thr3ads.net - Secure testing commits - [Secure-testing-commits] r8615

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Apr-25 21:14 UTC
[Secure-testing-commits] r8615 - data/CVE

Author: joeyh
Date: 2008-04-25 21:14:16 +0000 (Fri, 25 Apr 2008)
New Revision: 8615

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-04-25 19:42:08 UTC (rev 8614)
+++ data/CVE/list	2008-04-25 21:14:16 UTC (rev 8615)
@@ -1,12 +1,89 @@
+CVE-2008-1956 (Cross-site scripting (XSS) vulnerability in index.php in
Wikepage Opus ...)
+	TODO: check
+CVE-2008-1955 (Cross-site scripting (XSS) vulnerability in rep.php in Martin
BOUCHER ...)
+	TODO: check
+CVE-2008-1954 (SQL injection vulnerability in one_day.php in Web Calendar Pro
4.1 and ...)
+	TODO: check
+CVE-2008-1953 (Cross-site scripting (XSS) vulnerability in the Sitedesigner
before ...)
+	TODO: check
+CVE-2008-1952
+	RESERVED
+CVE-2008-1951
+	RESERVED
+CVE-2008-1950
+	RESERVED
+CVE-2008-1949
+	RESERVED
+CVE-2008-1948
+	RESERVED
+CVE-2008-1947
+	RESERVED
+CVE-2008-1946
+	RESERVED
+CVE-2008-1945
+	RESERVED
+CVE-2008-1944
+	RESERVED
+CVE-2008-1943
+	RESERVED
+CVE-2008-1942 (Foxit Reader 2.2 allows remote attackers to cause a denial of
service ...)
+	TODO: check
+CVE-2008-1941 (Cross-site scripting (XSS) vulnerability in the profile update
feature ...)
+	TODO: check
+CVE-2008-1940 (The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and
...)
+	TODO: check
+CVE-2008-1939 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0
allow ...)
+	TODO: check
+CVE-2008-1938 (Sony Mylo COM-2 Japanese model firmware before 1.002 does not
properly ...)
+	TODO: check
+CVE-2008-1937 (The user form processing (userform.py) in MoinMoin before 1.6.3,
when ...)
+	TODO: check
+CVE-2008-1936 (SQL injection vulnerability in index.php in Classifieds Caffe
allows ...)
+	TODO: check
+CVE-2008-1935 (SQL injection vulnerability in the Filiale 1.0.4 component for
Joomla! ...)
+	TODO: check
+CVE-2008-1934 (SQL injection vulnerability in commentaires.php in Crazy Goomba
1.2.1 ...)
+	TODO: check
+CVE-2008-1933 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
+	TODO: check
+CVE-2008-1932 (Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys
and ...)
+	TODO: check
+CVE-2008-1931 (Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys
before ...)
+	TODO: check
+CVE-2008-1929
+	RESERVED
+CVE-2008-1928 (Buffer overflow in Imager 0.42 through 0.63 allows attackers to
cause ...)
+	TODO: check
+CVE-2008-1926 (Argument injection vulnerability in login (login-utils/login.c)
in ...)
+	TODO: check
+CVE-2008-1923 (The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before
revision ...)
+	TODO: check
+CVE-2008-1922
+	RESERVED
+CVE-2008-1921 (SQL injection vulnerability in store_pages/category_list.php in
5th ...)
+	TODO: check
+CVE-2008-1920 (Heap-based buffer overflow in the boxelyRenderer module in the
...)
+	TODO: check
+CVE-2008-1919 (SQL injection vulnerability in listtest.php in YourFreeWorld
Apartment ...)
+	TODO: check
+CVE-2008-1918 (SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14
and ...)
+	TODO: check
+CVE-2008-1917 (Multiple cross-site scripting (XSS) vulnerabilities in AMFPHP
1.2 ...)
+	TODO: check
+CVE-2008-1916 (Multiple cross-site scripting (XSS) vulnerabilities in the
Ubercart ...)
+	TODO: check
+CVE-2008-1915 (SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0
allows ...)
+	TODO: check
 CVE-2008-1930 [wordpress integrity protection vulnerability]
+	RESERVED
 	- wordpress <unfixed> (medium; bug #477910)
 	NOTE: only exploitable in blogs that allow user registering
