joeyh at alioth.debian.org
2007-Sep-27 21:14 UTC
[Secure-testing-commits] r6727 - data/CVE
Author: joeyh
Date: 2007-09-27 21:14:10 +0000 (Thu, 27 Sep 2007)
New Revision: 6727
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-09-27 12:39:11 UTC (rev 6726)
+++ data/CVE/list 2007-09-27 21:14:10 UTC (rev 6727)
@@ -1,3 +1,73 @@
+CVE-2007-5115 (Multiple PHP remote file inclusion vulnerabilities in Ekke
Doerre ...)
+ TODO: check
+CVE-2007-5114 (** DISPUTED ** PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-5113 (report.cgi in Google Urchin allows remote attackers to bypass
...)
+ TODO: check
+CVE-2007-5112 (Cross-site scripting (XSS) vulnerability in session.cgi (aka the
login ...)
+ TODO: check
+CVE-2007-5111 (A certain ActiveX control in EBCRYPT.DLL 2.0 in EB Design
ebCrypt ...)
+ TODO: check
+CVE-2007-5110 (Absolute path traversal vulnerability in the ...)
+ TODO: check
+CVE-2007-5109 (Cross-site request forgery (CSRF) vulnerability in index.php in
...)
+ TODO: check
+CVE-2007-5108 (Unspecified vulnerability in IAC Search & Media ask.com
toolbar has ...)
+ TODO: check
+CVE-2007-5107 (Stack-based buffer overflow in the
AskJeevesToolBar.SettingsPlugin.1 ...)
+ TODO: check
+CVE-2007-5106 (Cross-site scripting (XSS) vulnerability in wp-register.php in
...)
+ TODO: check
+CVE-2007-5105 (Cross-site scripting (XSS) vulnerability in wp-register.php in
...)
+ TODO: check
+CVE-2007-5104 (SQL injection vulnerability in index.php in the Arcade module in
bcoos ...)
+ TODO: check
+CVE-2007-5103 (Directory traversal vulnerability in config.inc.php in Wordsmith
1.0 ...)
+ TODO: check
+CVE-2007-5102 (PHP remote file inclusion vulnerability in config.inc.php in
Wordsmith ...)
+ TODO: check
+CVE-2007-5101 (ChironFS before 1.0 RC7 sets user/group ownership to the mounter
...)
+ TODO: check
+CVE-2007-5100 (Multiple PHP remote file inclusion vulnerabilities in phpBB Plus
1.53, ...)
+ TODO: check
+CVE-2007-5099 (PHP remote file inclusion vulnerability in show.php in David
Watters ...)
+ TODO: check
+CVE-2007-5098 (Multiple PHP remote file inclusion vulnerabilities in DFD Cart
1.1.4 ...)
+ TODO: check
+CVE-2007-5097 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-5096 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-5095 (Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes
...)
+ TODO: check
+CVE-2007-5094 (Heap-based buffer overflow in iaspam.dll in the SMTP Server in
...)
+ TODO: check
+CVE-2007-5093 (The disconnect method in the Philips USB Webcam (pwc) driver in
Linux ...)
+ TODO: check
+CVE-2007-5092 (Directory traversal vulnerability in index.php in the Dance
Music ...)
+ TODO: check
+CVE-2007-5091 (Multiple cross-site scripting (XSS) vulnerabilities in
eGroupWare ...)
+ TODO: check
+CVE-2007-5090 (Unspecified vulnerability in IBM Rational ClearQuest (CQ), when
a ...)
+ TODO: check
+CVE-2007-5089 (PHP remote file inclusion vulnerability in php-inc/log.inc.php
in ...)
+ TODO: check
+CVE-2007-5088 (Cross-site scripting (XSS) vulnerability in
search/cust_bill_event.cgi ...)
+ TODO: check
+CVE-2007-5087 (The ATM module in the Linux kernel before 2.4.35.3, when CLIP
support ...)
+ TODO: check
+CVE-2007-5086 (Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125
do not ...)
+ TODO: check
+CVE-2007-5085 (Unspecified vulnerability in the management EJB (MEJB) in Apache
...)
+ TODO: check
+CVE-2007-5084
+ RESERVED
+CVE-2007-5083
+ RESERVED
+CVE-2007-5082
+ RESERVED
+CVE-2002-2227 (Buffer underflow in ssldump 0.9b2 and earlier allows remote
attackers ...)
+ TODO: check
CVE-2007-5081
RESERVED
CVE-2007-5080
@@ -44,7 +114,7 @@
NOT-FOR-US: XCMS
CVE-2007-5059 (Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL
allow ...)
NOT-FOR-US: GreenSQL
-CVE-2007-5058 (Cross-site scripting (XSS) vulnerability in the Monitor Web
Syslog ...)
+CVE-2007-5058 (Cross-site scripting (XSS) vulnerability in the Web
administration ...)
NOT-FOR-US: Barracuda
CVE-2007-5057 (NetSupport Manager Client before 10.20.0004 allows remote
attackers to ...)
NOT-FOR-US: NetSupport Manager Client
@@ -476,8 +546,8 @@
RESERVED
CVE-2007-4875
RESERVED
-CVE-2007-4874
- RESERVED
+CVE-2007-4874 (Multiple cross-site scripting (XSS) vulnerabilities in SimpNews
...)
+ TODO: check
CVE-2007-4873
RESERVED
CVE-2007-4872
@@ -1162,8 +1232,7 @@
- linux-2.6 <unfixed> (medium)
CVE-2007-4572
RESERVED
-CVE-2007-4571
- RESERVED
+CVE-2007-4571 (The snd_mem_proc_read function in sound/core/memalloc.c in the
...)
- linux-2.6 <unfixed> (low)
NOTE: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
NOTE:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212
@@ -2356,7 +2425,7 @@
NOT-FOR-US: Guidance Software
CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka
Yahoo! ...)
NOT-FOR-US: Yahoo! Widgets
-CVE-2007-4033 (Buffer overflow in php_gd2.dll in the gd (PHP_GD2) extension in
PHP ...)
+CVE-2007-4033 (Buffer overflow in the intT1_EnvGetCompletePath function in ...)
- t1lib 5.1.0-3 (bug #439927)
NOTE: originally posted as a php vuln, actually in libt1
NOTE: http://www.securityfocus.com/bid/25079 (particularly the discussions)
@@ -5233,7 +5302,7 @@
CVE-2007-2835 (Multiple stack-based buffer overflows in (1) CCE_pinyin.c and
(2) ...)
{DSA-1328-1}
- unicon 3.0.4-12 (bug #431336)
-CVE-2007-2834 (Integer overflow in the TIFF parser in OpenOffice.org (OOo)
before 2.3 ...)
+CVE-2007-2834 (Integer overflow in the TIFF parser in OpenOffice.org (OOo)
before ...)
{DSA-1375-1}
- openoffice.org 2.2.1-9 (medium)
CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of
service ...)