[Secure-testing-commits] r5385 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Jan 30 09:14:11 CET 2007
Author: joeyh
Date: 2007-01-30 09:14:08 +0100 (Tue, 30 Jan 2007)
New Revision: 5385
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-30 01:11:38 UTC (rev 5384)
+++ data/CVE/list 2007-01-30 08:14:08 UTC (rev 5385)
@@ -1,14 +1,212 @@
-CVE-2007-0508 [bbclone remote file inclusion vulnerability]
+CVE-2007-0557 (rMake before 1.0.4 drops root privileges in a way that retains the ...)
+ TODO: check
+CVE-2007-0556
+ RESERVED
+CVE-2007-0555
+ RESERVED
+CVE-2007-0554 (SQL injection vulnerability in print.asp in Guo Xu Guos Posting System ...)
+ TODO: check
+CVE-2007-0553 (Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php ...)
+ TODO: check
+CVE-2007-0552 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2007-0551 (Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php ...)
+ TODO: check
+CVE-2007-0550 (Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard ...)
+ TODO: check
+CVE-2007-0549 (Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard ...)
+ TODO: check
+CVE-2007-0548 (KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2007-0547 (Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and ...)
+ TODO: check
+CVE-2007-0546 (Toxiclab Shoutbox 1 stores sensitive information under the web root ...)
+ TODO: check
+CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the web root ...)
+ TODO: check
+CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka ...)
+ TODO: check
+CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under the web ...)
+ TODO: check
+CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe ...)
+ TODO: check
+CVE-2007-0541 (WordPress allows remote attackers to determine the existence of ...)
+ TODO: check
+CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2007-0539 (WordPress before 2.1 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2007-0537 (Konqueror 3.5.5 does not properly parse HTML comments, which allows ...)
+ TODO: check
+CVE-2007-0536 (The chroot helper in rMake for rPath Linux 1 does not drop ...)
+ TODO: check
+CVE-2007-0535 (Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly ...)
+ TODO: check
+CVE-2007-0534 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project ...)
+ TODO: check
+CVE-2007-0533 (The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and ...)
+ TODO: check
+CVE-2007-0532 (Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive ...)
+ TODO: check
+CVE-2007-0531 (PHP remote file inclusion vulnerability in includes/login.php in ...)
+ TODO: check
+CVE-2007-0530 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-0529 (Cross-site scripting (XSS) vulnerability in index.html (aka the ...)
+ TODO: check
+CVE-2007-0528 (The admin web console implemented by the Centrality Communications ...)
+ TODO: check
+CVE-2007-0527 (SQL injection vulnerability in class.login.php in Website Baker 2.6.5 ...)
+ TODO: check
+CVE-2007-0526 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 ...)
+ TODO: check
+CVE-2007-0525 (Multiple buffer overflows in Nickolas Grigoriadis Mini Web server ...)
+ TODO: check
+CVE-2007-0524 (The LG Chocolate KG800 phone allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2007-0523 (The Nokia N70 phone allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2007-0522 (The Motorola MOTORAZR V3 phone allows remote attackers to cause a ...)
+ TODO: check
+CVE-2007-0521 (The Sony Ericsson K700i and W810i phones allow remote attackers to ...)
+ TODO: check
+CVE-2007-0520 (SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x ...)
+ TODO: check
+CVE-2007-0519 (Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U ...)
+ TODO: check
+CVE-2007-0518 (Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive ...)
+ TODO: check
+CVE-2007-0517 (Scriptsez Random PHP Quote 1.0 stores sensitive information under the ...)
+ TODO: check
+CVE-2007-0516 (Yana Framework before 2.8.5a allows remote authenticated users with ...)
+ TODO: check
+CVE-2007-0515 (Unspecified vulnerability in Microsoft Word allows user-assisted ...)
+ TODO: check
+CVE-2007-0514 (Multiple cross-site scripting (XSS) vulnerabilities in multiple ...)
+ TODO: check
+CVE-2007-0513 (Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and ...)
+ TODO: check
+CVE-2007-0512 (Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and ...)
