thr3ads.net - Secure testing commits - [Secure-testing-commits] r5815

If this information is useful, please help other people find it:
Share via:
Joey Hess
2007-May-10 09:14 UTC
[Secure-testing-commits] r5815 - data/CVE

Author: joeyh
Date: 2007-05-10 09:14:13 +0000 (Thu, 10 May 2007)
New Revision: 5815

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-05-09 19:13:29 UTC (rev 5814)
+++ data/CVE/list	2007-05-10 09:14:13 UTC (rev 5815)
@@ -1,10 +1,227 @@
+CVE-2007-2588 (Multiple buffer overflows in the Office Viewer OCX ActiveX
control ...)
+	TODO: check
+CVE-2007-2587 (The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote
...)
+	TODO: check
+CVE-2007-2586 (The IOS FTP Server in Cisco IOS 11.3 through 12.4 does not
properly ...)
+	TODO: check
+CVE-2007-2585 (Stack-based buffer overflow in the Verify function in the
BarCodeWiz ...)
+	TODO: check
+CVE-2007-2584 (Buffer overflow in the IsOldAppInstalled function in the ...)
+	TODO: check
+CVE-2007-2583 (MySQL 5.x before 5.0.40 allows context-dependent attackers to
cause a ...)
+	TODO: check
+CVE-2007-2582 (Unspecified vulnerability in the DB2 JDBC Applet Server (DB2JDS)
...)
+	TODO: check
+CVE-2007-2581 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft
...)
+	TODO: check
+CVE-2007-2580 (Unspecified vulnerability in Apple Safari allows local users to
obtain ...)
+	TODO: check
+CVE-2007-2579 (Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0
beta 3 ...)
+	TODO: check
+CVE-2007-2578 (Unspecified vulnerability in search/list/action_search/index.php
in ...)
+	TODO: check
+CVE-2007-2577 (Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow
remote ...)
+	TODO: check
+CVE-2007-2576 (Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1
...)
+	TODO: check
+CVE-2007-2575 (PHP remote file inclusion vulnerability in watermark.php in the
vm ...)
+	TODO: check
+CVE-2007-2574 (Directory traversal vulnerability in index.php in Archangel
Weblog ...)
+	TODO: check
+CVE-2007-2573 (PHP remote file inclusion vulnerability in
plugin/HP_DEV/cms2.php in ...)
+	TODO: check
+CVE-2007-2572 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-2571 (SQL injection vulnerability in index.php in the wfquotes 1.0 0
module ...)
+	TODO: check
+CVE-2007-2570 (PHP remote file inclusion vulnerability in
handlers/page/show.php in ...)
+	TODO: check
+CVE-2007-2569 (Multiple PHP remote file inclusion vulnerabilities in Friendly
1.0d1 ...)
+	TODO: check
+CVE-2007-2568
+	RESERVED
+CVE-2007-2567 (Buffer overflow in the SaveBarCode function in the Taltech Tal
Bar ...)
+	TODO: check
+CVE-2007-2566 (The SaveBarCode function in the Taltech Tal Bar Code ActiveX
control ...)
+	TODO: check
+CVE-2007-2565 (Cdelia Software ImageProcessing allows user-assisted remote
attackers ...)
+	TODO: check
+CVE-2007-2564 (Multiple stack-based buffer overflows in the Sienzo Digital
Music ...)
+	TODO: check
+CVE-2007-2563 (Buffer overflow in the AddFile function in VersalSoft HTTP File
Upload ...)
+	TODO: check
+CVE-2007-2562 (Cross-site scripting (XSS) vulnerability in index.php in Kayako
...)
+	TODO: check
+CVE-2007-2561 (SQL injection vulnerability in index.asp in fipsCMS 2.1 allows
remote ...)
+	TODO: check
+CVE-2007-2560 (Directory traversal vulnerability in theme/acgv.php in ACGVannu
1.3 ...)
