thr3ads.net - Secure testing commits - [Secure-testing-commits] r8732

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-May-08 09:14 UTC
[Secure-testing-commits] r8732 - data/CVE

Author: joeyh
Date: 2008-05-08 09:14:17 +0000 (Thu, 08 May 2008)
New Revision: 8732

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-05-08 09:12:09 UTC (rev 8731)
+++ data/CVE/list	2008-05-08 09:14:17 UTC (rev 8732)
@@ -1,3 +1,140 @@
+CVE-2008-6339
+	REJECTED
+	TODO: check
+CVE-2008-2112 (Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local
and ...)
+	TODO: check
+CVE-2008-2111 (The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and
...)
+	TODO: check
+CVE-2008-2110 (Unrestricted file upload vulnerability in qtofm.php in
QTOFileManager ...)
+	TODO: check
+CVE-2008-2109 (field.c in the libid3tag 0.15.0b library allows
context-dependent ...)
+	TODO: check
+CVE-2008-2108 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before
5.2.5, ...)
+	TODO: check
+CVE-2008-2107 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before
5.2.5, ...)
+	TODO: check
+CVE-2008-2106 (Call of Duty 4 (CoD4) 1.5 and earlier allows remote
authenticated ...)
+	TODO: check
+CVE-2008-2105 (email_in.pl in Bugzilla 2.23.4, and later versions before 3.0,
allows ...)
+	TODO: check
+CVE-2008-2104 (The WebService in Bugzilla before 3.1.3 allows remote
authenticated ...)
+	TODO: check
+CVE-2008-2103 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and
later ...)
+	TODO: check
+CVE-2008-2102
+	RESERVED
+CVE-2008-2101
+	RESERVED
+CVE-2008-2100
+	RESERVED
+CVE-2008-2099
+	RESERVED
+CVE-2008-2098
+	RESERVED
+CVE-2008-2097
+	RESERVED
+CVE-2008-2096 (SQL injection vulnerability in BackLinkSpider allows remote
attackers ...)
+	TODO: check
+CVE-2008-2095 (SQL injection vulnerability in index.php in the FlippingBook
...)
+	TODO: check
+CVE-2008-2094 (SQL injection vulnerability in article.php in the Article module
for ...)
+	TODO: check
+CVE-2008-2093 (SQL injection vulnerability in the Profiler (com_comprofiler)
...)
+	TODO: check
+CVE-2008-2092 (Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to
cause ...)
+	TODO: check
+CVE-2008-2091 (Directory traversal vulnerability in ipn.php in KubeLabs
Kubelance ...)
+	TODO: check
+CVE-2008-2090 (Unspecified vulnerability in the SCTP protocol implementation in
Sun ...)
+	TODO: check
+CVE-2008-2089 (Unspecified vulnerability in the SCTP protocol implementation in
Sun ...)
+	TODO: check
+CVE-2008-2088 (SQL injection vulnerability in admin/news.php in PHP Forge 3.0
beta 2 ...)
+	TODO: check
+CVE-2008-2087 (SQL injection vulnerability in search_result.php in Softbiz Web
Host ...)
+	TODO: check
+CVE-2008-2086
+	RESERVED
+CVE-2008-2084 (SQL injection vulnerability in topics.php in the MyArticles 0.6
beta-1 ...)
+	TODO: check
+CVE-2008-2083 (SQL injection vulnerability in directory.php in Prozilla Hosting
...)
+	TODO: check
+CVE-2008-2082 (Cross-site scripting (XSS) vulnerability in index.php in Siteman
...)
+	TODO: check
+CVE-2008-2081 (Directory traversal vulnerability in index.php in Siteman 2.0.x2
...)
+	TODO: check
+CVE-2008-2080 (Stack-based buffer overflow in the Read32s_64 function in ...)
+	TODO: check
+CVE-2008-2079 (MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before
5.1.24, ...)
