Author: joeyh
Date: 2007-02-01 09:14:12 +0100 (Thu, 01 Feb 2007)
New Revision: 5394
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-02-01 00:53:36 UTC (rev 5393)
+++ data/CVE/list 2007-02-01 08:14:12 UTC (rev 5394)
@@ -1,3 +1,157 @@
+CVE-2007-0633 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-0632 (SQL injection vulnerability in artreplydelete.asp in ASP EDGE
1.3a and ...)
+ TODO: check
+CVE-2007-0631 (SQL injection vulnerability in index.php in Eclectic Designs
...)
+ TODO: check
+CVE-2007-0630 (Multiple SQL injection vulnerabilities in the generate_csv
function in ...)
+ TODO: check
+CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8 does
not ...)
+ TODO: check
+CVE-2007-0628 (Cross-site scripting (XSS) vulnerability in Sun Java System
Access ...)
+ TODO: check
+CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password
...)
+ TODO: check
+CVE-2007-0626 (The comment_form_add_preview function in comment.module in
Drupal ...)
+ TODO: check
+CVE-2007-0625 (nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not
...)
+ TODO: check
+CVE-2007-0624 (user.php in MAXdev MDPro 1.0.76 allows remote attackers to
obtain the ...)
+ TODO: check
+CVE-2007-0623 (SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76
allows ...)
+ TODO: check
+CVE-2007-0622 (Cross-site request forgery (CSRF) vulnerability in MyBB (aka
...)
+ TODO: check
+CVE-2007-0621 (Unspecified vulnerability in Microsoft Word 2003 has unknown
impact ...)
+ TODO: check
+CVE-2007-0620 (download.php in FD Script 1.3.2 and earlier allows remote
attackers to ...)
+ TODO: check
+CVE-2007-0619 (chmlib before 0.39 allows user-assisted remote attackers to
execute ...)
+ TODO: check
+CVE-2007-0618 (Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd,
and (4) ...)
+ TODO: check
+CVE-2007-0617 (The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is
marked ...)
+ TODO: check
+CVE-2007-0616 (Directory traversal vulnerability in zen/template-functions.php
in ...)
+ TODO: check
+CVE-2007-0615 (Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition
...)
+ TODO: check
+CVE-2007-0614 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and
...)
+ TODO: check
+CVE-2007-0613 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and
...)
+ TODO: check
+CVE-2007-0612 (Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003,
and ...)
+ TODO: check
+CVE-2007-0611 (Multiple cross-site scripting (XSS) vulnerabilities in Free LAN
...)
+ TODO: check
+CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature
in ...)
+ TODO: check
+CVE-2007-0609
+ RESERVED
+CVE-2007-0608
+ RESERVED
+CVE-2007-0607
+ RESERVED
+CVE-2007-0606
+ RESERVED
+CVE-2007-0605
+ RESERVED
+CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT)
before ...)
+ TODO: check
+CVE-2007-0603 (PGP Desktop before 9.5.1 does not validate data objects received
over ...)
+ TODO: check
+CVE-2007-0602 (Buffer overflow in libvsapi.so in the VSAPI library in Trend
Micro ...)
+ TODO: check
+CVE-2007-0601 (common/safety.php in Aztek Forum 4.00 allows remote attackers to
enter ...)
+ TODO: check
+CVE-2007-0600 (SQL injection vulnerability in news_page.asp in Martyn Kilbryde
...)
+ TODO: check
+CVE-2007-0599 (Variable overwrite vulnerability in common/config.php in Aztek
Forum ...)
+ TODO: check
+CVE-2007-0598 (SQL injection vulnerability in forum/load.php in Aztek Forum
4.00 ...)
+ TODO: check
+CVE-2007-0597 (Aztek Forum 4.00 allows remote attackers to obtain sensitive
...)
+ TODO: check
+CVE-2007-0596 (PHP remote file inclusion vulnerability in index/main.php in
Aztek ...)
+ TODO: check
+CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in high5 Review script
allows ...)
+ TODO: check
+CVE-2007-0594 (Siteman 2.0.x2 stores sensitive information under the web root
with ...)
+ TODO: check
+CVE-2007-0593 (Siteman 1.1.11 stores sensitive information under the web root
with ...)
+ TODO: check
+CVE-2007-0592 (Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3
allows ...)
+ TODO: check
+CVE-2007-0591 (PHP remote file inclusion vulnerability in configure.php in Vu
Le An ...)
