Author: fw
Date: 2008-10-26 13:06:03 +0000 (Sun, 26 Oct 2008)
New Revision: 10162
Modified:
data/CVE/list
Log:
NFUs
CVE-2008-4723 looks bogus
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-10-26 12:15:26 UTC (rev 10161)
+++ data/CVE/list 2008-10-26 13:06:03 UTC (rev 10162)
@@ -19,19 +19,26 @@
CVE-2008-4730 (Cross-site scripting (XSS) vulnerability in MyID.php in phpMyID
0.9 ...)
TODO: check
CVE-2008-4729 (Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1
ActiveX ...)
- TODO: check
+ NOT-FOR-US: Hummingbird Xweb
CVE-2008-4728 (Multiple insecure method vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Hummingbird Deployment Wizard
CVE-2008-4727 (Cross-site scripting (XSS) vulnerability in the contact update
page ...)
- TODO: check
+ NOT-FOR-US: SunGard Banner Student
CVE-2008-4726 (Stack-based buffer overflow in the SFTP subsystem in GoodTech
SSH 6.4 ...)
- TODO: check
+ NOT-FOR-US: GoodTech SSH
CVE-2008-4725 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera
9.52 ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google
Chrome ...)
- TODO: check
+ {CVE-2008-4723}
+ TODO: check if Webkit is affected
CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla
Firefox ...)
+ {CVE-2008-4724}
TODO: check
+ NOTE: http://www.jorgan.users.cg.yu/ seems to be the original source
+ NOTE: Not enough details to tell if this is a real vulnerability.
+ NOTE: My guess is that file names containing <>& are incorrectly
+ NOTE: handled in FTP mode. Since the server might directly serve
+ NOTE: HTML files anyway, this seems a remote risk.
CVE-2008-4722 (Unspecified vulnerability in Sun Integrated Lights-Out Manager
(ILOM) ...)
TODO: check
CVE-2008-4721 (PHP Jabbers Post Comment 3.0 allows remote attackers to bypass
...)
@@ -81,15 +88,15 @@
CVE-2008-4699 (Insecure method vulnerability in the ActiveX control
(PAWWeb11.ocx) in ...)
TODO: check
CVE-2008-4698 (Opera before 9.61 does not properly block scripts during preview
of a ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2008-4697 (The Fast Forward feature in Opera before 9.61, when a page is
located ...)
TODO: check
CVE-2008-4696 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera
before ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2008-4695 (Opera before 9.60 allows remote attackers to obtain sensitive
...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2008-4694 (Unspecified vulnerability in Opera before 9.60 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2008-4693 (The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and
9.5 ...)
TODO: check
CVE-2008-4692 (The Native Managed Provider for .NET component in IBM DB2 8
before ...)
@@ -174,7 +181,7 @@
CVE-2008-4653 (SQL injection vulnerability in makale.php in Makale 0.26 and
possibly ...)
TODO: check
CVE-2008-4652 (Buffer overflow in the ActiveX control (DartFtp.dll) in Dart
...)
- TODO: check
+ NOT-FOR-US: Dart Communications PowerTCP FTP
CVE-2008-4651 (Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow
remote ...)
TODO: check
CVE-2008-4650 (SQL injection vulnerability in viewevent.php in myEvent 1.6
allows ...)