thr3ads.net - Secure testing commits - [Secure-testing-commits] r9686

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Aug-27 21:14 UTC
[Secure-testing-commits] r9686 - data/CVE

Author: joeyh
Date: 2008-08-27 21:14:12 +0000 (Wed, 27 Aug 2008)
New Revision: 9686

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-08-27 20:50:14 UTC (rev 9685)
+++ data/CVE/list	2008-08-27 21:14:12 UTC (rev 9686)
@@ -1,3 +1,191 @@
+CVE-2008-3844 (Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for
OpenSSH, ...)
+	TODO: check
+CVE-2008-3843 (Request Validation (aka the ValidateRequest filters) in ASP.NET
in ...)
+	TODO: check
+CVE-2008-3842 (Request Validation (aka the ValidateRequest filters) in ASP.NET
in ...)
+	TODO: check
+CVE-2008-3841 (Cross-site scripting (XSS) vulnerability in
admin/search_links.php in ...)
+	TODO: check
+CVE-2008-3840 (Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores
passwords in ...)
+	TODO: check
+CVE-2008-3839 (Unspecified vulnerability in the NFS module in the kernel in Sun
...)
+	TODO: check
+CVE-2008-3838 (Unspecified vulnerability in the NFS Remote Procedure Calls
(RPC) ...)
+	TODO: check
+CVE-2008-3837
+	RESERVED
+CVE-2008-3836
+	RESERVED
+CVE-2008-3835
+	RESERVED
+CVE-2008-3834
+	RESERVED
+CVE-2008-3833
+	RESERVED
+CVE-2008-3832
+	RESERVED
+CVE-2008-3831
+	RESERVED
+CVE-2008-3830
+	RESERVED
+CVE-2008-3829
+	RESERVED
+CVE-2008-3828
+	RESERVED
+CVE-2008-3827
+	RESERVED
+CVE-2008-3826
+	RESERVED
+CVE-2008-3825
+	RESERVED
+CVE-2008-3824
+	RESERVED
+CVE-2008-3823
+	RESERVED
+CVE-2008-3822
+	RESERVED
+CVE-2008-3821
+	RESERVED
+CVE-2008-3820
+	RESERVED
+CVE-2008-3819
+	RESERVED
+CVE-2008-3818
+	RESERVED
+CVE-2008-3817
+	RESERVED
+CVE-2008-3816
+	RESERVED
+CVE-2008-3815
+	RESERVED
+CVE-2008-3814
+	RESERVED
+CVE-2008-3813
+	RESERVED
+CVE-2008-3812
+	RESERVED
+CVE-2008-3811
+	RESERVED
+CVE-2008-3810
+	RESERVED
+CVE-2008-3809
+	RESERVED
+CVE-2008-3808
+	RESERVED
+CVE-2008-3807
+	RESERVED
+CVE-2008-3806
+	RESERVED
+CVE-2008-3805
+	RESERVED
+CVE-2008-3804
+	RESERVED
+CVE-2008-3803
+	RESERVED
+CVE-2008-3802
+	RESERVED
+CVE-2008-3801
+	RESERVED
+CVE-2008-3800
+	RESERVED
+CVE-2008-3799
+	RESERVED
+CVE-2008-3798
+	RESERVED
+CVE-2008-3797
+	RESERVED
+CVE-2008-3796 (Swfdec 0.6 before 0.6.8 allows remote attackers to cause a
denial of ...)
+	TODO: check
+CVE-2008-3795 (Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP
...)
+	TODO: check
+CVE-2008-3793
+	RESERVED
+CVE-2008-3792
+	RESERVED
+CVE-2008-3791
+	RESERVED
+CVE-2008-3788 (Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart
3.9, ...)
+	TODO: check
+CVE-2008-3787 (SQL injection vulnerability in listing_view.php in Web Directory
...)
+	TODO: check
+CVE-2008-3786 (Cross-site scripting (XSS) vulnerability in index.php in
PICTURESPRO ...)
+	TODO: check
+CVE-2008-3785 (Multiple SQL injection vulnerabilities in the com_content
component in ...)
+	TODO: check
+CVE-2008-3784 (SQL injection vulnerability in scrape.php in BtiTracker 1.4.7
and ...)
+	TODO: check
+CVE-2008-3783 (Multiple SQL injection vulnerabilities in index.php in
Matterdaddy ...)
+	TODO: check
+CVE-2008-3782 (Multiple cross-site scripting (XSS) vulnerabilities in
admin/index.php ...)
+	TODO: check
+CVE-2008-3781 (Cross-site scripting (XSS) vulnerability in GMOD GBrowse before
1.69 ...)
