thr3ads.net - Secure testing commits - [Secure-testing-commits] r8931

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-May-29 21:14 UTC
[Secure-testing-commits] r8931 - data/CVE

Author: joeyh
Date: 2008-05-29 21:14:17 +0000 (Thu, 29 May 2008)
New Revision: 8931

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-05-29 13:07:10 UTC (rev 8930)
+++ data/CVE/list	2008-05-29 21:14:17 UTC (rev 8931)
@@ -1,3 +1,201 @@
+CVE-2008-2500 (Cross-site scripting (XSS) vulnerability in the MOStlyContent
Editor ...)
+	TODO: check
+CVE-2008-2499 (Stack-based buffer overflow in the Community Services
Multiplexer (aka ...)
+	TODO: check
+CVE-2008-2498 (Multiple SQL injection vulnerabilities in index.php in Mambo
before ...)
+	TODO: check
+CVE-2008-2497 (CRLF injection vulnerability in Mambo before 4.6.4 allows remote
...)
+	TODO: check
+CVE-2008-2496 (Multiple cross-site scripting (XSS) vulnerabilities in Quate CMS
0.3.4 ...)
+	TODO: check
+CVE-2008-2495 (Directory traversal vulnerability in index.php in Zina 1.0 RC3
allows ...)
+	TODO: check
+CVE-2008-2494 (Cross-site scripting (XSS) vulnerability in index.php in Zina
1.0 RC3 ...)
+	TODO: check
+CVE-2008-2493 (Cross-site scripting (XSS) vulnerability in post3/Book.asp in
Campus ...)
+	TODO: check
+CVE-2008-2492 (Multiple SQL injection vulnerabilities in Campus Bulletin Board
3.4 ...)
+	TODO: check
+CVE-2008-2491 (SQL injection vulnerability in adv_cat.php in AbleSpace 1.0
allows ...)
+	TODO: check
+CVE-2008-2490 (Cross-site scripting (XSS) vulnerability in the KJ Image
Lightbox 2 ...)
+	TODO: check
+CVE-2008-2489 (SQL injection vulnerability in the Library for Frontend Plugins
(aka ...)
+	TODO: check
+CVE-2008-2488 (admin/userform.php in RoomPHPlanning 1.5 does not require ...)
+	TODO: check
+CVE-2008-2487 (SQL injection vulnerability in index.php in MAXSITE 1.10 and
earlier ...)
+	TODO: check
+CVE-2008-2486 (Unspecified vulnerability in eMule Plus before 1.2d has unknown
impact ...)
+	TODO: check
+CVE-2008-2485 (Cross-site scripting (XSS) vulnerability in the URL redirection
script ...)
+	TODO: check
+CVE-2008-2484 (SQL injection vulnerability in index.php in Xomol CMS
1.20071213, when ...)
+	TODO: check
+CVE-2008-2483 (Directory traversal vulnerability in index.php in Xomol CMS
1.20071213 ...)
+	TODO: check
+CVE-2008-2482 (Directory traversal vulnerability in install_mod.php in
insanevisions ...)
+	TODO: check
+CVE-2008-2481 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-2480 (PHP remote file inclusion vulnerability in plus.php in plusPHP
Short ...)
+	TODO: check
+CVE-2008-2479 (Multiple SQL injection vulnerabilities in phpFix 2.0 allow
remote ...)
+	TODO: check
+CVE-2008-2478 (** DISPUTED ** ...)
+	TODO: check
+CVE-2008-2477 (SQL injection vulnerability in index.php in MxBB (aka MX-System)
...)
