[Secure-testing-commits] r5664 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Apr 18 09:14:18 UTC 2007
Author: joeyh
Date: 2007-04-18 09:14:14 +0000 (Wed, 18 Apr 2007)
New Revision: 5664
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-04-18 09:04:27 UTC (rev 5663)
+++ data/CVE/list 2007-04-18 09:14:14 UTC (rev 5664)
@@ -1,3 +1,281 @@
+CVE-2007-2107 (SQL injection vulnerability in visit.php in the Rha7 Downloads ...)
+ TODO: check
+CVE-2007-2106 (Directory traversal vulnerability in index.php in Kai Content ...)
+ TODO: check
+CVE-2007-2105 (Directory traversal vulnerability in admin/index.php in Monkey CMS ...)
+ TODO: check
+CVE-2007-2104 (Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow ...)
+ TODO: check
+CVE-2007-2103 (Multiple PHP remote file inclusion vulnerabilities in my little forum ...)
+ TODO: check
+CVE-2007-2102 (Cross-site scripting (XSS) vulnerability in weblog.php in my little ...)
+ TODO: check
+CVE-2007-2101 (FAC Guestbook 3.01 stores sensitive information under the web root ...)
+ TODO: check
+CVE-2007-2100 (FAC Guestbook 2.0 stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2007-2099 (Cross-site scripting (XSS) vulnerability in htdocs/php.php in ...)
+ TODO: check
+CVE-2007-2098 (Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in ...)
+ TODO: check
+CVE-2007-2097 (Multiple PHP remote file inclusion vulnerabilities in OpenConcept ...)
+ TODO: check
+CVE-2007-2096 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...)
+ TODO: check
+CVE-2007-2095 (PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 ...)
+ TODO: check
+CVE-2007-2094 (PHP remote file inclusion vulnerability in index.php in Anthologia ...)
+ TODO: check
+CVE-2007-2093 (Direct static code injection vulnerability in index.php in Limesoft ...)
+ TODO: check
+CVE-2007-2092 (Direct static code injection vulnerability in index.php in Limesoft ...)
+ TODO: check
+CVE-2007-2091 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-2090 (Cross-site scripting (XSS) vulnerability in index.php in TuMusika ...)
+ TODO: check
+CVE-2007-2089 (Multiple PHP remote file inclusion vulnerabilities in the Jx ...)
+ TODO: check
+CVE-2007-2088 (Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 ...)
+ TODO: check
+CVE-2007-2087 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, ...)
+ TODO: check
+CVE-2007-2086 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 ...)
+ TODO: check
+CVE-2007-2085 (Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS ...)
+ TODO: check
+CVE-2007-2084 (PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 ...)
+ TODO: check
+CVE-2007-2083 (vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 ...)
+ TODO: check
+CVE-2007-2082 (Direct static code injection vulnerability in admin/settings.php in ...)
+ TODO: check
+CVE-2007-2081 (MyBlog 0.9.8 and earlier allows remote attackers to bypass ...)
+ TODO: check
+CVE-2007-2080 (Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows ...)
+ TODO: check
+CVE-2007-2079 (The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and ...)
+ TODO: check
+CVE-2007-2078 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-2077 (PHP remote file inclusion vulnerability in search.php in Maian Search ...)
+ TODO: check
+CVE-2007-2076 (PHP remote file inclusion vulnerability in index.php in Maian Gallery ...)
+ TODO: check
+CVE-2007-2075 (ScramDisk 4 Linux before 1.0-1 does not perform permission checks on ...)
+ TODO: check
+CVE-2007-2074 (Certain programs in containers in ScramDisk 4 Linux before 1.0-1 ...)
+ TODO: check
+CVE-2007-2073 (PHP remote file inclusion vulnerability in index.php in Ivan Gallery ...)
+ TODO: check
+CVE-2007-2072 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-2071 (Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto ...)
+ TODO: check
+CVE-2007-2070 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...)
