[Secure-testing-commits] r5463 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Fri Feb 16 20:14:39 UTC 2007
Author: joeyh
Date: 2007-02-16 21:14:34 +0100 (Fri, 16 Feb 2007)
New Revision: 5463
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-15 21:54:35 UTC (rev 5462)
+++ data/CVE/list 2007-02-16 20:14:34 UTC (rev 5463)
@@ -1,3 +1,169 @@
+CVE-2007-0981 (Mozilla based browsers allows remote attackers to bypass the same ...)
+ TODO: check
+CVE-2007-0980 (Unspecified vulnerability in HP Serviceguard for Linux; packaged for ...)
+ TODO: check
+CVE-2007-0979 (Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before ...)
+ TODO: check
+CVE-2007-0978 (Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain ...)
+ TODO: check
+CVE-2007-0977 (IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all ...)
+ TODO: check
+CVE-2007-0976 (Buffer overflow in the ActSoft DVD-Tools ActiveX control ...)
+ TODO: check
+CVE-2007-0975 (Variable extraction vulnerability in Ian Bezanson Apache Stats before ...)
+ TODO: check
+CVE-2007-0974 (Multiple unspecified vulnerabilities in Ian Bezanson DropBox before ...)
+ TODO: check
+CVE-2007-0973 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2007-0972 (Unrestricted file upload vulnerability in modules/emoticons.php in ...)
+ TODO: check
+CVE-2007-0971 (Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow ...)
+ TODO: check
+CVE-2007-0970 (Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and ...)
+ TODO: check
+CVE-2007-0969 (Multiple cross-site scripting (XSS) vulnerabilities in WebTester ...)
+ TODO: check
+CVE-2007-0968 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) ...)
+ TODO: check
+CVE-2007-0967 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows ...)
+ TODO: check
+CVE-2007-0966 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the ...)
+ TODO: check
+CVE-2007-0965 (Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to ...)
+ TODO: check
+CVE-2007-0964 (Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to ...)
+ TODO: check
+CVE-2007-0963 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x ...)
+ TODO: check
+CVE-2007-0962 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before ...)
+ TODO: check
+CVE-2007-0961 (Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before ...)
+ TODO: check
+CVE-2007-0960 (Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series ...)
+ TODO: check
+CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when ...)
+ TODO: check
+CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable ...)
+ TODO: check
+CVE-2007-0957
+ RESERVED
+CVE-2007-0956
+ RESERVED
+CVE-2007-0955 (The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable ...)
+ TODO: check
+CVE-2007-0954 (MOHA Chat 0.1b7 and earlier does not require authentication for use of ...)
+ TODO: check
+CVE-2007-0953 (Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 ...)
+ TODO: check
+CVE-2007-0952 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net ...)
+ TODO: check
+CVE-2007-0951 (SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting ...)
+ TODO: check
+CVE-2007-0950 (Cross-site scripting (XSS) vulnerability in listmain.asp in ...)
+ TODO: check
+CVE-2007-0949 (Stack-based buffer overflow in iTinySoft Studio Total Video Player ...)
+ TODO: check
+CVE-2007-0948
+ RESERVED
+CVE-2007-0947
+ RESERVED
+CVE-2007-0946
+ RESERVED
+CVE-2007-0945
+ RESERVED
+CVE-2007-0944
+ RESERVED
+CVE-2007-0943
+ RESERVED
+CVE-2007-0942
+ RESERVED
+CVE-2007-0941
+ RESERVED
+CVE-2007-0940
+ RESERVED
+CVE-2007-0939
+ RESERVED
+CVE-2007-0938
+ RESERVED
+CVE-2007-0937
+ RESERVED
+CVE-2007-0936
+ RESERVED
+CVE-2007-0935
+ RESERVED
+CVE-2007-0934
+ RESERVED
+CVE-2007-0933
+ RESERVED
+CVE-2007-0932 (Unspecified vulnerability in Aruba Mobility Controller 200, 800, 2400, ...)
+ TODO: check
+CVE-2007-0931 (Buffer overflow in the management interface for Aruba Mobility ...)
+ TODO: check
+CVE-2007-0930 (Variable extract vulnerability in Apache Stats before 0.0.3beta allows ...)
+ TODO: check
+CVE-2007-0929 (Directory traversal vulnerability in php rrd browser before 0.2.1 ...)
