thr3ads.net - Secure testing commits - [Secure-testing-commits] r6043

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Jun-21 21:14 UTC
[Secure-testing-commits] r6043 - data/CVE

Author: joeyh
Date: 2007-06-21 21:14:08 +0000 (Thu, 21 Jun 2007)
New Revision: 6043

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-06-21 18:27:42 UTC (rev 6042)
+++ data/CVE/list	2007-06-21 21:14:08 UTC (rev 6043)
@@ -1,3 +1,162 @@
+CVE-2007-4168
+	REJECTED
+	TODO: check
+CVE-2007-3322 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and
earlier SIP ...)
+	TODO: check
+CVE-2007-3321 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and
earlier SIP ...)
+	TODO: check
+CVE-2007-3320 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and
earlier SIP ...)
+	TODO: check
+CVE-2007-3319 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and
earlier SIP ...)
+	TODO: check
+CVE-2007-3318 (Buffer overflow in the Session Initiation Protocol (SIP) User
Access ...)
+	TODO: check
+CVE-2007-3317 (The Session Initiation Protocol (SIP) User Access Client (UAC)
message ...)
+	TODO: check
+CVE-2007-3316 (Multiple format string vulnerabilities in plugins in VideoLAN
VLC ...)
+	TODO: check
+CVE-2007-3315 (Multiple PHP remote file inclusion vulnerabilities in
YourFreeScreamer ...)
+	TODO: check
+CVE-2007-3314 (Stack-based buffer overflow in peviewer.spl in Altap Servant
...)
+	TODO: check
+CVE-2007-3313 (Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow
remote ...)
+	TODO: check
+CVE-2007-3312 (Directory traversal vulnerability in admin/plugin_manager.php in
...)
+	TODO: check
+CVE-2007-3311 (SQL injection vulnerability in print.php in the Articles 1.02
and ...)
+	TODO: check
+CVE-2007-3310 (Cross-site scripting (XSS) vulnerability in arama.asp in TDizin
allows ...)
+	TODO: check
+CVE-2007-3309 (Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2
allows ...)
+	TODO: check
+CVE-2007-3308 (Simple Machines Forum (SMF) 1.1.2 uses a concatenation method
with ...)
+	TODO: check
+CVE-2007-3307 (SQL injection vulnerability in game_listing.php in Solar Empire
...)
+	TODO: check
+CVE-2007-3306 (PHP remote file inclusion vulnerability in
crontab/run_billing.php in ...)
+	TODO: check
+CVE-2007-3305 (Heap-based buffer overflow in Cerulean Studios Trillian 3.x
before ...)
+	TODO: check
+CVE-2007-3304 (Apache httpd 1.3.37, and 2.0.59 and 2.2.4 with the Prefork MPM
module, ...)
+	TODO: check
+CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module,
allows ...)
+	TODO: check
+CVE-2007-3302
+	RESERVED
+CVE-2007-3301 (SQL injection vulnerability in forum/include/error/autherror.cfm
in ...)
+	TODO: check
+CVE-2007-3300 (Multiple F-Secure anti-virus products for Microsoft Windows and
Linux ...)
+	TODO: check
+CVE-2007-3299 (Cross-site scripting (XSS) vulnerability in AWFFull before
3.7.4, when ...)
+	TODO: check
+CVE-2007-3298 (SQL injection vulnerability in Spey before 0.4.1 allows remote
...)
+	TODO: check
+CVE-2007-3297 (Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21
allow ...)
+	TODO: check
+CVE-2007-3296 (The ThunderServer.webThunder.1 ActiveX control in xunlei Web
...)
+	TODO: check
+CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board
(YaBB) ...)
+	TODO: check
+CVE-2007-3294 (Multiple buffer overflows in the Tidy extension for PHP 5.2.3
allow ...)
+	TODO: check
+CVE-2007-3293 (SQL injection vulnerability in categoria.php in LiveCMS 3.4 and
...)
+	TODO: check
+CVE-2007-3292 (Unrestricted file upload vulnerability in LiveCMS 3.4 and
earlier ...)
+	TODO: check
+CVE-2007-3291 (Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and
earlier ...)
+	TODO: check
+CVE-2007-3290 (categoria.php in LiveCMS 3.4 and earlier allows remote attackers
to ...)
+	TODO: check
+CVE-2007-3289 (PHP remote file inclusion vulnerability in
spaw/spaw_control.class.php ...)
+	TODO: check
+CVE-2007-3288 (Cross-site scripting (XSS) vulnerability in the skeltoac stats
...)
