thr3ads.net - Secure testing commits - [Secure-testing-commits] r8016

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Jan-23 09:14 UTC
[Secure-testing-commits] r8016 - data/CVE

Author: joeyh
Date: 2008-01-23 09:14:13 +0000 (Wed, 23 Jan 2008)
New Revision: 8016

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-01-23 00:39:22 UTC (rev 8015)
+++ data/CVE/list	2008-01-23 09:14:13 UTC (rev 8016)
@@ -1,3 +1,119 @@
+CVE-2008-0410
+	RESERVED
+CVE-2008-0409
+	RESERVED
+CVE-2008-0408
+	RESERVED
+CVE-2008-0407
+	RESERVED
+CVE-2008-0406
+	RESERVED
+CVE-2008-0405
+	RESERVED
+CVE-2008-0404 (Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1
allows ...)
+	TODO: check
+CVE-2008-0403 (The web server in Belkin Wireless G Plus MIMO Router F5D9230-4
does ...)
+	TODO: check
+CVE-2008-0402 (Unspecified vulnerability in IBM WebSphere Business Modeler
Basic and ...)
+	TODO: check
+CVE-2008-0401 (Unspecified vulnerability in the HTTP server in IBM Tivoli ...)
+	TODO: check
+CVE-2008-0400 (Cross-site scripting (XSS) vulnerability in header.tpl.php in
the ...)
+	TODO: check
+CVE-2008-0399 (Multiple buffer overflows in Toshiba Surveillance (Surveillix)
...)
+	TODO: check
+CVE-2008-0398 (Cross-site scripting (XSS) vulnerability in aflog 1.01, and
possibly ...)
+	TODO: check
+CVE-2008-0397 (Multiple SQL injection vulnerabilities in aflog 1.01, and
possibly ...)
+	TODO: check
+CVE-2008-0396 (Directory traversal vulnerability in BitDefender Update Server
...)
+	TODO: check
+CVE-2008-0395 (Kayako SupportSuite 3.11.01 allows remote attackers to obtain
server ...)
+	TODO: check
+CVE-2008-0394 (Buffer overflow in Citadel SMTP server 7.10 and earlier allows
remote ...)
+	TODO: check
+CVE-2008-0393 (Directory traversal vulnerability in info.php in GradMan 0.1.3
and ...)
+	TODO: check
+CVE-2008-0392 (Multiple buffer overflows in Microsoft Visual Basic Enterprise
Edition ...)
+	TODO: check
+CVE-2008-0391 (inc/elementz.php in aliTalk 1.9.1.1 does not properly verify
...)
+	TODO: check
+CVE-2008-0390 (stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS,
allows ...)
+	TODO: check
+CVE-2008-0389 (Unspecified vulnerability in the serveServletsByClassnameEnabled
...)
+	TODO: check
+CVE-2008-0388 (SQL injection vulnerability in the WP-Forum 1.7.4 plugin for
WordPress ...)
+	TODO: check
+CVE-2008-0387
+	RESERVED
+CVE-2008-0386
+	RESERVED
+CVE-2008-0385
+	RESERVED
+CVE-2008-0384 (OpenBSD 4.2 allows local users to cause a denial of service
(kernel ...)
+	TODO: check
+CVE-2008-0383 (Multiple SQL injection vulnerabilities in MyBB 1.2.10 and
earlier ...)
+	TODO: check
+CVE-2008-0382 (Multiple eval injection vulnerabilities in MyBB 1.2.10 and
earlier ...)
+	TODO: check
+CVE-2008-0381 (Unspecified vulnerability in Mahara before 0.9.1 has unknown
impact ...)
+	TODO: check
+CVE-2008-0380 (Buffer overflow in the Digital Data Communications RtspVaPgCtrl
...)
+	TODO: check
+CVE-2008-0379 (Race condition in the Enterprise Tree ActiveX control ...)
+	TODO: check
+CVE-2008-0378 (Stack-based buffer overflow in SocksCap 2.40-051231 and earlier,
when ...)
