thr3ads.net - Secure testing commits - [Secure-testing-commits] r8402

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Mar-25 09:14 UTC
[Secure-testing-commits] r8402 - data/CVE

Author: joeyh
Date: 2008-03-25 09:14:14 +0000 (Tue, 25 Mar 2008)
New Revision: 8402

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-03-25 08:32:07 UTC (rev 8401)
+++ data/CVE/list	2008-03-25 09:14:14 UTC (rev 8402)
@@ -1,4 +1,201 @@
-CVE-2008-1476 [Serendipity XSS in trackbacks]
+CVE-2008-1489 (Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c
for VLC ...)
+	TODO: check
+CVE-2008-1488 (Stack-based buffer overflow in apc.c in Alternative PHP Cache
(APC) ...)
+	TODO: check
+CVE-2008-1487 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA
before ...)
+	TODO: check
+CVE-2008-1486 (SQL injection vulnerability in Phorum before 5.2.6 , when
mysql_use_ft ...)
+	TODO: check
+CVE-2008-1485 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and
earlier ...)
+	TODO: check
+CVE-2008-1484 (The password reset feature in PunBB 1.2.16 and earlier uses ...)
+	TODO: check
+CVE-2008-1483 (OpenSSH 4.3p2, and probably other versions, allows local users
to ...)
+	TODO: check
+CVE-2008-1482 (Multiple integer overflows in xine-lib 1.1.11 and earlier allow
remote ...)
+	TODO: check
+CVE-2008-1481 (Cross-site scripting (XSS) vulnerability in index.php in
webSPELL ...)
+	TODO: check
+CVE-2008-1480 (rpc.metad in Sun Solaris 10 allows remote attackers to cause a
denial ...)
+	TODO: check
+CVE-2008-1479 (Cross-site scripting (XSS) vulnerability in index.php in ...)
+	TODO: check
+CVE-2008-1478 (Home FTP Server 1.4.5.89 allows remote attackers to cause a
denial of ...)
+	TODO: check
+CVE-2008-1477 (Multiple cross-site scripting (XSS) vulnerabilities in busca.php
in ...)
+	TODO: check
+CVE-2008-1475 (The xml-rpc server in Roundup 1.4.4 does not check property ...)
+	TODO: check
+CVE-2008-1474 (Multiple unspecified vulnerabilities in Roundup before 1.4.4
have ...)
+	TODO: check
+CVE-2008-1473 (The Altiris Client Service (AClient.exe) in Symantec Altiris
...)
+	TODO: check
+CVE-2008-1472 (Stack-based buffer overflow in the ListCtrl.ocx ActiveX Control
in CA ...)
+	TODO: check
+CVE-2008-1471 (The cpoint.sys driver in Panda Internet Security 2008 and
Antivirus+ ...)
+	TODO: check
+CVE-2008-1470 (Incomplete blacklist vulnerability in IISWebAgentIF.dll in the
WebID ...)
+	TODO: check
+CVE-2008-1469 (Gallarific Free Edition 1.1 does not require authentication for
(1) ...)
+	TODO: check
+CVE-2008-1468 (Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu
...)
+	TODO: check
+CVE-2008-1467 (CenterIM 4.22.3 and earlier allows remote attackers to execute
...)
+	TODO: check
+CVE-2008-1466 (Multiple PHP remote file inclusion vulnerabilities in W-Agora
4.0 ...)
+	TODO: check
+CVE-2008-1465 (SQL injection vulnerability in the Detodas Restaurante ...)
+	TODO: check
+CVE-2008-1464 (Multiple SQL injection vulnerabilities in Gallarific Free
Edition 1.1 ...)
+	TODO: check
+CVE-2008-1463 (Cross-site scripting (XSS) vulnerability in the management GUI
in ...)
+	TODO: check
+CVE-2008-1462 (SQL injection vulnerability in the sections (Section) module in
RunCMS ...)
+	TODO: check
+CVE-2008-1461 (Buffer overflow in XnView 1.92.1 allows user-assisted remote
attackers ...)
+	TODO: check
+CVE-2008-1460 (SQL injection vulnerability in the Joovideo (com_joovideo) 1.0
and ...)
