thr3ads.net - Secure testing commits - [Secure-testing-commits] r6001

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Jun-15 09:14 UTC
[Secure-testing-commits] r6001 - data/CVE

Author: joeyh
Date: 2007-06-15 09:14:07 +0000 (Fri, 15 Jun 2007)
New Revision: 6001

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-06-13 20:32:22 UTC (rev 6000)
+++ data/CVE/list	2007-06-15 09:14:07 UTC (rev 6001)
@@ -1,3 +1,129 @@
+CVE-2007-3246 (The do_set_password function in modules/chanserv/set.c in IRC
Services ...)
+	TODO: check
+CVE-2007-3245 (IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows
remote ...)
+	TODO: check
+CVE-2007-3244 (SQL injection vulnerability in
bb-includes/formatting-functions.php in ...)
+	TODO: check
+CVE-2007-3243 (Cross-site scripting (XSS) vulnerability in bb-login.php in
bbPress ...)
+	TODO: check
+CVE-2007-3242 (The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE)
...)
+	TODO: check
+CVE-2007-3241 (Cross-site scripting (XSS) vulnerability in blogroll.php in the
...)
+	TODO: check
+CVE-2007-3240 (Cross-site scripting (XSS) vulnerability in 404.php in the ...)
+	TODO: check
+CVE-2007-3239 (Cross-site scripting (XSS) vulnerability in searchform.php in
the ...)
+	TODO: check
+CVE-2007-3238 (Cross-site scripting (XSS) vulnerability in functions.php in the
...)
+	TODO: check
+CVE-2007-3237 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-3236 (PHP remote file inclusion vulnerability in footer.php in the
Horoscope ...)
+	TODO: check
+CVE-2007-3235 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime
Forum ...)
+	TODO: check
+CVE-2007-3234 (SQL injection vulnerability in low.php in Fuzzylime Forum 1.0
allows ...)
+	TODO: check
+CVE-2007-3233 (The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx)
7.0.2.3524 ...)
+	TODO: check
+CVE-2007-3232 (The IBM TotalStorage DS400 with firmware 4.15 uses a blank
password ...)
+	TODO: check
+CVE-2007-3231 (Buffer overflow in MeCab before 0.96 has unknown impact and
attack ...)
+	TODO: check
+CVE-2007-3230 (PHP remote file inclusion vulnerability in phphtml.php in Idan
Sofer ...)
+	TODO: check
+CVE-2007-3229 (index.php in Singapore Gallery allows remote attackers to obtain
...)
+	TODO: check
+CVE-2007-3228 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-3227 (Cross-site scripting (XSS) vulnerability in the to_json function
in ...)
+	TODO: check
+CVE-2007-3226 (Cross-site scripting (XSS) vulnerability in dotProject before
2.1 RC2 ...)
+	TODO: check
+CVE-2007-3225 (Unspecified vulnerability in Sun Java System Directory Server
(slapd) ...)
+	TODO: check
+CVE-2007-3224 (Unspecified vulnerability in Sun ONE/Java System Directory
Server ...)
+	TODO: check
+CVE-2007-3223 (Unspecified vulnerability in the NFS server in Sun Solaris 10
before ...)
+	TODO: check
+CVE-2007-3222 (PHP remote file inclusion vulnerability in modify.php in the
XFsection ...)
+	TODO: check
+CVE-2007-3221 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-3220 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-3219 (Unspecified vulnerability in sources/action_public/xmlout.php in
...)
+	TODO: check
+CVE-2007-3218 (Cross-site scripting (XSS) vulnerability in request.php in PHP
Live! ...)
+	TODO: check
+CVE-2007-3217 (Multiple PHP remote file inclusion vulnerabilities in Prototype
of an ...)
+	TODO: check
+CVE-2007-3216 (Multiple unspecified vulnerabilities in the server component of
CA ...)
+	TODO: check
+CVE-2007-3215 (PHPMailer 1.7, when configured to use sendmail, allows remote
...)