+	TODO: check
+CVE-2007-3287
+	RESERVED
+CVE-2007-3286
+	RESERVED
+CVE-2007-3285 (Mozilla Firefox allows remote attackers to bypass file type
checks via ...)
+	TODO: check
+CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows
allows ...)
+	TODO: check
+CVE-2007-3283 (GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when
root ...)
+	TODO: check
+CVE-2007-3282 (Buffer overflow in the Microsoft Office MSODataSourceControl
ActiveX ...)
+	TODO: check
+CVE-2007-3281 (Cross-site scripting (XSS) vulnerability in index.php in Php
Hosting ...)
+	TODO: check
+CVE-2007-3280 (The Database Link library (dblink) in PostgreSQL 8.1 implements
...)
+	TODO: check
+CVE-2007-3279 (PostgreSQL 8.1 and probably later versions, when the PL/pgSQL
...)
+	TODO: check
+CVE-2007-3278 (PostgreSQL 8.1 and probably later versions, when local trust
...)
+	TODO: check
+CVE-2007-3277 (Unspecified vulnerability in the localization before 1.2 module
for ...)
+	TODO: check
+CVE-2007-3276 (Cross-site scripting (XSS) vulnerability in index.php in Site at
School ...)
+	TODO: check
+CVE-2007-3275 (MailWasher Server before 2.2.1, when used with LDAP or Active
...)
+	TODO: check
+CVE-2007-3274 (Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to
cause ...)
+	TODO: check
+CVE-2007-3273 (SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows
remote ...)
+	TODO: check
+CVE-2007-3272 (Directory traversal vulnerability in index.php in MiniBB 2.0.5
allows ...)
+	TODO: check
+CVE-2007-3271 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-3270 (PHP remote file inclusion vulnerability in
Includes/global.inc.php in ...)
+	TODO: check
+CVE-2007-3269 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo
Light 3.6 ...)
+	TODO: check
+CVE-2007-3268
+	RESERVED
+CVE-2007-3267 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime
Forum ...)
+	TODO: check
+CVE-2007-3266 (Directory traversal vulnerability in webif.cgi in ifnet WEBIF
allows ...)
+	TODO: check
+CVE-2007-3265 (Cross-site scripting (XSS) vulnerability in the Samples
component in ...)
+	TODO: check
+CVE-2007-3264 (Unspecified vulnerability in the PD tools component in IBM
WebSphere ...)
+	TODO: check
+CVE-2007-3263 (Unspecified vulnerability in the Default Messaging Component in
IBM ...)
+	TODO: check
+CVE-2007-3262 (Unspecified vulnerability in the Default Messaging Component in
IBM ...)
+	TODO: check
+CVE-2007-3261 (Cross-site scripting (XSS) vulnerability in
widgets/widget_search.php ...)
+	TODO: check
+CVE-2007-3260 (HP System Management Homepage (SMH) before 2.1.9 for Linux, when
used ...)
+	TODO: check
+CVE-2007-3259
+	RESERVED
+CVE-2007-3258
+	RESERVED
+CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for
Evolution Data ...)
+	TODO: check
+CVE-2007-3256
+	RESERVED
+CVE-2007-3255
+	RESERVED
+CVE-2007-3254
+	RESERVED
+CVE-2007-3253 (Multiple unspecified vulnerabilities in Astaro Security Gateway
(ASG) ...)
+	TODO: check
+CVE-2007-3252 (PortalApp stores sensitive information under the web root with
...)
+	TODO: check
+CVE-2007-3251 (Multiple directory traversal vulnerabilities in e-Vision CMS
2.02 and ...)
+	TODO: check
+CVE-2007-3250 (SQL injection vulnerability in mod_banners.php in Elxis CMS
before ...)
+	TODO: check
+CVE-2007-3249 (Cross-site scripting (XSS) vulnerability in
mod_lettermansubscribe.php ...)
+	TODO: check
+CVE-2007-3248 (Unspecified vulnerability in Sun Solaris 10 before 20070614,
when IPv6 ...)
+	TODO: check
+CVE-2007-3247 (SQL injection vulnerability in VirtueMart before 1.0.11 allows
remote ...)
+	TODO: check
+CVE-2005-4847 (Unspecified vulnerability in Spey 0.3.3 has unknown impact and
attack ...)
+	TODO: check
+CVE-2005-4846 (Format string vulnerability in Logger.cc for Spey 0.3.3 allows
...)
+	TODO: check
 CVE-2007-3246 (The do_set_password function in modules/chanserv/set.c in IRC
Services ...)
