thr3ads.net - Secure testing commits - [Secure-testing-commits] r9872

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Sep-23 21:14 UTC
[Secure-testing-commits] r9872 - data/CVE

Author: joeyh
Date: 2008-09-23 21:14:10 +0000 (Tue, 23 Sep 2008)
New Revision: 9872

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-09-23 21:02:43 UTC (rev 9871)
+++ data/CVE/list	2008-09-23 21:14:10 UTC (rev 9872)
@@ -1,3 +1,151 @@
+CVE-2008-4189 (Buffer overflow in the printer sharing services in the Samba
code in ...)
+	TODO: check
+CVE-2008-4188 (Unspecified vulnerability in the TYPO3 Secure Directory
(kw_secdir) ...)
+	TODO: check
+CVE-2008-4187 (Directory traversal vulnerability in index.php in ProActive CMS
allows ...)
+	TODO: check
+CVE-2008-4186 (SQL injection vulnerability in index.php in webCMS Portal
Edition ...)
+	TODO: check
+CVE-2008-4185 (SQL injection vulnerability in index.php in webCMS Portal
Edition ...)
+	TODO: check
+CVE-2008-4184 (Cross-site scripting (XSS) vulnerability in index.php in webCMS
Portal ...)
+	TODO: check
+CVE-2008-4183 (IntegraMOD 1.4.x stores sensitive information under the web root
with ...)
+	TODO: check
+CVE-2008-4182 (Cross-site scripting (XSS) vulnerability in imp/test.php in
Horde ...)
+	TODO: check
+CVE-2008-4181 (Directory traversal vulnerability in includes/xml.php in the
Netenberg ...)
+	TODO: check
+CVE-2008-4180 (Unspecified vulnerability in db.php in NooMS 1.1 allows remote
...)
+	TODO: check
+CVE-2008-4179 (Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1
allow ...)
+	TODO: check
+CVE-2008-4178 (SQL injection vulnerability in tr.php in DownlineGoldmine
Special ...)
+	TODO: check
+CVE-2008-4177 (SQL injection vulnerability in search.php in Pre Real Estate
Listings ...)
+	TODO: check
+CVE-2008-4176 (SQL injection vulnerability in izle.asp in FoT Video scripti 1.1
beta ...)
+	TODO: check
+CVE-2008-4175 (Multiple SQL injection vulnerabilities in Link Bid Script 1.5
allow ...)
+	TODO: check
+CVE-2008-4174 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2008-4173 (SQL injection vulnerability in ProArcadeScript 1.3 allows remote
...)
+	TODO: check
+CVE-2008-4172 (SQL injection vulnerability in page.php in Cars &amp;
Vehicle (aka ...)
+	TODO: check
+CVE-2008-4171 (SQL injection vulnerability in xmlout.php in Invision Power
Board ...)
+	TODO: check
+CVE-2008-4170 (create_account.php in osCommerce 2.2 RC 2a allows remote
attackers to ...)
+	TODO: check
+CVE-2008-4169 (SQL injection vulnerability in detaillist.php in iScripts
EasyIndex ...)
+	TODO: check
+CVE-2008-4168 (Cross-site scripting (XSS) vulnerability in verify_login.jsp in
...)
+	TODO: check
+CVE-2008-4167 (useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1
does not ...)
+	TODO: check
+CVE-2008-4166 (Integer overflow in the JavaScript engine in Avant Browser 11.7
Build ...)
+	TODO: check
+CVE-2008-4165 (admin/user/create_user.php in Kolab Groupware Server 1.0.0
places a ...)
+	TODO: check
+CVE-2008-4164 (cron.php in MemHT Portal 3.9.0 and earlier allows remote
attackers to ...)
+	TODO: check
+CVE-2008-4163 (Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1,
and ...)
+	TODO: check
+CVE-2008-4162 (Open redirect vulnerability in admin/auth.php in NooMS 1.1
allows ...)
+	TODO: check
+CVE-2008-4161 (SQL injection vulnerability in search_inv.php in Assetman 2.5b
allows ...)
+	TODO: check
+CVE-2008-4160 (Unspecified vulnerability in the UFS module in Sun Solaris 8
through ...)
+	TODO: check
+CVE-2008-4159 (SQL injection vulnerability in index.php in Jaw Portal and Zanfi
CMS ...)
+	TODO: check
+CVE-2008-4158 (Multiple directory traversal vulnerabilities in index.php in
Zanfi CMS ...)
+	TODO: check
+CVE-2008-4157 (SQL injection vulnerability in groups.php in Vastal I-Tech
phpVID 1.1 ...)
+	TODO: check
+CVE-2008-4156 (SQL injection vulnerability in print.php in CustomCms (CCMS)
Gaming ...)
