[Secure-testing-commits] r6133 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Jul 11 09:14:10 UTC 2007
Author: joeyh
Date: 2007-07-11 09:14:09 +0000 (Wed, 11 Jul 2007)
New Revision: 6133
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-07-11 02:43:36 UTC (rev 6132)
+++ data/CVE/list 2007-07-11 09:14:09 UTC (rev 6133)
@@ -1,3 +1,367 @@
+CVE-2007-3676
+ RESERVED
+CVE-2007-3675
+ RESERVED
+CVE-2007-3674
+ RESERVED
+CVE-2007-3673
+ RESERVED
+CVE-2007-3672 (Cross-site scripting (XSS) vulnerability in ecrire/tools.php in ...)
+ TODO: check
+CVE-2007-3671 (Unspecified vulnerability in the kernel in Microsoft Windows Vista has ...)
+ TODO: check
+CVE-2007-3670 (Argument injection vulnerability in Microsoft Internet Explorer, when ...)
+ TODO: check
+CVE-2007-3669 (Multiple unspecified vulnerabilities in the Innovasys DockStudioXP ...)
+ TODO: check
+CVE-2007-3668 (Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia ...)
+ TODO: check
+CVE-2007-3667 (Unspecified vulnerability in EXCLEXPT.DLL in ActiveReportsExcelReport ...)
+ TODO: check
+CVE-2007-3666 (Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 ...)
+ TODO: check
+CVE-2007-3665 (Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec ...)
+ TODO: check
+CVE-2007-3664 (Multiple unspecified vulnerabilities in Eltima Software RunService ...)
+ TODO: check
+CVE-2007-3663 (Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows ...)
+ TODO: check
+CVE-2007-3662 (Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote ...)
+ TODO: check
+CVE-2007-3661 (Eltima Software Virtual Serial Port (VSPAX) ActiveX control ...)
+ TODO: check
+CVE-2007-3660 (The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows ...)
+ TODO: check
+CVE-2007-3659 (Buffer overflow in the doBrowserAction function in FreeWRL 1.19.3 ...)
+ TODO: check
+CVE-2007-3658 (Unspecified vulnerability in Microsoft Register Server (REGSVR) allows ...)
+ TODO: check
+CVE-2007-3657 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not ...)
+ TODO: check
+CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE ...)
+ TODO: check
+CVE-2007-3654
+ RESERVED
+CVE-2007-3653
+ RESERVED
+CVE-2007-3652
+ RESERVED
+CVE-2007-3651
+ RESERVED
+CVE-2007-3650
+ RESERVED
+CVE-2007-3649 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
+ TODO: check
+CVE-2007-3648 (SQL injection vulnerability in Webmatic before 2.6.2, and possibly ...)
+ TODO: check
+CVE-2007-3647 (The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and ...)
+ TODO: check
+CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7 and ...)
+ TODO: check
+CVE-2007-3645
+ RESERVED
+CVE-2007-3644
+ RESERVED
+CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative privileges ...)
+ TODO: check
+CVE-2007-3642 (The decode_choice function in net/netfilter/bf_conntrack_h323_asn1.c ...)
+ TODO: check
+CVE-2007-3641
+ RESERVED
+CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent ...)
+ TODO: check
+CVE-2007-3639 (WordPress before 2.2.2 allows remote attackers to redirect visitors to ...)
+ TODO: check
+CVE-2007-3638 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote ...)
+ TODO: check
+CVE-2007-3637 (SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers ...)
+ TODO: check
+CVE-2007-3636 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for ...)
+ TODO: check
+CVE-2007-3635 (Unspecified vulnerability in the G/PGP (GPG) Plugin before 2.1 for ...)
+ TODO: check
+CVE-2007-3634 (Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for ...)
+ TODO: check
+CVE-2007-3633 (Absolute path traversal vulnerability in the Chilkat Software Chilkat ...)
+ TODO: check
+CVE-2007-3632 (Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka ...)
+ TODO: check
+CVE-2007-3631 (SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 ...)
+ TODO: check
+CVE-2007-3630 (changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require ...)
+ TODO: check
+CVE-2007-3629 (SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 ...)
+ TODO: check
+CVE-2007-3628 (Unspecified vulnerability in the fetch function in MDB2.php in PEAR ...)
