[Secure-testing-commits] r7859 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Jan 9 09:14:12 UTC 2008
Author: joeyh
Date: 2008-01-09 09:14:11 +0000 (Wed, 09 Jan 2008)
New Revision: 7859
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-01-08 22:55:46 UTC (rev 7858)
+++ data/CVE/list 2008-01-09 09:14:11 UTC (rev 7859)
@@ -1,3 +1,155 @@
+CVE-2008-0159 (SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier ...)
+ TODO: check
+CVE-2008-0158 (Directory traversal vulnerability in index.php in Shop-Script 2.0 and ...)
+ TODO: check
+CVE-2008-0157 (SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote ...)
+ TODO: check
+CVE-2008-0156 (Absolute path traversal vulnerability in index.php in Million Dollar ...)
+ TODO: check
+CVE-2008-0155 (Cross-site scripting (XSS) vulnerability in index.php in EvilBoard ...)
+ TODO: check
+CVE-2008-0154 (SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) ...)
+ TODO: check
+CVE-2008-0153 (telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers ...)
+ TODO: check
+CVE-2008-0152 (SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier ...)
+ TODO: check
+CVE-2008-0151 (Foxit WAC Server 2.1.0.910 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2008-0150 (Unspecified vulnerability in the LDAP authentication feature in Aruba ...)
+ TODO: check
+CVE-2008-0149 (TUTOS 1.3 allows remote attackers to read system information via a ...)
+ TODO: check
+CVE-2008-0148 (TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows ...)
+ TODO: check
+CVE-2008-0147 (SQL injection vulnerability in index.php in SmallNuke 2.0.4 and ...)
+ TODO: check
+CVE-2008-0146 (Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL ...)
+ TODO: check
+CVE-2008-0145 (Unspecified vulnerability in glob in PHP before 4.4.8, when ...)
+ TODO: check
+CVE-2008-0144 (PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 ...)
+ TODO: check
+CVE-2008-0143 (PHP remote file inclusion vulnerability in common/db.php in samPHPweb, ...)
+ TODO: check
+CVE-2008-0142 (Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow ...)
+ TODO: check
+CVE-2008-0141 (actions.php in WebPortal CMS 0.6-beta generates predictable passwords ...)
+ TODO: check
+CVE-2008-0140 (Directory traversal vulnerability in error.php in Uebimiau Webmail ...)
+ TODO: check
+CVE-2008-0139 (Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog ...)
+ TODO: check
+CVE-2008-0138 (PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php ...)
+ TODO: check
+CVE-2008-0137 (PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS ...)
+ TODO: check
+CVE-2008-0136 (Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2008-0135 (Snitz Forums 2000 3.4.06 and earlier stores sensitive information ...)
+ TODO: check
+CVE-2008-0134 (Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz ...)
+ TODO: check
+CVE-2008-0133 (Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier ...)
+ TODO: check
+CVE-2008-0132 (Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long ...)
+ TODO: check
+CVE-2008-0131 (Cross-site scripting (XSS) vulnerability in login_form.asp in Instant ...)
+ TODO: check
+CVE-2008-0130 (SQL injection vulnerability in login_form.asp in Instant Softwares ...)
+ TODO: check
+CVE-2008-0129 (SQL injection vulnerability in starnet/addons/slideshow_full.php in ...)
+ TODO: check
+CVE-2008-0128
+ RESERVED
+CVE-2008-0127
+ RESERVED
+CVE-2008-0126
+ RESERVED
+CVE-2008-0125
+ RESERVED
+CVE-2008-0124
+ RESERVED
+CVE-2008-0123
+ RESERVED
+CVE-2008-0122
+ RESERVED
+CVE-2008-0121
+ RESERVED
+CVE-2008-0120
+ RESERVED
+CVE-2008-0119
+ RESERVED
+CVE-2008-0118
+ RESERVED
+CVE-2008-0117
+ RESERVED
+CVE-2008-0116
+ RESERVED
+CVE-2008-0115
+ RESERVED
+CVE-2008-0114
+ RESERVED
+CVE-2008-0113
+ RESERVED
+CVE-2008-0112
+ RESERVED
+CVE-2008-0111
+ RESERVED
+CVE-2008-0110
+ RESERVED
+CVE-2008-0109
+ RESERVED
+CVE-2008-0108
+ RESERVED
+CVE-2008-0107
+ RESERVED
+CVE-2008-0106
+ RESERVED
+CVE-2008-0105
+ RESERVED
+CVE-2008-0104
+ RESERVED
+CVE-2008-0103
+ RESERVED
+CVE-2008-0102
+ RESERVED
+CVE-2008-0101 (Format string vulnerability in the swDebugf function in DuneApp.cpp in ...)
+ TODO: check
+CVE-2008-0100 (Stack-based buffer overflow in the Scene::errorf function in Scene.cpp ...)
+ TODO: check
+CVE-2008-0099 (Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier ...)
+ TODO: check
+CVE-2008-0098 (Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote ...)
+ TODO: check
+CVE-2008-0097 (Format string vulnerability in the log function in Georgia SoftWorks ...)
