thr3ads.net - Secure testing commits - [Secure-testing-commits] r9483

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Jul-31 21:14 UTC
[Secure-testing-commits] r9483 - data/CVE

Author: joeyh
Date: 2008-07-31 21:14:09 +0000 (Thu, 31 Jul 2008)
New Revision: 9483

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-07-31 20:19:50 UTC (rev 9482)
+++ data/CVE/list	2008-07-31 21:14:09 UTC (rev 9483)
@@ -1,3 +1,135 @@
+CVE-2008-3421 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+	TODO: check
+CVE-2008-3420 (Multiple SQL injection vulnerabilities in Mobius Web Publishing
...)
+	TODO: check
+CVE-2008-3419 (SQL injection vulnerability in ugroups.php in Youtuber Clone
allows ...)
+	TODO: check
+CVE-2008-3418 (SQL injection vulnerability in browse.php in TriO 2.1 and
earlier ...)
+	TODO: check
+CVE-2008-3417 (SQL injection vulnerability in home/index.asp in fipsCMS light
2.1 and ...)
+	TODO: check
+CVE-2008-3416 (SQL injection vulnerability in modules/members.php in IceBB
before ...)
+	TODO: check
+CVE-2008-3415 (Directory traversal vulnerability in common.php in CMScout 2.05,
when ...)
+	TODO: check
+CVE-2008-3414 (SQL injection vulnerability in line2.php in SiteAdmin allows
remote ...)
+	TODO: check
+CVE-2008-3413 (SQL injection vulnerability in category.php in Greatclone GC
Auction ...)
+	TODO: check
+CVE-2008-3412 (SQL injection vulnerability in Comsenz EPShop (aka ECShop)
before 3.0 ...)
+	TODO: check
+CVE-2008-3411 (The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006
...)
+	TODO: check
+CVE-2008-3410 (Unreal Tournament 3 1.3beta4 and earlier allows remote attackers
to ...)
+	TODO: check
+CVE-2008-3409 (Buffer overflow in Unreal Tournament 3 1.3beta4 and earlier
allows ...)
+	TODO: check
+CVE-2008-3408 (Stack-based buffer overflow in CoolPlayer allows user-assisted
remote ...)
+	TODO: check
+CVE-2008-3407 (phpLinkat 0.1 allows remote attackers to bypass authentication
and ...)
+	TODO: check
+CVE-2008-3406 (SQL injection vulnerability in showcat.php in phpLinkat 0.1
allows ...)
+	TODO: check
+CVE-2008-3405 (Directory traversal vulnerability in index.php in Ricardo Amaral
...)
+	TODO: check
+CVE-2008-3404 (Cross-site scripting (XSS) vulnerability in guestbook.js.php in
...)
+	TODO: check
+CVE-2008-3403 (SQL injection vulnerability in mojoClassified.cgi in
MojoPersonals ...)
+	TODO: check
+CVE-2008-3402 (Multiple PHP remote file inclusion vulnerabilities in HIOX
Browser ...)
+	TODO: check
+CVE-2008-3401 (PHP remote file inclusion vulnerability in hioxRandomAd.php in
HIOX ...)
+	TODO: check
+CVE-2008-3400 (XRMS CRM 1.99.2 allows remote attackers to obtain configuration
...)
+	TODO: check
+CVE-2008-3399 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-3398 (Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM
1.99.2 ...)
+	TODO: check
+CVE-2008-3397 (Cross-site scripting (XSS) vulnerability in Runesoft Cerberus
CMS ...)
+	TODO: check
+CVE-2008-3396 (Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote
...)
+	TODO: check
+CVE-2008-3395 (Calacode @Mail 5.41 on Linux uses weak world-readable
permissions for ...)
+	TODO: check
+CVE-2008-3394 (Multiple cross-site scripting (XSS) vulnerabilities in
search.cfm in ...)
+	TODO: check
+CVE-2008-3393 (SQL injection vulnerability in events.cfm in BookMine allows
remote ...)
+	TODO: check
+CVE-2008-3392 (Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum
9.5 ...)
+	TODO: check
+CVE-2008-3391 (Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz
Forum ...)
+	TODO: check
+CVE-2008-3390 (Directory traversal vulnerability in libraries/general.init.php
in ...)
+	TODO: check
+CVE-2008-3389
+	RESERVED
+CVE-2008-3388 (Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow
remote ...)
+	TODO: check
+CVE-2008-3387 (SQL injection vulnerability in show.php in PHPFootball 1.6
allows ...)
+	TODO: check
+CVE-2008-3386 (SQL injection vulnerability in album.php in AlstraSoft Video
Share ...)
+	TODO: check
+CVE-2008-3385 (Directory traversal vulnerability in include/head_chat.inc.php
in php ...)
