thr3ads.net - Secure testing commits - [Secure-testing-commits] r5477

If this information is useful, please help other people find it:
Share via:
Joey Hess
2007-Feb-21 21:14 UTC
[Secure-testing-commits] r5477 - data/CVE

Author: joeyh
Date: 2007-02-21 21:14:13 +0100 (Wed, 21 Feb 2007)
New Revision: 5477

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-02-20 08:02:24 UTC (rev 5476)
+++ data/CVE/list	2007-02-21 20:14:13 UTC (rev 5477)
@@ -1,3 +1,115 @@
+CVE-2007-1070 (Multiple stack-based buffer overflows in Trend Micro
ServerProtect for ...)
+	TODO: check
+CVE-2007-1036 (The default configuration of JBoss does not restrict access to
the (1) ...)
+	TODO: check
+CVE-2007-1035 (Unspecified vulnerability in certain demonstration scripts in
getID3 ...)
+	TODO: check
+CVE-2007-1034 (SQL injection vulnerability in modules.php in the Emporium 2.3.0
and ...)
+	TODO: check
+CVE-2007-1033 (Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and
...)
+	TODO: check
+CVE-2007-1032 (Unspecified vulnerability in phpMyFAQ before 1.6.9, when ...)
+	TODO: check
+CVE-2007-1031 (Directory traversal vulnerability in include/db_conn.php in
SpoonLabs ...)
+	TODO: check
+CVE-2007-1030 (Niels Provos libevent 1.2 and 1.2a allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2007-1029 (Stack-based buffer overflow in the Connect method in the IMAP4
...)
+	TODO: check
+CVE-2007-1028 (Cross-site scripting (XSS) vulnerability in the Barry Jaspan
Image ...)
+	TODO: check
+CVE-2007-1027 (Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for
Linux ...)
+	TODO: check
+CVE-2007-1026 (SQL injection vulnerability in view.php in XLAtunes 0.1 and
earlier ...)
+	TODO: check
+CVE-2007-1025 (PHP remote file inclusion vulnerability in inc/functions_inc.php
in ...)
+	TODO: check
+CVE-2007-1024 (PHP remote file inclusion vulnerability in include.php in
Meganoide''s ...)
+	TODO: check
+CVE-2007-1023 (SQL injection vulnerability in pop_profile.asp in Snitz Forums
2000 ...)
+	TODO: check
+CVE-2007-1022 (SQL injection vulnerability in h_goster.asp in Turuncu Portal
1.0 ...)
+	TODO: check
+CVE-2007-1021 (SQL injection vulnerability in inc_listnews.asp in CodeAvalanche
News ...)
+	TODO: check
+CVE-2007-1020 (Cross-site scripting (XSS) vulnerability in index.php in CedStat
1.31 ...)
+	TODO: check
+CVE-2007-1019 (SQL injection vulnerability in news.php in webSPELL 4.01.02,
when ...)
+	TODO: check
+CVE-2007-1018 (PHP remote file inclusion vulnerability in tpl/header.php in
...)
+	TODO: check
+CVE-2007-1017 (PHP remote file inclusion vulnerability in show_news_inc.php in
...)
+	TODO: check
+CVE-2007-1016 (SQL injection vulnerability in Aktueldownload Haber script
allows ...)
+	TODO: check
+CVE-2007-1015 (SQL injection vulnerability in HaberDetay.asp in Aktueldownload
Haber ...)
+	TODO: check
+CVE-2007-1014 (Stack-based buffer overflow in VicFTPS before 5.0 allows remote
...)
+	TODO: check
+CVE-2007-1013 (PHP remote file inclusion vulnerability in generate.php in ...)
+	TODO: check
+CVE-2007-1012 (Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO
1.1.0 ...)
+	TODO: check
+CVE-2007-1011 (PHP remote file inclusion vulnerability in functions_inc.php in
...)
+	TODO: check
+CVE-2007-1010 (Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds
1.0, ...)
