[Secure-testing-commits] r9872 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Tue Sep 23 21:14:12 UTC 2008
Author: joeyh
Date: 2008-09-23 21:14:10 +0000 (Tue, 23 Sep 2008)
New Revision: 9872
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-09-23 21:02:43 UTC (rev 9871)
+++ data/CVE/list 2008-09-23 21:14:10 UTC (rev 9872)
@@ -1,3 +1,151 @@
+CVE-2008-4189 (Buffer overflow in the printer sharing services in the Samba code in ...)
+ TODO: check
+CVE-2008-4188 (Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) ...)
+ TODO: check
+CVE-2008-4187 (Directory traversal vulnerability in index.php in ProActive CMS allows ...)
+ TODO: check
+CVE-2008-4186 (SQL injection vulnerability in index.php in webCMS Portal Edition ...)
+ TODO: check
+CVE-2008-4185 (SQL injection vulnerability in index.php in webCMS Portal Edition ...)
+ TODO: check
+CVE-2008-4184 (Cross-site scripting (XSS) vulnerability in index.php in webCMS Portal ...)
+ TODO: check
+CVE-2008-4183 (IntegraMOD 1.4.x stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2008-4182 (Cross-site scripting (XSS) vulnerability in imp/test.php in Horde ...)
+ TODO: check
+CVE-2008-4181 (Directory traversal vulnerability in includes/xml.php in the Netenberg ...)
+ TODO: check
+CVE-2008-4180 (Unspecified vulnerability in db.php in NooMS 1.1 allows remote ...)
+ TODO: check
+CVE-2008-4179 (Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1 allow ...)
+ TODO: check
+CVE-2008-4178 (SQL injection vulnerability in tr.php in DownlineGoldmine Special ...)
+ TODO: check
+CVE-2008-4177 (SQL injection vulnerability in search.php in Pre Real Estate Listings ...)
+ TODO: check
+CVE-2008-4176 (SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta ...)
+ TODO: check
+CVE-2008-4175 (Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow ...)
+ TODO: check
+CVE-2008-4174 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2008-4173 (SQL injection vulnerability in ProArcadeScript 1.3 allows remote ...)
+ TODO: check
+CVE-2008-4172 (SQL injection vulnerability in page.php in Cars & Vehicle (aka ...)
+ TODO: check
+CVE-2008-4171 (SQL injection vulnerability in xmlout.php in Invision Power Board ...)
+ TODO: check
+CVE-2008-4170 (create_account.php in osCommerce 2.2 RC 2a allows remote attackers to ...)
+ TODO: check
+CVE-2008-4169 (SQL injection vulnerability in detaillist.php in iScripts EasyIndex ...)
+ TODO: check
+CVE-2008-4168 (Cross-site scripting (XSS) vulnerability in verify_login.jsp in ...)
+ TODO: check
+CVE-2008-4167 (useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not ...)
+ TODO: check
+CVE-2008-4166 (Integer overflow in the JavaScript engine in Avant Browser 11.7 Build ...)
+ TODO: check
+CVE-2008-4165 (admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a ...)
+ TODO: check
+CVE-2008-4164 (cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2008-4163 (Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and ...)
+ TODO: check
+CVE-2008-4162 (Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows ...)
+ TODO: check
+CVE-2008-4161 (SQL injection vulnerability in search_inv.php in Assetman 2.5b allows ...)
+ TODO: check
+CVE-2008-4160 (Unspecified vulnerability in the UFS module in Sun Solaris 8 through ...)
+ TODO: check
+CVE-2008-4159 (SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS ...)
+ TODO: check
+CVE-2008-4158 (Multiple directory traversal vulnerabilities in index.php in Zanfi CMS ...)
+ TODO: check
+CVE-2008-4157 (SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 ...)
+ TODO: check
+CVE-2008-4156 (SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming ...)
+ TODO: check
+CVE-2008-4155 (Multiple directory traversal vulnerabilities in EasySite 2.3 allow ...)
