Secure testing commits - Apr 2007 - r5664 - data/CVE

Author: joeyh
Date: 2007-04-18 09:14:14 +0000 (Wed, 18 Apr 2007)
New Revision: 5664

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-04-18 09:04:27 UTC (rev 5663)
+++ data/CVE/list	2007-04-18 09:14:14 UTC (rev 5664)
@@ -1,3 +1,281 @@
+CVE-2007-2107 (SQL injection vulnerability in visit.php in the Rha7 Downloads
...)
+	TODO: check
+CVE-2007-2106 (Directory traversal vulnerability in index.php in Kai Content
...)
+	TODO: check
+CVE-2007-2105 (Directory traversal vulnerability in admin/index.php in Monkey
CMS ...)
+	TODO: check
+CVE-2007-2104 (Multiple directory traversal vulnerabilities in iXon CMS 0.30
allow ...)
+	TODO: check
+CVE-2007-2103 (Multiple PHP remote file inclusion vulnerabilities in my little
forum ...)
+	TODO: check
+CVE-2007-2102 (Cross-site scripting (XSS) vulnerability in weblog.php in my
little ...)
+	TODO: check
+CVE-2007-2101 (FAC Guestbook 3.01 stores sensitive information under the web
root ...)
+	TODO: check
+CVE-2007-2100 (FAC Guestbook 2.0 stores sensitive information under the web
root with ...)
+	TODO: check
+CVE-2007-2099 (Cross-site scripting (XSS) vulnerability in htdocs/php.php in
...)
+	TODO: check
+CVE-2007-2098 (Multiple cross-site scripting (XSS) vulnerabilities in
showpic.php in ...)
+	TODO: check
+CVE-2007-2097 (Multiple PHP remote file inclusion vulnerabilities in
OpenConcept ...)
+	TODO: check
+CVE-2007-2096 (PHP remote file inclusion vulnerability in common.php in Hinton
Design ...)
+	TODO: check
+CVE-2007-2095 (PHP remote file inclusion vulnerability in chat.php in MySpeach
1.9 ...)
+	TODO: check
+CVE-2007-2094 (PHP remote file inclusion vulnerability in index.php in
Anthologia ...)
+	TODO: check
+CVE-2007-2093 (Direct static code injection vulnerability in index.php in
Limesoft ...)
+	TODO: check
+CVE-2007-2092 (Direct static code injection vulnerability in index.php in
Limesoft ...)
+	TODO: check
+CVE-2007-2091 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-2090 (Cross-site scripting (XSS) vulnerability in index.php in
TuMusika ...)
+	TODO: check
+CVE-2007-2089 (Multiple PHP remote file inclusion vulnerabilities in the Jx
...)
+	TODO: check
+CVE-2007-2088 (Multiple PHP remote file inclusion vulnerabilities in Sitebar
3.3.5 ...)
+	TODO: check
+CVE-2007-2087 (Multiple PHP remote file inclusion vulnerabilities in CNStats
2.12, ...)
+	TODO: check
+CVE-2007-2086 (Multiple PHP remote file inclusion vulnerabilities in CNStats
2.9 ...)
+	TODO: check
+CVE-2007-2085 (Cross-site scripting (XSS) vulnerability in oe2edit.cgi in
oe2edit CMS ...)
+	TODO: check
+CVE-2007-2084 (PHP remote file inclusion vulnerability in MobilePublisherphp
1.1.2 ...)
+	TODO: check
+CVE-2007-2083 (vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before
7.0.302.000 ...)
+	TODO: check
+CVE-2007-2082 (Direct static code injection vulnerability in admin/settings.php
in ...)
+	TODO: check
+CVE-2007-2081 (MyBlog 0.9.8 and earlier allows remote attackers to bypass ...)
+	TODO: check
+CVE-2007-2080 (Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for
Windows ...)
+	TODO: check
+CVE-2007-2079 (The ADONewConnection Connect function in adodb.php in XAMPP
1.6.0a and ...)
+	TODO: check
+CVE-2007-2078 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-2077 (PHP remote file inclusion vulnerability in search.php in Maian
Search ...)
