[Secure-testing-commits] r7069 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Tue Oct 23 09:14:08 UTC 2007 

Author: joeyh
Date: 2007-10-23 09:14:08 +0000 (Tue, 23 Oct 2007)
New Revision: 7069

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-10-23 08:57:06 UTC (rev 7068)
+++ data/CVE/list	2007-10-23 09:14:08 UTC (rev 7069)
@@ -1,4 +1,144 @@
-CVE-2007-5589 [ phpMyAdmin XSS PMASA-2007-6 ]
+CVE-2007-5622
+	RESERVED
+CVE-2007-5621 (Multiple cross-site scripting (XSS) vulnerabilities in the Token ...)
+	TODO: check
+CVE-2007-5620 (Directory traversal vulnerability in admin/inc/help.php in ...)
+	TODO: check
+CVE-2007-5619 (Unspecified vulnerability in VMware Server before 1.0.4 causes user ...)
+	TODO: check
+CVE-2007-5618 (Unquoted Windows search path in the Authorization and other services ...)
+	TODO: check
+CVE-2007-5617 (Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 ...)
+	TODO: check
+CVE-2007-5616
+	RESERVED
+CVE-2007-5615
+	RESERVED
+CVE-2007-5614
+	RESERVED
+CVE-2007-5613
+	RESERVED
+CVE-2007-5612
+	RESERVED
+CVE-2007-5611
+	RESERVED
+CVE-2007-5610
+	RESERVED
+CVE-2007-5609
+	RESERVED
+CVE-2007-5608
+	RESERVED
+CVE-2007-5607
+	RESERVED
+CVE-2007-5606
+	RESERVED
+CVE-2007-5605
+	RESERVED
+CVE-2007-5604
+	RESERVED
+CVE-2007-5603
+	RESERVED
+CVE-2007-5602
+	RESERVED
+CVE-2007-5601 (Stack-based buffer overflow in the Database Component in MPAMedia.dll ...)
+	TODO: check
+CVE-2007-5600 (Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 ...)
+	TODO: check
+CVE-2007-5599 (Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow ...)
+	TODO: check
+CVE-2007-5598 (Cross-site scripting (XSS) vulnerability in Weblinks for Drupal 4.7.x ...)
+	TODO: check
+CVE-2007-5597 (The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 ...)
+	TODO: check
+CVE-2007-5596 (The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 ...)
+	TODO: check
+CVE-2007-5595 (CRLF injection vulnerability in the drupal_goto function in ...)
+	TODO: check
+CVE-2007-5594 (Drupal 5.x before 5.3 does not apply its Drupal Forms API protection ...)
+	TODO: check
+CVE-2007-5593 (install.php in Drupal 5.x before 5.3, when the configured database ...)
+	TODO: check
+CVE-2007-5592 (Multiple PHP remote file inclusion vulnerabilities in awzMB 4.2 beta 1 ...)
+	TODO: check
+CVE-2007-5591 (The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M ...)
+	TODO: check
+CVE-2007-5590 (Multiple buffer overflows in Miranda before 0.7.1 allow remote ...)
+	TODO: check
+CVE-2007-5588 (Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43 ...)
+	TODO: check
+CVE-2007-5587 (Buffer overflow in Macrovision SafeDisc secdrv.sys, as shipped in ...)
+	TODO: check
+CVE-2007-5586 (Unspecified vulnerability in a driver in Microsoft Windows XP SP2 and ...)
+	TODO: check
+CVE-2007-5585 (xscreensaver 5.03 and earlier, when running without ...)
+	TODO: check
+CVE-2007-5584
+	RESERVED
+CVE-2007-5583
+	RESERVED
+CVE-2007-5582
+	RESERVED
+CVE-2007-5581
+	RESERVED
+CVE-2007-5580
+	RESERVED
+CVE-2003-1428 (Gallery 1.3.3 creates directories with insecure permissions, which ...)
+	TODO: check
+CVE-2003-1427 (Directory traversal vulnerability in the web configuration interface ...)
+	TODO: check
+CVE-2003-1426 (Openwebmail in cPanel 5.0, when run using suid Perl, adds the ...)
+	TODO: check
+CVE-2003-1425 (guestbook.cgi in cPanel 5.0 allows remote attackers to execute ...)
+	TODO: check
+CVE-2003-1424 (message.php in Petitforum does not properly authenticate users, which ...)
+	TODO: check
+CVE-2003-1423 (Petitforum stores the liste.txt data file under the web document root ...)
+	TODO: check
+CVE-2003-1422 (Multiple unspecified vulnerabilities in the installer for SYSLINUX ...)
