joeyh at alioth.debian.org
2007-Oct-01 21:14 UTC
[Secure-testing-commits] r6758 - data/CVE
Author: joeyh
Date: 2007-10-01 21:14:07 +0000 (Mon, 01 Oct 2007)
New Revision: 6758
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-10-01 20:57:29 UTC (rev 6757)
+++ data/CVE/list 2007-10-01 21:14:07 UTC (rev 6758)
@@ -1,9 +1,118 @@
-CVE-2007-5135 [off-by-one buffer overflow in SSL_get_shared_ciphers() of
openssl]
+CVE-2007-5169
+ RESERVED
+CVE-2007-5168 (Multiple PHP remote file inclusion vulnerabilities in ClanLite
...)
+ TODO: check
+CVE-2007-5167 (PHP remote file inclusion vulnerability in
.systeme/fonctions.php in ...)
+ TODO: check
+CVE-2007-5166 (Multiple PHP remote file inclusion vulnerabilities in SiteSys
1.0a ...)
+ TODO: check
+CVE-2007-5165 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-5164 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-5163 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-5162 (The connect method in lib/net/http.rb in the (1) Net::HTTP and
(2) ...)
+ TODO: check
+CVE-2007-5161 (Cross-site scripting (XSS) vulnerability in the internal browser
in ...)
+ TODO: check
+CVE-2007-5160 (Multiple PHP remote file inclusion vulnerabilities in Thierry
Leriche ...)
+ TODO: check
+CVE-2007-5159 (The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an
ntfs-3g ...)
+ TODO: check
+CVE-2007-5158 (The focus handling for the onkeydown event in Microsoft Internet
...)
+ TODO: check
+CVE-2007-5157 (PHP remote file inclusion vulnerability in phfito-post.php in
Alex ...)
+ TODO: check
+CVE-2007-5156 (Incomplete blacklist vulnerability in ...)
+ TODO: check
+CVE-2007-5155 (IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect
...)
+ TODO: check
+CVE-2007-5154 (Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and
...)
+ TODO: check
+CVE-2007-5153 (Unspecified vulnerability in Sun Java System Access Manager 7.1,
when ...)
+ TODO: check
+CVE-2007-5152 (Sun Java System Access Manager 7.1, when installed in a Sun Java
...)
+ TODO: check
+CVE-2007-5151 (SQL injection vulnerability in the abget_admin function in ...)
+ TODO: check
+CVE-2007-5150 (SQL injection vulnerability in the is_god function in ...)
+ TODO: check
+CVE-2007-5149 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-5148 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-5147 (Multiple PHP remote file inclusion vulnerabilities in Puzzle
Apps CMS ...)
+ TODO: check
+CVE-2007-5146 (Multiple PHP remote file inclusion vulnerabilities in dedi-group
Der ...)
+ TODO: check
+CVE-2007-5145 (Multiple buffer overflows in system DLL files in Microsoft
Windows XP, ...)
+ TODO: check
+CVE-2007-5144 (Buffer overflow in the GDI engine in Windows Live Messenger, as
used ...)
+ TODO: check
+CVE-2007-5143 (F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition
allows ...)
+ TODO: check
+CVE-2007-5142 (Cross-site scripting (XSS) vulnerability in buscar.asp in
Solidweb ...)
+ TODO: check
+CVE-2007-5141 (SQL injection vulnerability in search.php in SiteX CMS 0.7.3
Beta ...)
+ TODO: check
+CVE-2007-5140 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-5139 (PHP remote file inclusion vulnerability in
admin/include/header.php in ...)
+ TODO: check
+CVE-2007-5138 (PHP remote file inclusion vulnerability in forum/forum.php in
...)
+ TODO: check
+CVE-2007-5137 (Buffer overflow in the ReadImage function in generic/tkImgGIF.c
in Tcl ...)
+ TODO: check
+CVE-2007-5136 (Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and
earlier ...)
+ TODO: check
+CVE-2007-5134 (Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP
...)
+ TODO: check
+CVE-2007-5133 (Microsoft Windows Explorer (explorer.exe) allows user-assisted
remote ...)
+ TODO: check
+CVE-2007-5132 (Race condition in the kernel in Sun Solaris 8 through 10 allows
local ...)
+ TODO: check
+CVE-2007-5131 (SQL injection vulnerability in index.php in Interspire ActiveKB
NX 2.x ...)
+ TODO: check
+CVE-2007-5130 (SimpGB 1.46.02 allows remote attackers to obtain sensitive
information ...)
+ TODO: check
+CVE-2007-5129 (SimpGB 1.46.02 stores sensitive information under the web root
with ...)
+ TODO: check
+CVE-2007-5128 (SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used,
allows ...)
+ TODO: check
+CVE-2007-5127 (Multiple cross-site scripting (XSS) vulnerabilities in SimpGB
1.46.02 ...)
+ TODO: check
+CVE-2007-5126 (Unspecified vulnerability in the client in Symantec Veritas
Backup ...)
