thr3ads.net - Secure testing commits - [Secure-testing-commits] r10152

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Oct-22 21:14 UTC
[Secure-testing-commits] r10152 - data/CVE

Author: joeyh
Date: 2008-10-22 21:14:09 +0000 (Wed, 22 Oct 2008)
New Revision: 10152

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-10-22 20:38:38 UTC (rev 10151)
+++ data/CVE/list	2008-10-22 21:14:09 UTC (rev 10152)
@@ -1,3 +1,83 @@
+CVE-2008-4676 (Unspecified vulnerability in Citrix XenApp (formerly
Presentation ...)
+	TODO: check
+CVE-2008-4675 (SQL injection vulnerability in index.php in PHPcounter 1.3.2 and
...)
+	TODO: check
+CVE-2008-4674 (SQL injection vulnerability in realestate-index.php in Conkurent
Real ...)
+	TODO: check
+CVE-2008-4673 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-4672 (Cross-site scripting (XSS) vulnerability in search_results.php
in ...)
+	TODO: check
+CVE-2008-4671 (Cross-site scripting (XSS) vulnerability in
wp-admin/wp-blogs.php in ...)
+	TODO: check
+CVE-2008-4670 (Cross-site scripting (XSS) vulnerability in search.php in Ed
Pudol ...)
+	TODO: check
+CVE-2008-4669 (Cross-site scripting (XSS) vulnerability in search.php in Dan
Fletcher ...)
+	TODO: check
+CVE-2008-4668 (Directory traversal vulnerability in the Image Browser ...)
+	TODO: check
+CVE-2008-4667 (Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta
1 ...)
+	TODO: check
+CVE-2008-4666 (SQL injection vulnerability in webboard.php in Ultimate Webboard
3.00 ...)
+	TODO: check
+CVE-2008-4665 (SQL injection vulnerability in PG Matchmaking allows remote
attackers ...)
+	TODO: check
+CVE-2008-4664 (Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX
control ...)
+	TODO: check
+CVE-2008-4663 (Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44,
as used ...)
+	TODO: check
+CVE-2008-4662 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.4,
when ...)
+	TODO: check
+CVE-2008-4661 (Cross-site scripting (XSS) vulnerability in the Page
Improvements ...)
+	TODO: check
+CVE-2008-4660 (SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0
...)
+	TODO: check
+CVE-2008-4659 (SQL injection vulnerability in the Mannschaftsliste ...)
+	TODO: check
+CVE-2008-4658 (SQL injection vulnerability in the JobControl (dmmjobcontrol)
1.15.4 ...)
+	TODO: check
+CVE-2008-4657 (SQL injection vulnerability in the Econda Plugin (econda) 0.0.2
and ...)
+	TODO: check
+CVE-2008-4656 (SQL injection vulnerability in the Frontend Users View
(feusersview) ...)
+	TODO: check
+CVE-2008-4655 (SQL injection vulnerability in the Simple survey (simplesurvey)
1.7.0 ...)
+	TODO: check
+CVE-2008-4653 (SQL injection vulnerability in makale.php in Makale 0.26 and
possibly ...)
+	TODO: check
+CVE-2008-4652 (Buffer overflow in the ActiveX control (DartFtp.dll) in Dart
...)
+	TODO: check
+CVE-2008-4651 (Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow
remote ...)
+	TODO: check
+CVE-2008-4650 (SQL injection vulnerability in viewevent.php in myEvent 1.6
allows ...)
+	TODO: check
+CVE-2008-4649 (Session fixation vulnerability in Elxis CMS 2008.1 revision 2204
...)
+	TODO: check
+CVE-2008-4648 (Cross-site scripting (XSS) vulnerability in index.php in Elxis
CMS ...)
+	TODO: check
+CVE-2008-4647 (SQL injection vulnerability in index.php in sweetCMS 1.5.2
allows ...)
+	TODO: check
+CVE-2008-4646 (The Websense Reporter Module in Websense Enterprise 6.3.2 stores
the ...)
+	TODO: check
+CVE-2008-4645 (plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and
earlier ...)
+	TODO: check
+CVE-2008-4644 (hits.php in myWebland myStats allows remote attackers to bypass
IP ...)
+	TODO: check
