thr3ads.net - Secure testing commits - [Secure-testing-commits] r6133

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Jul-11 09:14 UTC
[Secure-testing-commits] r6133 - data/CVE

Author: joeyh
Date: 2007-07-11 09:14:09 +0000 (Wed, 11 Jul 2007)
New Revision: 6133

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-07-11 02:43:36 UTC (rev 6132)
+++ data/CVE/list	2007-07-11 09:14:09 UTC (rev 6133)
@@ -1,3 +1,367 @@
+CVE-2007-3676
+	RESERVED
+CVE-2007-3675
+	RESERVED
+CVE-2007-3674
+	RESERVED
+CVE-2007-3673
+	RESERVED
+CVE-2007-3672 (Cross-site scripting (XSS) vulnerability in ecrire/tools.php in
...)
+	TODO: check
+CVE-2007-3671 (Unspecified vulnerability in the kernel in Microsoft Windows
Vista has ...)
+	TODO: check
+CVE-2007-3670 (Argument injection vulnerability in Microsoft Internet Explorer,
when ...)
+	TODO: check
+CVE-2007-3669 (Multiple unspecified vulnerabilities in the Innovasys
DockStudioXP ...)
+	TODO: check
+CVE-2007-3668 (Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia
...)
+	TODO: check
+CVE-2007-3667 (Unspecified vulnerability in EXCLEXPT.DLL in
ActiveReportsExcelReport ...)
+	TODO: check
+CVE-2007-3666 (Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost
12.0 ...)
+	TODO: check
+CVE-2007-3665 (Multiple unspecified vulnerabilities in FileBackup.DLL in
Symantec ...)
+	TODO: check
+CVE-2007-3664 (Multiple unspecified vulnerabilities in Eltima Software
RunService ...)
+	TODO: check
+CVE-2007-3663 (Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0
allows ...)
+	TODO: check
+CVE-2007-3662 (Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote
...)
+	TODO: check
+CVE-2007-3661 (Eltima Software Virtual Serial Port (VSPAX) ActiveX control ...)
+	TODO: check
+CVE-2007-3660 (The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll)
allows ...)
+	TODO: check
+CVE-2007-3659 (Buffer overflow in the doBrowserAction function in FreeWRL
1.19.3 ...)
+	TODO: check
+CVE-2007-3658 (Unspecified vulnerability in Microsoft Register Server (REGSVR)
allows ...)
+	TODO: check
+CVE-2007-3657 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does
not ...)
+	TODO: check
+CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start
in JRE ...)
+	TODO: check
+CVE-2007-3654
+	RESERVED
+CVE-2007-3653
+	RESERVED
+CVE-2007-3652
+	RESERVED
+CVE-2007-3651
+	RESERVED
+CVE-2007-3650
+	RESERVED
+CVE-2007-3649 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
+	TODO: check
+CVE-2007-3648 (SQL injection vulnerability in Webmatic before 2.6.2, and
possibly ...)
+	TODO: check
+CVE-2007-3647 (The isloggedin function in Php/login.inc.php in phpTrafficA
1.4.3 and ...)
+	TODO: check
+CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7
and ...)
+	TODO: check
+CVE-2007-3645
+	RESERVED
+CVE-2007-3644
+	RESERVED
+CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative
privileges ...)
+	TODO: check
+CVE-2007-3642 (The decode_choice function in
net/netfilter/bf_conntrack_h323_asn1.c ...)
+	TODO: check
+CVE-2007-3641
+	RESERVED
+CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows
context-dependent ...)
+	TODO: check
+CVE-2007-3639 (WordPress before 2.2.2 allows remote attackers to redirect
visitors to ...)
+	TODO: check
+CVE-2007-3638 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted
remote ...)
+	TODO: check
+CVE-2007-3637 (SQL injection vulnerability in MKPortal 1.1.1 allows remote
attackers ...)
+	TODO: check
+CVE-2007-3636 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin
2.1 for ...)