+	TODO: check
+CVE-2007-2076 (PHP remote file inclusion vulnerability in index.php in Maian
Gallery ...)
+	TODO: check
+CVE-2007-2075 (ScramDisk 4 Linux before 1.0-1 does not perform permission
checks on ...)
+	TODO: check
+CVE-2007-2074 (Certain programs in containers in ScramDisk 4 Linux before 1.0-1
...)
+	TODO: check
+CVE-2007-2073 (PHP remote file inclusion vulnerability in index.php in Ivan
Gallery ...)
+	TODO: check
+CVE-2007-2072 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-2071 (Multiple cross-site scripting (XSS) vulnerabilities in
Open-gorotto ...)
+	TODO: check
+CVE-2007-2070 (Multiple PHP remote file inclusion vulnerabilities in Turnkey
Web ...)
+	TODO: check
+CVE-2007-2069 (Directory traversal vulnerability in scr/soustab.php in
openMairie ...)
+	TODO: check
+CVE-2007-2068 (Multiple PHP remote file inclusion vulnerabilities in the
StoreFront ...)
+	TODO: check
+CVE-2007-2067 (Multiple PHP remote file inclusion vulnerabilities in Marco
Antonio ...)
+	TODO: check
+CVE-2007-2066 (UseBB before 1.0.6 allows remote attackers to obtain sensitive
...)
+	TODO: check
+CVE-2007-2065 (PHP remote file inclusion vulnerability in db/PollDB.php in
Robert ...)
+	TODO: check
+CVE-2007-2064 (Multiple PHP remote file inclusion vulnerabilities in Robert
...)
+	TODO: check
+CVE-2007-2063 (SSH Tectia Server for IBM z/OS before 5.4.0, when
_BPX_BATCH_UMASK is ...)
+	TODO: check
+CVE-2007-2062 (Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows
...)
+	TODO: check
+CVE-2007-2061 (Cross-site scripting (XSS) vulnerability in check_login.asp in
...)
+	TODO: check
+CVE-2007-2060 (Cross-zone scripting vulnerability in the Wizz RSS Reader before
2.1.9 ...)
+	TODO: check
+CVE-2007-2059 (Multiple buffer overflows in the ESA protocol implementation in
...)
+	TODO: check
+CVE-2007-2058 (Directory traversal vulnerability in Acubix PicoZip 4.02 allows
...)
+	TODO: check
+CVE-2007-2057 (Stack-based buffer overflow in aircrack-ng airodump-ng 0.7
allows ...)
+	TODO: check
+CVE-2007-2056
+	RESERVED
+CVE-2007-2055
+	RESERVED
+CVE-2007-2054
+	RESERVED
+CVE-2007-2053
+	RESERVED
+CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in ...)
+	TODO: check
+CVE-2007-2051 (Buffer overflow in the parsecmd function in bftpd before 1.8 has
...)
+	TODO: check
+CVE-2007-2050 (Multiple directory traversal vulnerabilities in header.php in
...)
+	TODO: check
+CVE-2007-2049 (Multiple PHP remote file inclusion vulnerabilities in the
Calendar ...)
+	TODO: check
+CVE-2007-2048 (Directory traversal vulnerability in /console in the Management
...)
+	TODO: check
+CVE-2007-2047 (CRLF injection vulnerability in www/delivery/ck.php in Openads
2.3 ...)
+	TODO: check
+CVE-2007-2046 (Multiple CRLF injection vulnerabilities in adclick.php in (a)
Openads ...)
+	TODO: check
+CVE-2007-2045 (Unspecified vulnerability in the IP implementation in Sun
Solaris 8 ...)
+	TODO: check
+CVE-2007-2044 (PHP remote file inclusion vulnerability in mod_weather.php in
the ...)
+	TODO: check
+CVE-2007-2043 (Multiple PHP remote file inclusion vulnerabilities in the
Avant-Garde ...)
+	TODO: check
+CVE-2007-2042 (Multiple PHP remote file inclusion vulnerabilities in the
Avant-Garde ...)
+	TODO: check
+CVE-2007-2041 (Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the
WLAN ...)
