CVE-2008-1104 (Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 ...)
+ TODO: check
CVE-2008-1103 (Multiple unspecified vulnerabilities in Blender have unknown impact ...)
- blender 2.40-1 (low)
CVE-2008-1102 (Stack-based buffer overflow in the imb_loadhdr function in Blender ...)
@@ -3035,8 +3269,8 @@
RESERVED
CVE-2008-0958
RESERVED
-CVE-2008-0957
- RESERVED
+CVE-2008-0957 (Multiple stack-based buffer overflows in the PhotoStockPlus Uploader ...)
+ TODO: check
CVE-2008-0956
RESERVED
CVE-2008-0955
@@ -4872,8 +5106,7 @@
RESERVED
CVE-2008-0168
RESERVED
-CVE-2008-0167 [gforge insecure file handling]
- RESERVED
+CVE-2008-0167 (The write_array_file function in utils/include.pl in GForge 4.5.14 ...)
{DSA-1577-1}
- gforge 4.6.99+svn6496-1 (low)
NOTE: https://rt.debian.org/Ticket/Display.html?id=672
@@ -7441,7 +7674,7 @@
NOT-FOR-US: IBM AIX
CVE-2007-5804 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument ...)
NOT-FOR-US: IBM AIX
-CVE-2007-5803 (Cross-site scripting (XSS) vulnerability in Nagios allows remote ...)
+CVE-2007-5803 (Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in ...)
TODO: check
CVE-2007-5802 (Directory traversal vulnerability in index.php in Firewolf ...)
NOT-FOR-US: Firewolf Technologies Synergiser
More information about the Secure-testing-commits
mailing list