[Secure-testing-commits] r6374 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Aug 22 09:14:08 UTC 2007
Author: joeyh
Date: 2007-08-22 09:14:07 +0000 (Wed, 22 Aug 2007)
New Revision: 6374
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-08-22 08:48:25 UTC (rev 6373)
+++ data/CVE/list 2007-08-22 09:14:07 UTC (rev 6374)
@@ -1,3 +1,197 @@
+CVE-2007-4465
+ RESERVED
+CVE-2007-4464 (CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total ...)
+ TODO: check
+CVE-2007-4463 (The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted ...)
+ TODO: check
+CVE-2007-4462 (lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to ...)
+ TODO: check
+CVE-2007-4461 (NuFW 2.2.3, and certain other versions after 2.0, allows remote ...)
+ TODO: check
+CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) ...)
+ TODO: check
+CVE-2007-4459 (The Cisco IP Phone 7940 with P0S3-08-6-00 firmware allows remote ...)
+ TODO: check
+CVE-2007-4458 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-4457 (Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 ...)
+ TODO: check
+CVE-2007-4456 (SQL injection vulnerability in index.php in the SimpleFAQ ...)
+ TODO: check
+CVE-2007-4455 (The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before ...)
+ TODO: check
+CVE-2007-4454 (Eval injection vulnerability in environment.php in Olate Download (od) ...)
+ TODO: check
+CVE-2007-4453 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-4452 (The client in Toribash 2.71 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2007-4451 (The server in Toribash 2.71 and earlier on Windows allows remote ...)
+ TODO: check
+CVE-2007-4450 (The server in Toribash 2.71 and earlier does not properly handle long ...)
+ TODO: check
+CVE-2007-4449 (The client in Toribash 2.71 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2007-4448 (The server in Toribash 2.71 and earlier does not properly handle ...)
+ TODO: check
+CVE-2007-4447 (Multiple buffer overflows in the client in Toribash 2.71 and earlier ...)
+ TODO: check
+CVE-2007-4446 (Format string vulnerability in the server in Toribash 2.71 and earlier ...)
+ TODO: check
+CVE-2007-4445 (Image Space rFactor 1.250 and earlier allows remote attackers to cause ...)
+ TODO: check
+CVE-2007-4444 (Multiple buffer overflows in Image Space rFactor 1.250 and earlier ...)
+ TODO: check
+CVE-2007-4443 (The UCC dedicated server for the Unreal engine, possibly 2003 and ...)
+ TODO: check
+CVE-2007-4442 (Stack-based buffer overflow in the logging function in the Unreal ...)
+ TODO: check
+CVE-2007-4441 (Buffer overflow in php_win32std.dll in the win32std extension for PHP ...)
+ TODO: check
+CVE-2007-4440 (Stack-based buffer overflow in the SMTP server in Mercury Mail ...)
+ TODO: check
+CVE-2007-4439 (PHP remote file inclusion vulnerability in popup_window.php in ...)
+ TODO: check
+CVE-2007-4438 (Session fixation vulnerability in Ampache before 3.3.3.5 allows remote ...)
+ TODO: check
+CVE-2007-4437 (SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 ...)
+ TODO: check
+CVE-2007-4436 (The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and ...)
+ TODO: check
+CVE-2007-4435 (Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 ...)
+ TODO: check
+CVE-2007-4434 (Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the ...)
+ TODO: check
+CVE-2007-4433 (Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the ...)
+ TODO: check
+CVE-2007-4432 (Untrusted search path vulnerability in the wrapper scripts for the (1) ...)
+ TODO: check
+CVE-2007-4431 (Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and ...)
+ TODO: check
+CVE-2007-4430 (Unspecified vulnerability in Cisco IOS allows context-dependent ...)
+ TODO: check
+CVE-2007-4429 (Unspecified vulnerability in Skype allows remote attackers to cause a ...)
+ TODO: check
+CVE-2007-4428 (Lhaz 1.33 allows remote attackers to execute arbitrary code via ...)
+ TODO: check
+CVE-2007-4427 (Unspecified vulnerability in the login page redirection logic in the ...)