+ TODO: check
+CVE-2007-2069 (Directory traversal vulnerability in scr/soustab.php in openMairie ...)
+ TODO: check
+CVE-2007-2068 (Multiple PHP remote file inclusion vulnerabilities in the StoreFront ...)
+ TODO: check
+CVE-2007-2067 (Multiple PHP remote file inclusion vulnerabilities in Marco Antonio ...)
+ TODO: check
+CVE-2007-2066 (UseBB before 1.0.6 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2007-2065 (PHP remote file inclusion vulnerability in db/PollDB.php in Robert ...)
+ TODO: check
+CVE-2007-2064 (Multiple PHP remote file inclusion vulnerabilities in Robert ...)
+ TODO: check
+CVE-2007-2063 (SSH Tectia Server for IBM z/OS before 5.4.0, when _BPX_BATCH_UMASK is ...)
+ TODO: check
+CVE-2007-2062 (Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows ...)
+ TODO: check
+CVE-2007-2061 (Cross-site scripting (XSS) vulnerability in check_login.asp in ...)
+ TODO: check
+CVE-2007-2060 (Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 ...)
+ TODO: check
+CVE-2007-2059 (Multiple buffer overflows in the ESA protocol implementation in ...)
+ TODO: check
+CVE-2007-2058 (Directory traversal vulnerability in Acubix PicoZip 4.02 allows ...)
+ TODO: check
+CVE-2007-2057 (Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows ...)
+ TODO: check
+CVE-2007-2056
+ RESERVED
+CVE-2007-2055
+ RESERVED
+CVE-2007-2054
+ RESERVED
+CVE-2007-2053
+ RESERVED
+CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in ...)
+ TODO: check
+CVE-2007-2051 (Buffer overflow in the parsecmd function in bftpd before 1.8 has ...)
+ TODO: check
+CVE-2007-2050 (Multiple directory traversal vulnerabilities in header.php in ...)
+ TODO: check
+CVE-2007-2049 (Multiple PHP remote file inclusion vulnerabilities in the Calendar ...)
+ TODO: check
+CVE-2007-2048 (Directory traversal vulnerability in /console in the Management ...)
+ TODO: check
+CVE-2007-2047 (CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 ...)
+ TODO: check
+CVE-2007-2046 (Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads ...)
+ TODO: check
+CVE-2007-2045 (Unspecified vulnerability in the IP implementation in Sun Solaris 8 ...)
+ TODO: check
+CVE-2007-2044 (PHP remote file inclusion vulnerability in mod_weather.php in the ...)
+ TODO: check
+CVE-2007-2043 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...)
+ TODO: check
+CVE-2007-2042 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...)
+ TODO: check
+CVE-2007-2041 (Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ...)
+ TODO: check
+CVE-2007-2040 (Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points ...)
+ TODO: check
+CVE-2007-2039 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...)
+ TODO: check
+CVE-2007-2038 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...)
+ TODO: check
+CVE-2007-2037 (Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x ...)
+ TODO: check
+CVE-2007-2036 (The SNMP implementation in the Cisco Wireless LAN Controller (WLC) ...)
+ TODO: check
+CVE-2007-2035 (Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive ...)
+ TODO: check
+CVE-2007-2034 (Unspecified vulnerability in Cisco Wireless Control System (WCS) ...)
+ TODO: check
+CVE-2007-2033 (Unspecified vulnerability in Cisco Wireless Control System (WCS) ...)
+ TODO: check
+CVE-2007-2032 (Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded ...)
+ TODO: check
+CVE-2007-2031 (Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, ...)
+ TODO: check
+CVE-2007-2030 (lharc.c in lha does not securely create temporary files, which might ...)
+ TODO: check
+CVE-2007-2029
+ RESERVED
+CVE-2007-2028 (Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2007-2027 (Untrusted search path vulnerability in the add_filename_to_string ...)
+ TODO: check
+CVE-2007-2026 (The gnu regular expression code in file 4.20 allows context-dependent ...)
