thr3ads.net - Secure testing commits - [Secure-testing-commits] r5333

If this information is useful, please help other people find it:
Share via:
Joey Hess
2007-Jan-23 21:14 UTC
[Secure-testing-commits] r5333 - data/CVE

Author: joeyh
Date: 2007-01-23 21:14:08 +0100 (Tue, 23 Jan 2007)
New Revision: 5333

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-01-23 19:26:08 UTC (rev 5332)
+++ data/CVE/list	2007-01-23 20:14:08 UTC (rev 5333)
@@ -1,3 +1,91 @@
+CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote
attackers ...)
+	TODO: check
+CVE-2007-0434 (BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1
through 2.1 ...)
+	TODO: check
+CVE-2007-0433 (Unspecified vulnerability in BEA AquaLogic Enterprise Security
2.0 ...)
+	TODO: check
+CVE-2007-0432 (BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly
reject ...)
+	TODO: check
+CVE-2007-0431 (AVM Fritz!Box 7050, and possibly other product models, allows
remote ...)
+	TODO: check
+CVE-2007-0430 (The shared_region_map_file_np function in Apple Mac OS X 10.4.8
and ...)
+	TODO: check
+CVE-2007-0429 (DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as
distributed ...)
+	TODO: check
+CVE-2007-0428 (Unspecified vulnerability in the chtbl_lookup function in hash.c
for ...)
+	TODO: check
+CVE-2007-0427 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002
...)
+	TODO: check
+CVE-2007-0426 (BEA WebLogic Portal 9.2, when running in a WebLogic Server
clustered ...)
+	TODO: check
+CVE-2007-0425 (Unspecified vulnerability in BEA WebLogic Platform and Server
8.1 ...)
+	TODO: check
+CVE-2007-0424 (Unspecified vulnerability in the BEA WebLogic Server proxy
plug-in for ...)
+	TODO: check
+CVE-2007-0423 (BEA WebLogic Portal 9.2 does not properly handle when an
administrator ...)
+	TODO: check
+CVE-2007-0422 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on
Solaris 9, ...)
+	TODO: check
+CVE-2007-0421 (BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7
...)
+	TODO: check
+CVE-2007-0420 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote
attackers to ...)
+	TODO: check
+CVE-2007-0419 (The BEA WebLogic Server proxy plug-in before June 2006 for the
Apache ...)
+	TODO: check
+CVE-2007-0418 (BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5,
9.0, and ...)
+	TODO: check
+CVE-2007-0417 (BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5,
9.0, and ...)
+	TODO: check
+CVE-2007-0416 (The WSEE runtime (WS-Security runtime) in BEA WebLogic Server
9.0 and ...)
+	TODO: check
+CVE-2007-0415 (BEA WebLogic Server 8.1 through 8.1 SP5 does not properly
enforce ...)
+	TODO: check
+CVE-2007-0414 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6,
8.1 ...)
+	TODO: check
+CVE-2007-0413 (BEA WebLogic Server 8.1 through 8.1 SP5 improperly cleartext
data in a ...)
+	TODO: check
+CVE-2007-0412 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7,
and 8.1 ...)
+	TODO: check
+CVE-2007-0411 (BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold,
when ...)
+	TODO: check
+CVE-2007-0410 (Unspecified vulnerability in the thread management in BEA
WebLogic 7.0 ...)
+	TODO: check
+CVE-2007-0409 (BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0
initial ...)
+	TODO: check
+CVE-2007-0408 (BEA Weblogic Server 8.1 through 8.1 SP4 does not properly
validate ...)
+	TODO: check
+CVE-2007-0407 (Cross-site scripting (XSS) vulnerability in Operation/User.pm in
Plain ...)
+	TODO: check
+CVE-2007-0406 (Multiple buffer overflows in the (1) main function in (a)
client.c, ...)
+	TODO: check
+CVE-2007-0405 (The LazyUser class in the AuthenticationMiddleware for Django
0.95 ...)
+	TODO: check
+CVE-2007-0404 (bin/compile-messages.py in Django 0.95 does not quote argument
strings ...)
+	TODO: check
+CVE-2007-0403 (SQL injection vulnerability in admin/memberlist.php in Easebay
...)
+	TODO: check
+CVE-2007-0402 (Cross-site scripting (XSS) vulnerability in
admin/edit_member.php in ...)
+	TODO: check
+CVE-2007-0401 (SQL injection vulnerability in admin/memberlist.php in Easebay
...)
+	TODO: check
+CVE-2007-0400 (Cross-site scripting (XSS) vulnerability in admin/memberlist.php
in ...)
+	TODO: check
+CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in MisterSP
...)
+	TODO: check
+CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in
OdysseusBlog ...)
+	TODO: check
+CVE-2006-6950 (Directory traversal vulnerability in Conti FTPServer 1.0 Build
2.8 ...)
+	TODO: check
+CVE-2006-6949 (Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext
in ...)
+	TODO: check
+CVE-2006-6948 (MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25
...)
+	TODO: check
+CVE-2006-6947 (The FTP server in the NEC MultiWriter 1700C allows remote
attackers to ...)
+	TODO: check
+CVE-2006-6946 (The web server in the NEC MultiWriter 1700C allows remote
attackers to ...)
+	TODO: check
 CVE-2007-XXXX [wordpress unregister_globals workaround from 2.0.7]
 	- wordpress 2.0.7 (bug #407116; unimportant)
 	NOTE: Non-issue, hash issue fixed since months in Sarge and Etch,
@@ -1020,10 +1108,10 @@
 	NOT-FOR-US: Microsoft IE
 CVE-2007-0023
 	RESERVED
-CVE-2007-0022
-	RESERVED
-CVE-2007-0021
-	RESERVED
+CVE-2007-0022 (Untrusted search path vulnerability in writeconfig in Apple Mac
OS X ...)
+	TODO: check
+CVE-2007-0021 (Format string vulnerability in Apple iChat 3.1.6 allows remote
...)
+	TODO: check
 CVE-2007-0020
 	RESERVED
 CVE-2007-0019 (Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1
and ...)
@@ -7258,7 +7346,7 @@
 	NOT-FOR-US: Business Objects
 CVE-2006-4098 (Stack-based buffer overflow in the CSRadius service in Cisco
Secure Access ...)
 	TODO: check
-CVE-2006-4097 (Multiple unspecified vulnerabilities in the CSRadius service in
Cisco Secure ...)
+CVE-2006-4097 (Multiple unspecified vulnerabilities in the CSRadius service in
Cisco ...)
 	TODO: check
 CVE-2006-4096 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote
attackers to ...)
 	{DSA-1172-1}
@@ -46350,7 +46438,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2002-0223 (Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads
5.0 ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2002-0222 (Etype Eserv 2.97 allows remote attackers to to redirect traffic
to ...)
+CVE-2002-0222 (Etype Eserv 2.97 allows remote attackers to redirect traffic to
other ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2002-0221 (Etype Eserv 2.97 allows remote attackers to cause a denial of
service ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
Secure testing commits - Jan 2007 - r5333 - data/CVE

[Secure-testing-commits] r5333 - data/CVE