+ TODO: check
+CVE-2007-4426 (Live for Speed (LFS) S1 and S2 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2007-4425 (Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 ...)
+ TODO: check
+CVE-2007-4424 (Apple Safari for Windows 3.0.3 and earlier does not prompt the user ...)
+ TODO: check
+CVE-2007-4423 (Unspecified vulnerability in the AUTH_LIST_GROUPS_FOR_AUTHID function ...)
+ TODO: check
+CVE-2007-4422 (The login interface in Symantec Enterprise Firewall 6.x, when a VPN ...)
+ TODO: check
+CVE-2007-4421 (SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 ...)
+ TODO: check
+CVE-2007-4420 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
+ TODO: check
+CVE-2007-4419 (Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin ...)
+ TODO: check
+CVE-2007-4418 (IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, ...)
+ TODO: check
+CVE-2007-4417 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not ...)
+ TODO: check
+CVE-2007-4416 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-4415 (Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 ...)
+ TODO: check
+CVE-2007-4414 (Cisco VPN Client on Windows before 4.8.02.0010 allows local users to ...)
+ TODO: check
+CVE-2007-4413 (Direct static code injection vulnerability in admincp/user_help.php in ...)
+ TODO: check
+CVE-2007-4412 (Multiple cross-site scripting (XSS) vulnerabilities in Headstart ...)
+ TODO: check
+CVE-2007-4411 (ircu 2.10.12.05 and earlier allows remote attackers to discover the ...)
+ TODO: check
+CVE-2007-4410 (ircu 2.10.12.05 and earlier does not properly synchronize a kick ...)
+ TODO: check
+CVE-2007-4409 (Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote ...)
+ TODO: check
+CVE-2007-4408 (ircu 2.10.12.05 and earlier ignores timestamps in bounces, which ...)
+ TODO: check
+CVE-2007-4407 (ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops ...)
+ TODO: check
+CVE-2007-4406 (ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after ...)
+ TODO: check
+CVE-2007-4405 (ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2007-4404 (ircu 2.10.12.01 allows remote attackers to (1) cause a denial of ...)
+ TODO: check
+CVE-2007-4403 (The mIRC Control Plug-in for Winamp allows user-assisted remote ...)
+ TODO: check
+CVE-2007-4402 (Multiple unspecified scripts in mIRC allow user-assisted remote ...)
+ TODO: check
+CVE-2007-4401 (Multiple CRLF injection vulnerabilities in the Advanced mIRC ...)
+ TODO: check
+CVE-2007-4400 (CRLF injection vulnerability in the included media script in ...)
+ TODO: check
+CVE-2007-4399 (CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX ...)
+ TODO: check
+CVE-2007-4398 (Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and ...)
+ TODO: check
+CVE-2007-4397 (Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) ...)
+ TODO: check
+CVE-2007-4396 (Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) ...)
+ TODO: check
+CVE-2007-4395 (Multiple unspecified vulnerabilities in the Role Based Access Control ...)
+ TODO: check
+CVE-2007-4394 (Unspecified vulnerability in a "core clean" cron job created by the ...)
+ TODO: check
+CVE-2007-4393 (The installation script for orarun on SUSE Linux before 20070810 ...)
+ TODO: check
+CVE-2007-4392 (Winamp 5.35 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2007-4391 (Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger ...)
+ TODO: check
+CVE-2007-4390 (The Command Line Interface (CLI) on the BlueCat Networks Adonis ...)
+ TODO: check
+CVE-2007-4389 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire ...)
+ TODO: check
+CVE-2007-4388 (2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly ...)
+ TODO: check
+CVE-2007-4387 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire ...)
+ TODO: check
+CVE-2007-4386 (SQL injection vulnerability in search.php in GetMyOwnArcade allows ...)
+ TODO: check
+CVE-2007-4385 (OWASP Stinger before 2.5 allows remote attackers to bypass input ...)
+ TODO: check
+CVE-2007-4384 (Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in ...)
+ TODO: check
+CVE-2007-4383 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-4382 (CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote ...)
+ TODO: check
+CVE-2007-4381 (Unspecified vulnerability in the font parsing implementation in Sun ...)
