thr3ads.net - Secure testing commits - [Secure-testing-commits] r5513

If this information is useful, please help other people find it:
Share via:
Joey Hess
2007-Mar-05 21:14 UTC
[Secure-testing-commits] r5513 - data/CVE

Author: joeyh
Date: 2007-03-05 21:14:14 +0000 (Mon, 05 Mar 2007)
New Revision: 5513

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-03-05 20:30:07 UTC (rev 5512)
+++ data/CVE/list	2007-03-05 21:14:14 UTC (rev 5513)
@@ -1,4 +1,266 @@
-CVE-2007-1218 [tcpdump 802.11 off-by-one]
+CVE-2007-1273
+	RESERVED
+CVE-2007-1272
+	RESERVED
+CVE-2007-1271
+	RESERVED
+CVE-2007-1270
+	RESERVED
+CVE-2007-1269
+	RESERVED
+CVE-2007-1268
+	RESERVED
+CVE-2007-1267
+	RESERVED
+CVE-2007-1266
+	RESERVED
+CVE-2007-1265
+	RESERVED
+CVE-2007-1264
+	RESERVED
+CVE-2007-1263
+	RESERVED
+CVE-2007-1262
+	RESERVED
+CVE-2007-1261 (Unspecified vulnerability in the reports system in OpenBiblio
before ...)
+	TODO: check
+CVE-2007-1260 (Stack-based buffer overflow in the connectHandle function in
...)
+	TODO: check
+CVE-2007-1259 (Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6
have ...)
+	TODO: check
+CVE-2007-1258 (Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and
SXF; and ...)
+	TODO: check
+CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 6000,
6500, ...)
+	TODO: check
+CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the
address ...)
+	TODO: check
+CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in
...)
+	TODO: check
+CVE-2007-1254 (SQL injection vulnerability in part.userprofile.php in Connectix
...)
+	TODO: check
+CVE-2007-1253 (Eval injection vulnerability in the (a) kmz_ImportWithMesh.py
Script ...)
+	TODO: check
+CVE-2007-1252 (Buffer overflow in Symantec Mail Security for SMTP 5.0 before
Patch ...)
+	TODO: check
+CVE-2007-1251 (Format string vulnerability in the new_warning function in ...)
+	TODO: check
+CVE-2007-1250 (SQL injection vulnerability in section/default.asp in ANGEL
Learning ...)
+	TODO: check
+CVE-2007-1249 (MoveSortedContentAction in C1 Financial Services Contelligent
9.1.4 ...)
+	TODO: check
+CVE-2007-1248 (Multiple cross-site scripting (XSS) vulnerabilities in built2go
News ...)
+	TODO: check
+CVE-2007-1247 (Multiple PHP remote file inclusion vulnerabilities in aWeb Labs
...)
+	TODO: check
+CVE-2007-1246 (The DMO_VideoDecoder_Open function in
loader/dmo/DMO_VideoDecoder.c in ...)
+	TODO: check
+CVE-2007-1245 (IrfanView 3.99 allows remote attackers to cause a denial of
service ...)
+	TODO: check
+CVE-2007-1244 (Cross-site request forgery (CSRF) vulnerability in the
AdminPanel in ...)
+	TODO: check
+CVE-2007-1243 (Audins Audiens 3.3 allows remote attackers to bypass
authentication ...)
+	TODO: check
+CVE-2007-1242 (SQL injection vulnerability in system/index.php in Audins
Audiens 3.3 ...)
+	TODO: check
+CVE-2007-1241 (Cross-site scripting (XSS) vulnerability in setup.php in Audins
...)
+	TODO: check
+CVE-2007-1240 (Multiple cross-site scripting (XSS) vulnerabilities in Docebo
CMS ...)
+	TODO: check
+CVE-2007-1239 (Microsoft Excel 2003 does not properly parse .XLS files, which
allows ...)
+	TODO: check
+CVE-2007-1238 (Microsoft Office 2003 allows user-assisted remote attackers to
cause a ...)
+	TODO: check
+CVE-2007-1237 (sitex allows remote attackers to obtain potentially sensitive
...)
+	TODO: check
+CVE-2007-1236 (sitex allows remote attackers to obtain sensitive information
via a ...)
+	TODO: check
+CVE-2007-1235 (Unrestricted file upload vulnerability in sitex allows remote
...)