+	TODO: check
+CVE-2007-2559 (Multiple PHP remote file inclusion vulnerabilities in american
cart ...)
+	TODO: check
+CVE-2007-2558 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-2557 (MOStlyDB Admin in Mambo 4.6.1 does not properly check
privileges, ...)
+	TODO: check
+CVE-2007-2556 (SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote
...)
+	TODO: check
+CVE-2007-2555 (Unspecified vulnerability in Default.aspx in Podium CMS allows
remote ...)
+	TODO: check
+CVE-2007-2554 (Associated Press (AP) Newspower 4.0.1 and earlier uses a default
blank ...)
+	TODO: check
+CVE-2007-2553 (Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4,
5.1B-3, and ...)
+	TODO: check
+CVE-2007-2552 (The RecentChanges feature in WikkaWiki (Wikka Wiki) before
1.1.6.3 ...)
+	TODO: check
+CVE-2007-2551 (Cross-site scripting (XSS) vulnerability in usersettings.php in
...)
+	TODO: check
+CVE-2007-2550 (Multiple CRLF injection vulnerabilities in Devellion CubeCart
3.0.15 ...)
+	TODO: check
+CVE-2007-2549 (SQL injection vulnerability in index.php in TurnkeyWebTools
SunShop ...)
+	TODO: check
+CVE-2007-2548 (Unspecified vulnerability in index.php in TurnkeyWebTools
SunShop ...)
+	TODO: check
+CVE-2007-2547 (Cross-site scripting (XSS) vulnerability in index.php in ...)
+	TODO: check
+CVE-2007-2546 (Session fixation vulnerability in Simple Machines Forum (SMF)
1.1.2 ...)
+	TODO: check
+CVE-2007-2545 (Multiple PHP remote file inclusion vulnerabilities in Persism
CMS ...)
+	TODO: check
+CVE-2007-2544 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-2543 (SQL injection vulnerability in game.php in the Flashgames 1.0.1
module ...)
+	TODO: check
+CVE-2007-2542 (PHP remote file inclusion vulnerability in header.php in
workbench ...)
+	TODO: check
+CVE-2007-2541 (PHP remote file inclusion vulnerability in
includes/ajax_listado.php ...)
+	TODO: check
+CVE-2007-2540 (Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0
and ...)
+	TODO: check
+CVE-2007-2539 (The show_files function in RunCms 1.5.2 and earlier allows
remote ...)
+	TODO: check
+CVE-2007-2538 (SQL injection vulnerability in class/debug/debug_show.php in
RunCms ...)
+	TODO: check
+CVE-2007-2537 (Multiple SQL injection vulnerabilities in mainfile.php in NPDS
5.10 ...)
+	TODO: check
+CVE-2007-2536 (PicoZip allows remote attackers to cause a denial of service
(infinite ...)
+	TODO: check
+CVE-2007-2535 (WinAce allows remote attackers to cause a denial of service
(infinite ...)
+	TODO: check
+CVE-2007-2534 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-2533 (Multiple buffer overflows in Trend Micro ServerProtect 5.58
before ...)
+	TODO: check
+CVE-2007-2532 (Multiple cross-site scripting (XSS) vulnerabilities in Minh
Nguyen ...)
+	TODO: check
+CVE-2007-2531 (PHP remote file inclusion vulnerability in berylium-classes.php
in ...)
+	TODO: check
+CVE-2007-2530 (Multiple PHP remote file inclusion vulnerabilities in Tropicalm
...)
+	TODO: check
+CVE-2007-2529 (Integer signedness error in the acl (facl) system call in
Solaris 10 ...)
+	TODO: check
+CVE-2007-2528 (Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect
5.58 for ...)
+	TODO: check
+CVE-2007-2527 (Multiple PHP remote file inclusion vulnerabilities in DynamicPAD
...)
