[Secure-testing-commits] r5444 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Feb 12 08:14:11 UTC 2007
Author: joeyh
Date: 2007-02-12 09:14:08 +0100 (Mon, 12 Feb 2007)
New Revision: 5444
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-11 21:38:13 UTC (rev 5443)
+++ data/CVE/list 2007-02-12 08:14:08 UTC (rev 5444)
@@ -1,3 +1,47 @@
+CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote ...)
+ TODO: check
+CVE-2007-0869 (Cross-site scripting (XSS) vulnerability in the Attachment Manager ...)
+ TODO: check
+CVE-2007-0868 (Unspecified vulnerability in the Chat Room functionality in Yahoo! ...)
+ TODO: check
+CVE-2007-0867 (PHP remote file inclusion vulnerability in classes/menu.php in ...)
+ TODO: check
+CVE-2007-0866 (Unspecified vulnerability in HP OpenView Storage Data Protector on ...)
+ TODO: check
+CVE-2007-0865 (SQL injection vulnerability in comments.php in LushiNews 1.01 and ...)
+ TODO: check
+CVE-2007-0864 (SQL injection vulnerability in register.php in LushiWarPlaner 1.0 ...)
+ TODO: check
+CVE-2007-0863 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-0862 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-0861 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-0860 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-0859
+ RESERVED
+CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote ...)
+ TODO: check
+CVE-2006-6991 (Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote ...)
+ TODO: check
+CVE-2006-6990 (Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote ...)
+ TODO: check
+CVE-2006-6989 (Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows ...)
+ TODO: check
+CVE-2006-6988 (Cross-domain vulnerability in Slim Browser 4.07 build 100 allows ...)
+ TODO: check
+CVE-2006-6987 (Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote ...)
+ TODO: check
+CVE-2006-6986 (Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers ...)
+ TODO: check
+CVE-2006-6985 (Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote ...)
+ TODO: check
+CVE-2006-6984 (Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote ...)
+ TODO: check
+CVE-2006-6983 (Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote ...)
+ TODO: check
CVE-2007-XXXX [Firefox-sage XSS]
- firefox-sage <unfixed>
NOTE: http://secunia.com/advisories/24086/
@@ -441,8 +485,7 @@
NOT-FOR-US: Microsoft Excel
CVE-2007-0670 (Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local ...)
NOT-FOR-US: IBM AIX
-CVE-2007-0669 [TWiki CGI Session File Unspecified (local) Perl Code Execution]
- RESERVED
+CVE-2007-0669 (Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local ...)
- twiki <unfixed> (bug #410256)
CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in ...)
NOT-FOR-US: Sun Solaris.
@@ -963,8 +1006,8 @@
RESERVED
CVE-2007-0447
RESERVED
-CVE-2007-0446
- RESERVED
+CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for Hewlett-Packard ...)
+ TODO: check
CVE-2007-0445
RESERVED
CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) ...)
@@ -1869,7 +1912,7 @@
NOT-FOR-US: IMGallery
CVE-2007-0081 (Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and ...)
NOT-FOR-US: Sunbelt Kerio Personal Firewall
-CVE-2007-0080 (Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 ...)
+CVE-2007-0080 (** DISPUTED ** ...)
- freeradius <unfixed> (unimportant)
NOTE: Data triggering the buffer overflow can only be controlled by root
CVE-2007-0079 (rblog stores sensitive information under the web root with ...)
@@ -10051,7 +10094,7 @@
NOT-FOR-US: Mp3NetBox
CVE-2006-3366 (Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow ...)
NOT-FOR-US: V3 Chat
-CVE-2006-3365 (mail/index.php in V3 Chat allows remote attackers to obtain the ...)
+CVE-2006-3365 (V3 Chat allows remote attackers to obtain the installation path via ...)
NOT-FOR-US: V3 Chat
CVE-2006-3364 (SQL injection vulnerability in index.php in the NP_SEO plugin in ...)
NOT-FOR-US: BLOG:CMS
@@ -10836,7 +10879,8 @@
NOT-FOR-US: not packaged for Debian
CVE-2006-3009 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business ...)
NOT-FOR-US: not packaged for Debian
-CVE-2006-3008 (SQL injection vulnerability in index.php in Particle Links 1.2.2 ...)
+CVE-2006-3008
+ REJECTED
NOT-FOR-US: Particle Links
CVE-2006-3007 (Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 ...)
NOT-FOR-US: not packaged for Debian
@@ -10967,7 +11011,7 @@
NOT-FOR-US: Dmx Forum
CVE-2006-2946 (Dmx Forum 2.1a stores _includes/bd.inc under the web root with ...)
NOT-FOR-US: Dmx Forum
-CVE-2006-2945 (Unspecified vulnerability the user profile change functionality in ...)
+CVE-2006-2945 (Unspecified vulnerability in the user profile change functionality in ...)
- dokuwiki 0.0.20060309-4 (bug #373689; low)
CVE-2006-2944 (Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier ...)
NOT-FOR-US: FORM2MAIL
@@ -11380,7 +11424,7 @@
- firefox 1.5.dfsg+1.5.0.4-1 (medium)
- mozilla 2:1.7.13-0.3 (medium)
- xulrunner 1.8.0.4-1 (medium)
-CVE-2006-2781 (Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4 and ...)
+CVE-2006-2781 (Double-free vulnerability in nsVCard.cpp in Mozilla Thunderbird before ...)
{DSA-1134-1 DSA-1118}
NOTE: MFSA-2006-40
- thunderbird 1.5.0.4-1 (high)
@@ -12377,7 +12421,8 @@
NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2351 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch ...)