+	TODO: check
+CVE-2007-2040 (Cisco Aironet 1000 Series and 1500 Series Lightweight Access
Points ...)
+	TODO: check
+CVE-2007-2039 (The Network Processing Unit (NPU) in the Cisco Wireless LAN
Controller ...)
+	TODO: check
+CVE-2007-2038 (The Network Processing Unit (NPU) in the Cisco Wireless LAN
Controller ...)
+	TODO: check
+CVE-2007-2037 (Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x
...)
+	TODO: check
+CVE-2007-2036 (The SNMP implementation in the Cisco Wireless LAN Controller
(WLC) ...)
+	TODO: check
+CVE-2007-2035 (Cisco Wireless Control System (WCS) before 4.0.66.0 stores
sensitive ...)
+	TODO: check
+CVE-2007-2034 (Unspecified vulnerability in Cisco Wireless Control System (WCS)
...)
+	TODO: check
+CVE-2007-2033 (Unspecified vulnerability in Cisco Wireless Control System (WCS)
...)
+	TODO: check
+CVE-2007-2032 (Cisco Wireless Control System (WCS) before 4.0.96.0 has a
hard-coded ...)
+	TODO: check
+CVE-2007-2031 (Buffer overflow in the HTTP proxy service for 3proxy 0.5 to
0.5.3g, ...)
+	TODO: check
+CVE-2007-2030 (lharc.c in lha does not securely create temporary files, which
might ...)
+	TODO: check
+CVE-2007-2029
+	RESERVED
+CVE-2007-2028 (Memory leak in freeRADIUS 1.1.5 and earlier allows remote
attackers to ...)
+	TODO: check
+CVE-2007-2027 (Untrusted search path vulnerability in the
add_filename_to_string ...)
+	TODO: check
+CVE-2007-2026 (The gnu regular expression code in file 4.20 allows
context-dependent ...)
+	TODO: check
+CVE-2007-2025 (Unrestricted file upload vulnerability in the UpLoad feature
...)
+	TODO: check
+CVE-2007-2024 (Unrestricted file upload vulnerability in the UpLoad feature
...)
+	TODO: check
+CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the
authorization and ...)
+	TODO: check
+CVE-2007-2022 (Unspecified vulnerability in the Adobe Macromedia Flash Player
7.x and ...)
+	TODO: check
+CVE-2007-2021 (Multiple PHP remote file inclusion vulnerabilities in Pineapple
...)
+	TODO: check
+CVE-2007-2020 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-2019 (PHP remote file inclusion vulnerability in init.gallery.php in
...)
+	TODO: check
+CVE-2007-2018 (SQL injection vulnerability in msg.php in AlstraSoft Video Share
...)
+	TODO: check
+CVE-2007-2017 (siteadmin/useredit.php in AlstraSoft Video Share Enterprise does
not ...)
+	TODO: check
+CVE-2007-2016 (Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in
...)
+	TODO: check
+CVE-2007-2015 (PHP remote file inclusion vulnerability in index.php in Request
It ...)
+	TODO: check
+CVE-2007-2014 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-2013 (Cross-site scripting (XSS) vulnerability in index.php in
JEx-Treme ...)
+	TODO: check
+CVE-2007-2012 (Multiple directory traversal vulnerabilities in MimarSinan
CompreXX ...)
+	TODO: check
+CVE-2007-2011 (Cross-site scripting (XSS) vulnerability in login.php in DeskPro
2.0.1 ...)
+	TODO: check
+CVE-2007-2010 (Double-free vulnerability in bftpd before 1.8 allows remote ...)
+	TODO: check
+CVE-2007-2009 (PHP remote file inclusion vulnerability in index.php in SimpCMS
Light ...)
+	TODO: check
+CVE-2007-2008 (Directory traversal vulnerability in admin.php in pL-PHP beta
0.9 ...)
+	TODO: check
+CVE-2007-2007 (admin.php in pL-PHP beta 0.9 allows remote attackers to bypass
...)
+	TODO: check
+CVE-2007-2006 (Multiple SQL injection vulnerabilities in login.php in pL-PHP
beta 0.9 ...)
