[Secure-testing-commits] r7001 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Thu Oct 18 09:14:15 UTC 2007
Author: joeyh
Date: 2007-10-18 09:14:14 +0000 (Thu, 18 Oct 2007)
New Revision: 7001
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-18 06:39:03 UTC (rev 7000)
+++ data/CVE/list 2007-10-18 09:14:14 UTC (rev 7001)
@@ -1,10 +1,180 @@
-CVE-2007-5488 [Asterisk SQL Injection Vulnerability in cdr_addon_mysql]
+CVE-2007-5541 (Unspecified vulnerability in Opera before 9.24, when using an ...)
+ TODO: check
+CVE-2007-5540 (Unspecified vulnerability in Opera before 9.24 allows remote attackers ...)
+ TODO: check
+CVE-2007-5539 (Unspecified vulnerability in Cisco Unified Intelligent Contact ...)
+ TODO: check
+CVE-2007-5538 (Buffer overflow in the Centralized TFTP File Locator Service in Cisco ...)
+ TODO: check
+CVE-2007-5537 (Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 ...)
+ TODO: check
+CVE-2007-5536 (Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX ...)
+ TODO: check
+CVE-2007-5535 (Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown ...)
+ TODO: check
+CVE-2007-5534 (Unspecified vulnerability in the HCM component in Oracle PeopleSoft ...)
+ TODO: check
+CVE-2007-5533 (Unspecified vulnerability in the People Tools component in Oracle ...)
+ TODO: check
+CVE-2007-5532 (Unspecified vulnerability in the People Tools component in Oracle ...)
+ TODO: check
+CVE-2007-5531 (Unspecified vulnerability in Oracle Help for Web, as used in Oracle ...)
+ TODO: check
+CVE-2007-5530 (Unspecified vulnerability in the Database Control component in Oracle ...)
+ TODO: check
+CVE-2007-5529 (Unspecified vulnerability in the Oracle Self-Service Web Applications ...)
+ TODO: check
+CVE-2007-5528 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.2 ...)
+ TODO: check
+CVE-2007-5527 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
+ TODO: check
+CVE-2007-5526 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
+ TODO: check
+CVE-2007-5525 (Unspecified vulnerability in the Oracle Single Sign-On component in ...)
+ TODO: check
+CVE-2007-5524 (Unspecified vulnerability in the Oracle Single Sign-On component in ...)
+ TODO: check
+CVE-2007-5523 (Unspecified vulnerability in the Oracle Internet Directory component ...)
+ TODO: check
+CVE-2007-5522 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
+ TODO: check
+CVE-2007-5521 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
+ TODO: check
+CVE-2007-5520 (Unspecified vulnerability in the Oracle Internet Directory component ...)
+ TODO: check
+CVE-2007-5519 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
+ TODO: check
+CVE-2007-5518 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
+ TODO: check
+CVE-2007-5517 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
+ TODO: check
+CVE-2007-5516 (Unspecified vulnerability in the Oracle Process Mgmt & Notification ...)
+ TODO: check
+CVE-2007-5515 (Unspecified vulnerability in the Spatial component in Oracle Database ...)
+ TODO: check
+CVE-2007-5514 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have ...)
+ TODO: check
+CVE-2007-5513 (The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, ...)
+ TODO: check
+CVE-2007-5512 (Unspecified vulnerability in the Oracle Database Vault component in ...)
+ TODO: check
+CVE-2007-5511 (SQL injection vulnerability in Workspace Manager for Oracle Database ...)
+ TODO: check
+CVE-2007-5510 (Multiple unspecified vulnerabilities in the Workspace Manager ...)
+ TODO: check
+CVE-2007-5509 (Unspecified vulnerability in the Spatial component in Oracle Database ...)
+ TODO: check
+CVE-2007-5508 (Multiple SQL injection vulnerabilities in the CTXSYS Intermedia ...)
+ TODO: check
+CVE-2007-5507 (The GIOP service in TNS Listener in the Oracle Net Services component ...)
+ TODO: check
+CVE-2007-5506 (The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, ...)
+ TODO: check
+CVE-2007-5505 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...)
+ TODO: check
+CVE-2007-5504 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and ...)
