thr3ads.net - Secure testing commits - [Secure-testing-commits] r5606

If this information is useful, please help other people find it:
Share via:
Joey Hess
2007-Mar-30 21:14 UTC
[Secure-testing-commits] r5606 - data/CVE

Author: joeyh
Date: 2007-03-30 21:14:14 +0000 (Fri, 30 Mar 2007)
New Revision: 5606

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-03-30 14:04:48 UTC (rev 5605)
+++ data/CVE/list	2007-03-30 21:14:14 UTC (rev 5606)
@@ -1,3 +1,410 @@
+CVE-2007-1782 (CruiseWorks 1.09e and earlier does not properly restrict user
access ...)
+	TODO: check
+CVE-2007-1781 (Minna De Office 1.x and 2.x does not properly restrict user
access to ...)
+	TODO: check
+CVE-2007-1780 (Cross-site scripting (XSS) vulnerability in the DHT shell
(owdhtshell) ...)
+	TODO: check
+CVE-2007-1779 (Multiple SQL injection vulnerabilities in the MySQL back-end in
...)
+	TODO: check
+CVE-2007-1778 (PHP remote file inclusion vulnerability in db/mysql.php in the
...)
+	TODO: check
+CVE-2007-1777 (Integer overflow in the zip_read_entry function in PHP 4 before
4.4.5 ...)
+	TODO: check
+CVE-2007-1776 (SQL injection vulnerability in index.php in the D4JeZine
(com_ezine) ...)
+	TODO: check
+CVE-2007-1775 (Unrestricted file upload vulnerability in upload.php3 in
JBrowser 2.4 ...)
+	TODO: check
+CVE-2007-1774 (Multiple cross-site scripting (XSS) vulnerabilities in
aBitWhizzy ...)
+	TODO: check
+CVE-2007-1773 (Multiple directory traversal vulnerabilities in aBitWhizzy allow
...)
+	TODO: check
+CVE-2007-1772 (The FTP service in HP JetDirect print servers allows remote
attackers ...)
+	TODO: check
+CVE-2007-1771 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-1770 (ESRI ArcSDE 8.3, 9.0, and 9.1 before 20070327, when using three
tiered ...)
+	TODO: check
+CVE-2007-1769 (Cross-site scripting (XSS) vulnerability in /search in Mephisto
0.7.3 ...)
+	TODO: check
+CVE-2007-1768 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2007-1767 (Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll
in ...)
+	TODO: check
+CVE-2007-1766 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-1765 (Unspecified vulnerability in Microsoft Windows 2000 SP4 through
Vista ...)
+	TODO: check
+CVE-2007-1764 (Stack-based buffer overflow in FastStone Image Viewer 2.8 allows
...)
+	TODO: check
+CVE-2007-1763 (The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista
allows ...)
+	TODO: check
+CVE-2007-1762 (Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize
URLs ...)
+	TODO: check
+CVE-2007-1761
+	RESERVED
+CVE-2007-1760
+	RESERVED
+CVE-2007-1759
+	RESERVED
+CVE-2007-1758
+	RESERVED
+CVE-2007-1757
+	RESERVED
+CVE-2007-1756
+	RESERVED
+CVE-2007-1755
+	RESERVED
+CVE-2007-1754
+	RESERVED
+CVE-2007-1753
+	RESERVED
+CVE-2007-1752
+	RESERVED
+CVE-2007-1751
+	RESERVED
+CVE-2007-1750
+	RESERVED
+CVE-2007-1749
+	RESERVED
+CVE-2007-1748
+	RESERVED
+CVE-2007-1747
+	RESERVED
+CVE-2007-1746
+	RESERVED
+CVE-2007-1745
+	RESERVED
+CVE-2007-1744
+	RESERVED
+CVE-2007-1743
+	RESERVED
+CVE-2007-1742
+	RESERVED
+CVE-2007-1741
+	RESERVED
+CVE-2007-1740
+	REJECTED
+	TODO: check
+CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus
Domino ...)
+	TODO: check
+CVE-2007-1738 (TrueCrypt 4.3, when installed setuid root, allows local users to
cause ...)
+	TODO: check
+CVE-2007-1737 (Opera 9.10 does not check URLs embedded in (1) object or (2)
iframe ...)
