thr3ads.net - Secure testing commits - [Secure-testing-commits] r5282

If this information is useful, please help other people find it:
Share via:
Joey Hess
2007-Jan-17 09:14 UTC
[Secure-testing-commits] r5282 - data/CVE

Author: joeyh
Date: 2007-01-17 09:14:16 +0100 (Wed, 17 Jan 2007)
New Revision: 5282

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-01-16 22:29:49 UTC (rev 5281)
+++ data/CVE/list	2007-01-17 08:14:16 UTC (rev 5282)
@@ -1,3 +1,225 @@
+CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD
...)
+	TODO: check
+CVE-2007-0296 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD
...)
+	TODO: check
+CVE-2007-0295 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD
...)
+	TODO: check
+CVE-2007-0294 (Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1
has ...)
+	TODO: check
+CVE-2007-0293 (Multiple unspecified vulnerabilities in Oracle Enterprise
Manager ...)
+	TODO: check
+CVE-2007-0292 (Multiple unspecified vulnerabilities in Oracle Enterprise
Manager ...)
+	TODO: check
+CVE-2007-0291 (Unspecified vulnerability in Oracle E-Business Suite and
Applications ...)
+	TODO: check
+CVE-2007-0290 (Multiple unspecified vulnerabilities in Oracle E-Business Suite
and ...)
+	TODO: check
+CVE-2007-0289 (Multiple unspecified vulnerabilities in Oracle Collaboration
Suite ...)
+	TODO: check
+CVE-2007-0288 (Unspecified vulnerability in Oracle Application Server 10.1.4.0
has ...)
+	TODO: check
+CVE-2007-0287 (Unspecified vulnerability in Oracle Application Server 9.0.4.3,
...)
+	TODO: check
+CVE-2007-0286 (Unspecified vulnerability in Oracle Application Server
10.1.2.0.2 and ...)
+	TODO: check
+CVE-2007-0285 (Unspecified vulnerability in Oracle Application Server 9.0.4.3,
...)
+	TODO: check
+CVE-2007-0284 (Multiple unspecified vulnerabilities in Oracle Application
Server ...)
+	TODO: check
+CVE-2007-0283 (Unspecified vulnerability in Oracle Application Server 9.0.4.3
and ...)
+	TODO: check
+CVE-2007-0282 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5,
Application ...)
+	TODO: check
+CVE-2007-0281 (Multiple unspecified vulnerabilities in Oracle HTTP Server
9.0.1.5, ...)
+	TODO: check
+CVE-2007-0280 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5,
Application ...)
+	TODO: check
+CVE-2007-0279 (Multiple unspecified vulnerabilities in Oracle HTTP Server
9.2.0.8 and ...)
+	TODO: check
+CVE-2007-0278 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4,
...)
+	TODO: check
+CVE-2007-0277 (Unspecified vulnerability in Oracle Database client-only
10.1.0.4 has ...)
+	TODO: check
+CVE-2007-0276 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4
and ...)
+	TODO: check
+CVE-2007-0275 (Unspecified vulnerability in Oracle Workflow Cartridge, as used
in ...)
+	TODO: check
+CVE-2007-0274 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7
and ...)
+	TODO: check
+CVE-2007-0273 (Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8,
...)
+	TODO: check
+CVE-2007-0272 (Unspecified vulnerability in Oracle Database 8.1.7.4, 9.0.1.5,
...)
+	TODO: check
+CVE-2007-0271 (Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7
has ...)
+	TODO: check
+CVE-2007-0270 (Unspecified vulnerability in Oracle Database 9.2.0.7 and
10.1.0.4 has ...)
+	TODO: check
+CVE-2007-0269 (Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5,
and ...)
+	TODO: check
+CVE-2007-0268 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5,
...)
+	TODO: check
+CVE-2007-0267 (The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1
kernels ...)
+	TODO: check
+CVE-2007-0266 (SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx
Portal ...)
+	TODO: check
+CVE-2007-0265 (Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx
Portal ...)
+	TODO: check
+CVE-2007-0264 (Buffer overflow in Winzip32.exe in WinZip 9.0 SR-1 allows local
users ...)
+	TODO: check
+CVE-2007-0263 (Unspecified vulnerability in Total Commander before 6.5.6 allows
...)
+	TODO: check
+CVE-2007-0262 (WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly
verify ...)
+	TODO: check
+CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit
when ...)
+	TODO: check
+CVE-2007-0260 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-0259 (Ezboxx Portal System Beta 0.7.6 and earlier allows remote
attackers to ...)
+	TODO: check
+CVE-2007-0258 (Cross-site scripting (XSS) vulnerability in index.php in (1)
Fastilo ...)
