[Secure-testing-commits] r10191 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Tue Oct 28 21:14:12 UTC 2008


Author: joeyh
Date: 2008-10-28 21:14:11 +0000 (Tue, 28 Oct 2008)
New Revision: 10191

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-28 19:20:27 UTC (rev 10190)
+++ data/CVE/list	2008-10-28 21:14:11 UTC (rev 10191)
@@ -1,4 +1,64 @@
-CVE-2008-4748 [Format string vulnerability via format string specifiers in the irc:// URI]
+CVE-2008-4769 (Directory traversal vulnerability in the get_category_template ...)
+	TODO: check
+CVE-2008-4768 (SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to ...)
+	TODO: check
+CVE-2008-4767 (Unrestricted file upload vulnerability in the DownloadsPlus module in ...)
+	TODO: check
+CVE-2008-4766 (SQL injection vulnerability in member.php in Oxygen Bulletin Board ...)
+	TODO: check
+CVE-2008-4765 (SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth ...)
+	TODO: check
+CVE-2008-4764 (Directory traversal vulnerability in the eXtplorer module ...)
+	TODO: check
+CVE-2008-4763 (Multiple cross-site scripting (XSS) vulnerabilities in sample.php in ...)
+	TODO: check
+CVE-2008-4762 (Stack-based buffer overflow in freeSSHd 1.2.1 allows remote ...)
+	TODO: check
+CVE-2008-4761 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2008-4760 (SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, ...)
+	TODO: check
+CVE-2008-4759 (Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 ...)
+	TODO: check
+CVE-2008-4758 (Directory traversal vulnerability in download_file.php in PHP-Daily ...)
+	TODO: check
+CVE-2008-4757 (Multiple SQL injection vulnerabilities in PHP-Daily allow remote ...)
+	TODO: check
+CVE-2008-4756 (Cross-site scripting (XSS) vulnerability in add_prest_date.php in ...)
+	TODO: check
+CVE-2008-4755 (SQL injection vulnerability in gotourl.php in PozScripts Classified ...)
+	TODO: check
+CVE-2008-4754 (SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez ...)
+	TODO: check
+CVE-2008-4753 (SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader ...)
+	TODO: check
+CVE-2008-4752 (TlNews 2.2 allows remote attackers to bypass authentication and gain ...)
+	TODO: check
+CVE-2008-4751 (Cross-site scripting (XSS) vulnerability in index.php in iPei ...)
+	TODO: check
+CVE-2008-4750 (Stack-based buffer overflow in the VImpX.VImpAX ActiveX control ...)
+	TODO: check
+CVE-2008-4749 (Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX ...)
+	TODO: check
+CVE-2008-4747 (Unspecified vulnerability in the search feature in Sun Java System ...)
+	TODO: check
+CVE-2008-4746 (Multiple SQL injection vulnerabilities in Uniwin eCart Professional ...)
+	TODO: check
+CVE-2008-4745 (Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin ...)
+	TODO: check
+CVE-2008-4744 (SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc ...)
+	TODO: check
+CVE-2008-4743 (SQL injection vulnerability in index.php in QuidaScript FAQ Management ...)
+	TODO: check
+CVE-2008-4742 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2008-4741 (Directory traversal vulnerability in index.php in FAR-PHP 1.00, when ...)
+	TODO: check
+CVE-2008-4740 (Directory traversal vulnerability in templater.php in the ZZ_Templater ...)
+	TODO: check
+CVE-2006-7234 (Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows ...)
+	TODO: check
+CVE-2008-4748 (Format string vulnerability in the URI handler in KVirc 3.4.0, when ...)
 	- kvirc 2:3.4.0-3 (bug #503401)
 CVE-2008-XXXX [balazar3: insecure temp file handling]
 	- blazar3 <not-affected> (Package is in experimental)
@@ -2294,7 +2354,7 @@
 	NOT-FOR-US: Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon)
 CVE-2008-3765 (SQL injection vulnerability in code.php in Quick Poll Script allows ...)
 	NOT-FOR-US: Quick Poll Script
-CVE-2008-3764 (Eval injection vulnerability in chat.php in Turnkey PHP Live Helper ...)
+CVE-2008-3764 (Eval injection vulnerability in globalsoff.php in Turnkey PHP Live ...)
 	NOT-FOR-US: Turnkey PHP Live Helper
 CVE-2008-3763 (Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live ...)
 	NOT-FOR-US: Turnkey PHP Live Helper
@@ -3102,7 +3162,7 @@
 	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2008-3480 (Stack-based buffer overflow in the Anzio Web Print Object (WePO) ...)
 	NOT-FOR-US: Anzio Web Print Object 
-CVE-2008-3479 (The Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 ...)
+CVE-2008-3479 (Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2008-3478
 	RESERVED
@@ -3118,7 +3178,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2008-3472 (Microsoft Internet Explorer 6 and 7 does not properly determine the ...)
 	NOT-FOR-US: Microsoft
-CVE-2008-3471 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold ...)
+CVE-2008-3471 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, ...)
 	NOT-FOR-US: Microsoft
 CVE-2008-3470
 	RESERVED
@@ -3641,7 +3701,7 @@
 	NOTE: this is by design
 CVE-2008-3233 (Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN ...)
 	- wordpress <not-affected> (Code was only present in svn versions)
-CVE-2008-3232 (Unspecified vulnerability in dotclear before 1.2.8 has unknown impact ...)
+CVE-2008-3232 (Unrestricted file upload vulnerability in ecrire/images.php in ...)
 	NOT-FOR-US: dotclear
 CVE-2008-3231 (xine before 1.1.5 allows user-assisted attackers to cause a denial of ...)
 	- xine-lib 1.1.14-2 (bug #492870; low)




More information about the Secure-testing-commits mailing list