thr3ads.net - Secure testing commits - [Secure-testing-commits] r5647

If this information is useful, please help other people find it:
Share via:
Joey Hess
2007-Apr-11 21:14 UTC
[Secure-testing-commits] r5647 - data/CVE

Author: joeyh
Date: 2007-04-11 21:14:14 +0000 (Wed, 11 Apr 2007)
New Revision: 5647

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-04-11 19:51:12 UTC (rev 5646)
+++ data/CVE/list	2007-04-11 21:14:14 UTC (rev 5647)
@@ -1,3 +1,271 @@
+CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul
Sitesi ...)
+	TODO: check
+CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an
HTTPS ...)
+	TODO: check
+CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in
Sam ...)
+	TODO: check
+CVE-2007-1968 (PHP remote file inclusion vulnerability in games.php in Sam Crew
...)
+	TODO: check
+CVE-2007-1967 (PHP remote file inclusion vulnerability in index.php in stat12
allows ...)
+	TODO: check
+CVE-2007-1966 (Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier
allows ...)
+	TODO: check
+CVE-2007-1965 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS
...)
+	TODO: check
+CVE-2007-1964 (member.php in MyBB (aka MyBulletinBoard), when debug mode is
...)
+	TODO: check
+CVE-2007-1963 (SQL injection vulnerability in the create_session function in
...)
+	TODO: check
+CVE-2007-1962 (SQL injection vulnerability in index.php in the WF-Snippets 1.02
and ...)
+	TODO: check
+CVE-2007-1961 (PHP remote file inclusion vulnerability in mutant_functions.php
in the ...)
+	TODO: check
+CVE-2007-1960 (SQL injection vulnerability in visit.php in the Rha7 Downloads
...)
+	TODO: check
+CVE-2007-1959 (Unspecified vulnerability in the process_cmdent function in ...)
+	TODO: check
+CVE-2007-1958 (Buffer overflow in TinyMUX before 2.4 allows attackers to cause
a ...)
+	TODO: check
+CVE-2007-1957 (Multiple PHP remote file inclusion vulnerabilities in Guernion
Sylvain ...)
+	TODO: check
+CVE-2007-1956 (SQL injection vulnerability in ubbthreads.php in Groupee
UBB.threads ...)
+	TODO: check
+CVE-2007-1955 (Multiple stack-based buffer overflows in the SignKorea SKCrypAX
...)
+	TODO: check
+CVE-2007-1954 (Multiple directory traversal vulnerabilities in ArchiveXpert
2.02 ...)
+	TODO: check
+CVE-2007-1953 (Session fixation vulnerability in onelook courts on-line allows
remote ...)
+	TODO: check
+CVE-2007-1952 (Session fixation vulnerability in onelook onebyone CMS allows
remote ...)
+	TODO: check
+CVE-2007-1951 (Session fixation vulnerability in onelook obo Shop allows remote
...)
+	TODO: check
+CVE-2007-1950 (Cross-site scripting (XSS) vulnerability in index_cms.php in
...)
+	TODO: check
+CVE-2007-1949 (Session fixation vulnerability in WebBlizzard CMS allows remote
...)
+	TODO: check
+CVE-2007-1948 (Buffer overflow in IrfanView 3.99 allows context-dependent
attackers ...)
+	TODO: check
+CVE-2007-1947 (Cross-zone scripting vulnerability in the DOM templates
(domplates) ...)
+	TODO: check
+CVE-2007-1946 (Integer overflow in Windows Explorer in Microsoft Windows XP SP1
might ...)
+	TODO: check
+CVE-2007-1945 (Unspecified vulnerability in the Servlet Engine/Web Container in
IBM ...)
+	TODO: check
+CVE-2007-1944 (The Java Message Service (JMS) in IBM WebSphere Application
Server ...)
+	TODO: check
+CVE-2007-1943 (Integer overflow in ACDSee Photo Manager 9.0 allows
context-dependent ...)