+	TODO: check
+CVE-2007-3635 (Unspecified vulnerability in the G/PGP (GPG) Plugin before 2.1
for ...)
+	TODO: check
+CVE-2007-3634 (Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for ...)
+	TODO: check
+CVE-2007-3633 (Absolute path traversal vulnerability in the Chilkat Software
Chilkat ...)
+	TODO: check
+CVE-2007-3632 (Multiple PHP remote file inclusion vulnerabilities in LimeSurvey
(aka ...)
+	TODO: check
+CVE-2007-3631 (SQL injection vulnerability in index.php in GameSiteScript (gss)
3.1 ...)
+	TODO: check
+CVE-2007-3630 (changePW.php in AV Tutorial Script (avtutorial) 1.0 does not
require ...)
+	TODO: check
+CVE-2007-3629 (SQL injection vulnerability in oku.asp in Levent Veysi Portal
1.0 ...)
+	TODO: check
+CVE-2007-3628 (Unspecified vulnerability in the fetch function in MDB2.php in
PEAR ...)
+	TODO: check
+CVE-2007-3627 (Multiple SQL injection vulnerabilities in PHP Lite Calendar
Express ...)
+	TODO: check
+CVE-2007-3626 (Unspecified vulnerability in the ADM daemon in Hitachi TPBroker
before ...)
+	TODO: check
+CVE-2007-3625 (The Program Neighborhood Agent in Citrix Presentation Server
Clients ...)
+	TODO: check
+CVE-2007-3624 (Heap-based buffer overflow in the Message HTTP Server in SAP
Message ...)
+	TODO: check
+CVE-2007-3623 (Cross-site scripting (XSS) vulnerability in the Hitachi
JP1/HiCommand ...)
+	TODO: check
+CVE-2007-3622 (Unspecified vulnerability in DomainPOP in Alt-N Technologies
MDaemon ...)
+	TODO: check
+CVE-2007-3621 (Multiple CRLF injection vulnerabilities in callboth.php in
AsteriDex ...)
+	TODO: check
+CVE-2007-3620 (Multiple directory traversal vulnerabilities in Maia Mailguard
1.0.2 ...)
+	TODO: check
+CVE-2007-3619 (Directory traversal vulnerability in login.php in Maia Mailguard
1.0.2 ...)
+	TODO: check
+CVE-2007-3618
+	RESERVED
+CVE-2007-3617 (The report module in vtiger CRM before 5.0.3 does not properly
apply ...)
+	TODO: check
+CVE-2007-3616 (index.php in vtiger CRM before 5.0.3 allows remote authenticated
users ...)
+	TODO: check
+CVE-2007-3615 (Internet Communication Manager (aka ICMAN.exe or ICM) in SAP
NetWeaver ...)
+	TODO: check
+CVE-2007-3614 (Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP
DB ...)
+	TODO: check
+CVE-2007-3613 (Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in
SAP ...)
+	TODO: check
+CVE-2007-3612 (Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows
remote IRC ...)
+	TODO: check
+CVE-2007-3611 (admin.php in VRNews 1.1.1, and possibly other 1.x versions, does
not ...)
+	TODO: check
+CVE-2007-3610 (SQL injection vulnerability in categories_type.php in phpVID
0.9.9 ...)
+	TODO: check
+CVE-2007-3609 (Multiple SQL injection vulnerabilities in eMeeting Online Dating
...)
+	TODO: check
+CVE-2007-3608 (Multiple unspecified vulnerabilities in ActiveX controls in the
...)
+	TODO: check
+CVE-2007-3607 (Multiple unspecified vulnerabilities in ActiveX controls in the
...)
+	TODO: check
+CVE-2007-3606 (Heap-based buffer overflow in the rfcguisink.rfcguisink.1
ActiveX ...)
+	TODO: check
+CVE-2007-3605 (Stack-based buffer overflow in the kweditcontrol.kwedit.1
ActiveX ...)
+	TODO: check
+CVE-2007-3604 (vtiger CRM before 5.0.3 allows remote authenticated users with
access ...)