+	TODO: check
+CVE-2007-1736 (Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1)
object or ...)
+	TODO: check
+CVE-2007-1735 (Stack-based buffer overflow in Corel WordPerfect Office X3 ...)
+	TODO: check
+CVE-2007-1734 (The DCCP support in the do_dccp_getsockopt function in ...)
+	TODO: check
+CVE-2007-1733 (Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows
...)
+	TODO: check
+CVE-2007-1732 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-1731 (Multiple stack-based buffer overflows in High Performance
Anonymous ...)
+	TODO: check
+CVE-2007-1730 (Integer signedness error in the DCCP support in the
do_dccp_getsockopt ...)
+	TODO: check
+CVE-2007-1729 (SQL injection vulnerability in includes/start.php in Flexbb
1.0.0 ...)
+	TODO: check
+CVE-2007-1728 (The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and
...)
+	TODO: check
+CVE-2007-1727 (Unspecified vulnerability in HP OpenView Network Node Manager
(OV NNM) ...)
+	TODO: check
+CVE-2007-1726 (Unrestricted file upload vulnerability in index.php in IceBB
1.0-rc5 ...)
+	TODO: check
+CVE-2007-1725 (SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows
...)
+	TODO: check
+CVE-2007-1724 (Unspecified vulnerability in ReactOS 0.3.1 has unknown impact
and ...)
+	TODO: check
+CVE-2007-1723 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
+CVE-2007-1722 (Buffer overflow in the DownloadCertificateExt function in
SignKorea ...)
+	TODO: check
+CVE-2007-1721 (Multiple PHP remote file inclusion vulnerabilities in C-Arbre
0.6PR7 ...)
+	TODO: check
+CVE-2007-1720 (Directory traversal vulnerability in addressbook.php in the ...)
+	TODO: check
+CVE-2007-1719 (Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on
FreeBSD, ...)
+	TODO: check
+CVE-2007-1718 (CRLF injection vulnerability in the mail function in PHP 4.0.0
through ...)
+	TODO: check
+CVE-2007-1717 (The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through
5.2.1 ...)
+	TODO: check
+CVE-2007-1716 (pam_console does not properly restore ownership for certain
console ...)
+	TODO: check
+CVE-2007-1715 (PHP remote file inclusion vulnerability in frontpage.php in Free
Image ...)
+	TODO: check
+CVE-2007-1714 (Cross-site scripting (XSS) vulnerability in index.php in
CcCounter 2.0 ...)
+	TODO: check
+CVE-2007-1713 (CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21
2003.0211, ...)
+	TODO: check
+CVE-2007-1712 (SQL injection vulnerability in default.asp in ActiveWebSoftwares
...)
+	TODO: check
+CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and
4.4.6 ...)
+	TODO: check
+CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...)
+	TODO: check
+CVE-2007-1709 (Buffer overflow in the confirm_phpdoc_compiled function in the
phpDOC ...)
+	TODO: check
+CVE-2007-1708 (PHP remote file inclusion vulnerability in lib/db/ez_sql.php in
ttCMS ...)
+	TODO: check
+CVE-2007-1707 (PHP remote file inclusion vulnerability in index.php in Net Side
...)
+	TODO: check
+CVE-2007-1706 (SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows
...)
+	TODO: check
+CVE-2007-1705 (SQL injection vulnerability in default.asp in Active Trade 2
allows ...)
+	TODO: check
+CVE-2007-1704 (SQL injection vulnerability in index.php in the Car Manager ...)
+	TODO: check
+CVE-2007-1703 (SQL injection vulnerability in index.php in the RWCards
(com_rwcards) ...)
+	TODO: check
+CVE-2007-1702 (PHP remote file inclusion vulnerability in mod_flatmenu.php in
the ...)
+	TODO: check
+CVE-2007-1701 (PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when
register_globals is ...)
+	TODO: check
+CVE-2007-1700 (The session extension in PHP 4 before 4.4.5, and PHP 5 before
5.2.1, ...)
+	TODO: check
+CVE-2007-1699 (Multiple PHP remote file inclusion vulnerabilities in the SWmenu
...)
+	TODO: check
+CVE-2007-1698 (download.php in Philex 0.2.3 and earlier allows remote attackers
to ...)