+	TODO: check
+CVE-2007-0257 (Unspecified vulnerability in the expand_stack function in
grsecurity ...)
+	TODO: check
+CVE-2007-0256 (VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of
...)
+	TODO: check
+CVE-2007-0255 (XINE 0.99.4 allows user-assisted remote attackers to cause a
denial of ...)
+	TODO: check
+CVE-2007-0254 (Format string vulnerability in the errors_create_window function
in ...)
+	TODO: check
+CVE-2007-0253 (Unspecified vulnerability in the grsecurity patch has
unspecified ...)
+	TODO: check
+CVE-2007-0252 (Unspecified vulnerability in easy-content filemanager allows
remote ...)
+	TODO: check
+CVE-2007-0251 (Integer underflow in the DecodeGRE function in src/decode.c in
Snort ...)
+	TODO: check
+CVE-2007-0250 (index.php in Nwom topsites 3.0 allows remote attackers to obtain
...)
+	TODO: check
+CVE-2007-0249 (Cross-site scripting (XSS) vulnerability in index.php in Nwom
topsites ...)
+	TODO: check
+CVE-2007-0247 (squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP
servers ...)
+	TODO: check
+CVE-2007-0246
+	RESERVED
+CVE-2007-0245
+	RESERVED
+CVE-2007-0244
+	RESERVED
+CVE-2007-0243
+	RESERVED
+CVE-2007-0242
+	RESERVED
+CVE-2007-0241
+	RESERVED
+CVE-2007-0240
+	RESERVED
+CVE-2007-0239
+	RESERVED
+CVE-2007-0238
+	RESERVED
+CVE-2007-0237
+	RESERVED
+CVE-2007-0236 (Double-free vulnerability in the _ATPsndrsp function in Apple
Mac OS X ...)
+	TODO: check
+CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s
function in ...)
+	TODO: check
+CVE-2007-0234 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE)
5.0 ...)
+	TODO: check
+CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not
properly ...)
+	TODO: check
+CVE-2007-0232 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-0231 (Cross-site scripting (XSS) vulnerability in Movable Type (MT)
3.33, ...)
+	TODO: check
+CVE-2007-0230 (** DISPUTED ** PHP remote file inclusion vulnerability in
install.php ...)
+	TODO: check
+CVE-2007-0229 (Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8
and ...)
+	TODO: check
+CVE-2007-0228 (The DataCollector service in EIQ Networks Network Security
Analyzer ...)
+	TODO: check
+CVE-2007-0227 (slocate 3.1 does not properly manage database entries that
specify ...)
+	TODO: check
+CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and
earlier ...)
+	TODO: check
+CVE-2007-0225 (Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in
...)
+	TODO: check
+CVE-2007-0224 (SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP
...)
+	TODO: check
+CVE-2007-0223 (SQL injection vulnerability in
shared/code/cp_functions_downloads.php ...)
+	TODO: check
+CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server side
...)
+	TODO: check
+CVE-2007-0221
+	RESERVED
+CVE-2007-0220
+	RESERVED
+CVE-2007-0219
+	RESERVED
+CVE-2007-0218
+	RESERVED
+CVE-2007-0217
+	RESERVED
+CVE-2007-0216
+	RESERVED
+CVE-2007-0215
+	RESERVED
+CVE-2007-0214
+	RESERVED
+CVE-2007-0213
+	RESERVED
+CVE-2007-0212
+	RESERVED
+CVE-2007-0211
+	RESERVED
+CVE-2007-0210
+	RESERVED
+CVE-2007-0209
+	RESERVED
+CVE-2007-0208
+	RESERVED
+CVE-2007-0207
+	RESERVED
+CVE-2007-0206 (Unspecified vulnerability in HP OpenView Network Node Manager
(OV NNM) ...)
+	TODO: check
+CVE-2006-6939 (GNU ed before 0.3 allows local users to overwrite arbitrary
files via ...)
+	TODO: check
+CVE-2006-6938 (Directory traversal vulnerability in includes/common.php in
NitroTech ...)
+	TODO: check
+CVE-2006-6937 (SQL injection vulnerability in displaypic.asp in Xtreme ASP
Photo ...)
+	TODO: check
+CVE-2006-6936 (Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo
Gallery ...)
+	TODO: check
+CVE-2006-6935 (SQL injection vulnerability in the login component in Portix-PHP
0.4.2 ...)
+	TODO: check
+CVE-2006-6934 (Multiple cross-site scripting (XSS) vulnerabilities in
Portix-PHP ...)
