thr3ads.net - Secure testing commits - [Secure-testing-commits] r6064

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Jun-27 09:14 UTC
[Secure-testing-commits] r6064 - data/CVE

Author: joeyh
Date: 2007-06-27 09:14:24 +0000 (Wed, 27 Jun 2007)
New Revision: 6064

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-06-26 18:02:58 UTC (rev 6063)
+++ data/CVE/list	2007-06-27 09:14:24 UTC (rev 6064)
@@ -1,21 +1,185 @@
-CVE-2007-3389 [wireshark 1]
+CVE-2007-3455 (cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan
...)
+	TODO: check
+CVE-2007-3454 (Buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend
Micro ...)
+	TODO: check
+CVE-2007-3453 (SQL injection vulnerability in Papoo 3.6, and possibly earlier,
allows ...)
+	TODO: check
+CVE-2007-3452 (SQL injection vulnerability in essentials/minutes/doc.php in
eDocStore ...)
+	TODO: check
+CVE-2007-3451 (PHP remote file inclusion vulnerability in admin/index.php in
6ALBlog ...)
+	TODO: check
+CVE-2007-3450 (SQL injection vulnerability in member.php in 6ALBlog allows
remote ...)
+	TODO: check
+CVE-2007-3449 (SQL injection vulnerability in member.php in 6ALBlog allows
remote ...)
+	TODO: check
+CVE-2007-3448 (Cross-site scripting (XSS) vulnerability in index.php in BugMall
...)
+	TODO: check
+CVE-2007-3447 (SQL injection vulnerability in BugMall Shopping Cart 2.5 and
earlier ...)
+	TODO: check
+CVE-2007-3446 (BugMall Shopping Cart 2.5 and earlier has a default username
&quot;demo&quot; ...)
+	TODO: check
+CVE-2007-3445 (Buffer overflow in SJ Labs SJphone 1.60.303c, running under
Windows ...)
+	TODO: check
+CVE-2007-3444 (The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83
allows ...)
+	TODO: check
+CVE-2007-3443 (The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108
does ...)
+	TODO: check
+CVE-2007-3442 (Format string vulnerability on the Research in Motion BlackBerry
7270 ...)
+	TODO: check
+CVE-2007-3441 (Format string vulnerability in the Aastra 9112i SIP Phone with
...)
+	TODO: check
+CVE-2007-3440 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP
6.2.3, ...)
+	TODO: check
+CVE-2007-3439 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP
6.2.3, ...)
+	TODO: check
+CVE-2007-3438 (Buffer overflow in the SIP header parsing module in the Nortel
PC ...)
+	TODO: check
+CVE-2007-3437 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote
...)
+	TODO: check
+CVE-2007-3436 (Microsoft MSN Messenger 4.7 on Windows XP allows remote
attackers to ...)
+	TODO: check
+CVE-2007-3435 (Stack-based buffer overflow in the BeginPrint method in a
certain ...)
+	TODO: check
+CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote
attackers to ...)
+	TODO: check
+CVE-2007-3433 (SQL injection vulnerability in index.php in Pharmacy System 2
and ...)
+	TODO: check
+CVE-2007-3432 (Unrestricted file upload vulnerability in admin/images.php in
Pluxml ...)
+	TODO: check
+CVE-2007-3431 (PHP remote file inclusion vulnerability in cal.func.php in
Valerio ...)
+	TODO: check
+CVE-2007-3430 (SQL injection vulnerability in index.php in Simple Invoices 2007
05 25 ...)
+	TODO: check
+CVE-2007-3429 (Unrestricted file upload vulnerability in signup.php in e107
0.7.8 and ...)
+	TODO: check
+CVE-2007-3428 (Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2
allow ...)
+	TODO: check
+CVE-2007-3427 (SQL injection vulnerability in index.php in phpTrafficA 1.4.2
and ...)
+	TODO: check
+CVE-2007-3426 (Cross-site scripting (XSS) vulnerability in index.php in
phpTrafficA ...)
+	TODO: check
+CVE-2007-3425 (Directory traversal vulnerability in index.php in phpTrafficA
1.4.2 ...)
+	TODO: check
+CVE-2007-3424 (The moveim function in cgi-bin/cgi-lib/instantmessage.pl in ...)
+	TODO: check
+CVE-2007-3423 (cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before
0.9.9.7 ...)
