thr3ads.net - Secure testing commits - [Secure-testing-commits] r8567

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Apr-18 09:14 UTC
[Secure-testing-commits] r8567 - data/CVE

Author: joeyh
Date: 2008-04-18 09:14:20 +0000 (Fri, 18 Apr 2008)
New Revision: 8567

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-04-18 06:46:47 UTC (rev 8566)
+++ data/CVE/list	2008-04-18 09:14:20 UTC (rev 8567)
@@ -1,3 +1,89 @@
+CVE-2008-1876 (PHP remote file inclusion vulnerability in index.php in
VisualPic ...)
+	TODO: check
+CVE-2008-1875 (SQL injection vulnerability in index.php in Terong PHP Photo
Gallery ...)
+	TODO: check
+CVE-2008-1874 (SQL injection vulnerability in account/user/mail.html in Xpoze
Pro ...)
+	TODO: check
+CVE-2008-1873 (Cross-site scripting (XSS) vulnerability in the private message
...)
+	TODO: check
+CVE-2008-1872 (SQL injection vulnerability in home.news.php in Comdev News
Publisher ...)
+	TODO: check
+CVE-2008-1871 (SQL injection vulnerability in links.php in Scriptsagent.com
Links ...)
+	TODO: check
+CVE-2008-1870 (SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1
and ...)
+	TODO: check
+CVE-2008-1869 (SQL injection vulnerability in Site Sift Listings allows remote
...)
+	TODO: check
+CVE-2008-1868 (admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion)
does ...)
+	TODO: check
+CVE-2008-1867 (SQL injection vulnerability in Blog Pixel Motion (aka Blog ...)
+	TODO: check
+CVE-2008-1866 (admin/modif_config.php in Blog Pixel Motion (aka PixelMotion)
...)
+	TODO: check
+CVE-2008-1865 (Stack-based buffer overflow in the msx_readnode function in
libmosix.c ...)
+	TODO: check
+CVE-2008-1864 (SQL injection vulnerability in project.php in Prozilla
Freelancers ...)
+	TODO: check
+CVE-2008-1863 (SQL injection vulnerability in view_reviews.php in Prozilla
Cheat ...)
+	TODO: check
+CVE-2008-1862 (ExBB Italia 0.22 and earlier only checks GET requests that use
the ...)
+	TODO: check
+CVE-2008-1861 (Directory traversal vulnerability in
modules/threadstop/threadstop.php ...)
+	TODO: check
+CVE-2008-1860 (Static code injection vulnerability in admin.php in LokiCMS
0.3.3 and ...)
+	TODO: check
+CVE-2008-1859 (SQL injection vulnerability in events.php in iScripts SocialWare
...)
+	TODO: check
+CVE-2008-1858 (SQL injection vulnerability in index.php in 724Networks 724CMS
4.01 ...)
+	TODO: check
+CVE-2008-1857 (Multiple directory traversal vulnerabilities in viewsource.php
in Make ...)
+	TODO: check
+CVE-2008-1856 (plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not
...)
+	TODO: check
+CVE-2008-1855 (FrameworkService.exe in McAfee Common Management Agent (CMA)
3.6.0.574 ...)
+	TODO: check
+CVE-2008-1854 (Unspecified vulnerability in SmarterMail Web Server
(SMWebSvr.exe) in ...)
+	TODO: check
+CVE-2008-1853 (The ovtopmd service in HP OpenView Network Node Manager (OV NNM)
7.51, ...)
+	TODO: check
+CVE-2008-1852 (ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51,
7.53, ...)
+	TODO: check
+CVE-2008-1851 (ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51,
7.53, ...)
+	TODO: check
+CVE-2008-1850 (Multiple cross-site scripting (XSS) vulnerabilities in login.php
in ...)
+	TODO: check
+CVE-2008-1849 (Directory traversal vulnerability in index.php in the
joomlaXplorer ...)
+	TODO: check
+CVE-2008-1848 (Cross-site scripting (XSS) vulnerability in the joomlaXplorer
...)
