thr3ads.net - Secure testing commits - [Secure-testing-commits] r5385

If this information is useful, please help other people find it:
Share via:
Joey Hess
2007-Jan-30 09:14 UTC
[Secure-testing-commits] r5385 - data/CVE

Author: joeyh
Date: 2007-01-30 09:14:08 +0100 (Tue, 30 Jan 2007)
New Revision: 5385

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-01-30 01:11:38 UTC (rev 5384)
+++ data/CVE/list	2007-01-30 08:14:08 UTC (rev 5385)
@@ -1,14 +1,212 @@
-CVE-2007-0508 [bbclone remote file inclusion vulnerability]
+CVE-2007-0557 (rMake before 1.0.4 drops root privileges in a way that retains
the ...)
+	TODO: check
+CVE-2007-0556
+	RESERVED
+CVE-2007-0555
+	RESERVED
+CVE-2007-0554 (SQL injection vulnerability in print.asp in Guo Xu Guos Posting
System ...)
+	TODO: check
+CVE-2007-0553 (Multiple cross-site scripting (XSS) vulnerabilities in
index.inc.php ...)
+	TODO: check
+CVE-2007-0552 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2007-0551 (Multiple PHP remote file inclusion vulnerabilities in
cmsimple/cms.php ...)
+	TODO: check
+CVE-2007-0550 (Cross-site scripting (XSS) vulnerability in search.php in
212cafeBoard ...)
+	TODO: check
+CVE-2007-0549 (Cross-site scripting (XSS) vulnerability in list3.php in
212cafeBoard ...)
+	TODO: check
+CVE-2007-0548 (KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2007-0547 (Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM
4.3 and ...)
+	TODO: check
+CVE-2007-0546 (Toxiclab Shoutbox 1 stores sensitive information under the web
root ...)
+	TODO: check
+CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the web
root ...)
+	TODO: check
+CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB
(aka ...)
+	TODO: check
+CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under the
web ...)
+	TODO: check
+CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe
...)
+	TODO: check
+CVE-2007-0541 (WordPress allows remote attackers to determine the existence of
...)
+	TODO: check
+CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service
...)
+	TODO: check
+CVE-2007-0539 (WordPress before 2.1 allows remote attackers to cause a denial
of ...)
+	TODO: check
+CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote
attackers to ...)
+	TODO: check
+CVE-2007-0537 (Konqueror 3.5.5 does not properly parse HTML comments, which
allows ...)
+	TODO: check
+CVE-2007-0536 (The chroot helper in rMake for rPath Linux 1 does not drop ...)
+	TODO: check
+CVE-2007-0535 (Multiple eval injection vulnerabilities in Vote! Pro 4.0, and
possibly ...)
+	TODO: check
+CVE-2007-0534 (Multiple cross-site scripting (XSS) vulnerabilities in the (1)
Project ...)
+	TODO: check
+CVE-2007-0533 (The AToZed IntraWeb component 8.0 and earlier for Borland Delphi
and ...)
+	TODO: check
+CVE-2007-0532 (Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive
...)
+	TODO: check
+CVE-2007-0531 (PHP remote file inclusion vulnerability in includes/login.php in
...)
+	TODO: check
+CVE-2007-0530 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-0529 (Cross-site scripting (XSS) vulnerability in index.html (aka the
...)
+	TODO: check
+CVE-2007-0528 (The admin web console implemented by the Centrality
Communications ...)
+	TODO: check
+CVE-2007-0527 (SQL injection vulnerability in class.login.php in Website Baker
2.6.5 ...)
+	TODO: check
+CVE-2007-0526 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver
1.3.1 ...)
+	TODO: check
+CVE-2007-0525 (Multiple buffer overflows in Nickolas Grigoriadis Mini Web
server ...)
+	TODO: check
+CVE-2007-0524 (The LG Chocolate KG800 phone allows remote attackers to cause a
denial ...)
+	TODO: check
+CVE-2007-0523 (The Nokia N70 phone allows remote attackers to cause a denial of
...)
+	TODO: check
+CVE-2007-0522 (The Motorola MOTORAZR V3 phone allows remote attackers to cause
a ...)
+	TODO: check
+CVE-2007-0521 (The Sony Ericsson K700i and W810i phones allow remote attackers
to ...)
+	TODO: check
+CVE-2007-0520 (SQL injection vulnerability in banner.php in Unique Ads (UDS)
1.x ...)
+	TODO: check
+CVE-2007-0519 (Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U
...)
+	TODO: check
+CVE-2007-0518 (Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive
...)
+	TODO: check
+CVE-2007-0517 (Scriptsez Random PHP Quote 1.0 stores sensitive information
under the ...)
+	TODO: check
+CVE-2007-0516 (Yana Framework before 2.8.5a allows remote authenticated users
with ...)
+	TODO: check
+CVE-2007-0515 (Unspecified vulnerability in Microsoft Word allows user-assisted
...)
+	TODO: check
+CVE-2007-0514 (Multiple cross-site scripting (XSS) vulnerabilities in multiple
...)
