[Secure-testing-commits] r6973 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Mon Oct 15 21:14:08 UTC 2007
Author: joeyh
Date: 2007-10-15 21:14:08 +0000 (Mon, 15 Oct 2007)
New Revision: 6973
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-15 19:14:12 UTC (rev 6972)
+++ data/CVE/list 2007-10-15 21:14:08 UTC (rev 6973)
@@ -1,3 +1,236 @@
+CVE-2007-5459 (Cross-site scripting (XSS) vulnerability in the sidebar HTML page in ...)
+ TODO: check
+CVE-2007-5458 (SQL injection vulnerability in index.php in the newsletter module 1.0 ...)
+ TODO: check
+CVE-2007-5457 (Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle ...)
+ TODO: check
+CVE-2007-5456 (Microsoft Internet Explorer 7 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2007-5455 (Cross-site scripting (XSS) vulnerability in cgi-bin/wxis.exe in ...)
+ TODO: check
+CVE-2007-5454 (Directory traversal vulnerability in index.php in PHP File Sharing ...)
+ TODO: check
+CVE-2007-5453 (Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow ...)
+ TODO: check
+CVE-2007-5452 (Multiple SQL injection vulnerabilities in php-stats.recjs.php in ...)
+ TODO: check
+CVE-2007-5451 (PHP remote file inclusion vulnerability in admin.color.php in the ...)
+ TODO: check
+CVE-2007-5450 (Unspecified vulnerability in Safari on the Apple iPod touch (aka ...)
+ TODO: check
+CVE-2007-5449 (SQL injection vulnerability in searchresult.php in Softbiz Recipes ...)
+ TODO: check
+CVE-2007-5448 (Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2007-5447 (ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP ...)
+ TODO: check
+CVE-2007-5446 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
+ TODO: check
+CVE-2007-5445 (Buffer overflow in the DB Software Laboratory VImpX (VImpAX1) ActiveX ...)
+ TODO: check
+CVE-2007-5444 (CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full ...)
+ TODO: check
+CVE-2007-5443 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...)
+ TODO: check
+CVE-2007-5442 (CMS Made Simple 1.1.3.1 does not check the permissions assigned to ...)
+ TODO: check
+CVE-2007-5441 (CMS Made Simple 1.1.3.1 does not check the permissions assigned to ...)
+ TODO: check
+CVE-2007-5440 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-5439 (CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 ...)
+ TODO: check
+CVE-2007-5438 (Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL ...)
+ TODO: check
+CVE-2007-5437 (The web console in CA (formerly Computer Associates) eTrust ITM ...)
+ TODO: check
+CVE-2007-5436 (Buffer overflow in a certain ActiveX control in ScanObjectBrowser.DLL ...)
+ TODO: check
+CVE-2007-5435 (Unspecified vulnerability in CA ERwin Process Modeler (formerly ...)
+ TODO: check
+CVE-2007-5434 (Cross-site scripting (XSS) vulnerability in PRO-search 0.17.1 and ...)
+ TODO: check
+CVE-2007-5433 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in ...)
+ TODO: check
+CVE-2007-5432 (Stride 1.0 has a default administrator username of "scott" with the ...)
+ TODO: check
+CVE-2007-5431 (include/imageupload.js in the MyFTPUploader module in Stride 1.0 ...)
+ TODO: check
+CVE-2007-5430 (Multiple SQL injection vulnerabilities in Stride 1.0 allow remote ...)
+ TODO: check
+CVE-2007-5429 (Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01 ...)
+ TODO: check
+CVE-2007-5428 (Cross-site scripting (XSS) vulnerability in UMI CMS allows remote ...)
+ TODO: check
+CVE-2007-5427 (Cross-site scripting (XSS) vulnerability in the com_search component ...)
+ TODO: check
+CVE-2007-5426 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB NX ...)
+ TODO: check
+CVE-2007-5425 (SQL injection vulnerability in admin/index.php in Interspire ActiveKB ...)
+ TODO: check
+CVE-2007-5424 (The disable_functions feature in PHP 4 and 5 allows attackers to ...)
+ TODO: check
+CVE-2007-5423 (Eval injection vulnerability in tiki-graph_formula.php in TikiWiki ...)
