thr3ads.net - Secure testing commits - [Secure-testing-commits] r7163

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Oct-31 21:14 UTC
[Secure-testing-commits] r7163 - data/CVE

Author: joeyh
Date: 2007-10-31 21:14:09 +0000 (Wed, 31 Oct 2007)
New Revision: 7163

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-10-31 18:55:03 UTC (rev 7162)
+++ data/CVE/list	2007-10-31 21:14:09 UTC (rev 7163)
@@ -1,4 +1,64 @@
-CVE-2007-5718 [insecure temporary file handling in vobcopy]
+CVE-2007-5739 (Directory traversal vulnerability in ...)
+	TODO: check
+CVE-2007-5738 (The FlashUpload component in Korean GHBoard uses a client-side
...)
+	TODO: check
+CVE-2007-5737 (Unrestricted file upload vulnerability in component/upload.jsp
in ...)
+	TODO: check
+CVE-2007-5736 (Unrestricted file upload vulnerability in upload.php in SeeBlick
1.0 ...)
+	TODO: check
+CVE-2007-5735 (eFileMan 7.1.0.87-88 stores sensitive information under the web
root ...)
+	TODO: check
+CVE-2007-5734 (Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88
allows ...)
+	TODO: check
+CVE-2007-5733 (Unrestricted file upload vulnerability in upload/upload.php in
...)
+	TODO: check
+CVE-2007-5732 (Directory traversal vulnerability in downloadfile.php in
eLouai''s ...)
+	TODO: check
+CVE-2007-5731 (Absolute path traversal vulnerability in Apache Jakarta Slide
2.1 and ...)
+	TODO: check
+CVE-2007-5730 (Heap-based buffer overflow in QEMU 0.8.2 allows local users to
execute ...)
+	TODO: check
+CVE-2007-5729 (The NE2000 emulator in QEMU 0.8.2 allows local users to execute
...)
+	TODO: check
+CVE-2007-5728 (Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to
4.1.1, ...)
+	TODO: check
+CVE-2007-5727 (Incomplete blacklist vulnerability in the stripScripts function
in ...)
+	TODO: check
+CVE-2007-5726 (Unspecified vulnerability in the Stream Control Transmission
Protocol ...)
+	TODO: check
+CVE-2007-5725 (Multiple cross-site scripting (XSS) vulnerabilities in
Smart-Shop ...)
+	TODO: check
+CVE-2007-5724 (Multiple cross-site scripting (XSS) vulnerabilities in Omnistar
Live ...)
+	TODO: check
+CVE-2007-5723 (Heap-based buffer overflow in the samp_send function in
nuauth/sasl.c ...)
+	TODO: check
+CVE-2007-5722 (Heap-based buffer overflow in a certain ActiveX control in
GLChat.ocx ...)
+	TODO: check
+CVE-2007-5721 (PHP remote file inclusion vulnerability in _theme/breadcrumb.php
in ...)
+	TODO: check
+CVE-2007-5720 (Unrestricted file upload vulnerability in the profiles script in
...)
+	TODO: check
+CVE-2007-5719 (SQL injection vulnerability in bb_func_search.php in miniBB 2.1
allows ...)
+	TODO: check
+CVE-2007-5717 (Unspecified vulnerability in Sun Fire X2100 M2 and X2200 M2
Embedded ...)
+	TODO: check
+CVE-2007-5716 (Unspecified vulnerability in the Internet Protocol (IP)
functionality ...)
+	TODO: check
+CVE-2007-5715 (DenyHosts 2.6 processes OpenSSH sshd &quot;not listed in
AllowUsers&quot; log ...)
+	TODO: check
+CVE-2007-5714 (The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user
account ...)
+	TODO: check
+CVE-2007-5713 (Off-by-one error in the GeoIP module in the AMX Mod X 1.76d
plugin for ...)
+	TODO: check
+CVE-2007-5712 (The internationalization (i18n) framework in Django 0.91, 0.95,
...)
+	TODO: check
+CVE-2007-5711 (Massive Entertainment World in Conflict 1.001 and earlier allows
...)
+	TODO: check
+CVE-2007-5710 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2007-5709 (Stack-based buffer overflow in Sony SonicStage CONNECT Player
(CP) 4.3 ...)
+	TODO: check
+CVE-2007-5718 (vobcopy 0.5.14 allows local users to append data to an arbitrary
file, ...)
