[Secure-testing-commits] r8864 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Wed May 21 21:54:27 UTC 2008
Author: nion
Date: 2008-05-21 21:54:25 +0000 (Wed, 21 May 2008)
New Revision: 8864
Modified:
data/CVE/list
Log:
a bunch of NFUs
new wordpress issue: CVE-2008-2392, poked wordpress upstream
CVE-2008-2285 fixed in openssh 1:4.7p1-10
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-05-21 21:14:20 UTC (rev 8863)
+++ data/CVE/list 2008-05-21 21:54:25 UTC (rev 8864)
@@ -11,11 +11,14 @@
CVE-2008-2393 (SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 ...)
NOT-FOR-US: EntertainmentScript
CVE-2008-2392 (Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier ...)
- TODO: check
+ - wordpress <unfixed>
+ NOTE: could not reproduce this. Anyway, wordpress security policy
+ NOTE: checks files only by extension so this should only affect misconfigured
+ NOTE: webservers. Poked wordpress upstream to get a confirmation of this vulnerability
CVE-2008-2391 (SubSonic allows remote attackers to bypass pagesize limits and cause a ...)
- TODO: check
+ NOT-FOR-US: SubSonic
CVE-2008-2390 (Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ...)
- TODO: check
+ NOT-FOR-US: HP Software Update
CVE-2008-2389
RESERVED
CVE-2008-2388
@@ -83,51 +86,51 @@
CVE-2008-2357 (Stack-based buffer overflow in the split_redraw function in split.c in ...)
- mtr 0.73-1
CVE-2008-2356 (SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 ...)
- TODO: check
+ NOT-FOR-US: Archangel Weblog
CVE-2008-2355 (Directory traversal vulnerability in index.php in WR-Meeting 1.0, when ...)
- TODO: check
+ NOT-FOR-US: WR-Meeting
CVE-2008-2354 (Unspecified vulnerability in the data export function in testMaker ...)
- TODO: check
+ NOT-FOR-US: testMaker
CVE-2008-2353 (Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 ...)
- TODO: check
+ NOT-FOR-US: GNU/Gallery
CVE-2008-2352 (Directory traversal vulnerability in index.php in Smeego 1.0, when ...)
- TODO: check
+ NOT-FOR-US: Smeego
CVE-2008-2351 (Multiple SQL injection vulnerabilities in index.php in CMS ...)
- TODO: check
+ NOT-FOR-US: WebManager-Pro
CVE-2008-2350 (Directory traversal vulnerability in highlight.php in bcoos 1.0.9 ...)
- TODO: check
+ NOT-FOR-US: bcoos
CVE-2008-2349 (Zomplog 3.8.2 and earlier allows remote attackers to gain ...)
- TODO: check
+ NOT-FOR-US: Zomplog
CVE-2008-2348 (MeltingIce File System 1.0 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: MeltingIce File System
CVE-2008-2347 (MyPicGallery 1.0 allows remote attackers to bypass application ...)
- TODO: check
+ NOT-FOR-US: MyPicGallery
CVE-2008-2346 (AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: AlkalinePHP
CVE-2008-2345 (Unspecified vulnerability in the air_filemanager 0.6.0 and earlier ...)
- TODO: check
+ NOT-FOR-US: air_filemanager extension for typo3
CVE-2008-2344 (Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 ...)
- TODO: check
+ NOT-FOR-US: air_filemanager extension for typo3
CVE-2008-2343 (News Manager 2.0 allows remote attackers to bypass restrictions and ...)
- TODO: check
+ NOT-FOR-US: News Manager
CVE-2008-2342 (Directory traversal vulnerability in attachments.php in News Manager ...)
- TODO: check
+ NOT-FOR-US: News Manager
CVE-2008-2341 (PHP remote file inclusion vulnerability in ch_readalso.php in News ...)
- TODO: check
+ NOT-FOR-US: News Manager
CVE-2008-2340 (Multiple SQL injection vulnerabilities in News Manager 2.0 allow ...)
- TODO: check
+ NOT-FOR-US: News Manager
CVE-2008-2339 (SQL injection vulnerability in index.php in Turnkey Web Tools SunShop ...)
- TODO: check
+ NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2008-2338 (Interspire ActiveKB 1.5 and earlier allows remote attackers to gain ...)