+	TODO: check
+CVE-2007-0513 (Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and
...)
+	TODO: check
+CVE-2007-0512 (Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K,
and ...)
+	TODO: check
+CVE-2007-0511 (Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM
...)
+	TODO: check
+CVE-2007-0510 (Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3)
...)
+	TODO: check
+CVE-2007-0509 (Multiple unspecified vulnerabilities in MaklerPlus before 1.2
have ...)
+	TODO: check
+CVE-2007-0507 (SQL injection vulnerability in the Acidfree module for Drupal
before ...)
+	TODO: check
+CVE-2007-0506 (The project_issue_access function in the Project issue tracking
4.7.0 ...)
+	TODO: check
+CVE-2007-0505 (Unrestricted file upload vulnerability in the Project issue
tracking ...)
+	TODO: check
+CVE-2007-0504 (Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0,
and ...)
+	TODO: check
+CVE-2007-0503 (Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and
9 ...)
+	TODO: check
+CVE-2007-0502 (SQL injection vulnerability in gallery.php in webSPELL 4.01.02
allows ...)
+	TODO: check
+CVE-2007-0501 (PHP remote file inclusion vulnerability in index.php in Mafia
Scum ...)
+	TODO: check
+CVE-2007-0500 (PHP remote file inclusion vulnerability in include/includes.php
in ...)
+	TODO: check
+CVE-2007-0499 (PHP remote file inclusion vulnerability in config.php in Sangwan
Kim ...)
+	TODO: check
+CVE-2007-0498 (PHP remote file inclusion vulnerability in up.php in MySpeach
2.1 beta ...)
+	TODO: check
+CVE-2007-0497 (PHP remote file inclusion vulnerability in upload/top.php in
...)
+	TODO: check
+CVE-2007-0496 (PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon
Labs ...)
+	TODO: check
+CVE-2007-0495 (PHP remote file inclusion vulnerability in
include/config.inc.php in ...)
+	TODO: check
+CVE-2007-0492 (Multiple SQL injection vulnerabilities in gallery.php in
webSPELL ...)
+	TODO: check
+CVE-2007-0491 (PHP remote file inclusion vulnerability in up.php in Sky GUNNING
...)
+	TODO: check
+CVE-2007-0490 (index.php in Open-Realty 2.3.4 allows remote attackers to obtain
...)
+	TODO: check
+CVE-2007-0489 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-0488 (The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on
the ...)
+	TODO: check
+CVE-2007-0487 (PHP remote file inclusion vulnerability in index.php in
FreeForum ...)
+	TODO: check
+CVE-2007-0486 (Multiple PHP remote file inclusion vulnerabilities in Openads
(aka ...)
+	TODO: check
+CVE-2007-0485 (PHP remote file inclusion vulnerability in defines.php in
WebChat 0.77 ...)
+	TODO: check
+CVE-2007-0484 (Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow
remote ...)
+	TODO: check
+CVE-2007-0483 (Multiple cross-site scripting (XSS) vulnerabilities in
Enthusiast 3.1 ...)
+	TODO: check
+CVE-2007-0482 (cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before
20070123 ...)
+	TODO: check
+CVE-2007-0481 (Cisco IOS allows remote attackers to cause a denial of service
(crash) ...)
+	TODO: check
+CVE-2007-0480 (Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and
3.2.x ...)
+	TODO: check
+CVE-2007-0479 (Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x,
and 12.x ...)
+	TODO: check
+CVE-2007-0478 (Apple Safari does not properly parse HTML comments, which allows
...)
+	TODO: check
+CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads before
2.3.31 (aka ...)
+	TODO: check
+CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before
2.1.30-r10, ...)
+	TODO: check
+CVE-2007-0475
+	RESERVED
+CVE-2007-0474
+	RESERVED
+CVE-2007-0473
+	RESERVED
+CVE-2007-0472
+	RESERVED
+CVE-2006-6965 (CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki
...)
+	TODO: check
+CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user
password ...)
+	TODO: check
+CVE-2006-6963 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS
3.0.3 ...)
+	TODO: check
+CVE-2006-6962 (PHP remote file inclusion vulnerability in rsgallery2.html.php
in the ...)
+	TODO: check
+CVE-2006-6961 (WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware
based on ...)
+	TODO: check
+CVE-2006-6960 (The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and
earlier ...)
+	TODO: check
+CVE-2006-6959 (WebRoot Spy Sweeper 4.5.9 and earlier allows local users to
bypass the ...)
+	TODO: check
+CVE-2006-6958 (Multiple PHP remote file inclusion vulnerabilities in
phpBlueDragon ...)
+	TODO: check
+CVE-2006-6957 (PHP remote file inclusion vulnerability in
addons/mod_media/body.php ...)
+	TODO: check
+CVE-2006-6956 (Microsoft Internet Explorer allows remote attackers to cause a
denial ...)
+	TODO: check
+CVE-2006-6955 (Opera allows remote attackers to cause a denial of service ...)
+	TODO: check
+CVE-2006-6954 (Flock beta 1 0.7 allows remote attackers to cause a denial of
service ...)
