[Secure-testing-commits] r5404 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Sat Feb 3 09:14:13 CET 2007
Author: joeyh
Date: 2007-02-03 09:14:10 +0100 (Sat, 03 Feb 2007)
New Revision: 5404
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-02 16:55:17 UTC (rev 5403)
+++ data/CVE/list 2007-02-03 08:14:10 UTC (rev 5404)
@@ -1,3 +1,113 @@
+CVE-2007-0688 (SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti ...)
+ TODO: check
+CVE-2007-0687 (SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc ...)
+ TODO: check
+CVE-2007-0686 (The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) ...)
+ TODO: check
+CVE-2007-0685 (Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and ...)
+ TODO: check
+CVE-2007-0684 (PHP remote file inclusion vulnerability in portal.php in Cerulean ...)
+ TODO: check
+CVE-2007-0683 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
+ TODO: check
+CVE-2007-0682 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-0681 (profile.php in ExtCalendar 2 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2007-0680 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
+ TODO: check
+CVE-2007-0679 (PHP remote file inclusion vulnerability in lang/leslangues.php in ...)
+ TODO: check
+CVE-2007-0678 (SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting ...)
+ TODO: check
+CVE-2007-0677 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-0676 (SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier ...)
+ TODO: check
+CVE-2007-0675 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-0674 (Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and ...)
+ TODO: check
+CVE-2007-0673 (LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops ...)
+ TODO: check
+CVE-2007-0672 (LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers ...)
+ TODO: check
+CVE-2007-0671 (Unspecified vulnerability in Microsoft Excel 2000, XP, and 2003 allows ...)
+ TODO: check
+CVE-2007-0670 (Buffer overflow in bos.rte.libc in IBM AIX 5.3 allows local users to ...)
+ TODO: check
+CVE-2007-0669
+ RESERVED
+CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in ...)
+ TODO: check
+CVE-2007-0667 (Unspecified vulnerability in (1) LedgerSMB before 1.1.5 and (2) ...)
+ TODO: check
+CVE-2007-0666 (Ipswitch WS_FTP Server 5.04 allows attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2007-0665 (Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 ...)
+ TODO: check
+CVE-2007-0664 (thttpd before 2.25b-r6 in Gentoo Linux is started from the system root ...)
+ TODO: check
+CVE-2007-0663 (SQL injection vulnerability in index.php in Eclectic Designs ...)
+ TODO: check
+CVE-2007-0662 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-0661 (Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), ...)
+ TODO: check
+CVE-2007-0660 (Cross-site scripting (XSS) vulnerability in the IFrame module before ...)
+ TODO: check
+CVE-2007-0659 (download.php in the MuddyDogPaws FileDownload snippet before 2.5 for ...)
+ TODO: check
+CVE-2007-0658 (The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module ...)
+ TODO: check
+CVE-2007-0657 (Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to ...)
+ TODO: check
+CVE-2007-0656 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
+ TODO: check
+CVE-2007-0655
+ RESERVED
+CVE-2007-0654
+ RESERVED
+CVE-2007-0653
+ RESERVED
+CVE-2007-0652
+ RESERVED
+CVE-2007-0651
+ RESERVED
+CVE-2007-0650 (Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 ...)
+ TODO: check
+CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in OpenEMR ...)
+ TODO: check
+CVE-2007-0648 (Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice ...)
+ TODO: check
+CVE-2007-0647 (Format string vulnerability in Help Viewer 3.0.0 allows remote ...)
+ TODO: check
+CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3 allows remote ...)
+ TODO: check
+CVE-2007-0645 (Format string vulnerability in iPhoto 6.0.5 allows remote ...)
+ TODO: check
+CVE-2007-0644 (Format string vulnerability in Apple Safari 2.0.4 (419.3) allows ...)
+ TODO: check
+CVE-2007-0643 (Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows ...)
+ TODO: check
+CVE-2007-0642 (SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU ...)
+ TODO: check
+CVE-2007-0641 (Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 ...)
+ TODO: check
+CVE-2007-0640 (Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack ...)
+ TODO: check
+CVE-2007-0639 (Multiple static code injection vulnerabilities in error.php in GuppY ...)
+ TODO: check
+CVE-2007-0638 (show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers ...)
+ TODO: check
+CVE-2007-0637 (Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 ...)
+ TODO: check
+CVE-2007-0636 (Unspecified vulnerability in inotify before 0.3.5 has unknown impact ...)
