Author: joeyh
Date: 2007-03-24 09:14:12 +0000 (Sat, 24 Mar 2007)
New Revision: 5577
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-03-23 22:31:16 UTC (rev 5576)
+++ data/CVE/list 2007-03-24 09:14:12 UTC (rev 5577)
@@ -1,3 +1,159 @@
+CVE-2007-1590 (The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14
and ...)
+ TODO: check
+CVE-2007-1589 (TrueCrypt before 4.3, when set-euid mode is used on Linux,
allows ...)
+ TODO: check
+CVE-2007-1588 (server.cpp in MyServer 0.8.5 calls Process::setuid before
calling ...)
+ TODO: check
+CVE-2007-1587 (templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92
allows ...)
+ TODO: check
+CVE-2007-1586 (ZynOS 3.40 allows remote attackers to cause a denial of service
(link ...)
+ TODO: check
+CVE-2007-1585 (The Linksys WAG200G with firmware 1.01.01 allows remote
attackers to ...)
+ TODO: check
+CVE-2007-1584 (Buffer underflow in the header function in PHP 5.2.0 allows ...)
+ TODO: check
+CVE-2007-1583 (The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0
through ...)
+ TODO: check
+CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through
5.2.1 ...)
+ TODO: check
+CVE-2007-1581 (The resource system in PHP 5.0.0 through 5.2.1 allows ...)
+ TODO: check
+CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2007-1579 (Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote
...)
+ TODO: check
+CVE-2007-1578 (Multiple integer signedness errors in the NTLM implementation in
...)
+ TODO: check
+CVE-2007-1577 (Directory traversal vulnerability in index.php in GeBlog 0.1
allows ...)
+ TODO: check
+CVE-2007-1576 (Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt
...)
+ TODO: check
+CVE-2007-1575 (Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when
...)
+ TODO: check
+CVE-2007-1574 (CARE2X 2.2, and possibly earlier, allows remote attackers to
obtain ...)
+ TODO: check
+CVE-2007-1573 (SQL injection vulnerability in admincp/attachment.php in Jelsoft
...)
+ TODO: check
+CVE-2007-1572 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1
and ...)
+ TODO: check
+CVE-2007-1571 (PHP remote file inclusion vulnerability in includes/base.php in
...)
+ TODO: check
+CVE-2007-1570 (SQL injection vulnerability in devami.asp in X-ice Haber Sistemi
(aka ...)
+ TODO: check
+CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote
...)
+ TODO: check
+CVE-2007-1568 (Stack-based buffer overflow in DaanSystems NewsReactor
20070220.21 ...)
+ TODO: check
+CVE-2007-1567 (Stack-based buffer overflow in War FTP Daemon 1.65, and possibly
...)
+ TODO: check
+CVE-2007-1566 (SQL injection vulnerability in News/page.asp in NetVIOS Portal
allows ...)
+ TODO: check
+CVE-2007-1565 (Konqueror 3.5.5 allows remote attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2007-1564 (The FTP protocol implementation in Konqueror 3.5.5 allows remote
...)
+ TODO: check
+CVE-2007-1563 (The FTP protocol implementation in Opera 9.10 allows remote
attackers ...)
+ TODO: check
+CVE-2007-1562 (The FTP protocol implementation in Mozilla Firefox before
1.5.0.11 and ...)
+ TODO: check
+CVE-2007-1561 (Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote
attackers ...)
+ TODO: check
+CVE-2007-1560 (The clientProcessRequest() function in squid/src/client_side.c
in ...)
+ TODO: check
+CVE-2007-1559
+ RESERVED
+CVE-2007-1558
+ RESERVED
+CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client
Security ...)
+ TODO: check
+CVE-2007-1556 (SQL injection vulnerability in kommentare.php in Creative Files
1.2 ...)
+ TODO: check
+CVE-2007-1555 (SQL injection vulnerability in forum.php in the Minerva mod
2.0.21 ...)
+ TODO: check
+CVE-2007-1554 (Direct static code injection vulnerability in
admin/configuration.php ...)
+ TODO: check
+CVE-2007-1553 (admin/configuration.php in Guestbara 1.2 and earlier allows
remote ...)
+ TODO: check
+CVE-2007-1552 (Unrestricted file upload vulnerability in usercp.php in
MetaForum ...)
+ TODO: check
+CVE-2007-1551 (Multiple cross-site scripting (XSS) vulnerabilities in phpx
3.5.15 ...)
+ TODO: check
+CVE-2007-1550 (Multiple SQL injection vulnerabilities in phpx 3.5.15 allow
remote ...)
+ TODO: check
+CVE-2007-1549 (Unrestricted file upload vulnerability in gallery.php in phpx
3.5.15 ...)
