thr3ads.net - Secure testing commits - [Secure-testing-commits] r8663

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-May-01 21:14 UTC
[Secure-testing-commits] r8663 - data/CVE

Author: joeyh
Date: 2008-05-01 21:14:15 +0000 (Thu, 01 May 2008)
New Revision: 8663

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-05-01 21:08:33 UTC (rev 8662)
+++ data/CVE/list	2008-05-01 21:14:15 UTC (rev 8663)
@@ -1,3 +1,169 @@
+CVE-2008-2042
+	RESERVED
+CVE-2008-2039
+	RESERVED
+CVE-2008-2038 (Multiple SQL injection vulnerabilities in admin/adminindex.php
in ...)
+	TODO: check
+CVE-2008-2037 (Multiple cross-site scripting (XSS) vulnerabilities in
EditeurScripts ...)
+	TODO: check
+CVE-2008-2036 (SQL injection vulnerability in index.php in dream4 Koobi Pro
6.25 ...)
+	TODO: check
+CVE-2008-2035 (Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc.
(1) ...)
+	TODO: check
+CVE-2008-2034 (SQL injection vulnerability in wp-download_monitor/download.php
in the ...)
+	TODO: check
+CVE-2008-2033 (Multiple unspecified vulnerabilities in ZoneMinder before 1.23.3
allow ...)
+	TODO: check
+CVE-2008-2032 (The FTP service in Acritum Femitter Server 1.03 allows remote
...)
+	TODO: check
+CVE-2008-2031 (VicFTPS 5.0 allows remote attackers to cause a denial of service
...)
+	TODO: check
+CVE-2008-2030 (Cross-site scripting (XSS) vulnerability in installControl.php3
in F5 ...)
+	TODO: check
+CVE-2008-2029 (Multiple SQL injection vulnerabilities in (1) setup_mysql.php
and (2) ...)
+	TODO: check
+CVE-2008-2028 (miniBB 2.2, and possibly earlier, when register_globals is
enabled, ...)
+	TODO: check
+CVE-2008-2027 (Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA
...)
+	TODO: check
+CVE-2008-2026 (Cross-site scripting (XSS) vulnerability in
WebID/IISWebAgentIF.dll in ...)
+	TODO: check
+CVE-2008-2025
+	RESERVED
+CVE-2008-2024 (Cross-site scripting (XSS) vulnerability in index.php in miniBB
2.2, ...)
+	TODO: check
+CVE-2008-2023 (Multiple SQL injection vulnerabilities in PD9 Software MegaBBS
2.2 ...)
+	TODO: check
+CVE-2008-2022 (Mulatiple cross-site scripting (XSS) vulnerabilities in PD9
Software ...)
+	TODO: check
+CVE-2008-2021 (Heap-based buffer overflow in Lhaplus before 1.57 allows remote
...)
+	TODO: check
+CVE-2008-2020 (The CAPTCHA implementation as used in (1) Francisco Burzi
PHP-Nuke 7.0 ...)
+	TODO: check
+CVE-2008-2019 (Simple Machines Forum (SMF), probably 1.1.4, relies on
&quot;randomly ...)
+	TODO: check
+CVE-2008-2018 (The AssignUser function in template.class.php in PHPizabi 0.848b
C1 ...)
+	TODO: check
+CVE-2008-2017 (Directory traversal vulnerability in Chilek Content Management
System ...)
+	TODO: check
+CVE-2008-2016 (PHP remote file inclusion vulnerability in Chilek Content
Management ...)
+	TODO: check
+CVE-2008-2015 (Multiple absolute path traversal vulnerabilities in certain
ActiveX ...)
+	TODO: check
+CVE-2008-2014 (Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a
denial ...)
+	TODO: check
+CVE-2008-2013 (SQL injection vulnerability in index.php in the pnFlashGames 1.5
...)
+	TODO: check
+CVE-2008-2012 (SQL injection vulnerability in index.php in the PostSchedule 1.0
...)
