joeyh at alioth.debian.org
2008-Mar-26 21:14 UTC
[Secure-testing-commits] r8419 - data/CVE
Author: joeyh
Date: 2008-03-26 21:14:11 +0000 (Wed, 26 Mar 2008)
New Revision: 8419
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-03-26 19:25:24 UTC (rev 8418)
+++ data/CVE/list 2008-03-26 21:14:11 UTC (rev 8419)
@@ -1,3 +1,81 @@
+CVE-2008-1529 (ZyXEL Prestige routers have a minimum password length for the
admin ...)
+ TODO: check
+CVE-2008-1528 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models
with ...)
+ TODO: check
+CVE-2008-1527 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models
with ...)
+ TODO: check
+CVE-2008-1526 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models
with ...)
+ TODO: check
+CVE-2008-1525 (The default SNMP configuration on ZyXEL Prestige routers,
including ...)
+ TODO: check
+CVE-2008-1524 (The SNMP service on ZyXEL Prestige routers, including P-660 and
P-661 ...)
+ TODO: check
+CVE-2008-1523 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models
with ...)
+ TODO: check
+CVE-2008-1522 (ZyXEL Prestige routers, including P-660 and P-661 models with
firmware ...)
+ TODO: check
+CVE-2008-1521 (ZyXEL Prestige routers, including P-660 and P-661 models with
firmware ...)
+ TODO: check
+CVE-2008-1520
+ RESERVED
+CVE-2008-1519
+ RESERVED
+CVE-2008-1518
+ RESERVED
+CVE-2008-1517
+ RESERVED
+CVE-2008-1516
+ RESERVED
+CVE-2008-1515
+ RESERVED
+CVE-2008-1514 (ptrace in Linux kernel 2.6.9 on Fedora 7 and 8 allows local
users to ...)
+ TODO: check
+CVE-2008-1513 (SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and
...)
+ TODO: check
+CVE-2008-1512 (Directory traversal vulnerability in admin/admin_xs.php in phpBB
...)
+ TODO: check
+CVE-2008-1511 (Multiple PHP remote file inclusion vulnerabilities in ooComments
1.0 ...)
+ TODO: check
+CVE-2008-1510 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2008-1509 (SQL injection vulnerability in index.php in XLPortal 2.2.4 and
earlier ...)
+ TODO: check
+CVE-2008-1508 (SQL injection vulnerability in EfesTech E-Kontör and
earlier allows ...)
+ TODO: check
+CVE-2008-1507 (PEEL, possibly 3.x and earlier, has (1) a default info at
peel.fr account ...)
+ TODO: check
+CVE-2008-1506 (PEEL, possibly 3.x and earlier, allows remote attackers to
obtain ...)
+ TODO: check
+CVE-2008-1505 (PHP remote file inclusion vulnerability in the SSTREAMTV
custompages ...)
+ TODO: check
+CVE-2008-1504 (Cross-site scripting (XSS) vulnerability in setup.php3 in
phpHeaven ...)
+ TODO: check
+CVE-2008-1503 (Cross-site scripting (XSS) vulnerability in the web management
...)
+ TODO: check
+CVE-2008-1501 (The send_user_mode function in s_user.c in (1) Undernet ircu
...)
+ TODO: check
+CVE-2008-1500 (Cross-site scripting (XSS) vulnerability in index.php in
TinyPortal ...)
+ TODO: check
+CVE-2008-1499 (Cross-site scripting (XSS) vulnerability in
frontend/x/manpage.html in ...)
+ TODO: check
+CVE-2008-1498 (Stack-based buffer overflow in the IMAP service in NetWin
Surgemail ...)
+ TODO: check
+CVE-2008-1497 (Stack-based buffer overflow in the IMAP service in NetWin
SurgeMail ...)
+ TODO: check
+CVE-2008-1496 (Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and
...)
+ TODO: check
+CVE-2008-1495 (Unrestricted file upload vulnerability in
administrer/produits.php in ...)
+ TODO: check
+CVE-2008-1494 (SQL injection vulnerability in inc/module/online.php in
Easy-Clanpage ...)
+ TODO: check
+CVE-2008-1493 (Directory traversal vulnerability in login.php in Cuteflow Bin
1.5.0 ...)
+ TODO: check
+CVE-2008-1492 (Multiple directory traversal vulnerabilities in CoronaMatrix
...)
+ TODO: check
+CVE-2008-1491 (Stack-based buffer overflow in the DPC Proxy server
(DpcProxy.exe) in ...)
+ TODO: check
+CVE-2008-1490 (Buffer overflow in a certain Aurigma ActiveX control in ...)
+ TODO: check
CVE-2008-XXXX [policyd-weight tempfile race]
- policyd-weight <unfixed> (low)
NOTE:
http://www.mail-archive.com/policyd-weight-list%40ek-muc.de/msg00798.html
@@ -203,7 +281,7 @@
{DSA-1528-1}
- serendipity 1.3-1
NOTE:
http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html
-CVE-2008-1502 [multiple security issues in kses as used in egroupware]
+CVE-2008-1502 (The _bad_protocol_once function in
phpgwapi/inc/class.kses.inc.php in ...)
- egroupware 1.4.002.dfsg-2.1 (bug #471839)
CVE-2008-XXXX [OTRS osa-2008-01]
- otrs2 2.2.5-2
@@ -922,8 +1000,8 @@
RESERVED
CVE-2008-1093
RESERVED
-CVE-2008-1092
- RESERVED
+CVE-2008-1092 (Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft
Jet ...)
+ TODO: check
CVE-2008-1091
RESERVED
CVE-2008-1090
@@ -5363,7 +5441,7 @@
NOTE: Browser crashes not treated as security problems
CVE-2007-5895
RESERVED
-CVE-2007-5894 (The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos
5 ...)
+CVE-2007-5894 (** DISPUTED ** ...)
- krb5 <unfixed> (unimportant; bug #454974)
NOTE: Not exploitable in real-world circumstances:
NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html