Author: joeyh Date: 2007-03-05 21:14:14 +0000 (Mon, 05 Mar 2007) New Revision: 5513 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-03-05 20:30:07 UTC (rev 5512) +++ data/CVE/list 2007-03-05 21:14:14 UTC (rev 5513) @@ -1,4 +1,266 @@ -CVE-2007-1218 [tcpdump 802.11 off-by-one] +CVE-2007-1273 + RESERVED +CVE-2007-1272 + RESERVED +CVE-2007-1271 + RESERVED +CVE-2007-1270 + RESERVED +CVE-2007-1269 + RESERVED +CVE-2007-1268 + RESERVED +CVE-2007-1267 + RESERVED +CVE-2007-1266 + RESERVED +CVE-2007-1265 + RESERVED +CVE-2007-1264 + RESERVED +CVE-2007-1263 + RESERVED +CVE-2007-1262 + RESERVED +CVE-2007-1261 (Unspecified vulnerability in the reports system in OpenBiblio before ...) + TODO: check +CVE-2007-1260 (Stack-based buffer overflow in the connectHandle function in ...) + TODO: check +CVE-2007-1259 (Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have ...) + TODO: check +CVE-2007-1258 (Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and ...) + TODO: check +CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, ...) + TODO: check +CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address ...) + TODO: check +CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in ...) + TODO: check +CVE-2007-1254 (SQL injection vulnerability in part.userprofile.php in Connectix ...) + TODO: check +CVE-2007-1253 (Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script ...) + TODO: check +CVE-2007-1252 (Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch ...) + TODO: check +CVE-2007-1251 (Format string vulnerability in the new_warning function in ...) + TODO: check +CVE-2007-1250 (SQL injection vulnerability in section/default.asp in ANGEL Learning ...) + TODO: check +CVE-2007-1249 (MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 ...) + TODO: check +CVE-2007-1248 (Multiple cross-site scripting (XSS) vulnerabilities in built2go News ...) + TODO: check +CVE-2007-1247 (Multiple PHP remote file inclusion vulnerabilities in aWeb Labs ...) + TODO: check +CVE-2007-1246 (The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in ...) + TODO: check +CVE-2007-1245 (IrfanView 3.99 allows remote attackers to cause a denial of service ...) + TODO: check +CVE-2007-1244 (Cross-site request forgery (CSRF) vulnerability in the AdminPanel in ...) + TODO: check +CVE-2007-1243 (Audins Audiens 3.3 allows remote attackers to bypass authentication ...) + TODO: check +CVE-2007-1242 (SQL injection vulnerability in system/index.php in Audins Audiens 3.3 ...) + TODO: check +CVE-2007-1241 (Cross-site scripting (XSS) vulnerability in setup.php in Audins ...) + TODO: check +CVE-2007-1240 (Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS ...) + TODO: check +CVE-2007-1239 (Microsoft Excel 2003 does not properly parse .XLS files, which allows ...) + TODO: check +CVE-2007-1238 (Microsoft Office 2003 allows user-assisted remote attackers to cause a ...) + TODO: check +CVE-2007-1237 (sitex allows remote attackers to obtain potentially sensitive ...) + TODO: check +CVE-2007-1236 (sitex allows remote attackers to obtain sensitive information via a ...) + TODO: check +CVE-2007-1235 (Unrestricted file upload vulnerability in sitex allows remote ...) + TODO: check +CVE-2007-1234 (Multiple cross-site scripting (XSS) vulnerabilities in sitex allow ...) + TODO: check +CVE-2007-1233 (PHP remote file inclusion vulnerability in downloadcounter.php in ...) + TODO: check +CVE-2007-1232 (Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote ...) + TODO: check +CVE-2007-1231 (Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager ...) + TODO: check +CVE-2007-1230 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check +CVE-2007-1229 (Cross-site scripting (XSS) vulnerability in the Nullsoft ...) + TODO: check +CVE-2007-1228 (IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix ...) + TODO: check +CVE-2007-1227 (VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 ...) + TODO: check +CVE-2007-1226 (McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak ...) + TODO: check +CVE-2007-1225 (The connection log file implementation in Grok Developments NetProxy ...) + TODO: check +CVE-2007-1224 (Grok Developments NetProxy 4.03 allows remote attackers to bypass URL ...) + TODO: check +CVE-2007-1223 (Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows ...) + TODO: check +CVE-2007-1222 (Parallels Desktop for Mac before 20070216 implements Drag and Drop by ...) + TODO: check +CVE-2007-1221 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows ...) + TODO: check +CVE-2007-1220 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not ...) + TODO: check +CVE-2007-1219 (PHP remote file inclusion vulnerability in actions/del.php in Admin ...) + TODO: check +CVE-2007-1217 (Buffer overflow in the bufprint function in capiutil.c in libcapi, as ...) + TODO: check +CVE-2007-1216 + RESERVED +CVE-2007-1215 + RESERVED +CVE-2007-1214 + RESERVED +CVE-2007-1213 + RESERVED +CVE-2007-1212 + RESERVED +CVE-2007-1211 + RESERVED +CVE-2007-1210 + RESERVED +CVE-2007-1209 + RESERVED +CVE-2007-1208 + RESERVED +CVE-2007-1207 + RESERVED +CVE-2007-1206 + RESERVED +CVE-2007-1205 + RESERVED +CVE-2007-1204 + RESERVED +CVE-2007-1203 + RESERVED +CVE-2007-1202 + RESERVED +CVE-2007-1201 + RESERVED +CVE-2007-1200 + RESERVED +CVE-2007-1199 (Adobe Reader and Acrobat Trial allow remote attackers to read ...) + TODO: check +CVE-2007-1198 (Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 ...) + TODO: check +CVE-2007-1197 (Multiple unspecified vulnerabilities in Epiware before 4.7.5 have ...) + TODO: check +CVE-2007-1196 (Unspecified vulnerability in Citrix Presentation Server Client for ...) + TODO: check +CVE-2007-1195 (Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow ...) + TODO: check +CVE-2007-1194 (Norman SandBox Analyzer does not use the proper range for Interrupt ...) + TODO: check +CVE-2007-1193 (Multiple unspecified vulnerabilities in the Login page in OrangeHRM ...) + TODO: check +CVE-2007-1192 (Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive ...) + TODO: check +CVE-2007-1191 (The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes ...) + TODO: check +CVE-2007-1190 (Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX ...) + TODO: check +CVE-2007-1189 (Integer overflow in the envwrite function in the Alcatel-Lucent Bell ...) + TODO: check +CVE-2007-1188 (WebAPP before 0.9.9.5 allows remote attackers to submit Search form ...) + TODO: check +CVE-2007-1187 (WebAPP before 0.9.9.5 allows remote authenticated users, without admin ...) + TODO: check +CVE-2007-1186 (WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, ...) + TODO: check +CVE-2007-1185 (The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval ...) + TODO: check +CVE-2007-1184 (The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA ...) + TODO: check +CVE-2007-1183 (WebAPP before 0.9.9.5 allows remote authenticated users to spoof ...) + TODO: check +CVE-2007-1182 (WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest ...) + TODO: check +CVE-2007-1181 (WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the ...) + TODO: check +CVE-2007-1180 (WebAPP before 0.9.9.5 does not check referrers in certain forms, which ...) + TODO: check +CVE-2007-1179 (WebAPP before 0.9.9.5 does not properly manage e-mail addresses in ...) + TODO: check +CVE-2007-1178 (WebAPP before 0.9.9.5 does not check access in certain contexts ...) + TODO: check +CVE-2007-1177 (WebAPP before 0.9.9.5 does not properly filter certain characters in ...) + TODO: check +CVE-2007-1176 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before ...) + TODO: check +CVE-2007-1175 (Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP ...) + TODO: check +CVE-2007-1174 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before ...) + TODO: check +CVE-2007-1173 + RESERVED +CVE-2007-1172 (SQL injection vulnerability in nukesentinel.php in NukeSentinel ...) + TODO: check +CVE-2007-1171 (SQL injection vulnerability in includes/nsbypass.php in NukeSentinel ...) + TODO: check +CVE-2007-1170 (SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends ...) + TODO: check +CVE-2007-1169 (The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, ...) + TODO: check +CVE-2007-1168 (Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before ...) + TODO: check +CVE-2007-1167 (inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and ...) + TODO: check +CVE-2007-1166 (SQL injection vulnerability in result.php in Nabopoll 1.2 allows ...) + TODO: check +CVE-2007-1165 (Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 ...) + TODO: check +CVE-2007-1164 (Multiple PHP remote file inclusion vulnerabilities in DBImageGallery ...) + TODO: check +CVE-2007-1163 (SQL injection vulnerability in printview.php in webSPELL 4.01.02 and ...) + TODO: check +CVE-2007-1162 (A certain ActiveX control in the Common Controls Replacement Project ...) + TODO: check +CVE-2007-1161 (Cross-site scripting (XSS) vulnerability in call_entry.php in Call ...) + TODO: check +CVE-2006-7108 (login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when ...) + TODO: check +CVE-2006-7107 (PHP remote file inclusion vulnerability in upgrade.php in Coalescent ...) + TODO: check +CVE-2006-7106 (PHP remote