thr3ads.net - Secure testing commits - [Secure-testing-commits] r10571

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Dec-01 21:14 UTC
[Secure-testing-commits] r10571 - data/CVE

Author: joeyh
Date: 2008-12-01 21:14:13 +0000 (Mon, 01 Dec 2008)
New Revision: 10571

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-12-01 21:00:29 UTC (rev 10570)
+++ data/CVE/list	2008-12-01 21:14:13 UTC (rev 10571)
@@ -1,4 +1,71 @@
+CVE-2008-5284 (The web server in IEA Software RadiusNT and RadiusX 5.1.38 and
other ...)
+	TODO: check
+CVE-2008-5283 (Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote
...)
+	TODO: check
+CVE-2008-5282 (Multiple stack-based buffer overflows in W3C Amaya Web Browser
10.0.1 ...)
+	TODO: check
+CVE-2008-5281 (Heap-based buffer overflow in Titan FTP Server 6.05 build 550
allows ...)
+	TODO: check
+CVE-2008-5280 (The Local ZIM Server in Zilab Chat and Instant Messaging (ZIM)
Server ...)
+	TODO: check
+CVE-2008-5279 (The Local ZIM Server (zcs.exe) in Zilab Chat and Instant
Messaging ...)
+	TODO: check
+CVE-2008-5277
+	RESERVED
+CVE-2008-5275 (Multiple directory traversal vulnerabilities in the (a)
&quot;Unzip ...)
+	TODO: check
+CVE-2008-5274 (Todd Woolums ASP News Management 2.2 allows remote attackers to
obtain ...)
+	TODO: check
+CVE-2008-5273 (SQL injection vulnerability in viewnews.asp in Todd Woolums ASP
News ...)
+	TODO: check
+CVE-2008-5272 (Multiple directory traversal vulnerabilities in Fred Stuurman
...)
+	TODO: check
+CVE-2008-5271 (Cross-site scripting (XSS) vulnerability in index.php in Fred
Stuurman ...)
+	TODO: check
+CVE-2008-5270 (SQL injection vulnerability in view.topics.php in Yuhhu
Superstar 2008 ...)
+	TODO: check
+CVE-2008-5269 (SQL injection vulnerability in index.php in pSys 0.7.0 alpha
allows ...)
+	TODO: check
+CVE-2008-5268 (SQL injection vulnerability in content/forums/reply.asp in
ASPPortal ...)
+	TODO: check
+CVE-2008-5267 (SQL injection vulnerability in answer.php in Experts 1.0.0, when
...)
+	TODO: check
+CVE-2008-5266 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2008-5265 (Directory traversal vulnerability in index.php in TNT Forum
0.9.4, ...)
+	TODO: check
+CVE-2008-5264 (Cross-site scripting (XSS) vulnerability in searcher.exe in
Tornado ...)
+	TODO: check
+CVE-2008-5263
+	RESERVED
+CVE-2008-5262
+	RESERVED
+CVE-2008-5261
+	RESERVED
+CVE-2008-5260
+	RESERVED
+CVE-2008-5259
+	RESERVED
+CVE-2008-5258
+	RESERVED
+CVE-2008-5257 (webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for
...)
+	TODO: check
+CVE-2008-5255
+	RESERVED
+CVE-2008-5254
+	RESERVED
+CVE-2008-5253
+	RESERVED
+CVE-2008-5252
+	RESERVED
+CVE-2008-5251
+	RESERVED
+CVE-2008-5250
+	RESERVED
+CVE-2008-5249
+	RESERVED
 CVE-2008-5276 [vlc real demuxer heap overflow]
+	RESERVED
 	- vlc <not-affected> (vulnerable code not present)
 	NOTE: affected versions are >= 0.9.x (experimental)
 CVE-2008-XXXX [multiple vulnerabilities in phpcas]
@@ -10,7 +77,7 @@
 	TODO: write proper advisory and request CVE id
 CVE-2008-XXXX [php5: inifile handler for the dba functions can be used to
truncate a file]
 	- php5 (low; bug #507101)
-CVE-2008-5278 [Cross-site scripting (XSS) vulnerability in the RSS Feed
Generator]
+CVE-2008-5278 (Cross-site scripting (XSS) vulnerability in the self_link
function in ...)
 	- wordpress 2.5.1-11 (low; bug #507193)
 CVE-2008-5286 [cups: integer overflow due to incomplete fix for CVE-2008-1722]
 	- cups <unfixed> (bug #507183; medium)
@@ -206,8 +273,8 @@
 	NOT-FOR-US: The Rat CMS
 CVE-2008-5163 (Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha
2 ...)
 	NOT-FOR-US: The Rat CMS
-CVE-2008-5162
-	RESERVED