+	TODO: check
+CVE-2007-1942 (Integer overflow in FastStone Image Viewer 2.9 allows ...)
+	TODO: check
+CVE-2007-1941 (Cross-site scripting (XSS) vulnerability in the Active Content
Filter ...)
+	TODO: check
+CVE-2007-1940 (IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim
Fix 1 ...)
+	TODO: check
+CVE-2007-1939 (Cross-site scripting (XSS) vulnerability in the embedded
webserver in ...)
+	TODO: check
+CVE-2007-1938 (Ichitaro 2005 through 2007, and possibly related products,
allows ...)
+	TODO: check
+CVE-2007-1937 (PHP remote file inclusion vulnerability in smilies.php in Scorp
Book ...)
+	TODO: check
+CVE-2007-1936 (PHP remote file inclusion vulnerability in scaradcontrol.php in
...)
+	TODO: check
+CVE-2007-1935 (PHP file inclusion vulnerability in admin/index.php in
ScarAdControl ...)
+	TODO: check
+CVE-2007-1934 (Directory traversal vulnerability in member.php in the eBoard
1.0.7 ...)
+	TODO: check
+CVE-2007-1933 (Multiple directory traversal vulnerabilities in PcP-Guestbook
...)
+	TODO: check
+CVE-2007-1932 (Directory traversal vulnerability in scarnews.inc.php in
ScarNews ...)
+	TODO: check
+CVE-2007-1931 (SQL injection vulnerability in index.php in the slownik module
in ...)
+	TODO: check
+CVE-2007-1930 (Directory traversal vulnerability in download2.php in cattaDoc
2.21 ...)
+	TODO: check
+CVE-2007-1929 (Directory traversal vulnerability in downloadpic.php in Beryo
2.0 ...)
+	TODO: check
+CVE-2007-1928 (Directory traversal vulnerability in index.php in witshare 0.9
allows ...)
+	TODO: check
+CVE-2007-1927 (Cross-site scripting (XSS) vulnerability in signup.asp in
CmailServer ...)
+	TODO: check
+CVE-2007-1926 (Cross-site scripting (XSS) vulnerability in JBMC Software
DirectAdmin ...)
+	TODO: check
+CVE-2007-1925 (The borrado function in modules/Your_Account/index.php in
Tru-Zone ...)
+	TODO: check
+CVE-2007-1924 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-1923 ((1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access
control ...)
+	TODO: check
+CVE-2007-1922 (The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in
...)
+	TODO: check
+CVE-2007-1921 (LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly
other ...)
+	TODO: check
+CVE-2007-1920 (SQL injection vulnerability in index.php in the aktualnosci
module in ...)
+	TODO: check
+CVE-2007-1919 (Cross-site scripting (XSS) vulnerability in index.php in Arizona
Dream ...)
+	TODO: check
+CVE-2007-1918 (The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library
6.40 ...)
+	TODO: check
+CVE-2007-1917 (Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the
SAP RFC ...)
+	TODO: check
+CVE-2007-1916 (Buffer overflow in the RFC_START_GUI function in the SAP RFC
Library ...)
+	TODO: check
+CVE-2007-1915 (Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC
...)
+	TODO: check
+CVE-2007-1914 (The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and
7.00 ...)
+	TODO: check
+CVE-2007-1913 (The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40
and ...)
+	TODO: check
+CVE-2007-1912 (Heap-based buffer overflow in Microsoft Windows allows
user-assisted ...)
+	TODO: check
+CVE-2007-1911 (Multiple unspecified vulnerabilities in Microsoft Word 2007
allow ...)
+	TODO: check
+CVE-2007-1910 (Buffer overflow in wwlib.dll in Microsoft Word 2007 allows
remote ...)
+	TODO: check
+CVE-2007-1909 (SQL injection vulnerability in login.php in Ryan Haudenschilt
...)