+	TODO: check
+CVE-2007-3214 (SQL injection vulnerability in style.php in e-Vision CMS 2.02
and ...)
+	TODO: check
+CVE-2007-3213 (Multiple cross-site scripting (XSS) vulnerabilities in
comments.cgi in ...)
+	TODO: check
+CVE-2007-3212 (Multiple cross-site scripting (XSS) vulnerabilities in links.php
in ...)
+	TODO: check
+CVE-2007-3211 (Cross-site scripting (XSS) vulnerability in 404.php in Domain
...)
+	TODO: check
+CVE-2007-3210 (Stack-based buffer overflow in nptoken.mox in the Cellosoft
Tokens ...)
+	TODO: check
+CVE-2007-3209 (Mail Notification 4.0, when WITH_SSL is set to 0 at compile
time, uses ...)
+	TODO: check
+CVE-2007-3208 (CRLF injection vulnerability in Yet another Bulletin Board
(YaBB) 2.1 ...)
+	TODO: check
+CVE-2007-3207
+	RESERVED
+CVE-2007-3206
+	RESERVED
+CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3)
Subhosin, ...)
+	TODO: check
+CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network
...)
+	TODO: check
+CVE-2007-3203 (Stack-based buffer overflow in smtpdll.dll in the SMTP service
in ...)
+	TODO: check
+CVE-2007-3202 (Cross-site scripting (XSS) vulnerability in the rich text editor
in ...)
+	TODO: check
+CVE-2007-3201 (Visual truncation vulnerability in Windows Privacy Tray (WinPT)
1.2.0 ...)
+	TODO: check
+CVE-2007-3200 (NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2
and ...)
+	TODO: check
+CVE-2007-3199 (Unrestricted file upload vulnerability in Link Request Contact
Form ...)
+	TODO: check
+CVE-2007-3198 (Cross-site scripting (XSS) vulnerability in comments.php in
Maran PHP ...)
+	TODO: check
+CVE-2007-3197 (SQL injection vulnerability in vBSupport.php in vBSupport 1.1
before ...)
+	TODO: check
+CVE-2007-3196 (SQL injection vulnerability in vBSupport.php in vSupport
Integrated ...)
+	TODO: check
+CVE-2007-3195 (Cross-site scripting (XSS) vulnerability in index.php in ERFAN
WIKI ...)
+	TODO: check
+CVE-2007-3194 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-3193 (lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the ...)
+	TODO: check
+CVE-2007-3192 (admin/setup.php in Just For Fun Network Management System
(JFFNMS) ...)
+	TODO: check
+CVE-2007-3191 (Just For Fun Network Management System (JFFNMS) 0.8.3 allows
remote ...)
+	TODO: check
+CVE-2007-3190 (Multiple SQL injection vulnerabilities in auth.php in Just For
Fun ...)
+	TODO: check
+CVE-2007-3189 (Cross-site scripting (XSS) vulnerability in auth.php in Just For
Fun ...)
+	TODO: check
+CVE-2007-3188 (SQL injection vulnerability in down_indir.asp in Fullaspsite
GeometriX ...)
+	TODO: check
+CVE-2007-3187 (Multiple unspecified vulnerabilities in Apple Safari for Windows
allow ...)
+	TODO: check
+CVE-2007-3186 (Apple Safari Beta 3.0.1 for Windows allows remote attackers to
execute ...)
+	TODO: check
+CVE-2007-3185 (Apple Safari Beta 3.0.1 for Windows public beta allows remote
...)
+	TODO: check
+CVE-2007-3184 (Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS
X, ...)
+	TODO: check
 CVE-2007-3183
 	RESERVED
 CVE-2007-3182
@@ -2,6 +128,6 @@
 	RESERVED
-CVE-2007-3181
-	RESERVED
-CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP
systems ...)
+CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1
allows ...)
 	TODO: check
+CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP
Windows ...)
+	TODO: check
 CVE-2007-3179 (Multiple SQL injection vulnerabilities in archives.php in
Particle ...)