+ TODO: check
+CVE-2008-4154 (SQL injection vulnerability in living-e webEdition CMS allows remote ...)
+ TODO: check
+CVE-2008-4153 (The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module ...)
+ TODO: check
+CVE-2008-4152 (Cross-site scripting (XSS) vulnerability in the Talk module 5.x before ...)
+ TODO: check
+CVE-2008-4151 (Directory traversal vulnerability in collect.php in CYASK 3.x allows ...)
+ TODO: check
+CVE-2008-4150 (SQL injection vulnerability in picture_category.php in Diesel Joke ...)
+ TODO: check
+CVE-2008-4149 (Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to ...)
+ TODO: check
+CVE-2008-4148 (SQL injection vulnerability in the Mailhandler module 5.x before ...)
+ TODO: check
+CVE-2008-4147 (Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x ...)
+ TODO: check
+CVE-2008-4146 (Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve ...)
+ TODO: check
+CVE-2008-4145 (SQL injection vulnerability in user_read_links.php in Addalink 1.0 ...)
+ TODO: check
+CVE-2008-4144 (SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold ...)
+ TODO: check
+CVE-2008-4143 (SQL injection vulnerability in category_search.php in RazorCommerce ...)
+ TODO: check
+CVE-2008-4142 (SQL injection vulnerability in article.php in E-Php CMS allows remote ...)
+ TODO: check
+CVE-2008-4141 (Multiple PHP remote file inclusion vulnerabilities in x10Media x10 ...)
+ TODO: check
+CVE-2008-4140 (Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart ...)
+ TODO: check
+CVE-2008-4139 (Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution ...)
+ TODO: check
+CVE-2008-4138 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-4137 (PHP remote file inclusion vulnerability in footer.php in PHP-Crawler ...)
+ TODO: check
+CVE-2008-4136 (Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote ...)
+ TODO: check
+CVE-2008-4135 (Symbian OS S60 3rd edition on the Nokia E90 Communicator and Nseries ...)
+ TODO: check
+CVE-2008-4134 (PHP remote file inclusion vulnerability in manager/static/view.php in ...)
+ TODO: check
+CVE-2008-4133 (The web proxy service on the D-Link DIR-100 with firmware 1.12 and ...)
+ TODO: check
+CVE-2008-4132 (Stack-based buffer overflow in the VSFlexGrid.VSFlexGridL ActiveX ...)
+ TODO: check
+CVE-2008-4131 (Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow ...)
+ TODO: check
+CVE-2008-4130 (Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 ...)
+ TODO: check
+CVE-2008-4129 (Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ...)
+ TODO: check
+CVE-2008-4128 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP ...)
+ TODO: check
+CVE-2008-4127 (Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta ...)
+ TODO: check
+CVE-2008-4126 (PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use ...)
+ TODO: check
+CVE-2008-4125 (The search function in phpBB 2.x provides a search_id value that leaks ...)
+ TODO: check
+CVE-2008-4124
+ RESERVED
+CVE-2008-4123
+ RESERVED
+CVE-2008-4122
+ RESERVED
+CVE-2008-4121
+ RESERVED
+CVE-2008-4120
+ RESERVED
+CVE-2008-4119
+ RESERVED
+CVE-2008-4118 (Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd ...)
+ TODO: check
+CVE-2008-4117 (Unspecified vulnerability in a web page in the PRM module in Sun ...)
+ TODO: check
+CVE-2008-4116 (Heap-based buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 ...)
+ TODO: check
CVE-2008-XXXX [heap overflow in fraud2]
- fraud2 <unfixed> (bug #499899)
NOTE: http://bugs.gentoo.org/show_bug.cgi?id=238445
@@ -15,31 +163,32 @@
CVE-2008-4113 (The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the ...)
- linux-2.6 2.6.26-5
[etch] - linux-2.6.24 <unfixed>
-CVE-2008-4112 (Directory traversal vulnerability in bin/configure in TWiki before ...)
+CVE-2008-4112
+ REJECTED
- twiki <unfixed> (low)
NOTE: access to configure script is restricted to localhost on Debian
CVE-2008-4111 (Unspecified vulnerability in Servlet Engine/Web Container in IBM ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4110 (Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in ...)
