thr3ads.net - Secure testing commits - [Secure-testing-commits] r9113

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Jun-20 09:14 UTC
[Secure-testing-commits] r9113 - data/CVE

Author: joeyh
Date: 2008-06-20 09:14:10 +0000 (Fri, 20 Jun 2008)
New Revision: 9113

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-06-19 21:14:11 UTC (rev 9112)
+++ data/CVE/list	2008-06-20 09:14:10 UTC (rev 9113)
@@ -1,42 +1,222 @@
+CVE-2008-2786 (Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and
attack ...)
+	TODO: check
+CVE-2008-2785 (Unspecified vulnerability in Firefox 3.0 and 2.0.x has unknown
impact ...)
+	TODO: check
+CVE-2008-2784 (The smtp_filter function in spamdyke before 3.1.8 does not
filter RCPT ...)
+	TODO: check
+CVE-2008-2783 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
...)
+	TODO: check
+CVE-2008-2782 (Multiple directory traversal vulnerabilities in OtomiGenX 2.2
allow ...)
+	TODO: check
+CVE-2008-2781 (SQL injection vulnerability in index.php in DZOIC Handshakes 3.5
...)
+	TODO: check
+CVE-2008-2780 (The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt
stores ...)
+	TODO: check
+CVE-2008-2779 (Directory traversal vulnerability in GlobalSCAPE CuteFTP Home
8.2.0 ...)
+	TODO: check
+CVE-2008-2778 (SQL injection vulnerability in inc/class_search.php in the
Search ...)
+	TODO: check
+CVE-2008-2777 (Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1
allows ...)
+	TODO: check
+CVE-2008-2776 (Cross-site scripting (XSS) vulnerability in search.asp in DT
...)
+	TODO: check
+CVE-2008-2775 (SQL injection vulnerability in search.asp in DT Centrepiece 4.0
allows ...)
+	TODO: check
+CVE-2008-2774 (SQL injection vulnerability in item.php in CartKeeper CKGold
Shopping ...)
+	TODO: check
+CVE-2008-2773 (Cross-site scripting (XSS) vulnerability in the Taxonomy Image
module ...)
+	TODO: check
+CVE-2008-2772 (The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows
remote ...)
+	TODO: check
+CVE-2008-2771 (The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before
6.x-1.0 ...)
+	TODO: check
+CVE-2008-2770 (SQL injection vulnerability in index.php in MycroCMS 0.5, when
...)
+	TODO: check
+CVE-2008-2769 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-2768 (Cross-site scripting (XSS) vulnerability in admin/search.asp in
Xigla ...)
+	TODO: check
+CVE-2008-2767 (SQL injection vulnerability in search.asp in Xigla Poll Manager
XE ...)
+	TODO: check
+CVE-2008-2766 (Cross-site scripting (XSS) vulnerability in Xigla Absolute Image
...)
+	TODO: check
+CVE-2008-2765 (SQL injection vulnerability in gallery.asp in Xigla Absolute
Image ...)
+	TODO: check
+CVE-2008-2764 (Cross-site scripting (XSS) vulnerability in admin/search.asp in
Xigla ...)
+	TODO: check
+CVE-2008-2763 (SQL injection vulnerability in search.asp in Xigla Absolute Live
...)
+	TODO: check
+CVE-2008-2762 (SQL injection vulnerability in search.asp in Xigla Absolute Form
...)
+	TODO: check
+CVE-2008-2761 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla
Absolute ...)
+	TODO: check
+CVE-2008-2760 (SQL injection vulnerability in searchbanners.asp in Xigla
Absolute ...)
+	TODO: check
+CVE-2008-2759 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla
Absolute ...)
+	TODO: check
+CVE-2008-2758 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla
Absolute ...)
+	TODO: check
+CVE-2008-2757 (SQL injection vulnerability in search.asp in Xigla Absolute News
...)
+	TODO: check
+CVE-2008-2756 (Cross-site scripting (XSS) vulnerability in admin/users.asp in
Xigla ...)
+	TODO: check
+CVE-2008-2755 (SQL injection vulnerability in index.php in JAMM CMS allows
remote ...)
+	TODO: check
+CVE-2008-2754 (SQL injection vulnerability in toplists.php in eFiction 3.0 and
3.4.3, ...)
