[Openvas-commits] r1649 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Oct 30 07:04:48 CET 2008
Author: chandra
Date: 2008-10-30 07:04:47 +0100 (Thu, 30 Oct 2008)
New Revision: 1649
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/gb_phpwebgallery_mult_vuln_oct08.nasl
trunk/openvas-plugins/scripts/gb_vlc_media_player_ty_bof_vuln_lin.nasl
trunk/openvas-plugins/scripts/gb_vlc_media_player_ty_bof_vuln_win.nasl
Log:
Added new CVE's and updated description
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2008-10-30 05:53:04 UTC (rev 1648)
+++ trunk/openvas-plugins/ChangeLog 2008-10-30 06:04:47 UTC (rev 1649)
@@ -1,4 +1,10 @@
2008-10-30 Chandrashekhar B <bchandra at secpod.com>
+ * scripts/gb_vlc_media_player_ty_bof_vuln_win.nasl,
+ scripts/gb_phpwebgallery_mult_vuln_oct08.nasl,
+ scripts/gb_vlc_media_player_ty_bof_vuln_lin.nasl:
+ Added new CVE's and updated description
+
+2008-10-30 Chandrashekhar B <bchandra at secpod.com>
* scripts/gb_opera_info_disc_n_code_exec_lin.nasl,
scripts/gb_opera_info_disc_n_code_exec_win.nasl,
scripts/gb_opera_mult_vuln_oct08_lin.nasl,
Modified: trunk/openvas-plugins/scripts/gb_phpwebgallery_mult_vuln_oct08.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_phpwebgallery_mult_vuln_oct08.nasl 2008-10-30 05:53:04 UTC (rev 1648)
+++ trunk/openvas-plugins/scripts/gb_phpwebgallery_mult_vuln_oct08.nasl 2008-10-30 06:04:47 UTC (rev 1649)
@@ -28,7 +28,7 @@
{
script_id(800115);
script_version("$Revision: 1.0 $");
- script_cve_id("CVE-2008-4591");
+ script_cve_id("CVE-2008-4591", "CVE-2008-4702");
script_name(english:"Multiple XSS Vulnerabilities in PHPWebGallery - Oct08");
desc["english"] = "
@@ -37,8 +37,9 @@
Vulnerability Insight:
The flaws are caused due to improper validation of input data to parameters
- in isadmin.inc.php file, which allow remote attackers to inject arbitrary
- web script via lang[access_forbiden] and lang[ident_title] parameters.
+ in isadmin.inc.php and init.inc.php file, which allow remote attackers to
+ inject arbitrary web script via lang[access_forbiden], lang[ident_title],
+ user[language] and user[template] parameters.
Impact:
Successful attack could lead to execution of arbitrary HTML or scripting
Modified: trunk/openvas-plugins/scripts/gb_vlc_media_player_ty_bof_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_vlc_media_player_ty_bof_vuln_lin.nasl 2008-10-30 05:53:04 UTC (rev 1648)
+++ trunk/openvas-plugins/scripts/gb_vlc_media_player_ty_bof_vuln_lin.nasl 2008-10-30 06:04:47 UTC (rev 1649)
@@ -28,14 +28,14 @@
{
script_id(800117);
script_version("$Revision: 1.0 $");
- script_cve_id("CVE-2008-4654");
+ script_cve_id("CVE-2008-4654", "CVE-2008-4686");
script_bugtraq_id(31813);
script_name(english:"VLC Media Player TY Processing BOF Vulnerability (Linux)");
desc["english"] = "
Overview: This host is installed with VLC Media Player and is prone to
Buffer Overflow Vulnerability.
-
+
Vulnerability Insight:
The flaw is caused due to a boundary error while parsing the header of an
invalid TY file.
Modified: trunk/openvas-plugins/scripts/gb_vlc_media_player_ty_bof_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_vlc_media_player_ty_bof_vuln_win.nasl 2008-10-30 05:53:04 UTC (rev 1648)
+++ trunk/openvas-plugins/scripts/gb_vlc_media_player_ty_bof_vuln_win.nasl 2008-10-30 06:04:47 UTC (rev 1649)
@@ -28,7 +28,7 @@
{
script_id(800116);
script_version("$Revision: 1.0 $");
- script_cve_id("CVE-2008-4654");
+ script_cve_id("CVE-2008-4654", "CVE-2008-4686");
script_bugtraq_id(31813);
script_name(english:"VLC Media Player TY Processing Buffer Overflow Vulnerability (Win)");
desc["english"] = "
More information about the Openvas-commits
mailing list