+	TODO: check
+CVE-2008-1459 (SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3
and ...)
+	TODO: check
+CVE-2008-1458 (Cross-site scripting (XSS) vulnerability in index.php in CS-Cart
1.3.2 ...)
+	TODO: check
+CVE-2008-1457
+	RESERVED
+CVE-2008-1456
+	RESERVED
+CVE-2008-1455
+	RESERVED
+CVE-2008-1454
+	RESERVED
+CVE-2008-1453
+	RESERVED
+CVE-2008-1452
+	RESERVED
+CVE-2008-1451
+	RESERVED
+CVE-2008-1450
+	RESERVED
+CVE-2008-1449
+	RESERVED
+CVE-2008-1448
+	RESERVED
+CVE-2008-1447
+	RESERVED
+CVE-2008-1446
+	RESERVED
+CVE-2008-1445
+	RESERVED
+CVE-2008-1444
+	RESERVED
+CVE-2008-1443
+	RESERVED
+CVE-2008-1442
+	RESERVED
+CVE-2008-1441
+	RESERVED
+CVE-2008-1440
+	RESERVED
+CVE-2008-1439
+	RESERVED
+CVE-2008-1438
+	RESERVED
+CVE-2008-1437
+	RESERVED
+CVE-2008-1436
+	RESERVED
+CVE-2008-1435
+	RESERVED
+CVE-2008-1434
+	RESERVED
+CVE-2008-1433
+	RESERVED
+CVE-2008-1432 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in
...)
+	TODO: check
+CVE-2008-1431 (RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a
...)
+	TODO: check
+CVE-2008-1430 (SQL injection vulnerability in links.asp in ASPapp allows remote
...)
+	TODO: check
+CVE-2008-1429 (Secure Internet Live Conferencing (SILC) Server before 1.1.1
allows ...)
+	TODO: check
+CVE-2008-1428 (Multiple cross-site scripting (XSS) vulnerabilities in the
Ubercart ...)
+	TODO: check
+CVE-2008-1427 (SQL injection vulnerability in the Joobi Acajoom (com_acajoom)
1.1.5 ...)
+	TODO: check
+CVE-2008-1426 (SQL injection vulnerability in album.asp in KAPhotoservice
allows ...)
+	TODO: check
+CVE-2008-1425 (SQL injection vulnerability in index.php in the gallery module
in ...)
+	TODO: check
+CVE-2008-1424
+	RESERVED
+CVE-2008-1423
+	RESERVED
+CVE-2008-1422
+	RESERVED
+CVE-2008-1421
+	RESERVED
+CVE-2008-1420
+	RESERVED
+CVE-2008-1419
+	RESERVED
+CVE-2008-1418
+	RESERVED
+CVE-2008-1416 (Multiple PHP remote file inclusion vulnerabilities in PHPauction
GPL ...)
+	TODO: check
+CVE-2008-1415 (Directory traversal vulnerability in index.php in Multiple Time
Sheets ...)
+	TODO: check
+CVE-2008-1414 (Cross-site scripting (XSS) vulnerability in Multiple Time Sheets
(MTS) ...)
+	TODO: check
+CVE-2008-1413 (Cross-site scripting (XSS) vulnerability in search.php in
SNewsCMS Rus ...)
+	TODO: check
+CVE-2008-1412 (Unspecified vulnerability in multiple F-Secure anti-virus
products, ...)
+	TODO: check
+CVE-2008-1411 (The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076
and ...)
+	TODO: check
+CVE-2008-1410 (Directory traversal vulnerability in the PXE Server (pxesrv.exe)
in ...)
+	TODO: check
+CVE-2008-1409 (Multiple directory traversal vulnerabilities in the Default
theme in ...)
+	TODO: check
+CVE-2008-1408 (SQL injection vulnerability in
includes/functions/banners-external.php ...)
+	TODO: check
+CVE-2008-1407 (SQL injection vulnerability in index.php in the WebChat 1.60
module ...)
+	TODO: check
+CVE-2008-1406 (SQL injection vulnerability in annonces-p-f.php in the
MyAnnonces 1.8 ...)