+	TODO: check
+CVE-2008-3384 (Multiple directory traversal vulnerabilities in help/help.php in
...)
+	TODO: check
+CVE-2008-3383 (SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows
remote ...)
+	TODO: check
+CVE-2008-3382 (SQL injection vulnerability in mojoClassified.cgi in
MojoClassifieds ...)
+	TODO: check
+CVE-2008-3381 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2008-3380 (Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in
...)
+	TODO: check
+CVE-2008-3379 (Cross-site scripting (XSS) vulnerability in Snark VisualPic
0.3.1 ...)
+	TODO: check
+CVE-2008-3378 (SQL injection vulnerability in comment.php in Fizzmedia 1.51.2
allows ...)
+	TODO: check
+CVE-2008-3377 (SQL injection vulnerability in picture.php in phpTest 0.6.3
allows ...)
+	TODO: check
+CVE-2008-3376 (Multiple unspecified vulnerabilities in JamRoom before 3.4.0
have ...)
+	TODO: check
+CVE-2008-3375 (The jrCookie function in includes/jamroom-misc.inc.php in
JamRoom ...)
+	TODO: check
+CVE-2008-3374 (SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and
earlier ...)
+	TODO: check
+CVE-2008-3373 (The files parsing engine in Grisoft AVG Anti-Virus before
8.0.156 ...)
+	TODO: check
+CVE-2008-3372 (SQL injection vulnerability in search_form.php in Getacoder
Clone ...)
+	TODO: check
+CVE-2008-3371 (Directory traversal vulnerability in install/help.php in
TalkBack ...)
+	TODO: check
+CVE-2008-3370 (SQL injection vulnerability in the CUA Login Module in EMC
Centera ...)
+	TODO: check
+CVE-2008-3369 (SQL injection vulnerability in products_rss.php in ViArt Shop
3.5 and ...)
+	TODO: check
+CVE-2008-3368 (PHP remote file inclusion vulnerability in
tools/packages/import.php ...)
+	TODO: check
+CVE-2008-3367 (Cross-site scripting (XSS) vulnerability in RTE_popup_link.asp
in Web ...)
+	TODO: check
+CVE-2008-3366 (SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0
...)
+	TODO: check
+CVE-2008-3365 (Directory traversal vulnerability in index.php in Pixelpost
1.7.1 on ...)
+	TODO: check
+CVE-2008-3364 (Buffer overflow in the ObjRemoveCtrl Class ActiveX control in
...)
+	TODO: check
+CVE-2008-3363 (Directory traversal vulnerability in user_portal.php in the
Dokeos ...)
+	TODO: check
+CVE-2008-3362 (Unrestricted file upload vulnerability in upload.php in the
Giulio ...)
+	TODO: check
+CVE-2008-3361 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote
web ...)
+	TODO: check
+CVE-2008-3360 (Stack-based buffer overflow in the HTML parser in IntelliTamper
2.0.7 ...)
+	TODO: check
+CVE-2008-3359 (SQL injection vulnerability in register.php in Steve Bourgeois
and ...)
+	TODO: check
+CVE-2008-3358
+	RESERVED
+CVE-2008-3357
+	RESERVED
+CVE-2008-3356
+	RESERVED
 CVE-2008-3355 (SQL injection vulnerability in sitemap.xml.php in Camera Life
2.6.2 ...)
 	NOT-FOR-US: Camera Life
 CVE-2008-3354 (Multiple PHP remote file inclusion vulnerabilities in the Newbb
Plus ...)
@@ -583,8 +715,8 @@
 	RESERVED
 CVE-2008-3101
 	RESERVED
-CVE-2008-3100
-	RESERVED
+CVE-2008-3100 (Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in
Steve ...)
+	TODO: check
 CVE-2008-3099
 	RESERVED
 CVE-2008-3098
@@ -902,6 +1034,8 @@
 CVE-2008-2936
 	RESERVED
 CVE-2008-2935 [libxslt heap overflow]
+	RESERVED
+	{DSA-1624-1}
 	- libxslt <unfixed>
 	NOTE: http://www.ocert.org/advisories/ocert-2008-009.html
 CVE-2008-2934 (Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote
attackers to ...)
@@ -2510,6 +2644,7 @@
 CVE-2008-2236
 	RESERVED
 CVE-2008-2235 [opensc initializes CardOS cards with improper access rights]
+	RESERVED
 	- opensc <unfixed>
 	NOTE: http://www.opensc-project.org/security.html
 CVE-2008-2234
@@ -3845,8 +3980,8 @@
 	NOTE: 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9, fixed in 2.6.24.7 and 2.6.25.2
 CVE-2008-1668
 	RESERVED
-CVE-2008-1667
-	RESERVED
+CVE-2008-1667 (The Probe Builder Service (aka PBOVISServer.exe) in European
...)
