[Secure-testing-commits] r5299 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Fri Jan 19 09:14:15 CET 2007
Author: joeyh
Date: 2007-01-19 09:14:12 +0100 (Fri, 19 Jan 2007)
New Revision: 5299
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-18 20:54:37 UTC (rev 5298)
+++ data/CVE/list 2007-01-19 08:14:12 UTC (rev 5299)
@@ -1,3 +1,147 @@
+CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) ...)
+ TODO: check
+CVE-2007-0362 (Cross-site scripting (XSS) vulnerability in the RSS feed component in ...)
+ TODO: check
+CVE-2007-0361 (PHP remote file inclusion vulnerability in mep/frame.php in ...)
+ TODO: check
+CVE-2007-0360 (PHP remote file inclusion vulnerability in lang/index.php in Oreon ...)
+ TODO: check
+CVE-2007-0359 (PHP remote file inclusion vulnerability in frontpage.php in Uberghey ...)
+ TODO: check
+CVE-2007-0358 (Unspecified vulnerability in the FTP server implementation in HP ...)
+ TODO: check
+CVE-2007-0357 (Directory traversal vulnerability in the AVM IGD CTRL Service in ...)
+ TODO: check
+CVE-2007-0356 (The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ...)
+ TODO: check
+CVE-2007-0355 (Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in ...)
+ TODO: check
+CVE-2007-0354 (SQL injection vulnerability in email.php in MGB OpenSource Guestbook ...)
+ TODO: check
+CVE-2007-0353 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) ...)
+ TODO: check
+CVE-2007-0352 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 ...)
+ TODO: check
+CVE-2007-0351 (Microsoft Windows XP and Windows Server 2003 do not properly handle ...)
+ TODO: check
+CVE-2007-0350 (Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php ...)
+ TODO: check
+CVE-2007-0349 (Directory traversal vulnerability in upgrade.php in nicecoder.com ...)
+ TODO: check
+CVE-2007-0348
+ RESERVED
+CVE-2007-0347
+ RESERVED
+CVE-2007-0346 (SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows ...)
+ TODO: check
+CVE-2007-0345 (The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain ...)
+ TODO: check
+CVE-2007-0344 (Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) ...)
+ TODO: check
+CVE-2007-0343 (OpenBSD before 20070116 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2007-0342 (WebCore in Apple WebKit build 18794 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2007-0341 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and ...)
+ TODO: check
+CVE-2007-0340 (SQL injection vulnerability in inc/header.inc.php in ThWboard ...)
+ TODO: check
+CVE-2007-0339 (SQL injection vulnerability in index.php (aka the login form) in ...)
+ TODO: check
+CVE-2007-0338 (Heap-based buffer overflow in Dream FTP Server allows remote attackers ...)
+ TODO: check
+CVE-2007-0337 (Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and ...)
+ TODO: check
+CVE-2007-0336 (Undercover.app/Contents/Resources/uc in Rixstep Undercover allows ...)
+ TODO: check
+CVE-2007-0335 (Multiple directory traversal vulnerabilities in Jax Petition Book ...)
+ TODO: check
+CVE-2007-0334 (Unspecified vulnerability in the SIP module in InGate Firewall and ...)
+ TODO: check
+CVE-2007-0333 (Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access ...)
+ TODO: check
+CVE-2007-0332 ((1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques ...)
+ TODO: check
+CVE-2007-0331 (Cross-site scripting (XSS) vulnerability in liens.php3 in ...)
+ TODO: check
+CVE-2007-0330 (Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch ...)
+ TODO: check
+CVE-2007-0329 (download.php in Joonas Viljanen JV2 Folder Gallery allows remote ...)
+ TODO: check
+CVE-2007-0328
+ RESERVED
+CVE-2007-0327
+ RESERVED
+CVE-2007-0326
+ RESERVED
+CVE-2007-0325
+ RESERVED
+CVE-2007-0324
+ RESERVED
+CVE-2007-0323
+ RESERVED
+CVE-2007-0322
+ RESERVED
+CVE-2007-0321
+ RESERVED
+CVE-2007-0320
+ RESERVED
+CVE-2007-0319
+ RESERVED
+CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows ...)
+ TODO: check
+CVE-2007-0317 (Format string vulnerability in the LogMessage function in FileZilla ...)
+ TODO: check
+CVE-2007-0316 (Multiple SQL injection vulnerabilities in All In One Control Panel ...)
+ TODO: check
+CVE-2007-0315 (Multiple buffer overflows in FileZilla before 2.2.30a allow remote ...)
+ TODO: check
+CVE-2007-0314 (Multiple PHP remote file inclusion vulnerabilities in Article System ...)
+ TODO: check
+CVE-2007-0313 (Unspecified vulnerability in GONICUS System Administration (GOsa) ...)
+ TODO: check
+CVE-2007-0312 (wcSimple Poll stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2007-0311 (Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier ...)
+ TODO: check
+CVE-2007-0310 (BMC Remedy Action Request System 5.01.02 Patch 1267 generates ...)
+ TODO: check
+CVE-2007-0309 (SQL injection vulnerability in blocks/block-Old_Articles.php in ...)