+	TODO: check
+CVE-2008-2476
+	RESERVED
+CVE-2008-2475
+	RESERVED
+CVE-2008-2474
+	RESERVED
+CVE-2008-2473
+	RESERVED
+CVE-2008-2472
+	RESERVED
+CVE-2008-2471
+	RESERVED
+CVE-2008-2470
+	RESERVED
+CVE-2008-2469
+	RESERVED
+CVE-2008-2468
+	RESERVED
+CVE-2008-2467
+	RESERVED
+CVE-2008-2466
+	RESERVED
+CVE-2008-2465
+	RESERVED
+CVE-2008-2464
+	RESERVED
+CVE-2008-2463
+	RESERVED
+CVE-2008-2462
+	RESERVED
+CVE-2008-2461 (SQL injection vulnerability in index.php in Netious CMS 0.4
allows ...)
+	TODO: check
+CVE-2008-2460 (SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold
allows ...)
+	TODO: check
+CVE-2008-2459 (Directory traversal vulnerability in page.php in
EntertainmentScript ...)
+	TODO: check
+CVE-2008-2458 (Cross-site scripting (XSS) vulnerability in index.php in
Starsgames ...)
+	TODO: check
+CVE-2008-2457 (SQL injection vulnerability in jokes_category.php in
PHP-Jokesite 2.0 ...)
+	TODO: check
+CVE-2008-2456 (SQL injection vulnerability in index.php in ComicShout 2.5 and
earlier ...)
+	TODO: check
+CVE-2008-2455 (SQL injection vulnerability in comment.php in the MacGuru BLOG
Engine ...)
+	TODO: check
+CVE-2008-2454 (SQL injection vulnerability in the xsstream-dm (com_xsstream-dm)
...)
+	TODO: check
+CVE-2008-2453 (Multiple SQL injection vulnerabilities in PHP Classifieds Script
allow ...)
+	TODO: check
+CVE-2008-2452 (Cross-site scripting (XSS) vulnerability in the Questionaire
(aka ...)
+	TODO: check
+CVE-2008-2451 (Multiple SQL injection vulnerabilities in the Statistics (aka
...)
+	TODO: check
+CVE-2008-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the
Statistics ...)
+	TODO: check
+CVE-2008-2449 (Multiple cross-site scripting (XSS) vulnerabilities in Isaac
McGowan ...)
+	TODO: check
+CVE-2008-2448 (Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow
remote ...)
+	TODO: check
+CVE-2008-2447 (SQL injection vulnerability in products.php in the Mytipper
ZoGo-shop ...)
+	TODO: check
+CVE-2008-2446 (Multiple SQL injection vulnerabilities in Web Group
Communication ...)
+	TODO: check
+CVE-2008-2445 (Cross-site scripting (XSS) vulnerability in profile.php in Web
Group ...)
+	TODO: check
+CVE-2008-2444 (SQL injection vulnerability in userreg.php in CaLogic Calendars
1.2.2 ...)
+	TODO: check
+CVE-2008-2443 (SQL injection vulnerability in dpage.php in The Real Estate
Script ...)
+	TODO: check
+CVE-2008-2442
+	RESERVED
+CVE-2008-2441
+	RESERVED
+CVE-2008-2440
+	RESERVED
+CVE-2008-2439
+	RESERVED
+CVE-2008-2438
+	RESERVED
+CVE-2008-2437
+	RESERVED
+CVE-2008-2436
+	RESERVED
+CVE-2008-2435
+	RESERVED
+CVE-2008-2434
+	RESERVED
+CVE-2008-2433
+	RESERVED
+CVE-2008-2432
+	RESERVED
+CVE-2008-2431
+	RESERVED
+CVE-2008-2430
+	RESERVED
+CVE-2008-2429
+	RESERVED
+CVE-2008-2428
+	RESERVED
+CVE-2008-2427
+	RESERVED
+CVE-2008-2426
+	RESERVED
+CVE-2008-2425 (SQL injection vulnerability in index.php in FicHive 1.0 allows
remote ...)
+	TODO: check
+CVE-2008-2422 (SQL injection vulnerability in index.php in Web Slider 0.6
allows ...)
+	TODO: check
+CVE-2008-2421 (Cross-site scripting (XSS) vulnerability in the Web GUI in SAP
Web ...)
+	TODO: check
+CVE-2008-2419 (Mozilla Firefox 2.0.0.14 allows remote attackers to cause a
denial of ...)
