[Secure-testing-commits] r8063 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Thu Jan 31 21:14:15 UTC 2008
Author: joeyh
Date: 2008-01-31 21:14:14 +0000 (Thu, 31 Jan 2008)
New Revision: 8063
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-01-31 20:28:39 UTC (rev 8062)
+++ data/CVE/list 2008-01-31 21:14:14 UTC (rev 8063)
@@ -1,3 +1,187 @@
+CVE-2008-0501 (Directory traversal vulnerability in phpMyClub 0.0.1 allows remote ...)
+ TODO: check
+CVE-2008-0500 (Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have ...)
+ TODO: check
+CVE-2008-0499 (SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote ...)
+ TODO: check
+CVE-2008-0498 (SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop ...)
+ TODO: check
+CVE-2008-0497 (Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS ...)
+ TODO: check
+CVE-2008-0496 (Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 ...)
+ TODO: check
+CVE-2008-0495 (Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware ...)
+ TODO: check
+CVE-2008-0494 (Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in ...)
+ TODO: check
+CVE-2008-0493 (fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows ...)
+ TODO: check
+CVE-2008-0492 (Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control ...)
+ TODO: check
+CVE-2008-0491 (SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 ...)
+ TODO: check
+CVE-2008-0490 (SQL injection vulnerability in functions/editevent.php in the WP-Cal ...)
+ TODO: check
+CVE-2008-0489 (Directory traversal vulnerability in install.php in Clansphere ...)
+ TODO: check
+CVE-2008-0488 (Directory traversal vulnerability in tseekdir.cgi in VB Marketing ...)
+ TODO: check
+CVE-2008-0487 (Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect ...)
+ TODO: check
+CVE-2008-0486
+ RESERVED
+CVE-2008-0485
+ RESERVED
+CVE-2008-0484
+ RESERVED
+CVE-2008-0483
+ RESERVED
+CVE-2008-0482
+ RESERVED
+CVE-2008-0481 (Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz ...)
+ TODO: check
+CVE-2008-0480 (Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 ...)
+ TODO: check
+CVE-2008-0479 (Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz ...)
+ TODO: check
+CVE-2008-0478 (Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows ...)
+ TODO: check
+CVE-2008-0477 (Stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX ...)
+ TODO: check
+CVE-2008-0476 (ManageEngine Applications Manager 8.1 build 8100 does not check ...)
+ TODO: check
+CVE-2008-0475 (ManageEngine Applications Manager 8.1 build 8100 allows remote ...)
+ TODO: check
+CVE-2008-0474 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
+ TODO: check
+CVE-2008-0473 (RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote ...)
+ TODO: check
+CVE-2008-0472 (Cross-site request forgery (CSRF) vulnerability in modcp.php in ...)
+ TODO: check
+CVE-2008-0471 (Cross-site request forgery (CSRF) vulnerability in privmsg.php in ...)
+ TODO: check
+CVE-2008-0470 (A certain ActiveX control in Comodo AntiVirus 2.0 allows remote ...)
+ TODO: check
+CVE-2008-0469 (SQL injection vulnerability in index.php in Tiger Php News System ...)
+ TODO: check
+CVE-2008-0468 (SQL injection vulnerability in category.php in Flinx 1.3 and earlier ...)
+ TODO: check
+CVE-2008-0467 (Buffer overflow in Firebird before 2.1.0 RC1 might allow remote ...)
+ TODO: check
+CVE-2008-0466 (Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor ...)
+ TODO: check
+CVE-2008-0465 (Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 ...)
+ TODO: check
+CVE-2008-0464 (Directory traversal vulnerability in archiv.cgi in absofort aconon ...)
+ TODO: check
+CVE-2008-0463 (Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before ...)
+ TODO: check
+CVE-2008-0462 (Cross-site scripting (XSS) vulnerability in the Archive 5.x before ...)
+ TODO: check
+CVE-2008-0461 (SQL injection vulnerability in index.php in the Search module in ...)