+ TODO: check
+CVE-2007-0928 (Virtual Calendar stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2007-0927 (Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to ...)
+ TODO: check
+CVE-2007-0926 (The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows ...)
+ TODO: check
+CVE-2007-0925 (Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx ...)
+ TODO: check
+CVE-2007-0924 (Till Gerken phpPolls 1.0.3 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2007-0923 (buscador/buscador.htm in Portal Search allows remote attackers to ...)
+ TODO: check
+CVE-2007-0922 (Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in ...)
+ TODO: check
+CVE-2007-0921 (Portal Search allows remote attackers to redirect a URL to an ...)
+ TODO: check
+CVE-2007-0920 (SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 ...)
+ TODO: check
+CVE-2007-0919 (Directory traversal vulnerability in Nickolas Grigoriadis Mini Web ...)
+ TODO: check
+CVE-2007-0918 (The ATOMIC.TCP signature engine in the Intrusion Prevention System ...)
+ TODO: check
+CVE-2007-0917 (The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to ...)
+ TODO: check
+CVE-2007-0916 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
+ TODO: check
+CVE-2007-0915 (Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers ...)
+ TODO: check
+CVE-2007-0914 (Race condition in the TCP subsystem for Solaris 10 allows remote ...)
+ TODO: check
+CVE-2007-0913 (Unspecified vulnerability in Microsoft Powerpoint allows remote ...)
+ TODO: check
+CVE-2006-7024 (Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 ...)
+ TODO: check
+CVE-2006-7023 (Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 ...)
+ TODO: check
+CVE-2006-7022 (The Tools module in fx-APP 0.0.8.1 allows remote attackers to ...)
+ TODO: check
+CVE-2006-7021 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-7020 (CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php ...)
+ TODO: check
+CVE-2006-7019 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote ...)
+ TODO: check
+CVE-2006-7018 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote ...)
+ TODO: check
+CVE-2006-7017 (Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 ...)
+ TODO: check
+CVE-2006-7016 (phpjobboard allows remote attackers to bypass authentication and gain ...)
+ TODO: check
+CVE-2006-7015 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-7014 (admin.php in BloggIT 1.01 and earlier does not properly establish a ...)
+ TODO: check
+CVE-2006-7013 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-7012 (scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary ...)
+ TODO: check
+CVE-2006-7011 (** DISPUTED ** ...)
+ TODO: check
CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php ...)
NOT-FOR-US: JPortal
CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...)
@@ -65,7 +231,7 @@
- mimedefang <not-affected> (Only versions 2.59 and 2.60 vulnerable)
CVE-2007-0883 (Directory traversal vulnerability in ...)
NOT-FOR-US: IP3 NetAccess
-CVE-2007-0882 (The telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and ...)
+CVE-2007-0882 (Argument injection vulnerability in the telnet daemon (in.telnetd) in ...)
NOT-FOR-US: Sun Solaris
CVE-2007-0881 (PHP remote file inclusion vulnerability in the Seitenschutz plugin for ...)
NOT-FOR-US: OPENi-CMS
@@ -151,8 +317,8 @@
NOT-FOR-US: phpCOIN
CVE-2007-0860 (** DISPUTED ** ...)
NOT-FOR-US: local Calendar System
-CVE-2007-0859
- RESERVED
+CVE-2007-0859 (The Find feature in Palm OS Treo smart phones operates despite the ...)
+ TODO: check
CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote ...)
NOT-FOR-US: GoSuRF Browser
CVE-2006-6991 (Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote ...)
@@ -205,7 +371,7 @@
NOT-FOR-US: DevTrack
CVE-2007-0852 (Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote ...)
NOT-FOR-US: DevTrack
-CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300, before ...)
+CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before ...)
NOT-FOR-US: Trend Micro Scan Engine
CVE-2007-0850 (scripts/cronscript.php in SysCP 1.2.15 and earlier includes and ...)
NOT-FOR-US: SysCP
@@ -652,10 +818,10 @@
RESERVED
CVE-2007-0653
RESERVED
-CVE-2007-0652
- RESERVED
-CVE-2007-0651
- RESERVED
+CVE-2007-0652 (Cross-site request forgery (CSRF) vulnerability in MailEnable Professional ...)
+ TODO: check
+CVE-2007-0651 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable ...)
+ TODO: check
CVE-2007-0650 (Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 ...)