+ TODO: check
+CVE-2007-5125
+ REJECTED
+ TODO: check
+CVE-2007-5124 (The embedded Internet Explorer server control in AOL Instant
Messenger ...)
+ TODO: check
+CVE-2007-5123 (SQL injection vulnerability in notas.asp in Novus 1.0 allows
remote ...)
+ TODO: check
+CVE-2007-5122 (SQL injection vulnerability in store_info.php in SoftBiz
Classifieds ...)
+ TODO: check
+CVE-2007-5121 (Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta
...)
+ TODO: check
+CVE-2007-5120 (Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki
2.4.103 ...)
+ TODO: check
+CVE-2007-5119 (JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to
obtain ...)
+ TODO: check
+CVE-2007-5118 (Unspecified vulnerability in the HID (Human Interface Device)
class ...)
+ TODO: check
+CVE-2007-5117 (Multiple PHP remote file inclusion vulnerabilities in
FrontAccounting ...)
+ TODO: check
+CVE-2007-5116
+ RESERVED
+CVE-2003-1340 (Multiple SQL injection vulnerabilities in Francisco Burzi
PHP-Nuke 5.6 ...)
+ TODO: check
+CVE-2007-5135 (Off-by-one error in the SSL_get_shared_ciphers function in
OpenSSL ...)
- openssl 0.9.8e-9 (high; bug #444435)
NOTE: see https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/146269
CVE-2007-5115 (Multiple PHP remote file inclusion vulnerabilities in Ekke
Doerre ...)
NOT-FOR-US: Ekke Doerre Contenido
-CVE-2007-5114 (** DISPUTED ** PHP remote file inclusion vulnerability in ...)
+CVE-2007-5114 (** DISPUTED ** ...)
NOT-FOR-US: phpmyProfiler
CVE-2007-5113 (report.cgi in Google Urchin allows remote attackers to bypass
...)
NOT-FOR-US: Google Urchin
@@ -92,7 +201,7 @@
RESERVED
CVE-2007-5073
RESERVED
-CVE-2007-5072 (Unspecified vulnerability in Simple PHP Blog before 0.5.1 has
unknown ...)
+CVE-2007-5072 (Multiple cross-site scripting (XSS) vulnerabilities in Simple
PHP Blog ...)
NOT-FOR-US: Simple PHP Blog
CVE-2007-5071 (Incomplete blacklist vulnerability in upload_img_cgi.php in
Simple PHP ...)
NOT-FOR-US: Simple PHP Blog
@@ -138,7 +247,9 @@
- phpgedview <unfixed> (low; bug #443901)
CVE-2007-5050 (Directory traversal vulnerability in index.php in Neuron News
1.0 ...)
NOT-FOR-US: Neuron News
-CVE-2007-5049 (Stack-based buffer overflow in the StreamPredictor::getNextLine
...)
+CVE-2007-5049
+ REJECTED
+ {DTSA-62-1}
- poppler 0.5.4-6.2 (medium; bug #443903)
- gpdf <removed>
- xpdf 3.02-1.2 (medium; bug #443906)
@@ -209,7 +320,8 @@
NOT-FOR-US: VMware
CVE-2007-5022 (Unspecified vulnerability in certain IBM Tivoli Storage Manager
(TSM) ...)
NOT-FOR-US: IBM Tivoli Storage Manager
-CVE-2007-5021 (Buffer overflow in the Client Acceptor Daemon (CAD) in certain
IBM ...)
+CVE-2007-5021
+ REJECTED
NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2007-5020 (Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on
Windows ...)
NOT-FOR-US: Acrobat Reader
@@ -294,8 +406,7 @@
RESERVED
CVE-2007-4994
RESERVED
-CVE-2007-4993 [xen priviledge escalation]
- RESERVED
+CVE-2007-4993 (pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting
a ...)
- xen-3.0 <removed>
[etch] - xen-3.0 <unfixed> (medium; bug #444430)
CVE-2007-4992
@@ -390,7 +501,7 @@
NOT-FOR-US: OmniStar Article Manager
CVE-2007-4951 (** DISPUTED ** ...)
NOT-FOR-US: YaPiG
-CVE-2007-4950 (** DISPUTED ** PHP remote file inclusion vulnerability in ...)
+CVE-2007-4950 (** DISPUTED ** ...)
NOT-FOR-US: Phportal
CVE-2007-4949 (** DISPUTED ** ...)
NOT-FOR-US: phpreactor
@@ -491,7 +602,7 @@
NOT-FOR-US: Ultra Crypto Component
CVE-2007-4902 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
NOT-FOR-US: Ultra Crypto Component
-CVE-2007-4901 (Unspecified vulnerability in AOL Instant Messenger (AIM)
6.1.41.2 ...)
+CVE-2007-4901 (The embedded Internet Explorer server control in AOL Instant
Messenger ...)
NOT-FOR-US: AOL Instant Messenger
CVE-2007-4900 (Cross-site scripting (XSS) vulnerability in the logon page in
RSA ...)
