[Secure-testing-commits] r6001 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Fri Jun 15 09:14:08 UTC 2007
Author: joeyh
Date: 2007-06-15 09:14:07 +0000 (Fri, 15 Jun 2007)
New Revision: 6001
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-06-13 20:32:22 UTC (rev 6000)
+++ data/CVE/list 2007-06-15 09:14:07 UTC (rev 6001)
@@ -1,3 +1,129 @@
+CVE-2007-3246 (The do_set_password function in modules/chanserv/set.c in IRC Services ...)
+ TODO: check
+CVE-2007-3245 (IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote ...)
+ TODO: check
+CVE-2007-3244 (SQL injection vulnerability in bb-includes/formatting-functions.php in ...)
+ TODO: check
+CVE-2007-3243 (Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress ...)
+ TODO: check
+CVE-2007-3242 (The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) ...)
+ TODO: check
+CVE-2007-3241 (Cross-site scripting (XSS) vulnerability in blogroll.php in the ...)
+ TODO: check
+CVE-2007-3240 (Cross-site scripting (XSS) vulnerability in 404.php in the ...)
+ TODO: check
+CVE-2007-3239 (Cross-site scripting (XSS) vulnerability in searchform.php in the ...)
+ TODO: check
+CVE-2007-3238 (Cross-site scripting (XSS) vulnerability in functions.php in the ...)
+ TODO: check
+CVE-2007-3237 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-3236 (PHP remote file inclusion vulnerability in footer.php in the Horoscope ...)
+ TODO: check
+CVE-2007-3235 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum ...)
+ TODO: check
+CVE-2007-3234 (SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows ...)
+ TODO: check
+CVE-2007-3233 (The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 ...)
+ TODO: check
+CVE-2007-3232 (The IBM TotalStorage DS400 with firmware 4.15 uses a blank password ...)
+ TODO: check
+CVE-2007-3231 (Buffer overflow in MeCab before 0.96 has unknown impact and attack ...)
+ TODO: check
+CVE-2007-3230 (PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer ...)
+ TODO: check
+CVE-2007-3229 (index.php in Singapore Gallery allows remote attackers to obtain ...)
+ TODO: check
+CVE-2007-3228 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-3227 (Cross-site scripting (XSS) vulnerability in the to_json function in ...)
+ TODO: check
+CVE-2007-3226 (Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 ...)
+ TODO: check
+CVE-2007-3225 (Unspecified vulnerability in Sun Java System Directory Server (slapd) ...)
+ TODO: check
+CVE-2007-3224 (Unspecified vulnerability in Sun ONE/Java System Directory Server ...)
+ TODO: check
+CVE-2007-3223 (Unspecified vulnerability in the NFS server in Sun Solaris 10 before ...)
+ TODO: check
+CVE-2007-3222 (PHP remote file inclusion vulnerability in modify.php in the XFsection ...)
+ TODO: check
+CVE-2007-3221 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-3220 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-3219 (Unspecified vulnerability in sources/action_public/xmlout.php in ...)
+ TODO: check
+CVE-2007-3218 (Cross-site scripting (XSS) vulnerability in request.php in PHP Live! ...)
+ TODO: check
+CVE-2007-3217 (Multiple PHP remote file inclusion vulnerabilities in Prototype of an ...)
+ TODO: check
+CVE-2007-3216 (Multiple unspecified vulnerabilities in the server component of CA ...)
+ TODO: check
+CVE-2007-3215 (PHPMailer 1.7, when configured to use sendmail, allows remote ...)
+ TODO: check
+CVE-2007-3214 (SQL injection vulnerability in style.php in e-Vision CMS 2.02 and ...)
+ TODO: check
+CVE-2007-3213 (Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in ...)
+ TODO: check
+CVE-2007-3212 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in ...)
+ TODO: check
+CVE-2007-3211 (Cross-site scripting (XSS) vulnerability in 404.php in Domain ...)
+ TODO: check
+CVE-2007-3210 (Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens ...)
+ TODO: check
+CVE-2007-3209 (Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses ...)
+ TODO: check
+CVE-2007-3208 (CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 ...)
+ TODO: check
+CVE-2007-3207
+ RESERVED
+CVE-2007-3206
+ RESERVED
+CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, ...)
+ TODO: check
+CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network ...)