+ TODO: check
+CVE-2007-3627 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express ...)
+ TODO: check
+CVE-2007-3626 (Unspecified vulnerability in the ADM daemon in Hitachi TPBroker before ...)
+ TODO: check
+CVE-2007-3625 (The Program Neighborhood Agent in Citrix Presentation Server Clients ...)
+ TODO: check
+CVE-2007-3624 (Heap-based buffer overflow in the Message HTTP Server in SAP Message ...)
+ TODO: check
+CVE-2007-3623 (Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand ...)
+ TODO: check
+CVE-2007-3622 (Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon ...)
+ TODO: check
+CVE-2007-3621 (Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex ...)
+ TODO: check
+CVE-2007-3620 (Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 ...)
+ TODO: check
+CVE-2007-3619 (Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 ...)
+ TODO: check
+CVE-2007-3618
+ RESERVED
+CVE-2007-3617 (The report module in vtiger CRM before 5.0.3 does not properly apply ...)
+ TODO: check
+CVE-2007-3616 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...)
+ TODO: check
+CVE-2007-3615 (Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver ...)
+ TODO: check
+CVE-2007-3614 (Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB ...)
+ TODO: check
+CVE-2007-3613 (Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP ...)
+ TODO: check
+CVE-2007-3612 (Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC ...)
+ TODO: check
+CVE-2007-3611 (admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not ...)
+ TODO: check
+CVE-2007-3610 (SQL injection vulnerability in categories_type.php in phpVID 0.9.9 ...)
+ TODO: check
+CVE-2007-3609 (Multiple SQL injection vulnerabilities in eMeeting Online Dating ...)
+ TODO: check
+CVE-2007-3608 (Multiple unspecified vulnerabilities in ActiveX controls in the ...)
+ TODO: check
+CVE-2007-3607 (Multiple unspecified vulnerabilities in ActiveX controls in the ...)
+ TODO: check
+CVE-2007-3606 (Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX ...)
+ TODO: check
+CVE-2007-3605 (Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX ...)
+ TODO: check
+CVE-2007-3604 (vtiger CRM before 5.0.3 allows remote authenticated users with access ...)
+ TODO: check
+CVE-2007-3603 (SQL injection vulnerability in the dashboard ...)
+ TODO: check
+CVE-2007-3602 (The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that ...)
+ TODO: check
+CVE-2007-3601 (vtiger CRM before 5.0.3, when a migrated build is used, allows remote ...)
+ TODO: check
+CVE-2007-3600 (WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 ...)
+ TODO: check
+CVE-2007-3599 (vtiger CRM before 5.0.3 allows remote authenticated users to import ...)
+ TODO: check
+CVE-2007-3598 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...)
+ TODO: check
+CVE-2007-3597 (Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows ...)
+ TODO: check
+CVE-2007-3596 (inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric ...)
+ TODO: check
+CVE-2007-3595 (SQL injection vulnerability in include/get_userdata.php in ...)
+ TODO: check
+CVE-2007-3594 (Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ...)
+ TODO: check
+CVE-2007-3593 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
+ TODO: check
+CVE-2007-3592 (PM.php in Elite Bulletin Board before 1.0.10 allows remote ...)
+ TODO: check
+CVE-2007-3591 (Unspecified vulnerability in Profile.php in Elite Bulletin Board ...)
+ TODO: check
+CVE-2007-3590 (Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB ...)
+ TODO: check
+CVE-2007-3589 (Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote ...)
+ TODO: check
+CVE-2007-3588 (SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote ...)
+ TODO: check
+CVE-2007-3587 (MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via ...)
+ TODO: check
+CVE-2007-3586 (Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 ...)
+ TODO: check
+CVE-2007-3585 (PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 ...)
+ TODO: check
+CVE-2007-3584 (SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and ...)
+ TODO: check
+CVE-2007-3583 (SQL injection vulnerability in details_news.php in Girlserv ads 1.5 ...)
+ TODO: check
+CVE-2007-3582 (SQL injection vulnerability in index.php in SuperCali PHP Event ...)
+ TODO: check
+CVE-2007-3581 (The Jedox Palo 1.5 client transmits the password in cleartext, which ...)
+ TODO: check
+CVE-2007-3580 (PHPIDS does not properly handle certain code containing newlines, as ...)
