thr3ads.net - Secure testing commits - [Secure-testing-commits] r5956

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Jun-01 09:14 UTC
[Secure-testing-commits] r5956 - data/CVE

Author: joeyh
Date: 2007-06-01 09:14:07 +0000 (Fri, 01 Jun 2007)
New Revision: 5956

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-06-01 09:00:11 UTC (rev 5955)
+++ data/CVE/list	2007-06-01 09:14:07 UTC (rev 5956)
@@ -1,3 +1,351 @@
+CVE-2007-2967 (Multiple F-Secure anti-virus products for Microsoft Windows and
Linux ...)
+	TODO: check
+CVE-2007-2966 (Buffer overflow in the LHA decompresion component in F-Secure
...)
+	TODO: check
+CVE-2007-2965 (Unspecified vulnerability in the Real-time Scanning component in
...)
+	TODO: check
+CVE-2007-2964 (The fsmsh.dll host module in F-Secure Policy Manager Server 7.00
and ...)
+	TODO: check
+CVE-2007-2963 (Multiple cross-site scripting (XSS) vulnerabilities in Invision
Power ...)
+	TODO: check
+CVE-2007-2962 (Cross-site scripting (XSS) vulnerability in search.php in
Particle ...)
+	TODO: check
+CVE-2007-2961 (Unrestricted file upload vulnerability in FileCloset before
1.1.5 ...)
+	TODO: check
+CVE-2007-2960 (Multiple directory traversal vulnerabilities in Scallywag
2005-04-25 ...)
+	TODO: check
+CVE-2007-2959 (SQL injection vulnerability in manufacturer.php in cpCommerce
before ...)
+	TODO: check
+CVE-2007-2958
+	RESERVED
+CVE-2007-2957
+	RESERVED
+CVE-2007-2956
+	RESERVED
+CVE-2007-2955
+	RESERVED
+CVE-2007-2954
+	RESERVED
+CVE-2007-2953
+	RESERVED
+CVE-2007-2952
+	RESERVED
+CVE-2007-2951
+	RESERVED
+CVE-2007-2950
+	RESERVED
+CVE-2007-2949
+	RESERVED
+CVE-2007-2948
+	RESERVED
+CVE-2007-2947 (Multiple PHP remote file inclusion vulnerabilities in OpenBASE
Alpha ...)
+	TODO: check
+CVE-2007-2946 (Buffer overflow in a certain ActiveX control in LeadTools Raster
...)
+	TODO: check
+CVE-2007-2945 (RMForum stores sensitive information under the web root with
...)
+	TODO: check
+CVE-2007-2944 (WabCMS 1.0 stores sensitive information under the web root with
...)
+	TODO: check
+CVE-2007-2943 (PHP remote file inclusion vulnerability in class/class.php in
Webavis ...)
+	TODO: check
+CVE-2007-2942 (SQL injection vulnerability in user.php in My Little Forum 1.7
and ...)
+	TODO: check
+CVE-2007-2941 (Multiple PHP remote file inclusion vulnerabilities in the
creator in ...)
+	TODO: check
+CVE-2007-2940 (Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b
(1.0 ...)
+	TODO: check
+CVE-2007-2939 (Multiple PHP remote file inclusion vulnerabilities in
Mazen''s PHP Chat ...)
+	TODO: check
+CVE-2007-2938 (Buffer overflow in the BaseRunner ActiveX control in the Ademco
...)
+	TODO: check
+CVE-2007-2937 (PHP remote file inclusion vulnerability in admin/admin.php in
TROforum ...)
+	TODO: check
+CVE-2007-2936 (Multiple PHP remote file inclusion vulnerabilities in Frequency
Clock ...)
+	TODO: check
+CVE-2007-2935 (core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1
allows ...)
+	TODO: check
+CVE-2007-2934 (Directory traversal vulnerability in skins/common.css.php in
Vistered ...)
+	TODO: check
+CVE-2007-2933 (SQL injection vulnerability in index.php in the Phil-a-Form ...)
