Author: nion Date: 2008-01-16 12:43:25 +0000 (Wed, 16 Jan 2008) New Revision: 7939 Modified: data/CVE/list Log: NFUs new issue: ngircd CVE-2008-027[2-4] fixed in drupal5 5.6-1 Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-01-16 12:21:03 UTC (rev 7938) +++ data/CVE/list 2008-01-16 12:43:25 UTC (rev 7939) @@ -1,61 +1,62 @@ CVE-2008-0290 (Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and ...) - TODO: check + NOT-FOR-US: Digital Hive CVE-2008-0289 (PHP remote file inclusion vulnerability in view_func.php in Member ...) - TODO: check + NOT-FOR-US: Member Area System CVE-2008-0288 (Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow ...) - TODO: check + NOT-FOR-US: ImageAlbum CVE-2008-0287 (PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 and ...) - TODO: check + NOT-FOR-US: VisionBurst vcart CVE-2008-0286 (SQL injection vulnerability in admin/login.php in Article Dashboard ...) - TODO: check + NOT-FOR-US: Article Dashboard CVE-2008-0285 (ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows ...) - TODO: check + - ngircd <unfixed> (bug #461067; medium) CVE-2008-0284 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...) - TODO: check + NOT-FOR-US: Simple Machines Forum CVE-2008-0283 (PHP remote file inclusion vulnerability in /aides/index.php in DomPHP ...) - TODO: check + NOT-FOR-US: DomPHP CVE-2008-0282 (SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 ...) - TODO: check + NOT-FOR-US: DomPHP CVE-2008-0281 (SQL injection vulnerability in liste.php in ID-Commerce 2.0 and ...) - TODO: check + NOT-FOR-US: ID-Commerce CVE-2008-0280 (SQL injection vulnerability in index.php in MTCMS 2.0 and possibly ...) - TODO: check + NOT-FOR-US: MTCMS CVE-2008-0279 (SQL injection vulnerability in liretopic.php in Xforum 1.4 and ...) - TODO: check + NOT-FOR-US: Xforum CVE-2008-0278 (SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly ...) - TODO: check + NOT-FOR-US: X7 Chat CVE-2008-0277 (Unspecified vulnerability in the Fileshare module for Drupal allows ...) - TODO: check + NOT-FOR-US: Fileshare module for Drupal CVE-2008-0276 (Cross-site scripting (XSS) vulnerability in the Devel module before ...) - TODO: check + NOT-FOR-US: Devel module for Drupal CVE-2008-0275 (The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal ...) - TODO: check + NOT-FOR-US: Atom module for Drupal CVE-2008-0274 (Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when ...) - TODO: check + - drupal5 5.6-1 (unimportant) + NOTE: needs register_globals on CVE-2008-0273 (Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before ...) - TODO: check + - drupal5 5.6-1 (low) CVE-2008-0272 (Cross-site request forgery (CSRF) vulnerability in the aggregator ...) - TODO: check + - drupal5 5.6-1 (low) CVE-2008-0271 (The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x ...) - TODO: check + NOT-FOR-US: BUEditor CVE-2008-0270 (SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and ...) - TODO: check + NOT-FOR-US: TaskFreak! CVE-2008-0269 (Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2008-0268 (Cross-site scripting (XSS) vulnerability in view.php in eTicket ...) - TODO: check + NOT-FOR-US: eTicket CVE-2008-0267 (Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote ...) - TODO: check + NOT-FOR-US: eTicket CVE-2008-0266 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...) - TODO: check + NOT-FOR-US: eTicket CVE-2008-0265 (Multiple cross-site scripting (XSS) vulnerabilities in the Search ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2008-0264 (Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 ...) - TODO: check + NOT-FOR-US: Meta Tags module for Drupal CVE-2008-0263 (The SIP module in Ingate Firewall before 4.6.1 and SIParator before ...) - TODO: check + NOT-FOR-US: Ingate Firewall CVE-2008-0262 (SQL injection vulnerability in includes/articleblock.php in Agares ...) - TODO: check + NOT-FOR-US: Agares PhpAutoVideo CVE-2008-0261 (Unspecified vulnerability in the search component and module in Mambo ...) TODO: check CVE-2008-0260 (minimal Gallery 0.8 allows remote attackers to obtain configuration ...) @@ -1998,7 +1999,7 @@ - linux-2.6 2.6.23-2 NOTE: kernel-sec is aware of this CVE-2007-6062 (irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause ...) - - ngircd 0.10.3-1 (medium; bug #451875) + - ngircd 0.10.3-1 (bug #451875) [etch] - ngircd <no-dsa> (Minor issue) CVE-2007-6061 (Audacity 1.3.2 creates a temporary directory with a predictable name ...) - audacity <unfixed> (bug #453283; low)