NOT-FOR-US: Ipswitch WhatsUp
-CVE-2006-2350 (SQL injection vulnerability in the inc/elementz.php script in AliPAGER ...)
+CVE-2006-2350
+ REJECTED
NOT-FOR-US: AliPAGER
CVE-2006-2349 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...)
NOT-FOR-US: E-Business Designer
@@ -12684,7 +12729,8 @@
NOT-FOR-US: Invision Power Board
CVE-2006-2216 (Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain ...)
NOT-FOR-US: OpenBB
-CVE-2006-2215 (Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.x ...)
+CVE-2006-2215
+ REJECTED
NOT-FOR-US: Albinator
CVE-2005-4797 (Directory traversal vulnerability in printd line printer daemon (lpd) ...)
NOT-FOR-US: Solaris
@@ -12773,7 +12819,7 @@
NOT-FOR-US: Truecrypt
CVE-2006-2182 (Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, ...)
NOT-FOR-US: albinator
-CVE-2006-2181 (Multiple cross-site scripting (XSS) vulnerabilities in albinator 2.0.8 ...)
+CVE-2006-2181 (Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 ...)
NOT-FOR-US: albinator
CVE-2006-2180 (Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers ...)
NOT-FOR-US: Golden FTP Server Pro
@@ -12789,13 +12835,13 @@
NOT-FOR-US: Fast Click
CVE-2006-2174 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Virtual Hosting Control System (VHCS)
-CVE-2006-2173 (Buffer overflow in FileZilla FTP Server allows remote authenticated ...)
+CVE-2006-2173 (Buffer overflow in FileZilla FTP Server 2.2.22 allows remote ...)
NOT-FOR-US: FileZilla FTP Server
CVE-2006-2172 (Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated ...)
NOT-FOR-US: Gene6 FTP Server
CVE-2006-2171 (Buffer overflow in WDM.exe in WarFTPD allows remote attackers to ...)
NOT-FOR-US: WarFTPD
-CVE-2006-2170 (Buffer overflow in ArgoSoft FTP Server allows remote attackers to ...)
+CVE-2006-2170 (Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers ...)
NOT-FOR-US: ArgoSoft FTP Server
CVE-2006-2169 (RT: Request Tracker 3.5.HEAD allows remote attackers to obtain ...)
- request-tracker3.4 <not-affected> (file not included in 3.4)
@@ -14951,7 +14997,7 @@
NOT-FOR-US: CuteNews
CVE-2006-1338 (Webmail in MailEnable Professional Edition before 1.73 and Enterprise ...)
NOT-FOR-US: MailEnable
-CVE-2006-1337 (Unspecified vulnerability in the POP service in MailEnable Standard ...)
+CVE-2006-1337 (Buffer overflow in the POP 3 (POP3) service in MailEnable Standard ...)
NOT-FOR-US: MailEnable
CVE-2006-1336 (Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0 ...)
NOT-FOR-US: ExtCalendar
@@ -15295,7 +15341,7 @@
NOT-FOR-US: Microsoft
CVE-2006-1190 (Microsoft Internet Explorer 5.01 through 6 does not always return the ...)
NOT-FOR-US: Microsoft
-CVE-2006-1189 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through ...)
+CVE-2006-1189 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 ...)
NOT-FOR-US: Microsoft
CVE-2006-1188 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...)
NOT-FOR-US: Microsoft
@@ -15655,7 +15701,7 @@
NOT-FOR-US: Dragonfly CMS
CVE-2006-1032 (Eval injection vulnerability in the decode function in rpc_decoder.php ...)
NOT-FOR-US: phpRPC
-CVE-2006-1031 (PHP local file include vulnerability in config/config_inc.php in ...)
+CVE-2006-1031 (config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote ...)
NOT-FOR-US: iGENUS Webmail
CVE-2006-1030 (Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 ...)
NOT-FOR-US: Joomla!
@@ -16282,7 +16328,7 @@
[sarge] - honeyd <no-dsa> (Too insignificant)
CVE-2006-0751 (Multiple unspecified vulnerabilities in the (1) Filesystem in ...)
NOT-FOR-US: Network Object Oriented File System (NOOFS)
-CVE-2006-0750 (SQL injection vulnerability in index.php in supersmashbrothers (SSB) ...)
+CVE-2006-0750 (SQL injection vulnerability in army.php in supersmashbrothers (SSB) ...)
NOT-FOR-US: supersmashbrothers
CVE-2006-0749 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
@@ -17629,7 +17675,7 @@
NOT-FOR-US: WhiteAlbum
CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows ...)
NOT-FOR-US: microBlog
-CVE-2006-0233 (Cross-site scripting (XSS) vulnerability in microBlog 2.0 RC-10 allows ...)
+CVE-2006-0233 (Cross-site scripting (XSS) vulnerability in functions.php in microBlog ...)
NOT-FOR-US: microBlog
CVE-2006-0232 (Symantec Scan Engine 5.0.0.24, and possibly other versions before ...)
NOT-FOR-US: Symantec Scan Engine
@@ -17891,7 +17937,7 @@
- cacti 0.8.6d-1
CVE-2006-0145 (The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and ...)
NOT-FOR-US: NetBSD
-CVE-2006-0144 (The proxy server feature in go-pear.php in PHP PEAR 0.2.2 allows ...)
+CVE-2006-0144 (The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in ...)
NOT-FOR-US: Neither php-pear nor php4-pear ship this file
CVE-2006-0143 (Microsoft Windows Graphics Rendering Engine (GRE) allows remote ...)
NOT-FOR-US: Windows
More information about the Secure-testing-commits
mailing list