+	TODO: check
+CVE-2006-6953 (The virtual keyboard implementation in GlobeTrotter Mobility
Manager ...)
+	TODO: check
+CVE-2006-6952 (Computer Associates Host Intrusion Prevention System (HIPS)
drivers ...)
+	TODO: check
+CVE-2005-4825 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager
...)
+	TODO: check
+CVE-2004-2676 (The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in
WebRoot Spy ...)
+	TODO: check
+CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php in
...)
 	- bbclone <unfixed> (bug #408839; medium)
 CVE-2007-XXXX [hinfo code injection]
 	- hinfo 1.02-3.1 (bug #402316)
 CVE-2007-XXXX [unsafe alloca() call in chmlib]
 	- chmlib 2:0.39-1 (bug #408603; medium)
-CVE-2007-0494 [bind DoS]
+CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3,
9.4.0a1 ...)
 	{DSA-1254-1}
 	- bind9 1:9.3.4-1
 	- bind <not-affected>
-CVE-2007-0493 [bind DoS]
+CVE-2007-0493 (Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3,
9.4.0a1 up to ...)
 	- bind9 1:9.3.4-1
 	- bind <not-affected>
 CVE-2007-XXXX [gstreamer ffmpeg missing checks of packet sizes, chunk sizes,
and fragment positions]
@@ -32,13 +230,13 @@
 	RESERVED
 CVE-2007-0464
 	RESERVED
-CVE-2007-0463
-	RESERVED
-CVE-2007-0462
-	RESERVED
+CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on
Mac OS X ...)
+	TODO: check
+CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by
...)
+	TODO: check
 CVE-2007-0461 (Multiple memory leaks in the Dazuko anti-virus helper module
before ...)
 	- dazuko-source <unfixed> (bug #408300)
-CVE-2007-0460 (Buffer overflow in ulogd for SUSE Linux 9.3 up to 10.1, and
possibly ...)
+CVE-2007-0460 (Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to
10.1, and ...)
 	TODO: check if ulogd is vulnerable in Debian.
 CVE-2007-0459 [wireshark TCP dissector infinite loop DoS]
 	RESERVED
@@ -79,8 +277,8 @@
 	RESERVED
 CVE-2007-0445
 	RESERVED
-CVE-2007-0444
-	RESERVED
+CVE-2007-0444 (Stack-based buffer overflow in the print provider library
(cpprov.dll) ...)
+	TODO: check
 CVE-2007-0443
 	RESERVED
 CVE-2007-0442 (Unspecified vulnerability in IBM OS/400 R530 and R535 has
unknown ...)
@@ -173,7 +371,7 @@
 	NOT-FOR-US: Easebay Resources
 CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
 	NOT-FOR-US: Simple Machines Forum
-CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in MisterSP
...)
+CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in
forum.php3 in ...)
 	NOT-FOR-US: MisterSPa-forum
 CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in
OdysseusBlog ...)
 	NOT-FOR-US: Odysseus Blog
@@ -306,8 +504,8 @@
 	NOT-FOR-US: INDEXU
 CVE-2007-0348
 	RESERVED
-CVE-2007-0347
-	RESERVED
+CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not
...)
+	TODO: check
 CVE-2007-0346 (SQL injection vulnerability in index.php in SmE FileMailer 1.21
allows ...)
 	NOT-FOR-US: FileMailer
 CVE-2007-0345 (The (1) Activity Monitor.app/Contents/Resources/pmTool, (2)
Keychain ...)
@@ -1222,8 +1420,8 @@
 	NOT-FOR-US: Panic Transmit
 CVE-2007-0019 (Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1
and ...)
 	NOT-FOR-US: Maxum Rumpus
-CVE-2007-0018
-	RESERVED
+CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile
ActiveX control ...)
+	TODO: check
 CVE-2007-0017 (Multiple format string vulnerabilities in (1) the
cdio_log_handler ...)
 	{DSA-1252-1}
 	- vlc 0.8.6-svn20061012.debian-1.2 (bug #405425; medium)
@@ -1685,8 +1883,7 @@
 	- chetcpasswd <removed> (medium)
 CVE-2002-2219 (chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1
allows ...)
 	- chetcpasswd <removed> (low)
-CVE-2007-0010 [gtk error-handling-in-pixbuf-loaders]
-	RESERVED
+CVE-2007-0010 (The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2
(gtk2) ...)
 	- gtk+2.0 2.8.20-5
 	TODO: check gdk-pixbuf
 CVE-2007-0009
@@ -17144,7 +17341,7 @@
 CVE-2005-4633
 	REJECTED
 	NOT-FOR-US: phpoutsourcing Zorum Forum
-CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote!Pro 4.0
and ...)
+CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0
and ...)
 	NOT-FOR-US: Vote!Pro
 CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and
earlier ...)
 	NOT-FOR-US: Zina
Secure testing commits - Jan 2007 - r5385 - data/CVE

[Secure-testing-commits] r5385 - data/CVE