+ TODO: check
+CVE-2007-0511 (Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM ...)
+ TODO: check
+CVE-2007-0510 (Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) ...)
+ TODO: check
+CVE-2007-0509 (Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have ...)
+ TODO: check
+CVE-2007-0507 (SQL injection vulnerability in the Acidfree module for Drupal before ...)
+ TODO: check
+CVE-2007-0506 (The project_issue_access function in the Project issue tracking 4.7.0 ...)
+ TODO: check
+CVE-2007-0505 (Unrestricted file upload vulnerability in the Project issue tracking ...)
+ TODO: check
+CVE-2007-0504 (Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and ...)
+ TODO: check
+CVE-2007-0503 (Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 ...)
+ TODO: check
+CVE-2007-0502 (SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows ...)
+ TODO: check
+CVE-2007-0501 (PHP remote file inclusion vulnerability in index.php in Mafia Scum ...)
+ TODO: check
+CVE-2007-0500 (PHP remote file inclusion vulnerability in include/includes.php in ...)
+ TODO: check
+CVE-2007-0499 (PHP remote file inclusion vulnerability in config.php in Sangwan Kim ...)
+ TODO: check
+CVE-2007-0498 (PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta ...)
+ TODO: check
+CVE-2007-0497 (PHP remote file inclusion vulnerability in upload/top.php in ...)
+ TODO: check
+CVE-2007-0496 (PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs ...)
+ TODO: check
+CVE-2007-0495 (PHP remote file inclusion vulnerability in include/config.inc.php in ...)
+ TODO: check
+CVE-2007-0492 (Multiple SQL injection vulnerabilities in gallery.php in webSPELL ...)
+ TODO: check
+CVE-2007-0491 (PHP remote file inclusion vulnerability in up.php in Sky GUNNING ...)
+ TODO: check
+CVE-2007-0490 (index.php in Open-Realty 2.3.4 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2007-0489 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-0488 (The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the ...)
+ TODO: check
+CVE-2007-0487 (PHP remote file inclusion vulnerability in index.php in FreeForum ...)
+ TODO: check
+CVE-2007-0486 (Multiple PHP remote file inclusion vulnerabilities in Openads (aka ...)
+ TODO: check
+CVE-2007-0485 (PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 ...)
+ TODO: check
+CVE-2007-0484 (Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote ...)
+ TODO: check
+CVE-2007-0483 (Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 ...)
+ TODO: check
+CVE-2007-0482 (cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 ...)
+ TODO: check
+CVE-2007-0481 (Cisco IOS allows remote attackers to cause a denial of service (crash) ...)
+ TODO: check
+CVE-2007-0480 (Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x ...)
+ TODO: check
+CVE-2007-0479 (Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x ...)
+ TODO: check
+CVE-2007-0478 (Apple Safari does not properly parse HTML comments, which allows ...)
+ TODO: check
+CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads before 2.3.31 (aka ...)
+ TODO: check
+CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, ...)
+ TODO: check
+CVE-2007-0475
+ RESERVED
+CVE-2007-0474
+ RESERVED
+CVE-2007-0473
+ RESERVED
+CVE-2007-0472
+ RESERVED
+CVE-2006-6965 (CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki ...)
+ TODO: check
+CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user password ...)
+ TODO: check
+CVE-2006-6963 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 ...)
+ TODO: check
+CVE-2006-6962 (PHP remote file inclusion vulnerability in rsgallery2.html.php in the ...)
+ TODO: check
+CVE-2006-6961 (WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on ...)
+ TODO: check
+CVE-2006-6960 (The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier ...)
+ TODO: check
+CVE-2006-6959 (WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the ...)
+ TODO: check
+CVE-2006-6958 (Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon ...)
+ TODO: check
+CVE-2006-6957 (PHP remote file inclusion vulnerability in addons/mod_media/body.php ...)
+ TODO: check
+CVE-2006-6956 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2006-6955 (Opera allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2006-6954 (Flock beta 1 0.7 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2006-6953 (The virtual keyboard implementation in GlobeTrotter Mobility Manager ...)