+ TODO: check
+CVE-2007-4380 (Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 ...)
+ TODO: check
+CVE-2007-4379 (Babo Violent 2 2.08.00 and earlier allows remote attackers to cause a ...)
+ TODO: check
+CVE-2007-4378 (Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and ...)
+ TODO: check
+CVE-2007-4377 (Stack-based buffer overflow in the IMAP service in SurgeMail 38k ...)
+ TODO: check
+CVE-2007-4376 (Unrestricted file upload vulnerability in banner-upload.php in Szymon ...)
+ TODO: check
+CVE-2007-4375 (The administrative interface (aka DkService.exe) in Diskeeper 9 ...)
+ TODO: check
+CVE-2007-4374 (Babo Violent 2 2.08.00 does not validate the sender field of a chat ...)
+ TODO: check
+CVE-2007-4373 (The server in Babo Violent 2 2.08.00 and earlier does not properly ...)
+ TODO: check
+CVE-2007-4372 (Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server ...)
+ TODO: check
+CVE-2004-2684 (Unspecified vulnerability in the %template package in InterSystems ...)
+ TODO: check
+CVE-2004-2683 (Unspecified vulnerability in the %XML.Utils.SchemaServer class in ...)
+ TODO: check
+CVE-2003-1333 (Unspecified vulnerability in the Cache' Server Page (CSP) ...)
+ TODO: check
CVE-2007-XXXX [clamav htmlnorm DoS]
- clamav <not-affected> (Only exploitable if CL_EXPERIMENTAL is set)
CVE-2007-XXXX [clamav floating point exception in OLE2 scanner DoS]
@@ -207,25 +401,25 @@
- knowledgetree <removed>
CVE-2007-4279 (PHP remote file inclusion vulnerability in config.php in ...)
NOT-FOR-US: FrontAccounting
-CVE-2007-4278 (Stack-based buffer overflow in ESRI ArcSDE service 9.2, as used with ...)
+CVE-2007-4278 (Stack-based buffer overflow in the giomgr process in ESRI ArcSDE ...)
NOT-FOR-US: ESRI ArcSDE
CVE-2007-4277
RESERVED
-CVE-2007-4276
- RESERVED
-CVE-2007-4275
- RESERVED
+CVE-2007-4276 (Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 ...)
+ TODO: check
+CVE-2007-4275 (Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before ...)
+ TODO: check
CVE-2007-4274
REJECTED
NOT-FOR-US: Duplicate of CVE-2007-4275
-CVE-2007-4273
- RESERVED
-CVE-2007-4272
- RESERVED
-CVE-2007-4271
- RESERVED
-CVE-2007-4270
- RESERVED
+CVE-2007-4273 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local ...)
+ TODO: check
+CVE-2007-4272 (Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 ...)
+ TODO: check
+CVE-2007-4271 (Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 ...)
+ TODO: check
+CVE-2007-4270 (Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 ...)
+ TODO: check
CVE-2007-4269
RESERVED
CVE-2007-4268
@@ -343,14 +537,14 @@
RESERVED
CVE-2007-4217
RESERVED
-CVE-2007-4216
- RESERVED
+CVE-2007-4216 (vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before ...)
+ TODO: check
CVE-2007-4215
RESERVED
CVE-2007-4214
RESERVED
-CVE-2007-4213
- RESERVED
+CVE-2007-4213 (Palm OS on Treo 650, 680, 700p, and 755p Smart phones allows remote ...)
+ TODO: check
CVE-2007-4212 (Multiple cross-site scripting (XSS) vulnerabilities in the Search ...)
NOT-FOR-US: PHP-Nuke
CVE-2007-4211 (The ACL plugin in Dovecot before 1.0.3 allows remote authenticated ...)
@@ -707,7 +901,8 @@
NOT-FOR-US: Pony Gallery
CVE-2007-4045 (The CUPS service on SUSE Linux before 20070720 allows remote attackers ...)
- cupsys <not-affected> (SuSE-specific regression)
-CVE-2007-4044 (Incomplete blacklist vulnerability in the MS-RPC functionality in smbd ...)
