From 1e9de1e7dd2e639c3335d43da2a67a234614e390 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 12 Feb 2019 21:32:28 +0100 Subject: Unify some older Joomla! NFUs --- data/CVE/2008.list | 58 +++++++++++++++++++++++++++--------------------------- 1 file changed, 29 insertions(+), 29 deletions(-) (limited to 'data/CVE/2008.list') diff --git a/data/CVE/2008.list b/data/CVE/2008.list index 5858fb8cf9..8c93c22ebf 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -410,7 +410,7 @@ CVE-2008-7171 (Multiple cross-site scripting (XSS) vulnerabilities in Lightweigh CVE-2008-7170 (GSC build 2067 and earlier relies on the client to enforce ...) NOT-FOR-US: GSC build CVE-2008-7169 (SQL injection vulnerability in Jabode horoscope extension (com_jabode) ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-7168 (Insecure method vulnerability in the UUSee UUUpgrade ActiveX control ...) NOT-FOR-US: ActiveX CVE-2008-7167 (Unrestricted file upload vulnerability in upload.php in Page Manager ...) @@ -1485,7 +1485,7 @@ CVE-2008-6655 (Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_ CVE-2008-6654 (Cross-site scripting (XSS) vulnerability in search_results.php in ...) NOT-FOR-US: InfoBiz Server CVE-2008-6653 (SQL injection vulnerability in webhosting.php in the Webhosting ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6652 (SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote ...) NOT-FOR-US: OneCMS CVE-2008-6651 (Static code injection vulnerability in edithistory.php in OxYProject ...) @@ -1944,9 +1944,9 @@ CVE-2008-6433 (Cross-site scripting (XSS) vulnerability in index.cfm in Blue Riv CVE-2008-6431 (Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 ...) NOT-FOR-US: BMForum CVE-2008-6430 (SQL injection vulnerability in the MyContent (com_mycontent) component ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6429 (SQL injection vulnerability in the PrayerCenter (com_prayercenter) ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6428 (The CGI framework in Kaya 0.4.0 allows remote attackers to inject ...) - kaya 0.4.2-1 (low) [etch] - kaya (Minor issue) @@ -2340,7 +2340,7 @@ CVE-2008-6235 (The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assis [lenny] - vim (proof-of-concept does not work) [etch] - vim (Minor issue) CVE-2008-6234 (SQL injection vulnerability in the com_musica module in Joomla! and ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6233 (SQL injection vulnerability in index.php in Five Dollar Scripts Drinks ...) NOT-FOR-US: Five Dollar Scripts Drinks script CVE-2008-6232 (Pre Shopping Mall allows remote attackers to bypass authentication and ...) @@ -2364,9 +2364,9 @@ CVE-2008-6224 (Directory traversal vulnerability in visualizza.php in Way Of The CVE-2008-6223 (PHP remote file inclusion vulnerability in visualizza.php in Way Of ...) NOT-FOR-US: Way Of The Warrior CVE-2008-6222 (Directory traversal vulnerability in the Pro Desk Support Center ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6221 (PHP remote file inclusion vulnerability in config.dadamail.php in the ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6220 (SQL injection vulnerability in login.php in Simple Document Management ...) NOT-FOR-US: Simple Document Management System CVE-2008-6219 (nsrexecd.exe in multiple EMC Networker products including EMC ...) @@ -2516,9 +2516,9 @@ CVE-2008-6151 (SQL injection vulnerability in shpdetails.asp in SepCity Shopping CVE-2008-6150 (SQL injection vulnerability in classdis.asp in SepCity Classified Ads ...) NOT-FOR-US: SepCity Faculty Portal CVE-2008-6149 (SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6148 (SQL injection vulnerability in the Live Ticker (com_liveticker) module ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6147 (ForumApp 3.3 stores sensitive information under the web root with ...) NOT-FOR-US: ForumApp CVE-2008-6146 (SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, ...) @@ -2586,7 +2586,7 @@ CVE-2008-6118 (win/content/upload.php in Goople CMS 1.7 allows remote attackers CVE-2008-6117 (SQL injection vulnerability in homepage.php in PG Job Site Pro allows ...) NOT-FOR-US: PG Job Site Pro CVE-2008-6116 (SQL injection vulnerability in the EXtrovert Software Thyme ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6115 (SQL injection vulnerability in directory.php in Prozilla Hosting Index ...) NOT-FOR-US: Prozilla Hosting Index CVE-2008-6114 (SQL injection vulnerability in product_details.php in the Mytipper ...) @@ -2643,7 +2643,7 @@ CVE-2008-6090 (Directory traversal vulnerability in members.php in ScriptsEz Min CVE-2008-6089 (Directory traversal vulnerability in main.php in ScriptsEz Easy Image ...) NOT-FOR-US: ScriptsEz CVE-2008-6088 (SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6087 (Cross-site scripting (XSS) vulnerability in topic.php in Camera Life ...) NOT-FOR-US: Camera Life CVE-2008-6086 (SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows ...) @@ -2659,7 +2659,7 @@ CVE-2008-6082 (Titan FTP Server 6.26 build 630 allows remote attackers to cause CVE-2008-6081 (SQL injection vulnerability in contact.php in Simple Customer 1.2 ...) NOT-FOR-US: Simple Customer CVE-2008-6080 (Directory traversal vulnerability in download.php in the ionFiles ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6079 (imlib2 before 1.4.2 allows context-dependent attackers to have an ...) {DSA-2029-1} - imlib2 1.4.2-1 (bug #576469) @@ -2669,7 +2669,7 @@ CVE-2008-6078 (SQL injection vulnerability