[Secure-testing-commits] r10140 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Tue Oct 21 21:14:11 UTC 2008
Author: joeyh
Date: 2008-10-21 21:14:10 +0000 (Tue, 21 Oct 2008)
New Revision: 10140
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-10-21 11:35:20 UTC (rev 10139)
+++ data/CVE/list 2008-10-21 21:14:10 UTC (rev 10140)
@@ -1,3 +1,91 @@
+CVE-2008-4635 (Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 ...)
+ TODO: check
+CVE-2008-4634 (Cross-site scripting (XSS) vulnerability in Movable Type 4 through ...)
+ TODO: check
+CVE-2008-4633 (SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x ...)
+ TODO: check
+CVE-2008-4632 (Multiple directory traversal vulnerabilities in index.php in Kure ...)
+ TODO: check
+CVE-2008-4631 (Stack-based buffer overflow in the Message::AddToString function in ...)
+ TODO: check
+CVE-2008-4630 (Multiple unspecified vulnerabilities in Midgard Components (MidCOM) ...)
+ TODO: check
+CVE-2008-4629 (Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 ...)
+ TODO: check
+CVE-2008-4628 (SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 ...)
+ TODO: check
+CVE-2008-4627 (SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab ...)
+ TODO: check
+CVE-2008-4626 (Directory traversal vulnerability in index.php in Fritz Berger yet ...)
+ TODO: check
+CVE-2008-4625 (SQL injection vulnerability in stnl_iframe.php in the ShiftThis ...)
+ TODO: check
+CVE-2008-4624 (PHP remote file inclusion vulnerability in init.php in Fast Click SQL ...)
+ TODO: check
+CVE-2008-4623 (SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) ...)
+ TODO: check
+CVE-2008-4622 (fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to ...)
+ TODO: check
+CVE-2008-4621 (SQL injection vulnerability in bannerclick.php in ZeeScripts ...)
+ TODO: check
+CVE-2008-4620 (SQL injection vulnerability in Meeting Room Booking System (MRBS) ...)
+ TODO: check
+CVE-2008-4619 (The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2008-4618 (The Stream Control Transmission Protocol (sctp) implementation in the ...)
+ TODO: check
+CVE-2008-4617 (SQL injection vulnerability in the actualite module 1.0 for Joomla! ...)
+ TODO: check
+CVE-2008-4616 (The SpamBam plugin for WordPress allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-4615 (Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has ...)
+ TODO: check
+CVE-2008-4614 (PortalApp 4.0 does not require authentication for (1) forums.asp and ...)
+ TODO: check
+CVE-2008-4613 (SQL injection vulnerability in forums.asp in PortalApp 4.0 allows ...)
+ TODO: check
+CVE-2008-4612 (Cross-site scripting (XSS) vulnerability in PortalApp 4.0 allows ...)
+ TODO: check
+CVE-2008-4611 (SQL injection vulnerability in index.php in PHP Arsivimiz Php ...)
+ TODO: check
+CVE-2008-4610 (MPlayer allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2008-4609 (The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, ...)
+ TODO: check
+CVE-2008-4608
+ RESERVED
+CVE-2008-4607
+ RESERVED
+CVE-2008-4606 (Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow ...)
+ TODO: check
+CVE-2008-4605 (SQL injection vulnerability in CafeEngine allows remote attackers to ...)
+ TODO: check
+CVE-2008-4604 (SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows ...)
+ TODO: check
+CVE-2008-4603 (SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 ...)
+ TODO: check
+CVE-2008-4602 (Directory traversal vulnerability in index.php in Post Affiliate Pro ...)
+ TODO: check
+CVE-2008-4601 (Cross-site scripting (XSS) vulnerability in the login feature in ...)
+ TODO: check
+CVE-2008-4600 (configure.php in PokerMax Poker League Tournament Script 0.13 allows ...)
+ TODO: check
+CVE-2008-4599 (SQL injection vulnerability in category.php in Mosaic Commerce allows ...)
+ TODO: check
+CVE-2008-4598 (Unspecified vulnerability in Shindig-Integrator 5.x, a module for ...)
+ TODO: check
+CVE-2008-4597 (Shindig-Integrator 5.x, a module for Drupal, does not properly ...)
+ TODO: check
+CVE-2008-4596 (Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a ...)
+ TODO: check
+CVE-2008-4595 (Multiple unspecified vulnerabilities in Slaytanic Scripts Content Plus ...)
