joeyh at alioth.debian.org
2007-Nov-06 21:14 UTC
[Secure-testing-commits] r7231 - data/CVE
Author: joeyh Date: 2007-11-06 21:14:18 +0000 (Tue, 06 Nov 2007) New Revision: 7231 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-11-06 19:48:00 UTC (rev 7230) +++ data/CVE/list 2007-11-06 21:14:18 UTC (rev 7231) @@ -1,3 +1,73 @@ +CVE-2007-5837 (GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, ...) + TODO: check +CVE-2007-5836 (SQL injection vulnerability in Amazing Flash AFCommerce allows remote ...) + TODO: check +CVE-2007-5835 (Install.php in BosDev BosNews 4 and 5 does not require authentication ...) + TODO: check +CVE-2007-5834 (Cross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows ...) + TODO: check +CVE-2007-5833 (Multiple cross-site scripting (XSS) vulnerabilities in BosDev ...) + TODO: check +CVE-2007-5832 (Unspecified vulnerability in selectLanguage.do in SSL-Explorer before ...) + TODO: check +CVE-2007-5831 (Directory traversal vulnerability in fileSystem.do in SSL-Explorer ...) + TODO: check +CVE-2007-5830 (Unspecified vulnerability in the administrative interface in Avaya ...) + TODO: check +CVE-2007-5829 (The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and ...) + TODO: check +CVE-2007-5828 (Cross-site request forgery (CSRF) vulnerability in the admin panel in ...) + TODO: check +CVE-2007-5827 (iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for ...) + TODO: check +CVE-2007-5826 (Absolute path traversal vulnerability in the EDraw Flowchart ActiveX ...) + TODO: check +CVE-2007-5825 (Format string vulnerability in the ws_addarg function in webserver.c ...) + TODO: check +CVE-2007-5824 (webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier ...) + TODO: check +CVE-2007-5823 (Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 ...) + TODO: check +CVE-2007-5822 (Direct static code injection vulnerability in forum.php in Ben Ng ...) + TODO: check +CVE-2007-5821 (Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and ...) + TODO: check +CVE-2007-5820 (Directory traversal vulnerability in index.php in Ax Developer CMS ...) + TODO: check +CVE-2007-5819 (IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak ...) + TODO: check +CVE-2007-5818 (Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php ...) + TODO: check +CVE-2007-5817 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote ...) + TODO: check +CVE-2007-5816 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote ...) + TODO: check +CVE-2007-5815 (Absolute path traversal vulnerability in the WebCacheCleaner ActiveX ...) + TODO: check +CVE-2007-5814 (Multiple buffer overflows in the SonicWall SSL-VPN NetExtender ...) + TODO: check +CVE-2007-5813 (Multiple directory traversal vulnerabilities in download.php in ...) + TODO: check +CVE-2007-5812 (Directory traversal vulnerability in ...) + TODO: check +CVE-2007-5811 (** DISPUTED ** ...) + TODO: check +CVE-2007-5810 (Hitachi Web Server 01-00 through 03-00-01, as used by certain ...) + TODO: check +CVE-2007-5809 (Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 ...) + TODO: check +CVE-2007-5808 (Unspecified vulnerability in the Groupmax Collaboration - Schedule ...) + TODO: check +CVE-2007-5807 (Buffer overflow in the register function in Ultra Star Reader ActiveX ...) + TODO: check +CVE-2007-5806 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check +CVE-2007-5805 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument ...) + TODO: check +CVE-2007-5804 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument ...) + TODO: check +CVE-2007-5803 + RESERVED CVE-2007-5802 (Directory traversal vulnerability in index.php in Firewolf ...) NOT-FOR-US: Firewolf Technologies Synergiser CVE-2007-5801 (Unspecified vulnerability in WORK system e-commerce before 4.0.2 has ...) @@ -295,7 +365,7 @@ NOT-FOR-US: Omnistar Live CVE-2007-5723 (Heap-based buffer overflow in the samp_send