+	TODO: check
+CVE-2008-2011 (Cross-site scripting (XSS) vulnerability in the National Rail
...)
+	TODO: check
+CVE-2008-2010 (Unspecified vulnerability in Apple QuickTime Player on Windows
XP SP2 ...)
+	TODO: check
+CVE-2008-2009
+	RESERVED
+CVE-2008-2008 (Buffer overflow in the Display Names message feature in Cerulean
...)
+	TODO: check
+CVE-2008-2007
+	RESERVED
+CVE-2008-2006
+	RESERVED
+CVE-2008-2005
+	RESERVED
+CVE-2008-2004
+	RESERVED
+CVE-2008-2003 (BadBlue 2.72 Personal Edition stores multiple programs in the
web ...)
+	TODO: check
+CVE-2008-2002 (Multiple cross-site request forgery (CSRF) vulnerabilities on
Motorola ...)
+	TODO: check
+CVE-2008-2001 (Apple Safari 3.1.1 allows remote attackers to cause a denial of
...)
+	TODO: check
+CVE-2008-2000 (Unspecified vulnerability in Apple Safari 3.1.1 allows remote
...)
+	TODO: check
+CVE-2008-1999 (Apple Safari 3.1.1 allows remote attackers to spoof the address
bar by ...)
+	TODO: check
+CVE-2008-1998 (The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before
FP16, ...)
+	TODO: check
+CVE-2008-1997 (Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM
DB2 8 ...)
+	TODO: check
+CVE-2008-1996 (licq before 1.3.6 allows remote attackers to cause a denial of
service ...)
+	TODO: check
+CVE-2008-1995 (Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2
classifies a ...)
+	TODO: check
+CVE-2008-1994 (Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c,
and ...)
+	TODO: check
+CVE-2008-1993 (Acidcat CMS 3.4.1 does not restrict access to the FCKEditor
component, ...)
+	TODO: check
+CVE-2008-1992 (Acidcat CMS 3.4.1 does not properly restrict access to (1) ...)
+	TODO: check
+CVE-2008-1991 (Cross-site scripting (XSS) vulnerability in
admin_colors_swatch.asp in ...)
+	TODO: check
+CVE-2008-1990 (Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1
allow ...)
+	TODO: check
+CVE-2008-1989 (PHP remote file inclusion vulnerability in 123flashchat.php in
the 123 ...)
+	TODO: check
+CVE-2008-1988 (Unrestricted file upload vulnerability in the file_upload
function in ...)
+	TODO: check
+CVE-2008-1987 (Cross-site scripting (XSS) vulnerability in search.php in ...)
+	TODO: check
+CVE-2008-1986 (Cross-site scripting (XSS) vulnerability in liste_article.php in
Blog ...)
+	TODO: check
+CVE-2008-1985 (Cross-site scripting (XSS) vulnerability in base.php in
DigitalHive ...)
+	TODO: check
+CVE-2008-1984 (The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA
Secure ...)
+	TODO: check
+CVE-2008-1983 (Cross-site scripting (XSS) vulnerability in Advanced Electron
Forum ...)
+	TODO: check
+CVE-2008-1982 (SQL injection vulnerability in ss_load.php in the Spreadsheet
(wpSS) ...)
+	TODO: check
+CVE-2008-1981 (Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x
...)
+	TODO: check
+CVE-2008-1980 (Cross-site scripting (XSS) vulnerability in E-Publish 5.x before
...)
+	TODO: check
+CVE-2008-1979 (The Discovery Service (casdscvc) in CA ARCserve Backup
12.0.5454.0 and ...)
+	TODO: check
+CVE-2008-1978 (Cross-site scripting (XSS) vulnerability in the Ubercart 5.x
before ...)
+	TODO: check
+CVE-2008-1977 (Cross-site request forgery (CSRF) vulnerability in the ...)
+	TODO: check
+CVE-2008-1976 (Multiple cross-site scripting (XSS) vulnerabilities in the
Drupal ...)