+ TODO: check
+CVE-2006-6952 (Computer Associates Host Intrusion Prevention System (HIPS) drivers ...)
+ TODO: check
+CVE-2005-4825 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager ...)
+ TODO: check
+CVE-2004-2676 (The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy ...)
+ TODO: check
+CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php in ...)
- bbclone <unfixed> (bug #408839; medium)
CVE-2007-XXXX [hinfo code injection]
- hinfo 1.02-3.1 (bug #402316)
CVE-2007-XXXX [unsafe alloca() call in chmlib]
- chmlib 2:0.39-1 (bug #408603; medium)
-CVE-2007-0494 [bind DoS]
+CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 ...)
{DSA-1254-1}
- bind9 1:9.3.4-1
- bind <not-affected>
-CVE-2007-0493 [bind DoS]
+CVE-2007-0493 (Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to ...)
- bind9 1:9.3.4-1
- bind <not-affected>
CVE-2007-XXXX [gstreamer ffmpeg missing checks of packet sizes, chunk sizes, and fragment positions]
@@ -32,13 +230,13 @@
RESERVED
CVE-2007-0464
RESERVED
-CVE-2007-0463
- RESERVED
-CVE-2007-0462
- RESERVED
+CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X ...)
+ TODO: check
+CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by ...)
+ TODO: check
CVE-2007-0461 (Multiple memory leaks in the Dazuko anti-virus helper module before ...)
- dazuko-source <unfixed> (bug #408300)
-CVE-2007-0460 (Buffer overflow in ulogd for SUSE Linux 9.3 up to 10.1, and possibly ...)
+CVE-2007-0460 (Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and ...)
TODO: check if ulogd is vulnerable in Debian.
CVE-2007-0459 [wireshark TCP dissector infinite loop DoS]
RESERVED
@@ -79,8 +277,8 @@
RESERVED
CVE-2007-0445
RESERVED
-CVE-2007-0444
- RESERVED
+CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) ...)
+ TODO: check
CVE-2007-0443
RESERVED
CVE-2007-0442 (Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown ...)
@@ -173,7 +371,7 @@
NOT-FOR-US: Easebay Resources
CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
NOT-FOR-US: Simple Machines Forum
-CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in MisterSP ...)
+CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in ...)
NOT-FOR-US: MisterSPa-forum
CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog ...)
NOT-FOR-US: Odysseus Blog
@@ -306,8 +504,8 @@
NOT-FOR-US: INDEXU
CVE-2007-0348
RESERVED
-CVE-2007-0347
- RESERVED
+CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not ...)
+ TODO: check
CVE-2007-0346 (SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows ...)
NOT-FOR-US: FileMailer
CVE-2007-0345 (The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain ...)
@@ -1222,8 +1420,8 @@
NOT-FOR-US: Panic Transmit
CVE-2007-0019 (Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and ...)
NOT-FOR-US: Maxum Rumpus
-CVE-2007-0018
- RESERVED
+CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control ...)
+ TODO: check
CVE-2007-0017 (Multiple format string vulnerabilities in (1) the cdio_log_handler ...)
{DSA-1252-1}
- vlc 0.8.6-svn20061012.debian-1.2 (bug #405425; medium)
@@ -1685,8 +1883,7 @@
- chetcpasswd <removed> (medium)
CVE-2002-2219 (chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows ...)
- chetcpasswd <removed> (low)
-CVE-2007-0010 [gtk error-handling-in-pixbuf-loaders]
- RESERVED
+CVE-2007-0010 (The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) ...)
- gtk+2.0 2.8.20-5
TODO: check gdk-pixbuf
CVE-2007-0009
@@ -17144,7 +17341,7 @@
CVE-2005-4633
REJECTED
NOT-FOR-US: phpoutsourcing Zorum Forum
-CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote!Pro 4.0 and ...)
+CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and ...)
NOT-FOR-US: Vote!Pro
CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and earlier ...)
NOT-FOR-US: Zina
More information about the Secure-testing-commits
mailing list