[Secure-testing-commits] r7449 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Sat Dec 1 09:14:14 UTC 2007
Author: joeyh
Date: 2007-12-01 09:14:13 +0000 (Sat, 01 Dec 2007)
New Revision: 7449
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-11-30 17:30:05 UTC (rev 7448)
+++ data/CVE/list 2007-12-01 09:14:13 UTC (rev 7449)
@@ -1,19 +1,147 @@
+CVE-2007-6200 (Unspecified vulnerability in rsync before 3.0.0pre6, when running a ...)
+ TODO: check
+CVE-2007-6199 (rsync before 3.0.0pre6, when running a writable rsync daemon that is ...)
+ TODO: check
+CVE-2007-6198 (portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction ...)
+ TODO: check
+CVE-2007-6197 (The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 ...)
+ TODO: check
+CVE-2007-6196 (Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail ...)
+ TODO: check
+CVE-2007-6195
+ RESERVED
+CVE-2007-6194
+ RESERVED
+CVE-2007-6193 (The web management interface in Citrix NetScaler 8.0 build 47.8 stores ...)
+ TODO: check
+CVE-2007-6192 (The web management interface in Citrix NetScaler 8.0 build 47.8 uses ...)
+ TODO: check
+CVE-2007-6191 (Multiple PHP remote file inclusion vulnerabilities in Armin Burger ...)
+ TODO: check
+CVE-2007-6190 (The HTTP daemon in the Cisco Unified IP Phone, when the Extension ...)
+ TODO: check
+CVE-2007-6189 (A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in ...)
+ TODO: check
+CVE-2007-6188 (Multiple directory traversal vulnerabilities in TuMusika Evolution ...)
+ TODO: check
+CVE-2007-6187 (Multiple directory traversal vulnerabilities in PHP Content Architect ...)
+ TODO: check
+CVE-2007-6186 (Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown ...)
+ TODO: check
+CVE-2007-6185 (Directory traversal vulnerability in users/files.php in Eurologon CMS ...)
+ TODO: check
+CVE-2007-6184 (Directory traversal vulnerability in index.php in Project Alumni 1.0.9 ...)
+ TODO: check
+CVE-2007-6182 (The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 ...)
+ TODO: check
+CVE-2007-6181 (Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier ...)
+ TODO: check
+CVE-2007-6180 (Race condition in the Remote Procedure Call kernel module (rpcmod) in ...)
+ TODO: check
+CVE-2007-6179 (Multiple PHP remote file inclusion vulnerabilities in Charray's CMS ...)
+ TODO: check
+CVE-2007-6178 (Multiple PHP remote file inclusion vulnerabilities in Easy Hosting ...)
+ TODO: check
+CVE-2007-6177 (PHP remote file inclusion vulnerability in Exchange/include.php in ...)
+ TODO: check
+CVE-2007-6176 (kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote ...)
+ TODO: check
+CVE-2007-6175 (Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2007-6174 (PHPDevShell before 0.7.0 allows remote authenticated users to gain ...)
+ TODO: check
+CVE-2007-6173 (Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay ...)
+ TODO: check
+CVE-2007-6172 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote ...)
+ TODO: check
+CVE-2007-6169 (SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty ...)
+ TODO: check
+CVE-2007-6168 (SQL injection vulnerability in default.asp in VU Case Manager allows ...)
+ TODO: check
+CVE-2007-6167 (yast2-core includes the current working directory in its search path, ...)
+ TODO: check
+CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime 7.2 and 7.3 allows ...)
+ TODO: check
+CVE-2007-6165 (Mail in Apple Mac OS X Leopard allows user-assisted remote attackers ...)
+ TODO: check
+CVE-2007-6164 (Multiple SQL injection vulnerabilities in Eurologon CMS allow remote ...)
+ TODO: check
+CVE-2007-6163 (SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty ...)
+ TODO: check
+CVE-2007-6162 (Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe ...)
+ TODO: check
+CVE-2007-6161 (index.php in Tilde CMS 4.x and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2007-6160 (Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x ...)
+ TODO: check
+CVE-2007-6159 (SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier ...)
+ TODO: check
+CVE-2007-6158 (Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs ...)
+ TODO: check
+CVE-2007-6157 (Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery ...)
+ TODO: check
+CVE-2007-6156 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2007-6155
+ RESERVED
+CVE-2007-6154
+ RESERVED
+CVE-2007-6153
+ RESERVED
+CVE-2007-6152
+ RESERVED
+CVE-2007-6151
+ RESERVED
+CVE-2007-6149
+ RESERVED
+CVE-2007-6148
+ RESERVED
+CVE-2007-6147 (Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE ...)
+ TODO: check
+CVE-2007-6146 (Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on ...)
+ TODO: check
+CVE-2007-6145 (Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP ...)
+ TODO: check
+CVE-2007-6144 (Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control ...)
+ TODO: check
+CVE-2007-6143 (SQL injection vulnerability in default.asp (aka the Login Page) in VU ...)
+ TODO: check
+CVE-2007-6142 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just ...)
+ TODO: check
+CVE-2007-6141 (Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 ...)
+ TODO: check
+CVE-2007-6140 (Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote ...)
+ TODO: check
+CVE-2007-6139 (PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox ...)
