[Secure-testing-commits] r6043 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Thu Jun 21 21:14:08 UTC 2007
Author: joeyh
Date: 2007-06-21 21:14:08 +0000 (Thu, 21 Jun 2007)
New Revision: 6043
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-06-21 18:27:42 UTC (rev 6042)
+++ data/CVE/list 2007-06-21 21:14:08 UTC (rev 6043)
@@ -1,3 +1,162 @@
+CVE-2007-4168
+ REJECTED
+ TODO: check
+CVE-2007-3322 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
+ TODO: check
+CVE-2007-3321 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
+ TODO: check
+CVE-2007-3320 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
+ TODO: check
+CVE-2007-3319 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
+ TODO: check
+CVE-2007-3318 (Buffer overflow in the Session Initiation Protocol (SIP) User Access ...)
+ TODO: check
+CVE-2007-3317 (The Session Initiation Protocol (SIP) User Access Client (UAC) message ...)
+ TODO: check
+CVE-2007-3316 (Multiple format string vulnerabilities in plugins in VideoLAN VLC ...)
+ TODO: check
+CVE-2007-3315 (Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer ...)
+ TODO: check
+CVE-2007-3314 (Stack-based buffer overflow in peviewer.spl in Altap Servant ...)
+ TODO: check
+CVE-2007-3313 (Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote ...)
+ TODO: check
+CVE-2007-3312 (Directory traversal vulnerability in admin/plugin_manager.php in ...)
+ TODO: check
+CVE-2007-3311 (SQL injection vulnerability in print.php in the Articles 1.02 and ...)
+ TODO: check
+CVE-2007-3310 (Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows ...)
+ TODO: check
+CVE-2007-3309 (Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows ...)
+ TODO: check
+CVE-2007-3308 (Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with ...)
+ TODO: check
+CVE-2007-3307 (SQL injection vulnerability in game_listing.php in Solar Empire ...)
+ TODO: check
+CVE-2007-3306 (PHP remote file inclusion vulnerability in crontab/run_billing.php in ...)
+ TODO: check
+CVE-2007-3305 (Heap-based buffer overflow in Cerulean Studios Trillian 3.x before ...)
+ TODO: check
+CVE-2007-3304 (Apache httpd 1.3.37, and 2.0.59 and 2.2.4 with the Prefork MPM module, ...)
+ TODO: check
+CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...)
+ TODO: check
+CVE-2007-3302
+ RESERVED
+CVE-2007-3301 (SQL injection vulnerability in forum/include/error/autherror.cfm in ...)
+ TODO: check
+CVE-2007-3300 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...)
+ TODO: check
+CVE-2007-3299 (Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when ...)
+ TODO: check
+CVE-2007-3298 (SQL injection vulnerability in Spey before 0.4.1 allows remote ...)
+ TODO: check
+CVE-2007-3297 (Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow ...)
+ TODO: check
+CVE-2007-3296 (The ThunderServer.webThunder.1 ActiveX control in xunlei Web ...)
+ TODO: check
+CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board (YaBB) ...)
+ TODO: check
+CVE-2007-3294 (Multiple buffer overflows in the Tidy extension for PHP 5.2.3 allow ...)
+ TODO: check
+CVE-2007-3293 (SQL injection vulnerability in categoria.php in LiveCMS 3.4 and ...)
+ TODO: check
+CVE-2007-3292 (Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier ...)
+ TODO: check
+CVE-2007-3291 (Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier ...)
+ TODO: check
+CVE-2007-3290 (categoria.php in LiveCMS 3.4 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2007-3289 (PHP remote file inclusion vulnerability in spaw/spaw_control.class.php ...)
+ TODO: check
+CVE-2007-3288 (Cross-site scripting (XSS) vulnerability in the skeltoac stats ...)
+ TODO: check
+CVE-2007-3287
+ RESERVED
+CVE-2007-3286
+ RESERVED
+CVE-2007-3285 (Mozilla Firefox allows remote attackers to bypass file type checks via ...)
+ TODO: check
+CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows ...)
+ TODO: check
+CVE-2007-3283 (GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root ...)
+ TODO: check
+CVE-2007-3282 (Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX ...)
+ TODO: check
+CVE-2007-3281 (Cross-site scripting (XSS) vulnerability in index.php in Php Hosting ...)
+ TODO: check
+CVE-2007-3280 (The Database Link library (dblink) in PostgreSQL 8.1 implements ...)
+ TODO: check
+CVE-2007-3279 (PostgreSQL 8.1 and probably later versions, when the PL/pgSQL ...)
+ TODO: check
+CVE-2007-3278 (PostgreSQL 8.1 and probably later versions, when local trust ...)
+ TODO: check
+CVE-2007-3277 (Unspecified vulnerability in the localization before 1.2 module for ...)
+ TODO: check
+CVE-2007-3276 (Cross-site scripting (XSS) vulnerability in index.php in Site at School ...)
+ TODO: check
+CVE-2007-3275 (MailWasher Server before 2.2.1, when used with LDAP or Active ...)
+ TODO: check
+CVE-2007-3274 (Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause ...)
