thr3ads.net - Secure testing commits - [Secure-testing-commits] r5463

If this information is useful, please help other people find it:
Share via:
Joey Hess
2007-Feb-16 21:14 UTC
[Secure-testing-commits] r5463 - data/CVE

Author: joeyh
Date: 2007-02-16 21:14:34 +0100 (Fri, 16 Feb 2007)
New Revision: 5463

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-02-15 21:54:35 UTC (rev 5462)
+++ data/CVE/list	2007-02-16 20:14:34 UTC (rev 5463)
@@ -1,3 +1,169 @@
+CVE-2007-0981 (Mozilla based browsers allows remote attackers to bypass the
same ...)
+	TODO: check
+CVE-2007-0980 (Unspecified vulnerability in HP Serviceguard for Linux; packaged
for ...)
+	TODO: check
+CVE-2007-0979 (Unspecified vulnerability in LifeType before 1.1.6, and 1.2
before ...)
+	TODO: check
+CVE-2007-0978 (Buffer overflow in swcons in IBM AIX 5.3 allows local users to
gain ...)
+	TODO: check
+CVE-2007-0977 (IBM Lotus Domino R5 and R6 WebMail, with &quot;Generate HTML
for all ...)
+	TODO: check
+CVE-2007-0976 (Buffer overflow in the ActSoft DVD-Tools ActiveX control ...)
+	TODO: check
+CVE-2007-0975 (Variable extraction vulnerability in Ian Bezanson Apache Stats
before ...)
+	TODO: check
+CVE-2007-0974 (Multiple unspecified vulnerabilities in Ian Bezanson DropBox
before ...)
+	TODO: check
+CVE-2007-0973 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2007-0972 (Unrestricted file upload vulnerability in modules/emoticons.php
in ...)
+	TODO: check
+CVE-2007-0971 (Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5
allow ...)
+	TODO: check
+CVE-2007-0970 (Multiple SQL injection vulnerabilities in WebTester 5.0.20060927
and ...)
+	TODO: check
+CVE-2007-0969 (Multiple cross-site scripting (XSS) vulnerabilities in WebTester
...)
+	TODO: check
+CVE-2007-0968 (Unspecified vulnerability in Cisco Firewall Services Module
(FWSM) ...)
+	TODO: check
+CVE-2007-0967 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows
...)
+	TODO: check
+CVE-2007-0966 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when
the ...)
+	TODO: check
+CVE-2007-0965 (Cisco FWSM 3.x before 3.1(3.2), when authentication is
configured to ...)
+	TODO: check
+CVE-2007-0964 (Cisco FWSM 3.x before 3.1(3.18), when authentication is
configured to ...)
+	TODO: check
+CVE-2007-0963 (Unspecified vulnerability in Cisco Firewall Services Module
(FWSM) 3.x ...)
+	TODO: check
+CVE-2007-0962 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before
...)
+	TODO: check
+CVE-2007-0961 (Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before
...)
+	TODO: check
+CVE-2007-0960 (Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series
...)
+	TODO: check
+CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2,
when ...)
+	TODO: check
+CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read
unreadable ...)
+	TODO: check
+CVE-2007-0957
+	RESERVED
+CVE-2007-0956
+	RESERVED
+CVE-2007-0955 (The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable ...)
+	TODO: check
+CVE-2007-0954 (MOHA Chat 0.1b7 and earlier does not require authentication for
use of ...)
+	TODO: check
+CVE-2007-0953 (Cross-site scripting (XSS) vulnerability in search.pl in @Mail
4.61 ...)
+	TODO: check
+CVE-2007-0952 (Multiple cross-site scripting (XSS) vulnerabilities in
Scriptsez.net ...)
+	TODO: check
+CVE-2007-0951 (SQL injection vulnerability in listmain.asp in Fullaspsite ASP
Hosting ...)
+	TODO: check
+CVE-2007-0950 (Cross-site scripting (XSS) vulnerability in listmain.asp in ...)
