thr3ads.net - Secure testing commits - [Secure-testing-commits] r5766

If this information is useful, please help other people find it:
Share via:
Joey Hess
2007-May-01 21:14 UTC
[Secure-testing-commits] r5766 - data/CVE

Author: joeyh
Date: 2007-05-01 21:14:26 +0000 (Tue, 01 May 2007)
New Revision: 5766

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-05-01 18:29:46 UTC (rev 5765)
+++ data/CVE/list	2007-05-01 21:14:26 UTC (rev 5766)
@@ -1,3 +1,189 @@
+CVE-2007-2419
+	RESERVED
+CVE-2007-2418
+	RESERVED
+CVE-2007-2417
+	RESERVED
+CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote
...)
+	TODO: check
+CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a
denial ...)
+	TODO: check
+CVE-2007-2414 (MyServer before 0.8.8 allows remote attackers to cause a denial
of ...)
+	TODO: check
+CVE-2007-2413 (Heap-based buffer overflow in Imager before 0.57 allows remote
...)
+	TODO: check
+CVE-2007-2412 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-2411 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-2410
+	RESERVED
+CVE-2007-2409
+	RESERVED
+CVE-2007-2408
+	RESERVED
+CVE-2007-2407
+	RESERVED
+CVE-2007-2406
+	RESERVED
+CVE-2007-2405
+	RESERVED
+CVE-2007-2404
+	RESERVED
+CVE-2007-2403
+	RESERVED
+CVE-2007-2402
+	RESERVED
+CVE-2007-2401
+	RESERVED
+CVE-2007-2400
+	RESERVED
+CVE-2007-2399
+	RESERVED
+CVE-2007-2398
+	RESERVED
+CVE-2007-2397
+	RESERVED
+CVE-2007-2396
+	RESERVED
+CVE-2007-2395
+	RESERVED
+CVE-2007-2394
+	RESERVED
+CVE-2007-2393
+	RESERVED
+CVE-2007-2392
+	RESERVED
+CVE-2007-2391
+	RESERVED
+CVE-2007-2390
+	RESERVED
+CVE-2007-2389
+	RESERVED
+CVE-2007-2388
+	RESERVED
+CVE-2007-2387
+	RESERVED
+CVE-2007-2386
+	RESERVED
+CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object
...)
+	TODO: check
+CVE-2007-2384 (The Script.aculo.us framework exchanges data using JavaScript
Object ...)
+	TODO: check
+CVE-2007-2383 (The Prototype (prototypejs) framework exchanges data using
JavaScript ...)
+	TODO: check
+CVE-2007-2382 (The Moo.fx framework exchanges data using JavaScript Object
Notation ...)
+	TODO: check
+CVE-2007-2381 (The MochiKit framework exchanges data using JavaScript Object
Notation ...)
+	TODO: check
+CVE-2007-2380 (The Microsoft Atlas framework exchanges data using JavaScript
Object ...)
+	TODO: check
+CVE-2007-2379 (The jQuery framework exchanges data using JavaScript Object
Notation ...)
+	TODO: check
+CVE-2007-2378 (The Google Web Toolkit (GWT) framework exchanges data using
JavaScript ...)
+	TODO: check
+CVE-2007-2377 (The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges
data ...)
+	TODO: check
+CVE-2007-2376 (The Dojo framework exchanges data using JavaScript Object
Notation ...)
+	TODO: check
+CVE-2007-2375 (The agent remote upgrade interface in Symantec Enterprise
Security ...)
+	TODO: check
+CVE-2007-2374 (Unspecified vulnerability in Microsoft Windows 2000, XP, and
Server ...)
+	TODO: check
+CVE-2007-2373 (SQL injection vulnerability in viewcat.php in the WF-Links
(wflinks) ...)
+	TODO: check
+CVE-2007-2372 (admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8
beta5 and ...)
+	TODO: check
+CVE-2007-2371 (admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5
and ...)
+	TODO: check
+CVE-2007-2370 (SQL injection vulnerability in index.php in the John Mordo Jobs
2.4 ...)
