[Secure-testing-commits] r8463 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Tue Apr 1 09:14:11 UTC 2008
Author: joeyh
Date: 2008-04-01 09:14:10 +0000 (Tue, 01 Apr 2008)
New Revision: 8463
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-04-01 07:55:48 UTC (rev 8462)
+++ data/CVE/list 2008-04-01 09:14:10 UTC (rev 8463)
@@ -1,19 +1,163 @@
-CVE-2008-1570 [policyd-weight tempfile race]
+CVE-2008-1601 (Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and ...)
+ TODO: check
+CVE-2008-1600 (The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly ...)
+ TODO: check
+CVE-2008-1599 (The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly ...)
+ TODO: check
+CVE-2008-1598 (The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges ...)
+ TODO: check
+CVE-2008-1597 (The WPAR system call implementation in the kernel in IBM AIX 6.1 ...)
+ TODO: check
+CVE-2008-1596 (Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument ...)
+ TODO: check
+CVE-2008-1595 (The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not ...)
+ TODO: check
+CVE-2008-1594 (The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing ...)
+ TODO: check
+CVE-2008-1593 (The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, ...)
+ TODO: check
+CVE-2008-1592 (MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop ...)
+ TODO: check
+CVE-2008-1591 (The pnVarPrepForStore function in PostNuke 0.764 and earlier skips ...)
+ TODO: check
+CVE-2008-1590
+ RESERVED
+CVE-2008-1589
+ RESERVED
+CVE-2008-1588
+ RESERVED
+CVE-2008-1587
+ RESERVED
+CVE-2008-1586
+ RESERVED
+CVE-2008-1585
+ RESERVED
+CVE-2008-1584
+ RESERVED
+CVE-2008-1583
+ RESERVED
+CVE-2008-1582
+ RESERVED
+CVE-2008-1581
+ RESERVED
+CVE-2008-1580
+ RESERVED
+CVE-2008-1579
+ RESERVED
+CVE-2008-1578
+ RESERVED
+CVE-2008-1577
+ RESERVED
+CVE-2008-1576
+ RESERVED
+CVE-2008-1575
+ RESERVED
+CVE-2008-1574
+ RESERVED
+CVE-2008-1573
+ RESERVED
+CVE-2008-1572
+ RESERVED
+CVE-2008-1571
+ RESERVED
+CVE-2008-1566 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine ...)
+ TODO: check
+CVE-2008-1565 (Directory traversal vulnerability in forum/irc/irc.php in the PJIRC ...)
+ TODO: check
+CVE-2008-1564 (Directory traversal vulnerability in Dan Costin File Transfer before ...)
+ TODO: check
+CVE-2008-1563 (The "decode as" feature in packet-bssap.c in the SCCP dissector in ...)
+ TODO: check
+CVE-2008-1562 (The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through ...)
+ TODO: check
+CVE-2008-1561 (Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) ...)
+ TODO: check
+CVE-2008-1560 (Multiple cross-site scripting (XSS) vulnerabilities in Digiappz ...)
+ TODO: check
+CVE-2008-1559 (SQL injection vulnerability in the Bernard Gilly AlphaContent ...)
+ TODO: check
+CVE-2008-1558 (Uncontrolled array index in the sdpplin_parse function in ...)
+ TODO: check
+CVE-2008-1557 (BolinOS 4.6.1 allows remote attackers to obtain sensitive information ...)
+ TODO: check
+CVE-2008-1556 (Multiple cross-site scripting (XSS) vulnerabilities in BolinOS 4.6.1 ...)
+ TODO: check
+CVE-2008-1555 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2008-1554 (SQL injection vulnerability in account/index.php in TopperMod 2.0, ...)
+ TODO: check
+CVE-2008-1553 (Directory traversal vulnerability in mod.php in TopperMod 1.0 allows ...)
+ TODO: check
+CVE-2008-1552 (The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) ...)
+ TODO: check
+CVE-2008-1551 (SQL injection vulnerability in viewcat.php in the Photo 3.02 module ...)
+ TODO: check
+CVE-2008-1550 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2008-1549 (Multiple SQL injection vulnerabilities in Aeries Browser Interface ...)
