thr3ads.net - Secure testing commits - [Secure-testing-commits] r7859

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Jan-09 09:14 UTC
[Secure-testing-commits] r7859 - data/CVE

Author: joeyh
Date: 2008-01-09 09:14:11 +0000 (Wed, 09 Jan 2008)
New Revision: 7859

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-01-08 22:55:46 UTC (rev 7858)
+++ data/CVE/list	2008-01-09 09:14:11 UTC (rev 7859)
@@ -1,3 +1,155 @@
+CVE-2008-0159 (SQL injection vulnerability in index.php in eggBlog 3.1.0 and
earlier ...)
+	TODO: check
+CVE-2008-0158 (Directory traversal vulnerability in index.php in Shop-Script
2.0 and ...)
+	TODO: check
+CVE-2008-0157 (SQL injection vulnerability in FlexBB 0.6.3 and earlier allows
remote ...)
+	TODO: check
+CVE-2008-0156 (Absolute path traversal vulnerability in index.php in Million
Dollar ...)
+	TODO: check
+CVE-2008-0155 (Cross-site scripting (XSS) vulnerability in index.php in
EvilBoard ...)
+	TODO: check
+CVE-2008-0154 (SQL injection vulnerability in index.php in EvilBoard 0.1a
(Alpha) ...)
+	TODO: check
+CVE-2008-0153 (telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote
attackers ...)
+	TODO: check
+CVE-2008-0152 (SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and
earlier ...)
+	TODO: check
+CVE-2008-0151 (Foxit WAC Server 2.1.0.910 and earlier allows remote attackers
to ...)
+	TODO: check
+CVE-2008-0150 (Unspecified vulnerability in the LDAP authentication feature in
Aruba ...)
+	TODO: check
+CVE-2008-0149 (TUTOS 1.3 allows remote attackers to read system information via
a ...)
+	TODO: check
+CVE-2008-0148 (TUTOS 1.3 does not restrict access to php/admin/cmd.php, which
allows ...)
+	TODO: check
+CVE-2008-0147 (SQL injection vulnerability in index.php in SmallNuke 2.0.4 and
...)
+	TODO: check
+CVE-2008-0146 (Cross-site scripting (XSS) vulnerability in the error page in
W3-mSQL ...)
+	TODO: check
+CVE-2008-0145 (Unspecified vulnerability in glob in PHP before 4.4.8, when ...)
+	TODO: check
+CVE-2008-0144 (PHP remote file inclusion vulnerability in index.php in NetRisk
1.9.7 ...)
+	TODO: check
+CVE-2008-0143 (PHP remote file inclusion vulnerability in common/db.php in
samPHPweb, ...)
+	TODO: check
+CVE-2008-0142 (Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta
allow ...)
+	TODO: check
+CVE-2008-0141 (actions.php in WebPortal CMS 0.6-beta generates predictable
passwords ...)
+	TODO: check
+CVE-2008-0140 (Directory traversal vulnerability in error.php in Uebimiau
Webmail ...)
+	TODO: check
+CVE-2008-0139 (Eval injection vulnerability in loudblog/inc/parse_old.php in
Loudblog ...)
+	TODO: check
+CVE-2008-0138 (PHP remote file inclusion vulnerability in
xoopsgallery/init_basic.php ...)
+	TODO: check
+CVE-2008-0137 (PHP remote file inclusion vulnerability in config.inc.php in
SNETWORKS ...)
+	TODO: check
+CVE-2008-0136 (Snitz Forums 2000 3.4.05 allows remote attackers to obtain
sensitive ...)
+	TODO: check
+CVE-2008-0135 (Snitz Forums 2000 3.4.06 and earlier stores sensitive
information ...)
+	TODO: check
+CVE-2008-0134 (Cross-site scripting (XSS) vulnerability in Forums/setup.asp in
Snitz ...)
+	TODO: check
+CVE-2008-0133 (Multiple SQL injection vulnerabilities in Tribisur 2.1 and
earlier ...)
+	TODO: check
+CVE-2008-0132 (Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles
long ...)
+	TODO: check
+CVE-2008-0131 (Cross-site scripting (XSS) vulnerability in login_form.asp in
Instant ...)
+	TODO: check
+CVE-2008-0130 (SQL injection vulnerability in login_form.asp in Instant
Softwares ...)
+	TODO: check
+CVE-2008-0129 (SQL injection vulnerability in starnet/addons/slideshow_full.php
in ...)