+	TODO: check
+CVE-2007-1234 (Multiple cross-site scripting (XSS) vulnerabilities in sitex
allow ...)
+	TODO: check
+CVE-2007-1233 (PHP remote file inclusion vulnerability in downloadcounter.php
in ...)
+	TODO: check
+CVE-2007-1232 (Directory traversal vulnerability in SQLiteManager 1.2.0 allows
remote ...)
+	TODO: check
+CVE-2007-1231 (Multiple cross-site scripting (XSS) vulnerabilities in
SQLiteManager ...)
+	TODO: check
+CVE-2007-1230 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2007-1229 (Cross-site scripting (XSS) vulnerability in the Nullsoft ...)
+	TODO: check
+CVE-2007-1228 (IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9
before Fix ...)
+	TODO: check
+CVE-2007-1227 (VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7
patch 1 ...)
+	TODO: check
+CVE-2007-1226 (McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak
...)
+	TODO: check
+CVE-2007-1225 (The connection log file implementation in Grok Developments
NetProxy ...)
+	TODO: check
+CVE-2007-1224 (Grok Developments NetProxy 4.03 allows remote attackers to
bypass URL ...)
+	TODO: check
+CVE-2007-1223 (Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223
allows ...)
+	TODO: check
+CVE-2007-1222 (Parallels Desktop for Mac before 20070216 implements Drag and
Drop by ...)
+	TODO: check
+CVE-2007-1221 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows
...)
+	TODO: check
+CVE-2007-1220 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does
not ...)
+	TODO: check
+CVE-2007-1219 (PHP remote file inclusion vulnerability in actions/del.php in
Admin ...)
+	TODO: check
+CVE-2007-1217 (Buffer overflow in the bufprint function in capiutil.c in
libcapi, as ...)
+	TODO: check
+CVE-2007-1216
+	RESERVED
+CVE-2007-1215
+	RESERVED
+CVE-2007-1214
+	RESERVED
+CVE-2007-1213
+	RESERVED
+CVE-2007-1212
+	RESERVED
+CVE-2007-1211
+	RESERVED
+CVE-2007-1210
+	RESERVED
+CVE-2007-1209
+	RESERVED
+CVE-2007-1208
+	RESERVED
+CVE-2007-1207
+	RESERVED
+CVE-2007-1206
+	RESERVED
+CVE-2007-1205
+	RESERVED
+CVE-2007-1204
+	RESERVED
+CVE-2007-1203
+	RESERVED
+CVE-2007-1202
+	RESERVED
+CVE-2007-1201
+	RESERVED
+CVE-2007-1200
+	RESERVED
+CVE-2007-1199 (Adobe Reader and Acrobat Trial allow remote attackers to read
...)
+	TODO: check
+CVE-2007-1198 (Cross-site scripting (XSS) vulnerability in TaskFreak! before
0.5.7 ...)
+	TODO: check
+CVE-2007-1197 (Multiple unspecified vulnerabilities in Epiware before 4.7.5
have ...)
+	TODO: check
+CVE-2007-1196 (Unspecified vulnerability in Citrix Presentation Server Client
for ...)
+	TODO: check
+CVE-2007-1195 (Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0
allow ...)
+	TODO: check
+CVE-2007-1194 (Norman SandBox Analyzer does not use the proper range for
Interrupt ...)
+	TODO: check
+CVE-2007-1193 (Multiple unspecified vulnerabilities in the Login page in
OrangeHRM ...)
+	TODO: check
+CVE-2007-1192 (Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive
...)
+	TODO: check
+CVE-2007-1191 (The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver
writes ...)
+	TODO: check
+CVE-2007-1190 (Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX
...)
+	TODO: check
+CVE-2007-1189 (Integer overflow in the envwrite function in the Alcatel-Lucent
Bell ...)
+	TODO: check
+CVE-2007-1188 (WebAPP before 0.9.9.5 allows remote attackers to submit Search
form ...)
+	TODO: check
+CVE-2007-1187 (WebAPP before 0.9.9.5 allows remote authenticated users, without
admin ...)
+	TODO: check
+CVE-2007-1186 (WebAPP before 0.9.9.5 does not &quot;censor&quot; the
Latest Member real name, ...)
+	TODO: check
+CVE-2007-1185 (The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User
Approval ...)
+	TODO: check
+CVE-2007-1184 (The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA
...)
+	TODO: check
+CVE-2007-1183 (WebAPP before 0.9.9.5 allows remote authenticated users to spoof
...)
