[Secure-testing-commits] r10481 - data/CVE

atomo64-guest at alioth.debian.org atomo64-guest at alioth.debian.org
Tue Nov 25 03:03:00 UTC 2008 

Author: atomo64-guest
Date: 2008-11-25 03:02:59 +0000 (Tue, 25 Nov 2008)
New Revision: 10481

Modified:
   data/CVE/list
Log:
NFUs and new gallery issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-11-24 21:36:53 UTC (rev 10480)
+++ data/CVE/list	2008-11-25 03:02:59 UTC (rev 10481)
@@ -1,39 +1,42 @@
+CVE-2008-XXXX [gallery: cookie handling security bypass vulnerability]
+	- gallery <unfixed> (bug #506824)
+	[etch] - gallery <not-affected> (vulnerable code introduced in 1.5.8-svn-b34)
 CVE-2008-5207 (Multiple directory traversal vulnerabilities in Jonascms 1.2 allow ...)
-	TODO: check
+	NOT-FOR-US: Jonascms
 CVE-2008-5206 (PHP remote file inclusion vulnerability in modules/mod_mainmenu.php in ...)
-	TODO: check
+	NOT-FOR-US: MosXML
 CVE-2008-5205 (Cross-site scripting (XSS) vulnerability in edit.php in wellyblog ...)
-	TODO: check
+	NOT-FOR-US: wellyblog
 CVE-2008-5204 (Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, ...)
-	TODO: check
+	NOT-FOR-US: PowerAward
 CVE-2008-5203 (Cross-site scripting (XSS) vulnerability in external_vote.php in ...)
-	TODO: check
+	NOT-FOR-US: PowerAward
 CVE-2008-5202 (Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS ...)
-	TODO: check
+	NOT-FOR-US: OTManager CMS
 CVE-2008-5201 (Directory traversal vulnerability in index.php in OTManager CMS 24a ...)
-	TODO: check
+	NOT-FOR-US: OTManager CMS
 CVE-2008-5200 (SQL injection vulnerability in the Xe webtv (com_xewebtv) component ...)
-	TODO: check
+	NOT-FOR-US: Xe webtv
 CVE-2008-5199 (PHP remote file inclusion vulnerability in include.php in ...)
-	TODO: check
+	NOT-FOR-US: PHPOutsourcing IdeaBox
 CVE-2008-5198 (SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 ...)
-	TODO: check
+	NOT-FOR-US: Acmlmboard
 CVE-2008-5197 (SQL injection vulnerability in classifieds.php in PHP-Fusion allows ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2008-5196 (SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 ...)
-	TODO: check
+	NOT-FOR-US: Kroax
 CVE-2008-5195 (Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow ...)
-	TODO: check
+	NOT-FOR-US: SebracCMS
 CVE-2008-5194 (SQL injection vulnerability in checkavail.php in SoftVisions Software ...)
-	TODO: check
+	NOT-FOR-US: SoftVisions Software Online Booking Manager
 CVE-2008-5193 (Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 ...)
-	TODO: check
+	NOT-FOR-US: W1L3D4 Philboard
 CVE-2008-5192 (SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and ...)
-	TODO: check
+	NOT-FOR-US: W1L3D4 Philboard
 CVE-2008-5191 (Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote ...)
-	TODO: check
+	NOT-FOR-US: SePortal
 CVE-2008-5190 (SQL injection vulnerability in index.php in eSHOP100 allows remote ...)
-	TODO: check
+	NOT-FOR-US: eSHOP100
 CVE-2008-XXXX [DoS caused by sending a SMTP request with large content]
 	- wireshark <unfixed> (low; bug #506741)
 	NOTE: CVE id requested

More information about the Secure-testing-commits mailing list