[Secure-testing-commits] r7163 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Wed Oct 31 21:14:09 UTC 2007 

Author: joeyh
Date: 2007-10-31 21:14:09 +0000 (Wed, 31 Oct 2007)
New Revision: 7163

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-10-31 18:55:03 UTC (rev 7162)
+++ data/CVE/list	2007-10-31 21:14:09 UTC (rev 7163)
@@ -1,4 +1,64 @@
-CVE-2007-5718 [insecure temporary file handling in vobcopy]
+CVE-2007-5739 (Directory traversal vulnerability in ...)
+	TODO: check
+CVE-2007-5738 (The FlashUpload component in Korean GHBoard uses a client-side ...)
+	TODO: check
+CVE-2007-5737 (Unrestricted file upload vulnerability in component/upload.jsp in ...)
+	TODO: check
+CVE-2007-5736 (Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 ...)
+	TODO: check
+CVE-2007-5735 (eFileMan 7.1.0.87-88 stores sensitive information under the web root ...)
+	TODO: check
+CVE-2007-5734 (Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows ...)
+	TODO: check
+CVE-2007-5733 (Unrestricted file upload vulnerability in upload/upload.php in ...)
+	TODO: check
+CVE-2007-5732 (Directory traversal vulnerability in downloadfile.php in eLouai's ...)
+	TODO: check
+CVE-2007-5731 (Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and ...)
+	TODO: check
+CVE-2007-5730 (Heap-based buffer overflow in QEMU 0.8.2 allows local users to execute ...)
+	TODO: check
+CVE-2007-5729 (The NE2000 emulator in QEMU 0.8.2 allows local users to execute ...)
+	TODO: check
+CVE-2007-5728 (Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, ...)
+	TODO: check
+CVE-2007-5727 (Incomplete blacklist vulnerability in the stripScripts function in ...)
+	TODO: check
+CVE-2007-5726 (Unspecified vulnerability in the Stream Control Transmission Protocol ...)
+	TODO: check
+CVE-2007-5725 (Multiple cross-site scripting (XSS) vulnerabilities in Smart-Shop ...)
+	TODO: check
+CVE-2007-5724 (Multiple cross-site scripting (XSS) vulnerabilities in Omnistar Live ...)
+	TODO: check
+CVE-2007-5723 (Heap-based buffer overflow in the samp_send function in nuauth/sasl.c ...)
+	TODO: check
+CVE-2007-5722 (Heap-based buffer overflow in a certain ActiveX control in GLChat.ocx ...)
+	TODO: check
+CVE-2007-5721 (PHP remote file inclusion vulnerability in _theme/breadcrumb.php in ...)
+	TODO: check
+CVE-2007-5720 (Unrestricted file upload vulnerability in the profiles script in ...)
+	TODO: check
+CVE-2007-5719 (SQL injection vulnerability in bb_func_search.php in miniBB 2.1 allows ...)
+	TODO: check
+CVE-2007-5717 (Unspecified vulnerability in Sun Fire X2100 M2 and X2200 M2 Embedded ...)
+	TODO: check
+CVE-2007-5716 (Unspecified vulnerability in the Internet Protocol (IP) functionality ...)
+	TODO: check
+CVE-2007-5715 (DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log ...)
+	TODO: check
+CVE-2007-5714 (The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account ...)
+	TODO: check
+CVE-2007-5713 (Off-by-one error in the GeoIP module in the AMX Mod X 1.76d plugin for ...)
+	TODO: check
+CVE-2007-5712 (The internationalization (i18n) framework in Django 0.91, 0.95, ...)
+	TODO: check
+CVE-2007-5711 (Massive Entertainment World in Conflict 1.001 and earlier allows ...)
+	TODO: check
+CVE-2007-5710 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2007-5709 (Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 ...)
+	TODO: check
+CVE-2007-5718 (vobcopy 0.5.14 allows local users to append data to an arbitrary file, ...)
 	- vopcopy <unfixed> (low; bug #448319)