+	TODO: check
+CVE-2007-1908 (PHP file inclusion vulnerability in php121db.php in PHP121
Instant ...)
+	TODO: check
+CVE-2007-1907 (PHP remote file inclusion vulnerability in warn.php in Pathos
Content ...)
+	TODO: check
+CVE-2007-1906 (Directory traversal vulnerability in richedit/keyboard.php in
eCardMAX ...)
+	TODO: check
+CVE-2007-1905 (Cross-site scripting (XSS) vulnerability in auth.php in
Pineapple ...)
+	TODO: check
+CVE-2007-1904 (Directory traversal vulnerability in AOL Instant Messenger (AIM)
5.9 ...)
+	TODO: check
+CVE-2007-1903
+	RESERVED
+CVE-2007-1902
+	RESERVED
+CVE-2007-1901
+	RESERVED
+CVE-2007-1900 (CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter
in ...)
+	TODO: check
+CVE-2007-1899
+	RESERVED
+CVE-2007-1898
+	RESERVED
+CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress
2.1.2, ...)
+	TODO: check
+CVE-2007-1896 (Directory traversal vulnerability in chat.php in Sky GUNNING
MySpeach ...)
+	TODO: check
+CVE-2007-1895 (PHP remote file inclusion vulnerability in chat.php in Sky
GUNNING ...)
+	TODO: check
+CVE-2007-1894 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2007-1893 (xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier,
allows ...)
+	TODO: check
+CVE-2007-1892
+	RESERVED
+CVE-2007-1891
+	RESERVED
+CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before
4.4.5 and ...)
+	TODO: check
+CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in
the ...)
+	TODO: check
+CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in
src/encode.c ...)
+	TODO: check
+CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the
bundled ...)
+	TODO: check
+CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and
PHP ...)
+	TODO: check
+CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before
4.4.5 and ...)
+	TODO: check
+CVE-2007-1884 (Multiple integer signedness errors in the printf function family
in ...)
+	TODO: check
+CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...)
+	TODO: check
+CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury
...)
+	TODO: check
+CVE-2007-1881 (Unspecified vulnerability in KLIF (klif.sys) in Kaspersky
Anti-Virus, ...)
+	TODO: check
+CVE-2007-1880 (Integer overflow in the _NtSetValueKey function in klif.sys in
...)
+	TODO: check
+CVE-2007-1879 (The StartUploading function in KL.SysInfo ActiveX control ...)
+	TODO: check
+CVE-2007-1878 (Cross-zone scripting vulnerability in the DOM templates
(domplates) ...)
+	TODO: check
+CVE-2007-1877
+	RESERVED
+CVE-2007-1876
+	RESERVED
+CVE-2007-1875
+	RESERVED
+CVE-2007-1874
+	RESERVED
+CVE-2007-1873
+	RESERVED
+CVE-2007-1872
+	RESERVED
+CVE-2007-1871
+	RESERVED
+CVE-2007-1870
+	RESERVED
+CVE-2007-1869
+	RESERVED
+CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS
...)
+	TODO: check
+CVE-2007-1867 (Buffer overflow in IrfanView 3.99 allows remote attackers to
execute ...)
+	TODO: check
+CVE-2007-1866 (Stack-based buffer overflow in the dns_decode_reverse_name
function in ...)
+	TODO: check
+CVE-2007-1865
+	RESERVED
+CVE-2007-1864
+	RESERVED
+CVE-2007-1863
+	RESERVED
+CVE-2007-1862
+	RESERVED
+CVE-2007-1861
+	RESERVED
+CVE-2007-1860
+	RESERVED
+CVE-2007-1859
+	RESERVED
+CVE-2007-1858
+	RESERVED
+CVE-2007-1857
+	RESERVED
+CVE-2007-1856
+	RESERVED
+CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in ...)