+ TODO: check
+CVE-2007-2025 (Unrestricted file upload vulnerability in the UpLoad feature ...)
+ TODO: check
+CVE-2007-2024 (Unrestricted file upload vulnerability in the UpLoad feature ...)
+ TODO: check
+CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the authorization and ...)
+ TODO: check
+CVE-2007-2022 (Unspecified vulnerability in the Adobe Macromedia Flash Player 7.x and ...)
+ TODO: check
+CVE-2007-2021 (Multiple PHP remote file inclusion vulnerabilities in Pineapple ...)
+ TODO: check
+CVE-2007-2020 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-2019 (PHP remote file inclusion vulnerability in init.gallery.php in ...)
+ TODO: check
+CVE-2007-2018 (SQL injection vulnerability in msg.php in AlstraSoft Video Share ...)
+ TODO: check
+CVE-2007-2017 (siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not ...)
+ TODO: check
+CVE-2007-2016 (Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in ...)
+ TODO: check
+CVE-2007-2015 (PHP remote file inclusion vulnerability in index.php in Request It ...)
+ TODO: check
+CVE-2007-2014 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-2013 (Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme ...)
+ TODO: check
+CVE-2007-2012 (Multiple directory traversal vulnerabilities in MimarSinan CompreXX ...)
+ TODO: check
+CVE-2007-2011 (Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 ...)
+ TODO: check
+CVE-2007-2010 (Double-free vulnerability in bftpd before 1.8 allows remote ...)
+ TODO: check
+CVE-2007-2009 (PHP remote file inclusion vulnerability in index.php in SimpCMS Light ...)
+ TODO: check
+CVE-2007-2008 (Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 ...)
+ TODO: check
+CVE-2007-2007 (admin.php in pL-PHP beta 0.9 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2007-2006 (Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 ...)
+ TODO: check
+CVE-2007-2005 (Multiple PHP remote file inclusion vulnerabilities in the Taskhopper ...)
+ TODO: check
+CVE-2007-2004 (Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 ...)
+ TODO: check
+CVE-2007-2003 (InoutMailingListManager 3.1 and earlier sends a Location redirect ...)
+ TODO: check
+CVE-2007-2002 (InoutMailingListManager 3.1 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2007-2001 (Multiple direct static code injection vulnerabilities in ...)
+ TODO: check
+CVE-2007-2000 (Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book ...)
+ TODO: check
+CVE-2007-1999 (PHP remote file inclusion vulnerability in index.php in Weatimages ...)
+ TODO: check
+CVE-2007-1998 (Direct static code injection vulnerability in HIOX Guest Book (HGB) ...)
+ TODO: check
+CVE-2007-1997 (Integer signedness error in the (1) cab_unstore and (2) cab_extract ...)
+ TODO: check
+CVE-2007-1996 (PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, ...)
+ TODO: check
+CVE-2007-1995 (bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier ...)
+ TODO: check
+CVE-2007-1994 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
+ TODO: check
+CVE-2007-1993 (Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File ...)
+ TODO: check
+CVE-2007-1992 (Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 ...)
+ TODO: check
+CVE-2007-1991 (Cross-site scripting (XSS) vulnerability in mail/signup.asp in ...)
+ TODO: check
+CVE-2007-1990 (PHP remote file inclusion vulnerability in games.php in Sam Crew ...)
+ TODO: check
+CVE-2007-1989 (Multiple cross-site scripting (XSS) vulnerabilities in DotClear before ...)
+ TODO: check
+CVE-2007-1988 (Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in ...)
+ TODO: check
+CVE-2007-1987 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-1986 (Multiple PHP remote file inclusion vulnerabilities in barnraiser ...)
+ TODO: check
+CVE-2007-1985 (Multiple PHP remote file inclusion vulnerabilities in ...)
+ TODO: check
+CVE-2007-1984 (PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 ...)
+ TODO: check
+CVE-2007-1983 (PHP remote file inclusion vulnerability in include/default_header.php ...)
