joeyh at alioth.debian.org
2008-Feb-14 09:14 UTC
[Secure-testing-commits] r8156 - data/CVE
Author: joeyh
Date: 2008-02-14 09:14:18 +0000 (Thu, 14 Feb 2008)
New Revision: 8156
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-02-13 21:12:56 UTC (rev 8155)
+++ data/CVE/list 2008-02-14 09:14:18 UTC (rev 8156)
@@ -1,3 +1,107 @@
+CVE-2008-0777
+ RESERVED
+CVE-2008-0776 (SQL injection vulnerability in detail.php in iTechBids Gold 6.0
allows ...)
+ TODO: check
+CVE-2008-0775 (Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple
...)
+ TODO: check
+CVE-2008-0774 (Cross-site scripting (XSS) vulnerability in search.cgi in Loris
Hotel ...)
+ TODO: check
+CVE-2008-0773 (SQL injection vulnerability in Phil Taylor Comments
(com_comments, aka ...)
+ TODO: check
+CVE-2008-0772 (SQL injection vulnerability in index.php in the com_doc
component for ...)
+ TODO: check
+CVE-2008-0771 (Multiple SQL injection vulnerabilities in default.asp in
Site2Nite ...)
+ TODO: check
+CVE-2008-0770 (SQL injection vulnerability in arcade.php in ibProArcade 3.3.0
and ...)
+ TODO: check
+CVE-2008-0769 (Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0
through ...)
+ TODO: check
+CVE-2008-0768 (Multiple stack-based and heap-based buffer overflows in the
Windows ...)
+ TODO: check
+CVE-2008-0767 (ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15
and ...)
+ TODO: check
+CVE-2008-0766 (Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote
Print ...)
+ TODO: check
+CVE-2008-0765 (Multiple cross-site scripting (XSS) vulnerabilities in artmedic
...)
+ TODO: check
+CVE-2008-0764 (Format string vulnerability in the logging function in Larson
Network ...)
+ TODO: check
+CVE-2008-0763 (Stack-based buffer overflow in NPSpcSVR.exe in Larson Network
Print ...)
+ TODO: check
+CVE-2008-0762 (SQL injection vulnerability in index.php in the com_iomezun
component ...)
+ TODO: check
+CVE-2008-0761 (SQL injection vulnerability in index.php in the Prince Clan
Chess Club ...)
+ TODO: check
+CVE-2008-0760 (Directory traversal vulnerability in SafeNet Sentinel Protection
...)
+ TODO: check
+CVE-2008-0759 (ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15
and ...)
+ TODO: check
+CVE-2008-0758 (Multiple directory traversal vulnerabilities in the Zidget/HTTP
...)
+ TODO: check
+CVE-2008-0757 (Cross-site scripting (XSS) vulnerability in index.php in
MercuryBoard ...)
+ TODO: check
+CVE-2008-0756 (The LPD server in cyan soft Opium OPI Server 4.10.1028 and
earlier; ...)
+ TODO: check
+CVE-2008-0755 (Format string vulnerability in the ReportSysLogEvent function in
the ...)
+ TODO: check
+CVE-2008-0754 (Multiple SQL injection vulnerabilities in index.php in the Rapid
...)
+ TODO: check
+CVE-2008-0753 (SQL injection vulnerability in calendar.php in Virtual War
(VWar) 1.5 ...)
+ TODO: check
+CVE-2008-0752 (SQL injection vulnerability in index.php in the Neogallery ...)
+ TODO: check
+CVE-2008-0751 (Cross-site scripting (XSS) vulnerability in the Freetag before
2.96 ...)
+ TODO: check
+CVE-2008-0750 (SQL injection vulnerability in philboard_forum.asp in Husrev
...)
+ TODO: check
+CVE-2008-0749 (Cross-site scripting (XSS) vulnerability in index.php in
Calimero.CMS ...)
+ TODO: check
+CVE-2008-0748 (Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1
ActiveX ...)
+ TODO: check
+CVE-2008-0747 (Stack-based buffer overflow in COWON America jetAudio 7.0.5 and
...)
+ TODO: check
+CVE-2008-0746 (SQL injection vulnerability in index.php in the Gallery
(com_gallery) ...)
+ TODO: check
+CVE-2008-0745 (Directory traversal vulnerability in aides/index.php in DomPHP
0.82 ...)
+ TODO: check
+CVE-2008-0744 (SQL injection vulnerability in user_login.asp in PreProjects.com
Pre ...)
+ TODO: check
+CVE-2008-0743 (PHP remote file inclusion vulnerability in members_help.php in
Joovili ...)
+ TODO: check
+CVE-2008-0742 (Multiple directory traversal vulnerabilities in PowerScripts
PowerNews ...)