+	TODO: check
+CVE-2007-2526 (Heap-based buffer overflow in the ConnectAsyncEx function in VNC
...)
+	TODO: check
+CVE-2007-2525 (Memory leak in the PPPoE socket implementation in the Linux
kernel ...)
+	TODO: check
+CVE-2007-2524 (Cross-site scripting (XSS) vulnerability in index.pl in OTRS
(Open ...)
+	TODO: check
+CVE-2007-2523
+	RESERVED
+CVE-2007-2522
+	RESERVED
+CVE-2007-2521 (PHP remote file inclusion vulnerability in common.php in E-GADS!
2.2.6 ...)
+	TODO: check
+CVE-2007-2520
+	RESERVED
+CVE-2007-2519
+	RESERVED
+CVE-2007-2518
+	REJECTED
+	TODO: check
+CVE-2007-2517
+	RESERVED
+CVE-2007-2516
+	RESERVED
+CVE-2007-2515
+	RESERVED
+CVE-2007-2514
+	RESERVED
+CVE-2007-2513
+	RESERVED
+CVE-2007-2512
+	RESERVED
+CVE-2007-2511 (Buffer overflow in the user_filter_factory_create function in
PHP ...)
+	TODO: check
+CVE-2007-2510 (Buffer overflow in the make_http_soap_request function in PHP
before ...)
+	TODO: check
+CVE-2007-2509 (CRLF injection vulnerability in the ftp_putcmd function in PHP
before ...)
+	TODO: check
+CVE-2007-2508 (Multiple stack-based buffer overflows in Trend Micro
ServerProtect ...)
+	TODO: check
+CVE-2007-2507 (Directory traversal vulnerability in includes/download.php in
Treble ...)
+	TODO: check
+CVE-2007-2506 (WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress
9.1e, and ...)
+	TODO: check
+CVE-2007-2505 (Stack-based buffer overflow in InterVations MailCOPA 8.01
20070323 ...)
+	TODO: check
+CVE-2007-2504 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-2503 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-2502 (Unspecified vulnerability in HP ProCurve 9300m Series switches
with ...)
+	TODO: check
+CVE-2007-2501 (Eval injection vulnerability in codepress.html in CodePress
before ...)
+	TODO: check
+CVE-2007-2500 (server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash
...)
+	TODO: check
+CVE-2007-2499 (Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6
and ...)
+	TODO: check
+CVE-2007-2498 (libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted
remote ...)
+	TODO: check
+CVE-2007-2497 (RealNetworks RealPlayer 10 Gold allows remote attackers to cause
a ...)
+	TODO: check
+CVE-2007-2496 (The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows
remote ...)
+	TODO: check
+CVE-2007-2495 (Multiple stack-based buffer overflows in the ExcelOCX ActiveX
control ...)
+	TODO: check
+CVE-2007-2494 (Multiple stack-based buffer overflows in the PowerPointOCX
ActiveX ...)
+	TODO: check
+CVE-2007-2493 (PHP remote file inclusion vulnerability in faq.php in the FAQ
&amp; RULES ...)
+	TODO: check
+CVE-2007-2492 (SQL injection vulnerability in index.php in the v4bJournal
module for ...)
+	TODO: check
+CVE-2007-2491 (The PIIX4 power management subsystem in EMC VMware Workstation
...)
+	TODO: check
+CVE-2007-2490 (Unspecified vulnerability in LiveData Server before 5.00.62
allows ...)
+	TODO: check
+CVE-2007-2489 (Heap-based buffer overflow in LiveData Protocol Server 5.00.045,
and ...)
+	TODO: check
+CVE-2007-2487 (Stack-based buffer overflow in AtomixMP3 allows remote attackers
to ...)
+	TODO: check
+CVE-2007-2486 (Directory traversal vulnerability in download.asp in Motobit 1.3
and ...)
+	TODO: check
+CVE-2007-2485 (PHP remote file inclusion vulnerability in myflash-button.php in
the ...)