+ TODO: check
+CVE-2007-1982 (Multiple PHP remote file inclusion vulnerabilities in Really Simple ...)
+ TODO: check
+CVE-2007-1981 (The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on ...)
+ TODO: check
+CVE-2007-1980 (SQL injection vulnerability in index.php in the Topliste 1.0 module ...)
+ TODO: check
+CVE-2007-1979 (SQL injection vulnerability in index.php in the PopnupBlog 2.52 and ...)
+ TODO: check
+CVE-2007-1978 (SQL injection vulnerability in index.php in the Arcade 1.00 module for ...)
+ TODO: check
+CVE-2007-1977 (Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS ...)
+ TODO: check
+CVE-2007-1976 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-1975 (Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 ...)
+ TODO: check
+CVE-2007-1974 (SQL injection vulnerability in the getArticle function in ...)
+ TODO: check
+CVE-2007-1973 (Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel ...)
+ TODO: check
+CVE-2007-1972
+ RESERVED
+CVE-2006-7194 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-7193 (** DISPUTED ** ...)
+ TODO: check
+CVE-2003-1325 (The SV_CheckForDuplicateNames function in Valve Software Half-Life ...)
+ TODO: check
CVE-2007-XXXX [mydms SQL injection]
- mydms 1.4.4+1-5
CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi ...)
@@ -8,7 +286,7 @@
NOT-FOR-US: MyBlog
CVE-2007-1968 (PHP remote file inclusion vulnerability in games.php in Sam Crew ...)
NOT-FOR-US: MyBlog
-CVE-2007-1967 (PHP remote file inclusion vulnerability in index.php in stat12 allows ...)
+CVE-2007-1967 (** DISPUTED ** ...)
NOT-FOR-US: stat12
CVE-2007-1966 (Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows ...)
NOT-FOR-US: eXV2 CMS
@@ -82,9 +360,9 @@
NOT-FOR-US: ScarNews
CVE-2007-1931 (SQL injection vulnerability in index.php in the slownik module in ...)
NOT-FOR-US: SmodCMS
-CVE-2007-1930 (Directory traversal vulnerability in download2.php in cattaDoc 2.21 ...)
+CVE-2007-1930 (Directory traversal vulnerability in download2.php in cattaDoc 2.21, ...)
NOT-FOR-US: cattaDoc
-CVE-2007-1929 (Directory traversal vulnerability in downloadpic.php in Beryo 2.0 ...)
+CVE-2007-1929 (Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and ...)
NOT-FOR-US: Beryo
CVE-2007-1928 (Directory traversal vulnerability in index.php in witshare 0.9 allows ...)
NOT-FOR-US: witshare
@@ -158,10 +436,10 @@
- wordpress 2.1.3-1 (medium)
CVE-2007-1893 (xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows ...)
- wordpress 2.1.3-1 (medium)
-CVE-2007-1892
- RESERVED
-CVE-2007-1891
- RESERVED
+CVE-2007-1892 (Stack-based buffer overflow in Akamai Technologies Download Manager ...)
+ TODO: check
+CVE-2007-1891 (Stack-based buffer overflow in the GetPrivateProfileSectionW function ...)
+ TODO: check
CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...)
- php4 <unfixed> (unimportant)
- php5 <unfixed> (unimportant)
@@ -205,18 +483,18 @@
RESERVED
CVE-2007-1875
RESERVED
-CVE-2007-1874
- RESERVED
-CVE-2007-1873
- RESERVED
-CVE-2007-1872
- RESERVED
-CVE-2007-1871
- RESERVED
-CVE-2007-1870
- RESERVED
-CVE-2007-1869
- RESERVED
+CVE-2007-1874 (Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions ...)
+ TODO: check
+CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in mephisto 0.7.3 allows ...)
+ TODO: check
+CVE-2007-1872 (Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows ...)
+ TODO: check
+CVE-2007-1871 (Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows ...)
+ TODO: check
+CVE-2007-1870 (lighttpd before 1.4.14 allows attackers to cause a denial of service ...)