+ TODO: check
+CVE-2007-5503
+ RESERVED
+CVE-2007-5502
+ RESERVED
+CVE-2007-5501
+ RESERVED
+CVE-2007-5500
+ RESERVED
+CVE-2007-5499
+ RESERVED
+CVE-2007-5498
+ RESERVED
+CVE-2007-5497
+ RESERVED
+CVE-2007-5496
+ RESERVED
+CVE-2007-5495
+ RESERVED
+CVE-2007-5494
+ RESERVED
+CVE-2007-5493 (The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows ...)
+ TODO: check
+CVE-2007-5492 (Static code injection vulnerability in the translation module ...)
+ TODO: check
+CVE-2007-5491 (Directory traversal vulnerability in the translation module ...)
+ TODO: check
+CVE-2007-5490 (SQL injection vulnerability in default.asp in Okul Otomasyon Portal ...)
+ TODO: check
+CVE-2007-5489 (Directory traversal vulnerability in index.php in Artmedic CMS 3.4 and ...)
+ TODO: check
+CVE-2007-5487 (Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 ...)
+ TODO: check
+CVE-2007-5486 (dotProject before 2.1 does not properly check privileges when invoking ...)
+ TODO: check
+CVE-2007-5485 (SQL injection vulnerability in index.php in the mg2 1.0 module for ...)
+ TODO: check
+CVE-2007-5484 (Directory traversal vulnerability in wxis.exe in WWWISIS 7.1 allows ...)
+ TODO: check
+CVE-2007-5483 (Unspecified vulnerability in the Administrative Scripting Tools (such ...)
+ TODO: check
+CVE-2007-5482 (Unspecified vulnerability in the FTP service in Sun ...)
+ TODO: check
+CVE-2007-5481 (Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote ...)
+ TODO: check
+CVE-2007-5480 (Multiple cross-site scripting (XSS) vulnerabilities in InnovaAge ...)
+ TODO: check
+CVE-2007-5479 (Cross-site scripting (XSS) vulnerability in Search.asp in Xcomputer ...)
+ TODO: check
+CVE-2007-5478 (Cross-site scripting (XSS) vulnerability in projects in Nabh ...)
+ TODO: check
+CVE-2007-5477 (Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod ...)
+ TODO: check
+CVE-2007-5476 (Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, ...)
+ TODO: check
+CVE-2007-5475
+ RESERVED
+CVE-2007-5474
+ RESERVED
+CVE-2007-5473
+ RESERVED
+CVE-2007-5472
+ RESERVED
+CVE-2003-1373 (Direcory traversal vulnerability in auth.php for PhpBB 1.4.0 through ...)
+ TODO: check
+CVE-2003-1372 (Cross-site scripting (XSS) vulnerability in links.php script in ...)
+ TODO: check
+CVE-2003-1371 (Nuked-Klan 1.3b, and possibly earlier versions, allows remote ...)
+ TODO: check
+CVE-2003-1370 (Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b ...)
+ TODO: check
+CVE-2003-1369 (Buffer overflow in ByteCatcher FTP client 1.04b allows remote ...)
+ TODO: check
+CVE-2003-1368 (Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers ...)
+ TODO: check
+CVE-2003-1367 (The which_access variable for Majordomo 2.0 through 1.94.4, and ...)
+ TODO: check
+CVE-2003-1366 (chpass in OpenBSD 2.0 through 3.2 allows local users to read portions ...)
+ TODO: check
+CVE-2003-1365 (The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does ...)
+ TODO: check
+CVE-2003-1364 (Aprelium Technologies Abyss Web Server 1.1.2, and possibly other ...)
+ TODO: check
+CVE-2003-1363 (The remote web management interface of Aprelium Technologies Abyss Web ...)
+ TODO: check
+CVE-2003-1362 (Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly ...)
+ TODO: check
+CVE-2003-1361 (Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli ...)
+ TODO: check
+CVE-2003-1360 (Buffer overflow in the setupterm function of (1) lanadmin and (2) ...)
+ TODO: check
+CVE-2003-1359 (Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows ...)
+ TODO: check
+CVE-2003-1358 (rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment ...)
+ TODO: check
+CVE-2007-5488 (Multiple SQL injection vulnerabilities in cdr_addon_mysql in ...)
