thr3ads.net - Secure testing commits - [Secure-testing-commits] r10019

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Oct-07 09:14 UTC
[Secure-testing-commits] r10019 - data/CVE

Author: joeyh
Date: 2008-10-07 09:14:11 +0000 (Tue, 07 Oct 2008)
New Revision: 10019

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-10-07 08:04:03 UTC (rev 10018)
+++ data/CVE/list	2008-10-07 09:14:11 UTC (rev 10019)
@@ -1,3 +1,55 @@
+CVE-2008-4470 (Stack-based buffer overflow in Numark CUE 5.0 rev2 allows ...)
+	TODO: check
+CVE-2008-4469 (SQL injection vulnerability in view_cresume.php in Vastal I-Tech
...)
+	TODO: check
+CVE-2008-4468 (SQL injection vulnerability in view_news.php in Vastal I-Tech
Share ...)
+	TODO: check
+CVE-2008-4467 (SQL injection vulnerability in show_series_ink.php in Vastal
I-Tech ...)
+	TODO: check
+CVE-2008-4466 (SQL injection vulnerability in view_products_cat.php in Vastal
I-Tech ...)
+	TODO: check
+CVE-2008-4465 (SQL injection vulnerability in view_mags.php in Vastal I-Tech
DVD Zone ...)
+	TODO: check
+CVE-2008-4464 (SQL injection vulnerability in view_mags.php in Vastal I-Tech
Mag Zone ...)
+	TODO: check
+CVE-2008-4463 (SQL injection vulnerability in view_news.php in Vastal I-Tech
Jobs ...)
+	TODO: check
+CVE-2008-4462 (SQL injection vulnerability in view_news.php in Vastal I-Tech
Visa ...)
+	TODO: check
+CVE-2008-4461 (SQL injection vulnerability in advanced_search_results.php in
Vastal ...)
+	TODO: check
+CVE-2008-4460 (SQL injection vulnerability in game.php in Vastal I-Tech MMORPG
Zone ...)
+	TODO: check
+CVE-2008-4459 (SQL injection vulnerability in pick_users.php in the groups
module in ...)
+	TODO: check
+CVE-2008-4458 (SQL injection vulnerability in listings.php in E-Php B2B Trading
...)
+	TODO: check
+CVE-2008-4457 (SQL injection vulnerability in inc/inc_statistics.php in MemHT
Portal ...)
+	TODO: check
+CVE-2008-4456 (Cross-site scripting (XSS) vulnerability in the command-line
client in ...)
+	TODO: check
+CVE-2008-4455 (Directory traversal vulnerability in index.php in EKINdesigns
MySQL ...)
+	TODO: check
+CVE-2008-4454 (Directory traversal vulnerability in EKINdesigns MySQL Quick
Admin ...)
+	TODO: check
+CVE-2008-4453 (The GdPicture (1) Light Imaging Toolkit 4.7.1
GdPicture4S.Imaging ...)
+	TODO: check
+CVE-2008-4452 (Buffer overflow in Cambridge Computer Corporation vxFtpSrv 2.0.3
...)
+	TODO: check
+CVE-2008-4451 (The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0
in ESET ...)
+	TODO: check
+CVE-2008-4450 (Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP
for ...)
+	TODO: check
+CVE-2008-4449 (Stack-based buffer overflow in mIRC 6.34 allows remote attackers
to ...)
+	TODO: check
+CVE-2008-4448 (Cross-site request forgery (CSRF) vulnerability in actions.php
in ...)
+	TODO: check
+CVE-2008-4447 (Cross-site scripting (XSS) vulnerability in actions.php in
Positive ...)
+	TODO: check
+CVE-2008-4446 (Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31
SP1 ...)
+	TODO: check
+CVE-2008-4445 (The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the
Stream ...)
+	TODO: check
 CVE-2008-4444
 	RESERVED
 CVE-2008-4443
@@ -248,10 +300,12 @@
 CVE-2008-4361 (Directory traversal vulnerability in PowerPortal 2.0.13 allows
remote ...)
 	NOT-FOR-US: PowerPortal
 CVE-2008-4360 (mod_userdir in lighttpd before 1.4.20, when a case-insensitive
...)
+	{DSA-1645-1}
 	- lighttpd 1.4.19-5 (low)
 	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
 	NOTE: CVE id requested
 CVE-2008-4359 (lighttpd before 1.4.20 compares URIs to patterns in the (1) ...)
+	{DSA-1645-1}
 	- lighttpd 1.4.19-5 (low)
 	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
 CVE-2008-4358 (Unspecified vulnerability in class/theme.class.php in SPAW
Editor PHP ...)
@@ -369,7 +423,7 @@
 	RESERVED
 CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before
...)
 	- linux-2.6 2.6.22-4 (low)
-CVE-2008-4301 (A certain ActiveX control in iisext.dll in Microsoft Internet
...)
+CVE-2008-4301 (** DISPUTED ** ...)
 	NOT-FOR-US: Microsoft
 CVE-2008-4300 (A certain ActiveX control in adsiis.dll in Microsoft Internet
...)
 	NOT-FOR-US: Microsoft
@@ -413,10 +467,10 @@
 	RESERVED
 CVE-2008-4280
 	RESERVED
-CVE-2008-4279
-	RESERVED
-CVE-2008-4278
-	RESERVED
+CVE-2008-4279 (Unspecified vulnerability in the CPU hardware emulation for
64-bit ...)
+	TODO: check
+CVE-2008-4278 (VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows
...)
+	TODO: check
 CVE-2008-4277
 	RESERVED
 CVE-2008-4276
@@ -610,6 +664,7 @@
 	- wordpress <unfixed> (bug #500295; unimportant)
 	NOTE: bigger problems, if attacker has access to /etc/wordpress/*
 CVE-2008-4298 (Memory leak in the http_request_parse function in request.c in
...)
+	{DSA-1645-1}
 	- lighttpd 1.4.19-5 (medium)
 	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt
 CVE-2008-XXXX [unsafe usage of temp file]
@@ -814,7 +869,7 @@
 	TODO: check
 CVE-2008-4097 (MySQL 5.0.51a allows local users to bypass certain privilege
checks by ...)
 	TODO: check
-CVE-2008-4095 (Multiple unspecified vulnerabilities in Flip4Mac WMV before
2.2.1 have ...)
+CVE-2008-4095 (Multiple unspecified vulnerabilities in the Importer in Flip4Mac
WMV ...)
 	NOT-FOR-US: Flip4Mac WMV
 CVE-2008-4094 (Multiple SQL injection vulnerabilities in Ruby on Rails before
2.1.1 ...)
 	- rails 2.1.0-1 (medium; bug #500791)
@@ -1356,8 +1411,8 @@
 CVE-2008-3873 (The System.setClipboard method in Adobe Flash Player allows
remote ...)
 	NOT-FOR-US: Adobe Flash Player
 	NOTE: System.setClipboard is not implemented (yet?) in gnash 0.8.3 and
swfdec0.6 0.6.8
-CVE-2008-3872
-	RESERVED
+CVE-2008-3872 (Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to
9.0.115.0, ...)
+	TODO: check
 CVE-2008-3871
 	RESERVED
 CVE-2008-3870
@@ -1985,11 +2040,13 @@
 	- drupal5 <unfixed> (low; bug #501063)
 	- drupal6 <unfixed> (low; bug #501058)
 CVE-2008-3660 (PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6, when used as a
...)
+	{DSA-1647-1}
 	- php5 5.2.6-4 (medium)
 	- php4 <removed>
 	NOTE: *not* duplicate after all, needs review
 	NOTE:
http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.57&r2=1.267.2.15.2.58&view=patch
 CVE-2008-3659 (Buffer overflow in the memnstr function in PHP 4.4.x before
4.4.9 and ...)
+	{DSA-1647-1}
 	- php4 <removed>
 	- php5 5.2.6-4 (medium)
 	NOTE: php5 -d memory_limit=256M -r ''$res =
explode(str_repeat("A",145999999),1);''
@@ -1997,6 +2054,7 @@
 	NOTE: could not reproduce locally
 	NOTE: fix in pkg-php svn for both etch and sid
 CVE-2008-3658 (Buffer overflow in the imageloadfont function in ext/gd/gd.c in
PHP ...)
+	{DSA-1647-1}
 	- php4 <removed>
 	- php5 5.2.6-4 (medium)
 	NOTE: fix in pkg-php svn for both etch and sid
@@ -6693,6 +6751,7 @@
 CVE-2008-1613 (SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build
...)
 	NOT-FOR-US: RedDot CMS
 CVE-2008-1612 (The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17
allows ...)
+	{DSA-1646-1}
 	- squid 2.6.18-1 (medium)
 CVE-2008-1611 (Stack-based buffer overflow in TFTP Server SP 1.4 for Windows
allows ...)
 	NOT-FOR-US: TFTP Server for Windows
@@ -11587,7 +11646,7 @@
 CVE-2007-6240 (SQL injection vulnerability in active.asp in Snitz Forums 2000
3.4.06 ...)
 	NOT-FOR-US: Snitz Forums
 CVE-2007-6239 (The &quot;cache update reply processing&quot;
functionality in Squid 2.x before ...)
-	{DSA-1482-1}
+	{DSA-1646-1 DSA-1482-1}
 	- squid 2.6.17-1 (medium; bug #455910)
 CVE-2007-6238 (Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP
allows ...)
 	NOT-FOR-US: Apple QuickTime
Secure testing commits - Oct 2008 - r10019 - data/CVE

[Secure-testing-commits] r10019 - data/CVE
