thr3ads.net - Secure testing commits - [Secure-testing-commits] r9836

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Sep-17 09:14 UTC
[Secure-testing-commits] r9836 - data/CVE

Author: joeyh
Date: 2008-09-17 09:14:34 +0000 (Wed, 17 Sep 2008)
New Revision: 9836

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-09-16 21:14:14 UTC (rev 9835)
+++ data/CVE/list	2008-09-17 09:14:34 UTC (rev 9836)
@@ -1,21 +1,211 @@
+CVE-2008-4115 (TalkBack 2.3.6 allows remote attackers to obtain configuration
...)
+	TODO: check
+CVE-2008-4114 (srv.sys in Microsoft Windows Vista SP1 allows remote attackers
to ...)
+	TODO: check
+CVE-2008-4113 (The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in
the ...)
+	TODO: check
+CVE-2008-4112 (Directory traversal vulnerability in bin/configure in TWiki
before ...)
+	TODO: check
+CVE-2008-4111 (Unspecified vulnerability in Servlet Engine/Web Container in IBM
...)
+	TODO: check
+CVE-2008-4110 (Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control
in ...)
+	TODO: check
+CVE-2008-4107
+	RESERVED
+CVE-2008-4106
+	RESERVED
+CVE-2008-4105
+	RESERVED
+CVE-2008-4104
+	RESERVED
+CVE-2008-4103
+	RESERVED
+CVE-2008-4102
+	RESERVED
+CVE-2008-4101
+	RESERVED
+CVE-2008-4098
+	RESERVED
+CVE-2008-4097
+	RESERVED
+CVE-2008-4095 (Multiple unspecified vulnerabilities in Flip4Mac WMV before
2.2.1 have ...)
+	TODO: check
+CVE-2008-4094
+	RESERVED
+CVE-2008-4093 (SQL injection vulnerability in memberstats.php in YourOwnBux 3.1
and ...)
+	TODO: check
+CVE-2008-4092 (SQL injection vulnerability in printfeature.php in myPHPNuke
(MPN) ...)
+	TODO: check
+CVE-2008-4091 (SQL injection vulnerability in index.php in Web Directory Script
1.5.3 ...)
+	TODO: check
+CVE-2008-4090 (SQL injection vulnerability in index.php in PHP Coupon Script
4.0 ...)
+	TODO: check
+CVE-2008-4089 (Cross-site scripting (XSS) vulnerability in print.php in
myPHPNuke ...)
+	TODO: check
+CVE-2008-4088 (SQL injection vulnerability in print.php in myPHPNuke (MPN)
before ...)
+	TODO: check
+CVE-2008-4087 (Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19
...)
+	TODO: check
+CVE-2008-4086 (SQL injection vulnerability in index.php in Reciprocal Links
Manager ...)
+	TODO: check
+CVE-2008-4085 (Plait before 1.6 allows local users to overwrite arbitrary files
via a ...)
+	TODO: check
+CVE-2008-4084 (SQL injection vulnerability in
staticpages/easyclassifields/index.php ...)
+	TODO: check
+CVE-2008-4083 (Cross-site scripting (XSS) vulnerability in the Bookmarks plugin
in ...)
+	TODO: check
+CVE-2008-4082 (SQL injection vulnerability in the Tasks plugin in Brim 2.0.0,
when ...)
+	TODO: check
+CVE-2008-4081 (admin/login.php in Stash 1.0.3 allows remote attackers to bypass
...)
+	TODO: check
+CVE-2008-4080 (SQL injection vulnerability in Stash 1.0.3, when
magic_quotes_gpc is ...)
+	TODO: check
+CVE-2008-4079 (Cross-site scripting (XSS) vulnerability in Movable Type (MT)
4.x ...)
+	TODO: check
+CVE-2008-4078 (SQL injection vulnerability in the AR/AP transaction report in
(1) ...)
+	TODO: check
+CVE-2008-4077 (The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2)
...)
+	TODO: check
+CVE-2008-4076 (Cross-site scripting (XSS) vulnerability in (1) Tor World Tor
Board ...)
+	TODO: check
+CVE-2008-4075 (Directory traversal vulnerability in index.php in D-iscussion
Board ...)
+	TODO: check
+CVE-2008-4074 (SQL injection vulnerability in index.php in Zanfi Autodealers
CMS ...)
+	TODO: check
+CVE-2008-4073 (SQL injection vulnerability in index.php in Zanfi Autodealers
CMS ...)