+	TODO: check
+CVE-2007-0949 (Stack-based buffer overflow in iTinySoft Studio Total Video
Player ...)
+	TODO: check
+CVE-2007-0948
+	RESERVED
+CVE-2007-0947
+	RESERVED
+CVE-2007-0946
+	RESERVED
+CVE-2007-0945
+	RESERVED
+CVE-2007-0944
+	RESERVED
+CVE-2007-0943
+	RESERVED
+CVE-2007-0942
+	RESERVED
+CVE-2007-0941
+	RESERVED
+CVE-2007-0940
+	RESERVED
+CVE-2007-0939
+	RESERVED
+CVE-2007-0938
+	RESERVED
+CVE-2007-0937
+	RESERVED
+CVE-2007-0936
+	RESERVED
+CVE-2007-0935
+	RESERVED
+CVE-2007-0934
+	RESERVED
+CVE-2007-0933
+	RESERVED
+CVE-2007-0932 (Unspecified vulnerability in Aruba Mobility Controller 200, 800,
2400, ...)
+	TODO: check
+CVE-2007-0931 (Buffer overflow in the management interface for Aruba Mobility
...)
+	TODO: check
+CVE-2007-0930 (Variable extract vulnerability in Apache Stats before 0.0.3beta
allows ...)
+	TODO: check
+CVE-2007-0929 (Directory traversal vulnerability in php rrd browser before
0.2.1 ...)
+	TODO: check
+CVE-2007-0928 (Virtual Calendar stores sensitive information under the web root
with ...)
+	TODO: check
+CVE-2007-0927 (Heap-based buffer overflow in uTorrent 1.6 allows remote
attackers to ...)
+	TODO: check
+CVE-2007-0926 (The dologin function in guestbook.php in KvGuestbook 1.0 Beta
allows ...)
+	TODO: check
+CVE-2007-0925 (Cross-site scripting (XSS) vulnerability in
search/SearchResults.aspx ...)
+	TODO: check
+CVE-2007-0924 (Till Gerken phpPolls 1.0.3 allows remote attackers to bypass
...)
+	TODO: check
+CVE-2007-0923 (buscador/buscador.htm in Portal Search allows remote attackers
to ...)
+	TODO: check
+CVE-2007-0922 (Cross-site scripting (XSS) vulnerability in
buscador/buscador.htm in ...)
+	TODO: check
+CVE-2007-0921 (Portal Search allows remote attackers to redirect a URL to an
...)
+	TODO: check
+CVE-2007-0920 (SQL injection vulnerability in philboard_forum.asp in Philboard
1.14 ...)
+	TODO: check
+CVE-2007-0919 (Directory traversal vulnerability in Nickolas Grigoriadis Mini
Web ...)
+	TODO: check
+CVE-2007-0918 (The ATOMIC.TCP signature engine in the Intrusion Prevention
System ...)
+	TODO: check
+CVE-2007-0917 (The Intrusion Prevention System (IPS) feature for Cisco IOS
12.4XE to ...)
+	TODO: check
+CVE-2007-0916 (Unspecified vulnerability in the Address and Routing Parameter
Area ...)
+	TODO: check
+CVE-2007-0915 (Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote
attackers ...)
+	TODO: check
+CVE-2007-0914 (Race condition in the TCP subsystem for Solaris 10 allows remote
...)
+	TODO: check
+CVE-2007-0913 (Unspecified vulnerability in Microsoft Powerpoint allows remote
...)
+	TODO: check
+CVE-2006-7024 (Multiple PHP remote file inclusion vulnerabilities in Harpia CMS
1.0.5 ...)
+	TODO: check
+CVE-2006-7023 (Multiple cross-site scripting (XSS) vulnerabilities in fx-APP
0.0.8.1 ...)
+	TODO: check
+CVE-2006-7022 (The Tools module in fx-APP 0.0.8.1 allows remote attackers to
...)