+ TODO: check
+CVE-2007-1548 (SQL injection vulnerability in functions/functions_filters.asp
in Web ...)
+ TODO: check
+CVE-2007-1547 (The ReadRequestFromClient function in server/os/io.c in Network
Audio ...)
+ TODO: check
+CVE-2007-1546 (Array index error in Network Audio System (NAS) before 1.8a SVN
237 ...)
+ TODO: check
+CVE-2007-1545 (The AddResource function in server/dia/resource.c in Network
Audio ...)
+ TODO: check
+CVE-2007-1544 (Integer overflow in the ProcAuWriteElement function in ...)
+ TODO: check
+CVE-2007-1543 (Stack-based buffer overflow in the accept_att_local function in
...)
+ TODO: check
+CVE-2007-1542 (Unspecified vulnerability in the Cisco IP Phone 7940 and 7960
running ...)
+ TODO: check
+CVE-2007-1541 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27
only ...)
+ TODO: check
+CVE-2007-1540 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27
and ...)
+ TODO: check
+CVE-2007-1539 (Directory traversal vulnerability in inc/map.func.php in
pragmaMX ...)
+ TODO: check
+CVE-2007-1538 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-1537 (\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and
2003 ...)
+ TODO: check
+CVE-2007-1536 (Integer underflow in the file_printf function in the
"file" program ...)
+ TODO: check
+CVE-2007-1535 (Microsoft Windows Vista establishes a Teredo address without
user ...)
+ TODO: check
+CVE-2007-1534 (DFSR.exe in Windows Meeting Space in Microsoft Windows Vista
remains ...)
+ TODO: check
+CVE-2007-1533 (The Teredo implementation in Microsoft Windows Vista uses the
same ...)
+ TODO: check
+CVE-2007-1532 (The neighbor discovery implementation in Microsoft Windows Vista
...)
+ TODO: check
+CVE-2007-1531 (Microsoft Windows Vista overwrites ARP table entries included in
...)
+ TODO: check
+CVE-2007-1530 (The LLTD Mapper in Microsoft Windows Vista does not properly
gather ...)
+ TODO: check
+CVE-2007-1529 (The LLTD Responder in Microsoft Windows Vista does not send the
Mapper ...)
+ TODO: check
+CVE-2007-1528 (The LLTD Mapper in Microsoft Windows Vista allows remote
attackers to ...)
+ TODO: check
+CVE-2007-1527 (The LLTD Mapper in Microsoft Windows Vista does not verify that
an IP ...)
+ TODO: check
+CVE-2007-1526 (Sun Java System Web Server 6.1 before 20070314 allows remote
...)
+ TODO: check
+CVE-2007-1525 (Direct static code injection vulnerability in postpost.php in
Dayfox ...)
+ TODO: check
+CVE-2007-1524 (Directory traversal vulnerability in themes/default/ in ZomPlog
3.7.6 ...)
+ TODO: check
+CVE-2007-1523 (Heap-based buffer overflow in the kernel in NetBSD 3.0, certain
...)
+ TODO: check
+CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0
and ...)
+ TODO: check
+CVE-2007-1521 (Double free vulnerability in PHP 5.2.1 and earlier allows ...)
+ TODO: check
+CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0
does ...)
+ TODO: check
+CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in
PHP-Nuke ...)
+ TODO: check
+CVE-2007-1518 (SQL injection vulnerability in usergroups.php in Woltlab Burning
Board ...)
+ TODO: check
+CVE-2007-1517 (SQL injection vulnerability in comments.php in WSN Guest 1.02
and 1.21 ...)
+ TODO: check
+CVE-2006-7174 (PHP remote file inclusion vulnerability in
includes/functions.php in ...)
+ TODO: check
+CVE-2006-7173 (Direct static code injection vulnerability in admin.php in
PHP-Stats ...)
+ TODO: check
+CVE-2006-7172 (Multiple SQL injection vulnerabilities in php-stats.recphp.php
in ...)
+ TODO: check
+CVE-2003-1322 (Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in
MERCUR ...)
+ TODO: check
CVE-2007-XXXX [Single-packet SIP INVITE DoS in asterisk]
- asterisk <unfixed> (bug #415466; medium)
NOTE: http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html
@@ -113,10 +269,10 @@
- libwpd 0.8.9-1 (medium)
CVE-2007-1465
RESERVED
-CVE-2007-1464
- RESERVED
-CVE-2007-1463
- RESERVED
+CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol in
...)
+ TODO: check
+CVE-2007-1463 (Format string vulnerability in Inkscape before 0.45.1 allows
...)
