thr3ads.net - Secure testing commits - [Secure-testing-commits] r5404

If this information is useful, please help other people find it:
Share via:
Joey Hess
2007-Feb-03 09:14 UTC
[Secure-testing-commits] r5404 - data/CVE

Author: joeyh
Date: 2007-02-03 09:14:10 +0100 (Sat, 03 Feb 2007)
New Revision: 5404

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-02-02 16:55:17 UTC (rev 5403)
+++ data/CVE/list	2007-02-03 08:14:10 UTC (rev 5404)
@@ -1,3 +1,113 @@
+CVE-2007-0688 (SQL injection vulnerability in oku.asp in Hunkaray Duyuru
Scripti ...)
+	TODO: check
+CVE-2007-0687 (SQL injection vulnerability in i-search.php in
Michelle''s L2J Dropcalc ...)
+	TODO: check
+CVE-2007-0686 (The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9
(w29n51.sys) ...)
+	TODO: check
+CVE-2007-0685 (Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003
and ...)
+	TODO: check
+CVE-2007-0684 (PHP remote file inclusion vulnerability in portal.php in
Cerulean ...)
+	TODO: check
+CVE-2007-0683 (PHP remote file inclusion vulnerability in
includes/functions.php in ...)
+	TODO: check
+CVE-2007-0682 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-0681 (profile.php in ExtCalendar 2 and earlier allows remote attackers
to ...)
+	TODO: check
+CVE-2007-0680 (PHP remote file inclusion vulnerability in
includes/functions.php in ...)
+	TODO: check
+CVE-2007-0679 (PHP remote file inclusion vulnerability in lang/leslangues.php
in ...)
+	TODO: check
+CVE-2007-0678 (SQL injection vulnerability in windows.asp in Fullaspsite Asp
Hosting ...)
+	TODO: check
+CVE-2007-0677 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-0676 (SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and
earlier ...)
+	TODO: check
+CVE-2007-0675 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-0674 (Pictures and Videos on Windows Mobile 5.0 and Windows Mobile
2003 and ...)
+	TODO: check
+CVE-2007-0673 (LGSERVER.EXE in BrightStor ARCserve Backup for Laptops &amp;
Desktops ...)
+	TODO: check
+CVE-2007-0672 (LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote
attackers ...)
+	TODO: check
+CVE-2007-0671 (Unspecified vulnerability in Microsoft Excel 2000, XP, and 2003
allows ...)
+	TODO: check
+CVE-2007-0670 (Buffer overflow in bos.rte.libc in IBM AIX 5.3 allows local
users to ...)
+	TODO: check
+CVE-2007-0669
+	RESERVED
+CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local
users in ...)
+	TODO: check
+CVE-2007-0667 (Unspecified vulnerability in (1) LedgerSMB before 1.1.5 and (2)
...)
+	TODO: check
+CVE-2007-0666 (Ipswitch WS_FTP Server 5.04 allows attackers to execute
arbitrary code ...)
+	TODO: check
+CVE-2007-0665 (Format string vulnerability in the SCP module in Ipswitch WS_FTP
2007 ...)
+	TODO: check
+CVE-2007-0664 (thttpd before 2.25b-r6 in Gentoo Linux is started from the
system root ...)
+	TODO: check
+CVE-2007-0663 (SQL injection vulnerability in index.php in Eclectic Designs
...)
+	TODO: check
+CVE-2007-0662 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-0661 (Intel Enterprise Southbridge 2 Baseboard Management Controller
(BMC), ...)
+	TODO: check
+CVE-2007-0660 (Cross-site scripting (XSS) vulnerability in the IFrame module
before ...)
+	TODO: check
+CVE-2007-0659 (download.php in the MuddyDogPaws FileDownload snippet before 2.5
for ...)
+	TODO: check
+CVE-2007-0658 (The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1
module ...)
+	TODO: check
+CVE-2007-0657 (Unspecified vulnerability in Nexuiz 2.2.2 allows remote
attackers to ...)
+	TODO: check
+CVE-2007-0656 (PHP remote file inclusion vulnerability in
includes/functions.php in ...)
+	TODO: check
+CVE-2007-0655
+	RESERVED
+CVE-2007-0654
+	RESERVED
+CVE-2007-0653
+	RESERVED
+CVE-2007-0652
+	RESERVED
+CVE-2007-0651
+	RESERVED
+CVE-2007-0650 (Buffer overflow in the open_sty function in mkind.c for
makeindex 2.14 ...)
+	TODO: check
+CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in
OpenEMR ...)
+	TODO: check
+CVE-2007-0648 (Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with
voice ...)
+	TODO: check
+CVE-2007-0647 (Format string vulnerability in Help Viewer 3.0.0 allows remote
...)
+	TODO: check
+CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3 allows remote
...)
+	TODO: check
+CVE-2007-0645 (Format string vulnerability in iPhoto 6.0.5 allows remote ...)
+	TODO: check
+CVE-2007-0644 (Format string vulnerability in Apple Safari 2.0.4 (419.3) allows
...)
+	TODO: check
+CVE-2007-0643 (Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows
...)
+	TODO: check
+CVE-2007-0642 (SQL injection vulnerability in tForum 2.00 in the Raymond
BERTHOU ...)
+	TODO: check
+CVE-2007-0641 (Buffer overflow in the EnumPrintersA function in dapcnfsd.dll
0.6.4.0 ...)
+	TODO: check
