[Secure-testing-commits] r5430 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Fri Feb 9 09:14:11 CET 2007
Author: joeyh
Date: 2007-02-09 09:14:08 +0100 (Fri, 09 Feb 2007)
New Revision: 5430
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-09 07:18:45 UTC (rev 5429)
+++ data/CVE/list 2007-02-09 08:14:08 UTC (rev 5430)
@@ -1,4 +1,213 @@
-CVE-2007-0844 [pam_ssh "allow_blank_passphrase" Bypass Security Issue]
+CVE-2007-0858
+ RESERVED
+CVE-2007-0857 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before ...)
+ TODO: check
+CVE-2007-0856 (TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module ...)
+ TODO: check
+CVE-2007-0855 (Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR ...)
+ TODO: check
+CVE-2007-0854 (Remote file inclusion vulnerability in objcache in cPanel WebHost ...)
+ TODO: check
+CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers ...)
+ TODO: check
+CVE-2007-0852 (Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote ...)
+ TODO: check
+CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300, before ...)
+ TODO: check
+CVE-2007-0850 (scripts/cronscript.php in SysCP 1.2.15 and earlier includes and ...)
+ TODO: check
+CVE-2007-0849 (scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly ...)
+ TODO: check
+CVE-2007-0848 (PHP remote file inclusion vulnerability in classes/class_mail.inc.php ...)
+ TODO: check
+CVE-2007-0847 (SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server ...)
+ TODO: check
+CVE-2007-0846 (Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia ...)
+ TODO: check
+CVE-2007-0845 (admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote ...)
+ TODO: check
+CVE-2007-0843
+ RESERVED
+CVE-2007-0842
+ RESERVED
+CVE-2007-0841 (Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have ...)
+ TODO: check
+CVE-2007-0840 (Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows ...)
+ TODO: check
+CVE-2007-0839 (Multiple PHP remote file inclusion vulnerabilities in ...)
+ TODO: check
+CVE-2007-0838 (FreeProxy before 3.92 Build 1626 allows malicious users to cause a ...)
+ TODO: check
+CVE-2007-0837 (PHP remote file inclusion vulnerability in examples/inc/top.inc.php in ...)
+ TODO: check
+CVE-2007-0836 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, ...)
+ TODO: check
+CVE-2007-0835 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, ...)
+ TODO: check
+CVE-2007-0834 (Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows ...)
+ TODO: check
+CVE-2007-0833 (VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and ...)
+ TODO: check
+CVE-2007-0832 (VMware Workstation 5.5.3 34685 does not immediately change the ...)
+ TODO: check
+CVE-2007-0831 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in ...)
+ TODO: check
+CVE-2007-0830 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-0829 (avast! Server Edition before 4.7.726 does not demand a password in a ...)
+ TODO: check
+CVE-2007-0828 (PHP remote file inclusion vulnerability in affichearticles.php3 in ...)
+ TODO: check
+CVE-2007-0827 (The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote ...)
+ TODO: check
+CVE-2007-0826 (SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows ...)
+ TODO: check
+CVE-2007-0825 (FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of ...)
+ TODO: check
+CVE-2007-0824 (PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS ...)
+ TODO: check
+CVE-2007-0823 (xterm on Slackware Linux 10.2 stores information that had been ...)
+ TODO: check
+CVE-2007-0822 (umount, when running with the Linux 2.6.15 kernel on Slackware Linux ...)
+ TODO: check
+CVE-2007-0821 (Multiple directory traversal vulnerabilities in Cedric CLAIRE ...)
+ TODO: check
+CVE-2007-0820 (Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE ...)
+ TODO: check
+CVE-2007-0819 (HP Network Node Manager (NNM) Remote Console 7.50 assigns Everyone ...)
+ TODO: check
+CVE-2007-0818
+ REJECTED
+ TODO: check
+CVE-2007-0817 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web ...)
+ TODO: check
+CVE-2007-0816 (CA RPC Server service (catirpc.exe) for BrightStor ARCserve Backup ...)
+ TODO: check
+CVE-2007-0815 (Cross-site scripting (XSS) vulnerability in images_archive.asp in ...)
+ TODO: check
+CVE-2007-0814 (Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP ...)
+ TODO: check
+CVE-2007-0813 (Cross-site scripting (XSS) vulnerability in Home production ...)
+ TODO: check
+CVE-2007-0812 (SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) ...)
+ TODO: check
+CVE-2007-0811 (Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on ...)
+ TODO: check
+CVE-2007-0810 (PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in ...)
