Author: nion Date: 2008-08-13 11:46:34 +0000 (Wed, 13 Aug 2008) New Revision: 9564 Modified: data/CVE/list Log: tikiwiki was removed NFUs CVE-2008-3600 gallery unfixed but unimportant (relies on register_globals), gallery2 not affected Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-08-13 10:21:21 UTC (rev 9563) +++ data/CVE/list 2008-08-13 11:46:34 UTC (rev 9564) @@ -27,19 +27,20 @@ - ruby1.9 <unfixed> (bug #494402) NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ CVE-2008-3654 (Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows ...) - TODO: check + - tikiwiki <removed> CVE-2008-3653 (Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before ...) - TODO: check + - tikiwiki <removed> CVE-2008-3652 (src/racoon/handler.c in racoon in ipsec-tools does not remove an ...) TODO: check CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools ...) TODO: check CVE-2008-3650 (Multiple unspecified vulnerabilities in Horde Groupware Webmail before ...) TODO: check + NOTE: this should be a dup of CVE-2008-3330. CVE-2008-3649 (SQL injection vulnerability in categorydetail.php in Article Friendly ...) - TODO: check + NOT-FOR-US: Article Friendly Standard CVE-2008-3648 (nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2008-3647 RESERVED CVE-2008-3646 @@ -121,35 +122,37 @@ CVE-2008-3608 RESERVED CVE-2008-3607 (The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows ...) - TODO: check + NOT-FOR-US: NoticeWare Email Server NG CVE-2008-3606 (Heap-based buffer overflow in the IMAP service in Qbik WinGate ...) - TODO: check + NOT-FOR-US: Qbik WinGate CVE-2008-3605 (Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, ...) - TODO: check + NOT-FOR-US: McAfee Encrypted USB Manager CVE-2008-3604 (SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows ...) - TODO: check + NOT-FOR-US: ZeeBuddy CVE-2008-3603 (SQL injection vulnerability in index.php in Vacation Rental Script 3.0 ...) - TODO: check + NOT-FOR-US: Vacation Rental Script CVE-2008-3602 (admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) ...) - TODO: check + NOT-FOR-US: PHP-Ring Webring System CVE-2008-3601 (SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 ...) - TODO: check + NOT-FOR-US: Quicksilver Forums CVE-2008-3600 (Directory traversal vulnerability in contrib/phpBB2/modules.php in ...) - TODO: check + - gallery <unfixed> (unimportant) + - gallery2 <not-affected> (Vulnerable code not present) + NOTE: We haven''t supported installations with register_globals enabled since a long time CVE-2008-3599 (SQL injection vulnerability in image.php in OpenImpro 1.1 allows ...) - TODO: check + NOT-FOR-US: OpenImpro CVE-2008-3598 (Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote ...) - TODO: check + NOT-FOR-US: psipuss CVE-2008-3597 (Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Skulltag CVE-2008-3596 (Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 ...) - TODO: check + NOT-FOR-US: Harmoni CVE-2008-3595 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: txtSQL CVE-2008-3594 (SQL injection vulnerability in viewdetails.php in MagicScripts E-Store ...) - TODO: check + NOT-FOR-US: MagicScripts E-Store CVE-2008-3593 (Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows ...) - TODO: check + NOT-FOR-US: SyzygyCMS CVE-2008-3592 (Unrestricted file upload vulnerability in the File Manager in the ...) TODO: check CVE-2008-3591 (SQL injection vulnerability in lib/class.admin.php in Twentyone ...)