+ TODO: check
+CVE-2007-3203 (Stack-based buffer overflow in smtpdll.dll in the SMTP service in ...)
+ TODO: check
+CVE-2007-3202 (Cross-site scripting (XSS) vulnerability in the rich text editor in ...)
+ TODO: check
+CVE-2007-3201 (Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 ...)
+ TODO: check
+CVE-2007-3200 (NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and ...)
+ TODO: check
+CVE-2007-3199 (Unrestricted file upload vulnerability in Link Request Contact Form ...)
+ TODO: check
+CVE-2007-3198 (Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP ...)
+ TODO: check
+CVE-2007-3197 (SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before ...)
+ TODO: check
+CVE-2007-3196 (SQL injection vulnerability in vBSupport.php in vSupport Integrated ...)
+ TODO: check
+CVE-2007-3195 (Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI ...)
+ TODO: check
+CVE-2007-3194 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-3193 (lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the ...)
+ TODO: check
+CVE-2007-3192 (admin/setup.php in Just For Fun Network Management System (JFFNMS) ...)
+ TODO: check
+CVE-2007-3191 (Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote ...)
+ TODO: check
+CVE-2007-3190 (Multiple SQL injection vulnerabilities in auth.php in Just For Fun ...)
+ TODO: check
+CVE-2007-3189 (Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun ...)
+ TODO: check
+CVE-2007-3188 (SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX ...)
+ TODO: check
+CVE-2007-3187 (Multiple unspecified vulnerabilities in Apple Safari for Windows allow ...)
+ TODO: check
+CVE-2007-3186 (Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute ...)
+ TODO: check
+CVE-2007-3185 (Apple Safari Beta 3.0.1 for Windows public beta allows remote ...)
+ TODO: check
+CVE-2007-3184 (Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, ...)
+ TODO: check
CVE-2007-3183
RESERVED
CVE-2007-3182
@@ -2,6 +128,6 @@
RESERVED
-CVE-2007-3181
- RESERVED
-CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP systems ...)
+CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows ...)
TODO: check
+CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP Windows ...)
+ TODO: check
CVE-2007-3179 (Multiple SQL injection vulnerabilities in archives.php in Particle ...)
@@ -176,10 +302,10 @@
RESERVED
CVE-2007-3101
RESERVED
-CVE-2007-3100
- RESERVED
-CVE-2007-3099
- RESERVED
+CVE-2007-3100 (usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before ...)
+ TODO: check
+CVE-2007-3099 (usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before ...)
+ TODO: check
CVE-2007-3098 (The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc ...)
TODO: check
CVE-2007-3097 (my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers ...)
@@ -546,8 +672,8 @@
RESERVED
CVE-2007-2922
RESERVED
-CVE-2007-2921
- RESERVED
+CVE-2007-2921 (Multiple buffer overflows in acgm.dll in the Corel / Micrografx ...)
+ TODO: check
CVE-2007-2920 (Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX ...)
TODO: check
CVE-2007-2919 (Multiple stack-based buffer overflows in the FViewerLoading ActiveX ...)
@@ -1430,7 +1556,7 @@
NOT-FOR-US: DynamicPAD
CVE-2007-2526 (Heap-based buffer overflow in the ConnectAsyncEx function in VNC ...)
NOT-FOR-US: VNC Viewer ActiveX control
-CVE-2007-2525 (Memory leak in the PPPoE socket implementation in the Linux kernel ...)
+CVE-2007-2525 (Memory leak in the PPP over Ethernet (PPPoE) socket implementation in ...)
- linux-2.6 <unfixed>
CVE-2007-2524 (Cross-site scripting (XSS) vulnerability in index.pl in OTRS (Open ...)
{DSA-1298-1}
@@ -1598,12 +1724,11 @@
CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES ...)
- linux-2.6 2.6.21-3
[etch] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.20)
-CVE-2007-2450
- RESERVED
-CVE-2007-2449
- RESERVED
-CVE-2007-2448 [subversion issue involving svn prop* commands]
- RESERVED
+CVE-2007-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager ...)
+ TODO: check
+CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSP ...)
+ TODO: check
+CVE-2007-2448 (Subversion 1.4.3 and earlier does not properly implement the "partial ...)
- subversion <unfixed> (bug #428194; low)
CVE-2007-2447 (The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 ...)
