[Secure-testing-commits] r7745 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Fri Dec 28 21:14:13 UTC 2007 

Author: joeyh
Date: 2007-12-28 21:14:13 +0000 (Fri, 28 Dec 2007)
New Revision: 7745

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-12-28 17:22:44 UTC (rev 7744)
+++ data/CVE/list	2007-12-28 21:14:13 UTC (rev 7745)
@@ -1,3 +1,83 @@
+CVE-2007-6564 (Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS ...)
+	TODO: check
+CVE-2007-6563 (Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly ...)
+	TODO: check
+CVE-2007-6562 (Multiple stack-based buffer overflows in the use of FD_SET in TCPreen ...)
+	TODO: check
+CVE-2007-6561 (Multiple stack-based buffer overflows in PDFLib allow user-assisted ...)
+	TODO: check
+CVE-2007-6560 (Multiple cross-site scripting (XSS) vulnerabilities in Logaholic allow ...)
+	TODO: check
+CVE-2007-6559 (Multiple SQL injection vulnerabilities in Logaholic allow remote ...)
+	TODO: check
+CVE-2007-6558 (TotalPlayer 3.0 allows user-assisted remote attackers to cause a ...)
+	TODO: check
+CVE-2007-6557 (Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote ...)
+	TODO: check
+CVE-2007-6556 (Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow ...)
+	TODO: check
+CVE-2007-6555 (PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php ...)
+	TODO: check
+CVE-2007-6554 (Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 ...)
+	TODO: check
+CVE-2007-6553 (Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro ...)
+	TODO: check
+CVE-2007-6552 (Directory traversal vulnerability in index.php in AuraCMS 2.2 allows ...)
+	TODO: check
+CVE-2007-6551 (SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4 ...)
+	TODO: check
+CVE-2007-6550 (form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web ...)
+	TODO: check
+CVE-2007-6549 (Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact ...)
+	TODO: check
+CVE-2007-6548 (Multiple direct static code injection vulnerabilities in RunCMS before ...)
+	TODO: check
+CVE-2007-6547 (RunCMS before 1.6.1 does not require entry of the old password during ...)
+	TODO: check
+CVE-2007-6546 (RunCMS before 1.6.1 uses a predictable session id, which makes it ...)
+	TODO: check
+CVE-2007-6545 (Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before ...)
+	TODO: check
+CVE-2007-6544 (Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow ...)
+	TODO: check
+CVE-2007-6543 (SQL injection vulnerability in suggest-link.php in eSyndiCat Link ...)
+	TODO: check
+CVE-2007-6542 (PHP remote file inclusion vulnerability in admin/frontpage_right.php ...)
+	TODO: check
+CVE-2007-6541 (Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 ...)
+	TODO: check
+CVE-2007-6540 (SQL injection vulnerability in neuron news 1.0 allows remote attackers ...)
+	TODO: check
+CVE-2007-6539 (PHP local file inclusion vulnerability in index.php in IDevspot ...)
+	TODO: check
+CVE-2007-6538 (SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php ...)
+	TODO: check
+CVE-2007-6537 (Stack-based buffer overflow in the zfile_gunzip function in zfile.c in ...)
+	TODO: check
+CVE-2007-6536 (The Custom Button Installer dialog in Google Toolbar 4 and 5 beta ...)
+	TODO: check
+CVE-2007-6535 (Buffer overflow in the YShortcut ActiveX control in YShortcut.dll ...)
+	TODO: check
+CVE-2007-6534 (Multiple unspecified vulnerabilities in Microsoft Office Publisher ...)
+	TODO: check
+CVE-2007-6533 (Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows ...)
+	TODO: check
+CVE-2007-6532
+	RESERVED
+CVE-2007-6531
+	RESERVED
+CVE-2007-6530 (Buffer overflow in the XUpload.ocx ActiveX control in Persits Software ...)
+	TODO: check
+CVE-2007-6529 (Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have ...)
+	TODO: check
+CVE-2007-6528 (Directory traversal vulnerability in tiki-listmovies.php in TikiWiki ...)
+	TODO: check
+CVE-2007-6527 (uploadimg.php in the Automatic Image Upload with Thumbnails ...)
+	TODO: check
+CVE-2007-6526 (Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in ...)
+	TODO: check
+CVE-2007-6525 (Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) ...)
+	TODO: check
 CVE-2007-6524 (Opera before 9.25 allows remote attackers to obtain potentially ...)
 	NOT-FOR-US: Opera
 CVE-2007-6523 (Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before ...)
@@ -163,6 +243,7 @@
 	NOT-FOR-US: Mambo
 	NOTE: Mambo is in experimental
 CVE-2007-6454 (Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp ...)
+	{DSA-1441-1}
 	- peercast 0.1218+svn20071220+2 (medium; bug #457300)
 CVE-2007-6453 (Directory traversal vulnerability in raidenhttpd-admin/workspace.php ...)
 	NOT-FOR-US: RaidenHTTPD
@@ -391,6 +472,7 @@
 CVE-2007-6382 (The Event Dispatch Thread in Robocode before 1.5.1 allows remote ...)
 	NOT-FOR-US: Robocode
 CVE-2007-6381 (SQL injection vulnerability in the indexed_search system extension in ...)
+	{DSA-1439-1}
 	- typo3-src 4.1.4-1 (low; bug #457446)
 	NOTE: you need to be a logged in backend user to exploit this
 CVE-2007-6380 (Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and ...)
@@ -3627,8 +3709,8 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-5343
 	RESERVED
-CVE-2007-5342
-	RESERVED
+CVE-2007-5342 (The default catalina.policy in the JULI logging component in Apache ...)
+	TODO: check
 CVE-2007-5341
 	RESERVED
 CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla Firefox ...)
@@ -4468,6 +4550,7 @@
 	- bugzilla <not-affected> (Vulnerable code not present in the version we ship)
 	TODO: check when newer upstream version enters the pool (> 2.22.1-2.2)
 CVE-2007-5037 (Buffer overflow in the inotifytools_snprintf function in ...)
+	{DSA-1440-1}
 	- inotify-tools 3.11-1 (medium; bug #443913)
 CVE-2007-5036 (Multiple buffer overflows in the AirDefense Airsensor M520 with ...)
 	NOT-FOR-US: AirDefense firmware
@@ -5811,12 +5894,13 @@
 CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router allows ...)
 	NOT-FOR-US: Planet VC-200M VDSL2 router
 CVE-2007-4476 (Buffer overflow in the safer_name_suffix function in GNU tar has ...)
+	{DSA-1438-1}
 	- tar 1.18-1 (low; bug #441444)
 	- cpio 2.9-5 (low; bug #449222)
 CVE-2007-4475
 	RESERVED
-CVE-2007-4474
-	RESERVED
+CVE-2007-4474 (Multiple stack-based buffer overflows in the IBM Lotus Domino Web ...)
+	TODO: check
 CVE-2007-4473 (Gesytec Easylon OPC Server before 2.3.44 does not properly validate ...)
 	NOT-FOR-US: Gesytec Easylon OPC Server
 CVE-2007-4472 (Multiple buffer overflows in the Broderbund Expressit 3DGreetings ...)
@@ -6606,6 +6690,7 @@
 CVE-2007-4132 (Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 ...)
 	NOT-FOR-US: Red Hat Satellite Server
 CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in ...)
+	{DSA-1438-1}
 	- tar 1.18-2 (medium; bug #439335)
 CVE-2007-4130
 	RESERVED

More information about the Secure-testing-commits mailing list