[Secure-testing-commits] r6192 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Tue Jul 31 09:14:08 UTC 2007


Author: joeyh
Date: 2007-07-31 09:14:07 +0000 (Tue, 31 Jul 2007)
New Revision: 6192

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-07-31 08:38:22 UTC (rev 6191)
+++ data/CVE/list	2007-07-31 09:14:07 UTC (rev 6192)
@@ -1,3 +1,177 @@
+CVE-2007-4116 (SQL injection vulnerability in philboard_forum.asp in Metyus Forum ...)
+	TODO: check
+CVE-2007-4115 (Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) ...)
+	TODO: check
+CVE-2007-4114 (Multiple SQL injection vulnerabilities in unuttum.asp in ...)
+	TODO: check
+CVE-2007-4113 (Unspecified vulnerability in Advanced Webhost Billing System (AWBS) ...)
+	TODO: check
+CVE-2007-4112 (Multiple SQL injection vulnerabilities in Advanced Webhost Billing ...)
+	TODO: check
+CVE-2007-4111 (SQL injection vulnerability in the login script in Real Estate listing ...)
+	TODO: check
+CVE-2007-4110 (SQL injection vulnerability in sign_in.aspx in Message Board / ...)
+	TODO: check
+CVE-2007-4109 (SQL injection vulnerability in sign_in.aspx in WebStore (Online Store ...)
+	TODO: check
+CVE-2007-4108 (SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event ...)
+	TODO: check
+CVE-2007-4107 (SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 ...)
+	TODO: check
+CVE-2007-4106 (SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - ...)
+	TODO: check
+CVE-2007-4105 (A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 ...)
+	TODO: check
+CVE-2007-4104 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
+CVE-2007-4103 (The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before ...)
+	TODO: check
+CVE-2007-4102 (Cross-site scripting (XSS) vulnerability in search.php for sBlog 0.7.3 ...)
+	TODO: check
+CVE-2007-4101 (Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 ...)
+	TODO: check
+CVE-2007-4100 (MLDonkey before 2.9.0 does not load certain code from ...)
+	TODO: check
+CVE-2007-4099 (Tor before 0.1.2.15 can select a guard node beyond the first listed ...)
+	TODO: check
+CVE-2007-4098 (Tor before 0.1.2.15 does not properly distinguish "streamids from ...)
+	TODO: check
+CVE-2007-4097 (Tor before 0.1.2.15 sends "destroy cells" containing the reason for ...)
+	TODO: check
+CVE-2007-4096 (Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, ...)
+	TODO: check
+CVE-2007-4095 (SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows ...)
+	TODO: check
+CVE-2007-4094 (PHP remote file inclusion vulnerability in library/authorize.php in ...)
+	TODO: check
+CVE-2007-4093 (Minb Is Not a Blog (minb) stores sensitive information under the web ...)
+	TODO: check
+CVE-2007-4092 (Directory traversal vulnerability in index.php in iFoto 1.0.1 and ...)
+	TODO: check
+CVE-2007-4091
+	RESERVED
+CVE-2007-4090 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...)
+	TODO: check
+CVE-2007-4089 (Vikingboard 0.1.2 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2007-4088 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...)
+	TODO: check
+CVE-2007-4087 (AlstraSoft Video Share Enterprise allows remote attackers to obtain ...)
+	TODO: check
+CVE-2007-4086 (Multiple SQL injection vulnerabilities in AlstraSoft Video Share ...)
+	TODO: check
+CVE-2007-4085 (Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow ...)
+	TODO: check
+CVE-2007-4084 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...)
+	TODO: check
+CVE-2007-4083 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...)
+	TODO: check
+CVE-2007-4082 (Cross-site scripting (XSS) vulnerability in contact_author.php ...)
+	TODO: check
+CVE-2007-4081 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...)
+	TODO: check
+CVE-2007-4080 (Cross-site scripting (XSS) vulnerability in index.php AlstraSoft ...)
+	TODO: check
+CVE-2007-4079 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS ...)
+	TODO: check
+CVE-2007-4078 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text ...)
+	TODO: check
+CVE-2007-4077 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...)
+	TODO: check
+CVE-2007-4076 (Multiple SQL injection vulnerabilities in index.asp in Alisveris ...)
+	TODO: check
+CVE-2007-4075 (Cross-site scripting (XSS) vulnerability in index.asp in Alisveris ...)
