joeyh at alioth.debian.org
2008-Feb-19 09:14 UTC
[Secure-testing-commits] r8182 - data/CVE
Author: joeyh Date: 2008-02-19 09:14:23 +0000 (Tue, 19 Feb 2008) New Revision: 8182 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-02-19 09:09:18 UTC (rev 8181) +++ data/CVE/list 2008-02-19 09:14:23 UTC (rev 8182) @@ -1,3 +1,51 @@ +CVE-2008-0803 (Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan ...) + TODO: check +CVE-2008-0802 (SQL injection vulnerability in index.php in the com_mediaslide ...) + TODO: check +CVE-2008-0801 (Multiple SQL injection vulnerabilities in index.php in the ...) + TODO: check +CVE-2008-0800 (SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) ...) + TODO: check +CVE-2008-0799 (SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 ...) + TODO: check +CVE-2008-0798 (Multiple directory traversal vulnerabilities in artmedic webdesign ...) + TODO: check +CVE-2008-0797 (Directory traversal vulnerability in lib/download.php in iTheora 1.0 ...) + TODO: check +CVE-2008-0796 (SQL injection vulnerability in threads.php in Nuboard 0.5 allows ...) + TODO: check +CVE-2008-0795 (SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) ...) + TODO: check +CVE-2008-0794 (Directory traversal vulnerability in user/header.php in Affiliate ...) + TODO: check +CVE-2008-0793 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in ...) + TODO: check +CVE-2008-0792 (Multiple F-Secure anti-virus products, including Internet Security ...) + TODO: check +CVE-2008-0791 (ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote ...) + TODO: check +CVE-2008-0790 (Directory traversal vulnerability in ipdsserver.exe in Intermate ...) + TODO: check +CVE-2008-0789 (SQL injection vulnerability in countdown.php in LI-Scripts ...) + TODO: check +CVE-2008-0788 (Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB ...) + TODO: check +CVE-2008-0787 (SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before ...) + TODO: check +CVE-2008-0786 (CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 ...) + TODO: check +CVE-2008-0785 (Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b ...) + TODO: check +CVE-2008-0784 (graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows ...) + TODO: check +CVE-2008-0783 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 ...) + TODO: check +CVE-2008-0782 (Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows ...) + TODO: check +CVE-2008-0781 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check +CVE-2008-0780 (Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through ...) + TODO: check CVE-2008-XXXX [diatheke remote command execution] - sword 1.5.9-8 (high; bug #466449) NOTE: CVE ID requested @@ -14,12 +62,12 @@ CVE-2008-XXXX [missing access restriction to user contacts in turba] - turba2 2.1.7-1 (bug #464058) NOTE: CVE id pending -CVE-2008-0779 (The fortimon.sys device driver in Fortinet FortiClient 3.0 MR5 Patch 3 ...) +CVE-2008-0779 (The fortimon.sys device driver in Fortinet FortiClient Host Security ...) NOT-FOR-US: Fortinet FortiClient 3.0 CVE-2008-0778 (Multiple stack-based buffer overflows in an ActiveX control in ...) NOT-FOR-US: QuickTime -CVE-2008-0777 - RESERVED +CVE-2008-0777 (The sendfile system call in FreeBSD 5.5 through 7.0 does not check the ...) + TODO: check CVE-2008-0776 (SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows ...) NOT-FOR-US: iTechBids CVE-2008-0775 (Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple ...) @@ -303,8 +351,8 @@ RESERVED CVE-2008-0643 RESERVED -CVE-2008-0642 - RESERVED +CVE-2008-0642 (Cross-site scripting (XSS) vulnerability in files created by Adobe ...) + TODO: check CVE-2009-XXXX [htmlscrubber does not sanitise javascript in uris] - ikiwiki 2.31.1 (low; bug #465110) NOTE: CVE id pending @@ -536,18 +584,18 @@ RESERVED CVE-2008-0532 RESERVED -CVE-2008-0531 - RESERVED -CVE-2008-0530 - RESERVED -CVE-2008-0529 - RESERVED -CVE-2008-0528 - RESERVED -CVE-2008-0527 - RESERVED -CVE-2008-0526 - RESERVED +CVE-2008-0531 (Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, ...) + TODO: check +CVE-2008-0530 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...) + TODO: check +CVE-2008-0529 (Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, ...) + TODO: check +CVE-2008-0528 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...) + TODO: check +CVE-2008-0527 (The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP ...) + TODO: check +CVE-2008-0526 (Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP ...) + TODO: check CVE-2008-0525 (PatchLink Update client for Unix, as used by Novell ZENworks Patch ...) NOT-FOR-US: PatchLink Update client for Unix CVE-2008-0524 (Cross-site request forgery (CSRF) vulnerability in the management ...) @@ -1590,7 +1638,7 @@ RESERVED CVE-2008-0109 (Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office ...) NOT-FOR-US: Microsoft Office -CVE-2008-0108 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, ...) +CVE-2008-0108 (Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File ...) NOT-FOR-US: Microsoft Office CVE-2008-0107 RESERVED @@ -6299,7 +6347,7 @@ RESERVED CVE-2007-5202 RESERVED -CVE-2007-5201 (The FTP backend for Duplicity sends the password as a command line ...) +CVE-2007-5201 (The FTP backend for Duplicity before 0.4.9 sends the password as a ...) - duplicity 0.4.3-2 (low; bug #442840) [etch] - duplicity <not-affected> (Vulnerable code introduced in 0.4.3) [sarge] - duplicity <not-affected> (Vulnerable code introduced in 0.4.3) @@ -18689,7 +18737,7 @@ NOT-FOR-US: Microsoft CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 ...) NOT-FOR-US: Microsoft -CVE-2007-0216 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, ...) +CVE-2007-0216 (wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office ...) NOT-FOR-US: Microsoft Office CVE-2007-0215 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, ...) NOT-FOR-US: Microsoft Excel