+ TODO: check
+CVE-2007-0590 (Cross-site scripting (XSS) vulnerability in busca2.asp in Forum
Livre ...)
+ TODO: check
+CVE-2007-0589 (SQL injection vulnerability in Forum Livre 1.0 allows remote
attackers ...)
+ TODO: check
+CVE-2007-0588 (The InternalUnpackBits function in Apple QuickDraw, as used by
...)
+ TODO: check
+CVE-2007-0587
+ RESERVED
+CVE-2007-0586
+ RESERVED
+CVE-2007-0585 (include/debug.php in Webfwlog 0.92 and earlier, when
register_globals ...)
+ TODO: check
+CVE-2007-0584 (PHP remote file inclusion vulnerability in
membres/membreManager.php ...)
+ TODO: check
+CVE-2007-0583 (Multiple cross-site scripting (XSS) vulnerabilities in HTTP
Commander ...)
+ TODO: check
+CVE-2007-0582 (SQL injection vulnerability in default.asp in ChernobiLe 1.0
allows ...)
+ TODO: check
+CVE-2007-0581 (PHP remote file inclusion vulnerability in functions.php in
EclipseBB ...)
+ TODO: check
+CVE-2007-0580 (PHP remote file inclusion vulnerability in menu.php in Foro
Domus 2.10 ...)
+ TODO: check
+CVE-2007-0579 (Unspecified vulnerability in the calendar component in Horde
Groupware ...)
+ TODO: check
+CVE-2007-0578 (The http_open function in httpget.c in mpg123 before 0.64 allows
...)
+ TODO: check
+CVE-2007-0577 (PHP remote file inclusion vulnerability in function.inc.php in
...)
+ TODO: check
+CVE-2007-0576 (PHP remote file inclusion vulnerability in xt_counter.php in
Xt-Stats ...)
+ TODO: check
+CVE-2007-0575 (Multiple SQL injection vulnerabilities in the administrative
login ...)
+ TODO: check
+CVE-2007-0574 (SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs
Vivvo ...)
+ TODO: check
+CVE-2007-0573 (PHP remote file inclusion vulnerability in
includes/config.inc.php in ...)
+ TODO: check
+CVE-2007-0572 (PHP remote file inclusion vulnerability in
include/irc/phpIRC.php in ...)
+ TODO: check
+CVE-2007-0571 (PHP remote file inclusion vulnerability in
include/lib/lib_head.php in ...)
+ TODO: check
+CVE-2007-0570 (PHP remote file inclusion vulnerability in ains_main.php in
Johannes ...)
+ TODO: check
+CVE-2007-0569 (SQL injection vulnerability in xNews.php in xNews 1.3 allows
remote ...)
+ TODO: check
+CVE-2007-0568 (PHP remote file inclusion vulnerability in
system/lib/package.php in ...)
+ TODO: check
+CVE-2007-0567 (Cross-site scripting (XSS) vulnerability in admin.php in ...)
+ TODO: check
+CVE-2007-0566 (SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and
...)
+ TODO: check
+CVE-2007-0565 (CGI-Rescue Shopping Basket Professional 7.50 and earlier allows
remote ...)
+ TODO: check
+CVE-2007-0564 (The license registering interface in Symantec Web Security (SWS)
...)
+ TODO: check
+CVE-2007-0563 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec
Web ...)
+ TODO: check
+CVE-2007-0562 (Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft
Windows XP ...)
+ TODO: check
+CVE-2007-0561 (Multiple PHP remote file inclusion vulnerabilities in Xero
Portal 1.2 ...)
+ TODO: check
+CVE-2007-0560 (SQL injection vulnerability in user.asp in ASP EDGE 1.2b and
earlier ...)
+ TODO: check
+CVE-2007-0559 (PHP remote file inclusion vulnerability in config.php in RPW
1.0.2 ...)
+ TODO: check
+CVE-2007-0558 (PHP remote file inclusion vulnerability in modules/mail/main.php
in ...)
+ TODO: check
+CVE-2005-4826 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP)
feature ...)
+ TODO: check
CVE-2007-0557 (rMake before 1.0.4 drops root privileges in a way that retains
the ...)
NOT-FOR-US: rPath
CVE-2007-0556
@@ -58,7 +212,7 @@
NOT-FOR-US: PHP Link Directory
CVE-2007-0528 (The admin web console implemented by the Centrality
Communications ...)
NOT-FOR-US: Centrality Communications
-CVE-2007-0527 (SQL injection vulnerability in class.login.php in Website Baker
2.6.5 ...)