+	TODO: check
+CVE-2007-2484 (PHP remote file inclusion vulnerability in js/wptable-button.php
in ...)
+	TODO: check
+CVE-2007-2483 (Directory traversal vulnerability in js/wptable-button.php in
the ...)
+	TODO: check
+CVE-2007-2482 (Directory traversal vulnerability in wordtube-button.php in the
...)
+	TODO: check
+CVE-2007-2481 (PHP remote file inclusion vulnerability in wordtube-button.php
in the ...)
+	TODO: check
+CVE-2006-7202 (The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does
not ...)
+	TODO: check
 CVE-2007-XXXX [schroot may use outdated configuration information]
 	- schroot <unfixed> (low; bug #422354)
 	[etch] - schroot <not-affected> (Only exploitable in unstable)
-CVE-2007-2488
+CVE-2007-2488 (The IAX2 channel driver (chan_iax2) in Asterisk before 20070504
does ...)
 	- asterisk <unfixed> (low)
 	NOTE: ASA-2007-013
-CVE-2007-2480 [port bind info leak]
+CVE-2007-2480 (The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel
...)
 	- linux-2.6 <unfixed> (medium)
 CVE-2007-2479 (Cerulean Studios Trillian Pro before 3.1.5.1 allows remote
attackers ...)
 	NOT-FOR-US: Cerulean Trillian
@@ -97,7 +314,8 @@
 	NOTE: etch vulnerable (patch below applies)
 	NOTE: git url to fix the issue 
 	NOTE:
http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=71fc5b3e9309182978ead676965d65ca93a4e3b9
-CVE-2007-2436 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux
Kernel ...)
+CVE-2007-2436
+	REJECTED
 	NOTE: Duplicate of CVE-2007-1861
 CVE-2007-2435 (Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and
Java ...)
 	- sun-java5 1.5.0-11-1 (medium; bug #423062)
@@ -298,7 +516,7 @@
 	NOT-FOR-US: CreaScripts Creadirectory
 CVE-2007-2341 (PHP remote file inclusion vulnerability in suite/index.php in
...)
 	NOT-FOR-US: phpBandManager
-CVE-2007-2340 (PHP remote file inclusion vulnerability in
inc/include_all.inc.php in ...)
+CVE-2007-2340 (Multiple PHP remote file inclusion vulnerabilities in ...)
 	NOT-FOR-US: phporacleview
 CVE-2007-2339 (Multiple SQL injection vulnerabilities in Phorum before 5.1.22
allow ...)
 	NOT-FOR-US: Phorum
@@ -526,8 +744,8 @@
 	TODO: check
 CVE-2007-2240
 	RESERVED
-CVE-2007-2239
-	RESERVED
+CVE-2007-2239 (Stack-based buffer overflow in the SaveBMP method in the AXIS
Camera ...)
+	TODO: check
 CVE-2007-2238
 	RESERVED
 CVE-2007-2237
@@ -563,8 +781,8 @@
 	RESERVED
 CVE-2007-2222
 	RESERVED
-CVE-2007-2221
-	RESERVED
+CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in
Microsoft ...)
+	TODO: check
 CVE-2007-2220
 	RESERVED
 CVE-2007-2219
@@ -613,7 +831,7 @@
 	NOT-FOR-US: LAN Management System
 CVE-2007-2197 (Race condition in the NeatUpload ASP.NET component 1.2.11
through ...)
 	NOT-FOR-US: NeatUpload
-CVE-2007-2196 (PHP remote file inclusion vulnerability in jambook.php in the
Jambook ...)
+CVE-2007-2196 (** DISPUTED ** ...)
 	NOT-FOR-US: Jambook module for Mambo and Joomla
 CVE-2007-2195 (aMSN (aka Alvaro''s Messenger) 0.96 and earlier allows
remote attackers ...)