+ TODO: check
+CVE-2007-3273 (SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote ...)
+ TODO: check
+CVE-2007-3272 (Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows ...)
+ TODO: check
+CVE-2007-3271 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-3270 (PHP remote file inclusion vulnerability in Includes/global.inc.php in ...)
+ TODO: check
+CVE-2007-3269 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 ...)
+ TODO: check
+CVE-2007-3268
+ RESERVED
+CVE-2007-3267 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum ...)
+ TODO: check
+CVE-2007-3266 (Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows ...)
+ TODO: check
+CVE-2007-3265 (Cross-site scripting (XSS) vulnerability in the Samples component in ...)
+ TODO: check
+CVE-2007-3264 (Unspecified vulnerability in the PD tools component in IBM WebSphere ...)
+ TODO: check
+CVE-2007-3263 (Unspecified vulnerability in the Default Messaging Component in IBM ...)
+ TODO: check
+CVE-2007-3262 (Unspecified vulnerability in the Default Messaging Component in IBM ...)
+ TODO: check
+CVE-2007-3261 (Cross-site scripting (XSS) vulnerability in widgets/widget_search.php ...)
+ TODO: check
+CVE-2007-3260 (HP System Management Homepage (SMH) before 2.1.9 for Linux, when used ...)
+ TODO: check
+CVE-2007-3259
+ RESERVED
+CVE-2007-3258
+ RESERVED
+CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for Evolution Data ...)
+ TODO: check
+CVE-2007-3256
+ RESERVED
+CVE-2007-3255
+ RESERVED
+CVE-2007-3254
+ RESERVED
+CVE-2007-3253 (Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) ...)
+ TODO: check
+CVE-2007-3252 (PortalApp stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2007-3251 (Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and ...)
+ TODO: check
+CVE-2007-3250 (SQL injection vulnerability in mod_banners.php in Elxis CMS before ...)
+ TODO: check
+CVE-2007-3249 (Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php ...)
+ TODO: check
+CVE-2007-3248 (Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 ...)
+ TODO: check
+CVE-2007-3247 (SQL injection vulnerability in VirtueMart before 1.0.11 allows remote ...)
+ TODO: check
+CVE-2005-4847 (Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack ...)
+ TODO: check
+CVE-2005-4846 (Format string vulnerability in Logger.cc for Spey 0.3.3 allows ...)
+ TODO: check
CVE-2007-3246 (The do_set_password function in modules/chanserv/set.c in IRC Services ...)
TODO: check
CVE-2007-3245 (IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote ...)
@@ -61,6 +220,7 @@
CVE-2007-3216 (Multiple unspecified vulnerabilities in the server component of CA ...)
NOT-FOR-US: CA BrightStor products
CVE-2007-3215 (PHPMailer 1.7, when configured to use sendmail, allows remote ...)
+ {DSA-1315-1}
- libphp-phpmailer 1.73-4 (high; bug #429179)
- flyspray 0.9.8-12 (bug #429191; bug #429195)
[etch] - flyspray <not-affected> (Vulnerable code not)
@@ -89,8 +249,8 @@
[sarge] - mail-notification <not-affected> (Only affects 3.x and 4.x)
CVE-2007-3208 (CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 ...)
NOT-FOR-US: YaBB
-CVE-2007-3207
- RESERVED
+CVE-2007-3207 (Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare ...)
+ TODO: check
CVE-2007-3206
RESERVED
CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, ...)
@@ -267,15 +427,16 @@
NOT-FOR-US: Microsoft
CVE-2005-4841 (The Outlook Progress Ctl control allows remote attackers to cause a ...)
NOT-FOR-US: Microsoft
-CVE-2007-3129
- RESERVED
-CVE-2007-3128
- RESERVED
-CVE-2007-3127
- RESERVED
+CVE-2007-3129 (Cross-site scripting (XSS) vulnerability in login.php in Utopia News ...)
+ TODO: check
+CVE-2007-3128 (SQL injection vulnerability in content.php in WSPortal 1.0, when ...)
+ TODO: check
+CVE-2007-3127 (content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows ...)
+ TODO: check
CVE-2007-3126 (Gimp 2.3.14 allows context-dependent attackers to cause a denial of ...)
- gimp <unfixed> (unimportant)
-CVE-2007-3125 (Format string vulnerability in the inputAnswer function in file.c in ...)
+CVE-2007-3125
+ REJECTED
NOTE: Duplicate of CVE-2006-6772
CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in ...)
NOT-FOR-US: FreeVMS
@@ -326,11 +487,13 @@
RESERVED
CVE-2007-3102
RESERVED
-CVE-2007-3101
- RESERVED
+CVE-2007-3101 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSF ...)
+ TODO: check
CVE-2007-3100 (usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before ...)
+ {DSA-1314-1}
- open-iscsi 2.0.865-1 (low; bug #429225)
CVE-2007-3099 (usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before ...)
+ {DSA-1314-1}
- open-iscsi 2.0.865-1 (medium; bug #429225)
CVE-2007-3098 (The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc ...)