+ TODO: check
+CVE-2007-6138 (SQL injection vulnerability in redir.asp in VU Mass Mailer allows ...)
+ TODO: check
+CVE-2007-6137 (SQL injection vulnerability in news.php in Content Injector 1.52 ...)
+ TODO: check
+CVE-2007-6136 (Multiplce cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2007-6135 (Cross-site scripting (XSS) vulnerability in phpslideshow.php in ...)
+ TODO: check
+CVE-2007-6134 (SQL injection vulnerability in pkinc/public/article.php in PHPKIT ...)
+ TODO: check
+CVE-2007-6133 (PHP remote file inclusion vulnerability in admin/kfm/initialise.php in ...)
+ TODO: check
CVE-2007-XXXX [zabbix-agent runs as gid 0]
- zabbix <unfixed> (bug #452682)
-CVE-2007-6183 [format string vulnerability in ruby-gnome2]
+CVE-2007-6183 (Format string vulnerability in the mdiag_initialize function in ...)
- ruby-gnome2 <unfixed> (medium; bug #453689)
-CVE-2007-6171 [sql injection issue in asterisk res_config_pgsql module]
+CVE-2007-6171 (SQL injection vulnerability in the Postgres Realtime Engine ...)
- asterisk <unfixed> (medium)
NOTE: maintainer is aware of it, preparing upload atm
-CVE-2007-6170 [sql injection issue in asterisk cdr_pgsql module]
+CVE-2007-6170 (SQL injection vulnerability in the Call Detail Record Postgres logging ...)
- asterisk <unfixed> (medium)
NOTE: maintainer is aware of it, preparing upload atm
CVE-2007-XXXX [rsync is prone to symlink attacks]
- rsync <unfixed> (low; bug #453652)
-CVE-2007-6150 [weakness in random number generator on free bsd]
+CVE-2007-6150 (The "internal state tracking" code for the random and urandom devices ...)
NOT-FOR-US: FreeBSD
CVE-2007-6132
- RESERVED
+ REJECTED
CVE-2007-6131 (buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite ...)
- scanbuttond <unfixed> (unimportant; bug #453239)
NOTE: this is just an example script, maintainer adds a note about it
@@ -1180,7 +1308,7 @@
- tikiwiki <removed>
CVE-2007-5683 (Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki ...)
- tikiwiki <removed>
-CVE-2007-5682 (Unspecified vulnerability in tiki-graph_formula.php in TikiWiki before ...)
+CVE-2007-5682 (Incomplete blacklist vulnerability in tiki-graph_formula.php in ...)
- tikiwiki <removed>
CVE-2007-5681
RESERVED
@@ -2086,8 +2214,7 @@
NOT-FOR-US: Oracle
CVE-2007-5504 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and ...)
NOT-FOR-US: Oracle
-CVE-2007-5503
- RESERVED
+CVE-2007-5503 (Multiple integer overflows in Cairo before 1.4.12 might allow remote ...)
- libcairo <unfixed> (medium; bug #453686)
CVE-2007-5502
RESERVED
@@ -2108,8 +2235,8 @@
RESERVED
CVE-2007-5495
RESERVED
-CVE-2007-5494
- RESERVED
+CVE-2007-5494 (Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat ...)
+ TODO: check
CVE-2007-5493 (The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows ...)
NOT-FOR-US: Windows Mobile
CVE-2007-5492 (Static code injection vulnerability in the translation module ...)
@@ -2655,7 +2782,7 @@
NOT-FOR-US: ARCServe BackUp
CVE-2007-5329 (Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp ...)
NOT-FOR-US: ARCServe BackUp
-CVE-2007-5328 (CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise ...)
+CVE-2007-5328 (The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 ...)
NOT-FOR-US: ARCServe BackUp
CVE-2007-5327 (Stack-based buffer overflow in the RPC interface for the Message ...)
NOT-FOR-US: ARCServe BackUp
@@ -4284,8 +4411,8 @@
NOT-FOR-US: Apple QuickTime
CVE-2007-4675 (Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in ...)
NOT-FOR-US: Apple QuickTime
-CVE-2007-4674
- RESERVED
+CVE-2007-4674 (An "integer arithmetic" error in Apple QuickTime 7.2 allows remote ...)
+ TODO: check
CVE-2007-4673 (Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP ...)
NOT-FOR-US: Apple QuickTime
CVE-2007-4672 (Stack-based buffer overflow in Apple QuickTime before 7.3 allows ...)
@@ -5090,10 +5217,10 @@
RESERVED
CVE-2007-4348 (Cross-site scripting (XSS) vulnerability in the CAD service in IBM ...)
NOT-FOR-US: IBM Tivoli Storage Manager
-CVE-2007-4347
- RESERVED
-CVE-2007-4346
- RESERVED
+CVE-2007-4347 (Multiple integer overflows in the Job Engine (bengine.exe) service in ...)
+ TODO: check
+CVE-2007-4346 (The Job Engine (bengine.exe) service in Symantec Backup Exec for ...)
+ TODO: check
CVE-2007-4345 (Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail ...)
NOT-FOR-US: IMail Client
CVE-2007-4344 (Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build ...)
More information about the Secure-testing-commits
mailing list