+	TODO: check
+CVE-2007-2932 (Cross-site scripting (XSS) vulnerability in index.php in
BoastMachine ...)
+	TODO: check
+CVE-2007-2931
+	RESERVED
+CVE-2007-2930
+	RESERVED
+CVE-2007-2929
+	RESERVED
+CVE-2007-2928
+	RESERVED
+CVE-2007-2927
+	RESERVED
+CVE-2007-2926
+	RESERVED
+CVE-2007-2925
+	RESERVED
+CVE-2007-2924
+	RESERVED
+CVE-2007-2923
+	RESERVED
+CVE-2007-2922
+	RESERVED
+CVE-2007-2921
+	RESERVED
+CVE-2007-2920
+	RESERVED
+CVE-2007-2919
+	RESERVED
+CVE-2007-2918
+	RESERVED
+CVE-2007-2917
+	RESERVED
+CVE-2007-2916 (Cross-site scripting (XSS) vulnerability in showown.php in GMTT
Music ...)
+	TODO: check
+CVE-2007-2915 (Cross-site scripting (XSS) vulnerability in RM EasyMail Plus
allows ...)
+	TODO: check
+CVE-2007-2914 (Multiple cross-site scripting (XSS) vulnerabilities in
PsychoStats ...)
+	TODO: check
+CVE-2007-2913 (Cross-site scripting (XSS) vulnerability in index.php in
ClonusWiki .5 ...)
+	TODO: check
+CVE-2007-2912 (Unspecified vulnerability in Jelsoft vBulletin before 3.6.6,
when ...)
+	TODO: check
+CVE-2007-2911 (SQL injection vulnerability in admincp/attachment.php in Jelsoft
...)
+	TODO: check
+CVE-2007-2910 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin
before ...)
+	TODO: check
+CVE-2007-2909 (Cross-site scripting (XSS) vulnerability in calendar.php in
Jelsoft ...)
+	TODO: check
+CVE-2007-2908 (Cross-site scripting (XSS) vulnerability in calendar.php in
Jelsoft ...)
+	TODO: check
+CVE-2007-2907 (Unspecified vulnerability in SSL-Explorer before 0.2.13 allows
remote ...)
+	TODO: check
+CVE-2007-2906 (Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a
...)
+	TODO: check
+CVE-2007-2905 (SQL injection vulnerability in includes/rating.php in 2z Project
0.9.5 ...)
+	TODO: check
+CVE-2007-2904 (Cross-site scripting (XSS) vulnerability in Sun Java System
Messaging ...)
+	TODO: check
+CVE-2007-2903 (Buffer overflow in the HelpPopup method in the Microsoft Office
2000 ...)
+	TODO: check
+CVE-2007-2902 (SQL injection vulnerability in main/auth/my_progress.php in
Dokeos ...)
+	TODO: check
+CVE-2007-2901 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos
1.8.0 ...)
+	TODO: check
+CVE-2007-2900 (Multiple PHP remote file inclusion vulnerabilities in Scallywag
...)
+	TODO: check
+CVE-2007-2899 (Direct static code injection vulnerability in admin_config.php
in ...)
+	TODO: check
+CVE-2007-2898 (SQL injection vulnerability in includes/rating.php in 2z Project
0.9.5 ...)
+	TODO: check
+CVE-2007-2897 (Microsoft Internet Information Services (IIS) 6.0 allows remote
...)
+	TODO: check
+CVE-2007-2896 (Race condition in the Symantec Enterprise Security Manager (ESM)
6.5.3 ...)
+	TODO: check
+CVE-2007-2895 (Buffer overflow in a certain ActiveX control in LTRDF14e.DLL
14.5.0.44 ...)
+	TODO: check
+CVE-2007-2894 (The emulated floppy disk controller in Bochs 2.3 allows local
users of ...)
+	TODO: check
+CVE-2007-2893 (Heap-based buffer overflow in the bx_ne2k_c::rx_frame function
in ...)