+ TODO: check
+CVE-2007-1869 (lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial ...)
+ TODO: check
CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS ...)
NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2007-1867 (Buffer overflow in IrfanView 3.99 allows remote attackers to execute ...)
@@ -241,8 +519,7 @@
RESERVED
CVE-2007-1857
RESERVED
-CVE-2007-1856
- RESERVED
+CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure ...)
- cron <not-affected> (Debian uses proper permission scheme)
CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in ...)
NOT-FOR-US: Shop-Script
@@ -276,7 +553,7 @@
- ipsec-tools <unfixed> (medium)
CVE-2006-7192 (Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle ...)
NOT-FOR-US: Microsoft ASP .NET Framework
-CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, and 5.1.x before ...)
+CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before ...)
- net-snmp 5.2.2-1 (medium)
CVE-2005-4836
RESERVED
@@ -507,22 +784,22 @@
RESERVED
CVE-2007-1749
RESERVED
-CVE-2007-1748
- RESERVED
+CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain Name ...)
+ TODO: check
CVE-2007-1747
RESERVED
CVE-2007-1746
RESERVED
-CVE-2007-1745
- RESERVED
+CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in Clam ...)
+ TODO: check
CVE-2007-1744
RESERVED
-CVE-2007-1743
- RESERVED
-CVE-2007-1742
- RESERVED
-CVE-2007-1741
- RESERVED
+CVE-2007-1743 (suexec in Apache HTTP Server (httpd) 2.2.3 does not verify ...)
+ TODO: check
+CVE-2007-1742 (suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison ...)
+ TODO: check
+CVE-2007-1741 (Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 ...)
+ TODO: check
CVE-2007-1740
REJECTED
CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus Domino ...)
@@ -667,8 +944,8 @@
RESERVED
CVE-2007-1675 (Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP ...)
NOT-FOR-US: IBM Lotus Domino
-CVE-2007-1674
- RESERVED
+CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in ...)
+ TODO: check
CVE-2007-1673
RESERVED
CVE-2007-1672
@@ -910,7 +1187,8 @@
NOT-FOR-US: JGBBS
CVE-2007-1571 (PHP remote file inclusion vulnerability in includes/base.php in ...)
NOT-FOR-US: Activist Mobilization Platform
-CVE-2007-1570 (SQL injection vulnerability in devami.asp in X-ice Haber Sistemi (aka ...)
+CVE-2007-1570
+ REJECTED
NOT-FOR-US: Haber Sistemi
CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote ...)
NOT-FOR-US: NewsBin Pro
@@ -931,10 +1209,9 @@
CVE-2007-1560 (The clientProcessRequest() function in src/client_side.c in Squid 2.6 ...)
- squid 2.6.5-6 (low)
[sarge] - squid <not-affected> (Vulnerable code not present)
-CVE-2007-1559
- RESERVED
-CVE-2007-1558 [APOP crypto weakness]
- RESERVED
+CVE-2007-1559 (Stack-based buffer overflow in SonicDVDDashVRNav.dll in Roxio ...)
+ TODO: check
+CVE-2007-1558 (The APOP protocol allows remote attackers to guess the first 3 ...)
NOT-FOR-US: No practical security implications
CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client Security ...)
NOT-FOR-US: F-Secure
@@ -1400,10 +1677,10 @@
RESERVED
CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows ...)
NOT-FOR-US: OpenBSD Kernel
-CVE-2007-1364
- RESERVED
-CVE-2007-1363
- RESERVED
+CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain ...)
+ TODO: check
+CVE-2007-1363 (Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow ...)
+ TODO: check
CVE-2007-1362
RESERVED
CVE-2007-1361 (Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in ...)
@@ -1643,8 +1920,8 @@
NOT-FOR-US: Kaspersky AntiVirus Engine
CVE-2007-1280
RESERVED
-CVE-2007-1279
- RESERVED
+CVE-2007-1279 (Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 ...)
+ TODO: check
CVE-2007-1278 (Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 ...)