+ TODO: check
+CVE-2008-0096 (Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) ...)
+ TODO: check
+CVE-2008-0095 (The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, ...)
+ TODO: check
+CVE-2008-0094 (Multiple directory traversal vulnerabilities in MODx Content ...)
+ TODO: check
+CVE-2008-0093 (Multiple cross-site scripting (XSS) vulnerabilities in newticket.php ...)
+ TODO: check
+CVE-2007-6676 (The default configuration of Uber Uploader (UU) 5.3.6 and earlier does ...)
+ TODO: check
+CVE-2007-6675 (The b_system_comments_show function in ...)
+ TODO: check
+CVE-2007-6674 (Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare ...)
+ TODO: check
+CVE-2007-6673 (Cross-site scripting (XSS) vulnerability in Makale Scripti allows ...)
+ TODO: check
+CVE-2007-6672 (Directory traversal vulnerability in Mortbay Jetty 6.1.5 and 6.1.6 ...)
+ TODO: check
+CVE-2007-6671 (SQL injection vulnerability in login_form.asp in Instant Softwares ...)
+ TODO: check
+CVE-2007-6670 (SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows ...)
+ TODO: check
+CVE-2007-6669 (Cross-site scripting (XSS) vulnerability in search.php in PHCDownload ...)
+ TODO: check
+CVE-2007-6668 (admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not ...)
+ TODO: check
CVE-2008-XXXX [splitvt fails to drop group utmp priviledges]
- splitvt 1.6.6-4
CVE-2008-XXXX [whitedune buffer overflow]
@@ -134,7 +286,7 @@
NOT-FOR-US: Netchemia
CVE-2007-6664 (SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and ...)
NOT-FOR-US: WebPortal
-CVE-2007-6663 (SQL injection vulnerability in index.php in the Pragmatic Utopia PU ...)
+CVE-2007-6663 (SQL injection vulnerability in (1) Puarcade.php and (2) ...)
NOT-FOR-US: Pragmatic Utopia PU Arcade
CVE-2007-6662 (Directory traversal vulnerability in file.php in CuteNews 2.6 allows ...)
NOT-FOR-US: CuteNews
@@ -144,7 +296,7 @@
NOT-FOR-US: 2z project
CVE-2007-6659 (Multiple cross-site scripting (XSS) vulnerabilities in 2z project ...)
NOT-FOR-US: 2z project
-CVE-2007-6658 (SQL injection vulnerability in admin.php/vars.php in CCMS 3.1 Demo ...)
+CVE-2007-6658 (SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) ...)
NOT-FOR-US: CCMS
CVE-2007-6657 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Mihalism
@@ -240,7 +392,7 @@
CVE-2007-6613 (Stack-based buffer overflow in the print_iso9660_recurse function in ...)
- libcdio 0.78.2+dfsg1-2 (low; bug #459129)
NOTE: applications that use libcdio are not vulnerable, problem only lies in the info tool
-CVE-2007-6610 (unp 1.0.12 does not properly escape file names, which might allow ...)
+CVE-2007-6610 (unp 1.0.12, and other versions before 1.0.14, does not properly escape ...)
- unp 1.0.13 (bug #448437)
CVE-2007-6609 (Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function ...)
NOT-FOR-US: CoolPlayer
@@ -403,7 +555,7 @@
NOT-FOR-US: TeamCal
CVE-2007-6552 (Directory traversal vulnerability in index.php in AuraCMS 2.2 allows ...)
NOT-FOR-US: AuraCMS
-CVE-2007-6551 (SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4 ...)
+CVE-2007-6551 (SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, ...)
NOT-FOR-US: MailMachine
CVE-2007-6550 (form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web ...)
NOT-FOR-US: PMOS Help Desk
@@ -707,13 +859,11 @@
NOT-FOR-US: Fonality Trixbox
CVE-2007-6423
RESERVED
-CVE-2007-6422 [apache 2.2 mod_proxy_balancer balancer manager DoS]
- RESERVED
+CVE-2007-6422 (Unspecified vulnerability in mod_proxy_balancer in the Apache HTTP ...)
- apache2 <unfixed> (low)
[etch] - apache2 <no-dsa> (minor issue)
[sarge] - apache2 <not-affected> (vulnerable code introduced later)
-CVE-2007-6421 [apache 2.2 mod_proxy_balancer balancer manager XSS]
- RESERVED
+CVE-2007-6421 (Cross-site scripting (XSS) vulnerability in mod_proxy_balancer in the ...)
- apache2 <unfixed> (low)
[etch] - apache2 <no-dsa> (minor issue)
[sarge] - apache2 <not-affected> (vulnerable code introduced later)
@@ -783,8 +933,7 @@
CVE-2007-6389 (The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 ...)
- gnome-screensaver <unfixed> (low; bug #455484)
[etch] - gnome-screensaver <no-dsa> (Minor issue)
-CVE-2007-6388 [apache mod_status XSS via refresh parameter]
- RESERVED
+CVE-2007-6388 (Cross-site scripting (XSS) vulnerability in mod_status in the Apache ...)
