[Secure-testing-commits] r5394 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Feb 1 09:14:15 CET 2007
Author: joeyh
Date: 2007-02-01 09:14:12 +0100 (Thu, 01 Feb 2007)
New Revision: 5394
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-01 00:53:36 UTC (rev 5393)
+++ data/CVE/list 2007-02-01 08:14:12 UTC (rev 5394)
@@ -1,3 +1,157 @@
+CVE-2007-0633 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-0632 (SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and ...)
+ TODO: check
+CVE-2007-0631 (SQL injection vulnerability in index.php in Eclectic Designs ...)
+ TODO: check
+CVE-2007-0630 (Multiple SQL injection vulnerabilities in the generate_csv function in ...)
+ TODO: check
+CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8 does not ...)
+ TODO: check
+CVE-2007-0628 (Cross-site scripting (XSS) vulnerability in Sun Java System Access ...)
+ TODO: check
+CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password ...)
+ TODO: check
+CVE-2007-0626 (The comment_form_add_preview function in comment.module in Drupal ...)
+ TODO: check
+CVE-2007-0625 (nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not ...)
+ TODO: check
+CVE-2007-0624 (user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the ...)
+ TODO: check
+CVE-2007-0623 (SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows ...)
+ TODO: check
+CVE-2007-0622 (Cross-site request forgery (CSRF) vulnerability in MyBB (aka ...)
+ TODO: check
+CVE-2007-0621 (Unspecified vulnerability in Microsoft Word 2003 has unknown impact ...)
+ TODO: check
+CVE-2007-0620 (download.php in FD Script 1.3.2 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2007-0619 (chmlib before 0.39 allows user-assisted remote attackers to execute ...)
+ TODO: check
+CVE-2007-0618 (Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) ...)
+ TODO: check
+CVE-2007-0617 (The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked ...)
+ TODO: check
+CVE-2007-0616 (Directory traversal vulnerability in zen/template-functions.php in ...)
+ TODO: check
+CVE-2007-0615 (Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition ...)
+ TODO: check
+CVE-2007-0614 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and ...)
+ TODO: check
+CVE-2007-0613 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and ...)
+ TODO: check
+CVE-2007-0612 (Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and ...)
+ TODO: check
+CVE-2007-0611 (Multiple cross-site scripting (XSS) vulnerabilities in Free LAN ...)
+ TODO: check
+CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature in ...)
+ TODO: check
+CVE-2007-0609
+ RESERVED
+CVE-2007-0608
+ RESERVED
+CVE-2007-0607
+ RESERVED
+CVE-2007-0606
+ RESERVED
+CVE-2007-0605
+ RESERVED
+CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) before ...)
+ TODO: check
+CVE-2007-0603 (PGP Desktop before 9.5.1 does not validate data objects received over ...)
+ TODO: check
+CVE-2007-0602 (Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro ...)
+ TODO: check
+CVE-2007-0601 (common/safety.php in Aztek Forum 4.00 allows remote attackers to enter ...)
+ TODO: check
+CVE-2007-0600 (SQL injection vulnerability in news_page.asp in Martyn Kilbryde ...)
+ TODO: check
+CVE-2007-0599 (Variable overwrite vulnerability in common/config.php in Aztek Forum ...)
+ TODO: check
+CVE-2007-0598 (SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 ...)
+ TODO: check
+CVE-2007-0597 (Aztek Forum 4.00 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2007-0596 (PHP remote file inclusion vulnerability in index/main.php in Aztek ...)
+ TODO: check
+CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in high5 Review script allows ...)
+ TODO: check
+CVE-2007-0594 (Siteman 2.0.x2 stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2007-0593 (Siteman 1.1.11 stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2007-0592 (Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows ...)
+ TODO: check
+CVE-2007-0591 (PHP remote file inclusion vulnerability in configure.php in Vu Le An ...)
+ TODO: check
+CVE-2007-0590 (Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre ...)