+	TODO: check
+CVE-2008-2078 (Robocode before 1.6.0 allows user-assisted remote attackers to
&quot;access ...)
+	TODO: check
+CVE-2008-2077 (Unspecified vulnerability in Plain Black WebGUI 7.4.34 has
unknown ...)
+	TODO: check
+CVE-2008-2076 (Directory traversal vulnerability in admin.php in ActualScripts
...)
+	TODO: check
+CVE-2008-2075 (Cross-site scripting (XSS) vulnerability in pic.php in AstroCam
2.5.0 ...)
+	TODO: check
+CVE-2008-2074 (Multiple PHP remote file inclusion vulnerabilities Harris Yusuf
Arifin ...)
+	TODO: check
+CVE-2008-2073 (Directory traversal vulnerability in include/global.inc.php in
Virtual ...)
+	TODO: check
+CVE-2008-2072 (Cross-site scripting (XSS) vulnerability in index.php in Virtual
...)
+	TODO: check
+CVE-2008-2071
+	RESERVED
+CVE-2008-2070
+	RESERVED
+CVE-2008-2069 (Buffer overflow in Novell GroupWise 7 allows remote attackers to
cause ...)
+	TODO: check
+CVE-2008-2068 (Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows
...)
+	TODO: check
+CVE-2008-2067 (SQL injection vulnerability in bb_admin.php in miniBB 2.2a
allows ...)
+	TODO: check
+CVE-2008-2066 (Cross-site scripting (XSS) vulnerability in bb_admin.php in
miniBB ...)
+	TODO: check
+CVE-2008-2065 (SQL injection vulnerability in jokes.php in YourFreeWorld Jokes
Site ...)
+	TODO: check
+CVE-2008-2064 (Multiple unspecified vulnerabilities in PhpGedView before 4.1.5
have ...)
+	TODO: check
+CVE-2008-2063 (SQL injection vulnerability in browse.videos.php in Joovili 3.1
allows ...)
+	TODO: check
+CVE-2008-2062
+	RESERVED
+CVE-2008-2061
+	RESERVED
+CVE-2008-2060
+	RESERVED
+CVE-2008-2059
+	RESERVED
+CVE-2008-2058
+	RESERVED
+CVE-2008-2057
+	RESERVED
+CVE-2008-2056
+	RESERVED
+CVE-2008-2055
+	RESERVED
+CVE-2008-2054
+	RESERVED
+CVE-2008-2053
+	RESERVED
+CVE-2008-2052 (Open redirect vulnerability in redirect.php in Bitrix Site
Manager 6.5 ...)
+	TODO: check
+CVE-2008-2049 (The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10
allows ...)
+	TODO: check
+CVE-2008-2048 (Cross-site scripting (XSS) vulnerability in
hpz/admin/Default.asp in ...)
+	TODO: check
+CVE-2008-2047 (Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow
...)
+	TODO: check
+CVE-2008-2046 (Cross-site scripting (XSS) vulnerability in index.php in
Softpedia ...)
+	TODO: check
+CVE-2008-2045 (Absolute path traversal vulnerability in SugarCRM Sugar
Community ...)
+	TODO: check
+CVE-2008-2044 (includes/library.php in netOffice Dwins 1.3 p2 compares the ...)
+	TODO: check
+CVE-2008-2043 (Multiple cross-site request forgery (CSRF) vulnerabilities in
cPanel, ...)
+	TODO: check
 CVE-2008-XXXX [php suboptimal seeding]
 	- php5 <unfixed> (low)
 	- php4 <unfixed> (low)	
@@ -4,17 +141,18 @@
 	NOTE: http://www.sektioneins.de/advisories/SE-2008-02.txt
 	NOTE: I don''t believe we need to address this, likely no-dsa, but
needs further checking
 CVE-2008-2085 [stack-based buffer overflow in get_remote_ip_media and
get_remote_ipv6_media function]
+	RESERVED
 	- sip-tester 2.0.1-1.2 (medium; bug #479039)
-CVE-2008-2051 [incomplete multibyte chars inside escapeshellcmd]
+CVE-2008-2051 (The escapeshellcmd API function in PHP before 5.2.6 has unknown
impact ...)
