[Secure-testing-commits] r10162 - data/CVE
fw at alioth.debian.org
fw at alioth.debian.org
Sun Oct 26 13:06:04 UTC 2008
Author: fw
Date: 2008-10-26 13:06:03 +0000 (Sun, 26 Oct 2008)
New Revision: 10162
Modified:
data/CVE/list
Log:
NFUs
CVE-2008-4723 looks bogus
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-10-26 12:15:26 UTC (rev 10161)
+++ data/CVE/list 2008-10-26 13:06:03 UTC (rev 10162)
@@ -19,19 +19,26 @@
CVE-2008-4730 (Cross-site scripting (XSS) vulnerability in MyID.php in phpMyID 0.9 ...)
TODO: check
CVE-2008-4729 (Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1 ActiveX ...)
- TODO: check
+ NOT-FOR-US: Hummingbird Xweb
CVE-2008-4728 (Multiple insecure method vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Hummingbird Deployment Wizard
CVE-2008-4727 (Cross-site scripting (XSS) vulnerability in the contact update page ...)
- TODO: check
+ NOT-FOR-US: SunGard Banner Student
CVE-2008-4726 (Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 ...)
- TODO: check
+ NOT-FOR-US: GoodTech SSH
CVE-2008-4725 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...)
- TODO: check
+ {CVE-2008-4723}
+ TODO: check if Webkit is affected
CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
+ {CVE-2008-4724}
TODO: check
+ NOTE: http://www.jorgan.users.cg.yu/ seems to be the original source
+ NOTE: Not enough details to tell if this is a real vulnerability.
+ NOTE: My guess is that file names containing <>& are incorrectly
+ NOTE: handled in FTP mode. Since the server might directly serve
+ NOTE: HTML files anyway, this seems a remote risk.
CVE-2008-4722 (Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) ...)
TODO: check
CVE-2008-4721 (PHP Jabbers Post Comment 3.0 allows remote attackers to bypass ...)
@@ -81,15 +88,15 @@
CVE-2008-4699 (Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in ...)
TODO: check
CVE-2008-4698 (Opera before 9.61 does not properly block scripts during preview of a ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2008-4697 (The Fast Forward feature in Opera before 9.61, when a page is located ...)
TODO: check
CVE-2008-4696 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2008-4695 (Opera before 9.60 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2008-4694 (Unspecified vulnerability in Opera before 9.60 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2008-4693 (The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 ...)
TODO: check
CVE-2008-4692 (The Native Managed Provider for .NET component in IBM DB2 8 before ...)
@@ -174,7 +181,7 @@
CVE-2008-4653 (SQL injection vulnerability in makale.php in Makale 0.26 and possibly ...)
TODO: check
CVE-2008-4652 (Buffer overflow in the ActiveX control (DartFtp.dll) in Dart ...)
- TODO: check
+ NOT-FOR-US: Dart Communications PowerTCP FTP
CVE-2008-4651 (Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote ...)
TODO: check
CVE-2008-4650 (SQL injection vulnerability in viewevent.php in myEvent 1.6 allows ...)
More information about the Secure-testing-commits
mailing list