+	TODO: check
+CVE-2007-1854 (Unspecified vulnerability in Hitachi Cosminexus Component
Container ...)
+	TODO: check
+CVE-2007-1853 (Unspecified vulnerability in Hitachi JP1/HiCommand
DeviceManager, ...)
+	TODO: check
+CVE-2007-1852 (Multiple PHP remote file inclusion vulnerabilities in 2BGal
3.1.1 ...)
+	TODO: check
+CVE-2007-1851 (Multiple directory traversal vulnerabilities in Really Simple
PHP and ...)
+	TODO: check
+CVE-2007-1850 (Directory traversal vulnerability in
classes/captcha/captcha.jpg.php ...)
+	TODO: check
+CVE-2007-1849 (Directory traversal vulnerability in 404.php in Drake CMS allows
...)
+	TODO: check
+CVE-2007-1848 (Cross-site scripting (XSS) vulnerability in
admin/classes/ui.dta.php ...)
+	TODO: check
+CVE-2007-1847 (SQL injection vulnerability in viewcat.php in the Repository
module ...)
+	TODO: check
+CVE-2007-1846 (SQL injection vulnerability in index.php in the MyAds 2.04jp and
...)
+	TODO: check
+CVE-2007-1845 (SQL injection vulnerability in show_event.php in the Expanded
Calendar ...)
+	TODO: check
+CVE-2007-1844 (Multiple PHP remote file inclusion vulnerabilities in Aardvark
...)
+	TODO: check
+CVE-2007-1843 (PHP remote file inclusion vulnerability in
gmapfactory/params.php in ...)
+	TODO: check
+CVE-2007-1842 (Directory traversal vulnerability in login.php in JSBoard before
...)
+	TODO: check
+CVE-2007-1841 (The isakmp_info_recv function in src/racoon/isakmp_inf.c in
racoon in ...)
+	TODO: check
+CVE-2006-7192 (Microsoft ASP .NET Framework 2.0.50727.42 does not properly
handle ...)
+	TODO: check
+CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, and 5.1.x
before ...)
+	TODO: check
+CVE-2005-4836
+	RESERVED
 CVE-2007-XXXX [Dos in quagga''s bgpd through MP_REACH_NLRI and
MP_UNREACH_NLRI]
 	- quagga <unfixed> (low; bug #418323)
 	NOTE: The attributes are non-transitive, which means that they
@@ -53,7 +321,7 @@
 	NOT-FOR-US: Sprint Nextel
 CVE-2007-1820 (Nortel Networks CallPilot and Meridian Mail voicemail systems,
when a ...)
 	NOT-FOR-US: Nortel Networks
-CVE-2007-1819 (Unspecified vulnerability in a certain ActiveX control in
TestDirector ...)
+CVE-2007-1819 (Stack-based buffer overflow in the SPIDERLib.Loader ActiveX
control ...)
 	NOT-FOR-US: ActiveX control in TestDirector
 CVE-2007-1818 (PHP remote file inclusion vulnerability in
MOD_forum_fields_parse.php ...)
 	NOT-FOR-US: Forum picture and META tags module for phpBB
@@ -95,7 +363,7 @@
 	NOT-FOR-US: Cisco Secure ACS
 CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent
before ...)
 	- ktorrent <unfixed> (medium)
-CVE-2007-1798 (Buffer overflow in the drmgr command for IBM AIX 5.2 and 5.3
allows ...)
+CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3
allows ...)
 	NOT-FOR-US: IBM AIX
 CVE-2007-1797 (Multiple integer overflows in ImageMagick before 6.3.3-5 allow
remote ...)
 	- imagemagick <unfixed> (medium)
@@ -180,7 +448,7 @@
 	NOT-FOR-US: HP JetDirect
 CVE-2007-1771 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Ay System Solutions Web Content System
-CVE-2007-1770 (ESRI ArcSDE 8.3, 9.0, and 9.1 before 20070327, when using three
tiered ...)