+	TODO: check
+CVE-2008-1975 (SQL injection vulnerability in index.php in E-RESERV 2.1 allows
remote ...)
+	TODO: check
+CVE-2008-1973 (Heap-based buffer overflow in SubEdit Player build 4056 and 4066
...)
+	TODO: check
+CVE-2008-1972 (Multiple cross-site scripting (XSS) vulnerabilities in the user
...)
+	TODO: check
+CVE-2008-1971 (phShoutBox Final 1.5 and earlier only checks passwords when
specified ...)
+	TODO: check
+CVE-2008-1970 (muCommander before 0.8.2 stores credentials.xml with insecure
...)
+	TODO: check
+CVE-2008-1969 (Multiple cross-site scripting (XSS) vulnerabilities in Cezanne
6.5.1 ...)
+	TODO: check
+CVE-2008-1968 (Multiple SQL injection vulnerabilities in Cezanne 7 allow remote
...)
+	TODO: check
+CVE-2008-1967 (Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp
in ...)
+	TODO: check
+CVE-2008-1966 (IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on
Windows ...)
+	TODO: check
+CVE-2008-1965 (Argument injection vulnerability in the cai: URI handler in ...)
+	TODO: check
+CVE-2008-1964 (** DISPUTED ** ...)
+	TODO: check
+CVE-2008-1963 (PHP remote file inclusion vulnerability in
includes/functions.php in ...)
+	TODO: check
+CVE-2008-1962 (Multiple directory traversal vulnerabilities in Aterr 0.9.1
allow ...)
+	TODO: check
+CVE-2008-1961 (SQL injection vulnerability in index.php in Voice Of Web
AllMyGuests ...)
+	TODO: check
+CVE-2008-1960 (Cross-site scripting (XSS) vulnerability in
cgi-bin/contray/search.cgi ...)
+	TODO: check
+CVE-2008-1959 (Stack-based buffer overflow in the get_remote_video_port_media
...)
+	TODO: check
+CVE-2008-1958 (Unrestricted file upload vulnerability in the ajout_cat mode in
...)
+	TODO: check
+CVE-2008-1957 (SQL injection vulnerability in news.php in Tr Script News 2.1
allows ...)
+	TODO: check
 CVE-2008-XXXX [privilege escalation in wordpress]
 	- wordpress 2.2.3-1
 	NOTE: CVE id requested
@@ -3,10 +169,10 @@
 	NOTE: http://trac.wordpress.org/ticket/4748
 	NOTE: fixed in DSA-1564-1
-CVE-2008-2040 [peercast buffer overflow in HTTP::getAuthUserPass]
+CVE-2008-2040 (Stack-based buffer overflow in the HTTP::getAuthUserPass
function ...)
 	- peercast <unfixed> (medium; bug #478573)
 	- gnome-peercast <removed>
 	NOTE: CVE id requested
 	NOTE: etch version tested with PoC, affected
-CVE-2008-1974 [XSS in addevent.php]
+CVE-2008-1974 (Cross-site scripting (XSS) vulnerability in addevent.php in
Horde ...)
 	{DSA-1560-1}
 	- kronolith2 2.1.8-1
@@ -90,8 +256,7 @@
 	TODO: check
 CVE-2008-1915 (SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0
allows ...)
 	TODO: check
-CVE-2008-1930 [wordpress integrity protection vulnerability]
-	RESERVED
+CVE-2008-1930 (The cookie authentication method in WordPress 2.5 relies on a
hash of ...)
 	- wordpress 2.5.1-1 (medium; bug #477910)
 	NOTE: only exploitable in blogs that allow user registering
 	[etch] - wordpress <not-affected> (Vulnerable code was introduced in
2.5)
@@ -142,6 +307,7 @@
 CVE-2008-1898 (WkImgSrv.dll 7.03.0616 in Microsoft Works 7 allows remote
attackers to ...)