+	TODO: check
+CVE-2008-3780 (SQL injection vulnerability in recommend.php in Five Star Review
...)
+	TODO: check
+CVE-2008-3779 (Cross-site scripting (XSS) vulnerability in search/index.php in
Five ...)
+	TODO: check
+CVE-2008-3778 (The remote management interface in SIP Enablement Services (SES)
...)
+	TODO: check
+CVE-2008-3777 (The SIP Enablement Services (SES) Server in Avaya SIP Enablement
...)
+	TODO: check
+CVE-2008-3776 (Directory traversal vulnerability in Fujitsu Web-Based Admin
View ...)
+	TODO: check
+CVE-2008-3775 (Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for
the ...)
+	TODO: check
+CVE-2008-3774 (SQL injection vulnerability in index.php in Simasy CMS allows
remote ...)
+	TODO: check
+CVE-2008-3773 (Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1
and ...)
+	TODO: check
+CVE-2008-3772 (SQL injection vulnerability in categories_portal.php in Pars4u
...)
+	TODO: check
+CVE-2008-3771 (Cross-site scripting (XSS) vulnerability in members.php in
Pars4u ...)
+	TODO: check
+CVE-2008-3770 (Multiple directory traversal vulnerabilities in Freeway
1.4.1.171, ...)
+	TODO: check
+CVE-2008-3769 (PHP remote file inclusion vulnerability in
admin/create_order_new.php ...)
+	TODO: check
+CVE-2008-3768 (Multiple SQL injection vulnerabilities in class.ajax.php in
Turnkey ...)
+	TODO: check
+CVE-2008-3767 (SQL injection vulnerability in classified.php in phpBazar 2.0.2
allows ...)
+	TODO: check
+CVE-2008-3766 (Realtime Internet Band Rehearsal Low-Latency (Internet)
Connection ...)
+	TODO: check
+CVE-2008-3765 (SQL injection vulnerability in code.php in Quick Poll Script
allows ...)
+	TODO: check
+CVE-2008-3764 (Eval injection vulnerability in chat.php in Turnkey PHP Live
Helper ...)
+	TODO: check
+CVE-2008-3763 (Variable overwrite vulnerability in libsecure.php in Turnkey PHP
Live ...)
+	TODO: check
+CVE-2008-3762 (SQL injection vulnerability in onlinestatus_html.php in Turnkey
PHP ...)
+	TODO: check
+CVE-2008-3761 (hcmon.sys in VMware Workstation 6.0.0.45731 uses the
METHOD_NEITHER ...)
+	TODO: check
+CVE-2008-3760 (Cross-site request forgery (CSRF) vulnerability in the sign-out
page ...)
+	TODO: check
+CVE-2008-3759 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
+CVE-2008-3758 (Multiple cross-site scripting (XSS) vulnerabilities in Lussumo
Vanilla ...)
+	TODO: check
+CVE-2008-3757 (SQL injection vulnerability in tr1.php in YourFreeWorld Forced
Matrix ...)
+	TODO: check
+CVE-2008-3756 (SQL injection vulnerability in tr.php in YourFreeWorld Viral
Marketing ...)
+	TODO: check
+CVE-2008-3755 (SQL injection vulnerability in view.php in YourFreeWorld
Classifieds ...)
+	TODO: check
+CVE-2008-3754 (SQL injection vulnerability in trl.php in YourFreeWorld Stylish
Text ...)
+	TODO: check
+CVE-2008-3753 (SQL injection vulnerability in details.php in YourFreeWorld
Programs ...)
+	TODO: check
+CVE-2008-3752 (SQL injection vulnerability in tr.php in YourFreeWorld
Ad-Exchange ...)
+	TODO: check
+CVE-2008-3751 (SQL injection vulnerability in tr.php in YourFreeWorld Short Url
&amp; Url ...)
+	TODO: check
+CVE-2008-3750 (SQL injection vulnerability in tr.php in YourFreeWorld URL
Rotator ...)
+	TODO: check
+CVE-2008-3749 (SQL injection vulnerability in tr.php in Banner Management
Script ...)
+	TODO: check
+CVE-2008-3748 (SQL injection vulnerability in view_group.php in Active PHP
Bookmarks ...)
+	TODO: check
 CVE-2008-XXXX [emacs-jabber: insecure temp files]
 	- emacs-jabber 0.7.91-2 (low; bug #496428)
 CVE-2008-XXXX [xastir: insecure temp files]
@@ -4,7 +192,7 @@
 	- xastir 1.9.2-1.1 (low; bug #496383)
 CVE-2008-XXXX [mon: insecure temp files]
 	- mon <unfixed> (medium; bug #496398)
-CVE-2008-3790 [ruby rexml DoS]
+CVE-2008-3790 (The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through
...)