 	- php5 5.2.6-1
 	NOTE: http://www.php.net/ChangeLog-5.php
 	NOTE: http://www.sektioneins.de/advisories/SE-2008-03.txt
-CVE-2008-2050 [possible stack buffer overflow in the FastCGI SAPI]
+CVE-2008-2050 (Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in
PHP ...)
 	- php5 5.2.6-1
 	NOTE: php4 not affected, the vulnerable code isn''t present
 	NOTE: http://www.php.net/ChangeLog-5.php
-CVE-2008-2042
-	RESERVED
+CVE-2008-2042 (The Javascript API in Adobe Acrobat Professional 7.0.9 and
possibly ...)
+	TODO: check
 CVE-2008-2039
 	RESERVED
 CVE-2008-2038 (Multiple SQL injection vulnerabilities in admin/adminindex.php
in ...)
@@ -27,7 +165,8 @@
 	NOT-FOR-US: Bluemoon
 CVE-2008-2034 (SQL injection vulnerability in wp-download_monitor/download.php
in the ...)
 	NOT-FOR-US: wordpress Download Monitor 2.0.6 plugin
-CVE-2008-2033 (Multiple unspecified vulnerabilities in ZoneMinder before 1.23.3
allow ...)
+CVE-2008-2033
+	REJECTED
 	- zoneminder 1.23.3-1 (medium; bug #479034)
 	NOTE: dup of CVE-2008-1381
 CVE-2008-2032 (The FTP service in Acritum Femitter Server 1.03 allows remote
...)
@@ -85,8 +224,8 @@
 	RESERVED
 CVE-2008-2006
 	RESERVED
-CVE-2008-2005
-	RESERVED
+CVE-2008-2005 (The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink
before ...)
+	TODO: check
 CVE-2008-2004
 	RESERVED
 CVE-2008-2003 (BadBlue 2.72 Personal Edition stores multiple programs in the
web ...)
@@ -796,7 +935,7 @@
 	NOTE: This is more a generic bug and not a security issue: the random output
would
 	NOTE: need to match the name of an existing macro
 CVE-2008-1686 (Array index vulnerability in Speex 1.1.12 and earlier, as used
in ...)
-	{DTSA-127-1 DTSA-128-1}
+	{DTSA-127-1 DTSA-128-1 DTSA-129-1}
 	- speex 1.2~beta2-1 (medium)
 	- libfishsound 0.7.0-2.2 (medium; bug #475152)
 	- xine-lib 1.1.12-1 (medium)
@@ -823,8 +962,8 @@
 	RESERVED
 CVE-2008-1676
 	RESERVED
-CVE-2008-1675
-	RESERVED
+CVE-2008-1675 (The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in
Linux ...)
+	TODO: check
 CVE-2008-1674
 	RESERVED
 CVE-2008-1673
@@ -837,8 +976,8 @@
 CVE-2008-1670 (Heap-based buffer overflow in the progressive PNG Image loader
...)
 	- kdelibs <not-affected> (Vulnerable code introduce in kde 4.0)
 	- kde4libs 4:4.0.72-1 (bug #478283)
-CVE-2008-1669
-	RESERVED
+CVE-2008-1669 (Linux kernel before 2.6.25.2 does not apply a certain protection
...)
+	TODO: check
 CVE-2008-1668
 	RESERVED
 CVE-2008-1667
@@ -857,8 +996,8 @@
 	RESERVED
 CVE-2008-1660
 	RESERVED
-CVE-2008-1659
-	RESERVED
+CVE-2008-1659 (Unspecified vulnerability in HP LDAP-UX vB.04.10 through
vB.04.15 ...)
+	TODO: check
 CVE-2008-1658 (Format string vulnerability in the grant helper ...)
