joeyh at alioth.debian.org
2008-Dec-02 21:14 UTC
[Secure-testing-commits] r10583 - data/CVE
Author: joeyh Date: 2008-12-02 21:14:09 +0000 (Tue, 02 Dec 2008) New Revision: 10583 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-12-02 21:13:12 UTC (rev 10582) +++ data/CVE/list 2008-12-02 21:14:09 UTC (rev 10583) @@ -1,3 +1,49 @@ +CVE-2008-5311 (SQL injection vulnerability in image.php in NetArt Media Blog System ...) + TODO: check +CVE-2008-5310 (SQL injection vulnerability in image.php in NetArt Media Car Portal ...) + TODO: check +CVE-2008-5309 (SQL injection vulnerability in NetArt Media Real Estate Portal 1.2 ...) + TODO: check +CVE-2008-5308 (The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does properly ...) + TODO: check +CVE-2008-5307 (SQL injection vulnerability in admin/index.php in PG Roommate Finder ...) + TODO: check +CVE-2008-5306 (SQL injection vulnerability in admin/index.php in PG Real Estate ...) + TODO: check +CVE-2008-5305 + RESERVED +CVE-2008-5304 + RESERVED +CVE-2008-5303 (Race condition in the rmtree function in File::Path 1.08 ...) + TODO: check +CVE-2008-5302 (Race condition in the rmtree function in File::Path 1.08 and 2.07 ...) + TODO: check +CVE-2008-5301 (Directory traversal vulnerability in the ManageSieve implementation in ...) + TODO: check +CVE-2008-5300 (Linux kernel 2.6.28 allows local users to cause a denial of service ...) + TODO: check +CVE-2008-5296 (Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when ...) + TODO: check +CVE-2008-5295 (SQL injection vulnerability in index.php in Jamit Job Board 3.4.10 ...) + TODO: check +CVE-2008-5294 (SQL injection vulnerability in index.php in WebStudio eCatalogue ...) + TODO: check +CVE-2008-5293 (SQL injection vulnerability in index.php in WebStudio eHotel allows ...) + TODO: check +CVE-2008-5292 (SQL injection vulnerability in view_snaps.php in VideoGirls BiZ, ...) + TODO: check +CVE-2008-5291 (Directory traversal vulnerability in code/track.php in FuzzyLime 3.03 ...) + TODO: check +CVE-2008-5290 (Cross-site scripting (XSS) vulnerability in full_txt.php in Werner ...) + TODO: check +CVE-2008-5289 (SQL injection vulnerability in full_txt.php in Werner Hilversum Clean ...) + TODO: check +CVE-2008-5288 (PHP remote file inclusion vulnerability in include/header.php in ...) + TODO: check +CVE-2008-5287 (SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ ...) + TODO: check +CVE-2008-5285 (Wireshark 1.0.4 and earlier allows remote attackers to cause a denial ...) + TODO: check CVE-2008-5284 (The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other ...) NOT-FOR-US: IEA Software RadiusNT and RadiusX CVE-2008-5283 (Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote ...) @@ -79,7 +125,7 @@ - php5 (low; bug #507101) CVE-2008-5278 (Cross-site scripting (XSS) vulnerability in the self_link function in ...) - wordpress 2.5.1-11 (low; bug #507193) -CVE-2008-5286 [cups: integer overflow due to incomplete fix for CVE-2008-1722] +CVE-2008-5286 (Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 ...) - cups 1.3.8-1lenny4 (bug #507183; medium) CVE-2008-XXXX [geda-gnetlist: sch2eaglepos.sh has insecure temp file handling ] - geda-gnetlist <unfixed> (bug #506625; unimportant) @@ -360,10 +406,10 @@ [etch] - linux-2.6.24 <unfixed> CVE-2008-5133 (ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, ...) NOT-FOR-US: ipnat -CVE-2008-5183 (cupsd in CUPS before 1.3.8 allows local users, and possibly remote ...) +CVE-2008-5183 (cupsd in CUPS 1.3.9 and earlier allows local users, and possibly ...) - cups <unfixed> (bug #506180) [etch] - cupsys <not-affected> (RSS subscription code not yet present) -CVE-2008-5297 [no-ip DUC remote code execution] +CVE-2008-5297 (Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote DNS ...) - no-ip 2.1.7-11 (bug #506179) CVE-2008-5132 (SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT ...) NOT-FOR-US: MemHT Portal @@ -1711,9 +1757,9 @@ NOT-FOR-US: EC-CUBE CVE-2008-4534 (SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and ...) NOT-FOR-US: EC-CUBE -CVE-2008-5299 [chm2pdf: insecure temp file usage: DoS by precreating directories] +CVE-2008-5299 (chm2pdf 0.9 allows user-assisted local users to delete arbitrary files ...) - chm2pdf 0.9.1-1.1 (low; bug #501959) -CVE-2008-5298 [chm2pdf: insecure temp file usage: symlink attack] +CVE-2008-5298 (chm2pdf 0.9 uses temporary files in directories with fixed names, ...) - chm2pdf 0.9.1-1.1 (low; bug #501959) CVE-2008-4533 (Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and ...) NOT-FOR-US: Kantan WEB Server @@ -2241,8 +2287,7 @@ RESERVED CVE-2008-4315 (tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux ...) TODO: check -CVE-2008-4314 [samba memory leak] - RESERVED +CVE-2008-4314 (smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to ...) - samba 2:3.2.5-1 [etch] - samba <not-affected> (Vulnerable code not present) CVE-2008-4313 (A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 ...)