+	TODO: check
+CVE-2006-7021 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-7020 (CRLF injection vulnerability in (1)
include/inc_act/act_formmailer.php ...)
+	TODO: check
+CVE-2006-7019 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote
...)
+	TODO: check
+CVE-2006-7018 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote
...)
+	TODO: check
+CVE-2006-7017 (Multiple PHP remote file inclusion vulnerabilities in Indexu
5.0.1 ...)
+	TODO: check
+CVE-2006-7016 (phpjobboard allows remote attackers to bypass authentication and
gain ...)
+	TODO: check
+CVE-2006-7015 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-7014 (admin.php in BloggIT 1.01 and earlier does not properly
establish a ...)
+	TODO: check
+CVE-2006-7013 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-7012 (scart.cgi in SCart 2.0 allows remote attackers to execute
arbitrary ...)
+	TODO: check
+CVE-2006-7011 (** DISPUTED ** ...)
+	TODO: check
 CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in
admin/admin.adm.php ...)
 	NOT-FOR-US: JPortal
 CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1 might
allow ...)
@@ -65,7 +231,7 @@
 	- mimedefang <not-affected> (Only versions 2.59 and 2.60 vulnerable)
 CVE-2007-0883 (Directory traversal vulnerability in ...)
 	NOT-FOR-US: IP3 NetAccess
-CVE-2007-0882 (The telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10
and ...)
+CVE-2007-0882 (Argument injection vulnerability in the telnet daemon
(in.telnetd) in ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2007-0881 (PHP remote file inclusion vulnerability in the Seitenschutz
plugin for ...)
 	NOT-FOR-US: OPENi-CMS
@@ -151,8 +317,8 @@
 	NOT-FOR-US: phpCOIN
 CVE-2007-0860 (** DISPUTED ** ...)
 	NOT-FOR-US: local Calendar System
-CVE-2007-0859
-	RESERVED
+CVE-2007-0859 (The Find feature in Palm OS Treo smart phones operates despite
the ...)
+	TODO: check
 CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote
...)
 	NOT-FOR-US: GoSuRF Browser
 CVE-2006-6991 (Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote
...)
@@ -205,7 +371,7 @@
 	NOT-FOR-US: DevTrack
 CVE-2007-0852 (Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows
remote ...)
 	NOT-FOR-US: DevTrack
-CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300,
before ...)
+CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300
before ...)
 	NOT-FOR-US: Trend Micro Scan Engine
 CVE-2007-0850 (scripts/cronscript.php in SysCP 1.2.15 and earlier includes and
...)
 	NOT-FOR-US: SysCP
@@ -652,10 +818,10 @@
 	RESERVED
 CVE-2007-0653
 	RESERVED
-CVE-2007-0652
-	RESERVED
-CVE-2007-0651
-	RESERVED
+CVE-2007-0652 (Cross-site request forgery (CSRF) vulnerability in MailEnable
Professional ...)
+	TODO: check
+CVE-2007-0651 (Multiple cross-site scripting (XSS) vulnerabilities in
MailEnable ...)
+	TODO: check
 CVE-2007-0650 (Buffer overflow in the open_sty function in mkind.c for
makeindex 2.14 ...)
 	- tetex-bin <not-affected> (Only vulnerable if compiled w/o kpathsea
support, Debian does)
 CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in
OpenEMR ...)
@@ -1417,8 +1583,8 @@
 	RESERVED
 CVE-2007-0325
 	RESERVED
-CVE-2007-0324
-	RESERVED
+CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in
...)
+	TODO: check
 CVE-2007-0323
 	RESERVED
 CVE-2007-0322
@@ -4582,10 +4748,10 @@
 	NOT-FOR-US: Network Administration Visualized
 CVE-2006-5861 (The Independent Management Architecture (IMA) service
(ImaSrv.exe) in ...)
 	NOT-FOR-US: Citrix
-CVE-2006-5860
-	RESERVED
-CVE-2006-5859
-	RESERVED
+CVE-2006-5860 (Cross-site scripting (XSS) vulnerability in the administrator
console ...)
