thr3ads.net - Secure testing commits - [Secure-testing-commits] r5562

If this information is useful, please help other people find it:
Share via:
Joey Hess
2007-Mar-20 21:14 UTC
[Secure-testing-commits] r5562 - data/CVE

Author: joeyh
Date: 2007-03-20 21:14:08 +0000 (Tue, 20 Mar 2007)
New Revision: 5562

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-03-18 21:04:57 UTC (rev 5561)
+++ data/CVE/list	2007-03-20 21:14:08 UTC (rev 5562)
@@ -1,3 +1,183 @@
+CVE-2007-1516 (PHP remote file inclusion vulnerability in functions/update.php
in ...)
+	TODO: check
+CVE-2007-1515 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP
H3 ...)
+	TODO: check
+CVE-2007-1514 (PHP remote file inclusion vulnerability in index.php in ViperWeb
...)
+	TODO: check
+CVE-2007-1513 (PHP remote file inclusion vulnerability in comanda.php in GraFX
...)
+	TODO: check
+CVE-2007-1512 (Stack-based buffer overflow in the AfxOleSetEditMenu function in
the ...)
+	TODO: check
+CVE-2007-1511 (Buffer overflow in FrontBase Relational Database Server 4.2.7
and ...)
+	TODO: check
+CVE-2007-1510 (SQL injection vulnerability in post.php in Particle Blogger
1.0.0 ...)
+	TODO: check
+CVE-2007-1509 (Directory traversal vulnerability in enkrypt.php in Sascha
Schroeder ...)
+	TODO: check
+CVE-2007-1508 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in
...)
+	TODO: check
+CVE-2007-1507 (The default configuration in OpenAFS 1.4.x before 1.4.4 and
1.5.x ...)
+	TODO: check
+CVE-2007-1506 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2007-1505 (Fujistu FENCE-Pro before V5L01, and Systemwalker Desktop
Encryption ...)
+	TODO: check
+CVE-2007-1504 (Cross-site scripting (XSS) vulnerability in the Servlet Service
in ...)
+	TODO: check
+CVE-2007-1503 (Multiple format string vulnerabilities in comm.c in Rhapsody IRC
0.28b ...)
+	TODO: check
+CVE-2007-1502 (Multiple buffer overflows in Rhapsody IRC 0.28b allow remote
attackers ...)
+	TODO: check
+CVE-2007-1501 (Stack-based buffer overflow in Avant Browser 11.0 build 26
allows ...)
+	TODO: check
+CVE-2007-1500 (The Linux Security Auditing Tool (LSAT) allows local users to
...)
+	TODO: check
+CVE-2007-1499 (Cross-site scripting (XSS) vulnerability in Microsoft Internet
...)
+	TODO: check
+CVE-2007-1498 (Multiple stack-based buffer overflows in the
SiteManager.SiteMgr.1 ...)
+	TODO: check
+CVE-2007-1497 (nf_conntrack in netfilter in the Linux kernel before 2.6.20.3
does not ...)
+	TODO: check
+CVE-2007-1496 (nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3
allows ...)
+	TODO: check
+CVE-2007-1495 (The \Device\SymEvent driver in Symantec Norton Personal Firewall
2006 ...)
+	TODO: check
+CVE-2007-1494 (Cross-site scripting (XSS) vulnerability in NukeSentinel before
2.5.06 ...)
+	TODO: check
+CVE-2007-1493 (nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a
permissive ...)
+	TODO: check
+CVE-2007-1492 (winmm.dll in Microsoft Windows XP allows user-assisted remote
...)
+	TODO: check
+CVE-2007-1491 (Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3,
and ...)
+	TODO: check
+CVE-2007-1490 (Unspecified maintenance web pages in Avaya S87XX, S8500, and
S8300 ...)
+	TODO: check
+CVE-2007-1489 (Unspecified vulnerability in WebAPP 0.9.9.6 before 20070312
allows ...)
