Author: nion Date: 2008-03-25 15:43:19 +0000 (Tue, 25 Mar 2008) New Revision: 8407 Modified: data/CVE/list Log: new vlc issue (CVE-2008-1489; medium) php5-apc has an itp (CVE-2008-1488) new xine-lib issues (CVE-2008-1482; medium) CVE-2008-1475 does not affect roundup in Debian new roundup issue (CVE-2008-1474; low) new namazu2 issue (CVE-2008-1468;low) new centerim issue (CVE-2008-1467) not really relevant NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-03-25 13:20:38 UTC (rev 8406) +++ data/CVE/list 2008-03-25 15:43:19 UTC (rev 8407) @@ -1,65 +1,68 @@ CVE-2008-1489 (Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC ...) - TODO: check + - vlc <unfixed> (medium; bug #472635) CVE-2008-1488 (Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC) ...) - TODO: check + - php5-apc <itp> (bug #335404) CVE-2008-1487 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...) - TODO: check + NOT-FOR-US: LinPHA CVE-2008-1486 (SQL injection vulnerability in Phorum before 5.2.6 , when mysql_use_ft ...) - TODO: check + NOT-FOR-US: Phorum CVE-2008-1485 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier ...) - TODO: check + NOT-FOR-US: PunBB CVE-2008-1484 (The password reset feature in PunBB 1.2.16 and earlier uses ...) - TODO: check + NOT-FOR-US: PunBB CVE-2008-1483 (OpenSSH 4.3p2, and probably other versions, allows local users to ...) - openssh 1:4.7p1-5 (bug #463011) CVE-2008-1482 (Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote ...) - TODO: check + - xine-lib <unfixed> (medium; bug #472639) CVE-2008-1481 (Cross-site scripting (XSS) vulnerability in index.php in webSPELL ...) - TODO: check + NOT-FOR-US: webSPELL CVE-2008-1480 (rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2008-1479 (Cross-site scripting (XSS) vulnerability in index.php in ...) - TODO: check + NOT-FOR-US: cfnetgs CVE-2008-1478 (Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Home FTP Server CVE-2008-1477 (Multiple cross-site scripting (XSS) vulnerabilities in busca.php in ...) - TODO: check + NOT-FOR-US: eForum CVE-2008-1475 (The xml-rpc server in Roundup 1.4.4 does not check property ...) - TODO: check + - roundup <not-affected> (xml-rpc code introduced in 1.4.0) CVE-2008-1474 (Multiple unspecified vulnerabilities in Roundup before 1.4.4 have ...) - TODO: check + - roundup <unfixed> (low; bug #472643) CVE-2008-1473 (The Altiris Client Service (AClient.exe) in Symantec Altiris ...) - TODO: check + NOT-FOR-US: Symantec Altiris CVE-2008-1472 (Stack-based buffer overflow in the ListCtrl.ocx ActiveX Control in CA ...) - TODO: check + NOT-FOR-US: ARCserve Backup CVE-2008-1471 (The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ ...) - TODO: check + NOT-FOR-US: Panda Internet Security/Antivirus+ Firewall CVE-2008-1470 (Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID ...) - TODO: check + NOT-FOR-US: WebID RSA Authentication Agent CVE-2008-1469 (Gallarific Free Edition 1.1 does not require authentication for (1) ...) - TODO: check + NOT-FOR-US: Gallarific CVE-2008-1468 (Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu ...) - TODO: check + - namazu2 <unfixed> (low; bug #472644) CVE-2008-1467 (CenterIM 4.22.3 and earlier allows remote attackers to execute ...) - TODO: check + - centerim <unfixed> (low; bug #472649) + NOTE: the victim needs to list the URLs in the message with F2 and press enter on it + NOTE: the victim can see the complete URL including the commands however so the impact + NOTE: is really low, setting it to unimportant maybe? CVE-2008-1466 (Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 ...) - TODO: check + NOT-FOR-US: W-Agora CVE-2008-1465 (SQL injection vulnerability in the Detodas Restaurante ...) - TODO: check + NOT-FOR-US: com_restaurante component for Mambo and Joomla! CVE-2008-1464 (Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 ...) - TODO: check + NOT-FOR-US: Gallarific CVE-2008-1463 (Cross-site scripting (XSS) vulnerability in the management GUI in ...) - TODO: check + NOT-FOR-US: Imperva SecureSphere MX Management Server CVE-2008-1462 (SQL injection vulnerability in the sections (Section) module in RunCMS ...) - TODO: check + NOT-FOR-US: RunCMS CVE-2008-1461 (Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers ...) - TODO: check + NOT-FOR-US: XnView CVE-2008-1460 (SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and ...) - TODO: check + NOT-FOR-US: com_joovideo component for Mambo and Joomla! CVE-2008-1459 (SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and ...) - TODO: check + NOT-FOR-US: com_alberghi component for Mambo and Joomla! CVE-2008-1458 (Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 ...) - TODO: check + NOT-FOR-US: CS-Cart CVE-2008-1457 RESERVED CVE-2008-1456 @@ -111,17 +114,17 @@ CVE-2008-1433 RESERVED CVE-2008-1432 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ...) - TODO: check + NOT-FOR-US: ManageEngine SupportCenter Plus CVE-2008-1431 (RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a ...) - TODO: check + NOT-FOR-US: RaidSonic NAS-4220-B firmware CVE-2008-1430 (SQL injection vulnerability in links.asp in ASPapp allows remote ...) - TODO: check + NOT-FOR-US: ASPapp CVE-2008-1429 (Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows ...) - TODO: check + - silcd 1.1.1-1 (medium) CVE-2008-1428 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart ...) - TODO: check + NOT-FOR-US: Ubercart CVE-2008-1427 (SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 ...) - TODO: check + NOT-FOR-US: com_acajoom component for Joomla! CVE-2008-1426 (SQL injection vulnerability in album.asp in KAPhotoservice allows ...) TODO: check CVE-2008-1425 (SQL injection vulnerability in index.php in the gallery module in ...)