+	TODO: check
+CVE-2007-1697 (PHP remote file inclusion vulnerability in header.inc.php in
Philex ...)
+	TODO: check
+CVE-2007-1696 (SQL injection vulnerability in ViewNewspapers.asp in Active
Newsletter ...)
+	TODO: check
+CVE-2007-1695 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-1694
+	RESERVED
+CVE-2007-1693
+	RESERVED
+CVE-2007-1692 (The default configuration of Microsoft Windows uses the Web
Proxy ...)
+	TODO: check
+CVE-2007-1691
+	RESERVED
+CVE-2007-1690
+	RESERVED
+CVE-2007-1689
+	RESERVED
+CVE-2007-1688
+	RESERVED
+CVE-2007-1687
+	RESERVED
+CVE-2007-1686
+	RESERVED
+CVE-2007-1685
+	RESERVED
+CVE-2007-1684
+	RESERVED
+CVE-2007-1683
+	RESERVED
+CVE-2007-1682
+	RESERVED
+CVE-2007-1681
+	RESERVED
+CVE-2007-1680
+	RESERVED
+CVE-2007-1679 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-1678 (Cross-site scripting (XSS) vulnerability in the Fizzle 0.5
extension ...)
+	TODO: check
+CVE-2007-1677 (Multiple buffer overflows in the ISO network protocol support in
the ...)
+	TODO: check
+CVE-2007-1676
+	RESERVED
+CVE-2007-1675 (Buffer overflow in the CRAM-MD5 authentication mechanism in the
IMAP ...)
+	TODO: check
+CVE-2007-1674
+	RESERVED
+CVE-2007-1673
+	RESERVED
+CVE-2007-1672
+	RESERVED
+CVE-2007-1671
+	RESERVED
+CVE-2007-1670
+	RESERVED
+CVE-2007-1669
+	RESERVED
+CVE-2007-1668
+	RESERVED
+CVE-2007-1667 (Multiple integer overflows in (1) the XGetPixel function in
ImUtil.c ...)
+	TODO: check
+CVE-2007-1666 (The processor_request function in the debugger server for
DataRescue ...)
+	TODO: check
+CVE-2007-1665
+	RESERVED
+CVE-2007-1664
+	RESERVED
+CVE-2007-1663
+	RESERVED
+CVE-2007-1662
+	RESERVED
+CVE-2007-1661
+	RESERVED
+CVE-2007-1660
+	RESERVED
+CVE-2007-1659
+	RESERVED
+CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow
user-assisted ...)
+	TODO: check
+CVE-2007-1657 (Stack-based buffer overflow in the file_compress function in
minigzip ...)
+	TODO: check
+CVE-2007-1656 (Multiple SQL injection vulnerabilities in index.php in Katalog
Plyt ...)
+	TODO: check
+CVE-2007-1655 (Buffer overflow in the fun_ladd function in funmath.cpp in
TinyMUX ...)
+	TODO: check
+CVE-2007-1654 (Buffer overflow in the Ne7sshSftp::addOpenHandle function in
...)
+	TODO: check
+CVE-2007-1653 (GlowWorm FW before 1.5.3b4 allows remote attackers to cause a
denial ...)
+	TODO: check
+CVE-2007-1652 (OpenID allows remote attackers to forcibly log a user into an
OpenID ...)
+	TODO: check
+CVE-2007-1651 (Cross-site request forgery (CSRF) vulnerability in OpenID allows
...)
+	TODO: check
+CVE-2007-1650 (pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote
attackers to ...)
+	TODO: check
+CVE-2007-1649 (PHP 5.2.1 allows context-dependent attackers to read portions of
heap ...)
+	TODO: check
+CVE-2007-1648 (0irc 1345 build 20060823 allows remote attackers to cause a
denial of ...)
+	TODO: check
+CVE-2007-1647 (Moodle 1.5.2 and earlier stores sensitive information under the
web ...)
+	TODO: check
+CVE-2007-1646 (Multiple cross-site scripting (XSS) vulnerabilities in SubHub
2.3.0 ...)
+	TODO: check
+CVE-2007-1645 (Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft
Windows ...)
+	TODO: check
+CVE-2007-1644 (The dynamic DNS update mechanism in the DNS Server service on
...)