+	TODO: check
+CVE-2008-2418 (Race condition in the STREAMS Administrative Driver (sad) in Sun
...)
+	TODO: check
+CVE-2008-2417 (SQL injection vulnerability in showQAnswer.asp in How2ASP.net
Webboard ...)
+	TODO: check
+CVE-2008-2416 (SQL injection vulnerability in index.php in FicHive 1.0 allows
remote ...)
+	TODO: check
+CVE-2008-2415 (Directory traversal vulnerability in ...)
+	TODO: check
+CVE-2008-2414 (Cross-site scripting (XSS) vulnerability in send_email.php in AN
...)
+	TODO: check
+CVE-2008-2413 (Cross-site scripting (XSS) vulnerability in glossaire.php in
ACGV News ...)
+	TODO: check
+CVE-2008-2412 (SQL injection vulnerability in glossaire.php in ACGV News 0.9.1
allows ...)
+	TODO: check
+CVE-2008-2411 (SQL injection vulnerability in index.php in SazCart 1.5.1 and
earlier, ...)
+	TODO: check
+CVE-2008-2410 (Cross-site scripting (XSS) vulnerability in the servlet engine
and Web ...)
+	TODO: check
+CVE-2008-2409 (Stack-based buffer overflow in Cerulean Studios Trillian before
...)
+	TODO: check
+CVE-2008-2408 (Heap-based buffer overflow in the XML parsing functionality in
...)
+	TODO: check
+CVE-2008-2407 (Stack-based buffer overflow in AIM.DLL in Cerulean Studios
Trillian ...)
+	TODO: check
+CVE-2008-2406
+	RESERVED
+CVE-2008-2405
+	RESERVED
+CVE-2008-2404
+	RESERVED
+CVE-2008-2403
+	RESERVED
+CVE-2008-2402
+	RESERVED
+CVE-2008-2401
+	RESERVED
+CVE-2008-2400 (Unspecified vulnerability in stunnel before 4.23, when running
as a ...)
+	TODO: check
+CVE-2008-2399 (Directory traversal vulnerability in the FireFTP add-on before
...)
+	TODO: check
 CVE-2008-XXXX [Adobe Flash Player is prone to an unspecified remote
code-execution vulnerability]
 	- flashplugin-nonfree <unfixed> (bug #483199)
 	[etch] - flashplugin-nonfree <no-dsa> (Non-free not supported)
@@ -11,11 +209,11 @@
 	- pam-pgsql 0.6.3-2 (medium; bug #481970)
 	[etch] - pam-pgsql <not-affected> (Vulnerable code not present)
 	NOTE: pam_pgsql is not configured as "sufficient" in Debian default
configuration
-CVE-2008-2424 [Possible DoS attack through unspecified vulnerable]
+CVE-2008-2424 (Unspecified vulnerability in the 404 error page for the
&quot;Standard ...)
 	- interchange 5.5.1 (low; bug #482636)
-CVE-2008-2423 [Unspecified DoS attack via crafted HTTP requests]
+CVE-2008-2423 (Unspecified vulnerability in Interchange before 5.6.0 allows
remote ...)
 	- interchange 5.5.1 (low; bug #482636)
-CVE-2008-2420 [OCSP functionality in stunnel before 4.24 does not properly
search ...]
+CVE-2008-2420 (The OCSP functionality in stunnel before 4.24 does not properly
search ...)
 	- stunnel4 3:4.22-1.1 (low; bug #482644)
 CVE-2008-2398 (Cross-site scripting (XSS) vulnerability in index.php in AppServ
Open ...)
 	NOT-FOR-US: AppServ Open Project
@@ -151,8 +349,8 @@
 	NOT-FOR-US: Vastal I-Tech phpVID
 CVE-2008-2334 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5
allow ...)
 	NOT-FOR-US: W1L3D4 Philboard
-CVE-2008-2333
-	RESERVED
+CVE-2008-2333 (Cross-site scripting (XSS) vulnerability in ldap_test.cgi in
Barracuda ...)
