[Secure-testing-commits] r7103 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Thu Oct 25 21:14:08 UTC 2007 

Author: joeyh
Date: 2007-10-25 21:14:08 +0000 (Thu, 25 Oct 2007)
New Revision: 7103

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-10-25 19:04:21 UTC (rev 7102)
+++ data/CVE/list	2007-10-25 21:14:08 UTC (rev 7103)
@@ -1,3 +1,181 @@
+CVE-2007-5679 (SQL injection vulnerability in index.php in DeeEmm.com DM CMS ...)
+	TODO: check
+CVE-2007-5678 (SQL injection vulnerability in the Music module in phpBasic allows ...)
+	TODO: check
+CVE-2007-5677 (Cross-site scripting (XSS) vulnerability in shoutbox/blocco.php in ...)
+	TODO: check
+CVE-2007-5676 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-5675 (Stack-based buffer overflow in the DebugPrint function in MultiXTpm ...)
+	TODO: check
+CVE-2007-5674 (Directory traversal vulnerability in index.php in InstaGuide Weather ...)
+	TODO: check
+CVE-2007-5673 (Cross-site scripting (XSS) vulnerability in cgi-bin/webif.exe in ifnet ...)
+	TODO: check
+CVE-2007-5672
+	RESERVED
+CVE-2007-5671
+	RESERVED
+CVE-2007-5670
+	RESERVED
+CVE-2007-5669
+	RESERVED
+CVE-2007-5668
+	RESERVED
+CVE-2007-5667
+	RESERVED
+CVE-2007-5666
+	RESERVED
+CVE-2007-5665
+	RESERVED
+CVE-2007-5664
+	RESERVED
+CVE-2007-5663
+	RESERVED
+CVE-2007-5662
+	RESERVED
+CVE-2007-5661
+	RESERVED
+CVE-2007-5660
+	RESERVED
+CVE-2007-5659
+	RESERVED
+CVE-2007-5658
+	RESERVED
+CVE-2007-5657
+	RESERVED
+CVE-2007-5656
+	RESERVED
+CVE-2007-5655
+	RESERVED
+CVE-2007-5654 (LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger ...)
+	TODO: check
+CVE-2007-5653 (The Component Object Model (COM) functions in PHP 5.x on Windows do ...)
+	TODO: check
+CVE-2007-5652 (Unspecified vulnerability in IBM DB2 9.1 before Fix Pack 4 might allow ...)
+	TODO: check
+CVE-2007-5651 (Unspecified vulnerability in the Extensible Authentication Protocol ...)
+	TODO: check
+CVE-2007-5650 (Directory traversal vulnerability in system.php in ReloadCMS 1.2.7 ...)
+	TODO: check
+CVE-2007-5649 (Cross-site scripting (XSS) vulnerability in lostpwd.php in Creative ...)
+	TODO: check
+CVE-2007-5648 (Multiple cross-site scripting (XSS) vulnerabilities in rnote.php in ...)
+	TODO: check
+CVE-2007-5647 (Multiple cross-site scripting (XSS) vulnerabilities in SocketKB 1.1.5 ...)
+	TODO: check
+CVE-2007-5646 (SQL injection vulnerability in Sources/Search.php in Simple Machines ...)
+	TODO: check
+CVE-2007-5644 (Lussumo Vanilla 1.1.3 and earlier does not require admin privileges ...)
+	TODO: check
+CVE-2007-5643 (Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and ...)
+	TODO: check
+CVE-2007-5642 (Multiple directory traversal vulnerabilities in PHP Project Management ...)
+	TODO: check
+CVE-2007-5641 (Multiple PHP remote file inclusion vulnerabilities in PHP Project ...)
+	TODO: check
+CVE-2007-5640 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional ...)
+	TODO: check
+CVE-2007-5639 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel ...)
+	TODO: check
+CVE-2007-5638 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional ...)
+	TODO: check
+CVE-2007-5637 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional ...)
+	TODO: check
+CVE-2007-5636 (Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote ...)
