[Secure-testing-commits] r7937 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Jan 16 09:14:09 UTC 2008
Author: joeyh
Date: 2008-01-16 09:14:09 +0000 (Wed, 16 Jan 2008)
New Revision: 7937
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-01-16 08:54:30 UTC (rev 7936)
+++ data/CVE/list 2008-01-16 09:14:09 UTC (rev 7937)
@@ -1,3 +1,109 @@
+CVE-2008-0290 (Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and ...)
+ TODO: check
+CVE-2008-0289 (PHP remote file inclusion vulnerability in view_func.php in Member ...)
+ TODO: check
+CVE-2008-0288 (Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow ...)
+ TODO: check
+CVE-2008-0287 (PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 and ...)
+ TODO: check
+CVE-2008-0286 (SQL injection vulnerability in admin/login.php in Article Dashboard ...)
+ TODO: check
+CVE-2008-0285 (ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows ...)
+ TODO: check
+CVE-2008-0284 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...)
+ TODO: check
+CVE-2008-0283 (PHP remote file inclusion vulnerability in /aides/index.php in DomPHP ...)
+ TODO: check
+CVE-2008-0282 (SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 ...)
+ TODO: check
+CVE-2008-0281 (SQL injection vulnerability in liste.php in ID-Commerce 2.0 and ...)
+ TODO: check
+CVE-2008-0280 (SQL injection vulnerability in index.php in MTCMS 2.0 and possibly ...)
+ TODO: check
+CVE-2008-0279 (SQL injection vulnerability in liretopic.php in Xforum 1.4 and ...)
+ TODO: check
+CVE-2008-0278 (SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly ...)
+ TODO: check
+CVE-2008-0277 (Unspecified vulnerability in the Fileshare module for Drupal allows ...)
+ TODO: check
+CVE-2008-0276 (Cross-site scripting (XSS) vulnerability in the Devel module before ...)
+ TODO: check
+CVE-2008-0275 (The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal ...)
+ TODO: check
+CVE-2008-0274 (Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when ...)
+ TODO: check
+CVE-2008-0273 (Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before ...)
+ TODO: check
+CVE-2008-0272 (Cross-site request forgery (CSRF) vulnerability in the aggregator ...)
+ TODO: check
+CVE-2008-0271 (The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x ...)
+ TODO: check
+CVE-2008-0270 (SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and ...)
+ TODO: check
+CVE-2008-0269 (Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 ...)
+ TODO: check
+CVE-2008-0268 (Cross-site scripting (XSS) vulnerability in view.php in eTicket ...)
+ TODO: check
+CVE-2008-0267 (Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote ...)
+ TODO: check
+CVE-2008-0266 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...)
+ TODO: check
+CVE-2008-0265 (Multiple cross-site scripting (XSS) vulnerabilities in the Search ...)
+ TODO: check
+CVE-2008-0264 (Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 ...)
+ TODO: check
+CVE-2008-0263 (The SIP module in Ingate Firewall before 4.6.1 and SIParator before ...)
+ TODO: check
+CVE-2008-0262 (SQL injection vulnerability in includes/articleblock.php in Agares ...)
+ TODO: check
+CVE-2008-0261 (Unspecified vulnerability in the search component and module in Mambo ...)
+ TODO: check
+CVE-2008-0260 (minimal Gallery 0.8 allows remote attackers to obtain configuration ...)
+ TODO: check
+CVE-2008-0259 (Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php ...)
+ TODO: check
+CVE-2008-0258 (Cross-site scripting (XSS) vulnerability in index.php in PHP Running ...)
+ TODO: check
+CVE-2008-0257 (Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search ...)
+ TODO: check
+CVE-2008-0256 (Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo ...)
+ TODO: check
+CVE-2008-0255 (SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 ...)
+ TODO: check
+CVE-2008-0254 (SQL injection vulnerability in activate.php in TutorialCMS (aka ...)
+ TODO: check
+CVE-2008-0253 (SQL injection vulnerability in full_text.php in Binn SBuilder allows ...)
+ TODO: check
+CVE-2008-0252 (Directory traversal vulnerability in the _get_file_path function in ...)
+ TODO: check
+CVE-2008-0251 (Unrestricted file upload vulnerability in PhotoPost vBGallery before ...)
+ TODO: check
+CVE-2008-0250 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows ...)
+ TODO: check
+CVE-2008-0249 (PHP Webquest 2.6 allows remote attackers to retrieve database ...)
+ TODO: check
+CVE-2008-0248 (Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ...)
+ TODO: check
+CVE-2008-0247 (Heap-based buffer overflow in IBM Tivoli Storage Manager (TSM) Express ...)
+ TODO: check
+CVE-2008-0246 (admin.php in UploadScript 1.0 does not check for the original password ...)
+ TODO: check
+CVE-2008-0245 (admin.php in UploadImage 1.0 does not check for the original password ...)
+ TODO: check
+CVE-2008-0244 (SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2008-0243 (Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 ...)
+ TODO: check
+CVE-2008-0242 (Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local ...)