 CVE-2007-5706 (Absolute path traversal vulnerability in download.php in Jeebles ...)
 	NOT-FOR-US: Jeebles
@@ -176,9 +236,9 @@
 	NOT-FOR-US: not processed, predates tracker
 CVE-2002-2307 (The default configuration of BenHur Firewall release 3 update 066 fix ...)
 	NOT-FOR-US: not processed, predates tracker
-CVE-2007-5707 [remote denial of service caused by double free in slapd]
+CVE-2007-5707 (OpenLDAP before 2.3.39 allows remote attackers to cause a denial of ...)
 	- openldap2.3 2.3.38-1 (medium; bug #440632)
-CVE-2007-5708 [remote denial of service via unknown vectors]
+CVE-2007-5708 (slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, ...)
 	- openldap2.3 <unfixed> (medium; bug #448644)
 CVE-2007-2983 (Multiple buffer overflows in the British Telecommunications Consumer ...)
 	NOT-FOR-US: British Telecommunications Consumer webhelper
@@ -1453,7 +1513,7 @@
 	- mozilla-thunderbird <removed>
 	NOTE: xulrunner 1.8.1.6-1 still vulnerable
 	NOTE: MFSA2007-29
-CVE-2007-5338 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows ...)
+CVE-2007-5338 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote ...)
 	{DSA-1396-1 DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1
 	- xulrunner <unfixed>
@@ -2681,12 +2741,12 @@
 	RESERVED
 CVE-2007-4864
 	RESERVED
-CVE-2007-4863
-	RESERVED
-CVE-2007-4862
-	RESERVED
-CVE-2007-4861
-	RESERVED
+CVE-2007-4863 (SQL injection vulnerability in example.php in SAXON 5.4 allows remote ...)
+	TODO: check
+CVE-2007-4862 (Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON ...)
+	TODO: check
+CVE-2007-4861 (SAXON 5.4, with display_errors enabled, allows remote attackers to ...)
+	TODO: check
 CVE-2007-4860
 	RESERVED
 CVE-2007-4859
@@ -3883,8 +3943,8 @@
 	RESERVED
 CVE-2007-4349
 	RESERVED
-CVE-2007-4348
-	RESERVED
+CVE-2007-4348 (Cross-site scripting (XSS) vulnerability in the CAD service in IBM ...)
+	TODO: check
 CVE-2007-4347
 	RESERVED
 CVE-2007-4346
@@ -4030,8 +4090,8 @@
 	NOT-FOR-US: FrontAccounting
 CVE-2007-4278 (Stack-based buffer overflow in the giomgr process in ESRI ArcSDE ...)
 	NOT-FOR-US: ESRI ArcSDE
-CVE-2007-4277
-	RESERVED
+CVE-2007-4277 (The Trend Micro AntiVirus scan engine before 8.550-1001, as used in ...)
+	TODO: check
 CVE-2007-4276 (Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 ...)
 	NOT-FOR-US: IBM DB2
 CVE-2007-4275 (Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before ...)
@@ -11066,13 +11126,12 @@
 CVE-2007-1324 (SnapGear 560, 585, 580, 640, 710, and 720 appliances before the ...)
 	NOT-FOR-US: SnapGear
 CVE-2007-1323
-	RESERVED
+	REJECTED
 	{DSA-1284-1 DTSA-38-1}
 CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by executing ...)
 	{DSA-1284-1 DTSA-38-1}
 	- qemu 0.9.0-2 (bug #424070)
-CVE-2007-1321
-	RESERVED
+CVE-2007-1321 (Integer signedness error in the NE2000 emulator in QEMU 0.8.2 allows ...)
 	{DSA-1284-1 DTSA-38-1}
 	- qemu 0.9.0-2 (bug #424070)
 CVE-2007-1320 (Multiple heap-based buffer overflows in the cirrus_invalidate_region ...)
@@ -11733,7 +11792,7 @@
 	NOT-FOR-US: Wiclear
 CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart ...)
 	NOT-FOR-US: VirtueMart
-CVE-2007-1095 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 does not ...)
+CVE-2007-1095 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not ...)
 	{DSA-1396-1 DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1 (low; bug #445514)
 	- xulrunner <unfixed>

More information about the Secure-testing-commits mailing list