 	TODO: check
 CVE-2007-3245 (IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows
remote ...)
@@ -61,6 +220,7 @@
 CVE-2007-3216 (Multiple unspecified vulnerabilities in the server component of
CA ...)
 	NOT-FOR-US: CA BrightStor products
 CVE-2007-3215 (PHPMailer 1.7, when configured to use sendmail, allows remote
...)
+	{DSA-1315-1}
 	- libphp-phpmailer 1.73-4 (high; bug #429179)
 	- flyspray 0.9.8-12 (bug #429191; bug #429195)
 	[etch] - flyspray <not-affected> (Vulnerable code not)
@@ -89,8 +249,8 @@
 	[sarge] - mail-notification <not-affected> (Only affects 3.x and 4.x)
 CVE-2007-3208 (CRLF injection vulnerability in Yet another Bulletin Board
(YaBB) 2.1 ...)
 	NOT-FOR-US: YaBB
-CVE-2007-3207
-	RESERVED
+CVE-2007-3207 (Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell
NetWare ...)
+	TODO: check
 CVE-2007-3206
 	RESERVED
 CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3)
Subhosin, ...)
@@ -267,15 +427,16 @@
 	NOT-FOR-US: Microsoft
 CVE-2005-4841 (The Outlook Progress Ctl control allows remote attackers to
cause a ...)
 	NOT-FOR-US: Microsoft
-CVE-2007-3129
-	RESERVED
-CVE-2007-3128
-	RESERVED
-CVE-2007-3127
-	RESERVED
+CVE-2007-3129 (Cross-site scripting (XSS) vulnerability in login.php in Utopia
News ...)
+	TODO: check
+CVE-2007-3128 (SQL injection vulnerability in content.php in WSPortal 1.0, when
...)
+	TODO: check
+CVE-2007-3127 (content.php in WSPortal 1.0, when magic_quotes_gpc is disabled,
allows ...)
+	TODO: check
 CVE-2007-3126 (Gimp 2.3.14 allows context-dependent attackers to cause a denial
of ...)
 	- gimp <unfixed> (unimportant)
-CVE-2007-3125 (Format string vulnerability in the inputAnswer function in
file.c in ...)
+CVE-2007-3125
+	REJECTED
 	NOTE: Duplicate of CVE-2006-6772
 CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup
utility) in ...)
 	NOT-FOR-US: FreeVMS
@@ -326,11 +487,13 @@
 	RESERVED
 CVE-2007-3102
 	RESERVED
-CVE-2007-3101
-	RESERVED
+CVE-2007-3101 (Multiple cross-site scripting (XSS) vulnerabilities in certain
JSF ...)
+	TODO: check
 CVE-2007-3100 (usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before
...)
+	{DSA-1314-1}
 	- open-iscsi 2.0.865-1 (low; bug #429225)
 CVE-2007-3099 (usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils)
before ...)
+	{DSA-1314-1}
 	- open-iscsi 2.0.865-1 (medium; bug #429225)
 CVE-2007-3098 (The SNMPc Server (crserv.exe) process in Castle Rock Computing
SNMPc ...)
 	NOT-FOR-US: Castle Rock Computing SNMPc
@@ -534,7 +697,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2007-2998 (The Pascal run-time library (PAS$RTL.EXE) before 20070418 on
OpenVMS ...)
 	NOT-FOR-US: OpenVMS
-CVE-2007-2997 (Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp
in ...)
+CVE-2007-2997 (** DISPUTED ** ...)
 	NOT-FOR-US: SalesCart Shopping Cart
 CVE-2007-2996 (Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95
on IBM ...)
 	NOT-FOR-US: IBM AIX
@@ -646,6 +809,7 @@
 CVE-2007-2949
 	RESERVED
 CVE-2007-2948 (Multiple stack-based buffer overflows in stream/stream_cddb.c in
...)
+	{DSA-1313-1}
 	- mplayer 1.0~rc1-14
 CVE-2007-2947 (Multiple PHP remote file inclusion vulnerabilities in OpenBASE
Alpha ...)
 	NOT-FOR-US: OpenBASE Alpha
@@ -693,10 +857,10 @@
 	RESERVED
 CVE-2007-2925
 	RESERVED
-CVE-2007-2924
-	RESERVED
-CVE-2007-2923
-	RESERVED
+CVE-2007-2924 (Multiple buffer overflows in RealNetworks GameHouse dldisplay
ActiveX ...)
+	TODO: check
+CVE-2007-2923 (The launch method in the LocalExec ActiveX control
(LocalExec.ocx) in ...)