+	TODO: check
+CVE-2008-2753 (Multiple SQL injection vulnerabilities in Pooya Site Builder
(PSB) 6.0 ...)
+	TODO: check
+CVE-2008-2752 (Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not
properly ...)
+	TODO: check
+CVE-2008-2751 (Multiple cross-site scripting (XSS) vulnerabilities in the
Glassfish ...)
+	TODO: check
+CVE-2008-2750 (The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the
Linux ...)
+	TODO: check
+CVE-2008-2749 (Unspecified vulnerability in cshttpd in Sun Java System Calendar
...)
+	TODO: check
+CVE-2008-2748 (Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause
a ...)
+	TODO: check
+CVE-2008-2747 (No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak
...)
+	TODO: check
+CVE-2008-2746 (SQL injection vulnerability in login.php in Gryphon gllcTS2
4.2.4 ...)
+	TODO: check
+CVE-2008-2745 (Stack-based buffer overflow in BiAnno ActiveX Control
(BiAnno.ocx) in ...)
+	TODO: check
+CVE-2008-2744 (Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and
3.7.1 ...)
+	TODO: check
+CVE-2008-2743 (Cross-site scripting (XSS) vulnerability in the embedded web
server in ...)
+	TODO: check
+CVE-2008-2742 (Unrestricted file upload in the mcpuk file editor ...)
+	TODO: check
+CVE-2008-2741
+	RESERVED
+CVE-2008-2740
+	RESERVED
+CVE-2008-2739
+	RESERVED
+CVE-2008-2738
+	RESERVED
+CVE-2008-2737
+	RESERVED
+CVE-2008-2736
+	RESERVED
+CVE-2008-2735
+	RESERVED
+CVE-2008-2734
+	RESERVED
+CVE-2008-2733
+	RESERVED
+CVE-2008-2732
+	RESERVED
+CVE-2008-2731
+	RESERVED
+CVE-2008-2730
+	RESERVED
+CVE-2008-2729
+	RESERVED
+CVE-2008-2728
+	RESERVED
+CVE-2008-2727
+	RESERVED
+CVE-2008-2726
+	RESERVED
+CVE-2008-2725
+	RESERVED
+CVE-2008-2718 (Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in
TYPO3 ...)
+	TODO: check
+CVE-2008-2716 (Unspecified vulnerability in Opera before 9.5 allows remote
attackers ...)
+	TODO: check
+CVE-2008-2715 (Unspecified vulnerability in Opera before 9.5 allows remote
attackers ...)
+	TODO: check
+CVE-2008-2714 (Opera before 9.26 allows remote attackers to misrepresent web
page ...)
+	TODO: check
+CVE-2008-2710 (Integer signedness error in the ip_set_srcfilter function in the
IP ...)
+	TODO: check
+CVE-2008-2709 (Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR
module ...)
+	TODO: check
+CVE-2008-2708 (Unspecified vulnerability in the Sun (1) UltraSPARC T2 and (2)
...)
+	TODO: check
+CVE-2008-2707 (Unspecified vulnerability in the e1000g driver in Sun Solaris 10
and ...)
+	TODO: check
+CVE-2008-2706 (Unspecified vulnerability in the event port implementation in
Sun ...)
+	TODO: check
+CVE-2008-2705 (Unspecified vulnerability in Sun Java System Access Manager (AM)
7.1, ...)
+	TODO: check
+CVE-2008-2704 (Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1
allows ...)
+	TODO: check
+CVE-2008-2703 (Multiple stack-based buffer overflows in Novell GroupWise
Messenger ...)
+	TODO: check
+CVE-2008-2702 (Directory traversal vulnerability in the FTP client in ALTools
ESTsoft ...)
+	TODO: check
+CVE-2008-2701 (SQL injection vulnerability in the GameQ (com_gameq) component
4.0 and ...)
+	TODO: check
+CVE-2008-2700 (SQL injection vulnerability in view.php in Galatolo WebManager
1.0 and ...)
+	TODO: check
+CVE-2008-2699 (Multiple directory traversal vulnerabilities in Galatolo
WebManager ...)
+	TODO: check
+CVE-2008-2698 (Multiple cross-site scripting (XSS) vulnerabilities in
photo_add-c.php ...)
