joeyh at alioth.debian.org
2007-Dec-01 09:14 UTC
[Secure-testing-commits] r7449 - data/CVE
Author: joeyh Date: 2007-12-01 09:14:13 +0000 (Sat, 01 Dec 2007) New Revision: 7449 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-11-30 17:30:05 UTC (rev 7448) +++ data/CVE/list 2007-12-01 09:14:13 UTC (rev 7449) @@ -1,19 +1,147 @@ +CVE-2007-6200 (Unspecified vulnerability in rsync before 3.0.0pre6, when running a ...) + TODO: check +CVE-2007-6199 (rsync before 3.0.0pre6, when running a writable rsync daemon that is ...) + TODO: check +CVE-2007-6198 (portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction ...) + TODO: check +CVE-2007-6197 (The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 ...) + TODO: check +CVE-2007-6196 (Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail ...) + TODO: check +CVE-2007-6195 + RESERVED +CVE-2007-6194 + RESERVED +CVE-2007-6193 (The web management interface in Citrix NetScaler 8.0 build 47.8 stores ...) + TODO: check +CVE-2007-6192 (The web management interface in Citrix NetScaler 8.0 build 47.8 uses ...) + TODO: check +CVE-2007-6191 (Multiple PHP remote file inclusion vulnerabilities in Armin Burger ...) + TODO: check +CVE-2007-6190 (The HTTP daemon in the Cisco Unified IP Phone, when the Extension ...) + TODO: check +CVE-2007-6189 (A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in ...) + TODO: check +CVE-2007-6188 (Multiple directory traversal vulnerabilities in TuMusika Evolution ...) + TODO: check +CVE-2007-6187 (Multiple directory traversal vulnerabilities in PHP Content Architect ...) + TODO: check +CVE-2007-6186 (Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown ...) + TODO: check +CVE-2007-6185 (Directory traversal vulnerability in users/files.php in Eurologon CMS ...) + TODO: check +CVE-2007-6184 (Directory traversal vulnerability in index.php in Project Alumni 1.0.9 ...) + TODO: check +CVE-2007-6182 (The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 ...) + TODO: check +CVE-2007-6181 (Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier ...) + TODO: check +CVE-2007-6180 (Race condition in the Remote Procedure Call kernel module (rpcmod) in ...) + TODO: check +CVE-2007-6179 (Multiple PHP remote file inclusion vulnerabilities in Charray''s CMS ...) + TODO: check +CVE-2007-6178 (Multiple PHP remote file inclusion vulnerabilities in Easy Hosting ...) + TODO: check +CVE-2007-6177 (PHP remote file inclusion vulnerability in Exchange/include.php in ...) + TODO: check +CVE-2007-6176 (kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote ...) + TODO: check +CVE-2007-6175 (Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to ...) + TODO: check +CVE-2007-6174 (PHPDevShell before 0.7.0 allows remote authenticated users to gain ...) + TODO: check +CVE-2007-6173 (Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay ...) + TODO: check +CVE-2007-6172 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote ...) + TODO: check +CVE-2007-6169 (SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty ...) + TODO: check +CVE-2007-6168 (SQL injection vulnerability in default.asp in VU Case Manager allows ...) + TODO: check +CVE-2007-6167 (yast2-core includes the current working directory in its search path, ...) + TODO: check +CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime 7.2 and 7.3 allows ...) + TODO: check +CVE-2007-6165 (Mail in Apple Mac OS X Leopard allows user-assisted remote attackers ...) + TODO: check +CVE-2007-6164 (Multiple SQL injection vulnerabilities in Eurologon CMS allow remote ...) + TODO: check +CVE-2007-6163 (SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty ...) + TODO: check +CVE-2007-6162 (Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe ...) + TODO: check +CVE-2007-6161 (index.php in Tilde CMS 4.x and earlier allows remote attackers to ...) + TODO: check +CVE-2007-6160 (Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x ...) + TODO: check +CVE-2007-6159 (SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier ...) + TODO: check +CVE-2007-6158 (Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs ...) + TODO: check +CVE-2007-6157 (Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery ...) + TODO: check +CVE-2007-6156 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check +CVE-2007-6155 + RESERVED +CVE-2007-6154 + RESERVED +CVE-2007-6153 + RESERVED +CVE-2007-6152 + RESERVED +CVE-2007-6151 + RESERVED +CVE-2007-6149 + RESERVED +CVE-2007-6148 + RESERVED +CVE-2007-6147 (Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE ...) + TODO: check +CVE-2007-6146 (Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on ...) + TODO: check +CVE-2007-6145 (Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP ...) + TODO: check +CVE-2007-6144 (Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control ...) + TODO: check +CVE-2007-6143 (SQL injection