+	TODO: check
 CVE-2008-2332
 	RESERVED
 CVE-2008-2331
@@ -234,7 +432,7 @@
 CVE-2008-2292 (Buffer overflow in the __snprint_value function in snmp_get in
...)
 	{DTSA-134-1}
 	- net-snmp 5.4.1~dfsg-7.1 (medium; bug #482333)
-CVE-2008-2291 (Unspecified vulnerability in axengine.exe in Symantec Altiris
...)
+CVE-2008-2291 (axengine.exe in Symantec Altiris Deployment Solution 6.8.x and
6.9.x ...)
 	NOT-FOR-US: Symantec Altiris Deployment Solution
 CVE-2008-2290 (Unspecified vulnerability in the Agent user interface in
Symantec ...)
 	NOT-FOR-US: Symantec Altiris Deployment Solution
@@ -335,8 +533,8 @@
 	NOT-FOR-US: CA BrightStor ARCServe Backup
 CVE-2008-2241 (Directory traversal vulnerability in caloggerd in CA BrightStor
...)
 	NOT-FOR-US: CA BrightStor ARCServe Backup
-CVE-2008-2240
-	RESERVED
+CVE-2008-2240 (Stack-based buffer overflow in the Web Server service in IBM
Lotus ...)
+	TODO: check
 CVE-2008-2239
 	RESERVED
 CVE-2008-2238
@@ -499,8 +697,7 @@
 	- uudeview 0.5.20-3.1 (low; bug #480972)
 	- libconvert-uulib-perl <not-affected> (Code patched by libconver-uulib
upstream to use mkstemp)
 	NOTE: See CVE-2004-2265, where the problem occured as well
-CVE-2008-2302 [Cross-site scripting (XSS) by missing escaping]
-	RESERVED
+CVE-2008-2302 (Cross-site scripting (XSS) vulnerability in the login form in
the ...)
 	- python-django 0.96.2-1 (bug #481164; low)
 CVE-2008-2162 (Cross-site scripting (XSS) vulnerability in SonicWall Email
Security ...)
 	NOT-FOR-US: SonicWall Email Security
@@ -510,10 +707,10 @@
 	NOT-FOR-US: Microsoft Windows CE 5.0
 CVE-2008-2159 (Microsoft Internet Explorer 7 can save encrypted pages in the
cache ...)
 	NOT-FOR-US: Microsoft Internet Explorer 7
-CVE-2008-2158
-	RESERVED
-CVE-2008-2157
-	RESERVED
+CVE-2008-2158 (Multiple stack-based buffer overflows in the Command Line
Interface ...)
+	TODO: check
+CVE-2008-2157 (robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for
Windows ...)
+	TODO: check
 CVE-2008-2156
 	RESERVED
 CVE-2008-2155
@@ -551,8 +748,7 @@
 	NOT-FOR-US: rpath Appliance Platform Agent
 CVE-2008-2138 (Oracle Application Server (OracleAS) Portal 10g allows remote
...)
 	NOT-FOR-US: Oracle Application Server (OracleAS) Portal 10g
-CVE-2008-2137 [sparc mmap() local DoS]
-	RESERVED
+CVE-2008-2137 (The (1) sparc_mmap_check function in
arch/sparc/kernel/sys_sparc.c and ...)
 	{DSA-1588-1}
 	- linux-2.6 <unfixed>
 	NOTE: Upstream commit: 5816339310b2d9623cf413d33e538b45e815da5d
@@ -745,10 +941,10 @@
 	RESERVED
 CVE-2008-2055
 	RESERVED
-CVE-2008-2054
-	RESERVED
-CVE-2008-2053
-	RESERVED
+CVE-2008-2054 (Unspecified vulnerability in Cisco CiscoWorks Common Services
3.0.3 ...)
+	TODO: check
+CVE-2008-2053 (Unspecified vulnerability in Cisco Unified Customer Voice Portal
(CVP) ...)