+	TODO: check
+CVE-2008-2697 (SQL injection vulnerability in the Rapid Recipe
(com_rapidrecipe) ...)
+	TODO: check
+CVE-2008-2695 (Directory traversal vulnerability in entry.php in phpInv 0.8.0
allows ...)
+	TODO: check
+CVE-2008-2694 (Cross-site scripting (XSS) vulnerability in search.php in phpInv
0.8.0 ...)
+	TODO: check
+CVE-2008-2693 (Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX
control ...)
+	TODO: check
+CVE-2008-2692 (SQL injection vulnerability in the yvComment (com_yvcomment)
component ...)
+	TODO: check
+CVE-2008-2691 (SQL injection vulnerability in read.asp in JiRo''s FAQ
Manager ...)
+	TODO: check
+CVE-2008-2690 (Multiple PHP remote file inclusion vulnerabilities in BrowserCRM
...)
+	TODO: check
+CVE-2008-2689 (PHP remote file inclusion vulnerability in pub/clients.php in
...)
+	TODO: check
+CVE-2008-2688 (SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart
7.3 ...)
+	TODO: check
+CVE-2008-2687 (Directory traversal vulnerability in inc/config.php in
ProManager 0.73 ...)
+	TODO: check
+CVE-2008-2686 (webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier
allows ...)
+	TODO: check
 CVE-2008-XXXX [insecure tempfile in wdiff]
 	- wdiff 0.5-18 (low; bug #425254)
-CVE-2008-2719 [nasm off-by-one in ppscan function]
+CVE-2008-2719 (Off-by-one error in the ppscan function (preproc.c) in Netwide
...)
 	- nasm 2.03.01-1 (low; bug #486715)
 	[etch] - nasm <not-affected> (vulnerable code not present)
 	NOTE: http://www.openwall.com/lists/oss-security/2008/06/11/4
-CVE-2008-2712 [multiple vulnerabilities in several vimscripts]
+CVE-2008-2712 (Vim 7.1.314, 6.4, and other versions allows user-assisted remote
...)
 	- vim 1:7.1.314-3 (medium; bug #486502)
 	NOTE: a bunch of these are probably low but because of the filetype.vim issue
 	NOTE: I set this to medium
 	NOTE: http://www.rdancer.org/vulnerablevim.html
-CVE-2008-2696 [exiv2 DoS via certain metadata in images]
+CVE-2008-2696 (Exiv2 0.16 allows user-assisted remote attackers to cause a
denial of ...)
 	- exiv2 0.17-1 (low; bug #486328)
 	NOTE:
http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
-CVE-2008-2713 [ClamaV DoS]
+CVE-2008-2713 (libclamav/petite.c in ClamAV before 0.93.1 allows remote
attackers to ...)
 	{DTSA-138-1}
 	- clamav 0.93.1.dfsg-1 (low)
-CVE-2008-2711 [fetchmail DoS in -vv mode]
+CVE-2008-2711 (fetchmail 6.3.8 and earlier, when running in -v -v mode, allows
remote ...)
 	- fetchmail <unfixed> (unimportant)
 	NOTE: http://www.openwall.com/lists/oss-security/2008/06/13/1
 	NOTE: -vv is only used for debugging purposes so this does not
 	NOTE: prevent a victim from getting mails. -vv is not used in non-interactive
 	NOTE: use.
-CVE-2008-2720 [gallery2 XSS via host and path attributes]
+CVE-2008-2720 (Cross-site scripting (XSS) vulnerability in Menalto Gallery
before ...)
 	- gallery2 2.2.5-1 (low; bug #485947)
 	- gallery <not-affected> (Vulnerable code not present, different
codebase)
-CVE-2008-2721 [gallery2 attackers can optain hidden albums]
+CVE-2008-2721 (Unspecified vulnerability in the album-select module in Menalto
...)
 	- gallery2 2.2.5-1 (low; bug #485947)
 	- gallery <not-affected> (Vulnerable code not present, different
codebase)
-CVE-2008-2722 [gallery2 permission bypass for sub-albums]
+CVE-2008-2722 (Menalto Gallery before 2.2.5 allows remote attackers to bypass
...)