+	TODO: check
+CVE-2008-0128
+	RESERVED
+CVE-2008-0127
+	RESERVED
+CVE-2008-0126
+	RESERVED
+CVE-2008-0125
+	RESERVED
+CVE-2008-0124
+	RESERVED
+CVE-2008-0123
+	RESERVED
+CVE-2008-0122
+	RESERVED
+CVE-2008-0121
+	RESERVED
+CVE-2008-0120
+	RESERVED
+CVE-2008-0119
+	RESERVED
+CVE-2008-0118
+	RESERVED
+CVE-2008-0117
+	RESERVED
+CVE-2008-0116
+	RESERVED
+CVE-2008-0115
+	RESERVED
+CVE-2008-0114
+	RESERVED
+CVE-2008-0113
+	RESERVED
+CVE-2008-0112
+	RESERVED
+CVE-2008-0111
+	RESERVED
+CVE-2008-0110
+	RESERVED
+CVE-2008-0109
+	RESERVED
+CVE-2008-0108
+	RESERVED
+CVE-2008-0107
+	RESERVED
+CVE-2008-0106
+	RESERVED
+CVE-2008-0105
+	RESERVED
+CVE-2008-0104
+	RESERVED
+CVE-2008-0103
+	RESERVED
+CVE-2008-0102
+	RESERVED
+CVE-2008-0101 (Format string vulnerability in the swDebugf function in
DuneApp.cpp in ...)
+	TODO: check
+CVE-2008-0100 (Stack-based buffer overflow in the Scene::errorf function in
Scene.cpp ...)
+	TODO: check
+CVE-2008-0099 (Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and
earlier ...)
+	TODO: check
+CVE-2008-0098 (Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote
...)
+	TODO: check
+CVE-2008-0097 (Format string vulnerability in the log function in Georgia
SoftWorks ...)
+	TODO: check
+CVE-2008-0096 (Multiple buffer overflows in Georgia SoftWorks SSH2 Server
(GSW_SSHD) ...)
+	TODO: check
+CVE-2008-0095 (The SIP channel driver in Asterisk Open Source 1.4.x before
1.4.17, ...)
+	TODO: check
+CVE-2008-0094 (Multiple directory traversal vulnerabilities in MODx Content
...)
+	TODO: check
+CVE-2008-0093 (Multiple cross-site scripting (XSS) vulnerabilities in
newticket.php ...)
+	TODO: check
+CVE-2007-6676 (The default configuration of Uber Uploader (UU) 5.3.6 and
earlier does ...)
+	TODO: check
+CVE-2007-6675 (The b_system_comments_show function in ...)
+	TODO: check
+CVE-2007-6674 (Cross-site scripting (XSS) vulnerability in Default.asp in
RapidShare ...)
+	TODO: check
+CVE-2007-6673 (Cross-site scripting (XSS) vulnerability in Makale Scripti
allows ...)
+	TODO: check
+CVE-2007-6672 (Directory traversal vulnerability in Mortbay Jetty 6.1.5 and
6.1.6 ...)
+	TODO: check
+CVE-2007-6671 (SQL injection vulnerability in login_form.asp in Instant
Softwares ...)
+	TODO: check
+CVE-2007-6670 (SQL injection vulnerability in search.php in PHCDownload 1.1.0
allows ...)
+	TODO: check
+CVE-2007-6669 (Cross-site scripting (XSS) vulnerability in search.php in
PHCDownload ...)
+	TODO: check
+CVE-2007-6668 (admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not
...)
+	TODO: check
 CVE-2008-XXXX [splitvt fails to drop group utmp priviledges]
 	- splitvt 1.6.6-4
 CVE-2008-XXXX [whitedune buffer overflow]
@@ -134,7 +286,7 @@
 	NOT-FOR-US: Netchemia
 CVE-2007-6664 (SQL injection vulnerability in index.php in WebPortal CMS 0.6.0
and ...)
 	NOT-FOR-US: WebPortal
-CVE-2007-6663 (SQL injection vulnerability in index.php in the Pragmatic Utopia
PU ...)
+CVE-2007-6663 (SQL injection vulnerability in (1) Puarcade.php and (2) ...)
 	NOT-FOR-US: Pragmatic Utopia PU Arcade
 CVE-2007-6662 (Directory traversal vulnerability in file.php in CuteNews 2.6
allows ...)
 	NOT-FOR-US: CuteNews
@@ -144,7 +296,7 @@
 	NOT-FOR-US: 2z project
 CVE-2007-6659 (Multiple cross-site scripting (XSS) vulnerabilities in 2z
project ...)
 	NOT-FOR-US: 2z project
-CVE-2007-6658 (SQL injection vulnerability in admin.php/vars.php in CCMS 3.1
Demo ...)