+	TODO: check
+CVE-2007-1643 (Multiple PHP remote file inclusion vulnerabilities in LAN
Management ...)
+	TODO: check
+CVE-2007-1642 (Unspecified vulnerability in ManageEngine Firewall Analyzer
allows ...)
+	TODO: check
+CVE-2007-1641 (SQL injection vulnerability in index.php in PortailPHP 2.0
allows ...)
+	TODO: check
+CVE-2007-1640 (Multiple PHP remote file inclusion vulnerabilities in ClassWeb
2.03 ...)
+	TODO: check
+CVE-2007-1639 (Unrestricted file upload vulnerability in PHProjekt 5.2.0, when
...)
+	TODO: check
+CVE-2007-1638 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+	TODO: check
+CVE-2007-1637 (Multiple buffer overflows in the IMAILAPILib ActiveX control
...)
+	TODO: check
+CVE-2007-1636 (Directory traversal vulnerability in index.php in RoseOnlineCMS
3 B1 ...)
+	TODO: check
+CVE-2007-1635 (Static code injection vulnerability in admin/settings.php in Net
...)
+	TODO: check
+CVE-2007-1634 (Variable extraction vulnerability in grab_globals.php in Net
Portal ...)
+	TODO: check
+CVE-2007-1633 (Directory traversal vulnerability in bbcode_ref.php in the
Giorgio ...)
+	TODO: check
+CVE-2007-1632 (Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5
has ...)
+	TODO: check
+CVE-2007-1631 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-1630 (SQL injection vulnerability in default.asp in ActiveWebSoftwares
...)
+	TODO: check
+CVE-2007-1629 (SQL injection vulnerability in default.asp in ActiveWebSoftwares
...)
+	TODO: check
+CVE-2007-1628 (Multiple PHP remote file inclusion vulnerabilities in Study
planner ...)
+	TODO: check
+CVE-2007-1627 (Multiple SQL injection vulnerabilities in php-revista 1.1.2 and
...)
+	TODO: check
+CVE-2007-1626 (PHP remote file inclusion vulnerability in iframe.php in the
iFrame ...)
+	TODO: check
+CVE-2007-1625 (Cross-site scripting (XSS) vulnerability in save_entry.php in
...)
+	TODO: check
+CVE-2007-1624 (Multiple SQL injection vulnerabilities in realGuestbook 5.01
allow ...)
+	TODO: check
+CVE-2007-1623 (Multiple cross-site scripting (XSS) vulnerabilities in
realGuestbook ...)
+	TODO: check
+CVE-2007-1622 (Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in
...)
+	TODO: check
+CVE-2007-1621 (PHP remote file inclusion vulnerability in templates/head.php in
...)
+	TODO: check
+CVE-2007-1620 (Multiple PHP remote file inclusion vulnerabilities in PHP DB
Designer ...)
+	TODO: check
+CVE-2007-1619 (SQL injection vulnerability in viewcomments.php in ScriptMagix
Photo ...)
+	TODO: check
+CVE-2007-1618 (SQL injection vulnerability in index.php in ScriptMagix FAQ
Builder ...)
+	TODO: check
+CVE-2007-1617 (SQL injection vulnerability in index.php in ScriptMagix Recipes
2.0 ...)
+	TODO: check
+CVE-2007-1616 (SQL injection vulnerability in index.php in ScriptMagix Lyrics
2.0 and ...)
+	TODO: check
+CVE-2007-1615 (SQL injection vulnerability in index.php in ScriptMagix Jokes
2.0 and ...)
+	TODO: check
+CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function
in ...)
+	TODO: check
+CVE-2007-1613 (Directory traversal vulnerability in view.php in MPM Chat 2.5
allows ...)
+	TODO: check
+CVE-2007-1612 (SQL injection vulnerability in index.php in Katalog Plyt Audio
1.0 and ...)
+	TODO: check
+CVE-2007-1611 (Cross-site scripting (XSS) vulnerability in the RSS reader in a
...)
+	TODO: check
+CVE-2007-1610 (Cross-site scripting (XSS) vulnerability in the RSS reader in
Glue ...)
+	TODO: check
+CVE-2007-1609 (Cross-site scripting (XSS) vulnerability in servlet/Spy in
Dynamic ...)