+CVE-2007-1770 (Buffer overflow in the ArcSDE service (giomgr) in Environmental
...)
 	NOT-FOR-US: ArcSDE
 CVE-2007-1769 (Cross-site scripting (XSS) vulnerability in /search in Mephisto
0.7.3 ...)
 	NOT-FOR-US: Mephisto
@@ -357,22 +625,22 @@
 	RESERVED
 CVE-2007-1688
 	RESERVED
-CVE-2007-1687
-	RESERVED
+CVE-2007-1687 (Multiple buffer overflows in the Internet Pictures Corporation
iPIX ...)
+	TODO: check
 CVE-2007-1686
 	RESERVED
 CVE-2007-1685
 	RESERVED
-CVE-2007-1684
-	RESERVED
+CVE-2007-1684 (The Run function in SolidWorks sldimdownload ActiveX control in
...)
+	TODO: check
 CVE-2007-1683
 	RESERVED
 CVE-2007-1682
 	RESERVED
 CVE-2007-1681
 	RESERVED
-CVE-2007-1680
-	RESERVED
+CVE-2007-1680 (Stack-based buffer overflow in the createAndJoinConference
function in ...)
+	TODO: check
 CVE-2007-1679 (** DISPUTED ** ...)
 	TODO: check
 CVE-2007-1678 (Cross-site scripting (XSS) vulnerability in the Fizzle 0.5
extension ...)
@@ -694,7 +962,7 @@
 	- sql-ledger <unfixed> (unimportant; bug #409703)
 	NOTE: It''s documented behaviour that SQL-Ledger should only be run in
an
 	NOTE: authenticated HTTP zone and without untrusted users
-CVE-2007-1540 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27
and ...)
+CVE-2007-1540 (Directory traversal vulnerability in am.pl in (1) SQL-Ledger
2.6.27 ...)
 	- sql-ledger <unfixed> (unimportant; bug #409703)
 	NOTE: It''s documented behaviour that SQL-Ledger should only be run in
an
 	NOTE: authenticated HTTP zone and without untrusted users
@@ -717,7 +985,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2007-1532 (The neighbor discovery implementation in Microsoft Windows Vista
...)
 	NOT-FOR-US: Microsoft
-CVE-2007-1531 (Microsoft Windows Vista overwrites ARP table entries included in
...)
+CVE-2007-1531 (Microsoft Windows XP and Vista overwrites ARP table entries
included ...)
 	NOT-FOR-US: Microsoft
 CVE-2007-1530 (The LLTD Mapper in Microsoft Windows Vista does not properly
gather ...)
 	NOT-FOR-US: Microsoft
@@ -1130,8 +1398,7 @@
 	- libapache-mod-security <removed>
 CVE-2007-1358
 	RESERVED
-CVE-2007-1357 [linux kernel appletalk remote DoS]
-	RESERVED
+CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x
before ...)
 	- linux-2.6 2.6.20-1
 CVE-2007-1356
 	RESERVED
@@ -1141,11 +1408,9 @@
 	RESERVED
 CVE-2007-1353
 	RESERVED
-CVE-2007-1352
-	RESERVED
+CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org
libXfont ...)
 	- libxfont 1:1.2.2-2 (medium)
-CVE-2007-1351
-	RESERVED
+CVE-2007-1351 (Integer overflow in the bdfReadCharacters function in bdfread.c
in (1) ...)
 	- libxfont 1:1.2.2-2 (medium)
 CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail
3.5.2 ...)
 	NOT-FOR-US: Novell NetMail
@@ -1433,10 +1698,10 @@
 	NOT-FOR-US: NetBSD Kernel
 CVE-2007-1272
 	RESERVED
-CVE-2007-1271
-	RESERVED
-CVE-2007-1270
-	RESERVED
+CVE-2007-1271 (Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow
...)
+	TODO: check
+CVE-2007-1270 (Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1
allows ...)
