joeyh at alioth.debian.org
2007-Jul-31 09:14 UTC
[Secure-testing-commits] r6192 - data/CVE
Author: joeyh Date: 2007-07-31 09:14:07 +0000 (Tue, 31 Jul 2007) New Revision: 6192 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-07-31 08:38:22 UTC (rev 6191) +++ data/CVE/list 2007-07-31 09:14:07 UTC (rev 6192) @@ -1,3 +1,177 @@ +CVE-2007-4116 (SQL injection vulnerability in philboard_forum.asp in Metyus Forum ...) + TODO: check +CVE-2007-4115 (Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) ...) + TODO: check +CVE-2007-4114 (Multiple SQL injection vulnerabilities in unuttum.asp in ...) + TODO: check +CVE-2007-4113 (Unspecified vulnerability in Advanced Webhost Billing System (AWBS) ...) + TODO: check +CVE-2007-4112 (Multiple SQL injection vulnerabilities in Advanced Webhost Billing ...) + TODO: check +CVE-2007-4111 (SQL injection vulnerability in the login script in Real Estate listing ...) + TODO: check +CVE-2007-4110 (SQL injection vulnerability in sign_in.aspx in Message Board / ...) + TODO: check +CVE-2007-4109 (SQL injection vulnerability in sign_in.aspx in WebStore (Online Store ...) + TODO: check +CVE-2007-4108 (SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event ...) + TODO: check +CVE-2007-4107 (SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 ...) + TODO: check +CVE-2007-4106 (SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - ...) + TODO: check +CVE-2007-4105 (A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 ...) + TODO: check +CVE-2007-4104 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) + TODO: check +CVE-2007-4103 (The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before ...) + TODO: check +CVE-2007-4102 (Cross-site scripting (XSS) vulnerability in search.php for sBlog 0.7.3 ...) + TODO: check +CVE-2007-4101 (Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 ...) + TODO: check +CVE-2007-4100 (MLDonkey before 2.9.0 does not load certain code from ...) + TODO: check +CVE-2007-4099 (Tor before 0.1.2.15 can select a guard node beyond the first listed ...) + TODO: check +CVE-2007-4098 (Tor before 0.1.2.15 does not properly distinguish "streamids from ...) + TODO: check +CVE-2007-4097 (Tor before 0.1.2.15 sends "destroy cells" containing the reason for ...) + TODO: check +CVE-2007-4096 (Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, ...) + TODO: check +CVE-2007-4095 (SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows ...) + TODO: check +CVE-2007-4094 (PHP remote file inclusion vulnerability in library/authorize.php in ...) + TODO: check +CVE-2007-4093 (Minb Is Not a Blog (minb) stores sensitive information under the web ...) + TODO: check +CVE-2007-4092 (Directory traversal vulnerability in index.php in iFoto 1.0.1 and ...) + TODO: check +CVE-2007-4091 + RESERVED +CVE-2007-4090 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...) + TODO: check +CVE-2007-4089 (Vikingboard 0.1.2 allows remote attackers to obtain sensitive ...) + TODO: check +CVE-2007-4088 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...) + TODO: check +CVE-2007-4087 (AlstraSoft Video Share Enterprise allows remote attackers to obtain ...) + TODO: check +CVE-2007-4086 (Multiple SQL injection vulnerabilities in AlstraSoft Video Share ...) + TODO: check +CVE-2007-4085 (Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow ...) + TODO: check +CVE-2007-4084 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...) + TODO: check +CVE-2007-4083 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...) + TODO: check +CVE-2007-4082 (Cross-site scripting (XSS) vulnerability in contact_author.php ...) + TODO: check +CVE-2007-4081 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...) + TODO: check +CVE-2007-4080 (Cross-site scripting (XSS) vulnerability in index.php AlstraSoft ...) + TODO: check +CVE-2007-4079 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS ...) + TODO: check +CVE-2007-4078 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text ...) + TODO: check +CVE-2007-4077 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...) + TODO: check +CVE-2007-4076 (Multiple