+	TODO: check
+CVE-2008-1847 (SQL injection vulnerability in view.php in CoronaMatrix
phpAddressBook ...)
+	TODO: check
+CVE-2008-1846 (The default configuration of SAP NetWeaver before 7.0 SP15 does
not ...)
+	TODO: check
+CVE-2008-1845 (The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does
not ...)
+	TODO: check
+CVE-2008-1844 (SQL injection vulnerability in cat.php in W2B phpHotResources
allows ...)
+	TODO: check
+CVE-2008-1843 (SQL injection vulnerability in browse.php in W2B DatingClub (aka
...)
+	TODO: check
+CVE-2008-1842 (Integer signedness error in ovspmd.exe in HP OpenView Network
Node ...)
+	TODO: check
+CVE-2008-1841 (SQL injection vulnerability in the session handling
functionality in ...)
+	TODO: check
+CVE-2008-1840 (SQL injection vulnerability in upload.php in Coppermine Photo
Gallery ...)
+	TODO: check
+CVE-2008-1839 (Multgiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2008-1838 (SQL injection vulnerability in BosClassifieds Classified Ads
System ...)
+	TODO: check
+CVE-2008-1836 (The rfc2231 function in message.c in libclamav in ClamAV before
0.93 ...)
+	TODO: check
+CVE-2008-1834 (swfdec_load_object.c in Swfdec before 0.6.4 does not properly
restrict ...)
+	TODO: check
+CVE-2008-1833 (Heap-based buffer overflow in libclamav in ClamAV 0.92.1 allows
remote ...)
+	TODO: check
+CVE-2007-6713 (Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has
unknown ...)
+	TODO: check
 CVE-2007-6714 [dbmail auth bypass]
 	- dbmail 2.2.9
 CVE-2008-1878 [nsf buffer overflow in xine]
@@ -99,8 +185,8 @@
 	TODO: check
 CVE-2008-1787 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
 	TODO: check
-CVE-2008-1786
-	RESERVED
+CVE-2008-1786 (Unspecified vulnerability in the DSM gui_cm_ctrls ActiveX
control ...)
+	TODO: check
 CVE-2008-1785 (delete.php in Prozilla Top 100 1.2 allows remote authenticated
users ...)
 	TODO: check
 CVE-2008-1784 (Prozilla Topsites 1.0 allows remote attackers to perform ...)
@@ -109,11 +195,11 @@
 	TODO: check
 CVE-2008-1782 (phpdemo/viewsource.php in Advanced Software Engineering
ChartDirector ...)
 	TODO: check
-CVE-2008-1837 [clamav 0.93 rar issue]
+CVE-2008-1837 (libclamunrar in ClamAV before 0.93 allows remote attackers to
cause a ...)
 	- clamav <not-affected> (Debian doesn''t include libunrar since
it''s non-free)
-CVE-2008-1835 [clamav 0.93 rar issue]
+CVE-2008-1835 (ClamAV before 0.93 allows remote attackers to bypass the
scanning ...)
 	- clamav <not-affected> (Debian doesn''t include libunrar since
it''s non-free)
-CVE-2008-1832 [secilia insecure tmp file usage]
+CVE-2008-1832 (lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite
...)
 	- cecilia <unfixed> (low; bug #476321)
 	[etch] - cecilica <no-dsa> (Minor issue)
 CVE-2008-1781
@@ -136,8 +222,7 @@
 	NOT-FOR-US: Dragoon
 CVE-2008-1772 (iScripts SocialWare stores passwords in cleartext in a database,
which ...)
 	NOT-FOR-US: iScripts SocialWare
-CVE-2008-1771 [integer overflow in mt-daapd]
-	RESERVED
+CVE-2008-1771 (Integer overflow in the ws_getpostvars function in Firefly Media
...)
