joeyh at alioth.debian.org
2008-Nov-04 21:14 UTC
[Secure-testing-commits] r10277 - data/CVE
Author: joeyh
Date: 2008-11-04 21:14:12 +0000 (Tue, 04 Nov 2008)
New Revision: 10277
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-11-04 17:20:16 UTC (rev 10276)
+++ data/CVE/list 2008-11-04 21:14:12 UTC (rev 10277)
@@ -1,4 +1,80 @@
-CVE-2008-4907 [dovecot DoS via FETCH ENVELOPE command]
+CVE-2008-4917
+ RESERVED
+CVE-2008-4916
+ RESERVED
+CVE-2008-4915
+ RESERVED
+CVE-2008-4914
+ RESERVED
+CVE-2008-4913 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.3
and ...)
+ TODO: check
+CVE-2008-4912 (SQL injection vulnerability in popup_img.php in the fotogalerie
module ...)
+ TODO: check
+CVE-2008-4911 (PHP remote file inclusion vulnerability in read.php in
Chattaitaliano ...)
+ TODO: check
+CVE-2008-4910 (The BasicService in Sun Java Web Start allows remote attackers
to ...)
+ TODO: check
+CVE-2008-4909 (Cross-site request forgery (CSRF) vulnerability in CompactCMS
1.1 and ...)
+ TODO: check
+CVE-2008-4908 (maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows
local ...)
+ TODO: check
+CVE-2008-4906 (SQL injection vulnerability in lyrics_song.php in the Lyrics
...)
+ TODO: check
+CVE-2008-4905 (Typo 5.1.3 and earlier uses a hard-coded salt for calculating
password ...)
+ TODO: check
+CVE-2008-4904 (SQL injection vulnerability in the "Manage
pages" feature ...)
+ TODO: check
+CVE-2008-4903 (Cross-site scripting (XSS) vulnerability in the leave comment
...)
+ TODO: check
+CVE-2008-4902 (SQL injection vulnerability in contact_author.php in Article
Publisher ...)
+ TODO: check
+CVE-2008-4901 (SQL injection vulnerability in admin/admin.php in Article
Publisher ...)
+ TODO: check
+CVE-2008-4900 (SQL injection vulnerability in tr.php in YourFreeWorld
Classifieds ...)
+ TODO: check
+CVE-2008-4899 (Cross-site request forgery (CSRF) vulnerability in Planetluc
RateMe ...)
+ TODO: check
+CVE-2008-4898 (Cross-site scripting (XSS) vulnerability in planetluc RateMe
1.3.3 ...)
+ TODO: check
+CVE-2008-4897 (SQL injection vulnerability in fichiers/add_url.php in Logz
podcast ...)
+ TODO: check
+CVE-2008-4896 (Cross-site scripting (XSS) vulnerability in fichiers/add_url.php
in ...)
+ TODO: check
+CVE-2008-4895 (SQL injection vulnerability in tr.php in YourFreeWorld Downline
...)
+ TODO: check
+CVE-2008-4894 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2008-4893 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2008-4892 (Cross-site scripting (XSS) vulnerability in gallery.inc.php in
...)
+ TODO: check
+CVE-2008-4891 (Cross-site scripting (XSS) vulnerability in signme.inc.php in
...)
+ TODO: check
+CVE-2008-4890 (SQL injection vulnerability in products.php in 1st News 4
Professional ...)
+ TODO: check
+CVE-2008-4889 (SQL injection vulnerability in index.php in deV!L''z
Clanportal (DZCP) ...)
+ TODO: check
+CVE-2008-4888 (Cross-site scripting (XSS) vulnerability in index.php in NetRisk
2.0 ...)
+ TODO: check
+CVE-2008-4887 (SQL injection vulnerability in index.php in NetRisk 2.0 and
earlier ...)
+ TODO: check
+CVE-2008-4886 (SQL injection vulnerability in index.php in YourFreeWorld
Shopping ...)
+ TODO: check
+CVE-2008-4885 (SQL injection vulnerability in tr1.php in YourFreeWorld
Scrolling Text ...)
+ TODO: check
+CVE-2008-4884 (SQL injection vulnerability in tr.php in YourFreeWorld
Classifieds ...)
+ TODO: check
+CVE-2008-4883 (SQL injection vulnerability in tr.php in YourFreeWorld Blog
Blaster ...)
+ TODO: check
+CVE-2008-4882 (SQL injection vulnerability in tr.php in YourFreeWorld
Autoresponder ...)
+ TODO: check
+CVE-2008-4881 (SQL injection vulnerability in tr.php in YourFreeWorld Reminder
...)
+ TODO: check
+CVE-2008-4880 (SQL injection vulnerability in prodshow.php in Maran PHP Shop
allows ...)
+ TODO: check
+CVE-2008-4879 (SQL injection vulnerability in prod.php in Maran PHP Shop allows
...)
+ TODO: check
+CVE-2008-4907 (The message parsing feature in Dovecot 1.1.4 and 1.1.5, when
using the ...)
- dovecot <not-affected> (Vulnerable code not present prior to 1.1.4)
TODO: check again if >= 1.1.4 gets uploaded
CVE-2008-XXXX [GeSHi: Unspecified Code Execution Vulnerability]
@@ -2381,10 +2457,10 @@
RESERVED
CVE-2008-3869
RESERVED
-CVE-2008-3868
- RESERVED
-CVE-2008-3867
- RESERVED
+CVE-2008-3868 (Cross-site request forgery (CSRF) vulnerability in Interact
2.4.1 ...)
+ TODO: check
+CVE-2008-3867 (SQL injection vulnerability in spaces/emailuser.php in Interact
2.4.1 ...)
+ TODO: check
CVE-2008-3866
RESERVED
CVE-2008-3865
@@ -6270,7 +6346,7 @@
NOT-FOR-US: IBM Lotus Domino
CVE-2008-2239
RESERVED
-CVE-2008-2238 (Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before
2.4.2 ...)
+CVE-2008-2238 (Multiple integer overflows in OpenOffice.org (OOo) 2.x before
2.4.2 ...)
{DSA-1661-1}
- openoffice.org 1:2.4.1-12
CVE-2008-2237 (Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before
2.4.2 ...)