vulnerability in default.asp (aka the Login Page) in VU ...) + TODO: check +CVE-2007-6142 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just ...) + TODO: check +CVE-2007-6141 (Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 ...) + TODO: check +CVE-2007-6140 (Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote ...) + TODO: check +CVE-2007-6139 (PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox ...) + TODO: check +CVE-2007-6138 (SQL injection vulnerability in redir.asp in VU Mass Mailer allows ...) + TODO: check +CVE-2007-6137 (SQL injection vulnerability in news.php in Content Injector 1.52 ...) + TODO: check +CVE-2007-6136 (Multiplce cross-site scripting (XSS) vulnerabilities in index.php in ...) + TODO: check +CVE-2007-6135 (Cross-site scripting (XSS) vulnerability in phpslideshow.php in ...) + TODO: check +CVE-2007-6134 (SQL injection vulnerability in pkinc/public/article.php in PHPKIT ...) + TODO: check +CVE-2007-6133 (PHP remote file inclusion vulnerability in admin/kfm/initialise.php in ...) + TODO: check CVE-2007-XXXX [zabbix-agent runs as gid 0] - zabbix <unfixed> (bug #452682) -CVE-2007-6183 [format string vulnerability in ruby-gnome2] +CVE-2007-6183 (Format string vulnerability in the mdiag_initialize function in ...) - ruby-gnome2 <unfixed> (medium; bug #453689) -CVE-2007-6171 [sql injection issue in asterisk res_config_pgsql module] +CVE-2007-6171 (SQL injection vulnerability in the Postgres Realtime Engine ...) - asterisk <unfixed> (medium) NOTE: maintainer is aware of it, preparing upload atm -CVE-2007-6170 [sql injection issue in asterisk cdr_pgsql module] +CVE-2007-6170 (SQL injection vulnerability in the Call Detail Record Postgres logging ...) - asterisk <unfixed> (medium) NOTE: maintainer is aware of it, preparing upload atm CVE-2007-XXXX [rsync is prone to symlink attacks] - rsync <unfixed> (low; bug #453652) -CVE-2007-6150 [weakness in random number generator on free bsd] +CVE-2007-6150 (The "internal state tracking" code for the random and urandom devices ...) NOT-FOR-US: FreeBSD CVE-2007-6132 - RESERVED + REJECTED CVE-2007-6131 (buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite ...) - scanbuttond <unfixed> (unimportant; bug #453239) NOTE: this is just an example script, maintainer adds a note about it @@ -1180,7 +1308,7 @@ - tikiwiki <removed> CVE-2007-5683 (Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki ...) - tikiwiki <removed> -CVE-2007-5682 (Unspecified vulnerability in tiki-graph_formula.php in TikiWiki before ...) +CVE-2007-5682 (Incomplete blacklist vulnerability in tiki-graph_formula.php in ...) - tikiwiki <removed> CVE-2007-5681 RESERVED @@ -2086,8 +2214,7 @@ NOT-FOR-US: Oracle CVE-2007-5504 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and ...) NOT-FOR-US: Oracle -CVE-2007-5503 - RESERVED +CVE-2007-5503 (Multiple integer overflows in Cairo before 1.4.12 might allow remote ...) - libcairo <unfixed> (medium; bug #453686) CVE-2007-5502 RESERVED @@ -2108,8 +2235,8 @@ RESERVED CVE-2007-5495 RESERVED -CVE-2007-5494 - RESERVED +CVE-2007-5494 (Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat ...) + TODO: check CVE-2007-5493 (The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows ...) NOT-FOR-US: Windows Mobile CVE-2007-5492 (Static code injection vulnerability in the translation module ...) @@ -2655,7 +2782,7 @@ NOT-FOR-US: ARCServe BackUp CVE-2007-5329 (Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp ...) NOT-FOR-US: ARCServe BackUp -CVE-2007-5328 (CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise ...) +CVE-2007-5328 (The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 ...) NOT-FOR-US: ARCServe BackUp CVE-2007-5327 (Stack-based buffer overflow in the RPC interface for the Message ...) NOT-FOR-US: ARCServe BackUp @@ -4284,8 +4411,8 @@ NOT-FOR-US: Apple QuickTime CVE-2007-4675 (Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in ...) NOT-FOR-US: Apple QuickTime -CVE-2007-4674 - RESERVED +CVE-2007-4674 (An "integer arithmetic" error in Apple QuickTime 7.2 allows remote ...) + TODO: check CVE-2007-4673 (Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP ...) NOT-FOR-US: Apple QuickTime CVE-2007-4672 (Stack-based buffer overflow in Apple QuickTime before 7.3 allows ...) @@ -5090,10 +5217,10 @@ RESERVED CVE-2007-4348 (Cross-site scripting (XSS) vulnerability in the CAD service in IBM ...) NOT-FOR-US: IBM Tivoli Storage Manager -CVE-2007-4347 - RESERVED -CVE-2007-4346 - RESERVED +CVE-2007-4347 (Multiple integer overflows in the Job Engine (bengine.exe) service in ...) + TODO: check +CVE-2007-4346 (The Job Engine (bengine.exe) service in Symantec Backup Exec for ...) + TODO: check CVE-2007-4345 (Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail ...) NOT-FOR-US: IMail Client CVE-2007-4344 (Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build ...)