[Secure-testing-commits] r7882 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Fri Jan 11 21:14:11 UTC 2008
Author: joeyh
Date: 2008-01-11 21:14:10 +0000 (Fri, 11 Jan 2008)
New Revision: 7882
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-01-11 17:07:18 UTC (rev 7881)
+++ data/CVE/list 2008-01-11 21:14:10 UTC (rev 7882)
@@ -1,4 +1,169 @@
+CVE-2008-0237 (The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 ...)
+ TODO: check
+CVE-2008-0236 (An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) ...)
+ TODO: check
+CVE-2008-0235 (The Microsoft VFP_OLE_Server ActiveX control allows remote attackers ...)
+ TODO: check
+CVE-2008-0234 (Stack-based buffer overflow in Apple Quicktime Player 7.3.1.70, when ...)
+ TODO: check
+CVE-2008-0233 (Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and ...)
+ TODO: check
+CVE-2008-0232 (Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow ...)
+ TODO: check
+CVE-2008-0231 (Multiple directory traversal vulnerabilities in Tune Studio index.php ...)
+ TODO: check
+CVE-2008-0230 (PHP remote file inclusion vulnerability in php121db.php in osDate ...)
+ TODO: check
+CVE-2008-0229 (The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless ...)
+ TODO: check
+CVE-2008-0228 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in the ...)
+ TODO: check
+CVE-2008-0227 (yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, ...)
+ TODO: check
+CVE-2008-0226 (Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL ...)
+ TODO: check
+CVE-2008-0225 (Heap-based buffer overflow in the rmff_dump_cont function in ...)
+ TODO: check
+CVE-2008-0224 (SQL injection vulnerability in index.php in the Newbb_plus 0.92 and ...)
+ TODO: check
+CVE-2008-0223 (Buffer overflow in JustSystem JSFC.DLL, as used in multiple JustSystem ...)
+ TODO: check
+CVE-2008-0222 (Unrestricted file upload vulnerability in ajaxfilemanager.php in the ...)
+ TODO: check
+CVE-2008-0221 (Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka ...)
+ TODO: check
+CVE-2008-0220 (Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 ...)
+ TODO: check
+CVE-2008-0219 (SQL injection vulnerability in soporte_horizontal_w.php in PHP ...)
+ TODO: check
+CVE-2008-0218 (Cross-site scripting (XSS) vulnerability in admin/index.html in Merak ...)
+ TODO: check
+CVE-2008-0217
+ RESERVED
+CVE-2008-0216
+ RESERVED
+CVE-2008-0215
+ RESERVED
+CVE-2008-0214
+ RESERVED
+CVE-2008-0213
+ RESERVED
+CVE-2008-0212
+ RESERVED
+CVE-2008-0211
+ RESERVED
+CVE-2008-0210 (Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication ...)
+ TODO: check
+CVE-2008-0209 (Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 ...)
+ TODO: check
+CVE-2008-0208 (Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums ...)
+ TODO: check
+CVE-2008-0207 (Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 ...)
+ TODO: check
+CVE-2008-0206 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2008-0205 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2008-0204 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2008-0203 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2008-0202 (CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 ...)
+ TODO: check
+CVE-2008-0201 (Cross-site scripting (XSS) vulnerability in index.php in ...)
+ TODO: check
+CVE-2008-0200 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2008-0199 (PRO-Search 0.17 and earlier allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2008-0198 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2008-0197 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2008-0196 (Multiple directory traversal vulnerabilities in WordPress 2.0.11 and ...)
+ TODO: check
+CVE-2008-0195 (WordPress 2.0.11 and earlier allows remote attackers to obtain ...)
+ TODO: check
+CVE-2008-0194 (Directory traversal vulnerability in wp-db-backup.php in WordPress ...)
+ TODO: check
+CVE-2008-0193 (Cross-site scripting (XSS) vulnerability in wp-db-backup.php in ...)
+ TODO: check
+CVE-2008-0192 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 ...)
+ TODO: check
+CVE-2008-0191 (WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2008-0190 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2008-0189
+ RESERVED
+CVE-2008-0188
+ RESERVED
+CVE-2008-0187 (SQL injection vulnerability in songinfo.php in SAM Broadcaster ...)
+ TODO: check
+CVE-2008-0186 (Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 ...)
+ TODO: check
+CVE-2008-0185 (SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly ...)