+ TODO: check
+CVE-2007-3579 (PHPIDS before 20070703 does not properly handle setting the .text ...)
+ TODO: check
+CVE-2007-3578 (PHPIDS before 20070703 does not properly handle (1) arithmetic ...)
+ TODO: check
+CVE-2007-3577 (PHPIDS before 20070703 does not properly handle use of the substr ...)
+ TODO: check
+CVE-2007-3576 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-3575 (SQL injection vulnerability in includes/functions in FreeDomain.co.nr ...)
+ TODO: check
+CVE-2007-3574 (Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on ...)
+ TODO: check
+CVE-2007-3573 (Multiple SQL injection vulnerabilities in akocomment allow remote ...)
+ TODO: check
+CVE-2007-3572 (Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in ...)
+ TODO: check
+CVE-2007-3571 (The Apache Web Server as used in Novell NetWare 6.5 and GroupWise ...)
+ TODO: check
+CVE-2007-3570 (The Linux Access Gateway in Novell Access Manager before 3.0 SP1 ...)
+ TODO: check
+CVE-2007-3569 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library ...)
+ TODO: check
+CVE-2007-3568 (The _LoadBMP function in imlib 1.9.15 and earlier allows ...)
+ TODO: check
+CVE-2007-3567 (MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in ...)
+ TODO: check
+CVE-2007-3566
+ RESERVED
+CVE-2007-3565
+ RESERVED
+CVE-2007-3564
+ RESERVED
+CVE-2007-3563 (SQL injection vulnerability in includes/view_page.php in AV Arcade ...)
+ TODO: check
+CVE-2007-3562 (SQL injection vulnerability in videos.php in PHP Director 0.21 and ...)
+ TODO: check
+CVE-2007-3561 (Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 ...)
+ TODO: check
+CVE-2007-3560 (Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have ...)
+ TODO: check
+CVE-2007-3559 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2007-3558 (SQL injection vulnerability in Coppermine Photo Gallery (CPG) before ...)
+ TODO: check
+CVE-2007-3557 (SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, ...)
+ TODO: check
+CVE-2007-3556 (Liesbeth base CMS stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2007-3555 (Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 ...)
+ TODO: check
+CVE-2007-3554 (Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control ...)
+ TODO: check
+CVE-2007-3553 (Cross-site scripting (XSS) vulnerability in Rapid Install Web Server ...)
+ TODO: check
+CVE-2007-3552 (Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote ...)
+ TODO: check
+CVE-2007-3551 (Buffer overflow in bbs100 before 3.2 allows remote attackers to cause ...)
+ TODO: check
+CVE-2007-3550 (Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to ...)
+ TODO: check
+CVE-2007-3549 (SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 ...)
+ TODO: check
+CVE-2007-3548 (Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers ...)
+ TODO: check
+CVE-2007-3547 (Directory traversal vulnerability in qti_checkname.php in QuickTicket ...)
+ TODO: check
+CVE-2007-3546 (Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus ...)
+ TODO: check
+CVE-2007-3545 (Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows ...)
+ TODO: check
+CVE-2007-3544 (Unrestricted file upload vulnerability in (1) wp-app.php and (2) ...)
+ TODO: check
+CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1 and ...)
+ TODO: check
+CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml ...)
+ TODO: check
+CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 ...)
+ TODO: check
+CVE-2007-3540 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in ...)
+ TODO: check
+CVE-2007-3539 (Multiple SQL injection vulnerabilities in QuickTicket 1.2 ...)
+ TODO: check
+CVE-2007-3538 (SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook ...)
+ TODO: check
+CVE-2007-3537 (IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends ...)
+ TODO: check
+CVE-2007-3536 (Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX ...)
+ TODO: check
+CVE-2007-3535 (Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 ...)
+ TODO: check
+CVE-2007-3534 (SQL injection vulnerability in login.php in WebChat 0.78 allows remote ...)
+ TODO: check
+CVE-2007-3533 (The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote ...)
+ TODO: check
+CVE-2007-3532
+ RESERVED
+CVE-2007-3531
+ RESERVED
+CVE-2007-3530 (PHPDirector 0.21 and earlier stores the admin account name and ...)
+ TODO: check
+CVE-2007-3529 (videos.php in PHPDirector 0.21 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2007-3528 (The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC ...)
+ TODO: check
+CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated users ...)
