diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2014-09-19 07:16:05 +0000 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2014-09-19 07:16:05 +0000 |
| commit | 4155b1e1892b71b905e401529f401cf94777be85 (patch) | |
| tree | 9f0c7a7ec52f84496d7f07ec61e172607582db93 /data/CVE/2008.list | |
| parent | 415feac414befd264ea93e110d26417703497b97 (diff) | |
Cleanup: remove trailing whitespaces in entries
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@28910 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE/2008.list')
| -rw-r--r-- | data/CVE/2008.list | 146 |
1 files changed, 73 insertions, 73 deletions
diff --git a/data/CVE/2008.list b/data/CVE/2008.list index 6dbe07abad..e790fbbf5d 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -380,7 +380,7 @@ CVE-2008-7172 (Lightweight news portal (LNP) 1.0b does not properly restrict acc CVE-2008-7171 (Multiple cross-site scripting (XSS) vulnerabilities in Lightweight ...) NOT-FOR-US: Lightweight news portal CVE-2008-7170 (GSC build 2067 and earlier relies on the client to enforce ...) - NOT-FOR-US: GSC build + NOT-FOR-US: GSC build CVE-2008-7169 (SQL injection vulnerability in Jabode horoscope extension (com_jabode) ...) NOT-FOR-US: Joomla CVE-2008-7168 (Insecure method vulnerability in the UUSee UUUpgrade ActiveX control ...) @@ -600,7 +600,7 @@ CVE-2008-7070 (Argument injection vulnerability in the URI handler in KVIrc 3.4. CVE-2008-7069 (All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information ...) NOT-FOR-US: All Club CMS (ACCMS) CVE-2008-7067 (PHP remote file inclusion vulnerability in ...) - NOT-FOR-US: PageTree CMS + NOT-FOR-US: PageTree CMS CVE-2008-7066 (OpenForum 0.66 Beta allows remote attackers to bypass authentication ...) NOT-FOR-US: OpenForum CVE-2008-7065 (Siemens C450 IP and C475 IP VoIP devices allow remote attackers to ...) @@ -643,11 +643,11 @@ CVE-2008-7048 (Multiple cross-site scripting (XSS) vulnerabilities in NatterChat CVE-2008-7047 (NatterChat 1.1 allows remote attackers to bypass authentication and ...) NOT-FOR-US: NatterChat CVE-2008-7046 (AJ Square Free Polling Script (AJPoll) allows remote attackers to ...) - NOT-FOR-US: AJ Square Free Polling Script + NOT-FOR-US: AJ Square Free Polling Script CVE-2008-7045 (AJ Square Free Polling Script (AJPoll) Database version allows remote ...) - NOT-FOR-US: AJ Square Free Polling Script + NOT-FOR-US: AJ Square Free Polling Script CVE-2008-7044 (SQL injection vulnerability in admin/include/newpoll.php in AJ Square ...) - NOT-FOR-US: AJ Square Free Polling Script + NOT-FOR-US: AJ Square Free Polling Script CVE-2008-7043 (Cross-site scripting (XSS) vulnerability in register.php in ...) NOT-FOR-US: FreshScripts Fresh Email Script CVE-2008-7042 (PHP remote file inclusion vulnerability in url.php in FreshScripts ...) @@ -671,9 +671,9 @@ CVE-2008-7034 (PHP remote file inclusion vulnerability in ...) CVE-2008-7033 (SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) ...) NOT-FOR-US: component for Joomla! CVE-2008-7032 (Web Management Console Cross-site request forgery (CSRF) vulnerability ...) - NOT-FOR-US: web management console in F5 BIG-IP + NOT-FOR-US: web management console in F5 BIG-IP CVE-2008-7031 (Heap-based buffer overflow in Foxit Remote Access Server (aka WAC ...) - NOT-FOR-US: Foxit Remote Access Server (aka WAC Server) + NOT-FOR-US: Foxit Remote Access Server (aka WAC Server) CVE-2008-7030 (Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web ...) NOT-FOR-US: Site2Nite Real Estate Web CVE-2008-7029 (Unrestricted file upload vulnerability in usercp.php in AlilG ...) @@ -699,7 +699,7 @@ CVE-2008-7020 (McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores CVE-2008-7019 (Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass ...) NOT-FOR-US: Esqlanelapse CVE-2008-7018 (Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar ...) - NOT-FOR-US: NashTech Easy PHP Calendar + NOT-FOR-US: NashTech Easy PHP Calendar CVE-2008-7017 (Cross-site scripting (XSS) vulnerability in analyse.php in CAcert ...) NOT-FOR-US: CAcert CVE-2008-7016 (tnftpd before 20080929 splits large command strings into multiple ...) @@ -719,7 +719,7 @@ CVE-2008-7010 (Skalfa Software SkaLinks Exchange Script 1.5 allows remote attack CVE-2008-7009 (Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security ...) NOT-FOR-US: Check Point ZoneAlarm Security Suite CVE-2008-7008 (HyperStop