NOT-FOR-US: Microsoft
-CVE-2008-4107
- RESERVED
-CVE-2008-4106
- RESERVED
-CVE-2008-4105
- RESERVED
-CVE-2008-4104
- RESERVED
-CVE-2008-4103
- RESERVED
-CVE-2008-4102
- RESERVED
-CVE-2008-4101
- RESERVED
-CVE-2008-4098
- RESERVED
-CVE-2008-4097
- RESERVED
+CVE-2008-4107 (The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ...)
+ TODO: check
+CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings about ...)
+ TODO: check
+CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that ...)
+ TODO: check
+CVE-2008-4104 (Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 ...)
+ TODO: check
+CVE-2008-4103 (The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 ...)
+ TODO: check
+CVE-2008-4102 (Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, ...)
+ TODO: check
+CVE-2008-4101 (Vim 3.0 through 7.x before 7.2.010 does not properly escape ...)
+ TODO: check
+CVE-2008-4098 (MySQL before 5.0.67 allows local users to bypass certain privilege ...)
+ TODO: check
+CVE-2008-4097 (MySQL 5.0.51a allows local users to bypass certain privilege checks by ...)
+ TODO: check
CVE-2008-4095 (Multiple unspecified vulnerabilities in Flip4Mac WMV before 2.2.1 have ...)
NOT-FOR-US: Flip4Mac WMV
CVE-2008-4094
@@ -194,30 +343,25 @@
RESERVED
CVE-2008-4019
RESERVED
-CVE-2008-4109 [unsafe sigdie function called by signal handler]
- RESERVED
+CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch, and ...)
{DSA-1638-1 CVE-2006-5051}
- openssh 1:4.6p1-1 (low)
NOTE: The patch backported for CVE-2006-5051 was incorrect and did not
NOTE: fully address the issue. The upstream fix in 4.4p1 was
NOTE: right, and it the next unstable upload after that was 4.6p1.
-CVE-2008-4100 [adns predictable transaction id's and source port]
- RESERVED
+CVE-2008-4100 (GNU adns 1.4 and earlier uses a fixed source port and sequential ...)
- adns <unfixed> (unimportant; bug #492698)
NOTE: adns is not supported in untrusted contexts, see BR
-CVE-2008-4099 [pydns predictable transaction id's and source port]
- RESERVED
+CVE-2008-4099 (PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use ...)
{DSA-1619-1}
- python-dns 2.3.1-5 (low; bug #490217)
-CVE-2008-4096 [phpmyadmin code execution PMASA-2008-7]
- RESERVED
+CVE-2008-4096 (libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 ...)
{DSA-1641-1}
- phpmyadmin 4:2.11.8.1-2 (medium)
CVE-2008-XXXX [unsafe use of tempfile in ssmclient]
- smsclient <unfixed> (unimportant; bug #498901)
NOTE: script is not in use and only a suggestion for users
-CVE-2008-4108 [unsafe use of tempfile in python]
- RESERVED
+CVE-2008-4108 (Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) ...)
- python-defaults <unfixed> (unimportant; bug #498899)
NOTE: script is an example, which can be used by users
CVE-2008-4018 (swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local ...)
@@ -329,8 +473,8 @@
NOT-FOR-US: MyBB
CVE-2008-3965 (SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) ...)
NOT-FOR-US: MyBB
-CVE-2008-3961
- RESERVED
+CVE-2008-3961 (Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on ...)
+ TODO: check
CVE-2008-3960 (Unspecified vulnerability in the JDBC Applet Server Service (aka ...)
NOT-FOR-US: IBM DB2 UDB
CVE-2008-3959 (IBM DB2 UDB 8.1 before FixPak 16, and 8.2 before FixPak 9, allows ...)
@@ -353,8 +497,8 @@
NOT-FOR-US: The Real Estate Script
CVE-2008-3950 (Off-by-one error in the ...)
