Author: joeyh
Date: 2007-01-12 09:14:20 +0100 (Fri, 12 Jan 2007)
New Revision: 5246
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-01-12 02:03:53 UTC (rev 5245)
+++ data/CVE/list 2007-01-12 08:14:20 UTC (rev 5246)
@@ -1,82 +1,94 @@
-CVE-2007-0204
+CVE-2007-0205 (Multiple directory traversal vulnerabilities in @lex Guestbook
4.0.2 ...)
+ TODO: check
+CVE-2006-6920 (Cross-site scripting (XSS) vulnerability in Nucleus before 3.24
allows ...)
+ TODO: check
+CVE-2006-6919 (Firefox Sage extension 1.3.8 and earlier allows remote attackers
to ...)
+ TODO: check
+CVE-2006-6918 (Unspecified vulnerability in the Admin login for Georgian
discussion ...)
+ TODO: check
+CVE-2006-6917 (Multiple buffer overflows in Computer Associates (CA) BrightStor
...)
+ TODO: check
+CVE-2006-6916 (Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers
to ...)
+ TODO: check
+CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
- phpmyadmin <unfixed> (bug #406486; high)
-CVE-2007-0203
+CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before
2.9.2-rc1 ...)
- phpmyadmin <unfixed> (bug #406332; high)
-CVE-2007-0202
+CVE-2007-0202 (SQL injection vulnerability in index.php in @lex Guestbook 4.0.2
and ...)
NOT-FOR-US: @lex
-CVE-2007-0201
+CVE-2007-0201 (Buffer overflow in the cmd_usr function in ftp-gw in TIS
Internet ...)
NOT-FOR-US: TIS
-CVE-2007-0200
+CVE-2007-0200 (PHP remote file inclusion vulnerability in template.php in
Geoffrey ...)
NOT-FOR-US: Geoffrey Golliher Axiom Photo/News Gallery
-CVE-2007-0199
+CVE-2007-0199 (The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through
12.4 ...)
NOT-FOR-US: Cisco
-CVE-2007-0198
+CVE-2007-0198 (The JTapi Gateway process in Cisco Unified Contact Center
Enterprise, ...)
NOT-FOR-US: Cisco
-CVE-2007-0197
+CVE-2007-0197 (Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted
remote ...)
NOT-FOR-US: Apple Mac OS
-CVE-2007-0196
+CVE-2007-0196 (SQL injection vulnerability in admin_check_user.asp in
Motionborg Web ...)
NOT-FOR-US: Motionborg Web Real Estate
-CVE-2007-0195
+CVE-2007-0195 (my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0
displays ...)
TODO: RESERVED
-CVE-2007-0194
+CVE-2007-0194 (admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain
...)
TODO: RESERVED
-CVE-2007-0193
+CVE-2007-0193 (FON La Fonera routers do not properly limit DNS service access
by ...)
TODO: RESERVED
-CVE-2007-0192
+CVE-2007-0192 (Cross-site request forgery (CSRF) vulnerability in the save_main
...)
TODO: RESERVED
-CVE-2007-0191
+CVE-2007-0191 (Cross-site scripting (XSS) vulnerability in admin.php in
MKPortal ...)
TODO: RESERVED
-CVE-2007-0190
+CVE-2007-0190 (PHP remote file inclusion vulnerability in edit_address.php in
edit-x ...)
TODO: RESERVED
-CVE-2007-0189
+CVE-2007-0189 (** DISPUTED ** ...)
TODO: RESERVED
-CVE-2007-0188
+CVE-2007-0188 (F5 FirePass 5.4 through 5.5.1 does not properly enforce host
access ...)
TODO: RESERVED
-CVE-2007-0187
+CVE-2007-0187 (F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to
...)
TODO: RESERVED
-CVE-2007-0186
+CVE-2007-0186 (Multiple cross-site scripting (XSS) vulnerabilities in F5
FirePass SSL ...)
TODO: RESERVED
-CVE-2007-0185
+CVE-2007-0185 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers
to ...)
TODO: RESERVED
-CVE-2007-0184
+CVE-2007-0184 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers
to ...)
TODO: RESERVED
-CVE-2007-0183
+CVE-2007-0183 (Cross-site scripting (XSS) vulnerability in /search in iPlanet
Web ...)
TODO: RESERVED
-CVE-2007-0182
+CVE-2007-0182 (Multiple PHP remote file inclusion vulnerabilities in magic
photo ...)
TODO: RESERVED
-CVE-2007-0181
+CVE-2007-0181 (PHP remote file inclusion vulnerability in
include/common_function.php ...)