+ TODO: check
+CVE-2008-0460 (Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki ...)
+ TODO: check
+CVE-2008-0459 (Directory traversal vulnerability in update/index.php in Liquid-Silver ...)
+ TODO: check
+CVE-2008-0458 (Directory traversal vulnerability in function/sources.php in SLAED CMS ...)
+ TODO: check
+CVE-2008-0457
+ RESERVED
+CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in the ...)
+ TODO: check
+CVE-2008-0455 (Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...)
+ TODO: check
+CVE-2008-0454 (Cross-zone scripting vulnerability in the Internet Explorer web ...)
+ TODO: check
+CVE-2008-0453 (SQL injection vulnerability in list.php in Easysitenetwork Recipe ...)
+ TODO: check
+CVE-2008-0452 (Directory traversal vulnerability in articles.php in Siteman 1.1.9 ...)
+ TODO: check
+CVE-2008-0451 (Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote ...)
+ TODO: check
+CVE-2008-0450 (Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c ...)
+ TODO: check
+CVE-2008-0449 (SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping ...)
+ TODO: check
+CVE-2008-0448 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-0447 (SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 ...)
+ TODO: check
+CVE-2008-0446 (SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows ...)
+ TODO: check
+CVE-2008-0445 (The replace_inline_img function in elogd in Electronic Logbook (ELOG) ...)
+ TODO: check
+CVE-2008-0444 (Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) ...)
+ TODO: check
+CVE-2008-0443 (Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX ...)
+ TODO: check
+CVE-2008-0442 (PHP remote file inclusion vulnerability in inc/linkbar.php in Small ...)
+ TODO: check
+CVE-2008-0441 (IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in ...)
+ TODO: check
+CVE-2008-0440 (AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in ...)
+ TODO: check
+CVE-2008-0439 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2008-0438 (Cross-site scripting (XSS) vulnerability in the font rendering ...)
+ TODO: check
+CVE-2008-0437 (Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ...)
+ TODO: check
+CVE-2008-0436 (Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp ...)
+ TODO: check
+CVE-2008-0435 (Directory traversal vulnerability in index.php in OZJournals 2.1.1 ...)
+ TODO: check
+CVE-2008-0434 (Format string vulnerability in the AXIMilter module in AXIGEN Mail ...)
+ TODO: check
+CVE-2008-0433 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-0432 (Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo ...)
+ TODO: check
+CVE-2008-0431 (Directory traversal vulnerability in administrator/download.php in ...)
+ TODO: check
+CVE-2008-0430 (SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows ...)
+ TODO: check
+CVE-2008-0429 (SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per ...)
+ TODO: check
+CVE-2008-0428 (Multiple SQL injection vulnerabilities in the login function in ...)
+ TODO: check
+CVE-2008-0427 (Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows ...)
+ TODO: check
+CVE-2008-0426 (Multiple cross-site scripting (XSS) vulnerabilities in submit.php in ...)
+ TODO: check
+CVE-2008-0425 (Absolute path traversal vulnerability in explorerdir.php in Frimousse ...)
+ TODO: check
+CVE-2008-0424 (SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) ...)
+ TODO: check
+CVE-2008-0423 (Multiple PHP remote file inclusion vulnerabilities in Lama Software ...)
+ TODO: check
+CVE-2008-0422 (SQL injection vulnerability in mail.php in boastMachine (aka bMachine) ...)
+ TODO: check
+CVE-2008-0421 (SQL injection vulnerability in Invision Gallery 2.0.7 and earlier ...)
+ TODO: check
+CVE-2008-0420
+ RESERVED
+CVE-2008-0419
+ RESERVED
+CVE-2008-0418
+ RESERVED
+CVE-2008-0417
+ RESERVED
+CVE-2008-0416
+ RESERVED
+CVE-2008-0415
+ RESERVED
+CVE-2008-0414
+ RESERVED
+CVE-2008-0413
+ RESERVED
+CVE-2008-0412
+ RESERVED
+CVE-2008-0411
+ RESERVED
+CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 ...)
