[Secure-testing-commits] r5562 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Mar 20 22:14:13 CET 2007
Author: joeyh
Date: 2007-03-20 21:14:08 +0000 (Tue, 20 Mar 2007)
New Revision: 5562
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-03-18 21:04:57 UTC (rev 5561)
+++ data/CVE/list 2007-03-20 21:14:08 UTC (rev 5562)
@@ -1,3 +1,183 @@
+CVE-2007-1516 (PHP remote file inclusion vulnerability in functions/update.php in ...)
+ TODO: check
+CVE-2007-1515 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 ...)
+ TODO: check
+CVE-2007-1514 (PHP remote file inclusion vulnerability in index.php in ViperWeb ...)
+ TODO: check
+CVE-2007-1513 (PHP remote file inclusion vulnerability in comanda.php in GraFX ...)
+ TODO: check
+CVE-2007-1512 (Stack-based buffer overflow in the AfxOleSetEditMenu function in the ...)
+ TODO: check
+CVE-2007-1511 (Buffer overflow in FrontBase Relational Database Server 4.2.7 and ...)
+ TODO: check
+CVE-2007-1510 (SQL injection vulnerability in post.php in Particle Blogger 1.0.0 ...)
+ TODO: check
+CVE-2007-1509 (Directory traversal vulnerability in enkrypt.php in Sascha Schroeder ...)
+ TODO: check
+CVE-2007-1508 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in ...)
+ TODO: check
+CVE-2007-1507 (The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x ...)
+ TODO: check
+CVE-2007-1506 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2007-1505 (Fujistu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption ...)
+ TODO: check
+CVE-2007-1504 (Cross-site scripting (XSS) vulnerability in the Servlet Service in ...)
+ TODO: check
+CVE-2007-1503 (Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b ...)
+ TODO: check
+CVE-2007-1502 (Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers ...)
+ TODO: check
+CVE-2007-1501 (Stack-based buffer overflow in Avant Browser 11.0 build 26 allows ...)
+ TODO: check
+CVE-2007-1500 (The Linux Security Auditing Tool (LSAT) allows local users to ...)
+ TODO: check
+CVE-2007-1499 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
+ TODO: check
+CVE-2007-1498 (Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ...)
+ TODO: check
+CVE-2007-1497 (nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not ...)
+ TODO: check
+CVE-2007-1496 (nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows ...)
+ TODO: check
+CVE-2007-1495 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 ...)
+ TODO: check
+CVE-2007-1494 (Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 ...)
+ TODO: check
+CVE-2007-1493 (nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive ...)
+ TODO: check
+CVE-2007-1492 (winmm.dll in Microsoft Windows XP allows user-assisted remote ...)
+ TODO: check
+CVE-2007-1491 (Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and ...)
+ TODO: check
+CVE-2007-1490 (Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 ...)
+ TODO: check
+CVE-2007-1489 (Unspecified vulnerability in WebAPP 0.9.9.6 before 20070312 allows ...)
+ TODO: check
+CVE-2007-1488 (Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 ...)
+ TODO: check
+CVE-2007-1487 (Directory traversal vulnerability in index.php in Sascha Schroeder ...)
+ TODO: check
+CVE-2007-1486 (PHP remote file inclusion vulnerability in template.class.php in ...)
+ TODO: check
+CVE-2007-1485 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-1484 (The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x ...)
+ TODO: check
+CVE-2007-1483 (Multiple PHP remote file inclusion vulnerabilities in WebCalendar ...)
+ TODO: check
+CVE-2007-1482 (Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows ...)
+ TODO: check
+CVE-2007-1481 (SQL injection vulnerability in index.php in WBBlog allows remote ...)
+ TODO: check
+CVE-2007-1480 (Creative Guestbook 1.0 allows remote attackers to add an ...)
+ TODO: check
+CVE-2007-1479 (Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative ...)
+ TODO: check
+CVE-2007-1478 (download.php in McGallery 0.5b allows remote attackers to read ...)
+ TODO: check
+CVE-2007-1477 (Directory traversal vulnerability in index.php in PHP Point Of Sale ...)
