white at alioth.debian.org
2008-Jul-09 15:48 UTC
[Secure-testing-commits] r9281 - data/CVE
Author: white
Date: 2008-07-09 15:48:57 +0000 (Wed, 09 Jul 2008)
New Revision: 9281
Modified:
data/CVE/list
Log:
NFUs; cgiwraps not affected
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-07-09 15:25:52 UTC (rev 9280)
+++ data/CVE/list 2008-07-09 15:48:57 UTC (rev 9281)
@@ -376,99 +376,99 @@
CVE-2008-2889 (Directory traversal vulnerability in the FTP client in AceBIT
WISE-FTP ...)
TODO: check
CVE-2008-2888 (Multiple PHP remote file inclusion vulnerabilities in MiGCMS
2.0.5, ...)
- TODO: check
+ NOT-FOR-US: MiGCMS
CVE-2008-2887 (Directory traversal vulnerability in index.php in chaozz at work
...)
- TODO: check
+ NOT-FOR-US: FubarForum
CVE-2008-2886 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Jamroom
CVE-2008-2885 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Open Digital Assets Repository System
CVE-2008-2884 (PHP remote file inclusion vulnerability in display.php in ...)
- TODO: check
+ NOT-FOR-US: RSS-aggregator
CVE-2008-2883 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Jamroom
CVE-2008-2882 (upgrade.asp in sHibby sHop 2.2 and earlier does not require ...)
- TODO: check
+ NOT-FOR-US: sHibby sHop
CVE-2008-2881 (Relative Real Estate Systems 3.0 and earlier stores passwords in
...)
- TODO: check
+ NOT-FOR-US: Relative Real Estate Systems
CVE-2008-2880 (Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1
and ...)
- TODO: check
+ NOT-FOR-US: IBM AFP Viewer Plug-in
CVE-2008-2879 (Benja CMS 0.1 does not require authentication for access to
admin/, ...)
- TODO: check
+ NOT-FOR-US: Benja CMS
CVE-2008-2878 (Open redirect vulnerability in rss_getfile.php in Academic Web
Tools ...)
- TODO: check
+ NOT-FOR-US: Academic Web Tools
CVE-2008-2877 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: cmsWorks
CVE-2008-2876 (Directory traversal vulnerability in index.php in mUnky 0.0.1
allows ...)
- TODO: check
+ NOT-FOR-US: mUnky
CVE-2008-2875 (SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0
...)
- TODO: check
+ NOT-FOR-US: Webdevindo-CMS
CVE-2008-2874 (SQL injection vulnerability in index.php in Softbiz Jokes
& Funny Pics ...)
- TODO: check
+ NOT-FOR-US: Softbiz Jokes & Funny Pics
CVE-2008-2873 (sHibby sHop 2.2 and earlier stores sensitive information under
the web ...)
- TODO: check
+ NOT-FOR-US: sHibby sHop
CVE-2008-2872 (SQL injection vulnerability in default.asp in sHibby sHop 2.2
and ...)
- TODO: check
+ NOT-FOR-US: sHibby sHop
CVE-2008-2871 (Multiple cross-site scripting (XSS) vulnerabilities in
template2.php ...)
- TODO: check
+ NOT-FOR-US: PEGames
CVE-2008-2870 (Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta
allow ...)
- TODO: check
+ NOT-FOR-US: ShareCMS
CVE-2008-2869 (SQL injection vulnerability in out.php in E-topbiz Link ADS 1
allows ...)
- TODO: check
+ NOT-FOR-US: E-topbiz Link ADS
CVE-2008-2868 (SQL injection vulnerability in detail.asp in DUware DUcalendar
1.0 and ...)
- TODO: check
+ NOT-FOR-US: ware DUcalendar
CVE-2008-2867 (SQL injection vulnerability in adclick.php in E-topbiz Viral DX
1 2.07 ...)
- TODO: check
+ NOT-FOR-US: E-topbiz Viral
CVE-2008-2866 (SQL injection vulnerability in csc_article_details.php in
Caupo.net ...)