+ TODO: check
+CVE-2007-3526 (Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier ...)
+ TODO: check
+CVE-2007-3525 (Ripe Website Manager 0.8.9 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2007-3524 (Multiple PHP remote file inclusion vulnerabilities in Ripe Website ...)
+ TODO: check
+CVE-2007-3523 (Multiple directory traversal vulnerabilities in Module/Galerie.php in ...)
+ TODO: check
+CVE-2007-3522 (Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 ...)
+ TODO: check
+CVE-2007-3521 (SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 ...)
+ TODO: check
+CVE-2007-3520 (SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store ...)
+ TODO: check
+CVE-2007-3519 (SQL injection vulnerability in eventdisplay.php in phpEventCalendar ...)
+ TODO: check
+CVE-2007-3518 (SQL injection vulnerability in msg.php in HispaH YouTube Clone Script ...)
+ TODO: check
+CVE-2007-3517 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 ...)
+ TODO: check
+CVE-2007-3516 (Multiple cross-site scripting (XSS) vulnerabilities in kayit.asp in ...)
+ TODO: check
+CVE-2007-3515 (SQL injection vulnerability in view_event.php in TotalCalendar 2.402 ...)
+ TODO: check
+CVE-2006-7220 (Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote ...)
+ TODO: check
+CVE-2006-7219 (eZ publish before 3.8.5 does not properly enforce permissions for ...)
+ TODO: check
+CVE-2006-7218 (eZ publish before 3.8.1 does not properly enforce permissions for ...)
+ TODO: check
+CVE-2006-7217 (Apache Derby before 10.2.1.6 does not determine schema privilege ...)
+ TODO: check
+CVE-2006-7216 (Apache Derby before 10.2.1.6 does not determine privilege requirements ...)
+ TODO: check
+CVE-2006-7215 (The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop ...)
+ TODO: check
+CVE-2005-4859 (mimicboard2 (Mimic2) 086 and earlier stores sensitive information ...)
+ TODO: check
+CVE-2005-4858 (Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in ...)
+ TODO: check
+CVE-2005-4857 (eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and ...)
+ TODO: check
+CVE-2005-4856 (The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, ...)
+ TODO: check
+CVE-2005-4855 (Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, ...)
+ TODO: check
+CVE-2005-4854 (eZ publish 3.5 through 3.7 before 20050830 does not use a folder's ...)
+ TODO: check
+CVE-2005-4853 (The default configuration of the forum package in eZ publish 3.5 ...)
+ TODO: check
+CVE-2005-4852 (The siteaccess URIMatching implementation in eZ publish 3.5 through ...)
+ TODO: check
+CVE-2005-4851 (eZ publish 3.4.4 through 3.7 before 20050722 applies certain ...)
+ TODO: check
+CVE-2005-4850 (eZ publish 3.5 through 3.7 before 20050608 requires both edit and ...)
+ TODO: check
+CVE-2005-4849 (Apache Derby before 10.1.2.1 exposes the (1) user and (2) password ...)
+ TODO: check
+CVE-2004-2682 (PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which ...)
+ TODO: check
+CVE-2004-2681 (PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely ...)
+ TODO: check
+CVE-1999-1591 (Microsoft Internet Information Services (IIS) server 4.0 SP4, without ...)
+ TODO: check
CVE-2007-XXXX [silc-toolkit several buffer overflows]
- silc-toolkit 1.1.2-1
NOTE: http://silcnet.org/docs/changelog/SILC Toolkit 1.1.2
@@ -17,8 +381,7 @@
RESERVED
CVE-2007-3509
RESERVED
-CVE-2007-3508 [glibc hwcaps integer overflow]
- RESERVED
+CVE-2007-3508 (** DISPUTED ** ...)
- glibc 2.6-2 (unimportant; bug #431858)
NOTE: Not security-relevant
CVE-2007-3507 (Stack-based buffer overflow in the local__vcentry_parse_value function ...)
@@ -67,19 +430,19 @@
NOT-FOR-US: Check Point VPN-1 Edge X
CVE-2007-3488 (Heap-based buffer overflow in the viewer ActiveX control in Sony ...)
NOT-FOR-US: Sony Network Camera SNC-P5 1.0
-CVE-2007-3487 (Absolute directory traversal in a certain ActiveX control in ...)