+	TODO: check
+CVE-2008-4155 (Multiple directory traversal vulnerabilities in EasySite 2.3
allow ...)
+	TODO: check
+CVE-2008-4154 (SQL injection vulnerability in living-e webEdition CMS allows
remote ...)
+	TODO: check
+CVE-2008-4153 (The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a
module ...)
+	TODO: check
+CVE-2008-4152 (Cross-site scripting (XSS) vulnerability in the Talk module 5.x
before ...)
+	TODO: check
+CVE-2008-4151 (Directory traversal vulnerability in collect.php in CYASK 3.x
allows ...)
+	TODO: check
+CVE-2008-4150 (SQL injection vulnerability in picture_category.php in Diesel
Joke ...)
+	TODO: check
+CVE-2008-4149 (Cross-site scripting (XSS) vulnerability in the Greg Holsclaw
Link to ...)
+	TODO: check
+CVE-2008-4148 (SQL injection vulnerability in the Mailhandler module 5.x before
...)
+	TODO: check
+CVE-2008-4147 (Cross-site scripting (XSS) vulnerability in the Mailsave module
5.x ...)
+	TODO: check
+CVE-2008-4146 (Addalink 1.0 beta 4 and earlier allows remote attackers to (1)
approve ...)
+	TODO: check
+CVE-2008-4145 (SQL injection vulnerability in user_read_links.php in Addalink
1.0 ...)
+	TODO: check
+CVE-2008-4144 (SQL injection vulnerability in index.php in ACG-ScriptShop
E-Gold ...)
+	TODO: check
+CVE-2008-4143 (SQL injection vulnerability in category_search.php in
RazorCommerce ...)
+	TODO: check
+CVE-2008-4142 (SQL injection vulnerability in article.php in E-Php CMS allows
remote ...)
+	TODO: check
+CVE-2008-4141 (Multiple PHP remote file inclusion vulnerabilities in x10Media
x10 ...)
+	TODO: check
+CVE-2008-4140 (Cross-site scripting (XSS) vulnerability in admin.php in
Quick.Cart ...)
+	TODO: check
+CVE-2008-4139 (Cross-site scripting (XSS) vulnerability in admin.php in
OpenSolution ...)
+	TODO: check
+CVE-2008-4138 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-4137 (PHP remote file inclusion vulnerability in footer.php in
PHP-Crawler ...)
+	TODO: check
+CVE-2008-4136 (Michael Roth Software Personal FTP Server (PFT) 6.0f allows
remote ...)
+	TODO: check
+CVE-2008-4135 (Symbian OS S60 3rd edition on the Nokia E90 Communicator and
Nseries ...)
+	TODO: check
+CVE-2008-4134 (PHP remote file inclusion vulnerability in
manager/static/view.php in ...)
+	TODO: check
+CVE-2008-4133 (The web proxy service on the D-Link DIR-100 with firmware 1.12
and ...)
+	TODO: check
+CVE-2008-4132 (Stack-based buffer overflow in the VSFlexGrid.VSFlexGridL
ActiveX ...)
+	TODO: check
+CVE-2008-4131 (Multiple unspecified vulnerabilities in Sun Solaris 8 through 10
allow ...)
+	TODO: check
+CVE-2008-4130 (Cross-site scripting (XSS) vulnerability in Gallery 2.x before
2.2.6 ...)
+	TODO: check
+CVE-2008-4129 (Gallery before 1.5.9, and 2.x before 2.2.6, does not properly
handle ...)
+	TODO: check
+CVE-2008-4128 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the HTTP ...)
+	TODO: check
+CVE-2008-4127 (Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8
Beta ...)
+	TODO: check
+CVE-2008-4126 (PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does
not use ...)
+	TODO: check
+CVE-2008-4125 (The search function in phpBB 2.x provides a search_id value that
leaks ...)
+	TODO: check
+CVE-2008-4124
+	RESERVED
+CVE-2008-4123
+	RESERVED
+CVE-2008-4122
+	RESERVED
+CVE-2008-4121
+	RESERVED
+CVE-2008-4120
+	RESERVED
+CVE-2008-4119
+	RESERVED
+CVE-2008-4118 (Cross-site scripting (XSS) vulnerability in High Norm Sound
Master 2nd ...)
+	TODO: check
+CVE-2008-4117 (Unspecified vulnerability in a web page in the PRM module in Sun
...)
+	TODO: check
+CVE-2008-4116 (Heap-based buffer overflow in Apple QuickTime 7.5.5 and iTunes
8.0 ...)
+	TODO: check
 CVE-2008-XXXX [heap overflow in fraud2]
 	- fraud2 <unfixed> (bug #499899)
 	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=238445
@@ -15,31 +163,32 @@
 CVE-2008-4113 (The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in
the ...)
