Author: joeyh
Date: 2007-12-28 21:14:13 +0000 (Fri, 28 Dec 2007)
New Revision: 7745
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-12-28 17:22:44 UTC (rev 7744)
+++ data/CVE/list 2007-12-28 21:14:13 UTC (rev 7745)
@@ -1,3 +1,83 @@
+CVE-2007-6564 (Cross-site scripting (XSS) vulnerability in admin.php in Limbo
CMS ...)
+ TODO: check
+CVE-2007-6563 (Heap-based buffer overflow in WinAce 2.65 and earlier, and
possibly ...)
+ TODO: check
+CVE-2007-6562 (Multiple stack-based buffer overflows in the use of FD_SET in
TCPreen ...)
+ TODO: check
+CVE-2007-6561 (Multiple stack-based buffer overflows in PDFLib allow
user-assisted ...)
+ TODO: check
+CVE-2007-6560 (Multiple cross-site scripting (XSS) vulnerabilities in
Logaholic allow ...)
+ TODO: check
+CVE-2007-6559 (Multiple SQL injection vulnerabilities in Logaholic allow
remote ...)
+ TODO: check
+CVE-2007-6558 (TotalPlayer 3.0 allows user-assisted remote attackers to cause
a ...)
+ TODO: check
+CVE-2007-6557 (Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow
remote ...)
+ TODO: check
+CVE-2007-6556 (Multiple SQL injection vulnerabilities in websihirbazi 5.1.1
allow ...)
+ TODO: check
+CVE-2007-6555 (PHP remote file inclusion vulnerability in
modules/mod_pxt_latest.php ...)
+ TODO: check
+CVE-2007-6554 (Multiple directory traversal vulnerabilities in TeamCal Pro
3.1.000 ...)
+ TODO: check
+CVE-2007-6553 (Multiple PHP remote file inclusion vulnerabilities in TeamCal
Pro ...)
+ TODO: check
+CVE-2007-6552 (Directory traversal vulnerability in index.php in AuraCMS 2.2
allows ...)
+ TODO: check
+CVE-2007-6551 (SQL injection vulnerability in showMsg.php in MailMachine Pro
2.2.4 ...)
+ TODO: check
+CVE-2007-6550 (form.php in PMOS Help Desk 2.4 and earlier sends a redirect to
the web ...)
+ TODO: check
+CVE-2007-6549 (Unspecified vulnerability in RunCMS before 1.6.1 has unknown
impact ...)
+ TODO: check
+CVE-2007-6548 (Multiple direct static code injection vulnerabilities in RunCMS
before ...)
+ TODO: check
+CVE-2007-6547 (RunCMS before 1.6.1 does not require entry of the old password
during ...)
+ TODO: check
+CVE-2007-6546 (RunCMS before 1.6.1 uses a predictable session id, which makes
it ...)
+ TODO: check
+CVE-2007-6545 (Multiple cross-site scripting (XSS) vulnerabilities in RunCMS
before ...)
+ TODO: check
+CVE-2007-6544 (Multiple SQL injection vulnerabilities in RunCMS before 1.6.1
allow ...)
+ TODO: check
+CVE-2007-6543 (SQL injection vulnerability in suggest-link.php in eSyndiCat
Link ...)
+ TODO: check
+CVE-2007-6542 (PHP remote file inclusion vulnerability in
admin/frontpage_right.php ...)
+ TODO: check
+CVE-2007-6541 (Multiple cross-site scripting (XSS) vulnerabilities in neuron
news 1.0 ...)
+ TODO: check
+CVE-2007-6540 (SQL injection vulnerability in neuron news 1.0 allows remote
attackers ...)
+ TODO: check
+CVE-2007-6539 (PHP local file inclusion vulnerability in index.php in IDevspot
...)
+ TODO: check
+CVE-2007-6538 (SQL injection vulnerability in
ing/blocks/mrbs/code/web/view_entry.php ...)
+ TODO: check
+CVE-2007-6537 (Stack-based buffer overflow in the zfile_gunzip function in
zfile.c in ...)
+ TODO: check
+CVE-2007-6536 (The Custom Button Installer dialog in Google Toolbar 4 and 5
beta ...)
+ TODO: check
+CVE-2007-6535 (Buffer overflow in the YShortcut ActiveX control in
YShortcut.dll ...)
+ TODO: check
+CVE-2007-6534 (Multiple unspecified vulnerabilities in Microsoft Office
Publisher ...)