+	TODO: check
+CVE-2007-2005 (Multiple PHP remote file inclusion vulnerabilities in the
Taskhopper ...)
+	TODO: check
+CVE-2007-2004 (Multiple SQL injection vulnerabilities in
InoutMailingListManager 3.1 ...)
+	TODO: check
+CVE-2007-2003 (InoutMailingListManager 3.1 and earlier sends a Location
redirect ...)
+	TODO: check
+CVE-2007-2002 (InoutMailingListManager 3.1 and earlier allows remote attackers
to ...)
+	TODO: check
+CVE-2007-2001 (Multiple direct static code injection vulnerabilities in ...)
+	TODO: check
+CVE-2007-2000 (Multiple SQL injection vulnerabilities in admin/admin.php in
Crea-Book ...)
+	TODO: check
+CVE-2007-1999 (PHP remote file inclusion vulnerability in index.php in
Weatimages ...)
+	TODO: check
+CVE-2007-1998 (Direct static code injection vulnerability in HIOX Guest Book
(HGB) ...)
+	TODO: check
+CVE-2007-1997 (Integer signedness error in the (1) cab_unstore and (2)
cab_extract ...)
+	TODO: check
+CVE-2007-1996 (PHP remote file inclusion vulnerability in codebreak.php in
CodeBreak, ...)
+	TODO: check
+CVE-2007-1995 (bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and
earlier ...)
+	TODO: check
+CVE-2007-1994 (Unspecified vulnerability in the Address and Routing Parameter
Area ...)
+	TODO: check
+CVE-2007-1993 (Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable
File ...)
+	TODO: check
+CVE-2007-1992 (Multiple PHP remote file inclusion vulnerabilities in the
com_zoom 2.5 ...)
+	TODO: check
+CVE-2007-1991 (Cross-site scripting (XSS) vulnerability in mail/signup.asp in
...)
+	TODO: check
+CVE-2007-1990 (PHP remote file inclusion vulnerability in games.php in Sam Crew
...)
+	TODO: check
+CVE-2007-1989 (Multiple cross-site scripting (XSS) vulnerabilities in DotClear
before ...)
+	TODO: check
+CVE-2007-1988 (Cross-site scripting (XSS) vulnerability in
kernel/filters.inc.php in ...)
+	TODO: check
+CVE-2007-1987 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-1986 (Multiple PHP remote file inclusion vulnerabilities in barnraiser
...)
+	TODO: check
+CVE-2007-1985 (Multiple PHP remote file inclusion vulnerabilities in ...)
+	TODO: check
+CVE-2007-1984 (PHP remote file inclusion vulnerability in index.php in lite-cms
0.2.1 ...)
+	TODO: check
+CVE-2007-1983 (PHP remote file inclusion vulnerability in
include/default_header.php ...)
+	TODO: check
+CVE-2007-1982 (Multiple PHP remote file inclusion vulnerabilities in Really
Simple ...)
+	TODO: check
+CVE-2007-1981 (The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier
on ...)
+	TODO: check
+CVE-2007-1980 (SQL injection vulnerability in index.php in the Topliste 1.0
module ...)
+	TODO: check
+CVE-2007-1979 (SQL injection vulnerability in index.php in the PopnupBlog 2.52
and ...)
+	TODO: check
+CVE-2007-1978 (SQL injection vulnerability in index.php in the Arcade 1.00
module for ...)
+	TODO: check
+CVE-2007-1977 (Cross-site scripting (XSS) vulnerability in index_cms.php in
holaCMS ...)
+	TODO: check
+CVE-2007-1976 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-1975 (Multiple PHP remote file inclusion vulnerabilities in SLAED CMS
2 ...)
+	TODO: check
+CVE-2007-1974 (SQL injection vulnerability in the getArticle function in ...)
+	TODO: check
+CVE-2007-1973 (Race condition in the Virtual DOS Machine (VDM) in the Windows
Kernel ...)
+	TODO: check
+CVE-2007-1972
+	RESERVED
+CVE-2006-7194 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-7193 (** DISPUTED ** ...)
+	TODO: check
+CVE-2003-1325 (The SV_CheckForDuplicateNames function in Valve Software
Half-Life ...)