 	- mt-daapd 0.9~r1696-1.3 (medium; bug #476241)
 CVE-2008-1770
 	RESERVED
@@ -304,18 +389,19 @@
 	RESERVED
 CVE-2008-1694 [emacs insecure temp file in vcdiff]
 	RESERVED
-        - emacs21 <unfixed> (low; bug #476612) 
-        [etch] - emacs21 <no-dsa> (Minor issue)
-        - emacs22 <unfixed> (low; bug #476611)
-        - xemacs21 <unfixed> (low; bug #476613)
-        [etch] - xemacs21 <no-dsa> (Minor issue)
+	- emacs21 <unfixed> (low; bug #476612) 
+	[etch] - emacs21 <no-dsa> (Minor issue)
+	- emacs22 <unfixed> (low; bug #476611)
+	- xemacs21 <unfixed> (low; bug #476613)
+	[etch] - xemacs21 <no-dsa> (Minor issue)
 CVE-2008-1693 [xpdf lack of typechecking for embedded fonts]
 	RESERVED
-        - xpdf 3.02
-        - poppler <unfixed>
-        TODO: File bug for poppler
-        TODO: kpdf/kdegraphics from Etch are not affected, sid needs to be
checked
-        TODO: check pdftex
+	{DSA-1548-1}
+	- xpdf 3.02
+	- poppler <unfixed>
+	TODO: File bug for poppler
+	TODO: kpdf/kdegraphics from Etch are not affected, sid needs to be checked
+	TODO: check pdftex
 CVE-2008-1692 (Eterm 0.9.4 opens an xterm on :0 if -display is not specified
and the ...)
 	- eterm 0.9.4.0debian1-2.1 (bug #473127)
 CVE-2008-1691 (Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0
and ...)
@@ -481,6 +567,7 @@
 CVE-2008-1615
 	RESERVED
 CVE-2008-1614 (suPHP before 0.6.3 allows local users to gain privileges via (1)
a ...)
+	{DSA-1550-1}
 	- suphp <unfixed> (low; bug #475431)
 CVE-2008-1613
 	RESERVED
@@ -644,7 +731,7 @@
 	- joomla <itp> (bug #326398)
 CVE-2008-1532 (Perlbal before 1.70, when buffered upload is enabled, allows
remote ...)
 	- perlbal <itp> (bug #456534)
-CVE-2008-1531 (lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows
remote ...)
+CVE-2008-1531 (The connection_state_machine function (connections.c) in
lighttpd ...)
 	{DSA-1540-1}
 	- lighttpd 1.4.19-2 (low; bug #475438)
 CVE-2005-4874 (The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP
TRACE ...)
@@ -984,8 +1071,7 @@
 	RESERVED
 CVE-2008-1388
 	RESERVED
-CVE-2008-1387 [clamav 0.93 unarj issue]
-	RESERVED
+CVE-2008-1387 (ClamAV before 0.93 allows remote attackers to cause a denial of
...)
 	- clamav 0.92.1~dfsg2-1
 	[etch] - clamav <not-affected> (Vulnerable code not present)
 CVE-2008-1386
@@ -1002,8 +1088,8 @@
 	- libpng <unfixed> (low)
 CVE-2008-1381
 	RESERVED
-CVE-2008-1380
-	RESERVED
+CVE-2008-1380 (The JavaScript engine in Mozilla Firefox before 2.0.0.14,
Thunderbird ...)
+	TODO: check
 CVE-2008-1379
 	RESERVED
 CVE-2008-1378
@@ -1529,8 +1615,8 @@
 	NOT-FOR-US: Cisco IPM
 CVE-2008-1156 (Unspecified vulnerability in the Multicast Virtual Private
Network ...)
 	NOT-FOR-US: Cisco IOS
-CVE-2008-1155
-	RESERVED
+CVE-2008-1155 (Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x
before ...)
+	TODO: check
 CVE-2008-1154 (The Disaster Recovery Framework (DRF) master server in Cisco
Unified ...)
 	NOT-FOR-US: Cisco IOS
 CVE-2008-1153 (Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and
the ...)
@@ -1698,6 +1784,7 @@
 CVE-2008-1101 (Buffer overflow in kvdocve.dll in the KeyView document viewing
engine ...)