+	TODO: check
 CVE-2008-1666 (Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7,
...)
 	NOT-FOR-US: HP Oracle for OpenView
 CVE-2008-1665 (Multiple unspecified vulnerabilities in HP Select Identity
(HPSI) ...)
@@ -4345,7 +4480,7 @@
 CVE-2008-1448
 	RESERVED
 CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before
9.5.0-P1, ...)
-	{DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
+	{DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
 	- bind9 1:9.5.0.dfsg-5 (high)
 	- glibc <unfixed> (low)
 	- dnsmasq 2.43-1 (medium; bug #490123)
@@ -4688,7 +4823,7 @@
 	NOT-FOR-US: PacketTrap Networks Tool Suite
 CVE-2008-1310 (Directory traversal vulnerability in the TFTP server in
PacketTrap ...)
 	NOT-FOR-US: PacketTrap Networks Tool Suite
-CVE-2008-1309 (The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll
...)
+CVE-2008-1309 (The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll
in ...)
 	NOT-FOR-US: RealPlayer
 CVE-2008-1308 (SQL injection vulnerability in the Sudirman Angriawan NukeC30
3.0 ...)
 	NOT-FOR-US: NukeC30 module for PHP-Nuke
@@ -74326,43 +74461,56 @@
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0661 (A system is running a version of software that was replaced with
a ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0660 (A hacker utility, back door, or Trojan Horse is installed on a
system, ...)
+CVE-1999-0660
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0659 (A Windows NT Primary Domain Controller (PDC) or Backup Domain
...)
+CVE-1999-0659
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0658 (DCOM is running. ...)
+CVE-1999-0658
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0657 (WinGate is being used. ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0656 (The ugidd service is running. ...)
+CVE-1999-0656 (The ugidd RPC interface, by design, allows remote attackers to
...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0655 (A service may include useful information in its banner or help
...)
+CVE-1999-0655
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0654 (The OS/2 or POSIX subsystem in NT is enabled. ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0653 (A component service related to NIS+ is running. ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0652 (A database service is running, e.g. a SQL server, Oracle, or
mySQL. ...)
+CVE-1999-0652
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0651 (The rsh/rlogin service is running. ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0650 (The netstat service is running, which provides sensitive
information ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0649 (The FSP service is running. ...)
+CVE-1999-0649
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0648 (The X25 service is running. ...)
+CVE-1999-0648
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0647 (The bootparam (bootparamd) service is running. ...)
+CVE-1999-0647
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0646 (The LDAP service is running. ...)
+CVE-1999-0646
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0645 (The IRC service is running. ...)
+CVE-1999-0645
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0644 (The NNTP news service is running. ...)
+CVE-1999-0644
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0643 (The IMAP service is running. ...)
+CVE-1999-0643
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0642 (A POP service is running. ...)
+CVE-1999-0642
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0641 (The UUCP service is running. ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
@@ -74378,13 +74526,16 @@
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0635 (The echo service is running. ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0634 (The SSH service is running. ...)
+CVE-1999-0634
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0633 (The HTTP/WWW service is running. ...)
+CVE-1999-0633
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0632 (The RPC portmapper service is running. ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0631 (The NFS service is running. ...)
+CVE-1999-0631
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0630 (The NT Alerter and Messenger services are running. ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
@@ -74394,25 +74545,34 @@
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0624 (The rstat/rstatd service is running. ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0623 (The X Windows service is running. ...)
+CVE-1999-0623
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0622 (A component service related to DNS service is running. ...)
+CVE-1999-0622
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0621 (A component service related to NETBIOS is running. ...)
+CVE-1999-0621
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0620 (A component service related to NIS is running. ...)
+CVE-1999-0620
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0619 (The Telnet service is running. ...)
+CVE-1999-0619
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0618 (The rexec service is running. ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0617 (The SMTP service is running. ...)
+CVE-1999-0617
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0616 (The TFTP service is running. ...)
+CVE-1999-0616
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0615 (The SNMP service is running. ...)
+CVE-1999-0615
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0614 (The FTP service is running. ...)
+CVE-1999-0614
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0613 (The rpc.sprayd service is running. ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
@@ -74540,7 +74700,8 @@
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0532 (A DNS server allows zone transfers. ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0531 (An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO.
...)
+CVE-1999-0531
+	REJECTED
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0530 (A system is operating in &quot;promiscuous&quot; mode
which allows it to perform ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
Secure testing commits - Jul 2008 - r9483 - data/CVE

[Secure-testing-commits] r9483 - data/CVE