+	TODO: check
+CVE-2008-4072 (Multiple SQL injection vulnerabilities in index.php in phsBlog
0.2 ...)
+	TODO: check
+CVE-2008-4071 (A certain ActiveX control in Adobe Acrobat 9, when used with
Microsoft ...)
+	TODO: check
+CVE-2008-4070
+	RESERVED
+CVE-2008-4069
+	RESERVED
+CVE-2008-4068
+	RESERVED
+CVE-2008-4067
+	RESERVED
+CVE-2008-4066
+	RESERVED
+CVE-2008-4065
+	RESERVED
+CVE-2008-4064
+	RESERVED
+CVE-2008-4063
+	RESERVED
+CVE-2008-4062
+	RESERVED
+CVE-2008-4061
+	RESERVED
+CVE-2008-4060
+	RESERVED
+CVE-2008-4059
+	RESERVED
+CVE-2008-4058
+	RESERVED
+CVE-2008-4057 (Unspecified vulnerability in Objective Development Sharity 3
before ...)
+	TODO: check
+CVE-2008-4056 (Cross-site scripting (XSS) vulnerability in admin/login.php in
...)
+	TODO: check
+CVE-2008-4055 (SQL injection vulnerability in tops_top.php in Million Pixel Ad
Script ...)
+	TODO: check
+CVE-2008-4054 (SQL injection vulnerability in indir.php in Kolifa.net Download
Script ...)
+	TODO: check
+CVE-2008-4053 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2008-4052 (Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for
Integrity ...)
+	TODO: check
+CVE-2008-4051 (Cross-site scripting (XSS) vulnerability in surveyresults.asp in
Smart ...)
+	TODO: check
+CVE-2008-4050 (A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly
...)
+	TODO: check
+CVE-2008-4049 (A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly
...)
+	TODO: check
+CVE-2008-4048 (Heap-based buffer overflow in a certain ActiveX control in ...)
+	TODO: check
+CVE-2008-4047 (Unspecified vulnerability in Novell Forum (formerly SiteScape
Forum) ...)
+	TODO: check
+CVE-2008-4046 (SQL injection vulnerability in index.php in eliteCMS 1.0 allows
remote ...)
+	TODO: check
+CVE-2008-4045 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail
5.42 ...)
+	TODO: check
+CVE-2008-4044 (SQL injection vulnerability in article/readarticle.php in AJ
Square ...)
+	TODO: check
+CVE-2008-4043 (Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme
allow ...)
+	TODO: check
+CVE-2008-4042
+	REJECTED
+	TODO: check
+CVE-2008-4041 (The IMAP server in Softalk Mail Server (formerly WorkgroupMail)
...)
+	TODO: check
+CVE-2008-4040 (Directory traversal vulnerability in the Kyocera Command Center
in ...)
+	TODO: check
+CVE-2008-4039 (SQL injection vulnerability in index.php in Spice Classifieds
allows ...)
+	TODO: check
+CVE-2008-4038
+	RESERVED
+CVE-2008-4037
+	RESERVED
+CVE-2008-4036
+	RESERVED
+CVE-2008-4035
+	RESERVED
+CVE-2008-4034
+	RESERVED
+CVE-2008-4033
+	RESERVED
+CVE-2008-4032
+	RESERVED
+CVE-2008-4031
+	RESERVED
+CVE-2008-4030
+	RESERVED
+CVE-2008-4029
+	RESERVED
+CVE-2008-4028
+	RESERVED
+CVE-2008-4027
+	RESERVED
+CVE-2008-4026
+	RESERVED
+CVE-2008-4025
+	RESERVED
+CVE-2008-4024
+	RESERVED
+CVE-2008-4023
+	RESERVED
+CVE-2008-4022
+	RESERVED
+CVE-2008-4021
+	RESERVED
+CVE-2008-4020
+	RESERVED
+CVE-2008-4019
+	RESERVED
 CVE-2008-4109 [unsafe sigdie function called by signal handler]
+	RESERVED
 	{DSA-1638-1 CVE-2006-5051}
 	- openssh 1:4.6p1-1 (low)
 	NOTE: The patch backported for CVE-2006-5051 was incorrect and did not
 	NOTE: fully address the issue.  The upstream fix in 4.4p1 was
 	NOTE: right, and it the next unstable upload after that was 4.6p1.