+ TODO: check
+CVE-2008-0241 (Open redirect vulnerability in /idm/user/login.jsp in Sun Java System ...)
+ TODO: check
+CVE-2008-0240 (/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 ...)
+ TODO: check
+CVE-2008-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
+ TODO: check
+CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont function in ...)
+ TODO: check
CVE-2008-XXXX [insecure use of RandomPool]
- python-paramiko <unfixed> (medium; bug #460706)
NOTE: http://www.lag.net/pipermail/paramiko/2008-January/000599.html
@@ -13,7 +119,7 @@
NOT-FOR-US: Zero CMS
CVE-2008-0232 (Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow ...)
NOT-FOR-US: Zero CMS
-CVE-2008-0231 (Multiple directory traversal vulnerabilities in Tune Studio index.php ...)
+CVE-2008-0231 (Multiple directory traversal vulnerabilities in index.php in Tuned ...)
NOT-FOR-US: Tune Studio
CVE-2008-0230 (PHP remote file inclusion vulnerability in php121db.php in osDate ...)
NOT-FOR-US: osDate
@@ -32,7 +138,7 @@
- xine-lib <unfixed> (medium; bug #460551)
CVE-2008-0224 (SQL injection vulnerability in index.php in the Newbb_plus 0.92 and ...)
NOT-FOR-US: RunCMS
-CVE-2008-0223 (Buffer overflow in JustSystem JSFC.DLL, as used in multiple JustSystem ...)
+CVE-2008-0223 (Buffer overflow in JustSystems JSFC.DLL, as used in multiple ...)
NOT-FOR-US: JustSystem
CVE-2008-0222 (Unrestricted file upload vulnerability in ajaxfilemanager.php in the ...)
NOT-FOR-US: Wp-FileManager plugin for WordPress
@@ -44,10 +150,10 @@
NOT-FOR-US: Webquest
CVE-2008-0218 (Cross-site scripting (XSS) vulnerability in admin/index.html in Merak ...)
NOT-FOR-US: Merak IceWarp Mail Server
-CVE-2008-0217
- RESERVED
-CVE-2008-0216
- RESERVED
+CVE-2008-0217 (The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes ...)
+ TODO: check
+CVE-2008-0216 (The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not ...)
+ TODO: check
CVE-2008-0215
RESERVED
CVE-2008-0214
@@ -177,8 +283,7 @@
NOT-FOR-US: Peter's Random Anti-Spam Image
CVE-2003-1539 (Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File ...)
NOT-FOR-US: ONEdotOH Simple File
-CVE-2008-0173 [SQL injection in gforge]
- RESERVED
+CVE-2008-0173 (SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote ...)
{DSA-1459-1}
- gforge 4.6.99+svn6330-1 (medium)
NOTE: this is exploitable by unauthenticated users
@@ -260,10 +365,10 @@
RESERVED
CVE-2008-0124
RESERVED
-CVE-2008-0123
- RESERVED
-CVE-2008-0122
- RESERVED
+CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for Moodle ...)
+ TODO: check
+CVE-2008-0122 (Off-by-one error in the inet_network function in libc in FreeBSD 6.2, ...)
+ TODO: check
CVE-2008-0121
RESERVED
CVE-2008-0120
@@ -455,18 +560,18 @@
RESERVED
CVE-2008-0037
RESERVED
-CVE-2008-0036
- RESERVED
-CVE-2008-0035
- RESERVED
-CVE-2008-0034
- RESERVED
-CVE-2008-0033
- RESERVED
-CVE-2008-0032
- RESERVED
-CVE-2008-0031
- RESERVED
+CVE-2008-0036 (Buffer overflow in Apple QuickTime before 7.4 allows remote attackers ...)
+ TODO: check
+CVE-2008-0035 (Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 ...)
+ TODO: check
+CVE-2008-0034 (Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through ...)
+ TODO: check
+CVE-2008-0033 (Unspecified vulnerability in Apple QuickTime before 7.4 allows remote ...)
+ TODO: check
+CVE-2008-0032 (Apple QuickTime before 7.4 allows remote attackers to execute ...)
+ TODO: check
+CVE-2008-0031 (Unspecified vulnerability in Apple QuickTime before 7.4 allows remote ...)
+ TODO: check
CVE-2007-6667 (SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier ...)
NOT-FOR-US: MyPHP Forum
CVE-2007-6666 (SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 ...)
@@ -1002,7 +1107,7 @@
[sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6)
[etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6)
CVE-2007-6437 (Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows ...)
- {DTSA-105-1}
+ {DSA-1464-1 DTSA-105-1}
- syslog-ng 2.0.6-1 (low; bug #457334)
[sarge] - syslog-ng <not-affected> (Vulnerable code not present)
CVE-2003-1538 (susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and ...)
@@ -1045,19 +1150,17 @@
RESERVED
CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running in ...)
NOT-FOR-US: Fonality Trixbox
-CVE-2007-6423 [windows only Apache mod_proxy_balancer issue]
- RESERVED
+CVE-2007-6423 (** DISPUTED ** ...)