- asterisk-addons 1.4.4-1
CVE-2007-5471 (libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in ...)
- libgssapi 0.8-1
CVE-2007-5470 (Microsoft Expression Media stores the catalog password in cleartext in ...)
NOT-FOR-US: Microsoft Expression Media
-CVE-2007-5469 (OpenSER 1.2.2 does not verify the Digest authentication header URI ...)
+CVE-2007-5469 (** DISPUTED ** ...)
- openser <unfixed> (unimportant; bug #446956)
NOTE: should be only "exploitable" in local network with untrusted users
CVE-2007-5468 (Cisco CallManager 5.1.1.3000-5 does not verify the Digest ...)
@@ -15,7 +185,7 @@
NOT-FOR-US: eXtremail
CVE-2007-5465 (Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows ...)
NOT-FOR-US: doop CMS
-CVE-2007-5464 (Buffer overflow in Live for Speed 0.5X10 and earlier allows remote ...)
+CVE-2007-5464 (Stack-based buffer overflow in Live for Speed 0.5X10 and earlier ...)
NOT-FOR-US: Live for Speed
CVE-2007-5463 (ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta ...)
NOT-FOR-US: ViArt Shop
@@ -31,7 +201,7 @@
NOT-FOR-US: Joomla! extension
CVE-2007-5456 (Microsoft Internet Explorer 7 and earlier allows remote attackers to ...)
NOT-FOR-US: Internet Explorer
-CVE-2007-5455 (Cross-site scripting (XSS) vulnerability in cgi-bin/wxis.exe in ...)
+CVE-2007-5455 (Cross-site scripting (XSS) vulnerability in wxis.exe in WWWISIS 7.1 ...)
NOT-FOR-US: WWWISIS
CVE-2007-5454 (Directory traversal vulnerability in index.php in PHP File Sharing ...)
NOT-FOR-US: PHP File Sharing
@@ -2792,8 +2962,8 @@
RESERVED
CVE-2007-4344
RESERVED
-CVE-2007-4343
- RESERVED
+CVE-2007-4343 (Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows ...)
+ TODO: check
CVE-2007-4342 (PHP remote file inclusion vulnerability in include.php in PHPCentral ...)
NOT-FOR-US: PHPCentral
CVE-2007-4341 (PHP remote file inclusion vulnerability in adm/my_statistics.php in ...)
@@ -5719,7 +5889,7 @@
- linux-2.6 2.6.22-4
CVE-2007-3104 (The sysfs_readdir function in the Linux kernel in Red Hat Enterprise ...)
- linux-2.6 2.6.22-4 (low)
-CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on Red Hat ...)
+CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on various Linux ...)
{DSA-1342-1}
- xfs 1:1.0.4-2
CVE-2007-3102
@@ -32713,7 +32883,7 @@
NOT-FOR-US: Sage
CVE-2003-1241 (Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) ...)
NOT-FOR-US: MyGuestbook
-CVE-2003-1240 (CuteNews 0.88 allows remote attackers to execute arbitrary PHP code by ...)
+CVE-2003-1240 (PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote ...)
NOT-FOR-US: CuteNews
CVE-2003-1239 (Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 ...)
NOT-FOR-US: WihPhoto
@@ -32758,7 +32928,8 @@
- samba 2.2.5 (high)
CVE-2002-2195 (Buffer overflow in the version update check for Winamp 2.80 and ...)
NOT-FOR-US: Winamp
-CVE-2002-2194 (Solaris 8 allows local users to cause a denial of service (kernel ...)
+CVE-2002-2194
+ REJECTED
NOT-FOR-US: Solaris
CVE-2002-2193 (Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 ...)
NOT-FOR-US: Mojo Mail
@@ -32826,13 +32997,15 @@
NOT-FOR-US: Cerulean Trillian
CVE-2002-2161 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...)
NOT-FOR-US: Kerio Personal Firewall
-CVE-2002-2160 (MidiCart (1) PHP, (2) PHP Plus, and (3) PHP Maxi does not restrict ...)
+CVE-2002-2160
+ REJECTED
NOT-FOR-US: MidiCart
CVE-2002-2159 (Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the ...)