 	- vopcopy <unfixed> (low; bug #448319)
 CVE-2007-5706 (Absolute path traversal vulnerability in download.php in Jeebles
...)
 	NOT-FOR-US: Jeebles
@@ -176,9 +236,9 @@
 	NOT-FOR-US: not processed, predates tracker
 CVE-2002-2307 (The default configuration of BenHur Firewall release 3 update
066 fix ...)
 	NOT-FOR-US: not processed, predates tracker
-CVE-2007-5707 [remote denial of service caused by double free in slapd]
+CVE-2007-5707 (OpenLDAP before 2.3.39 allows remote attackers to cause a denial
of ...)
 	- openldap2.3 2.3.38-1 (medium; bug #440632)
-CVE-2007-5708 [remote denial of service via unknown vectors]
+CVE-2007-5708 (slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before
2.3.39, ...)
 	- openldap2.3 <unfixed> (medium; bug #448644)
 CVE-2007-2983 (Multiple buffer overflows in the British Telecommunications
Consumer ...)
 	NOT-FOR-US: British Telecommunications Consumer webhelper
@@ -1453,7 +1513,7 @@
 	- mozilla-thunderbird <removed>
 	NOTE: xulrunner 1.8.1.6-1 still vulnerable
 	NOTE: MFSA2007-29
-CVE-2007-5338 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows
...)
+CVE-2007-5338 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow
remote ...)
 	{DSA-1396-1 DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1
 	- xulrunner <unfixed>
@@ -2681,12 +2741,12 @@
 	RESERVED
 CVE-2007-4864
 	RESERVED
-CVE-2007-4863
-	RESERVED
-CVE-2007-4862
-	RESERVED
-CVE-2007-4861
-	RESERVED
+CVE-2007-4863 (SQL injection vulnerability in example.php in SAXON 5.4 allows
remote ...)
+	TODO: check
+CVE-2007-4862 (Cross-site scripting (XSS) vulnerability in admin/menu.php in
SAXON ...)
+	TODO: check
+CVE-2007-4861 (SAXON 5.4, with display_errors enabled, allows remote attackers
to ...)
+	TODO: check
 CVE-2007-4860
 	RESERVED
 CVE-2007-4859
@@ -3883,8 +3943,8 @@
 	RESERVED
 CVE-2007-4349
 	RESERVED
-CVE-2007-4348
-	RESERVED
+CVE-2007-4348 (Cross-site scripting (XSS) vulnerability in the CAD service in
IBM ...)
+	TODO: check
 CVE-2007-4347
 	RESERVED
 CVE-2007-4346
@@ -4030,8 +4090,8 @@
 	NOT-FOR-US: FrontAccounting
 CVE-2007-4278 (Stack-based buffer overflow in the giomgr process in ESRI ArcSDE
...)
 	NOT-FOR-US: ESRI ArcSDE
-CVE-2007-4277
-	RESERVED
+CVE-2007-4277 (The Trend Micro AntiVirus scan engine before 8.550-1001, as used
in ...)
+	TODO: check
 CVE-2007-4276 (Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15
and 9.1 ...)
 	NOT-FOR-US: IBM DB2
 CVE-2007-4275 (Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8
before ...)
@@ -11066,13 +11126,12 @@
 CVE-2007-1324 (SnapGear 560, 585, 580, 640, 710, and 720 appliances before the
...)
 	NOT-FOR-US: SnapGear
 CVE-2007-1323
-	RESERVED
+	REJECTED
 	{DSA-1284-1 DTSA-38-1}
 CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by
executing ...)
 	{DSA-1284-1 DTSA-38-1}
 	- qemu 0.9.0-2 (bug #424070)
-CVE-2007-1321
-	RESERVED
+CVE-2007-1321 (Integer signedness error in the NE2000 emulator in QEMU 0.8.2
allows ...)
 	{DSA-1284-1 DTSA-38-1}
 	- qemu 0.9.0-2 (bug #424070)
 CVE-2007-1320 (Multiple heap-based buffer overflows in the
cirrus_invalidate_region ...)
@@ -11733,7 +11792,7 @@
 	NOT-FOR-US: Wiclear
 CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in
VirtueMart ...)
 	NOT-FOR-US: VirtueMart
-CVE-2007-1095 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 does
not ...)
+CVE-2007-1095 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not
...)
 	{DSA-1396-1 DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1 (low; bug #445514)
 	- xulrunner <unfixed>
Secure testing commits - Oct 2007 - r7163 - data/CVE

[Secure-testing-commits] r7163 - data/CVE