- apache <unfixed> (low)
- apache2 <unfixed> (low)
CVE-2007-6358 (pdftops.pl before 1.20 in alternate pdftops filter allows local users ...)
@@ -1224,8 +1373,8 @@
RESERVED
CVE-2008-0004
RESERVED
-CVE-2008-0003
- RESERVED
+CVE-2008-0003 (Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback ...)
+ TODO: check
CVE-2008-0002
RESERVED
CVE-2008-0001
@@ -1835,8 +1984,8 @@
CVE-2007-5966 (Integer overflow in the hrtimer_start function in kernel/hrtimer.c in ...)
{DSA-1436-1}
- linux-2.6 2.6.23-2
-CVE-2007-5965
- RESERVED
+CVE-2007-5965 (QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly ...)
+ TODO: check
CVE-2007-5964 (The default configuration of autofs 5 in Red Hat Enterprise Linux ...)
- autofs 3.1.4-8 (medium)
- autofs5 <unfixed>
@@ -2369,8 +2518,8 @@
RESERVED
CVE-2007-5762
RESERVED
-CVE-2007-5761
- RESERVED
+CVE-2007-5761 (The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 ...)
+ TODO: check
CVE-2007-5760
RESERVED
CVE-2007-5759
@@ -2903,8 +3052,8 @@
NOT-FOR-US: Novell Client
CVE-2007-5666
RESERVED
-CVE-2007-5665
- RESERVED
+CVE-2007-5665 (STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management ...)
+ TODO: check
CVE-2007-5664
RESERVED
CVE-2007-5663
@@ -4074,8 +4223,8 @@
NOT-FOR-US: Joomla! and mambo extension
CVE-2007-5361 (The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and ...)
NOT-FOR-US: Alcatel-Lucent OmniPCX Enterprise
-CVE-2007-5360
- RESERVED
+CVE-2007-5360 (Buffer overflow in OpenPegasus Management server, as used in VMWare ...)
+ TODO: check
CVE-2007-5359
RESERVED
CVE-2007-5358 (Multiple buffer overflows in the voicemail functionality in Asterisk ...)
@@ -4092,8 +4241,8 @@
RESERVED
CVE-2007-5353
RESERVED
-CVE-2007-5352
- RESERVED
+CVE-2007-5352 (Unspecified vulnerability in Local Security Authority Subsystem ...)
+ TODO: check
CVE-2007-5351 (Unspecified vulnerability in Server Message Block Version 2 (SMBv2) ...)
NOT-FOR-US: Microsoft Vista
CVE-2007-5350 (Unspecified vulnerability in the Windows Advanced Local Procedure Call ...)
@@ -4614,7 +4763,7 @@
NOT-FOR-US: rMake
CVE-2007-5192
RESERVED
-CVE-2007-5191 (mount and umount in util-linux call the setuid and setgid functions in ...)
+CVE-2007-5191 (mount and umount in util-linux and loop-aes-utils call the setuid and ...)
{DSA-1450-1 DSA-1449-1 DTSA-64-1 DTSA-70-1}
- util-linux 2.13-8 (low)
- loop-aes-utils 2.13-2 (low)
@@ -5890,7 +6039,7 @@
{DSA-1444-1 DTSA-61-1}
- php5 5.2.4-1
NOTE: fixed in php5/etch svn
-CVE-2007-4658 (The money_format function in PHP before 5.2.4 permits multiple (1) %i ...)
+CVE-2007-4658 (The money_format function in PHP 5 before 5.2.4, and PHP 4 before ...)
{DSA-1444-1 DTSA-61-1}
- php5 5.2.4-1 (low)
NOTE: fixed in php5/etch svn
@@ -8273,8 +8422,10 @@
CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7 and ...)
NOT-FOR-US: FlashGameScript
CVE-2007-3645 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows ...)
+ {DSA-1455-1}
- libarchive 2.2.4-1 (bug #432924; low)
CVE-2007-3644 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows ...)
+ {DSA-1455-1}
- libarchive 2.2.4-1 (bug #432924; low)
CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative privileges ...)
NOT-FOR-US: AV Arcade
@@ -8282,6 +8433,7 @@
{DSA-1356-1}
- linux-2.6 2.6.22-2
CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4 does not ...)
+ {DSA-1455-1}
- libarchive 2.2.4-1 (bug #432924; low)
CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent ...)
NOT-FOR-US: Adobe Apollo
@@ -17343,14 +17495,14 @@
RESERVED
CVE-2007-0070
RESERVED
-CVE-2007-0069
- RESERVED
+CVE-2007-0069 (Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, ...)
+ TODO: check
CVE-2007-0068 (IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature ...)
NOT-FOR-US: IBM Lotus Domino
CVE-2007-0067 (Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x ...)
NOT-FOR-US: Lotus Domino Server
-CVE-2007-0066
- RESERVED
+CVE-2007-0066 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
+ TODO: check
CVE-2007-0065
RESERVED
CVE-2007-0064 (Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, ...)
More information about the Secure-testing-commits
mailing list