+	TODO: check
+CVE-2007-1009
+	RESERVED
+CVE-2007-1008 (Apple iTunes 7.0.2 allows user-assisted remote attackers to
cause a ...)
+	TODO: check
+CVE-2007-1007 (Format string vulnerability in GnomeMeeting 1.0.2 and earlier
allows ...)
+	TODO: check
+CVE-2007-1006 (Multiple format string vulnerabilities in the ...)
+	TODO: check
+CVE-2007-1005
+	RESERVED
+CVE-2007-1004 (Mozilla Firefox mmight allow remote attackers to condut spoofing
and ...)
+	TODO: check
+CVE-2007-1003
+	RESERVED
+CVE-2007-1002
+	RESERVED
+CVE-2007-1001
+	RESERVED
+CVE-2007-1000
+	RESERVED
+CVE-2007-0999
+	RESERVED
+CVE-2007-0998
+	RESERVED
+CVE-2007-0997
+	RESERVED
+CVE-2007-0996
+	RESERVED
+CVE-2007-0995
+	RESERVED
+CVE-2007-0994
+	RESERVED
+CVE-2007-0993
+	RESERVED
+CVE-2007-0992
+	RESERVED
+CVE-2007-0991
+	RESERVED
+CVE-2007-0990
+	RESERVED
+CVE-2007-0989
+	RESERVED
+CVE-2007-0988 (The zend_hash_init function in PHP, when running on a 64-bit
platform, ...)
+	TODO: check
+CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS
1.1.5 ...)
+	TODO: check
+CVE-2007-0986 (PHP remote file inclusion vulnerability in index.php in Jupiter
CMS ...)
+	TODO: check
+CVE-2007-0985 (SQL injection vulnerability in nickpage.php in phpCC 4.2 beta
and ...)
+	TODO: check
+CVE-2007-0984 (SQL injection vulnerability in admin_poll.asp in PollMentor 2.0
allows ...)
+	TODO: check
+CVE-2007-0983 (PHP remote file inclusion vulnerability in _admin/nav.php in AT
...)
+	TODO: check
+CVE-2007-0982 (Cross-site scripting (XSS) vulnerability in error.php in
TaskFreak! ...)
+	TODO: check
 CVE-2007-XXXX [capi_{cmsg,message}2str not thread-safe; vulnerable to buffer
overflow]
 	- isdnutils <unfixed> (bug #408530)
 	- asterisk-chan-capi <unfixed> (bug #411293)
@@ -2,3 +114,3 @@
 	- linux-2.6 <unfixed> (bug #411294)
-CVE-2007-0981 (Mozilla based browsers allows remote attackers to bypass the
same ...)
+CVE-2007-0981 (Mozilla based browsers, including Firefox, allow remote
attackers to ...)
 	- iceweasel <unfixed> (bug #411192; high)
@@ -107,9 +219,9 @@
 	RESERVED
 CVE-2007-0933
 	RESERVED
-CVE-2007-0932 (Unspecified vulnerability in Aruba Mobility Controller 200, 800,
2400, ...)
+CVE-2007-0932 (The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and
(2) ...)
 	NOT-FOR-US: Aruba Mobility Controller
-CVE-2007-0931 (Buffer overflow in the management interface for Aruba Mobility
...)
+CVE-2007-0931 (Heap-based buffer overflow in the management interfaces in (1)
Aruba ...)
 	NOT-FOR-US: Aruba Mobility Controller
 CVE-2007-0930 (Variable extract vulnerability in Apache Stats before 0.0.3beta
allows ...)
 	NOT-FOR-US: Apache Stats
@@ -182,7 +294,7 @@
 	NOTE: this is a regression in the 5.2.1 release which is not yet uploaded.
 	NOTE: so we should just make sure we patch 5.2.1.  Leaving open in the
 	NOTE: meantime, so we don''t forget about it.