 	NOT-FOR-US: KeyView
 CVE-2008-1100 (Buffer overflow in the cli_scanpe function in libclamav ...)
+	{DSA-1549-1}
 	- clamav 0.92.1~dfsg2-1
 CVE-2008-1099 (_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does
not ...)
 	{DSA-1514-1}
@@ -1869,12 +1956,12 @@
 	RESERVED
 CVE-2008-1027
 	RESERVED
-CVE-2008-1026
-	RESERVED
-CVE-2008-1025
-	RESERVED
-CVE-2008-1024
-	RESERVED
+CVE-2008-1026 (Integer overflow in the PCRE regular expression compiler ...)
+	TODO: check
+CVE-2008-1025 (Cross-site scripting (XSS) vulnerability in Apple WebKit, as
used in ...)
+	TODO: check
+CVE-2008-1024 (Apple Safari before 3.1.1, when running on Windows XP or Vista,
allows ...)
+	TODO: check
 CVE-2008-1023 (Heap-based buffer overflow in Clip opcode parsing in Apple
QuickTime ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2008-1022 (Stack-based buffer overflow in Apple QuickTime before 7.4.5
allows ...)
@@ -2145,10 +2232,10 @@
 	NOT-FOR-US: BEA WebLogic Server and Express
 CVE-2008-0894 (Apple Safari might allow remote attackers to obtain potentially
...)
 	NOT-FOR-US: Apple Safari
-CVE-2008-0893
-	RESERVED
-CVE-2008-0892
-	RESERVED
+CVE-2008-0893 (Red Hat Administration Server, as used by Red Hat Directory
Server 8.0 ...)
+	TODO: check
+CVE-2008-0892 (The replication monitor CGI script (repl-monitor-cgi.pl) in Red
Hat ...)
+	TODO: check
 CVE-2008-0891
 	RESERVED
 CVE-2008-0890 (Red Hat Directory Server 7.1 before SP4 uses insecure
permissions for ...)
@@ -3465,9 +3552,9 @@
 	RESERVED
 CVE-2008-0321
 	RESERVED
-CVE-2008-0320 [oo.o ole buffer overflow]
-	RESERVED
-        - openoffice.org 2.4.0~ooh680m5-1
+CVE-2008-0320 (Heap-based buffer overflow in OpenOffice.org before 2.4 allows
remote ...)
+	{DSA-1547-1}
+	- openoffice.org 2.4.0~ooh680m5-1
 CVE-2008-0319
 	RESERVED
 CVE-2008-0318 (Integer overflow in the cli_scanpe function in libclamav in
ClamAV ...)
@@ -3479,8 +3566,8 @@
 	RESERVED
 CVE-2008-0315
 	RESERVED
-CVE-2008-0314 [clamav spin overflow]
-	RESERVED
+CVE-2008-0314 (Heap-based buffer overflow in spin.c in libclamav in ClamAV
0.92.1 ...)
+	{DSA-1549-1}
 	- clamav <unfixed>
 CVE-2008-0313 (The ActiveDataInfo.LaunchProcess method in the ...)
 	NOT-FOR-US: Symantec Norton products
@@ -4104,8 +4191,8 @@
 	NOT-FOR-US: Orb Networks Orb and Winamp Remote BETA
 CVE-2008-0069 (Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows
...)
 	NOT-FOR-US: XnView
-CVE-2008-0068
-	RESERVED
+CVE-2008-0068 (Directory traversal vulnerability in OpenView5.exe in HP
OpenView ...)
+	TODO: check
 CVE-2008-0067
 	RESERVED
 CVE-2008-0066 (Multiple buffer overflows in htmsr.dll in the HTML speed reader
in ...)
@@ -6494,8 +6581,8 @@
 	- xorg-server 2:1.4.1~git20080105-2
 CVE-2007-5759
 	REJECTED
-CVE-2007-5758
-	RESERVED
+CVE-2007-5758 (Stack-based buffer overflow in db2dasrrm in the DB2
Administration ...)
+	TODO: check
 CVE-2007-5757 (Untrusted search path vulnerability in db2pd in IBM DB2
Universal ...)