+	TODO: check
+CVE-2008-1405 (PHP remote file inclusion vulnerability in code/display.php in
...)
+	TODO: check
+CVE-2008-1404 (SQL injection vulnerability in index.php in the Viso (Industry
Book) ...)
+	TODO: check
+CVE-2008-1403 (Stack-based buffer overflow in the TFTP server in BootManage
TFTPD ...)
+	TODO: check
+CVE-2008-1402 (MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows
remote ...)
+	TODO: check
+CVE-2008-1401 (Format string vulnerability in the Net Inspector HTTP server
(mghttpd) ...)
+	TODO: check
+CVE-2008-1400 (Directory traversal vulnerability in the Net Inspector HTTP
Server ...)
+	TODO: check
+CVE-2008-1399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2008-1398 (SQL injection vulnerability in online.php in AuraCMS 2.0 through
2.2.1 ...)
+	TODO: check
+CVE-2008-1397 (Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI
R55 ...)
+	TODO: check
+CVE-2008-1396 (Plone CMS 3.x uses invariant data (a client username and a
server ...)
+	TODO: check
+CVE-2008-1395 (Plone CMS does not record users'' authentication states,
and implements ...)
+	TODO: check
+CVE-2008-1394 (Plone CMS before 3 places a base64 encoded form of the username
and ...)
+	TODO: check
+CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a
base64 ...)
+	TODO: check
+CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware
Player ...)
+	TODO: check
+CVE-2007-6711 (Unspecified vulnerability in customer.php in FreeWebshop.org
2.2.5, ...)
+	TODO: check
+CVE-2005-4873 (Multiple stack-based buffer overflows in the phpcups PHP module
for ...)
+	TODO: check
+CVE-2008-1476 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y)
before ...)
+	{DSA-1528-1}
 	- serendipity 1.3-1
 	NOTE:
http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html
 CVE-2008-XXXX [multiple security issues in kses as used in egroupware]
@@ -11,8 +208,7 @@
 	NOTE: http://packages.qa.debian.org/o/otrs2/news/20080320T211729Z.html
 CVE-2008-1391
 	RESERVED
-CVE-2008-1390 [AST-2008-005: HTTP Manager ID is predictable]
-	RESERVED
+CVE-2008-1390 (The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before
...)
 	- asterisk <unfixed> (low)
 	[etch] - asterisk <not-affected> (Only 1.4.x affected)
 	[sarge] - asterisk <not-affected> (Only 1.4.x affected)
@@ -72,14 +268,14 @@
 	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
 CVE-2008-1365 (Stack-based buffer overflow in Trend Micro OfficeScan Corporate
...)
 	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
-CVE-2008-1364
-	RESERVED
-CVE-2008-1363
-	RESERVED
-CVE-2008-1362
-	RESERVED
-CVE-2008-1361
-	RESERVED
+CVE-2008-1364 (Unspecified vulnerability in the DHCP service in VMware
Workstation ...)
+	TODO: check
+CVE-2008-1363 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6,
VMware ...)
+	TODO: check
+CVE-2008-1362 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6,
VMware ...)
+	TODO: check
+CVE-2008-1361 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6,
VMware ...)
+	TODO: check
 CVE-2008-1359 (Cross-site scripting (XSS) vulnerability in Invision Power Board
(IPB ...)
 	NOT-FOR-US: Invision Power Board
 CVE-2008-1358 (Sack-based buffer overflow in the IMAP server in Alt-N
Technologies ...)
@@ -112,14 +308,14 @@
 	NOT-FOR-US: MyioSoft EasyCalendar
 CVE-2008-1344 (Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar
4.0tr ...)
 	NOT-FOR-US: MyioSoft EasyCalendar
-CVE-2008-1343 (Directory traversal vulnerability in pkgadd and pkgrm in SCO
UnixWare ...)
+CVE-2008-1343 (Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in
SCO ...)
 	NOT-FOR-US: SCO Unixware
 CVE-2008-1342 (Multiple cross-site scripting (XSS) vulnerabilities in the
search ...)
 	NOT-FOR-US: Polymita BPM-Suite and CollagePortal
 CVE-2008-1341 (SQL injection vulnerability in SearchResults.aspx in LaGarde
...)