+	TODO: check
+CVE-2006-6933 (Easy Chat Server 2.1 stores sensitive information under the web
root ...)
+	TODO: check
+CVE-2006-6932 (Multiple SQL injection vulnerabilities in Image Gallery with
Access ...)
+	TODO: check
+CVE-2006-6931 (Algorithmic complexity vulnerability in Snort before 2.6.1,
during ...)
+	TODO: check
+CVE-2006-6930 (SQL injection vulnerability in viewad.asp in Rapid Classified
3.1 ...)
+	TODO: check
+CVE-2006-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Rapid
...)
+	TODO: check
+CVE-2006-6928 (Multiple cross-site scripting (XSS) vulnerabilities in Rialto
1.6 ...)
+	TODO: check
+CVE-2006-6927 (Multiple SQL injection vulnerabilities in Rialto 1.6 allow
remote ...)
+	TODO: check
+CVE-2006-6926 (Buffer overflow in eXtremail 2.1 has unknown impact and attack
...)
+	TODO: check
+CVE-2006-6925 (Multiple cross-site scripting (XSS) vulnerabilities in bitweaver
1.3.1 ...)
+	TODO: check
+CVE-2006-6924 (bitweaver 1.3.1 and earlier allows remote attackers to obtain
...)
+	TODO: check
+CVE-2006-6923 (SQL injection vulnerability in newsletters/edition.php in
bitweaver ...)
+	TODO: check
+CVE-2006-6922 (SQL injection vulnerability in Deadlock User Management System
...)
+	TODO: check
+CVE-2006-6921 (Unspecified versions of the Linux kernel allows local users to
cause a ...)
+	TODO: check
+CVE-2005-4823 (Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP
...)
+	TODO: check
 CVE-2007-XXXX [udev wrong permissions on raid devices]
 	- linux-2.6 <unfixed> (bug #404927)
 CVE-2007-XXXX [yacas insecure rpath]
@@ -7,7 +229,7 @@
 CVE-2007-XXXX [gosa allows non-priviledged users to change admin password]
 	- gosa 2.5.8-1 (medium)
 	NOTE: http://secunia.com/advisories/23749/
-CVE-2007-0248 [Denial of Service Vulnerabilities]
+CVE-2007-0248 (The aclMatchExternal function in Squid before 2.6.STABLE7 allows
...)
 	- squid <unfixed> (low; bug #407202)
 	TODO: check if version 2.5.9-10sarge2 have comprimised code.
 	NOTE: reference - http://secunia.com/advisories/23767/
@@ -531,7 +753,7 @@
 	RESERVED
 CVE-2007-0035
 	RESERVED
-CVE-2007-0034 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted
remote attackers ...)
+CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of
...)
 	NOT-FOR-US: Microsoft Outlook
 CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote
attackers to ...)
 	NOT-FOR-US: Microsoft Outlook
@@ -543,7 +765,7 @@
 	NOT-FOR-US: Microsoft Excel
 CVE-2007-0029 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and
v.X for Mac ...)
 	NOT-FOR-US: Microsoft Excel
-CVE-2007-0028 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and
v.X ...)
+CVE-2007-0028 (Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for
Mac, ...)
 	NOT-FOR-US: Microsoft Excel
 CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and
v.X for Mac ...)
 	NOT-FOR-US: Microsoft Excel
@@ -617,8 +839,8 @@
 	- webcam-server 0.50-2
 CVE-2007-0015 (Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers
to ...)
 	NOT-FOR-US: Apple Quicktime
-CVE-2007-0014
-	RESERVED
+CVE-2007-0014 (ChainKey Java Code Protection allows attackers to decompile Java
class ...)
+	TODO: check
 CVE-2007-0013
 	RESERVED
 CVE-2007-0012
@@ -786,8 +1008,8 @@
 	NOT-FOR-US: Land Down Under (LDU)
 CVE-2006-6768 (Multiple cross-site scripting (XSS) vulnerabilities in
default.asp in ...)
 	NOT-FOR-US: PWP Technologies The Classified Ad System
-CVE-2006-6767
-	RESERVED
+CVE-2006-6767 (oftpd before 0.3.7 allows remote attackers to cause a denial of
...)
+	TODO: check
 CVE-2006-6766 (Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and
...)
 	NOT-FOR-US: cwmExplorer
 CVE-2006-6765 (Multiple PHP file inclusion vulnerabilities in
src/admin/pt_upload.php ...)
@@ -1502,8 +1724,8 @@
 	RESERVED
 CVE-2006-6488 (Stack-based buffer overflow in the DoModal function in the
Dialog Wrapper ...)
