joeyh at alioth.debian.org
2008-Oct-28 21:14 UTC
[Secure-testing-commits] r10191 - data/CVE
Author: joeyh Date: 2008-10-28 21:14:11 +0000 (Tue, 28 Oct 2008) New Revision: 10191 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-10-28 19:20:27 UTC (rev 10190) +++ data/CVE/list 2008-10-28 21:14:11 UTC (rev 10191) @@ -1,4 +1,64 @@ -CVE-2008-4748 [Format string vulnerability via format string specifiers in the irc:// URI] +CVE-2008-4769 (Directory traversal vulnerability in the get_category_template ...) + TODO: check +CVE-2008-4768 (SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to ...) + TODO: check +CVE-2008-4767 (Unrestricted file upload vulnerability in the DownloadsPlus module in ...) + TODO: check +CVE-2008-4766 (SQL injection vulnerability in member.php in Oxygen Bulletin Board ...) + TODO: check +CVE-2008-4765 (SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth ...) + TODO: check +CVE-2008-4764 (Directory traversal vulnerability in the eXtplorer module ...) + TODO: check +CVE-2008-4763 (Multiple cross-site scripting (XSS) vulnerabilities in sample.php in ...) + TODO: check +CVE-2008-4762 (Stack-based buffer overflow in freeSSHd 1.2.1 allows remote ...) + TODO: check +CVE-2008-4761 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check +CVE-2008-4760 (SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, ...) + TODO: check +CVE-2008-4759 (Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 ...) + TODO: check +CVE-2008-4758 (Directory traversal vulnerability in download_file.php in PHP-Daily ...) + TODO: check +CVE-2008-4757 (Multiple SQL injection vulnerabilities in PHP-Daily allow remote ...) + TODO: check +CVE-2008-4756 (Cross-site scripting (XSS) vulnerability in add_prest_date.php in ...) + TODO: check +CVE-2008-4755 (SQL injection vulnerability in gotourl.php in PozScripts Classified ...) + TODO: check +CVE-2008-4754 (SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez ...) + TODO: check +CVE-2008-4753 (SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader ...) + TODO: check +CVE-2008-4752 (TlNews 2.2 allows remote attackers to bypass authentication and gain ...) + TODO: check +CVE-2008-4751 (Cross-site scripting (XSS) vulnerability in index.php in iPei ...) + TODO: check +CVE-2008-4750 (Stack-based buffer overflow in the VImpX.VImpAX ActiveX control ...) + TODO: check +CVE-2008-4749 (Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX ...) + TODO: check +CVE-2008-4747 (Unspecified vulnerability in the search feature in Sun Java System ...) + TODO: check +CVE-2008-4746 (Multiple SQL injection vulnerabilities in Uniwin eCart Professional ...) + TODO: check +CVE-2008-4745 (Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin ...) + TODO: check +CVE-2008-4744 (SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc ...) + TODO: check +CVE-2008-4743 (SQL injection vulnerability in index.php in QuidaScript FAQ Management ...) + TODO: check +CVE-2008-4742 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check +CVE-2008-4741 (Directory traversal vulnerability in index.php in FAR-PHP 1.00, when ...) + TODO: check +CVE-2008-4740 (Directory traversal vulnerability in templater.php in the ZZ_Templater ...) + TODO: check +CVE-2006-7234 (Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows ...) + TODO: check +CVE-2008-4748 (Format string vulnerability in the URI handler in KVirc 3.4.0, when ...) - kvirc 2:3.4.0-3 (bug #503401) CVE-2008-XXXX [balazar3: insecure temp file handling] - blazar3 <not-affected> (Package is in experimental) @@ -2294,7 +2354,7 @@ NOT-FOR-US: Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon) CVE-2008-3765 (SQL injection vulnerability in code.php in Quick Poll Script allows ...) NOT-FOR-US: Quick Poll Script -CVE-2008-3764 (Eval injection vulnerability in chat.php in Turnkey PHP Live Helper ...) +CVE-2008-3764 (Eval injection vulnerability in globalsoff.php in Turnkey PHP Live ...) NOT-FOR-US: Turnkey PHP Live Helper CVE-2008-3763 (Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live ...) NOT-FOR-US: Turnkey PHP Live Helper @@ -3102,7 +3162,7 @@ NOT-FOR-US: Coppermine Photo Gallery CVE-2008-3480 (Stack-based buffer overflow in the Anzio Web Print Object (WePO) ...) NOT-FOR-US: Anzio Web Print Object -CVE-2008-3479 (The Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 ...) +CVE-2008-3479 (Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) ...) NOT-FOR-US: Microsoft Windows CVE-2008-3478 RESERVED @@ -3118,7 +3178,7 @@ NOT-FOR-US: Microsoft CVE-2008-3472 (Microsoft Internet Explorer 6 and 7 does not properly determine the ...) NOT-FOR-US: Microsoft -CVE-2008-3471 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold ...) +CVE-2008-3471 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, ...) NOT-FOR-US: Microsoft CVE-2008-3470 RESERVED @@ -3641,7 +3701,7 @@ NOTE: this is by design CVE-2008-3233 (Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN ...) - wordpress <not-affected> (Code was only present in svn versions) -CVE-2008-3232 (Unspecified vulnerability in dotclear before 1.2.8 has unknown impact ...) +CVE-2008-3232 (Unrestricted file upload vulnerability in ecrire/images.php in ...) NOT-FOR-US: dotclear CVE-2008-3231 (xine before 1.1.5 allows user-assisted attackers to cause a denial of ...) - xine-lib 1.1.14-2 (bug #492870; low)