[Secure-testing-commits] r58534 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Dec 13 21:10:13 UTC 2017 

Author: sectracker
Date: 2017-12-13 21:10:13 +0000 (Wed, 13 Dec 2017)
New Revision: 58534

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-13 21:09:49 UTC (rev 58533)
+++ data/CVE/list	2017-12-13 21:10:13 UTC (rev 58534)
@@ -1,9 +1,201 @@
-CVE-2017-17569
+CVE-2017-17665 (In Octopus Deploy before 4.1.3, the machine update process doesn't ...)
+	TODO: check
+CVE-2017-17664 (A Remote Crash issue was discovered in Asterisk Open Source 13.x before ...)
+	TODO: check
+CVE-2017-17663
 	RESERVED
-CVE-2017-17568
+CVE-2017-17662
 	RESERVED
-CVE-2017-17567
+CVE-2017-17661
 	RESERVED
+CVE-2017-17660
+	RESERVED
+CVE-2017-17659
+	RESERVED
+CVE-2017-17658
+	RESERVED
+CVE-2017-17657
+	RESERVED
+CVE-2017-17656
+	RESERVED
+CVE-2017-17655
+	RESERVED
+CVE-2017-17654
+	RESERVED
+CVE-2017-17653
+	RESERVED
+CVE-2017-17652
+	RESERVED
+CVE-2017-17651
+	RESERVED
+CVE-2017-17650
+	RESERVED
+CVE-2017-17649
+	RESERVED
+CVE-2017-17648 (Entrepreneur Dating Script 2.0.1 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17647
+	RESERVED
+CVE-2017-17646
+	RESERVED
+CVE-2017-17645
+	RESERVED
+CVE-2017-17644
+	RESERVED
+CVE-2017-17643
+	RESERVED
+CVE-2017-17642 (Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter ...)
+	TODO: check
+CVE-2017-17641 (Resume Clone Script 2.0.5 has SQL Injection via the preview.php id ...)
+	TODO: check
+CVE-2017-17640 (Advanced World Database 2.0.5 has SQL Injection via the city.php ...)
+	TODO: check
+CVE-2017-17639 (Muslim Matrimonial Script 3.02 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17638 (Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php ...)
+	TODO: check
+CVE-2017-17637 (Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val ...)
+	TODO: check
+CVE-2017-17636 (MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid ...)
+	TODO: check
+CVE-2017-17635 (MLM Forex Market Plan Script 2.0.4 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17634 (Single Theater Booking Script 3.2.1 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17633 (Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17632 (Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL ...)
+	TODO: check
+CVE-2017-17631 (Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17630 (Yoga Class Script 1.0 has SQL Injection via the /list city parameter. ...)
+	TODO: check
+CVE-2017-17629 (Secure E-commerce Script 2.0.1 has SQL Injection via the category.php ...)
+	TODO: check
+CVE-2017-17628 (Responsive Realestate Script 3.2 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17627 (Readymade Video Sharing Script 3.2 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17626 (Readymade PHP Classified Script 3.3 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17625 (Professional Service Script 1.0 has SQL Injection via the service-list ...)
+	TODO: check
+CVE-2017-17624 (PHP Multivendor Ecommerce 1.0 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17623 (Opensource Classified Ads Script 3.2 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17622 (Online Exam Test Application Script 1.6 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17621 (Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17620 (Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city ...)
+	TODO: check
+CVE-2017-17619 (Laundry Booking Script 1.0 has SQL Injection via the /list city ...)
+	TODO: check
+CVE-2017-17618 (Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php ...)
+	TODO: check
+CVE-2017-17617 (Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php ...)
+	TODO: check
+CVE-2017-17616 (Event Search Script 1.0 has SQL Injection via the /event-list city ...)
+	TODO: check
+CVE-2017-17615 (Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php ...)
+	TODO: check
+CVE-2017-17614 (Food Order Script 1.0 has SQL Injection via the /list city parameter. ...)
+	TODO: check
+CVE-2017-17613 (Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php ...)
+	TODO: check
+CVE-2017-17612 (Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or ...)
+	TODO: check
+CVE-2017-17611 (Doctor Search Script 1.0 has SQL Injection via the /list city ...)
+	TODO: check
+CVE-2017-17610 (E-commerce MLM Software 1.0 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17609 (Chartered Accountant Booking Script 1.0 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17608 (Child Care Script 1.0 has SQL Injection via the /list city parameter. ...)
+	TODO: check
+CVE-2017-17607 (CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to ...)