- apache2 <not-affected> (disputed / only for Windows)
-CVE-2007-6422 (Unspecified vulnerability in mod_proxy_balancer in the Apache HTTP ...)
+CVE-2007-6422 (The balancer_handler function in mod_proxy_balancer in the Apache HTTP ...)
- apache2 <unfixed> (low)
[etch] - apache2 <no-dsa> (minor issue)
[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
-CVE-2007-6421 (Cross-site scripting (XSS) vulnerability in mod_proxy_balancer in the ...)
+CVE-2007-6421 (Cross-site scripting (XSS) vulnerability in balancer-manager in ...)
- apache2 <unfixed> (low)
[etch] - apache2 <no-dsa> (minor issue)
[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
-CVE-2007-6420 [Apache mod_proxy_balancer XSRF in balancer manager]
- RESERVED
+CVE-2007-6420 (Cross-site request forgery (CSRF) vulnerability in the ...)
- apache2 <unfixed> (low)
[etch] - apache2 <no-dsa> (minor issue)
[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
@@ -1375,13 +1478,12 @@
NOT-FOR-US: HyperVM
CVE-2007-6286
RESERVED
-CVE-2007-6285 (The default configuration for autofs 5 (autofs5) on Red Hat Enterprise ...)
+CVE-2007-6285 (The default configuration for autofs 5 (autofs5) in some Linux ...)
NOTE: maintainer will patch autofs5 in upload to unstable
TODO: check when autofs5 hits unstable
- autofs <not-affected> (-hosts feature not present, auto.net has nosuid,nodev)
- autofs5 <unfixed>
-CVE-2007-6284 [infinite loop in libxml2 through crafted UTF-8 sequence]
- RESERVED
+CVE-2007-6284 (The xmlCurrentChar function in libxml2 before 2.6.31 allows ...)
{DSA-1461-1}
- libxml2 2.6.30.dfsg-3.1 (medium; bug #460292)
- libxml 1.8.17-14.1 (medium)
@@ -1567,8 +1669,7 @@
RESERVED
CVE-2008-0006
RESERVED
-CVE-2008-0005 [Apache mod_proxy_ftp Undefined Charset UTF-7 XSS Vulnerability]
- RESERVED
+CVE-2008-0005 (mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before ...)
- apache2 <unfixed> (low)
- apache <unfixed> (low)
CVE-2008-0004
@@ -1577,8 +1678,8 @@
NOT-FOR-US: OpenPegasus CIM management server
CVE-2008-0002
RESERVED
-CVE-2008-0001
- RESERVED
+CVE-2008-0001 (VFS in the Linux kernel before 2.6.23.14 performs tests of access mode ...)
+ TODO: check
CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not ...)
- xen-3 3.1.2-1
CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x ...)
@@ -2189,7 +2290,7 @@
CVE-2007-5965 (QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly ...)
- qt4-x11 4.3.3-1
- qt-x11-free <not-affected> (Vulnerable code not present)
-CVE-2007-5964 (The default configuration of autofs 5 in Red Hat Enterprise Linux ...)
+CVE-2007-5964 (The default configuration of autofs 5 in some Linux distributions, ...)
- autofs 3.1.4-8 (medium)
- autofs5 <unfixed>
NOTE: maintainer will patch autofs5 in upload to unstable
@@ -2201,7 +2302,7 @@
RESERVED
CVE-2007-5961
RESERVED
-CVE-2007-5960 (Mozilla Firefox before 2.0.0.10 and SeaMonkey 1.1.7 sets the Referer ...)
+CVE-2007-5960 (Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the ...)
{DSA-1425-1 DSA-1424-1}
- iceweasel 2.0.0.10-1
- iceape 1.1.7-1
@@ -2510,7 +2611,7 @@
NOT-FOR-US: Spin Tracer (Apple Mac OS X)
CVE-2007-5859 (Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 ...)
NOT-FOR-US: Safari RSS (Apple Mac OS X)
-CVE-2007-5858 (WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1 allows remote ...)
+CVE-2007-5858 (WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 ...)
NOT-FOR-US: Safari (Apple Mac OS X)
CVE-2007-5857 (Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from ...)
NOT-FOR-US: Quick Look (Apple Mac OS X)
@@ -3269,14 +3370,14 @@
NOT-FOR-US: MacroVision FLEXnet Connect and InstallShield 2008
CVE-2007-5659
RESERVED
-CVE-2007-5658
- RESERVED
-CVE-2007-5657
- RESERVED
-CVE-2007-5656
- RESERVED
-CVE-2007-5655
- RESERVED
+CVE-2007-5658 (Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and ...)
+ TODO: check
+CVE-2007-5657 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, ...)
+ TODO: check
+CVE-2007-5656 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, ...)
+ TODO: check
+CVE-2007-5655 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, ...)
+ TODO: check
CVE-2007-5654 (LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger ...)
NOT-FOR-US: LiteSpeed
CVE-2007-5653 (The Component Object Model (COM) functions in PHP 5.x on Windows do ...)
More information about the Secure-testing-commits
mailing list