- TODO: check
+ NOT-FOR-US: CaupoShop Classic
CVE-2008-2865 (SQL injection vulnerability in index.php in Kalptaru Infotech
PHP Site ...)
- TODO: check
+ NOT-FOR-US: Kalptaru Infotech PHP Site
CVE-2008-2864 (eLineStudio Site Composer (ESC) 2.6 and earlier allows remote
...)
- TODO: check
+ NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2863 (Multiple absolute path traversal vulnerabilities in eLineStudio
Site ...)
- TODO: check
+ NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2862 (Multiple SQL injection vulnerabilities in eLineStudio Site
Composer ...)
- TODO: check
+ NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2861 (Multiple cross-site scripting (XSS) vulnerabilities in
eLineStudio ...)
- TODO: check
+ NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2860 (SQL injection vulnerability in category.php in AJSquare AJ
Auction Pro ...)
- TODO: check
+ NOT-FOR-US: AJSquare AJ Auction Pro Web
CVE-2008-2859 (Unspecified vulnerability in the IMAP service in NetWin
SurgeMail ...)
- TODO: check
+ NOT-FOR-US: NetWin SurgeMail
CVE-2008-2858 (SQL injection vulnerability in index.php in WebChamado 1.1
allows ...)
- TODO: check
+ NOT-FOR-US: WebChamado
CVE-2008-2857 (AlstraSoft AskMe Pro 2.1 and earlier stores passwords in
cleartext in ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2008-2856 (SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows
...)
- TODO: check
+ NOT-FOR-US: OwnRS
CVE-2008-2855 (Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS
Beta 3 ...)
- TODO: check
+ NOT-FOR-US: OwnRS
CVE-2008-2854 (Multiple PHP remote file inclusion vulnerabilities in Orlando
CMS 0.6 ...)
- TODO: check
+ NOT-FOR-US: Orlando CMS
CVE-2008-2853 (SQL injection vulnerability in index.php in Easy Webstore 1.2
allows ...)
- TODO: check
+ NOT-FOR-US: Easy Webstore
CVE-2008-2852 (Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1,
when ...)
- TODO: check
+ - cgiwrap <not-affected> (Windows specific issue)
CVE-2008-2851 (Multiple buffer overflows in OFF System before 0.19.14 allow
remote ...)
- TODO: check
+ NOT-FOR-US: OFF System
CVE-2008-2850 (SQL injection vulnerability in the TrailScout module 5.x before
...)
TODO: check
CVE-2008-2849 (Cross-site scripting (XSS) vulnerability in the TrailScout
module 5.x ...)
TODO: check
CVE-2008-2848 (Cross-site scripting (XSS) vulnerability in the search
functionality ...)
- TODO: check
+ NOT-FOR-US: MindTouch DekiWiki
CVE-2008-2847 (SQL injection vulnerability in the Trade module in Maxtrade AIO
1.3.23 ...)
- TODO: check
+ NOT-FOR-US: Maxtrade
CVE-2008-2846 (SQL injection vulnerability in index.php in BoatScripts
Classifieds ...)
- TODO: check
+ NOT-FOR-US: BoatScripts Classifieds
CVE-2008-2845 (SQL injection vulnerability in index.php in MyBizz-Classifieds
allows ...)
- TODO: check
+ NOT-FOR-US: MyBizz-Classifieds
CVE-2008-2844 (SQL injection vulnerability in index.php in Carscripts
Classifieds ...)
- TODO: check
+ NOT-FOR-US: Carscripts Classifieds
CVE-2008-2843 (Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and
...)
- TODO: check
+ NOT-FOR-US: doITLive CMS
CVE-2008-2842 (Cross-site scripting (XSS) vulnerability in edit/showmedia.asp
in ...)
- TODO: check
+ NOT-FOR-US: doITLive CMS
CVE-2008-2950 (The Page destructor in Page.cc in libpoppler in Poppler 0.8.4
and ...)
{DTSA-146-1}
- poppler 0.8.4-1.1 (medium; bug #489756)