thr3ads.net - Secure testing commits - [Secure-testing-commits] r7937

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Jan-16 09:14 UTC
[Secure-testing-commits] r7937 - data/CVE

Author: joeyh
Date: 2008-01-16 09:14:09 +0000 (Wed, 16 Jan 2008)
New Revision: 7937

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-01-16 08:54:30 UTC (rev 7936)
+++ data/CVE/list	2008-01-16 09:14:09 UTC (rev 7937)
@@ -1,3 +1,109 @@
+CVE-2008-0290 (Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2
and ...)
+	TODO: check
+CVE-2008-0289 (PHP remote file inclusion vulnerability in view_func.php in
Member ...)
+	TODO: check
+CVE-2008-0288 (Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2
allow ...)
+	TODO: check
+CVE-2008-0287 (PHP remote file inclusion vulnerability in VisionBurst vcart
3.3.2 and ...)
+	TODO: check
+CVE-2008-0286 (SQL injection vulnerability in admin/login.php in Article
Dashboard ...)
+	TODO: check
+CVE-2008-0285 (ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows
...)
+	TODO: check
+CVE-2008-0284 (Cross-site scripting (XSS) vulnerability in Simple Machines
Forum ...)
+	TODO: check
+CVE-2008-0283 (PHP remote file inclusion vulnerability in /aides/index.php in
DomPHP ...)
+	TODO: check
+CVE-2008-0282 (SQL injection vulnerability in welcome/inscription.php in DomPHP
0.81 ...)
+	TODO: check
+CVE-2008-0281 (SQL injection vulnerability in liste.php in ID-Commerce 2.0 and
...)
+	TODO: check
+CVE-2008-0280 (SQL injection vulnerability in index.php in MTCMS 2.0 and
possibly ...)
+	TODO: check
+CVE-2008-0279 (SQL injection vulnerability in liretopic.php in Xforum 1.4 and
...)
+	TODO: check
+CVE-2008-0278 (SQL injection vulnerability in index.php in X7 Chat 2.0.5 and
possibly ...)
+	TODO: check
+CVE-2008-0277 (Unspecified vulnerability in the Fileshare module for Drupal
allows ...)
+	TODO: check
+CVE-2008-0276 (Cross-site scripting (XSS) vulnerability in the Devel module
before ...)
+	TODO: check
+CVE-2008-0275 (The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for
Drupal ...)
+	TODO: check
+CVE-2008-0274 (Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and
5.x, when ...)
+	TODO: check
+CVE-2008-0273 (Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x
before ...)
+	TODO: check
+CVE-2008-0272 (Cross-site request forgery (CSRF) vulnerability in the
aggregator ...)
+	TODO: check
+CVE-2008-0271 (The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and
5.x ...)
+	TODO: check
+CVE-2008-0270 (SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and
...)
+	TODO: check
+CVE-2008-0269 (Unspecified vulnerability in the dotoprocs function in Sun
Solaris 10 ...)
+	TODO: check
+CVE-2008-0268 (Cross-site scripting (XSS) vulnerability in view.php in eTicket
...)
+	TODO: check
+CVE-2008-0267 (Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow
remote ...)
+	TODO: check
+CVE-2008-0266 (Cross-site request forgery (CSRF) vulnerability in admin.php in
...)
+	TODO: check
+CVE-2008-0265 (Multiple cross-site scripting (XSS) vulnerabilities in the
Search ...)
+	TODO: check
+CVE-2008-0264 (Unspecified vulnerability in the Meta Tags (aka Nodewords)
5.x-1.6 ...)
+	TODO: check
+CVE-2008-0263 (The SIP module in Ingate Firewall before 4.6.1 and SIParator
before ...)
+	TODO: check
+CVE-2008-0262 (SQL injection vulnerability in includes/articleblock.php in
Agares ...)
+	TODO: check
+CVE-2008-0261 (Unspecified vulnerability in the search component and module in
Mambo ...)
+	TODO: check
+CVE-2008-0260 (minimal Gallery 0.8 allows remote attackers to obtain
configuration ...)
+	TODO: check
+CVE-2008-0259 (Multiple directory traversal vulnerabilities in
_mg/php/mg_thumbs.php ...)
+	TODO: check
+CVE-2008-0258 (Cross-site scripting (XSS) vulnerability in index.php in PHP
Running ...)