+	TODO: check
+CVE-2017-17606 (Co-work Space Search Script 1.0 has SQL Injection via the /list city ...)
+	TODO: check
+CVE-2017-17605 (Consumer Complaints Clone Script 1.0 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17604 (Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17603 (Advanced Real Estate Script 4.0.7 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17602 (Advance B2B Script 2.1.3 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17601 (Cab Booking Script 1.0 has SQL Injection via the /service-list city ...)
+	TODO: check
+CVE-2017-17600 (Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id ...)
+	TODO: check
+CVE-2017-17599 (Advance Online Learning Management Script 3.1 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17598 (Affiliate MLM Script 1.0 has SQL Injection via the product-category.php ...)
+	TODO: check
+CVE-2017-17597 (Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php ...)
+	TODO: check
+CVE-2017-17596 (Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17595 (Beauty Parlour Booking Script 1.0 has SQL Injection via the /list ...)
+	TODO: check
+CVE-2017-17594 (DomainSale PHP Script 1.0 has SQL Injection via the domain.php id ...)
+	TODO: check
+CVE-2017-17593 (Simple Chatting System 1.0 allows Arbitrary File Upload via ...)
+	TODO: check
+CVE-2017-17592 (Website Auction Marketplace 2.0.5 has SQL Injection via the search.php ...)
+	TODO: check
+CVE-2017-17591 (Realestate Crowdfunding Script 2.7.2 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17590 (FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords ...)
+	TODO: check
+CVE-2017-17589 (FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php ...)
+	TODO: check
+CVE-2017-17588 (FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, ...)
+	TODO: check
+CVE-2017-17587 (FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token ...)
+	TODO: check
+CVE-2017-17586 (FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter ...)
+	TODO: check
+CVE-2017-17585 (FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id ...)
+	TODO: check
+CVE-2017-17584 (FS Makemytrip Clone 1.0 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17583 (FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords ...)
+	TODO: check
+CVE-2017-17582 (FS Grubhub Clone 1.0 has SQL Injection via the /food keywords ...)
+	TODO: check
+CVE-2017-17581 (FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid ...)
+	TODO: check
+CVE-2017-17580 (FS Linkedin Clone 1.0 has SQL Injection via the group.php grid ...)
+	TODO: check
+CVE-2017-17579 (FS Freelancer Clone 1.0 has SQL Injection via the profile.php u ...)
+	TODO: check
+CVE-2017-17578 (FS Crowdfunding Script 1.0 has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17577 (FS Trademe Clone 1.0 has SQL Injection via the search_item.php search ...)
+	TODO: check
+CVE-2017-17576 (FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat ...)
+	TODO: check
+CVE-2017-17575 (FS Groupon Clone 1.0 has SQL Injection via the item_details.php id ...)
+	TODO: check
+CVE-2017-17574 (FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or ...)
+	TODO: check
+CVE-2017-17573 (FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, ...)
+	TODO: check
+CVE-2017-17572 (FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari. ...)
+	TODO: check
+CVE-2017-17571 (FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords ...)
+	TODO: check
+CVE-2017-17570 (FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php ...)
+	TODO: check
+CVE-2017-17569 (Scubez Posty Readymade Classifieds has XSS via the ...)
+	TODO: check
+CVE-2017-17568 (Scubez Posty Readymade Classifieds has Incorrect Access Control for ...)
+	TODO: check
+CVE-2017-17567 (Scubez Posty Readymade Classifieds has SQL Injection via the ...)
+	TODO: check
 CVE-2017-17562 (Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is ...)
 	TODO: check
 CVE-2017-17561 (SeaCMS 6.56 allows remote authenticated administrators to execute ...)
@@ -75,8 +267,8 @@
 	NOT-FOR-US: Dolphin Browser for Android
 CVE-2017-17550
 	RESERVED
-CVE-2017-17549
-	RESERVED
+CVE-2017-17549 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler ...)
+	TODO: check
 CVE-2017-17548
 	RESERVED
 CVE-2017-17547
@@ -97,10 +289,10 @@
 	RESERVED
 CVE-2017-17539
 	RESERVED
-CVE-2017-17538
-	RESERVED
-CVE-2017-17537
-	RESERVED
+CVE-2017-17538 (MikroTik v6.40.5 devices allow remote attackers to cause a denial of ...)
+	TODO: check
+CVE-2017-17537 (MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated ...)
