[Secure-testing-commits] r5892 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Tue May 22 09:14:09 UTC 2007
Author: joeyh
Date: 2007-05-22 09:14:08 +0000 (Tue, 22 May 2007)
New Revision: 5892
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-05-21 14:24:04 UTC (rev 5891)
+++ data/CVE/list 2007-05-22 09:14:08 UTC (rev 5892)
@@ -1,3 +1,169 @@
+CVE-2007-2797
+ RESERVED
+CVE-2007-2796
+ RESERVED
+CVE-2007-2795
+ RESERVED
+CVE-2007-2794
+ RESERVED
+CVE-2007-2793 (PHP remote file inclusion vulnerability in ImageImageMagick.php in ...)
+ TODO: check
+CVE-2007-2792 (SQL injection vulnerability in index.php in the com_yanc 1.4 beta ...)
+ TODO: check
+CVE-2007-2791 (Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX ...)
+ TODO: check
+CVE-2007-2790 (Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP ...)
+ TODO: check
+CVE-2007-2789 (The BMP image parser in Sun Java Development Kit (JDK) before ...)
+ TODO: check
+CVE-2007-2788 (Integer overflow in the embedded ICC profile image parser in Sun Java ...)
+ TODO: check
+CVE-2007-2787 (Stack-based buffer overflow in the BrowseDir function in the (1) ...)
+ TODO: check
+CVE-2007-2786 (Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote ...)
+ TODO: check
+CVE-2007-2785 (manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to ...)
+ TODO: check
+CVE-2007-2784 (Unspecified vulnerability in globus-job-manager in Globus Toolkit ...)
+ TODO: check
+CVE-2007-2783 (Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 ...)
+ TODO: check
+CVE-2007-2782 (Packeteer PacketShaper uses fixed increments in TCP initial sequence ...)
+ TODO: check
+CVE-2007-2781 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2007-2780 (PsychoStats 3.0.6b and earlier allows remote attackers to obtain ...)
+ TODO: check
+CVE-2007-2779 (PHP remote file inclusion vulnerability in template_csv.php in ...)
+ TODO: check
+CVE-2007-2778 (Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 ...)
+ TODO: check
+CVE-2007-2777 (Unrestricted file upload vulnerability in admin/addsptemplate.php in ...)
+ TODO: check
+CVE-2007-2776 (AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to ...)
+ TODO: check
+CVE-2007-2775 (AlstraSoft Live Support 1.21 sends a redirect to the web browser but ...)
+ TODO: check
+CVE-2007-2774 (Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 ...)
+ TODO: check
+CVE-2007-2773 (SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in ...)
+ TODO: check
+CVE-2007-2772 ((1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and ...)
+ TODO: check
+CVE-2007-2771 (Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG ...)
+ TODO: check
+CVE-2007-2770 (Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote ...)
+ TODO: check
+CVE-2007-2769 (BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly ...)
+ TODO: check
+CVE-2007-2768 (OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, ...)
+ TODO: check
+CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) ...)
+ TODO: check
+CVE-2007-2766 (Backup Manager before 0.7.6 provides the MySQL password as a plaintext ...)
+ TODO: check
+CVE-2007-2765 (blockhosts.py in BlockHosts before 2.0.3 does not properly parse ...)
+ TODO: check
+CVE-2007-2764 (The embedded Linux kernel in certain Sun-Brocade SilkWorm switches ...)
+ TODO: check
+CVE-2007-2763 (Buffer overflow in the UnlockSupport function in the LockModules ...)
+ TODO: check
+CVE-2007-2762 (Multiple PHP remote file inclusion vulnerabilities in Build it Fast ...)
+ TODO: check
+CVE-2007-2761 (Stack-based buffer overflow in MagicISO 5.4 build 239 and earlier ...)
+ TODO: check
+CVE-2007-2760 (The canUpdate function in model/MRole.java in Adempiere before 3.1.6 ...)