+	TODO: check
+CVE-2008-0257 (Cross-site scripting (XSS) vulnerability in search.pl in Dansie
Search ...)
+	TODO: check
+CVE-2008-0256 (Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo
...)
+	TODO: check
+CVE-2008-0255 (SQL injection vulnerability in archive.php in iGaming 1.5, and
1.3.1 ...)
+	TODO: check
+CVE-2008-0254 (SQL injection vulnerability in activate.php in TutorialCMS (aka
...)
+	TODO: check
+CVE-2008-0253 (SQL injection vulnerability in full_text.php in Binn SBuilder
allows ...)
+	TODO: check
+CVE-2008-0252 (Directory traversal vulnerability in the _get_file_path function
in ...)
+	TODO: check
+CVE-2008-0251 (Unrestricted file upload vulnerability in PhotoPost vBGallery
before ...)
+	TODO: check
+CVE-2008-0250 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows
...)
+	TODO: check
+CVE-2008-0249 (PHP Webquest 2.6 allows remote attackers to retrieve database
...)
+	TODO: check
+CVE-2008-0248 (Buffer overflow in an ActiveX control in ccpm_0237.dll for
StreamAudio ...)
+	TODO: check
+CVE-2008-0247 (Heap-based buffer overflow in IBM Tivoli Storage Manager (TSM)
Express ...)
+	TODO: check
+CVE-2008-0246 (admin.php in UploadScript 1.0 does not check for the original
password ...)
+	TODO: check
+CVE-2008-0245 (admin.php in UploadImage 1.0 does not check for the original
password ...)
+	TODO: check
+CVE-2008-0244 (SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers
to ...)
+	TODO: check
+CVE-2008-0243 (Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack
3 ...)
+	TODO: check
+CVE-2008-0242 (Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows
local ...)
+	TODO: check
+CVE-2008-0241 (Open redirect vulnerability in /idm/user/login.jsp in Sun Java
System ...)
+	TODO: check
+CVE-2008-0240 (/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1
...)
+	TODO: check
+CVE-2008-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java
System ...)
+	TODO: check
+CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont
function in ...)
+	TODO: check
 CVE-2008-XXXX [insecure use of RandomPool]
 	- python-paramiko <unfixed> (medium; bug #460706)
 	NOTE: http://www.lag.net/pipermail/paramiko/2008-January/000599.html
@@ -13,7 +119,7 @@
 	NOT-FOR-US: Zero CMS
 CVE-2008-0232 (Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha
allow ...)
 	NOT-FOR-US: Zero CMS
-CVE-2008-0231 (Multiple directory traversal vulnerabilities in Tune Studio
index.php ...)
+CVE-2008-0231 (Multiple directory traversal vulnerabilities in index.php in
Tuned ...)
 	NOT-FOR-US: Tune Studio
 CVE-2008-0230 (PHP remote file inclusion vulnerability in php121db.php in
osDate ...)
 	NOT-FOR-US: osDate
@@ -32,7 +138,7 @@
 	- xine-lib <unfixed> (medium; bug #460551)
 CVE-2008-0224 (SQL injection vulnerability in index.php in the Newbb_plus 0.92
and ...)
 	NOT-FOR-US: RunCMS
-CVE-2008-0223 (Buffer overflow in JustSystem JSFC.DLL, as used in multiple
JustSystem ...)
+CVE-2008-0223 (Buffer overflow in JustSystems JSFC.DLL, as used in multiple
...)
 	NOT-FOR-US: JustSystem
 CVE-2008-0222 (Unrestricted file upload vulnerability in ajaxfilemanager.php in
the ...)
 	NOT-FOR-US: Wp-FileManager plugin for WordPress
@@ -44,10 +150,10 @@
 	NOT-FOR-US: Webquest
 CVE-2008-0218 (Cross-site scripting (XSS) vulnerability in admin/index.html in
Merak ...)
 	NOT-FOR-US: Merak IceWarp Mail Server
-CVE-2008-0217
-	RESERVED
-CVE-2008-0216
-	RESERVED
+CVE-2008-0217 (The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes
...)
+	TODO: check
+CVE-2008-0216 (The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does
not ...)
+	TODO: check
 CVE-2008-0215
 	RESERVED
 CVE-2008-0214
@@ -177,8 +283,7 @@
 	NOT-FOR-US: Peter''s Random Anti-Spam Image
 CVE-2003-1539 (Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File
...)