SQL injection vulnerabilities in index.asp in Alisveris ...) + TODO: check +CVE-2007-4075 (Cross-site scripting (XSS) vulnerability in index.asp in Alisveris ...) + TODO: check +CVE-2007-4074 (The default configuration of Centre for Speech Technology Research ...) + TODO: check +CVE-2007-4073 (Webbler CMS before 3.1.6 does not properly restrict use of "mail a ...) + TODO: check +CVE-2007-4072 (Webbler CMS before 3.1.6 provides the full installation path within ...) + TODO: check +CVE-2007-4071 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check +CVE-2007-4070 (Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun ...) + TODO: check +CVE-2007-4069 (SQL injection vulnerability in show_cat.php in IndexScript 2.8 and ...) + TODO: check +CVE-2007-4068 (Multiple SQL injection vulnerabilities in Webyapar 2.0 allow remote ...) + TODO: check +CVE-2007-4067 (Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ...) + TODO: check +CVE-2007-4066 + RESERVED +CVE-2007-4065 + RESERVED +CVE-2007-4064 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x ...) + TODO: check +CVE-2007-4063 (Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal ...) + TODO: check +CVE-2007-4062 (The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus ...) + TODO: check +CVE-2007-4061 (Directory traversal vulnerability in a certain ActiveX control in ...) + TODO: check +CVE-2007-4060 (Multiple buffer overflows in the HttpSprockMake function in http.c in ...) + TODO: check +CVE-2007-4059 (Absolute path traversal vulnerability in a certain ActiveX control in ...) + TODO: check +CVE-2007-4058 (Absolute path traversal vulnerability in a certain ActiveX control in ...) + TODO: check +CVE-2007-4057 (Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio ...) + TODO: check +CVE-2007-4056 (SQL injection vulnerability in directory.php in Adult Directory allows ...) + TODO: check +CVE-2007-4055 (SQL injection vulnerability in comments_get.asp in SimpleBlog 3.0 ...) + TODO: check +CVE-2007-4054 (SQL injection vulnerability in category.php in PHP123 Top Sites allows ...) + TODO: check +CVE-2007-4053 (SQL injection vulnerability in include/img_view.class.php in LinPHA ...) + TODO: check +CVE-2007-4052 (Cross-site scripting (XSS) vulnerability in utilities/login.asp in ...) + TODO: check +CVE-2007-4051 (Heap-based buffer overflow in the FindFiles function in UltraDefrag ...) + TODO: check +CVE-2007-4050 (Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta ...) + TODO: check +CVE-2007-4049 (Cross-site scripting (XSS) vulnerability in the printenv.pl test CGI ...) + TODO: check +CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo ...) + TODO: check +CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for (1) ...) + TODO: check +CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery ...) + TODO: check +CVE-2007-4045 (The CUPS service on SUSE Linux before 20070720 allows remote attackers ...) + TODO: check +CVE-2007-4044 (Incomplete blacklist vulnerability in the MS-RPC functionality in smbd ...) + TODO: check +CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...) + TODO: check +CVE-2007-4042 (Multiple argument injection vulnerabilities in Netscape Navigator 9 ...) + TODO: check +CVE-2007-4041 (Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 ...) + TODO: check +CVE-2007-4040 (Argument injection vulnerability involving Microsoft Outlook and ...) + TODO: check +CVE-2007-4039 (Argument injection vulnerability involving Mozilla, when certain URIs ...) + TODO: check +CVE-2007-4038 (Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, ...) + TODO: check +CVE-2007-4037 (** DISPUTED ** Guidance Software EnCase allows user-assisted remote ...) + TODO: check +CVE-2007-4036 (** DISPUTED ** Guidance Software EnCase allows user-assisted remote ...) + TODO: check +CVE-2007-4035 (** DISPUTED ** Guidance Software EnCase does not properly handle (1) ...) + TODO: check +CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 ActiveX control ...) + TODO: check +CVE-2007-4033 (Buffer overflow in php_gd2.dll in the gd (PHP_GD2) extension in PHP ...) + TODO: check +CVE-2007-4032 (Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted remote ...) + TODO: check +CVE-2007-4031 (Directory traversal vulnerability in a certain ActiveX control in ...) + TODO: check +CVE-2007-4030 + RESERVED CVE-2007-XXXX [Drupal CSRF] - drupal5 5.2-1 (low) NOTE: DRUPAL-SA-2007-017 @@ -50,7 +224,7 @@ TODO: check CVE-2007-4009 (PHP remote file inclusion vulnerability in ...) TODO: check -CVE-2007-4008 (Directory traversal vulnerability in custom.php in Entertainment CMS ...) +CVE-2007-4008 (Directory traversal vulnerability in custom.php in Entertainment Media ...) TODO: check CVE-2007-4007 (PHP remote file inclusion vulnerability in index.php in Article ...) TODO: check @@ -58,7 +232,7 @@ TODO: check CVE-2007-4005 (Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) ...) TODO: check -CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 allows local ...) +CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows ...) TODO: check CVE-2007-4003 (pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code ...) TODO: check @@ -244,8 +418,8 @@ RESERVED CVE-2007-3912 RESERVED -CVE-2007-3911 - RESERVED +CVE-2007-3911 (Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka ...) + TODO: check CVE-2007-3910 (Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows ...) TODO: check CVE-2007-3909 (Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow ...) @@ -1049,8 +1223,8 @@ TODO: check CVE-2007-3533 (The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote ...) TODO: check -CVE-2007-3532 - RESERVED +CVE-2007-3532 (nvidia-drivers before 1.0.7185, 1.0.9639, and 100.14.11, as used in ...) + TODO: check CVE-2007-3531 (The set_default_speeds function in backend/backend.c in NVidia NVClock ...) TODO: check CVE-2007-3530 (PHPDirector 0.21 and earlier stores the admin account name and ...) @@ -1412,8 +1586,8 @@ NOT-FOR-US: eNdonesia CVE-2007-3388 RESERVED -CVE-2007-3387 - RESERVED +CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor function in ...) + TODO: check CVE-2007-3386 RESERVED CVE-2007-3385 @@ -1558,7 +1732,7 @@ NOT-FOR-US: PHPEcho CMS CVE-2007-3334 (Multiple heap-based buffer overflows in the (1) Communications Server ...) NOT-FOR-US: Ingres -CVE-2007-3333 (Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 allows ...) +CVE-2007-3333 (Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 ...) TODO: check CVE-2007-3332 (Directory traversal vulnerability in Satellite.php in Satel Lite for ...) NOT-FOR-US: Satel Lite for PhpNuke @@ -2098,8 +2272,8 @@ - linux-2.6 <unfixed> CVE-2007-3106 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows ...) TODO: check -CVE-2007-3105 - RESERVED +CVE-2007-3105 (Stack-based buffer overflow in the random number generator (RNG) ...) + TODO: check CVE-2007-3104 (The sysfs_readdir function in the Linux kernel in Red Hat Enterprise ...) - linux-2.6 <unfixed> CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on Red Hat ...) @@ -2436,8 +2610,8 @@ RESERVED CVE-2007-2954 RESERVED -CVE-2007-2953 - RESERVED +CVE-2007-2953 (Format string vulnerability in the helptags_one function in ...) + TODO: check CVE-2007-2952 RESERVED CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc ...) @@ -2601,8 +2775,8 @@ - linux-2.6 2.6.21-5 (medium) CVE-2007-2875 (Integer underflow in the cpuset_tasks_read function in the Linux ...) - linux-2.6 2.6.21-5 (medium) -CVE-2007-2874 - RESERVED +CVE-2007-2874 (Buffer overflow in the wpa_printf function in the debugging code in ...) + TODO: check CVE-2007-2873 (SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as ...) - spamassassin 3.2.1-1 (low) CVE-2007-2872 (Multiple integer overflows in the chunk_split function in PHP 5 before ...) @@ -6190,8 +6364,8 @@ - tomcat4 <removed> (low) - tomcat5 <unfixed> (low) - tomcat5.5 <unfixed> (low) -CVE-2007-1354 - RESERVED +CVE-2007-1354 (The Access Control functionality (JMXOpsAccessControlFilter) in JMX ...) + TODO: check CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support in the ...) - linux-2.6 <unfixed> (low) CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org libXfont ...)