+ TODO: check
+CVE-2008-1548 (Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser ...)
+ TODO: check
+CVE-2008-1547
+ RESERVED
+CVE-2008-1546 (servlet/MIMEReceiveServlet in the web controller for Mitsubishi ...)
+ TODO: check
+CVE-2008-1545 (The setRequestHeader method of the XMLHttpRequest object in Microsoft ...)
+ TODO: check
+CVE-2008-1544 (The setRequestHeader method of the XMLHttpRequest object in Microsoft ...)
+ TODO: check
+CVE-2008-1543 (The Advanced User Interface Pages in the ProST Web Management ...)
+ TODO: check
+CVE-2008-1542 (Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its ...)
+ TODO: check
+CVE-2008-1541 (Directory traversal vulnerability in cgi-bin/his-webshop.pl in HIS ...)
+ TODO: check
+CVE-2008-1540 (SQL injection vulnerability in the Datsogallery (com_datsogallery) ...)
+ TODO: check
+CVE-2008-1539 (SQL injection vulnerability in includes/dynamic_titles.php in PHP-Nuke ...)
+ TODO: check
+CVE-2008-1538 (Cross-site scripting (XSS) vulnerability in searchAction.do in ...)
+ TODO: check
+CVE-2008-1537 (Directory traversal vulnerability in pb_inc/admincenter/index.php in ...)
+ TODO: check
+CVE-2008-1536 (Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro ...)
+ TODO: check
+CVE-2008-1535 (SQL injection vulnerability in the Matti Kiviharju rekry (aka ...)
+ TODO: check
+CVE-2008-1534 (Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b ...)
+ TODO: check
+CVE-2008-1533 (Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! ...)
+ TODO: check
+CVE-2008-1532 (Perlbal before 1.70, when buffered upload is enabled, allows remote ...)
+ TODO: check
+CVE-2008-1531 (lighttpd 1.4.19 and earlier allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2005-4874 (The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE ...)
+ TODO: check
+CVE-2003-1555 (ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2003-1554 (Cross-site scripting (XSS) vulnerability in scozbook/add.php in ...)
+ TODO: check
+CVE-2003-1553 (Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores ...)
+ TODO: check
+CVE-2008-1570 (Race condition in the create_lockpath function in policyd-weight ...)
+ {DSA-1531-2}
- policyd-weight 0.1.14.17-1 (low)
NOTE: http://www.mail-archive.com/policyd-weight-list%40ek-muc.de/msg00798.html
-CVE-2008-1569 [policyd-weight tempfile race]
+CVE-2008-1569 (policyd-weight before 0.1.14 beta-16 allows local users to modify or ...)
+ {DSA-1531-2}
- policyd-weight 0.1.14.17-1 (low)
-CVE-2008-1568 [code execution via crafted file name in comix]
+CVE-2008-1568 (comix 3.6.4 allows attackers to execute arbitrary commands via a ...)
- comix <unfixed> (low; bug #462840)
NOTE: comix can't be used in a non-interactive setup thus the impact level
-CVE-2008-1567 [phpMyAdmin sensitive data in session PMASA-2008-2]
+CVE-2008-1567 (phpMyAdmin before 2.11.5.1 stores the (1) MySQL username, (2) ...)
- phpmyadmin 2.11.5.1 (unimportant)
NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2
NOTE: It is a workaround for the limited security that PHP has for
NOTE: session files on a shared host. This limitation is documented with
NOTE: PHP, warned against and not a specific vulnerability in phpMyAdmin.
NOTE: I hence consider it a security enhancement/feature, not a vulnerability.
-CVE-2008-1530 [gnupg key import memory corruption]
+CVE-2008-1530 (GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial ...)
- gnupg <not-affected> (Only 1.4.8 is affected)
TODO: Verify that the next maintainer upload uses 1.4.9 directly
[etch] - gnupg <not-affected> (Only 1.4.8 is affected)
@@ -56,7 +200,7 @@
NOTE: s390 specific issue, counterpart for x86 not reproducible with 2.6.24 here
CVE-2008-1513 (SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and ...)
NOT-FOR-US: Danneo CMS
-CVE-2008-1512 (Directory traversal vulnerability in admin/admin_xs.php in phpBB ...)