+	TODO: check
+CVE-2007-2892 (Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke
2.0.7 ...)
+	TODO: check
+CVE-2007-2891 (Multiple PHP remote file inclusion vulnerabilities in FirmWorX
0.1.2 ...)
+	TODO: check
+CVE-2007-2890 (SQL injection vulnerability in category.php in cpCommerce 1.1.0
and ...)
+	TODO: check
+CVE-2007-2889 (SQL injection vulnerability in tracking/courseLog.php in Dokeos
1.6.5 ...)
+	TODO: check
+CVE-2007-2888 (Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier
allows ...)
+	TODO: check
+CVE-2007-2887 (Cross-site scripting (XSS) vulnerability in index.php in Web
Icerik ...)
+	TODO: check
+CVE-2007-2886 (Unspecified vulnerability in the Nortel CS 1000 M media card in
...)
+	TODO: check
+CVE-2007-2885 (The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX
control in ...)
+	TODO: check
+CVE-2007-2884 (Multiple stack-based buffer overflows in Microsoft Visual Basic
6 ...)
+	TODO: check
+CVE-2007-2883 (Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier
...)
+	TODO: check
+CVE-2007-2882 (Unspecified vulnerability in the NFS client module in Sun
Solaris 8 ...)
+	TODO: check
+CVE-2007-2881 (Multiple stack-based buffer overflows in the SOCKS proxy support
...)
+	TODO: check
+CVE-2007-2880 (Multiple cross-site scripting (XSS) vulnerabilities in Digirez
3.4 ...)
+	TODO: check
+CVE-2007-2879 (Cross-site scripting (XSS) vulnerability in mods.php in GTP
GNUTurk ...)
+	TODO: check
+CVE-2007-2878 (The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when
run ...)
+	TODO: check
+CVE-2007-2877 (Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before
8.5a6 ...)
+	TODO: check
+CVE-2007-2876
+	RESERVED
+CVE-2007-2875
+	RESERVED
+CVE-2007-2874
+	RESERVED
+CVE-2007-2873
+	RESERVED
+CVE-2007-2872
+	RESERVED
+CVE-2007-2871 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4,
and ...)
+	TODO: check
+CVE-2007-2870 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4,
and ...)
+	TODO: check
+CVE-2007-2869 (The form autocomplete feature in Mozilla Firefox 1.5.x before
...)
+	TODO: check
+CVE-2007-2868 (Multiple vulnerabilities in the JavaScript engine for Mozilla
Firefox ...)
+	TODO: check
+CVE-2007-2867 (Multiple vulnerabilities in the layout engine for Mozilla
Firefox ...)
+	TODO: check
+CVE-2007-2866 (Multiple SQL injection vulnerabilities in ...)
+	TODO: check
+CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in
phpPgAdmin ...)
+	TODO: check
+CVE-2007-2864
+	RESERVED
+CVE-2007-2863
+	RESERVED
+CVE-2007-2862 (Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might
allow ...)
+	TODO: check
+CVE-2007-2861 (Multiple PHP remote file inclusion vulnerabilities in Simple
...)
+	TODO: check
+CVE-2007-2860 (user.php in BoastMachine 3.0 platinum allows remote
authenticated ...)
+	TODO: check
+CVE-2007-2859 (Multiple PHP remote file inclusion vulnerabilities in SimpGB
1.46.0 ...)
+	TODO: check
+CVE-2007-2858 (SQL injection vulnerability in the IP-Search functionality in
the ...)
+	TODO: check
+CVE-2007-2857 (PHP remote file inclusion vulnerability in sample/xls2mysql in
ABC ...)
+	TODO: check
+CVE-2007-2856 (Buffer overflow in the Dart Communications PowerTCP ZIP
Compression ...)
+	TODO: check
+CVE-2007-2855 (Buffer overflow in a certain ActiveX control in DartZipLite.dll
...)
+	TODO: check
+CVE-2007-2854 (Multiple SQL injection vulnerabilities in account_change.php in
...)