 	- gallery2 2.2.5-1 (low; bug #485947)
 	- gallery <not-affected> (Vulnerable code not present, different
codebase)
-CVE-2008-2723 [gallery2 path disclosure]
+CVE-2008-2723 (embed.php in Menalto Gallery before 2.2.5 allows remote
attackers to ...)
 	- gallery2 2.2.5-1 (low; bug #485947)
 	- gallery <not-affected> (Vulnerable code not present, different
codebase)
-CVE-2008-2724 [gallery2 access restriction bypass]
+CVE-2008-2724 (Menalto Gallery before 2.2.5 does not enforce permissions for
...)
 	- gallery2 2.2.5-1 (low; bug #485947)
 	- gallery <not-affected> (Vulnerable code not present, different
codebase)
-CVE-2008-2717 [typo3 code execution & xss]
+CVE-2008-2717 (TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before
4.2.1, ...)
 	{DSA-1596-1}
 	- typo3-src 4.1.7-1 (bug #485814)
 CVE-2008-2685 (SQL injection vulnerability in article.asp in Battle Blog 1.25
Build 4 ...)
@@ -129,10 +309,10 @@
 	NOT-FOR-US: OtomiGenX
 CVE-2008-2641
 	RESERVED
-CVE-2008-2640
-	RESERVED
-CVE-2008-2639
-	RESERVED
+CVE-2008-2640 (Multiple cross-site scripting (XSS) vulnerabilities in the Flex
3 ...)
+	TODO: check
+CVE-2008-2639 (Stack-based buffer overflow in the ODBC server service in Citect
...)
+	TODO: check
 CVE-2008-2638 (Static code injection vulnerability in guestbook.php in 1Book
1.0.1 ...)
 	NOT-FOR-US: 1Book
 CVE-2008-2637 (Multiple cross-site scripting (XSS) vulnerabilities in F5
FirePass SSL ...)
@@ -289,8 +469,7 @@
 	NOT-FOR-US: 427BB
 CVE-2008-2560 (SQL injection vulnerability in showpost.php in 427BB 2.3.1
allows ...)
 	NOT-FOR-US: 427BB
-CVE-2008-2654 [off-by-one in webhttpd.c]
-	RESERVED
+CVE-2008-2654 (Off-by-one error in the read_client function in webhttpd.c in
Motion ...)
 	- motion 3.2.9-3 (low; bug #484572)
 CVE-2008-2667 [sql injection vulnerability in courier-authlib]
 	RESERVED
@@ -559,8 +738,8 @@
 	RESERVED
 CVE-2008-2429
 	RESERVED
-CVE-2008-2428
-	RESERVED
+CVE-2008-2428 (Multiple SQL injection vulnerabilities in TorrentTrader 1.08
Classic ...)
+	TODO: check
 CVE-2008-2427
 	RESERVED
 CVE-2008-2426 (Multiple stack-based buffer overflows in Imlib 2 (aka imlib2)
1.4.0 ...)
@@ -694,28 +873,24 @@
 	RESERVED
 CVE-2008-2367
 	RESERVED
-CVE-2008-2366
-	RESERVED
+CVE-2008-2366 (Untrusted search path vulnerability in a certain Red Hat build
script ...)
+	TODO: check
 CVE-2008-2365
 	RESERVED
-CVE-2008-2364 [apache2 mod_proxy_http DoS]
-	RESERVED
+CVE-2008-2364 (The ap_proxy_http_process_response function in mod_proxy_http.c
in the ...)
 	- apache2 2.2.9-1 (low)
 	TODO: check apache 1.3
 CVE-2008-2363 (The PartsBatch class in Pan 0.132 and earlier does not properly
manage ...)
 	- pan 0.132-3.1 (bug #483562)
 	[etch] - pan <not-affected> (Vulnerable code not added until 0.130)
 	NOTE: see
http://svn.gnome.org/viewvc/pan2/trunk/pan/data/parts.cc?view=log&pathrev=286
-CVE-2008-2362 [RENDER Extension memory corruption]
-	RESERVED
+CVE-2008-2362 (Multiple integer overflows in the Render extension in the X
server 1.4 ...)
 	{DSA-1595-1}
 	- xorg-server 2:1.4.1~git20080517-2
-CVE-2008-2361 [RENDER Extension crash]
-	RESERVED
+CVE-2008-2361 (Integer overflow in the ProcRenderCreateCursor function in the
Render ...)