+ TODO: check
+CVE-2008-4594 (Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N ...)
+ TODO: check
+CVE-2008-4593 (Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled ...)
+ TODO: check
+CVE-2007-6718 (MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of ...)
+ TODO: check
CVE-2008-XXXX [vlc overflow in ty parsing]
- vlc <not-affected> (bug #502726)
NOTE: code in 0.8.6.i-2 does not have this flaw, experimental version (0.9.4 is vulnerable)
@@ -210,8 +298,8 @@
NOT-FOR-US: Novell eDirectory
CVE-2008-4478 (Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 ...)
NOT-FOR-US: Novell eDirectory
-CVE-2008-4473
- RESERVED
+CVE-2008-4473 (Multiple heap-based buffer overflows in Adobe Flash CS3 Professional ...)
+ TODO: check
CVE-2008-4502 (Multiple PHP remote file inclusion vulnerabilities in DataFeedFile ...)
NOT-FOR-US: DataFeedFile PHP Framework API
CVE-2008-4501 (Directory traversal vulnerability in the FTP server in Serv-U 7.3, and ...)
@@ -378,8 +466,8 @@
RESERVED
CVE-2008-4413
RESERVED
-CVE-2008-4412
- RESERVED
+CVE-2008-4412 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...)
+ TODO: check
CVE-2008-4411 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
NOT-FOR-US: HP System Management Homepage
CVE-2008-4410 (The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the ...)
@@ -414,8 +502,8 @@
CVE-2008-XXXX [aegis: insecure temp files]
- aegis <unfixed> (unimportant; bug #496402)
NOTE: Only present in example scripts
-CVE-2008-4401
- RESERVED
+CVE-2008-4401 (ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not ...)
+ TODO: check
CVE-2008-4400 (Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup ...)
NOT-FOR-US: CA ARCserve Backup
CVE-2008-4399 (Unspecified vulnerability in the database engine service in ...)
@@ -1701,7 +1789,7 @@
NOT-FOR-US: Sun Solaris 8
CVE-2008-3874 (Cross-site scripting (XSS) vulnerability in account.php in Lussumo ...)
NOT-FOR-US: Lussumo Vanilla
-CVE-2008-3873 (The System.setClipboard method in Adobe Flash Player allows remote ...)
+CVE-2008-3873 (The System.setClipboard method in ActionScript in Adobe Flash Player ...)
NOT-FOR-US: Adobe Flash Player
NOTE: System.setClipboard is not implemented (yet?) in gnash 0.8.3 and swfdec0.6 0.6.8
CVE-2008-3872 (Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, ...)
@@ -1830,8 +1918,7 @@
CVE-2008-3832 (A certain Fedora patch for the utrace subsystem in the Linux kernel ...)
- linux-2.6 <not-affected> (Fedora-specific patch)
- linux-2.6.24 <not-affected> (Fedora-specific patch)
-CVE-2008-3831 [kernel drm issue]
- RESERVED
+CVE-2008-3831 (The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel ...)
{DSA-1655-1}
- linux-2.6 2.6.26-9
CVE-2008-3830 (Condor before 7.0.5 does not properly handle when the configuration ...)
@@ -7204,8 +7291,8 @@
NOT-FOR-US: Eagle Software Aries Student Information System
CVE-2008-1548 (Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser ...)
NOT-FOR-US: Eagle Software Aries Student Information System
-CVE-2008-1547
- RESERVED
+CVE-2008-1547 (Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft ...)
+ TODO: check
CVE-2008-1546 (servlet/MIMEReceiveServlet in the web controller for Mitsubishi ...)
NOT-FOR-US: Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems
CVE-2008-1545 (The setRequestHeader method of the XMLHttpRequest object in Microsoft ...)
@@ -9287,7 +9374,7 @@
NOT-FOR-US: iTechClassifieds
CVE-2008-0684 (Cross-site scripting (XSS) vulnerability in ViewCat.php in ...)
NOT-FOR-US: iTechClassifieds
-CVE-2008-0683 (SQL injection vulnerability in shiftthis-preview.php in the ...)
+CVE-2008-0683 (SQL injection vulnerability in shiftthis-preview.php in the ShiftThis ...)
NOT-FOR-US: st_newsletter plugin for WordPress
CVE-2008-0682 (SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin ...)
NOT-FOR-US: Wordspew plugin for Wordpress
More information about the Secure-testing-commits
mailing list