 	- ruby1.8 <unfixed> (bug #496808)
 	- ruby1.9 <unfixed>
 CVE-2008-XXXX [apertium: insecure temp files]
@@ -30,7 +218,7 @@
 CVE-2008-XXXX [insecure temp file in ogle]
 	- ogle <unfixed> (unimportant; bug #496420; bug #496425)
 	NOTE: This only affects debugging scripts not present in standard path
-CVE-2008-3789 [samba group_mapping.ldb created world writeable]
+CVE-2008-3789 (Samba 3.2.0 uses weak permissions (0666) for the (1)
group_mapping.tdb ...)
 	- samba <unfixed> (bug #496073; medium)
 	[etch] - samba <not-affected> (Only affects Samba 3.2.x)
 CVE-2008-XXXX [insecure temp file in nvi]
@@ -117,20 +305,20 @@
 	- lazarus 0.9.24-0-11 (low)
 CVE-2008-XXXX [crossfire-maps: insecure temp file]
 	- crossfire-maps 1.11.0-2 (low)
-CVE-2008-3794 [vlc mms handling buffer overflow]
+CVE-2008-3794 (Integer signedness error in the mms_ReceiveCommand function in
...)
 	- vlc 0.8.6.h-4 (medium; bug #496265)
-CVE-2008-3747
-	RESERVED
-CVE-2008-3746
-	RESERVED
-CVE-2008-3739
-	RESERVED
-CVE-2008-3738
-	RESERVED
-CVE-2008-3737
-	RESERVED
-CVE-2008-3736
-	RESERVED
+CVE-2008-3747 (The (1) get_edit_post_link and (2) get_edit_comment_link
functions in ...)
+	TODO: check
+CVE-2008-3746 (neon 0.28.0 through 0.28.2 allows remote servers to cause a
denial of ...)
+	TODO: check
+CVE-2008-3739 (Cross-site scripting (XSS) vulnerability in (1) System
Consultants ...)
+	TODO: check
+CVE-2008-3738 (Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and
earlier ...)
+	TODO: check
+CVE-2008-3737 (Unspecified vulnerability in (1) System Consultants La!Cooda WIZ
1.4.0 ...)
+	TODO: check
+CVE-2008-3736 (Multiple cross-site request forgery (CSRF) vulnerabilities in
(1) ...)
+	TODO: check
 CVE-2008-3735 (Cross-site scripting (XSS) vulnerability in index.php in
PHPizabi ...)
 	NOT-FOR-US: PHPizabi
 CVE-2008-3734 (Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2
and ...)
@@ -228,7 +416,7 @@
 	- havp 20070509-1.1 (bug #496034)
 CVE-2008-3687 (Heap-based buffer overflow in the flask_security_label function
in Xen ...)
 	- xen-3 <not-affected> (Not compiled with XSM:FLASK)
-CVE-2008-3686 (The rt6_fill_node function in Linux kernel 2.6.26-rc4, 2.6.26.2,
and ...)
+CVE-2008-3686 (The rt6_fill_node function in net/ipv6/route.c in Linux kernel
...)
 	- linux-2.6.24 <not-affected> (Vulnerable code was introduced in 2.6.26)
 	- linux-2.6 <unfixed>
 	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in
2.6.26)
@@ -283,33 +471,27 @@
 	NOTE: The code in question doesn''t dereference the symlink, tested
with Etch
 	NOTE: and Lenny. Given that it only takes a minute to test this, it''s
surprising
 	NOTE: that at least one vendor issued an advisory and upstream pushed a new
release...
-CVE-2008-3740 [drupal XSS]
-	RESERVED
+CVE-2008-3740 (Cross-site scripting (XSS) vulnerability in the output filter in
...)
 	{DTSA-156-1}
 	- drupal5 5.10-1 (low; bug #495122)
 	- drupal-4.7 <removed>
-CVE-2008-3741 [drupal XSS]
-	RESERVED
+CVE-2008-3741 (The private filesystem in Drupal 5.x before 5.10 and 6.x before
6.4 ...)
 	{DTSA-156-1}
 	- drupal5 5.10-1 (low; bug #495122)
 	- drupal-4.7 <removed>
-CVE-2008-3742 [drupal file uploads via blogApi]
-	RESERVED
+CVE-2008-3742 (Unrestricted file upload vulnerability in the BlogAPI module in
Drupal ...)