+	TODO: check
+CVE-2007-4074 (The default configuration of Centre for Speech Technology Research ...)
+	TODO: check
+CVE-2007-4073 (Webbler CMS before 3.1.6 does not properly restrict use of "mail a ...)
+	TODO: check
+CVE-2007-4072 (Webbler CMS before 3.1.6 provides the full installation path within ...)
+	TODO: check
+CVE-2007-4071 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2007-4070 (Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun ...)
+	TODO: check
+CVE-2007-4069 (SQL injection vulnerability in show_cat.php in IndexScript 2.8 and ...)
+	TODO: check
+CVE-2007-4068 (Multiple SQL injection vulnerabilities in Webyapar 2.0 allow remote ...)
+	TODO: check
+CVE-2007-4067 (Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ...)
+	TODO: check
+CVE-2007-4066
+	RESERVED
+CVE-2007-4065
+	RESERVED
+CVE-2007-4064 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x ...)
+	TODO: check
+CVE-2007-4063 (Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal ...)
+	TODO: check
+CVE-2007-4062 (The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus ...)
+	TODO: check
+CVE-2007-4061 (Directory traversal vulnerability in a certain ActiveX control in ...)
+	TODO: check
+CVE-2007-4060 (Multiple buffer overflows in the HttpSprockMake function in http.c in ...)
+	TODO: check
+CVE-2007-4059 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
+	TODO: check
+CVE-2007-4058 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
+	TODO: check
+CVE-2007-4057 (Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio ...)
+	TODO: check
+CVE-2007-4056 (SQL injection vulnerability in directory.php in Adult Directory allows ...)
+	TODO: check
+CVE-2007-4055 (SQL injection vulnerability in comments_get.asp in SimpleBlog 3.0 ...)
+	TODO: check
+CVE-2007-4054 (SQL injection vulnerability in category.php in PHP123 Top Sites allows ...)
+	TODO: check
+CVE-2007-4053 (SQL injection vulnerability in include/img_view.class.php in LinPHA ...)
+	TODO: check
+CVE-2007-4052 (Cross-site scripting (XSS) vulnerability in utilities/login.asp in ...)
+	TODO: check
+CVE-2007-4051 (Heap-based buffer overflow in the FindFiles function in UltraDefrag ...)
+	TODO: check
+CVE-2007-4050 (Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta ...)
+	TODO: check
+CVE-2007-4049 (Cross-site scripting (XSS) vulnerability in the printenv.pl test CGI ...)
+	TODO: check
+CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo ...)
+	TODO: check
+CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for (1) ...)
+	TODO: check
+CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery ...)
+	TODO: check
+CVE-2007-4045 (The CUPS service on SUSE Linux before 20070720 allows remote attackers ...)
+	TODO: check
+CVE-2007-4044 (Incomplete blacklist vulnerability in the MS-RPC functionality in smbd ...)
+	TODO: check
+CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...)
+	TODO: check
+CVE-2007-4042 (Multiple argument injection vulnerabilities in Netscape Navigator 9 ...)
+	TODO: check
+CVE-2007-4041 (Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 ...)
+	TODO: check
+CVE-2007-4040 (Argument injection vulnerability involving Microsoft Outlook and ...)
+	TODO: check
+CVE-2007-4039 (Argument injection vulnerability involving Mozilla, when certain URIs ...)
+	TODO: check
+CVE-2007-4038 (Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, ...)
+	TODO: check
+CVE-2007-4037 (** DISPUTED ** Guidance Software EnCase allows user-assisted remote ...)
+	TODO: check
+CVE-2007-4036 (** DISPUTED ** Guidance Software EnCase allows user-assisted remote ...)
+	TODO: check
+CVE-2007-4035 (** DISPUTED ** Guidance Software EnCase does not properly handle (1) ...)
+	TODO: check
+CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 ActiveX control ...)
+	TODO: check
+CVE-2007-4033 (Buffer overflow in php_gd2.dll in the gd (PHP_GD2) extension in PHP ...)
+	TODO: check
+CVE-2007-4032 (Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted remote ...)
+	TODO: check
+CVE-2007-4031 (Directory traversal vulnerability in a certain ActiveX control in ...)
+	TODO: check
+CVE-2007-4030
+	RESERVED
 CVE-2007-XXXX [Drupal CSRF]
 	- drupal5 5.2-1 (low)
 	NOTE: DRUPAL-SA-2007-017
@@ -50,7 +224,7 @@
 	TODO: check
 CVE-2007-4009 (PHP remote file inclusion vulnerability in ...)