 CVE-2008-4100 [adns predictable transaction id''s and source port]
+	RESERVED
 	- adns <unfixed> (unimportant; bug #492698)
 	NOTE: adns is not supported in untrusted contexts, see BR
 CVE-2008-4099 [pydns predictable transaction id''s and source port]
+	RESERVED
 	{DSA-1619-1}
 	- python-dns 2.3.1-5 (low; bug #490217)
 CVE-2008-4096 [phpmyadmin code execution PMASA-2008-7]
+	RESERVED
 	- phpmyadmin <unfixed> (medium)
 CVE-2008-XXXX [unsafe use of tempfile in ssmclient]
 	- smsclient <unfixed> (unimportant; bug #498901)
 	NOTE: script is not in use and only a suggestion for users
 CVE-2008-4108 [unsafe use of tempfile in python]
+	RESERVED
 	- python-defaults <unfixed> (unimportant; bug #498899)
 	NOTE: script is an example, which can be used by users
 CVE-2008-4018 (swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows
local ...)
@@ -148,8 +338,8 @@
 	NOT-FOR-US: EsFaq
 CVE-2008-3951 (SQL injection vulnerability in view_ann.php in Vastal I-Tech
Agent ...)
 	NOT-FOR-US: The Real Estate Script
-CVE-2008-3950
-	RESERVED
+CVE-2008-3950 (Off-by-one error in the ...)
+	TODO: check
 CVE-2008-3949
 	RESERVED
 CVE-2008-3948 (SQL injection vulnerability in admin/users/self-2.php in XRMS
allows ...)
@@ -235,7 +425,7 @@
 	NOT-FOR-US: IBM AIX
 CVE-2007-6716 (fs/direct-io.c in the dio subsystem in the Linux kernel before
2.6.23 ...)
 	TODO: check
-CVE-2008-3962 (The from_format function in ssmtp.c in ssmtp 2.62, in certain
...)
+CVE-2008-3962 (The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in
certain ...)
 	- ssmtp <unfixed> (low; bug #498366)
 CVE-2008-3963 (MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6
does ...)
 	- mysql-dfsg-5.0 5.0.51a-15 (low; bug #498362)
@@ -310,7 +500,7 @@
 	NOT-FOR-US: Blogn
 CVE-2008-3883 (configvar in Caudium 1.4.12 allows local users to overwrite
arbitrary ...)
 	- caudium 1.4.12-11.1 (low; bug #496404)
-CVE-2008-3882 (ZoneMinder 1.23.3 and earlier allows remote attackers to execute
...)
+CVE-2008-3882 (Unspecified &quot;Command Injection&quot; vulnerability
in ZoneMinder 1.23.3 and ...)
 	- zoneminder <unfixed> (bug #497640)
 CVE-2008-3881 (Multiple cross-site scripting (XSS) vulnerabilities in
ZoneMinder ...)
 	- zoneminder <unfixed> (low; bug #497640)
@@ -390,8 +580,7 @@
 	NOT-FOR-US: Old CVE id
 CVE-2008-XXXX [nfdump vulnerable to symlink attacks]
 	- nfdump 1.5.7-5 (bug #497452)
-CVE-2008-3889 [postfix local DoS]
-	RESERVED
+CVE-2008-3889 (Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before ...)
 	- postfix 2.5.5-1 (low)
 	[etch] - postfix <not-affected> (Vulnerable code not present)
 	NOTE: http://www.postfix.org/announcements/20080902.html
@@ -458,12 +647,10 @@
 	RESERVED
 CVE-2008-3825
 	RESERVED
-CVE-2008-3824 [horde XSS]
-	RESERVED
+CVE-2008-3824 (Cross-site scripting (XSS) vulnerability in (1) ...)
 	{DTSA-165-1}
 	- horde3 <unfixed>
-CVE-2008-3823 [horde missing input sanitation]
-	RESERVED
+CVE-2008-3823 (Cross-site scripting (XSS) vulnerability in
MIME/MIME/Contents.php in ...)
 	{DTSA-165-1}
 	- horde3 <unfixed>
 CVE-2008-3822
@@ -1003,7 +1190,7 @@
 	RESERVED
 CVE-2008-3632 (Use-after-free vulnerability in WebKit in Apple iPod touch 1.1
through ...)
 	TODO: check
-CVE-2008-3631 (Application Sandbox in Apple iPod touch 2.0 through 2.0.2 does
not ...)
+CVE-2008-3631 (Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and
iPhone ...)
 	NOT-FOR-US: Apple iPod
 CVE-2008-3630 (mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an
...)