 	NOT-FOR-US: ONEdotOH Simple File
-CVE-2008-0173 [SQL injection in gforge]
-	RESERVED
+CVE-2008-0173 (SQL injection vulnerability in Gforge 4.6.99 and earlier allows
remote ...)
 	{DSA-1459-1}
 	- gforge 4.6.99+svn6330-1 (medium)
 	NOTE: this is exploitable by unauthenticated users
@@ -260,10 +365,10 @@
 	RESERVED
 CVE-2008-0124
 	RESERVED
-CVE-2008-0123
-	RESERVED
-CVE-2008-0122
-	RESERVED
+CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for
Moodle ...)
+	TODO: check
+CVE-2008-0122 (Off-by-one error in the inet_network function in libc in FreeBSD
6.2, ...)
+	TODO: check
 CVE-2008-0121
 	RESERVED
 CVE-2008-0120
@@ -455,18 +560,18 @@
 	RESERVED
 CVE-2008-0037
 	RESERVED
-CVE-2008-0036
-	RESERVED
-CVE-2008-0035
-	RESERVED
-CVE-2008-0034
-	RESERVED
-CVE-2008-0033
-	RESERVED
-CVE-2008-0032
-	RESERVED
-CVE-2008-0031
-	RESERVED
+CVE-2008-0036 (Buffer overflow in Apple QuickTime before 7.4 allows remote
attackers ...)
+	TODO: check
+CVE-2008-0035 (Unspecified vulnerability in Foundation, as used in Apple iPhone
1.0 ...)
+	TODO: check
+CVE-2008-0034 (Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0
through ...)
+	TODO: check
+CVE-2008-0033 (Unspecified vulnerability in Apple QuickTime before 7.4 allows
remote ...)
+	TODO: check
+CVE-2008-0032 (Apple QuickTime before 7.4 allows remote attackers to execute
...)
+	TODO: check
+CVE-2008-0031 (Unspecified vulnerability in Apple QuickTime before 7.4 allows
remote ...)
+	TODO: check
 CVE-2007-6667 (SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and
earlier ...)
 	NOT-FOR-US: MyPHP Forum
 CVE-2007-6666 (SQL injection vulnerability in rss.php in Zenphoto 1.1 through
1.1.3 ...)
@@ -1002,7 +1107,7 @@
 	[sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6)
 	[etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6)
 CVE-2007-6437 (Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8
allows ...)
-	{DTSA-105-1}
+	{DSA-1464-1 DTSA-105-1}
 	- syslog-ng 2.0.6-1 (low; bug #457334)
 	[sarge] - syslog-ng <not-affected> (Vulnerable code not present)
 CVE-2003-1538 (susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server,
and ...)
@@ -1045,19 +1150,17 @@
 	RESERVED
 CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running
in ...)
 	NOT-FOR-US: Fonality Trixbox
-CVE-2007-6423 [windows only Apache mod_proxy_balancer issue]
-	RESERVED
+CVE-2007-6423 (** DISPUTED ** ...)
 	- apache2 <not-affected> (disputed / only for Windows)
-CVE-2007-6422 (Unspecified vulnerability in mod_proxy_balancer in the Apache
HTTP ...)
+CVE-2007-6422 (The balancer_handler function in mod_proxy_balancer in the
Apache HTTP ...)
 	- apache2 <unfixed> (low)
 	[etch] - apache2 <no-dsa> (minor issue)
 	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
-CVE-2007-6421 (Cross-site scripting (XSS) vulnerability in mod_proxy_balancer
in the ...)
+CVE-2007-6421 (Cross-site scripting (XSS) vulnerability in balancer-manager in
...)
 	- apache2 <unfixed> (low)
 	[etch] - apache2 <no-dsa> (minor issue)
 	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
-CVE-2007-6420 [Apache mod_proxy_balancer XSRF in balancer manager]
-	RESERVED
+CVE-2007-6420 (Cross-site request forgery (CSRF) vulnerability in the ...)
 	- apache2 <unfixed> (low)
 	[etch] - apache2 <no-dsa> (minor issue)
 	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
@@ -1375,13 +1478,12 @@
 	NOT-FOR-US: HyperVM
 CVE-2007-6286
 	RESERVED
-CVE-2007-6285 (The default configuration for autofs 5 (autofs5) on Red Hat
Enterprise ...)