+ TODO: check
+CVE-2007-1476 (The SymTDI driver in Symantec Norton Personal Firewall 2006 9.1.1.7 ...)
+ TODO: check
+CVE-2007-1475 (Multiple buffer overflows in the (1) ibase_connect and (2) ...)
+ TODO: check
+CVE-2007-1474 (Argument injection vulnerability in the cleanup cron script in Horde ...)
+ TODO: check
+CVE-2007-1473 (Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in ...)
+ TODO: check
+CVE-2007-1472 (Variable overwrite vulnerability in groupit/base/groupit.start.inc in ...)
+ TODO: check
+CVE-2007-1471 (admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2007-1470 (Multiple buffer overflows in LIBFtp 5.0 allow user-assisted remote ...)
+ TODO: check
+CVE-2007-1469 (SQL injection vulnerability in gallery.asp in Absolute Image Gallery ...)
+ TODO: check
+CVE-2007-1468 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest ...)
+ TODO: check
+CVE-2007-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
+ TODO: check
+CVE-2007-1466 (Integer overflow in the the WP6GeneralTextPacket::_readContents ...)
+ TODO: check
+CVE-2007-1465
+ RESERVED
+CVE-2007-1464
+ RESERVED
+CVE-2007-1463
+ RESERVED
+CVE-2007-1462 (The luci server component in conga preserves the password between page ...)
+ TODO: check
+CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...)
+ TODO: check
+CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP 5.2.0 ...)
+ TODO: check
+CVE-2007-1459 (Multiple PHP remote file inclusion vulnerabilities in WebCreator ...)
+ TODO: check
+CVE-2007-1458 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow ...)
+ TODO: check
+CVE-2007-1457 (Buffer overflow in the urarlib_get function in Christian Scheurer ...)
+ TODO: check
+CVE-2007-1456 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-1455 (Multiple absolute path traversal vulnerabilities in Fantastico, as ...)
+ TODO: check
+CVE-2007-1454 (ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the ...)
+ TODO: check
+CVE-2007-1453 (Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ...)
+ TODO: check
+CVE-2007-1452 (The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement ...)
+ TODO: check
+CVE-2007-1451 (GuppY 4.0 allows remote attackers to delete arbitrary files via a ...)
+ TODO: check
+CVE-2007-1450 (SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and ...)
+ TODO: check
+CVE-2007-1449 (Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and ...)
+ TODO: check
+CVE-2007-1448 (The Tape Engine in CA (formerly Computer Associates) BrightStor ...)
+ TODO: check
+CVE-2007-1447 (The Tape Engine in CA (formerly Computer Associates) BrightStor ...)
+ TODO: check
+CVE-2007-1446 (Multiple PHP remote file inclusion vulnerabilities in Open Education ...)
+ TODO: check
+CVE-2007-1445 (SQL injection vulnerability in the heme preview feature for ...)
+ TODO: check
+CVE-2007-1444 (netserver in netperf 2.4.3 allows local users to overwrite arbitrary ...)
+ TODO: check
+CVE-2007-1443 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
+ TODO: check
+CVE-2007-1442 (Oracle Database 10g uses a NULL pDacl parameter when calling the ...)
+ TODO: check
+CVE-2007-1441 (The 4thPass browser on the RIM BlackBerry 8100 (Pearl) before 4.2.1 ...)
+ TODO: check
+CVE-2007-1440 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows ...)
+ TODO: check
+CVE-2007-1439 (PHP remote file inclusion vulnerability in ressourcen/dbopen.php in ...)
+ TODO: check
+CVE-2007-1438 (SQL injection vulnerability in devami.asp in X-Ice News System 1.0 ...)
+ TODO: check
+CVE-2006-7171 (product_review.php in Koan Software Mega Mall allows remote attackers ...)
+ TODO: check
+CVE-2006-7170 (Multiple SQL injection vulnerabilities in Koan Software Mega Mall ...)
+ TODO: check
+CVE-2006-7169 (PHP remote file inclusion vulnerability in includes/header_simple.php ...)
+ TODO: check
+CVE-2006-7168 (PHP remote file inclusion vulnerability in includes/not_mem.php in the ...)