+	TODO: check
+CVE-2007-3603 (SQL injection vulnerability in the dashboard ...)
+	TODO: check
+CVE-2007-3602 (The SOAP webservice in vtiger CRM before 5.0.3 does not ensure
that ...)
+	TODO: check
+CVE-2007-3601 (vtiger CRM before 5.0.3, when a migrated build is used, allows
remote ...)
+	TODO: check
+CVE-2007-3600 (WordPlugin in the wordintegration component in vtiger CRM before
5.0.3 ...)
+	TODO: check
+CVE-2007-3599 (vtiger CRM before 5.0.3 allows remote authenticated users to
import ...)
+	TODO: check
+CVE-2007-3598 (index.php in vtiger CRM before 5.0.3 allows remote authenticated
users ...)
+	TODO: check
+CVE-2007-3597 (Session fixation vulnerability in Zen Cart 1.3.7 and earlier
allows ...)
+	TODO: check
+CVE-2007-3596 (inc/vul_check.inc in phpVideoPro before 0.8.8 permits
non-alphanumeric ...)
+	TODO: check
+CVE-2007-3595 (SQL injection vulnerability in include/get_userdata.php in ...)
+	TODO: check
+CVE-2007-3594 (Multiple cross-site scripting (XSS) vulnerabilities in AdventNet
...)
+	TODO: check
+CVE-2007-3593 (Multiple cross-site scripting (XSS) vulnerabilities in
ManageEngine ...)
+	TODO: check
+CVE-2007-3592 (PM.php in Elite Bulletin Board before 1.0.10 allows remote ...)
+	TODO: check
+CVE-2007-3591 (Unspecified vulnerability in Profile.php in Elite Bulletin Board
...)
+	TODO: check
+CVE-2007-3590 (Cross-site scripting (XSS) vulnerability in visitenkarte.php in
b1gBB ...)
+	TODO: check
+CVE-2007-3589 (Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow
remote ...)
+	TODO: check
+CVE-2007-3588 (SQL injection vulnerability in reply.php in VBZooM 1.12 allows
remote ...)
+	TODO: check
+CVE-2007-3587 (MyCMS 0.9.8 and earlier allows remote attackers to gain
privileges via ...)
+	TODO: check
+CVE-2007-3586 (Multiple direct static code injection vulnerabilities in MyCMS
0.9.8 ...)
+	TODO: check
+CVE-2007-3585 (PHP remote file inclusion vulnerability in games.php in MyCMS
0.9.8 ...)
+	TODO: check
+CVE-2007-3584 (SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i
and ...)
+	TODO: check
+CVE-2007-3583 (SQL injection vulnerability in details_news.php in Girlserv ads
1.5 ...)
+	TODO: check
+CVE-2007-3582 (SQL injection vulnerability in index.php in SuperCali PHP Event
...)
+	TODO: check
+CVE-2007-3581 (The Jedox Palo 1.5 client transmits the password in cleartext,
which ...)
+	TODO: check
+CVE-2007-3580 (PHPIDS does not properly handle certain code containing
newlines, as ...)
+	TODO: check
+CVE-2007-3579 (PHPIDS before 20070703 does not properly handle setting the
.text ...)
+	TODO: check
+CVE-2007-3578 (PHPIDS before 20070703 does not properly handle (1) arithmetic
...)
+	TODO: check
+CVE-2007-3577 (PHPIDS before 20070703 does not properly handle use of the
substr ...)
+	TODO: check
+CVE-2007-3576 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-3575 (SQL injection vulnerability in includes/functions in
FreeDomain.co.nr ...)
+	TODO: check
+CVE-2007-3574 (Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi
on ...)
+	TODO: check
+CVE-2007-3573 (Multiple SQL injection vulnerabilities in akocomment allow
remote ...)
+	TODO: check
+CVE-2007-3572 (Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi
in ...)
+	TODO: check
+CVE-2007-3571 (The Apache Web Server as used in Novell NetWare 6.5 and
GroupWise ...)