+ TODO: check
+CVE-2007-5422 (Unspecified vulnerability in "Solaris Auditing" in the Basic Security ...)
+ TODO: check
+CVE-2007-5421
+ REJECTED
+ TODO: check
+CVE-2007-5420 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote ...)
+ TODO: check
+CVE-2007-5419 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an ...)
+ TODO: check
+CVE-2007-5418 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 ...)
+ TODO: check
+CVE-2007-5417 (Directory traversal vulnerability in index.php in boastMachine (aka ...)
+ TODO: check
+CVE-2007-5416 (Drupal 5.2 and earlier does not properly unset variables when the ...)
+ TODO: check
+CVE-2007-5415 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when ...)
+ TODO: check
+CVE-2007-5414 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
+ TODO: check
+CVE-2007-5413
+ RESERVED
+CVE-2007-5412 (Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 ...)
+ TODO: check
+CVE-2007-5411 (Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP ...)
+ TODO: check
+CVE-2007-5410 (PHP remote file inclusion vulnerability in admin.wmtrssreader.php in ...)
+ TODO: check
+CVE-2007-5409 (PHP remote file inclusion vulnerability in admin/nuseo_admin_d.php in ...)
+ TODO: check
+CVE-2007-5408 (SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows ...)
+ TODO: check
+CVE-2007-5407 (Multiple PHP remote file inclusion vulnerabilities in the ...)
+ TODO: check
+CVE-2007-5406
+ RESERVED
+CVE-2007-5405
+ RESERVED
+CVE-2007-5404
+ RESERVED
+CVE-2007-5403
+ RESERVED
+CVE-2007-5402
+ RESERVED
+CVE-2007-5401
+ RESERVED
+CVE-2007-5400
+ RESERVED
+CVE-2007-5399
+ RESERVED
+CVE-2007-5398
+ RESERVED
+CVE-2007-5397
+ RESERVED
+CVE-2007-5396
+ RESERVED
+CVE-2007-5395
+ RESERVED
+CVE-2007-5394
+ RESERVED
+CVE-2007-5393
+ RESERVED
+CVE-2007-5392
+ RESERVED
+CVE-2003-1357 (ProxyView has a default administrator password of Administrator for ...)
+ TODO: check
+CVE-2003-1356 (The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 ...)
+ TODO: check
+CVE-2003-1355 (Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 ...)
+ TODO: check
+CVE-2003-1354 (Multiple GameSpy 3D 2.62 compatible gaming servers generate very large ...)
+ TODO: check
+CVE-2003-1353 (Multiple cross-site scripting (XSS) vulnerabilities in Outreach ...)
+ TODO: check
+CVE-2003-1352 (Gabber 0.8.7 sends an email to a specific address during user login ...)
+ TODO: check
+CVE-2003-1351 (Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows ...)
+ TODO: check
+CVE-2003-1350 (List Site Pro 2.0 allows remote attackers to hijack user accounts by ...)
+ TODO: check
+CVE-2003-1349 (Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 ...)
+ TODO: check
+CVE-2003-1348 (Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org ...)
+ TODO: check
+CVE-2003-1347 (Cross-site scripting (XSS) vulnerability in Geeklog 1.3.7 allows ...)
+ TODO: check
+CVE-2003-1346 (D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 ...)
+ TODO: check
+CVE-2003-1345 (Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 ...)
+ TODO: check
+CVE-2003-1344 (Trend Micro Virus Control System (TVCS) Log Collector allows remote ...)
+ TODO: check
+CVE-2003-1343 (Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 ...)
+ TODO: check
+CVE-2003-1342 (Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows ...)
+ TODO: check
+CVE-2003-1341 (The default installation of Trend Micro OfficeScan 3.0 through 3.54 ...)
+ TODO: check
+CVE-2002-2258 (Moby NetSuite allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2002-2257 (Stack-based buffer overflow in the parse_field function in cgi_lib.c ...)
+ TODO: check
+CVE-2002-2256 (Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier ...)
+ TODO: check
+CVE-2002-2255 (Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 ...)
+ TODO: check
+CVE-2002-2254 (The experimental IP packet queuing feature in Netfilter / IPTables in ...)
+ TODO: check
+CVE-2002-2253 (Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier ...)