+	TODO: check
 CVE-2007-XXXX [mydms SQL injection]
 	- mydms 1.4.4+1-5
 CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul
Sitesi ...)
@@ -8,7 +286,7 @@
 	NOT-FOR-US: MyBlog
 CVE-2007-1968 (PHP remote file inclusion vulnerability in games.php in Sam Crew
...)
 	NOT-FOR-US: MyBlog
-CVE-2007-1967 (PHP remote file inclusion vulnerability in index.php in stat12
allows ...)
+CVE-2007-1967 (** DISPUTED ** ...)
 	NOT-FOR-US: stat12
 CVE-2007-1966 (Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier
allows ...)
 	NOT-FOR-US: eXV2 CMS
@@ -82,9 +360,9 @@
 	NOT-FOR-US: ScarNews
 CVE-2007-1931 (SQL injection vulnerability in index.php in the slownik module
in ...)
 	NOT-FOR-US: SmodCMS
-CVE-2007-1930 (Directory traversal vulnerability in download2.php in cattaDoc
2.21 ...)
+CVE-2007-1930 (Directory traversal vulnerability in download2.php in cattaDoc
2.21, ...)
 	NOT-FOR-US: cattaDoc
-CVE-2007-1929 (Directory traversal vulnerability in downloadpic.php in Beryo
2.0 ...)
+CVE-2007-1929 (Directory traversal vulnerability in downloadpic.php in Beryo
2.0, and ...)
 	NOT-FOR-US: Beryo
 CVE-2007-1928 (Directory traversal vulnerability in index.php in witshare 0.9
allows ...)
 	NOT-FOR-US: witshare
@@ -158,10 +436,10 @@
 	- wordpress 2.1.3-1 (medium)
 CVE-2007-1893 (xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier,
allows ...)
 	- wordpress 2.1.3-1 (medium)
-CVE-2007-1892
-	RESERVED
-CVE-2007-1891
-	RESERVED
+CVE-2007-1892 (Stack-based buffer overflow in Akamai Technologies Download
Manager ...)
+	TODO: check
+CVE-2007-1891 (Stack-based buffer overflow in the GetPrivateProfileSectionW
function ...)
+	TODO: check
 CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before
4.4.5 and ...)
 	- php4 <unfixed> (unimportant)
 	- php5 <unfixed> (unimportant)
@@ -205,18 +483,18 @@
 	RESERVED
 CVE-2007-1875
 	RESERVED
-CVE-2007-1874
-	RESERVED
-CVE-2007-1873
-	RESERVED
-CVE-2007-1872
-	RESERVED
-CVE-2007-1871
-	RESERVED
-CVE-2007-1870
-	RESERVED
-CVE-2007-1869
-	RESERVED
+CVE-2007-1874 (Adobe ColdFusion MX 7 for Linux and Solaris uses insecure
permissions ...)
+	TODO: check
+CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in mephisto 0.7.3
allows ...)
+	TODO: check
+CVE-2007-1872 (Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3
allows ...)
+	TODO: check
+CVE-2007-1871 (Cross-site scripting (XSS) vulnerability in chcounter 3.1.3
allows ...)
+	TODO: check
+CVE-2007-1870 (lighttpd before 1.4.14 allows attackers to cause a denial of
service ...)
+	TODO: check
+CVE-2007-1869 (lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a
denial ...)
+	TODO: check
 CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS
...)
 	NOT-FOR-US: IBM Tivoli Provisioning Manager
 CVE-2007-1867 (Buffer overflow in IrfanView 3.99 allows remote attackers to
execute ...)
@@ -241,8 +519,7 @@
 	RESERVED
 CVE-2007-1857
 	RESERVED
-CVE-2007-1856
-	RESERVED
+CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with
insecure ...)
 	- cron <not-affected> (Debian uses proper permission scheme)
 CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in ...)
 	NOT-FOR-US: Shop-Script
@@ -276,7 +553,7 @@
 	- ipsec-tools <unfixed> (medium)
 CVE-2006-7192 (Microsoft ASP .NET Framework 2.0.50727.42 does not properly
handle ...)