 	NOT-FOR-US: Apple Bonjour
@@ -1021,36 +1208,36 @@
 	NOT-FOR-US: Apple QuickTime
 CVE-2008-3623
 	RESERVED
-CVE-2008-3622
-	RESERVED
-CVE-2008-3621
-	RESERVED
+CVE-2008-3622 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple
Mac ...)
+	TODO: check
+CVE-2008-3621 (VideoConference in Apple Mac OS X 10.4.11 and 10.5 through
10.5.4 ...)
+	TODO: check
 CVE-2008-3620
 	RESERVED
-CVE-2008-3619
-	RESERVED
-CVE-2008-3618
-	RESERVED
-CVE-2008-3617
-	RESERVED
-CVE-2008-3616
-	RESERVED
+CVE-2008-3619 (Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak
...)
+	TODO: check
+CVE-2008-3618 (The File Sharing pane in the Sharing preference pane in Apple
Mac OS X ...)
+	TODO: check
+CVE-2008-3617 (Remote Management and Screen Sharing in Apple Mac OS X 10.5
through ...)
+	TODO: check
+CVE-2008-3616 (Multiple integer overflows in the SearchKit API in Apple Mac OS
X ...)
+	TODO: check
 CVE-2008-3615 (An unspecified third-party Indeo v5 codec for QuickTime, when
used ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2008-3614 (Integer overflow in Apple QuickTime before 7.5.5 on Windows
allows ...)
 	NOT-FOR-US: Apple QuickTime
-CVE-2008-3613
-	RESERVED
-CVE-2008-3612 (The Networking subsystem in Apple iPod touch 2.0 through 2.0.2
uses ...)
+CVE-2008-3613 (Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote
attackers ...)
+	TODO: check
+CVE-2008-3612 (The Networking subsystem in Apple iPod touch 2.0 through 2.0.2,
and ...)
 	NOT-FOR-US: Apple iPod
-CVE-2008-3611
-	RESERVED
-CVE-2008-3610
-	RESERVED
-CVE-2008-3609
-	RESERVED
-CVE-2008-3608
-	RESERVED
+CVE-2008-3611 (Login Window in Apple Mac OS X 10.4.11 does not clear the
current ...)
+	TODO: check
+CVE-2008-3610 (Race condition in Login Window in Apple Mac OS X 10.5 through
10.5.4, ...)
+	TODO: check
+CVE-2008-3609 (The kernel in Apple Mac OS X 10.5 through 10.5.4 does not
properly ...)
+	TODO: check
+CVE-2008-3608 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows
...)
+	TODO: check
 CVE-2008-3607 (The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier
allows ...)
 	NOT-FOR-US: NoticeWare Email Server NG
 CVE-2008-3606 (Heap-based buffer overflow in the IMAP service in Qbik WinGate
...)
@@ -1099,8 +1286,8 @@
 	NOT-FOR-US: EZ Store (com_ezstore) component for Joomla!
 CVE-2008-3585 (Multiple SQL injection vulnerabilities in PozScripts GreenCart
PHP ...)
 	NOT-FOR-US: PozScripts GreenCart PHP Shopping Cart
-CVE-2008-3584
-	RESERVED
+CVE-2008-3584 (NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not
...)
+	TODO: check
 CVE-2008-3583 (Buffer overflow in the HTML parser in IntelliTamper 2.07 allows
remote ...)
 	NOT-FOR-US: IntelliTamper 2.07
 CVE-2008-3582 (SQL injection vulnerability in login.php in Keld PHP-MySQL News
Script ...)
@@ -1215,8 +1402,7 @@
 	TODO: check
 CVE-2008-3530 (sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1
does not ...)
 	TODO: check
-CVE-2008-3529 [libxml long entity names]
-	RESERVED
+CVE-2008-3529 (Heap-based buffer overflow in the xmlParseAttValueComplex
function in ...)
 	- libxml2 <unfixed> (bug #498768)
 CVE-2008-3528
 	RESERVED
@@ -1771,8 +1957,8 @@
 	- linux-2.6.24 <unfixed>
 	- linux-2.6 <unfixed>
 	NOTE: d70b67c8bc72ee23b55381bd6a884f4796692f77        
-CVE-2008-3274
-	RESERVED
+CVE-2008-3274 (The default configuration of Red Hat Enterprise IPA 1.0.0 and
FreeIPA ...)
+	TODO: check
 CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP)
before ...)
 	NOT-FOR-US: JBoss
 CVE-2008-3272 (The snd_seq_oss_synth_make_info function in ...)