 	{DTSA-156-1}
 	- drupal5 5.10-1 (medium; bug #495122)
 	- drupal-4.7 <removed>
-CVE-2008-3743 [drupal CSRF]
-	RESERVED
+CVE-2008-3743 (Multiple cross-site request forgery (CSRF) vulnerabilities in
forms in ...)
 	{DTSA-156-1}
 	- drupal5 <not-affected> (Vulnerable code not present)
 	- drupal-4.7 <removed>
-CVE-2008-3744 [drupal CSRF]
-	RESERVED
+CVE-2008-3744 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Drupal ...)
 	{DTSA-156-1}
 	- drupal5 5.10-1 (low; bug #495122)
 	- drupal-4.7 <removed>
-CVE-2008-3745 [drupal upload module privilege escalation]
-	RESERVED
+CVE-2008-3745 (The Upload module in Drupal 6.x before 6.4 allows remote
authenticated ...)
 	{DTSA-156-1}
 	- drupal5 <not-affected> (Vulnerable code only present in 6.x)
 	- drupal-4.7 <removed>
@@ -611,8 +793,8 @@
 	RESERVED
 CVE-2008-3527
 	RESERVED
-CVE-2008-3526
-	RESERVED
+CVE-2008-3526 (Integer overflow in the sctp_setsockopt_auth_key function in
...)
+	TODO: check
 CVE-2008-3525
 	RESERVED
 CVE-2008-3524
@@ -1132,8 +1314,7 @@
 	RESERVED
 CVE-2008-3282
 	RESERVED
-CVE-2008-3281
-	RESERVED
+CVE-2008-3281 (libxml2 2.6.32 and earlier does not properly detect recursion
during ...)
 	{DSA-1631-1 DTSA-158-1}
 	- libxml2 2.6.32.dfsg-3 (medium)
 CVE-2008-3280
@@ -1247,7 +1428,7 @@
 	- wordpress <not-affected> (Code was only present in svn versions)
 CVE-2008-3232 (Unspecified vulnerability in dotclear before 1.2.8 has unknown
impact ...)
 	NOT-FOR-US: dotclear
-CVE-2008-3231 (xine allows user-assisted attackers to cause a denial of service
...)
+CVE-2008-3231 (xine before 1.1.5 allows user-assisted attackers to cause a
denial of ...)
 	- xine-lib 1.1.14-2 (bug #492870; low)
 CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause
a ...)
 	- ffmpeg-debian <unfixed>
@@ -3084,8 +3265,8 @@
 	RESERVED
 CVE-2008-2434
 	RESERVED
-CVE-2008-2433
-	RESERVED
+CVE-2008-2433 (The web management console in Trend Micro OfficeScan 7.0 through
8.0, ...)
+	TODO: check
 CVE-2008-2432
 	RESERVED
 CVE-2008-2431
@@ -3331,8 +3512,7 @@
 	RESERVED
 CVE-2008-2328
 	RESERVED
-CVE-2008-2327 [libtiff buffer undeflow]
-	RESERVED
+CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode and (2) ...)
 	{DSA-1632-1 DTSA-160-1}
 	- tiff <unfixed> (medium)
 	NOTE: maintainer informed
@@ -4859,7 +5039,7 @@
 	- linux-2.6 2.6.25-2 (low)
 	- linux-2.6.24 2.6.24-6~etchnhalf.2
 	NOTE: 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9, fixed in 2.6.24.7 and 2.6.25.2
-CVE-2008-1668 (Unspecified vulnerability in ftpd (aka wu-ftpd 2.4.x) in HP-UX
B.11.11 ...)
+CVE-2008-1668 (ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11
assigns ...)
 	TODO: check
 CVE-2008-1667 (The Probe Builder Service (aka PBOVISServer.exe) in European
...)
 	NOT-FOR-US: Probe Builder 2.2
@@ -21824,8 +22004,8 @@
 	NOT-FOR-US: sldimdownload ActiveX control
 CVE-2007-1683 (Stack-based buffer overflow in the DoWebMenuAction function in
the ...)
 	NOT-FOR-US: IncrediMail
-CVE-2007-1682
-	RESERVED
+CVE-2007-1682 (Multiple stack-based buffer overflows in the FileManager ActiveX
...)
+	TODO: check
 CVE-2007-1681 (Format string vulnerability in libwebconsole_services.so in Sun
Java ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2007-1680 (Stack-based buffer overflow in the createAndJoinConference
function in ...)
Secure testing commits - Aug 2008 - r9686 - data/CVE

[Secure-testing-commits] r9686 - data/CVE