NOT-FOR-US: RSA EnVision
@@ -544,8 +655,8 @@
NOT-FOR-US: TechExcel CustomerWise
CVE-2007-4881 (SQL injection vulnerability in profile/myprofile.php in
psi-labs.com ...)
NOT-FOR-US: Psilabs
-CVE-2007-4880
- RESERVED
+CVE-2007-4880 (Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe,
in ...)
+ TODO: check
CVE-2007-4879 (Mozilla Firefox 2.0.x can automatically install TLS client ...)
- iceweasel <unfixed> (low; bug #444803)
- iceape <unfixed> (low; bug #444805)
@@ -561,10 +672,10 @@
RESERVED
CVE-2007-4874 (Multiple cross-site scripting (XSS) vulnerabilities in SimpNews
...)
NOT-FOR-US: SimpNews
-CVE-2007-4873
- RESERVED
-CVE-2007-4872
- RESERVED
+CVE-2007-4873 (SimpNews 2.41.03 stores sensitive information under the web root
with ...)
+ TODO: check
+CVE-2007-4872 (SimpNews 2.41.03 allows remote attackers to obtain sensitive
...)
+ TODO: check
CVE-2007-4871
RESERVED
CVE-2007-4870
@@ -1008,8 +1119,8 @@
RESERVED
CVE-2007-4672
RESERVED
-CVE-2007-4671
- RESERVED
+CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1 allows
...)
+ TODO: check
CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown impact
and ...)
- php5 <unfixed> (unimportant)
- php4 <removed> (unimportant)
@@ -3076,24 +3187,24 @@
[sarge] - kdebase <no-dsa> (Minor issue)
[etch] - kdebase <no-dsa> (Minor issue)
NOTE: http://marc.info/?l=full-disclosure&m=118437069815691&w=2
-CVE-2007-3761
- RESERVED
-CVE-2007-3760
- RESERVED
-CVE-2007-3759
- RESERVED
-CVE-2007-3758
- RESERVED
-CVE-2007-3757
- RESERVED
-CVE-2007-3756
- RESERVED
-CVE-2007-3755
- RESERVED
-CVE-2007-3754
- RESERVED
-CVE-2007-3753
- RESERVED
+CVE-2007-3761 (Cross-site scripting (XSS) vulnerability in Safari in Apple
iPhone ...)
+ TODO: check
+CVE-2007-3760 (Cross-site scripting (XSS) vulnerability in Safari in Apple
iPhone ...)
+ TODO: check
+CVE-2007-3759 (Safari in Apple iPhone 1.1.1, when requested to disable
Javascript, ...)
+ TODO: check
+CVE-2007-3758 (Safari in Apple iPhone 1.1.1 allows remote attackers to set
Javascript ...)
+ TODO: check
+CVE-2007-3757 (Safari in Apple iPhone 1.1.1 allows remote user-assisted
attackers to ...)
+ TODO: check
+CVE-2007-3756 (Safari in Apple iPhone 1.1.1 allows remote attackers to obtain
...)
+ TODO: check
+CVE-2007-3755 (Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers
to ...)
+ TODO: check
+CVE-2007-3754 (Mail in Apple iPhone 1.1.1, when using SSL, does not warn the
user ...)
+ TODO: check
+CVE-2007-3753 (Apple iPhone 1.1.1, with Bluetooth enabled, allows physically
...)
+ TODO: check
CVE-2007-3752 (Heap-based buffer overflow in Apple iTunes before 7.4 allows
remote ...)
NOT-FOR-US: iTunes
CVE-2007-3751
@@ -3952,7 +4063,7 @@
- qt4-x11 4.3.0-5
NOTE: there is some dissagreement whether qt4 is affected
CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor
function in ...)
- {DSA-1357-1 DSA-1355-1 DSA-1354-1 DSA-1352-1 DSA-1350-1 DSA-1349-1 DSA-1348-1
DSA-1347-1 DTSA-49-1 DTSA-50-1 DTSA-54-1}
+ {DSA-1357-1 DSA-1355-1 DSA-1354-1 DSA-1352-1 DSA-1350-1 DSA-1349-1 DSA-1348-1
DSA-1347-1 DTSA-49-1 DTSA-50-1 DTSA-54-1 DTSA-62-1}
- poppler 0.5.4-6.1 (bug #435460)
- gpdf <removed>
- xpdf 3.02-1.1 (bug #435462)
@@ -28727,7 +28838,7 @@
NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4602 (SQL injection vulnerability in inc/function_upload.php in MyBB
before ...)
NOT-FOR-US: MyBB (aka MyBulletinBoard)
-CVE-2005-4600 (tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows
remote ...)
+CVE-2005-4600 (Directory traversal vulnerability in tiny_mce_gzip.php in
TinyMCE ...)
TODO: check wordpress
NOTE: pinged maintainer
- knowledgeroot <not-affected> (fixed before first upload; see bug
#381912)