 	NOT-FOR-US: LaGarde StoreFront
-CVE-2008-1340
-	RESERVED
+CVE-2008-1340 (Virtual Machine Communication Interface (VMCI) in VMware
Workstation ...)
+	TODO: check
 CVE-2008-1339
 	RESERVED
 CVE-2008-1338 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793
and ...)
@@ -132,14 +328,12 @@
 	NOT-FOR-US: NetBSD
 CVE-2008-1334 (cgi/b on the BT Home Hub router allows remote attackers to
bypass ...)
 	NOT-FOR-US: BT Home Hub router
-CVE-2008-1333 [AST-2008-004: Format String Vulnerability in Logger and Manager]
-	RESERVED
+CVE-2008-1333 (Format string vulnerability in Asterisk Open Source 1.6.x before
...)
 	{DSA-1525-1}
 	- asterisk 1:1.4.18.1~dfsg-1 (medium)
 	NOTE: Etch''s release is unimportant, since not exploitable, but was
fixed anyway
 	[sarge] - asterisk <not-affected> (Only 1.6.x affected)
-CVE-2008-1332 [AST-2008-003: Unauthenticated calls allowed from SIP channel
driver]
-	RESERVED
+CVE-2008-1332 (Unspecified vulnerability in Asterisk Open Source 1.2.x before
1.2.27, ...)
 	{DSA-1525-1}
 	- asterisk 1:1.4.18.1~dfsg-1 (medium)
 CVE-2008-1331
@@ -215,14 +409,13 @@
 	NOT-FOR-US: EncapsGallery
 CVE-2008-1295 (SQL injection vulnerability in archives.php in Gregory Kokanosky
(aka ...)
 	NOT-FOR-US: phpMyNewsletter
-CVE-2008-1292
-	RESERVED
-CVE-2008-1291
-	RESERVED
-CVE-2008-1290
-	RESERVED
-CVE-2008-1289 [AST-2008-002: Two buffer overflows in RTP Codec Payload
Handling]
-	RESERVED
+CVE-2008-1292 (ViewVC before 1.0.5 provides revision metadata without properly
...)
+	TODO: check
+CVE-2008-1291 (ViewVC before 1.0.5 stores sensitive information under the web
root ...)
+	TODO: check
+CVE-2008-1290 (ViewVC before 1.0.5 includes &quot;all-forbidden&quot;
files within search ...)
+	TODO: check
+CVE-2008-1289 (Multiple buffer overflows in Asterisk Open Source 1.4.x before
...)
 	- asterisk 1:1.4.18.1~dfsg-1 (medium)
 	[etch] - asterisk <not-affected> (Only 1.4.x and above affected)
 	[sarge] - asterisk <not-affected> (Only 1.4.x and above affected)
@@ -236,7 +429,7 @@
 	NOT-FOR-US: Cisco Linksys
 CVE-2008-1360 (Cross-site scripting (XSS) vulnerability in Nagios before 2.11
allows ...)
 	- nagios2 2.11-1 (low)
-CVE-2008-1417 [tmp race in axyl leading to symlink attack]
+CVE-2008-1417 (The prerm script in axyl 2.1.7 allows local users to overwrite
...)
 	- axyl 2.2.0 (low; bug #471227)
 	[sarge] - axyl <not-affected> (Vulnerable code not present)
 	[etch] - axyl <not-affected> (Vulnerable code not present)
@@ -274,7 +467,7 @@
 	NOT-FOR-US: MailEnable
 CVE-2008-1275 (Multiple unspecified vulnerabilities in the SMTP service in
MailEnable ...)
 	NOT-FOR-US: MailEnable
-CVE-2008-1274 (Untrusted search path vulnerability in man in IBM AIX 6.1.0
invokes ...)
+CVE-2008-1274 (Untrusted search path vulnerability in man in IBM AIX 6.1.0
allows ...)
 	NOT-FOR-US: IBM AIX
 CVE-2008-1273 (Multiple cross-site scripting (XSS) vulnerabilities in imageVue
1.7 ...)