Web Host Directory 1.2 allows remote attackers to bypass ...) - NOT-FOR-US: HyperStop Web Host Directory + NOT-FOR-US: HyperStop Web Host Directory CVE-2008-7007 (Free PHP VX Guestbook 1.06 allows remote attackers to bypass ...) NOT-FOR-US: Free PHP VX Guestbook CVE-2008-7006 (Free PHP VX Guestbook 1.06 allows remote attackers to bypass ...) @@ -729,7 +729,7 @@ CVE-2008-7005 (include/modules/top/1-random_quote.php in Minb Is Not a Blog (min CVE-2008-7004 (Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown ...) NOT-FOR-US: Electronic Logbook CVE-2008-7003 (Multiple SQL injection vulnerabilities in login.php in The Rat CMS ...) - NOT-FOR-US: The Rat CMS + NOT-FOR-US: The Rat CMS CVE-2008-7002 (PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...) - php5 (unimportant) NOTE: safe-mode and basedir violations not treated as security issues @@ -795,7 +795,7 @@ CVE-2008-6975 (Multiple cross-site request forgery (CSRF) vulnerabilities in ... CVE-2008-6974 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: DD-WRT CVE-2008-6973 (Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 ...) - NOT-FOR-US: IBM WebSphere + NOT-FOR-US: IBM WebSphere CVE-2008-6961 (mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before ...) - icedove 2.0.0.19-1 - iceape 1.1.14-1 @@ -944,9 +944,9 @@ CVE-2008-6904 (Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for CVE-2008-6903 (Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows ...) NOT-FOR-US: Sophos SAVScan CVE-2008-6902 (Unrestricted file upload vulnerability in upload_flyer.php in ...) - NOT-FOR-US: 2532designs + NOT-FOR-US: 2532designs CVE-2008-6901 (Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs ...) - NOT-FOR-US: 2532designs + NOT-FOR-US: 2532designs CVE-2008-6900 (Unrestricted file upload vulnerability in "Add Pen/Author Name" ...) NOT-FOR-US: AvailScript Article Script CVE-2008-6899 (Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated ...) @@ -1075,7 +1075,7 @@ CVE-2008-6839 (Multiple cross-site scripting (XSS) vulnerabilities in TGS Conten CVE-2008-6838 (Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 ...) - zoph 0.8.0.1-1 (low; bug #535188) [lenny] - zoph <no-dsa> (Minor issue, fringe package) - NOTE: it seems a duplicate of CVE-2008-3258 + NOTE: it seems a duplicate of CVE-2008-3258 CVE-2008-6837 (SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to ...) - zoph 0.8.0.1-1 (bug #535188) [lenny] - zoph <no-dsa> (Minor issue, fringe package) @@ -1491,7 +1491,7 @@ CVE-2008-6640 (Multiple SQL injection vulnerabilities in BatmanPorTaL allow remo CVE-2008-6639 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...) - ajaxplorer <itp> (bug #668381) CVE-2008-6638 (Insecure method vulnerability in the Versalsoft HTTP Image Uploader ...) - NOT-FOR-US: Versalsoft HTTP Image Uploader ActiveX + NOT-FOR-US: Versalsoft HTTP Image Uploader ActiveX CVE-2008-6637 (Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in ...) NOT-FOR-US: Library Video Company SAFARI Montage CVE-2008-6636 (PHP remote file inclusion vulnerability in skins/default.php in Geody ...) @@ -1645,7 +1645,7 @@ CVE-2008-6564 (Nortel UNIStim protocol, as used in Communication Server 1000 and CVE-2008-6563 (Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly ...) NOT-FOR-US: Trillian CVE-2008-6562 (Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack ...) - NOT-FOR-US: Jack (tR) Jax LinkLists + NOT-FOR-US: Jack (tR) Jax LinkLists CVE-2008-6561 (Citrix Presentation Server Client for Windows before 10.200 does not ...) NOT-FOR-US: Citrix CVE-2008-6560 (Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on ...) @@ -1691,11 +1691,11 @@ CVE-2008-6544 (** DISPUTED ** ...) CVE-2008-6543 (Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM ...) NOT-FOR-US: ComScripts TEAM Quick Classifieds CVE-2008-6542 (Unspecified vulnerability in the Skin Manager in DotNetNuke before ...) - NOT-FOR-US: DotNetNuke + NOT-FOR-US: DotNetNuke CVE-2008-6541 (Unrestricted file upload vulnerability in the file manager module in ...) - NOT-FOR-US: DotNetNuke + NOT-FOR-US: DotNetNuke CVE-2008-6540 (DotNetNuke before 4.8.2, during installation or upgrade, does not warn ...) - NOT-FOR-US: DotNetNuke + NOT-FOR-US: DotNetNuke CVE-2008-6539 (Static code injection vulnerability in user/settings/ in DeStar ...) - destar <removed> (bug #522123) CVE-2008-6538 (DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a ...) @@ -1718,7 +1718,7 @@ CVE-2008-6532 (Multiple cross-site request forgery (CSRF) vulnerabilities in the - drupal6 6.9-1 (low) [lenny] - drupal6 6.6-1.1 CVE-2008-6531 (The WebWork 1 web application framework in Atlassian JIRA before ...) - NOT-FOR-US: Atlassian JIRA + NOT-FOR-US: Atlassian JIRA CVE-2008-6530 (Unrestricted file upload vulnerability in editimage.php in ...) NOT-FOR-US: eZoneScripts Living Local CVE-2008-6529 (Cross-site scripting (XSS) vulnerability in listtest.php in ...) @@ -1818,7 +1818,7 @@ CVE-2008-6483 (PHP remote file inclusion vulnerability in admin.googlebase.php i CVE-2008-6482 (PHP remote file inclusion vulnerability in admin.treeg.php in the ...) NOT-FOR-US: Flash Tree Gallery (com_treeg) component for Joomla! CVE-2008-6481 (SQL injection vulnerability in the Versioning component ...) - NOT-FOR-US: Versioning component (com_versioning) in Joomla! and Mambo + NOT-FOR-US: Versioning component (com_versioning) in Joomla! and Mambo CVE-2008-6480 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: Datalife Engine CVE-2008-6479 (Cross-site request forgery (CSRF) vulnerability in the "change ...) @@ -2288,17 +2288,17 @@ CVE-2008-6249 (SQL injection vulnerability in plugins/users/index.php in Galatol CVE-2008-6248 (Cross-site scripting (XSS) vulnerability in all.php in Galatolo ...) NOT-FOR-US: Galatolo WebManager CVE-2008-6247 (SQL injection vulnerability in topsite.php in Scripts For Sites (SFS) ...) - NOT-FOR-US: Scripts For Sites + NOT-FOR-US: Scripts For Sites CVE-2008-6246 (SQL injection vulnerability in category.php in Scripts For Sites (SFS) ...) - NOT-FOR-US: Scripts For Sites + NOT-FOR-US: Scripts For Sites CVE-2008-6245 (SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ ...) - NOT-FOR-US: Scripts For Sites + NOT-FOR-US: Scripts For Sites CVE-2008-6244 (SQL injection vulnerability in view_reviews.php in Scripts for Sites ...) - NOT-FOR-US: Scripts For Sites + NOT-FOR-US: Scripts For Sites CVE-2008-6243 (SQL injection vulnerability in showcategory.php in Scripts For Sites ...) - NOT-FOR-US: Scripts For Sites + NOT-FOR-US: Scripts For Sites CVE-2008-6242 (SQL injection vulnerability in SearchResults.php in Scripts For Sites ...) - NOT-FOR-US: Scripts For Sites + NOT-FOR-US: Scripts For Sites CVE-2008-6241 (Multiple SQL injection vulnerabilities in admin/usercheck.php in ...) NOT-FOR-US: FlexPHPSite CVE-2008-6240 (Cross-site scripting (XSS) vulnerability in data/views/index.html in ...) @@ -2308,7 +2308,7 @@ CVE-2008-6239 (Cross-site request forgery (CSRF) vulnerability in OpenEdit Digit CVE-2008-6238 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: OpenEdit Digital Asset Management CVE-2008-6237 (SQL injection vulnerability in software-description.php in Scripts For ...) - NOT-FOR-US: Scripts For Sites + NOT-FOR-US: Scripts For Sites CVE-2008-6236 (SQL injection vulnerability in login.php in Simple Document Management ...) NOT-FOR-US: Simple Document Management System CVE-2008-6235 (The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted ...) @@ -2330,7 +2330,7 @@ CVE-2008-6229 (Cross-site scripting (XSS) vulnerability in the administrative .. CVE-2008-6228 (Pre Multi-Vendor Shopping Malls allows remote attackers to bypass ...) NOT-FOR-US: Pre Multi-Vendor Shopping Malls CVE-2008-6227 (SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor ...) - NOT-FOR-US: Pre Multi-Vendor Shopping Malls + NOT-FOR-US: Pre Multi-Vendor Shopping Malls CVE-2008-6226 (SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto ...) NOT-FOR-US: Pre Projects PHP Auto Listings Script CVE-2008-6225 (** DISPUTED ** ...) @@ -2474,7 +2474,7 @@ CVE-2008-6160 (Semantically-Interconnected Online Communities (SIOC) 5.x before CVE-2008-6159 (Content Management Made Easy (CMME) 1.19 allows remote attackers to ...) NOT-FOR-US: Content Management Made Easy CVE-2008-6158 (Multiple unspecified vulnerabilities in the admin backend in w3b>cms ...) - NOT-FOR-US: w3blabor CMS + NOT-FOR-US: w3blabor CMS CVE-2008-6157 (SepCity Classified Ads stores the admin password in cleartext in ...) NOT-FOR-US: SepCity Classified Ads CVE-2008-6156 (SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 ...) @@ -2686,7 +2686,7 @@ CVE-2008-6062 (Cross-site scripting (XSS) vulnerability in ActionScript in arbit CVE-2008-6061 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...) NOT-FOR-US: Techsmith Camtasia Studio CVE-2008-6060 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...) - NOT-FOR-US: InfoSoft FusionCharts + NOT-FOR-US: InfoSoft FusionCharts CVE-2008-6059 (xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not ...) - webkit <not-affected> (bug #516555; low) NOTE: webkit in linux needs libsoup for cookie support @@ -2823,7 +2823,7 @@ CVE-2008-5993 (Directory traversal vulnerability in image.php in Barcode Generat CVE-2008-5992 (Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) ...) NOT-FOR-US: Jetik Emlak Sistem CVE-2008-5991 (Directory traversal vulnerability in docs.php in MailWatch for ...) - NOT-FOR-US: MailWatch for MailScanner + NOT-FOR-US: MailWatch for MailScanner CVE-2008-5990 (Directory traversal vulnerability in connect/init.inc in emergecolab ...) NOT-FOR-US: emergecolab CVE-2008-5989 (Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and ...) @@ -3099,7 +3099,7 @@ CVE-2008-5870 (FastStone Image Viewer 3.6 allows user-assisted attackers to caus CVE-2008-5869 (Cross-site scripting (XSS) vulnerability in the Proxim Wireless ...) NOT-FOR-US: Proxim Wireless Tsunami CVE-2008-5868 (Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows ...) - NOT-FOR-US: IntelliTamper + NOT-FOR-US: IntelliTamper CVE-2008-5867 (Directory traversal vulnerability in Yerba SACphp 6.3 allows remote ...) NOT-FOR-US: Yerba CVE-2008-5866 (The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public ...) @@ -4525,7 +4525,7 @@ CVE-2008-5296 (Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when ...) - gallery 1.5.9-1.2 (low; bug #506824) [etch] - gallery <not-affected> (vulnerable code introduced in 1.5.8-svn-b34) CVE-2008-5295 (SQL injection vulnerability in index.php in Jamit Job Board 3.4.10 ...) - NOT-FOR-US: Jamit Job Board + NOT-FOR-US: Jamit Job Board CVE-2008-5294 (SQL injection vulnerability in index.php in WebStudio eCatalogue ...) NOT-FOR-US: WebStudio eCatalogue CVE-2008-5293 (SQL injection vulnerability in index.php in WebStudio eHotel allows ...) @@ -4577,7 +4577,7 @@ CVE-2008-5268 (SQL injection vulnerability in content/forums/reply.asp in ASPPor CVE-2008-5267 (SQL injection vulnerability in answer.php in Experts 1.0.0, when ...) NOT-FOR-US: Experts CVE-2008-5266 (Cross-site scripting (XSS) vulnerability in ...) - NOT-FOR-US: Sun Java System Application Server + NOT-FOR-US: Sun Java System Application Server CVE-2008-5265 (Directory traversal vulnerability in index.php in TNT Forum 0.9.4, ...) NOT-FOR-US: TNT Forum CVE-2008-5264 (Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado ...) @@ -5520,7 +5520,7 @@ CVE-2008-4869 (FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attack [etch] - kino <not-affected> (Does not ship ffmpeg) - gstreamer0.10-ffmpeg 0.10.3-2 CVE-2008-4868 (Unspecified vulnerability in the avcodec_close function in ...) - - ffmpeg <not-affected> (Vulnerable code not present) + - ffmpeg <not-affected> (Vulnerable code not present) - ffmpeg-debian <not-affected> (Vulnerable code not present) [etch] - ffmpeg <not-affected> (Vulnerable code not present) - mplayer 1.0~rc2-14 @@ -5698,7 +5698,7 @@ CVE-2008-5076 (htop 0.7 writes process names to a terminal without sanitizing .. - htop 0.8.1-2 (unimportant; bug #504144) NOTE: That scenario is too constructed to call it a security issue, especially NOTE: given that the standard top will display the maliciously hidden processes - NOTE: just fine. + NOTE: just fine. CVE-2008-5256 (The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek ...) - virtualbox-ose 1.6.6-dfsg-3 (low; bug #504149) CVE-2008-4801 (Heap-based buffer overflow in the Data Protection for SQL CAD service ...) @@ -6012,7 +6012,7 @@ CVE-2008-4672 (Cross-site scripting (XSS) vulnerability in search_results.php in CVE-2008-4671 (Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in ...) - wordpress <not-affected> (Vulnerable code only in mulitiuser wordpress) CVE-2008-4670 (Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol ...) - NOT-FOR-US: Ed Pudol Clickbank Portal + NOT-FOR-US: Ed Pudol Clickbank Portal CVE-2008-4669 (Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher ...) NOT-FOR-US: Dan Fletcher Recipe Script CVE-2008-4668 (Directory traversal vulnerability in the Image Browser ...) @@ -6026,7 +6026,7 @@ CVE-2008-4665 (SQL injection vulnerability in PG Matchmaking allows remote attac CVE-2008-4664 (Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control ...) NOT-FOR-US: QvodInsert CVE-2008-4663 (Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as used ...) - NOT-FOR-US: K's CGI Access Log Kaiseki + NOT-FOR-US: K's CGI Access Log Kaiseki CVE-2008-4662 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when ...) NOT-FOR-US: LokiCMS CVE-2008-4661 (Cross-site scripting (XSS) vulnerability in the Page Improvements ...) @@ -6365,7 +6365,7 @@ CVE-2008-4523 (SQL injection vulnerability in login.php in IP Reg 0.4 and earlie CVE-2008-4522 (Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio ...) NOT-FOR-US: JMweb MP3 Music Audio Search and Download Script CVE-2008-4521 (SQL injection vulnerability in thisraidprogress.php in the World of ...) - NOT-FOR-US: World of Warcraft tracker + NOT-FOR-US: World of Warcraft tracker CVE-2008-4520 (Cross-site scripting (XSS) vulnerability in bulk_update.pl in ...) NOT-FOR-US: AutoNessus CVE-2008-4519 (Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 ...) @@ -6510,7 +6510,7 @@ CVE-2008-4448 (Cross-site request forgery (CSRF) vulnerability in actions.php in CVE-2008-4447 (Cross-site scripting (XSS) vulnerability in actions.php in Positive ...) NOT-FOR-US: Positive Software H-Sphere WebShell CVE-2008-4446 (Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 ...) - NOT-FOR-US: Nucleus EUC-JP + NOT-FOR-US: Nucleus EUC-JP CVE-2008-4445 (The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream ...) {DSA-1655-1} - linux-2.6 2.6.26-5 @@ -6535,7 +6535,7 @@ CVE-2008-4437 (Directory traversal vulnerability in importxml.pl in Bugzilla bef CVE-2008-4436 (SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog ...) NOT-FOR-US: bBlog CVE-2008-4435 (Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT ...) - NOT-FOR-US: RMSOFT Downloads Plus + NOT-FOR-US: RMSOFT Downloads Plus CVE-2008-4434 (Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and ...) NOT-FOR-US: uTorrent/Bittorrent CVE-2008-4433 (SQL injection vulnerability in search.php in the RMSOFT MiniShop ...) @@ -6795,7 +6795,7 @@ CVE-2008-4352 (SQL injection vulnerability in inc/pages/viewprofile.php in ...) CVE-2008-4351 (Directory traversal vulnerability in index.php in phpSmartCom 0.2 ...) NOT-FOR-US: phpSmartCom CVE-2008-4350 (SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 ...) - NOT-FOR-US: vbLOGIX Tutorial Script + NOT-FOR-US: vbLOGIX Tutorial Script CVE-2008-4349 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...) NOT-FOR-US: s0nic Paranews CVE-2008-4348 (SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, ...) @@ -7008,7 +7008,7 @@ CVE-2008-4252 (The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Vi CVE-2008-4251 RESERVED CVE-2008-4250 (The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...) - NOT-FOR-US: Microsoft Windows + NOT-FOR-US: Microsoft Windows CVE-2008-4249 RESERVED CVE-2008-4248 @@ -7107,7 +7107,7 @@ CVE-2008-4206 (PHP remote file inclusion vulnerability in config.php in Attachma CVE-2008-4205 (SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 ...) NOT-FOR-US: Attachmax Dolphin CVE-2008-4204 (SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation ...) - NOT-FOR-US: SoftAcid Hotel Reservation System + NOT-FOR-US: SoftAcid Hotel Reservation System CVE-2008-4203 (SQL injection vulnerability in cn_users.php in CzarNews 1.20 and ...) NOT-FOR-US: CzarNews CVE-2008-4202 (SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 ...) @@ -7133,7 +7133,7 @@ CVE-2008-4192 (The pserver_shutdown function in fence_egenera in cman 2.20080629 [lenny] - redhat-cluster 2.20080801-4+lenny1 CVE-2008-4191 (extract-table.pl in Emacspeak 26 and 28 allows local users to ...) - emacspeak 28.0-2 (bug #496431; low) - [lenny] - emacspeak 26.0-3+lenny1 + [lenny] - emacspeak 26.0-3+lenny1 [etch] - emacspeak <no-dsa> (Minor issue) CVE-2008-4190 (The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x ...) {DSA-1760-1} @@ -7961,7 +7961,7 @@ CVE-2008-3862 (Stack-based buffer overflow in CGI programs in the server in Tren CVE-2008-3861 (Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and ...) NOT-FOR-US: phpMyRealty CVE-2008-3860 (Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG ...) - NOT-FOR-US: IBM, Lotus Quickr 8.1 + NOT-FOR-US: IBM, Lotus Quickr 8.1 CVE-2008-3859 (Davlin Thickbox Gallery 2 allows remote attackers to obtain the ...) NOT-FOR-US: Davlin