thr3ads.net - Secure testing commits - [Secure-testing-commits] r8858

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-May-21 09:14 UTC
[Secure-testing-commits] r8858 - data/CVE

Author: joeyh
Date: 2008-05-21 09:14:15 +0000 (Wed, 21 May 2008)
New Revision: 8858

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-05-21 08:30:08 UTC (rev 8857)
+++ data/CVE/list	2008-05-21 09:14:15 UTC (rev 8858)
@@ -1,3 +1,239 @@
+CVE-2008-2398 (Cross-site scripting (XSS) vulnerability in index.php in AppServ
Open ...)
+	TODO: check
+CVE-2008-2397 (Cross-site scripting (XSS) vulnerability in search-results.dot
in ...)
+	TODO: check
+CVE-2008-2396 (PHP remote file inclusion vulnerability in index.php in Wajox
Software ...)
+	TODO: check
+CVE-2008-2395 (SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00
beta ...)
+	TODO: check
+CVE-2008-2394 (Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02
allow ...)
+	TODO: check
+CVE-2008-2393 (SQL injection vulnerability in play.php in EntertainmentScript
1.4.0 ...)
+	TODO: check
+CVE-2008-2392 (Unrestricted file upload vulnerability in WordPress 2.5.1 and
earlier ...)
+	TODO: check
+CVE-2008-2391 (SubSonic allows remote attackers to bypass pagesize limits and
cause a ...)
+	TODO: check
+CVE-2008-2390 (Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe
(1) ...)
+	TODO: check
+CVE-2008-2389
+	RESERVED
+CVE-2008-2388
+	RESERVED
+CVE-2008-2387
+	RESERVED
+CVE-2008-2386
+	RESERVED
+CVE-2008-2385
+	RESERVED
+CVE-2008-2384
+	RESERVED
+CVE-2008-2383
+	RESERVED
+CVE-2008-2382
+	RESERVED
+CVE-2008-2381
+	RESERVED
+CVE-2008-2380
+	RESERVED
+CVE-2008-2379
+	RESERVED
+CVE-2008-2378
+	RESERVED
+CVE-2008-2377
+	RESERVED
+CVE-2008-2376
+	RESERVED
+CVE-2008-2375
+	RESERVED
+CVE-2008-2374
+	RESERVED
+CVE-2008-2373
+	RESERVED
+CVE-2008-2372
+	RESERVED
+CVE-2008-2371
+	RESERVED
+CVE-2008-2370
+	RESERVED
+CVE-2008-2369
+	RESERVED
+CVE-2008-2368
+	RESERVED
+CVE-2008-2367
+	RESERVED
+CVE-2008-2366
+	RESERVED
+CVE-2008-2365
+	RESERVED
+CVE-2008-2364
+	RESERVED
+CVE-2008-2363
+	RESERVED
+CVE-2008-2362
+	RESERVED
+CVE-2008-2361
+	RESERVED
+CVE-2008-2360
+	RESERVED
+CVE-2008-2359
+	RESERVED
+CVE-2008-2358
+	RESERVED
+CVE-2008-2357 (Stack-based buffer overflow in the split_redraw function in
split.c in ...)
+	TODO: check
+CVE-2008-2356 (SQL injection vulnerability in index.php in Archangel Weblog
0.90.02 ...)
+	TODO: check
+CVE-2008-2355 (Directory traversal vulnerability in index.php in WR-Meeting
1.0, when ...)
+	TODO: check
+CVE-2008-2354 (Unspecified vulnerability in the data export function in
testMaker ...)
+	TODO: check
+CVE-2008-2353 (Directory traversal vulnerability in admin.php in GNU/Gallery
1.1.1.0 ...)
+	TODO: check
+CVE-2008-2352 (Directory traversal vulnerability in index.php in Smeego 1.0,
when ...)
+	TODO: check
+CVE-2008-2351 (Multiple SQL injection vulnerabilities in index.php in CMS ...)