in open.php in the Private Messaging CVE-2008-6077 (SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a ...) NOT-FOR-US: LoudBlog CVE-2008-6076 (SQL injection vulnerability in the Daily Message (com_dailymessage) ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6075 (SQL injection vulnerability in aspkat.asp in Bahar Download Script 2.0 ...) NOT-FOR-US: Bahar Download Script CVE-2008-6074 (Directory traversal vulnerability in frame.php in phpcrs 2.06 and ...) @@ -2688,7 +2688,7 @@ CVE-2008-6070 (Multiple heap-based buffer underflows in the ReadPALMImage functi CVE-2008-6069 (SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 ...) NOT-FOR-US: eChat plugin CVE-2008-6068 (SQL injection vulnerability in the JoomlaDate (com_joomladate) ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-7272 [iceweasel-firegpg: Passphrase and Cleartext Recovery] RESERVED - iceweasel-firegpg (bug #514386) @@ -2935,7 +2935,7 @@ CVE-2008-5959 (Multiple SQL injection vulnerabilities in start.asp in Active Tes CVE-2008-5958 (Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote ...) NOT-FOR-US: Active Test CVE-2008-5957 (SQL injection vulnerability in the Mydyngallery (com_mydyngallery) ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-5956 (Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information ...) NOT-FOR-US: Wbstreet CVE-2008-5955 (SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET ...) @@ -3563,7 +3563,7 @@ CVE-2008-5673 (PHParanoid before 0.4 does not properly restrict access to the me CVE-2008-5672 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: PHParanoid CVE-2008-5671 (PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-5670 (Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password ...) - textpattern 4.0.6-1 (low) CVE-2008-5669 (index.php in the comments preview section in Textpattern (aka Txp CMS) ...) @@ -3622,7 +3622,7 @@ CVE-2008-5644 (Cross-site scripting (XSS) vulnerability in the file backend modu - typo3-src 4.2.3-1 (bug #505324) [etch] - typo3-src (Only Typo3 4.2.2 is affected) CVE-2008-5643 (SQL injection vulnerability in the Books (com_books) component for ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-5642 (Directory traversal vulnerability in admin/login.php in CMS Made ...) NOT-FOR-US: CMS Made Simple CVE-2008-5641 (SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 ...) @@ -7340,7 +7340,7 @@ CVE-2008-4124 CVE-2008-4123 RESERVED CVE-2008-4122 (Joomla! 1.5.8 does not set the secure flag for the session cookie in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-4121 (Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce ...) NOT-FOR-US: cpCommerce CVE-2008-4120 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 ...) @@ -7381,13 +7381,13 @@ CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings ab {DSA-1871-2 DSA-1871-1} - wordpress 2.5.1-8 (bug #500115) CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-4104 (Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-4103 (The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-4102 (Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-4101 (Vim 3.0 through 7.x before 7.2.010 does not properly escape ...) {DSA-1733-1} - vim 2:7.2.010-1 (low; bug #500381) @@ -8498,7 +8498,7 @@ CVE-2008-3683 (Unspecified vulnerability in the FTP subsystem in Sun Java System CVE-2008-3682 (SQL injection vulnerability in dpage.php in YPN PHP Realty allows ...) NOT-FOR-US: YPN PHP Realty CVE-2008-3681 (components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-3680 (The decryption function in Flagship Industries Ventrilo 3.0.2 and ...) NOT-FOR-US: Flagship Industries Ventrilo CVE-2008-3679 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) @@ -9585,13 +9585,13 @@ CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a - xmovie (unimportant) NOTE: Only a NULL pointer deference, hardly security relevant CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply certain ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-3227 (Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-3226 (The file caching implementation in Joomla! before 1.5.4 allows ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-3225 (Joomla! before 1.5.4 allows attackers to access administration ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-3217 (PowerDNS Recursor before 3.1.6 does not always use the strongest ...) {DSA-1544-2} - pdns-recursor 3.1.7-1 (low; bug #493576) @@ -10359,7 +10359,7 @@ CVE-2008-2894 (Directory traversal vulnerability in the FTP client in NCH Softwa CVE-2008-2893 (SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ ...) NOT-FOR-US: AJ Square aj-hyip CVE-2008-2892 (SQL injection vulnerability in the EXP Shop (com_expshop) component ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-2891 (SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows ...) NOT-FOR-US: emuCMS CVE-2008-2890 (Multiple SQL injection vulnerabilities in Online Fantasy Football ...) @@ -13544,7 +13544,7 @@ CVE-2008-1535 (SQL injection vulnerability in the Matti Kiviharju rekry (aka ... CVE-2008-1534 (Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b ...) NOT-FOR-US: PowerPHPBoard CVE-2008-1533 (Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-1532 (Perlbal before 1.70, when buffered upload is enabled, allows remote ...) - perlbal (Fixed before initial upload to archive) CVE-2008-1531 (The connection_state_machine function (connections.c) in lighttpd ...) -- cgit v1.2.3