[Secure-testing-commits] r10152 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Oct 22 21:14:10 UTC 2008
Author: joeyh
Date: 2008-10-22 21:14:09 +0000 (Wed, 22 Oct 2008)
New Revision: 10152
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-10-22 20:38:38 UTC (rev 10151)
+++ data/CVE/list 2008-10-22 21:14:09 UTC (rev 10152)
@@ -1,3 +1,83 @@
+CVE-2008-4676 (Unspecified vulnerability in Citrix XenApp (formerly Presentation ...)
+ TODO: check
+CVE-2008-4675 (SQL injection vulnerability in index.php in PHPcounter 1.3.2 and ...)
+ TODO: check
+CVE-2008-4674 (SQL injection vulnerability in realestate-index.php in Conkurent Real ...)
+ TODO: check
+CVE-2008-4673 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-4672 (Cross-site scripting (XSS) vulnerability in search_results.php in ...)
+ TODO: check
+CVE-2008-4671 (Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in ...)
+ TODO: check
+CVE-2008-4670 (Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol ...)
+ TODO: check
+CVE-2008-4669 (Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher ...)
+ TODO: check
+CVE-2008-4668 (Directory traversal vulnerability in the Image Browser ...)
+ TODO: check
+CVE-2008-4667 (Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 ...)
+ TODO: check
+CVE-2008-4666 (SQL injection vulnerability in webboard.php in Ultimate Webboard 3.00 ...)
+ TODO: check
+CVE-2008-4665 (SQL injection vulnerability in PG Matchmaking allows remote attackers ...)
+ TODO: check
+CVE-2008-4664 (Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control ...)
+ TODO: check
+CVE-2008-4663 (Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as used ...)
+ TODO: check
+CVE-2008-4662 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when ...)
+ TODO: check
+CVE-2008-4661 (Cross-site scripting (XSS) vulnerability in the Page Improvements ...)
+ TODO: check
+CVE-2008-4660 (SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 ...)
+ TODO: check
+CVE-2008-4659 (SQL injection vulnerability in the Mannschaftsliste ...)
+ TODO: check
+CVE-2008-4658 (SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 ...)
+ TODO: check
+CVE-2008-4657 (SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and ...)
+ TODO: check
+CVE-2008-4656 (SQL injection vulnerability in the Frontend Users View (feusersview) ...)
+ TODO: check
+CVE-2008-4655 (SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 ...)
+ TODO: check
+CVE-2008-4653 (SQL injection vulnerability in makale.php in Makale 0.26 and possibly ...)
+ TODO: check
+CVE-2008-4652 (Buffer overflow in the ActiveX control (DartFtp.dll) in Dart ...)
+ TODO: check
+CVE-2008-4651 (Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote ...)
+ TODO: check
+CVE-2008-4650 (SQL injection vulnerability in viewevent.php in myEvent 1.6 allows ...)
+ TODO: check
+CVE-2008-4649 (Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 ...)
+ TODO: check
+CVE-2008-4648 (Cross-site scripting (XSS) vulnerability in index.php in Elxis CMS ...)
+ TODO: check
+CVE-2008-4647 (SQL injection vulnerability in index.php in sweetCMS 1.5.2 allows ...)
+ TODO: check
+CVE-2008-4646 (The Websense Reporter Module in Websense Enterprise 6.3.2 stores the ...)
+ TODO: check
+CVE-2008-4645 (plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier ...)
+ TODO: check
+CVE-2008-4644 (hits.php in myWebland myStats allows remote attackers to bypass IP ...)
+ TODO: check
+CVE-2008-4643 (SQL injection vulnerability in hits.php in myWebland myStats allows ...)
+ TODO: check
+CVE-2008-4642 (SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows ...)
+ TODO: check
+CVE-2008-4641 (The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and ...)
+ TODO: check
+CVE-2008-4640 (The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and ...)
+ TODO: check
+CVE-2008-4639 (jhead.c in Matthias Wandel jhead before 2.84 allows local users to ...)
+ TODO: check
+CVE-2008-4638 (qioadmin in the Quick I/O for Database feature in Symantec Veritas ...)
+ TODO: check
+CVE-2008-4637 (Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 ...)
+ TODO: check
+CVE-2008-4636
+ RESERVED
CVE-2008-4635 (Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 ...)
NOT-FOR-US: XOOPS module
CVE-2008-4634 (Cross-site scripting (XSS) vulnerability in Movable Type 4 through ...)
@@ -24,7 +104,7 @@
NOT-FOR-US: Fast Click SQL Lite
CVE-2008-4623 (SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) ...)
NOT-FOR-US: DS-Syndicate
-CVE-2008-4622 (fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to ...)
+CVE-2008-4622 (The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 ...)
NOT-FOR-US: phpFastNews
CVE-2008-4621 (SQL injection vulnerability in bannerclick.php in ZeeScripts ...)
NOT-FOR-US: ZeeScripts Zeeproperty
@@ -88,7 +168,7 @@
NOT-FOR-US: Apple iPhone 2.1 with firmware 5F136
CVE-2007-6718 (MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of ...)
TODO: check
-CVE-2008-4654 [vlc overflow in ty parsing]
+CVE-2008-4654 (Stack-based buffer overflow in the parse_master function in the Ty ...)
- vlc <not-affected> (bug #502726)
NOTE: code in 0.8.6.i-2 does not have this flaw, experimental version (0.9.4 is vulnerable)
TODO: check if >= 0.9.4 is uploaded to unstable
@@ -1179,8 +1259,8 @@
RESERVED
CVE-2008-4122
RESERVED
-CVE-2008-4121
- RESERVED
+CVE-2008-4121 (Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce ...)
+ TODO: check
CVE-2008-4120 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 ...)
NOT-FOR-US: FlatPress
CVE-2008-4119 (Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk ...)
@@ -1913,6 +1993,7 @@
- iceape 1.1.12-1
- icedove 2.0.0.17-1
CVE-2008-3834 (The dbus_signature_validate function in the D-bus library (libdbus) ...)
+ {DSA-1658-1}
- dbus <unfixed> (bug #501443)
CVE-2008-3833 (The generic_file_splice_write function in fs/splice.c in the Linux ...)
{DSA-1653-1}
@@ -3367,8 +3448,8 @@
NOT-FOR-US: Arctic Issue Tracker
CVE-2008-3249 (The client in Lenovo System Update before 3.14 does not properly ...)
NOT-FOR-US: Lenovo System Update
-CVE-2008-3248
- RESERVED
+CVE-2008-3248 (qiomkfile in the Quick I/O for Database feature in Symantec Veritas ...)
+ TODO: check
CVE-2008-3247 (The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 ...)
- linux-2.6 2.6.25-7
[etch] - linux-2.6 <not-affected> (2.6.25-only issue)
@@ -17655,8 +17736,8 @@
- cupsys 1.3.4-1 (medium; bug #448866)
- cups 1.3.4-1 (medium; bug #448866)
[sarge] - cupsys <not-affected> (Only vulnerable to code injection since 1.2.x, effects are harmless otherwise)
-CVE-2007-4350
- RESERVED
+CVE-2007-4350 (Cross-site scripting (XSS) vulnerability in the management interface ...)
+ TODO: check
CVE-2007-4349
RESERVED
CVE-2007-4348 (Cross-site scripting (XSS) vulnerability in the CAD service in IBM ...)
More information about the Secure-testing-commits
mailing list