+CVE-2007-3487 (Absolute path traversal in a certain ActiveX control in hpqxml.dll ...)
NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control
CVE-2007-3486 (Cross-site scripting (XSS) vulnerability in AltaVista search engine ...)
NOT-FOR-US: AltaVista
CVE-2007-3485 (Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server ...)
NOT-FOR-US: Yandex.Server
-CVE-2007-3484 (Cross-site scripting (XSS) vulnerability in search.php in Google ...)
+CVE-2007-3484 (** DISPUTED ** ...)
NOT-FOR-US: Google Custom Search Engine
CVE-2007-3483 (Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a ...)
NOT-FOR-US: BlackBerry Enterprise Server
-CVE-2007-3482 (Cross-domain vulnerability in Apple Safari allows remote attackers to ...)
+CVE-2007-3482 (Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows ...)
NOT-FOR-US: Apple Safari
-CVE-2007-3481 (Cross-domain vulnerability in Microsoft Internet Explorer allows ...)
+CVE-2007-3481 (** DISPUTED ** ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3480 (PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to ...)
NOT-FOR-US: PCSoft WinDEV
@@ -262,7 +625,7 @@
NOT-FOR-US: pagetool
CVE-2007-3401 (PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB ...)
NOT-FOR-US: B1GBB
-CVE-2007-3400 (The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157 ...)
+CVE-2007-3400 (The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as ...)
NOT-FOR-US: NCTAudioEditor2 ActiveX control
CVE-2007-3399 (SQL injection vulnerability in include/get_userdata.php in Power ...)
NOT-FOR-US: Power Phlogger
@@ -949,8 +1312,8 @@
NOT-FOR-US: Microsoft FrontPage
CVE-2007-3108
RESERVED
-CVE-2007-3107
- RESERVED
+CVE-2007-3107 (The signal handling in the Linux kernel 2.6.2 and later, when run on ...)
+ TODO: check
CVE-2007-3106
RESERVED
CVE-2007-3105
@@ -1101,8 +1464,8 @@
RESERVED
CVE-2007-3039
RESERVED
-CVE-2007-3038
- RESERVED
+CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64 Edition ...)
+ TODO: check
CVE-2007-3037
RESERVED
CVE-2007-3036
@@ -1117,12 +1480,12 @@
RESERVED
CVE-2007-3031
RESERVED
-CVE-2007-3030
- RESERVED
-CVE-2007-3029
- RESERVED
-CVE-2007-3028
- RESERVED
+CVE-2007-3030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows ...)
+ TODO: check
+CVE-2007-3029 (Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 ...)
+ TODO: check
+CVE-2007-3028 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...)
+ TODO: check
CVE-2007-3027 (Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3026
@@ -1155,10 +1518,10 @@
RESERVED
CVE-2007-3013
RESERVED
-CVE-2007-3012
- RESERVED
-CVE-2007-3011
- RESERVED
+CVE-2007-3012 (The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch ...)
+ TODO: check
+CVE-2007-3011 (The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens ...)
+ TODO: check
CVE-2007-3010
RESERVED
CVE-2007-3009 (Format string vulnerability in the MprLogToFile::logEvent function in ...)
@@ -1298,8 +1661,7 @@
- kvirc <unfixed> (medium)
CVE-2007-2950
RESERVED
-CVE-2007-2949 [heap overflow in GIMP's PSD importer]
- RESERVED
+CVE-2007-2949 (Integer overflow in the seek_to_and_unpack_pixeldata function in the ...)
- gimp 2.2.16-1 (medium)
- ingimp 2.2.16.20070710-1
NOTE: http://secunia.com/secunia_research/2007-63/advisory
@@ -1562,16 +1924,14 @@
RESERVED
CVE-2007-2840
RESERVED
-CVE-2007-2839 [gfax: local users can maniplate root's contrab]
- RESERVED
+CVE-2007-2839 (gfax 0.4.2 and probably other versions creates temporary files ...)
{DSA-1329-1}
- gfax 0.6 (bug #431893; low)
NOTE: Vulnerable code no longer present since 0.6, so marking this as fixed version
CVE-2007-2838 (The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 ...)
{DSA-1327-1}
- gsambad 0.1.6-2 (bug #431331)
-CVE-2007-2837
- RESERVED
+CVE-2007-2837 (The (1) getRule and (2) getChains functions in server/rules.cpp in ...)
