[Secure-testing-commits] r5233 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Jan 10 21:14:22 CET 2007
Author: joeyh
Date: 2007-01-10 21:14:20 +0100 (Wed, 10 Jan 2007)
New Revision: 5233
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-10 18:46:17 UTC (rev 5232)
+++ data/CVE/list 2007-01-10 20:14:20 UTC (rev 5233)
@@ -1,3 +1,77 @@
+CVE-2007-0167 (Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search ...)
+ TODO: check
+CVE-2007-0166
+ RESERVED
+CVE-2007-0165 (Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows ...)
+ TODO: check
+CVE-2007-0164 (Camouflage 1.2.1 embeds password information in the carrier file, ...)
+ TODO: check
+CVE-2007-0163 (SecureKit Steganography 1.7.1 and 1.8 embeds password information in ...)
+ TODO: check
+CVE-2007-0162 (Unsanity Application Enhancer (APE) 2.0.2 installs with insecure ...)
+ TODO: check
+CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as ...)
+ TODO: check
+CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support ...)
+ TODO: check
+CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...)
+ TODO: check
+CVE-2007-0158
+ RESERVED
+CVE-2007-0157 (Array index error in the uri_lookup function in the URI parser for ...)
+ TODO: check
+CVE-2007-0156 (M-Core stores the database under the web document root, which allows ...)
+ TODO: check
+CVE-2007-0155 (HarikaOnline 2.0 stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2007-0154 (Webulas stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2007-0153 (AJLogin 3.5 stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2007-0152 (OhhASP stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2007-0151 (MitiSoft stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2007-0150 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2007-0149 (EMembersPro 1.0 stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2007-0148 (Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote ...)
+ TODO: check
+CVE-2007-0147 (Cuyahoga before 1.0.1 installs the FCKEditor component with an ...)
+ TODO: check
+CVE-2007-0146 (Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips ...)
+ TODO: check
+CVE-2007-0145 (PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP ...)
+ TODO: check
+CVE-2007-0144 (Cross-site scripting (XSS) vulnerability in search.asp in Digitizing ...)
+ TODO: check
+CVE-2007-0143 (Multiple PHP remote file inclusion vulnerabilities in NUNE News Script ...)
+ TODO: check
+CVE-2007-0142 (SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce ...)
+ TODO: check
+CVE-2007-0141 (Cross-site scripting (XSS) vulnerability in yald.php in Yet Another ...)
+ TODO: check
+CVE-2007-0140 (SQL injection vulnerability in down.asp in Kolayindir Download ...)
+ TODO: check
+CVE-2006-6915 (ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to ...)
+ TODO: check
+CVE-2006-6914 (Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows ...)
+ TODO: check
+CVE-2006-6913 (Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote ...)
+ TODO: check
+CVE-2006-6912 (SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows ...)
+ TODO: check
+CVE-2006-6911 (SQL injection vulnerability in search.asp in Digitizing Quote And ...)
+ TODO: check
+CVE-2004-2675 (ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users ...)
+ TODO: check
+CVE-2004-2674 (Directory traversal vulnerability in ArGoSoft FTP Server before ...)
+ TODO: check
+CVE-2004-2673 (Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow ...)
+ TODO: check
+CVE-2004-2672 (Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows ...)
+ TODO: check
CVE-2007-0139 (Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in ...)
NOT-FOR-US: DECnet-Plus
CVE-2007-0138 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO ...)
@@ -338,28 +412,28 @@
RESERVED
CVE-2007-0035
RESERVED
-CVE-2007-0034
- RESERVED
-CVE-2007-0033
- RESERVED
+CVE-2007-0034 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers ...)
+ TODO: check
+CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to ...)
+ TODO: check
CVE-2007-0032
RESERVED
-CVE-2007-0031
- RESERVED
-CVE-2007-0030
- RESERVED
-CVE-2007-0029
- RESERVED
-CVE-2007-0028
- RESERVED
-CVE-2007-0027
- RESERVED
+CVE-2007-0031 (Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, ...)
+ TODO: check
+CVE-2007-0030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X ...)
+ TODO: check
+CVE-2007-0029 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...)
+ TODO: check
+CVE-2007-0028 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...)
+ TODO: check
+CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...)
+ TODO: check
CVE-2007-0026
RESERVED
CVE-2007-0025
RESERVED
-CVE-2007-0024
- RESERVED
+CVE-2007-0024 (Integer overflow in the Vector Markup Language (VML) implementation ...)
+ TODO: check
CVE-2007-0023
RESERVED
CVE-2007-0022
@@ -484,7 +558,7 @@
NOT-FOR-US: Mxmania File Upload Manager
CVE-2006-6812 (Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar ...)
NOT-FOR-US: myPHPCalendar
-CVE-2006-6811 (Buffer overflow in KsIRC 1.3.12 allows remote attackers to execute ...)
+CVE-2006-6811 (KsIRC 1.3.12 allows remote attackers to cause a denial of service ...)
- kdenetwork <unfixed> (bug #405828)
CVE-2006-6810 (Unspecified vulnerability in the clear_user_list function in ...)
NOT-FOR-US: DB Hub
@@ -536,7 +610,7 @@
NOT-FOR-US: Newsletter MX
CVE-2006-6786 (Open Newsletter 2.5 and earlier allows remote authenticated ...)
NOT-FOR-US: Open Newsletter
-CVE-2006-6785 (The admin PHP scripts in Open Newsletter 2.5 and earlier do not exit ...)