+	TODO: check
 CVE-2008-2052 (Open redirect vulnerability in redirect.php in Bitrix Site
Manager 6.5 ...)
 	NOT-FOR-US: Bitrix Site Manager
 CVE-2008-2049 (The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10
allows ...)
@@ -846,10 +1042,10 @@
 	TODO: check vulnerability of debian packages and value of upstream patch
 CVE-2008-2008 (Buffer overflow in the Display Names message feature in Cerulean
...)
 	NOT-FOR-US: Cerulean Studios Trillian Basic
-CVE-2008-2007
-	RESERVED
-CVE-2008-2006
-	RESERVED
+CVE-2008-2007 (Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and
...)
+	TODO: check
+CVE-2008-2006 (Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and
...)
+	TODO: check
 CVE-2008-2005 (The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink
before ...)
 	NOT-FOR-US: SuiteLink
 CVE-2008-2004 (The drive_init function in QEMU 0.9.1 determines the format of a
raw ...)
@@ -1304,8 +1500,7 @@
 	RESERVED
 CVE-2008-1805
 	RESERVED
-CVE-2008-1804 [snort bypass through malformed fragmented packets]
-	RESERVED
+CVE-2008-1804 (preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does
not ...)
 	- snort <unfixed> (low; bug #483160)
 	[etch] - snort <not-affected> (Only 2.6 and 2.8 are affected)
 	NOTE: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=701
@@ -1394,8 +1589,7 @@
 CVE-2008-1768 (Multiple integer overflows in VLC before 0.8.6f allow remote
attackers ...)
 	{DTSA-125-1}
 	- vlc 0.8.6.e-2.1 (medium; bug #478140)
-CVE-2008-1767
-	RESERVED
+CVE-2008-1767 (Buffer overflow in pattern.c in libxslt before 1.1.24 allows
...)
 	- libxslt 1.1.24-1 (bug #482664)
 CVE-2008-1766 (Multiple unspecified vulnerabilities in phpBB before 3.0.1 have
...)
 	- phpbb3 3.0.1-1 (low)
@@ -1627,8 +1821,7 @@
 	RESERVED
 CVE-2008-1673
 	RESERVED
-CVE-2008-1672
-	RESERVED
+CVE-2008-1672 (OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a
denial of ...)
 	{DTSA-136-1}
 	- openssl 0.9.8g-10.1 (bug #483379)
 	[etch] - openssl <not-affected> (Vulnerable code (TLS extensions) not
present)
@@ -2823,8 +3016,8 @@
 	- xine-lib 1.1.10.1-1 (medium)
 CVE-2008-1160 (ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and
Zebra ...)
 	NOT-FOR-US: ZyXEL ZyWALL 1050
-CVE-2008-1159
-	RESERVED
+CVE-2008-1159 (Multiple unspecified vulnerabilities in the SSH server in Cisco
IOS ...)
+	TODO: check
 CVE-2008-1158 (The Presence Engine (PE) service in Cisco Unified Presence
before ...)
 	NOT-FOR-US: Presence Engine (PE) Cisco Unified Presence
 CVE-2008-1157 (Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6
creates a ...)
@@ -2989,8 +3182,7 @@
 	RESERVED
 CVE-2008-1106
 	RESERVED
-CVE-2008-1105
-	RESERVED
+CVE-2008-1105 (Heap-based buffer overflow in the receive_smb_raw function in
...)
 	- samba 3.0.30-1 (medium; bug #483410)
 CVE-2008-1104 (Stack-based buffer overflow in Foxit Reader before 2.3 build
2912 ...)
 	NOT-FOR-US: Foxit Reader
@@ -3314,16 +3506,16 @@
 	NOT-FOR-US: EMC DiskXtender
 CVE-2008-0960
 	RESERVED
-CVE-2008-0959
-	RESERVED
-CVE-2008-0958
-	RESERVED
+CVE-2008-0959 (Multiple stack-based buffer overflows in the Online Media
Technologies ...)
