thr3ads.net - Secure testing commits - [Secure-testing-commits] r5448

If this information is useful, please help other people find it:
Share via:
Joey Hess
2007-Feb-13 09:14 UTC
[Secure-testing-commits] r5448 - data/CVE

Author: joeyh
Date: 2007-02-13 09:14:13 +0100 (Tue, 13 Feb 2007)
New Revision: 5448

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-02-12 22:02:10 UTC (rev 5447)
+++ data/CVE/list	2007-02-13 08:14:13 UTC (rev 5448)
@@ -1,3 +1,91 @@
+CVE-2007-0895 (Race condition in recursive directory deletion with the (1) -r
or (2) ...)
+	TODO: check
+CVE-2007-0894 (MediaWiki before 1.9.2 allows remote attackers to obtain
sensitive ...)
+	TODO: check
+CVE-2007-0893 (Directory traversal vulnerability in phpMyVisites before 2.2
allows ...)
+	TODO: check
+CVE-2007-0892 (CRLF injection vulnerability in phpMyVisites before 2.2 allows
remote ...)
+	TODO: check
+CVE-2007-0891 (Cross-site scripting (XSS) vulnerability in the
GetCurrentCompletePath ...)
+	TODO: check
+CVE-2007-0890 (Cross-site scripting (XSS) vulnerability in scripts/passwdmysql
in ...)
+	TODO: check
+CVE-2007-0889 (Kiwi CatTools before 3.2.0 beta uses weak encryption
(&quot;reversible ...)
+	TODO: check
+CVE-2007-0888 (Directory traversal vulnerability in the TFTP server in Kiwi
CatTools ...)
+	TODO: check
+CVE-2007-0887 (axigen 1.2.6 through 2.0.0b1 does not properly parse login ...)
+	TODO: check
+CVE-2007-0886 (Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1
allows ...)
+	TODO: check
+CVE-2007-0885 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2007-0884 (Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60
allows ...)
+	TODO: check
+CVE-2007-0883 (Directory traversal vulnerability in ...)
+	TODO: check
+CVE-2007-0882 (The telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10
and ...)
+	TODO: check
+CVE-2007-0881 (PHP remote file inclusion vulnerability in the Seitenschutz
plugin for ...)
+	TODO: check
+CVE-2007-0880 (Capital Request Forms stores sensitive information under the web
root ...)
+	TODO: check
+CVE-2007-0879 (Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0
allows ...)
+	TODO: check
+CVE-2007-0878 (Unspecified vulnerability in Microsoft Internet Explorer on
Windows ...)
+	TODO: check
+CVE-2007-0877 (Unspecified vulnerability in March Networks DVR 3000 and 4000
Digital ...)
+	TODO: check
+CVE-2007-0876 (Cross-site scripting (XSS) vulnerability in Quick Digital Image
...)
+	TODO: check
+CVE-2007-0875 (SQL injection vulnerability in install.php in mcRefer allows
remote ...)
+	TODO: check
+CVE-2007-0874 (Allons_voter 1.0 allows remote attackers to bypass
authentication and ...)
+	TODO: check
+CVE-2007-0873 (nabopoll 1.1.2 allows remote attackers to bypass authentication
and ...)
+	TODO: check
+CVE-2007-0872 (Directory traversal vulnerability in the Plain Old Webserver
(POW) ...)
+	TODO: check
+CVE-2007-0871 (Unrestricted file upload vulnerability in eXtremePow eXtreme
File ...)
+	TODO: check
+CVE-2006-7010 (The mosgetparam implementation in Joomla! before 1.0.10, does
not set ...)
+	TODO: check
+CVE-2006-7009 (Joomla! before 1.0.10 allows remote attackers to spoof the
frontend ...)
+	TODO: check
+CVE-2006-7008 (Unspecified vulnerability in Joomla! before 1.0.10 has unknown
impact ...)
+	TODO: check
+CVE-2006-7007 (Buffer overflow in Tiny FTPd 1.4 and earlier allows remote
attackers ...)
+	TODO: check
+CVE-2006-7006 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-7005 (SQL injection vulnerability in item.php in PSY Auction allows
remote ...)
+	TODO: check
+CVE-2006-7004 (Cross-site scripting (XSS) vulnerability in email_request.php in
PSY ...)
+	TODO: check
+CVE-2006-7003 (PHP remote file inclusion vulnerability in admin/index.php in
Fusion ...)
+	TODO: check
+CVE-2006-7002 (Cross-site scripting (XSS) vulnerability in add_comment.php in
