thr3ads.net - Secure testing commits - [Secure-testing-commits] r5444

If this information is useful, please help other people find it:
Share via:
Joey Hess
2007-Feb-12 09:14 UTC
[Secure-testing-commits] r5444 - data/CVE

Author: joeyh
Date: 2007-02-12 09:14:08 +0100 (Mon, 12 Feb 2007)
New Revision: 5444

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-02-11 21:38:13 UTC (rev 5443)
+++ data/CVE/list	2007-02-12 08:14:08 UTC (rev 5444)
@@ -1,3 +1,47 @@
+CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote
...)
+	TODO: check
+CVE-2007-0869 (Cross-site scripting (XSS) vulnerability in the Attachment
Manager ...)
+	TODO: check
+CVE-2007-0868 (Unspecified vulnerability in the Chat Room functionality in
Yahoo! ...)
+	TODO: check
+CVE-2007-0867 (PHP remote file inclusion vulnerability in classes/menu.php in
...)
+	TODO: check
+CVE-2007-0866 (Unspecified vulnerability in HP OpenView Storage Data Protector
on ...)
+	TODO: check
+CVE-2007-0865 (SQL injection vulnerability in comments.php in LushiNews 1.01
and ...)
+	TODO: check
+CVE-2007-0864 (SQL injection vulnerability in register.php in LushiWarPlaner
1.0 ...)
+	TODO: check
+CVE-2007-0863 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-0862 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-0861 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-0860 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-0859
+	RESERVED
+CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote
...)
+	TODO: check
+CVE-2006-6991 (Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote
...)
+	TODO: check
+CVE-2006-6990 (Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote
...)
+	TODO: check
+CVE-2006-6989 (Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition
allows ...)
+	TODO: check
+CVE-2006-6988 (Cross-domain vulnerability in Slim Browser 4.07 build 100 allows
...)
+	TODO: check
+CVE-2006-6987 (Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows
remote ...)
+	TODO: check
+CVE-2006-6986 (Cross-domain vulnerability in PhaseOut 5.4.4 allows remote
attackers ...)
+	TODO: check
+CVE-2006-6985 (Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows
remote ...)
+	TODO: check
+CVE-2006-6984 (Cross-domain vulnerability in GreenBrowser 3.4.0622 allows
remote ...)
+	TODO: check
+CVE-2006-6983 (Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows
remote ...)
+	TODO: check
 CVE-2007-XXXX [Firefox-sage XSS]
 	- firefox-sage <unfixed>
 	NOTE: http://secunia.com/advisories/24086/
@@ -441,8 +485,7 @@
 	NOT-FOR-US: Microsoft Excel
 CVE-2007-0670 (Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows
local ...)
 	NOT-FOR-US: IBM AIX
-CVE-2007-0669 [TWiki CGI Session File Unspecified (local) Perl Code Execution]
-	RESERVED
+CVE-2007-0669 (Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows
local ...)
 	- twiki <unfixed> (bug #410256)
 CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local
users in ...)
 	NOT-FOR-US: Sun Solaris.
@@ -963,8 +1006,8 @@
 	RESERVED
 CVE-2007-0447
 	RESERVED
-CVE-2007-0446
-	RESERVED
+CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for
Hewlett-Packard ...)
+	TODO: check
 CVE-2007-0445
 	RESERVED
 CVE-2007-0444 (Stack-based buffer overflow in the print provider library
(cpprov.dll) ...)
@@ -1869,7 +1912,7 @@
 	NOT-FOR-US: IMGallery
 CVE-2007-0081 (Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and
...)
 	NOT-FOR-US: Sunbelt Kerio Personal Firewall
-CVE-2007-0080 (Buffer overflow in the SMB_Connect_Server function in FreeRadius
1.1.3 ...)
+CVE-2007-0080 (** DISPUTED ** ...)
 	- freeradius <unfixed> (unimportant)
 	NOTE: Data triggering the buffer overflow can only be controlled by root
 CVE-2007-0079 (rblog stores sensitive information under the web root with ...)
@@ -10051,7 +10094,7 @@
 	NOT-FOR-US: Mp3NetBox
 CVE-2006-3366 (Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat
allow ...)
 	NOT-FOR-US: V3 Chat
-CVE-2006-3365 (mail/index.php in V3 Chat allows remote attackers to obtain the
...)
+CVE-2006-3365 (V3 Chat allows remote attackers to obtain the installation path
via ...)