+	TODO: check
+CVE-2006-5859 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX
7 7.0 ...)
+	TODO: check
 CVE-2006-5858 (Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on
Microsoft ...)
 	NOT-FOR-US: Adobe
 CVE-2006-5857 (Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted
remote ...)
@@ -10018,7 +10184,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through
2003, ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-3448 (The Step-by-Step Interactive Training in Microsoft Windows 2000
SP4, ...)
+CVE-2006-3448 (Buffer overflow in the Step-by-Step Interactive Training in
Microsoft ...)
 	TODO: check
 CVE-2006-3447
 	RESERVED
@@ -13274,7 +13440,7 @@
 	- resmgr <not-affected>
 CVE-2006-XXXX [librsvg2 crash on certain svg files]
 	- librsvg 2.14.3-2 (bug #361653; bug #361540; medium)
-CVE-2006-2018 (** DISPUTED ** ...)
+CVE-2006-2018 (SQL injection vulnerability in calendar.php in vBulletin 3.0.x
allows ...)
 	NOT-FOR-US: vBulletin
 CVE-2006-2017 (Dnsmasq 2.29 allows remote attackers to cause a denial of
service ...)
 	- dnsmasq 2.30-1 (medium)
@@ -15704,7 +15870,7 @@
 	- linux-2.6 2.6.15+2.6.16-rc5-0experimental.1 (low)
 CVE-2006-1051 (SQL injection vulnerability in Akarru Social BookMarking Engine
before ...)
 	NOT-FOR-US: Akurru Social BookMarking Engine
-CVE-2006-1050 (Kwik-Pay Payroll 4.2.20, and possibly other versions, stores the
...)
+CVE-2006-1050 (** DISPUTED ** ...)
 	NOT-FOR-US: Kwik-Pay Payroll
 CVE-2005-4728 (Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on
Debian ...)
 	- amaya 9.4-1 (bug #341424)
@@ -17635,7 +17801,7 @@
 	NOT-FOR-US: Oracle
 CVE-2006-0271 (Unspecified vulnerability in the Upgrade &amp; Downgrade
component of ...)
 	NOT-FOR-US: Oracle
-CVE-2006-0270 (Unspecified vulnerability in the TDE Wallet component of Oracle
...)
+CVE-2006-0270 (Unspecified vulnerability in the Transparent Data Encryption
(TDE) ...)
 	NOT-FOR-US: Oracle
 CVE-2006-0269 (Unspecified vulnerability in the Streams Capture component of
Oracle ...)
 	NOT-FOR-US: Oracle
@@ -24939,7 +25105,7 @@
 	NOT-FOR-US: PHP Surveyor
 CVE-2005-2379 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle
Reports ...)
 	NOT-FOR-US: Oracle Reports
-CVE-2005-2378 (Oracle Reports allows remote attackers to read arbitrary files
via an ...)
+CVE-2005-2378 (Directory traversal vulnerability in Oracle Reports allows
remote ...)
 	NOT-FOR-US: Oracle Reports
 CVE-2005-2377 (nss_ldap 181 to versions before 213, as used in Mandrake
Corporate ...)
 	- libnss-ldap <not-affected> (Mandrake specfic vulnerability)
@@ -24953,7 +25119,7 @@
 	NOT-FOR-US: SlimFTPd
 CVE-2005-2372 (Oracle Forms 4.5 through 10g starts form executables from
arbitrary ...)
 	NOT-FOR-US: Oracle Forms
-CVE-2005-2371 (Unknown vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g
allows ...)
+CVE-2005-2371 (Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i,
and ...)
 	NOT-FOR-US: Oracle Reports
 CVE-2005-2370 (Multiple &quot;memory alignment errors&quot; in libgadu,
as used in ekg before ...)
 	{DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
Secure testing commits - Feb 2007 - r5463 - data/CVE

[Secure-testing-commits] r5463 - data/CVE