+ TODO: check
+CVE-2007-0308 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before ...)
+ TODO: check
+CVE-2007-0307 (PHP remote file inclusion vulnerability in include/common.php in ...)
+ TODO: check
+CVE-2007-0306 (SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate ...)
+ TODO: check
+CVE-2007-0305 (SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon ...)
+ TODO: check
+CVE-2007-0304 (SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 ...)
+ TODO: check
+CVE-2007-0303 (Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have ...)
+ TODO: check
+CVE-2007-0302 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP ...)
+ TODO: check
+CVE-2007-0301 (PHP remote file inclusion vulnerability in _admin/admin_menu.php in ...)
+ TODO: check
+CVE-2007-0300 (PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS ...)
+ TODO: check
+CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in ...)
+ TODO: check
+CVE-2007-0298 (PHP remote file inclusion vulnerability in show.php in LunarPoll, when ...)
+ TODO: check
+CVE-2006-6944 (phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny ...)
+ TODO: check
+CVE-2006-6943 (hpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full ...)
+ TODO: check
+CVE-2006-6942 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin ...)
+ TODO: check
+CVE-2006-6941 (index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2006-6940 (Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP ...)
+ TODO: check
+CVE-2003-1318 (Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial ...)
+ TODO: check
CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...)
NOT-FOR-US: Oracle
CVE-2007-0296 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...)
@@ -78,7 +222,7 @@
NOT-FOR-US: Ezboxx Portal
CVE-2007-0258 (Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo ...)
NOT-FOR-US: Fastilo
-CVE-2007-0257 (Unspecified vulnerability in the expand_stack function in grsecurity ...)
+CVE-2007-0257 (** DISPUTED ** ...)
- kernel-patch-grsecurity2 <unfixed> (unimportant; bug #407350)
NOTE: This is most possibly scam: http://www.grsecurity.net/news.php#digitalfud
NOTE: If this ever turns real we can re-raise severity.
@@ -91,7 +235,7 @@
NOTE: My understanding is that this CVE is bogus.
NOTE: I failed to see where the format string vulnerability is, I have report
NOTE: a bug in case I have missed something.
-CVE-2007-0253 (Unspecified vulnerability in the grsecurity patch has unspecified ...)
+CVE-2007-0253 (** DISPUTED ** ...)
- kernel-patch-grsecurity2 <unfixed> (unimportant; bug #407350)
NOTE: See CVE-2007-0257
CVE-2007-0252 (Unspecified vulnerability in easy-content filemanager allows remote ...)
@@ -111,8 +255,8 @@
RESERVED
CVE-2007-0244
RESERVED
-CVE-2007-0243
- RESERVED
+CVE-2007-0243 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 ...)
+ TODO: check
CVE-2007-0242
RESERVED
CVE-2007-0241
@@ -130,7 +274,8 @@
CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s function in ...)
- libgtop2 2.14.4-3 (medium; bug #407020)
NOTE: libgtop does not contain the affected code.
-CVE-2007-0234 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 ...)
+CVE-2007-0234
+ REJECTED
- sun-java5 1.5.0-10-1
CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly ...)
TODO: check
@@ -1721,13 +1866,13 @@
- openldap2.3 <not-affected> (kerberos support not enabled)
- openldap2 <not-affected> (kerberos support not enabled)
CVE-2006-6492
- RESERVED
+ REJECTED
CVE-2006-6491
- RESERVED
+ REJECTED
CVE-2006-6490
RESERVED
-CVE-2006-6489
- RESERVED
+CVE-2006-6489 (The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for ...)
+ TODO: check
CVE-2006-6488 (Stack-based buffer overflow in the DoModal function in the Dialog Wrapper ...)
NOT-FOR-US: ICONICS
CVE-2006-6487 (Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook ...)
@@ -2856,10 +3001,10 @@
NOT-FOR-US: Panda ActiveScan
CVE-2006-5965 (PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure ...)
NOT-FOR-US: PassGo SSO Plus
-CVE-2006-5964
- RESERVED
-CVE-2006-5963
- RESERVED
+CVE-2006-5964 (choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows local ...)
+ TODO: check
+CVE-2006-5963 (Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO ...)
+ TODO: check
CVE-2006-5962 (Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow ...)
NOT-FOR-US: Hpecs Shopping Cart
CVE-2006-5961 (Buffer overflow in Mercury Mail Transport System 4.01b for Windows has ...)
@@ -10745,7 +10890,7 @@
NOT-FOR-US: IceWarp
CVE-2006-2483 (PHP remote file inclusion vulnerability in cart_content.php in ...)
NOT-FOR-US: Squirrelcart
-CVE-2006-2482 (Heap-based buffer overflow in ZipTV for Delphi 7 2006.1.26 and for C++ ...)
+CVE-2006-2482 (Heap-based buffer overflow in the TZipTV component in (1) ZipTV for ...)
NOT-FOR-US: ZipTV
CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 ...)
NOT-FOR-US: VMware ESX
More information about the Secure-testing-commits
mailing list