 	TODO: check
-CVE-2007-4008 (Directory traversal vulnerability in custom.php in Entertainment CMS ...)
+CVE-2007-4008 (Directory traversal vulnerability in custom.php in Entertainment Media ...)
 	TODO: check
 CVE-2007-4007 (PHP remote file inclusion vulnerability in index.php in Article ...)
 	TODO: check
@@ -58,7 +232,7 @@
 	TODO: check
 CVE-2007-4005 (Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) ...)
 	TODO: check
-CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 allows local ...)
+CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows ...)
 	TODO: check
 CVE-2007-4003 (pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code ...)
 	TODO: check
@@ -244,8 +418,8 @@
 	RESERVED
 CVE-2007-3912
 	RESERVED
-CVE-2007-3911
-	RESERVED
+CVE-2007-3911 (Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka ...)
+	TODO: check
 CVE-2007-3910 (Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows ...)
 	TODO: check
 CVE-2007-3909 (Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow ...)
@@ -1049,8 +1223,8 @@
 	TODO: check
 CVE-2007-3533 (The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote ...)
 	TODO: check
-CVE-2007-3532
-	RESERVED
+CVE-2007-3532 (nvidia-drivers before 1.0.7185, 1.0.9639, and 100.14.11, as used in ...)
+	TODO: check
 CVE-2007-3531 (The set_default_speeds function in backend/backend.c in NVidia NVClock ...)
 	TODO: check
 CVE-2007-3530 (PHPDirector 0.21 and earlier stores the admin account name and ...)
@@ -1412,8 +1586,8 @@
 	NOT-FOR-US: eNdonesia
 CVE-2007-3388
 	RESERVED
-CVE-2007-3387
-	RESERVED
+CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor function in ...)
+	TODO: check
 CVE-2007-3386
 	RESERVED
 CVE-2007-3385
@@ -1558,7 +1732,7 @@
 	NOT-FOR-US: PHPEcho CMS
 CVE-2007-3334 (Multiple heap-based buffer overflows in the (1) Communications Server ...)
 	NOT-FOR-US: Ingres
-CVE-2007-3333 (Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 allows ...)
+CVE-2007-3333 (Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 ...)
 	TODO: check
 CVE-2007-3332 (Directory traversal vulnerability in Satellite.php in Satel Lite for ...)
 	NOT-FOR-US: Satel Lite for PhpNuke
@@ -2098,8 +2272,8 @@
 	- linux-2.6 <unfixed>
 CVE-2007-3106 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows ...)
 	TODO: check
-CVE-2007-3105
-	RESERVED
+CVE-2007-3105 (Stack-based buffer overflow in the random number generator (RNG) ...)
+	TODO: check
 CVE-2007-3104 (The sysfs_readdir function in the Linux kernel in Red Hat Enterprise ...)
 	- linux-2.6 <unfixed>
 CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on Red Hat ...)
@@ -2436,8 +2610,8 @@
 	RESERVED
 CVE-2007-2954
 	RESERVED
-CVE-2007-2953
-	RESERVED
+CVE-2007-2953 (Format string vulnerability in the helptags_one function in ...)
+	TODO: check
 CVE-2007-2952
 	RESERVED
 CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc ...)
@@ -2601,8 +2775,8 @@
 	- linux-2.6 2.6.21-5 (medium)
 CVE-2007-2875 (Integer underflow in the cpuset_tasks_read function in the Linux ...)
 	- linux-2.6 2.6.21-5 (medium)
-CVE-2007-2874
-	RESERVED
+CVE-2007-2874 (Buffer overflow in the wpa_printf function in the debugging code in ...)
+	TODO: check
 CVE-2007-2873 (SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as ...)
 	- spamassassin 3.2.1-1 (low)
 CVE-2007-2872 (Multiple integer overflows in the chunk_split function in PHP 5 before ...)
@@ -6190,8 +6364,8 @@
 	- tomcat4 <removed> (low)
 	- tomcat5 <unfixed> (low)
 	- tomcat5.5 <unfixed> (low)
-CVE-2007-1354
-	RESERVED
+CVE-2007-1354 (The Access Control functionality (JMXOpsAccessControlFilter) in JMX ...)
+	TODO: check
 CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support in the ...)
 	- linux-2.6 <unfixed> (low)
 CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org libXfont ...)




More information about the Secure-testing-commits mailing list