 	- policykit 0.8-1 (medium; bug #476615; bug #476616)
 CVE-2008-1657 (OpenSSH before 4.9 allows remote authenticated users to bypass
the ...)
@@ -950,8 +1089,8 @@
 	NOT-FOR-US: WorkSite Web
 CVE-2008-1616
 	RESERVED
-CVE-2008-1615
-	RESERVED
+CVE-2008-1615 (Linux kernel 2.6.18, and possibly other versions, when running
on ...)
+	TODO: check
 CVE-2008-1614 (suPHP before 0.6.3 allows local users to gain privileges via (1)
a ...)
 	{DSA-1550-1 DTSA-124-1}
 	- suphp <unfixed> (low; bug #475431)
@@ -1480,8 +1619,7 @@
 	- libpng 1.2.26-1 (low; bug #476669)
 	NOTE: 1.2.26-1 contains a patch to fix that
 	[etch] - libpng <no-dsa> (Minor issue, rare function)
-CVE-2008-1381 [arbitrary command execution via unescaped shell meta characters]
-	RESERVED
+CVE-2008-1381 (ZoneMinder before 1.23.3 allows remote authenticated users, and
...)
 	- zoneminder 1.23.3-1 (medium; bug #479034)
 	NOTE: http://www.awe.com/mark/blog/200804272230.html
 CVE-2008-1380 (The JavaScript engine in Mozilla Firefox before 2.0.0.14,
Thunderbird ...)
@@ -1498,8 +1636,7 @@
 	RESERVED
 CVE-2008-1376
 	RESERVED
-CVE-2008-1375
-	RESERVED
+CVE-2008-1375 (Race condition in the directory notification subsystem (dnotify)
in ...)
 	{DSA-1565-1}
 	- linux-2.6 <unfixed>
 CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat Enterprise
Linux ...)
@@ -1696,9 +1833,9 @@
 	- axyl 2.2.0 (low; bug #471227)
 	[sarge] - axyl <not-affected> (Vulnerable code not present)
 	[etch] - axyl <not-affected> (Vulnerable code not present)
-CVE-2008-1294 [setrlimit(RLIMIT_CPUINFO) with zero value doesn''t
inherit properly across children]
-	RESERVED
+CVE-2008-1294 (Linux kernel 2.6.17, and other versions before 2.6.22, does not
check ...)
 	{DSA-1565-1}
+	TODO: check
 CVE-2008-1318 (Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows
...)
 	- mediawiki 1:1.11.2-1
 	[etch] - mediawiki <not-affected> (Versions prior to 1.11 do not include
callback feature)
@@ -2106,7 +2243,7 @@
 	[sarge] - dovecot <not-affected> (Vulnerable code not present)
 	NOTE: exploitable through code introduced in 1.0.11
 	NOTE: http://www.dovecot.org/list/dovecot-news/2008-March/000064.html
-CVE-2008-1293 (ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 pass the
-ac ...)
+CVE-2008-1293 (ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes
the -ac ...)
 	{DSA-1561-1 DTSA-118-1}
 	- ldm 2:0.1~bzr20080308-1 (bug #469462)
 	- ltsp 5.0.40~bzr20071229-1
@@ -3281,8 +3418,7 @@
 CVE-2008-0600 (The vmsplice_to_pipe function in Linux kernel 2.6.17 through
2.6.24.1 ...)
 	{DSA-1494-1 DTSA-113-1}
 	- linux-2.6 2.6.24-4 (high)
-CVE-2008-0599 [unknown PHP issue]
-	RESERVED
+CVE-2008-0599 (cgi_main.c in PHP before 5.2.6 does not properly calculate the
length ...)
 	- php5 5.2.6-1
 	NOTE: http://www.php.net/releases/5_2_6.php
 	TODO: get details, check php4 affectedness
@@ -5510,8 +5646,8 @@
 	NOTE: maybe this should be unimportant as applications using net-dns should
handle this croak
 CVE-2007-6340 (Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4
stream ...)