 	NOT-FOR-US: Alvaro''s Messenger
@@ -789,10 +1007,10 @@
 	NOT-FOR-US: Oracle
 CVE-2007-2108 (Unspecified vulnerability in the Core RDBMS component Oracle
Database ...)
 	NOT-FOR-US: Oracle
-CVE-2006-7196
-	RESERVED
-CVE-2006-7195
-	RESERVED
+CVE-2006-7196 (Cross-site scripting (XSS) vulnerability in the calendar
application ...)
+	TODO: check
+CVE-2006-7195 (Cross-site scripting (XSS) vulnerability in implicit-objects.jsp
in ...)
+	TODO: check
 CVE-2007-XXXX [buffer overflow in mixmaster importing type 2 messages]
 	- mixmaster 3.0b2-5 (low; bug #418662)
 	[etch] - mixmaster 3.0b2-4.etch1
@@ -828,7 +1046,7 @@
 	NOT-FOR-US: OpenConcept Back-End CMS
 CVE-2007-2098 (Multiple cross-site scripting (XSS) vulnerabilities in
showpic.php in ...)
 	NOT-FOR-US: Wabbit PHP Gallery
-CVE-2007-2097 (Multiple PHP remote file inclusion vulnerabilities in
OpenConcept ...)
+CVE-2007-2097 (** DISPUTED ** ...)
 	NOT-FOR-US: OpenConcept Back-End CMS
 CVE-2007-2096 (PHP remote file inclusion vulnerability in common.php in Hinton
Design ...)
 	NOT-FOR-US: PHPHD Download System
@@ -1337,21 +1555,20 @@
 	NOT-FOR-US: dproxy-nexgen
 CVE-2007-1865
 	RESERVED
-CVE-2007-1864
-	RESERVED
+CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before
4.4.7, ...)
+	TODO: check
 CVE-2007-1863
 	RESERVED
 CVE-2007-1862
 	RESERVED
-CVE-2007-1861 [netlink DoS]
-	RESERVED
+CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux
Kernel ...)
 	- linux-2.6 <unfixed>
 CVE-2007-1860
 	RESERVED
 CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for
...)
 	TODO: check
-CVE-2007-1858
-	RESERVED
+CVE-2007-1858 (The default SSL cipher configuration in Apache Tomcat 4.1.28
through ...)
+	TODO: check
 CVE-2007-1857
 	RESERVED
 CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with
insecure ...)
@@ -1390,8 +1607,8 @@
 	NOT-FOR-US: Microsoft ASP .NET Framework
 CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before
...)
 	- net-snmp 5.2.2-1 (medium)
-CVE-2005-4836
-	RESERVED
+CVE-2005-4836 (The HTTP/1.1 connector in Apache Tomcat 4.1.15 and later does
not ...)
+	TODO: check
 CVE-2007-XXXX [initramfs-tools creates /dev/root world-readable]
 	- initramfs-tools 0.85g (low; bug #417995)
 CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does
not ...)
@@ -1615,8 +1832,8 @@
 	RESERVED
 CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain
Name ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2007-1747
-	RESERVED
+CVE-2007-1747 (Unspecified vulnerability in MSO.dll in Microsoft Office 2000
SP3, ...)
+	TODO: check
 CVE-2007-1746
 	RESERVED
 CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in
Clam ...)
@@ -1788,16 +2005,16 @@
 	NOT-FOR-US: IBM Lotus Domino
 CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe)
in ...)
 	NOT-FOR-US: LANDesk Management Suite
-CVE-2007-1673
-	RESERVED
-CVE-2007-1672
-	RESERVED
-CVE-2007-1671
-	RESERVED
-CVE-2007-1670
-	RESERVED
-CVE-2007-1669
-	RESERVED
+CVE-2007-1673 (unzoo.c allows remote attackers to cause a denial of service
(infinite ...)
+	TODO: check
+CVE-2007-1672 (avast! antivirus before 4.7.981 allows remote attackers to cause
a ...)