{DSA-1326-1}
- fireflier 1.1.7
CVE-2007-2836 (Directory traversal vulnerability in session.rb in Hiki 0.8.0 through ...)
@@ -1748,7 +2108,7 @@
[sarge] - openssh <no-dsa> (Minor issue)
CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) ...)
NOT-FOR-US: OPeNDAP
-CVE-2007-2766 (Backup Manager before 0.7.6 provides the MySQL password as a plaintext ...)
+CVE-2007-2766 (lib/backup-methods.sh in Backup Manager before 0.7.6 provides the ...)
- backup-manager <unfixed> (low)
[sarge] - backup-manager <no-dsa> (Minor issue)
[etch] - backup-manager <no-dsa> (Minor issue)
@@ -4037,12 +4397,12 @@
RESERVED
CVE-2007-1757
RESERVED
-CVE-2007-1756
- RESERVED
+CVE-2007-1756 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office ...)
+ TODO: check
CVE-2007-1755
RESERVED
-CVE-2007-1754
- RESERVED
+CVE-2007-1754 (Microsoft Office Publisher 2007 does not properly clear memory when ...)
+ TODO: check
CVE-2007-1753
RESERVED
CVE-2007-1752
@@ -8729,14 +9089,14 @@
NOTE: and icape 1.0.8-1
CVE-2007-0044 (Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet ...)
NOT-FOR-US: Adobe Acrobat Reader Plugin
-CVE-2007-0043
- RESERVED
-CVE-2007-0042
- RESERVED
-CVE-2007-0041
- RESERVED
-CVE-2007-0040
- RESERVED
+CVE-2007-0043 (The Just In Time (JIT) Compiler service in Microsoft .NET Framework ...)
+ TODO: check
+CVE-2007-0042 (ASP.NET in Microsoft .NET Framework 2.0 SP2 and earlier for Windows ...)
+ TODO: check
+CVE-2007-0041 (The PE Loader service in Microsoft .NET Framework 2.0 SP2 and earlier ...)
+ TODO: check
+CVE-2007-0040 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...)
+ TODO: check
CVE-2007-0039 (The Exchange Collaboration Data Objects (EXCDO) functionality in ...)
NOT-FOR-US: Microsoft
CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in Microsoft ...)
@@ -14068,8 +14428,8 @@
NOT-FOR-US: Novell eDirectory
CVE-2006-4520 (ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 ...)
NOT-FOR-US: Novell eDirectory
-CVE-2006-4519
- RESERVED
+CVE-2006-4519 (Multiple integer overflows in the image loader plug-ins in GIMP before ...)
+ TODO: check
CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a ...)
NOT-FOR-US: Qbik WinGate
CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a ...)
@@ -17208,7 +17568,7 @@
NOT-FOR-US: IBD Micro CMS
CVE-2006-3143 (Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus ...)
NOT-FOR-US: Maximus SchoolMAX
-CVE-2006-3142 (SQL injection vulnerability in Forum.php in VBZooM 1.11 allows remote ...)
+CVE-2006-3142 (SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote ...)
NOT-FOR-US: VBZooM
CVE-2006-3141 (Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye ...)
NOT-FOR-US: Tradingeye Shop
@@ -25467,7 +25827,7 @@
NOT-FOR-US: Komodo CMS
CVE-2005-4361 (Cross-site scripting (XSS) vulnerability in search.html in Magnolia ...)
NOT-FOR-US: Magnolia Content Management Suite
-CVE-2005-4360 (Microsoft IIS 5.1 allows remote attackers to cause a denial of service ...)
+CVE-2005-4360 (The URL parser in Microsoft Internet Information Services (IIS) 5.1 on ...)
NOT-FOR-US: IIS
CVE-2005-4359 (SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 ...)
NOT-FOR-US: ODFaq
@@ -39664,7 +40024,7 @@
NOT-FOR-US: KorWeblog
CVE-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and ...)
- moodle 1.4.3-1
-CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in Moodle 1.4.2 and earlier ...)
+CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 ...)
- moodle 1.4.3-1
CVE-2004-1423 (Multiple PHP remote file inclusion vulnerabilities in Sean Proctor ...)
NOT-FOR-US: PHP-Calendar
More information about the Secure-testing-commits
mailing list