+	TODO: check
 CVE-2007-1269 (GNUMail 1.1.2 and earlier does not properly use the --status-fd
...)
 	- gnumail <unfixed> (unimportant)
 	NOTE: this is a "feature request", since gnupg is fixed from
CVE-2007-1263
@@ -1560,34 +1825,33 @@
 	- asterisk-chan-capi 0.7.1-1.1 (bug #411293)
 	- linux-2.6 <unfixed> (bug #411294; low)
 	NOTE: Not exploitable over ISDN network, only through a CAPI server
-CVE-2007-1216
-	RESERVED
+CVE-2007-1216 (Double-free vulnerability in the GSS-API library, as used by the
...)
 	{DSA-1276-1}
 	- krb5 1.4.4-8 (high)
-CVE-2007-1215
-	RESERVED
+CVE-2007-1215 (Buffer overflow in the Graphics Device Interface (GDI) in
Microsoft ...)
+	TODO: check
 CVE-2007-1214
 	RESERVED
-CVE-2007-1213
-	RESERVED
-CVE-2007-1212
-	RESERVED
-CVE-2007-1211
-	RESERVED
+CVE-2007-1213 (The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4
allows ...)
+	TODO: check
+CVE-2007-1212 (Buffer overflow in the Graphics Device Interface (GDI) in
Microsoft ...)
+	TODO: check
+CVE-2007-1211 (Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1,
and SP2 ...)
+	TODO: check
 CVE-2007-1210
 	RESERVED
-CVE-2007-1209
-	RESERVED
+CVE-2007-1209 (Use-after-free vulnerability in the Client/Server Run-time
Subsystem ...)
+	TODO: check
 CVE-2007-1208
 	RESERVED
 CVE-2007-1207
 	RESERVED
-CVE-2007-1206
-	RESERVED
-CVE-2007-1205
-	RESERVED
-CVE-2007-1204
-	RESERVED
+CVE-2007-1206 (The Windows Kernel in Microsoft Windows 2000 SP4, XP SP2, and
Server ...)
+	TODO: check
+CVE-2007-1205 (Unspecified vulnerability in Microsoft Agent
(msagent\agentsvr.exe) in ...)
+	TODO: check
+CVE-2007-1204 (Unspecified vulnerability in the Universal Plug and Play (UPnP)
...)
+	TODO: check
 CVE-2007-1203
 	RESERVED
 CVE-2007-1202
@@ -1821,8 +2085,8 @@
 	NOT-FOR-US: Microsoft IE
 CVE-2007-1113
 	RESERVED
-CVE-2007-1112
-	RESERVED
+CVE-2007-1112 (Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes
unsafe ...)
+	TODO: check
 CVE-2007-1111 (Multiple cross-site scripting (XSS) vulnerabilities in
ActiveCalendar ...)
 	NOT-FOR-US: ActiveCalendar
 CVE-2007-1110 (Directory traversal vulnerability in data/showcode.php in ...)
@@ -2227,14 +2491,13 @@
 	- iceape <unfixed> (low)
 	- xulrunner <unfixed> (low)
 	NOTE: maintainer notes that this may affect browsers based on xulrunner
-CVE-2007-1003 [X.org resource management memory corruption]
-	RESERVED
+CVE-2007-1003 (Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList
...)
 	- xorg-server 2:1.1.1-21 (medium)
 CVE-2007-1002 (Format string vulnerability in the write_html function in ...)
 	- evolution <unfixed>
 	[sarge] - evolution <not-affected> (Vulnerable code not present)
-CVE-2007-1001
-	RESERVED
+CVE-2007-1001 (Multiple integer overflows in the (1) createwbmp and (2)
readwbmp ...)
+	TODO: check
 CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c
in the ...)
 	- linux-2.6 2.6.18.dfsg.1-12 (medium)
 CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other
...)
