thr3ads.net - Secure testing commits - [Secure-testing-commits] r8063

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Jan-31 21:14 UTC
[Secure-testing-commits] r8063 - data/CVE

Author: joeyh
Date: 2008-01-31 21:14:14 +0000 (Thu, 31 Jan 2008)
New Revision: 8063

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-01-31 20:28:39 UTC (rev 8062)
+++ data/CVE/list	2008-01-31 21:14:14 UTC (rev 8063)
@@ -1,3 +1,187 @@
+CVE-2008-0501 (Directory traversal vulnerability in phpMyClub 0.0.1 allows
remote ...)
+	TODO: check
+CVE-2008-0500 (Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have
...)
+	TODO: check
+CVE-2008-0499 (SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote
...)
+	TODO: check
+CVE-2008-0498 (SQL injection vulnerability in main_bigware_53.tpl.php in
Bigware Shop ...)
+	TODO: check
+CVE-2008-0497 (Cross-site scripting (XSS) vulnerability in action.php in
Nucleus CMS ...)
+	TODO: check
+CVE-2008-0496 (Cross-site scripting (XSS) vulnerability in index.php in AmpJuke
0.7.0 ...)
+	TODO: check
+CVE-2008-0495 (Unspecified vulnerability in the Pegasus CIM Server in IBM
Hardware ...)
+	TODO: check
+CVE-2008-0494 (Cross-site scripting (XSS) vulnerability in vpnum/userslist.php
in ...)
+	TODO: check
+CVE-2008-0493 (fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows
...)
+	TODO: check
+CVE-2008-0492 (Stack-based buffer overflow in the Persits.XUpload.2 ActiveX
control ...)
+	TODO: check
+CVE-2008-0491 (SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1
...)
+	TODO: check
+CVE-2008-0490 (SQL injection vulnerability in functions/editevent.php in the
WP-Cal ...)
+	TODO: check
+CVE-2008-0489 (Directory traversal vulnerability in install.php in Clansphere
...)
+	TODO: check
+CVE-2008-0488 (Directory traversal vulnerability in tseekdir.cgi in VB
Marketing ...)
+	TODO: check
+CVE-2008-0487 (Multiple SQL injection vulnerabilities in login.asp in
ASPired2Protect ...)
+	TODO: check
+CVE-2008-0486
+	RESERVED
+CVE-2008-0485
+	RESERVED
+CVE-2008-0484
+	RESERVED
+CVE-2008-0483
+	RESERVED
+CVE-2008-0482
+	RESERVED
+CVE-2008-0481 (Directory traversal vulnerability in RTE_file_browser.asp in Web
Wiz ...)
+	TODO: check
+CVE-2008-0480 (Multiple directory traversal vulnerabilities in Web Wiz Forums
9.07 ...)
+	TODO: check
+CVE-2008-0479 (Directory traversal vulnerability in RTE_file_browser.asp in Web
Wiz ...)
+	TODO: check
+CVE-2008-0478 (Directory traversal vulnerability in index.php in SetCMS 3.6.5
allows ...)
+	TODO: check
+CVE-2008-0477 (Stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX
...)
+	TODO: check
+CVE-2008-0476 (ManageEngine Applications Manager 8.1 build 8100 does not check
...)
+	TODO: check
+CVE-2008-0475 (ManageEngine Applications Manager 8.1 build 8100 allows remote
...)
+	TODO: check
+CVE-2008-0474 (Multiple cross-site scripting (XSS) vulnerabilities in
ManageEngine ...)
+	TODO: check
+CVE-2008-0473 (RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows
remote ...)
+	TODO: check
+CVE-2008-0472 (Cross-site request forgery (CSRF) vulnerability in modcp.php in
...)
+	TODO: check
+CVE-2008-0471 (Cross-site request forgery (CSRF) vulnerability in privmsg.php
in ...)
+	TODO: check
+CVE-2008-0470 (A certain ActiveX control in Comodo AntiVirus 2.0 allows remote
...)
+	TODO: check
+CVE-2008-0469 (SQL injection vulnerability in index.php in Tiger Php News
System ...)
+	TODO: check
+CVE-2008-0468 (SQL injection vulnerability in category.php in Flinx 1.3 and
earlier ...)
+	TODO: check
+CVE-2008-0467 (Buffer overflow in Firebird before 2.1.0 RC1 might allow remote
...)
+	TODO: check
+CVE-2008-0466 (Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text
Editor ...)
+	TODO: check
+CVE-2008-0465 (Directory traversal vulnerability in optimizer.php in Seagull
0.6.3 ...)
+	TODO: check
+CVE-2008-0464 (Directory traversal vulnerability in archiv.cgi in absofort
aconon ...)