+	TODO: check
+CVE-2007-1671 (avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote
attackers ...)
+	TODO: check
+CVE-2007-1670 (Panda Software Antivirus before 20070402 allows remote attackers
to ...)
+	TODO: check
+CVE-2007-1669 (Barracuda Spam Firewall 3.4 and later with virusdef before
2.0.6399, ...)
+	TODO: check
 CVE-2007-1668
 	RESERVED
 CVE-2007-1666 (The processor_request function in the debugger server for
DataRescue ...)
@@ -2145,7 +2362,7 @@
 CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0
and ...)
 	{DSA-1283-1}
 	- php5 <unfixed> (medium)
-CVE-2007-1521 (Double free vulnerability in PHP 5.2.1 and earlier allows ...)
+CVE-2007-1521 (Double free vulnerability in PHP before 4.4.7, and 5.x before
5.22, ...)
 	{DSA-1283-1 DSA-1282-1}
 	- php5 5.2.0-11 (medium)
 	- php4 <unfixed> (medium)
@@ -2295,7 +2512,7 @@
 CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension
in PHP ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: Safemode and open_basedir bypasses not supported
-CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP
5.2.0 ...)
+CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP
...)
 	- php5 <unfixed> (unimportant)
 	NOTE: Safemode and open_basedir bypasses not supported
 CVE-2007-1459 (Multiple PHP remote file inclusion vulnerabilities in WebCreator
...)
@@ -2459,7 +2676,7 @@
 	- snort <not-affected> (Vulnerable code not present)
 CVE-2007-1397 (Multiple stack-based buffer overflows in the (1) ExtractRnick
and (2) ...)
 	NOT-FOR-US: FiSH IRC Encryption
-CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through
5.2.1, when ...)
+CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through
4.4.6, and ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: Non-issue
 CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin
2.8.0 ...)
@@ -2549,8 +2766,8 @@
 	NOT-FOR-US: Drupal module Nodefamily
 CVE-2007-1359 (Interpretation conflict in ModSecurity (mod_security) 2.1.0 and
...)
 	- libapache-mod-security <removed>
-CVE-2007-1358
-	RESERVED
+CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications
using ...)
+	TODO: check
 CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x
before ...)
 	{DSA-1286-1}
 	- linux-2.6 2.6.20-1
@@ -2568,7 +2785,7 @@
 	- libxfont 1:1.2.2-2 (medium)
 CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail
3.5.2 ...)
 	NOT-FOR-US: Novell NetMail
-CVE-2007-1349 (PerlRun.pm in Apache mod_perl 1.30 and earlier, and
RegistryCooker.pm ...)
+CVE-2007-1349 (PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm
in ...)
 	- apache <unfixed> (low)
 	- libapache2-mod-perl2 <unfixed> (low)
 CVE-2007-1348
@@ -2774,7 +2991,7 @@
 CVE-2007-1286 (Integer overflow in PHP 4.4.4 and earlier allows remote ...)
 	{DSA-1283-1 DSA-1282-1}
 	- php4 6:4.4.6-1 (low)
-CVE-2007-1285 (The Zend Engine in PHP 4.x and 5.x allows remote attackers to
cause a ...)
+CVE-2007-1285 (The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2,
allows ...)
 	- php5 <unfixed> (unimportant)
 	- php4 <unfixed> (unimportant)
 	NOTE: Needs to be sanisited within apps, only crashes the current instance
anyway
@@ -2786,8 +3003,8 @@
 	- icedove 1.5.0.10.dfsg1-1 (medium)
 CVE-2007-1281 (Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for
Linux ...)
 	NOT-FOR-US: Kaspersky AntiVirus Engine
-CVE-2007-1280
-	RESERVED
+CVE-2007-1280 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5,
6, and ...)
+	TODO: check
 CVE-2007-1279 (Unspecified vulnerability in the installer for Adobe Bridge
1.0.3 ...)
