thr3ads.net - Secure testing commits - [Secure-testing-commits] r9138

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Jun-25 09:14 UTC
[Secure-testing-commits] r9138 - data/CVE

Author: joeyh
Date: 2008-06-25 09:14:11 +0000 (Wed, 25 Jun 2008)
New Revision: 9138

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-06-24 21:29:44 UTC (rev 9137)
+++ data/CVE/list	2008-06-25 09:14:11 UTC (rev 9138)
@@ -1,13 +1,119 @@
+CVE-2008-2841 (Argument injection vulnerability in XChat 2.8.7b and earlier on
...)
+	TODO: check
+CVE-2008-2840 (Multiple directory traversal vulnerabilities in Exero CMS 1.0.0
and ...)
+	TODO: check
+CVE-2008-2839 (Cross-site scripting (XSS) vulnerability in the search module in
...)
+	TODO: check
+CVE-2008-2838 (Directory traversal vulnerability in index.php in Traindepot 0.1
...)
+	TODO: check
+CVE-2008-2837 (SQL injection vulnerability in index.php in CMS-BRD allows
remote ...)
+	TODO: check
+CVE-2008-2836 (PHP remote file inclusion vulnerability in send_reminders.php in
...)
+	TODO: check
+CVE-2008-2835 (SQL injection vulnerability in cgi-bin/igsuite in IGSuite 3.2.4
allows ...)
+	TODO: check
+CVE-2008-2834 (SQL injection vulnerability in projects.php in Scientific Image
...)
+	TODO: check
+CVE-2008-2833 (admin/upload.php in le.cms 1.4 and earlier allows remote
attackers to ...)
+	TODO: check
+CVE-2008-2832 (Unrestricted file upload vulnerability in calendar_admin.asp in
Full ...)
+	TODO: check
+CVE-2008-2831
+	RESERVED
+CVE-2008-2830 (ARDAgent in Apple Mac OS X 10.4 and 10.5 allows local users to
gain ...)
+	TODO: check
+CVE-2008-2829 (php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses
obsolete ...)
+	TODO: check
+CVE-2008-2826
+	RESERVED
+CVE-2008-2825 (Cross-site scripting (XSS) vulnerability in the embedded Web
Server in ...)
+	TODO: check
+CVE-2008-2824 (Unspecified vulnerability in the Extensible Interface Platform
in Web ...)
+	TODO: check
+CVE-2008-2823 (SQL injection vulnerability in newsarchive.php in PHPeasyblog
...)
+	TODO: check
+CVE-2008-2822 (Multiple directory traversal vulnerabilities in the FTP client
in ...)
+	TODO: check
+CVE-2008-2821 (Directory traversal vulnerability in the FTP client in Glub Tech
...)
+	TODO: check
+CVE-2008-2820 (Directory traversal vulnerability in lang/lang-system.php in
Open ...)
+	TODO: check
+CVE-2008-2819 (SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and
...)
+	TODO: check
+CVE-2008-2818 (Directory traversal vulnerability in Easy-Clanpage 3.0 b1 allows
...)
+	TODO: check
+CVE-2008-2817 (SQL injection vulnerability in albums.php in NiTrO Web Gallery
1.4.3 ...)
+	TODO: check
+CVE-2008-2816 (SQL injection vulnerability in post.php in Oxygen (aka O2PHP
Bulletin ...)
+	TODO: check
+CVE-2008-2815 (SQL injection vulnerability in shopping/index.php in MyMarket
1.72 ...)
+	TODO: check
+CVE-2008-2814 (Cross-site scripting (XSS) vulnerability in WallCity-Server
Shoutcast ...)
+	TODO: check
+CVE-2008-2813 (Directory traversal vulnerability in index.php in
WallCity-Server ...)
+	TODO: check
+CVE-2008-2812
+	RESERVED
+CVE-2008-2811
+	RESERVED
+CVE-2008-2810
+	RESERVED
+CVE-2008-2809
+	RESERVED
+CVE-2008-2808
+	RESERVED
+CVE-2008-2807
+	RESERVED
+CVE-2008-2806
+	RESERVED
+CVE-2008-2805
+	RESERVED
+CVE-2008-2804
+	RESERVED
+CVE-2008-2803
+	RESERVED
+CVE-2008-2802
+	RESERVED
+CVE-2008-2801
+	RESERVED
+CVE-2008-2800
+	RESERVED
+CVE-2008-2799
+	RESERVED
+CVE-2008-2798
+	RESERVED
+CVE-2008-2797 (Cross-site scripting (XSS) vulnerability in MainLayout.do in
...)