+	TODO: check
+CVE-2008-0463 (Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x
before ...)
+	TODO: check
+CVE-2008-0462 (Cross-site scripting (XSS) vulnerability in the Archive 5.x
before ...)
+	TODO: check
+CVE-2008-0461 (SQL injection vulnerability in index.php in the Search module in
...)
+	TODO: check
+CVE-2008-0460 (Cross-site scripting (XSS) vulnerability in api.php in (1)
MediaWiki ...)
+	TODO: check
+CVE-2008-0459 (Directory traversal vulnerability in update/index.php in
Liquid-Silver ...)
+	TODO: check
+CVE-2008-0458 (Directory traversal vulnerability in function/sources.php in
SLAED CMS ...)
+	TODO: check
+CVE-2008-0457
+	RESERVED
+CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in
the ...)
+	TODO: check
+CVE-2008-0455 (Cross-site scripting (XSS) vulnerability in the mod_negotiation
module ...)
+	TODO: check
+CVE-2008-0454 (Cross-zone scripting vulnerability in the Internet Explorer web
...)
+	TODO: check
+CVE-2008-0453 (SQL injection vulnerability in list.php in Easysitenetwork
Recipe ...)
+	TODO: check
+CVE-2008-0452 (Directory traversal vulnerability in articles.php in Siteman
1.1.9 ...)
+	TODO: check
+CVE-2008-0451 (Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow
remote ...)
+	TODO: check
+CVE-2008-0450 (Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS
4.2.1.c ...)
+	TODO: check
+CVE-2008-0449 (SQL injection vulnerability in paypalresult.asp in VP-ASP
Shopping ...)
+	TODO: check
+CVE-2008-0448 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-0447 (SQL injection vulnerability in index.php in Foojan WMS PHP
Weblog 1.0 ...)
+	TODO: check
+CVE-2008-0446 (SQL injection vulnerability in voircom.php in LulieBlog 1.02
allows ...)
+	TODO: check
+CVE-2008-0445 (The replace_inline_img function in elogd in Electronic Logbook
(ELOG) ...)
+	TODO: check
+CVE-2008-0444 (Cross-site scripting (XSS) vulnerability in Electronic Logbook
(ELOG) ...)
+	TODO: check
+CVE-2008-0443 (Heap-based buffer overflow in the FileUploader.FUploadCtl.1
ActiveX ...)
+	TODO: check
+CVE-2008-0442 (PHP remote file inclusion vulnerability in inc/linkbar.php in
Small ...)
+	TODO: check
+CVE-2008-0441 (IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores
passwords in ...)
+	TODO: check
+CVE-2008-0440 (AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in
...)
+	TODO: check
+CVE-2008-0439 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2008-0438 (Cross-site scripting (XSS) vulnerability in the font rendering
...)
+	TODO: check
+CVE-2008-0437 (Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14
...)
+	TODO: check
+CVE-2008-0436 (Cross-site scripting (XSS) vulnerability in
profile-upload/upload.asp ...)
+	TODO: check
+CVE-2008-0435 (Directory traversal vulnerability in index.php in OZJournals
2.1.1 ...)
+	TODO: check
+CVE-2008-0434 (Format string vulnerability in the AXIMilter module in AXIGEN
Mail ...)
+	TODO: check
+CVE-2008-0433 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-0432 (Cross-site scripting (XSS) vulnerability in index.php in
phpAutoVideo ...)
+	TODO: check
+CVE-2008-0431 (Directory traversal vulnerability in administrator/download.php
in ...)
+	TODO: check
+CVE-2008-0430 (SQL injection vulnerability in form.php in 360 Web Manager 3.0
allows ...)
+	TODO: check
+CVE-2008-0429 (SQL injection vulnerability in index.php in AlstraSoft Forum Pay
Per ...)
+	TODO: check
+CVE-2008-0428 (Multiple SQL injection vulnerabilities in the login function in
...)
+	TODO: check
+CVE-2008-0427 (Directory traversal vulnerability in file.php in bloofoxCMS 0.3
allows ...)
+	TODO: check
+CVE-2008-0426 (Multiple cross-site scripting (XSS) vulnerabilities in
submit.php in ...)
+	TODO: check
+CVE-2008-0425 (Absolute path traversal vulnerability in explorerdir.php in
Frimousse ...)
+	TODO: check
+CVE-2008-0424 (SQL injection vulnerability in blog.php in Mooseguy Blog System
(MGBS) ...)
+	TODO: check
+CVE-2008-0423 (Multiple PHP remote file inclusion vulnerabilities in Lama
Software ...)
+	TODO: check
+CVE-2008-0422 (SQL injection vulnerability in mail.php in boastMachine (aka
bMachine) ...)