+ TODO: check
+CVE-2008-0184 (Absolute path traversal vulnerability in index.php in Sys-Hotel on ...)
+ TODO: check
+CVE-2008-0183
+ RESERVED
+CVE-2008-0182
+ RESERVED
+CVE-2008-0181
+ RESERVED
+CVE-2008-0180
+ RESERVED
+CVE-2008-0179
+ RESERVED
+CVE-2008-0178
+ RESERVED
+CVE-2008-0177
+ RESERVED
+CVE-2008-0176
+ RESERVED
+CVE-2008-0175
+ RESERVED
+CVE-2008-0174
+ RESERVED
+CVE-2008-0172
+ RESERVED
+CVE-2008-0171
+ RESERVED
+CVE-2008-0170
+ RESERVED
+CVE-2008-0169
+ RESERVED
+CVE-2008-0168
+ RESERVED
+CVE-2008-0167
+ RESERVED
+CVE-2008-0166
+ RESERVED
+CVE-2008-0165
+ RESERVED
+CVE-2008-0164
+ RESERVED
+CVE-2008-0163
+ RESERVED
+CVE-2008-0162
+ RESERVED
+CVE-2008-0161
+ RESERVED
+CVE-2008-0160
+ RESERVED
+CVE-2007-6680 (Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument ...)
+ TODO: check
+CVE-2007-6679 (Unspecified vulnerability in the Administrative Console in IBM ...)
+ TODO: check
+CVE-2007-6678 (Untrusted search path vulnerability in yast2-core in SUSE Linux might ...)
+ TODO: check
+CVE-2007-6677 (Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam ...)
+ TODO: check
+CVE-2003-1539 (Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File ...)
+ TODO: check
CVE-2008-0173 [SQL injection in gforge]
+ RESERVED
- gforge <unfixed> (unimportant)
NOTE: this is exploitable by unauthenticated users
NOTE: Requires register_globals to be On, unsupported in lenny+sid.
@@ -71,8 +236,8 @@
NOT-FOR-US: Site at School
CVE-2008-0128
RESERVED
-CVE-2008-0127
- RESERVED
+CVE-2008-0127 (The administration interface in McAfee E-Business Server 8.5.2 and ...)
+ TODO: check
CVE-2008-0126
RESERVED
CVE-2008-0125
@@ -420,13 +585,11 @@
NOT-FOR-US: Hot or Not Clone
CVE-2007-6602 (SQL injection vulnerability in app/models/identity.php in NoseRub ...)
NOT-FOR-US: NoseRub
-CVE-2007-6601 [dblink privilege escalation in postgresql]
- RESERVED
+CVE-2007-6601 (The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, ...)
- postgresql-8.2 8.2.6-1
- postgresql-8.1 8.1.11-1
NOTE: see http://www.postgresql.org/about/news.905
-CVE-2007-6600 [privilege escalation in postgresql]
- RESERVED
+CVE-2007-6600 (PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 ...)
- postgresql-8.2 8.2.6-1
- postgresql-8.1 8.1.11-1
NOTE: see http://www.postgresql.org/about/news.905
@@ -599,10 +762,10 @@
NOT-FOR-US: Microsoft Office Publisher
CVE-2007-6533 (Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows ...)
NOT-FOR-US: Zoom Player
-CVE-2007-6532
- RESERVED
-CVE-2007-6531
- RESERVED
+CVE-2007-6532 (Double-free vulnerability in the Widget Library (libxfcegui4) in Xfce ...)
+ TODO: check
+CVE-2007-6531 (Stack-based buffer overflow in the Panel (xfce4-panel) component in ...)
+ TODO: check
CVE-2007-6530 (Buffer overflow in the XUpload.ocx ActiveX control in Persits Software ...)
NOT-FOR-US: XUpload
CVE-2007-6529 (Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have ...)
@@ -1278,8 +1441,8 @@
RESERVED
CVE-2007-6251
RESERVED
-CVE-2007-6250
- RESERVED
+CVE-2007-6250 (Stack-based buffer overflow in AOL AOLMediaPlaybackControl ...)
+ TODO: check
CVE-2007-6249 (etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the ...)
NOT-FOR-US: Gentoo portage
CVE-2007-6248
@@ -1686,8 +1849,7 @@
RESERVED
CVE-2007-6068
RESERVED
-CVE-2007-6067 [remote denial of service in postgresql via crafted regex]
- RESERVED
+CVE-2007-6067 (Algorithmic complexity vulnerability in the regular expression parser ...)
