Author: nion Date: 2008-04-23 18:07:16 +0000 (Wed, 23 Apr 2008) New Revision: 8601 Modified: data/CVE/list Log: NFUs CVE-2008-1891 non-issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-04-23 17:46:16 UTC (rev 8600) +++ data/CVE/list 2008-04-23 18:07:16 UTC (rev 8601) @@ -5,29 +5,29 @@ NOTE: PMASA-2008-3, CVE id requested NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_9/phpMyAdmin/libraries/tbl_replace_fields.inc.php?r1=11211&r2=11210&pathrev=11211 CVE-2008-1914 (Stack-based buffer overflow in the AntServer module (AntServer.exe) in ...) - TODO: check + NOT-FOR-US: BigAnt Messenger CVE-2008-1913 (SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, ...) - TODO: check + NOT-FOR-US: Lasernet CMS CVE-2008-1912 (Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and ...) - TODO: check + NOT-FOR-US: DivX Player CVE-2008-1911 (SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 ...) - TODO: check + NOT-FOR-US: 1024 CMS CVE-2008-1910 (Stack-based buffer overflow in the database service (ibserver.exe) in ...) - TODO: check + NOT-FOR-US: Borland InterBase CVE-2008-1909 (SQL injection vulnerability in comment.php in PHP Knowledge Base ...) - TODO: check + NOT-FOR-US: PHPKB CVE-2008-1908 (Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow ...) - TODO: check + NOT-FOR-US: cpCommerce CVE-2008-1907 (Multiple SQL injection vulnerabilities in ...) - TODO: check + NOT-FOR-US: cpCommerce CVE-2008-1906 (Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce ...) - TODO: check + NOT-FOR-US: cpCommerce CVE-2008-1905 (NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in ...) - TODO: check + NOT-FOR-US: Nero MediaHome CVE-2008-1904 (Cicoandcico CcMail 1.0.1 and earlier does not verify that the ...) - TODO: check + NOT-FOR-US: CcMail CVE-2008-1903 (PHP remote file inclusion vulnerability in news_show.php in Newanz ...) - TODO: check + NOT-FOR-US: Newanz NewsOffice CVE-2008-1902 (The GUI for aptlinex before 0.91 does not sufficiently warn the user ...) - aptlinex 0.91-1 (low; bug #476572) NOTE: the user gets a confirmation dialog @@ -35,39 +35,42 @@ - aptlinex 0.91-1 (medium; bug #476588) NOTE: code execution via /tmp/gambas-apt-exec is also possible, maintainer confirmed this CVE-2008-1900 (option_Update.asp in Carbon Communities 2.4 and earlier allows remote ...) - TODO: check + NOT-FOR-US: Carbon Communities CVE-2008-1899 RESERVED CVE-2008-1898 (WkImgSrv.dll 7.03.0616 in Microsoft Works 7 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft Works CVE-2008-1897 RESERVED CVE-2008-1896 (Multiple cross-site scripting (XSS) vulnerabilities in Carbon ...) - TODO: check + NOT-FOR-US: Carbon Communities CVE-2008-1895 (Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and ...) - TODO: check + NOT-FOR-US: Carbon Communities CVE-2008-1894 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: BusinessObjects InfoView CVE-2008-1893 (PHP remote file inclusion vulnerability in index.php in W2B Online ...) - TODO: check + NOT-FOR-US: W2B Online Banking CVE-2008-1892 (Cross-site scripting (XSS) vulnerability in bs_auth.php in ...) - TODO: check + NOT-FOR-US: Blogator-script CVE-2008-1891 (Directory traversal vulnerability in WEBrick in Ruby 1.9.0 and ...) - TODO: check + - ruby1.8 <unfixed> (unimportant) + - ruby1.9 <unfixed> (unimportant) + NOTE: corner-case only exploitable if web application is run on windows fs + CVE-2008-1890 (SQL injection vulnerability in the Jom Comment 2.0 build 345 component ...) - TODO: check + NOT-FOR-US: Jom Comment for Joomla! CVE-2008-1889 (SQL injection vulnerability in viewcat.php in XplodPHP AutoTutorials ...) - TODO: check + NOT-FOR-US: XplodPHP AutoTutorials CVE-2008-1888 (Cross-site scripting (XSS) vulnerability in Microsoft Windows ...) - TODO: check + NOT-FOR-US: Windows CVE-2008-1886 (The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in ...) - TODO: check + NOT-FOR-US: CDNetworks Nefficient Download CVE-2008-1885 (Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX ...) - TODO: check + NOT-FOR-US: NeffyLauncher CVE-2008-1884 (Directory traversal vulnerability in index.php in Wikepage Opus 13 ...) - TODO: check + NOT-FOR-US: Wikepage CVE-2008-1883 (The server in Blackboard Academic Suite 7.x stores MD5 password hashes ...) - TODO: check + NOT-FOR-US: Blackboard Academic Suite CVE-2008-1882 RESERVED CVE-2008-1881 (Stack-based buffer overflow in the ParseSSA function ...)