+ TODO: check
+CVE-2006-7167 (Unspecified vulnerability in ProRat Server 1.9 Fix2 allows remote ...)
+ TODO: check
+CVE-2006-7166 (IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows ...)
+ TODO: check
+CVE-2006-7165 (IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows ...)
+ TODO: check
+CVE-2006-7164 (SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through ...)
+ TODO: check
+CVE-2005-4834 (IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows ...)
+ TODO: check
+CVE-2005-4833 (IBM WebSphere Application Server (WAS) 6.0 before 20050201, when ...)
+ TODO: check
+CVE-2003-1321 (Buffer overflow in Avant Browser 8.02 allows remote attackers to cause ...)
+ TODO: check
CVE-2007-1437 (Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger ...)
- sql-ledger <unfixed> (bug #409703)
CVE-2007-1436 (Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and ...)
@@ -237,8 +417,8 @@
RESERVED
CVE-2007-1320
RESERVED
-CVE-2007-1319
- RESERVED
+CVE-2007-1319 (Unspecified vulnerability in the OPCDA interface in Takebishi Electric ...)
+ TODO: check
CVE-2007-1318
RESERVED
CVE-2007-1317
@@ -264,7 +444,7 @@
NOTE: this is a straight crash, I'm not sure it should even be considered "low"
CVE-2007-1307 (Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before ...)
NOT-FOR-US: Microsoft Windows Driver for Intel PRO/1000 LAN
-CVE-2007-1306 (Unspecified vulnerability in Asterisk 1.4 before 1.4.1 and 1.2 before ...)
+CVE-2007-1306 (Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote ...)
- asterisk 1:1.2.16~dfsg-1 (medium)
CVE-2007-1305 (Multiple cross-site scripting (XSS) vulnerabilities in add2.php in ...)
NOT-FOR-US: Sava's Guestbook
@@ -384,8 +564,8 @@
RESERVED
CVE-2007-1279
RESERVED
-CVE-2007-1278
- RESERVED
+CVE-2007-1278 (Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 ...)
+ TODO: check
CVE-2007-1277 (WordPress 2.1.1, as downloaded from some official distribution sites ...)
- wordpress <not-affected> (orig.tar.gz not compromised)
CVE-2007-1276 (Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in ...)
@@ -1239,8 +1419,8 @@
- linux-2.6 <unfixed> (medium)
CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other ...)
- ekiga 2.0.3-5 (bug #414069; high)
-CVE-2007-0998
- RESERVED
+CVE-2007-0998 (The VNC server implementation in QEMU allows local users of a guest ...)
+ TODO: check
CVE-2007-0997
RESERVED
CVE-2007-0996 (The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before ...)
@@ -1772,7 +1952,7 @@
REJECTED
CVE-2007-0817 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web ...)
NOT-FOR-US: Adobe ColdFusion web server
-CVE-2007-0816 (CA RPC Server service (catirpc.exe) for BrightStor ARCserve Backup ...)
+CVE-2007-0816 (The RPC Server service (catirpc.exe) in CA (formerly Computer ...)
NOT-FOR-US: (CA) BrightStor
CVE-2007-0815 (Cross-site scripting (XSS) vulnerability in images_archive.asp in ...)
NOT-FOR-US: Uphotogallery
@@ -1928,7 +2108,7 @@
CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to cause a ...)
- amarok 1.4.4-4 (bug #410850; unimportant)
NOTE: This could only be exploited through the Magnatune shop
-CVE-2006-6979 (The ruby handlers in Amarok do not properly quote text in certain ...)
+CVE-2006-6979 (The ruby handlers in the Magnatune component in Amarok do not properly ...)
- amarok 1.4.4-1 (bug #410850; low)
[sarge] - amarok <not-affected> (Vulnerable code not present)
CVE-2006-6978 (Cross-site scripting (XSS) vulnerability in the "Basic Toolbar ...)
@@ -2691,8 +2871,8 @@
CVE-2007-0452 (smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users ...)
{DSA-1257}
- samba 3.0.23d-5 (low)
-CVE-2007-0450
- RESERVED
+CVE-2007-0450 (Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x ...)