+	TODO: check
+CVE-2007-2369 (Directory traversal vulnerability in picture.php in WebSPELL
4.01.02 ...)
+	TODO: check
+CVE-2007-2368 (picture.php in WebSPELL 4.01.02 and earlier allows remote
attackers to ...)
+	TODO: check
+CVE-2007-2367 (Buffer overflow in wserve_console.exe in Wserve HTTP Server
(whttp) ...)
+	TODO: check
+CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows
user-assisted ...)
+	TODO: check
+CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop
Elements ...)
+	TODO: check
+CVE-2007-2364 (Multiple PHP remote file inclusion vulnerabilities in burnCMS
0.2 and ...)
+	TODO: check
+CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows
user-assisted ...)
+	TODO: check
+CVE-2007-2362 (Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers
to (1) ...)
+	TODO: check
+CVE-2007-2361 (Symantec Norton Ghost, Norton Save &amp; Recovery, LiveState
Recovery, and ...)
+	TODO: check
+CVE-2007-2360 (Symantec Norton Ghost, Norton Save &amp; Recovery, LiveState
Recovery, and ...)
+	TODO: check
+CVE-2007-2359 (Buffer overflow in Ghost Service Manager, as used in Symantec
Norton ...)
+	TODO: check
+CVE-2007-2358 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-2357 (Cross-site scripting (XSS) vulnerability in mods/Core/result.php
in ...)
+	TODO: check
+CVE-2007-2356 (Stack-based buffer overflow in the set_color_table function in
...)
+	TODO: check
+CVE-2007-2355 (The get_url function in DODS_Dispatch.pm for the CGI_server in
OPeNDAP ...)
+	TODO: check
+CVE-2007-2354 (Progress Webspeed Messenger allows remote attackers to obtain
...)
+	TODO: check
+CVE-2007-2353 (Apache Axis 1.0 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2007-2352 (Multiple format string vulnerabilities in AFFLIB 2.2.6 allow
remote ...)
+	TODO: check
+CVE-2007-2351 (Unspecified vulnerability in the HP Power Manager Remote Agent
(RA) ...)
+	TODO: check
+CVE-2007-2350 (admin/config.php in the music-on-hold module in freePBX 2.2.x
allows ...)
+	TODO: check
+CVE-2007-2349 (Cross-site scripting (XSS) vulnerability in Invision Power Board
...)
+	TODO: check
+CVE-2007-2348 (mirror --script in lftp before 3.5.9 does not properly quote
shell ...)
+	TODO: check
+CVE-2007-2347 (PHP remote file inclusion vulnerability in
main/forum/komentar.php in ...)
+	TODO: check
+CVE-2007-2346 (Multiple PHP remote file inclusion vulnerabilities in
PHP-Generics 1.0 ...)
+	TODO: check
+CVE-2007-2345 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-2344 (The BOOTPD component in Enterasys NetSight Console 2.1 and
NetSight ...)
+	TODO: check
+CVE-2007-2343 (Stack-based buffer overflow in the TFTPD component in Enterasys
...)
+	TODO: check
+CVE-2007-2342 (SQL injection vulnerability in error.asp in CreaScripts
CreaDirectory ...)
+	TODO: check
+CVE-2007-2341 (PHP remote file inclusion vulnerability in suite/index.php in
...)
+	TODO: check
+CVE-2007-2340 (PHP remote file inclusion vulnerability in
inc/include_all.inc.php in ...)
+	TODO: check
+CVE-2007-2339 (Multiple SQL injection vulnerabilities in Phorum before 5.1.22
allow ...)
+	TODO: check
+CVE-2007-2338 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
+CVE-2007-2337 (Multiple cross-site scripting (XSS) vulnerabilities in Exponent
CMS ...)
+	TODO: check
+CVE-2007-2336 (Unspecified vulnerability in InterVations NaviCOPA Web Server
2.01 ...)
+	TODO: check
+CVE-2007-2335 (Cross-site scripting (XSS) vulnerability in the RSS feed reader
...)
+	TODO: check
+CVE-2007-2334 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000
before ...)