 	NOT-FOR-US: V3 Chat
 CVE-2006-3364 (SQL injection vulnerability in index.php in the NP_SEO plugin in
...)
 	NOT-FOR-US: BLOG:CMS
@@ -10836,7 +10879,8 @@
 	NOT-FOR-US: not packaged for Debian
 CVE-2006-3009 (Multiple cross-site scripting (XSS) vulnerabilities in Open
Business ...)
 	NOT-FOR-US: not packaged for Debian
-CVE-2006-3008 (SQL injection vulnerability in index.php in Particle Links 1.2.2
...)
+CVE-2006-3008
+	REJECTED
 	NOT-FOR-US: Particle Links
 CVE-2006-3007 (Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast
1.9.5 ...)
 	NOT-FOR-US: not packaged for Debian
@@ -10967,7 +11011,7 @@
 	NOT-FOR-US: Dmx Forum
 CVE-2006-2946 (Dmx Forum 2.1a stores _includes/bd.inc under the web root with
...)
 	NOT-FOR-US: Dmx Forum
-CVE-2006-2945 (Unspecified vulnerability the user profile change functionality
in ...)
+CVE-2006-2945 (Unspecified vulnerability in the user profile change
functionality in ...)
 	- dokuwiki 0.0.20060309-4 (bug #373689; low)
 CVE-2006-2944 (Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and
earlier ...)
 	NOT-FOR-US: FORM2MAIL
@@ -11380,7 +11424,7 @@
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	- mozilla 2:1.7.13-0.3 (medium)
 	- xulrunner 1.8.0.4-1 (medium)
-CVE-2006-2781 (Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4
and ...)
+CVE-2006-2781 (Double-free vulnerability in nsVCard.cpp in Mozilla Thunderbird
before ...)
 	{DSA-1134-1 DSA-1118}
 	NOTE: MFSA-2006-40
 	- thunderbird 1.5.0.4-1 (high)
@@ -12377,7 +12421,8 @@
 	NOT-FOR-US: Ipswitch WhatsUp
 CVE-2006-2351 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch
...)
 	NOT-FOR-US: Ipswitch WhatsUp
-CVE-2006-2350 (SQL injection vulnerability in the inc/elementz.php script in
AliPAGER ...)
+CVE-2006-2350
+	REJECTED
 	NOT-FOR-US: AliPAGER
 CVE-2006-2349 (E-Business Designer (eBD) 3.1.4 and earlier allows remote
attackers to ...)
 	NOT-FOR-US: E-Business Designer
@@ -12684,7 +12729,8 @@
 	NOT-FOR-US: Invision Power Board
 CVE-2006-2216 (Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to
obtain ...)
 	NOT-FOR-US: OpenBB
-CVE-2006-2215 (Multiple cross-site scripting (XSS) vulnerabilities in Albinator
2.x ...)
+CVE-2006-2215
+	REJECTED
 	NOT-FOR-US: Albinator
 CVE-2005-4797 (Directory traversal vulnerability in printd line printer daemon
(lpd) ...)
 	NOT-FOR-US: Solaris
@@ -12773,7 +12819,7 @@
 	NOT-FOR-US: Truecrypt
 CVE-2006-2182 (Multiple PHP remote file inclusion vulnerabilities in (1)
eday.php, ...)
 	NOT-FOR-US: albinator
-CVE-2006-2181 (Multiple cross-site scripting (XSS) vulnerabilities in albinator
2.0.8 ...)
+CVE-2006-2181 (Multiple cross-site scripting (XSS) vulnerabilities in Albinator
2.0.8 ...)
 	NOT-FOR-US: albinator
 CVE-2006-2180 (Buffer overflow in Golden FTP Server Pro 2.70 allows remote
attackers ...)
 	NOT-FOR-US: Golden FTP Server Pro
@@ -12789,13 +12835,13 @@
 	NOT-FOR-US: Fast Click
 CVE-2006-2174 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: Virtual Hosting Control System (VHCS)
-CVE-2006-2173 (Buffer overflow in FileZilla FTP Server allows remote
authenticated ...)
+CVE-2006-2173 (Buffer overflow in FileZilla FTP Server 2.2.22 allows remote
...)
 	NOT-FOR-US: FileZilla FTP Server
 CVE-2006-2172 (Buffer overflow in Gene6 FTP Server 3.1.0 allows remote
authenticated ...)