+ TODO: check
CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve ...)
NOT-FOR-US: CA BrightStor
CVE-2007-0448
@@ -3175,8 +3355,7 @@
RESERVED
CVE-2007-0238
RESERVED
-CVE-2007-0237 [lookup-el insecure tempfile handling]
- RESERVED
+CVE-2007-0237 (The ndeb-binary feature in Lookup (lookup-el) allows local users to ...)
- lookup-el 1.4-5 (low)
CVE-2007-0236 (Double-free vulnerability in the _ATPsndrsp function in Apple Mac OS X ...)
NOT-FOR-US: Mac OS X
@@ -3848,7 +4027,7 @@
NOT-FOR-US: Microsoft Excel
CVE-2007-0026 (The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 ...)
NOT-FOR-US: Microsoft
-CVE-2007-0025 (The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and ...)
+CVE-2007-0025 (The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 ...)
NOT-FOR-US: Microsoft
CVE-2007-0024 (Integer overflow in the Vector Markup Language (VML) implementation ...)
NOT-FOR-US: Microsoft IE
@@ -4356,8 +4535,7 @@
RESERVED
CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers ...)
- pam <not-affected> (Only pam 0.99.7 affected)
-CVE-2007-0002
- RESERVED
+CVE-2007-0002 (Multiple heap-based buffer overflows in WordPerfect Document ...)
- libwpd 0.8.9-1
CVE-2007-0001 (The file watch implementation in the audit subsystem (auditctl -w) in ...)
- linux-2.6 <unfixed>
@@ -4833,7 +5011,7 @@
NOT-FOR-US: ShopSite
CVE-2006-6484 (The IMAP service for MailEnable Professional and Enterprise Edition ...)
NOT-FOR-US: MailEnable
-CVE-2006-6483 (Adobe ColdFusion MX7 does not properly filter HTML tags when ...)
+CVE-2006-6483 (Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML ...)
NOT-FOR-US: ColdFusion
CVE-2006-6482 (Adobe ColdFusion MX7 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: ColdFusion
@@ -5267,9 +5445,9 @@
NOT-FOR-US: Solaris
CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net iNews (1) ...)
NOT-FOR-US: Expinion.net iNews
-CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs file, which ...)
+CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs file, ...)
- fail2ban <not-affected> (looks fixed in 0.6, see #401793)
-CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd logs file, which allows remote ...)
+CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd logs file, which allows ...)
- denyhosts 2.6-1 (medium; bug #401795)
CVE-2006-6273 (sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to ...)
NOT-FOR-US: Simple PHP Gallery
@@ -5708,7 +5886,7 @@
[sarge] - mozilla <unfixed> (high)
- xulrunner 1.8.0.10-1 (medium)
NOTE: Epiphany affected by xulrunner
-CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in Computer ...)
+CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly ...)
NOT-FOR-US: BrightStor
CVE-2006-6075 (Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp ...)
NOT-FOR-US: BaalAsp forum
@@ -9841,7 +10019,7 @@
REJECTED
CVE-2006-4224 (Cross-site scripting (XSS) vulnerability in calendar.php in Virtual ...)
NOT-FOR-US: Virtual War
-CVE-2006-4223 (IBM WebSphere Application Server before 6.0.2.13 allows ...)
+CVE-2006-4223 (IBM WebSphere Application Server (WAS) before 6.0.2.13 allows ...)
NOT-FOR-US: IBM WebSphere Application
CVE-2006-4222 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...)
NOT-FOR-US: IBM WebSphere Application
@@ -12106,7 +12284,7 @@
NOT-FOR-US: OpenWebMail
CVE-2006-3232 (Unspecified vulnerability in IBM WebSphere Application Server before ...)
NOT-FOR-US: IBM WebSphere
-CVE-2006-3231 (Unspecified vulnerability in IBM WebSphere Application Server before ...)
+CVE-2006-3231 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
NOT-FOR-US: IBM WebSphere
CVE-2006-3230 (Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus ...)
NOT-FOR-US: Azureus plugin that isn't distributed by default
More information about the Secure-testing-commits
mailing list