+CVE-2007-0527 (SQL injection vulnerability in the is_remembered function in
...)
NOT-FOR-US: Website Baker
CVE-2007-0526 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver
1.3.1 ...)
NOT-FOR-US: Bitweaver
@@ -209,7 +363,7 @@
{DSA-1254-1}
- bind9 1:9.3.4-2 (medium; bug #408432)
- bind <not-affected>
-CVE-2007-0493 (Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3,
9.4.0a1 up to ...)
+CVE-2007-0493 (Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3,
9.4.0a1 up ...)
- bind9 1:9.3.4-2 (medium; bug #408432)
[sarge] - bind9 <not-affected> (Vulnerable code not present)
- bind <not-affected>
@@ -227,14 +381,14 @@
- libgems-ruby <unfixed> (low; bug #408299)
CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual
C++ ...)
NOT-FOR-US: Visual C++
-CVE-2007-0467
- RESERVED
-CVE-2007-0466
- RESERVED
-CVE-2007-0465
- RESERVED
-CVE-2007-0464
- RESERVED
+CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the
admin ...)
+ TODO: check
+CVE-2007-0466 (Telestream Flip4Mac Windows Media Components for Quicktime
2.1.0.33 ...)
+ TODO: check
+CVE-2007-0465 (Format string vulnerability in Apple Installer 2.1.5 on Mac OS X
...)
+ TODO: check
+CVE-2007-0464 (The _CFNetConnectionWillEnqueueRequests function in CFNetwork
129.19 ...)
+ TODO: check
CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on
Mac OS X ...)
NOT-FOR-US: Apple
CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by
...)
@@ -259,8 +413,7 @@
RESERVED
- wireshark 0.99.4-4 (low)
[sarge] - ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-0455 ["gdImageStringFTEx()" Denial of Service]
- RESERVED
+CVE-2007-0455 (Buffer overflow in the gdImageStringFTEx function in gdft.c in
GD ...)
- libgd2 <unfixed> (bug #408982; low)
CVE-2007-0454
RESERVED
@@ -758,6 +911,7 @@
CVE-2007-0236 (Double-free vulnerability in the _ATPsndrsp function in Apple
Mac OS X ...)
NOT-FOR-US: Mac OS X
CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s
function in ...)
+ {DSA-1255-1}
- libgtop2 2.14.4-3 (medium; bug #407020)
NOTE: libgtop does not contain the affected code.
CVE-2007-0234
@@ -1894,6 +2048,7 @@
CVE-2002-2219 (chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1
allows ...)
- chetcpasswd <removed> (low)
CVE-2007-0010 (The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2
(gtk2) ...)
+ {DSA-1256-1}
- gtk+2.0 2.8.20-5
TODO: check gdk-pixbuf
CVE-2007-0009
@@ -2197,8 +2352,7 @@
NOT-FOR-US: IBM
CVE-2006-6536 (Cross-site scripting (XSS) vulnerability in hata.asp in Cilem
Haber ...)
NOT-FOR-US: Cilem Haber Free Edition
-CVE-2006-6535 [dev_queue_xmit DoS]
- RESERVED
+CVE-2006-6535 (The dev_queue_xmit function in Linux kernel 2.6 can fail before
...)
- linux-2.6 <not-affected> (Fixed before upload into the archive;
2.6.10)
CVE-2006-6534 (Multiple cross-site scripting (XSS) vulnerabilities in
osCommerce ...)
NOT-FOR-US: osCommerce
@@ -3951,10 +4105,9 @@
RESERVED
CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does
not ...)
- linux-2.6 2.6.18-1
-CVE-2006-5754
- RESERVED
-CVE-2006-5753 [listxattr syscall memory corruption DoS]
- RESERVED
+CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly
...)
+ TODO: check
+CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux
...)
- linux-2.6 <unfixed>
CVE-2006-5752
RESERVED
@@ -4069,7 +4222,7 @@
- php5 5.2.0-1 (unimportant)
- php4 <unfixed> (unimportant)
NOTE: lack of basedir restrictions are not security-relevant by Debian PHP
security policy
-CVE-2006-5705 (Directory traversal vulnerability in plugins/wp-db-backup.php in
...)
+CVE-2006-5705 (Multiple directory traversal vulnerabilities in ...)
- wordpress 2.0.5-0.1
CVE-2006-5704 (HP NonStop Server G06.29, when running Standard Security
T6533G06 ...)
NOT-FOR-US: HP