+	TODO: check
+CVE-2007-1488 (Unspecified vulnerability in Sun Java System Web Server 6.0 and
6.1 ...)
+	TODO: check
+CVE-2007-1487 (Directory traversal vulnerability in index.php in Sascha
Schroeder ...)
+	TODO: check
+CVE-2007-1486 (PHP remote file inclusion vulnerability in template.class.php in
...)
+	TODO: check
+CVE-2007-1485 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-1484 (The array_user_key_compare function in PHP 4.4.6 and earlier,
and 5.x ...)
+	TODO: check
+CVE-2007-1483 (Multiple PHP remote file inclusion vulnerabilities in
WebCalendar ...)
+	TODO: check
+CVE-2007-1482 (Cross-site scripting (XSS) vulnerability in index.php in WBBlog
allows ...)
+	TODO: check
+CVE-2007-1481 (SQL injection vulnerability in index.php in WBBlog allows remote
...)
+	TODO: check
+CVE-2007-1480 (Creative Guestbook 1.0 allows remote attackers to add an ...)
+	TODO: check
+CVE-2007-1479 (Cross-site scripting (XSS) vulnerability in Guestbook.php in
Creative ...)
+	TODO: check
+CVE-2007-1478 (download.php in McGallery 0.5b allows remote attackers to read
...)
+	TODO: check
+CVE-2007-1477 (Directory traversal vulnerability in index.php in PHP Point Of
Sale ...)
+	TODO: check
+CVE-2007-1476 (The SymTDI driver in Symantec Norton Personal Firewall 2006
9.1.1.7 ...)
+	TODO: check
+CVE-2007-1475 (Multiple buffer overflows in the (1) ibase_connect and (2) ...)
+	TODO: check
+CVE-2007-1474 (Argument injection vulnerability in the cleanup cron script in
Horde ...)
+	TODO: check
+CVE-2007-1473 (Cross-site scripting (XSS) vulnerability in
framework/NLS/NLS.php in ...)
+	TODO: check
+CVE-2007-1472 (Variable overwrite vulnerability in
groupit/base/groupit.start.inc in ...)
+	TODO: check
+CVE-2007-1471 (admin/default.asp in Orion-Blog 2.0 allows remote attackers to
bypass ...)
+	TODO: check
+CVE-2007-1470 (Multiple buffer overflows in LIBFtp 5.0 allow user-assisted
remote ...)
+	TODO: check
+CVE-2007-1469 (SQL injection vulnerability in gallery.asp in Absolute Image
Gallery ...)
+	TODO: check
+CVE-2007-1468 (Cross-site scripting (XSS) vulnerability in IBM Rational
ClearQuest ...)
+	TODO: check
+CVE-2007-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
+	TODO: check
+CVE-2007-1466 (Integer overflow in the the WP6GeneralTextPacket::_readContents
...)
+	TODO: check
+CVE-2007-1465
+	RESERVED
+CVE-2007-1464
+	RESERVED
+CVE-2007-1463
+	RESERVED
+CVE-2007-1462 (The luci server component in conga preserves the password
between page ...)
+	TODO: check
+CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension
in PHP ...)
+	TODO: check
+CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP
5.2.0 ...)
+	TODO: check
+CVE-2007-1459 (Multiple PHP remote file inclusion vulnerabilities in WebCreator
...)
+	TODO: check
+CVE-2007-1458 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1
allow ...)
+	TODO: check
+CVE-2007-1457 (Buffer overflow in the urarlib_get function in Christian
Scheurer ...)
+	TODO: check
+CVE-2007-1456 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-1455 (Multiple absolute path traversal vulnerabilities in Fantastico,
as ...)
+	TODO: check
+CVE-2007-1454 (ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used
with the ...)
+	TODO: check
+CVE-2007-1453 (Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the
filtering ...)
+	TODO: check
+CVE-2007-1452 (The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not
implement ...)
+	TODO: check
+CVE-2007-1451 (GuppY 4.0 allows remote attackers to delete arbitrary files via
a ...)