+	TODO: check
+CVE-2007-3570 (The Linux Access Gateway in Novell Access Manager before 3.0 SP1
...)
+	TODO: check
+CVE-2007-3569 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver
Library ...)
+	TODO: check
+CVE-2007-3568 (The _LoadBMP function in imlib 1.9.15 and earlier allows ...)
+	TODO: check
+CVE-2007-3567 (MySQLDumper 1.21b through 1.23 REV227 uses a &quot;Limit
GET&quot; statement in ...)
+	TODO: check
+CVE-2007-3566
+	RESERVED
+CVE-2007-3565
+	RESERVED
+CVE-2007-3564
+	RESERVED
+CVE-2007-3563 (SQL injection vulnerability in includes/view_page.php in AV
Arcade ...)
+	TODO: check
+CVE-2007-3562 (SQL injection vulnerability in videos.php in PHP Director 0.21
and ...)
+	TODO: check
+CVE-2007-3561 (Cross-site scripting (XSS) vulnerability in ara.asp in Efendy
Blog 1.0 ...)
+	TODO: check
+CVE-2007-3560 (Multiple unspecified vulnerabilities in Esqlanelapse before 2.6
have ...)
+	TODO: check
+CVE-2007-3559 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2007-3558 (SQL injection vulnerability in Coppermine Photo Gallery (CPG)
before ...)
+	TODO: check
+CVE-2007-3557 (SQL injection vulnerability in admin/login.php in Wheatblog (wB)
1.1, ...)
+	TODO: check
+CVE-2007-3556 (Liesbeth base CMS stores sensitive information under the web
root with ...)
+	TODO: check
+CVE-2007-3555 (Cross-site scripting (XSS) vulnerability in index.php in Moodle
1.7.1 ...)
+	TODO: check
+CVE-2007-3554 (Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX
control ...)
+	TODO: check
+CVE-2007-3553 (Cross-site scripting (XSS) vulnerability in Rapid Install Web
Server ...)
+	TODO: check
+CVE-2007-3552 (Multiple unspecified vulnerabilities in bbs100 before 3.2 allow
remote ...)
+	TODO: check
+CVE-2007-3551 (Buffer overflow in bbs100 before 3.2 allows remote attackers to
cause ...)
+	TODO: check
+CVE-2007-3550 (Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers
to ...)
+	TODO: check
+CVE-2007-3549 (SQL injection vulnerability in view_sub_cat.php in Buddy Zone
1.5 ...)
+	TODO: check
+CVE-2007-3548 (Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP
servers ...)
+	TODO: check
+CVE-2007-3547 (Directory traversal vulnerability in qti_checkname.php in
QuickTicket ...)
+	TODO: check
+CVE-2007-3546 (Cross-site scripting (XSS) vulnerability in the Windows GUI in
Nessus ...)
+	TODO: check
+CVE-2007-3545 (Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows
...)
+	TODO: check
+CVE-2007-3544 (Unrestricted file upload vulnerability in (1) wp-app.php and (2)
...)
+	TODO: check
+CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1
and ...)
+	TODO: check
+CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in
Pluxml ...)
+	TODO: check
+CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd
20070408 ...)
+	TODO: check
+CVE-2007-3540 (Multiple cross-site scripting (XSS) vulnerabilities in
search.asp in ...)
+	TODO: check
+CVE-2007-3539 (Multiple SQL injection vulnerabilities in QuickTicket 1.2 ...)
+	TODO: check
+CVE-2007-3538 (SQL injection vulnerability in qtg_msg_view.php in QuickTalk
guestbook ...)
+	TODO: check
+CVE-2007-3537 (IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines
sends ...)
+	TODO: check
+CVE-2007-3536 (Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc)
ActiveX ...)
+	TODO: check
+CVE-2007-3535 (Multiple directory traversal vulnerabilities in GL-SH Deaf Forum
6.4.4 ...)
+	TODO: check
+CVE-2007-3534 (SQL injection vulnerability in login.php in WebChat 0.78 allows
remote ...)
+	TODO: check
+CVE-2007-3533 (The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote
...)