+ TODO: check
+CVE-2007-0589 (SQL injection vulnerability in Forum Livre 1.0 allows remote attackers ...)
+ TODO: check
+CVE-2007-0588 (The InternalUnpackBits function in Apple QuickDraw, as used by ...)
+ TODO: check
+CVE-2007-0587
+ RESERVED
+CVE-2007-0586
+ RESERVED
+CVE-2007-0585 (include/debug.php in Webfwlog 0.92 and earlier, when register_globals ...)
+ TODO: check
+CVE-2007-0584 (PHP remote file inclusion vulnerability in membres/membreManager.php ...)
+ TODO: check
+CVE-2007-0583 (Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander ...)
+ TODO: check
+CVE-2007-0582 (SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows ...)
+ TODO: check
+CVE-2007-0581 (PHP remote file inclusion vulnerability in functions.php in EclipseBB ...)
+ TODO: check
+CVE-2007-0580 (PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 ...)
+ TODO: check
+CVE-2007-0579 (Unspecified vulnerability in the calendar component in Horde Groupware ...)
+ TODO: check
+CVE-2007-0578 (The http_open function in httpget.c in mpg123 before 0.64 allows ...)
+ TODO: check
+CVE-2007-0577 (PHP remote file inclusion vulnerability in function.inc.php in ...)
+ TODO: check
+CVE-2007-0576 (PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats ...)
+ TODO: check
+CVE-2007-0575 (Multiple SQL injection vulnerabilities in the administrative login ...)
+ TODO: check
+CVE-2007-0574 (SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo ...)
+ TODO: check
+CVE-2007-0573 (PHP remote file inclusion vulnerability in includes/config.inc.php in ...)
+ TODO: check
+CVE-2007-0572 (PHP remote file inclusion vulnerability in include/irc/phpIRC.php in ...)
+ TODO: check
+CVE-2007-0571 (PHP remote file inclusion vulnerability in include/lib/lib_head.php in ...)
+ TODO: check
+CVE-2007-0570 (PHP remote file inclusion vulnerability in ains_main.php in Johannes ...)
+ TODO: check
+CVE-2007-0569 (SQL injection vulnerability in xNews.php in xNews 1.3 allows remote ...)
+ TODO: check
+CVE-2007-0568 (PHP remote file inclusion vulnerability in system/lib/package.php in ...)
+ TODO: check
+CVE-2007-0567 (Cross-site scripting (XSS) vulnerability in admin.php in ...)
+ TODO: check
+CVE-2007-0566 (SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and ...)
+ TODO: check
+CVE-2007-0565 (CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote ...)
+ TODO: check
+CVE-2007-0564 (The license registering interface in Symantec Web Security (SWS) ...)
+ TODO: check
+CVE-2007-0563 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web ...)
+ TODO: check
+CVE-2007-0562 (Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP ...)
+ TODO: check
+CVE-2007-0561 (Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 ...)
+ TODO: check
+CVE-2007-0560 (SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier ...)
+ TODO: check
+CVE-2007-0559 (PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 ...)
+ TODO: check
+CVE-2007-0558 (PHP remote file inclusion vulnerability in modules/mail/main.php in ...)
+ TODO: check
+CVE-2005-4826 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature ...)
+ TODO: check
CVE-2007-0557 (rMake before 1.0.4 drops root privileges in a way that retains the ...)
NOT-FOR-US: rPath
CVE-2007-0556
@@ -58,7 +212,7 @@
NOT-FOR-US: PHP Link Directory
CVE-2007-0528 (The admin web console implemented by the Centrality Communications ...)
NOT-FOR-US: Centrality Communications
-CVE-2007-0527 (SQL injection vulnerability in class.login.php in Website Baker 2.6.5 ...)
+CVE-2007-0527 (SQL injection vulnerability in the is_remembered function in ...)
NOT-FOR-US: Website Baker
CVE-2007-0526 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 ...)
