thr3ads.net - Secure testing commits - [Secure-testing-commits] r10167

If this information is useful, please help other people find it:
Share via:
nion at alioth.debian.org
2008-Oct-26 20:17 UTC
[Secure-testing-commits] r10167 - data/CVE

Author: nion
Date: 2008-10-26 20:17:29 +0000 (Sun, 26 Oct 2008)
New Revision: 10167

Modified:
   data/CVE/list
Log:
NFUs
phpmyid has an itp (CVE-2008-4730)
two new mantis issues (CVE-2008-468{8,9})
new wireshark issues (CVE-2008-46[80-85])


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-10-26 14:00:48 UTC (rev 10166)
+++ data/CVE/list	2008-10-26 20:17:29 UTC (rev 10167)
@@ -1,23 +1,23 @@
 CVE-2008-4739 (Directory traversal vulnerability in index.php in PlugSpace 0.1,
when ...)
-	TODO: check
+	NOT-FOR-US: PlugSpace
 CVE-2008-4738 (SQL injection vulnerability in gallery.php in MyCard 1.0.2
allows ...)
-	TODO: check
+	NOT-FOR-US: MyCard
 CVE-2008-4737 (Cross-site scripting (XSS) vulnerability in wholite.cgi in
WhoDomLite ...)
-	TODO: check
+	NOT-FOR-US: WhoDomLite
 CVE-2008-4736 (SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2
and ...)
-	TODO: check
+	NOT-FOR-US: RPG.Board
 CVE-2008-4735 (PHP remote file inclusion vulnerability in header.php in Concord
...)
-	TODO: check
+	NOT-FOR-US: Concord software
 CVE-2008-4734 (Cross-site request forgery (CSRF) vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: WP Comment Remix plugin
 CVE-2008-4733 (Cross-site scripting (XSS) vulnerability in wpcommentremix.php
in WP ...)
-	TODO: check
+	NOT-FOR-US: WP Comment Remix plugin
 CVE-2008-4732 (SQL injection vulnerability in ajax_comments.php in the WP
Comment ...)
-	TODO: check
+	NOT-FOR-US: WP Comment Remix plugin
 CVE-2008-4731 (Multiple unspecified vulnerabilities in YaCy before 0.61 have
unknown ...)
 	- yacy <itp> (bug #452422)
 CVE-2008-4730 (Cross-site scripting (XSS) vulnerability in MyID.php in phpMyID
0.9 ...)
-	TODO: check
+	- phpmyid <itp> (bug #492325)
 CVE-2008-4729 (Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1
ActiveX ...)
 	NOT-FOR-US: Hummingbird Xweb
 CVE-2008-4728 (Multiple insecure method vulnerabilities in the ...)
@@ -42,55 +42,55 @@
 CVE-2008-4722 (Unspecified vulnerability in Sun Integrated Lights-Out Manager
(ILOM) ...)
 	NOT-FOR-US: Sun ILOM
 CVE-2008-4721 (PHP Jabbers Post Comment 3.0 allows remote attackers to bypass
...)
-	TODO: check
+	NOT-FOR-US: PHP Jabbers
 CVE-2008-4720 (Multiple PHP remote file inclusion vulnerabilities in The Gemini
...)
-	TODO: check
+	NOT-FOR-US: The Gemini Portal
 CVE-2008-4719 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: openEngine
 CVE-2008-4718 (Directory traversal vulnerability in help/mini.phpin X7 Chat
2.0.1 A1 ...)
-	TODO: check
+	NOT-FOR-US: X7 Chat
 CVE-2008-4717 (SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0
allows ...)
-	TODO: check
+	NOT-FOR-US: ZEELYRICS
 CVE-2008-4716 (SQL injection vulnerability in show.php in BitmixSoft PHP-Lance
1.52 ...)
-	TODO: check
+	NOT-FOR-US: PHP-Lance
 CVE-2008-4715 (SQL injection vulnerability in the Jpad (com_jpad) 1.0 component
for ...)
-	TODO: check
+	NOT-FOR-US: com_jpad for Joomla!
 CVE-2008-4714 (Atomic Photo Album 1.1.0 pre4 does not properly handle the ...)
-	TODO: check
+	NOT-FOR-US: Atomic Photo Album
 CVE-2008-4713 (SQL injection vulnerability in view.php in 212cafe Board 0.07
allows ...)
-	TODO: check
+	NOT-FOR-US: 212cafe Board
 CVE-2008-4712 (Directory traversal vulnerability in pages/showblog.php in
LnBlog ...)
-	TODO: check
+	NOT-FOR-US: LnBlog
 CVE-2008-4711 (SQL injection vulnerability in Joovili 3.0 and earlier, when
...)
-	TODO: check
+	NOT-FOR-US: Joovili
 CVE-2008-4710 (Cross-site scripting (XSS) vulnerability in the stock quotes
page in ...)
-	TODO: check
