joeyh at alioth.debian.org
2008-Jan-04 09:14 UTC
[Secure-testing-commits] r7817 - data/CVE
Author: joeyh
Date: 2008-01-04 09:14:10 +0000 (Fri, 04 Jan 2008)
New Revision: 7817
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-01-04 08:42:21 UTC (rev 7816)
+++ data/CVE/list 2008-01-04 09:14:10 UTC (rev 7817)
@@ -1,15 +1,271 @@
-CVE-2007-6599 [Race condition in fileserver in OpenAFS]
+CVE-2008-0092 (Cross-site scripting (XSS) vulnerability in index.php in the
search ...)
+ TODO: check
+CVE-2008-0091 (Directory traversal vulnerability in download2.php in AGENCY4NET
...)
+ TODO: check
+CVE-2008-0090 (A certain ActiveX control in npUpload.dll in DivX Player 6.6.0
allows ...)
+ TODO: check
+CVE-2008-0089 (SQL injection vulnerability in uprofile.php in ClipShare allows
remote ...)
+ TODO: check
+CVE-2008-0088
+ RESERVED
+CVE-2008-0087
+ RESERVED
+CVE-2008-0086
+ RESERVED
+CVE-2008-0085
+ RESERVED
+CVE-2008-0084
+ RESERVED
+CVE-2008-0083
+ RESERVED
+CVE-2008-0082
+ RESERVED
+CVE-2008-0081
+ RESERVED
+CVE-2008-0080
+ RESERVED
+CVE-2008-0079
+ RESERVED
+CVE-2008-0078
+ RESERVED
+CVE-2008-0077
+ RESERVED
+CVE-2008-0076
+ RESERVED
+CVE-2008-0075
+ RESERVED
+CVE-2008-0074
+ RESERVED
+CVE-2008-0073
+ RESERVED
+CVE-2008-0072
+ RESERVED
+CVE-2008-0071
+ RESERVED
+CVE-2008-0070
+ RESERVED
+CVE-2008-0069
+ RESERVED
+CVE-2008-0068
+ RESERVED
+CVE-2008-0067
+ RESERVED
+CVE-2008-0066
+ RESERVED
+CVE-2008-0065
+ RESERVED
+CVE-2008-0064
+ RESERVED
+CVE-2008-0063
+ RESERVED
+CVE-2008-0062
+ RESERVED
+CVE-2008-0060
+ RESERVED
+CVE-2008-0059
+ RESERVED
+CVE-2008-0058
+ RESERVED
+CVE-2008-0057
+ RESERVED
+CVE-2008-0056
+ RESERVED
+CVE-2008-0055
+ RESERVED
+CVE-2008-0054
+ RESERVED
+CVE-2008-0053
+ RESERVED
+CVE-2008-0052
+ RESERVED
+CVE-2008-0051
+ RESERVED
+CVE-2008-0050
+ RESERVED
+CVE-2008-0049
+ RESERVED
+CVE-2008-0048
+ RESERVED
+CVE-2008-0047
+ RESERVED
+CVE-2008-0046
+ RESERVED
+CVE-2008-0045
+ RESERVED
+CVE-2008-0044
+ RESERVED
+CVE-2008-0043
+ RESERVED
+CVE-2008-0042
+ RESERVED
+CVE-2008-0041
+ RESERVED
+CVE-2008-0040
+ RESERVED
+CVE-2008-0039
+ RESERVED
+CVE-2008-0038
+ RESERVED
+CVE-2008-0037
+ RESERVED
+CVE-2008-0036
+ RESERVED
+CVE-2008-0035
+ RESERVED
+CVE-2008-0034
+ RESERVED
+CVE-2008-0033
+ RESERVED
+CVE-2008-0032
+ RESERVED
+CVE-2008-0031
+ RESERVED
+CVE-2007-6667 (SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and
earlier ...)
+ TODO: check
+CVE-2007-6666 (SQL injection vulnerability in rss.php in Zenphoto 1.1 through
1.1.3 ...)
+ TODO: check
+CVE-2007-6665 (SQL injection vulnerability in admin/login.asp in Netchemia
oneSCHOOL ...)