+ TODO: check
+CVE-2007-2759 (Multiple SQL injection vulnerabilities in the insert function in the ...)
+ TODO: check
+CVE-2007-2758 (Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted ...)
+ TODO: check
+CVE-2007-2757 (Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 ...)
+ TODO: check
+CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted ...)
+ TODO: check
+CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in ...)
+ TODO: check
+CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and ...)
+ TODO: check
+CVE-2007-2753 (RunawaySoft Haber portal 1.0 stores sensitive information under the ...)
+ TODO: check
+CVE-2007-2752 (SQL injection vulnerability in devami.asp in RunawaySoft Haber portal ...)
+ TODO: check
+CVE-2007-2751 (Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 ...)
+ TODO: check
+CVE-2007-2750 (SQL injection vulnerability in print.php in SimpNews 2.40.01 and ...)
+ TODO: check
+CVE-2007-2749 (SQL injection vulnerability in question.php in FAQEngine 4.16.03 and ...)
+ TODO: check
+CVE-2007-2748 (The substr_count function in PHP 5.2.1 and earlier allows ...)
+ TODO: check
+CVE-2007-2747 (Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before ...)
+ TODO: check
+CVE-2007-2746 (The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain ...)
+ TODO: check
+CVE-2007-2745 (Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk ...)
+ TODO: check
+CVE-2007-2744 (Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX ...)
+ TODO: check
+CVE-2007-2743 (PHP remote file inclusion vulnerability in custom_vars.php in ...)
+ TODO: check
+CVE-2007-2742 (Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 ...)
+ TODO: check
+CVE-2007-2741 (Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows ...)
+ TODO: check
+CVE-2007-2740 (Unspecified vulnerability in xajax before 0.2.5 has unknown impact and ...)
+ TODO: check
+CVE-2007-2739 (Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows ...)
+ TODO: check
+CVE-2007-2738 (SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 ...)
+ TODO: check
+CVE-2007-2737 (SQL injection vulnerability in index.php in the MyConference 1.0 ...)
+ TODO: check
+CVE-2007-2736 (PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 ...)
+ TODO: check
+CVE-2007-2735 (SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 ...)
+ TODO: check
+CVE-2007-2734 (The 3Com TippingPoint IPS do not properly handle certain full-width ...)
+ TODO: check
+CVE-2007-2733 (Unrestricted file upload vulnerability in Jetbox CMS allows remote ...)
+ TODO: check
+CVE-2007-2732 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS ...)
+ TODO: check
+CVE-2007-2731 (CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might ...)
+ TODO: check
+CVE-2007-2730 (Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test ...)
+ TODO: check
+CVE-2007-2729 (Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, ...)
+ TODO: check
+CVE-2007-2728 (The soap extension in PHP calls php_rand_r with an uninitialized seed ...)
+ TODO: check
+CVE-2007-2727 (The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before ...)
+ TODO: check
+CVE-2007-2726 (BitsCast 0.13.0 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2007-2725 (The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control ...)
+ TODO: check
+CVE-2007-2724 (Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog ...)
+ TODO: check
+CVE-2007-2723 (Media Player Classic 6.4.9.0 allows user-assisted remote attackers to ...)
+ TODO: check
+CVE-2007-2722 (Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers ...)
+ TODO: check
+CVE-2007-2721 (The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer ...)
+ TODO: check
+CVE-2007-2720 (Group-Office before 2.16-13 does not properly validate user IDs, which ...)
+ TODO: check
+CVE-2007-2719 (Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 ...)
+ TODO: check
+CVE-2007-2718 (Cross-site scripting (XSS) vulnerability in the WebMail system in ...)
+ TODO: check
+CVE-2007-2717 (SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 ...)
+ TODO: check
+CVE-2007-2716 (Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c ...)
+ TODO: check
+CVE-2003-1329 (ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only ...)
+ TODO: check
CVE-2007-2715 (Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to ...)