+ TODO: check
CVE-2008-XXXX [openssh local users may hijack forwarded X connections]
- openssh <unfixed> (bug #463011)
CVE-2008-XXXX [exempi buffer overflow in GIF ReadHeader() function]
@@ -6,18 +190,18 @@
- sdl-image1.2 1.2.6-2 (medium)
NOTE: CVE id requested
NOTE: see http://www.securityfocus.com/archive/1/486853/30/30/threaded
-CVE-2008-0410
- RESERVED
-CVE-2008-0409
- RESERVED
-CVE-2008-0408
- RESERVED
-CVE-2008-0407
- RESERVED
-CVE-2008-0406
- RESERVED
-CVE-2008-0405
- RESERVED
+CVE-2008-0410 (HTTP File Server (HFS) before 2.2c allows remote attackers to obtain ...)
+ TODO: check
+CVE-2008-0409 (Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) ...)
+ TODO: check
+CVE-2008-0408 (HTTP File Server (HFS) before 2.2c allows remote attackers to append ...)
+ TODO: check
+CVE-2008-0407 (HTTP File Server (HFS) before 2.2c tags HTTP request log entries with ...)
+ TODO: check
+CVE-2008-0406 (HTTP File Server (HFS) before 2.2c, when account names are used as log ...)
+ TODO: check
+CVE-2008-0405 (Multiple directory traversal vulnerabilities in HTTP File Server (HFS) ...)
+ TODO: check
CVE-2008-0404 (Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows ...)
- mantis <not-affected> (Vulnerable code not present)
NOTE: code was introduced in the 1.1.x series, which are not shipped by us yet
@@ -53,8 +237,8 @@
NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-0388 (SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress ...)
NOT-FOR-US: WP-Forum plugin for WordPress
-CVE-2008-0387
- RESERVED
+CVE-2008-0387 (Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before ...)
+ TODO: check
CVE-2008-0386 [arbitrary code execution in xdg-utils via crafted path name]
RESERVED
- xdg-utils <unfixed> (low; bug #463471)
@@ -542,12 +726,12 @@
RESERVED
CVE-2008-0177
RESERVED
-CVE-2008-0176
- RESERVED
-CVE-2008-0175
- RESERVED
-CVE-2008-0174
- RESERVED
+CVE-2008-0176 (Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI ...)
+ TODO: check
+CVE-2008-0175 (Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time ...)
+ TODO: check
+CVE-2008-0174 (GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses ...)
+ TODO: check
CVE-2008-0172 (The get_repeat_type function in basic_regex_creator.hpp in the Boost ...)
- boost <unfixed> (low; bug #461236)
CVE-2008-0171 (regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library ...)
@@ -681,7 +865,7 @@
NOTE: the issue itself has a quite small attack vector
NOTE: and considering that the apache configuration that comes
NOTE: with moodle limits connections to localhost this is no issue
-CVE-2008-0122 (Off-by-one error in the inet_network function in libc in FreeBSD 6.2, ...)
+CVE-2008-0122 (Off-by-one error in the inet_network function in libbind in ISC BIND ...)
- bind <removed>
[sarge] - bind <no-dsa> (applications will use inet_network in libc)
[etch] - bind <no-dsa> (applications will use inet_network in libc)
@@ -1436,10 +1620,10 @@
NOT-FOR-US: predating security tracker
CVE-2008-0030
RESERVED
-CVE-2008-0029
- RESERVED
-CVE-2008-0028
- RESERVED
+CVE-2008-0029 (Cisco Application Velocity System (AVS) before 5.1.0 is installed with ...)
+ TODO: check
+CVE-2008-0028 (Unspecified vulnerability in Cisco PIX 500 Series Security Appliance ...)