+ TODO: check
+CVE-2007-0809 (PHP remote file inclusion vulnerability in includes/class_template.php ...)
+ TODO: check
+CVE-2007-0808 (PHP remote file inclusion vulnerability in Mina Ajans Script allows ...)
+ TODO: check
+CVE-2007-0807 (Cross-site scripting (XSS) vulnerability in info.php in flashChat ...)
+ TODO: check
+CVE-2007-0806 (Les News 2.2 allows remote attackers to bypass authentication and gain ...)
+ TODO: check
+CVE-2007-0805 (The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local ...)
+ TODO: check
+CVE-2007-0804 (Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 ...)
+ TODO: check
+CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote ...)
+ TODO: check
+CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...)
+ TODO: check
+CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox ...)
+ TODO: check
+CVE-2007-0800 (Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked ...)
+ TODO: check
+CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 ...)
+ TODO: check
+CVE-2007-0798 (Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload ...)
+ TODO: check
+CVE-2007-0797 (PHP remote file inclusion vulnerability in theme/settings.php in ...)
+ TODO: check
+CVE-2007-0796 (Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, ...)
+ TODO: check
+CVE-2007-0795 (Multiple PHP remote file inclusion vulnerabilities in Wap Portal ...)
+ TODO: check
+CVE-2007-0794 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-0793 (PHP remote file inclusion vulnerability in inc/common.php in ...)
+ TODO: check
+CVE-2007-0792 (The mod_perl initialization script in Bugzilla 2.23.3 does not set the ...)
+ TODO: check
+CVE-2007-0791 (Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla ...)
+ TODO: check
+CVE-2007-0790 (Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP ...)
+ TODO: check
+CVE-2007-0789 (SQL injection vulnerability in Mambo before 4.5.5 allows remote ...)
+ TODO: check
+CVE-2007-0788 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before ...)
+ TODO: check
+CVE-2007-0787 (PHP remote file inclusion vulnerability in controller.php in Simple ...)
+ TODO: check
+CVE-2007-0786 (SQL injection vulnerability in view.php in Noname Media Photo Galerie ...)
+ TODO: check
+CVE-2007-0785 (PHP remote file inclusion vulnerability in previewtheme.php in ...)
+ TODO: check
+CVE-2007-0784 (SQL injection vulnerability in login.asp for tPassword in the Raymond ...)
+ TODO: check
+CVE-2007-0783
+ RESERVED
+CVE-2007-0782
+ RESERVED
+CVE-2007-0781
+ RESERVED
+CVE-2007-0780
+ RESERVED
+CVE-2007-0779
+ RESERVED
+CVE-2007-0778
+ RESERVED
+CVE-2007-0777
+ RESERVED
+CVE-2007-0776
+ RESERVED
+CVE-2007-0775
+ RESERVED
+CVE-2007-0774
+ RESERVED
+CVE-2007-0773
+ RESERVED
+CVE-2007-0772
+ RESERVED
+CVE-2007-0771
+ RESERVED
+CVE-2007-0770
+ RESERVED
+CVE-2006-6982 (3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic ...)
+ TODO: check
+CVE-2006-6981 (3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows ...)
+ TODO: check
+CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to cause a ...)
+ TODO: check
+CVE-2006-6979 (The ruby handlers in Amarok do not properly quote text in certain ...)
+ TODO: check
+CVE-2006-6978 (Cross-site scripting (XSS) vulnerability in the "Basic Toolbar ...)
+ TODO: check
+CVE-2006-6977 (Cross-site scripting (XSS) vulnerability in the "Basic Toolbar ...)
+ TODO: check
+CVE-2006-6976 (PHP remote file inclusion vulnerability in centipaid_class.php in ...)
+ TODO: check
+CVE-2006-6975 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-6974 (Headstart Solutions DeskPRO stores sensitive information under the web ...)
+ TODO: check
+CVE-2006-6973 (Headstart Solutions DeskPRO does not require authentication for ...)
+ TODO: check
+CVE-2006-6972 (SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows ...)
+ TODO: check
+CVE-2006-6971 (Mozilla Firefox 2.0, possibly only when running on Windows, allows ...)
+ TODO: check
+CVE-2006-6970 (Opera 9.10 Final allows remote attackers to bypass the Fraud ...)
+ TODO: check
+CVE-2006-6969 (Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 ...)
+ TODO: check
+CVE-2005-4827 (Internet Explorer 6.0, and possibly other versions, allows remote ...)
+ TODO: check
+CVE-2003-1319 (Multiple buffer overflows in SmartFTP 1.0.973, and other versions ...)
