Author: nion Date: 2008-02-01 18:19:35 +0000 (Fri, 01 Feb 2008) New Revision: 8068 Modified: data/CVE/list Log: new issue: firebird2.0 (CVE-2008-0467) new issues: elog (CVE-2008-0445, CVE-2008-0444) CVE-2008-0460 fixed in mediawiki 1:1.11.1-1 NFUs update on sdl-image, maybe dup, its currently discussed on vendor-sec Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-02-01 17:19:22 UTC (rev 8067) +++ data/CVE/list 2008-02-01 18:19:35 UTC (rev 8068) @@ -69,7 +69,8 @@ CVE-2008-0468 (SQL injection vulnerability in category.php in Flinx 1.3 and earlier ...) NOT-FOR-US: Flinx CVE-2008-0467 (Buffer overflow in Firebird before 2.1.0 RC1 might allow remote ...) - TODO: check + - firebird2 <removed> + - firebird2.0 <unfixed> (medium; bug #463596) CVE-2008-0466 (Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor ...) NOT-FOR-US: Web Wiz Rich Text Editor CVE-2008-0465 (Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 ...) @@ -77,17 +78,17 @@ CVE-2008-0464 (Directory traversal vulnerability in archiv.cgi in absofort aconon ...) NOT-FOR-US: aconon Mail Enterprise SQL CVE-2008-0463 (Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before ...) - TODO: check + NOT-FOR-US: Workflow module for Drupal CVE-2008-0462 (Cross-site scripting (XSS) vulnerability in the Archive 5.x before ...) - TODO: check + NOT-FOR-US: Archive module for Drupal CVE-2008-0461 (SQL injection vulnerability in index.php in the Search module in ...) - TODO: check + NOT-FOR-US: PHP-Nuke CVE-2008-0460 (Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki ...) - TODO: check + - mediawiki 1:1.11.1-1 (low) CVE-2008-0459 (Directory traversal vulnerability in update/index.php in Liquid-Silver ...) - TODO: check + NOT-FOR-US: Liquit-Silver CMS CVE-2008-0458 (Directory traversal vulnerability in function/sources.php in SLAED CMS ...) - TODO: check + NOT-FOR-US: SLAED CMS CVE-2008-0457 RESERVED CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in the ...) @@ -95,73 +96,73 @@ CVE-2008-0455 (Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...) TODO: check CVE-2008-0454 (Cross-zone scripting vulnerability in the Internet Explorer web ...) - TODO: check + NOT-FOR-US: Skype CVE-2008-0453 (SQL injection vulnerability in list.php in Easysitenetwork Recipe ...) - TODO: check + NOT-FOR-US: Easysitenetwork Recipe CVE-2008-0452 (Directory traversal vulnerability in articles.php in Siteman 1.1.9 ...) - TODO: check + NOT-FOR-US: Siteman CVE-2008-0451 (Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote ...) - TODO: check + NOT-FOR-US: PacerCMS CVE-2008-0450 (Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c ...) - TODO: check + NOT-FOR-US: BLOG:CMS CVE-2008-0449 (SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping ...) - TODO: check + NOT-FOR-US: VP-ASP Shopping Cart CVE-2008-0448 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: phpSearch CVE-2008-0447 (SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 ...) - TODO: check + NOT-FOR-US: Foojan WMS PHP Weblog CVE-2008-0446 (SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows ...) - TODO: check + NOT-FOR-US: Foojan WMS PHP Weblog CVE-2008-0445 (The replace_inline_img function in elogd in Electronic Logbook (ELOG) ...) - TODO: check + - elog <unfixed> (low; bug #463600) CVE-2008-0444 (Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) ...) - TODO: check + - elog <unfixed> (low; bug #463600) CVE-2008-0443 (Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX ...) - TODO: check + NOT-FOR-US: Lycos FileUploader Module CVE-2008-0442 (PHP remote file inclusion vulnerability in inc/linkbar.php in Small ...) - TODO: check + NOT-FOR-US: Small Axe Weblog CVE-2008-0441 (IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in ...) - TODO: check + NOT-FOR-US: IBM Tivoli Business Service Manager CVE-2008-0440 (AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in ...) - TODO: check + NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange CVE-2008-0439 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: DeluxeBB CVE-2008-0438 (Cross-site scripting (XSS) vulnerability in the font rendering ...) - TODO: check + NOT-FOR-US: Novemberborn sIFR CVE-2008-0437 (Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ...) - TODO: check + NOT-FOR-US: HP Virtual Rooms CVE-2008-0436 (Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp ...) - TODO: check + NOT-FOR-US: PD9 Software MegaBBS CVE-2008-0435 (Directory traversal vulnerability in index.php in OZJournals 2.1.1 ...) - TODO: check + NOT-FOR-US: OZJournals CVE-2008-0434 (Format string vulnerability in the AXIMilter module in AXIGEN Mail ...) - TODO: check + NOT-FOR-US: AXIGEN Mail Server CVE-2008-0433 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Agares Media phpAutoVideo CVE-2008-0432 (Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo ...) - TODO: check + NOT-FOR-US: Agares Media phpAutoVideo CVE-2008-0431 (Directory traversal vulnerability in administrator/download.php in ...) - TODO: check + NOT-FOR-US: IDMOS CVE-2008-0430 (SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows ...) - TODO: check + NOT-FOR-US: 360 Web Manager CVE-2008-0429 (SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per ...) - TODO: check + NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange CVE-2008-0428 (Multiple SQL injection vulnerabilities in the login function in ...) - TODO: check + NOT-FOR-US: bloofoxCMS CVE-2008-0427 (Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows ...) - TODO: check + NOT-FOR-US: bloofoxCMS CVE-2008-0426 (Multiple cross-site scripting (XSS) vulnerabilities in submit.php in ...) - TODO: check + NOT-FOR-US: PacerCMS CVE-2008-0425 (Absolute path traversal vulnerability in explorerdir.php in Frimousse ...) - TODO: check + NOT-FOR-US: Frimousse CVE-2008-0424 (SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) ...) - TODO: check + NOT-FOR-US: Mooseguy Blog System CVE-2008-0423 (Multiple PHP remote file inclusion vulnerabilities in Lama Software ...) - TODO: check + NOT-FOR-US: Lama Software CVE-2008-0422 (SQL injection vulnerability in mail.php in boastMachine (aka bMachine) ...) - TODO: check + NOT-FOR-US: bMachine CVE-2008-0421 (SQL injection vulnerability in Invision Gallery 2.0.7 and earlier ...) - TODO: check + NOT-FOR-US: Invision Gallery CVE-2008-0420 RESERVED CVE-2008-0419 @@ -190,7 +191,7 @@ - exempi 1.99.7-1 (bug #454297) CVE-2008-XXXX [buffer overflow in libsdl-image] - sdl-image1.2 1.2.6-2 (medium) - NOTE: CVE id requested + NOTE: CVE id requested, maybe a dup of CVE-2006-4484 NOTE: see http://www.securityfocus.com/archive/1/486853/30/30/threaded CVE-2008-0410 (HTTP File Server (HFS) before 2.2c allows remote attackers to obtain ...) TODO: check