+ TODO: check
CVE-2008-0027 (Heap-based buffer overflow in the Certificate Trust List (CTL) ...)
NOT-FOR-US: Cisco
CVE-2008-0026
@@ -1472,8 +1656,8 @@
- xorg-server 2:1.4.1~git20080105-2
CVE-2007-6426
RESERVED
-CVE-2007-6425
- RESERVED
+CVE-2007-6425 (Unspecified vulnerability in HP-UX B.11.31, when running ARPA ...)
+ TODO: check
CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running in ...)
NOT-FOR-US: Fonality Trixbox
CVE-2007-6423 (** DISPUTED ** ...)
@@ -1501,8 +1685,7 @@
- xen-unstable <not-affected> (We only have xen for i386 and amd64)
- xen-3 <not-affected> (We only have xen for i386 and amd64)
- xen-3.0 <not-affected> (We only have xen for i386 and amd64)
-CVE-2007-6415
- RESERVED
+CVE-2007-6415 (scponly 4.6 and earlier allows remote authenticated users to bypass ...)
{DSA-1473-1}
- scponly 4.6-1.2 (high)
CVE-2007-6414 (admin/administrator.php in Adult Script 1.6 and earlier sends a ...)
@@ -2001,13 +2184,12 @@
RESERVED
CVE-2008-0009
RESERVED
-CVE-2008-0008 [prevent pulseaudio from dropping permissions]
- RESERVED
+CVE-2008-0008 (The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 ...)
{DSA-1476-1}
- pulseaudio 0.9.9-1
CVE-2008-0007
RESERVED
-CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1 and (2) the Sun ...)
+CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont ...)
{DSA-1466-2 DTSA-110-1}
- xorg-server 2:1.4.1~git20080105-2
- libxfont 1:1.3.1-2
@@ -3171,8 +3353,8 @@
NOT-FOR-US: Oracle
CVE-2007-5765
RESERVED
-CVE-2007-5764
- RESERVED
+CVE-2007-5764 (Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, ...)
+ TODO: check
CVE-2007-5763
RESERVED
CVE-2007-5762 (NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, ...)
@@ -6242,8 +6424,7 @@
NOT-FOR-US: Xwiki
CVE-2005-4862 (The search functionality in XWiki 0.9.793 indexes cleartext user ...)
NOT-FOR-US: Xwiki
-CVE-2007-4850 [php curl safe mode bypass]
- RESERVED
+CVE-2007-4850 (curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and ...)
- php4 <removed> (unimportant)
- php5 <unfixed> (unimportant)
NOTE: Safe mode bypasses not treated as security problems
@@ -6425,10 +6606,10 @@
- postgresql-8.2 8.2.6-1
- postgresql-8.1 8.1.11-1
[sarge] - postgresql <unfixed>
-CVE-2007-4771
- RESERVED
-CVE-2007-4770
- RESERVED
+CVE-2007-4771 (Heap-based buffer overflow in the doInterval function in regexcmp.cpp ...)
+ TODO: check
+CVE-2007-4770 (libicu in International Components for Unicode (ICU) 3.8.1 and earlier ...)
+ TODO: check
CVE-2007-4769 (The regular expression parser in TCL before 8.4.17, as used in ...)
{DSA-1463-1 DSA-1460-1}
- postgresql-8.2 8.2.6-1
@@ -6908,8 +7089,8 @@
NOT-FOR-US: Sophos
CVE-2007-4577 (Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers ...)
NOT-FOR-US: Sophos
-CVE-2007-4576
- RESERVED
+CVE-2007-4576 (Unspecified vulnerability in HSQLDB 1.8.0.8, and possibly other ...)
+ TODO: check
CVE-2007-4575 (Unspecified vulnerability in HSQLDB before 1.8.0.9 in OpenOffice.org ...)
{DSA-1419-1}
- openoffice.org 2.3.1~rc1-1 (medium; bug #454463)
More information about the Secure-testing-commits
mailing list