@@ -2267,7 +2530,7 @@
 	RESERVED
 CVE-2007-0989
 	RESERVED
-CVE-2007-0988 (The zend_hash_init function in PHP, when running on a 64-bit
platform, ...)
+CVE-2007-0988 (The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4
before ...)
 	{DSA-1264-1}
 	- php4 6:4.4.4-9
 	- php5 5.2.0-9
@@ -2337,12 +2600,10 @@
 	NOT-FOR-US: Cisco PIX
 CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read
unreadable ...)
 	- linux-2.6 <unfixed> (unimportant)
-CVE-2007-0957
-	RESERVED
+CVE-2007-0957 (Stack-based buffer overflow in the krb5_klog_syslog function in
the ...)
 	{DSA-1276-1}
 	- krb5 1.4.4-8 (high)
-CVE-2007-0956
-	RESERVED
+CVE-2007-0956 (The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows
remote ...)
 	{DSA-1276-1}
 	- krb5 1.4.4-8 (high)
 CVE-2007-0955 (The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable ...)
@@ -2377,10 +2638,10 @@
 	RESERVED
 CVE-2007-0940
 	RESERVED
-CVE-2007-0939
-	RESERVED
-CVE-2007-0938
-	RESERVED
+CVE-2007-0939 (Cross-site scripting (XSS) vulnerability in Microsoft Content
...)
+	TODO: check
+CVE-2007-0938 (Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2
does ...)
+	TODO: check
 CVE-2007-0937
 	RESERVED
 CVE-2007-0936
@@ -2485,7 +2746,7 @@
 	NOTE: other half is possibly CHECKME-printfstuff-maybecve.diff and
 	NOTE: CHECKME-formattedprint-maybecve.diff and 
 	NOTE: CHECKME-main.c-precision-maybecve.diff in the same place.
-CVE-2007-0908 (The wddx extension in PHP before 5.2.1 allows remote attackers
to ...)
+CVE-2007-0908 (The WDDX deserializer in the wddx extension in PHP 5 before
5.2.1 and ...)
 	- php5 5.2.0-9 (unimportant)
 	- php4 6:4.4.4-9 (unimportant)
 	NOTE: this extension is not enabled in the php packages
@@ -3031,8 +3292,8 @@
 	RESERVED
 CVE-2007-0735
 	RESERVED
-CVE-2007-0734
-	RESERVED
+CVE-2007-0734 (The AirPort Disk feature of the AirPort Extreme Base Station
with ...)
+	TODO: check
 CVE-2007-0733 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9
and 10.4 ...)
 	NOT-FOR-US: Apple Mac ImageIO
 CVE-2007-0732
@@ -3708,8 +3969,8 @@
 	RESERVED
 CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for
Hewlett-Packard ...)
 	NOT-FOR-US: HP Mercury
-CVE-2007-0445
-	RESERVED
+CVE-2007-0445 (Heap-based buffer overflow in the arj.ppl module in the OnDemand
...)
+	TODO: check
 CVE-2007-0444 (Stack-based buffer overflow in the print provider library
(cpprov.dll) ...)
 	NOT-FOR-US: Citrix
 CVE-2007-0443
@@ -4173,8 +4434,7 @@
 	RESERVED
 CVE-2007-0243 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE)
5.0 ...)
 	- sun-java5 1.5.0-10-1
-CVE-2007-0242 [too lenient UTF-8 decoder in src/codecs/qutfcodec.cpp]
-	RESERVED
+CVE-2007-0242 (The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3
does ...)
 	- qt4-x11 4.2.2-2
 	- qt-x11-free 3:3.3.7-4
 CVE-2007-0241
@@ -4188,7 +4448,7 @@
 	{DSA-1270-1}
 	- openoffice.org 2.0.4.dfsg.2-6
 	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
-CVE-2007-0238 (Stack-based buffer overflow in the StarCalc parser in
OpenOffice.org ...)