NOT-FOR-US: Bitweaver
@@ -209,7 +363,7 @@
{DSA-1254-1}
- bind9 1:9.3.4-2 (medium; bug #408432)
- bind <not-affected>
-CVE-2007-0493 (Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to ...)
+CVE-2007-0493 (Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up ...)
- bind9 1:9.3.4-2 (medium; bug #408432)
[sarge] - bind9 <not-affected> (Vulnerable code not present)
- bind <not-affected>
@@ -227,14 +381,14 @@
- libgems-ruby <unfixed> (low; bug #408299)
CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ ...)
NOT-FOR-US: Visual C++
-CVE-2007-0467
- RESERVED
-CVE-2007-0466
- RESERVED
-CVE-2007-0465
- RESERVED
-CVE-2007-0464
- RESERVED
+CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the admin ...)
+ TODO: check
+CVE-2007-0466 (Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 ...)
+ TODO: check
+CVE-2007-0465 (Format string vulnerability in Apple Installer 2.1.5 on Mac OS X ...)
+ TODO: check
+CVE-2007-0464 (The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 ...)
+ TODO: check
CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X ...)
NOT-FOR-US: Apple
CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by ...)
@@ -259,8 +413,7 @@
RESERVED
- wireshark 0.99.4-4 (low)
[sarge] - ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-0455 ["gdImageStringFTEx()" Denial of Service]
- RESERVED
+CVE-2007-0455 (Buffer overflow in the gdImageStringFTEx function in gdft.c in GD ...)
- libgd2 <unfixed> (bug #408982; low)
CVE-2007-0454
RESERVED
@@ -758,6 +911,7 @@
CVE-2007-0236 (Double-free vulnerability in the _ATPsndrsp function in Apple Mac OS X ...)
NOT-FOR-US: Mac OS X
CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s function in ...)
+ {DSA-1255-1}
- libgtop2 2.14.4-3 (medium; bug #407020)
NOTE: libgtop does not contain the affected code.
CVE-2007-0234
@@ -1894,6 +2048,7 @@
CVE-2002-2219 (chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows ...)
- chetcpasswd <removed> (low)
CVE-2007-0010 (The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) ...)
+ {DSA-1256-1}
- gtk+2.0 2.8.20-5
TODO: check gdk-pixbuf
CVE-2007-0009
@@ -2197,8 +2352,7 @@
NOT-FOR-US: IBM
CVE-2006-6536 (Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber ...)
NOT-FOR-US: Cilem Haber Free Edition
-CVE-2006-6535 [dev_queue_xmit DoS]
- RESERVED
+CVE-2006-6535 (The dev_queue_xmit function in Linux kernel 2.6 can fail before ...)
- linux-2.6 <not-affected> (Fixed before upload into the archive; 2.6.10)
CVE-2006-6534 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce ...)
NOT-FOR-US: osCommerce
@@ -3951,10 +4105,9 @@
RESERVED
CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does not ...)
- linux-2.6 2.6.18-1
-CVE-2006-5754
- RESERVED
-CVE-2006-5753 [listxattr syscall memory corruption DoS]
- RESERVED
+CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly ...)
+ TODO: check
+CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux ...)
- linux-2.6 <unfixed>
CVE-2006-5752
RESERVED
@@ -4069,7 +4222,7 @@
- php5 5.2.0-1 (unimportant)
- php4 <unfixed> (unimportant)
NOTE: lack of basedir restrictions are not security-relevant by Debian PHP security policy
-CVE-2006-5705 (Directory traversal vulnerability in plugins/wp-db-backup.php in ...)
+CVE-2006-5705 (Multiple directory traversal vulnerabilities in ...)
- wordpress 2.0.5-0.1
CVE-2006-5704 (HP NonStop Server G06.29, when running Standard Security T6533G06 ...)
NOT-FOR-US: HP
More information about the Secure-testing-commits
mailing list