- TODO: check
+ NOT-FOR-US: Interspire ActiveKB
CVE-2008-2337 (Multiple SQL injection vulnerabilities in IMGallery 2.5, when ...)
- TODO: check
+ NOT-FOR-US: IMGallery
CVE-2008-2336 (SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 ...)
- TODO: check
+ NOT-FOR-US: 68 Classifieds
CVE-2008-2335 (Cross-site scripting (XSS) vulnerability in search_results.php in ...)
- TODO: check
+ NOT-FOR-US: Vastal I-Tech phpVID
CVE-2008-2334 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5 allow ...)
- TODO: check
+ NOT-FOR-US: W1L3D4 Philboard
CVE-2008-2333
RESERVED
CVE-2008-2332
@@ -191,47 +194,47 @@
CVE-2008-2303
RESERVED
CVE-2008-2301 (SQL injection vulnerability in Kostenloses Linkmanagementscript allows ...)
- TODO: check
+ NOT-FOR-US: Kostenloses Linkmanagementscript
CVE-2008-2300 (Unspecified vulnerability in Citrix Presentation Server 4.5 and ...)
- TODO: check
+ NOT-FOR-US: Citrix Software
CVE-2008-2299 (Unspecified vulnerability in SecureICA and ICA Basic encryption of ...)
- TODO: check
+ NOT-FOR-US: Citrix Software
CVE-2008-2298 (Admin.php in Web Slider 0.6 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Web Slider
CVE-2008-2297 (The admin.php file in Rantx allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Rantx
CVE-2008-2296 (PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in ...)
- TODO: check
+ NOT-FOR-US: Rgboard
CVE-2008-2295 (Cross-site scripting (XSS) vulnerability in rg_search.php in Rgboard ...)
- TODO: check
+ NOT-FOR-US: Rgboard
CVE-2008-2294 (Pet Grooming Management System 2.0 allows remote attackers to gain ...)
- TODO: check
+ NOT-FOR-US: Pet Grooming Management System
CVE-2008-2293 (admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows ...)
- TODO: check
+ NOT-FOR-US: Multi-Page Comment System
CVE-2008-2292 (Buffer overflow in the __snprint_value function in snmp_get in ...)
- TODO: check
+ - net-snmp <unfixed> (medium; bug #482333)
CVE-2008-2291 (Unspecified vulnerability in axengine.exe in Symantec Altiris ...)
- TODO: check
+ NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2290 (Unspecified vulnerability in the Agent user interface in Symantec ...)
- TODO: check
+ NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2289 (Unspecified vulnerability in a tooltip element in Symantec Altiris ...)
- TODO: check
+ NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2288 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 ...)
- TODO: check
+ NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2287 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 ...)
- TODO: check
+ NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2286 (SQL injection vulnerability in axengine.exe in Symantec Altiris ...)
- TODO: check
+ NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2285 (The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not ...)
- TODO: check
+ - openssh 1:4.7p1-10
CVE-2008-2284 (PHP remote file inclusion vulnerability in fusebox5.php in Fusebox ...)
- TODO: check
+ NOT-FOR-US: Fusebox
CVE-2008-2283 (IDAutomation allows remote attackers to overwrite arbitrary files via ...)
- TODO: check
+ NOT-FOR-US: IDAutomation
CVE-2008-2282 (admin.php in Internet Photoshow and Internet Photoshow Special Edition ...)
- TODO: check
+ NOT-FOR-US: Internet Photoshow
CVE-2008-2281 (Cross-zone scripting vulnerability in the Print Table of Links feature ...)
- TODO: check
+ NOT-FOR-US: Internet Explorer
CVE-2005-4875 (TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive ...)
TODO: check
CVE-2008-2280 (Cross-site scripting (XSS) vulnerability in admin/index.php in Script ...)
@@ -307,9 +310,9 @@
CVE-2008-2243
RESERVED
CVE-2008-2242 (Multiple buffer overflows in xdr functions in the server in CA ...)
- TODO: check
+ NOT-FOR-US: CA BrightStor ARCServe Backup
CVE-2008-2241 (Directory traversal vulnerability in caloggerd in CA BrightStor ...)
- TODO: check
+ NOT-FOR-US: CA BrightStor ARCServe Backup
CVE-2008-2240
RESERVED
CVE-2008-2239
More information about the Secure-testing-commits
mailing list