 	NOT-FOR-US: Geert Moernaut LSrunasE and Supercrypt
-CVE-2007-6339
-	RESERVED
+CVE-2007-6339 (The Akamai Download Manager (aka DLM or dlmanager) ActiveX
control ...)
+	TODO: check
 CVE-2007-6338 (SQL injection vulnerability in userlogin.jsp in Trivantis
CourseMill ...)
 	NOT-FOR-US: Trivantis CourseMill Enterprise Learning Management System
 CVE-2007-6337 (Unspecified vulnerability in the bzip2 decompression algorithm
in ...)
@@ -5634,8 +5770,8 @@
 	- libxml 1.8.17-14.1 (medium)
 CVE-2007-6283 (Red Hat Enterprise Linux 5 and Fedora install the Bind
/etc/rndc.key ...)
 	- bind9 <not-affected> (On Debian this file is rw for user bind and just
readable for group bind)
-CVE-2007-6282
-	RESERVED
+CVE-2007-6282 (The IPsec implementation in Linux kernel before 2.6.25 allows
remote ...)
+	TODO: check
 CVE-2007-6281 (Heap-based buffer overflow in Open File Manager service
(ofmnt.exe) in ...)
 	NOT-FOR-US: St. Bernard Open File Manager
 CVE-2007-6304 (The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before
...)
@@ -8236,8 +8372,8 @@
 	NOTE: kernel-sec is already tracking this
 CVE-2007-5499
 	REJECTED
-CVE-2007-5498
-	RESERVED
+CVE-2007-5498 (The Xen hypervisor block backend driver for Linux kernel 2.6.18,
when ...)
+	TODO: check
 CVE-2007-5497 (Multiple integer overflows in libext2fs in e2fsprogs before
1.40.3 ...)
 	{DSA-1422-1 DTSA-95-1}
 	- e2fsprogs 1.40.3-1 (bug #454760)
@@ -9713,7 +9849,7 @@
 	NOT-FOR-US: CA ARCserve Backup
 CVE-2007-5002
 	RESERVED
-CVE-2007-5001 [kernel panic related to asynchronous io]
+CVE-2007-5001 (Linux kernel before 2.4.21 allows local users to cause a denial
of ...)
 	- linux-2.6 <not-affected> (RedHat/RHEL3 specific patch only)
 CVE-2007-5000 (Cross-site scripting (XSS) vulnerability in the (1) mod_imap
module in ...)
 	[sarge] - apache2 <no-dsa> (minor issue)
@@ -18328,7 +18464,7 @@
 	NOT-FOR-US: JobSitePro
 CVE-2007-1427 (Directory traversal vulnerability in download_pdf.php in
AssetMan 2.4a ...)
 	NOT-FOR-US: AssetMan
-CVE-2007-1426 (AstroCam before 2.6.6 allows remote attackers to cause a denial
of ...)
+CVE-2007-1426 (The web interface in AstroCam 2.0.0 through 2.6.5 allows remote
...)
 	NOT-FOR-US: AstroCam
 CVE-2007-1425 (SQL injection vulnerability in index.php in Triexa SonicMailer
Pro ...)
 	NOT-FOR-US: SonicMailer Pro
@@ -46837,7 +46973,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2002-1875 (Entercept Agent 2.5 agent for Windows, released before May 21,
2002, ...)
 	NOT-FOR-US: Entercept Agent
-CVE-2002-1874 (astrocam.cgi in AstroCam 1.7.1 through 2.1.2 allows remote
attackers ...)
+CVE-2002-1874 (astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote
attackers ...)
 	NOT-FOR-US: Astrocam
 CVE-2002-1873 (Microsoft Exchange 2000, when used with Microsoft Remote
Procedure ...)
 	NOT-FOR-US: Microsoft
Secure testing commits - May 2008 - r8732 - data/CVE

[Secure-testing-commits] r8732 - data/CVE