+	TODO: check
+CVE-2007-3532
+	RESERVED
+CVE-2007-3531
+	RESERVED
+CVE-2007-3530 (PHPDirector 0.21 and earlier stores the admin account name and
...)
+	TODO: check
+CVE-2007-3529 (videos.php in PHPDirector 0.21 and earlier allows remote
attackers to ...)
+	TODO: check
+CVE-2007-3528 (The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC
...)
+	TODO: check
+CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated
users ...)
+	TODO: check
+CVE-2007-3526 (Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and
earlier ...)
+	TODO: check
+CVE-2007-3525 (Ripe Website Manager 0.8.9 and earlier allows remote attackers
to ...)
+	TODO: check
+CVE-2007-3524 (Multiple PHP remote file inclusion vulnerabilities in Ripe
Website ...)
+	TODO: check
+CVE-2007-3523 (Multiple directory traversal vulnerabilities in
Module/Galerie.php in ...)
+	TODO: check
+CVE-2007-3522 (Multiple PHP remote file inclusion vulnerabilities in sPHPell
1.01 ...)
+	TODO: check
+CVE-2007-3521 (SQL injection vulnerability in ArcadeBuilder Game Portal Manager
1.7 ...)
+	TODO: check
+CVE-2007-3520 (SQL injection vulnerability in process.php in Easybe 1-2-3 Music
Store ...)
+	TODO: check
+CVE-2007-3519 (SQL injection vulnerability in eventdisplay.php in
phpEventCalendar ...)
+	TODO: check
+CVE-2007-3518 (SQL injection vulnerability in msg.php in HispaH YouTube Clone
Script ...)
+	TODO: check
+CVE-2007-3517 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline
1.8.3 ...)
+	TODO: check
+CVE-2007-3516 (Multiple cross-site scripting (XSS) vulnerabilities in kayit.asp
in ...)
+	TODO: check
+CVE-2007-3515 (SQL injection vulnerability in view_event.php in TotalCalendar
2.402 ...)
+	TODO: check
+CVE-2006-7220 (Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows
remote ...)
+	TODO: check
+CVE-2006-7219 (eZ publish before 3.8.5 does not properly enforce permissions
for ...)
+	TODO: check
+CVE-2006-7218 (eZ publish before 3.8.1 does not properly enforce permissions
for ...)
+	TODO: check
+CVE-2006-7217 (Apache Derby before 10.2.1.6 does not determine schema privilege
...)
+	TODO: check
+CVE-2006-7216 (Apache Derby before 10.2.1.6 does not determine privilege
requirements ...)
+	TODO: check
+CVE-2006-7215 (The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop
...)
+	TODO: check
+CVE-2005-4859 (mimicboard2 (Mimic2) 086 and earlier stores sensitive
information ...)
+	TODO: check
+CVE-2005-4858 (Multiple cross-site scripting (XSS) vulnerabilities in
mimic2.cgi in ...)
+	TODO: check
+CVE-2005-4857 (eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3,
and ...)
+	TODO: check
+CVE-2005-4856 (The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before
3.6.5, ...)
+	TODO: check
+CVE-2005-4855 (Unrestricted file upload vulnerability in eZ publish 3.5 before
3.5.5, ...)
+	TODO: check
+CVE-2005-4854 (eZ publish 3.5 through 3.7 before 20050830 does not use a
folder''s ...)
+	TODO: check
+CVE-2005-4853 (The default configuration of the forum package in eZ publish 3.5
...)
+	TODO: check
+CVE-2005-4852 (The siteaccess URIMatching implementation in eZ publish 3.5
through ...)
+	TODO: check
+CVE-2005-4851 (eZ publish 3.4.4 through 3.7 before 20050722 applies certain
...)
+	TODO: check
+CVE-2005-4850 (eZ publish 3.5 through 3.7 before 20050608 requires both edit
and ...)
+	TODO: check
+CVE-2005-4849 (Apache Derby before 10.1.2.1 exposes the (1) user and (2)
password ...)
