[Secure-testing-commits] r10167 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Sun Oct 26 20:17:30 UTC 2008 

Author: nion
Date: 2008-10-26 20:17:29 +0000 (Sun, 26 Oct 2008)
New Revision: 10167

Modified:
   data/CVE/list
Log:
NFUs
phpmyid has an itp (CVE-2008-4730)
two new mantis issues (CVE-2008-468{8,9})
new wireshark issues (CVE-2008-46[80-85])


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-26 14:00:48 UTC (rev 10166)
+++ data/CVE/list	2008-10-26 20:17:29 UTC (rev 10167)
@@ -1,23 +1,23 @@
 CVE-2008-4739 (Directory traversal vulnerability in index.php in PlugSpace 0.1, when ...)
-	TODO: check
+	NOT-FOR-US: PlugSpace
 CVE-2008-4738 (SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows ...)
-	TODO: check
+	NOT-FOR-US: MyCard
 CVE-2008-4737 (Cross-site scripting (XSS) vulnerability in wholite.cgi in WhoDomLite ...)
-	TODO: check
+	NOT-FOR-US: WhoDomLite
 CVE-2008-4736 (SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and ...)
-	TODO: check
+	NOT-FOR-US: RPG.Board
 CVE-2008-4735 (PHP remote file inclusion vulnerability in header.php in Concord ...)
-	TODO: check
+	NOT-FOR-US: Concord software
 CVE-2008-4734 (Cross-site request forgery (CSRF) vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: WP Comment Remix plugin
 CVE-2008-4733 (Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP ...)
-	TODO: check
+	NOT-FOR-US: WP Comment Remix plugin
 CVE-2008-4732 (SQL injection vulnerability in ajax_comments.php in the WP Comment ...)
-	TODO: check
+	NOT-FOR-US: WP Comment Remix plugin
 CVE-2008-4731 (Multiple unspecified vulnerabilities in YaCy before 0.61 have unknown ...)
 	- yacy <itp> (bug #452422)
 CVE-2008-4730 (Cross-site scripting (XSS) vulnerability in MyID.php in phpMyID 0.9 ...)
-	TODO: check
+	- phpmyid <itp> (bug #492325)
 CVE-2008-4729 (Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1 ActiveX ...)
 	NOT-FOR-US: Hummingbird Xweb
 CVE-2008-4728 (Multiple insecure method vulnerabilities in the ...)
@@ -42,55 +42,55 @@
 CVE-2008-4722 (Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) ...)
 	NOT-FOR-US: Sun ILOM
 CVE-2008-4721 (PHP Jabbers Post Comment 3.0 allows remote attackers to bypass ...)
-	TODO: check
+	NOT-FOR-US: PHP Jabbers
 CVE-2008-4720 (Multiple PHP remote file inclusion vulnerabilities in The Gemini ...)
-	TODO: check
+	NOT-FOR-US: The Gemini Portal
 CVE-2008-4719 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: openEngine
 CVE-2008-4718 (Directory traversal vulnerability in help/mini.phpin X7 Chat 2.0.1 A1 ...)
-	TODO: check
+	NOT-FOR-US: X7 Chat
 CVE-2008-4717 (SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0 allows ...)
-	TODO: check
+	NOT-FOR-US: ZEELYRICS
 CVE-2008-4716 (SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 ...)
-	TODO: check
+	NOT-FOR-US: PHP-Lance
 CVE-2008-4715 (SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for ...)
-	TODO: check
+	NOT-FOR-US: com_jpad for Joomla!
 CVE-2008-4714 (Atomic Photo Album 1.1.0 pre4 does not properly handle the ...)
-	TODO: check
+	NOT-FOR-US: Atomic Photo Album
 CVE-2008-4713 (SQL injection vulnerability in view.php in 212cafe Board 0.07 allows ...)
-	TODO: check
+	NOT-FOR-US: 212cafe Board
 CVE-2008-4712 (Directory traversal vulnerability in pages/showblog.php in LnBlog ...)
-	TODO: check
+	NOT-FOR-US: LnBlog
 CVE-2008-4711 (SQL injection vulnerability in Joovili 3.0 and earlier, when ...)
-	TODO: check
+	NOT-FOR-US: Joovili
 CVE-2008-4710 (Cross-site scripting (XSS) vulnerability in the stock quotes page in ...)
-	TODO: check