+	TODO: check
+CVE-2007-5635 (Multiple unspecified vulnerabilities in Salford Software Support ...)
+	TODO: check
+CVE-2007-5634 (Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on ...)
+	TODO: check
+CVE-2007-5633 (Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on ...)
+	TODO: check
+CVE-2007-5632 (Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 ...)
+	TODO: check
+CVE-2007-5631 (Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator ...)
+	TODO: check
+CVE-2007-5630 (SQL injection vulnerability in tnews.php in BBsProcesS BBPortalS ...)
+	TODO: check
+CVE-2007-5629 (Cross-site scripting (XSS) vulnerability in admin/logon.asp in ...)
+	TODO: check
+CVE-2007-5628 (PHP remote file inclusion vulnerability in src/scripture.php in TOWeLS ...)
+	TODO: check
+CVE-2007-5627 (PHP remote file inclusion vulnerability in content/fnc-readmail3.php ...)
+	TODO: check
+CVE-2007-5626 (make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a ...)
+	TODO: check
+CVE-2007-5625 (Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site ...)
+	TODO: check
+CVE-2007-5624 (Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 ...)
+	TODO: check
+CVE-2007-5623 (Buffer overflow in the check_snmp function in Nagios Plugins ...)
+	TODO: check
+CVE-2003-1494 (Unspecified vulnerability in HP OpenView Network Node Manager (NNM) ...)
+	TODO: check
+CVE-2003-1493 (Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 ...)
+	TODO: check
+CVE-2003-1492 (Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access ...)
+	TODO: check
+CVE-2003-1491 (Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept ...)
+	TODO: check
+CVE-2003-1490 (SonicWall Pro running firmware 6.4.0.1 allows remote attackers to ...)
+	TODO: check
+CVE-2003-1489 (upload.php in Truegalerie 1.0 allows remote attackers to read ...)
+	TODO: check
+CVE-2003-1488 (The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie ...)
+	TODO: check
+CVE-2003-1487 (Multiple "command injection" vulnerabilities in Phorum 3.4 through ...)
+	TODO: check
+CVE-2003-1486 (Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full ...)
+	TODO: check
+CVE-2003-1485 (Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to ...)
+	TODO: check
+CVE-2003-1484 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2003-1483 (FlashFXP 1.4 uses a weak encryption algorithm for user passwords, ...)
+	TODO: check
+CVE-2003-1482 (The backup configuration file for Microsoft MN-500 wireless base ...)
+	TODO: check
+CVE-2003-1481 (CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer ...)
+	TODO: check
+CVE-2003-1480 (MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, ...)
+	TODO: check
+CVE-2003-1479 (Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and ...)
+	TODO: check
+CVE-2003-1478 (Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of ...)
+	TODO: check
+CVE-2003-1477 (MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause ...)
+	TODO: check
+CVE-2003-1476 (Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, ...)
+	TODO: check
+CVE-2003-1475 (Netbus 1.5 through 1.7 allows more than one client to be connected at ...)
+	TODO: check
+CVE-2003-1474 (slashem-tty in the FreeBSD Ports Collection is installed with write ...)
+	TODO: check
+CVE-2003-1473 (Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 ...)
+	TODO: check
+CVE-2003-1472 (Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to ...)
+	TODO: check
+CVE-2003-1471 (MDaemon POP server 6.0.7 and earlier allows remote authenticated users ...)
+	TODO: check
+CVE-2003-1470 (Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows ...)
+	TODO: check
+CVE-2003-1469 (The default configuration of ColdFusion MX has the "Enable Robust ...)
+	TODO: check
+CVE-2003-1468 (The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote ...)
+	TODO: check
+CVE-2003-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, ...)
+	TODO: check
+CVE-2003-1466 (Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote ...)
+	TODO: check
+CVE-2003-1465 (Directory traversal vulnerability in download.php in Phorum 3.4 ...)
+	TODO: check
+CVE-2003-1464 (Buffer overflow in Siemens 45 series mobile phones allows remote ...)
+	TODO: check
+CVE-2003-1463 (Absolute path traversal vulnerability in Alt-N Technologies WebAdmin ...)