 	NOT-FOR-US: imageVue
@@ -422,8 +615,8 @@
 	NOT-FOR-US: Adobe ColdFusion
 CVE-2008-1202 (Cross-site scripting (XSS) vulnerability in the web management
...)
 	NOT-FOR-US: Adobe LiveCycle Workflow
-CVE-2008-1201
-	RESERVED
+CVE-2008-1201 (Multiple unspecified vulnerabilities in FLA file parsing in
Adobe ...)
+	TODO: check
 CVE-2008-1200 (Unspecified vulnerability in Microsoft Access allows remote ...)
 	NOT-FOR-US: Microsoft Access
 CVE-2008-1198 (The default IPSec ifup script in Red Hat Enterprise Linux 3
through 5 ...)
@@ -526,8 +719,8 @@
 	NOT-FOR-US: phpwebscript
 CVE-2008-1161 (Buffer overflow in the Matroska demuxer
(demuxers/demux_matroska.c) in ...)
 	- xine-lib 1.1.10.1-1 (medium)
-CVE-2008-1160
-	RESERVED
+CVE-2008-1160 (ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and
Zebra ...)
+	TODO: check
 CVE-2008-1159
 	RESERVED
 CVE-2008-1158
@@ -905,8 +1098,8 @@
 	RESERVED
 CVE-2008-1013
 	RESERVED
-CVE-2008-1012
-	RESERVED
+CVE-2008-1012 (Unspecified vulnerability in Apple AirPort Extreme Base Station
...)
+	TODO: check
 CVE-2008-1011 (Cross-site scripting (XSS) vulnerability in WebKit, as used in
Apple ...)
 	NOT-FOR-US: Safari (Mac OS X)
 CVE-2008-1010 (Buffer overflow in WebKit, as used in Apple Safari before 3.1,
allows ...)
@@ -1031,8 +1224,8 @@
 	RESERVED
 CVE-2008-0952
 	RESERVED
-CVE-2008-0951
-	RESERVED
+CVE-2008-0951 (Microsoft Windows Vista does not properly enforce the ...)
+	TODO: check
 CVE-2008-0950
 	RESERVED
 CVE-2008-0949 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS)
7.x ...)
@@ -1161,8 +1354,8 @@
 	RESERVED
 CVE-2008-0890 (Red Hat Directory Server 7.1 before SP4 uses insecure
permissions for ...)
 	NOT-FOR-US: Red Hat Directory Server
-CVE-2008-0889
-	RESERVED
+CVE-2008-0889 (Red Hat Directory Server 8.0, when running on Red Hat Enterprise
...)
+	TODO: check
 CVE-2008-0888 (The NEEDBITS macro in the inflate_dynamic function in inflate.c
for ...)
 	{DSA-1522-1}
 	- unzip 5.52-11
@@ -1558,8 +1751,8 @@
 	RESERVED
 CVE-2008-0708
 	RESERVED
-CVE-2008-0707
-	RESERVED
+CVE-2008-0707 (HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on
HP-UX ...)
+	TODO: check
 CVE-2008-0706
 	RESERVED
 CVE-2008-0705
@@ -2844,8 +3037,8 @@
 	RESERVED
 CVE-2008-0165
 	RESERVED
-CVE-2008-0164
-	RESERVED
+CVE-2008-0164 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Plone ...)
+	TODO: check
 CVE-2008-0163 (Linux kernel 2.6, when using vservers, allows local users to
access ...)
 	{DSA-1494-1}
 	- linux-2.6 <unfixed> (high)
@@ -2954,8 +3147,8 @@
 	NOT-FOR-US: McAfee E-Business Server
 CVE-2008-0126
 	RESERVED
-CVE-2008-0125
-	RESERVED
+CVE-2008-0125 (Cross-site scripting (XSS) vulnerability in phpstats.php in
Michael ...)
+	TODO: check
 CVE-2008-0124 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y)
before ...)
 	{DSA-1528-1}
 	- serendipity 1.3~b1-1 (low; bug #469667)
@@ -3088,8 +3281,7 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-0074 (Unspecified vulnerability in Microsoft Internet Information
Services ...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2008-0073 [Array indexing vulnerability in Real SDP parsing]
-	RESERVED
+CVE-2008-0073 (Array index error in the sdpplin_parse function in ...)