+ TODO: check
+CVE-2002-2252 (SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and ...)
+ TODO: check
+CVE-2002-2251 (Buffer overflow in the changevalue function in libcgi.h for Marcos ...)
+ TODO: check
+CVE-2002-2250 (Multiple buffer overflows in Sybase Adaptive Server 12.0 and 12.5 ...)
+ TODO: check
+CVE-2002-2249 (PHP remote file inclusion vulnerability in News Evolution 2.0 allows ...)
+ TODO: check
+CVE-2002-2248 (Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class ...)
+ TODO: check
+CVE-2002-2247 (The administrator/phpinfo.php script in Mambo Site Server 4.0.11 ...)
+ TODO: check
+CVE-2002-2246 (Cross-site scripting (XSS) vulnerability in VisNetic Website before ...)
+ TODO: check
+CVE-2002-2245 (ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a ...)
+ TODO: check
+CVE-2002-2244 (Akfingerd 0.5 and earlier versions allow local users to cause a denial ...)
+ TODO: check
+CVE-2002-2243 (Akfingerd 0.5 and possibly earlier versions only allows one connection ...)
+ TODO: check
+CVE-2002-2242 (The Apple Package Manager in KisMAC 0.02a and earlier modifies file ...)
+ TODO: check
+CVE-2002-2241 (Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before ...)
+ TODO: check
+CVE-2002-2240 (Directory traversal vulnerability in MyServer 0.11 and 0.2 allows ...)
+ TODO: check
+CVE-2002-2239 (The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 ...)
+ TODO: check
+CVE-2002-2238 (Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 ...)
+ TODO: check
+CVE-2002-2237 (tftp32 TFTP server 2.21 and earlier allows remote attackers to cause a ...)
+ TODO: check
+CVE-2002-2236 (Format string vulnerability in the awp_log function in apt-www-proxy ...)
+ TODO: check
+CVE-2002-2235 (member2.php in vBulletin 2.2.9 and earlier does not properly restrict ...)
+ TODO: check
+CVE-2002-2234 (NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the ...)
+ TODO: check
+CVE-2002-2233 (Directory traversal vulnerability in Enceladus Server Suite 3.9 allows ...)
+ TODO: check
+CVE-2002-2232 (Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers ...)
+ TODO: check
+CVE-2002-2231 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows ...)
+ TODO: check
+CVE-2002-2230 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows ...)
+ TODO: check
+CVE-2002-2229 (Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 ...)
+ TODO: check
+CVE-2002-2228 (MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers ...)
+ TODO: check
CVE-2007-5461 [path traversal vulnerability in apache tomcat]
TODO: check
CVE-2007-5391 (Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 ...)
@@ -73,8 +306,8 @@
RESERVED
CVE-2007-5359
RESERVED
-CVE-2007-5358
- RESERVED
+CVE-2007-5358 (Multiple buffer overflows in the voicemail functionality in Asterisk ...)
+ TODO: check
CVE-2007-5357
RESERVED
CVE-2007-5356
@@ -125,24 +358,24 @@
RESERVED
CVE-2007-5333
RESERVED
-CVE-2007-5332
- RESERVED
-CVE-2007-5331
- RESERVED
-CVE-2007-5330
- RESERVED
-CVE-2007-5329
- RESERVED
-CVE-2007-5328
- RESERVED
-CVE-2007-5327
- RESERVED
-CVE-2007-5326
- RESERVED
-CVE-2007-5325
- RESERVED
+CVE-2007-5332 (Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd ...)
+ TODO: check
+CVE-2007-5331 (Queue.dll for the message queuing service (LQserver.exe) in CA ...)
+ TODO: check
+CVE-2007-5330 (The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through ...)
+ TODO: check
+CVE-2007-5329 (Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp ...)
+ TODO: check
+CVE-2007-5328 (CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise ...)
+ TODO: check
+CVE-2007-5327 (Stack-based buffer overflow in the RPC interface for the Message ...)
+ TODO: check
+CVE-2007-5326 (Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ...)
+ TODO: check
+CVE-2007-5325 (Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll ...)
+ TODO: check
CVE-2007-5324
- RESERVED
+ REJECTED
CVE-2007-5323 (The RepliStor Server Service in EMC Replistor 6.1.3 allows remote ...)
