joeyh at alioth.debian.org
2008-Oct-10 21:14 UTC
[Secure-testing-commits] r10052 - data/CVE
Author: joeyh Date: 2008-10-10 21:14:12 +0000 (Fri, 10 Oct 2008) New Revision: 10052 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-10-09 21:14:13 UTC (rev 10051) +++ data/CVE/list 2008-10-10 21:14:12 UTC (rev 10052) @@ -1,3 +1,65 @@ +CVE-2008-4533 (Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and ...) + TODO: check +CVE-2008-4532 (Cross-site scripting (XSS) vulnerability in index.php in MaxiScript ...) + TODO: check +CVE-2008-4531 (SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a ...) + TODO: check +CVE-2008-4530 (Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x ...) + TODO: check +CVE-2008-4529 (Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha ...) + TODO: check +CVE-2008-4528 (Directory traversal vulnerability in notes.php in Phlatline''s Personal ...) + TODO: check +CVE-2008-4527 (SQL injection vulnerability in recept.php in the Recepies (Recept) ...) + TODO: check +CVE-2008-4526 (Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote ...) + TODO: check +CVE-2008-4525 (SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows ...) + TODO: check +CVE-2008-4524 (SQL injection vulnerability in the "Check User" feature ...) + TODO: check +CVE-2008-4523 (SQL injection vulnerability in login.php in IP Reg 0.4 and earlier ...) + TODO: check +CVE-2008-4522 (Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio ...) + TODO: check +CVE-2008-4521 (SQL injection vulnerability in thisraidprogress.php in the World of ...) + TODO: check +CVE-2008-4520 (Cross-site scripting (XSS) vulnerability in bulk_update.pl in ...) + TODO: check +CVE-2008-4519 (Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 ...) + TODO: check +CVE-2008-4518 (Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d ...) + TODO: check +CVE-2008-4517 (SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows ...) + TODO: check +CVE-2008-4516 (SQL injection vulnerability in galerie.php in Galerie 3.2 allows ...) + TODO: check +CVE-2008-4515 (Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side ...) + TODO: check +CVE-2008-4514 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to ...) + TODO: check +CVE-2008-4513 (Cross-site scripting (XSS) vulnerability in BBcode API module in ...) + TODO: check +CVE-2008-4512 (ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under ...) + TODO: check +CVE-2008-4511 (Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb ...) + TODO: check +CVE-2008-4510 (Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier ...) + TODO: check +CVE-2008-4509 (Unrestricted file upload vulnerability in processFiles.php in FOSS ...) + TODO: check +CVE-2008-4508 (Stack-based buffer overflow in the file parsing function in Tonec ...) + TODO: check +CVE-2008-4507 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 ...) + TODO: check +CVE-2008-4506 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 ...) + TODO: check +CVE-2008-4505 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 ...) + TODO: check +CVE-2008-4504 (Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. Hero DVD ...) + TODO: check +CVE-2008-4503 (The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier ...) + TODO: check CVE-2008-4482 (The XML parser in Xerces-C++ before 3.0.0 allows context-dependent ...) TODO: check CVE-2008-4480 @@ -256,8 +318,8 @@ [etch] - scilab <no-dsa> (Non-free not supported) CVE-2008-4395 RESERVED -CVE-2008-4394 - RESERVED +CVE-2008-4394 (Multiple untrusted search path vulnerabilities in Portage before ...) + TODO: check CVE-2008-4393 (Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery ...) NOT-FOR-US: VeriSign Kontiki CVE-2008-4392 @@ -651,16 +713,16 @@ RESERVED CVE-2008-4216 RESERVED -CVE-2008-4215 - RESERVED -CVE-2008-4214 - RESERVED +CVE-2008-4215 (Weblog in Mac OS X Server 10.4.11 does not properly check an error ...) + TODO: check +CVE-2008-4214 (Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and ...) + TODO: check CVE-2008-4213 RESERVED -CVE-2008-4212 - RESERVED -CVE-2008-4211 - RESERVED +CVE-2008-4212 (Unspecified vulnerability in rlogind in the rlogin component in Mac OS ...) + TODO: check +CVE-2008-4211 (Integer signedness error in QuickLook in Mac OS X 10.5.5 allows remote ...) + TODO: check CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly strip ...) - linux-2.6 2.6.22-1 NOTE: easily exploitable but of limited use as the attacker already needs access to a @@ -2161,20 +2223,20 @@ NOT-FOR-US: Article Friendly Standard CVE-2008-3648 (nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote ...) NOT-FOR-US: Microsoft Windows -CVE-2008-3647 - RESERVED -CVE-2008-3646 - RESERVED -CVE-2008-3645 - RESERVED +CVE-2008-3647 (Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows ...) + TODO: check +CVE-2008-3646 (The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be ...) + TODO: check +CVE-2008-3645 (Heap-based buffer overflow in the local IPC component in the ...) + TODO: check CVE-2008-3644 RESERVED -CVE-2008-3643 - RESERVED -CVE-2008-3642 - RESERVED -CVE-2008-3641 - RESERVED +CVE-2008-3643 (Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows ...) + TODO: check +CVE-2008-3642 (Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows ...) + TODO: check +CVE-2008-3641 (The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before ...) + TODO: check CVE-2008-3640 RESERVED CVE-2008-3639 @@ -2622,8 +2684,8 @@ NOT-FOR-US: Apple iTunes CVE-2008-3433 (SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not ...) NOT-FOR-US: SpeedBit Download Accelerator Plus -CVE-2008-3432 - RESERVED +CVE-2008-3432 (Heap-based buffer overflow in the mch_expand_wildcards function in ...) + TODO: check CVE-2008-3430 (Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in ...) NOT-FOR-US: Eyeball MessengerSDK CVE-2008-3428 (Session fixation vulnerability in phpFreeChat 1.1 allows remote ...)