+ TODO: check
+CVE-2007-6664 (SQL injection vulnerability in index.php in WebPortal CMS 0.6.0
and ...)
+ TODO: check
+CVE-2007-6663 (SQL injection vulnerability in index.php in the Pragmatic Utopia
PU ...)
+ TODO: check
+CVE-2007-6662 (Directory traversal vulnerability in file.php in CuteNews 2.6
allows ...)
+ TODO: check
+CVE-2007-6661 (2z project 0.9.6.1 allows attackers to change the password
without ...)
+ TODO: check
+CVE-2007-6660 (2z project 0.9.6.1 allows remote attackers to obtain sensitive
...)
+ TODO: check
+CVE-2007-6659 (Multiple cross-site scripting (XSS) vulnerabilities in 2z
project ...)
+ TODO: check
+CVE-2007-6658 (SQL injection vulnerability in admin.php/vars.php in CCMS 3.1
Demo ...)
+ TODO: check
+CVE-2007-6657 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-6656 (SQL injection vulnerability in content_css.php in the TinyMCE
module ...)
+ TODO: check
+CVE-2007-6655 (PHP remote file inclusion vulnerability in includes/function.php
in ...)
+ TODO: check
+CVE-2007-6654 (Buffer overflow in a certain ActiveX control in Macrovision ...)
+ TODO: check
+CVE-2007-6653 (Directory traversal vulnerability in download.php in Mihalism
Multi ...)
+ TODO: check
+CVE-2007-6652 (cpie.php in XCMS 1.83 and earlier sends a redirect to the web
browser ...)
+ TODO: check
+CVE-2007-6651 (Directory traversal vulnerability in wiki/edit.php in Bitweaver
R2 CMS ...)
+ TODO: check
+CVE-2007-6650 (Unrestricted file upload vulnerability in fisheye/upload.php in
...)
+ TODO: check
+CVE-2007-6649 (PHP remote file inclusion vulnerability in includes/tumbnail.php
in ...)
+ TODO: check
+CVE-2007-6648 (Directory traversal vulnerability in index.php in SanyBee
Gallery ...)
+ TODO: check
+CVE-2007-6647 (SQL injection vulnerability in index.php in w-Agora 4.2.1 and
earlier ...)
+ TODO: check
+CVE-2007-6646 (Multiple cross-site scripting (XSS) vulnerabilities in LiveCart
1.0.1 ...)
+ TODO: check
+CVE-2007-6645 (Unspecified vulnerability in Joomla! before 1.5 RC4 allows
remote ...)
+ TODO: check
+CVE-2007-6644 (Joomla! before 1.5 RC4 allows remote authenticated
administrators to ...)
+ TODO: check
+CVE-2007-6643 (Cross-site scripting (XSS) vulnerability in the com_poll
component in ...)
+ TODO: check
+CVE-2007-6642 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Joomla! ...)
+ TODO: check
+CVE-2007-6641 (Cross-site scripting (XSS) vulnerability in dir.php in
milliscripts ...)
+ TODO: check
+CVE-2007-6640 (Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does
not ...)
+ TODO: check
+CVE-2007-6639 (SQL injection vulnerability in index.php in IPTBB 0.5.4 and
earlier ...)
+ TODO: check
+CVE-2007-6638 (March Networks DVR 3204 stores sensitive information under the
web ...)
+ TODO: check
+CVE-2007-6637 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe
Flash ...)
+ TODO: check
+CVE-2007-6636 (Unspecified vulnerability in the StorageFarabDb module in Bitflu
...)
+ TODO: check
+CVE-2007-6635 (FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin
password in ...)
+ TODO: check
+CVE-2007-6634 (Multiple SQL injection vulnerabilities in FAQMasterFlexPlus,
possibly ...)
+ TODO: check
+CVE-2007-6633 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2007-6632 (showCode.php in xml2owl 0.1.1 allows remote attackers to execute
...)
+ TODO: check
+CVE-2007-6631 (Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and
earlier ...)
+ TODO: check
+CVE-2007-6630 (The Url_init function in utils/url.c in Netembryo 0.0.4, when
used by ...)
