joeyh at alioth.debian.org
2008-Jan-11 21:14 UTC
[Secure-testing-commits] r7882 - data/CVE
Author: joeyh
Date: 2008-01-11 21:14:10 +0000 (Fri, 11 Jan 2008)
New Revision: 7882
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-01-11 17:07:18 UTC (rev 7881)
+++ data/CVE/list 2008-01-11 21:14:10 UTC (rev 7882)
@@ -1,4 +1,169 @@
+CVE-2008-0237 (The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX)
6.1.97.82 ...)
+ TODO: check
+CVE-2008-0236 (An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll
6.0.8862.0) ...)
+ TODO: check
+CVE-2008-0235 (The Microsoft VFP_OLE_Server ActiveX control allows remote
attackers ...)
+ TODO: check
+CVE-2008-0234 (Stack-based buffer overflow in Apple Quicktime Player 7.3.1.70,
when ...)
+ TODO: check
+CVE-2008-0233 (Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and
...)
+ TODO: check
+CVE-2008-0232 (Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha
allow ...)
+ TODO: check
+CVE-2008-0231 (Multiple directory traversal vulnerabilities in Tune Studio
index.php ...)
+ TODO: check
+CVE-2008-0230 (PHP remote file inclusion vulnerability in php121db.php in
osDate ...)
+ TODO: check
+CVE-2008-0229 (The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+
Wireless ...)
+ TODO: check
+CVE-2008-0228 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in
the ...)
+ TODO: check
+CVE-2008-0227 (yaSSL 1.7.5 and earlier, as used in MySQL and possibly other
products, ...)
+ TODO: check
+CVE-2008-0226 (Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in
MySQL ...)
+ TODO: check
+CVE-2008-0225 (Heap-based buffer overflow in the rmff_dump_cont function in
...)
+ TODO: check
+CVE-2008-0224 (SQL injection vulnerability in index.php in the Newbb_plus 0.92
and ...)
+ TODO: check
+CVE-2008-0223 (Buffer overflow in JustSystem JSFC.DLL, as used in multiple
JustSystem ...)
+ TODO: check
+CVE-2008-0222 (Unrestricted file upload vulnerability in ajaxfilemanager.php in
the ...)
+ TODO: check
+CVE-2008-0221 (Directory traversal vulnerability in the
WebLaunch.WeblaunchCtl.1 (aka ...)
+ TODO: check
+CVE-2008-0220 (Multiple stack-based buffer overflows in the
WebLaunch.WeblaunchCtl.1 ...)
+ TODO: check
+CVE-2008-0219 (SQL injection vulnerability in soporte_horizontal_w.php in PHP
...)
+ TODO: check
+CVE-2008-0218 (Cross-site scripting (XSS) vulnerability in admin/index.html in
Merak ...)
+ TODO: check
+CVE-2008-0217
+ RESERVED
+CVE-2008-0216
+ RESERVED
+CVE-2008-0215
+ RESERVED
+CVE-2008-0214
+ RESERVED
+CVE-2008-0213
+ RESERVED
+CVE-2008-0212
+ RESERVED
+CVE-2008-0211
+ RESERVED
+CVE-2008-0210 (Uebimiau Webmail 2.7.10 and 2.7.2 does not protect
authentication ...)
+ TODO: check
+CVE-2008-0209 (Open redirect vulnerability in Forums/login.asp in Snitz Forums
2000 ...)
+ TODO: check
+CVE-2008-0208 (Cross-site scripting (XSS) vulnerability in login.asp in Snitz
Forums ...)
+ TODO: check
+CVE-2008-0207 (Multiple cross-site scripting (XSS) vulnerabilities in
PRO-Search 0.17 ...)
+ TODO: check
+CVE-2008-0206 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2008-0205 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+ TODO: check
+CVE-2008-0204 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2008-0203 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2008-0202 (CRLF injection vulnerability in index.php in ExpressionEngine
1.2.1 ...)
+ TODO: check
+CVE-2008-0201 (Cross-site scripting (XSS) vulnerability in index.php in ...)
+ TODO: check
+CVE-2008-0200 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2008-0199 (PRO-Search 0.17 and earlier allows remote attackers to cause a
denial ...)
+ TODO: check
+CVE-2008-0198 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+ TODO: check
+CVE-2008-0197 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2008-0196 (Multiple directory traversal vulnerabilities in WordPress 2.0.11
and ...)
+ TODO: check
+CVE-2008-0195 (WordPress 2.0.11 and earlier allows remote attackers to obtain
...)
+ TODO: check
+CVE-2008-0194 (Directory traversal vulnerability in wp-db-backup.php in
WordPress ...)
+ TODO: check
+CVE-2008-0193 (Cross-site scripting (XSS) vulnerability in wp-db-backup.php in
...)
+ TODO: check
+CVE-2008-0192 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress
2.0.9 ...)
+ TODO: check
+CVE-2008-0191 (WordPress 2.2.x and 2.3.x allows remote attackers to obtain
sensitive ...)