+	TODO: check
+CVE-2007-3422 (The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org
WebAPP ...)
+	TODO: check
+CVE-2007-3421 (The (1) login, (2) admin profile edit, (3) reminder, (4) edit
profile, ...)
+	TODO: check
+CVE-2007-3420 (The Random Cookie Password functionality in the loaduser
function in ...)
+	TODO: check
+CVE-2007-3419 (The editprofile3 function in cgi-bin/cgi-lib/user.pl in
web-app.org ...)
+	TODO: check
+CVE-2007-3418 (The displaypost function in cgi-bin/cgi-lib/forum_display.pl in
...)
+	TODO: check
+CVE-2007-3417 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2007-3416 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+	TODO: check
+CVE-2007-3415 (Multiple SQL injection vulnerabilities in index.php in phpRaider
1.0.0 ...)
+	TODO: check
+CVE-2007-3414 (Multiple cross-site scripting (XSS) vulnerabilities in
access2asp 4.5 ...)
+	TODO: check
+CVE-2007-3413 (Multiple cross-site scripting (XSS) vulnerabilities in
bosDataGrid ...)
+	TODO: check
+CVE-2007-3412 (Cross-site scripting (XSS) vulnerability in edit_image.asp in
...)
+	TODO: check
+CVE-2007-3411 (SQL injection vulnerability in edit_image.asp in ClickGallery
Server ...)
+	TODO: check
+CVE-2007-3410 (Buffer overflow in the wallclock functionality ...)
+	TODO: check
+CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to
cause ...)
+	TODO: check
+CVE-2007-3408 (Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have
...)
+	TODO: check
+CVE-2007-3407 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers
to ...)
+	TODO: check
+CVE-2007-3406 (Multiple absolute path traversal vulnerabilities in Microsoft
Internet ...)
+	TODO: check
+CVE-2007-3405 (Multiple cross-site scripting (XSS) vulnerabilities in
defter_yaz.asp ...)
+	TODO: check
+CVE-2007-3404 (Directory traversal vulnerability in ShowImage.php in SiteDepth
CMS ...)
+	TODO: check
+CVE-2007-3403 (Unrestricted file upload vulnerability in upload.php in dreamLog
(aka ...)
+	TODO: check
+CVE-2007-3402 (SQL injection vulnerability in index.php in pagetool 1.07 allows
...)
+	TODO: check
+CVE-2007-3401 (PHP remote file inclusion vulnerability in footer.inc.php in B1G
b1gBB ...)
+	TODO: check
+CVE-2007-3400 (The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157
...)
+	TODO: check
+CVE-2007-3399 (SQL injection vulnerability in include/get_userdata.php in Power
...)
+	TODO: check
+CVE-2007-3398 (LiteWEB 2.7 allows remote attackers to cause a denial of service
...)
+	TODO: check
+CVE-2007-3397 (The web container in IBM WebSphere Application Server (WAS)
before ...)
+	TODO: check
+CVE-2007-3396 (Cross-site scripting (XSS) vulnerability in index.wkf in
KeyFocus (KF) ...)
+	TODO: check
+CVE-2007-3395 (Directory traversal vulnerability in session.rb in Hiki 0.8.0
through ...)
+	TODO: check
+CVE-2007-3394 (Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow
remote ...)
+	TODO: check
+CVE-2007-3388
+	RESERVED
+CVE-2007-3387
+	RESERVED
+CVE-2007-3386
+	RESERVED
+CVE-2007-3385
+	RESERVED
+CVE-2007-3384
+	RESERVED
+CVE-2007-3383
+	RESERVED
+CVE-2007-3382
+	RESERVED
+CVE-2007-3381
+	RESERVED
+CVE-2007-3380
+	RESERVED
+CVE-2007-3379
+	RESERVED
+CVE-2007-3378
+	RESERVED
+CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates
...)
+	TODO: check
+CVE-2007-3376 (Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows
...)
+	TODO: check
+CVE-2007-3375 (Stack-based buffer overflow in Lhaca File Archiver allows ...)
+	TODO: check
+CVE-2007-3374 (Buffer overflow in cluster/cman/daemon/daemon.c in cman ...)
+	TODO: check
+CVE-2007-3373 (daemon.c in cman (redhat-cluster-suite) before 20070622 does not
clear ...)