+	TODO: check
+CVE-2007-2853 (The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in
Virtual CD ...)
+	TODO: check
+CVE-2007-2852 (Multiple stack-based buffer overflows in ESET NOD32 Antivirus
before ...)
+	TODO: check
+CVE-2007-2851 (A certain ActiveX control in LeadTools Raster Variant Object
Library ...)
+	TODO: check
+CVE-2007-2850 (The Session Reliability Service (XTE) in Citrix MetaFrame
Presentation ...)
+	TODO: check
+CVE-2007-2849 (KnowledgeTree Document Management (aka KnowledgeTree Open
Source) ...)
+	TODO: check
+CVE-2007-2848 (Stack-based buffer overflow in the SetPath function in the
shComboBox ...)
+	TODO: check
+CVE-2007-2847 (Multiple cross-site scripting (XSS) vulnerabilities in
hlstats.php in ...)
+	TODO: check
+CVE-2007-2846 (Heap-based buffer overflow in the SIS unpacker in avast!
Anti-Virus ...)
+	TODO: check
+CVE-2007-2845 (Heap-based buffer overflow in the CAB unpacker in avast!
Anti-Virus ...)
+	TODO: check
+CVE-2007-2844 (PHP 4.x and 5.x before 5.2.1, when running on multi-threaded
systems, ...)
+	TODO: check
+CVE-2007-2843 (Cross-domain vulnerability in Apple Safari 2.0.4 allows remote
...)
+	TODO: check
+CVE-2007-2842
+	RESERVED
+CVE-2007-2841
+	RESERVED
+CVE-2007-2840
+	RESERVED
+CVE-2007-2839
+	RESERVED
+CVE-2007-2838
+	RESERVED
+CVE-2007-2837
+	RESERVED
+CVE-2007-2836
+	RESERVED
+CVE-2007-2835
+	RESERVED
+CVE-2007-2834
+	RESERVED
+CVE-2007-2833
+	RESERVED
+CVE-2007-2832 (Cross-site scripting (XSS) vulnerability in the web application
...)
+	TODO: check
+CVE-2007-2831 (Array index error in the (1) ieee80211_ioctl_getwmmparams and
(2) ...)
+	TODO: check
+CVE-2007-2830 (The ath_beacon_config function in if_ath.c in MadWifi before
0.9.3.1 ...)
+	TODO: check
+CVE-2007-2829 (The 802.11 network stack in net80211/ieee80211_input.c in
MadWifi ...)
+	TODO: check
+CVE-2007-2828 (Cross-site request forgery (CSRF) vulnerability in
adsense-deluxe.php ...)
+	TODO: check
+CVE-2007-2827 (Heap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS
ActiveX ...)
+	TODO: check
+CVE-2007-2826 (PHP remote file inclusion vulnerability in lib/addressbook.php
in ...)
+	TODO: check
+CVE-2007-2825 (Multiple cross-site scripting (XSS) vulnerabilities in
ReadMsg.php in ...)
+	TODO: check
+CVE-2007-2824 (SQL injection vulnerability in paypal.php in AlstraSoft
E-Friends 4.21 ...)
+	TODO: check
+CVE-2007-2823 (Multiple buffer overflows in HT Editor before 2.0.6 might allow
remote ...)
+	TODO: check
+CVE-2007-2822 (TutorialCMS 1.01 and earlier, when register_globals is enabled,
allows ...)
+	TODO: check
+CVE-2007-2821 (SQL injection vulnerability in wp-admin/admin-ajax.php in
WordPress ...)
+	TODO: check
+CVE-2007-2820 (Multiple stack-based buffer overflows in the KSign KSignSWAT
ActiveX ...)
+	TODO: check
+CVE-2007-2819 (Cross-site scripting (XSS) vulnerability in reportItem.do in
Track+ ...)
+	TODO: check
+CVE-2007-2818 (Cross-site scripting (XSS) vulnerability in cand_login.asp in
...)