+CVE-2008-1512 (Directory traversal vulnerability in admin/admin_xs.php in eXtreme ...)
NOT-FOR-US: XS module for phpBB
CVE-2008-1511 (Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 ...)
NOT-FOR-US: ooComments
@@ -135,7 +279,7 @@
- roundup <unfixed> (low; bug #472643)
CVE-2008-1473 (The Altiris Client Service (AClient.exe) in Symantec Altiris ...)
NOT-FOR-US: Symantec Altiris
-CVE-2008-1472 (Stack-based buffer overflow in the ListCtrl.ocx ActiveX Control in CA ...)
+CVE-2008-1472 (Stack-based buffer overflow in the ListCtrl ActiveX Control ...)
NOT-FOR-US: ARCserve Backup
CVE-2008-1471 (The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ ...)
NOT-FOR-US: Panda Internet Security/Antivirus+ Firewall
@@ -145,7 +289,7 @@
NOT-FOR-US: Gallarific
CVE-2008-1468 (Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu ...)
- namazu2 <unfixed> (low; bug #472644)
-CVE-2008-1467 (CenterIM 4.22.3 and earlier allows remote attackers to execute ...)
+CVE-2008-1467 (** DISPUTED ** ...)
- centerim 4.22.3-1 (unimportant; bug #472649)
NOTE: the victim needs to list the URLs in the message with F2 and press enter on it
NOTE: the victim can see the complete URL including the commands however so the impact is really low
@@ -313,8 +457,8 @@
[etch] - otrs <not-affected> (Vulnerable code not present)
[sarge] - otrs <not-affected> (Vulnerable code not present)
NOTE: http://packages.qa.debian.org/o/otrs2/news/20080320T211729Z.html
-CVE-2008-1391
- RESERVED
+CVE-2008-1391 (Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, ...)
+ TODO: check
CVE-2008-1390 (The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before ...)
- asterisk <unfixed> (low)
[etch] - asterisk <not-affected> (Only 1.4.x affected)
@@ -329,8 +473,7 @@
RESERVED
CVE-2008-1385
RESERVED
-CVE-2008-1384
- RESERVED
+CVE-2008-1384 (Integer overflow in PHP 5.2.5 and earlier allows context-dependent ...)
- php5 <unfixed> (unimportant)
NOTE: http://securityreason.com/achievement_securityalert/52
NOTE: Only exploitable through malicious script
@@ -545,7 +688,7 @@
CVE-2008-1294 [setrlimit(RLIMIT_CPUINFO) with zero value doesn't inherit properly across children]
RESERVED
- linux-2.6 <unfixed> (bug #419706)
-CVE-2008-1318 (Unspecified vulnerability in MediaWiki 1.11 to 1.11.2 allows remote ...)
+CVE-2008-1318 (Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows ...)
- mediawiki 1:1.11.2-1 (low)
CVE-2008-1288 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or ...)
NOT-FOR-US: IBM Rational ClearQuest
@@ -646,52 +789,44 @@
NOT-FOR-US: Linksys WRT300N router
CVE-2008-1242 (The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 ...)
NOT-FOR-US: Belkin router
-CVE-2008-1241
- RESERVED
+CVE-2008-1241 (GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and ...)
{DSA-1535-1 DSA-1534-1 DSA-1532-1}
- iceweasel 2.0.0.13-1
- xulrunner 1.8.1.13-1
- iceape 1.1.9-1
-CVE-2008-1240
- RESERVED
+CVE-2008-1240 (LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before ...)
{DSA-1535-1 DSA-1534-1 DSA-1532-1}
- iceweasel 2.0.0.13-1
- xulrunner 1.8.1.13-1
- iceape 1.1.9-1
CVE-2008-1239
RESERVED
-CVE-2008-1238
- RESERVED
+CVE-2008-1238 (Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when ...)
