atomo64-guest at alioth.debian.org
2008-Nov-21 00:07 UTC
[Secure-testing-commits] r10443 - data/CVE
Author: atomo64-guest Date: 2008-11-21 00:07:44 +0000 (Fri, 21 Nov 2008) New Revision: 10443 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-20 22:30:16 UTC (rev 10442) +++ data/CVE/list 2008-11-21 00:07:44 UTC (rev 10443) @@ -4,27 +4,27 @@ CVE-2008-XXXX [multiple insecure temp files issues in mailscanner] - mailscanner <unfixed> (bug #506353) CVE-2008-5175 (Directory traversal vulnerability in the FTP client in AceFTP Freeware ...) - TODO: check + NOT-FOR-US: AceFTP CVE-2008-5174 (SQL injection vulnerability in joke.php in Jokes Complete Website ...) - TODO: check + NOT-FOR-US: Jokes Complete Website CVE-2008-5173 (Unspecified vulnerability in testMaker before 3.0p16 allows remote ...) - TODO: check + NOT-FOR-US: testMaker CVE-2008-5172 (Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum ...) - TODO: check + NOT-FOR-US: Yazd Forum Software CVE-2008-5171 (Multiple directory traversal vulnerabilities in admin/minibb/index.php ...) - TODO: check + NOT-FOR-US: phpBLASTER CMS CVE-2008-5170 (SQL injection vulnerability in item.php in Cheats Complete Website ...) - TODO: check + NOT-FOR-US: Cheats Complete Website CVE-2008-5169 (SQL injection vulnerability in drinks/drink.php in Drinks Complete ...) - TODO: check + NOT-FOR-US: Drinks Complete Website CVE-2008-5168 (SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 ...) - TODO: check + NOT-FOR-US: Tips Complete Website CVE-2008-5167 (PHP remote file inclusion vulnerability in layout/default/params.php ...) - TODO: check + NOT-FOR-US: Orca Interactive Forum Script CVE-2008-5166 (SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 ...) - TODO: check + NOT-FOR-US: Riddles Website CVE-2008-5165 (Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote ...) - TODO: check + NOT-FOR-US: eTicket CVE-2008-5164 (Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS ...) NOT-FOR-US: The Rat CMS CVE-2008-5163 (Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 ...) @@ -41,9 +41,9 @@ CVE-2008-5160 (Unspecified vulnerability in MyServer 0.8.11 allows remote attackers ...) - msp-webserver <unfixed> (bug #506268) CVE-2008-5159 (Integer overflow in the remote administration protocol processing in ...) - TODO: check + NOT-FOR-US: WinCom LPD CVE-2008-5158 (Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote ...) - TODO: check + NOT-FOR-US: WinCom LPD CVE-2008-5157 (tau 2.16.4 allows local users to overwrite arbitrary files via a ...) - tau <unfixed> (bug #506348) CVE-2008-5156 (si_mkbootserver in systemimager-server 3.6.3 allows local users to ...) @@ -92,7 +92,7 @@ - flamethrower <unfixed> (bug #506350) CVE-2008-5140 (trend-autoupdate.new in mailscanner 4.55.10 allows local users to ...) [etch] - mailscanner <no-dsa> (unimportant) - - mailscanner <not-affected> (affected file no longer present) + - mailscanner 4.57.6-1 NOTE: script should only be used when the private Trend Micro antivirus is installed CVE-2008-5139 (updatejail in jailer 0.4 allows local users to overwrite arbitrary ...) - jailer <unfixed> @@ -288,21 +288,21 @@ CVE-2008-5048 (Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and ...) NOT-FOR-US: ISecSoft Anti-Trojan CVE-2008-5047 (SQL injection vulnerability in admin/index.php in Mole Group Rental ...) - TODO: check + NOT-FOR-US: Mole Group Rental Script CVE-2008-5046 (SQL injection vulnerability in index.php in Mole Group Pizza Script ...) - TODO: check + NOT-FOR-US: Mole Group Pizza Script CVE-2008-5045 (Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly ...) TODO: check CVE-2008-5044 (Race condition in Microsoft Windows Server 2003 and Vista allows local ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2008-5043 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based ...) TODO: check CVE-2008-5042 (Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to ...) TODO: check CVE-2008-5041 (Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default ...) - TODO: check + NOT-FOR-US: Sweex RO002 Router CVE-2008-5040 (Graphiks MyForum 1.3 allows remote attackers to bypass authentication ...) - TODO: check + NOT-FOR-US: Graphiks MyForum CVE-2008-5039 (Cross-site scripting (XSS) vulnerability in the League module for ...) TODO: check CVE-2008-5038 (Use after free vulnerability in the NetWare Core Protocol (NCP) ...) @@ -2613,7 +2613,7 @@ CVE-2008-4038 (Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server ...) NOT-FOR-US: Microsoft Windows CVE-2008-4037 (Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2008-4036 (Integer overflow in Memory Manager in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2008-4035 @@ -2621,7 +2621,7 @@ CVE-2008-4034 RESERVED CVE-2008-4033 (Cross-domain vulnerability in Microsoft XML Core Services 3.0 through ...) - TODO: check + NOT-FOR-US: Microsoft XML Core CVE-2008-4032 RESERVED CVE-2008-4031 @@ -2629,7 +2629,7 @@ CVE-2008-4030 RESERVED CVE-2008-4029 (Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, ...) - TODO: check + NOT-FOR-US: Microsoft XML Core CVE-2008-4028 RESERVED CVE-2008-4027 @@ -12951,11 +12951,11 @@ CVE-2008-0015 RESERVED CVE-2008-0014 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2008-0013 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2008-0012 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2008-0011 (Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 ...) NOT-FOR-US: Microsoft DirectX CVE-2007-6387 (Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ...) @@ -29668,11 +29668,11 @@ CVE-2007-0075 (AspBB stores sensitive information under the web root with ...) NOT-FOR-US: AspBB CVE-2007-0074 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2007-0073 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2007-0072 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2007-0071 (Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and ...) - flashplugin-nonfree 1:1.4 NOTE: Fix came from Adobe via new Adobe Flash Player, debian package didn''t change