+	TODO: check
+CVE-2004-2682 (PeerSec MatrixSSL before 1.1 does not implement RSA blinding,
which ...)
+	TODO: check
+CVE-2004-2681 (PeerSec MatrixSSL before 1.1 caches session keys for an
indefinitely ...)
+	TODO: check
+CVE-1999-1591 (Microsoft Internet Information Services (IIS) server 4.0 SP4,
without ...)
+	TODO: check
 CVE-2007-XXXX [silc-toolkit several buffer overflows]
 	- silc-toolkit 1.1.2-1
 	NOTE: http://silcnet.org/docs/changelog/SILC Toolkit 1.1.2
@@ -17,8 +381,7 @@
 	RESERVED
 CVE-2007-3509
 	RESERVED
-CVE-2007-3508 [glibc hwcaps integer overflow]
-	RESERVED
+CVE-2007-3508 (** DISPUTED ** ...)
 	- glibc 2.6-2 (unimportant; bug #431858)
 	NOTE: Not security-relevant
 CVE-2007-3507 (Stack-based buffer overflow in the local__vcentry_parse_value
function ...)
@@ -67,19 +430,19 @@
 	NOT-FOR-US: Check Point VPN-1 Edge X
 CVE-2007-3488 (Heap-based buffer overflow in the viewer ActiveX control in Sony
...)
 	NOT-FOR-US: Sony Network Camera SNC-P5 1.0
-CVE-2007-3487 (Absolute directory traversal in a certain ActiveX control in
...)
+CVE-2007-3487 (Absolute path traversal in a certain ActiveX control in
hpqxml.dll ...)
 	NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control
 CVE-2007-3486 (Cross-site scripting (XSS) vulnerability in AltaVista search
engine ...)
 	NOT-FOR-US: AltaVista
 CVE-2007-3485 (Multiple cross-site scripting (XSS) vulnerabilities in
Yandex.Server ...)
 	NOT-FOR-US: Yandex.Server
-CVE-2007-3484 (Cross-site scripting (XSS) vulnerability in search.php in Google
...)
+CVE-2007-3484 (** DISPUTED ** ...)
 	NOT-FOR-US: Google Custom Search Engine
 CVE-2007-3483 (Research in Motion BlackBerry Enterprise Server 4.0 through 4.1
has a ...)
 	NOT-FOR-US: BlackBerry Enterprise Server
-CVE-2007-3482 (Cross-domain vulnerability in Apple Safari allows remote
attackers to ...)
+CVE-2007-3482 (Cross-domain vulnerability in Apple Safari for Windows 3.0.1
allows ...)
 	NOT-FOR-US: Apple Safari
-CVE-2007-3481 (Cross-domain vulnerability in Microsoft Internet Explorer allows
...)
+CVE-2007-3481 (** DISPUTED ** ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-3480 (PCSoft WinDEV 11 (01F110053p) allows user-assisted remote
attackers to ...)
 	NOT-FOR-US: PCSoft WinDEV
@@ -262,7 +625,7 @@
 	NOT-FOR-US: pagetool
 CVE-2007-3401 (PHP remote file inclusion vulnerability in footer.inc.php in B1G
b1gBB ...)
 	NOT-FOR-US: B1GBB
-CVE-2007-3400 (The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157
...)
+CVE-2007-3400 (The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll
2.6.2.157, as ...)
 	NOT-FOR-US: NCTAudioEditor2 ActiveX control
 CVE-2007-3399 (SQL injection vulnerability in include/get_userdata.php in Power
...)
 	NOT-FOR-US: Power Phlogger
@@ -949,8 +1312,8 @@
 	NOT-FOR-US: Microsoft FrontPage
 CVE-2007-3108
 	RESERVED
-CVE-2007-3107
-	RESERVED
+CVE-2007-3107 (The signal handling in the Linux kernel 2.6.2 and later, when
run on ...)