+	TODO: check
+CVE-2007-2817 (SQL injection vulnerability in read/index.php in
ol''bookmarks 0.7.4 ...)
+	TODO: check
+CVE-2007-2816 (Multiple PHP remote file inclusion vulnerabilities in
ol''bookmarks ...)
+	TODO: check
+CVE-2007-2815 (The &quot;hit-highlighting&quot; functionality in
webhits.dll in Microsoft ...)
+	TODO: check
+CVE-2007-2814 (Multiple stack-based buffer overflows in the Pegasus
ImagN'' ActiveX ...)
+	TODO: check
+CVE-2007-2813 (Cisco IOS 12.4 and earlier, when using the crypto packages and
SSL ...)
+	TODO: check
+CVE-2007-2812 (Cross-site scripting (XSS) vulnerability in hlstats.php in
HLstats ...)
+	TODO: check
+CVE-2007-2811 (Cross-site scripting (XSS) vulnerability in OSK Advance-Flow
4.41 and ...)
+	TODO: check
+CVE-2007-2810 (SQL injection vulnerability in down_indir.asp in Gazi Download
Portal ...)
+	TODO: check
+CVE-2007-2809 (Buffer overflow in the transfer manager in Opera before 9.21 for
...)
+	TODO: check
+CVE-2007-2808 (Cross-site scripting (XSS) vulnerability in gnatsweb.pl in
Gnatsweb ...)
+	TODO: check
+CVE-2007-2807 (Stack-based buffer overflow in mod/server.mod/servrmsg.c in
Eggdrop ...)
+	TODO: check
+CVE-2007-2806 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2007-2805 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2007-2804 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2007-2803 (SQL injection vulnerability in default.asp in Vizayn Urun
Tanitim ...)
+	TODO: check
+CVE-2007-2802 (Cross-site scripting (XSS) vulnerability in
cp/ps/Main/login/Login in ...)
+	TODO: check
+CVE-2007-2801
+	RESERVED
+CVE-2007-2800
+	RESERVED
+CVE-2007-2799 (Integer overflow in the &quot;file&quot; program 4.20,
when running on 32-bit ...)
+	TODO: check
+CVE-2007-2798
+	RESERVED
+CVE-2006-7205 (The array_fill function in ext/standard/array.c in PHP 4.4.2 and
5.1.2 ...)
+	TODO: check
+CVE-2006-7204 (The imap_body function in PHP before 4.4.4 does not implement
safemode ...)
+	TODO: check
+CVE-2003-1330 (Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute
custom &quot;on ...)
+	TODO: check
+CVE-2001-1581 (The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2
allows ...)
+	TODO: check
 CVE-2007-XXXX [MadWifi several DoS, one of them remote]
 	- madwifi 1:0.9.3-2
 	[etch] - madwifi <no-dsa> (Non-free not supported)
@@ -252,10 +600,10 @@
 	NOT-FOR-US: Check Point
 CVE-2007-2688 (The Cisco Intrusion Prevention System (IPS) and IOS with
Firewall/IPS ...)
 	NOT-FOR-US: Cisco
-CVE-2007-2687
-	RESERVED
-CVE-2007-2686
-	RESERVED
+CVE-2007-2687 (Stack-based buffer overflow in the MicroWorld Agent service ...)
+	TODO: check
+CVE-2007-2686 (Cross-site scripting (XSS) vulnerability in index.php in Jetbox
CMS ...)
+	TODO: check
 CVE-2007-2685 (Multiple SQL injection vulnerabilities in index.php in Jetbox
CMS 2.1 ...)
 	NOT-FOR-US: Jetbox CMS
 CVE-2007-2684 (Jetbox CMS 2.1 allows remote attackers to obtain sensitive
information ...)
@@ -319,7 +667,7 @@
 	NOT-FOR-US: HP
 CVE-2007-2655 (Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail
before ...)
 	NOT-FOR-US: NetWin
-CVE-2007-2654 (xfs_fsr in xfsdump creates a temporary directory with insecure
...)
