Author: joeyh Date: 2007-01-19 09:14:12 +0100 (Fri, 19 Jan 2007) New Revision: 5299 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-18 20:54:37 UTC (rev 5298) +++ data/CVE/list 2007-01-19 08:14:12 UTC (rev 5299) @@ -1,3 +1,147 @@ +CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) ...) + TODO: check +CVE-2007-0362 (Cross-site scripting (XSS) vulnerability in the RSS feed component in ...) + TODO: check +CVE-2007-0361 (PHP remote file inclusion vulnerability in mep/frame.php in ...) + TODO: check +CVE-2007-0360 (PHP remote file inclusion vulnerability in lang/index.php in Oreon ...) + TODO: check +CVE-2007-0359 (PHP remote file inclusion vulnerability in frontpage.php in Uberghey ...) + TODO: check +CVE-2007-0358 (Unspecified vulnerability in the FTP server implementation in HP ...) + TODO: check +CVE-2007-0357 (Directory traversal vulnerability in the AVM IGD CTRL Service in ...) + TODO: check +CVE-2007-0356 (The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ...) + TODO: check +CVE-2007-0355 (Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in ...) + TODO: check +CVE-2007-0354 (SQL injection vulnerability in email.php in MGB OpenSource Guestbook ...) + TODO: check +CVE-2007-0353 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) ...) + TODO: check +CVE-2007-0352 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 ...) + TODO: check +CVE-2007-0351 (Microsoft Windows XP and Windows Server 2003 do not properly handle ...) + TODO: check +CVE-2007-0350 (Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php ...) + TODO: check +CVE-2007-0349 (Directory traversal vulnerability in upgrade.php in nicecoder.com ...) + TODO: check +CVE-2007-0348 + RESERVED +CVE-2007-0347 + RESERVED +CVE-2007-0346 (SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows ...) + TODO: check +CVE-2007-0345 (The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain ...) + TODO: check +CVE-2007-0344 (Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) ...) + TODO: check +CVE-2007-0343 (OpenBSD before 20070116 allows remote attackers to cause a denial of ...) + TODO: check +CVE-2007-0342 (WebCore in Apple WebKit build 18794 allows remote attackers to cause a ...) + TODO: check +CVE-2007-0341 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and ...) + TODO: check +CVE-2007-0340 (SQL injection vulnerability in inc/header.inc.php in ThWboard ...) + TODO: check +CVE-2007-0339 (SQL injection vulnerability in index.php (aka the login form) in ...) + TODO: check +CVE-2007-0338 (Heap-based buffer overflow in Dream FTP Server allows remote attackers ...) + TODO: check +CVE-2007-0337 (Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and ...) + TODO: check +CVE-2007-0336 (Undercover.app/Contents/Resources/uc in Rixstep Undercover allows ...) + TODO: check +CVE-2007-0335 (Multiple directory traversal vulnerabilities in Jax Petition Book ...) + TODO: check +CVE-2007-0334 (Unspecified vulnerability in the SIP module in InGate Firewall and ...) + TODO: check +CVE-2007-0333 (Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access ...) + TODO: check +CVE-2007-0332 ((1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques ...) + TODO: check +CVE-2007-0331 (Cross-site scripting (XSS) vulnerability in liens.php3 in ...) + TODO: check +CVE-2007-0330 (Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch ...) + TODO: check +CVE-2007-0329 (download.php in Joonas Viljanen JV2 Folder Gallery allows remote ...) + TODO: check +CVE-2007-0328 + RESERVED +CVE-2007-0327 + RESERVED +CVE-2007-0326 + RESERVED +CVE-2007-0325 + RESERVED +CVE-2007-0324 + RESERVED +CVE-2007-0323 + RESERVED +CVE-2007-0322 + RESERVED +CVE-2007-0321 + RESERVED +CVE-2007-0320 + RESERVED +CVE-2007-0319 + RESERVED +CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows ...) + TODO: check +CVE-2007-0317 (Format string vulnerability in the LogMessage function in FileZilla ...) + TODO: check +CVE-2007-0316 (Multiple SQL injection vulnerabilities in All In One Control Panel ...) + TODO: check +CVE-2007-0315 (Multiple buffer overflows in FileZilla before 2.2.30a allow remote ...) + TODO: check +CVE-2007-0314 (Multiple PHP remote file inclusion vulnerabilities in Article System ...) + TODO: check +CVE-2007-0313 (Unspecified vulnerability in GONICUS System Administration (GOsa) ...) + TODO: check +CVE-2007-0312 (wcSimple Poll stores sensitive information under the web root with ...) + TODO: check +CVE-2007-0311 (Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier ...) + TODO: check +CVE-2007-0310 (BMC Remedy Action Request System 5.01.02 Patch 1267 generates ...) + TODO: check +CVE-2007-0309 (SQL injection vulnerability in blocks/block-Old_Articles.php in ...) + TODO: check +CVE-2007-0308 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before ...) + TODO: check +CVE-2007-0307 (PHP remote file inclusion vulnerability in include/common.php in ...) + TODO: check +CVE-2007-0306 (SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate ...) + TODO: check +CVE-2007-0305 (SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon ...) + TODO: check +CVE-2007-0304 (SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 ...) + TODO: check +CVE-2007-0303 (Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have ...) + TODO: check +CVE-2007-0302 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP ...) + TODO: check +CVE-2007-0301 (PHP remote file inclusion vulnerability in _admin/admin_menu.php in ...) + TODO: check +CVE-2007-0300 (PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS ...) + TODO: check +CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in ...) + TODO: check +CVE-2007-0298 (PHP remote file inclusion vulnerability in show.php in LunarPoll, when ...) + TODO: check +CVE-2006-6944 (phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny ...) + TODO: check +CVE-2006-6943 (hpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full ...) + TODO: check +CVE-2006-6942 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin ...) + TODO: check +CVE-2006-6941 (index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to ...) + TODO: check +CVE-2006-6940 (Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP ...) + TODO: check +CVE-2003-1318 (Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial ...) + TODO: check CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...) NOT-FOR-US: Oracle CVE-2007-0296 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...) @@ -78,7 +222,7 @@ NOT-FOR-US: Ezboxx Portal CVE-2007-0258 (Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo ...) NOT-FOR-US: Fastilo -CVE-2007-0257 (Unspecified vulnerability in the expand_stack function in grsecurity ...) +CVE-2007-0257 (** DISPUTED ** ...) - kernel-patch-grsecurity2 <unfixed> (unimportant; bug #407350) NOTE: This is most possibly scam: http://www.grsecurity.net/news.php#digitalfud NOTE: If this ever turns real we can re-raise severity. @@ -91,7 +235,7 @@ NOTE: My understanding is that this CVE is bogus. NOTE: I failed to see where the format string vulnerability is, I have report NOTE: a bug in case I have missed something. -CVE-2007-0253 (Unspecified vulnerability in the grsecurity patch has unspecified ...) +CVE-2007-0253 (** DISPUTED ** ...) - kernel-patch-grsecurity2 <unfixed> (unimportant; bug #407350) NOTE: See CVE-2007-0257 CVE-2007-0252 (Unspecified vulnerability in easy-content filemanager allows remote ...) @@ -111,8 +255,8 @@ RESERVED CVE-2007-0244 RESERVED -CVE-2007-0243 - RESERVED +CVE-2007-0243 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 ...) + TODO: check CVE-2007-0242 RESERVED CVE-2007-0241 @@ -130,7 +274,8 @@ CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s function in ...) - libgtop2 2.14.4-3 (medium; bug #407020) NOTE: libgtop does not contain the affected code. -CVE-2007-0234 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 ...) +CVE-2007-0234 + REJECTED - sun-java5 1.5.0-10-1 CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly ...) TODO: check @@ -1721,13 +1866,13 @@ - openldap2.3 <not-affected> (kerberos support not enabled) - openldap2 <not-affected> (kerberos support not enabled) CVE-2006-6492 - RESERVED + REJECTED CVE-2006-6491 - RESERVED + REJECTED CVE-2006-6490 RESERVED -CVE-2006-6489 - RESERVED +CVE-2006-6489 (The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for ...) + TODO: check CVE-2006-6488 (Stack-based buffer overflow in the DoModal function in the Dialog Wrapper ...) NOT-FOR-US: ICONICS CVE-2006-6487 (Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook ...) @@ -2856,10 +3001,10 @@ NOT-FOR-US: Panda ActiveScan CVE-2006-5965 (PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure ...) NOT-FOR-US: PassGo SSO Plus -CVE-2006-5964 - RESERVED -CVE-2006-5963 - RESERVED +CVE-2006-5964 (choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows local ...) + TODO: check +CVE-2006-5963 (Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO ...) + TODO: check CVE-2006-5962 (Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow ...) NOT-FOR-US: Hpecs Shopping Cart CVE-2006-5961 (Buffer overflow in Mercury Mail Transport System 4.01b for Windows has ...) @@ -10745,7 +10890,7 @@ NOT-FOR-US: IceWarp CVE-2006-2483 (PHP remote file inclusion vulnerability in cart_content.php in ...) NOT-FOR-US: Squirrelcart -CVE-2006-2482 (Heap-based buffer overflow in ZipTV for Delphi 7 2006.1.26 and for C++ ...) +CVE-2006-2482 (Heap-based buffer overflow in the TZipTV component in (1) ZipTV for ...) NOT-FOR-US: ZipTV CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 ...) NOT-FOR-US: VMware ESX