 	- linux-2.6 2.6.26-5
 	[etch] - linux-2.6.24 <unfixed>
-CVE-2008-4112 (Directory traversal vulnerability in bin/configure in TWiki
before ...)
+CVE-2008-4112
+	REJECTED
 	- twiki <unfixed> (low)
 	NOTE: access to configure script is restricted to localhost on Debian
 CVE-2008-4111 (Unspecified vulnerability in Servlet Engine/Web Container in IBM
...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2008-4110 (Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control
in ...)
 	NOT-FOR-US: Microsoft
-CVE-2008-4107
-	RESERVED
-CVE-2008-4106
-	RESERVED
-CVE-2008-4105
-	RESERVED
-CVE-2008-4104
-	RESERVED
-CVE-2008-4103
-	RESERVED
-CVE-2008-4102
-	RESERVED
-CVE-2008-4101
-	RESERVED
-CVE-2008-4098
-	RESERVED
-CVE-2008-4097
-	RESERVED
+CVE-2008-4107 (The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not
produce ...)
+	TODO: check
+CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings
about ...)
+	TODO: check
+CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables
that ...)
+	TODO: check
+CVE-2008-4104 (Multiple open redirect vulnerabilities in Joomla! 1.5 before
1.5.7 ...)
+	TODO: check
+CVE-2008-4103 (The mailto (aka com_mailto) component in Joomla! 1.5 before
1.5.7 ...)
+	TODO: check
+CVE-2008-4102 (Joomla! 1.5 before 1.5.7 initializes PHP''s PRNG with a
weak seed, ...)
+	TODO: check
+CVE-2008-4101 (Vim 3.0 through 7.x before 7.2.010 does not properly escape ...)
+	TODO: check
+CVE-2008-4098 (MySQL before 5.0.67 allows local users to bypass certain
privilege ...)
+	TODO: check
+CVE-2008-4097 (MySQL 5.0.51a allows local users to bypass certain privilege
checks by ...)
+	TODO: check
 CVE-2008-4095 (Multiple unspecified vulnerabilities in Flip4Mac WMV before
2.2.1 have ...)
 	NOT-FOR-US: Flip4Mac WMV
 CVE-2008-4094
@@ -194,30 +343,25 @@
 	RESERVED
 CVE-2008-4019
 	RESERVED
-CVE-2008-4109 [unsafe sigdie function called by signal handler]
-	RESERVED
+CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch,
and ...)
 	{DSA-1638-1 CVE-2006-5051}
 	- openssh 1:4.6p1-1 (low)
 	NOTE: The patch backported for CVE-2006-5051 was incorrect and did not
 	NOTE: fully address the issue.  The upstream fix in 4.4p1 was
 	NOTE: right, and it the next unstable upload after that was 4.6p1.
-CVE-2008-4100 [adns predictable transaction id''s and source port]
-	RESERVED
+CVE-2008-4100 (GNU adns 1.4 and earlier uses a fixed source port and sequential
...)
 	- adns <unfixed> (unimportant; bug #492698)
 	NOTE: adns is not supported in untrusted contexts, see BR
-CVE-2008-4099 [pydns predictable transaction id''s and source port]
-	RESERVED
+CVE-2008-4099 (PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does
not use ...)
 	{DSA-1619-1}
 	- python-dns 2.3.1-5 (low; bug #490217)
-CVE-2008-4096 [phpmyadmin code execution PMASA-2008-7]
-	RESERVED
+CVE-2008-4096 (libraries/database_interface.lib.php in phpMyAdmin before
2.11.9.1 ...)
 	{DSA-1641-1}
 	- phpmyadmin 4:2.11.8.1-2 (medium)
 CVE-2008-XXXX [unsafe use of tempfile in ssmclient]
 	- smsclient <unfixed> (unimportant; bug #498901)
 	NOTE: script is not in use and only a suggestion for users
-CVE-2008-4108 [unsafe use of tempfile in python]
-	RESERVED
+CVE-2008-4108 (Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving
tool) ...)
 	- python-defaults <unfixed> (unimportant; bug #498899)
 	NOTE: script is an example, which can be used by users
 CVE-2008-4018 (swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows
local ...)
@@ -329,8 +473,8 @@
 	NOT-FOR-US: MyBB
 CVE-2008-3965 (SQL injection vulnerability in misc.php in MyBB (aka
MyBulletinBoard) ...)
 	NOT-FOR-US: MyBB
-CVE-2008-3961
-	RESERVED
+CVE-2008-3961 (Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on
...)
+	TODO: check
 CVE-2008-3960 (Unspecified vulnerability in the JDBC Applet Server Service (aka
...)
 	NOT-FOR-US: IBM DB2 UDB
 CVE-2008-3959 (IBM DB2 UDB 8.1 before FixPak 16, and 8.2 before FixPak 9,
allows ...)
