[Secure-testing-commits] r7231 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Tue Nov 6 21:14:19 UTC 2007


Author: joeyh
Date: 2007-11-06 21:14:18 +0000 (Tue, 06 Nov 2007)
New Revision: 7231

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-11-06 19:48:00 UTC (rev 7230)
+++ data/CVE/list	2007-11-06 21:14:18 UTC (rev 7231)
@@ -1,3 +1,73 @@
+CVE-2007-5837 (GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, ...)
+	TODO: check
+CVE-2007-5836 (SQL injection vulnerability in Amazing Flash AFCommerce allows remote ...)
+	TODO: check
+CVE-2007-5835 (Install.php in BosDev BosNews 4 and 5 does not require authentication ...)
+	TODO: check
+CVE-2007-5834 (Cross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows ...)
+	TODO: check
+CVE-2007-5833 (Multiple cross-site scripting (XSS) vulnerabilities in BosDev ...)
+	TODO: check
+CVE-2007-5832 (Unspecified vulnerability in selectLanguage.do in SSL-Explorer before ...)
+	TODO: check
+CVE-2007-5831 (Directory traversal vulnerability in fileSystem.do in SSL-Explorer ...)
+	TODO: check
+CVE-2007-5830 (Unspecified vulnerability in the administrative interface in Avaya ...)
+	TODO: check
+CVE-2007-5829 (The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and ...)
+	TODO: check
+CVE-2007-5828 (Cross-site request forgery (CSRF) vulnerability in the admin panel in ...)
+	TODO: check
+CVE-2007-5827 (iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for ...)
+	TODO: check
+CVE-2007-5826 (Absolute path traversal vulnerability in the EDraw Flowchart ActiveX ...)
+	TODO: check
+CVE-2007-5825 (Format string vulnerability in the ws_addarg function in webserver.c ...)
+	TODO: check
+CVE-2007-5824 (webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier ...)
+	TODO: check
+CVE-2007-5823 (Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 ...)
+	TODO: check
+CVE-2007-5822 (Direct static code injection vulnerability in forum.php in Ben Ng ...)
+	TODO: check
+CVE-2007-5821 (Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and ...)
+	TODO: check
+CVE-2007-5820 (Directory traversal vulnerability in index.php in Ax Developer CMS ...)
+	TODO: check
+CVE-2007-5819 (IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak ...)
+	TODO: check
+CVE-2007-5818 (Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php ...)
+	TODO: check
+CVE-2007-5817 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote ...)
+	TODO: check
+CVE-2007-5816 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote ...)
+	TODO: check
+CVE-2007-5815 (Absolute path traversal vulnerability in the WebCacheCleaner ActiveX ...)
+	TODO: check
+CVE-2007-5814 (Multiple buffer overflows in the SonicWall SSL-VPN NetExtender ...)
+	TODO: check
+CVE-2007-5813 (Multiple directory traversal vulnerabilities in download.php in ...)
+	TODO: check
+CVE-2007-5812 (Directory traversal vulnerability in ...)
+	TODO: check
+CVE-2007-5811 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-5810 (Hitachi Web Server 01-00 through 03-00-01, as used by certain ...)
+	TODO: check
+CVE-2007-5809 (Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 ...)
+	TODO: check
+CVE-2007-5808 (Unspecified vulnerability in the Groupmax Collaboration - Schedule ...)
+	TODO: check
+CVE-2007-5807 (Buffer overflow in the register function in Ultra Star Reader ActiveX ...)
+	TODO: check
+CVE-2007-5806 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2007-5805 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument ...)
+	TODO: check
+CVE-2007-5804 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument ...)
+	TODO: check
+CVE-2007-5803
+	RESERVED
 CVE-2007-5802 (Directory traversal vulnerability in index.php in Firewolf ...)
 	NOT-FOR-US: Firewolf Technologies Synergiser
 CVE-2007-5801 (Unspecified vulnerability in WORK system e-commerce before 4.0.2 has ...)
@@ -295,7 +365,7 @@
 	NOT-FOR-US: Omnistar Live
 CVE-2007-5723 (Heap-based buffer overflow in the samp_send function in nuauth/sasl.c ...)
 	- nufw 2.2.7-1 (medium)