 	NOT-FOR-US: IBM DB2
 CVE-2007-5756 (Multiple array index errors in the bpf_filter_init function in
NPF.SYS ...)
@@ -6514,15 +6601,15 @@
 	RESERVED
 CVE-2007-5748
 	RESERVED
-CVE-2007-5747 [oo.o quattro pro issue]
-	RESERVED
-        - openoffice.org 2.4.0~ooh680m5-1
-CVE-2007-5746 [oo.o emf buffer overflow]
-	RESERVED
-        - openoffice.org 2.4.0~ooh680m5-1
-CVE-2007-5745 [oo.o quattro pro issue]
-	RESERVED
-        - openoffice.org 2.4.0~ooh680m5-1
+CVE-2007-5747 (Integer underflow in OpenOffice.org before 2.4 allows remote
attackers ...)
+	{DSA-1547-1}
+	- openoffice.org 2.4.0~ooh680m5-1
+CVE-2007-5746 (Heap-based buffer overflow in OpenOffice.org before 2.4 allows
remote ...)
+	{DSA-1547-1}
+	- openoffice.org 2.4.0~ooh680m5-1
+CVE-2007-5745 (Heap-based buffer overflow in OpenOffice.org before 2.4 allows
remote ...)
+	{DSA-1547-1}
+	- openoffice.org 2.4.0~ooh680m5-1
 CVE-2007-5744
 	RESERVED
 CVE-2007-5743
@@ -7031,8 +7118,8 @@
 	NOT-FOR-US: Adobe Reader
 CVE-2007-5665 (STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security
Management ...)
 	NOT-FOR-US: Novell ZENworks Endpoint Security Management
-CVE-2007-5664
-	RESERVED
+CVE-2007-5664 (db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2
Universal ...)
+	TODO: check
 CVE-2007-5663 (Adobe Reader and Acrobat 8.1.1 and earlier allows remote
attackers to ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2007-5662
@@ -8320,7 +8407,8 @@
 	NOT-FOR-US: Solaris
 CVE-2007-5318 (Unspecified vulnerability in preview.php in TYPOlight webCMS
2.4.6 ...)
 	NOT-FOR-US: Typolight webCMS
-CVE-2007-5317 (Cross-site scripting (XSS) vulnerability in photos.cfm in
Directory ...)
+CVE-2007-5317
+	REJECTED
 	NOT-FOR-US: Directory Image Gallery
 CVE-2007-5316 (SQL injection vulnerability in browsecats.php in Softbiz Jobs
and ...)
 	NOT-FOR-US: Softbiz Jobs
@@ -11427,6 +11515,7 @@
 	- libvorbis 1.2.0.dfsg-1
 	NOTE: svn revisionsions fixing this:
https://bugzilla.redhat.com/show_bug.cgi?id=249780
 CVE-2007-4065 (lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before
1.2.0 ...)
+	{DSA-1471-1}
 	- libvorbis 1.2.0.dfsg-1 (unimportant)
 	NOTE: Just an infinite loop in an enduser multimedia libarary, not treated as
a vulnerability
 	NOTE: svn revisionions fixing this:
https://bugzilla.redhat.com/show_bug.cgi?id=249780
@@ -11469,7 +11558,7 @@
 	{DTSA-58-1}
 	- phpsysinfo 2.5.1-6.1 (unimportant; bug #435935)
 	- phpgroupware 0.9.16.012-1 (low; bug #435936)
-        [etch] - phpgrouwware <not-affected> (Affected code is not used
in phpgroupware)
+	[etch] - phpgrouwware <not-affected> (Affected code is not used in
phpgroupware)
 	- egroupware-phpsysinfo 1.2.107-2.dfsg-1.1 (low; bug #435937)
 	NOTE: phpsysinfo alone doesn''t maintain any data, which makes this an
issue
 CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for
(1) ...)
Secure testing commits - Apr 2008 - r8567 - data/CVE

[Secure-testing-commits] r8567 - data/CVE