+	TODO: check
+CVE-2007-2333 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000
before ...)
+	TODO: check
+CVE-2007-2332 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000
before ...)
+	TODO: check
+CVE-2006-7201 (EMC RSA Security SiteKey does not set the secure qualifier on
the ...)
+	TODO: check
+CVE-2006-7200 (EMC RSA Security SiteKey issues challenge-bypass tokens that
persist ...)
+	TODO: check
+CVE-2006-7199 (EMC RSA Security SiteKey allows remote attackers to display the
...)
+	TODO: check
+CVE-2006-7198 (Unspecified vulnerability in IBM WebSphere Application Server
(WAS) ...)
+	TODO: check
+CVE-2005-4839 (PureTLS before 0.9b5 does not clear optional Extensions and ...)
+	TODO: check
 CVE-2007-2331 (PHP remote file inclusion vulnerability in cart.php in
Shop-Script 2.0 ...)
 	NOT-FOR-US: Shop-Script
 CVE-2007-2330 (PHP remote file inclusion vulnerability in includes_handler.php
in ...)
@@ -77,11 +263,11 @@
 	- asterisk 1:1.4.3~dfsg-1 (low)
 CVE-2007-2293 (Multiple stack-based buffer overflows in the process_sdp
function in ...)
 	- asterisk 1:1.4.3~dfsg-1 (high)
-CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication in
Mozilla ...)
+CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication
support for ...)
 	- iceweasel (low)
 	- firefox <removed> (low)
 	- mozilla <removed> (low)
-CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication in
Microsoft ...)
+CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication
support for ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-2290 (Multiple PHP remote file inclusion vulnerabilities in B2 Weblog
and ...)
 	NOT-FOR-US: B2 Weblog
@@ -583,13 +769,13 @@
 	- aircrack-ng 1:0.7-3 (medium)
 	NOTE: http://trac.aircrack-ng.org/changeset/288
 CVE-2007-2056
-	RESERVED
-CVE-2007-2055
-	RESERVED
-CVE-2007-2054
-	RESERVED
-CVE-2007-2053
-	RESERVED
+	REJECTED
+CVE-2007-2055 (AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary
...)
+	TODO: check
+CVE-2007-2054 (Multiple format string vulnerabilities in AFFLIB before 2.2.6
allow ...)
+	TODO: check
+CVE-2007-2053 (Multiple stack-based buffer overflows in AFFLIB before 2.2.6
allow ...)
+	TODO: check
 CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in ...)
 	- python2.4 2.4.4-3 (bug #416931; low)
 	- python2.5 <unfixed> (bug #416934; low)
@@ -640,8 +826,7 @@
 	- lha <unfixed> (low)
 	[sarge] - lha <no-dsa> (Non-free not supported)
 	[etch] - lha <no-dsa> (Non-free not supported)
-CVE-2007-2029 [fd leak DoS in Clamav''s PDF parser]
-	RESERVED
+CVE-2007-2029 (The PDF handler in Clam AntiVirus (ClamAV) allows remote
attackers to ...)
 	{DSA-1281-1}
 	- clamav 0.90.2-1 (low; bug #418849)
 	NOTE: closed report: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=459
@@ -930,14 +1115,17 @@
 CVE-2007-1898
 	RESERVED
 CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress
2.1.2, ...)
+	{DSA-1285-1}
 	- wordpress 2.1.3-1 (medium)
 CVE-2007-1896 (Directory traversal vulnerability in chat.php in Sky GUNNING
MySpeach ...)
 	NOT-FOR-US: Sky GUNNING MySpeach
 CVE-2007-1895 (PHP remote file inclusion vulnerability in chat.php in Sky
GUNNING ...)
 	NOT-FOR-US: Sky GUNNING MySpeach
 CVE-2007-1894 (Cross-site scripting (XSS) vulnerability in ...)
+	{DSA-1285-1}
 	- wordpress 2.1.3-1 (medium)
 CVE-2007-1893 (xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier,
allows ...)