+ TODO: check
+CVE-2007-0844 (The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when ...)
- libpam-ssh <unfixed> (bug #410236; medium)
CVE-2007-0769 (** DISPUTED ** ...)
NOT-FOR-US: Phorum
@@ -210,15 +419,15 @@
NOT-FOR-US: (CA) BrightStor
CVE-2007-0671 (Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 ...)
NOT-FOR-US: Microsoft Excel
-CVE-2007-0670 (Buffer overflow in bos.rte.libc in IBM AIX 5.3 allows local users to ...)
+CVE-2007-0670 (Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local ...)
NOT-FOR-US: IBM AIX
CVE-2007-0669
RESERVED
CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in ...)
NOT-FOR-US: Sun Solaris.
-CVE-2007-0667 (Unspecified vulnerability in (1) LedgerSMB before 1.1.5 and (2) ...)
+CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...)
- sql-ledger <unfixed> (bug #409703)
-CVE-2007-0666 (Ipswitch WS_FTP Server 5.04 allows attackers to execute arbitrary code ...)
+CVE-2007-0666 (Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute ...)
NOT-FOR-US: WS_FTP Server
CVE-2007-0665 (Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 ...)
NOT-FOR-US: WS_FTP Server
@@ -496,7 +705,7 @@
- wordpress 2.1.0-1 (low)
CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote attackers to ...)
NOT-FOR-US: Telligent
-CVE-2007-0537 (Konqueror 3.5.5 does not properly parse HTML comments, which allows ...)
+CVE-2007-0537 (The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not ...)
- kdelibs 4:3.5.5a.dfsg.1-6 (bug #409868; medium)
CVE-2007-0536 (The chroot helper in rMake for rPath Linux 1 does not drop ...)
NOT-FOR-US: rPath
@@ -593,7 +802,7 @@
NOT-FOR-US: Huawei
CVE-2007-0487 (PHP remote file inclusion vulnerability in index.php in FreeForum ...)
NOT-FOR-US: FreeForum
-CVE-2007-0486 (Multiple PHP remote file inclusion vulnerabilities in Openads (aka ...)
+CVE-2007-0486 (** DISPUTED ** ...)
NOT-FOR-US: Openads
CVE-2007-0485 (PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 ...)
NOT-FOR-US: Webdev
@@ -611,7 +820,7 @@
NOT-FOR-US: Cisco
CVE-2007-0478 (Apple Safari does not properly parse HTML comments, which allows ...)
NOT-FOR-US: Apple Safari
-CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads before 2.3.31 (aka ...)
+CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads 2.0.x before ...)
NOT-FOR-US: Openads
CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, ...)
- openldap2 <not-affected> (Gentoo packaging bug)
@@ -714,7 +923,7 @@
[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0455 (Buffer overflow in the gdImageStringFTEx function in gdft.c in GD ...)
- libgd2 <unfixed> (bug #408982; low)
-CVE-2007-0454 (Format string vulnerability in the afsacl.so VFS module Samba 3.0.6 ...)
+CVE-2007-0454 (Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 ...)
{DSA-1257}
- samba 3.0.23d-5 (medium)
CVE-2007-0453 (Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 ...)
@@ -752,7 +961,7 @@
RESERVED
CVE-2007-0437
RESERVED
-CVE-2007-0436 (Unspecified vulnerability in Barron McCann X-Kryptor Driver ...)
+CVE-2007-0436 (Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install ...)
NOT-FOR-US: X-Kryptor
CVE-2005-4824 (PHP remote file inclusion vulnerability in web/classes.php in ...)
NOT-FOR-US: siteframe
@@ -2246,7 +2455,7 @@
NOT-FOR-US: Oracle Portal
CVE-2006-6702 (Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before ...)
NOT-FOR-US: @Mail
-CVE-2006-6701 (Cross-site request forgery (CSRF) vulnerability in @Mail WebMail ...)
+CVE-2006-6701 (Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail ...)
NOT-FOR-US: @Mail
CVE-2006-6700 (Cross-site scripting (XSS) vulnerability in @Mail WebMail allows ...)
NOT-FOR-US: @Mail
@@ -2362,8 +2571,8 @@
RESERVED
CVE-2007-0007
RESERVED
-CVE-2007-0006
- RESERVED
+CVE-2007-0006 (The key serial number collision avoidance code in the key_alloc_serial ...)
+ TODO: check
CVE-2007-0005
RESERVED
CVE-2007-0004
@@ -3356,7 +3565,7 @@
NOT-FOR-US: Sorin Chitu Telnet-FTP Server
CVE-2006-6240 (Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 ...)