+ TODO: check
+CVE-2007-6629 (Interpretation conflict in LScube Feng 0.1.15 and earlier allows
...)
+ TODO: check
+CVE-2007-6628 (LScube Feng 0.1.15 and earlier allows remote attackers to cause
a ...)
+ TODO: check
+CVE-2007-6627 (Integer overflow in the RTSP_remove_msg function in
RTSP_lowlevel.c in ...)
+ TODO: check
+CVE-2007-6626 (Multiple buffer overflows in the RTSP_valid_response_msg
function in ...)
+ TODO: check
+CVE-2007-6625 (The Platform Service Process (asampsp) in Fan-Out Driver
Platform ...)
+ TODO: check
+CVE-2007-6624 (Directory traversal vulnerability in printview.php in PNphpBB2
1.2i ...)
+ TODO: check
+CVE-2007-6623 (Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier
might ...)
+ TODO: check
+CVE-2007-6622 (SQL injection vulnerability in security.php in ZeusCMS 0.3 and
earlier ...)
+ TODO: check
+CVE-2007-6621 (Directory traversal vulnerability in joovili.images.php in
Joovili ...)
+ TODO: check
+CVE-2007-6620 (Directory traversal vulnerability in include/images.inc.php in
Joovili ...)
+ TODO: check
+CVE-2007-6619 (The Setup Wizard in Atlassian JIRA Enterprise Edition before
3.12.1 ...)
+ TODO: check
+CVE-2007-6618 (JIRA Enterprise Edition before 3.12.1 allows remote attackers to
...)
+ TODO: check
+CVE-2007-6617 (Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA
...)
+ TODO: check
+CVE-2007-6616 (Cross-site scripting (XSS) vulnerability in simpleforum.cgi in
...)
+ TODO: check
+CVE-2007-6615 (Directory traversal vulnerability in includes/block.php in
Agares ...)
+ TODO: check
+CVE-2007-6614 (PHP remote file inclusion vulnerability in
admin/frontpage_right.php ...)
+ TODO: check
+CVE-2007-6613 (Stack-based buffer overflow in the print_iso9660_recurse
function in ...)
+ TODO: check
+CVE-2007-6610 (unp 1.0.12 does not properly escape file names, which might
allow ...)
+ TODO: check
+CVE-2007-6609 (Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG
function ...)
+ TODO: check
+CVE-2007-6608 (Multiple cross-site scripting (XSS) vulnerabilities in
OpenBiblio ...)
+ TODO: check
+CVE-2007-6607 (OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to
obtain ...)
+ TODO: check
+CVE-2007-6606 (OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to
obtain ...)
+ TODO: check
+CVE-2007-6605 (Buffer overflow in a certain ActiveX control in SkyFexClient.ocx
...)
+ TODO: check
+CVE-2007-6604 (Multiple directory traversal vulnerabilities in index.php in
XCMS 1.82 ...)
+ TODO: check
+CVE-2007-6603 (Hot or Not Clone has insufficient access control for producing
and ...)
+ TODO: check
+CVE-2007-6602 (SQL injection vulnerability in app/models/identity.php in
NoseRub ...)
+ TODO: check
+CVE-2007-6601
+ RESERVED
+CVE-2007-6600
+ RESERVED
+CVE-2007-6597 (Multiple cross-site scripting (XSS) vulnerabilities in IPortalX
before ...)
+ TODO: check
+CVE-2007-6599 (Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and
1.5.0 ...)
- openafs 1.4.6.dfsg1-1 (medium)
NOTE: http://www.openafs.org/security/OPENAFS-SA-2007-003.txt
CVE-2007-XXXX [asterisk AST-2008-001]
- asterisk 1:1.4.17~dfsg-1 (medium; bug #458952)
[etch] - asterisk <not-affected> (Only Asterisk 1.4.x affected)
[sarge] - asterisk <not-affected> (Only Asterisk 1.4.x affected)
-CVE-2007-6595 [multiple insecure file handling vulnerabilities in clamav]
+CVE-2007-6595 (ClamAV 0.92 allows local users to overwrite arbitrary files via
a ...)