+CVE-2007-6658 (SQL injection vulnerability in admin.php/vars.php in CustomCMS
(CCMS) ...)
 	NOT-FOR-US: CCMS
 CVE-2007-6657 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Mihalism
@@ -240,7 +392,7 @@
 CVE-2007-6613 (Stack-based buffer overflow in the print_iso9660_recurse
function in ...)
 	- libcdio 0.78.2+dfsg1-2 (low; bug #459129)
 	NOTE: applications that use libcdio are not vulnerable, problem only lies in
the info tool
-CVE-2007-6610 (unp 1.0.12 does not properly escape file names, which might
allow ...)
+CVE-2007-6610 (unp 1.0.12, and other versions before 1.0.14, does not properly
escape ...)
 	- unp 1.0.13 (bug #448437)
 CVE-2007-6609 (Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG
function ...)
 	NOT-FOR-US: CoolPlayer
@@ -403,7 +555,7 @@
 	NOT-FOR-US: TeamCal
 CVE-2007-6552 (Directory traversal vulnerability in index.php in AuraCMS 2.2
allows ...)
 	NOT-FOR-US: AuraCMS
-CVE-2007-6551 (SQL injection vulnerability in showMsg.php in MailMachine Pro
2.2.4 ...)
+CVE-2007-6551 (SQL injection vulnerability in showMsg.php in MailMachine Pro
2.2.4, ...)
 	NOT-FOR-US: MailMachine
 CVE-2007-6550 (form.php in PMOS Help Desk 2.4 and earlier sends a redirect to
the web ...)
 	NOT-FOR-US: PMOS Help Desk
@@ -707,13 +859,11 @@
 	NOT-FOR-US: Fonality Trixbox
 CVE-2007-6423
 	RESERVED
-CVE-2007-6422 [apache 2.2 mod_proxy_balancer balancer manager DoS]
-	RESERVED
+CVE-2007-6422 (Unspecified vulnerability in mod_proxy_balancer in the Apache
HTTP ...)
 	- apache2 <unfixed> (low)
 	[etch] - apache2 <no-dsa> (minor issue)
 	[sarge] - apache2 <not-affected> (vulnerable code introduced later)
-CVE-2007-6421 [apache 2.2 mod_proxy_balancer balancer manager XSS]
-	RESERVED
+CVE-2007-6421 (Cross-site scripting (XSS) vulnerability in mod_proxy_balancer
in the ...)
 	- apache2 <unfixed> (low)
 	[etch] - apache2 <no-dsa> (minor issue)
 	[sarge] - apache2 <not-affected> (vulnerable code introduced later)
@@ -783,8 +933,7 @@
 CVE-2007-6389 (The notify feature in GNOME screensaver (gnome-screensaver)
2.20.0 ...)
 	- gnome-screensaver <unfixed> (low; bug #455484)
 	[etch] - gnome-screensaver <no-dsa> (Minor issue)
-CVE-2007-6388 [apache mod_status XSS via refresh parameter]
-	RESERVED
+CVE-2007-6388 (Cross-site scripting (XSS) vulnerability in mod_status in the
Apache ...)
 	- apache <unfixed> (low)
 	- apache2 <unfixed> (low)
 CVE-2007-6358 (pdftops.pl before 1.20 in alternate pdftops filter allows local
users ...)
@@ -1224,8 +1373,8 @@
 	RESERVED
 CVE-2008-0004
 	RESERVED
-CVE-2008-0003
-	RESERVED
+CVE-2008-0003 (Stack-based buffer overflow in the
PAMBasicAuthenticator::PAMCallback ...)
+	TODO: check
 CVE-2008-0002
 	RESERVED
 CVE-2008-0001
@@ -1835,8 +1984,8 @@
 CVE-2007-5966 (Integer overflow in the hrtimer_start function in
kernel/hrtimer.c in ...)
 	{DSA-1436-1}
 	- linux-2.6 2.6.23-2
-CVE-2007-5965
-	RESERVED
+CVE-2007-5965 (QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly
...)
+	TODO: check
 CVE-2007-5964 (The default configuration of autofs 5 in Red Hat Enterprise
Linux ...)
 	- autofs 3.1.4-8 (medium)
 	- autofs5 <unfixed>
@@ -2369,8 +2518,8 @@
 	RESERVED
 CVE-2007-5762
 	RESERVED
-CVE-2007-5761
-	RESERVED
+CVE-2007-5761 (The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build
1011 ...)