+CVE-2008-5162 (The arc4random function in the kernel in FreeBSD 6.3 through 7.1
does ...)
+	TODO: check
 CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and
Server ...)
 	- openssh <unfixed> (low; bug #506115)
 	[etch] - openssh <no-dsa> (minor issue)
@@ -1022,7 +1089,7 @@
 CVE-2008-XXXX [dia: Python scripts load modules from current directory]
 	- dia 0.96.1-7.1 (low; bug #504251)
 	[etch] - dia <no-dsa> (Minor issue, only vulnerable when called from
certain dir)
-CVE-2008-5256 [virtualbox-ose: insecure temp file usage]
+CVE-2008-5256 (The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek
...)
 	- virtualbox-ose 1.6.6-dfsg-3 (low; bug #504149)
 CVE-2008-4801 (Heap-based buffer overflow in the Data Protection for SQL CAD
service ...)
 	NOT-FOR-US: SQL CAD service
@@ -1402,8 +1469,8 @@
 	NOT-FOR-US: Symantec VxFS
 CVE-2008-4637 (Cross-site scripting (XSS) vulnerability in cpCommerce before
1.2.4 ...)
 	NOT-FOR-US: cpCommerce
-CVE-2008-4636
-	RESERVED
+CVE-2008-4636 (yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell
Linux ...)
+	TODO: check
 CVE-2008-4635 (Unspecified vulnerability in Hisanaga Electric Co, Ltd.
hisa_cart 1.29 ...)
 	NOT-FOR-US: XOOPS module
 CVE-2008-4634 (Cross-site scripting (XSS) vulnerability in Movable Type 4
through ...)
@@ -2171,14 +2238,14 @@
 	RESERVED
 CVE-2008-4316
 	RESERVED
-CVE-2008-4315
-	RESERVED
+CVE-2008-4315 (tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise
Linux ...)
+	TODO: check
 CVE-2008-4314 [samba memory leak]
 	RESERVED
 	- samba 2:3.2.5-1
 	[etch] - samba <not-affected> (Vulnerable code not present)
-CVE-2008-4313
-	RESERVED
+CVE-2008-4313 (A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus
2.7.0 ...)
+	TODO: check
 CVE-2008-4312
 	RESERVED
 CVE-2008-4311
@@ -2192,7 +2259,7 @@
 	RESERVED
 CVE-2008-4307
 	RESERVED
-CVE-2008-4306 (Unspecified vulnerability in enscript before 1.6.4 in Ubuntu
Linux ...)
+CVE-2008-4306 (Unspecified vulnerability in enscript before 1.6.4 has unknown
impact ...)
 	{DSA-1670-1}
 	- enscript 1.6.4-13 (bug #506261)
 CVE-2008-4305
@@ -6842,8 +6909,7 @@
 	RESERVED
 CVE-2008-2379
 	RESERVED
-CVE-2008-2378 [insecure system call in hf]
-	RESERVED
+CVE-2008-2378 (Untrusted search path vulnerability in hfkernel in hf 0.7.3 and
0.8 ...)
 	{DSA-1668-1}
 	- hf 0.8-8.1 (medium; bug #504182)
 CVE-2008-2377 (Use after free vulnerability in the ...)
@@ -8682,9 +8748,9 @@
 	RESERVED
 CVE-2008-1586 (ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for
iPod ...)
 	NOT-FOR-US: Apple
-CVE-2008-1585 (Apple QuickTime before 7.5 allows remote attackers to execute
...)
+CVE-2008-1585 (Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler
...)
 	NOT-FOR-US: Apple QuickTime
-CVE-2008-1584 (Stack-based buffer overflow in Apple QuickTime before 7.5 allows
...)
+CVE-2008-1584 (Stack-based buffer overflow in Indeo.qtx in Apple QuickTime
before 7.5 ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2008-1583 (Heap-based buffer overflow in Apple QuickTime before 7.5 allows
remote ...)
 	NOT-FOR-US: Apple QuickTime
@@ -12153,7 +12219,7 @@
 	NOT-FOR-US: Pragma TelnetServer
 CVE-2008-0152 (SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and
earlier ...)
 	NOT-FOR-US: SeattleLab SLNet RF Telnet Server
-CVE-2008-0151 (Foxit WAC Server 2.1.0.910 and earlier allows remote attackers
to ...)
+CVE-2008-0151 (Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows
remote ...)
 	NOT-FOR-US: Foxit WAC Server
 CVE-2008-0150 (Unspecified vulnerability in the LDAP authentication feature in
Aruba ...)
 	NOT-FOR-US: Aruba Mobility Controller
Secure testing commits - Dec 2008 - r10571 - data/CVE

[Secure-testing-commits] r10571 - data/CVE