{DSA-1535-1 DSA-1534-1 DSA-1532-1}
- iceweasel 2.0.0.13-1
- xulrunner 1.8.1.13-1
- iceape 1.1.9-1
-CVE-2008-1237
- RESERVED
+CVE-2008-1237 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
{DSA-1535-1 DSA-1534-1 DSA-1532-1}
- iceweasel 2.0.0.13-1
- xulrunner 1.8.1.13-1
- iceape 1.1.9-1
-CVE-2008-1236
- RESERVED
+CVE-2008-1236 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
{DSA-1535-1 DSA-1534-1 DSA-1532-1}
- iceweasel 2.0.0.13-1
- xulrunner 1.8.1.13-1
- iceape 1.1.9-1
-CVE-2008-1235
- RESERVED
+CVE-2008-1235 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, ...)
{DSA-1535-1 DSA-1534-1 DSA-1532-1}
- iceweasel 2.0.0.13-1
- xulrunner 1.8.1.13-1
- iceape 1.1.9-1
-CVE-2008-1234
- RESERVED
+CVE-2008-1234 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
{DSA-1535-1 DSA-1534-1 DSA-1532-1}
- iceweasel 2.0.0.13-1
- xulrunner 1.8.1.13-1
- iceape 1.1.9-1
-CVE-2008-1233
- RESERVED
+CVE-2008-1233 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, ...)
{DSA-1535-1 DSA-1534-1 DSA-1532-1}
- iceweasel 2.0.0.13-1
- xulrunner 1.8.1.13-1
@@ -869,20 +1004,20 @@
RESERVED
CVE-2008-1157 (Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a ...)
NOT-FOR-US: Cisco IPM
-CVE-2008-1156
- RESERVED
+CVE-2008-1156 (Unspecified vulnerability in the Multicast Virtual Private Network ...)
+ TODO: check
CVE-2008-1155
RESERVED
CVE-2008-1154
RESERVED
-CVE-2008-1153
- RESERVED
-CVE-2008-1152
- RESERVED
-CVE-2008-1151
- RESERVED
-CVE-2008-1150
- RESERVED
+CVE-2008-1153 (Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the ...)
+ TODO: check
+CVE-2008-1152 (The data-link switching (DLSw) component in Cisco IOS 12.0 through ...)
+ TODO: check
+CVE-2008-1151 (Memory leak in the virtual private dial-up network (VPDN) component in ...)
+ TODO: check
+CVE-2008-1150 (The virtual private dial-up network (VPDN) component in Cisco IOS ...)
+ TODO: check
CVE-2008-1149 (phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters ...)
- phpmyadmin 4:2.11.5-1 (low)
[etch] - phpmyadmin <no-dsa> (Minor issue)
@@ -1291,7 +1426,7 @@
NOT-FOR-US: Apple Mac OS X
CVE-2008-0988 (Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS ...)
NOT-FOR-US: Apple Mac OS X
-CVE-2008-0987 (Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2 ...)
+CVE-2008-0987 (Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and ...)
NOT-FOR-US: Apple Mac OS X
CVE-2008-0986 (Integer overflow in the BMP::readFromStream method in the libsgl.so ...)
NOT-FOR-US: Google Android
@@ -1423,12 +1558,12 @@
- kvm 63+dfsg-1 (bug #469666)
CVE-2008-0927
RESERVED
-CVE-2008-0926
- RESERVED
+CVE-2008-0926 (Unspecified vulnerability in the eMBox utility in Novell eDirectory ...)
+ TODO: check
CVE-2008-0925
RESERVED
-CVE-2008-0924
- RESERVED
+CVE-2008-0924 (Stack-based buffer overflow in the DoLBURPRequest function in libnldap ...)
+ TODO: check
CVE-2008-0923 (Directory traversal vulnerability in the Shared Folders feature for ...)
- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-0922 (SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke ...)
@@ -1896,12 +2031,12 @@
RESERVED
CVE-2008-0707 (HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX ...)
NOT-FOR-US: HP-UX
-CVE-2008-0706
- RESERVED
+CVE-2008-0706 (Unspecified vulnerability in the BIOS F.26 and earlier for the HP ...)
+ TODO: check
CVE-2008-0705
RESERVED
-CVE-2008-0704
- RESERVED
+CVE-2008-0704 (Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP ...)
+ TODO: check
CVE-2008-0703 (Multiple directory traversal vulnerabilities in sflog! 0.96 allow ...)
NOT-FOR-US: sflog!
CVE-2008-0702 (Multiple heap-based buffer overflows in Titan FTP Server 6.03 and ...)