@@ -2541,8 +2727,8 @@
 CVE-2008-2933 (Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1,
interprets ''|'' ...)
 	{DSA-1615-1 DSA-1614-1}
 	- iceweasel 3.0.1-1 (low)
-CVE-2008-2932
-	RESERVED
+CVE-2008-2932 (Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows
remote ...)
+	TODO: check
 CVE-2008-2931 (The do_change_type function in fs/namespace.c in the Linux
kernel ...)
 	{DSA-1630-1}
 	- linux-2.6 2.6.22
@@ -3708,8 +3894,8 @@
 	RESERVED
 CVE-2008-2438
 	RESERVED
-CVE-2008-2437
-	RESERVED
+CVE-2008-2437 (Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro
...)
+	TODO: check
 CVE-2008-2436 (Multiple heap-based buffer overflows in the IppCreateServerRef
...)
 	TODO: check
 CVE-2008-2435
@@ -3955,14 +4141,14 @@
 	NOT-FOR-US: W1L3D4 Philboard
 CVE-2008-2333 (Cross-site scripting (XSS) vulnerability in ldap_test.cgi in
Barracuda ...)
 	NOT-FOR-US: Barracuda
-CVE-2008-2332
-	RESERVED
-CVE-2008-2331
-	RESERVED
-CVE-2008-2330
-	RESERVED
-CVE-2008-2329
-	RESERVED
+CVE-2008-2332 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows
...)
+	TODO: check
+CVE-2008-2331 (Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly
update ...)
+	TODO: check
+CVE-2008-2330 (slapconfig in Directory Services in Apple Mac OS X 10.5 through
10.5.4 ...)
+	TODO: check
+CVE-2008-2329 (Directory Services in Apple Mac OS X 10.5 through 10.5.4, when
Active ...)
+	TODO: check
 CVE-2008-2328
 	RESERVED
 CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode, (2)
LZWDecodeCompat, ...)
@@ -4000,8 +4186,8 @@
 	NOT-FOR-US: Mac OS X
 CVE-2008-2313 (Apple Mac OS X before 10.5 uses weak permissions for the User
Template ...)
 	NOT-FOR-US: Mac OS X
-CVE-2008-2312
-	RESERVED
+CVE-2008-2312 (Network Preferences in Apple Mac OS X 10.4.11 stores PPP
passwords in ...)
+	TODO: check
 CVE-2008-2311 (Launch Services in Apple Mac OS X before 10.5, when Open Safe
Files is ...)
 	NOT-FOR-US: Mac OS X
 CVE-2008-2310 (Format string vulnerability in c++filt in Apple Mac OS X 10.5
before ...)
@@ -4016,8 +4202,8 @@
 	NOTE: http://trac.webkit.org/changeset/34204
 CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret
the ...)
 	NOT-FOR-US: Windows issue
-CVE-2008-2305
-	RESERVED
+CVE-2008-2305 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple
Mac ...)
+	TODO: check
 CVE-2008-2304 (Buffer overflow in Apple Core Image Fun House 2.0 and earlier in
...)
 	NOT-FOR-US: Apple Core Image Fun House
 CVE-2008-2303 (Integer signedness error in Safari on Apple iPhone before 2.0
and iPod ...)
@@ -13202,7 +13388,7 @@
 	- php5 <unfixed> (unimportant)
 	NOTE: if the function is blacklisted but not its alias it is a configuration
 	NOTE: issue of the site not a vulnerability in php
-CVE-2007-5423 (Eval injection vulnerability in tiki-graph_formula.php in
TikiWiki ...)
+CVE-2007-5423 (tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers
to ...)
 	- tikiwiki <removed>
 CVE-2007-5422 (Unspecified vulnerability in &quot;Solaris
Auditing&quot; in the Basic Security ...)
 	NOT-FOR-US: Solaris Auditing
@@ -37149,7 +37335,7 @@
 	NOT-FOR-US: Cosmoshop
 CVE-2006-2474 (SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106
and ...)
 	NOT-FOR-US: Cosmoshop
-CVE-2006-2473 (Cross-site scripting (XSS) vulnerability in ow.asp in OpenWiki
0.78 ...)
+CVE-2006-2473 (** DISPUTED ** ...)
 	NOT-FOR-US: OpenWiki
 CVE-2006-2472 (Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0,
8.1 ...)
 	NOT-FOR-US: BEA
Secure testing commits - Sep 2008 - r9836 - data/CVE

[Secure-testing-commits] r9836 - data/CVE