+	TODO: check
+CVE-2008-0421 (SQL injection vulnerability in Invision Gallery 2.0.7 and
earlier ...)
+	TODO: check
+CVE-2008-0420
+	RESERVED
+CVE-2008-0419
+	RESERVED
+CVE-2008-0418
+	RESERVED
+CVE-2008-0417
+	RESERVED
+CVE-2008-0416
+	RESERVED
+CVE-2008-0415
+	RESERVED
+CVE-2008-0414
+	RESERVED
+CVE-2008-0413
+	RESERVED
+CVE-2008-0412
+	RESERVED
+CVE-2008-0411
+	RESERVED
+CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel
2.4.21 ...)
+	TODO: check
 CVE-2008-XXXX [openssh local users may hijack forwarded X connections]
 	- openssh <unfixed> (bug #463011)
 CVE-2008-XXXX [exempi buffer overflow in GIF ReadHeader() function]
@@ -6,18 +190,18 @@
 	- sdl-image1.2 1.2.6-2 (medium)
 	NOTE: CVE id requested
 	NOTE: see http://www.securityfocus.com/archive/1/486853/30/30/threaded
-CVE-2008-0410
-	RESERVED
-CVE-2008-0409
-	RESERVED
-CVE-2008-0408
-	RESERVED
-CVE-2008-0407
-	RESERVED
-CVE-2008-0406
-	RESERVED
-CVE-2008-0405
-	RESERVED
+CVE-2008-0410 (HTTP File Server (HFS) before 2.2c allows remote attackers to
obtain ...)
+	TODO: check
+CVE-2008-0409 (Cross-site scripting (XSS) vulnerability in HTTP File Server
(HFS) ...)
+	TODO: check
+CVE-2008-0408 (HTTP File Server (HFS) before 2.2c allows remote attackers to
append ...)
+	TODO: check
+CVE-2008-0407 (HTTP File Server (HFS) before 2.2c tags HTTP request log entries
with ...)
+	TODO: check
+CVE-2008-0406 (HTTP File Server (HFS) before 2.2c, when account names are used
as log ...)
+	TODO: check
+CVE-2008-0405 (Multiple directory traversal vulnerabilities in HTTP File Server
(HFS) ...)
+	TODO: check
 CVE-2008-0404 (Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1
allows ...)
 	- mantis <not-affected> (Vulnerable code not present)
 	NOTE: code was introduced in the 1.1.x series, which are not shipped by us yet
@@ -53,8 +237,8 @@
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2008-0388 (SQL injection vulnerability in the WP-Forum 1.7.4 plugin for
WordPress ...)
 	NOT-FOR-US: WP-Forum plugin for WordPress
-CVE-2008-0387
-	RESERVED
+CVE-2008-0387 (Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before
...)
+	TODO: check
 CVE-2008-0386 [arbitrary code execution in xdg-utils via crafted path name]
 	RESERVED
 	- xdg-utils <unfixed> (low; bug #463471)
@@ -542,12 +726,12 @@
 	RESERVED
 CVE-2008-0177
 	RESERVED
-CVE-2008-0176
-	RESERVED
-CVE-2008-0175
-	RESERVED
-CVE-2008-0174
-	RESERVED
+CVE-2008-0176 (Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY
HMI ...)
+	TODO: check
+CVE-2008-0175 (Unrestricted file upload vulnerability in GE Fanuc Proficy
Real-Time ...)
+	TODO: check
+CVE-2008-0174 (GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier
uses ...)
+	TODO: check
 CVE-2008-0172 (The get_repeat_type function in basic_regex_creator.hpp in the
Boost ...)
 	- boost <unfixed> (low; bug #461236)
 CVE-2008-0171 (regex/v4/perl_matcher_non_recursive.hpp in the Boost regex
library ...)
@@ -681,7 +865,7 @@
 	NOTE: the issue itself has a quite small attack vector
 	NOTE: and considering that the apache configuration that comes
 	NOTE: with moodle limits connections to localhost this is no issue
-CVE-2008-0122 (Off-by-one error in the inet_network function in libc in FreeBSD
6.2, ...)
+CVE-2008-0122 (Off-by-one error in the inet_network function in libbind in ISC
BIND ...)
 	- bind <removed>
 	[sarge] - bind <no-dsa> (applications will use inet_network in libc)
 	[etch] - bind <no-dsa> (applications will use inet_network in libc)
@@ -1436,10 +1620,10 @@
 	NOT-FOR-US: predating security tracker
 CVE-2008-0030
 	RESERVED
-CVE-2008-0029
-	RESERVED
-CVE-2008-0028
-	RESERVED
+CVE-2008-0029 (Cisco Application Velocity System (AVS) before 5.1.0 is
installed with ...)
