thijs at alioth.debian.org
2008-Feb-21 22:07 UTC
[Secure-testing-commits] r8196 - data/CVE
Author: thijs Date: 2008-02-21 22:07:56 +0000 (Thu, 21 Feb 2008) New Revision: 8196 Modified: data/CVE/list Log: several new issues, most already fixed in sid some NFU''s Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-02-21 21:26:17 UTC (rev 8195) +++ data/CVE/list 2008-02-21 22:07:56 UTC (rev 8196) @@ -1,51 +1,54 @@ CVE-2008-0803 (Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan ...) - TODO: check + NOT-FOR-US: LookStrike Lan Manager CVE-2008-0802 (SQL injection vulnerability in index.php in the com_mediaslide ...) - TODO: check + NOT-FOR-US: Joomla component CVE-2008-0801 (Multiple SQL injection vulnerabilities in index.php in the ...) - TODO: check + NOT-FOR-US: Joomla component CVE-2008-0800 (SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) ...) - TODO: check + NOT-FOR-US: Joomla component CVE-2008-0799 (SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 ...) - TODO: check + NOT-FOR-US: Joomla component CVE-2008-0798 (Multiple directory traversal vulnerabilities in artmedic webdesign ...) - TODO: check + NOT-FOR-US: artmedic webdesign CVE-2008-0797 (Directory traversal vulnerability in lib/download.php in iTheora 1.0 ...) - TODO: check + NOT-FOR-US: iTheora CVE-2008-0796 (SQL injection vulnerability in threads.php in Nuboard 0.5 allows ...) - TODO: check + NOT-FOR-US: Nuboard CVE-2008-0795 (SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) ...) - TODO: check + NOT-FOR-US: Joomla component CVE-2008-0794 (Directory traversal vulnerability in user/header.php in Affiliate ...) - TODO: check + NOT-FOR-US: Affiliate Market CVE-2008-0793 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in ...) - TODO: check + NOT-FOR-US: Tendenci CMS CVE-2008-0792 (Multiple F-Secure anti-virus products, including Internet Security ...) - TODO: check + NOT-FOR-US: F-Secure CVE-2008-0791 (ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote ...) - TODO: check + NOT-FOR-US: Intermate WinIPDS CVE-2008-0790 (Directory traversal vulnerability in ipdsserver.exe in Intermate ...) - TODO: check + NOT-FOR-US: Intermate WinIPDS CVE-2008-0789 (SQL injection vulnerability in countdown.php in LI-Scripts ...) - TODO: check + NOT-FOR-US: LI Countdown CVE-2008-0788 (Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB ...) - TODO: check + NOT-FOR-US: MyBB CVE-2008-0787 (SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before ...) - TODO: check + NOT-FOR-US: MyBB CVE-2008-0786 (CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 ...) - TODO: check + - cacti 0.8.7b-1 + [etch] - cacti <not-affected> (Not exploitable with Etch PHP version) + NOTE: this is prevented by PHP since 4.4.2/5.1.2. CVE-2008-0785 (Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b ...) - TODO: check + - cacti 0.8.7b-1 CVE-2008-0784 (graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows ...) - TODO: check + - cacti 0.8.7b-1 (unimportant) + NOTE: paths on Debian already known CVE-2008-0783 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 ...) - TODO: check + - cacti 0.8.7b-1 CVE-2008-0782 (Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows ...) - TODO: check + - moin 1.5.8-5.1 CVE-2008-0781 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + - moin 1.5.8-5.1 CVE-2008-0780 (Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through ...) - TODO: check + - moin 1.5.8-5.1 CVE-2008-XXXX [diatheke remote command execution] - sword 1.5.9-8 (high; bug #466449) NOTE: CVE ID requested @@ -64,7 +67,10 @@ CVE-2008-0778 (Multiple stack-based buffer overflows in an ActiveX control in ...) NOT-FOR-US: QuickTime CVE-2008-0777 (The sendfile system call in FreeBSD 5.5 through 7.0 does not check the ...) - TODO: check + - kfreebsd-5 <removed> + [etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported) + - kfreebsd-6 <unfixed> + - kfreebsd-7 <unfixed> CVE-2008-0776 (SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows ...) NOT-FOR-US: iTechBids CVE-2008-0775 (Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple ...) @@ -350,7 +356,7 @@ CVE-2008-0643 RESERVED CVE-2008-0642 (Cross-site scripting (XSS) vulnerability in files created by Adobe ...) - TODO: check + NOT-FOR-US: Adobe CVE-2008-0808 [XSS in the meta plugin in ikiwiki] - ikiwiki 2.31.1 (low; bug #465110) CVE-2008-0809 [XSS in the htmlscrubber in ikiwiki] @@ -584,17 +590,17 @@ CVE-2008-0532 RESERVED CVE-2008-0531 (Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, ...) - TODO: check + NOT-FOR-US: Cisco CVE-2008-0530 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...) - TODO: check + NOT-FOR-US: Cisco CVE-2008-0529 (Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, ...) - TODO: check + NOT-FOR-US: Cisco CVE-2008-0528 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...) - TODO: check + NOT-FOR-US: Cisco CVE-2008-0527 (The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP ...) - TODO: check + NOT-FOR-US: Cisco CVE-2008-0526 (Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP ...) - TODO: check + NOT-FOR-US: Cisco CVE-2008-0525 (PatchLink Update client for Unix, as used by Novell ZENworks Patch ...) NOT-FOR-US: PatchLink Update client for Unix CVE-2008-0524 (Cross-site request forgery (CSRF) vulnerability in the management ...) @@ -652,7 +658,7 @@ - openldap2.2 <removed> - openldap2 <not-affected> (slapd not built) CVE-2007-6696 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...) - TODO: check + - webcalendar <unfixed> CVE-2007-6695 (Cross-site scripting (XSS) vulnerability in index.php in Drake CMS ...) NOT-FOR-US: Drake CMS CVE-2008-0664 (The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, ...)