function in nuauth/sasl.c ...) - nufw 2.2.7-1 (medium) -CVE-2007-5722 (Heap-based buffer overflow in a certain ActiveX control in GLChat.ocx ...) +CVE-2007-5722 (Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx ...) NOT-FOR-US: GlobalLink CVE-2007-5721 (PHP remote file inclusion vulnerability in _theme/breadcrumb.php in ...) NOT-FOR-US: MySpacePros MySpace Resource Script @@ -858,8 +928,8 @@ RESERVED CVE-2007-5604 RESERVED -CVE-2007-5603 - RESERVED +CVE-2007-5603 (Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender ...) + TODO: check CVE-2007-5602 RESERVED CVE-2007-5601 (Stack-based buffer overflow in the Database Component in MPAMedia.dll ...) @@ -2437,6 +2507,7 @@ CVE-2007-5117 (Multiple PHP remote file inclusion vulnerabilities in FrontAccounting ...) NOT-FOR-US: FrontAccounting CVE-2007-5116 [overflow in Perl''s regular expression compiler] + RESERVED - perl <unfixed> (medium) NOTE: http://public.activestate.com/cgi-bin/perlbrowse/30647 CVE-2003-1340 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 ...) @@ -3595,12 +3666,12 @@ - polipo 1.0.2-1 CVE-2007-4624 (Cross-site scripting (XSS) vulnerability in pframe.php in AbleDesign ...) NOT-FOR-US: AbleDesign Dynamic Picture Frame -CVE-2007-4623 - RESERVED -CVE-2007-4622 - RESERVED -CVE-2007-4621 - RESERVED +CVE-2007-4623 (Stack-based buffer overflow in the sendrmt function in bellmail in IBM ...) + TODO: check +CVE-2007-4622 (Integer underflow in the dns_name_fromtext function in (1) ...) + TODO: check +CVE-2007-4621 (Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain ...) + TODO: check CVE-2007-4620 RESERVED CVE-2007-4619 (Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC ...) @@ -3843,8 +3914,8 @@ NOT-FOR-US: Yahoo! Messenger CVE-2007-4514 RESERVED -CVE-2007-4513 - RESERVED +CVE-2007-4513 (Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow ...) + TODO: check CVE-2007-4512 (Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for ...) NOT-FOR-US: Sophos Anti-Virus for Windows CVE-2007-4511 (The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply ...) @@ -4504,8 +4575,8 @@ NOT-FOR-US: Trend Micro ServerProtect CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) ...) NOT-FOR-US: Trend Micro ServerProtect -CVE-2007-4217 - RESERVED +CVE-2007-4217 (Stack-based buffer overflow in the domacro function in ftp in IBM AIX ...) + TODO: check CVE-2007-4216 (vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before ...) NOT-FOR-US: ZoneAlarm CVE-2007-4215 @@ -4950,7 +5021,8 @@ NOT-FOR-US: Citrix CVE-2007-4016 (Unspecified vulnerability in the client components in Citrix Access ...) NOT-FOR-US: Citrix -CVE-2007-4015 (Citrix Access Gateway Advanced Edition before 4.5 HF1 allows attackers ...) +CVE-2007-4015 + REJECTED NOT-FOR-US: Citrix CVE-2007-4014 (Cross-site scripting (XSS) vulnerability in a certain index.php ...) NOT-FOR-US: Blix themes for WordPress @@ -15080,9 +15152,9 @@ NOT-FOR-US: Adobe Acrobat Reader Plugin CVE-2007-0043 (The Just In Time (JIT) Compiler service in Microsoft .NET Framework ...) NOT-FOR-US: Microsoft .NET -CVE-2007-0042 (ASP.NET in Microsoft .NET Framework 2.0 SP2 and earlier for Windows ...) +CVE-2007-0042 (Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, ...) NOT-FOR-US: Microsoft .NET -CVE-2007-0041 (The PE Loader service in Microsoft .NET Framework 2.0 SP2 and earlier ...) +CVE-2007-0041 (The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 ...) NOT-FOR-US: Microsoft .NET CVE-2007-0040 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft Windows @@ -15189,8 +15261,8 @@ RESERVED CVE-2007-0012 RESERVED -CVE-2007-0011 - RESERVED +CVE-2007-0011 (The web portal interface in Citrix Access Gateway (aka Citrix Advanced ...) + TODO: check CVE-2006-6836 (Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 ...) NOT-FOR-US: IBM CVE-2006-6835 (SQL injection vulnerability in Journal.inc.php in Neocrome Land Down ...)