+	TODO: check
 CVE-2007-3106
 	RESERVED
 CVE-2007-3105
@@ -1101,8 +1464,8 @@
 	RESERVED
 CVE-2007-3039
 	RESERVED
-CVE-2007-3038
-	RESERVED
+CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64
Edition ...)
+	TODO: check
 CVE-2007-3037
 	RESERVED
 CVE-2007-3036
@@ -1117,12 +1480,12 @@
 	RESERVED
 CVE-2007-3031
 	RESERVED
-CVE-2007-3030
-	RESERVED
-CVE-2007-3029
-	RESERVED
-CVE-2007-3028
-	RESERVED
+CVE-2007-3030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer
allows ...)
+	TODO: check
+CVE-2007-3029 (Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003
SP2 ...)
+	TODO: check
+CVE-2007-3028 (The LDAP service in Windows Active Directory in Microsoft
Windows 2000 ...)
+	TODO: check
 CVE-2007-3027 (Race condition in Microsoft Internet Explorer 5.01, 6, and 7
allows ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-3026
@@ -1155,10 +1518,10 @@
 	RESERVED
 CVE-2007-3013
 	RESERVED
-CVE-2007-3012
-	RESERVED
-CVE-2007-3011
-	RESERVED
+CVE-2007-3012 (The web interface in Fujitsu-Siemens Computers PRIMERGY BX300
Switch ...)
+	TODO: check
+CVE-2007-3011 (The DBAsciiAccess CGI Script in the web interface in
Fujitsu-Siemens ...)
+	TODO: check
 CVE-2007-3010
 	RESERVED
 CVE-2007-3009 (Format string vulnerability in the MprLogToFile::logEvent
function in ...)
@@ -1298,8 +1661,7 @@
 	- kvirc <unfixed> (medium)
 CVE-2007-2950
 	RESERVED
-CVE-2007-2949 [heap overflow in GIMP''s PSD importer]
-	RESERVED
+CVE-2007-2949 (Integer overflow in the seek_to_and_unpack_pixeldata function in
the ...)
 	- gimp 2.2.16-1 (medium)
 	- ingimp 2.2.16.20070710-1
 	NOTE: http://secunia.com/secunia_research/2007-63/advisory
@@ -1562,16 +1924,14 @@
 	RESERVED
 CVE-2007-2840
 	RESERVED
-CVE-2007-2839 [gfax: local users can maniplate root''s contrab]
-	RESERVED
+CVE-2007-2839 (gfax 0.4.2 and probably other versions creates temporary files
...)
 	{DSA-1329-1}
 	- gfax 0.6 (bug #431893; low)
 	NOTE: Vulnerable code no longer present since 0.6, so marking this as fixed
version
 CVE-2007-2838 (The populate_conns function in src/populate_conns.c in GSAMBAD
0.1.4 ...)
 	{DSA-1327-1}
 	- gsambad 0.1.6-2 (bug #431331)
-CVE-2007-2837
-	RESERVED
+CVE-2007-2837 (The (1) getRule and (2) getChains functions in server/rules.cpp
in ...)
 	{DSA-1326-1}
 	- fireflier 1.1.7
 CVE-2007-2836 (Directory traversal vulnerability in session.rb in Hiki 0.8.0
through ...)
@@ -1748,7 +2108,7 @@
 	[sarge] - openssh <no-dsa> (Minor issue)
 CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4
(Hydrax) ...)
 	NOT-FOR-US: OPeNDAP
-CVE-2007-2766 (Backup Manager before 0.7.6 provides the MySQL password as a
plaintext ...)
+CVE-2007-2766 (lib/backup-methods.sh in Backup Manager before 0.7.6 provides
the ...)
 	- backup-manager <unfixed> (low)
 	[sarge] - backup-manager <no-dsa> (Minor issue)
 	[etch] - backup-manager <no-dsa> (Minor issue)
@@ -4037,12 +4397,12 @@
 	RESERVED
 CVE-2007-1757
 	RESERVED
-CVE-2007-1756
-	RESERVED
+CVE-2007-1756 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and
Office ...)