file inclusion vulnerability in config.inc.php3 in Power ...) + TODO: check +CVE-2006-7105 (** DISPUTED ** ...) + TODO: check +CVE-2006-7104 (PHP remote file inclusion vulnerability in htmltemplate.php in the ...) + TODO: check +CVE-2006-7103 (Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 ...) + TODO: check +CVE-2006-7102 (Multiple PHP remote file inclusion vulnerabilities in phpBurningPortal ...) + TODO: check +CVE-2006-7101 (SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier ...) + TODO: check +CVE-2006-7100 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2006-7099 (Directory traversal vulnerability in index.php in SolarPay allows ...) + TODO: check +CVE-2006-7098 (The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server ...) + TODO: check +CVE-2006-7097 (Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have ...) + TODO: check +CVE-2006-7096 (Buffer overflow in the network_host_handle_join function in host.c in ...) + TODO: check +CVE-2006-7095 (Integer signedness error in the network_receive_packet function in ...) + TODO: check +CVE-2006-7094 (ftpd, as used by Gentoo and Debian Linux, sets the gid to the ...) + TODO: check +CVE-2005-4832 (SQL injection vulnerability in the Oracle Database Server 10g allows ...) + TODO: check +CVE-2005-4831 (viewcvs in ViewCVS 0.9.2 allows remote attackers to set the ...) + TODO: check +CVE-2005-4830 (CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote ...) + TODO: check +CVE-2004-2680 (mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly ...) + TODO: check +CVE-2007-1218 (Off-by-one buffer overflow in the parse_elements function in the ...) - tcpdump 3.9.5-2 (bug #413430; medium) CVE-2007-XXXX [puttygen can create world-readable private keys] - putty <unfixed> (bug #400804; low) @@ -129,7 +391,7 @@ NOT-FOR-US: Photostand CVE-2007-1101 (Multiple cross-site scripting (XSS) vulnerabilities in Photostand ...) NOT-FOR-US: Photostand -CVE-2007-1100 (Directory traversal vulnerability in download.php in Pickle allows ...) +CVE-2007-1100 (Directory traversal vulnerability in download.php in Ahmet Sacan ...) NOT-FOR-US: Pickle CVE-2007-1099 (dbclient in Dropbear SSH client before 0.49 does not sufficiently warn ...) - dropbear 0.49-1 (unimportant; bug #412899) @@ -137,7 +399,7 @@ [etch] - dropbear 0.48.1-2 CVE-2007-1098 (Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have ...) NOT-FOR-US: ScryMUD -CVE-2007-1097 (Unspecified vulnerability in the upload tool in Wiclear before 0.11.1 ...) +CVE-2007-1097 (Unrestricted file upload vulnerability in the onAttachFiles function ...) NOT-FOR-US: Wiclear CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart ...) NOT-FOR-US: VirtueMart @@ -500,8 +762,8 @@ - gnomemeeting <removed> (high) CVE-2007-1006 (Multiple format string vulnerabilities in the ...) - ekiga 2.0.3-2.1 (bug #411944; high) -CVE-2007-1005 - RESERVED +CVE-2007-1005 (Heap-based buffer overflow in SW3eng.exe in the eID Engine service in ...) + TODO: check CVE-2007-1004 (Mozilla Firefox mmight allow remote attackers to condut spoofing and ...) - iceweasel <unfixed> (low) CVE-2007-1003 @@ -1173,8 +1435,8 @@ [sarge] - mozilla-firefox <unfixed> (high) [sarge] - mozilla-thunderbird <unfixed> (low) [sarge] - mozilla <unfixed> (high) -CVE-2007-0774 - RESERVED +CVE-2007-0774 (Stack-based buffer overflow in the map_uri_to_worker function ...) + TODO: check CVE-2007-0773 RESERVED CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows ...) @@ -4743,7 +5005,7 @@ - tdiary 2.0.2+20060303-4.1 (bug #400447; bug #400650) CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in ...) NOT-FOR-US: Mac OS X -CVE-2006-6172 (Buffer overflow in the asmrp_eval function for Real Media input plugin ...) +CVE-2006-6172 (Buffer overflow in the asmrp_eval function in the RealMedia RTSP ...) {DSA-1244-1} - xine-lib 1.1.2+dfsg-2 (medium; bug #401740) - mplayer 1.0~rc1-11 (medium) @@ -9841,8 +10103,8 @@ RESERVED CVE-2006-3893 (Multiple buffer overflows in the ActiveX controls in Newtone ImageKit ...) NOT-FOR-US: Newtone ImageKit -CVE-2006-3892 - RESERVED +CVE-2006-3892 (The Management Console server in EMC NetWorker (formerly Legato ...) + TODO: check CVE-2006-3891 RESERVED CVE-2006-3890 (Stack-based buffer overflow in the Sky Software FileView ActiveX ...) @@ -28923,8 +29185,8 @@ NOT-FOR-US: Cookie Cart CVE-2005-1731 RESERVED -CVE-2005-1730 - RESERVED +CVE-2005-1730 (Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in ...) + TODO: check CVE-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...) NOT-FOR-US: Novell CVE-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...)