+ TODO: check
+CVE-2007-6533 (Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows
...)
+ TODO: check
+CVE-2007-6532
+ RESERVED
+CVE-2007-6531
+ RESERVED
+CVE-2007-6530 (Buffer overflow in the XUpload.ocx ActiveX control in Persits
Software ...)
+ TODO: check
+CVE-2007-6529 (Multiple unspecified vulnerabilities in TikiWiki before 1.9.9
have ...)
+ TODO: check
+CVE-2007-6528 (Directory traversal vulnerability in tiki-listmovies.php in
TikiWiki ...)
+ TODO: check
+CVE-2007-6527 (uploadimg.php in the Automatic Image Upload with Thumbnails ...)
+ TODO: check
+CVE-2007-6526 (Cross-site scripting (XSS) vulnerability in
tiki-special_chars.php in ...)
+ TODO: check
+CVE-2007-6525 (Unspecified vulnerability in eClient in IBM DB2 Content Manager
(CM) ...)
+ TODO: check
CVE-2007-6524 (Opera before 9.25 allows remote attackers to obtain potentially
...)
NOT-FOR-US: Opera
CVE-2007-6523 (Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x
before ...)
@@ -163,6 +243,7 @@
NOT-FOR-US: Mambo
NOTE: Mambo is in experimental
CVE-2007-6454 (Heap-based buffer overflow in the handshakeHTTP function in
servhs.cpp ...)
+ {DSA-1441-1}
- peercast 0.1218+svn20071220+2 (medium; bug #457300)
CVE-2007-6453 (Directory traversal vulnerability in
raidenhttpd-admin/workspace.php ...)
NOT-FOR-US: RaidenHTTPD
@@ -391,6 +472,7 @@
CVE-2007-6382 (The Event Dispatch Thread in Robocode before 1.5.1 allows
remote ...)
NOT-FOR-US: Robocode
CVE-2007-6381 (SQL injection vulnerability in the indexed_search system
extension in ...)
+ {DSA-1439-1}
- typo3-src 4.1.4-1 (low; bug #457446)
NOTE: you need to be a logged in backend user to exploit this
CVE-2007-6380 (Multiple SQL injection vulnerabilities in e-Xoops (exoops)
1.08, and ...)
@@ -3627,8 +3709,8 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5343
RESERVED
-CVE-2007-5342
- RESERVED
+CVE-2007-5342 (The default catalina.policy in the JULI logging component in
Apache ...)
+ TODO: check
CVE-2007-5341
RESERVED
CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla
Firefox ...)
@@ -4468,6 +4550,7 @@
- bugzilla <not-affected> (Vulnerable code not present in the version
we ship)
TODO: check when newer upstream version enters the pool (> 2.22.1-2.2)
CVE-2007-5037 (Buffer overflow in the inotifytools_snprintf function in ...)
+ {DSA-1440-1}
- inotify-tools 3.11-1 (medium; bug #443913)
CVE-2007-5036 (Multiple buffer overflows in the AirDefense Airsensor M520 with
...)
NOT-FOR-US: AirDefense firmware
@@ -5811,12 +5894,13 @@
CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router
allows ...)
NOT-FOR-US: Planet VC-200M VDSL2 router
CVE-2007-4476 (Buffer overflow in the safer_name_suffix function in GNU tar
has ...)
+ {DSA-1438-1}
- tar 1.18-1 (low; bug #441444)
- cpio 2.9-5 (low; bug #449222)
CVE-2007-4475
RESERVED
-CVE-2007-4474
- RESERVED
+CVE-2007-4474 (Multiple stack-based buffer overflows in the IBM Lotus Domino
Web ...)
+ TODO: check
CVE-2007-4473 (Gesytec Easylon OPC Server before 2.3.44 does not properly
validate ...)
NOT-FOR-US: Gesytec Easylon OPC Server
CVE-2007-4472 (Multiple buffer overflows in the Broderbund Expressit
3DGreetings ...)
@@ -6606,6 +6690,7 @@
CVE-2007-4132 (Unspecified vulnerability in Red Hat Network Satellite Server
5.0.0 ...)
NOT-FOR-US: Red Hat Satellite Server
CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot
function in ...)
+ {DSA-1438-1}
- tar 1.18-2 (medium; bug #439335)
CVE-2007-4130
RESERVED
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