NOT-FOR-US: Magic Photo Storage website
-CVE-2007-0180
+CVE-2007-0180 (Stack-based buffer overflow in EF Commander 5.75 allows
user-assisted ...)
NOT-FOR-US: EF Commander
-CVE-2007-0179
+CVE-2007-0179 (SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2
allows ...)
NOT-FOR-US: PHPKIT
-CVE-2007-0178
+CVE-2007-0178 (PHP remote file inclusion vulnerability in info.php in Easy
Banner Pro ...)
NOT-FOR-US: Easy Banner Pro
-CVE-2007-0177
+CVE-2007-0177 (Cross-site scripting (XSS) vulnerability in the AJAX module in
...)
- mediawiki <unfixed> (bug #406238; medium)
NOTE: vendor advisory: http://sourceforge.net/forum/forum.php?forum_id=652721
-CVE-2007-0176
+CVE-2007-0176 (Cross-site scripting (XSS) vulnerability in
search/advanced_search.php ...)
TODO: check
-CVE-2007-0175
+CVE-2007-0175 (Cross-site scripting (XSS) vulnerability in htsrv/login.php in
...)
- b2evolution <not-affected>
-CVE-2007-0174
+CVE-2007-0174 (Multiple stack-based multiple buffer overflows in the
BRWOSSRE2UC.dll ...)
NOT-FOR-US: Sina UC2006
-CVE-2007-0173
+CVE-2007-0173 (Directory traversal vulnerability in index.php in L2J Statistik
Script ...)
NOT-FOR-US: L2J Statistik Script
-CVE-2007-0172
+CVE-2007-0172 (Multiple PHP remote file inclusion vulnerabilities in
AllMyGuests ...)
NOT-FOR-US: AllMyGuest
-CVE-2007-0171
+CVE-2007-0171 (PHP remote file inclusion vulnerability in index.php in
AllMyLinks ...)
NOT-FOR-US: AllMyLinks
-CVE-2007-0170
+CVE-2007-0170 (PHP remote file inclusion vulnerability in index.php in
AllMyVisitors ...)
NOT-FOR-US: AllmyVisitors
-CVE-2007-0169
+CVE-2007-0169 (Multiple buffer overflows in Computer Associates (CA) BrightStor
...)
TODO: check
-CVE-2007-0168
+CVE-2007-0168 (The Tape Engine service in Computer Associates (CA) BrightStor
...)
TODO: check
CVE-2007-0167 (Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC
Search ...)
NOT-FOR-US: PPC Search
-CVE-2007-0166
- RESERVED
+CVE-2007-0166 (The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify
...)
+ TODO: check
CVE-2007-0165 (Unspecified vulnerability in libnsl in Sun Solaris 8 and 9
allows ...)
NOT-FOR-US: Solaris
CVE-2007-0164 (Camouflage 1.2.1 embeds password information in the carrier
file, ...)
@@ -495,7 +507,7 @@
TODO: check
CVE-2007-0029 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and
v.X for Mac ...)
TODO: check
-CVE-2007-0028 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and
v.X for Mac ...)
+CVE-2007-0028 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and
v.X ...)
TODO: check
CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and
v.X for Mac ...)
TODO: check
@@ -2797,9 +2809,9 @@
RESERVED
CVE-2006-5859
RESERVED
-CVE-2006-5858 (Unspecified vulnerability in ColdFusion MX 7 through 7.0.2
allows ...)
+CVE-2006-5858 (Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on
Microsoft ...)
TODO: check
-CVE-2006-5857 (Unspecified vulnerability in Adobe Reader and Acrobat 7.0.8 and
...)
+CVE-2006-5857 (Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted
remote ...)
TODO: check
CVE-2006-5856 (Stack-based buffer overflow in the Adobe Download Manager before
2.2 ...)
NOT-FOR-US: Adobe Download Manager
@@ -13379,7 +13391,7 @@
RESERVED
CVE-2006-1306 (Microsoft Excel 2000 through 2004 allows user-assisted attackers
to ...)
NOT-FOR-US: Microsoft
-CVE-2006-1305 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted
remote attackers ...)
+CVE-2006-1305 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted
remote ...)
TODO: check
CVE-2006-1304 (Buffer overflow in Microsoft Excel 2000 through 2003 allows ...)
NOT-FOR-US: Microsoft
@@ -16450,7 +16462,7 @@
{DSA-930-2 DSA-930-1}
- smstools 1.16-1.1 (bug #347221; medium)
CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other
versions, ...)
- {DSA-954-1 CVE-2005-4560}
+ {DSA-954-1}
- wine 0.9.2-1 (bug #346197; medium)
CVE-2006-0082 (Format string vulnerability in the SetImageInfo function in
image.c ...)
{DSA-1213}