Secure testing commits - Apr 2007 - r5615 - data/CVE

Author: joeyh
Date: 2007-04-03 09:14:13 +0000 (Tue, 03 Apr 2007)
New Revision: 5615

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-04-02 19:37:51 UTC (rev 5614)
+++ data/CVE/list	2007-04-03 09:14:13 UTC (rev 5615)
@@ -1,3 +1,137 @@
+CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does
not ...)
+	TODO: check
+CVE-2007-1839 (Multiple PHP remote file inclusion vulnerabilities in CodeBB
1.1b3 and ...)
+	TODO: check
+CVE-2007-1838 (SQL injection vulnerability in view.php in the Friendfinder 3.3
and ...)
+	TODO: check
+CVE-2007-1837 (Multiple PHP remote file inclusion vulnerabilities in MangoBery
CMS ...)
+	TODO: check
+CVE-2007-1836 (The command line administration interface in Data Domain OS
before ...)
+	TODO: check
+CVE-2007-1835 (PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty
session ...)
+	TODO: check
+CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco
...)
+	TODO: check
+CVE-2007-1833 (The Skinny Call Control Protocol (SCCP) implementation in Cisco
...)
+	TODO: check
+CVE-2007-1832 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated
users to ...)
+	TODO: check
+CVE-2007-1831 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated
users to ...)
+	TODO: check
+CVE-2007-1830 (Unspecified vulnerability in the Username Hijacking Patch
20070312 for ...)
+	TODO: check
+CVE-2007-1829 (Multiple unspecified vulnerabilities in web-app.net WebAPP have
...)
+	TODO: check
+CVE-2007-1828 (Multiple cross-site scripting (XSS) vulnerabilities in
web-app.org ...)
+	TODO: check
+CVE-2007-1827 (Multiple unspecified vulnerabilities in form input validation in
...)
+	TODO: check
+CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco
...)
+	TODO: check
+CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5
before ...)
+	TODO: check
+CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP
5 ...)
+	TODO: check
+CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve
or ...)
+	TODO: check
+CVE-2007-1822 (Alcatel-Lucent Lucent Technologies voice mail systems allow
remote ...)
+	TODO: check
+CVE-2007-1821 (Sprint Nextel Sprint voice mail systems allow remote attackers
to ...)
+	TODO: check
+CVE-2007-1820 (Nortel Networks CallPilot and Meridian Mail voicemail systems,
when a ...)
+	TODO: check
+CVE-2007-1819 (Unspecified vulnerability in a certain ActiveX control in
TestDirector ...)
+	TODO: check
+CVE-2007-1818 (PHP remote file inclusion vulnerability in
MOD_forum_fields_parse.php ...)
+	TODO: check
+CVE-2007-1817 (SQL injection vulnerability in index.php in the Lykos Reviews
...)
+	TODO: check
+CVE-2007-1816 (SQL injection vulnerability in viewcat.php in the Tutoriais
module for ...)
+	TODO: check
+CVE-2007-1815 (SQL injection vulnerability in viewcat.php in the Library module
for ...)
+	TODO: check
+CVE-2007-1814 (SQL injection vulnerability in viewcat.php in the Core module
for ...)
+	TODO: check
+CVE-2007-1813 (SQL injection vulnerability in display.php in the eCal 2.24 and
...)
+	TODO: check
+CVE-2007-1812 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-1811 (SQL injection vulnerability in index.php in the Tiny Event
(tinyevent) ...)
+	TODO: check
+CVE-2007-1810 (SQL injection vulnerability in product_details.php in the Kshop
1.17 ...)
+	TODO: check
+CVE-2007-1809 (Multiple PHP remote file inclusion vulnerabilities in GraFX
Company ...)
+	TODO: check
+CVE-2007-1808 (SQL injection vulnerability in show.php in the Camportail 1.1
and ...)
+	TODO: check
+CVE-2007-1807 (SQL injection vulnerability in modules/myalbum/viewcat.php in
the ...)
+	TODO: check
+CVE-2007-1806 (SQL injection vulnerability in categos.php in the RM+Soft
Gallery ...)
+	TODO: check
+CVE-2007-1805 (SQL injection vulnerability in genre.php in the debaser 0.92 and
...)
+	TODO: check
+CVE-2007-1804 (PulseAudio 0.9.5 allows remote attackers to cause a denial of
service ...)
+	TODO: check
+CVE-2007-1803 (Unspecified vulnerability in MailDwarf 3.01 and earlier allows
remote ...)
+	TODO: check
+CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and
earlier ...)
+	TODO: check
+CVE-2007-1801 (Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3
Beta ...)
+	TODO: check
+CVE-2007-1800 (Cisco Secure ACS does not require authentication when Cisco
Trust ...)
+	TODO: check
+CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent
before ...)
+	TODO: check
+CVE-2007-1798 (Buffer overflow in the drmgr command for IBM AIX 5.2 and 5.3
allows ...)
+	TODO: check
+CVE-2007-1797 (Multiple integer overflows in ImageMagick before 6.3.3-5 allow
remote ...)
+	TODO: check
+CVE-2007-1796 (Multiple unspecified vulnerabilities in JCcorp URLshrink before
1.3.2 ...)
+	TODO: check
+CVE-2007-1795 (JCcorp URLshrink 1.3.1 allows remote attackers to execute
arbitrary ...)
+	TODO: check
+CVE-2007-1794 (The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris
8, 9, ...)
+	TODO: check
+CVE-2007-1793 (SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33
and ...)
