[Secure-testing-commits] r10162 - data/CVE

fw at alioth.debian.org fw at alioth.debian.org
Sun Oct 26 13:06:04 UTC 2008


Author: fw
Date: 2008-10-26 13:06:03 +0000 (Sun, 26 Oct 2008)
New Revision: 10162

Modified:
   data/CVE/list
Log:
NFUs
CVE-2008-4723 looks bogus

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-26 12:15:26 UTC (rev 10161)
+++ data/CVE/list	2008-10-26 13:06:03 UTC (rev 10162)
@@ -19,19 +19,26 @@
 CVE-2008-4730 (Cross-site scripting (XSS) vulnerability in MyID.php in phpMyID 0.9 ...)
 	TODO: check
 CVE-2008-4729 (Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1 ActiveX ...)
-	TODO: check
+	NOT-FOR-US: Hummingbird Xweb
 CVE-2008-4728 (Multiple insecure method vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: Hummingbird Deployment Wizard
 CVE-2008-4727 (Cross-site scripting (XSS) vulnerability in the contact update page ...)
-	TODO: check
+	NOT-FOR-US: SunGard Banner Student
 CVE-2008-4726 (Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 ...)
-	TODO: check
+	NOT-FOR-US: GoodTech SSH
 CVE-2008-4725 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...)
-	TODO: check
+	{CVE-2008-4723}
+	TODO: check if Webkit is affected
 CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
+        {CVE-2008-4724}
 	TODO: check
+	NOTE: http://www.jorgan.users.cg.yu/ seems to be the original source
+	NOTE: Not enough details to tell if this is a real vulnerability.
+	NOTE: My guess is that file names containing <>& are incorrectly
+	NOTE: handled in FTP mode. Since the server might directly serve
+	NOTE: HTML files anyway, this seems a remote risk.
 CVE-2008-4722 (Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) ...)
 	TODO: check
 CVE-2008-4721 (PHP Jabbers Post Comment 3.0 allows remote attackers to bypass ...)
@@ -81,15 +88,15 @@
 CVE-2008-4699 (Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in ...)
 	TODO: check
 CVE-2008-4698 (Opera before 9.61 does not properly block scripts during preview of a ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2008-4697 (The Fast Forward feature in Opera before 9.61, when a page is located ...)
 	TODO: check
 CVE-2008-4696 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2008-4695 (Opera before 9.60 allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2008-4694 (Unspecified vulnerability in Opera before 9.60 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2008-4693 (The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 ...)
 	TODO: check
 CVE-2008-4692 (The Native Managed Provider for .NET component in IBM DB2 8 before ...)
@@ -174,7 +181,7 @@
 CVE-2008-4653 (SQL injection vulnerability in makale.php in Makale 0.26 and possibly ...)
 	TODO: check
 CVE-2008-4652 (Buffer overflow in the ActiveX control (DartFtp.dll) in Dart ...)
-	TODO: check
+	NOT-FOR-US: Dart Communications PowerTCP FTP
 CVE-2008-4651 (Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote ...)
 	TODO: check
 CVE-2008-4650 (SQL injection vulnerability in viewevent.php in myEvent 1.6 allows ...)




More information about the Secure-testing-commits mailing list