- clamav <unfixed> (low; bug #458532)
[etch] - clamav <not-affected> (Minor issue, first issue
doesn''t apply)
[sarge] - clamav <no-dsa> (Security Support has stopped)
-CVE-2007-6596 [scanner bypass via base64 uuencoded archives]
+CVE-2007-6596 (ClamAV 0.92 does not recognize Base64 UUEncoded archives, which
allows ...)
- clamav <unfixed> (low; bug #458532)
[etch] - clamav <no-dsa> (Minor issue)
[sarge] - clamav <no-dsa> (Security Support has stopped)
@@ -81,7 +337,7 @@
NOT-FOR-US: XZero Community Classifieds
CVE-2007-6565 (Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A
Beta ...)
NOT-FOR-US: Blakord Portal
-CVE-2007-6611 [XSS via file upload in mantis]
+CVE-2007-6611 (Cross-site scripting (XSS) vulnerability in view.php in Mantis
before ...)
- mantis 1.0.8-4 (low; bug #458377)
CVE-2007-XXXX [vlc mozilla plugin arbitrary file overwrite vulnerability]
- vlc <unfixed> (high; bug #458318)
@@ -96,12 +352,12 @@
- vlc <unfixed> (low; bug #458318)
CVE-2007-XXXX [vlc insecure handling of vlcopt]
- vlc <unfixed> (medium; bug #458318)
-CVE-2007-6598 [dovecot LDAP auth may authenticate as wrong user]
+CVE-2007-6598 (Dovecot before 1.0.10, with certain configuration options
including ...)
- dovecot 1:1.0.10-1 (low; bug #458315)
[sarge] - dovecot <not-affected> (Vulnerable code not present)
NOTE: http://dovecot.org/list/dovecot-news/2007-December/000057.html
NOTE: low, because issue is only with quite rare configurations
-CVE-2007-6612 [mongrel remote arbitrary file disclosure]
+CVE-2007-6612 (Directory traversal vulnerability in DirHandler ...)
- mongrel 1.1.3-1 (medium)
CVE-2007-6564 (Cross-site scripting (XSS) vulnerability in admin.php in Limbo
CMS ...)
NOT-FOR-US: Limbo CMS
@@ -351,11 +607,11 @@
CVE-2007-6452 (Unspecified vulnerability in the benchmark reporting system in
Google ...)
- gwt <itp> (bug #402841)
CVE-2007-6451 (Unspecified vulnerability in the CIP dissector in Wireshark
(formerly ...)
- {DTSA-104-1}
+ {DSA-1446-1 DTSA-104-1}
- wireshark 0.99.7-1
- ethereal <removed>
CVE-2007-6450 (The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to
0.99.6 ...)
- {DTSA-104-1}
+ {DSA-1446-1 DTSA-104-1}
- wireshark 0.99.7-1
- ethereal <removed>
CVE-2007-6449
@@ -526,7 +782,7 @@
NOTE: under /usr/lib/cups/filters
CVE-2007-6356 (exiftags before 1.01 allows attackers to cause a denial of
service ...)
- exiftags <unfixed> (low; bug #457062)
-CVE-2007-6355 (Unspecified vulnerability in exiftags before 1.01 has unknown
impact ...)
+CVE-2007-6355 (Integer overflow in exiftags before 1.01 has unknown impact and
attack ...)
- exiftags <unfixed> (bug #457062)
CVE-2007-6354 (Unspecified vulnerability in exiftags before 1.01 has unknown
impact ...)
- exiftags <unfixed> (bug #457062)
@@ -656,8 +912,7 @@
RESERVED
CVE-2007-6338 (SQL injection vulnerability in userlogin.jsp in Trivantis
CourseMill ...)
NOT-FOR-US: Trivantis CourseMill Enterprise Learning Management System
-CVE-2007-6337
- RESERVED
+CVE-2007-6337 (Unspecified vulnerability in the bzip2 decompression algorithm
in ...)
{DTSA-101-1}
- clamav 0.92~dfsg-1~volatile2
[sarge] - clamav <not-affected> (Vulnerable code not present)
@@ -1334,7 +1589,7 @@
- wireshark 0.99.7~pre1-1 (medium; bug #452381)
[etch] - wireshark <not-affected> (Vulnerable code not present)
[sarge] - ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-6113 (Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote
...)