+	TODO: check
+CVE-2007-1450 (SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and
...)
+	TODO: check
+CVE-2007-1449 (Directory traversal vulnerability in mainfile.php in PHP-Nuke
8.0 and ...)
+	TODO: check
+CVE-2007-1448 (The Tape Engine in CA (formerly Computer Associates) BrightStor
...)
+	TODO: check
+CVE-2007-1447 (The Tape Engine in CA (formerly Computer Associates) BrightStor
...)
+	TODO: check
+CVE-2007-1446 (Multiple PHP remote file inclusion vulnerabilities in Open
Education ...)
+	TODO: check
+CVE-2007-1445 (SQL injection vulnerability in the heme preview feature for ...)
+	TODO: check
+CVE-2007-1444 (netserver in netperf 2.4.3 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2007-1443 (Multiple cross-site scripting (XSS) vulnerabilities in
register.php in ...)
+	TODO: check
+CVE-2007-1442 (Oracle Database 10g uses a NULL pDacl parameter when calling the
...)
+	TODO: check
+CVE-2007-1441 (The 4thPass browser on the RIM BlackBerry 8100 (Pearl) before
4.2.1 ...)
+	TODO: check
+CVE-2007-1440 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1
allows ...)
+	TODO: check
+CVE-2007-1439 (PHP remote file inclusion vulnerability in ressourcen/dbopen.php
in ...)
+	TODO: check
+CVE-2007-1438 (SQL injection vulnerability in devami.asp in X-Ice News System
1.0 ...)
+	TODO: check
+CVE-2006-7171 (product_review.php in Koan Software Mega Mall allows remote
attackers ...)
+	TODO: check
+CVE-2006-7170 (Multiple SQL injection vulnerabilities in Koan Software Mega
Mall ...)
+	TODO: check
+CVE-2006-7169 (PHP remote file inclusion vulnerability in
includes/header_simple.php ...)
+	TODO: check
+CVE-2006-7168 (PHP remote file inclusion vulnerability in includes/not_mem.php
in the ...)
+	TODO: check
+CVE-2006-7167 (Unspecified vulnerability in ProRat Server 1.9 Fix2 allows
remote ...)
+	TODO: check
+CVE-2006-7166 (IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier
allows ...)
+	TODO: check
+CVE-2006-7165 (IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0
allows ...)
+	TODO: check
+CVE-2006-7164 (SimpleFileServlet in IBM WebSphere Application Server 5.0.1
through ...)
+	TODO: check
+CVE-2005-4834 (IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3
allows ...)
+	TODO: check
+CVE-2005-4833 (IBM WebSphere Application Server (WAS) 6.0 before 20050201, when
...)
+	TODO: check
+CVE-2003-1321 (Buffer overflow in Avant Browser 8.02 allows remote attackers to
cause ...)
+	TODO: check
 CVE-2007-1437 (Unspecified vulnerability in LedgerSMB before 1.1.5 and
SQL-Ledger ...)
 	- sql-ledger <unfixed> (bug #409703)
 CVE-2007-1436 (Unspecified vulnerability in admin.pl in SQL-Ledger before
2.6.26 and ...)
@@ -237,8 +417,8 @@
 	RESERVED
 CVE-2007-1320
 	RESERVED
-CVE-2007-1319
-	RESERVED
+CVE-2007-1319 (Unspecified vulnerability in the OPCDA interface in Takebishi
Electric ...)
+	TODO: check
 CVE-2007-1318
 	RESERVED
 CVE-2007-1317
@@ -264,7 +444,7 @@
 	NOTE: this is a straight crash, I''m not sure it should even be
considered "low"
 CVE-2007-1307 (Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter
before ...)
 	NOT-FOR-US: Microsoft Windows Driver for Intel PRO/1000 LAN
-CVE-2007-1306 (Unspecified vulnerability in Asterisk 1.4 before 1.4.1 and 1.2
before ...)
+CVE-2007-1306 (Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote
...)