 	NOT-FOR-US: Microsoft Works
 CVE-2008-1897 (The IAX2 channel driver (chan_iax2) in Asterisk Open Source
1.0.x, ...)
+	{DSA-1563-1}
 	- asterisk 1:1.4.19.1~dfsg-1 (medium)
 CVE-2008-1896 (Multiple cross-site scripting (XSS) vulnerabilities in Carbon
...)
 	NOT-FOR-US: Carbon Communities
@@ -184,7 +350,7 @@
 	- iceweasel <unfixed> (unimportant)
 	NOTE: browser dos not treated as security issues
 	NOTE: cant reproduce on 2.0.0.12-1 and 2.0.0.14-2, already fixed?
-CVE-2008-2041 [unspecified egroupware issue]
+CVE-2008-2041 (Multiple unspecified vulnerabilities in eGroupWare before
1.4.004 have ...)
 	- egroupware <unfixed> (bug #476977)
 	TODO: request CVE id
 CVE-2008-1876 (PHP remote file inclusion vulnerability in index.php in
VisualPic ...)
@@ -476,14 +642,14 @@
 	RESERVED
 CVE-2008-1739
 	RESERVED
-CVE-2008-1738
-	RESERVED
-CVE-2008-1737
-	RESERVED
-CVE-2008-1736
-	RESERVED
-CVE-2008-1735
-	RESERVED
+CVE-2008-1738 (Rising Antivirus 2008 before 20.38.20 allows local users to
cause a ...)
+	TODO: check
+CVE-2008-1737 (Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime
...)
+	TODO: check
+CVE-2008-1736 (Comodo Firewall Pro before 3.0 does not properly validate
certain ...)
+	TODO: check
+CVE-2008-1735 (BitDefender Antivirus 2008 20080118 and earlier allows local
users to ...)
+	TODO: check
 CVE-2008-1734 (Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo
Linux ...)
 	NOT-FOR-US: PHP Toolkit (Gentoo specific)
 CVE-2008-1733 (SQL injection vulnerability in puarcade.class.php 2.2 and
earlier in ...)
@@ -640,12 +806,10 @@
 	RESERVED
 CVE-2008-1672
 	RESERVED
-CVE-2008-1671 [start_kdeinit multiple vulnerabilities]
-	RESERVED
+CVE-2008-1671 (start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid
root, ...)
 	- kdelibs 4:3.5.9.dfsg.1-4 (low; bug #478024)
 	NOTE: unimportant, opinions?
-CVE-2008-1670
-	RESERVED
+CVE-2008-1670 (Heap-based buffer overflow in the progressive PNG Image loader
...)
 	- kdelibs <not-affected> (Vulnerable code introduce in kde 4.0)
 	- kde4libs 4:4.0.72-1 (bug #478283)
 CVE-2008-1669
@@ -1292,7 +1456,7 @@
 CVE-2008-1381
 	RESERVED
 CVE-2008-1380 (The JavaScript engine in Mozilla Firefox before 2.0.0.14,
Thunderbird ...)
-	{DSA-1558-1 DSA-1555-1}
+	{DSA-1562-1 DSA-1558-1 DSA-1555-1}
 	- iceweasel 2.0.0.14-1
 	- icedove <unfixed>
 	- iceape 1.1.9-2
@@ -1912,8 +2076,7 @@
 	[sarge] - dovecot <not-affected> (Vulnerable code not present)
 	NOTE: exploitable through code introduced in 1.0.11
 	NOTE: http://www.dovecot.org/list/dovecot-news/2008-March/000064.html
-CVE-2008-1293 [ldm information disclosure]
-	RESERVED
+CVE-2008-1293 (ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 pass the
-ac ...)
 	{DSA-1561-1 DTSA-118-1}
 	- ldm 2:0.1~bzr20080308-1 (bug #469462)
 	- ltsp 5.0.40~bzr20071229-1
@@ -1987,8 +2150,8 @@
 	RESERVED
 CVE-2008-1104
 	RESERVED
-CVE-2008-1103
-	RESERVED
+CVE-2008-1103 (Multiple unspecified vulnerabilities in Blender have unknown
impact ...)
