Author: joeyh Date: 2007-02-14 09:14:14 +0100 (Wed, 14 Feb 2007) New Revision: 5459 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-02-14 07:02:43 UTC (rev 5458) +++ data/CVE/list 2007-02-14 08:14:14 UTC (rev 5459) @@ -1,4 +1,39 @@ -CVE-2007-0451 (DoS in spamassassin URI parsing causes SA to enter loop eating all RAM) +CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php ...) + TODO: check +CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...) + TODO: check +CVE-2007-0910 (Unspecified vulnerability PHP before 5.2.1 allows attackers to ...) + TODO: check +CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...) + TODO: check +CVE-2007-0908 (The wddx extension in PHP before 5.2.1 allows remote attackers to ...) + TODO: check +CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a ...) + TODO: check +CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...) + TODO: check +CVE-2007-0905 (PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...) + TODO: check +CVE-2007-0904 (SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows ...) + TODO: check +CVE-2007-0903 (Unspecified vulnerability in the mod_roster_odbc module in ejabberd ...) + TODO: check +CVE-2007-0902 (Unspecified vulnerability in the "Show debugging information" feature ...) + TODO: check +CVE-2007-0901 (Multiple cross-site scripting (XSS) vulnerabilities in Info pages in ...) + TODO: check +CVE-2007-0900 (Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard ...) + TODO: check +CVE-2007-0899 + RESERVED +CVE-2007-0898 + RESERVED +CVE-2007-0897 + RESERVED +CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before ...) + TODO: check +CVE-2007-0451 + RESERVED - spamassassin 3.1.8 (bug #410843) NOTE: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5318 CVE-2007-0895 (Race condition in recursive directory deletion with the (1) -r or (2) ...) @@ -162,7 +197,7 @@ NOTE: which probably turns this into remote code execution NOTE: clamav can also call unrar -p-, but AFAICS not in default configuration TODO: unrar-free and clamav (which embeds unrar-free code) need to be checked -CVE-2007-0854 (Remote file inclusion vulnerability in objcache in cPanel WebHost ...) +CVE-2007-0854 (Remote file inclusion vulnerability in scripts2/objcache in cPanel ...) NOT-FOR-US: cPanel WebHost Manager CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers ...) NOT-FOR-US: DevTrack @@ -184,8 +219,8 @@ NOT-FOR-US: Advanced Poll CVE-2007-0843 RESERVED -CVE-2007-0842 - RESERVED +CVE-2007-0842 (The 64-bit versions of Microsoft Visual C++ 8.0 standard library ...) + TODO: check CVE-2007-0841 (Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have ...) NOT-FOR-US: vbDrupal CVE-2007-0840 (Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows ...) @@ -1623,30 +1658,30 @@ RESERVED CVE-2007-0220 RESERVED -CVE-2007-0219 - RESERVED +CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects ...) + TODO: check CVE-2007-0218 RESERVED -CVE-2007-0217 - RESERVED +CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 ...) + TODO: check CVE-2007-0216 RESERVED CVE-2007-0215 RESERVED -CVE-2007-0214 - RESERVED +CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 ...) + TODO: check CVE-2007-0213 RESERVED CVE-2007-0212 RESERVED -CVE-2007-0211 - RESERVED -CVE-2007-0210 - RESERVED -CVE-2007-0209 - RESERVED -CVE-2007-0208 - RESERVED +CVE-2007-0211 (The hardware detection functionality in the Windows Shell in Microsoft ...) + TODO: check +CVE-2007-0210 (The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 ...) + TODO: check +CVE-2007-0209 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works ...) + TODO: check +CVE-2007-0208 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works ...) + TODO: check CVE-2007-0207 RESERVED CVE-2007-0206 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) @@ -2244,10 +2279,10 @@ NOT-FOR-US: Microsoft Excel CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...) NOT-FOR-US: Microsoft Excel -CVE-2007-0026 - RESERVED -CVE-2007-0025 - RESERVED +CVE-2007-0026 (The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 ...) + TODO: check +CVE-2007-0025 (The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and ...) + TODO: check CVE-2007-0024 (Integer overflow in the Vector Markup Language (VML) implementation ...) NOT-FOR-US: Microsoft IE CVE-2007-0023 (The CFUserNotificationSendRequest function in ...) @@ -5844,8 +5879,8 @@ RESERVED CVE-2006-5271 RESERVED -CVE-2006-5270 - RESERVED +CVE-2006-5270 (Integer overflow in the Microsoft Malware Protection Engine ...) + TODO: check CVE-2006-5269 RESERVED CVE-2006-5268 @@ -7082,8 +7117,8 @@ RESERVED CVE-2006-4698 RESERVED -CVE-2006-4697 - RESERVED +CVE-2006-4697 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects ...) + TODO: check CVE-2006-4696 (Unspecified vulnerability in the Server service in Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2006-4695 @@ -9718,7 +9753,7 @@ NOT-FOR-US: McAfee VirusScan Enterprise CVE-2006-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...) NOT-FOR-US: Hitachi Groupmax Collaboration Portal and Web Client and uCosminexus Collaboration Portal and Forum/File Sharing -CVE-2006-3573 (Format string vulnerability in agl_text.cpp in Milan Mimica Sparklet ...) +CVE-2006-3573 (Format string vulnerability in the WriteText function in agl_text.cpp ...) NOT-FOR-US: Milan Mimica Sparklet CVE-2006-3572 (SQL injection vulnerability in forumthread.php in Papoo 3 RC3 and ...) NOT-FOR-US: Papoo @@ -9981,8 +10016,8 @@ NOT-FOR-US: Microsoft CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, ...) NOT-FOR-US: Microsoft -CVE-2006-3448 - RESERVED +CVE-2006-3448 (The Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, ...) + TODO: check CVE-2006-3447 RESERVED CVE-2006-3446 @@ -12562,7 +12597,7 @@ NOTE: Beginning with version 7.5.4, postgresql is a transition NOTE: package which does not contain actual code. That''s why NOTE: it''s marked as fixed here. (Previous versions are vulnerable.) -CVE-2006-2312 (Unspecified vulnerability in the URI handler in Skype 2.0.*.104 and ...) +CVE-2006-2312 (Argument injection vulnerability in the URI handler in Skype 2.0.*.104 ...) NOT-FOR-US: Skype CVE-2006-2311 (Cross-site scripting (XSS) vulnerability in BlueDragon Server and ...) NOT-FOR-US: BlueDragon Server and Server JX @@ -15058,8 +15093,8 @@ NOT-FOR-US: Microsoft JScript CVE-2006-1312 RESERVED -CVE-2006-1311 - RESERVED +CVE-2006-1311 (The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; ...) + TODO: check CVE-2006-1310 RESERVED CVE-2006-1309 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...) @@ -16405,7 +16440,7 @@ - wordpress <unfixed> (unimportant) CVE-2006-0732 (Directory traversal vulnerability in SAP Business Connector (BC) 4.6 ...) NOT-FOR-US: SAP Business Connector -CVE-2006-0731 (Unspecified vulnerability in SAP Business Connector Core Fix 7 and ...) +CVE-2006-0731 (WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and ...) NOT-FOR-US: SAP Business Connector CVE-2006-0730 (Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow ...) - dovecot 1.0.beta3-1 (bug #353341; medium)