+	TODO: check
+CVE-2007-1608 (CRLF injection vulnerability in IBM WebSphere Application Server
(WAS) ...)
+	TODO: check
+CVE-2007-1607 (search.php in w-Agora (Web-Agora) allows remote attackers to
obtain ...)
+	TODO: check
+CVE-2007-1606 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora
...)
+	TODO: check
+CVE-2007-1605 (w-Agora (Web-Agora) allows remote attackers to obtain sensitive
...)
+	TODO: check
+CVE-2007-1604 (Multiple unrestricted file upload vulnerabilities in w-Agora
...)
+	TODO: check
+CVE-2007-1603 (admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote
...)
+	TODO: check
+CVE-2007-1602 (SQL injection vulnerability in check_vote.php in Weekly Drawing
...)
+	TODO: check
+CVE-2007-1601 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-1600 (PHP remote file inclusion vulnerability in module.php in Digital
Eye ...)
+	TODO: check
+CVE-2007-1599 (wp-login.php in WordPress allows remote attackers to redirect
...)
+	TODO: check
+CVE-2007-1598 (Stack-based buffer overflow in InterVations FileCOPA FTP Server
1.01 ...)
+	TODO: check
+CVE-2007-1597 (Unclassified NewsBoard 1.6.3 stores sensitive information under
the ...)
+	TODO: check
+CVE-2007-1596 (Multiple PHP remote file inclusion vulnerabilities in the NFN
Address ...)
+	TODO: check
+CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in
Asterisk ...)
+	TODO: check
+CVE-2007-1594 (The handle_response function in chan_sip.c in Asterisk before
1.2.17 ...)
+	TODO: check
+CVE-2007-1593
+	RESERVED
+CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...)
+	TODO: check
+CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus
...)
+	TODO: check
+CVE-2006-7182 (PHP remote file inclusion vulnerability in noticias.php in MNews
2.0 ...)
+	TODO: check
+CVE-2006-7181 (Multiple PHP remote file inclusion vulnerabilities in Morcego
CMS ...)
+	TODO: check
+CVE-2006-7180 (ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted
packets ...)
+	TODO: check
+CVE-2006-7179 (ieee80211_input.c in MadWifi before 0.9.3 does not properly
process ...)
+	TODO: check
+CVE-2006-7178 (MadWifi before 0.9.3 does not properly handle reception of an
AUTH ...)
+	TODO: check
+CVE-2006-7177 (MadWifi, when Ad-Hoc mode is used, allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2006-7176 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4
Update ...)
+	TODO: check
+CVE-2006-7175 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4
Update ...)
+	TODO: check
+CVE-2005-4835 (The ath_rate_sample function in the ath_rate/sample/sample.c
sample ...)
+	TODO: check
+CVE-2003-1324 (Race condition in the can_open function in Elm ME+ 2.4, when
installed ...)
+	TODO: check
+CVE-2003-1323 (Elm ME+ 2.4 before PL109S, when installed setgid mail and the
...)
+	TODO: check
 CVE-2007-1590 (The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14
and ...)
 	NOT-FOR-US: Grandstream
 CVE-2007-1589 (TrueCrypt before 4.3, when set-euid mode is used on Linux,
allows ...)
@@ -60,7 +467,7 @@
 	NOT-FOR-US: Opera
 CVE-2007-1562 (The FTP protocol implementation in Mozilla Firefox before
1.5.0.11 and ...)
 	- iceweasel 2.0.0.3-1 (low)
-CVE-2007-1560 (The clientProcessRequest() function in squid/src/client_side.c
in ...)
+CVE-2007-1560 (The clientProcessRequest() function in src/client_side.c in
Squid 2.6 ...)
 	- squid 2.6.5-6
 CVE-2007-1559
 	RESERVED
@@ -163,7 +570,7 @@
 	NOT-FOR-US: PHP-Stats
 CVE-2003-1322 (Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in
MERCUR ...)
 	NOT-FOR-US: MERCUR IMAPD
-CVE-2007-1561 (Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote
attackers ...)
+CVE-2007-1561 (The channel driver in Asterisk before 1.2.17 and 1.4.x before
1.4.2 ...)