 	{DSA-1595-1}
 	- xorg-server 2:1.4.1~git20080517-2
-CVE-2008-2360 [RENDER Extension heap buffer overflow]
-	RESERVED
+CVE-2008-2360 (Integer overflow in the AllocateGlyph function in the Render
extension ...)
 	{DSA-1595-1}
 	- xorg-server 2:1.4.1~git20080517-2
 CVE-2008-2359 (The default configuration of consolehelper in
system-config-network ...)
@@ -1372,8 +1547,8 @@
 	RESERVED
 CVE-2008-2061
 	RESERVED
-CVE-2008-2060
-	RESERVED
+CVE-2008-2060 (Unspecified vulnerability in Cisco Intrusion Prevention System
(IPS) ...)
+	TODO: check
 CVE-2008-2059 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security
...)
 	NOT-FOR-US: Cisco
 CVE-2008-2058 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security
...)
@@ -1942,14 +2117,11 @@
 	RESERVED
 CVE-2008-1809
 	RESERVED
-CVE-2008-1808 [two heap overflows in PFB and TTF font parsing routine]
-	RESERVED
+CVE-2008-1808 (Multiple off-by-one errors in FreeType2 before 2.3.6 allow ...)
 	- freetype 2.3.6-1 (low; bug #485841)
-CVE-2008-1807 [heap overflow in PFB font parsing routine]
-	RESERVED
+CVE-2008-1807 (FreeType2 before 2.3.6 allow context-dependent attackers to
execute ...)
 	- freetype 2.3.6-1 (medium; bug #485841)
-CVE-2008-1806 [heap overflow in PFB font parsing routine]
-	RESERVED
+CVE-2008-1806 (Integer overflow in FreeType2 before 2.3.6 allows
context-dependent ...)
 	- freetype 2.3.6-1 (medium; bug #485841)
 CVE-2008-1805 (Incomplete blacklist vulnerability in Skype 3.6.0.248, and other
...)
 	NOT-FOR-US: Skype
@@ -2958,14 +3130,12 @@
 	- icedove <unfixed>
 	- iceape 1.1.9-2
 	- xulrunner 1.8.1.14-1
-CVE-2008-1379 [MIT-SHM arbitrary memory read]
-	RESERVED
+CVE-2008-1379 (Integer overflow in the fbShmPutImage function in the MIT-SHM
...)
 	{DSA-1595-1}
 	- xorg-server 2:1.4.1~git20080517-2
 CVE-2008-1378
 	RESERVED
-CVE-2008-1377 [RECORD and Security extensions memory corruption]
-	RESERVED
+CVE-2008-1377 (The (1) SProcRecordCreateContext and (2)
SProcRecordRegisterClients ...)
 	{DSA-1595-1}
 	- xorg-server 2:1.4.1~git20080517-2
 CVE-2008-1376
@@ -4067,8 +4237,8 @@
 	NOT-FOR-US: Novell eDirectory
 CVE-2008-0926 (The SOAP interface to the eMBox module in Novell eDirectory
8.7.3.9 ...)
 	NOT-FOR-US: Novell eDirectory
-CVE-2008-0925
-	RESERVED
+CVE-2008-0925 (Cross-site scripting (XSS) vulnerability in the iMonitor
interface in ...)
+	TODO: check
 CVE-2008-0924 (Stack-based buffer overflow in the DoLBURPRequest function in
libnldap ...)
 	NOT-FOR-US: Novell eDirectory
 CVE-2008-0923 (Directory traversal vulnerability in the Shared Folders feature
for ...)
@@ -6108,8 +6278,8 @@
 	{DSA-1512-1}
 	- evolution 2.12.3-1.1
 	NOTE: SA29057
-CVE-2008-0071
-	RESERVED
+CVE-2008-0071 (The Web UI interface in (1) BitTorrent before 6.0.3 build 8642
and (2) ...)
+	TODO: check
 CVE-2008-0070 (Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote
BETA ...)
 	NOT-FOR-US: Orb Networks Orb and Winamp Remote BETA
 CVE-2008-0069 (Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows
...)
Secure testing commits - Jun 2008 - r9113 - data/CVE

[Secure-testing-commits] r9113 - data/CVE