...)
+	TODO: check
+CVE-2006-7001 (Directory traversal vulnerability in avatar.php in PhpMyChat
Plus 1.9 ...)
+	TODO: check
+CVE-2006-7000 (Headstart Solutions DeskPRO allows remote attackers to obtain
the full ...)
+	TODO: check
+CVE-2006-6999 (attachment.php in Headstart Solutions DeskPRO allows remote
attackers ...)
+	TODO: check
+CVE-2006-6998 (install/loader_help.php in Headstart Solutions DeskPRO allows
remote ...)
+	TODO: check
+CVE-2006-6997 (Unspecified vulnerability in a cryptographic feature in
MailEnable ...)
+	TODO: check
+CVE-2006-6996 (Multiple cross-site scripting (XSS) vulnerabilities in
warforge.NEWS ...)
+	TODO: check
+CVE-2006-6995 (mycontacts.php in V3 Chat allows remote authenticated users to
gain ...)
+	TODO: check
+CVE-2006-6994 (Unrestricted file upload vulnerability in add.asp in OzzyWork
Gallery, ...)
+	TODO: check
+CVE-2006-6993 (Multiple SQL injection vulnerabilities in pages/addcomment2.php
in ...)
+	TODO: check
+CVE-2005-4828 (Kolab Server 2.0.0 and 2.0.1 does not properly handle when a
large ...)
+	TODO: check
 CVE-2007-XXXX [dokuwiki conf directory accessible by web users]
 	- dokuwiki 0.0.20061106-3 (bug #410557)
 CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote
...)
@@ -238,8 +326,7 @@
 	RESERVED
 CVE-2007-0771
 	RESERVED
-CVE-2007-0770 [graphicsmagick bogus second read in macro call]
-	RESERVED
+CVE-2007-0770 (Buffer overflow in GraphicsMagick and ImageMagick allows
user-assisted ...)
 	- graphicsmagick 1.1.7-12
 	- imagemagick 7:6.2.4.5.dfsg1-0.14 (bug #410435)
 CVE-2006-6982 (3proxy 0.5 to 0.5.2 does not offer NTLM authentication before
basic ...)
@@ -763,10 +850,12 @@
 CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe
...)
 	NOT-FOR-US: 212cafe Guestbook
 CVE-2007-0541 (WordPress allows remote attackers to determine the existence of
...)
+	{DTSA-33-1}
 	- wordpress 2.1.0-1 (low)
 CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service
...)
 	- wordpress 2.1.0-1 (low)
 CVE-2007-0539 (WordPress before 2.1 allows remote attackers to cause a denial
of ...)
+	{DTSA-33-1}
 	- wordpress 2.1.0-1 (low)
 CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote
attackers to ...)
 	NOT-FOR-US: Telligent
@@ -1428,6 +1517,7 @@
 CVE-2007-0263 (Unspecified vulnerability in Total Commander before 6.5.6 allows
...)
 	NOT-FOR-US: Total Commander
 CVE-2007-0262 (WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly
verify ...)
+	{DTSA-33-1}
 	- wordpress <unfixed> (unimportant; bug #407289)
 CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit
when ...)
 	NOT-FOR-US: sNews
@@ -4628,7 +4718,7 @@
 	NOT-FOR-US: e107
 CVE-2006-5785 (Unspecified vulnerability in SAP Web Application Server 6.40
before ...)
 	NOT-FOR-US: SAP Web Application Server
-CVE-2006-5784 (Unspecified vulnerability in SAP Web Application Server 6.40
before ...)
+CVE-2006-5784 (Unspecified vulnerability in enserver.exe in SAP Web Application
...)
 	NOT-FOR-US: SAP Web Application Server
 CVE-2006-5783 (** DISPUTED ** ...)
 	NOTE: irreproducible firefox issue
@@ -12355,7 +12445,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-2377
 	RESERVED
-CVE-2006-2376 (Heap-based buffer overflow in the PolyPolygon function in
Graphics ...)
+CVE-2006-2376 (Integer overflow in the PolyPolygon function in Graphics
Rendering ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-2375
 	RESERVED
@@ -39043,7 +39133,7 @@
 	NOT-FOR-US: microsoft
 CVE-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote
...)
 	NOT-FOR-US: microsoft
-CVE-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users go
gain ...)
+CVE-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users to
gain ...)
 	NOT-FOR-US: microsoft
 CVE-2003-0229
 	RESERVED
Secure testing commits - Feb 2007 - r5448 - data/CVE

[Secure-testing-commits] r5448 - data/CVE