 	- asterisk <unfixed> (bug #415466; medium)
 	NOTE: http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html
 CVE-2007-XXXX [Asterisk segfault on SIP response code 0]
@@ -227,7 +634,7 @@
 	NOT-FOR-US: Avaya S87XX
 CVE-2007-1490 (Unspecified maintenance web pages in Avaya S87XX, S8500, and
S8300 ...)
 	NOT-FOR-US: Avaya S87XX
-CVE-2007-1489 (Unspecified vulnerability in WebAPP 0.9.9.6 before 20070312
allows ...)
+CVE-2007-1489 (Unspecified vulnerability in web-app.org Web Automated Perl
Portal ...)
 	NOT-FOR-US: WebAPP
 CVE-2007-1488 (Unspecified vulnerability in Sun Java System Web Server 6.0 and
6.1 ...)
 	NOT-FOR-US: Sun Java System Web Server
@@ -278,8 +685,8 @@
 	NOT-FOR-US: Cisco Secure Access Control Server
 CVE-2007-1466 (Integer overflow in the the WP6GeneralTextPacket::_readContents
...)
 	- libwpd 0.8.9-1 (medium)
-CVE-2007-1465
-	RESERVED
+CVE-2007-1465 (Stack-based buffer overflow in dproxy.c for dproxy 0.1 through
0.5 ...)
+	TODO: check
 CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol in
...)
 	- inkscape <unfixed> (medium)
 CVE-2007-1463 (Format string vulnerability in Inkscape before 0.45.1 allows
...)
@@ -506,7 +913,7 @@
 	NOT-FOR-US: Avaya Communications Manager
 CVE-2007-1366
 	RESERVED
-CVE-2007-1365 (Unspecified vulnerability in kern/uipc_mbuf2.c in OpenBSD 3.9
and 4.0 ...)
+CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0
allows ...)
 	NOT-FOR-US: OpenBSD Kernel
 CVE-2007-1364
 	RESERVED
@@ -538,8 +945,8 @@
 	RESERVED
 CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail
3.5.2 ...)
 	NOT-FOR-US: Novell NetMail
-CVE-2007-1349
-	RESERVED
+CVE-2007-1349 (PerlRun.pm in Apache mod_perl 1.30 and earlier, and
RegistryCooker.pm ...)
+	TODO: check
 CVE-2007-1348
 	RESERVED
 CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR,
and ...)
@@ -599,7 +1006,7 @@
 	RESERVED
 CVE-2007-1320
 	RESERVED
-CVE-2007-1319 (Unspecified vulnerability in the OPCDA interface in Takebishi
Electric ...)
+CVE-2007-1319 (Unspecified vulnerability in the IOPCServer::RemoveGroup
function in ...)
 	NOT-FOR-US: DeviceXPlorer OLE
 CVE-2007-1318
 	RESERVED
@@ -1269,7 +1676,7 @@
 	TODO: check epiphany, galeon and kazehakase
 CVE-2007-1083 (Buffer overflow in the Configuration Checker (ConfigChk) ActiveX
...)
 	NOT-FOR-US: ConfigChk ActiveX control
-CVE-2007-1082 (FTP Explorer 1.0.1 Build 047 allows remote servers to cause a
denial ...)
+CVE-2007-1082 (FTP Explorer 1.0.1 Build 047, and other versions before
1.0.1.52, ...)
 	NOT-FOR-US: FTP Explorer
 CVE-2007-1081 (The start function in class.t3lib_formmail.php in TYPO3 before
4.0.5, ...)
 	- typo3-src 4.0.5+debian-1 
@@ -1618,7 +2025,7 @@
 	- linux-2.6 2.6.18.dfsg.1-12 (medium)
 CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other
...)
 	- ekiga 2.0.3-5 (bug #414069; high)
-CVE-2007-0998 (The VNC server implementation in QEMU allows local users of a
guest ...)
+CVE-2007-0998 (The VNC server implementation in QEMU, as used by Xen and
possibly ...)
 	- xen-3.0 <unfixed> (medium)
 CVE-2007-0997
 	RESERVED
@@ -3550,8 +3957,7 @@
 CVE-2007-0241
 	RESERVED
 	- linux-2.6 2.6.18.dfsg.1-12
-CVE-2007-0240
-	RESERVED
+CVE-2007-0240 (Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and
earlier ...)
 	- zope2.9 2.9.7-1
 CVE-2007-0239 (OpenOffice.org (OOo) Office Suite allows user-assisted remote
...)