NOT-FOR-US: Snaps! Gallery
CVE-2007-2714 (Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet ...)
@@ -66,14 +232,14 @@
RESERVED
CVE-2007-2686
RESERVED
-CVE-2007-2685
- RESERVED
-CVE-2007-2684
- RESERVED
+CVE-2007-2685 (Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 ...)
+ TODO: check
+CVE-2007-2684 (Jetbox CMS 2.1 allows remote attackers to obtain sensitive information ...)
+ TODO: check
CVE-2007-2683 (Buffer overflow in Mutt 1.4.2 might allow local users to execute ...)
- mutt <unfixed> (low)
-CVE-2007-2682
- RESERVED
+CVE-2007-2682 (The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as ...)
+ TODO: check
CVE-2007-2681 (Directory traversal vulnerability in blogs/index.php in b2evolution ...)
TODO: check
CVE-2007-2680 (Cross-site scripting (XSS) vulnerability in the management interface ...)
@@ -104,7 +270,7 @@
NOT-FOR-US: webdesproxy
CVE-2007-2667 (Buffer overflow in the DB Software Laboratory VImpX ActiveX control in ...)
NOT-FOR-US: VImpX
-CVE-2007-2666 (Stack-based buffer overflow in SciLexer.dll in notepad++ 4.1.1 and ...)
+CVE-2007-2666 (Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla ...)
NOT-FOR-US: notepad++
CVE-2007-2665 (PHP remote file inclusion vulnerability in block.php in PhpFirstPost ...)
NOT-FOR-US: PhpFirstPost
@@ -309,8 +475,8 @@
NOT-FOR-US: Wikivi5
CVE-2007-2569 (Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 ...)
NOT-FOR-US: Friendly
-CVE-2007-2568
- RESERVED
+CVE-2007-2568 (Multiple stack-based buffer overflows in VCDGear 3.55 allow ...)
+ TODO: check
CVE-2007-2567 (Buffer overflow in the SaveBarCode function in the Taltech Tal Bar ...)
NOT-FOR-US: Taltech Tal Bar Code ActiveX control
CVE-2007-2566 (The SaveBarCode function in the Taltech Tal Bar Code ActiveX control ...)
@@ -569,8 +735,7 @@
CVE-2007-2446 (Multiple heap-based buffer overflows in the NDR parsing in smbd in ...)
{DSA-1291-2}
- samba 3.0.25-1 (high)
-CVE-2007-2445 [libpng tRNS Chunk Denial of Service]
- RESERVED
+CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and ...)
- libpng 1.2.15~beta5-2 (unimportant)
- libpng3 <unfixed> (unimportant)
NOTE: Only a crash, no code injection. Calling this DoS stretches things rather far
@@ -581,12 +746,12 @@
RESERVED
CVE-2007-2442
RESERVED
-CVE-2007-2441
- RESERVED
-CVE-2007-2440
- RESERVED
-CVE-2007-2439
- RESERVED
+CVE-2007-2441 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
+ TODO: check
+CVE-2007-2440 (Directory traversal vulnerability in Caucho Resin Professional 3.1.0 ...)
+ TODO: check
+CVE-2007-2439 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
+ TODO: check
CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1) writefile, ...)
- vim <unfixed> (medium)
NOTE: Exploitable through modelines.
@@ -1789,8 +1954,8 @@
- php5 5.2.0-11 (low)
CVE-2007-1899
RESERVED
-CVE-2007-1898
- RESERVED
+CVE-2007-1898 (formmail.php in Jetbox CMS 2.1 allows remote attackers to send ...)
+ TODO: check
CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ...)
{DSA-1285-1}
- wordpress 2.1.3-1 (medium)
@@ -2285,8 +2450,7 @@
NOTE: Vulnerability is disputed, but is a non-issue anyway.
CVE-2007-1694
RESERVED
-CVE-2007-1693
- RESERVED
+CVE-2007-1693 (The SIP channel module in Yet Another Telephony Engine (Yate) before ...)