+ TODO: check
+CVE-2008-0741 (Unspecified vulnerability in the PropFilePasswordEncoder utility
in ...)
+ TODO: check
+CVE-2008-0740 (IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25
...)
+ TODO: check
+CVE-2008-0739 (SQL injection vulnerability in admin/SA_shipFedExMeter.asp in
...)
+ TODO: check
+CVE-2008-0738 (Multiple SQL injection vulnerabilities in CandyPress (CP)
4.1.1.26, ...)
+ TODO: check
+CVE-2008-0737 (SQL injection vulnerability in admin/utilities_ConfigHelp.asp in
...)
+ TODO: check
+CVE-2008-0736 (admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and
possibly ...)
+ TODO: check
+CVE-2008-0735 (SQL injection vulnerability in mod/gallery/ajax/gallery_data.php
in ...)
+ TODO: check
+CVE-2008-0734 (SQL injection vulnerability in class_auth.php in Limbo CMS
1.0.4.2, ...)
+ TODO: check
+CVE-2008-0733 (SQL injection vulnerability in index.php in CS Team Counter
Strike ...)
+ TODO: check
+CVE-2007-6701 (Multiple stack-based buffer overflows in the Spooler service
...)
+ TODO: check
+CVE-2006-7231 (SQL injection vulnerability in display.asp in Civica Software
Civica ...)
+ TODO: check
+CVE-2003-1544 (Unrestricted critical resource lock in Terminal Services for
Windows ...)
+ TODO: check
+CVE-2003-1543 (Cross-site scripting (XSS) vulnerability in Bajie Http Web
Server ...)
+ TODO: check
+CVE-2003-1542 (Directory traversal vulnerability in plugins/file.php in ...)
+ TODO: check
+CVE-2003-1541 (PlanetMoon Guestbook tr3.a stores sensitive information under
the web ...)
+ TODO: check
+CVE-2003-1540 (WF-Chat 1.0 Beta stores sensitive information under the web root
with ...)
+ TODO: check
CVE-2008-0732 (The init script for Apache Geronimo on SUSE Linux follows
symlinks ...)
NOT-FOR-US: Apache Geronimo
CVE-2008-0731 (The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does
not ...)
@@ -140,8 +244,8 @@
NOT-FOR-US: Aurigma Image Uploader
CVE-2008-0659 (Stack-based buffer overflow in Aurigma Image Uploader ActiveX
control ...)
NOT-FOR-US: Aurigma Image Uploader
-CVE-2008-0658
- RESERVED
+CVE-2008-0658 (slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP
...)
+ TODO: check
CVE-2008-0657 (Multiple unspecified vulnerabilities in the Java Runtime
Environment ...)
- sun-java6 6-02-1
- sun-java5 1.5.0-14-1
@@ -183,8 +287,8 @@
RESERVED
CVE-2008-0640 (Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and
2.0.1 ...)
NOT-FOR-US: Symantec Ghost Solution Suite
-CVE-2008-0639
- RESERVED
+CVE-2008-0639 (Stack-based buffer overflow in the EnumPrinters function in the
...)
+ TODO: check
CVE-2008-0638
RESERVED
CVE-2008-0637
@@ -469,7 +573,7 @@
NOT-FOR-US: web interface for the BGPD daemon
CVE-2007-6699 (Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX
control ...)
NOT-FOR-US: AIM PicEditor
-CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36, allows
remote ...)
+CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36 allows
remote ...)
- openldap2.3 2.3.38-1
- openldap2.2 <removed>
- openldap2 <not-affected> (slapd not built)
@@ -765,7 +869,7 @@
NOT-FOR-US: Belkin Wireless firmware
CVE-2008-0402 (Unspecified vulnerability in IBM WebSphere Business Modeler
Basic and ...)
NOT-FOR-US: IBM WebSphere Business Modeler
-CVE-2008-0401 (Unspecified vulnerability in the HTTP server in IBM Tivoli ...)
+CVE-2008-0401 (Buffer overflow in the logging functionality of the HTTP server
in IBM ...)
NOT-FOR-US: IBM Tivoli Provisioning Manager for OS Deployment before
CVE-2008-0400 (Cross-site scripting (XSS) vulnerability in header.tpl.php in
the ...)
NOT-FOR-US: Singapore
@@ -1454,7 +1558,7 @@
RESERVED
CVE-2008-0110
RESERVED
-CVE-2008-0109 (Unspecified vulnerability in Word in Microsoft Office 2000 SP3,
XP ...)
+CVE-2008-0109 (Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and
Office ...)
NOT-FOR-US: Microsoft Office
CVE-2008-0108 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and
SP3, ...)