+	TODO: check
+CVE-2003-1421 (Unspecified vulnerability in mod_mysql_logger shared object in SuckBot ...)
+	TODO: check
+CVE-2003-1420 (Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with ...)
+	TODO: check
+CVE-2003-1419 (Netscape 7.0 allows remote attackers to cause a denial of service ...)
+	TODO: check
+CVE-2003-1418 (Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote ...)
+	TODO: check
+CVE-2003-1417 (nCipher Support Software 6.00, when using generatekey KeySafe to ...)
+	TODO: check
+CVE-2003-1416 (BisonFTP Server 4 release 2 allows remote attackers to cause a denial ...)
+	TODO: check
+CVE-2003-1415 (NetCharts XBRL Server 4.0.0 allows remote attackers to obtain ...)
+	TODO: check
+CVE-2003-1414 (Directory traversal vulnerability in parse_xml.cg Apple Darwin ...)
+	TODO: check
+CVE-2003-1413 (parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote ...)
+	TODO: check
+CVE-2003-1412 (PHP remote file inclusion vulnerability in index.php for GONiCUS ...)
+	TODO: check
+CVE-2003-1411 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2003-1410 (PHP remote file inclusion vulnerability in email.php (aka email.php3) ...)
+	TODO: check
+CVE-2003-1409 (TOPo 1.43 allows remote attackers to obtain sensitive information by ...)
+	TODO: check
+CVE-2003-1408 (Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the ...)
+	TODO: check
+CVE-2003-1407 (Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to ...)
+	TODO: check
+CVE-2003-1406 (PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 ...)
+	TODO: check
+CVE-2003-1405 (DotBr 0.1 allows remote attackers to execute arbitrary shell commands ...)
+	TODO: check
+CVE-2003-1404 (DotBr 0.1 stores config.inc with insufficient access control under the ...)
+	TODO: check
+CVE-2003-1403 (foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2003-1402 (PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and ...)
+	TODO: check
+CVE-2003-1401 (login.php in php-Board 1.0 stores plaintext passwords in $username.txt ...)
+	TODO: check
+CVE-2007-5589 (Muliple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
 	- phpmyadmin 4:2.11.1.2-1
 CVE-2007-5579 (login.php in Pligg CMS 9.5 uses a guessable confirmation code when ...)
 	NOT-FOR-US: Pligg CMS
@@ -367,8 +507,8 @@
 	RESERVED
 CVE-2007-5473 (StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when ...)
 	- mono <not-affected> (Windows-specific vulnerability)
-CVE-2007-5472
-	RESERVED
+CVE-2007-5472 (Cross-site scripting (XSS) vulnerability in the Server component in CA ...)
+	TODO: check
 CVE-2003-1373 (Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through ...)
 	- phpbb2 <not-affected> (phpbb was the vulnerable one)
 CVE-2003-1372 (Cross-site scripting (XSS) vulnerability in links.php script in ...)
@@ -696,10 +836,10 @@
 	NOT-FOR-US: CiscoWorks
 CVE-2007-5381 (Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco ...)
 	NOT-FOR-US: Line Printer Daemon (LPD) Cisco
-CVE-2007-5380
-	RESERVED
-CVE-2007-5379
-	RESERVED
+CVE-2007-5380 (Session fixation vulnerability in Rails before 1.2.4, as used for Ruby ...)
+	TODO: check
+CVE-2007-5379 (Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers ...)
+	TODO: check
 CVE-2007-5378 (Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk ...)
 	- tk8.3 8.3.5-10 (medium; bug #446465)
 	- tk8.4 8.4.16-1 (medium)
@@ -785,33 +925,28 @@
 	RESERVED
 CVE-2007-5341
 	RESERVED
-CVE-2007-5340
-	RESERVED
-	{DSA-1392-1 DSA-1391-1}
+CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla Firefox ...)
+	{DSA-1392-1 DSA-1391-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1
 	TODO: check other ice*
-CVE-2007-5339
-	RESERVED
-	{DSA-1392-1 DSA-1391-1}
+CVE-2007-5339 (Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, ...)
+	{DSA-1392-1 DSA-1391-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1
 	TODO: check other ice*
-CVE-2007-5338
-	RESERVED
-	{DSA-1392-1}
+CVE-2007-5338 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows ...)
+	{DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1
 	TODO: check other ice*
-CVE-2007-5337
-	RESERVED
-	{DSA-1392-1}
+CVE-2007-5337 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when ...)
+	{DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1
 	TODO: check other ice*
 CVE-2007-5336
 	RESERVED
 CVE-2007-5335
 	RESERVED
-CVE-2007-5334
-	RESERVED
-	{DSA-1392-1}
+CVE-2007-5334 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the ...)