+	NOT-FOR-US: Stock module for Drupal
 CVE-2008-4709 (SQL injection vulnerability in news_read.php in Pilot Group (PG) ...)
-	TODO: check
+	NOT-FOR-US: PG eTraining
 CVE-2008-4708 (BbZL.PhP 0.92 allows remote attackers to bypass authentication and ...)
-	TODO: check
+	NOT-FOR-US: BbZL.PhP
 CVE-2008-4707 (Directory traversal vulnerability in index.php in BbZL.PhP 0.92 allows ...)
-	TODO: check
+	NOT-FOR-US: BbZL.PhP
 CVE-2008-4706 (SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a ...)
-	TODO: check
+	NOT-FOR-US: VBGooglemap Hotspot Edition
 CVE-2008-4705 (SQL injection vulnerability in success_story.php in php Online Dating ...)
-	TODO: check
+	NOT-FOR-US: MyPHPDating
 CVE-2008-4704 (PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in ...)
-	TODO: check
+	NOT-FOR-US: SezHoo
 CVE-2008-4703 (SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows ...)
-	TODO: check
+	NOT-FOR-US: BosDev BosNews
 CVE-2008-4702 (Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 ...)
-	TODO: check
+	NOT-FOR-US: PhpWebGallery
 CVE-2008-4701 (SQL injection vulnerability in admin.php in Libera CMS 1.12, when ...)
-	TODO: check
+	NOT-FOR-US: Libera CMS
 CVE-2008-4700 (SQL injection vulnerability in admin.php in Libera CMS 1.12 and ...)
-	TODO: check
+	NOT-FOR-US: Libera CMS
 CVE-2008-4699 (Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in ...)
-	TODO: check
+	NOT-FOR-US: Peachtree Accounting
 CVE-2008-4698 (Opera before 9.61 does not properly block scripts during preview of a ...)
 	NOT-FOR-US: Opera
 CVE-2008-4697 (The Fast Forward feature in Opera before 9.61, when a page is located ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2008-4696 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before ...)
 	NOT-FOR-US: Opera
 CVE-2008-4695 (Opera before 9.60 allows remote attackers to obtain sensitive ...)
@@ -104,23 +104,23 @@
 CVE-2008-4691 (Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in ...)
 	NOT-FOR-US: IBM DB2
 CVE-2008-4690 (lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx ...)
-	TODO: check
+	- lynx <not-affected> (advanced mode is not switched on in Debian configurations and lynxcgi handlers are really unlikely)
 CVE-2008-4689 (Mantis before 1.1.3 does not unset the session cookie during logout, ...)
-	TODO: check
+	- mantis <unfixed> (low; bug #503588)
 CVE-2008-4688 (core/string_api.php in Mantis before 1.1.3 does not check the ...)
-	TODO: check
+	- mantis <unfixed> (low; bug #503588)
 CVE-2008-4685 (Use-after-free vulnerability in the dissect_q931_cause_ie function in ...)
-	TODO: check
+	- wireshark <unfixed> (low; bug #503589)
 CVE-2008-4684 (packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly ...)
-	TODO: check
+	- wireshark <unfixed> (low; bug #503589)
 CVE-2008-4683 (The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL ...)
-	TODO: check
+	- wireshark <unfixed> (low; bug #503589)
 CVE-2008-4682 (wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to ...)
-	TODO: check
+	- wireshark <unfixed> (low; bug #503589)
 CVE-2008-4681 (Unspecified vulnerability in the Bluetooth RFCOMM dissector in ...)
-	TODO: check
+	- wireshark <unfixed> (low; bug #503589)
 CVE-2008-4680 (packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 ...)
-	TODO: check
+	- wireshark <unfixed> (low; bug #503589)
 CVE-2008-4679 (The Web Services Security component in IBM WebSphere Application ...)
 	NOT-FOR-US: IBM Websphere
 CVE-2008-4678 (The HTTP_Request_Parser method in the HTTP Transport component in IBM ...)

More information about the Secure-testing-commits mailing list