NOT-FOR-US: Sorin Chitu Telnet-FTP Server
-CVE-2006-6239 (webadmin in MailEnable NetWebAdmin Profession 2.32 and Enterprise 2.32 ...)
+CVE-2006-6239 (webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise ...)
NOT-FOR-US: MailEnable NetWebAdmin
CVE-2006-6238 (The AutoFill feature in Apple Safari 2.0.4 does not properly verify ...)
NOT-FOR-US: Apple Safari
@@ -10422,10 +10631,10 @@
NOT-FOR-US: EZGallery
CVE-2006-3086 (Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName ...)
NOT-FOR-US: Microsoft
-CVE-2006-3084 (The (1) ftpd and (2) ksu programs in MIT Kerberos 5 (krb5) up to 1.5, ...)
+CVE-2006-3084 (The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to ...)
{DSA-1146-1}
- krb5 1.4.3-9 (medium)
-CVE-2006-3083 (The (1) krshd and (2) v4rcp applications in MIT Kerberos 5 (krb5) up ...)
+CVE-2006-3083 (The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) ...)
{DSA-1146-1}
- krb5 1.4.3-9 (medium)
CVE-2006-3082 (parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, ...)
@@ -12440,10 +12649,10 @@
NOT-FOR-US: zawhttpd
CVE-2006-2221 (A third-party installer generation tool, possibly BitRock ...)
- ejabberd <not-affected> (only binary distribution is affected)
-CVE-2006-2220
- RESERVED
-CVE-2006-2219
- RESERVED
+CVE-2006-2220 (phpBB 2.0.20 does not properly verify user-specified input variables ...)
+ TODO: check
+CVE-2006-2219 (phpBB 2.0.20 does not verify user-specified input variable types ...)
+ TODO: check
CVE-2006-2218 (Unspecified vulnerability in Internet Explorer 6.0 on Microsoft ...)
NOT-FOR-US: MS IE
CVE-2006-2217 (SQL injection vulnerability in index.php in Invision Power Board ...)
@@ -13353,7 +13562,7 @@
NOT-FOR-US: ShoutBOOK
CVE-2006-1841 (Cross-site scripting (XSS) vulnerability in search.php in boastMachine ...)
NOT-FOR-US: boastMachine
-CVE-2006-1840 (Multiple unspecified vulnerabilities in Empire Server before 4.3.1 ...)
+CVE-2006-1840 (Multiple format string vulnerabilities in Empire Server before 4.3.1 ...)
NOT-FOR-US: Wolfpack Empire Server (vms-empire in Debian is a different game)
CVE-2006-1839 (PHP remote file inclusion vulnerability in language.php in PHP Album ...)
NOT-FOR-US: PHP Album
@@ -15109,8 +15318,8 @@
CVE-2006-1168 (The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) ...)
{DSA-1149-1}
- ncompress 4.2.4-16
-CVE-2006-1167
- RESERVED
+CVE-2006-1167 (SGI ProPack 3 SP6 kernel displays the frame buffer contents of the ...)
+ TODO: check
CVE-2006-1165 (Cross-site scripting (XSS) vulnerability in the mediamanager module in ...)
- dokuwiki 0.0.20060309-3 (bug #357436)
CVE-2006-1164 (Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file ...)
@@ -22434,7 +22643,7 @@
- linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
CVE-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 ...)
NOT-FOR-US: jportal
-CVE-2005-3051 (Stack-based buffer overflow in 7-Zip 3.13, 4.23, and 4.26 BETA, as ...)
+CVE-2005-3051 (Stack-based buffer overflow in the ARJ plugin (arj.dll) 3.9.2.0 for ...)
NOT-FOR-US: 7-Zip
CVE-2005-3050 (PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information ...)
NOT-FOR-US: PhpMyFaq
@@ -27035,7 +27244,7 @@
CVE-2005-1958
REJECTED
NOTE: see CVE-2005-1855
-CVE-2005-1957 (File Upload Manager does not properly check user authentication for ...)
+CVE-2005-1957 (mtnpeak.net File Upload Manager does not properly check user ...)
NOT-FOR-US: File Upload Manager
CVE-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...)
NOT-FOR-US: File Upload Manager
@@ -28280,7 +28489,7 @@
NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1488 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail ...)
NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
-CVE-2005-1487 (Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote ...)
+CVE-2005-1487 (** DISPUTED ** ...)
NOT-FOR-US: FishCart
CVE-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow ...)
NOT-FOR-US: FishCart
More information about the Secure-testing-commits
mailing list