+	{DSA-1285-1}
 	- wordpress 2.1.3-1 (medium)
 CVE-2007-1892 (Stack-based buffer overflow in Akamai Technologies Download
Manager ...)
 	NOT-FOR-US: Akamai
@@ -1030,7 +1218,7 @@
 	NOT-FOR-US: Hitachi Cosminexus Component Container
 CVE-2007-1853 (Unspecified vulnerability in Hitachi JP1/HiCommand
DeviceManager, ...)
 	NOT-FOR-US: Hitachi DeviceManager
-CVE-2007-1852 (Multiple PHP remote file inclusion vulnerabilities in 2BGal
3.1.1 ...)
+CVE-2007-1852 (** DISPUTED ** ...)
 	NOT-FOR-US: 2BGal
 CVE-2007-1851 (Multiple directory traversal vulnerabilities in Really Simple
PHP and ...)
 	NOT-FOR-US: Really Simple PHP and Ajax
@@ -1556,6 +1744,7 @@
 CVE-2007-1623 (Multiple cross-site scripting (XSS) vulnerabilities in
realGuestbook ...)
 	NOT-FOR-US: realGuestbook
 CVE-2007-1622 (Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in
...)
+	{DSA-1285-1}
 	- wordpress 2.1.3-1 (medium)
 CVE-2007-1621 (PHP remote file inclusion vulnerability in templates/head.php in
...)
 	NOT-FOR-US: Active PHP Bookmark Notes
@@ -1912,7 +2101,7 @@
 	NOT-FOR-US: Creative Guestbook
 CVE-2007-1478 (download.php in McGallery 0.5b allows remote attackers to read
...)
 	NOT-FOR-US: McGallery
-CVE-2007-1477 (Directory traversal vulnerability in index.php in PHP Point Of
Sale ...)
+CVE-2007-1477 (** DISPUTED ** ...)
 	NOT-FOR-US: Point Of Sale for osCommerce
 CVE-2007-1476 (The SymTDI driver in Symantec Norton Personal Firewall 2006
9.1.1.7 ...)
 	NOT-FOR-US: Symantec Norton Personal Firewall
@@ -2188,6 +2377,7 @@
 	NOT-FOR-US: Avaya Communications Manager
 CVE-2007-1366
 	RESERVED
+	{DSA-1284-1}
 CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0
allows ...)
 	NOT-FOR-US: OpenBSD Kernel
 CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain
...)
@@ -2279,12 +2469,16 @@
 	NOT-FOR-US: SnapGear
 CVE-2007-1323
 	RESERVED
+	{DSA-1284-1}
 CVE-2007-1322
 	RESERVED
+	{DSA-1284-1}
 CVE-2007-1321
 	RESERVED
+	{DSA-1284-1}
 CVE-2007-1320
 	RESERVED
+	{DSA-1284-1}
 CVE-2007-1319 (Unspecified vulnerability in the IOPCServer::RemoveGroup
function in ...)
 	NOT-FOR-US: DeviceXPlorer OLE
 CVE-2007-1318
@@ -4621,7 +4815,7 @@
 	NOT-FOR-US: VisoHotlink
 CVE-2007-0488 (The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on
the ...)
 	NOT-FOR-US: Huawei
-CVE-2007-0487 (PHP remote file inclusion vulnerability in index.php in
FreeForum ...)
+CVE-2007-0487 (** DISPUTED ** ...)
 	NOT-FOR-US: FreeForum
 CVE-2007-0486 (** DISPUTED ** ...)
 	NOT-FOR-US: Openads
@@ -11227,8 +11421,8 @@
 	[sarge] - hostapd <not-affected> (Vulnerable code not present)
 CVE-2006-4521 (The BerDecodeLoginDataRequest function in the libnmasldap.so
NMAS ...)
 	NOT-FOR-US: Novell eDirectory
-CVE-2006-4520
-	RESERVED
+CVE-2006-4520 (ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before
8.8.1 ...)
+	TODO: check
 CVE-2006-4519
 	RESERVED
 CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause
a ...)
Secure testing commits - May 2007 - r5766 - data/CVE

[Secure-testing-commits] r5766 - data/CVE