NOT-FOR-US: RepliStor Server Service
CVE-2007-5322 (The FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro ...)
@@ -546,8 +779,8 @@
NOT-FOR-US: Peakflow
CVE-2007-5209 (Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock ...)
NOT-FOR-US: CenterTools
-CVE-2007-5208
- RESERVED
+CVE-2007-5208 (hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) ...)
+ TODO: check
CVE-2007-5206
RESERVED
CVE-2007-5205
@@ -560,8 +793,8 @@
RESERVED
CVE-2007-5201 (The FTP backend for Duplicity sends the password as a command line ...)
- duplicity 0.4.3-2 (medium; bug #442840)
-CVE-2007-5200
- RESERVED
+CVE-2007-5200 (hugin in SUSE openSUSE 10.2 and 10.3 allows local users to overwrite ...)
+ TODO: check
CVE-2007-5199
RESERVED
CVE-2007-5198 (Buffer overflow in the redir function in check_http.c in Nagios ...)
@@ -569,10 +802,10 @@
NOTE: Requires the webserver, which has to be checked, to be compromised
CVE-2007-5197
RESERVED
-CVE-2007-5196
- RESERVED
-CVE-2007-5195
- RESERVED
+CVE-2007-5196 (Unspecified vulnerability in the SSL implementation in Groupwise ...)
+ TODO: check
+CVE-2007-5195 (Unspecified vulnerability in the SSL implementation in Groupwise ...)
+ TODO: check
CVE-2007-5194 (The Chroot server in rMake 1.0.11 creates a /dev/zero device file with ...)
NOT-FOR-US: rMake
CVE-2007-5192
@@ -1019,8 +1252,7 @@
CVE-2007-4996 (libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge ...)
- pidgin 2.2.1-1 (medium)
NOTE: Gaim not affected, vulnerable code was introduced in 2.2.0
-CVE-2007-4995 [remote code execution in openssl 0.9.8 DTLS]
- RESERVED
+CVE-2007-4995 (Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before ...)
- openssl 0.9.8f-1 (low)
- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
- openssl096 <not-affected> (DTLS support was introduced in 0.9.8)
@@ -1898,8 +2130,8 @@
RESERVED
CVE-2007-4620
RESERVED
-CVE-2007-4619
- RESERVED
+CVE-2007-4619 (Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC ...)
+ TODO: check
CVE-2007-4618 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 ...)
NOT-FOR-US: BEA WebLogic
CVE-2007-4617 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, ...)
@@ -3454,7 +3686,8 @@
CVE-2007-3918 (Cross-site scripting (XSS) vulnerability in account/verify.php in ...)
{DSA-1383-1}
- gforge 4.6.99+svn6094-1
-CVE-2007-3917 (Unspecified vulnerability in the multiplayer engine in Wesnoth before ...)
+CVE-2007-3917 (The multiplayer engine in Wesnoth before 1.2.7 allows remote servers ...)
+ {DSA-1386-1}
- wesnoth 1.2.7-1
CVE-2007-3916 (The main function in skkdic-expr.c in SKK Tools 1.2 allows local users ...)
- skktools 1.2+0.20061004-3
@@ -4040,8 +4273,8 @@
- sendmail <not-affected> (Concerns only ancient sendmail V5)
CVE-2007-3676
RESERVED
-CVE-2007-3675
- RESERVED
+CVE-2007-3675 (Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ...)
+ TODO: check
CVE-2007-3674
RESERVED
CVE-2007-3673 (Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus ...)
@@ -6669,7 +6902,7 @@
CVE-2007-2583 (The in_decimal::set function in item_cmpfunc.cc in MySQL before ...)
- mysql-dfsg-5.0 5.0.41-1 (low)
NOTE: http://bugs.mysql.com/bug.php?id=27513
-CVE-2007-2582 (Unspecified vulnerability in the DB2 JDBC Applet Server (DB2JDS) ...)
+CVE-2007-2582 (Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) ...)
NOT-FOR-US: IBM DB2
CVE-2007-2581 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
NOT-FOR-US: Microsoft
More information about the Secure-testing-commits
mailing list