@@ -353,8 +497,8 @@
 	NOT-FOR-US: The Real Estate Script
 CVE-2008-3950 (Off-by-one error in the ...)
 	TODO: check
-CVE-2008-3949
-	RESERVED
+CVE-2008-3949 (Emacs in SUSE Linux imports Python script from the current
working ...)
+	TODO: check
 CVE-2008-3948 (SQL injection vulnerability in admin/users/self-2.php in XRMS
allows ...)
 	NOT-FOR-US: XRMS
 CVE-2008-3947 (DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to
gain ...)
@@ -1121,10 +1265,10 @@
 CVE-2008-3663 [Squirrelmail: Session hijacking vulnerability]
 	RESERVED
 	- squirrelmail <unfixed> (bug #499942)
-CVE-2008-3662
-	RESERVED
-CVE-2008-3661
-	RESERVED
+CVE-2008-3662 (Gallery before 1.5.9, and 2.x before 2.2.6, does not set the
secure ...)
+	TODO: check
+CVE-2008-3661 (Drupal, probably 5.10 and 6.4, does not set the secure flag for
the ...)
+	TODO: check
 CVE-2008-3660 (PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6, when used as a
...)
 	- php5 <unfixed> (medium)
 	- php4 <removed>
@@ -1239,7 +1383,7 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2008-3616 (Multiple integer overflows in the SearchKit API in Apple Mac OS
X ...)
 	NOT-FOR-US: Apple Mac OS X
-CVE-2008-3615 (An unspecified third-party Indeo v5 codec for QuickTime, when
used ...)
+CVE-2008-3615 (ir50_32.qtx in an unspecified third-party Indeo v5 codec for
...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2008-3614 (Integer overflow in Apple QuickTime before 7.5.5 on Windows
allows ...)
 	NOT-FOR-US: Apple QuickTime
@@ -1446,8 +1590,8 @@
 CVE-2008-3520 [jasper - various potential integer overflows]
 	RESERVED
 	- jasper <unfixed>
-CVE-2008-3519
-	RESERVED
+CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat
JBoss ...)
+	TODO: check
 CVE-2008-3518
 	RESERVED
 CVE-2008-3517 [rejected]
@@ -2128,8 +2272,7 @@
 	{DSA-1614-1}
 	- iceweasel 3.0.1-1 (low)
 	NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
-CVE-2008-3195
-	RESERVED
+CVE-2008-3195 (Directory traversal vulnerability in bin/configure in TWiki
before ...)
 	{DSA-1639-1}
 	- twiki <unfixed> (low; bug #499534)
 	NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195
@@ -2607,7 +2750,7 @@
 	RESERVED
 CVE-2008-3009
 	RESERVED
-CVE-2008-3008 (Buffer overflow in a certain ActiveX control in wmex.dll in
Microsoft ...)
+CVE-2008-3008 (Stack-based buffer overflow in the WMEncProfileManager ActiveX
control ...)
 	NOT-FOR-US: Microsoft Windows Media Encoder
 CVE-2008-3007 (Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System
Gold and ...)
 	NOT-FOR-US: Microsoft Office XP
@@ -3850,12 +3993,12 @@
 	RESERVED
 CVE-2008-2471
 	RESERVED
-CVE-2008-2470
-	RESERVED
+CVE-2008-2470 (The InstallShield Update Service Agent ActiveX control in
isusweb.dll ...)
+	TODO: check
 CVE-2008-2469
 	RESERVED
-CVE-2008-2468
-	RESERVED
+CVE-2008-2468 (Multiple buffer overflows in the QIP Server Service (aka
qipsrvr.exe) ...)
+	TODO: check
 CVE-2008-2467
 	RESERVED
 CVE-2008-2466
@@ -7123,8 +7266,8 @@
 	NOT-FOR-US: Sun Solaris
 CVE-2008-1094
 	RESERVED
-CVE-2008-1093
-	RESERVED
+CVE-2008-1093 (Acresso InstallShield Update Agent does not properly verify the
...)
+	TODO: check
 CVE-2008-1092 (Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft
Jet ...)
 	NOT-FOR-US: Microsoft Jet Database Engine
 CVE-2008-1091 (Unspecified vulnerability in Microsoft Word in Office 2000 and
XP SP3, ...)
@@ -13718,7 +13861,7 @@
 	NOT-FOR-US: Microsoft Vista
 CVE-2007-5349
 	RESERVED
-CVE-2007-5348 (Heap-based buffer overflow in the vector graphics link library
in ...)
+CVE-2007-5348 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1,
Windows ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-5347 (Microsoft Internet Explorer 5.01 through 7 allows remote
attackers to ...)
 	NOT-FOR-US: Microsoft Internet Explorer
Secure testing commits - Sep 2008 - r9872 - data/CVE

[Secure-testing-commits] r9872 - data/CVE