Thickbox Gallery CVE-2008-3858 (The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a ...) @@ -8148,7 +8148,7 @@ CVE-2008-3792 (net/sctp/socket.c in the Stream Control Transmission Protocol (sc CVE-2008-3788 (Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, ...) NOT-FOR-US: PICTURESPRO Photo Cart 3.9 CVE-2008-3787 (SQL injection vulnerability in listing_view.php in Web Directory ...) - NOT-FOR-US: Web Directory Script + NOT-FOR-US: Web Directory Script CVE-2008-3786 (Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO ...) NOT-FOR-US: PICTURESPRO Photo Cart 3.9 CVE-2008-3785 (Multiple SQL injection vulnerabilities in the com_content component in ...) @@ -8162,15 +8162,15 @@ CVE-2008-3782 (Multiple cross-site scripting (XSS) vulnerabilities in admin/inde CVE-2008-3781 (Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 ...) NOT-FOR-US: GMOD GBrowse CVE-2008-3780 (SQL injection vulnerability in recommend.php in Five Star Review ...) - NOT-FOR-US: Five Star Review Script + NOT-FOR-US: Five Star Review Script CVE-2008-3779 (Cross-site scripting (XSS) vulnerability in search/index.php in Five ...) - NOT-FOR-US: Five Star Review Script + NOT-FOR-US: Five Star Review Script CVE-2008-3778 (The remote management interface in SIP Enablement Services (SES) ...) NOT-FOR-US: Avaya SIP Enablement Services CVE-2008-3777 (The SIP Enablement Services (SES) Server in Avaya SIP Enablement ...) NOT-FOR-US: Avaya SIP Enablement Services CVE-2008-3776 (Directory traversal vulnerability in Fujitsu Web-Based Admin View ...) - NOT-FOR-US: Fujitsu Web-Based Admin View + NOT-FOR-US: Fujitsu Web-Based Admin View CVE-2008-3775 (Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the ...) NOT-FOR-US: Folder Lock CVE-2008-3774 (SQL injection vulnerability in index.php in Simasy CMS allows remote ...) @@ -8186,7 +8186,7 @@ CVE-2008-3770 (Multiple directory traversal vulnerabilities in Freeway 1.4.1.171 CVE-2008-3769 (PHP remote file inclusion vulnerability in admin/create_order_new.php ...) NOT-FOR-US: Freeway CVE-2008-3768 (Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey ...) - NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart + NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart CVE-2008-3767 (SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows ...) NOT-FOR-US: phpBazar CVE-2008-3766 (Realtime Internet Band Rehearsal Low-Latency (Internet) Connection ...) @@ -9007,7 +9007,7 @@ CVE-2008-3482 (Cross-site scripting (XSS) vulnerability in the error page featur CVE-2008-3481 (themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2008-3480 (Stack-based buffer overflow in the Anzio Web Print Object (WePO) ...) - NOT-FOR-US: Anzio Web Print Object + NOT-FOR-US: Anzio Web Print Object CVE-2008-3479 (Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) ...) NOT-FOR-US: Microsoft Windows CVE-2008-3478 @@ -9037,7 +9037,7 @@ CVE-2008-3467 CVE-2008-3466 (Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not ...) NOT-FOR-US: Microsoft CVE-2008-3465 (Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 ...) - NOT-FOR-US: Microsoft Windows + NOT-FOR-US: Microsoft Windows CVE-2008-3464 (afd.sys in the Ancillary Function Driver (AFD) component in Microsoft ...) NOT-FOR-US: Microsoft CVE-2008-3463 @@ -9181,7 +9181,7 @@ CVE-2008-3403 (SQL injection vulnerability in mojoClassified.cgi in MojoPersonal CVE-2008-3402 (Multiple PHP remote file inclusion vulnerabilities in HIOX Browser ...) NOT-FOR-US: HIOX Browser Statistics CVE-2008-3401 (PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX ...) - NOT-FOR-US: HIOX Random Ad + NOT-FOR-US: HIOX Random Ad CVE-2008-3400 (XRMS CRM 1.99.2 allows remote attackers to obtain configuration ...) NOT-FOR-US: XRMS CRM CVE-2008-3399 (PHP remote file inclusion vulnerability in ...) @@ -9213,7 +9213,7 @@ CVE-2008-3387 (SQL injection vulnerability in show.php in PHPFootball 1.6 allows CVE-2008-3386 (SQL injection vulnerability in album.php in AlstraSoft Video Share ...) NOT-FOR-US: AlstraSoft Video Share Enterprise CVE-2008-3385 (Directory traversal vulnerability in include/head_chat.inc.php in php ...) - NOT-FOR-US: Help Agent + NOT-FOR-US: Help Agent CVE-2008-3384 (Multiple directory traversal vulnerabilities in help/help.php in ...) NOT-FOR-US: Interact Learning Community Environment Interact CVE-2008-3383 (SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote ...) @@ -9448,7 +9448,7 @@ CVE-2008-3275 (The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c {DSA-1636-1 DSA-1630-1} - linux-2.6.24 2.6.24-6~etchnhalf.5 - linux-2.6 2.6.26-2 - NOTE: d70b67c8bc72ee23b55381bd6a884f4796692f77 + NOTE: d70b67c8bc72ee23b55381bd6a884f4796692f77 CVE-2008-3274 (The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA ...) NOT-FOR-US: FreeIPA CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP) before ...) @@ -9532,7 +9532,7 @@ CVE-2008-3242 (Heap-based buffer overflow in the PPMedia Class ActiveX control i CVE-2008-3241 (SQL injection vulnerability in players-detail.php in UltraStats ...) NOT-FOR-US: UltraStats CVE-2008-3240 (SQL injection vulnerability in index.php in AlstraSoft Affiliate ...) - NOT-FOR-US: AlstraSoft Affiliate Network Pro + NOT-FOR-US: AlstraSoft Affiliate Network Pro CVE-2008-3239 (Unrestricted file upload vulnerability in the writeLogEntry function ...) NOT-FOR-US: PHPizabi CVE-2008-3238 (Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow ...) @@ -9916,9 +9916,9 @@ CVE-2008-3094 (The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before CVE-2008-3093 (Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier ...) NOT-FOR-US: ImperialBB CVE-2008-3092 (SQL injection vulnerability in the Taxonomy Autotagger module 5.x ...) - NOT-FOR-US: additional drupal module Taxonomy Autotagger + NOT-FOR-US: additional drupal module Taxonomy Autotagger CVE-2008-3091 (Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger ...) - NOT-FOR-US: additional drupal module Taxonomy Autotagger + NOT-FOR-US: additional drupal module Taxonomy Autotagger CVE-2008-3090 (Multiple SQL injection vulnerabilities in index.php in BlognPlus (BURO ...) NOT-FOR-US: BlognPlus CVE-2008-3089 (SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze ...) @@ -10194,7 +10194,7 @@ CVE-2008-2963 (Multiple SQL injection vulnerabilities in MyBlog allow remote ... CVE-2008-2962 (Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow ...) NOT-FOR-US: MyBlog CVE-2008-2961 (Multiple directory traversal vulnerabilities in view/index.php in CMS ...) - NOT-FOR-US: CMS Mini + NOT-FOR-US: CMS Mini CVE-2008-2959 (Buffer overflow in a certain ActiveX control (vb6skit.dll) in ...) NOT-FOR-US: ActiveX control CVE-2008-2951 (Open redirect vulnerability in the search script in Trac before 0.10.5 ...) @@ -10384,7 +10384,7 @@ CVE-2008-2868 (SQL injection vulnerability in detail.asp in DUware DUcalendar 1. CVE-2008-2867 (SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 ...) NOT-FOR-US: E-topbiz Viral CVE-2008-2866 (SQL injection vulnerability in csc_article_details.php in Caupo.net ...) - NOT-FOR-US: CaupoShop Classic + NOT-FOR-US: CaupoShop Classic CVE-2008-2865 (SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site ...) NOT-FOR-US: Kalptaru Infotech PHP Site CVE-2008-2864 (eLineStudio Site Composer (ESC) 2.6 and earlier allows remote ...) @@ -10425,7 +10425,7 @@ CVE-2008-2850 (SQL injection vulnerability in the TrailScout module 5.x before . CVE-2008-2849 (Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x ...) NOT-FOR-US: additional drupal module TrailScout CVE-2008-2848 (Cross-site scripting (XSS) vulnerability in the search functionality ...) - NOT-FOR-US: MindTouch DekiWiki + NOT-FOR-US: MindTouch DekiWiki CVE-2008-2847 (SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 ...) NOT-FOR-US: Maxtrade CVE-2008-2846 (SQL injection vulnerability in index.php in BoatScripts Classifieds ...) @@ -10756,7 +10756,7 @@ CVE-2008-2750 (The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Li - linux-2.6 2.6.26 [etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.23) - linux-2.6.24 2.6.24-6~etchnhalf.4 - NOTE: 6b6707a50c7598a83820077393f8823ab791abf8 + NOTE: 6b6707a50c7598a83820077393f8823ab791abf8 CVE-2008-2749 (Unspecified vulnerability in cshttpd in Sun Java System Calendar ...) NOT-FOR-US: Sun Java System Application Server CVE-2008-2748 (Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a ...) @@ -10943,7 +10943,7 @@ CVE-2008-2672 (Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b CVE-2008-2671 (SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows ...) NOT-FOR-US: DCFM Blog CVE-2008-2670 (Multiple SQL injection vulnerabilities in index.php in Insanely Simple ...) - NOT-FOR-US: Insanely Simple Blog + NOT-FOR-US: Insanely Simple Blog CVE-2008-2669 (Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote ...) NOT-FOR-US: yBlog CVE-2008-2668 (Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 ...) @@ -11346,7 +11346,7 @@ CVE-2008-2476 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) - kfreebsd-7 7.0-6 NOTE: IPv6 NDP flaw not affecting Linux CVE-2008-2475 (eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) ...) - NOT-FOR-US: eBay Enhanced Picture Uploader ActiveX control + NOT-FOR-US: eBay Enhanced Picture Uploader ActiveX control CVE-2008-2474 (Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit ...) NOT-FOR-US: ABB Process Communication Unit CVE-2008-2473 @@ -11456,7 +11456,7 @@ CVE-2008-2422 (SQL injection vulnerability in index.php in Web Slider 0.6 allows CVE-2008-2421 (Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web ...) NOT-FOR-US: Web GUI in SAP Web Application Server (WAS) CVE-2008-2419 (Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of ...) - NOTE: Mozilla bug 435130, not reproducible by upstream, Debian bug #484484 + NOTE: Mozilla bug 435130, not reproducible by upstream, Debian bug #484484 CVE-2008-2418 (Race condition in the STREAMS Administrative Driver (sad) in Sun ...) NOT-FOR-US: STREAMS Administrative Driver SUN CVE-2008-2417 (SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard ...) @@ -11831,7 +11831,7 @@ CVE-2008-2265 (SQL injection vulnerability in news.php in EMO Realty Manager all CVE-2008-2264 (Cross-site scripting (XSS) vulnerability in index.php in CyrixMED 1.4 ...) NOT-FOR-US: CyrixMED CVE-2008-2263 (SQL injection vulnerability in linking.page.php in Automated Link ...) - NOT-FOR-US: Automated Link Exchange Portal + NOT-FOR-US: Automated Link Exchange Portal CVE-2008-2262 RESERVED CVE-2008-2261 @@ -11869,7 +11869,7 @@ CVE-2008-2246 (Microsoft Windows Vista through SP1 and Server 2008 do not proper CVE-2008-2245 (Heap-based buffer overflow in the InternalOpenColorProfile function in ...) NOT-FOR-US: Microsoft Windows Image Color Management System (MSCMS) CVE-2008-2244 (Microsoft Office Word 2002 SP3 allows remote attackers to execute ...) - NOT-FOR-US: Microsoft Office Word + NOT-FOR-US: Microsoft Office Word CVE-2008-2243 RESERVED CVE-2008-2242 (Multiple buffer overflows in xdr functions in the server in CA ...) @@ -13140,7 +13140,7 @@ CVE-2008-1696 (Directory traversal vulnerability in makepost.php in DaZPHPNews 0 CVE-2008-1695 RESERVED CVE-2008-1694 (vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local ...) - - emacs21 21.4a+1-5.6 (low; bug #476612) + - emacs21 21.4a+1-5.6 (low; bug #476612) [etch] - emacs21 <no-dsa> (Minor issue) - emacs22 22.2+2-2 (low; bug #476611) - xemacs21 21.4.21-4 (low; bug #476613) @@ -13169,7 +13169,7 @@ CVE-2008-1688 (Unspecified vulnerability in GNU m4 before 1.4.11 might allow ... NOTE: elevated privileges. CVE-2008-1687 (The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before ...) - m4 <unfixed> (unimportant) - NOTE: This is more a generic bug and not a security issue: the random output would + NOTE: This is more a generic bug and not a security issue: the random output would NOTE: need to match the name of an existing macro CVE-2008-1686 (Array index vulnerability in Speex 1.1.12 and earlier, as used in ...) {DSA-1586-1 DSA-1585-1 DSA-1584-1 DTSA-127-1 DTSA-128-1 DTSA-129-1} @@ -14638,7 +14638,7 @@ CVE-2008-1095 (Unspecified vulnerability in the Internet Protocol (IP) implement CVE-2008-1094 (SQL injection vulnerability in index.cgi in the Account View page in ...) NOT-FOR-US: Barracuda Spam Firewall CVE-2008-1093 (Acresso InstallShield Update Agent does not properly verify the ...) - NOT-FOR-US: FLEXnet Connect + NOT-FOR-US: FLEXnet Connect CVE-2008-1092 (Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet ...) NOT-FOR-US: Microsoft Jet Database Engine CVE-2008-1091 (Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, ...) @@ -14823,7 +14823,7 @@ CVE-2008-1014 (Apple QuickTime before 7.4.5 does not properly handle external UR CVE-2008-1013 (Apple QuickTime before 7.4.5 enables deserialization of QTJava objects ...) NOT-FOR-US: Apple QuickTime CVE-2008-1012 (Unspecified vulnerability in Apple AirPort Extreme Base Station ...) - NOT-FOR-US: Apple AirPort + NOT-FOR-US: Apple AirPort CVE-2008-1011 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...) NOTE: As far as I can see this has been addressed in revision 30871. NOTE: Please doublecheck. |