Author: nion Date: 2008-02-01 17:19:22 +0000 (Fri, 01 Feb 2008) New Revision: 8067 Modified: data/CVE/list Log: NFUs new issue: phpbb2 (CVE-2008-0471) firebird2.0 cveified Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-02-01 10:11:53 UTC (rev 8066) +++ data/CVE/list 2008-02-01 17:19:22 UTC (rev 8067) @@ -61,21 +61,21 @@ CVE-2008-0472 (Cross-site request forgery (CSRF) vulnerability in modcp.php in ...) NOT-FOR-US: Woltlab Burning Board CVE-2008-0471 (Cross-site request forgery (CSRF) vulnerability in privmsg.php in ...) - TODO: check + - phpbb2 <unfixed> (low; bug #463589) CVE-2008-0470 (A certain ActiveX control in Comodo AntiVirus 2.0 allows remote ...) - TODO: check + NOT-FOR-US: Comodo AntiVirus CVE-2008-0469 (SQL injection vulnerability in index.php in Tiger Php News System ...) - TODO: check + NOT-FOR-US: Tiger Php News System CVE-2008-0468 (SQL injection vulnerability in category.php in Flinx 1.3 and earlier ...) - TODO: check + NOT-FOR-US: Flinx CVE-2008-0467 (Buffer overflow in Firebird before 2.1.0 RC1 might allow remote ...) TODO: check CVE-2008-0466 (Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor ...) - TODO: check + NOT-FOR-US: Web Wiz Rich Text Editor CVE-2008-0465 (Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 ...) - TODO: check + NOT-FOR-US: Seagull CVE-2008-0464 (Directory traversal vulnerability in archiv.cgi in absofort aconon ...) - TODO: check + NOT-FOR-US: aconon Mail Enterprise SQL CVE-2008-0463 (Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before ...) TODO: check CVE-2008-0462 (Cross-site scripting (XSS) vulnerability in the Archive 5.x before ...) @@ -240,7 +240,10 @@ CVE-2008-0388 (SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress ...) NOT-FOR-US: WP-Forum plugin for WordPress CVE-2008-0387 (Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before ...) - TODO: check + - firebird2.0 2.0.3.12981.ds1-4 (bug #460048) + [lenny] - firebird2.0 2.0.3.12981.ds1-1+lenny1 + - firebird2 <removed> + NOTE: firebird2 in etch is vulnerable CVE-2008-0386 [arbitrary code execution in xdg-utils via crafted path name] RESERVED - xdg-utils <not-affected> (Ships a patch that modifies the vulnerable code and uses sed secure) @@ -311,11 +314,6 @@ NOT-FOR-US: IBM Lotus Sametime CVE-2008-0353 (SQL injection vulnerability in visualizza_tabelle.php in php-residence ...) NOT-FOR-US: php-residence -CVE-2008-XXXX [firebird DoS] - - firebird2.0 2.0.3.12981.ds1-4 (bug #460048) - [lenny] - firebird2.0 2.0.3.12981.ds1-1+lenny1 - - firebird2 <removed> - NOTE: firebird2 in etch is vulnerable CVE-2008-XXXX [apt-cacher arbitrary command execution] - apt-cacher 1.6.1 [etch] - apt-cacher <not-affected> (vulnerable code introduced in 1.6.0)