+CVE-2007-6113 (Integer signedness error in the DNP3 dissector in Wireshark
(formerly ...)
{DTSA-92-1}
- wireshark 0.99.6pre1-1 (low)
[etch] - wireshark <no-dsa> (Minor issue, exotic dissector, very
intrusive backport)
@@ -3711,6 +3966,7 @@
CVE-2002-2228 (MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote
attackers ...)
- mailscanner 4.22.5-1
CVE-2007-5461 (Absolute path traversal vulnerability in Apache Tomcat 4.0.0
through ...)
+ {DSA-1447-1}
- tomcat5.5 5.5.25-2 (low; bug #448664)
[etch] - tomcat5 <unfixed>
NOTE: see
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705
at apache.org%3E
@@ -3830,6 +4086,7 @@
CVE-2007-5343
RESERVED
CVE-2007-5342 (The default catalina.policy in the JULI logging component in
Apache ...)
+ {DSA-1447-1}
- tomcat5.5 5.5.25-4 (low; bug #458237)
- tomcat5 <not-affected> (Vulnerable code not present)
CVE-2007-5341
@@ -5446,7 +5703,8 @@
NOT-FOR-US: Ragnarok
CVE-2007-4722 (Multiple stack-based buffer overflows in the Quantum Streaming
...)
NOT-FOR-US: Quantum Streaming
-CVE-2007-4721 (Integer signedness error in the DNP3 dissector in Wireshark
0.99.5 and ...)
+CVE-2007-4721
+ REJECTED
NOT-FOR-US: Wireshark dupe, will be rejected
CVE-2007-4720 (Unspecified vulnerability in the Shared Trace Service in Hitachi
...)
NOT-FOR-US: Hitachi
@@ -5669,7 +5927,8 @@
CVE-2007-4631 (The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6
and ...)
- qgit 1.5.5-1.1 (bug #440950; low)
[etch] - qgit <no-dsa> (Minor issue)
-CVE-2008-0061 [maradns DoS]
+CVE-2008-0061 (MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before
...)
+ {DSA-1445-1}
- maradns 1.2.12.08-1
NOTE: http://marc.info/?l=maradns-list&m=118842373527534&w=2
CVE-2007-4630 (Cross-site scripting (XSS) vulnerability in xlaapmview.asp in
Absolute ...)
@@ -8604,9 +8863,11 @@
NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as
fixed
- ipe <not-affected> (Does not include the vulnerable code)
CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager
Servlet ...)
+ {DSA-1447-1}
- tomcat5.5 5.5.25-1
NOTE: patch can be found in
http://ftp.yz.yamagata-u.ac.jp/pub/linux/centos/5/updates/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
CVE-2007-3385 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30,
4.1.0 ...)
+ {DSA-1447-1}
- tomcat5.5 5.5.25-1
- tomcat5 <removed>
NOTE: patch can be found in
http://ftp.yz.yamagata-u.ac.jp/pub/linux/centos/5/updates/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
@@ -8617,6 +8878,7 @@
[sarge] - tomcat4 <no-dsa> (minor issue)
NOTE: affects example app in tomcat4-webapps
CVE-2007-3382 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30,
4.1.0 ...)
+ {DSA-1447-1}
- tomcat5.5 5.5.25-1
- tomcat5 <removed>
NOTE: patch can be found in
http://ftp.yz.yamagata-u.ac.jp/pub/linux/centos/5/updates/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
@@ -21168,7 +21430,7 @@
NOT-FOR-US: HP
CVE-2006-5150 (SQL injection vulnerability in the reports system in OpenBiblio
before ...)
NOT-FOR-US: OpenBiblio
-CVE-2006-5149 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
+CVE-2006-5149 (Multiple directory traversal vulnerabilities in OpenBiblio
before ...)
NOT-FOR-US: OpenBiblio
CVE-2006-5148 (Multiple PHP remote file inclusion vulnerabilities in Forum82
2.5.2b ...)
NOT-FOR-US: Forum82