+	NOT-FOR-US: Stock module for Drupal
 CVE-2008-4709 (SQL injection vulnerability in news_read.php in Pilot Group (PG)
...)
-	TODO: check
+	NOT-FOR-US: PG eTraining
 CVE-2008-4708 (BbZL.PhP 0.92 allows remote attackers to bypass authentication
and ...)
-	TODO: check
+	NOT-FOR-US: BbZL.PhP
 CVE-2008-4707 (Directory traversal vulnerability in index.php in BbZL.PhP 0.92
allows ...)
-	TODO: check
+	NOT-FOR-US: BbZL.PhP
 CVE-2008-4706 (SQL injection vulnerability in VBGooglemap Hotspot Edition
1.0.3, a ...)
-	TODO: check
+	NOT-FOR-US: VBGooglemap Hotspot Edition
 CVE-2008-4705 (SQL injection vulnerability in success_story.php in php Online
Dating ...)
-	TODO: check
+	NOT-FOR-US: MyPHPDating
 CVE-2008-4704 (PHP remote file inclusion vulnerability in
SezHooTabsAndActions.php in ...)
-	TODO: check
+	NOT-FOR-US: SezHoo
 CVE-2008-4703 (SQL injection vulnerability in news.php in BosDev BosNews 4.0
allows ...)
-	TODO: check
+	NOT-FOR-US: BosDev BosNews
 CVE-2008-4702 (Multiple directory traversal vulnerabilities in PhpWebGallery
1.3.4 ...)
-	TODO: check
+	NOT-FOR-US: PhpWebGallery
 CVE-2008-4701 (SQL injection vulnerability in admin.php in Libera CMS 1.12,
when ...)
-	TODO: check
+	NOT-FOR-US: Libera CMS
 CVE-2008-4700 (SQL injection vulnerability in admin.php in Libera CMS 1.12 and
...)
-	TODO: check
+	NOT-FOR-US: Libera CMS
 CVE-2008-4699 (Insecure method vulnerability in the ActiveX control
(PAWWeb11.ocx) in ...)
-	TODO: check
+	NOT-FOR-US: Peachtree Accounting
 CVE-2008-4698 (Opera before 9.61 does not properly block scripts during preview
of a ...)
 	NOT-FOR-US: Opera
 CVE-2008-4697 (The Fast Forward feature in Opera before 9.61, when a page is
located ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2008-4696 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera
before ...)
 	NOT-FOR-US: Opera
 CVE-2008-4695 (Opera before 9.60 allows remote attackers to obtain sensitive
...)
@@ -104,23 +104,23 @@
 CVE-2008-4691 (Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function
in ...)
 	NOT-FOR-US: IBM DB2
 CVE-2008-4690 (lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and
lynx ...)
-	TODO: check
+	- lynx <not-affected> (advanced mode is not switched on in Debian
configurations and lynxcgi handlers are really unlikely)
 CVE-2008-4689 (Mantis before 1.1.3 does not unset the session cookie during
logout, ...)
-	TODO: check
+	- mantis <unfixed> (low; bug #503588)
 CVE-2008-4688 (core/string_api.php in Mantis before 1.1.3 does not check the
...)
-	TODO: check
+	- mantis <unfixed> (low; bug #503588)
 CVE-2008-4685 (Use-after-free vulnerability in the dissect_q931_cause_ie
function in ...)
-	TODO: check
+	- wireshark <unfixed> (low; bug #503589)
 CVE-2008-4684 (packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly
...)
-	TODO: check
+	- wireshark <unfixed> (low; bug #503589)
 CVE-2008-4683 (The dissect_btacl function in packet-bthci_acl.c in the
Bluetooth ACL ...)
-	TODO: check
+	- wireshark <unfixed> (low; bug #503589)
 CVE-2008-4682 (wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers
to ...)
-	TODO: check
+	- wireshark <unfixed> (low; bug #503589)
 CVE-2008-4681 (Unspecified vulnerability in the Bluetooth RFCOMM dissector in
...)
-	TODO: check
+	- wireshark <unfixed> (low; bug #503589)
 CVE-2008-4680 (packet-usb.c in the USB dissector in Wireshark 0.99.7 through
1.0.3 ...)
-	TODO: check
+	- wireshark <unfixed> (low; bug #503589)
 CVE-2008-4679 (The Web Services Security component in IBM WebSphere Application
...)
 	NOT-FOR-US: IBM Websphere
 CVE-2008-4678 (The HTTP_Request_Parser method in the HTTP Transport component
in IBM ...)
Secure testing commits - Oct 2008 - r10167 - data/CVE

[Secure-testing-commits] r10167 - data/CVE