+ TODO: check
+CVE-2007-0635 (Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 ...)
+ TODO: check
+CVE-2007-0634 (Unspecified vulnerability in Sun Solaris 10 before 20070130 allows ...)
+ TODO: check
CVE-2007-XXXX [kaya buffer overflow, cross-site scripting and data leak]
- kaya 0.2.0-6 (bug #409062)
CVE-2007-XXXX [file descriptor leak when a Compose file uses the "include" directive]
@@ -27,7 +137,8 @@
NOT-FOR-US: MAXdev MDPro
CVE-2007-0622 (Cross-site request forgery (CSRF) vulnerability in MyBB (aka ...)
NOT-FOR-US: MyBulletinBoard
-CVE-2007-0621 (Unspecified vulnerability in Microsoft Word 2003 has unknown impact ...)
+CVE-2007-0621
+ REJECTED
NOT-FOR-US: Microsoft Word
CVE-2007-0620 (download.php in FD Script 1.3.2 and earlier allows remote attackers to ...)
NOT-FOR-US: FD Script
@@ -79,7 +190,7 @@
NOT-FOR-US: Aztek Forum
CVE-2007-0596 (PHP remote file inclusion vulnerability in index/main.php in Aztek ...)
NOT-FOR-US: Aztek Forum
-CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in high5 Review script allows ...)
+CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in search in High 5 Review ...)
NOT-FOR-US: high5 Review
CVE-2007-0594 (Siteman 2.0.x2 stores sensitive information under the web root with ...)
NOT-FOR-US: Siteman
@@ -400,20 +511,16 @@
- dazuko-source <unfixed> (bug #408300)
CVE-2007-0460 (Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and ...)
- ulogd 1.23-6 (medium)
-CVE-2007-0459 [wireshark TCP dissector infinite loop DoS]
- RESERVED
+CVE-2007-0459 (packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) ...)
- wireshark 0.99.4-4 (low)
[sarge] - ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-0458 [wireshark HTTP dissector infinite loop DoS]
- RESERVED
+CVE-2007-0458 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...)
- wireshark 0.99.4-4 (low)
[sarge] - ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-0457 [wireshark IEEE802.11 int overflow DoS]
- RESERVED
+CVE-2007-0457 (Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark ...)
- wireshark 0.99.4-4 (low)
[sarge] - ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-0456 [wireshark LLT dissector NULL deref]
- RESERVED
+CVE-2007-0456 (Unspecified vulnerability in the LLT dissector in Wireshark (formerly ...)
- wireshark 0.99.4-4 (low)
[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0455 (Buffer overflow in the gdImageStringFTEx function in gdft.c in GD ...)
@@ -428,7 +535,7 @@
RESERVED
CVE-2007-0450
RESERVED
-CVE-2007-0449 (Multiple buffer overflows in CA BrightStor ARCserve Backup for Laptops ...)
+CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve ...)
NOT-FOR-US: CA BrightStor
CVE-2007-0448
RESERVED
@@ -3856,7 +3963,7 @@
{DSA-1230-1}
- l2tpns 2.1.21-1 (medium; bug #401742)
NOTE: http://secunia.com/advisories/23230/
-CVE-2006-5872 (Unspecified vulnerability in login.pl in SQL Ledger before 2.6.21 ...)
+CVE-2006-5872 (login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows ...)
{DSA-1239-1}
- sql-ledger 2.6.21-1
CVE-2006-5871 (smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before ...)
@@ -9352,7 +9459,7 @@
RESERVED
CVE-2006-3446
RESERVED
-CVE-2006-3445 (Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 ...)
+CVE-2006-3445 (Integer overflow in the ReadWideString function in agentdpv.dll in ...)
NOT-FOR-US: Microsoft
CVE-2006-3444 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
NOT-FOR-US: Microsoft
@@ -12659,7 +12766,7 @@
NOT-FOR-US: OpenTTD
CVE-2006-1998 (OpenTTD 0.4.7 and earlier allows local users to cause a denial of ...)
NOT-FOR-US: OpenTTD
-CVE-2006-1997 (Unspecified vulnerability in Sybase Pylon Anywhere before 7.0 allows ...)
+CVE-2006-1997 (Unspecified vulnerability in Sybase Pylon Anywhere groupware ...)
NOT-FOR-US: Sybase Pylon Anywhere
CVE-2006-1996 (Scry Gallery 1.1 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: Scry Gallery
More information about the Secure-testing-commits
mailing list