+	{DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1
 	TODO: check other ice*
 CVE-2007-5333
@@ -1269,8 +1404,8 @@
 	{DTSA-64-1}
 	- util-linux 2.13-8 (low)
 	- loop-aes-utils 2.13-2 (low)
-CVE-2007-5190
-	RESERVED
+CVE-2007-5190 (Multiple cross-site scripting (XSS) vulnerabilities in Alcatel ...)
+	TODO: check
 CVE-2007-5189 (Multiple SQL injection vulnerabilities in mes_add.php in x-script ...)
 	NOT-FOR-US: X-Script
 CVE-2007-5188 (Unspecified vulnerability in the XOOPS uploader class in Xoops ...)
@@ -2058,7 +2193,8 @@
 	NOT-FOR-US: Unreal Commander
 CVE-2007-4842 (Directory traversal vulnerability in Enriva Development Magellan ...)
 	NOT-FOR-US: Magellan Explorer
-CVE-2007-4841 (Mozilla Firefox 2.0.0.6 allows remote attackers to execute arbitrary ...)
+CVE-2007-4841 (Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and ...)
+	{DTSA-69-1}
 	- iceweasel 2.0.0.8-1
 	- iceape <unfixed>
 	- mozilla-firefox <removed>
@@ -5127,8 +5263,8 @@
 	NOTE: in Linus' tree.
 CVE-2007-3512 (Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows ...)
 	NOT-FOR-US: Lhaca
-CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12 ...)
-	{DSA-1392-1}
+CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox ...)
+	{DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1 (bug #438873; low)
 CVE-2007-3510
 	RESERVED
@@ -5567,7 +5703,7 @@
 	NOT-FOR-US: HTTP Server 1.6.2
 CVE-2007-3339 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: ColdFusion
-CVE-2007-3338 (Multiple buffer stack-based overflows in Ingres database server 2006 ...)
+CVE-2007-3338 (Multiple stack-based buffer overflows in Ingres database server 2006 ...)
 	NOT-FOR-US: Ingres
 CVE-2007-3337 (wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used ...)
 	NOT-FOR-US: Ingres
@@ -5811,7 +5947,7 @@
 	NOT-FOR-US: Singapore Gallery
 CVE-2007-3228 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Sitellite CMS
-CVE-2007-3227 (Cross-site scripting (XSS) vulnerability in the to_json function in ...)
+CVE-2007-3227 (Cross-site scripting (XSS) vulnerability in the to_json ...)
 	- rails 1.2.4-1 (bug #429177)
 CVE-2007-3226 (Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 ...)
 	NOT-FOR-US: dotProject
@@ -8060,7 +8196,7 @@
 	[lenny] - asterisk <not-affected> (vulnerable code not present)
 	NOTE: http://ftp.digium.com/pub/asa/ASA-2007-010.html
 CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication support for ...)
-	{DSA-1392-1}
+	{DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1 (low)
 	[etch] - iceweasel <no-dsa> (Minor issue)
 	- firefox <removed> (low)
@@ -11039,8 +11175,8 @@
 	NOT-FOR-US: Wiclear
 CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart ...)
 	NOT-FOR-US: VirtueMart
-CVE-2007-1095 (Mozilla Firefox does not properly implement JavaScript onUnload ...)
-	{DSA-1392-1}
+CVE-2007-1095 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 does not ...)
+	{DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1 (low; bug #445514)
 	NOTE: Pending for upcoming security releases
 CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
@@ -23084,8 +23220,8 @@
 	NOT-FOR-US: Funkboard
 CVE-2006-2895 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to ...)
 	- mediawiki <not-affected> (Affects only 1.6.0-1.6.6)
-CVE-2006-2894 (Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13, Mozilla SeaMonkey ...)
-	{DSA-1392-1}
+CVE-2006-2894 (Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, ...)
+	{DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1
 	NOTE: There are very few scenarios, where this could be exploited
 	NOTE: We can probably ignore this
@@ -38414,7 +38550,7 @@
 	NOT-FOR-US: Cybozu Share
 CVE-2002-1959 (Nagios 1.0b1 through 1.0b3 allows remote attackers to execute ...)
 	NOTE: Nagios was packaged for Debian after these vulnerable versions have been released
-CVE-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0 through 1.0b ...)
+CVE-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b ...)
 	NOT-FOR-US: kmMail
 CVE-2002-1957 (Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and ...)
 	- pen <not-affected> (pen was introduced after this old vulnerability)

More information about the Secure-testing-commits mailing list