 	- xine-lib 1.1.11-1 (medium)
 	NOTE: http://bugs.xine-project.org/show_bug.cgi?id=58
 CVE-2008-0072 (Format string vulnerability in the emf_multipart_encrypted
function in ...)
@@ -3112,12 +3304,10 @@
 	NOT-FOR-US: Winamp
 CVE-2008-0064 (Stack-based buffer overflow in Pierre-emmanuel Gougelet (1)
XnView ...)
 	NOT-FOR-US: XnView, nconvert GFL SDK for Windows
-CVE-2008-0063
-	RESERVED
+CVE-2008-0063 (The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does
not ...)
 	{DSA-1524-1}
 	- krb5 1.6.dfsg.3~beta1-4 (medium)
-CVE-2008-0062
-	RESERVED
+CVE-2008-0062 (KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable
for ...)
 	{DSA-1524-1}
 	- krb5 1.6.dfsg.3~beta1-4 (high)
 CVE-2008-0060 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote
...)
@@ -3146,7 +3336,7 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0048 (Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11
allows ...)
 	NOT-FOR-US: Apple Mac OS X
-CVE-2008-0047 (Heap-based buffer overflow in CUPS in Apple Mac OS X 10.5.2,
when ...)
+CVE-2008-0047 (Heap-based buffer overflow in the cgiCompileSearch function in
CUPS ...)
 	- cupsys 1.3.6-3 (medium; bug #472105)
 	[sarge] - cupsys <not-affected> (Vulnerable code not present)
 CVE-2008-0046 (The Application Firewall in Apple Mac OS X 10.5.2 has an
incorrect ...)
@@ -4200,8 +4390,8 @@
 	RESERVED
 CVE-2007-6255
 	RESERVED
-CVE-2007-6254
-	RESERVED
+CVE-2007-6254 (Stack-based buffer overflow in the SAP Business Objects ...)
+	TODO: check
 CVE-2007-6253 (Multiple buffer overflows in Adobe Form Designer 5.0 and Form
Client ...)
 	NOT-FOR-US: Adobe Form Designer
 CVE-2007-6252 (Multiple stack-based buffer overflows in the Learn2 Corporation
...)
@@ -9178,8 +9368,8 @@
 	NOT-FOR-US: Entrust Entelligence Security Provider
 CVE-2007-4593 (Unspecified vulnerability in vstor2-ws60.sys in VMWare
Workstation 6.0 ...)
 	NOT-FOR-US: VMWare Workstation
-CVE-2007-4592
-	RESERVED
+CVE-2007-4592 (Multiple cross-site scripting (XSS) vulnerabilities in the web
...)
+	TODO: check
 CVE-2007-4591 (vstor-ws60.sys in VMWare Workstation 6.0 allows local users to
cause a ...)
 	NOT-FOR-US: VMWare Workstation
 CVE-2007-4590 (The get_system_info command in Ignite-UX C.7.0 through C.7.3,
and ...)
@@ -18340,6 +18530,7 @@
 	- php4 6:4.4.4-9
 	[etch] - php4 6:4.4.4-8+etch1
 CVE-2007-0908 (The WDDX deserializer in the wddx extension in PHP 5 before
5.2.1 and ...)
+	{DSA-1264-1}
 	- php5 5.2.0-9 (unimportant)
 	[etch] - php5 5.2.0-8+etch1
 	- php4 6:4.4.4-9 (unimportant)
@@ -34613,7 +34804,6 @@
 CVE-2006-0909 (Invision Power Board (IPB) 2.1.4 and earlier allows remote
attackers ...)
 	NOT-FOR-US: Invision Power Board
 CVE-2006-0908 (PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL
...)
-	{DSA-1264-1}
 	NOT-FOR-US: PHP-Nuke
 CVE-2006-0907 (SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2
allows ...)
 	NOT-FOR-US: PHP-Nuke
Secure testing commits - Mar 2008 - r8402 - data/CVE

[Secure-testing-commits] r8402 - data/CVE
