stef-guest at alioth.debian.org
2008-Sep-23 22:14 UTC
[Secure-testing-commits] r9876 - data/CVE
Author: stef-guest Date: 2008-09-23 22:14:19 +0000 (Tue, 23 Sep 2008) New Revision: 9876 Modified: data/CVE/list Log: some more NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-09-23 21:55:56 UTC (rev 9875) +++ data/CVE/list 2008-09-23 22:14:19 UTC (rev 9876) @@ -29,7 +29,7 @@ CVE-2008-4175 (Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow ...) NOT-FOR-US: Link Bid Script CVE-2008-4174 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: Dynamic MP3 Lister CVE-2008-4173 (SQL injection vulnerability in ProArcadeScript 1.3 allows remote ...) NOT-FOR-US: ProArcadeScript CVE-2008-4172 (SQL injection vulnerability in page.php in Cars & Vehicle (aka ...) @@ -63,57 +63,57 @@ CVE-2008-4158 (Multiple directory traversal vulnerabilities in index.php in Zanfi CMS ...) NOT-FOR-US: Zanfi CMS CVE-2008-4157 (SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 ...) - TODO: check + NOT-FOR-US: Vastal I-Tech phpVID CVE-2008-4156 (SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming ...) - TODO: check + NOT-FOR-US: CustomCms (CCMS) Gaming Portal CVE-2008-4155 (Multiple directory traversal vulnerabilities in EasySite 2.3 allow ...) - TODO: check + NOT-FOR-US: EasySite CVE-2008-4154 (SQL injection vulnerability in living-e webEdition CMS allows remote ...) - TODO: check + NOT-FOR-US: living-e webEdition CMS CVE-2008-4153 (The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module ...) - TODO: check + NOT-FOR-US: Talk module for Drupal CVE-2008-4152 (Cross-site scripting (XSS) vulnerability in the Talk module 5.x before ...) - TODO: check + NOT-FOR-US: Talk module for Drupal CVE-2008-4151 (Directory traversal vulnerability in collect.php in CYASK 3.x allows ...) - TODO: check + NOT-FOR-US: CYASK CVE-2008-4150 (SQL injection vulnerability in picture_category.php in Diesel Joke ...) - TODO: check + NOT-FOR-US: Diesel Joke Site CVE-2008-4149 (Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to ...) - TODO: check + NOT-FOR-US: Greg Holsclaw Link to Us module for Drupal CVE-2008-4148 (SQL injection vulnerability in the Mailhandler module 5.x before ...) - TODO: check + NOT-FOR-US: Mailhandler module for Drupal CVE-2008-4147 (Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x ...) - TODO: check + NOT-FOR-US: Mailsave module for Drupal CVE-2008-4146 (Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve ...) - TODO: check + NOT-FOR-US: Addalink CVE-2008-4145 (SQL injection vulnerability in user_read_links.php in Addalink 1.0 ...) - TODO: check + NOT-FOR-US: Addalink CVE-2008-4144 (SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold ...) - TODO: check + NOT-FOR-US: ACG-ScriptShop E-Gold Script Shop CVE-2008-4143 (SQL injection vulnerability in category_search.php in RazorCommerce ...) - TODO: check + NOT-FOR-US: RazorCommerce Shopping Cart CVE-2008-4142 (SQL injection vulnerability in article.php in E-Php CMS allows remote ...) - TODO: check + NOT-FOR-US: E-Php CMS CVE-2008-4141 (Multiple PHP remote file inclusion vulnerabilities in x10Media x10 ...) - TODO: check + NOT-FOR-US: x10Media x10 Automatic MP3 Script CVE-2008-4140 (Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart ...) - TODO: check + NOT-FOR-US: Quick.Cart CVE-2008-4139 (Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution ...) - TODO: check + NOT-FOR-US: OpenSolution Quick.Cms.Lite CVE-2008-4138 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Technote CVE-2008-4137 (PHP remote file inclusion vulnerability in footer.php in PHP-Crawler ...) - TODO: check + NOT-FOR-US: PHP-Crawler CVE-2008-4136 (Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote ...) - TODO: check + NOT-FOR-US: Michael Roth Software Personal FTP Server (PFT) CVE-2008-4135 (Symbian OS S60 3rd edition on the Nokia E90 Communicator and Nseries ...) - TODO: check + NOT-FOR-US: Symbian CVE-2008-4134 (PHP remote file inclusion vulnerability in manager/static/view.php in ...) - TODO: check + NOT-FOR-US: phpRealty CVE-2008-4133 (The web proxy service on the D-Link DIR-100 with firmware 1.12 and ...) - TODO: check + NOT-FOR-US: D-Link CVE-2008-4132 (Stack-based buffer overflow in the VSFlexGrid.VSFlexGridL ActiveX ...) - TODO: check + NOT-FOR-US: SFlexGrid.VSFlexGridL ActiveX CVE-2008-4131 (Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow ...) TODO: check CVE-2008-4130 (Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 ...) @@ -121,11 +121,11 @@ CVE-2008-4129 (Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ...) TODO: check CVE-2008-4128 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP ...) - TODO: check + NOT-FOR-US: Cisco CVE-2008-4127 (Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2008-4126 (PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use ...) - TODO: check + - python-dns 2.3.1-5 (bug #490217) CVE-2008-4125 (The search function in phpBB 2.x provides a search_id value that leaks ...) TODO: check CVE-2008-4124 @@ -141,11 +141,11 @@ CVE-2008-4119 RESERVED CVE-2008-4118 (Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd ...) - TODO: check + NOT-FOR-US: High Norm Sound Master CVE-2008-4117 (Unspecified vulnerability in a web page in the PRM module in Sun ...) - TODO: check + NOT-FOR-US: Sun Management Center (SunMC) CVE-2008-4116 (Heap-based buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 ...) - TODO: check + NOT-FOR-US: Apple CVE-2008-XXXX [heap overflow in fraud2] - fraud2 <unfixed> (bug #499899) NOTE: http://bugs.gentoo.org/show_bug.cgi?id=238445 @@ -474,7 +474,7 @@ CVE-2008-3965 (SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) ...) NOT-FOR-US: MyBB CVE-2008-3961 (Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on ...) - TODO: check + NOT-FOR-US: Adobe Illustrator CVE-2008-3960 (Unspecified vulnerability in the JDBC Applet Server Service (aka ...) NOT-FOR-US: IBM DB2 UDB CVE-2008-3959 (IBM DB2 UDB 8.1 before FixPak 16, and 8.2 before FixPak 9, allows ...) @@ -3995,11 +3995,11 @@ CVE-2008-2471 RESERVED CVE-2008-2470 (The InstallShield Update Service Agent ActiveX control in isusweb.dll ...) - TODO: check + NOT-FOR-US: InstallShield CVE-2008-2469 RESERVED CVE-2008-2468 (Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) ...) - TODO: check + NOT-FOR-US: LANDesk Management Suite CVE-2008-2467 RESERVED CVE-2008-2466 @@ -7268,7 +7268,7 @@ CVE-2008-1094 RESERVED CVE-2008-1093 (Acresso InstallShield Update Agent does not properly verify the ...) - TODO: check + NOT-FOR-US: FLEXnet Connect CVE-2008-1092 (Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet ...) NOT-FOR-US: Microsoft Jet Database Engine CVE-2008-1091 (Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, ...)