+	TODO: check
+CVE-2007-1182 (WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest
...)
+	TODO: check
+CVE-2007-1181 (WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the
...)
+	TODO: check
+CVE-2007-1180 (WebAPP before 0.9.9.5 does not check referrers in certain forms,
which ...)
+	TODO: check
+CVE-2007-1179 (WebAPP before 0.9.9.5 does not properly manage e-mail addresses
in ...)
+	TODO: check
+CVE-2007-1178 (WebAPP before 0.9.9.5 does not check access in certain contexts
...)
+	TODO: check
+CVE-2007-1177 (WebAPP before 0.9.9.5 does not properly filter certain
characters in ...)
+	TODO: check
+CVE-2007-1176 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP
before ...)
+	TODO: check
+CVE-2007-1175 (Cross-site scripting (XSS) vulnerability in an admin feature in
WebAPP ...)
+	TODO: check
+CVE-2007-1174 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP
before ...)
+	TODO: check
+CVE-2007-1173
+	RESERVED
+CVE-2007-1172 (SQL injection vulnerability in nukesentinel.php in NukeSentinel
...)
+	TODO: check
+CVE-2007-1171 (SQL injection vulnerability in includes/nsbypass.php in
NukeSentinel ...)
+	TODO: check
+CVE-2007-1170 (SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends
...)
+	TODO: check
+CVE-2007-1169 (The web interface in Trend Micro ServerProtect for Linux (SPLX)
1.25, ...)
+	TODO: check
+CVE-2007-1168 (Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5
before ...)
+	TODO: check
+CVE-2007-1167 (inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5
and ...)
+	TODO: check
+CVE-2007-1166 (SQL injection vulnerability in result.php in Nabopoll 1.2 allows
...)
+	TODO: check
+CVE-2007-1165 (Multiple PHP remote file inclusion vulnerabilities in
DBGuestbook 1.1 ...)
+	TODO: check
+CVE-2007-1164 (Multiple PHP remote file inclusion vulnerabilities in
DBImageGallery ...)
+	TODO: check
+CVE-2007-1163 (SQL injection vulnerability in printview.php in webSPELL 4.01.02
and ...)
+	TODO: check
+CVE-2007-1162 (A certain ActiveX control in the Common Controls Replacement
Project ...)
+	TODO: check
+CVE-2007-1161 (Cross-site scripting (XSS) vulnerability in call_entry.php in
Call ...)
+	TODO: check
+CVE-2006-7108 (login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok
when ...)
+	TODO: check
+CVE-2006-7107 (PHP remote file inclusion vulnerability in upgrade.php in
Coalescent ...)
+	TODO: check
+CVE-2006-7106 (PHP remote file inclusion vulnerability in config.inc.php3 in
Power ...)
+	TODO: check
+CVE-2006-7105 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-7104 (PHP remote file inclusion vulnerability in htmltemplate.php in
the ...)
+	TODO: check
+CVE-2006-7103 (Multiple directory traversal vulnerabilities in EZOnlineGallery
1.3 ...)
+	TODO: check
+CVE-2006-7102 (Multiple PHP remote file inclusion vulnerabilities in
phpBurningPortal ...)
+	TODO: check
+CVE-2006-7101 (SQL injection vulnerability in admin.php in PHPWind 5.0.1 and
earlier ...)
+	TODO: check
+CVE-2006-7100 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-7099 (Directory traversal vulnerability in index.php in SolarPay
allows ...)
+	TODO: check
+CVE-2006-7098 (The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP
Server ...)
+	TODO: check
+CVE-2006-7097 (Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4
have ...)
+	TODO: check
+CVE-2006-7096 (Buffer overflow in the network_host_handle_join function in
host.c in ...)
+	TODO: check
+CVE-2006-7095 (Integer signedness error in the network_receive_packet function
in ...)
+	TODO: check
+CVE-2006-7094 (ftpd, as used by Gentoo and Debian Linux, sets the gid to the
...)
+	TODO: check
+CVE-2005-4832 (SQL injection vulnerability in the Oracle Database Server 10g
allows ...)
+	TODO: check
+CVE-2005-4831 (viewcvs in ViewCVS 0.9.2 allows remote attackers to set the ...)
+	TODO: check
+CVE-2005-4830 (CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows
remote ...)