 	NOT-FOR-US: Microsoft ASP .NET Framework
-CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, and 5.1.x
before ...)
+CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before
...)
 	- net-snmp 5.2.2-1 (medium)
 CVE-2005-4836
 	RESERVED
@@ -507,22 +784,22 @@
 	RESERVED
 CVE-2007-1749
 	RESERVED
-CVE-2007-1748
-	RESERVED
+CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain
Name ...)
+	TODO: check
 CVE-2007-1747
 	RESERVED
 CVE-2007-1746
 	RESERVED
-CVE-2007-1745
-	RESERVED
+CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in
Clam ...)
+	TODO: check
 CVE-2007-1744
 	RESERVED
-CVE-2007-1743
-	RESERVED
-CVE-2007-1742
-	RESERVED
-CVE-2007-1741
-	RESERVED
+CVE-2007-1743 (suexec in Apache HTTP Server (httpd) 2.2.3 does not verify ...)
+	TODO: check
+CVE-2007-1742 (suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial
comparison ...)
+	TODO: check
+CVE-2007-1741 (Multiple race conditions in suexec in Apache HTTP Server (httpd)
2.2.3 ...)
+	TODO: check
 CVE-2007-1740
 	REJECTED
 CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus
Domino ...)
@@ -667,8 +944,8 @@
 	RESERVED
 CVE-2007-1675 (Buffer overflow in the CRAM-MD5 authentication mechanism in the
IMAP ...)
 	NOT-FOR-US: IBM Lotus Domino
-CVE-2007-1674
-	RESERVED
+CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe)
in ...)
+	TODO: check
 CVE-2007-1673
 	RESERVED
 CVE-2007-1672
@@ -910,7 +1187,8 @@
 	NOT-FOR-US: JGBBS
 CVE-2007-1571 (PHP remote file inclusion vulnerability in includes/base.php in
...)
 	NOT-FOR-US: Activist Mobilization Platform
-CVE-2007-1570 (SQL injection vulnerability in devami.asp in X-ice Haber Sistemi
(aka ...)
+CVE-2007-1570
+	REJECTED
 	NOT-FOR-US: Haber Sistemi
 CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote
...)
 	NOT-FOR-US: NewsBin Pro
@@ -931,10 +1209,9 @@
 CVE-2007-1560 (The clientProcessRequest() function in src/client_side.c in
Squid 2.6 ...)
 	- squid 2.6.5-6 (low)
 	[sarge] - squid <not-affected> (Vulnerable code not present)
-CVE-2007-1559
-	RESERVED
-CVE-2007-1558 [APOP crypto weakness]
-	RESERVED
+CVE-2007-1559 (Stack-based buffer overflow in SonicDVDDashVRNav.dll in Roxio
...)
+	TODO: check
+CVE-2007-1558 (The APOP protocol allows remote attackers to guess the first 3
...)
 	NOT-FOR-US: No practical security implications
 CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client
Security ...)
 	NOT-FOR-US: F-Secure
@@ -1400,10 +1677,10 @@
 	RESERVED
 CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0
allows ...)
 	NOT-FOR-US: OpenBSD Kernel
-CVE-2007-1364
-	RESERVED
-CVE-2007-1363
-	RESERVED
+CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain
...)
+	TODO: check
+CVE-2007-1363 (Multiple SQL injection vulnerabilities in DropAFew before 0.2.1
allow ...)
+	TODO: check
 CVE-2007-1362
 	RESERVED
 CVE-2007-1361 (Cross-site scripting (XSS) vulnerability in
virtuemart_parser.php in ...)
@@ -1643,8 +1920,8 @@
 	NOT-FOR-US: Kaspersky AntiVirus Engine
 CVE-2007-1280
 	RESERVED
-CVE-2007-1279
-	RESERVED
+CVE-2007-1279 (Unspecified vulnerability in the installer for Adobe Bridge
1.0.3 ...)
+	TODO: check
 CVE-2007-1278 (Unspecified vulnerability in the IIS connector in Adobe JRun 4.0
...)
 	NOT-FOR-US: Adobe JRun and Coldfusion
 CVE-2007-1277 (WordPress 2.1.1, as downloaded from some official distribution
sites ...)