 	{DSA-1270-1}
@@ -4121,7 +4527,7 @@
 	NOT-FOR-US: PHP-Update
 CVE-2006-6877 (Directory traversal vulnerability in index.php in Matteo
Lucarelli ...)
 	NOT-FOR-US: Matteo Lucarelli 3editor
-CVE-2006-6876 (The fetchsms function in the SMS handling module
(libsms_getsms.c) in ...)
+CVE-2006-6876 (Buffer overflow in the fetchsms function in the SMS handling
module ...)
 	- openser 1.1.1-1 (medium)
 	[etch] - openser 1.1.0-9etch1
 	NOTE: http://www.openser.org/pub/openser/1.1.1/ChangeLog
@@ -4206,8 +4612,8 @@
 	RESERVED
 CVE-2007-0039
 	RESERVED
-CVE-2007-0038
-	RESERVED
+CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in
Microsoft ...)
+	TODO: check
 CVE-2007-0037
 	RESERVED
 CVE-2007-0036
@@ -6039,11 +6445,11 @@
 	{DSA-1249-1}
 	- xorg-server 2:1.1.1-15
 CVE-2006-6100
-	RESERVED
+	REJECTED
 CVE-2006-6099
-	RESERVED
+	REJECTED
 CVE-2006-6098
-	RESERVED
+	REJECTED
 CVE-2006-6097 (GNU tar 1.16 and 1.15.1, and possibly other versions, allows
...)
 	{DSA-1223-1}
 	- tar 1.16-2 (high; bug #399845)
@@ -6200,7 +6606,7 @@
 	NOT-FOR-US: DoSePa
 CVE-2006-6027 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows
remote ...)
 	NOT-FOR-US: Adobe Reader
-CVE-2006-6026 (Heap-based buffer overflow in Helix DNA Server 11.0 and 11.1 has
...)
+CVE-2006-6026 (Heap-based buffer overflow in Real Networks Helix Server and
Helix ...)
 	NOT-FOR-US: Helix DNA Server
 CVE-2006-6025 (QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a
...)
 	NOT-FOR-US: QUALCOMM Eudora WorldMail
@@ -6782,7 +7188,7 @@
 CVE-2006-5757 (Race condition in the __find_get_block_slow function in the
ISO9660 ...)
 	- linux-2.6 2.6.18.dfsg.1-10 (low)
 CVE-2006-5756
-	RESERVED
+	REJECTED
 CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does
not ...)
 	- linux-2.6 2.6.18.dfsg.1-10
 CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly
...)
@@ -8779,8 +9185,8 @@
 	NOT-FOR-US: TeamCal
 CVE-2006-4844 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Claroline
-CVE-2006-4843
-	RESERVED
+CVE-2006-4843 (Cross-site scripting (XSS) vulnerability in the Active Content
Filter ...)
+	TODO: check
 CVE-2006-4842 (The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as
used in ...)
 	- xulrunner 1.8.0.9-1 (low; bug #405062)
 	[sarge] - mozilla <unfixed> (low)
@@ -10351,8 +10757,8 @@
 	NOT-FOR-US: Novell eDirectory
 CVE-2006-4176
 	RESERVED
-CVE-2006-4175
-	RESERVED
+CVE-2006-4175 (The LDAP server (ns-slapd) in Sun Java System Directory Server
5.2 ...)
+	TODO: check
 CVE-2006-4174
 	RESERVED
 CVE-2006-4173
@@ -19588,7 +19994,7 @@
 	NOT-FOR-US: aoblogger
 CVE-2006-0309 (Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows
remote ...)
 	NOT-FOR-US: Linksys hardware issue
-CVE-2006-0308 (PHP remote file include vulnerability in HTMLtonuke.php in
HTMLtoNuke ...)
+CVE-2006-0308 (PHP remote file inclusion vulnerability in htmltonuke.php in the
...)
 	NOT-FOR-US: HTMLtoNuke
 CVE-2006-0307 (The DM Primer in the DM Deployment Common Component in Computer
...)
 	NOT-FOR-US: CA BrightStor products
Secure testing commits - Mar 2007 - r5606 - data/CVE

[Secure-testing-commits] r5606 - data/CVE