+	TODO: check
 CVE-2008-1102 (Stack-based buffer overflow in the imb_loadhdr function in
Blender ...)
 	- blender 2.45-5 (medium; bug #477808)
 CVE-2008-1101 (Buffer overflow in kvdocve.dll in the KeyView document viewing
engine ...)
@@ -2840,8 +3003,8 @@
 	NOT-FOR-US: Mihalism Multi Host
 CVE-2008-0713
 	RESERVED
-CVE-2008-0712
-	RESERVED
+CVE-2008-0712 (Unspecified vulnerability in the HP HPeDiag (aka
eSupportDiagnostics) ...)
+	TODO: check
 CVE-2008-0711 (Unspecified vulnerability in the embedded management console in
HP ...)
 	NOT-FOR-US: HP iLO-2 management processors
 CVE-2008-0710
@@ -2866,7 +3029,7 @@
 	NOT-FOR-US: Magnolia CE
 CVE-2008-0700 (Cross-site scripting (XSS) vulnerability in search.php in Crux
...)
 	NOT-FOR-US: CruxCMS
-CVE-2008-0699 (Unspecified vulnerability in SYSPROC.ADMIN_SP_C in IBM DB2 UDB
before ...)
+CVE-2008-0699 (Unspecified vulnerability in the ADMIN_SP_C procedure ...)
 	NOT-FOR-US: IBM DB2
 CVE-2008-0698 (Buffer overflow in the DAS server in IBM DB2 UDB before 8.2
Fixpak 16 ...)
 	NOT-FOR-US: IBM DB2
@@ -3564,7 +3727,7 @@
 	{DSA-1510-1}
 	- ghostscript 8.61.dfsg.1-1.1 (medium; bug #468190)
 CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel
2.4.21 ...)
-	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1565-1}
+	{DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1}
 	- linux-2.6 <unfixed>
 CVE-2008-XXXX [exempi buffer overflow in GIF ReadHeader() function]
 	- exempi 1.99.7-1 (bug #454297)
@@ -5618,7 +5781,7 @@
 	{DSA-1476-1}
 	- pulseaudio 0.9.9-1
 CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that
...)
-	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1565-1}
+	{DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1}
 	- linux-2.6 2.6.24-4
 CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the
libfont ...)
 	{DSA-1466-2 DTSA-110-1}
@@ -11528,8 +11691,10 @@
 CVE-2007-4155 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
 	- vmware-package 0.16
 CVE-2007-4154 (SQL injection vulnerability in options.php in WordPress 2.2.1
allows ...)
+	{DSA-1564-1}
 	- wordpress 2.2.2-1
 CVE-2007-4153 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress
2.2.1 ...)
+	{DSA-1564-1}
 	- wordpress 2.2.2-1 (low)
 	NOTE: see issue 4690 and 4691 in wordpress trac
 CVE-2007-4152 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft
Audit ...)
@@ -12770,6 +12935,7 @@
 CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows
context-dependent ...)
 	NOT-FOR-US: Adobe Apollo
 CVE-2007-3639 (WordPress before 2.2.2 allows remote attackers to redirect
visitors to ...)
+	{DSA-1564-1}
 	- wordpress 2.2.2-1
 CVE-2007-3638 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted
remote ...)
 	NOT-FOR-US: Yahoo! Messenger
@@ -20657,6 +20823,7 @@
 	{DTSA-33-1}
 	- wordpress 2.1.0-1 (low)
 CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service
...)
+	{DSA-1564-1}
 	- wordpress 2.1.0-1 (low)
 CVE-2007-0539 (The wp_remote_fopen function in WordPress before 2.1 allows
remote ...)
 	{DTSA-33-1}
Secure testing commits - May 2008 - r8663 - data/CVE

[Secure-testing-commits] r8663 - data/CVE