+CVE-2007-2654 (xfs_fsr in xfsdump creates a .fsr temporary directory with
insecure ...)
 	- xfsdump 2.2.45-1 (bug #417894; low)
 CVE-2007-2653 (Unspecified vulnerability in Vim (Vi IMproved) before 7.1 has
...)
 	NOT-FOR-US: This is bogus, the annoucement refers to the recently discovered
modelines issues
@@ -596,8 +944,8 @@
 	NOT-FOR-US: E-GADS!
 CVE-2007-2520
 	RESERVED
-CVE-2007-2519
-	RESERVED
+CVE-2007-2519 (Directory traversal vulnerability in the installer in PEAR 1.0
through ...)
+	TODO: check
 CVE-2007-2518
 	REJECTED
 CVE-2007-2517
@@ -746,8 +1094,7 @@
 CVE-2007-2452
 	RESERVED
 	- findutils <unfixed> (low; bug #426862)
-CVE-2007-2451 [linux geode-aes security issue]
-	RESERVED
+CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in
GEODE-AES ...)
 	- linux-2.6 2.6.21-3
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present,
introduced in 2.6.20)
 CVE-2007-2450
@@ -890,16 +1237,16 @@
 	RESERVED
 CVE-2007-2391
 	RESERVED
-CVE-2007-2390
-	RESERVED
-CVE-2007-2389
-	RESERVED
-CVE-2007-2388
-	RESERVED
+CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9
allows ...)
+	TODO: check
+CVE-2007-2389 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not
clear ...)
+	TODO: check
+CVE-2007-2388 (Unspecified vulnerability in Apple QuickTime for Java 7.1.6 on
Mac OS ...)
+	TODO: check
 CVE-2007-2387
 	RESERVED
-CVE-2007-2386
-	RESERVED
+CVE-2007-2386 (Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to
10.4.9 ...)
+	TODO: check
 CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object
...)
 	TODO: check yui
 	NOTE: see
http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
@@ -2077,8 +2424,7 @@
 CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux
Kernel ...)
 	{DSA-1289-1}
 	- linux-2.6 2.6.21-1
-CVE-2007-1860 [Apache Tomcat JK Connector Information disclosure]
-	RESERVED
+CVE-2007-1860 (mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before
1.2.23 ...)
 	- libapache-mod-jk <unfixed> (bug #425836)
 CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for
...)
 	- xscreensaver <unfixed> (low)
@@ -3290,8 +3636,8 @@
 	NOT-FOR-US: DropAFew
 CVE-2007-1363 (Multiple SQL injection vulnerabilities in DropAFew before 0.2.1
allow ...)
 	NOT-FOR-US: DropAFew
-CVE-2007-1362
-	RESERVED
+CVE-2007-1362 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4,
and ...)
+	TODO: check
 CVE-2007-1361 (Cross-site scripting (XSS) vulnerability in
virtuemart_parser.php in ...)
 	NOT-FOR-US: VirtueMart
 CVE-2007-1360 (Unspecified vulnerability in the Nodefamily module for Drupal
5.x ...)
@@ -5170,14 +5516,14 @@
 	RESERVED
 CVE-2007-0754 (Heap-based buffer overflow in Apple QuickTime before 7.1.3
allows ...)
 	NOT-FOR-US: Apple QuickTime
-CVE-2007-0753
-	RESERVED
-CVE-2007-0752
-	RESERVED
-CVE-2007-0751
-	RESERVED
-CVE-2007-0750
-	RESERVED
+CVE-2007-0753 (Format string vulnerability in the VPN daemon (vpnd) in Apple
Mac OS X ...)
+	TODO: check
+CVE-2007-0752 (The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership
of the ...)
+	TODO: check
+CVE-2007-0751 (A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9
might ...)
+	TODO: check
+CVE-2007-0750 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to
10.4.9 ...)
+	TODO: check
 CVE-2007-0749 (Multiple stack-based buffer overflows in the is_command function
in ...)