@@ -176,10 +302,10 @@
 	RESERVED
 CVE-2007-3101
 	RESERVED
-CVE-2007-3100
-	RESERVED
-CVE-2007-3099
-	RESERVED
+CVE-2007-3100 (usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before
...)
+	TODO: check
+CVE-2007-3099 (usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils)
before ...)
+	TODO: check
 CVE-2007-3098 (The SNMPc Server (crserv.exe) process in Castle Rock Computing
SNMPc ...)
 	TODO: check
 CVE-2007-3097 (my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote
attackers ...)
@@ -546,8 +672,8 @@
 	RESERVED
 CVE-2007-2922
 	RESERVED
-CVE-2007-2921
-	RESERVED
+CVE-2007-2921 (Multiple buffer overflows in acgm.dll in the Corel / Micrografx
...)
+	TODO: check
 CVE-2007-2920 (Multiple stack-based buffer overflows in the Zoomify Viewer
ActiveX ...)
 	TODO: check
 CVE-2007-2919 (Multiple stack-based buffer overflows in the FViewerLoading
ActiveX ...)
@@ -1430,7 +1556,7 @@
 	NOT-FOR-US: DynamicPAD
 CVE-2007-2526 (Heap-based buffer overflow in the ConnectAsyncEx function in VNC
...)
 	NOT-FOR-US: VNC Viewer ActiveX control
-CVE-2007-2525 (Memory leak in the PPPoE socket implementation in the Linux
kernel ...)
+CVE-2007-2525 (Memory leak in the PPP over Ethernet (PPPoE) socket
implementation in ...)
 	- linux-2.6 <unfixed>
 CVE-2007-2524 (Cross-site scripting (XSS) vulnerability in index.pl in OTRS
(Open ...)
 	{DSA-1298-1}
@@ -1598,12 +1724,11 @@
 CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in
GEODE-AES ...)
 	- linux-2.6 2.6.21-3
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present,
introduced in 2.6.20)
-CVE-2007-2450
-	RESERVED
-CVE-2007-2449
-	RESERVED
-CVE-2007-2448 [subversion issue involving svn prop* commands]
-	RESERVED
+CVE-2007-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the (1)
Manager ...)
+	TODO: check
+CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain
JSP ...)
+	TODO: check
+CVE-2007-2448 (Subversion 1.4.3 and earlier does not properly implement the
&quot;partial ...)
 	- subversion <unfixed> (bug #428194; low)
 CVE-2007-2447 (The MS-RPC functionality in smbd in Samba 3.0.0 through
3.0.25rc3 ...)
 	{DSA-1291-2 DTSA-41-1}
@@ -1737,8 +1862,8 @@
 	RESERVED
 CVE-2007-2392
 	RESERVED
-CVE-2007-2391
-	RESERVED
+CVE-2007-2391 (Cross-site scripting (XSS) vulnerability in Apple Safari Beta
3.0.1 ...)
+	TODO: check
 CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9
allows ...)
 	NOT-FOR-US: Apple
 CVE-2007-2389 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not
clear ...)
@@ -2121,17 +2246,17 @@
 	TODO: check
 CVE-2007-2228
 	RESERVED
-CVE-2007-2227
-	RESERVED
+CVE-2007-2227 (The MHTML protocol handler in Microsoft Outlook Express 6 and
Windows ...)
+	TODO: check
 CVE-2007-2226
 	RESERVED
-CVE-2007-2225
-	RESERVED
+CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in
Windows ...)
+	TODO: check
 CVE-2007-2224
 	RESERVED
 CVE-2007-2223
 	RESERVED
-CVE-2007-2222 (Multiple unspecified vulnerabilities in speech control ActiveX
...)
+CVE-2007-2222 (Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll)
and ...)
 	TODO: check
 CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in
Microsoft ...)