- postgresql-8.2 8.2.6-1
- postgresql-8.1 8.1.11-1
NOTE: see http://www.postgresql.org/about/news.905
@@ -1845,8 +2007,8 @@
RESERVED
CVE-2007-6019
RESERVED
-CVE-2007-6018
- RESERVED
+CVE-2007-6018 (IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde ...)
+ TODO: check
CVE-2007-6017
RESERVED
CVE-2007-6016
@@ -2524,8 +2686,8 @@
RESERVED
CVE-2007-5763
RESERVED
-CVE-2007-5762
- RESERVED
+CVE-2007-5762 (NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, ...)
+ TODO: check
CVE-2007-5761 (The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 ...)
NOT-FOR-US: Motorola netOctopus
CVE-2007-5760
@@ -2796,7 +2958,7 @@
NOT-FOR-US: phpImage
CVE-2007-5696 (PHP remote file inclusion vulnerability in includes.php in phpBasic ...)
NOT-FOR-US: phpBasic
-CVE-2007-5695 (command.php in SiteBar 3.3.8 allows remote attackers to redirect users ...)
+CVE-2007-5695 (Open redirect vulnerability in command.php in SiteBar 3.3.8 allows ...)
{DSA-1423-1}
- sitebar 3.3.8-12.1 (low; bug #448690)
NOTE: there is no real exploit scenario
@@ -3291,8 +3453,8 @@
NOT-FOR-US: VMware Player
CVE-2007-5617 (Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 ...)
NOT-FOR-US: VMware Player
-CVE-2007-5616
- RESERVED
+CVE-2007-5616 (ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x ...)
+ TODO: check
CVE-2007-5615 (CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows ...)
- jetty <unfixed> (low; bug #454529)
CVE-2007-5614 (Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote ...)
@@ -3989,14 +4151,14 @@
RESERVED
CVE-2007-5405
RESERVED
-CVE-2007-5404
- RESERVED
-CVE-2007-5403
- RESERVED
-CVE-2007-5402
- RESERVED
-CVE-2007-5401
- RESERVED
+CVE-2007-5404 (Layton HelpBox 3.7.1 generates different responses depending on ...)
+ TODO: check
+CVE-2007-5403 (Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox ...)
+ TODO: check
+CVE-2007-5402 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow ...)
+ TODO: check
+CVE-2007-5401 (Unrestricted file upload vulnerability in uploadrequest.asp in Layton ...)
+ TODO: check
CVE-2007-5400
RESERVED
CVE-2007-5399
@@ -5749,8 +5911,7 @@
RESERVED
CVE-2007-4773
RESERVED
-CVE-2007-4772 [remote denial of service in postgresql via crafted regex]
- RESERVED
+CVE-2007-4772 (The regular expression parser in TCL before 8.4.17, as used in ...)
- postgresql-8.2 8.2.6-1
- postgresql-8.1 8.1.11-1
NOTE: see http://www.postgresql.org/about/news.905
@@ -5758,8 +5919,7 @@
RESERVED
CVE-2007-4770
RESERVED
-CVE-2007-4769 [remote denial of service in postgresql via crafted regex]
- RESERVED
+CVE-2007-4769 (The regular expression parser in TCL before 8.4.17, as used in ...)
- postgresql-8.2 8.2.6-1
- postgresql-8.1 8.1.11-1
NOTE: see http://www.postgresql.org/about/news.905
@@ -17518,7 +17678,7 @@
NOT-FOR-US: IBM Lotus Domino
CVE-2007-0067 (Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x ...)
NOT-FOR-US: Lotus Domino Server
-CVE-2007-0066 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
+CVE-2007-0066 (The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, ...)
NOT-FOR-US: Microsoft Windows
CVE-2007-0065
RESERVED
@@ -17803,8 +17963,8 @@
NOT-FOR-US: ChainKey Java Code Protection
CVE-2007-0013
RESERVED
-CVE-2007-0012
- RESERVED
+CVE-2007-0012 (Sun JRE 5.0 before update 14 allows remote attackers to cause a denial ...)
+ TODO: check
CVE-2007-0011 (The web portal interface in Citrix Access Gateway (aka Citrix Advanced ...)
NOT-FOR-US: Citrix Access Gateway
CVE-2006-6836 (Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 ...)
More information about the Secure-testing-commits
mailing list