+	TODO: check
+CVE-2008-2796 (SQL injection vulnerability in index.php in FreeCMS 0.2 allows
remote ...)
+	TODO: check
+CVE-2008-2795 (Directory traversal vulnerability in the FTP and SFTP clients in
IDM ...)
+	TODO: check
+CVE-2008-2794 (Unspecified vulnerability in the GUI in Symantec Altiris
Notification ...)
+	TODO: check
+CVE-2008-2793 (SQL injection vulnerability in group_posts.php in ClipShare
before ...)
+	TODO: check
+CVE-2008-2792 (SQL injection vulnerability in index.php in eroCMS 1.4 and
earlier ...)
+	TODO: check
+CVE-2008-2791 (SQL injection vulnerability in product.detail.php in Kalptaru
Infotech ...)
+	TODO: check
+CVE-2008-2790 (SQL injection vulnerability in detail.php in MountainGrafix
easyTrade ...)
+	TODO: check
+CVE-2008-2789 (SQL injection vulnerability in pages/index.php in BASIC-CMS
allows ...)
+	TODO: check
+CVE-2008-2788 (Cross-site scripting (XSS) vulnerability in index.php in
OpenDocMan ...)
+	TODO: check
+CVE-2008-2787 (Cross-site scripting (XSS) vulnerability in out.php in
OpenDocMan ...)
+	TODO: check
 CVE-2008-XXXX [phpMyAdmin PMASA-2008-4 XSS]
 	- phpmyadmin 4:2.11.7~rc2-1 (unimportant)
 	NOTE: We haven''t supported installations with register_globals
enabled since a long time
-CVE-2008-2827 [rmtree() function follows symlinks and changes permissions]
+CVE-2008-2827 (The rmtree function in lib/File/Path.pm in Perl 5.10 does not
properly ...)
 	{DTSA-142-1}
 	- perl 5.10.0-11 (bug #487319; medium)
 	[etch] - perl <not-affected> (doesn''t change link target
permissions)
 	NOTE: affects other packages like debsums, see bugreport
 	NOTE: CVE id requested
-CVE-2008-2828 [tmsnc buffer overflow in UBX handling]
+CVE-2008-2828 (Stack-based buffer overflow in tmsnc allows remote attackers to
cause ...)
 	- tmsnc 0.3.2-1.1 (low; bug #487222)
 CVE-2008-2786 (Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and
attack ...)
 	TODO: check
@@ -132,12 +238,10 @@
 	RESERVED
 CVE-2008-2727
 	RESERVED
-CVE-2008-2726 [integer overflow in rb_ary_splice()]
-	RESERVED
+CVE-2008-2726 (Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and
...)
 	- ruby1.9 1.9.0.2-1
 	- ruby1.8 1.8.7.22-1
-CVE-2008-2725 [integer overflow in rb_ary_splice()]
-	RESERVED
+CVE-2008-2725 (Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and
...)
 	- ruby1.9 1.9.0.2-1
 	- ruby1.8 1.8.7.22-1
 CVE-2008-2718 (Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in
TYPO3 ...)
@@ -272,24 +376,19 @@
 	NOT-FOR-US: yBlog
 CVE-2008-2668 (Multiple cross-site scripting (XSS) vulnerabilities in yBlog
0.2.2.2 ...)
 	NOT-FOR-US: yBlog
-CVE-2008-2666 [php ftok() safe mode bypass]
-	RESERVED
+CVE-2008-2666 (Multiple directory traversal vulnerabilities in PHP 5.2.6 and
earlier ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: safe mode not supported
-CVE-2008-2665 [php posix_access() safe mode bypass]
-	RESERVED
+CVE-2008-2665 (Directory traversal vulnerability in the posix_access function
in PHP ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: safe mode not supported
-CVE-2008-2664 [unsafe use of alloca in rb_str_format()]
-	RESERVED
+CVE-2008-2664 (The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5
before ...)