+CVE-2007-0238 (Stack-based buffer overflow in filter\starcalc\scflt.cxx in the
...)
 	{DSA-1270-1}
 	- openoffice.org 2.0.4.dfsg.2-6
 	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
@@ -7017,7 +7277,8 @@
 	NOT-FOR-US: Less Inventory Manager
 CVE-2006-5942 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Less Inventory Manager
-CVE-2006-5941 (snmpd in (1) the SUNWsmagt package in Solaris 10 before 20061122
and ...)
+CVE-2006-5941
+	REJECTED
 	NOT-FOR-US: Solaris, see #400557
 CVE-2006-5940 (Unspecified vulnerability in Grisoft AVG Anti-Virus before
7.1.407 has ...)
 	NOT-FOR-US: Grisoft AVG Anti-Virus
@@ -7412,7 +7673,7 @@
 	NOT-FOR-US: phpDynaSite
 CVE-2006-5759 (index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows
remote ...)
 	NOT-FOR-US: Rhadrix If-CMS
-CVE-2006-5758 (Microsoft Windows 2000 through 2000 SP4 and Windows XP through
SP2 ...)
+CVE-2006-5758 (The Graphics Rendering Engine in Microsoft Windows 2000 through
2000 ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-5757 (Race condition in the __find_get_block_slow function in the
ISO9660 ...)
 	- linux-2.6 2.6.18.dfsg.1-10 (low)
@@ -7793,8 +8054,8 @@
 	NOT-FOR-US: CMS Faethon
 CVE-2006-5587 (Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3
and ...)
 	NOT-FOR-US: MDweb
-CVE-2006-5586
-	RESERVED
+CVE-2006-5586 (The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and
XP SP2 ...)
+	TODO: check
 CVE-2006-5585 (The Client-Server Run-time Subsystem in Microsoft Windows XP SP2
and ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-5584 (The Remote Installation Service (RIS) in Microsoft Windows 2000
SP4 ...)
@@ -10800,8 +11061,7 @@
 	{DSA-1211}
 	- pdns-recursor 3.1.4-1 (bug #398557; high)
 	- pdns <not-affected> (Recursor module has been moved to pdns-recursor)
-CVE-2006-4250 [buffer overflow in man-db]
-	RESERVED
+CVE-2006-4250 (Buffer overflow in man and man-db 2.4.3 and earlier allows local
users ...)
 	{DSA-1278-1}
 	- man-db 2.4.3-5
 CVE-2006-4249 (Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1,
when ...)
@@ -11931,7 +12191,7 @@
 	NOT-FOR-US: IDevSpot PhpLinkExchange
 CVE-2006-3776 (PHP remote file inclusion vulnerability in order/index.php in
IDevSpot ...)
 	NOT-FOR-US: IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0
-CVE-2006-3775 (SQL injection vulnerability in class_session.php in MyBB (aka
...)
+CVE-2006-3775 (SQL injection vulnerability in the init function in
class_session.php ...)
 	NOT-FOR-US: MyBB
 CVE-2006-3774 (PHP remote file inclusion vulnerability in performs.php in the
...)
 	NOT-FOR-US: perForms component (com_performs) for Joomla!
@@ -28644,7 +28904,7 @@
 CVE-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands
via ...)
 	NOTE: How bizarre, they assign a CVE Id without knowing which product contains
 	NOTE: the affected probe.cgi
-CVE-2005-2177 (Unknown vulnerability in Net-SNMP 5.0.x before 5.0.10.2, 5.2.x
before ...)
+CVE-2005-2177 (Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3,
when ...)
 	{DSA-873-1}
 	- net-snmp 5.2.1.2-1 (bug #318420; low)
 	- ucd-snmp 4.2.5-5.1 (bug #337394; low)
Secure testing commits - Apr 2007 - r5647 - data/CVE

[Secure-testing-commits] r5647 - data/CVE