+	TODO: check
+CVE-2004-2680 (mod_python (libapache2-mod-python) 3.1.4 and earlier does not
properly ...)
+	TODO: check
+CVE-2007-1218 (Off-by-one buffer overflow in the parse_elements function in the
...)
 	- tcpdump 3.9.5-2 (bug #413430; medium)
 CVE-2007-XXXX [puttygen can create world-readable private keys]
 	- putty <unfixed> (bug #400804; low)
@@ -129,7 +391,7 @@
 	NOT-FOR-US: Photostand
 CVE-2007-1101 (Multiple cross-site scripting (XSS) vulnerabilities in
Photostand ...)
 	NOT-FOR-US: Photostand
-CVE-2007-1100 (Directory traversal vulnerability in download.php in Pickle
allows ...)
+CVE-2007-1100 (Directory traversal vulnerability in download.php in Ahmet Sacan
...)
 	NOT-FOR-US: Pickle
 CVE-2007-1099 (dbclient in Dropbear SSH client before 0.49 does not
sufficiently warn ...)
 	- dropbear 0.49-1 (unimportant; bug #412899)
@@ -137,7 +399,7 @@
 	[etch] - dropbear 0.48.1-2
 CVE-2007-1098 (Multiple unspecified vulnerabilities in ScryMUD before 2.1.11
have ...)
 	NOT-FOR-US: ScryMUD
-CVE-2007-1097 (Unspecified vulnerability in the upload tool in Wiclear before
0.11.1 ...)
+CVE-2007-1097 (Unrestricted file upload vulnerability in the onAttachFiles
function ...)
 	NOT-FOR-US: Wiclear
 CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in
VirtueMart ...)
 	NOT-FOR-US: VirtueMart
@@ -500,8 +762,8 @@
 	- gnomemeeting <removed> (high)
 CVE-2007-1006 (Multiple format string vulnerabilities in the ...)
 	- ekiga 2.0.3-2.1 (bug #411944; high)
-CVE-2007-1005
-	RESERVED
+CVE-2007-1005 (Heap-based buffer overflow in SW3eng.exe in the eID Engine
service in ...)
+	TODO: check
 CVE-2007-1004 (Mozilla Firefox mmight allow remote attackers to condut spoofing
and ...)
 	- iceweasel <unfixed> (low)
 CVE-2007-1003
@@ -1173,8 +1435,8 @@
 	[sarge] - mozilla-firefox <unfixed> (high)
 	[sarge] - mozilla-thunderbird <unfixed> (low)
 	[sarge] - mozilla <unfixed> (high)
-CVE-2007-0774
-	RESERVED
+CVE-2007-0774 (Stack-based buffer overflow in the map_uri_to_worker function
...)
+	TODO: check
 CVE-2007-0773
 	RESERVED
 CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1
allows ...)
@@ -4743,7 +5005,7 @@
 	- tdiary 2.0.2+20060303-4.1 (bug #400447; bug #400650)
 CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in
...)
 	NOT-FOR-US: Mac OS X
-CVE-2006-6172 (Buffer overflow in the asmrp_eval function for Real Media input
plugin ...)
+CVE-2006-6172 (Buffer overflow in the asmrp_eval function in the RealMedia RTSP
...)
 	{DSA-1244-1}
 	- xine-lib 1.1.2+dfsg-2 (medium; bug #401740)
 	- mplayer 1.0~rc1-11 (medium)
@@ -9841,8 +10103,8 @@
 	RESERVED
 CVE-2006-3893 (Multiple buffer overflows in the ActiveX controls in Newtone
ImageKit ...)
 	NOT-FOR-US: Newtone ImageKit
-CVE-2006-3892
-	RESERVED
+CVE-2006-3892 (The Management Console server in EMC NetWorker (formerly Legato
...)
+	TODO: check
 CVE-2006-3891
 	RESERVED
 CVE-2006-3890 (Stack-based buffer overflow in the Sky Software FileView ActiveX
...)
@@ -28923,8 +29185,8 @@
 	NOT-FOR-US: Cookie Cart
 CVE-2005-1731
 	RESERVED
-CVE-2005-1730
-	RESERVED
+CVE-2005-1730 (Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in
...)
+	TODO: check
 CVE-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a
denial of ...)
 	NOT-FOR-US: Novell
 CVE-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely
logs ...)
Secure testing commits - Mar 2007 - r5513 - data/CVE

[Secure-testing-commits] r5513 - data/CVE