+	TODO: check
 CVE-2018-1350
 	RESERVED
 CVE-2018-1349
@@ -777,8 +969,7 @@
 	NOT-FOR-US: Cisco ACE
 	NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
 	NOTE: https://robotattack.org/
-CVE-2017-17427
-	RESERVED
+CVE-2017-17427 (Radware Alteon devices with a firmware version between ...)
 	NOT-FOR-US: Radware
 	NOTE: https://portals.radware.com/getattachment/21be0b7b-fa1c-4cbc-8bd2-c19946aee270/Security-Advisory-Adaptive-chosen-ciphertext-atta/
 	NOTE: https://robotattack.org/
@@ -975,8 +1166,7 @@
 	NOT-FOR-US: ISPConfig
 CVE-2017-17383 (Jenkins through 2.93 allows remote authenticated administrators to ...)
 	- jenkins <removed>
-CVE-2017-17382
-	RESERVED
+CVE-2017-17382 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler ...)
 	NOT-FOR-US: Citrix
 	NOTE: https://support.citrix.com/article/CTX230238
 	NOTE: https://robotattack.org/
@@ -8432,10 +8622,10 @@
 	RESERVED
 CVE-2017-15531
 	RESERVED
-CVE-2017-15530
-	RESERVED
-CVE-2017-15529
-	RESERVED
+CVE-2017-15530 (Prior to 4.4.1.10, the Norton Family Android App can be susceptible to ...)
+	TODO: check
+CVE-2017-15529 (Prior to 4.4.1.10, the Norton Family Android App can be susceptible to ...)
+	TODO: check
 CVE-2017-15528 (Prior to v 7.6, the Install Norton Security (INS) product can be ...)
 	NOT-FOR-US: Install Norton Security
 CVE-2017-15527 (Prior to ITMS 8.1 RU4, the Symantec Management Console can be ...)
@@ -11445,10 +11635,10 @@
 	RESERVED
 CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and version ...)
 	NOT-FOR-US: Atlassian
-CVE-2017-14590
-	RESERVED
-CVE-2017-14589
-	RESERVED
+CVE-2017-14590 (Bamboo did not check that the name of a branch in a Mercurial ...)
+	TODO: check
+CVE-2017-14589 (It was possible for double OGNL evaluation in FreeMarker templates ...)
+	TODO: check
 CVE-2017-14588 (Various resources in Atlassian FishEye and Crucible before version ...)
 	NOT-FOR-US: Atlassian
 CVE-2017-14587 (The administration user deletion resource in Atlassian FishEye and ...)
@@ -12035,8 +12225,8 @@
 	RESERVED
 CVE-2017-14381
 	RESERVED
-CVE-2017-14380
-	RESERVED
+CVE-2017-14380 (In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, ...)
+	TODO: check
 CVE-2017-14379 (EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site ...)
 	NOT-FOR-US: EMC RSA
 CVE-2017-14378 (EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent ...)
@@ -49957,8 +50147,8 @@
 	RESERVED
 CVE-2017-1717
 	RESERVED
-CVE-2017-1716
-	RESERVED
+CVE-2017-1716 (IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose ...)
+	TODO: check
 CVE-2017-1715
 	RESERVED
 CVE-2017-1714
@@ -50119,8 +50309,8 @@
 	RESERVED
 CVE-2017-1636
 	RESERVED
-CVE-2017-1635
-	RESERVED
+CVE-2017-1635 (IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to ...)
+	TODO: check
 CVE-2017-1634
 	RESERVED
 CVE-2017-1633
@@ -50273,8 +50463,8 @@
 	NOT-FOR-US: IBM
 CVE-2017-1559
 	RESERVED
-CVE-2017-1558
-	RESERVED
+CVE-2017-1558 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker ...)
+	TODO: check
 CVE-2017-1557
 	RESERVED
 CVE-2017-1556 (IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular ...)
@@ -50297,8 +50487,8 @@
 	TODO: check
 CVE-2017-1547
 	RESERVED
-CVE-2017-1546
-	RESERVED
+CVE-2017-1546 (IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable ...)
+	TODO: check
 CVE-2017-1545
 	RESERVED
 CVE-2017-1544
@@ -50547,8 +50737,8 @@
 	RESERVED
 CVE-2017-1422 (IBM MaaS360 DTM all versions up to 3.81 does not perform proper ...)
 	NOT-FOR-US: IBM
-CVE-2017-1421
-	RESERVED
+CVE-2017-1421 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability ...)
+	TODO: check
 CVE-2017-1420
 	RESERVED
 CVE-2017-1419

More information about the Secure-testing-commits mailing list