+ TODO: check
CVE-2007-1462 (The luci server component in conga preserves the password
between page ...)
NOT-FOR-US: conga
CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension
in PHP ...)
@@ -225,7 +381,7 @@
NOT-FOR-US: Duyuru Scripti
CVE-2007-1421 (Multiple PHP remote file inclusion vulnerabilities in Premod
SubDog 2 ...)
NOT-FOR-US: SubDog
-CVE-2007-1420 (MySQL 5.x before 5.0.37 allows local users to cause a denial of
...)
+CVE-2007-1420 (MySQL 5.x before 5.0.36 allows local users to cause a denial of
...)
- mysql-dfsg-5.0 5.0.32-8 (bug #414790)
CVE-2007-1419 (The Java Management Extensions Remote API Remote Method
Invocation ...)
NOT-FOR-US: JMX RMI-IIOP
@@ -443,8 +599,8 @@
RESERVED
CVE-2007-1314
RESERVED
-CVE-2007-1313
- RESERVED
+CVE-2007-1313 (NETxAutomation NETxEIB OPC Server before 3.0.1300 does not
properly ...)
+ TODO: check
CVE-2007-1312
RESERVED
CVE-2007-1311
@@ -1434,8 +1590,8 @@
NOTE: maintainer notes that this may affect browsers based on xulrunner
CVE-2007-1003
RESERVED
-CVE-2007-1002
- RESERVED
+CVE-2007-1002 (Format string vulnerability in the write_html function in ...)
+ TODO: check
CVE-2007-1001
RESERVED
CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c
in the ...)
@@ -2411,10 +2567,10 @@
NOT-FOR-US: phpBB2-MODificat it is a module to phpbb2
CVE-2007-0655
RESERVED
-CVE-2007-0654
- RESERVED
-CVE-2007-0653
- RESERVED
+CVE-2007-0654 (Integer underflow in X MultiMedia System (xmms) 1.2.10 allows
...)
+ TODO: check
+CVE-2007-0653 (Integer overflow in X MultiMedia System (xmms) 1.2.10, and
possibly ...)
+ TODO: check
CVE-2007-0652 (Cross-site request forgery (CSRF) vulnerability in MailEnable
Professional ...)
NOT-FOR-US: MailEnable Professional
CVE-2007-0651 (Multiple cross-site scripting (XSS) vulnerabilities in
MailEnable ...)
@@ -2511,10 +2667,10 @@
RESERVED
CVE-2007-0608
RESERVED
-CVE-2007-0607
- RESERVED
-CVE-2007-0606
- RESERVED
+CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled,
stores ...)
+ TODO: check
+CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive
information ...)
+ TODO: check
CVE-2007-0605
RESERVED
CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT)
before ...)
@@ -3136,8 +3292,8 @@
NOT-FOR-US: FileMailer
CVE-2007-0349 (Directory traversal vulnerability in upgrade.php in
nicecoder.com ...)
NOT-FOR-US: INDEXU
-CVE-2007-0348
- RESERVED
+CVE-2007-0348 (Stack-based buffer overflow in the IASystemInfo.dll ActiveX
control in ...)
+ TODO: check
CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not
...)
TODO: check
NOTE: it is unclear if 1.1.5 is vulnerable (is_repository_file is not in 1.1.5
source)
@@ -3377,12 +3533,10 @@
RESERVED
CVE-2007-0240
RESERVED
-CVE-2007-0239
- RESERVED
+CVE-2007-0239 (OpenOffice.org (OOo) Office Suite allows user-assisted remote
...)
{DSA-1270-1}
- openoffice.org 2.0.4.dfsg.2-6
-CVE-2007-0238
- RESERVED
+CVE-2007-0238 (Stack-based buffer overflow in the StarCalc parser in
OpenOffice.org ...)
{DSA-1270-1}
- openoffice.org 2.0.4.dfsg.2-6
CVE-2007-0237 (The ndeb-binary feature in Lookup (lookup-el) allows local users
to ...)
@@ -6935,7 +7089,7 @@
NOT-FOR-US: Microsoft
CVE-2006-5613 (PHP remote file inclusion in Core/core.inc.php in MP3 Streaming
...)
NOT-FOR-US: MP3 Streaming DownSampler (mp3SDS)
-CVE-2006-5612 (PHP remote file inclusion vulnerability in aide.php3 in GestArt
beta ...)
+CVE-2006-5612 (PHP remote file inclusion vulnerability in aide.php3 (aka
aide.php) in ...)
NOT-FOR-US: GestArt
CVE-2006-5611 (Unspecified vulnerability in Toshiba Bluetooth Stack before
4.20.01 ...)
NOT-FOR-US: Toshiba