+ TODO: check
+CVE-2008-0190 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2008-0189
+ RESERVED
+CVE-2008-0188
+ RESERVED
+CVE-2008-0187 (SQL injection vulnerability in songinfo.php in SAM Broadcaster
...)
+ TODO: check
+CVE-2008-0186 (Cross-site scripting (XSS) vulnerability in index.php in NetRisk
1.9.7 ...)
+ TODO: check
+CVE-2008-0185 (SQL injection vulnerability in index.php in NetRisk 1.9.7 and
possibly ...)
+ TODO: check
+CVE-2008-0184 (Absolute path traversal vulnerability in index.php in Sys-Hotel
on ...)
+ TODO: check
+CVE-2008-0183
+ RESERVED
+CVE-2008-0182
+ RESERVED
+CVE-2008-0181
+ RESERVED
+CVE-2008-0180
+ RESERVED
+CVE-2008-0179
+ RESERVED
+CVE-2008-0178
+ RESERVED
+CVE-2008-0177
+ RESERVED
+CVE-2008-0176
+ RESERVED
+CVE-2008-0175
+ RESERVED
+CVE-2008-0174
+ RESERVED
+CVE-2008-0172
+ RESERVED
+CVE-2008-0171
+ RESERVED
+CVE-2008-0170
+ RESERVED
+CVE-2008-0169
+ RESERVED
+CVE-2008-0168
+ RESERVED
+CVE-2008-0167
+ RESERVED
+CVE-2008-0166
+ RESERVED
+CVE-2008-0165
+ RESERVED
+CVE-2008-0164
+ RESERVED
+CVE-2008-0163
+ RESERVED
+CVE-2008-0162
+ RESERVED
+CVE-2008-0161
+ RESERVED
+CVE-2008-0160
+ RESERVED
+CVE-2007-6680 (Trusted Execution in IBM AIX 6.1 uses an incorrect pathname
argument ...)
+ TODO: check
+CVE-2007-6679 (Unspecified vulnerability in the Administrative Console in IBM
...)
+ TODO: check
+CVE-2007-6678 (Untrusted search path vulnerability in yast2-core in SUSE Linux
might ...)
+ TODO: check
+CVE-2007-6677 (Cross-site scripting (XSS) vulnerability in Peter''s
Random Anti-Spam ...)
+ TODO: check
+CVE-2003-1539 (Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File
...)
+ TODO: check
CVE-2008-0173 [SQL injection in gforge]
+ RESERVED
- gforge <unfixed> (unimportant)
NOTE: this is exploitable by unauthenticated users
NOTE: Requires register_globals to be On, unsupported in lenny+sid.
@@ -71,8 +236,8 @@
NOT-FOR-US: Site at School
CVE-2008-0128
RESERVED
-CVE-2008-0127
- RESERVED
+CVE-2008-0127 (The administration interface in McAfee E-Business Server 8.5.2
and ...)
+ TODO: check
CVE-2008-0126
RESERVED
CVE-2008-0125
@@ -420,13 +585,11 @@
NOT-FOR-US: Hot or Not Clone
CVE-2007-6602 (SQL injection vulnerability in app/models/identity.php in
NoseRub ...)
NOT-FOR-US: NoseRub
-CVE-2007-6601 [dblink privilege escalation in postgresql]
- RESERVED
+CVE-2007-6601 (The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before
8.1.11, ...)
- postgresql-8.2 8.2.6-1
- postgresql-8.1 8.1.11-1
NOTE: see http://www.postgresql.org/about/news.905
-CVE-2007-6600 [privilege escalation in postgresql]
- RESERVED
+CVE-2007-6600 (PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before
8.0.15, 7.4 ...)
- postgresql-8.2 8.2.6-1
- postgresql-8.1 8.1.11-1
NOTE: see http://www.postgresql.org/about/news.905
@@ -599,10 +762,10 @@
NOT-FOR-US: Microsoft Office Publisher
CVE-2007-6533 (Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows
...)
NOT-FOR-US: Zoom Player
-CVE-2007-6532
- RESERVED
-CVE-2007-6531
- RESERVED
+CVE-2007-6532 (Double-free vulnerability in the Widget Library (libxfcegui4) in
Xfce ...)
+ TODO: check
+CVE-2007-6531 (Stack-based buffer overflow in the Panel (xfce4-panel) component
in ...)
+ TODO: check
CVE-2007-6530 (Buffer overflow in the XUpload.ocx ActiveX control in Persits
Software ...)
NOT-FOR-US: XUpload
CVE-2007-6529 (Multiple unspecified vulnerabilities in TikiWiki before 1.9.9
have ...)
@@ -1278,8 +1441,8 @@
RESERVED
CVE-2007-6251
RESERVED
-CVE-2007-6250
- RESERVED
+CVE-2007-6250 (Stack-based buffer overflow in AOL AOLMediaPlaybackControl ...)
+ TODO: check
CVE-2007-6249 (etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on
the ...)