+CVE-2007-6285 (The default configuration for autofs 5 (autofs5) in some Linux
...)
 	NOTE: maintainer will patch autofs5 in upload to unstable
 	TODO: check when autofs5 hits unstable
 	- autofs <not-affected> (-hosts feature not present, auto.net has
nosuid,nodev)
 	- autofs5 <unfixed>
-CVE-2007-6284 [infinite loop in libxml2 through crafted UTF-8 sequence]
-	RESERVED
+CVE-2007-6284 (The xmlCurrentChar function in libxml2 before 2.6.31 allows ...)
 	{DSA-1461-1}
 	- libxml2 2.6.30.dfsg-3.1 (medium; bug #460292)
 	- libxml 1.8.17-14.1 (medium)
@@ -1567,8 +1669,7 @@
 	RESERVED
 CVE-2008-0006
 	RESERVED
-CVE-2008-0005 [Apache mod_proxy_ftp Undefined Charset UTF-7 XSS Vulnerability]
-	RESERVED
+CVE-2008-0005 (mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before
...)
 	- apache2 <unfixed> (low)
 	- apache <unfixed> (low)
 CVE-2008-0004
@@ -1577,8 +1678,8 @@
 	NOT-FOR-US: OpenPegasus CIM management server
 CVE-2008-0002
 	RESERVED
-CVE-2008-0001
-	RESERVED
+CVE-2008-0001 (VFS in the Linux kernel before 2.6.23.14 performs tests of
access mode ...)
+	TODO: check
 CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems,
does not ...)
 	- xen-3 3.1.2-1
 CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and
2.6.x ...)
@@ -2189,7 +2290,7 @@
 CVE-2007-5965 (QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly
...)
 	- qt4-x11 4.3.3-1
 	- qt-x11-free <not-affected> (Vulnerable code not present)
-CVE-2007-5964 (The default configuration of autofs 5 in Red Hat Enterprise
Linux ...)
+CVE-2007-5964 (The default configuration of autofs 5 in some Linux
distributions, ...)
 	- autofs 3.1.4-8 (medium)
 	- autofs5 <unfixed>
 	NOTE: maintainer will patch autofs5 in upload to unstable
@@ -2201,7 +2302,7 @@
 	RESERVED
 CVE-2007-5961
 	RESERVED
-CVE-2007-5960 (Mozilla Firefox before 2.0.0.10 and SeaMonkey 1.1.7 sets the
Referer ...)
+CVE-2007-5960 (Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets
the ...)
 	{DSA-1425-1 DSA-1424-1}
 	- iceweasel 2.0.0.10-1
 	- iceape 1.1.7-1
@@ -2510,7 +2611,7 @@
 	NOT-FOR-US: Spin Tracer (Apple Mac OS X)
 CVE-2007-5859 (Unspecified vulnerability in Safari RSS in Apple Mac OS X
10.4.11 ...)
 	NOT-FOR-US: Safari RSS (Apple Mac OS X)
-CVE-2007-5858 (WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1 allows
remote ...)
+CVE-2007-5858 (WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone
1.0 ...)
 	NOT-FOR-US: Safari (Apple Mac OS X)
 CVE-2007-5857 (Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie
from ...)
 	NOT-FOR-US: Quick Look (Apple Mac OS X)
@@ -3269,14 +3370,14 @@
 	NOT-FOR-US:  MacroVision FLEXnet Connect and InstallShield 2008
 CVE-2007-5659
 	RESERVED
-CVE-2007-5658
-	RESERVED
-CVE-2007-5657
-	RESERVED
-CVE-2007-5656
-	RESERVED
-CVE-2007-5655
-	RESERVED
+CVE-2007-5658 (Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0
and ...)
+	TODO: check
+CVE-2007-5657 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before
4.0.4, ...)
+	TODO: check
+CVE-2007-5656 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before
4.0.4, ...)
+	TODO: check
+CVE-2007-5655 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before
4.0.4, ...)
+	TODO: check
 CVE-2007-5654 (LiteSpeed Web Server before 3.2.4 allows remote attackers to
trigger ...)
 	NOT-FOR-US: LiteSpeed
 CVE-2007-5653 (The Component Object Model (COM) functions in PHP 5.x on Windows
do ...)
Secure testing commits - Jan 2008 - r7937 - data/CVE

[Secure-testing-commits] r7937 - data/CVE
