Author: nion Date: 2008-01-09 13:04:24 +0000 (Wed, 09 Jan 2008) New Revision: 7861 Modified: data/CVE/list Log: NFUs CVE-2008-0148, CVE-2008-0148 do not affect tutos2 CVE-2008-0101, CVE-2008-0100 fixed in whitedune 0.28.13-1, removing tmp cve entry CVE-2008-0145 unimportant because of Debian php security policy Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-01-09 11:46:37 UTC (rev 7860) +++ data/CVE/list 2008-01-09 13:04:24 UTC (rev 7861) @@ -1,65 +1,68 @@ CVE-2008-0159 (SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier ...) - TODO: check + NOT-FOR-US: eggBlog CVE-2008-0158 (Directory traversal vulnerability in index.php in Shop-Script 2.0 and ...) - TODO: check + NOT-FOR-US: Shop-Script CVE-2008-0157 (SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote ...) - TODO: check + NOT-FOR-US: FlexBB CVE-2008-0156 (Absolute path traversal vulnerability in index.php in Million Dollar ...) - TODO: check + NOT-FOR-US: Million Dollar Script CVE-2008-0155 (Cross-site scripting (XSS) vulnerability in index.php in EvilBoard ...) - TODO: check + NOT-FOR-US: EvilBoard CVE-2008-0154 (SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) ...) - TODO: check + NOT-FOR-US: EvilBoard CVE-2008-0153 (telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers ...) - TODO: check + NOT-FOR-US: Pragma TelnetServer CVE-2008-0152 (SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier ...) - TODO: check + NOT-FOR-US: SeattleLab SLNet RF Telnet Server CVE-2008-0151 (Foxit WAC Server 2.1.0.910 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: Foxit WAC Server CVE-2008-0150 (Unspecified vulnerability in the LDAP authentication feature in Aruba ...) - TODO: check + NOT-FOR-US: Aruba Mobility Controller CVE-2008-0149 (TUTOS 1.3 allows remote attackers to read system information via a ...) - TODO: check + - tutos <removed> + - tutos2 <not-affected> (vulnerable code not present) CVE-2008-0148 (TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows ...) - TODO: check + - tutos <removed> + - tutos2 <not-affected> (vulnerable code not present) CVE-2008-0147 (SQL injection vulnerability in index.php in SmallNuke 2.0.4 and ...) - TODO: check + NOT-FOR-US: SmallNuke CVE-2008-0146 (Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL ...) - TODO: check + NOT-FOR-US: W3-mSQL CVE-2008-0145 (Unspecified vulnerability in glob in PHP before 4.4.8, when ...) - TODO: check + - php4 <unfixed> (unimportant) + NOTE: open_basedir bypasses not supported CVE-2008-0144 (PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 ...) - TODO: check + NOT-FOR-US: NetRisk CVE-2008-0143 (PHP remote file inclusion vulnerability in common/db.php in samPHPweb, ...) - TODO: check + NOT-FOR-US: samPHPweb CVE-2008-0142 (Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow ...) - TODO: check + NOT-FOR-US: WebPortal CMS CVE-2008-0141 (actions.php in WebPortal CMS 0.6-beta generates predictable passwords ...) - TODO: check + NOT-FOR-US: WebPortal CMS CVE-2008-0140 (Directory traversal vulnerability in error.php in Uebimiau Webmail ...) - TODO: check + NOT-FOR-US: Uebimiau Webmail CVE-2008-0139 (Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog ...) - TODO: check + NOT-FOR-US: Loudblog CVE-2008-0138 (PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php ...) - TODO: check + NOT-FOR-US: XOOPS CVE-2008-0137 (PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS ...) - TODO: check + NOT-FOR-US: SNETWORKS CVE-2008-0136 (Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: Snitz Forums 2000 CVE-2008-0135 (Snitz Forums 2000 3.4.06 and earlier stores sensitive information ...) - TODO: check + NOT-FOR-US: Snitz Forums 2000 CVE-2008-0134 (Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz ...) - TODO: check + NOT-FOR-US: Snitz Forums 2000 CVE-2008-0133 (Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier ...) - TODO: check + NOT-FOR-US: Tribisur CVE-2008-0132 (Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long ...) - TODO: check + NOT-FOR-US: Pragma FortressSSH CVE-2008-0131 (Cross-site scripting (XSS) vulnerability in login_form.asp in Instant ...) - TODO: check + NOT-FOR-US: Instant Softwares Dating Site CVE-2008-0130 (SQL injection vulnerability in login_form.asp in Instant Softwares ...) - TODO: check + NOT-FOR-US: Instant Softwares Dating Site CVE-2008-0129 (SQL injection vulnerability in starnet/addons/slideshow_full.php in ...) - TODO: check + NOT-FOR-US: Site at School CVE-2008-0128 RESERVED CVE-2008-0127 @@ -115,17 +118,17 @@ CVE-2008-0102 RESERVED CVE-2008-0101 (Format string vulnerability in the swDebugf function in DuneApp.cpp in ...) - TODO: check + - whitedune 0.28.13-1 (medium) CVE-2008-0100 (Stack-based buffer overflow in the Scene::errorf function in Scene.cpp ...) - TODO: check + - whitedune 0.28.13-1 (medium) CVE-2008-0099 (Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier ...) - TODO: check + NOT-FOR-US: MyPHP Forum CVE-2008-0098 (Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote ...) - TODO: check + NOT-FOR-US: RealPlayer CVE-2008-0097 (Format string vulnerability in the log function in Georgia SoftWorks ...) - TODO: check + NOT-FOR-US: Georgia SoftWorks SSH2 Server CVE-2008-0096 (Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) ...) - TODO: check + NOT-FOR-US: Georgia SoftWorks SSH2 Server CVE-2008-0095 (The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, ...) TODO: check CVE-2008-0094 (Multiple directory traversal vulnerabilities in MODx Content ...) @@ -152,8 +155,6 @@ TODO: check CVE-2008-XXXX [splitvt fails to drop group utmp priviledges] - splitvt 1.6.6-4 -CVE-2008-XXXX [whitedune buffer overflow] - - whitedune 0.28.13-1 CVE-2008-XXXX [wordpress information leak] - wordpress 2.3.2-1 (bug #459305) CVE-2008-0092 (Cross-site scripting (XSS) vulnerability in index.php in the search ...)