+CVE-2007-0640 (Buffer overflow in ZABBIX before 1.1.5 has unknown impact and
attack ...)
+	TODO: check
+CVE-2007-0639 (Multiple static code injection vulnerabilities in error.php in
GuppY ...)
+	TODO: check
+CVE-2007-0638 (show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote
attackers ...)
+	TODO: check
+CVE-2007-0637 (Directory traversal vulnerability in zd_numer.php in Galeria
Zdjec 3.0 ...)
+	TODO: check
+CVE-2007-0636 (Unspecified vulnerability in inotify before 0.3.5 has unknown
impact ...)
+	TODO: check
+CVE-2007-0635 (Multiple PHP remote file inclusion vulnerabilities in EncapsCMS
0.3.6 ...)
+	TODO: check
+CVE-2007-0634 (Unspecified vulnerability in Sun Solaris 10 before 20070130
allows ...)
+	TODO: check
 CVE-2007-XXXX [kaya buffer overflow, cross-site scripting and data leak]
 	- kaya 0.2.0-6 (bug #409062)
 CVE-2007-XXXX [file descriptor leak when a Compose file uses the
"include" directive]
@@ -27,7 +137,8 @@
 	NOT-FOR-US: MAXdev MDPro
 CVE-2007-0622 (Cross-site request forgery (CSRF) vulnerability in MyBB (aka
...)
 	NOT-FOR-US: MyBulletinBoard
-CVE-2007-0621 (Unspecified vulnerability in Microsoft Word 2003 has unknown
impact ...)
+CVE-2007-0621
+	REJECTED
 	NOT-FOR-US: Microsoft Word
 CVE-2007-0620 (download.php in FD Script 1.3.2 and earlier allows remote
attackers to ...)
 	NOT-FOR-US: FD Script
@@ -79,7 +190,7 @@
 	NOT-FOR-US: Aztek Forum
 CVE-2007-0596 (PHP remote file inclusion vulnerability in index/main.php in
Aztek ...)
 	NOT-FOR-US: Aztek Forum
-CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in high5 Review script
allows ...)
+CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in search in High 5
Review ...)
 	NOT-FOR-US: high5 Review
 CVE-2007-0594 (Siteman 2.0.x2 stores sensitive information under the web root
with ...)
 	NOT-FOR-US: Siteman
@@ -400,20 +511,16 @@
 	- dazuko-source <unfixed> (bug #408300)
 CVE-2007-0460 (Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to
10.1, and ...)
 	- ulogd 1.23-6 (medium)
-CVE-2007-0459 [wireshark TCP dissector infinite loop DoS]
-	RESERVED
+CVE-2007-0459 (packet-tcp.c in the TCP dissector in Wireshark (formerly
Ethereal) ...)
 	- wireshark 0.99.4-4 (low)
 	[sarge] - ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-0458 [wireshark HTTP dissector infinite loop DoS]
-	RESERVED
+CVE-2007-0458 (Unspecified vulnerability in the HTTP dissector in Wireshark
(formerly ...)
 	- wireshark 0.99.4-4 (low)
 	[sarge] - ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-0457 [wireshark IEEE802.11 int overflow DoS]
-	RESERVED
+CVE-2007-0457 (Unspecified vulnerability in the IEEE 802.11 dissector in
Wireshark ...)
 	- wireshark 0.99.4-4 (low)
 	[sarge] - ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-0456 [wireshark LLT dissector NULL deref]
-	RESERVED
+CVE-2007-0456 (Unspecified vulnerability in the LLT dissector in Wireshark
(formerly ...)
 	- wireshark 0.99.4-4 (low)
 	[sarge] - ethereal <not-affected> (Vulnerable code not present)
 CVE-2007-0455 (Buffer overflow in the gdImageStringFTEx function in gdft.c in
GD ...)
@@ -428,7 +535,7 @@
 	RESERVED
 CVE-2007-0450
 	RESERVED
-CVE-2007-0449 (Multiple buffer overflows in CA BrightStor ARCserve Backup for
Laptops ...)
+CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor
ARCserve ...)
 	NOT-FOR-US: CA BrightStor
 CVE-2007-0448
 	RESERVED
@@ -3856,7 +3963,7 @@
 	{DSA-1230-1}
 	- l2tpns 2.1.21-1 (medium; bug #401742)
 	NOTE: http://secunia.com/advisories/23230/
-CVE-2006-5872 (Unspecified vulnerability in login.pl in SQL Ledger before
2.6.21 ...)
+CVE-2006-5872 (login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5
allows ...)
 	{DSA-1239-1}
 	- sql-ledger 2.6.21-1
 CVE-2006-5871 (smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before
...)
@@ -9352,7 +9459,7 @@
 	RESERVED
 CVE-2006-3446
 	RESERVED
-CVE-2006-3445 (Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and
Server 2003 ...)
+CVE-2006-3445 (Integer overflow in the ReadWideString function in agentdpv.dll
in ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-3444 (Unspecified vulnerability in the kernel in Microsoft Windows
2000 SP4, ...)
 	NOT-FOR-US: Microsoft
@@ -12659,7 +12766,7 @@
 	NOT-FOR-US: OpenTTD
 CVE-2006-1998 (OpenTTD 0.4.7 and earlier allows local users to cause a denial
of ...)
 	NOT-FOR-US: OpenTTD
-CVE-2006-1997 (Unspecified vulnerability in Sybase Pylon Anywhere before 7.0
allows ...)
+CVE-2006-1997 (Unspecified vulnerability in Sybase Pylon Anywhere groupware
...)
 	NOT-FOR-US: Sybase Pylon Anywhere
 CVE-2006-1996 (Scry Gallery 1.1 allows remote attackers to obtain sensitive
...)
 	NOT-FOR-US: Scry Gallery
Secure testing commits - Feb 2007 - r5404 - data/CVE

[Secure-testing-commits] r5404 - data/CVE