+	TODO: check
+CVE-2008-2350 (Directory traversal vulnerability in highlight.php in bcoos
1.0.9 ...)
+	TODO: check
+CVE-2008-2349 (Zomplog 3.8.2 and earlier allows remote attackers to gain ...)
+	TODO: check
+CVE-2008-2348 (MeltingIce File System 1.0 allows remote attackers to bypass
...)
+	TODO: check
+CVE-2008-2347 (MyPicGallery 1.0 allows remote attackers to bypass application
...)
+	TODO: check
+CVE-2008-2346 (AlkalinePHP 0.77.35 and earlier allows remote attackers to
bypass ...)
+	TODO: check
+CVE-2008-2345 (Unspecified vulnerability in the air_filemanager 0.6.0 and
earlier ...)
+	TODO: check
+CVE-2008-2344 (Cross-site scripting (XSS) vulnerability in the air_filemanager
0.6.0 ...)
+	TODO: check
+CVE-2008-2343 (News Manager 2.0 allows remote attackers to bypass restrictions
and ...)
+	TODO: check
+CVE-2008-2342 (Directory traversal vulnerability in attachments.php in News
Manager ...)
+	TODO: check
+CVE-2008-2341 (PHP remote file inclusion vulnerability in ch_readalso.php in
News ...)
+	TODO: check
+CVE-2008-2340 (Multiple SQL injection vulnerabilities in News Manager 2.0 allow
...)
+	TODO: check
+CVE-2008-2339 (SQL injection vulnerability in index.php in Turnkey Web Tools
SunShop ...)
+	TODO: check
+CVE-2008-2338 (Interspire ActiveKB 1.5 and earlier allows remote attackers to
gain ...)
+	TODO: check
+CVE-2008-2337 (Multiple SQL injection vulnerabilities in IMGallery 2.5, when
...)
+	TODO: check
+CVE-2008-2336 (SQL injection vulnerability in category.php in 68 Classifieds
4.0.1 ...)
+	TODO: check
+CVE-2008-2335 (Cross-site scripting (XSS) vulnerability in search_results.php
in ...)
+	TODO: check
+CVE-2008-2334 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5
allow ...)
+	TODO: check
+CVE-2008-2333
+	RESERVED
+CVE-2008-2332
+	RESERVED
+CVE-2008-2331
+	RESERVED
+CVE-2008-2330
+	RESERVED
+CVE-2008-2329
+	RESERVED
+CVE-2008-2328
+	RESERVED
+CVE-2008-2327
+	RESERVED
+CVE-2008-2326
+	RESERVED
+CVE-2008-2325
+	RESERVED
+CVE-2008-2324
+	RESERVED
+CVE-2008-2323
+	RESERVED
+CVE-2008-2322
+	RESERVED
+CVE-2008-2321
+	RESERVED
+CVE-2008-2320
+	RESERVED
+CVE-2008-2319
+	RESERVED
+CVE-2008-2318
+	RESERVED
+CVE-2008-2317
+	RESERVED
+CVE-2008-2316
+	RESERVED
+CVE-2008-2315
+	RESERVED
+CVE-2008-2314
+	RESERVED
+CVE-2008-2313
+	RESERVED
+CVE-2008-2312
+	RESERVED
+CVE-2008-2311
+	RESERVED
+CVE-2008-2310
+	RESERVED
+CVE-2008-2309
+	RESERVED
+CVE-2008-2308
+	RESERVED
+CVE-2008-2307
+	RESERVED
+CVE-2008-2306
+	RESERVED
+CVE-2008-2305
+	RESERVED
+CVE-2008-2304
+	RESERVED
+CVE-2008-2303
+	RESERVED
+CVE-2008-2301 (SQL injection vulnerability in Kostenloses Linkmanagementscript
allows ...)
+	TODO: check
+CVE-2008-2300 (Unspecified vulnerability in Citrix Presentation Server 4.5 and
...)