 	NOT-FOR-US: ICONICS
-CVE-2006-6487
-	RESERVED
+CVE-2006-6487 (Cross-site scripting (XSS) vulnerability in index.php in DT
Guestbook ...)
+	TODO: check
 CVE-2006-6486 (SQL injection vulnerability in EasyPage allows remote attackers
to ...)
 	NOT-FOR-US: EasyPage
 CVE-2006-6485 (Multiple cross-site scripting (XSS) vulnerabilities in ShopSite
8.1 ...)
@@ -1642,7 +1864,7 @@
 	NOT-FOR-US: Joomla Content Editor (JCE)
 CVE-2006-6419 (jce.php in the JCE Admin Component in Ryan Demmer Joomla Content
...)
 	NOT-FOR-US: Joomla Content Editor (JCE)
-CVE-2006-6418 (Unspecified vulnerability in the POSIX Threads library
(libpthread) on ...)
+CVE-2006-6418 (Buffer overflow in the POSIX Threads library (libpthread) on HP
Tru64 ...)
 	NOT-FOR-US: HP Tru64 UNIX
 CVE-2006-6417 (PHP remote file inclusion vulnerability in ...)
 	- b2evolution <not-affected> (vulnerable code added later)
@@ -2297,7 +2519,8 @@
 	NOT-FOR-US: fipsForum
 CVE-2006-6115 (SQL injection vulnerability in index.asp in fipsCMS 4.5 and
earlier ...)
 	NOT-FOR-US: fipsCMS
-CVE-2006-6114 (Buffer overflow in NWSPOOL.DLL in Novell Client 4.91 Post-SP3
for ...)
+CVE-2006-6114
+	REJECTED
 	NOT-FOR-US: Novell
 CVE-2006-6113 (Monkey Boards 0.3.5 allows remote attackers to obtain sensitive
...)
 	NOT-FOR-US: Monkey Boards
@@ -2810,8 +3033,7 @@
 CVE-2006-5877 [enigmail memory corruption]
 	RESERVED
 	- enigmail <unfixed> (bug #406604)
-CVE-2006-5876 [libsoup parse_headers_DoS]
-	RESERVED
+CVE-2006-5876 (The soup_headers_parse function in soup-headers.c for libsoup
HTTP ...)
 	{DSA-1248-1}
 	- libsoup 2.2.98-2 (bug #405197; medium)
 CVE-2006-5875 (eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote
...)
@@ -4366,10 +4588,10 @@
 	NOTE: s390 only, fix in 2.6.18-3 was reverted in 2.6.18-4
 CVE-2006-5173 (Linux kernel does not properly save or restore EFLAGS during a
context ...)
 	- linux-2.6 2.6.18-1
-CVE-2006-5172
-	RESERVED
-CVE-2006-5171
-	RESERVED
+CVE-2006-5172 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe
in ...)
+	TODO: check
+CVE-2006-5171 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe
in ...)
+	TODO: check
 CVE-2006-5170 (pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core
3 and ...)
 	{DSA-1203-1}
 	- libpam-ldap 180-1.2 (bug #392984; medium)
@@ -7759,7 +7981,7 @@
 	NOT-FOR-US: Oracle
 CVE-2006-3698 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5
have ...)
 	NOT-FOR-US: Oracle
-CVE-2006-3697 (Outpost Firewall Pro 3.51.759.6511 (462), as used in (1)
Lavasoft ...)
+CVE-2006-3697 (Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1)
...)
 	NOT-FOR-US: Outpost Firewall Pro
 CVE-2006-3696 (filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462)
allows ...)
 	NOT-FOR-US: Outpost Firewall Pro
@@ -8342,7 +8564,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-3433
 	RESERVED
-CVE-2006-3432 (Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for
Mac, ...)
+CVE-2006-3432
+	REJECTED
 	TODO: check
 CVE-2006-3431 (Buffer overflow in certain Asian language versions of Microsoft
Excel ...)
 	NOT-FOR-US: Microsoft Excel
@@ -33428,7 +33651,7 @@
 CVE-2004-0968 (The catchsegv script in glibc 2.3.2 and earlier allows local
users to ...)
 	{DSA-636-1}
 	- glibc 2.3.2.ds1-19
-CVE-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi , (3) pv.sh, and (4) sysvlp.sh
scripts ...)
+CVE-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh
scripts ...)
 	- gs-common 0.3.6-0.1
 	- gs-gpl <unfixed> (bug #291373; unimportant)
 	NOTE: ps2epsi hole present in gs-gpl, but not shipped in binary
Secure testing commits - Jan 2007 - r5282 - data/CVE

[Secure-testing-commits] r5282 - data/CVE