-CVE-2007-0910 (Unspecified vulnerability PHP before 5.2.1 allows attackers to
...)
+CVE-2007-0910 (Unspecified vulnerability in PHP before 5.2.1 allows attackers
to ...)
 	- php5 <unfixed> (bug #410561; medium)
 	NOTE: fix is believed to be isolated, needs verification and backporting:
 	NOTE: see CVE-2007-0910_clobbering-superglobals.diff in
@@ -232,14 +344,13 @@
 	NOT-FOR-US: TagIt! Tagboard
 CVE-2007-0899
 	RESERVED
-CVE-2007-0898
-	RESERVED
-CVE-2007-0897
-	RESERVED
+CVE-2007-0898 (Directory traversal vulnerability in clamd in Clam AntiVirus
ClamAV before ...)
+	TODO: check
+CVE-2007-0897 (Clam AntiVirus ClamAV before 0.90 does not close open file
descriptors under ...)
+	TODO: check
 CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before
...)
 	- firefox-sage 1.3.10-1
-CVE-2007-0451 [DoS in spamassassin URI parsing causes SA to enter loop eating
all RAM]
-	RESERVED
+CVE-2007-0451 (Unspecified vulnerability in Apache SpamAssassin before 3.1.8
allows remote ...)
 	- spamassassin 3.1.7-2 (bug #410843)
 	NOTE: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5318
 CVE-2007-0895 (Race condition in recursive directory deletion with the (1) -r
or (2) ...)
@@ -569,8 +680,8 @@
 	RESERVED
 CVE-2007-0773
 	RESERVED
-CVE-2007-0772
-	RESERVED
+CVE-2007-0772 (The Linux kernel before 2.6.20.1 allows remote attackers to
cause a ...)
+	TODO: check
 CVE-2007-0771
 	RESERVED
 CVE-2007-0770 (Buffer overflow in GraphicsMagick and ImageMagick allows
user-assisted ...)
@@ -728,8 +839,8 @@
 	RESERVED
 CVE-2007-0711
 	RESERVED
-CVE-2007-0710
-	RESERVED
+CVE-2007-0710 (The Bonjour functionality in iChat in Apple Mac OS X 10.3.9
allows remote ...)
+	TODO: check
 CVE-2007-0709 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal
Firewall) ...)
 	NOT-FOR-US: Comodo Firewall Pro
 CVE-2007-0708 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal
Firewall) ...)
@@ -1623,8 +1734,8 @@
 	RESERVED
 CVE-2007-0326
 	RESERVED
-CVE-2007-0325
-	RESERVED
+CVE-2007-0325 (Multiple buffer overflows in the Trend Micro OfficeScan
Web-Deployment ...)
+	TODO: check
 CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in
...)
 	NOT-FOR-US: LizardTech DjVu Browser Plug-in
 CVE-2007-0323
@@ -2975,8 +3086,8 @@
 	RESERVED
 CVE-2007-0008
 	RESERVED
-CVE-2007-0007
-	RESERVED
+CVE-2007-0007 (gnucash 2.0.4 and earlier allows local users to overwrite
arbitrary ...)
+	TODO: check
 CVE-2007-0006 (The key serial number collision avoidance code in the
key_alloc_serial ...)
 	- linux-2.6 <unfixed>
 CVE-2007-0005
@@ -6092,8 +6203,7 @@
 	RESERVED
 CVE-2006-5277
 	RESERVED
-CVE-2006-5276 [Buffer overflow in snort''s DCE RPC preprocessor]
-	RESERVED
+CVE-2006-5276 (Stack-based buffer overflow in the DCE/RPC preprocessor in Snort
...)
 	- snort <not-affected> (snort versions 2.3.x do not contain the DCE RPC
preprocessor)
 CVE-2006-5275
 	RESERVED
Secure testing commits - Feb 2007 - r5477 - data/CVE

[Secure-testing-commits] r5477 - data/CVE