 	NOT-FOR-US: Gene6 FTP Server
 CVE-2006-2171 (Buffer overflow in WDM.exe in WarFTPD allows remote attackers to
...)
 	NOT-FOR-US: WarFTPD
-CVE-2006-2170 (Buffer overflow in ArgoSoft FTP Server allows remote attackers
to ...)
+CVE-2006-2170 (Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote
attackers ...)
 	NOT-FOR-US: ArgoSoft FTP Server
 CVE-2006-2169 (RT: Request Tracker 3.5.HEAD allows remote attackers to obtain
...)
 	- request-tracker3.4 <not-affected> (file not included in 3.4)
@@ -14951,7 +14997,7 @@
 	NOT-FOR-US: CuteNews
 CVE-2006-1338 (Webmail in MailEnable Professional Edition before 1.73 and
Enterprise ...)
 	NOT-FOR-US: MailEnable
-CVE-2006-1337 (Unspecified vulnerability in the POP service in MailEnable
Standard ...)
+CVE-2006-1337 (Buffer overflow in the POP 3 (POP3) service in MailEnable
Standard ...)
 	NOT-FOR-US: MailEnable
 CVE-2006-1336 (Cross-site scripting vulnerability in calendar.php in
ExtCalendar 1.0 ...)
 	NOT-FOR-US: ExtCalendar
@@ -15295,7 +15341,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-1190 (Microsoft Internet Explorer 5.01 through 6 does not always
return the ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-1189 (Unspecified vulnerability in Microsoft Internet Explorer 5.01
through ...)
+CVE-2006-1189 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer
5.01 ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-1188 (Microsoft Internet Explorer 5.01 through 6 allows remote
attackers to ...)
 	NOT-FOR-US: Microsoft
@@ -15655,7 +15701,7 @@
 	NOT-FOR-US: Dragonfly CMS
 CVE-2006-1032 (Eval injection vulnerability in the decode function in
rpc_decoder.php ...)
 	NOT-FOR-US: phpRPC
-CVE-2006-1031 (PHP local file include vulnerability in config/config_inc.php in
...)
+CVE-2006-1031 (config/config_inc.php in iGENUS Webmail 2.02 and earlier allows
remote ...)
 	NOT-FOR-US: iGENUS Webmail
 CVE-2006-1030 (Unspecified vulnerability in mod_templatechooser in Joomla!
1.0.7 ...)
 	NOT-FOR-US: Joomla!
@@ -16282,7 +16328,7 @@
 	[sarge] - honeyd <no-dsa> (Too insignificant)
 CVE-2006-0751 (Multiple unspecified vulnerabilities in the (1) Filesystem in
...)
 	NOT-FOR-US: Network Object Oriented File System (NOOFS)
-CVE-2006-0750 (SQL injection vulnerability in index.php in supersmashbrothers
(SSB) ...)
+CVE-2006-0750 (SQL injection vulnerability in army.php in supersmashbrothers
(SSB) ...)
 	NOT-FOR-US: supersmashbrothers
 CVE-2006-0749 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
@@ -17629,7 +17675,7 @@
 	NOT-FOR-US: WhiteAlbum
 CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10
allows ...)
 	NOT-FOR-US: microBlog
-CVE-2006-0233 (Cross-site scripting (XSS) vulnerability in microBlog 2.0 RC-10
allows ...)
+CVE-2006-0233 (Cross-site scripting (XSS) vulnerability in functions.php in
microBlog ...)
 	NOT-FOR-US: microBlog
 CVE-2006-0232 (Symantec Scan Engine 5.0.0.24, and possibly other versions
before ...)
 	NOT-FOR-US: Symantec Scan Engine
@@ -17891,7 +17937,7 @@
 	- cacti 0.8.6d-1
 CVE-2006-0145 (The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1,
and ...)
 	NOT-FOR-US: NetBSD
-CVE-2006-0144 (The proxy server feature in go-pear.php in PHP PEAR 0.2.2 allows
...)
+CVE-2006-0144 (The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as
used in ...)
 	NOT-FOR-US: Neither php-pear nor php4-pear ship this file
 CVE-2006-0143 (Microsoft Windows Graphics Rendering Engine (GRE) allows remote
...)
 	NOT-FOR-US: Windows
Secure testing commits - Feb 2007 - r5444 - data/CVE

[Secure-testing-commits] r5444 - data/CVE