TODO: check
-CVE-2008-3949
- RESERVED
+CVE-2008-3949 (Emacs in SUSE Linux imports Python script from the current working ...)
+ TODO: check
CVE-2008-3948 (SQL injection vulnerability in admin/users/self-2.php in XRMS allows ...)
NOT-FOR-US: XRMS
CVE-2008-3947 (DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain ...)
@@ -1121,10 +1265,10 @@
CVE-2008-3663 [Squirrelmail: Session hijacking vulnerability]
RESERVED
- squirrelmail <unfixed> (bug #499942)
-CVE-2008-3662
- RESERVED
-CVE-2008-3661
- RESERVED
+CVE-2008-3662 (Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure ...)
+ TODO: check
+CVE-2008-3661 (Drupal, probably 5.10 and 6.4, does not set the secure flag for the ...)
+ TODO: check
CVE-2008-3660 (PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6, when used as a ...)
- php5 <unfixed> (medium)
- php4 <removed>
@@ -1239,7 +1383,7 @@
NOT-FOR-US: Apple Mac OS X
CVE-2008-3616 (Multiple integer overflows in the SearchKit API in Apple Mac OS X ...)
NOT-FOR-US: Apple Mac OS X
-CVE-2008-3615 (An unspecified third-party Indeo v5 codec for QuickTime, when used ...)
+CVE-2008-3615 (ir50_32.qtx in an unspecified third-party Indeo v5 codec for ...)
NOT-FOR-US: Apple QuickTime
CVE-2008-3614 (Integer overflow in Apple QuickTime before 7.5.5 on Windows allows ...)
NOT-FOR-US: Apple QuickTime
@@ -1446,8 +1590,8 @@
CVE-2008-3520 [jasper - various potential integer overflows]
RESERVED
- jasper <unfixed>
-CVE-2008-3519
- RESERVED
+CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat JBoss ...)
+ TODO: check
CVE-2008-3518
RESERVED
CVE-2008-3517 [rejected]
@@ -2128,8 +2272,7 @@
{DSA-1614-1}
- iceweasel 3.0.1-1 (low)
NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
-CVE-2008-3195
- RESERVED
+CVE-2008-3195 (Directory traversal vulnerability in bin/configure in TWiki before ...)
{DSA-1639-1}
- twiki <unfixed> (low; bug #499534)
NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195
@@ -2607,7 +2750,7 @@
RESERVED
CVE-2008-3009
RESERVED
-CVE-2008-3008 (Buffer overflow in a certain ActiveX control in wmex.dll in Microsoft ...)
+CVE-2008-3008 (Stack-based buffer overflow in the WMEncProfileManager ActiveX control ...)
NOT-FOR-US: Microsoft Windows Media Encoder
CVE-2008-3007 (Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and ...)
NOT-FOR-US: Microsoft Office XP
@@ -3850,12 +3993,12 @@
RESERVED
CVE-2008-2471
RESERVED
-CVE-2008-2470
- RESERVED
+CVE-2008-2470 (The InstallShield Update Service Agent ActiveX control in isusweb.dll ...)
+ TODO: check
CVE-2008-2469
RESERVED
-CVE-2008-2468
- RESERVED
+CVE-2008-2468 (Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) ...)
+ TODO: check
CVE-2008-2467
RESERVED
CVE-2008-2466
@@ -7123,8 +7266,8 @@
NOT-FOR-US: Sun Solaris
CVE-2008-1094
RESERVED
-CVE-2008-1093
- RESERVED
+CVE-2008-1093 (Acresso InstallShield Update Agent does not properly verify the ...)
+ TODO: check
CVE-2008-1092 (Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet ...)
NOT-FOR-US: Microsoft Jet Database Engine
CVE-2008-1091 (Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, ...)
@@ -13718,7 +13861,7 @@
NOT-FOR-US: Microsoft Vista
CVE-2007-5349
RESERVED
-CVE-2007-5348 (Heap-based buffer overflow in the vector graphics link library in ...)
+CVE-2007-5348 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5347 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
More information about the Secure-testing-commits
mailing list