 	- ruby1.9 1.9.0.2-1
 	- ruby1.8 1.8.7.22-1
-CVE-2008-2663 [integer overflows in rb_ary_store()]
-	RESERVED
+CVE-2008-2663 (Multiple integer overflows in the rb_ary_store function in Ruby
1.8.4 ...)
 	- ruby1.9 1.9.0.2-1
 	- ruby1.8 1.8.7.22-1
-CVE-2008-2662 [Integer overflows in rb_str_buf_append()]
-	RESERVED
+CVE-2008-2662 (Multiple integer overflows in the rb_str_buf_append function in
Ruby ...)
 	- ruby1.9 1.9.0.2-1
 	- ruby1.8 1.8.7.22-1
 CVE-2008-2661
@@ -539,7 +638,7 @@
 	NOT-FOR-US: NASA Ames Research Center BigView
 CVE-2008-2541 (Multiple stack-based buffer overflows in the HTTP Gateway
Service ...)
 	NOT-FOR-US: CA eTrust
-CVE-2008-2540 (Apple Safari does not prompt the user before downloading an
object ...)
+CVE-2008-2540 (Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not
prompt ...)
 	NOT-FOR-US: Apple Safari
 CVE-2008-2539 (The Sun Cluster Global File System in Sun Cluster 3.1 on Sun
Solaris 8 ...)
 	NOT-FOR-US: Sun Solaris 8
@@ -763,8 +862,8 @@
 	RESERVED
 CVE-2008-2428 (Multiple SQL injection vulnerabilities in TorrentTrader 1.08
Classic ...)
 	TODO: check
-CVE-2008-2427
-	RESERVED
+CVE-2008-2427 (Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and
XnView ...)
+	TODO: check
 CVE-2008-2426 (Multiple stack-based buffer overflows in Imlib 2 (aka imlib2)
1.4.0 ...)
 	{DSA-1594-1}
 	- imlib2 1.4.0-1.1 (medium; bug #483816)
@@ -1023,10 +1122,10 @@
 	RESERVED
 CVE-2008-2308
 	RESERVED
-CVE-2008-2307
-	RESERVED
-CVE-2008-2306
-	RESERVED
+CVE-2008-2307 (Unspecified vulnerability in WebKit in Apple Safari before 3.1.2
on ...)
+	TODO: check
+CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret
the ...)
+	TODO: check
 CVE-2008-2305
 	RESERVED
 CVE-2008-2304
@@ -1815,8 +1914,7 @@
 	NOT-FOR-US: Web Calendar Pro
 CVE-2008-1953 (Cross-site scripting (XSS) vulnerability in the Sitedesigner
before ...)
 	NOT-FOR-US: Sitedesigner
-CVE-2008-1952
-	RESERVED
+CVE-2008-1952 (The backend for XenSource Xen Para Virtualized Frame Buffer
(PVFB) in ...)
 	- xen-3 <unfixed> (high; bug #487095)
 	- xen-unstable <not-affected> (Vulnerable code not present, introduced
in changeset 17630)
 	TODO: check that next upload includes changes until changeset 17643 or higher
@@ -1964,7 +2062,7 @@
 	NOT-FOR-US: W2B Online Banking
 CVE-2008-1892 (Cross-site scripting (XSS) vulnerability in bs_auth.php in ...)
 	NOT-FOR-US: Blogator-script
-CVE-2008-1891 (Directory traversal vulnerability in WEBrick in Ruby 1.9.0 and
...)
+CVE-2008-1891 (Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and
...)
 	- ruby1.8 1.9.0.1-1 (unimportant)
 	- ruby1.9 <unfixed> (unimportant)
 	NOTE: corner-case only exploitable if web application is run on windows fs
@@ -12511,7 +12609,7 @@
 	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.20)
 CVE-2007-4566 (Multiple buffer overflows in the login mechanism in sidvault in
Alpha ...)
 	NOT-FOR-US: SIDVault
-CVE-2007-4565 (fetchmail before 6.3.9 allows context-dependent attackers to
cause a ...)
+CVE-2007-4565 (sink.c in fetchmail before 6.3.9 allows context-dependent
attackers to ...)
 	{DSA-1377-2}
 	- fetchmail 6.3.8-8 (bug #440006; low)
 	[etch] - fetchmail <no-dsa> (Hardly a security problem)
Secure testing commits - Jun 2008 - r9138 - data/CVE

[Secure-testing-commits] r9138 - data/CVE