+	TODO: check
 CVE-2007-5760
 	RESERVED
 CVE-2007-5759
@@ -2903,8 +3052,8 @@
 	NOT-FOR-US: Novell Client
 CVE-2007-5666
 	RESERVED
-CVE-2007-5665
-	RESERVED
+CVE-2007-5665 (STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security
Management ...)
+	TODO: check
 CVE-2007-5664
 	RESERVED
 CVE-2007-5663
@@ -4074,8 +4223,8 @@
 	NOT-FOR-US: Joomla! and mambo extension
 CVE-2007-5361 (The Communication Server in Alcatel-Lucent OmniPCX Enterprise
7.1 and ...)
 	NOT-FOR-US: Alcatel-Lucent OmniPCX Enterprise
-CVE-2007-5360
-	RESERVED
+CVE-2007-5360 (Buffer overflow in OpenPegasus Management server, as used in
VMWare ...)
+	TODO: check
 CVE-2007-5359
 	RESERVED
 CVE-2007-5358 (Multiple buffer overflows in the voicemail functionality in
Asterisk ...)
@@ -4092,8 +4241,8 @@
 	RESERVED
 CVE-2007-5353
 	RESERVED
-CVE-2007-5352
-	RESERVED
+CVE-2007-5352 (Unspecified vulnerability in Local Security Authority Subsystem
...)
+	TODO: check
 CVE-2007-5351 (Unspecified vulnerability in Server Message Block Version 2
(SMBv2) ...)
 	NOT-FOR-US: Microsoft Vista
 CVE-2007-5350 (Unspecified vulnerability in the Windows Advanced Local
Procedure Call ...)
@@ -4614,7 +4763,7 @@
 	NOT-FOR-US: rMake
 CVE-2007-5192
 	RESERVED
-CVE-2007-5191 (mount and umount in util-linux call the setuid and setgid
functions in ...)
+CVE-2007-5191 (mount and umount in util-linux and loop-aes-utils call the
setuid and ...)
 	{DSA-1450-1 DSA-1449-1 DTSA-64-1 DTSA-70-1}
 	- util-linux 2.13-8 (low)
 	- loop-aes-utils 2.13-2 (low)
@@ -5890,7 +6039,7 @@
 	{DSA-1444-1 DTSA-61-1}
 	- php5 5.2.4-1
 	NOTE: fixed in php5/etch svn
-CVE-2007-4658 (The money_format function in PHP before 5.2.4 permits multiple
(1) %i ...)
+CVE-2007-4658 (The money_format function in PHP 5 before 5.2.4, and PHP 4
before ...)
 	{DSA-1444-1 DTSA-61-1}
 	- php5 5.2.4-1 (low)
 	NOTE: fixed in php5/etch svn
@@ -8273,8 +8422,10 @@
 CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7
and ...)
 	NOT-FOR-US: FlashGameScript
 CVE-2007-3645 (archive_read_support_format_tar.c in libarchive before 2.2.4
allows ...)
+	{DSA-1455-1}
 	- libarchive 2.2.4-1 (bug #432924; low)
 CVE-2007-3644 (archive_read_support_format_tar.c in libarchive before 2.2.4
allows ...)
+	{DSA-1455-1}
 	- libarchive 2.2.4-1 (bug #432924; low)
 CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative
privileges ...)
 	NOT-FOR-US: AV Arcade
@@ -8282,6 +8433,7 @@
 	{DSA-1356-1}
 	- linux-2.6 2.6.22-2
 CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4
does not ...)
+	{DSA-1455-1}
 	- libarchive 2.2.4-1 (bug #432924; low)
 CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows
context-dependent ...)
 	NOT-FOR-US: Adobe Apollo
@@ -17343,14 +17495,14 @@
 	RESERVED
 CVE-2007-0070
 	RESERVED
-CVE-2007-0069
-	RESERVED
+CVE-2007-0069 (Unspecified vulnerability in the kernel in Microsoft Windows XP
SP2, ...)
+	TODO: check
 CVE-2007-0068 (IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the
signature ...)
 	NOT-FOR-US: IBM Lotus Domino
 CVE-2007-0067 (Unspecified vulnerability in the Lotus Domino Web Server 6.0,
6.5.x ...)
 	NOT-FOR-US: Lotus Domino Server
-CVE-2007-0066
-	RESERVED
+CVE-2007-0066 (Unspecified vulnerability in the kernel in Microsoft Windows
2000 SP4, ...)
+	TODO: check
 CVE-2007-0065
 	RESERVED
 CVE-2007-0064 (Heap-based buffer overflow in Windows Media Format Runtime 7.1,
9, ...)
Secure testing commits - Jan 2008 - r7859 - data/CVE

[Secure-testing-commits] r7859 - data/CVE