NOT-FOR-US: Linksys hardware
CVE-2002-2158 (zenTrack 2.0.3 and earlier allows remote attackers to obtain the full ...)
NOT-FOR-US: zenTrack
-CVE-2002-2157 (calendar.php in Jelsoft Enterprises vBulletin 2.2.0 and earlier allows ...)
+CVE-2002-2157
+ REJECTED
NOT-FOR-US: vBulletin
CVE-2002-2156 (Buffer overflow in Trillian 0.73 allows remote IRC servers to execute ...)
NOT-FOR-US: Cerulean Trillian
@@ -32844,7 +33017,8 @@
NOT-FOR-US: Oracle Application Server
CVE-2002-2152 (The Czech edition of Software602's Web Server before 2002.0.02.0916 ...)
NOT-FOR-US: Software602
-CVE-2002-2151 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows ...)
+CVE-2002-2151
+ REJECTED
NOT-FOR-US: Search97
CVE-2002-2150 (Firewalls from multiple vendors empty state tables more slowly than ...)
NOTE: SYN floods etc generally filed as issues in linux specifically
@@ -32853,7 +33027,8 @@
NOT-FOR-US: Lucent Access Point
CVE-2002-2148 (Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline ...)
NOT-FOR-US: Lucent MAX Router
-CVE-2002-2147 (Savant Web Server 3.1 and earlier allows remote attackers to cause a ...)
+CVE-2002-2147
+ REJECTED
NOT-FOR-US: Savant Web Server
CVE-2002-2146 (cgitest.exe in Savant Web Server 3.1 and earlier allows remote ...)
NOT-FOR-US: Savant Web Server
@@ -32876,8 +33051,10 @@
CVE-2002-2137 (GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and ...)
NOT-FOR-US: GlobalSunTech Wireless Access Points
CVE-2002-2136 (The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) ...)
+ REJECTED
NOT-FOR-US: SUNW*
-CVE-2002-2135 (OnlineJFS and JournalFS.VXFS-BASE-KRN (JFS 3.1) in HP-UX 10.20 through ...)
+CVE-2002-2135
+ REJECTED
NOT-FOR-US: HP-UX
CVE-2002-2134 (haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP ...)
NOT-FOR-US: PEEL
@@ -38315,7 +38492,7 @@
NOT-FOR-US: phpRank
CVE-2002-1799 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...)
NOT-FOR-US: phpRank
-CVE-2002-1798 (MidiCart PHP 1 allows remote attackers to (1) upload arbitrary php ...)
+CVE-2002-1798 (MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) ...)
NOT-FOR-US: MidiCart
CVE-2002-1797 (ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and ...)
NOT-FOR-US: ChaiVM
@@ -40833,7 +41010,7 @@
NOT-FOR-US: Sun JVM
CVE-2003-1133 (Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts ...)
NOT-FOR-US: The Bat!
-CVE-2002-1660 (calendar.php in vBulletin 2.0.3 and earlier allows remote attackers to ...)
+CVE-2002-1660 (calendar.php in vBulletin before 2.2.0 allows remote attackers to ...)
NOT-FOR-US: vBulletin
CVE-2002-1659 (user_profile.asp in PortalApp 2.2 allows local users to gain ...)
NOT-FOR-US: PortalApp
@@ -42369,7 +42546,8 @@
NOT-FOR-US: Oracle
CVE-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote ...)
NOT-FOR-US: Oracle
-CVE-2002-1638 (Format string vulnerability in the PL/SQL module for Oracle 9i ...)
+CVE-2002-1638
+ REJECTED
NOT-FOR-US: Oracle
CVE-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are ...)
NOT-FOR-US: Oracle
@@ -44916,7 +45094,7 @@
NOT-FOR-US: Solaris
CVE-2003-1055 (Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 ...)
NOT-FOR-US: Solaris
-CVE-2002-1590 (Web Based Enterprise Management (WBEM) for Solaris 8 with update 1/01 ...)
+CVE-2002-1590 (The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) ...)
NOT-FOR-US: Solaris
CVE-2002-1589 (Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, ...)
NOT-FOR-US: Solaris
More information about the Secure-testing-commits
mailing list