+	TODO: check
+CVE-2008-0377 (MicroNews allows remote attackers to bypass authentication and
gain ...)
+	TODO: check
+CVE-2008-0376 (PHP remote file inclusion vulnerability in inc/linkbar.php in
Small ...)
+	TODO: check
+CVE-2008-0375 (Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU
...)
+	TODO: check
+CVE-2008-0374 (OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and
Web ...)
+	TODO: check
+CVE-2008-0373 (Unrestricted file upload vulnerability in PHP F1 Max''s
File Uploader ...)
+	TODO: check
+CVE-2008-0372 (8e6 R3000 Internet Filter 2.0.05.33, and other versions before
2.0.11, ...)
+	TODO: check
+CVE-2008-0371 (Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when
...)
+	TODO: check
+CVE-2008-0370 (Cross-site scripting (XSS) vulnerability in dohtaccess.html in
cPanel ...)
+	TODO: check
+CVE-2008-0369 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS)
10.x ...)
+	TODO: check
+CVE-2008-0368 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS)
10.x ...)
+	TODO: check
+CVE-2008-0367 (Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions,
when ...)
+	TODO: check
+CVE-2008-0366 (CORE FORCE before 0.95.172 does not properly validate arguments
to ...)
+	TODO: check
+CVE-2008-0365 (Multiple buffer overflows in CORE FORCE before 0.95.172 allow
local ...)
+	TODO: check
+CVE-2008-0364 (Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2)
uTorrent ...)
+	TODO: check
+CVE-2008-0363 (Multiple SQL injection vulnerabilities in Clever Copy 3.0 and
earlier ...)
+	TODO: check
+CVE-2008-0362 (Cross-site scripting (XSS) vulnerability in gallery.php in
Clever Copy ...)
+	TODO: check
+CVE-2008-0361 (Directory traversal vulnerability in agregar_info.php in GradMan
0.1.3 ...)
+	TODO: check
+CVE-2008-0360 (Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow
remote ...)
+	TODO: check
+CVE-2008-0359 (Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS
4.2.1b ...)
+	TODO: check
+CVE-2008-0358 (SQL injection vulnerability in index.php in Pixelpost 1.7 allows
...)
+	TODO: check
+CVE-2008-0357 (Directory traversal vulnerability in pages/upload.php in
Galaxyscripts ...)
+	TODO: check
+CVE-2008-0356 (Buffer overflow in the Independent Management Architecture (IMA)
...)
+	TODO: check
+CVE-2008-0355 (SQL injection vulnerability in index.php in the forum module in
...)
+	TODO: check
+CVE-2008-0354 (Cross-site scripting (XSS) vulnerability in the chat client in
IBM ...)
+	TODO: check
+CVE-2008-0353 (SQL injection vulnerability in visualizza_tabelle.php in
php-residence ...)
+	TODO: check
 CVE-2008-XXXX [firebird DoS]
 	- firebird2.0 2.0.3.12981.ds1-4 (bug #460048)
 	TODO: check firebird2
@@ -49,7 +165,7 @@
 	NOT-FOR-US: Aria ERP (not the aria we ship)
 CVE-2008-0331 (Unspecified vulnerability in Funkwerk System Software before
7.4.1 ...)
 	NOT-FOR-US: Funkwerk 
-CVE-2008-0330 (Radiator before 4.0 allows remote attackers to cause a denial of
...)
+CVE-2008-0330 (Open System Consultants (OSC) Radiator before 4.0 allows remote
...)
 	NOT-FOR-US: Radiator
 CVE-2008-0329 (LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) ...)
 	NOT-FOR-US: LulieBlog
@@ -244,7 +360,7 @@
 	NOT-FOR-US: PHP Webquest
 CVE-2008-0248 (Buffer overflow in an ActiveX control in ccpm_0237.dll for
StreamAudio ...)
 	NOT-FOR-US: StreamAudio ChainCast ProxyManager
-CVE-2008-0247 (Heap-based buffer overflow in IBM Tivoli Storage Manager (TSM)
Express ...)