+	TODO: check
+CVE-2003-1462 (mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey ...)
+	TODO: check
 CVE-2003-1461 (Buffer overflow in rwrite for HP-UX 11.0 could allow local users to ...)
 	NOT-FOR-US: HP-UX
 CVE-2003-1460 (Worker Filemanager 1.0 through 2.7 sets the permissions on the ...)
@@ -1002,11 +1180,11 @@
 CVE-2007-5341
 	RESERVED
 CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla Firefox ...)
-	{DSA-1392-1 DSA-1391-1 DTSA-69-1}
+	{DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1}
 	- iceweasel 2.0.0.8-1
 	TODO: check other ice*
 CVE-2007-5339 (Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, ...)
-	{DSA-1392-1 DSA-1391-1 DTSA-69-1}
+	{DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1}
 	- iceweasel 2.0.0.8-1
 	TODO: check other ice*
 CVE-2007-5338 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows ...)
@@ -1018,9 +1196,9 @@
 	- iceweasel 2.0.0.8-1
 	TODO: check other ice*
 CVE-2007-5336
-	RESERVED
-CVE-2007-5335
-	RESERVED
+	REJECTED
+CVE-2007-5335 (Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain ...)
+	TODO: check
 CVE-2007-5334 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the ...)
 	{DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1
@@ -1444,6 +1622,7 @@
 CVE-2007-5209 (Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock ...)
 	NOT-FOR-US: CenterTools
 CVE-2007-5208 (hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) ...)
+	{DTSA-72-1}
 	- hplip 1.6.10-4.3 (medium; bug #447341)
 	[sarge] - hplip <not-affected> (This code was using smtp directly)
 CVE-2007-5206
@@ -4360,6 +4539,7 @@
 	- gnome-screensaver 2.20.0-1.1
 CVE-2007-3919
 	RESERVED
+	{DSA-1395-1}
 CVE-2007-3918 (Cross-site scripting (XSS) vulnerability in account/verify.php in ...)
 	{DSA-1383-1}
 	- gforge 4.6.99+svn6094-1
@@ -4523,13 +4703,13 @@
 CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as used ...)
 	NOT-FOR-US: TortoiseSVN on Windows
 CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x ...)
-	{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
+	{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1 DTSA-71-1}
 	- iceweasel 2.0.0.6-1 (medium)
 	- xulrunner 1.8.1.6-1 (medium)
 	- iceape 1.1.3-2 (medium)
 	- icedove <unfixed> (medium)
 CVE-2007-3844 (Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and ...)
-	{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
+	{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1 DTSA-71-1}
 	- iceweasel 2.0.0.6-1 (medium)
 	- xulrunner 1.8.1.6-1 (medium)
 	- iceape 1.1.3-2 (medium)
@@ -4806,14 +4986,14 @@
 	- iceape 1.1.3-1 (high)
 	- xulrunner 1.8.1.5-1 (high)
 CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
-	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1}
 	- iceweasel 2.0.0.5-1 (high)
 	- icedove <unfixed> (low)
 	NOTE: Affects only broken setups, enabling js in Icedove is strongly not recommended
 	- iceape 1.1.3-1 (high)
 	- xulrunner 1.8.1.5-1 (high)
 CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
-	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1}
 	- iceweasel 2.0.0.5-1 (high)
 	- icedove 2.0.0.6-1 (high; bug #444010)
 	- iceape 1.1.3-1 (high)
@@ -8044,7 +8224,7 @@
 	NOTE: This allows to steal data from affected websites. Therefore web applications should
 	NOTE: only be considered vunerabile if they process confidential data.
 	NOTE: The frameworks should be fixed in any case.
-CVE-2007-2383 (The Prototype (prototypejs) framework exchanges data using JavaScript ...)
+CVE-2007-2383 (The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ...)
 	TODO: check glpi hobix knowledgeroot libbio-ruby1.8 mt-daapd op-panel poker-web python-webhelpers qwik rails wordpress 
 	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
 	NOTE: This allows to steal data from affected websites. Therefore web applications should

More information about the Secure-testing-commits mailing list