NOT-FOR-US: Castle Rock Computing SNMPc
@@ -534,7 +697,7 @@
NOT-FOR-US: Microsoft
CVE-2007-2998 (The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS ...)
NOT-FOR-US: OpenVMS
-CVE-2007-2997 (Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in ...)
+CVE-2007-2997 (** DISPUTED ** ...)
NOT-FOR-US: SalesCart Shopping Cart
CVE-2007-2996 (Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM ...)
NOT-FOR-US: IBM AIX
@@ -646,6 +809,7 @@
CVE-2007-2949
RESERVED
CVE-2007-2948 (Multiple stack-based buffer overflows in stream/stream_cddb.c in ...)
+ {DSA-1313-1}
- mplayer 1.0~rc1-14
CVE-2007-2947 (Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha ...)
NOT-FOR-US: OpenBASE Alpha
@@ -693,10 +857,10 @@
RESERVED
CVE-2007-2925
RESERVED
-CVE-2007-2924
- RESERVED
-CVE-2007-2923
- RESERVED
+CVE-2007-2924 (Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX ...)
+ TODO: check
+CVE-2007-2923 (The launch method in the LocalExec ActiveX control (LocalExec.ocx) in ...)
+ TODO: check
CVE-2007-2922
RESERVED
CVE-2007-2921 (Multiple buffer overflows in acgm.dll in the Corel / Micrografx ...)
@@ -1877,8 +2041,8 @@
RESERVED
CVE-2007-2399
RESERVED
-CVE-2007-2398
- RESERVED
+CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers ...)
+ TODO: check
CVE-2007-2397
RESERVED
CVE-2007-2396
@@ -2531,7 +2695,7 @@
- git-core 1.5.1.2-1 (low)
NOTE: http://git.kernel.org/?p=git/git.git;a=commit;h=1bb88be99e4fdedcd5cc5292c11b566a00028deb
CVE-2007-2138 (Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x ...)
- {DSA-1311-1 DSA-1310-1 DSA-1309-1}
+ {DSA-1311-1 DSA-1309-1}
- postgresql-8.2 8.2.4-1
- postgresql-8.1 8.1.9-1
- postgresql-7.4 1:7.4.17-1
@@ -2720,7 +2884,7 @@
- phpwiki <unfixed> (unknown)
CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the authorization and ...)
NOT-FOR-US: Secustick USB flash drive
-CVE-2007-2022 (Unspecified vulnerability in the Adobe Macromedia Flash Player 7.x and ...)
+CVE-2007-2022 (Adobe Macromedia Flash Player 7 and 9, when used with Opera before ...)
- flashplayer-mozilla <unfixed> (unknown)
[sarge] - flashplayer-mozilla <no-dsa> (Non-free not supported)
[etch] - flashplayer-mozilla <no-dsa> (Non-free not supported)
@@ -3901,7 +4065,7 @@
{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
- php5 5.2.0-11 (medium)
- php4 <unfixed> (medium)
-CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 does ...)
+CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and ...)
NOT-FOR-US: PHP-Nuke
CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke ...)
NOT-FOR-US: PHP-Nuke
@@ -8261,7 +8425,7 @@
NOT-FOR-US: Content Federator
CVE-2006-6773 (pages/register/register.php in Fishyshoop 0.930 beta allows remote ...)
NOT-FOR-US: Fishyshoop
-CVE-2006-6772 (Format string vulnerability in w3m 0.5.1, when run with the dump or ...)
+CVE-2006-6772 (Format string vulnerability in the inputAnswer function in file.c in ...)
- w3m 0.5.1-5.1 (bug #404564; low)
[sarge] - w3m <no-dsa> (Minor issue, only exploitable in dump mode)
TODO: Check w3mee, is this forked version still needed?
@@ -14192,6 +14356,7 @@
CVE-2006-4169
RESERVED
CVE-2006-4168 (Integer overflow in the exif_data_load_data_entry function in ...)
+ {DSA-1310-1}
- libexif <unfixed> (bug #430012)
CVE-2006-4167
RESERVED
@@ -16659,7 +16824,7 @@
NOT-FOR-US: PhpBlueDragon
CVE-2006-3075 (Multiple PHP remote file inclusion vulnerabilities in PictureDis ...)
NOT-FOR-US: PictureDis Professional
-CVE-2006-3074 (klif.sys in Kaspersky Anti-Virus 6.0.0.300 and earlier, Internet ...)
+CVE-2006-3074 (klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky ...)
NOT-FOR-US: Several Kaspersky products
CVE-2006-3073 (Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN ...)
NOT-FOR-US: Cisco
@@ -29723,7 +29888,7 @@
NOT-FOR-US: Google Toolbar
CVE-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers ...)
NOT-FOR-US: PHPNews
-CVE-2004-2473 (wmFrog weather monitor 0.1.6 allows local users to overwrite arbitrary ...)
+CVE-2004-2473 (wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows ...)
- wmfrog <itp> (bug #294352)
CVE-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a ...)
NOT-FOR-US: Outpost Pro
More information about the Secure-testing-commits
mailing list