NOT-FOR-US: Adobe JRun and Coldfusion
CVE-2007-1277 (WordPress 2.1.1, as downloaded from some official distribution sites ...)
@@ -1841,7 +2118,7 @@
- asterisk-chan-capi 0.7.1-1.1 (bug #411293)
- linux-2.6 <unfixed> (bug #411294; low)
NOTE: Not exploitable over ISDN network, only through a CAPI server
-CVE-2007-1216 (Double-free vulnerability in the GSS-API library, as used by the ...)
+CVE-2007-1216 (Double-free vulnerability in the GSS-API library ...)
{DSA-1276-1}
- krb5 1.4.4-8 (high)
CVE-2007-1215 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
@@ -1852,7 +2129,7 @@
NOT-FOR-US: Microsoft Windows
CVE-2007-1212 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
NOT-FOR-US: Microsoft GDI
-CVE-2007-1211 (Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 ...)
+CVE-2007-1211 (Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP ...)
NOT-FOR-US: Microsoft Windows
CVE-2007-1210
RESERVED
@@ -1862,11 +2139,11 @@
RESERVED
CVE-2007-1207
RESERVED
-CVE-2007-1206 (The Windows Kernel in Microsoft Windows 2000 SP4, XP SP2, and Server ...)
+CVE-2007-1206 (The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft ...)
NOT-FOR-US: Microsoft Windows
CVE-2007-1205 (Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in ...)
NOT-FOR-US: Microsoft Windows
-CVE-2007-1204 (Unspecified vulnerability in the Universal Plug and Play (UPnP) ...)
+CVE-2007-1204 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) ...)
NOT-FOR-US: Microsoft Windows
CVE-2007-1203
RESERVED
@@ -2096,7 +2373,7 @@
NOTE: according to a blog comment at http://www.gnucitizen.org/projects/hscan-redux/,
NOTE: older mozillas are not vulnerable
TODO: this should be checked
-CVE-2007-1115 (The child frames in Opera 9 inherit the default charset from the ...)
+CVE-2007-1115 (The child frames in Opera 9 before 9.20 inherit the default charset ...)
NOT-FOR-US: Opera
CVE-2007-1114 (The child frames in Microsoft Internet Explorer 7 inherit the default ...)
NOT-FOR-US: Microsoft IE
@@ -11077,7 +11354,7 @@
{DSA-1211}
- pdns-recursor 3.1.4-1 (bug #398557; high)
- pdns <not-affected> (Recursor module has been moved to pdns-recursor)
-CVE-2006-4250 (Buffer overflow in man and man-db 2.4.3 and earlier allows local users ...)
+CVE-2006-4250 (Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows ...)
{DSA-1278-1}
- man-db 2.4.3-5
CVE-2006-4249 (Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when ...)
@@ -14198,7 +14475,7 @@
NOT-FOR-US: Enigma Haber
CVE-2006-2872 (PHP remote file inclusion vulnerability in config.php in Rumble 1.02 ...)
NOT-FOR-US: Rumble
-CVE-2006-2871 (PHP remote file inclusion vulnerability in include/common.php in ...)
+CVE-2006-2871 (** DISPUTED ** ...)
NOT-FOR-US: CyBoards
CVE-2006-2870 (Cross-site scripting (XSS) vulnerability in forum_search.asp in ...)
NOT-FOR-US: Intelligent Solutions Inc.
@@ -19406,7 +19683,7 @@
- imagemagick 6:6.2.4.5-0.6 (bug #345595)
CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom ...)
NOT-FOR-US: My Blog
-CVE-2006-0734 (Unspecified vulnerability in Valve Software Half-Life CSTRIKE ...)
+CVE-2006-0734 (The SV_CheckForDuplicateNames function in Valve Software Half-Life ...)
NOT-FOR-US: Half-Life
CVE-2006-0733 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress ...)
- wordpress <unfixed> (unimportant)
More information about the Secure-testing-commits
mailing list