{DSA-1291-2 DTSA-41-1}
@@ -1737,8 +1862,8 @@
RESERVED
CVE-2007-2392
RESERVED
-CVE-2007-2391
- RESERVED
+CVE-2007-2391 (Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 ...)
+ TODO: check
CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows ...)
NOT-FOR-US: Apple
CVE-2007-2389 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear ...)
@@ -2121,17 +2246,17 @@
TODO: check
CVE-2007-2228
RESERVED
-CVE-2007-2227
- RESERVED
+CVE-2007-2227 (The MHTML protocol handler in Microsoft Outlook Express 6 and Windows ...)
+ TODO: check
CVE-2007-2226
RESERVED
-CVE-2007-2225
- RESERVED
+CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in Windows ...)
+ TODO: check
CVE-2007-2224
RESERVED
CVE-2007-2223
RESERVED
-CVE-2007-2222 (Multiple unspecified vulnerabilities in speech control ActiveX ...)
+CVE-2007-2222 (Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and ...)
TODO: check
CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in Microsoft ...)
NOT-FOR-US: Microsoft Internet Explorer
@@ -3192,7 +3317,8 @@
RESERVED
CVE-2007-1753
RESERVED
-CVE-2007-1752 (Microsoft Internet Explorer 7 allows remote attackers to spoof web ...)
+CVE-2007-1752
+ REJECTED
TODO: check
CVE-2007-1751 (Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to ...)
TODO: check
@@ -3804,7 +3930,7 @@
NOT-FOR-US: Avant Browse
CVE-2007-1500 (The Linux Security Auditing Tool (LSAT) allows local users to ...)
NOT-FOR-US: Linux Security Auditing Tool
-CVE-2007-1499 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
+CVE-2007-1499 (Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote ...)
NOT-FOR-US: Internet Explorer
CVE-2007-1498 (Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ...)
NOT-FOR-US: SiteManager.SiteMgr.1 ActiveX control
@@ -5927,7 +6053,7 @@
[sarge] - mozilla-firefox <not-affected> (Only affected Firefox 2.0 et al)
[sarge] - mozilla-thunderbird <not-affected> (Only affected Firefox 2.0 et al)
[sarge] - mozilla <not-affected> (Only affected Firefox 2.0 et al)
-CVE-2007-0775 (Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox ...)
+CVE-2007-0775 (Multiple unspecified vulnerabilities in the layout engine in Mozilla ...)
NOTE: MFSA-2007-01
- iceweasel 2.0.0.2+dfsg-1 (high)
- iceape 1.0.8-1 (high)
@@ -7201,8 +7327,7 @@
CVE-2007-0246 (plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 ...)
{DSA-1297-1}
- gforge-plugin-scmcvs 4.5.14-6
-CVE-2007-0245
- RESERVED
+CVE-2007-0245 (Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier ...)
{DSA-1307-1}
- openoffice.org 2.2.1~rc1-1
CVE-2007-0244 (pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before ...)
@@ -14023,8 +14148,8 @@
REJECTED
CVE-2006-4169
RESERVED
-CVE-2006-4168
- RESERVED
+CVE-2006-4168 (Integer overflow in the exif_data_load_data_entry function in ...)
+ TODO: check
CVE-2006-4167
RESERVED
CVE-2006-4166 (PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and ...)
@@ -14067,7 +14192,7 @@
RESERVED
CVE-2006-4147
RESERVED
-CVE-2006-4146 (Buffer overflow in the (1) DWARF (dwarfread.c) and DWARF2 ...)
+CVE-2006-4146 (Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 ...)
- gdb <unfixed> (unimportant)
NOTE: Every sensible use of gdb involves executing the debugged binary
CVE-2006-4145 (The Universal Disk Format (UDF) filesystem driver in Linux kernel ...)
@@ -18727,7 +18852,7 @@
NOT-FOR-US: Fuji Xerox Printing Systems
CVE-2006-2112 (Fuji Xerox Printing Systems (FXPS) print engine, as used in products ...)
NOT-FOR-US: Fuji Xerox Printing Systems
-CVE-2006-2111 (Microsoft Internet Explorer 6.0 on Windows XP SP2, and possibly other ...)
+CVE-2006-2111 (A component in Microsoft Outlook Express 6 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-2110 (Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x ...)
{DSA-1060-1}
More information about the Secure-testing-commits
mailing list