 	- asterisk 1:1.2.16~dfsg-1 (medium)
 CVE-2007-1305 (Multiple cross-site scripting (XSS) vulnerabilities in add2.php
in ...)
 	NOT-FOR-US: Sava''s Guestbook
@@ -384,8 +564,8 @@
 	RESERVED
 CVE-2007-1279
 	RESERVED
-CVE-2007-1278
-	RESERVED
+CVE-2007-1278 (Unspecified vulnerability in the IIS connector in Adobe JRun 4.0
...)
+	TODO: check
 CVE-2007-1277 (WordPress 2.1.1, as downloaded from some official distribution
sites ...)
 	- wordpress <not-affected> (orig.tar.gz not compromised)
 CVE-2007-1276 (Multiple cross-site scripting (XSS) vulnerabilities in
chooser.cgi in ...)
@@ -1239,8 +1419,8 @@
 	- linux-2.6 <unfixed> (medium)
 CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other
...)
 	- ekiga 2.0.3-5 (bug #414069; high)
-CVE-2007-0998
-	RESERVED
+CVE-2007-0998 (The VNC server implementation in QEMU allows local users of a
guest ...)
+	TODO: check
 CVE-2007-0997
 	RESERVED
 CVE-2007-0996 (The child frames in Mozilla Firefox before 1.5.0.10 and 2.x
before ...)
@@ -1772,7 +1952,7 @@
 	REJECTED
 CVE-2007-0817 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web
...)
 	NOT-FOR-US: Adobe ColdFusion web server
-CVE-2007-0816 (CA RPC Server service (catirpc.exe) for BrightStor ARCserve
Backup ...)
+CVE-2007-0816 (The RPC Server service (catirpc.exe) in CA (formerly Computer
...)
 	NOT-FOR-US: (CA) BrightStor
 CVE-2007-0815 (Cross-site scripting (XSS) vulnerability in images_archive.asp
in ...)
 	NOT-FOR-US: Uphotogallery
@@ -1928,7 +2108,7 @@
 CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to
cause a ...)
 	- amarok 1.4.4-4 (bug #410850; unimportant)
 	NOTE: This could only be exploited through the Magnatune shop
-CVE-2006-6979 (The ruby handlers in Amarok do not properly quote text in
certain ...)
+CVE-2006-6979 (The ruby handlers in the Magnatune component in Amarok do not
properly ...)
 	- amarok 1.4.4-1 (bug #410850; low)
 	[sarge] - amarok <not-affected> (Vulnerable code not present)
 CVE-2006-6978 (Cross-site scripting (XSS) vulnerability in the &quot;Basic
Toolbar ...)
@@ -2691,8 +2871,8 @@
 CVE-2007-0452 (smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated
users ...)
 	{DSA-1257}
 	- samba 3.0.23d-5 (low)
-CVE-2007-0450
-	RESERVED
+CVE-2007-0450 (Directory traversal vulnerability in Apache HTTP Server and
Tomcat 5.x ...)
+	TODO: check
 CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor
ARCserve ...)
 	NOT-FOR-US: CA BrightStor
 CVE-2007-0448
@@ -3175,8 +3355,7 @@
 	RESERVED
 CVE-2007-0238
 	RESERVED
-CVE-2007-0237 [lookup-el insecure tempfile handling]
-	RESERVED
+CVE-2007-0237 (The ndeb-binary feature in Lookup (lookup-el) allows local users
to ...)
 	- lookup-el 1.4-5 (low)
 CVE-2007-0236 (Double-free vulnerability in the _ATPsndrsp function in Apple
Mac OS X ...)
 	NOT-FOR-US: Mac OS X
@@ -3848,7 +4027,7 @@
 	NOT-FOR-US: Microsoft Excel
 CVE-2007-0026 (The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2,
and 2003 SP1 ...)