NOT-FOR-US: Microsoft Office
@@ -1540,7 +1644,7 @@
RESERVED
CVE-2008-0078 (Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in
...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2008-0077 (Unspecified vulnerability in Microsoft Internet Explorer 6 SP1,
6 SP2, ...)
+CVE-2008-0077 (Use-after-free vulnerability in Microsoft Internet Explorer 6
SP1, 6 ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0076 (Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6
SP1 ...)
NOT-FOR-US: Microsoft Internet Explorer
@@ -2198,8 +2302,8 @@
- jbosseam <itp> (bug #451956)
CVE-2007-6432
RESERVED
-CVE-2007-6431
- RESERVED
+CVE-2007-6431 (Unspecified vulnerability in Adobe Flash Media Server 2 before
2.0.5, ...)
+ TODO: check
CVE-2007-6430 (Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before
1.4.16, and ...)
- asterisk 1:1.4.16.2~dfsg-1 (low; bug #457063)
[etch] - asterisk <no-dsa> (Minor issue, eventually fix in a later DSA)
@@ -2911,10 +3015,10 @@
CVE-2007-6151 (The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23
allows ...)
{DSA-1479-1}
- linux-2.6 2.6.23-2
-CVE-2007-6149
- RESERVED
-CVE-2007-6148
- RESERVED
+CVE-2007-6149 (Multiple integer overflows in the Edge server in Adobe Flash
Media ...)
+ TODO: check
+CVE-2007-6148 (Use-after-free vulnerability in the Edge server in Adobe Flash
Media ...)
+ TODO: check
CVE-2007-6147 (Multiple PHP remote file inclusion vulnerabilities in IAPR
COMMENCE ...)
NOT-FOR-US: IAPR COMMENCE
CVE-2007-6146 (Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02
on ...)
@@ -3847,7 +3951,7 @@
NOT-FOR-US: Apache Geronimo
CVE-2007-5796 (Cross-site scripting (XSS) vulnerability in the management
console in ...)
NOT-FOR-US: Blue Coat ProxySG
-CVE-2007-5794 (Race condition in nss_ldap, when used in applications that use
pthread ...)
+CVE-2007-5794 (Race condition in nss_ldap, when used in applications that are
linked ...)
{DSA-1430-1}
- libnss-ldap 256-1 (bug #453868)
CVE-2007-5839 (The e_hostname function in commands.c in BitchX 1.1a allows
local ...)
@@ -3921,7 +4025,7 @@
CVE-2007-5764 (Buffer overflow in the pioout program in printers.rte in IBM AIX
5.2, ...)
NOT-FOR-US: IBM AIX
CVE-2007-5763
- RESERVED
+ REJECTED
CVE-2007-5762 (NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91
SP4, ...)
NOT-FOR-US: Novell NetWare Client
CVE-2007-5761 (The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build
1011 ...)
@@ -3933,8 +4037,8 @@
REJECTED
CVE-2007-5758
RESERVED
-CVE-2007-5757
- RESERVED
+CVE-2007-5757 (Untrusted search path vulnerability in db2pd in IBM DB2
Universal ...)
+ TODO: check
CVE-2007-5756 (Multiple array index errors in the bpf_filter_init function in
NPF.SYS ...)
NOT-FOR-US: WinPcap
CVE-2007-5755 (Multiple stack-based buffer overflows in the AOL AmpX ActiveX
control ...)
@@ -9786,8 +9890,8 @@
NOT-FOR-US: Maxsi eVisit Analyst
CVE-1999-1592 (Multiple unspecified vulnerabilities in sendmail 5, as installed
on ...)
- sendmail <not-affected> (Concerns only ancient sendmail V5)
-CVE-2007-3676
- RESERVED
+CVE-2007-3676 (IBM DB2 Universal Database (UDB) Administration Server (DAS) 8
before ...)
+ TODO: check
CVE-2007-3675 (Multiple format string vulnerabilities in the
kavwebscan.CKAVWebScan ...)
NOT-FOR-US: Kaspersky Online Scanner
CVE-2007-3674
@@ -65997,9 +66101,9 @@
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0312 (IBM WebSphere plugin for Netscape Enterprise server allows
remote ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2001-0308 (UploadServlet in Bajie HTTP JServer 0.78 allows remote attackers
to ...)
+CVE-2001-0308 (UploadServlet in Bajie HTTP JServer 0.78, and possibly other
versions ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2001-0307 (Bajie HTTP JServer 0.78 allows remote attackers to execute
arbitrary ...)
+CVE-2001-0307 (Bajie HTTP JServer 0.78, and other versions before 0.80, allows
remote ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0306 (Directory traversal vulnerability in ITAfrica WEBactive HTTP
Server ...)
NOT-FOR-US: Data pre-dating the Security Tracker