- yate 1.2.0-1.dfsg-1 (medium; bug #421994)
CVE-2007-1692 (The default configuration of Microsoft Windows uses the Web Proxy ...)
NOT-FOR-US: Microsoft
@@ -2294,8 +2458,8 @@
NOT-FOR-US: Second Sight Software
CVE-2007-1690 (Multiple stack-based buffer overflows in Second Sight Software ...)
NOT-FOR-US: Second Sight Software
-CVE-2007-1689
- RESERVED
+CVE-2007-1689 (Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL ...)
+ TODO: check
CVE-2007-1688
RESERVED
CVE-2007-1687 (Multiple buffer overflows in the Internet Pictures Corporation iPIX ...)
@@ -2685,7 +2849,7 @@
CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0 and ...)
{DSA-1283-1}
- php5 <unfixed> (medium)
-CVE-2007-1521 (Double free vulnerability in PHP before 4.4.7, and 5.x before 5.22, ...)
+CVE-2007-1521 (Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, ...)
{DSA-1283-1 DSA-1282-1}
- php5 5.2.0-11 (medium)
- php4 <unfixed> (medium)
@@ -3039,7 +3203,7 @@
NOTE: Only triggerable by malicious PHP scripts, PHP5 not "affected"
CVE-2007-1382 (The PHP COM extensions for PHP on Windows systems allow ...)
NOT-FOR-US: Windows PHP COM extensions
-CVE-2007-1381 (The wddx_deserialize function in wddx.c in PHP CVS as of 20070304 ...)
+CVE-2007-1381 (The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and ...)
- php5 <not-affected> (Affected only a php5 CVS version, not a release)
CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP ...)
{DSA-1283-1 DSA-1282-1}
@@ -3101,8 +3265,8 @@
- linux-2.6 2.6.20-1
CVE-2007-1356
RESERVED
-CVE-2007-1355
- RESERVED
+CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
CVE-2007-1354
RESERVED
CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support in the ...)
@@ -3622,8 +3786,8 @@
NOT-FOR-US: WebAPP
CVE-2007-1174 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before ...)
NOT-FOR-US: WebAPP
-CVE-2007-1173
- RESERVED
+CVE-2007-1173 (Multiple buffer overflows in the CentennialIPTransferServer service ...)
+ TODO: check
CVE-2007-1172 (SQL injection vulnerability in nukesentinel.php in NukeSentinel ...)
NOT-FOR-US: WebAPP
CVE-2007-1171 (SQL injection vulnerability in includes/nsbypass.php in NukeSentinel ...)
@@ -6808,7 +6972,7 @@
RESERVED
CVE-2007-0036
RESERVED
-CVE-2007-0035 (Microsoft Word 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for ...)
+CVE-2007-0035 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, ...)
NOT-FOR-US: Microsoft Word
CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of ...)
NOT-FOR-US: Microsoft Outlook
@@ -8253,7 +8417,7 @@
NOT-FOR-US: Expinion.net iNews
CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs file, ...)
- fail2ban <not-affected> (looks fixed in 0.6, see #401793)
-CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd logs file, which allows ...)
+CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd log files, which allows ...)
- denyhosts 2.6-1 (medium; bug #401795)
CVE-2006-6273 (sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to ...)
NOT-FOR-US: Simple PHP Gallery
@@ -37981,7 +38145,7 @@
- phpbb2 2.0.12-1
CVE-2005-0257
RESERVED
-CVE-2005-0256 (The wu_fnmatch function in wu_fnmatch.c for wu-fptd 2.6.1 and 2.6.2 ...)
+CVE-2005-0256 (The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 ...)
{DSA-705-1}
- wu-ftpd 2.6.2-19
CVE-2005-0255 (String handling functions in Mozilla 1.7.3, Firefox 1.0, and ...)
More information about the Secure-testing-commits
mailing list