+CVE-2007-4044
+ REJECTED
- samba <not-affected> (SuSE-specific regression)
NOTE: I've contacted SuSE: It's a functional regression in SuSE, not a security problem
CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...)
@@ -730,7 +925,7 @@
NOT-FOR-US: Guidance Software
CVE-2007-4035 (** DISPUTED ** ...)
NOT-FOR-US: Guidance Software
-CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 ActiveX control ...)
+CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! ...)
NOT-FOR-US: Yahoo! Widgets
CVE-2007-4033 (Buffer overflow in php_gd2.dll in the gd (PHP_GD2) extension in PHP ...)
TODO: check
@@ -1653,8 +1848,8 @@
NOT-FOR-US: Maia Mailguard
CVE-2007-3619 (Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 ...)
NOT-FOR-US: Maia Mailguard
-CVE-2007-3618
- RESERVED
+CVE-2007-3618 (Stack-based buffer overflow in the NetWorker Remote Exec Service ...)
+ TODO: check
CVE-2007-3617 (The report module in vtiger CRM before 5.0.3 does not properly apply ...)
NOT-FOR-US: vtiger CRM
CVE-2007-3616 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...)
@@ -1792,7 +1987,7 @@
NOT-FOR-US: bbs100
CVE-2007-3551 (Buffer overflow in bbs100 before 3.2 allows remote attackers to cause ...)
NOT-FOR-US: bbs100
-CVE-2007-3550 (Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to ...)
+CVE-2007-3550 (** DISPUTED ** ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3549 (SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 ...)
NOT-FOR-US: Buddy Zone
@@ -1829,7 +2024,7 @@
NOT-FOR-US: WebChat
CVE-2007-3533 (The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote ...)
NOT-FOR-US: 3Com
-CVE-2007-3532 (nvidia-drivers before 1.0.7185, 1.0.9639, and 100.14.11, as used in ...)
+CVE-2007-3532 (NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and ...)
TODO: check
CVE-2007-3531 (The set_default_speeds function in backend/backend.c in NVidia NVClock ...)
TODO: check
@@ -4240,7 +4435,7 @@
NOT-FOR-US: CA Anti-Virus
CVE-2007-2522 (Stack-based buffer overflow in the inoweb Console Server in CA ...)
NOT-FOR-US: CA Anti-Virus
-CVE-2007-2521 (PHP remote file inclusion vulnerability in common.php in E-GADS! 2.2.6 ...)
+CVE-2007-2521 (PHP remote file inclusion vulnerability in common.php in E-GADS! ...)
NOT-FOR-US: E-GADS!
CVE-2007-2520 (SQL injection vulnerability in admin.php in MyNews 0.10, when ...)
NOT-FOR-US: MyNews
@@ -4965,7 +5160,7 @@
NOT-FOR-US: Microsoft
CVE-2007-2217
RESERVED
-CVE-2007-2216 (Unspecified vulnerability in the tblinf32.dll (aka vstlbinf.dll) ...)
+CVE-2007-2216 (The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2215
RESERVED
@@ -9636,8 +9831,8 @@
RESERVED
CVE-2007-0438
RESERVED
-CVE-2007-0437
- RESERVED
+CVE-2007-0437 (Multiple cross-site scripting (XSS) vulnerabilities in the sample ...)
+ TODO: check
CVE-2007-0436 (Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install ...)
NOT-FOR-US: X-Kryptor
CVE-2005-4824 (PHP remote file inclusion vulnerability in web/classes.php in ...)
@@ -31677,8 +31872,8 @@
- uw-imap 7:2002edebian1-12 (medium; bug #332215)
- pine 4.64-1 (medium; bug #348407)
[sarge] - pine <no-dsa> (pine is non-free; doesn't permit distribution of modified binaries)
-CVE-2005-2932
- RESERVED
+CVE-2005-2932 (Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, ...)
+ TODO: check
CVE-2005-2931 (Format string vulnerability in the SMTP service in IMail Server 8.20 ...)
NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-2929 (Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote ...)
More information about the Secure-testing-commits
mailing list