- tetex-bin <not-affected> (Only vulnerable if compiled w/o kpathsea support, Debian does)
CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in OpenEMR ...)
@@ -1417,8 +1583,8 @@
RESERVED
CVE-2007-0325
RESERVED
-CVE-2007-0324
- RESERVED
+CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in ...)
+ TODO: check
CVE-2007-0323
RESERVED
CVE-2007-0322
@@ -4582,10 +4748,10 @@
NOT-FOR-US: Network Administration Visualized
CVE-2006-5861 (The Independent Management Architecture (IMA) service (ImaSrv.exe) in ...)
NOT-FOR-US: Citrix
-CVE-2006-5860
- RESERVED
-CVE-2006-5859
- RESERVED
+CVE-2006-5860 (Cross-site scripting (XSS) vulnerability in the administrator console ...)
+ TODO: check
+CVE-2006-5859 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 ...)
+ TODO: check
CVE-2006-5858 (Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft ...)
NOT-FOR-US: Adobe
CVE-2006-5857 (Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote ...)
@@ -10018,7 +10184,7 @@
NOT-FOR-US: Microsoft
CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, ...)
NOT-FOR-US: Microsoft
-CVE-2006-3448 (The Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, ...)
+CVE-2006-3448 (Buffer overflow in the Step-by-Step Interactive Training in Microsoft ...)
TODO: check
CVE-2006-3447
RESERVED
@@ -13274,7 +13440,7 @@
- resmgr <not-affected>
CVE-2006-XXXX [librsvg2 crash on certain svg files]
- librsvg 2.14.3-2 (bug #361653; bug #361540; medium)
-CVE-2006-2018 (** DISPUTED ** ...)
+CVE-2006-2018 (SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows ...)
NOT-FOR-US: vBulletin
CVE-2006-2017 (Dnsmasq 2.29 allows remote attackers to cause a denial of service ...)
- dnsmasq 2.30-1 (medium)
@@ -15704,7 +15870,7 @@
- linux-2.6 2.6.15+2.6.16-rc5-0experimental.1 (low)
CVE-2006-1051 (SQL injection vulnerability in Akarru Social BookMarking Engine before ...)
NOT-FOR-US: Akurru Social BookMarking Engine
-CVE-2006-1050 (Kwik-Pay Payroll 4.2.20, and possibly other versions, stores the ...)
+CVE-2006-1050 (** DISPUTED ** ...)
NOT-FOR-US: Kwik-Pay Payroll
CVE-2005-4728 (Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian ...)
- amaya 9.4-1 (bug #341424)
@@ -17635,7 +17801,7 @@
NOT-FOR-US: Oracle
CVE-2006-0271 (Unspecified vulnerability in the Upgrade & Downgrade component of ...)
NOT-FOR-US: Oracle
-CVE-2006-0270 (Unspecified vulnerability in the TDE Wallet component of Oracle ...)
+CVE-2006-0270 (Unspecified vulnerability in the Transparent Data Encryption (TDE) ...)
NOT-FOR-US: Oracle
CVE-2006-0269 (Unspecified vulnerability in the Streams Capture component of Oracle ...)
NOT-FOR-US: Oracle
@@ -24939,7 +25105,7 @@
NOT-FOR-US: PHP Surveyor
CVE-2005-2379 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports ...)
NOT-FOR-US: Oracle Reports
-CVE-2005-2378 (Oracle Reports allows remote attackers to read arbitrary files via an ...)
+CVE-2005-2378 (Directory traversal vulnerability in Oracle Reports allows remote ...)
NOT-FOR-US: Oracle Reports
CVE-2005-2377 (nss_ldap 181 to versions before 213, as used in Mandrake Corporate ...)
- libnss-ldap <not-affected> (Mandrake specfic vulnerability)
@@ -24953,7 +25119,7 @@
NOT-FOR-US: SlimFTPd
CVE-2005-2372 (Oracle Forms 4.5 through 10g starts form executables from arbitrary ...)
NOT-FOR-US: Oracle Forms
-CVE-2005-2371 (Unknown vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows ...)
+CVE-2005-2371 (Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and ...)
NOT-FOR-US: Oracle Reports
CVE-2005-2370 (Multiple "memory alignment errors" in libgadu, as used in ekg before ...)
{DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
More information about the Secure-testing-commits
mailing list