+	TODO: check
+CVE-2007-1792
+	RESERVED
+CVE-2007-1791 (SQL injection vulnerability in wall.php in Picture-Engine 1.2.0
and ...)
+	TODO: check
+CVE-2007-1790 (Multiple PHP remote file inclusion vulnerabilities in Kaqoo
Auction ...)
+	TODO: check
+CVE-2007-1789 (Flyspray 0.9.9 allows remote attackers to obtain sensitive
information ...)
+	TODO: check
+CVE-2007-1788 (Flyspray 0.9.9, when output_buffering is disabled or
"set to a low ...)
+	TODO: check
+CVE-2007-1787 (Multiple PHP remote file inclusion vulnerabilities in ...)
+	TODO: check
+CVE-2007-1786 (SQL injection vulnerability in Hitachi Collaboration - Online
...)
+	TODO: check
+CVE-2007-1785 (The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup
11.5 ...)
+	TODO: check
+CVE-2007-1784 (The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM
Lotus ...)
+	TODO: check
+CVE-2007-1783
+	RESERVED
+CVE-2006-7191 (Untrusted search path vulnerability in lamdaemon.pl in LDAP
Account ...)
+	TODO: check
+CVE-2006-7190 (Cross-site scripting (XSS) vulnerability in
cgi-bin/user-lib/topics.pl ...)
+	TODO: check
+CVE-2006-7189 (Cross-site scripting (XSS) vulnerability in
cgi-bin/admin/logs.cgi in ...)
+	TODO: check
+CVE-2006-7188 (The search function in cgi-lib/user-lib/search.pl in web-app.net
...)
+	TODO: check
+CVE-2006-7187 (Cross-site scripting (XSS) vulnerability in the
show_recent_searches ...)
+	TODO: check
+CVE-2006-7186 (cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows
...)
+	TODO: check
+CVE-2006-7185 (PHP remote file inclusion vulnerability in
includes/user_standard.php ...)
+	TODO: check
+CVE-2006-7184 (Multiple PHP remote file inclusion vulnerabilities in Exhibit
Engine ...)
+	TODO: check
+CVE-2006-7183 (PHP remote file inclusion vulnerability in styles.php in Exhibit
...)
+	TODO: check
 CVE-2007-XXXX [low-entropy default passphrase in Debian''s dtc-xen]
 	- dtc-xen 0.2.8-1 (low; bug #414480)
 CVE-2007-XXXX [file permission race conidition in Debian''s dtc-xen]
@@ -20,7 +154,7 @@
 	TODO: check
 CVE-2007-1777 (Integer overflow in the zip_read_entry function in PHP 4 before
4.4.5 ...)
 	TODO: check
-CVE-2007-1776 (SQL injection vulnerability in index.php in the D4JeZine
(com_ezine) ...)
+CVE-2007-1776 (SQL injection vulnerability in index.php in the
DesignForJoomla.com ...)
 	TODO: check
 CVE-2007-1775 (Unrestricted file upload vulnerability in upload.php3 in
JBrowser 2.4 ...)
 	TODO: check
@@ -439,7 +573,7 @@
 	NOT-FOR-US: StatsDawg
 CVE-2007-1586 (ZynOS 3.40 allows remote attackers to cause a denial of service
(link ...)
 	NOT-FOR-US: Zyxel
-CVE-2007-1585 (The Linksys WAG200G with firmware 1.01.01 allows remote
attackers to ...)
+CVE-2007-1585 (The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with
firmware ...)
 	NOT-FOR-US: Cisco
 CVE-2007-1584 (Buffer underflow in the header function in PHP 5.2.0 allows ...)
 	- php5 <unfixed>
@@ -2035,7 +2169,7 @@
 	- ekiga 2.0.3-2.1 (bug #411944; high)
 CVE-2007-1005 (Heap-based buffer overflow in SW3eng.exe in the eID Engine
service in ...)
 	NOT-FOR-US: eTrust Intrusion Detection
-CVE-2007-1004 (Mozilla Firefox mmight allow remote attackers to condut spoofing
and ...)
+CVE-2007-1004 (Mozilla Firefox might allow remote attackers to conduct spoofing
and ...)
 	- iceweasel <unfixed> (low)
 	- iceape <unfixed> (low)
 	- xulrunner <unfixed> (low)
@@ -2866,7 +3000,7 @@
 	NOT-FOR-US: Apple Mac
 CVE-2007-0721 (Unspecified vulnerability in diskimages-helper in Apple Mac OS X
...)
 	NOT-FOR-US: Apple Mac
-CVE-2007-0720 (The CUPS service in Apple Mac OS X 10.3.9 and 10.4 through
10.4.8 ...)
+CVE-2007-0720 (The CUPS service on multiple platforms allows remote attackers
to ...)
 	- cupsys <unfixed> (low)
 	[sarge] - cupsys <no-dsa> (Minor, conceptual design problem)
 	[etch] - cupsys <no-dsa> (Minor, conceptual design problem)
@@ -7076,8 +7210,8 @@
 	NOT-FOR-US: Symantec Veritas NetBackup
 CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1
function in ...)
 	NOT-FOR-US: Citrix
-CVE-2006-5820
-	RESERVED
+CVE-2006-5820 (The LinkSBIcons method in the SuperBuddy ActiveX control ...)
+	TODO: check
 CVE-2006-5819 (Verity Ultraseek before 5.7 allows remote attackers to use the
server ...)
 	NOT-FOR-US: Verity Ultraseek
 CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c
for GNU ...)