NOT-FOR-US: Gentoo portage
CVE-2007-6248
@@ -1686,8 +1849,7 @@
RESERVED
CVE-2007-6068
RESERVED
-CVE-2007-6067 [remote denial of service in postgresql via crafted regex]
- RESERVED
+CVE-2007-6067 (Algorithmic complexity vulnerability in the regular expression
parser ...)
- postgresql-8.2 8.2.6-1
- postgresql-8.1 8.1.11-1
NOTE: see http://www.postgresql.org/about/news.905
@@ -1845,8 +2007,8 @@
RESERVED
CVE-2007-6019
RESERVED
-CVE-2007-6018
- RESERVED
+CVE-2007-6018 (IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and
Horde ...)
+ TODO: check
CVE-2007-6017
RESERVED
CVE-2007-6016
@@ -2524,8 +2686,8 @@
RESERVED
CVE-2007-5763
RESERVED
-CVE-2007-5762
- RESERVED
+CVE-2007-5762 (NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91
SP4, ...)
+ TODO: check
CVE-2007-5761 (The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build
1011 ...)
NOT-FOR-US: Motorola netOctopus
CVE-2007-5760
@@ -2796,7 +2958,7 @@
NOT-FOR-US: phpImage
CVE-2007-5696 (PHP remote file inclusion vulnerability in includes.php in
phpBasic ...)
NOT-FOR-US: phpBasic
-CVE-2007-5695 (command.php in SiteBar 3.3.8 allows remote attackers to redirect
users ...)
+CVE-2007-5695 (Open redirect vulnerability in command.php in SiteBar 3.3.8
allows ...)
{DSA-1423-1}
- sitebar 3.3.8-12.1 (low; bug #448690)
NOTE: there is no real exploit scenario
@@ -3291,8 +3453,8 @@
NOT-FOR-US: VMware Player
CVE-2007-5617 (Unspecified vulnerability in VMware Player 1.0.x before 1.0.5
and 2.0 ...)
NOT-FOR-US: VMware Player
-CVE-2007-5616
- RESERVED
+CVE-2007-5616 (ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and
5.3.x ...)
+ TODO: check
CVE-2007-5615 (CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0
allows ...)
- jetty <unfixed> (low; bug #454529)
CVE-2007-5614 (Mortbay Jetty before 6.1.6rc1 does not properly handle
"certain quote ...)
@@ -3989,14 +4151,14 @@
RESERVED
CVE-2007-5405
RESERVED
-CVE-2007-5404
- RESERVED
-CVE-2007-5403
- RESERVED
-CVE-2007-5402
- RESERVED
-CVE-2007-5401
- RESERVED
+CVE-2007-5404 (Layton HelpBox 3.7.1 generates different responses depending on
...)
+ TODO: check
+CVE-2007-5403 (Multiple cross-site scripting (XSS) vulnerabilities in Layton
HelpBox ...)
+ TODO: check
+CVE-2007-5402 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1
allow ...)
+ TODO: check
+CVE-2007-5401 (Unrestricted file upload vulnerability in uploadrequest.asp in
Layton ...)
+ TODO: check
CVE-2007-5400
RESERVED
CVE-2007-5399
@@ -5749,8 +5911,7 @@
RESERVED
CVE-2007-4773
RESERVED
-CVE-2007-4772 [remote denial of service in postgresql via crafted regex]
- RESERVED
+CVE-2007-4772 (The regular expression parser in TCL before 8.4.17, as used in
...)
- postgresql-8.2 8.2.6-1
- postgresql-8.1 8.1.11-1
NOTE: see http://www.postgresql.org/about/news.905
@@ -5758,8 +5919,7 @@
RESERVED
CVE-2007-4770
RESERVED
-CVE-2007-4769 [remote denial of service in postgresql via crafted regex]
- RESERVED
+CVE-2007-4769 (The regular expression parser in TCL before 8.4.17, as used in
...)
- postgresql-8.2 8.2.6-1
- postgresql-8.1 8.1.11-1
NOTE: see http://www.postgresql.org/about/news.905
@@ -17518,7 +17678,7 @@
NOT-FOR-US: IBM Lotus Domino
CVE-2007-0067 (Unspecified vulnerability in the Lotus Domino Web Server 6.0,
6.5.x ...)
NOT-FOR-US: Lotus Domino Server
-CVE-2007-0066 (Unspecified vulnerability in the kernel in Microsoft Windows
2000 SP4, ...)
+CVE-2007-0066 (The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server
2003, ...)
NOT-FOR-US: Microsoft Windows
CVE-2007-0065
RESERVED
@@ -17803,8 +17963,8 @@
NOT-FOR-US: ChainKey Java Code Protection
CVE-2007-0013
RESERVED
-CVE-2007-0012
- RESERVED
+CVE-2007-0012 (Sun JRE 5.0 before update 14 allows remote attackers to cause a
denial ...)
+ TODO: check
CVE-2007-0011 (The web portal interface in Citrix Access Gateway (aka Citrix
Advanced ...)
NOT-FOR-US: Citrix Access Gateway
CVE-2006-6836 (Multiple unspecified vulnerabilities in osp-cert in IBM OS/400
V5R3M0 ...)