 	NOT-FOR-US: Microsoft
-CVE-2007-0025 (The MFC component in Microsoft Windows 2000 SP4, XP SP2, and
2003 SP1 and ...)
+CVE-2007-0025 (The MFC component in Microsoft Windows 2000 SP4, XP SP2, and
2003 SP1 ...)
 	NOT-FOR-US: Microsoft
 CVE-2007-0024 (Integer overflow in the Vector Markup Language (VML)
implementation ...)
 	NOT-FOR-US: Microsoft IE
@@ -4356,8 +4535,7 @@
 	RESERVED
 CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent
attackers ...)
 	- pam <not-affected> (Only pam 0.99.7 affected)
-CVE-2007-0002
-	RESERVED
+CVE-2007-0002 (Multiple heap-based buffer overflows in WordPerfect Document
...)
 	- libwpd 0.8.9-1
 CVE-2007-0001 (The file watch implementation in the audit subsystem (auditctl
-w) in ...)
 	- linux-2.6 <unfixed>
@@ -4833,7 +5011,7 @@
 	NOT-FOR-US: ShopSite
 CVE-2006-6484 (The IMAP service for MailEnable Professional and Enterprise
Edition ...)
 	NOT-FOR-US: MailEnable
-CVE-2006-6483 (Adobe ColdFusion MX7 does not properly filter HTML tags when
...)
+CVE-2006-6483 (Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter
HTML ...)
 	NOT-FOR-US: ColdFusion
 CVE-2006-6482 (Adobe ColdFusion MX7 allows remote attackers to obtain sensitive
...)
 	NOT-FOR-US: ColdFusion
@@ -5267,9 +5445,9 @@
 	NOT-FOR-US: Solaris
 CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net
iNews (1) ...)
 	NOT-FOR-US: Expinion.net iNews
-CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs
file, which ...)
+CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs
file, ...)
 	- fail2ban <not-affected> (looks fixed in 0.6, see #401793)
-CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd logs file, which
allows remote ...)
+CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd logs file, which
allows ...)
 	- denyhosts 2.6-1 (medium; bug #401795)
 CVE-2006-6273 (sp_index.php in Simple PHP Gallery 1.1 allows remote attackers
to ...)
 	NOT-FOR-US: Simple PHP Gallery
@@ -5708,7 +5886,7 @@
 	[sarge] - mozilla <unfixed> (high)
 	- xulrunner 1.8.0.10-1 (medium)
 	NOTE: Epiphany affected by xulrunner
-CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in Computer
...)
+CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly
...)
 	NOT-FOR-US: BrightStor
 CVE-2006-6075 (Cross-site scripting (XSS) vulnerability in addpost1.asp in
BaalAsp ...)
 	NOT-FOR-US: BaalAsp forum
@@ -9841,7 +10019,7 @@
 	REJECTED
 CVE-2006-4224 (Cross-site scripting (XSS) vulnerability in calendar.php in
Virtual ...)
 	NOT-FOR-US: Virtual War
-CVE-2006-4223 (IBM WebSphere Application Server before 6.0.2.13 allows ...)
+CVE-2006-4223 (IBM WebSphere Application Server (WAS) before 6.0.2.13 allows
...)
 	NOT-FOR-US: IBM WebSphere Application
 CVE-2006-4222 (Multiple unspecified vulnerabilities in IBM WebSphere
Application ...)
 	NOT-FOR-US: IBM WebSphere Application
@@ -12106,7 +12284,7 @@
 	NOT-FOR-US: OpenWebMail
 CVE-2006-3232 (Unspecified vulnerability in IBM WebSphere Application Server
before ...)
 	NOT-FOR-US: IBM WebSphere
-CVE-2006-3231 (Unspecified vulnerability in IBM WebSphere Application Server
before ...)
+CVE-2006-3231 (Unspecified vulnerability in IBM WebSphere Application Server
(WAS) ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2006-3230 (Cross-site scripting (XSS) vulnerability in index.tmpl in
Azureus ...)
 	NOT-FOR-US: Azureus plugin that isn''t distributed by default
Secure testing commits - Mar 2007 - r5562 - data/CVE

[Secure-testing-commits] r5562 - data/CVE