-CVE-2008-1927
+CVE-2008-1927 (Double free vulnerability in Perl 5.8.8 allows context-dependent
...)
 	{DSA-1556-1}
 	- perl <unfixed>
-CVE-2008-1925 [remote trigger buffer overflow]
+CVE-2008-1925 (Buffer overflow in InspIRCd before 1.1.18, when using the namesx
and ...)
 	- inspircd 1.1.18+dfsg-1 (low)
-CVE-2008-1924 [phpMyAdmin file disclosure]
+CVE-2008-1924 (Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when
running ...)
 	{DSA-1557-1}
 	- phpmyadmin 4:2.11.5.2-1
 	NOTE: PMASA-2008-3, CVE id requested
@@ -47,8 +124,8 @@
 	RESERVED
 CVE-2008-1898 (WkImgSrv.dll 7.03.0616 in Microsoft Works 7 allows remote
attackers to ...)
 	NOT-FOR-US: Microsoft Works
-CVE-2008-1897
-	RESERVED
+CVE-2008-1897 (The IAX2 channel driver (chan_iax2) in Asterisk Open Source
1.0.x, ...)
+	TODO: check
 CVE-2008-1896 (Multiple cross-site scripting (XSS) vulnerabilities in Carbon
...)
 	NOT-FOR-US: Carbon Communities
 CVE-2008-1895 (Multiple SQL injection vulnerabilities in Carbon Communities 2.4
and ...)
@@ -316,16 +393,16 @@
 	- mt-daapd 0.9~r1696-1.3 (medium; bug #476241)
 CVE-2008-1770
 	RESERVED
-CVE-2008-1769
-	RESERVED
-CVE-2008-1768
-	RESERVED
+CVE-2008-1769 (VLC before 0.8.6f allow remote attackers to cause a denial of
service ...)
+	TODO: check
+CVE-2008-1768 (Multiple integer overflows in VLC before 0.8.6f allow remote
attackers ...)
+	TODO: check
 CVE-2008-1767
 	RESERVED
 CVE-2008-1766 (Multiple unspecified vulnerabilities in phpBB before 3.0.1 have
...)
 	- phpbb2 <unfixed> (low)
-CVE-2008-1765
-	RESERVED
+CVE-2008-1765 (Buffer overflow in Adobe Photoshop Album Starter Edition 3.2,
and ...)
+	TODO: check
 CVE-2008-1764 (Unspecified vulnerability in Opera before 9.27 has unknown
impact and ...)
 	NOT-FOR-US: Opera
 CVE-2008-1763 (SQL injection vulnerability in
_blogadata/include/sond_result.php in ...)
@@ -1170,12 +1247,10 @@
 CVE-2008-1387 (ClamAV before 0.93 allows remote attackers to cause a denial of
...)
 	- clamav 0.92.1~dfsg2-1
 	[etch] - clamav <not-affected> (Vulnerable code not present)
-CVE-2008-1386 [serendipity xss]
-	RESERVED
+CVE-2008-1386 (Multiple cross-site scripting (XSS) vulnerabilities in the
installer ...)
 	- serendipity 1.3.1-1
 	NOTE: http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html
-CVE-2008-1385 [serendipity xss]
-	RESERVED
+CVE-2008-1385 (Cross-site scripting (XSS) vulnerability in the Top Referrers
(aka ...)
 	- serendipity 1.3.1-1
 	NOTE: http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html
 	NOTE: One of these two issues seems very theoretical, other one needs further
assessment
@@ -5405,8 +5480,8 @@
 	RESERVED
 CVE-2007-6256
 	RESERVED
-CVE-2007-6255
-	RESERVED
+CVE-2007-6255 (Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in
...)
+	TODO: check
 CVE-2007-6254 (Stack-based buffer overflow in the SAP Business Objects ...)
 	NOT-FOR-US: SAP
 CVE-2007-6253 (Multiple buffer overflows in Adobe Form Designer 5.0 and Form
Client ...)
@@ -38147,7 +38222,7 @@
 	- imagemagick 6:6.2.4.5-0.6 (bug #345238; medium)
 	NOTE: Exploitable through Gnus and Thunderbird.
 	- graphicsmagick 1.1.7-1
-CVE-2006-0053 (Unspecified vulnerability in Imager (libimager-perl) before
5.0-1 ...)
+CVE-2006-0053 (Imager (libimager-perl) before 0.50 allows user-assisted
attackers to ...)
 	{DSA-1028-1}
 	- libimager-perl 0.50-1 (bug #359661)
 CVE-2006-0052 (The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and
earlier, ...)
Secure testing commits - Apr 2008 - r8615 - data/CVE

[Secure-testing-commits] r8615 - data/CVE