+	TODO: check
+CVE-2008-2299 (Unspecified vulnerability in SecureICA and ICA Basic encryption
of ...)
+	TODO: check
+CVE-2008-2298 (Admin.php in Web Slider 0.6 allows remote attackers to bypass
...)
+	TODO: check
+CVE-2008-2297 (The admin.php file in Rantx allows remote attackers to bypass
...)
+	TODO: check
+CVE-2008-2296 (PHP remote file inclusion vulnerability in
include/bbs.lib.inc.php in ...)
+	TODO: check
+CVE-2008-2295 (Cross-site scripting (XSS) vulnerability in rg_search.php in
Rgboard ...)
+	TODO: check
+CVE-2008-2294 (Pet Grooming Management System 2.0 allows remote attackers to
gain ...)
+	TODO: check
+CVE-2008-2293 (admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows
...)
+	TODO: check
+CVE-2008-2292 (Buffer overflow in the __snprint_value function in snmp_get in
...)
+	TODO: check
+CVE-2008-2291 (Unspecified vulnerability in axengine.exe in Symantec Altiris
...)
+	TODO: check
+CVE-2008-2290 (Unspecified vulnerability in the Agent user interface in
Symantec ...)
+	TODO: check
+CVE-2008-2289 (Unspecified vulnerability in a tooltip element in Symantec
Altiris ...)
+	TODO: check
+CVE-2008-2288 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before
6.9.176 ...)
+	TODO: check
+CVE-2008-2287 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before
6.9.176 ...)
+	TODO: check
+CVE-2008-2286 (SQL injection vulnerability in axengine.exe in Symantec Altiris
...)
+	TODO: check
+CVE-2008-2285 (The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS
does not ...)
+	TODO: check
+CVE-2008-2284 (PHP remote file inclusion vulnerability in fusebox5.php in
Fusebox ...)
+	TODO: check
+CVE-2008-2283 (IDAutomation allows remote attackers to overwrite arbitrary
files via ...)
+	TODO: check
+CVE-2008-2282 (admin.php in Internet Photoshow and Internet Photoshow Special
Edition ...)
+	TODO: check
+CVE-2008-2281 (Cross-zone scripting vulnerability in the Print Table of Links
feature ...)
+	TODO: check
+CVE-2005-4875 (TYPO3 3.8.0 and earlier allows remote attackers to obtain
sensitive ...)
+	TODO: check
 CVE-2008-2280 (Cross-site scripting (XSS) vulnerability in admin/index.php in
Script ...)
 	NOT-FOR-US: PHP PicEngine
 CVE-2008-2279 (Freelance Auction Script 1.0 stores user passwords in plaintext
in the ...)
@@ -12,7 +248,7 @@
 	NOT-FOR-US: sr_feuser_register extension for TYPO3
 CVE-2008-2273 (Unspecified vulnerability in the TACACS authentication component
in ...)
 	NOT-FOR-US: TACACS authentication component in Aruba Mobility Controller
-CVE-2008-2272 (Mltiple cross-site scripting (XSS) vulnerabilities in the web
...)
+CVE-2008-2272 (Multiple cross-site scripting (XSS) vulnerabilities in the web
...)
 	NOT-FOR-US: Aruba Mobility Controller
 CVE-2008-2271 (The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x
before ...)
 	NOT-FOR-US: Site Documentation Drupal module
@@ -70,10 +306,10 @@
 	RESERVED
 CVE-2008-2243
 	RESERVED
-CVE-2008-2242
-	RESERVED
-CVE-2008-2241
-	RESERVED
+CVE-2008-2242 (Multiple buffer overflows in xdr functions in the server in CA
...)
+	TODO: check
+CVE-2008-2241 (Directory traversal vulnerability in caloggerd in CA BrightStor
...)