 	NOT-FOR-US: Adobe
 CVE-2007-1278 (Unspecified vulnerability in the IIS connector in Adobe JRun 4.0
...)
@@ -2991,8 +3208,8 @@
 	- krb5 1.4.4-8 (high)
 CVE-2007-1215 (Buffer overflow in the Graphics Device Interface (GDI) in
Microsoft ...)
 	NOT-FOR-US: Microsoft GDI
-CVE-2007-1214
-	RESERVED
+CVE-2007-1214 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and
2004 ...)
+	TODO: check
 CVE-2007-1213 (The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4
allows ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2007-1212 (Buffer overflow in the Graphics Device Interface (GDI) in
Microsoft ...)
@@ -3013,10 +3230,10 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2007-1204 (Stack-based buffer overflow in the Universal Plug and Play
(UPnP) ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2007-1203
-	RESERVED
-CVE-2007-1202
-	RESERVED
+CVE-2007-1203 (Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3,
2003 ...)
+	TODO: check
+CVE-2007-1202 (Microsoft Word 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004
for ...)
+	TODO: check
 CVE-2007-1201
 	RESERVED
 CVE-2007-1200
@@ -3788,22 +4005,22 @@
 	NOT-FOR-US: iTinySoft
 CVE-2007-0948
 	RESERVED
-CVE-2007-0947
-	RESERVED
-CVE-2007-0946
-	RESERVED
-CVE-2007-0945
-	RESERVED
-CVE-2007-0944
-	RESERVED
+CVE-2007-0947 (Use-after-free vulnerability in Microsoft Internet Explorer 7 on
...)
+	TODO: check
+CVE-2007-0946 (Unspecified vulnerability in Microsoft Internet Explorer 7 on
Windows ...)
+	TODO: check
+CVE-2007-0945 (Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7
on ...)
+	TODO: check
+CVE-2007-0944 (Unspecified vulnerability in the CTableCol::OnPropertyChange
method in ...)
+	TODO: check
 CVE-2007-0943
 	RESERVED
-CVE-2007-0942
-	RESERVED
+CVE-2007-0942 (Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1
on ...)
+	TODO: check
 CVE-2007-0941
 	RESERVED
-CVE-2007-0940
-	RESERVED
+CVE-2007-0940 (Unspecified vulnerability in the Cryptographic API Component
Object ...)
+	TODO: check
 CVE-2007-0939 (Cross-site scripting (XSS) vulnerability in Microsoft Content
...)
 	NOT-FOR-US: Microsoft Content Management Server
 CVE-2007-0938 (Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2
does ...)
@@ -4537,7 +4754,7 @@
 CVE-2007-0692
 	RESERVED
 CVE-2007-0691
-	RESERVED
+	REJECTED
 CVE-2007-0690
 	RESERVED
 CVE-2007-0689
@@ -4725,16 +4942,16 @@
 	NOT-FOR-US: Free LAN Intranet Portal
 CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature
in ...)
 	NOT-FOR-US: CMSimple
-CVE-2007-0609
-	RESERVED
-CVE-2007-0608
-	RESERVED
+CVE-2007-0609 (Directory traversal vulnerability in Advanced Guestbook 2.4.2
allows ...)
+	TODO: check
+CVE-2007-0608 (Advanced Guestbook 2.4.2 allows remote attackers to obtain
sensitive ...)
+	TODO: check
 CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled,
stores ...)
 	NOT-FOR-US: Web-Agora
 CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive
information ...)
 	NOT-FOR-US: Web-Agora
-CVE-2007-0605
-	RESERVED
+CVE-2007-0605 (Cross-site scripting (XSS) vulnerability in picture.php in
Advanced ...)
+	TODO: check
 CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT)
before ...)
 	NOT-FOR-US: Movable Type
 CVE-2007-0603 (PGP Desktop before 9.5.1 does not validate data objects received
over ...)
