joeyh at alioth.debian.org
2008-Oct-21 21:14 UTC
[Secure-testing-commits] r10140 - data/CVE
Author: joeyh Date: 2008-10-21 21:14:10 +0000 (Tue, 21 Oct 2008) New Revision: 10140 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-10-21 11:35:20 UTC (rev 10139) +++ data/CVE/list 2008-10-21 21:14:10 UTC (rev 10140) @@ -1,3 +1,91 @@ +CVE-2008-4635 (Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 ...) + TODO: check +CVE-2008-4634 (Cross-site scripting (XSS) vulnerability in Movable Type 4 through ...) + TODO: check +CVE-2008-4633 (SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x ...) + TODO: check +CVE-2008-4632 (Multiple directory traversal vulnerabilities in index.php in Kure ...) + TODO: check +CVE-2008-4631 (Stack-based buffer overflow in the Message::AddToString function in ...) + TODO: check +CVE-2008-4630 (Multiple unspecified vulnerabilities in Midgard Components (MidCOM) ...) + TODO: check +CVE-2008-4629 (Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 ...) + TODO: check +CVE-2008-4628 (SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 ...) + TODO: check +CVE-2008-4627 (SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab ...) + TODO: check +CVE-2008-4626 (Directory traversal vulnerability in index.php in Fritz Berger yet ...) + TODO: check +CVE-2008-4625 (SQL injection vulnerability in stnl_iframe.php in the ShiftThis ...) + TODO: check +CVE-2008-4624 (PHP remote file inclusion vulnerability in init.php in Fast Click SQL ...) + TODO: check +CVE-2008-4623 (SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) ...) + TODO: check +CVE-2008-4622 (fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to ...) + TODO: check +CVE-2008-4621 (SQL injection vulnerability in bannerclick.php in ZeeScripts ...) + TODO: check +CVE-2008-4620 (SQL injection vulnerability in Meeting Room Booking System (MRBS) ...) + TODO: check +CVE-2008-4619 (The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a ...) + TODO: check +CVE-2008-4618 (The Stream Control Transmission Protocol (sctp) implementation in the ...) + TODO: check +CVE-2008-4617 (SQL injection vulnerability in the actualite module 1.0 for Joomla! ...) + TODO: check +CVE-2008-4616 (The SpamBam plugin for WordPress allows remote attackers to bypass ...) + TODO: check +CVE-2008-4615 (Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has ...) + TODO: check +CVE-2008-4614 (PortalApp 4.0 does not require authentication for (1) forums.asp and ...) + TODO: check +CVE-2008-4613 (SQL injection vulnerability in forums.asp in PortalApp 4.0 allows ...) + TODO: check +CVE-2008-4612 (Cross-site scripting (XSS) vulnerability in PortalApp 4.0 allows ...) + TODO: check +CVE-2008-4611 (SQL injection vulnerability in index.php in PHP Arsivimiz Php ...) + TODO: check +CVE-2008-4610 (MPlayer allows remote attackers to cause a denial of service ...) + TODO: check +CVE-2008-4609 (The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, ...) + TODO: check +CVE-2008-4608 + RESERVED +CVE-2008-4607 + RESERVED +CVE-2008-4606 (Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow ...) + TODO: check +CVE-2008-4605 (SQL injection vulnerability in CafeEngine allows remote attackers to ...) + TODO: check +CVE-2008-4604 (SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows ...) + TODO: check +CVE-2008-4603 (SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 ...) + TODO: check +CVE-2008-4602 (Directory traversal vulnerability in index.php in Post Affiliate Pro ...) + TODO: check +CVE-2008-4601 (Cross-site scripting (XSS) vulnerability in the login feature in ...) + TODO: check +CVE-2008-4600 (configure.php in PokerMax Poker League Tournament Script 0.13 allows ...) + TODO: check +CVE-2008-4599 (SQL injection vulnerability in category.php in Mosaic Commerce allows ...) + TODO: check +CVE-2008-4598 (Unspecified vulnerability in Shindig-Integrator 5.x, a module for ...) + TODO: check +CVE-2008-4597 (Shindig-Integrator 5.x, a module for Drupal, does not properly ...) + TODO: check +CVE-2008-4596 (Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a ...) + TODO: check +CVE-2008-4595 (Multiple unspecified vulnerabilities in Slaytanic Scripts Content Plus ...) + TODO: check +CVE-2008-4594 (Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N ...) + TODO: check +CVE-2008-4593 (Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled ...) + TODO: check +CVE-2007-6718 (MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of ...) + TODO: check CVE-2008-XXXX [vlc overflow in ty parsing] - vlc <not-affected> (bug #502726) NOTE: code in 0.8.6.i-2 does not have this flaw, experimental version (0.9.4 is vulnerable) @@ -210,8 +298,8 @@ NOT-FOR-US: Novell eDirectory CVE-2008-4478 (Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 ...) NOT-FOR-US: Novell eDirectory -CVE-2008-4473 - RESERVED +CVE-2008-4473 (Multiple heap-based buffer overflows in Adobe Flash CS3 Professional ...) + TODO: check CVE-2008-4502 (Multiple PHP remote file inclusion vulnerabilities in DataFeedFile ...) NOT-FOR-US: DataFeedFile PHP Framework API CVE-2008-4501 (Directory traversal vulnerability in the FTP server in Serv-U 7.3, and ...) @@ -378,8 +466,8 @@ RESERVED CVE-2008-4413 RESERVED -CVE-2008-4412 - RESERVED +CVE-2008-4412 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...) + TODO: check CVE-2008-4411 (Cross-site scripting (XSS) vulnerability in HP System Management ...) NOT-FOR-US: HP System Management Homepage CVE-2008-4410 (The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the ...) @@ -414,8 +502,8 @@ CVE-2008-XXXX [aegis: insecure temp files] - aegis <unfixed> (unimportant; bug #496402) NOTE: Only present in example scripts -CVE-2008-4401 - RESERVED +CVE-2008-4401 (ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not ...) + TODO: check CVE-2008-4400 (Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup ...) NOT-FOR-US: CA ARCserve Backup CVE-2008-4399 (Unspecified vulnerability in the database engine service in ...) @@ -1701,7 +1789,7 @@ NOT-FOR-US: Sun Solaris 8 CVE-2008-3874 (Cross-site scripting (XSS) vulnerability in account.php in Lussumo ...) NOT-FOR-US: Lussumo Vanilla -CVE-2008-3873 (The System.setClipboard method in Adobe Flash Player allows remote ...) +CVE-2008-3873 (The System.setClipboard method in ActionScript in Adobe Flash Player ...) NOT-FOR-US: Adobe Flash Player NOTE: System.setClipboard is not implemented (yet?) in gnash 0.8.3 and swfdec0.6 0.6.8 CVE-2008-3872 (Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, ...) @@ -1830,8 +1918,7 @@ CVE-2008-3832 (A certain Fedora patch for the utrace subsystem in the Linux kernel ...) - linux-2.6 <not-affected> (Fedora-specific patch) - linux-2.6.24 <not-affected> (Fedora-specific patch) -CVE-2008-3831 [kernel drm issue] - RESERVED +CVE-2008-3831 (The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel ...) {DSA-1655-1} - linux-2.6 2.6.26-9 CVE-2008-3830 (Condor before 7.0.5 does not properly handle when the configuration ...) @@ -7204,8 +7291,8 @@ NOT-FOR-US: Eagle Software Aries Student Information System CVE-2008-1548 (Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser ...) NOT-FOR-US: Eagle Software Aries Student Information System -CVE-2008-1547 - RESERVED +CVE-2008-1547 (Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft ...) + TODO: check CVE-2008-1546 (servlet/MIMEReceiveServlet in the web controller for Mitsubishi ...) NOT-FOR-US: Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems CVE-2008-1545 (The setRequestHeader method of the XMLHttpRequest object in Microsoft ...) @@ -9287,7 +9374,7 @@ NOT-FOR-US: iTechClassifieds CVE-2008-0684 (Cross-site scripting (XSS) vulnerability in ViewCat.php in ...) NOT-FOR-US: iTechClassifieds -CVE-2008-0683 (SQL injection vulnerability in shiftthis-preview.php in the ...) +CVE-2008-0683 (SQL injection vulnerability in shiftthis-preview.php in the ShiftThis ...) NOT-FOR-US: st_newsletter plugin for WordPress CVE-2008-0682 (SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin ...) NOT-FOR-US: Wordspew plugin for Wordpress