 	NOT-FOR-US: Microsoft Internet Explorer
@@ -3192,7 +3317,8 @@
 	RESERVED
 CVE-2007-1753
 	RESERVED
-CVE-2007-1752 (Microsoft Internet Explorer 7 allows remote attackers to spoof
web ...)
+CVE-2007-1752
+	REJECTED
 	TODO: check
 CVE-2007-1751 (Microsoft Internet Explorer 5.01, 6, and 7 allows remote
attackers to ...)
 	TODO: check
@@ -3804,7 +3930,7 @@
 	NOT-FOR-US: Avant Browse
 CVE-2007-1500 (The Linux Security Auditing Tool (LSAT) allows local users to
...)
 	NOT-FOR-US: Linux Security Auditing Tool
-CVE-2007-1499 (Cross-site scripting (XSS) vulnerability in Microsoft Internet
...)
+CVE-2007-1499 (Microsoft Internet Explorer 7.0 on Windows XP and Vista allows
remote ...)
 	NOT-FOR-US: Internet Explorer
 CVE-2007-1498 (Multiple stack-based buffer overflows in the
SiteManager.SiteMgr.1 ...)
 	NOT-FOR-US: SiteManager.SiteMgr.1 ActiveX control
@@ -5927,7 +6053,7 @@
 	[sarge] - mozilla-firefox <not-affected> (Only affected Firefox 2.0 et
al)
 	[sarge] - mozilla-thunderbird <not-affected> (Only affected Firefox 2.0
et al)
 	[sarge] - mozilla <not-affected> (Only affected Firefox 2.0 et al)
-CVE-2007-0775 (Multiple unspecified vulnerabilities in the layout engine in
Mozilla Firefox ...)
+CVE-2007-0775 (Multiple unspecified vulnerabilities in the layout engine in
Mozilla ...)
 	NOTE: MFSA-2007-01
 	- iceweasel 2.0.0.2+dfsg-1 (high)
 	- iceape 1.0.8-1 (high)
@@ -7201,8 +7327,7 @@
 CVE-2007-0246 (plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16
...)
 	{DSA-1297-1}
 	- gforge-plugin-scmcvs 4.5.14-6
-CVE-2007-0245
-	RESERVED
+CVE-2007-0245 (Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and
earlier ...)
 	{DSA-1307-1}
 	- openoffice.org 2.2.1~rc1-1
 CVE-2007-0244 (pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd)
before ...)
@@ -14023,8 +14148,8 @@
 	REJECTED
 CVE-2006-4169
 	RESERVED
-CVE-2006-4168
-	RESERVED
+CVE-2006-4168 (Integer overflow in the exif_data_load_data_entry function in
...)
+	TODO: check
 CVE-2006-4167
 	RESERVED
 CVE-2006-4166 (PHP remote file inclusion vulnerability in TinyWebGallery 1.5
and ...)
@@ -14067,7 +14192,7 @@
 	RESERVED
 CVE-2006-4147
 	RESERVED
-CVE-2006-4146 (Buffer overflow in the (1) DWARF (dwarfread.c) and DWARF2 ...)
+CVE-2006-4146 (Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2
...)
 	- gdb <unfixed> (unimportant)
 	NOTE: Every sensible use of gdb involves executing the debugged binary
 CVE-2006-4145 (The Universal Disk Format (UDF) filesystem driver in Linux
kernel ...)
@@ -18727,7 +18852,7 @@
 	NOT-FOR-US: Fuji Xerox Printing Systems
 CVE-2006-2112 (Fuji Xerox Printing Systems (FXPS) print engine, as used in
products ...)
 	NOT-FOR-US: Fuji Xerox Printing Systems
-CVE-2006-2111 (Microsoft Internet Explorer 6.0 on Windows XP SP2, and possibly
other ...)
+CVE-2006-2111 (A component in Microsoft Outlook Express 6 allows remote
attackers to ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2006-2110 (Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and
2.1.x ...)
 	{DSA-1060-1}
Secure testing commits - Jun 2007 - r6001 - data/CVE

[Secure-testing-commits] r6001 - data/CVE