+CVE-2008-4643 (SQL injection vulnerability in hits.php in myWebland myStats
allows ...)
+	TODO: check
+CVE-2008-4642 (SQL injection vulnerability in profile.php in AstroSPACES 1.1.1
allows ...)
+	TODO: check
+CVE-2008-4641 (The DoCommand function in jhead.c in Matthias Wandel jhead 2.84
and ...)
+	TODO: check
+CVE-2008-4640 (The DoCommand function in jhead.c in Matthias Wandel jhead 2.84
and ...)
+	TODO: check
+CVE-2008-4639 (jhead.c in Matthias Wandel jhead before 2.84 allows local users
to ...)
+	TODO: check
+CVE-2008-4638 (qioadmin in the Quick I/O for Database feature in Symantec
Veritas ...)
+	TODO: check
+CVE-2008-4637 (Cross-site scripting (XSS) vulnerability in cpCommerce before
1.2.4 ...)
+	TODO: check
+CVE-2008-4636
+	RESERVED
 CVE-2008-4635 (Unspecified vulnerability in Hisanaga Electric Co, Ltd.
hisa_cart 1.29 ...)
 	NOT-FOR-US: XOOPS module
 CVE-2008-4634 (Cross-site scripting (XSS) vulnerability in Movable Type 4
through ...)
@@ -24,7 +104,7 @@
 	NOT-FOR-US: Fast Click SQL Lite
 CVE-2008-4623 (SQL injection vulnerability in the DS-Syndicate
(com_ds-syndicate) ...)
 	NOT-FOR-US: DS-Syndicate
-CVE-2008-4622 (fastnews-code.php in phpFastNews 1.0.0 allows remote attackers
to ...)
+CVE-2008-4622 (The isLoggedIn function in fastnews-code.php in phpFastNews
1.0.0 ...)
 	NOT-FOR-US: phpFastNews
 CVE-2008-4621 (SQL injection vulnerability in bannerclick.php in ZeeScripts
...)
 	NOT-FOR-US: ZeeScripts Zeeproperty
@@ -88,7 +168,7 @@
 	NOT-FOR-US: Apple iPhone 2.1 with firmware 5F136
 CVE-2007-6718 (MPlayer, possibly 1.0rc1, allows remote attackers to cause a
denial of ...)
 	TODO: check
-CVE-2008-4654 [vlc overflow in ty parsing]
+CVE-2008-4654 (Stack-based buffer overflow in the parse_master function in the
Ty ...)
 	- vlc <not-affected> (bug #502726)
 	NOTE: code in 0.8.6.i-2 does not have this flaw, experimental version (0.9.4
is vulnerable)
 	TODO: check if >= 0.9.4 is uploaded to unstable
@@ -1179,8 +1259,8 @@
 	RESERVED
 CVE-2008-4122
 	RESERVED
-CVE-2008-4121
-	RESERVED
+CVE-2008-4121 (Multiple cross-site scripting (XSS) vulnerabilities in
cpCommerce ...)
+	TODO: check
 CVE-2008-4120 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress
0.804 ...)
 	NOT-FOR-US: FlatPress
 CVE-2008-4119 (Multiple cross-site scripting (XSS) vulnerabilities in CA
Service Desk ...)
@@ -1913,6 +1993,7 @@
 	- iceape 1.1.12-1
 	- icedove 2.0.0.17-1
 CVE-2008-3834 (The dbus_signature_validate function in the D-bus library
(libdbus) ...)
+	{DSA-1658-1}
 	- dbus <unfixed> (bug #501443)
 CVE-2008-3833 (The generic_file_splice_write function in fs/splice.c in the
Linux ...)
 	{DSA-1653-1}
@@ -3367,8 +3448,8 @@
 	NOT-FOR-US: Arctic Issue Tracker
 CVE-2008-3249 (The client in Lenovo System Update before 3.14 does not properly
...)
 	NOT-FOR-US: Lenovo System Update
-CVE-2008-3248
-	RESERVED
+CVE-2008-3248 (qiomkfile in the Quick I/O for Database feature in Symantec
Veritas ...)
+	TODO: check
 CVE-2008-3247 (The LDT implementation in the Linux kernel 2.6.25.x before
2.6.25.11 ...)
 	- linux-2.6 2.6.25-7
 	[etch] - linux-2.6 <not-affected> (2.6.25-only issue)
@@ -17655,8 +17736,8 @@
 	- cupsys 1.3.4-1 (medium; bug #448866)
 	- cups 1.3.4-1 (medium; bug #448866)
 	[sarge] - cupsys <not-affected> (Only vulnerable to code injection since
1.2.x, effects are harmless otherwise)
-CVE-2007-4350
-	RESERVED
+CVE-2007-4350 (Cross-site scripting (XSS) vulnerability in the management
interface ...)
+	TODO: check
 CVE-2007-4349
 	RESERVED
 CVE-2007-4348 (Cross-site scripting (XSS) vulnerability in the CAD service in
IBM ...)
Secure testing commits - Oct 2008 - r10152 - data/CVE

[Secure-testing-commits] r10152 - data/CVE