+	TODO: check
+CVE-2008-0028 (Unspecified vulnerability in Cisco PIX 500 Series Security
Appliance ...)
+	TODO: check
 CVE-2008-0027 (Heap-based buffer overflow in the Certificate Trust List (CTL)
...)
 	NOT-FOR-US: Cisco
 CVE-2008-0026
@@ -1472,8 +1656,8 @@
 	- xorg-server 2:1.4.1~git20080105-2
 CVE-2007-6426
 	RESERVED
-CVE-2007-6425
-	RESERVED
+CVE-2007-6425 (Unspecified vulnerability in HP-UX B.11.31, when running ARPA
...)
+	TODO: check
 CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running
in ...)
 	NOT-FOR-US: Fonality Trixbox
 CVE-2007-6423 (** DISPUTED ** ...)
@@ -1501,8 +1685,7 @@
 	- xen-unstable <not-affected> (We only have xen for i386 and amd64)
 	- xen-3 <not-affected> (We only have xen for i386 and amd64)
 	- xen-3.0 <not-affected> (We only have xen for i386 and amd64)
-CVE-2007-6415
-	RESERVED
+CVE-2007-6415 (scponly 4.6 and earlier allows remote authenticated users to
bypass ...)
 	{DSA-1473-1}
 	- scponly 4.6-1.2 (high)
 CVE-2007-6414 (admin/administrator.php in Adult Script 1.6 and earlier sends a
...)
@@ -2001,13 +2184,12 @@
 	RESERVED
 CVE-2008-0009
 	RESERVED
-CVE-2008-0008 [prevent pulseaudio from dropping permissions]
-	RESERVED
+CVE-2008-0008 (The pa_drop_root function in PulseAudio 0.9.8, and a certain
0.9.9 ...)
 	{DSA-1476-1}
 	- pulseaudio 0.9.9-1
 CVE-2008-0007
 	RESERVED
-CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1 and (2) the
Sun ...)
+CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the
libfont ...)
 	{DSA-1466-2 DTSA-110-1}
 	- xorg-server 2:1.4.1~git20080105-2
 	- libxfont 1:1.3.1-2
@@ -3171,8 +3353,8 @@
 	NOT-FOR-US: Oracle
 CVE-2007-5765
 	RESERVED
-CVE-2007-5764
-	RESERVED
+CVE-2007-5764 (Buffer overflow in the pioout program in printers.rte in IBM AIX
5.2, ...)
+	TODO: check
 CVE-2007-5763
 	RESERVED
 CVE-2007-5762 (NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91
SP4, ...)
@@ -6242,8 +6424,7 @@
 	NOT-FOR-US: Xwiki
 CVE-2005-4862 (The search functionality in XWiki 0.9.793 indexes cleartext user
...)
 	NOT-FOR-US: Xwiki
-CVE-2007-4850 [php curl safe mode bypass]
-	RESERVED
+CVE-2007-4850 (curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4
and ...)
 	- php4 <removed> (unimportant)
 	- php5 <unfixed> (unimportant)
 	NOTE: Safe mode bypasses not treated as security problems
@@ -6425,10 +6606,10 @@
 	- postgresql-8.2 8.2.6-1
 	- postgresql-8.1 8.1.11-1
 	[sarge] - postgresql <unfixed>
-CVE-2007-4771
-	RESERVED
-CVE-2007-4770
-	RESERVED
+CVE-2007-4771 (Heap-based buffer overflow in the doInterval function in
regexcmp.cpp ...)
+	TODO: check
+CVE-2007-4770 (libicu in International Components for Unicode (ICU) 3.8.1 and
earlier ...)
+	TODO: check
 CVE-2007-4769 (The regular expression parser in TCL before 8.4.17, as used in
...)
 	{DSA-1463-1 DSA-1460-1}
 	- postgresql-8.2 8.2.6-1
@@ -6908,8 +7089,8 @@
 	NOT-FOR-US: Sophos
 CVE-2007-4577 (Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote
attackers ...)
 	NOT-FOR-US: Sophos
-CVE-2007-4576
-	RESERVED
+CVE-2007-4576 (Unspecified vulnerability in HSQLDB 1.8.0.8, and possibly other
...)
+	TODO: check
 CVE-2007-4575 (Unspecified vulnerability in HSQLDB before 1.8.0.9 in
OpenOffice.org ...)
 	{DSA-1419-1}
 	- openoffice.org 2.3.1~rc1-1 (medium; bug #454463)
Secure testing commits - Jan 2008 - r8063 - data/CVE

[Secure-testing-commits] r8063 - data/CVE