 	NOT-FOR-US: Apple Darwin Streaming Server
 CVE-2007-0748 (Heap-based buffer overflow in Apple Darwin Streaming Proxy, when
using ...)
@@ -5196,8 +5542,8 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2007-0741 (Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9
...)
 	NOT-FOR-US: Apple Mac OS X
-CVE-2007-0740
-	RESERVED
+CVE-2007-0740 (Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not
display ...)
+	TODO: check
 CVE-2007-0739 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays
the ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2007-0738 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not
...)
@@ -5290,16 +5636,16 @@
 	NOT-FOR-US: Free LAN Intranet Portal
 CVE-2007-0695 (Multiple SQL injection vulnerabilities in Free LAN
In(tra|ter)net ...)
 	NOT-FOR-US: Free LAN Intranet Portal
-CVE-2007-0694
-	RESERVED
-CVE-2007-0693
-	RESERVED
-CVE-2007-0692
-	RESERVED
+CVE-2007-0694 (Cross-site scripting (XSS) vulnerability in footer.php in DGNews
2.1 ...)
+	TODO: check
+CVE-2007-0693 (SQL injection vulnerability in news.php in DGNews 2.1 allows
remote ...)
+	TODO: check
+CVE-2007-0692 (DGNews 2.1 allows remote attackers to obtain sensitive
information via ...)
+	TODO: check
 CVE-2007-0691
 	REJECTED
-CVE-2007-0690
-	RESERVED
+CVE-2007-0690 (myEvent 1.6 allows remote attackers to obtain sensitive
information ...)
+	TODO: check
 CVE-2007-0689 (MyBB 1.2.4 allows remote attackers to obtain sensitive
information via ...)
 	NOT-FOR-US: MyBB (aka MyBulletinBoard)
 CVE-2006-6968 (Cross-site scripting (XSS) vulnerability in the group moderation
...)
@@ -5880,8 +6226,8 @@
 	- tomcat5.5 <unfixed> (medium)
 CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor
ARCserve ...)
 	NOT-FOR-US: CA BrightStor
-CVE-2007-0448
-	RESERVED
+CVE-2007-0448 (The fopen function in PHP 5.2.0 does not properly handle invalid
URI ...)
+	TODO: check
 CVE-2007-0447
 	RESERVED
 CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for
Hewlett-Packard ...)
@@ -6157,8 +6503,8 @@
 	NOT-FOR-US: Ipswitch WS_FTP
 CVE-2007-0329 (download.php in Joonas Viljanen JV2 Folder Gallery allows remote
...)
 	NOT-FOR-US: Joonas Viljanen JV2 Folder Gallery
-CVE-2007-0328
-	RESERVED
+CVE-2007-0328 (The DWUpdateService ActiveX control in the agent (agent.exe) in
...)
+	TODO: check
 CVE-2007-0327
 	RESERVED
 CVE-2007-0326
@@ -6341,8 +6687,7 @@
 CVE-2007-0247 (squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP
servers ...)
 	- squid 2.6.5-4 (low)
 	[sarge] - squid <not-affected> (Vulnerable code not present)
-CVE-2007-0246 [gforge-plugin-scmcvs missing input sanitising ]
-	RESERVED
+CVE-2007-0246 (plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16
...)
 	{DSA-1297-1}
 	- gforge-plugin-scmcvs 4.5.14-6
 CVE-2007-0245
@@ -13764,8 +14109,7 @@
 	NOT-FOR-US: NeoScale Systems CryptoStor
 CVE-2006-3895
 	RESERVED
-CVE-2006-3894
-	RESERVED
+CVE-2006-3894 (The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries,
as used ...)
 	NOT-FOR-US: RSA BSAFE
 CVE-2006-3893 (Multiple buffer overflows in the ActiveX controls in Newtone
ImageKit ...)
 	NOT-FOR-US: Newtone ImageKit
Secure testing commits - Jun 2007 - r5956 - data/CVE

[Secure-testing-commits] r5956 - data/CVE