+	TODO: check
+CVE-2008-0958 (Multiple stack-based buffer overflows in the Online Media
Technologies ...)
+	TODO: check
 CVE-2008-0957 (Multiple stack-based buffer overflows in the PhotoStockPlus
Uploader ...)
 	NOT-FOR-US: PhotoStockPlus Uploader Tool ActiveX control
 CVE-2008-0956
 	RESERVED
-CVE-2008-0955
-	RESERVED
+CVE-2008-0955 (Stack-based buffer overflow in the Creative Software AutoUpdate
Engine ...)
+	TODO: check
 CVE-2008-0954
 	RESERVED
 CVE-2008-0953
@@ -3457,8 +3649,7 @@
 	NOT-FOR-US: Red Hat Administration Server
 CVE-2008-0892 (The replication monitor CGI script (repl-monitor-cgi.pl) in Red
Hat ...)
 	NOT-FOR-US: Red Hat Administration Server
-CVE-2008-0891
-	RESERVED
+CVE-2008-0891 (Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the
TLS ...)
 	{DTSA-136-1}
 	- openssl 0.9.8g-10.1 (bug #483379)
 	[etch] - openssl <not-affected> (Vulnerable code (TLS extensions) not
present)
@@ -4236,12 +4427,12 @@
 	NOT-FOR-US: phpIP Management
 CVE-2008-0537 (Unspecified vulnerability in the Supervisor Engine 32 (Sup32),
...)
 	NOT-FOR-US: Cisco
-CVE-2008-0536
-	RESERVED
-CVE-2008-0535
-	RESERVED
-CVE-2008-0534
-	RESERVED
+CVE-2008-0536 (Unspecified vulnerability in the SSH server in Cisco Service
Control ...)
+	TODO: check
+CVE-2008-0535 (Unspecified vulnerability in the SSH server in Cisco Service
Control ...)
+	TODO: check
+CVE-2008-0534 (The SSH server in Cisco Service Control Engine (SCE) before
3.1.6 ...)
+	TODO: check
 CVE-2008-0533 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: Cisco ACS
 CVE-2008-0532 (Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in ...)
@@ -7291,11 +7482,10 @@
 CVE-2007-5963 (Unspecified vulnerability in kdebase allows local users to cause
a ...)
 	- kdebase <unfixed> (unimportant)
 	NOTE: This has only theoretical security impact
-CVE-2007-5962 [vsftpd memleak DoS]
-	RESERVED
+CVE-2007-5962 (Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5
on Red ...)
 	- vsftpd <not-affected> (Vulnerability in Red Hat-specific patch)
-CVE-2007-5961
-	RESERVED
+CVE-2007-5961 (Cross-site scripting (XSS) vulnerability in the Red Hat Network
...)
+	TODO: check
 CVE-2007-5960 (Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets
the ...)
 	{DSA-1506-1 DSA-1425-1 DSA-1424-1}
 	- iceweasel 2.0.0.10-1
@@ -9070,10 +9260,10 @@
 CVE-2007-5497 (Multiple integer overflows in libext2fs in e2fsprogs before
1.40.3 ...)
 	{DSA-1422-1 DTSA-95-1}
 	- e2fsprogs 1.40.3-1 (bug #454760)
-CVE-2007-5496
-	RESERVED
-CVE-2007-5495
-	RESERVED
+CVE-2007-5496 (Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5
...)
+	TODO: check
+CVE-2007-5495 (sealert in setroubleshoot 2.0.5 allows local users to overwrite
...)
+	TODO: check
 CVE-2007-5494 (Memory leak in the Red Hat Content Accelerator kernel patch in
Red Hat ...)
 	- linux-2.6 <not-affected> (RedHat specific patch)
 CVE-2007-5493 (The SMS handler for Windows Mobile 2005 Pocket PC Phone edition
allows ...)
Secure testing commits - May 2008 - r8931 - data/CVE

[Secure-testing-commits] r8931 - data/CVE