-CVE-2007-5722 (Heap-based buffer overflow in a certain ActiveX control in GLChat.ocx ...)
+CVE-2007-5722 (Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx ...)
 	NOT-FOR-US: GlobalLink
 CVE-2007-5721 (PHP remote file inclusion vulnerability in _theme/breadcrumb.php in ...)
 	NOT-FOR-US: MySpacePros MySpace Resource Script
@@ -858,8 +928,8 @@
 	RESERVED
 CVE-2007-5604
 	RESERVED
-CVE-2007-5603
-	RESERVED
+CVE-2007-5603 (Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender ...)
+	TODO: check
 CVE-2007-5602
 	RESERVED
 CVE-2007-5601 (Stack-based buffer overflow in the Database Component in MPAMedia.dll ...)
@@ -2437,6 +2507,7 @@
 CVE-2007-5117 (Multiple PHP remote file inclusion vulnerabilities in FrontAccounting ...)
 	NOT-FOR-US: FrontAccounting
 CVE-2007-5116 [overflow in Perl's regular expression compiler]
+	RESERVED
 	- perl <unfixed> (medium)
 	NOTE: http://public.activestate.com/cgi-bin/perlbrowse/30647
 CVE-2003-1340 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 ...)
@@ -3595,12 +3666,12 @@
 	- polipo 1.0.2-1
 CVE-2007-4624 (Cross-site scripting (XSS) vulnerability in pframe.php in AbleDesign ...)
 	NOT-FOR-US: AbleDesign Dynamic Picture Frame
-CVE-2007-4623
-	RESERVED
-CVE-2007-4622
-	RESERVED
-CVE-2007-4621
-	RESERVED
+CVE-2007-4623 (Stack-based buffer overflow in the sendrmt function in bellmail in IBM ...)
+	TODO: check
+CVE-2007-4622 (Integer underflow in the dns_name_fromtext function in (1) ...)
+	TODO: check
+CVE-2007-4621 (Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain ...)
+	TODO: check
 CVE-2007-4620
 	RESERVED
 CVE-2007-4619 (Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC ...)
@@ -3843,8 +3914,8 @@
 	NOT-FOR-US: Yahoo! Messenger
 CVE-2007-4514
 	RESERVED
-CVE-2007-4513
-	RESERVED
+CVE-2007-4513 (Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow ...)
+	TODO: check
 CVE-2007-4512 (Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for ...)
 	NOT-FOR-US: Sophos Anti-Virus for Windows
 CVE-2007-4511 (The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply ...)
@@ -4504,8 +4575,8 @@
 	NOT-FOR-US: Trend Micro ServerProtect
 CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) ...)
 	NOT-FOR-US: Trend Micro ServerProtect
-CVE-2007-4217
-	RESERVED
+CVE-2007-4217 (Stack-based buffer overflow in the domacro function in ftp in IBM AIX ...)
+	TODO: check
 CVE-2007-4216 (vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before ...)
 	NOT-FOR-US: ZoneAlarm
 CVE-2007-4215
@@ -4950,7 +5021,8 @@
 	NOT-FOR-US: Citrix
 CVE-2007-4016 (Unspecified vulnerability in the client components in Citrix Access ...)
 	NOT-FOR-US: Citrix
-CVE-2007-4015 (Citrix Access Gateway Advanced Edition before 4.5 HF1 allows attackers ...)
+CVE-2007-4015
+	REJECTED
 	NOT-FOR-US: Citrix
 CVE-2007-4014 (Cross-site scripting (XSS) vulnerability in a certain index.php ...)
 	NOT-FOR-US: Blix themes for WordPress
@@ -15080,9 +15152,9 @@
 	NOT-FOR-US: Adobe Acrobat Reader Plugin
 CVE-2007-0043 (The Just In Time (JIT) Compiler service in Microsoft .NET Framework ...)
 	NOT-FOR-US: Microsoft .NET
-CVE-2007-0042 (ASP.NET in Microsoft .NET Framework 2.0 SP2 and earlier for Windows ...)
+CVE-2007-0042 (Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, ...)
 	NOT-FOR-US: Microsoft .NET
-CVE-2007-0041 (The PE Loader service in Microsoft .NET Framework 2.0 SP2 and earlier ...)
+CVE-2007-0041 (The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 ...)
 	NOT-FOR-US: Microsoft .NET
 CVE-2007-0040 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...)
 	NOT-FOR-US: Microsoft Windows
@@ -15189,8 +15261,8 @@
 	RESERVED
 CVE-2007-0012
 	RESERVED
-CVE-2007-0011
-	RESERVED
+CVE-2007-0011 (The web portal interface in Citrix Access Gateway (aka Citrix Advanced ...)
+	TODO: check
 CVE-2006-6836 (Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 ...)
 	NOT-FOR-US: IBM
 CVE-2006-6835 (SQL injection vulnerability in Journal.inc.php in Neocrome Land Down ...)




More information about the Secure-testing-commits mailing list