[Secure-testing-commits] r5615 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Apr 3 09:14:17 UTC 2007
Author: joeyh
Date: 2007-04-03 09:14:13 +0000 (Tue, 03 Apr 2007)
New Revision: 5615
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-04-02 19:37:51 UTC (rev 5614)
+++ data/CVE/list 2007-04-03 09:14:13 UTC (rev 5615)
@@ -1,3 +1,137 @@
+CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not ...)
+ TODO: check
+CVE-2007-1839 (Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and ...)
+ TODO: check
+CVE-2007-1838 (SQL injection vulnerability in view.php in the Friendfinder 3.3 and ...)
+ TODO: check
+CVE-2007-1837 (Multiple PHP remote file inclusion vulnerabilities in MangoBery CMS ...)
+ TODO: check
+CVE-2007-1836 (The command line administration interface in Data Domain OS before ...)
+ TODO: check
+CVE-2007-1835 (PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...)
+ TODO: check
+CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco ...)
+ TODO: check
+CVE-2007-1833 (The Skinny Call Control Protocol (SCCP) implementation in Cisco ...)
+ TODO: check
+CVE-2007-1832 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...)
+ TODO: check
+CVE-2007-1831 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...)
+ TODO: check
+CVE-2007-1830 (Unspecified vulnerability in the Username Hijacking Patch 20070312 for ...)
+ TODO: check
+CVE-2007-1829 (Multiple unspecified vulnerabilities in web-app.net WebAPP have ...)
+ TODO: check
+CVE-2007-1828 (Multiple cross-site scripting (XSS) vulnerabilities in web-app.org ...)
+ TODO: check
+CVE-2007-1827 (Multiple unspecified vulnerabilities in form input validation in ...)
+ TODO: check
+CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco ...)
+ TODO: check
+CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before ...)
+ TODO: check
+CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 ...)
+ TODO: check
+CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve or ...)
+ TODO: check
+CVE-2007-1822 (Alcatel-Lucent Lucent Technologies voice mail systems allow remote ...)
+ TODO: check
+CVE-2007-1821 (Sprint Nextel Sprint voice mail systems allow remote attackers to ...)
+ TODO: check
+CVE-2007-1820 (Nortel Networks CallPilot and Meridian Mail voicemail systems, when a ...)
+ TODO: check
+CVE-2007-1819 (Unspecified vulnerability in a certain ActiveX control in TestDirector ...)
+ TODO: check
+CVE-2007-1818 (PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php ...)
+ TODO: check
+CVE-2007-1817 (SQL injection vulnerability in index.php in the Lykos Reviews ...)
+ TODO: check
+CVE-2007-1816 (SQL injection vulnerability in viewcat.php in the Tutoriais module for ...)
+ TODO: check
+CVE-2007-1815 (SQL injection vulnerability in viewcat.php in the Library module for ...)
+ TODO: check
+CVE-2007-1814 (SQL injection vulnerability in viewcat.php in the Core module for ...)
+ TODO: check
+CVE-2007-1813 (SQL injection vulnerability in display.php in the eCal 2.24 and ...)
+ TODO: check
+CVE-2007-1812 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-1811 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) ...)
+ TODO: check
+CVE-2007-1810 (SQL injection vulnerability in product_details.php in the Kshop 1.17 ...)
+ TODO: check
+CVE-2007-1809 (Multiple PHP remote file inclusion vulnerabilities in GraFX Company ...)
+ TODO: check
+CVE-2007-1808 (SQL injection vulnerability in show.php in the Camportail 1.1 and ...)
+ TODO: check
+CVE-2007-1807 (SQL injection vulnerability in modules/myalbum/viewcat.php in the ...)
+ TODO: check
+CVE-2007-1806 (SQL injection vulnerability in categos.php in the RM+Soft Gallery ...)
+ TODO: check
+CVE-2007-1805 (SQL injection vulnerability in genre.php in the debaser 0.92 and ...)
+ TODO: check
+CVE-2007-1804 (PulseAudio 0.9.5 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2007-1803 (Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote ...)
+ TODO: check
+CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier ...)
+ TODO: check
+CVE-2007-1801 (Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta ...)
+ TODO: check
+CVE-2007-1800 (Cisco Secure ACS does not require authentication when Cisco Trust ...)
+ TODO: check
+CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...)
+ TODO: check
+CVE-2007-1798 (Buffer overflow in the drmgr command for IBM AIX 5.2 and 5.3 allows ...)
+ TODO: check
+CVE-2007-1797 (Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote ...)
+ TODO: check
+CVE-2007-1796 (Multiple unspecified vulnerabilities in JCcorp URLshrink before 1.3.2 ...)
+ TODO: check
+CVE-2007-1795 (JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary ...)