@@ -1841,7 +2118,7 @@
 	- asterisk-chan-capi 0.7.1-1.1 (bug #411293)
 	- linux-2.6 <unfixed> (bug #411294; low)
 	NOTE: Not exploitable over ISDN network, only through a CAPI server
-CVE-2007-1216 (Double-free vulnerability in the GSS-API library, as used by the
...)
+CVE-2007-1216 (Double-free vulnerability in the GSS-API library ...)
 	{DSA-1276-1}
 	- krb5 1.4.4-8 (high)
 CVE-2007-1215 (Buffer overflow in the Graphics Device Interface (GDI) in
Microsoft ...)
@@ -1852,7 +2129,7 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2007-1212 (Buffer overflow in the Graphics Device Interface (GDI) in
Microsoft ...)
 	NOT-FOR-US: Microsoft GDI
-CVE-2007-1211 (Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1,
and SP2 ...)
+CVE-2007-1211 (Unspecified kernel GDI functions in Microsoft Windows 2000 SP4;
XP ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2007-1210
 	RESERVED
@@ -1862,11 +2139,11 @@
 	RESERVED
 CVE-2007-1207
 	RESERVED
-CVE-2007-1206 (The Windows Kernel in Microsoft Windows 2000 SP4, XP SP2, and
Server ...)
+CVE-2007-1206 (The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft
...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2007-1205 (Unspecified vulnerability in Microsoft Agent
(msagent\agentsvr.exe) in ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2007-1204 (Unspecified vulnerability in the Universal Plug and Play (UPnP)
...)
+CVE-2007-1204 (Stack-based buffer overflow in the Universal Plug and Play
(UPnP) ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2007-1203
 	RESERVED
@@ -2096,7 +2373,7 @@
 	NOTE: according to a blog comment at
http://www.gnucitizen.org/projects/hscan-redux/,
 	NOTE: older mozillas are not vulnerable
 	TODO: this should be checked
-CVE-2007-1115 (The child frames in Opera 9 inherit the default charset from the
...)
+CVE-2007-1115 (The child frames in Opera 9 before 9.20 inherit the default
charset ...)
 	NOT-FOR-US: Opera
 CVE-2007-1114 (The child frames in Microsoft Internet Explorer 7 inherit the
default ...)
 	NOT-FOR-US: Microsoft IE
@@ -11077,7 +11354,7 @@
 	{DSA-1211}
 	- pdns-recursor 3.1.4-1 (bug #398557; high)
 	- pdns <not-affected> (Recursor module has been moved to pdns-recursor)
-CVE-2006-4250 (Buffer overflow in man and man-db 2.4.3 and earlier allows local
users ...)
+CVE-2006-4250 (Buffer overflow in man and mandb (man-db) 2.4.3 and earlier
allows ...)
 	{DSA-1278-1}
 	- man-db 2.4.3-5
 CVE-2006-4249 (Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1,
when ...)
@@ -14198,7 +14475,7 @@
 	NOT-FOR-US: Enigma Haber
 CVE-2006-2872 (PHP remote file inclusion vulnerability in config.php in Rumble
1.02 ...)
 	NOT-FOR-US: Rumble
-CVE-2006-2871 (PHP remote file inclusion vulnerability in include/common.php in
...)
+CVE-2006-2871 (** DISPUTED ** ...)
 	NOT-FOR-US: CyBoards
 CVE-2006-2870 (Cross-site scripting (XSS) vulnerability in forum_search.asp in
...)
 	NOT-FOR-US: Intelligent Solutions Inc.
@@ -19406,7 +19683,7 @@
 	- imagemagick 6:6.2.4.5-0.6 (bug #345595)
 CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom
...)
 	NOT-FOR-US: My Blog
-CVE-2006-0734 (Unspecified vulnerability in Valve Software Half-Life CSTRIKE
...)
+CVE-2006-0734 (The SV_CheckForDuplicateNames function in Valve Software
Half-Life ...)
 	NOT-FOR-US: Half-Life
 CVE-2006-0733 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in
WordPress ...)
 	- wordpress <unfixed> (unimportant)