+	TODO: check
+CVE-2006-7209 (Multiple cross-site scripting (XSS) vulnerabilities in
phpTrafficA ...)
+	TODO: check
+CVE-2006-7208 (PHP remote file inclusion vulnerability in download.php in the
Adam ...)
+	TODO: check
+CVE-2003-1332 (Stack-based buffer overflow in the reply_nttrans function in
Samba ...)
+	TODO: check
+CVE-2003-1331 (Stack-based buffer overflow in the mysql_real_connect function
in the ...)
+	TODO: check
+CVE-2007-3389 (Wireshark before 0.99.6 allows remote attackers to cause a
denial of ...)
 	- wireshark 0.99.6pre1-1
 	- ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-3390 [wireshark 2]
+CVE-2007-3390 (Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on
certain ...)
 	- wireshark 0.99.6pre1-1
 	- ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-3391 [wireshark 3]
+CVE-2007-3391 (Wireshark 0.99.5 allows remote attackers to cause a denial of
service ...)
 	- wireshark 0.99.6pre1-1
 	- ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-3392 [wireshark 4]
+CVE-2007-3392 (Wireshark before 0.99.6 allows remote attackers to cause a
denial of ...)
 	- wireshark 0.99.6pre1-1
 	- ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-3393 [wireshark 5]
+CVE-2007-3393 (Off-by-one error in the DHCP/BOOTP dissector in Wireshark before
...)
 	- wireshark 0.99.6pre1-1
 	- ethereal <not-affected> (Vulnerable code not present)
 CVE-2007-XXXX [jailer unsave tempfile usage]
 	- jailer 0.4-10 (bug #410548)
-CVE-2007-3372 [avahi assert() local machine DoS]
+CVE-2007-3372 (The Avahi daemon in Avahi before 0.6.20 allows attackers to
cause a ...)
 	- avahi <unfixed> (low)
 	[etch] - avahi <no-dsa> (Minor issue, only affects local users)
 CVE-2007-3371 (PHP remote file inclusion vulnerability in ...)
@@ -249,8 +413,8 @@
 	TODO: check
 CVE-2007-3260 (HP System Management Homepage (SMH) before 2.1.9 for Linux, when
used ...)
 	TODO: check
-CVE-2007-3259
-	RESERVED
+CVE-2007-3259 (Calendarix 0.7.20070307 allows remote attackers to obtain
sensitive ...)
+	TODO: check
 CVE-2007-3258
 	RESERVED
 CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for
Evolution Data ...)
@@ -423,10 +587,10 @@
 	NOT-FOR-US: Apple
 CVE-2007-3184 (Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS
X, ...)
 	NOT-FOR-US: Cisco
-CVE-2007-3183
-	RESERVED
-CVE-2007-3182
-	RESERVED
+CVE-2007-3183 (Multiple SQL injection vulnerabilities in Calendarix
0.7.20070307, ...)
+	TODO: check
+CVE-2007-3182 (Multiple cross-site scripting (XSS) vulnerabilities in
Calendarix ...)
+	TODO: check
 CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1
allows ...)
 	TODO: check
 CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP
Windows ...)
@@ -613,8 +777,8 @@
 	RESERVED
 CVE-2007-3105
 	RESERVED
-CVE-2007-3104
-	RESERVED
+CVE-2007-3104 (The sysfs_readdir function in the Linux kernel in Red Hat
Enterprise ...)
+	TODO: check
 CVE-2007-3103
 	RESERVED
 CVE-2007-3102
@@ -936,8 +1100,8 @@
 	RESERVED
 CVE-2007-2952
 	RESERVED
-CVE-2007-2951
-	RESERVED
+CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in
KVIrc ...)
+	TODO: check
 CVE-2007-2950
 	RESERVED
 CVE-2007-2949
@@ -1288,8 +1452,8 @@
 	RESERVED
 CVE-2007-2799 (Integer overflow in the &quot;file&quot; program 4.20,
when running on 32-bit ...)
 	- file 4.21-1 (medium)	
-CVE-2007-2798
-	RESERVED
+CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc
function in ...)
+	TODO: check
 CVE-2006-7205 (The array_fill function in ext/standard/array.c in PHP 4.4.2 and
5.1.2 ...)
 	TODO: check
 CVE-2006-7204 (The imap_body function in PHP before 4.4.4 does not implement
safemode ...)