+ TODO: check
+CVE-2007-1794 (The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, ...)
+ TODO: check
+CVE-2007-1793 (SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and ...)
+ TODO: check
+CVE-2007-1792
+ RESERVED
+CVE-2007-1791 (SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and ...)
+ TODO: check
+CVE-2007-1790 (Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction ...)
+ TODO: check
+CVE-2007-1789 (Flyspray 0.9.9 allows remote attackers to obtain sensitive information ...)
+ TODO: check
+CVE-2007-1788 (Flyspray 0.9.9, when output_buffering is disabled or "set to a low ...)
+ TODO: check
+CVE-2007-1787 (Multiple PHP remote file inclusion vulnerabilities in ...)
+ TODO: check
+CVE-2007-1786 (SQL injection vulnerability in Hitachi Collaboration - Online ...)
+ TODO: check
+CVE-2007-1785 (The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 ...)
+ TODO: check
+CVE-2007-1784 (The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus ...)
+ TODO: check
+CVE-2007-1783
+ RESERVED
+CVE-2006-7191 (Untrusted search path vulnerability in lamdaemon.pl in LDAP Account ...)
+ TODO: check
+CVE-2006-7190 (Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl ...)
+ TODO: check
+CVE-2006-7189 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in ...)
+ TODO: check
+CVE-2006-7188 (The search function in cgi-lib/user-lib/search.pl in web-app.net ...)
+ TODO: check
+CVE-2006-7187 (Cross-site scripting (XSS) vulnerability in the show_recent_searches ...)
+ TODO: check
+CVE-2006-7186 (cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows ...)
+ TODO: check
+CVE-2006-7185 (PHP remote file inclusion vulnerability in includes/user_standard.php ...)
+ TODO: check
+CVE-2006-7184 (Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine ...)
+ TODO: check
+CVE-2006-7183 (PHP remote file inclusion vulnerability in styles.php in Exhibit ...)
+ TODO: check
CVE-2007-XXXX [low-entropy default passphrase in Debian's dtc-xen]
- dtc-xen 0.2.8-1 (low; bug #414480)
CVE-2007-XXXX [file permission race conidition in Debian's dtc-xen]
@@ -20,7 +154,7 @@
TODO: check
CVE-2007-1777 (Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ...)
TODO: check
-CVE-2007-1776 (SQL injection vulnerability in index.php in the D4JeZine (com_ezine) ...)
+CVE-2007-1776 (SQL injection vulnerability in index.php in the DesignForJoomla.com ...)
TODO: check
CVE-2007-1775 (Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 ...)
TODO: check
@@ -439,7 +573,7 @@
NOT-FOR-US: StatsDawg
CVE-2007-1586 (ZynOS 3.40 allows remote attackers to cause a denial of service (link ...)
NOT-FOR-US: Zyxel
-CVE-2007-1585 (The Linksys WAG200G with firmware 1.01.01 allows remote attackers to ...)
+CVE-2007-1585 (The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware ...)
NOT-FOR-US: Cisco
CVE-2007-1584 (Buffer underflow in the header function in PHP 5.2.0 allows ...)
- php5 <unfixed>
@@ -2035,7 +2169,7 @@
- ekiga 2.0.3-2.1 (bug #411944; high)
CVE-2007-1005 (Heap-based buffer overflow in SW3eng.exe in the eID Engine service in ...)
NOT-FOR-US: eTrust Intrusion Detection
-CVE-2007-1004 (Mozilla Firefox mmight allow remote attackers to condut spoofing and ...)
+CVE-2007-1004 (Mozilla Firefox might allow remote attackers to conduct spoofing and ...)
- iceweasel <unfixed> (low)
- iceape <unfixed> (low)
- xulrunner <unfixed> (low)
@@ -2866,7 +3000,7 @@
NOT-FOR-US: Apple Mac
CVE-2007-0721 (Unspecified vulnerability in diskimages-helper in Apple Mac OS X ...)
NOT-FOR-US: Apple Mac
-CVE-2007-0720 (The CUPS service in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 ...)
+CVE-2007-0720 (The CUPS service on multiple platforms allows remote attackers to ...)
- cupsys <unfixed> (low)
[sarge] - cupsys <no-dsa> (Minor, conceptual design problem)
[etch] - cupsys <no-dsa> (Minor, conceptual design problem)
@@ -7076,8 +7210,8 @@
NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ...)
NOT-FOR-US: Citrix
-CVE-2006-5820
- RESERVED
+CVE-2006-5820 (The LinkSBIcons method in the SuperBuddy ActiveX control ...)
+ TODO: check
CVE-2006-5819 (Verity Ultraseek before 5.7 allows remote attackers to use the server ...)
NOT-FOR-US: Verity Ultraseek
CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c for GNU ...)
More information about the Secure-testing-commits
mailing list