Author: joeyh Date: 2007-01-10 21:14:20 +0100 (Wed, 10 Jan 2007) New Revision: 5233 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-10 18:46:17 UTC (rev 5232) +++ data/CVE/list 2007-01-10 20:14:20 UTC (rev 5233) @@ -1,3 +1,77 @@ +CVE-2007-0167 (Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search ...) + TODO: check +CVE-2007-0166 + RESERVED +CVE-2007-0165 (Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows ...) + TODO: check +CVE-2007-0164 (Camouflage 1.2.1 embeds password information in the carrier file, ...) + TODO: check +CVE-2007-0163 (SecureKit Steganography 1.7.1 and 1.8 embeds password information in ...) + TODO: check +CVE-2007-0162 (Unsanity Application Enhancer (APE) 2.0.2 installs with insecure ...) + TODO: check +CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as ...) + TODO: check +CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support ...) + TODO: check +CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...) + TODO: check +CVE-2007-0158 + RESERVED +CVE-2007-0157 (Array index error in the uri_lookup function in the URI parser for ...) + TODO: check +CVE-2007-0156 (M-Core stores the database under the web document root, which allows ...) + TODO: check +CVE-2007-0155 (HarikaOnline 2.0 stores sensitive information under the web root with ...) + TODO: check +CVE-2007-0154 (Webulas stores sensitive information under the web root with ...) + TODO: check +CVE-2007-0153 (AJLogin 3.5 stores sensitive information under the web root with ...) + TODO: check +CVE-2007-0152 (OhhASP stores sensitive information under the web root with ...) + TODO: check +CVE-2007-0151 (MitiSoft stores sensitive information under the web root with ...) + TODO: check +CVE-2007-0150 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...) + TODO: check +CVE-2007-0149 (EMembersPro 1.0 stores sensitive information under the web root with ...) + TODO: check +CVE-2007-0148 (Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote ...) + TODO: check +CVE-2007-0147 (Cuyahoga before 1.0.1 installs the FCKEditor component with an ...) + TODO: check +CVE-2007-0146 (Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips ...) + TODO: check +CVE-2007-0145 (PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP ...) + TODO: check +CVE-2007-0144 (Cross-site scripting (XSS) vulnerability in search.asp in Digitizing ...) + TODO: check +CVE-2007-0143 (Multiple PHP remote file inclusion vulnerabilities in NUNE News Script ...) + TODO: check +CVE-2007-0142 (SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce ...) + TODO: check +CVE-2007-0141 (Cross-site scripting (XSS) vulnerability in yald.php in Yet Another ...) + TODO: check +CVE-2007-0140 (SQL injection vulnerability in down.asp in Kolayindir Download ...) + TODO: check +CVE-2006-6915 (ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to ...) + TODO: check +CVE-2006-6914 (Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows ...) + TODO: check +CVE-2006-6913 (Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote ...) + TODO: check +CVE-2006-6912 (SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows ...) + TODO: check +CVE-2006-6911 (SQL injection vulnerability in search.asp in Digitizing Quote And ...) + TODO: check +CVE-2004-2675 (ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users ...) + TODO: check +CVE-2004-2674 (Directory traversal vulnerability in ArGoSoft FTP Server before ...) + TODO: check +CVE-2004-2673 (Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow ...) + TODO: check +CVE-2004-2672 (Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows ...) + TODO: check CVE-2007-0139 (Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in ...) NOT-FOR-US: DECnet-Plus CVE-2007-0138 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO ...) @@ -338,28 +412,28 @@ RESERVED CVE-2007-0035 RESERVED -CVE-2007-0034 - RESERVED -CVE-2007-0033 - RESERVED +CVE-2007-0034 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers ...) + TODO: check +CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to ...) + TODO: check CVE-2007-0032 RESERVED -CVE-2007-0031 - RESERVED -CVE-2007-0030 - RESERVED -CVE-2007-0029 - RESERVED -CVE-2007-0028 - RESERVED -CVE-2007-0027 - RESERVED +CVE-2007-0031 (Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, ...) + TODO: check +CVE-2007-0030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X ...) + TODO: check +CVE-2007-0029 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...) + TODO: check +CVE-2007-0028 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...) + TODO: check +CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...) + TODO: check CVE-2007-0026 RESERVED CVE-2007-0025 RESERVED -CVE-2007-0024 - RESERVED +CVE-2007-0024 (Integer overflow in the Vector Markup Language (VML) implementation ...) + TODO: check CVE-2007-0023 RESERVED CVE-2007-0022 @@ -484,7 +558,7 @@ NOT-FOR-US: Mxmania File Upload Manager CVE-2006-6812 (Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar ...) NOT-FOR-US: myPHPCalendar -CVE-2006-6811 (Buffer overflow in KsIRC 1.3.12 allows remote attackers to execute ...) +CVE-2006-6811 (KsIRC 1.3.12 allows remote attackers to cause a denial of service ...) - kdenetwork <unfixed> (bug #405828) CVE-2006-6810 (Unspecified vulnerability in the clear_user_list function in ...) NOT-FOR-US: DB Hub @@ -536,7 +610,7 @@ NOT-FOR-US: Newsletter MX CVE-2006-6786 (Open Newsletter 2.5 and earlier allows remote authenticated ...) NOT-FOR-US: Open Newsletter -CVE-2006-6785 (The admin PHP scripts in Open Newsletter 2.5 and earlier do not exit ...) +CVE-2006-6785 (The (1) settings.php and (2) subscribers.php scripts in Open ...) NOT-FOR-US: Open Newsletter CVE-2006-6784 (SQL injection vulnerability in Netbula Anyboard allows remote ...) NOT-FOR-US: Netbula Anyboard @@ -2030,10 +2104,9 @@ NOT-FOR-US: libharu CVE-2006-6145 (CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in ...) NOT-FOR-US: CRYPTOCard -CVE-2006-6144 - RESERVED -CVE-2006-6143 [mit-sa-2006-2: kadmind and rpc library call through function pointer to freed memory] - RESERVED +CVE-2006-6144 (The "mechglue" abstraction interface of the GSS-API library for ...) + TODO: check +CVE-2006-6143 (The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through ...) - krb5 1.4.4-6 CVE-2006-6142 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) {DSA-1241-1} @@ -2127,16 +2200,13 @@ [sarge] - gdm <not-affected> (Vulnerable code not present) CVE-2006-6104 (The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in ...) - mono 1.2.2.1-1 (low) -CVE-2006-6103 [X.Org Multiple integer overflows in dbe and render extensions] - RESERVED +CVE-2006-6103 (Integer overflow in the ProcDbeSwapBuffers function in the DBE ...) - xorg 2:1.1.1-15 [sarge] - xfree86 <unfixed> -CVE-2006-6102 [X.Org Multiple integer overflows in dbe and render extensions] - RESERVED +CVE-2006-6102 (Integer overflow in the ProcDbeGetVisualInfo function in the DBE ...) - xorg 2:1.1.1-15 [sarge] - xfree86 <unfixed> -CVE-2006-6101 [X.Org Multiple integer overflows in dbe and render extensions] - RESERVED +CVE-2006-6101 (Integer overflow in the ProcRenderAddGlyphs function in the Render ...) - xorg 2:1.1.1-15 [sarge] - xfree86 <unfixed> CVE-2006-6100 @@ -2631,7 +2701,7 @@ CVE-2006-5871 (smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before ...) {DSA-1237 DSA-1233} - linux-2.6 <not-affected> (Current Linux versions already implement intended behaviour) -CVE-2006-5870 (Multiple integer overflows in OpenOffice.org 2.0.4 and earlier, and ...) +CVE-2006-5870 (Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, ...) - openoffice.org 2.0.4-1 (medium; bug #405986; bug #405679) CVE-2006-5869 (pstotext before 1.9 allows user-assisted attackers to execute ...) {DSA-1220} @@ -2655,10 +2725,10 @@ RESERVED CVE-2006-5859 RESERVED -CVE-2006-5858 - RESERVED -CVE-2006-5857 - RESERVED +CVE-2006-5858 (Unspecified vulnerability in ColdFusion MX 7 through 7.0.2 allows ...) + TODO: check +CVE-2006-5857 (Unspecified vulnerability in Adobe Reader and Acrobat 7.0.8 and ...) + TODO: check CVE-2006-5856 (Stack-based buffer overflow in the Adobe Download Manager before 2.2 ...) NOT-FOR-US: Adobe Download Manager CVE-2006-5855 (Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 ...) @@ -3273,8 +3343,8 @@ RESERVED CVE-2006-5575 RESERVED -CVE-2006-5574 - RESERVED +CVE-2006-5574 (Unspecified vulnerability in the Brazilian Portuguese Grammar Checker ...) + TODO: check CVE-2006-5573 RESERVED CVE-2006-5572 @@ -8142,8 +8212,8 @@ NOT-FOR-US: Microsoft CVE-2006-3433 RESERVED -CVE-2006-3432 - RESERVED +CVE-2006-3432 (Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, ...) + TODO: check CVE-2006-3431 (Buffer overflow in certain Asian language versions of Microsoft Excel ...) NOT-FOR-US: Microsoft Excel CVE-2006-3430 (SQL injection vulnerability in checkprofile.asp in (1) PatchLink ...) @@ -13237,8 +13307,8 @@ RESERVED CVE-2006-1306 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...) NOT-FOR-US: Microsoft -CVE-2006-1305 - RESERVED +CVE-2006-1305 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers ...) + TODO: check CVE-2006-1304 (Buffer overflow in Microsoft Excel 2000 through 2003 allows ...) NOT-FOR-US: Microsoft CVE-2006-1303 (Multiple unspecified vulnerabilities in Microsoft Internet Explorer ...) @@ -30213,9 +30283,9 @@ NOT-FOR-US: Chat Anywhere CVE-2005-0521 (SendLink 1.5 stores sensitive information, possibly including ...) NOT-FOR-US: SendLink -CVE-2005-0520 (ArGoSoft before 1.4.2.8 allows remote attackers to read arbitrary ...) +CVE-2005-0520 (ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read ...) NOT-FOR-US: ArGoSoft -CVE-2005-0519 (ArGoSoft before 1.4.2.7 allows remote attackers to read arbitrary ...) +CVE-2005-0519 (ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read ...) NOT-FOR-US: ArGoSoft CVE-2005-0518 (eXeem 0.21 stores sensitive information such as passwords in plaintext ...) NOT-FOR-US: eXeem