@@ -2255,8 +2390,8 @@
NOT-FOR-US: F5 BIG-IP Application Security Manager
CVE-2008-0538 (Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow ...)
NOT-FOR-US: phpIP Management
-CVE-2008-0537
- RESERVED
+CVE-2008-0537 (Unspecified vulnerability in the Supervisor Engine 32 (Sup32), ...)
+ TODO: check
CVE-2008-0536
RESERVED
CVE-2008-0535
@@ -2572,7 +2707,7 @@
{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
- iceweasel 2.0.0.12-1
- xulrunner 1.8.1.12-1
-CVE-2008-0416 (Multiple unspecified vulnerabilities in Mozilla Firefox, as used in ...)
+CVE-2008-0416 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
- iceweasel 2.0.0.12-1
TODO: check xulrunner and iceape
@@ -3072,8 +3207,8 @@
NOT-FOR-US: HP Virtual Rooms
CVE-2008-0212 (ovtopmd in HP OpenView Network Node Manager (OV NNM) ...)
NOT-FOR-US: HP OpenView Network Node Manager
-CVE-2008-0211
- RESERVED
+CVE-2008-0211 (Unspecified vulnerability in the BIOS F.04 through F.11 for the HP ...)
+ TODO: check
CVE-2008-0210 (Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication ...)
NOT-FOR-US: Uebimiau Webmail
CVE-2008-0209 (Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 ...)
@@ -3434,8 +3569,8 @@
NOTE: SA29057
CVE-2008-0071
RESERVED
-CVE-2008-0070
- RESERVED
+CVE-2008-0070 (Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA ...)
+ TODO: check
CVE-2008-0069
RESERVED
CVE-2008-0068
@@ -4201,13 +4336,13 @@
NOTE: wrapper script as an example but the original script is installed
NOTE: under /usr/lib/cups/filters
CVE-2007-6356 (exiftags before 1.01 allows attackers to cause a denial of service ...)
- {DSA-1533-1}
+ {DSA-1533-2 DSA-1533-1}
- exiftags 1.01-0.1 (low; bug #457062)
CVE-2007-6355 (Integer overflow in exiftags before 1.01 has unknown impact and attack ...)
- {DSA-1533-1}
+ {DSA-1533-2 DSA-1533-1}
- exiftags 1.01-0.1 (bug #457062)
CVE-2007-6354 (Unspecified vulnerability in exiftags before 1.01 has unknown impact ...)
- {DSA-1533-1}
+ {DSA-1533-2 DSA-1533-1}
- exiftags 1.01-0.1 (bug #457062)
CVE-2007-6352 (Integer overflow in libexif 0.6.16 and earlier allows ...)
{DSA-1487-1}
@@ -8823,7 +8958,7 @@
NOT-FOR-US: Psilabs
CVE-2007-4880 (Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in ...)
NOT-FOR-US: IBM Tivoli Storage Manager (TSM)
-CVE-2007-4879 (Mozilla Firefox 2.0.x can automatically install TLS client ...)
+CVE-2007-4879 (Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, ...)
{DSA-1535-1 DSA-1534-1 DSA-1532-1}
- iceweasel 2.0.0.13-1 (low; bug #444803)
- iceape 1.1.9-1 (low; bug #444805)
@@ -9559,7 +9694,7 @@
CVE-2007-4576
REJECTED
NOTE: duplicate of CVE-2007-4575, will be rejected
-CVE-2007-4575 (Unspecified vulnerability in HSQLDB before 1.8.0.9, as used in ...)
+CVE-2007-4575 (HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, ...)
{DSA-1419-1}
- openoffice.org 2.3.1~rc1-1 (medium; bug #454463)
- hsqldb 1.8.0.9-1
@@ -17571,7 +17706,7 @@
NOT-FOR-US: ISS BlackICE
CVE-2006-7128 (PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 ...)
NOT-FOR-US: JAF CMS
-CVE-2006-7127 (Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 ...)
+CVE-2006-7127 (Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and ...)
NOT-FOR-US: JAF CMS
CVE-2006-7126 (SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 ...)
NOT-FOR-US: Joomla component BSQ Sitestats
More information about the Secure-testing-commits
mailing list