+CVE-2008-0247 (Heap-based buffer overflow in the Express Backup Server service
...)
 	NOT-FOR-US: IBM Tivoli Storage Manager
 CVE-2008-0246 (admin.php in UploadScript 1.0 does not check for the original
password ...)
 	NOT-FOR-US: UploadScript
@@ -526,8 +642,7 @@
 	NOT-FOR-US: Instant Softwares Dating Site
 CVE-2008-0129 (SQL injection vulnerability in starnet/addons/slideshow_full.php
in ...)
 	NOT-FOR-US: Site at School
-CVE-2008-0128 [Tomcat does not enforce HTTPS for SSO cookies]
-	RESERVED
+CVE-2008-0128 (The SingleSignOn Valve ...)
 	{DSA-1468-1}
 	- tomcat5 <removed> (unimportant)
 	NOTE: SSO cookies not working in 5.0, have only been fixed in 5.5.13, see
#34724
@@ -690,8 +805,8 @@
 	RESERVED
 CVE-2008-0066
 	RESERVED
-CVE-2008-0065
-	RESERVED
+CVE-2008-0065 (Multiple stack-based buffer overflows in in_mp3.dll in Winamp
5.21, ...)
+	TODO: check
 CVE-2008-0064
 	RESERVED
 CVE-2008-0063
@@ -1324,16 +1439,13 @@
 	- asterisk 1:1.4.16.2~dfsg-1 (low; bug #457063)
 	[etch] - asterisk <no-dsa> (Minor issue, eventually fix in a later DSA)
 	[sarge] - asterisk <not-affected> (Vulnerable code not present)
-CVE-2007-6429
-	RESERVED
+CVE-2007-6429 (Multiple integer overflows in X.Org Xserver before 1.4.1 allow
...)
 	{DSA-1466-2 DTSA-110-1}
 	- xorg-server 2:1.4.1~git20080105-2
-CVE-2007-6428
-	RESERVED
+CVE-2007-6428 (The ProcGetReservedColormapEntries function in the TOG-CUP
extension ...)
 	{DSA-1466-2 DTSA-110-1}
 	- xorg-server 2:1.4.1~git20080105-2
-CVE-2007-6427
-	RESERVED
+CVE-2007-6427 (The XInput extension in X.Org Xserver before 1.4.1 allows ...)
 	{DSA-1466-2 DTSA-110-1}
 	- xorg-server 2:1.4.1~git20080105-2
 CVE-2007-6426
@@ -1868,8 +1980,7 @@
 	RESERVED
 CVE-2008-0007
 	RESERVED
-CVE-2008-0006
-	RESERVED
+CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1 and (2) the
Sun ...)
 	{DSA-1466-2 DTSA-110-1}
 	- xorg-server 2:1.4.1~git20080105-2
 	- libxfont 1:1.3.1-2
@@ -2523,8 +2634,7 @@
 	- iceape 1.1.7-1
 	- xulrunner 1.8.1.11-1
 	NOTE: MFSA2007-38
-CVE-2007-5958
-	RESERVED
+CVE-2007-5958 (X.Org Xserver before 1.4.1 allows local users to determine the
...)
 	{DSA-1466-2 DTSA-110-1}
 	- xorg-server 2:1.4.1~git20080105-2
 CVE-2006-7229 (The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not
properly ...)
@@ -3036,8 +3146,7 @@
 	NOT-FOR-US: Novell NetWare Client
 CVE-2007-5761 (The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build
1011 ...)
 	NOT-FOR-US: Motorola netOctopus
-CVE-2007-5760
-	RESERVED
+CVE-2007-5760 (Array index error in the XFree86-Misc extension in X.Org Xserver
...)
 	{DSA-1466-2 DTSA-110-1}
 	- xorg-server 2:1.4.1~git20080105-2
 CVE-2007-5759
Secure testing commits - Jan 2008 - r8016 - data/CVE

[Secure-testing-commits] r8016 - data/CVE