+	TODO: check
 CVE-2008-2240
 	RESERVED
 CVE-2008-2239
@@ -237,6 +473,7 @@
 	- libconvert-uulib-perl <not-affected> (Code patched by libconver-uulib
upstream to use mkstemp)
 	NOTE: See CVE-2004-2265, where the problem occured as well
 CVE-2008-2302 [Cross-site scripting (XSS) by missing escaping]
+	RESERVED
 	- python-django 0.96.2-1 (bug #481164; low)
 CVE-2008-2162 (Cross-site scripting (XSS) vulnerability in SonicWall Email
Security ...)
 	NOT-FOR-US: SonicWall Email Security
@@ -709,16 +946,13 @@
 	RESERVED
 CVE-2008-1951
 	RESERVED
-CVE-2008-1950
-	RESERVED
+CVE-2008-1950 (Integer signedness error in the _gnutls_ciphertext2compressed
function ...)
 	{DSA-1581-1}
 	- gnutls13 <unfixed> (low)
-CVE-2008-1949
-	RESERVED
+CVE-2008-1949 (The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c
in ...)
 	{DSA-1581-1}
 	- gnutls13 <unfixed> (low)
-CVE-2008-1948
-	RESERVED
+CVE-2008-1948 (The _gnutls_server_name_recv_params function in
lib/ext_server_name.c ...)
 	{DSA-1581-1}
 	- gnutls13 <unfixed> (medium)
 CVE-2008-1947
@@ -1377,8 +1611,8 @@
 	RESERVED
 CVE-2008-1661
 	RESERVED
-CVE-2008-1660
-	RESERVED
+CVE-2008-1660 (Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23,
and ...)
+	TODO: check
 CVE-2008-1659 (Unspecified vulnerability in HP LDAP-UX vB.04.10 through
vB.04.15 ...)
 	NOT-FOR-US: HP LDAP-UX
 CVE-2008-1658 (Format string vulnerability in the grant helper ...)
@@ -2709,8 +2943,8 @@
 	RESERVED
 CVE-2008-1105
 	RESERVED
-CVE-2008-1104
-	RESERVED
+CVE-2008-1104 (Stack-based buffer overflow in Foxit Reader before 2.3 build
2912 ...)
+	TODO: check
 CVE-2008-1103 (Multiple unspecified vulnerabilities in Blender have unknown
impact ...)
 	- blender 2.40-1 (low)
 CVE-2008-1102 (Stack-based buffer overflow in the imb_loadhdr function in
Blender ...)
@@ -3035,8 +3269,8 @@
 	RESERVED
 CVE-2008-0958
 	RESERVED
-CVE-2008-0957
-	RESERVED
+CVE-2008-0957 (Multiple stack-based buffer overflows in the PhotoStockPlus
Uploader ...)
+	TODO: check
 CVE-2008-0956
 	RESERVED
 CVE-2008-0955
@@ -4872,8 +5106,7 @@
 	RESERVED
 CVE-2008-0168
 	RESERVED
-CVE-2008-0167 [gforge insecure file handling]
-	RESERVED
+CVE-2008-0167 (The write_array_file function in utils/include.pl in GForge
4.5.14 ...)
 	{DSA-1577-1}
 	- gforge 4.6.99+svn6496-1 (low)
 	NOTE: https://rt.debian.org/Ticket/Display.html?id=672
@@ -7441,7 +7674,7 @@
 	NOT-FOR-US: IBM AIX
 CVE-2007-5804 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the
argument ...)
 	NOT-FOR-US: IBM AIX
-CVE-2007-5803 (Cross-site scripting (XSS) vulnerability in Nagios allows remote
...)
+CVE-2007-5803 (Multiple cross-site scripting (XSS) vulnerabilities in CGI
programs in ...)
 	TODO: check
 CVE-2007-5802 (Directory traversal vulnerability in index.php in Firewolf ...)
 	NOT-FOR-US: Firewolf Technologies Synergiser
Secure testing commits - May 2008 - r8858 - data/CVE

[Secure-testing-commits] r8858 - data/CVE
