Author: nion Date: 2008-05-21 21:54:25 +0000 (Wed, 21 May 2008) New Revision: 8864 Modified: data/CVE/list Log: a bunch of NFUs new wordpress issue: CVE-2008-2392, poked wordpress upstream CVE-2008-2285 fixed in openssh 1:4.7p1-10 Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-05-21 21:14:20 UTC (rev 8863) +++ data/CVE/list 2008-05-21 21:54:25 UTC (rev 8864) @@ -11,11 +11,14 @@ CVE-2008-2393 (SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 ...) NOT-FOR-US: EntertainmentScript CVE-2008-2392 (Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier ...) - TODO: check + - wordpress <unfixed> + NOTE: could not reproduce this. Anyway, wordpress security policy + NOTE: checks files only by extension so this should only affect misconfigured + NOTE: webservers. Poked wordpress upstream to get a confirmation of this vulnerability CVE-2008-2391 (SubSonic allows remote attackers to bypass pagesize limits and cause a ...) - TODO: check + NOT-FOR-US: SubSonic CVE-2008-2390 (Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ...) - TODO: check + NOT-FOR-US: HP Software Update CVE-2008-2389 RESERVED CVE-2008-2388 @@ -83,51 +86,51 @@ CVE-2008-2357 (Stack-based buffer overflow in the split_redraw function in split.c in ...) - mtr 0.73-1 CVE-2008-2356 (SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 ...) - TODO: check + NOT-FOR-US: Archangel Weblog CVE-2008-2355 (Directory traversal vulnerability in index.php in WR-Meeting 1.0, when ...) - TODO: check + NOT-FOR-US: WR-Meeting CVE-2008-2354 (Unspecified vulnerability in the data export function in testMaker ...) - TODO: check + NOT-FOR-US: testMaker CVE-2008-2353 (Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 ...) - TODO: check + NOT-FOR-US: GNU/Gallery CVE-2008-2352 (Directory traversal vulnerability in index.php in Smeego 1.0, when ...) - TODO: check + NOT-FOR-US: Smeego CVE-2008-2351 (Multiple SQL injection vulnerabilities in index.php in CMS ...) - TODO: check + NOT-FOR-US: WebManager-Pro CVE-2008-2350 (Directory traversal vulnerability in highlight.php in bcoos 1.0.9 ...) - TODO: check + NOT-FOR-US: bcoos CVE-2008-2349 (Zomplog 3.8.2 and earlier allows remote attackers to gain ...) - TODO: check + NOT-FOR-US: Zomplog CVE-2008-2348 (MeltingIce File System 1.0 allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: MeltingIce File System CVE-2008-2347 (MyPicGallery 1.0 allows remote attackers to bypass application ...) - TODO: check + NOT-FOR-US: MyPicGallery CVE-2008-2346 (AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: AlkalinePHP CVE-2008-2345 (Unspecified vulnerability in the air_filemanager 0.6.0 and earlier ...) - TODO: check + NOT-FOR-US: air_filemanager extension for typo3 CVE-2008-2344 (Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 ...) - TODO: check + NOT-FOR-US: air_filemanager extension for typo3 CVE-2008-2343 (News Manager 2.0 allows remote attackers to bypass restrictions and ...) - TODO: check + NOT-FOR-US: News Manager CVE-2008-2342 (Directory traversal vulnerability in attachments.php in News Manager ...) - TODO: check + NOT-FOR-US: News Manager CVE-2008-2341 (PHP remote file inclusion vulnerability in ch_readalso.php in News ...) - TODO: check + NOT-FOR-US: News Manager CVE-2008-2340 (Multiple SQL injection vulnerabilities in News Manager 2.0 allow ...) - TODO: check + NOT-FOR-US: News Manager CVE-2008-2339 (SQL injection vulnerability in index.php in Turnkey Web Tools SunShop ...) - TODO: check + NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart CVE-2008-2338 (Interspire ActiveKB 1.5 and earlier allows remote attackers to gain ...) - TODO: check + NOT-FOR-US: Interspire ActiveKB CVE-2008-2337 (Multiple SQL injection vulnerabilities in IMGallery 2.5, when ...) - TODO: check + NOT-FOR-US: IMGallery CVE-2008-2336 (SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 ...) - TODO: check + NOT-FOR-US: 68 Classifieds CVE-2008-2335 (Cross-site scripting (XSS) vulnerability in search_results.php in ...) - TODO: check + NOT-FOR-US: Vastal I-Tech phpVID CVE-2008-2334 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5 allow ...) - TODO: check + NOT-FOR-US: W1L3D4 Philboard CVE-2008-2333 RESERVED CVE-2008-2332 @@ -191,47 +194,47 @@ CVE-2008-2303 RESERVED CVE-2008-2301 (SQL injection vulnerability in Kostenloses Linkmanagementscript allows ...) - TODO: check + NOT-FOR-US: Kostenloses Linkmanagementscript CVE-2008-2300 (Unspecified vulnerability in Citrix Presentation Server 4.5 and ...) - TODO: check + NOT-FOR-US: Citrix Software CVE-2008-2299 (Unspecified vulnerability in SecureICA and ICA Basic encryption of ...) - TODO: check + NOT-FOR-US: Citrix Software CVE-2008-2298 (Admin.php in Web Slider 0.6 allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: Web Slider CVE-2008-2297 (The admin.php file in Rantx allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: Rantx CVE-2008-2296 (PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in ...) - TODO: check + NOT-FOR-US: Rgboard CVE-2008-2295 (Cross-site scripting (XSS) vulnerability in rg_search.php in Rgboard ...) - TODO: check + NOT-FOR-US: Rgboard CVE-2008-2294 (Pet Grooming Management System 2.0 allows remote attackers to gain ...) - TODO: check + NOT-FOR-US: Pet Grooming Management System CVE-2008-2293 (admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows ...) - TODO: check + NOT-FOR-US: Multi-Page Comment System CVE-2008-2292 (Buffer overflow in the __snprint_value function in snmp_get in ...) - TODO: check + - net-snmp <unfixed> (medium; bug #482333) CVE-2008-2291 (Unspecified vulnerability in axengine.exe in Symantec Altiris ...) - TODO: check + NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-2290 (Unspecified vulnerability in the Agent user interface in Symantec ...) - TODO: check + NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-2289 (Unspecified vulnerability in a tooltip element in Symantec Altiris ...) - TODO: check + NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-2288 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 ...) - TODO: check + NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-2287 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 ...) - TODO: check + NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-2286 (SQL injection vulnerability in axengine.exe in Symantec Altiris ...) - TODO: check + NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-2285 (The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not ...) - TODO: check + - openssh 1:4.7p1-10 CVE-2008-2284 (PHP remote file inclusion vulnerability in fusebox5.php in Fusebox ...) - TODO: check + NOT-FOR-US: Fusebox CVE-2008-2283 (IDAutomation allows remote attackers to overwrite arbitrary files via ...) - TODO: check + NOT-FOR-US: IDAutomation CVE-2008-2282 (admin.php in Internet Photoshow and Internet Photoshow Special Edition ...) - TODO: check + NOT-FOR-US: Internet Photoshow CVE-2008-2281 (Cross-zone scripting vulnerability in the Print Table of Links feature ...) - TODO: check + NOT-FOR-US: Internet Explorer CVE-2005-4875 (TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive ...) TODO: check CVE-2008-2280 (Cross-site scripting (XSS) vulnerability in admin/index.php in Script ...) @@ -307,9 +310,9 @@ CVE-2008-2243 RESERVED CVE-2008-2242 (Multiple buffer overflows in xdr functions in the server in CA ...) - TODO: check + NOT-FOR-US: CA BrightStor ARCServe Backup CVE-2008-2241 (Directory traversal vulnerability in caloggerd in CA BrightStor ...) - TODO: check + NOT-FOR-US: CA BrightStor ARCServe Backup CVE-2008-2240 RESERVED CVE-2008-2239