+	TODO: check
 CVE-2007-2922
 	RESERVED
 CVE-2007-2921 (Multiple buffer overflows in acgm.dll in the Corel / Micrografx
...)
@@ -1877,8 +2041,8 @@
 	RESERVED
 CVE-2007-2399
 	RESERVED
-CVE-2007-2398
-	RESERVED
+CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote
attackers ...)
+	TODO: check
 CVE-2007-2397
 	RESERVED
 CVE-2007-2396
@@ -2531,7 +2695,7 @@
 	- git-core 1.5.1.2-1 (low)
 	NOTE:
http://git.kernel.org/?p=git/git.git;a=commit;h=1bb88be99e4fdedcd5cc5292c11b566a00028deb
 CVE-2007-2138 (Untrusted search path vulnerability in PostgreSQL before 7.3.19,
7.4.x ...)
-	{DSA-1311-1 DSA-1310-1 DSA-1309-1}
+	{DSA-1311-1 DSA-1309-1}
 	- postgresql-8.2 8.2.4-1
 	- postgresql-8.1 8.1.9-1
 	- postgresql-7.4 1:7.4.17-1
@@ -2720,7 +2884,7 @@
 	- phpwiki <unfixed> (unknown)
 CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the
authorization and ...)
 	NOT-FOR-US: Secustick USB flash drive
-CVE-2007-2022 (Unspecified vulnerability in the Adobe Macromedia Flash Player
7.x and ...)
+CVE-2007-2022 (Adobe Macromedia Flash Player 7 and 9, when used with Opera
before ...)
 	- flashplayer-mozilla <unfixed> (unknown)
 	[sarge] - flashplayer-mozilla <no-dsa> (Non-free not supported)
 	[etch] - flashplayer-mozilla <no-dsa> (Non-free not supported)
@@ -3901,7 +4065,7 @@
 	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
 	- php5 5.2.0-11 (medium)
 	- php4 <unfixed> (medium)
-CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0
does ...)
+CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0
and ...)
 	NOT-FOR-US: PHP-Nuke
 CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in
PHP-Nuke ...)
 	NOT-FOR-US: PHP-Nuke
@@ -8261,7 +8425,7 @@
 	NOT-FOR-US: Content Federator
 CVE-2006-6773 (pages/register/register.php in Fishyshoop 0.930 beta allows
remote ...)
 	NOT-FOR-US: Fishyshoop
-CVE-2006-6772 (Format string vulnerability in w3m 0.5.1, when run with the dump
or ...)
+CVE-2006-6772 (Format string vulnerability in the inputAnswer function in
file.c in ...)
 	- w3m 0.5.1-5.1 (bug #404564; low)
 	[sarge] - w3m <no-dsa> (Minor issue, only exploitable in dump mode)
 	TODO: Check w3mee, is this forked version still needed?
@@ -14192,6 +14356,7 @@
 CVE-2006-4169
 	RESERVED
 CVE-2006-4168 (Integer overflow in the exif_data_load_data_entry function in
...)
+	{DSA-1310-1}
 	- libexif <unfixed> (bug #430012)
 CVE-2006-4167
 	RESERVED
@@ -16659,7 +16824,7 @@
 	NOT-FOR-US: PhpBlueDragon
 CVE-2006-3075 (Multiple PHP remote file inclusion vulnerabilities in PictureDis
...)
 	NOT-FOR-US: PictureDis Professional
-CVE-2006-3074 (klif.sys in Kaspersky Anti-Virus 6.0.0.300 and earlier, Internet
...)
+CVE-2006-3074 (klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky
...)
 	NOT-FOR-US: Several Kaspersky products
 CVE-2006-3073 (Multiple cross-site scripting (XSS) vulnerabilities in the
WebVPN ...)
 	NOT-FOR-US: Cisco
@@ -29723,7 +29888,7 @@
 	NOT-FOR-US: Google Toolbar
 CVE-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote
attackers ...)
 	NOT-FOR-US: PHPNews
-CVE-2004-2473 (wmFrog weather monitor 0.1.6 allows local users to overwrite
arbitrary ...)
+CVE-2004-2473 (wmFrog weather monitor 0.1.6 and other versions before 0.2.0
allows ...)
 	- wmfrog <itp> (bug #294352)
 CVE-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to
cause a ...)
 	NOT-FOR-US: Outpost Pro
Secure testing commits - Jun 2007 - r6043 - data/CVE

[Secure-testing-commits] r6043 - data/CVE