@@ -5406,8 +5623,8 @@
 	NOT-FOR-US: Trend Micro OfficeScan
 CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in
...)
 	NOT-FOR-US: LizardTech DjVu Browser Plug-in
-CVE-2007-0323
-	RESERVED
+CVE-2007-0323 (Buffer overflow in the SetLanguage function in Research In
Motion ...)
+	TODO: check
 CVE-2007-0322
 	RESERVED
 CVE-2007-0321 (Buffer overflow in the Update Service Agent ActiveX Control in
...)
@@ -5646,10 +5863,10 @@
 	NOT-FOR-US: All In One Control Panel (AIOCP)
 CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server side
...)
 	NOT-FOR-US: Oracle Application Server
-CVE-2007-0221
-	RESERVED
-CVE-2007-0220
-	RESERVED
+CVE-2007-0221 (IMAP support in Microsoft Exchange Server 2000 SP3 allows remote
...)
+	TODO: check
+CVE-2007-0220 (Cross-site scripting (XSS) vulnerability in Outlook Web Access
(OWA) ...)
+	TODO: check
 CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM
objects ...)
 	NOT-FOR-US: Microsoft
 CVE-2007-0218
@@ -5658,12 +5875,12 @@
 	NOT-FOR-US: Microsoft
 CVE-2007-0216
 	RESERVED
-CVE-2007-0215
-	RESERVED
+CVE-2007-0215 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002
SP3, ...)
+	TODO: check
 CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows
2000 ...)
 	NOT-FOR-US: Microsoft
-CVE-2007-0213
-	RESERVED
+CVE-2007-0213 (Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007
does ...)
+	TODO: check
 CVE-2007-0212
 	RESERVED
 CVE-2007-0211 (The hardware detection functionality in the Windows Shell in
Microsoft ...)
@@ -6249,16 +6466,16 @@
 	RESERVED
 CVE-2007-0040
 	RESERVED
-CVE-2007-0039
-	RESERVED
+CVE-2007-0039 (The Exchange Collaboration Data Objects (EXCDO) functionality in
...)
+	TODO: check
 CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in
Microsoft ...)
 	NOT-FOR-US: Microsoft
 CVE-2007-0037
 	RESERVED
 CVE-2007-0036
 	RESERVED
-CVE-2007-0035
-	RESERVED
+CVE-2007-0035 (Microsoft Word 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004
for ...)
+	TODO: check
 CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of
...)
 	NOT-FOR-US: Microsoft Outlook
 CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote
attackers to ...)
@@ -17243,7 +17460,7 @@
 	NOT-FOR-US: Only on Windows
 CVE-2006-2056 (Argument injection vulnerability in Internet Explorer 6 for
Windows XP ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-2055 (Argument injection vulnerability in Micrsoft Outlook 2003 SP1
allows ...)
+CVE-2006-2055 (Argument injection vulnerability in Microsoft Outlook 2003 SP1
allows ...)
 	NOT-FOR-US: Micrsoft Outlook
 CVE-2006-2054 (3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware
before ...)
 	NOT-FOR-US: 3Com
@@ -20029,7 +20246,7 @@
 	NOT-FOR-US: Thomson modem firmware
 CVE-2006-0946 (Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch
modems ...)
 	NOT-FOR-US: Thomson modem firmware
-CVE-2006-0945 (PHP remote file include vulnerability in index.php Archangel
Weblog ...)
+CVE-2006-0945 (PHP remote file include vulnerability in admin/index.php in
Archangel ...)
 	NOT-FOR-US: Archangel Weblog
 CVE-2006-0944 (Archangel Weblog 0.90.02 allows remote attackers to bypass ...)
 	NOT-FOR-US: Archangel Weblog
Secure testing commits - May 2007 - r5815 - data/CVE

[Secure-testing-commits] r5815 - data/CVE