@@ -1898,8 +2062,8 @@
 	NOT-FOR-US: CA Anti-Virus
 CVE-2007-2521 (PHP remote file inclusion vulnerability in common.php in E-GADS!
2.2.6 ...)
 	NOT-FOR-US: E-GADS!
-CVE-2007-2520
-	RESERVED
+CVE-2007-2520 (SQL injection vulnerability in admin.php in MyNews 0.10, when
...)
+	TODO: check
 CVE-2007-2519 (Directory traversal vulnerability in the installer in PEAR 1.0
through ...)
 	TODO: check
 CVE-2007-2518
@@ -2073,10 +2237,10 @@
 CVE-2007-2444 (Logic error in the SID/Name translation functionality in smbd in
Samba ...)
 	{DSA-1291-2 DTSA-41-1}
 	- samba 3.0.25-1
-CVE-2007-2443
-	RESERVED
-CVE-2007-2442
-	RESERVED
+CVE-2007-2443 (Integer signedness error in the gssrpc__svcauth_unix function in
...)
+	TODO: check
+CVE-2007-2442 (The gssrpc__svcauth_gssapi function in the RPC library in MIT
Kerberos ...)
+	TODO: check
 CVE-2007-2441 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and
earlier for ...)
 	NOT-FOR-US: Caucho Resin Professional
 CVE-2007-2440 (Directory traversal vulnerability in Caucho Resin Professional
3.1.0 ...)
@@ -2172,12 +2336,12 @@
 	RESERVED
 CVE-2007-2402
 	RESERVED
-CVE-2007-2401
-	RESERVED
-CVE-2007-2400
-	RESERVED
-CVE-2007-2399
-	RESERVED
+CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X
10.3.9, and ...)
+	TODO: check
+CVE-2007-2400 (Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X,
...)
+	TODO: check
+CVE-2007-2399 (WebKit in Apple Mac OS X 10.3.9, and 10.4.9 and later performs
an ...)
+	TODO: check
 CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote
attackers ...)
 	TODO: check
 CVE-2007-2397
@@ -2883,7 +3047,7 @@
 	NOT-FOR-US: CNStats
 CVE-2007-2085 (Cross-site scripting (XSS) vulnerability in oe2edit.cgi in
oe2edit CMS ...)
 	NOT-FOR-US: oe2edit CMS
-CVE-2007-2084 (PHP remote file inclusion vulnerability in MobilePublisherphp
1.1.2 ...)
+CVE-2007-2084 (** DISPUTED ** ...)
 	NOT-FOR-US: MobilePublisherphp
 CVE-2007-2083 (vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before
7.0.302.000 ...)
 	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
@@ -3851,18 +4015,15 @@
 	RESERVED
 CVE-2007-1666 (The processor_request function in the debugger server for
DataRescue ...)
 	NOT-FOR-US: IDA Pro
-CVE-2007-1665
-	RESERVED
+CVE-2007-1665 (Memory leak in the token OCR functionality in ekg before ...)
 	{DSA-1318-1}
 	- ekg 1:1.7~rc2-2 (low)
 	[sarge] - ekg <not-affected> (Vulnerable code not present)
-CVE-2007-1664
-	RESERVED
+CVE-2007-1664 (ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows
remote ...)
 	{DSA-1318-1}
 	- ekg 1:1.7~rc2-2 (low)
 	[sarge] - ekg <not-affected> (Vulnerable code not present)
-CVE-2007-1663
-	RESERVED
+CVE-2007-1663 (Memory leak in the image message functionality in ekg before
...)
 	{DSA-1318-1}
 	- ekg 1:1.7~rc2-2 (low)
 	[sarge] - ekg <not-affected> (Vulnerable code not present)
@@ -6403,8 +6564,8 @@
 	[sarge] - libapache-mod-jk <not-affected>
 	[etch] - libapache-mod-jk <not-affected>
 	NOTE: affects only 1.2.19 and 1.2.20
-CVE-2007-0773
-	RESERVED
+CVE-2007-0773 (The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local
users ...)
+	TODO: check
 CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1
allows ...)
 	- linux-2.6 2.6.18.dfsg.1-11
 CVE-2007-0771 (Unspecified vulnerability in the utrace support for Linux kernel
...)
Secure testing commits - Jun 2007 - r6064 - data/CVE

[Secure-testing-commits] r6064 - data/CVE