+CVE-2006-6785 (The (1) settings.php and (2) subscribers.php scripts in Open ...)
NOT-FOR-US: Open Newsletter
CVE-2006-6784 (SQL injection vulnerability in Netbula Anyboard allows remote ...)
NOT-FOR-US: Netbula Anyboard
@@ -2030,10 +2104,9 @@
NOT-FOR-US: libharu
CVE-2006-6145 (CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in ...)
NOT-FOR-US: CRYPTOCard
-CVE-2006-6144
- RESERVED
-CVE-2006-6143 [mit-sa-2006-2: kadmind and rpc library call through function pointer to freed memory]
- RESERVED
+CVE-2006-6144 (The "mechglue" abstraction interface of the GSS-API library for ...)
+ TODO: check
+CVE-2006-6143 (The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through ...)
- krb5 1.4.4-6
CVE-2006-6142 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
{DSA-1241-1}
@@ -2127,16 +2200,13 @@
[sarge] - gdm <not-affected> (Vulnerable code not present)
CVE-2006-6104 (The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in ...)
- mono 1.2.2.1-1 (low)
-CVE-2006-6103 [X.Org Multiple integer overflows in dbe and render extensions]
- RESERVED
+CVE-2006-6103 (Integer overflow in the ProcDbeSwapBuffers function in the DBE ...)
- xorg 2:1.1.1-15
[sarge] - xfree86 <unfixed>
-CVE-2006-6102 [X.Org Multiple integer overflows in dbe and render extensions]
- RESERVED
+CVE-2006-6102 (Integer overflow in the ProcDbeGetVisualInfo function in the DBE ...)
- xorg 2:1.1.1-15
[sarge] - xfree86 <unfixed>
-CVE-2006-6101 [X.Org Multiple integer overflows in dbe and render extensions]
- RESERVED
+CVE-2006-6101 (Integer overflow in the ProcRenderAddGlyphs function in the Render ...)
- xorg 2:1.1.1-15
[sarge] - xfree86 <unfixed>
CVE-2006-6100
@@ -2631,7 +2701,7 @@
CVE-2006-5871 (smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before ...)
{DSA-1237 DSA-1233}
- linux-2.6 <not-affected> (Current Linux versions already implement intended behaviour)
-CVE-2006-5870 (Multiple integer overflows in OpenOffice.org 2.0.4 and earlier, and ...)
+CVE-2006-5870 (Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, ...)
- openoffice.org 2.0.4-1 (medium; bug #405986; bug #405679)
CVE-2006-5869 (pstotext before 1.9 allows user-assisted attackers to execute ...)
{DSA-1220}
@@ -2655,10 +2725,10 @@
RESERVED
CVE-2006-5859
RESERVED
-CVE-2006-5858
- RESERVED
-CVE-2006-5857
- RESERVED
+CVE-2006-5858 (Unspecified vulnerability in ColdFusion MX 7 through 7.0.2 allows ...)
+ TODO: check
+CVE-2006-5857 (Unspecified vulnerability in Adobe Reader and Acrobat 7.0.8 and ...)
+ TODO: check
CVE-2006-5856 (Stack-based buffer overflow in the Adobe Download Manager before 2.2 ...)
NOT-FOR-US: Adobe Download Manager
CVE-2006-5855 (Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 ...)
@@ -3273,8 +3343,8 @@
RESERVED
CVE-2006-5575
RESERVED
-CVE-2006-5574
- RESERVED
+CVE-2006-5574 (Unspecified vulnerability in the Brazilian Portuguese Grammar Checker ...)
+ TODO: check
CVE-2006-5573
RESERVED
CVE-2006-5572
@@ -8142,8 +8212,8 @@
NOT-FOR-US: Microsoft
CVE-2006-3433
RESERVED
-CVE-2006-3432
- RESERVED
+CVE-2006-3432 (Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, ...)
+ TODO: check
CVE-2006-3431 (Buffer overflow in certain Asian language versions of Microsoft Excel ...)
NOT-FOR-US: Microsoft Excel
CVE-2006-3430 (SQL injection vulnerability in checkprofile.asp in (1) PatchLink ...)
@@ -13237,8 +13307,8 @@
RESERVED
CVE-2006-1306 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...)
NOT-FOR-US: Microsoft
-CVE-2006-1305
- RESERVED
+CVE-2006-1305 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers ...)
+ TODO: check
CVE-2006-1304 (Buffer overflow in Microsoft Excel 2000 through 2003 allows ...)
NOT-FOR-US: Microsoft
CVE-2006-1303 (Multiple unspecified vulnerabilities in Microsoft Internet Explorer ...)
@@ -30213,9 +30283,9 @@
NOT-FOR-US: Chat Anywhere
CVE-2005-0521 (SendLink 1.5 stores sensitive information, possibly including ...)
NOT-FOR-US: SendLink
-CVE-2005-0520 (ArGoSoft before 1.4.2.8 allows remote attackers to read arbitrary ...)
+CVE-2005-0520 (ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read ...)
NOT-FOR-US: ArGoSoft
-CVE-2005-0519 (ArGoSoft before 1.4.2.7 allows remote attackers to read arbitrary ...)
+CVE-2005-0519 (ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read ...)
NOT-FOR-US: ArGoSoft
CVE-2005-0518 (eXeem 0.21 stores sensitive information such as passwords in plaintext ...)
NOT-FOR-US: eXeem
More information about the Secure-testing-commits
mailing list