+	TODO: check
 CVE-2007-1755
 	RESERVED
-CVE-2007-1754
-	RESERVED
+CVE-2007-1754 (Microsoft Office Publisher 2007 does not properly clear memory
when ...)
+	TODO: check
 CVE-2007-1753
 	RESERVED
 CVE-2007-1752
@@ -8729,14 +9089,14 @@
 	NOTE: and icape 1.0.8-1
 CVE-2007-0044 (Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox,
Internet ...)
 	NOT-FOR-US: Adobe Acrobat Reader Plugin
-CVE-2007-0043
-	RESERVED
-CVE-2007-0042
-	RESERVED
-CVE-2007-0041
-	RESERVED
-CVE-2007-0040
-	RESERVED
+CVE-2007-0043 (The Just In Time (JIT) Compiler service in Microsoft .NET
Framework ...)
+	TODO: check
+CVE-2007-0042 (ASP.NET in Microsoft .NET Framework 2.0 SP2 and earlier for
Windows ...)
+	TODO: check
+CVE-2007-0041 (The PE Loader service in Microsoft .NET Framework 2.0 SP2 and
earlier ...)
+	TODO: check
+CVE-2007-0040 (The LDAP service in Windows Active Directory in Microsoft
Windows 2000 ...)
+	TODO: check
 CVE-2007-0039 (The Exchange Collaboration Data Objects (EXCDO) functionality in
...)
 	NOT-FOR-US: Microsoft
 CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in
Microsoft ...)
@@ -14068,8 +14428,8 @@
 	NOT-FOR-US: Novell eDirectory
 CVE-2006-4520 (ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before
8.8.1 ...)
 	NOT-FOR-US: Novell eDirectory
-CVE-2006-4519
-	RESERVED
+CVE-2006-4519 (Multiple integer overflows in the image loader plug-ins in GIMP
before ...)
+	TODO: check
 CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause
a ...)
 	NOT-FOR-US: Qbik WinGate
 CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a
...)
@@ -17208,7 +17568,7 @@
 	NOT-FOR-US: IBD Micro CMS
 CVE-2006-3143 (Cross-site scripting (XSS) vulnerability in icue_login.asp in
Maximus ...)
 	NOT-FOR-US: Maximus SchoolMAX
-CVE-2006-3142 (SQL injection vulnerability in Forum.php in VBZooM 1.11 allows
remote ...)
+CVE-2006-3142 (SQL injection vulnerability in forum.php in VBZooM 1.11 allows
remote ...)
 	NOT-FOR-US: VBZooM
 CVE-2006-3141 (Cross-site scripting (XSS) vulnerability in details.cfm in
Tradingeye ...)
 	NOT-FOR-US: Tradingeye Shop
@@ -25467,7 +25827,7 @@
 	NOT-FOR-US: Komodo CMS
 CVE-2005-4361 (Cross-site scripting (XSS) vulnerability in search.html in
Magnolia ...)
 	NOT-FOR-US: Magnolia Content Management Suite
-CVE-2005-4360 (Microsoft IIS 5.1 allows remote attackers to cause a denial of
service ...)
+CVE-2005-4360 (The URL parser in Microsoft Internet Information Services (IIS)
5.1 on ...)
 	NOT-FOR-US: IIS
 CVE-2005-4359 (SQL injection vulnerability in includes/core.inc.php in ODFaq
2.1.0 ...)
 	NOT-FOR-US: ODFaq
@@ -39664,7 +40024,7 @@
 	NOT-FOR-US: KorWeblog
 CVE-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2
and ...)
 	- moodle 1.4.3-1
-CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in Moodle 1.4.2 and
earlier ...)
+CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in view.php in Moodle
1.4.2 ...)
 	- moodle 1.4.3-1
 CVE-2004-1423 (Multiple PHP remote file inclusion vulnerabilities in Sean
Proctor ...)
 	NOT-FOR-US: PHP-Calendar
Secure testing commits - Jul 2007 - r6133 - data/CVE

[Secure-testing-commits] r6133 - data/CVE
