thr3ads.net - Secure testing commits - [Secure-testing-commits] r6265

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Aug-09 09:14 UTC
[Secure-testing-commits] r6265 - data/CVE

Author: joeyh
Date: 2007-08-09 09:14:08 +0000 (Thu, 09 Aug 2007)
New Revision: 6265

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-08-08 15:17:39 UTC (rev 6264)
+++ data/CVE/list	2007-08-09 09:14:08 UTC (rev 6265)
@@ -1,3 +1,297 @@
+CVE-2007-4263 (Unspecified vulnerability in the server side of the Secure Copy
(SCP) ...)
+	TODO: check
+CVE-2007-4262 (Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and
...)
+	TODO: check
+CVE-2007-4261 (EZPhotoSales 1.9.3 and earlier stores sensitive information
under the ...)
+	TODO: check
+CVE-2007-4260 (EZPhotoSales 1.9.3 and earlier has a default
&quot;admin&quot; account for ...)
+	TODO: check
+CVE-2007-4259 (EZPhotoSales 1.9.3 and earlier allows remote attackers to
download ...)
+	TODO: check
+CVE-2007-4258 (SQL injection vulnerability in directory.php in Prozilla Pub
Site ...)
+	TODO: check
+CVE-2007-4257 (Multiple buffer overflows in Live for Speed (LFS) S1 and S2
allow ...)
+	TODO: check
+CVE-2007-4256 (Directory traversal vulnerability in showpage.cgi in YNP Portal
System ...)
+	TODO: check
+CVE-2007-4255 (Buffer overflow in the mSQL extension in PHP 5.2.3 allows ...)
+	TODO: check
+CVE-2007-4254 (Stack-based buffer overflow in a certain ActiveX control in
VDT70.DLL ...)
+	TODO: check
+CVE-2007-4253 (SQL injection vulnerability in the News module in modules.php in
...)
+	TODO: check
+CVE-2007-4252 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
+	TODO: check
+CVE-2007-4251 (OpenOffice.org (OOo) 2.2 does not properly handle files with
multiple ...)
+	TODO: check
+CVE-2007-4250 (The isChecked function in Toolbar.DLL in Advanced Searchbar
allows ...)
+	TODO: check
+CVE-2007-4249 (The isChecked function in Toolbar.DLL in the ExportNation
toolbar for ...)
+	TODO: check
+CVE-2007-4248 (The CallCmd function in toolbar_gaming.dll in the Toolbar Gaming
...)
+	TODO: check
+CVE-2007-4247 (Windows Calendar on Microsoft Windows Vista allows remote
attackers to ...)
+	TODO: check
+CVE-2007-4246 (Unspecified vulnerability, possibly a buffer overflow, in
Justsystem ...)
+	TODO: check
+CVE-2007-4245 (Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa
...)
+	TODO: check
+CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in the J!
...)
+	TODO: check
+CVE-2007-4243 (Unspecified vulnerability in pfilter-reporter.pl in Astaro
Security ...)
+	TODO: check
+CVE-2007-4242 (The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not
perform ...)
+	TODO: check
+CVE-2007-4241 (Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller
for ...)
+	TODO: check
+CVE-2007-4240 (The check_logout function in class/auth.php in Help Center Live
(hcl) ...)
+	TODO: check
+CVE-2007-4239 (Cross-site scripting (XSS) vulnerability in
user/forgotPassStep2.jsp ...)
+	TODO: check
+CVE-2007-4238 (AIX 5.2 and 5.3 install pioinit with user and group ownership of
bin, ...)
+	TODO: check
+CVE-2007-4237 (Buffer overflow in the atm subset in arp in
devices.common.IBM.atm.rte ...)
+	TODO: check
+CVE-2007-4236 (Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3
allows ...)
+	TODO: check
+CVE-2007-4235 (Multiple PHP remote file inclusion vulnerabilities in VietPHP
allow ...)
+	TODO: check
+CVE-2007-4234 (Unspecified vulnerability in Camera Life before 2.6 allows
remote ...)
+	TODO: check
+CVE-2007-4233 (Multiple unspecified vulnerabilities in Camera Life before 2.6
allow ...)
+	TODO: check
+CVE-2007-4232 (PHP remote file inclusion vulnerability in
admin/inc/change_action.php ...)
+	TODO: check
+CVE-2007-4231 (PHP remote file inclusion vulnerability in order/login.php in
IDevSpot ...)
+	TODO: check
+CVE-2007-4230 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-4229 (Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier
allows ...)
+	TODO: check
+CVE-2007-4228 (rmpvc on IBM AIX 4.3 allows local users to cause a denial of
service ...)
+	TODO: check
+CVE-2007-4227 (Microsoft Windows Explorer (explorer.exe) allows user-assisted
remote ...)
+	TODO: check
+CVE-2007-4226 (Directory traversal vulnerability in the BlueCat Networks
Proteus IPAM ...)
+	TODO: check
+CVE-2007-4225 (Visual truncation vulnerability in KDE Konqueror 3.5.7 allows
remote ...)
+	TODO: check
+CVE-2007-4224 (KDE Konqueror 3.5.7 allows remote attackers to spoof the URL
address ...)
+	TODO: check
+CVE-2007-4223
+	RESERVED
+CVE-2007-4222
+	RESERVED
+CVE-2007-4221
+	RESERVED
+CVE-2007-4220
+	RESERVED
+CVE-2007-4219
+	RESERVED
+CVE-2007-4218
+	RESERVED
+CVE-2007-4217
+	RESERVED
+CVE-2007-4216
+	RESERVED
+CVE-2007-4215
+	RESERVED
+CVE-2007-4214
+	RESERVED
+CVE-2007-4213
+	RESERVED
+CVE-2007-4212 (Multiple cross-site scripting (XSS) vulnerabilities in the
Search ...)
+	TODO: check
+CVE-2007-4211 (The ACL plugin in Dovecot before 1.0.3 allows remote
authenticated ...)
+	TODO: check
+CVE-2007-4210 (Multiple SQL injection vulnerabilities in module.php in LANAI
(la-nai) ...)
+	TODO: check
+CVE-2007-4209 (SQL injection vulnerability in Recherche.php in Aceboard forum
allows ...)
+	TODO: check
+CVE-2007-4208 (SQL injection vulnerability in default.asp in Next Gen Portfolio
...)
+	TODO: check
+CVE-2007-4207 (SQL injection vulnerability in admin_console/index.asp in
Gallery In A ...)
+	TODO: check
+CVE-2007-4206 (Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4)
sets ...)
+	TODO: check
+CVE-2007-4205 (XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance
...)
+	TODO: check
+CVE-2007-4204 (Hitachi Groupmax Collaboration - Schedule, as used in Groupmax
...)
+	TODO: check
+CVE-2007-4203 (Session fixation vulnerability in Mambo 4.6.2 CMS allows remote
...)
+	TODO: check
+CVE-2007-4202 (Guidance Software EnCase Enterprise Edition (EEE) 6 does not
properly ...)
+	TODO: check
+CVE-2007-4201 (Guidance Software EnCase 6.2 and 6.5 does not properly handle a
volume ...)
+	TODO: check
+CVE-2007-4200 (ntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before
2.09 ...)
+	TODO: check
+CVE-2007-4199 (Brian Carrier The Sleuth Kit (TSK) before 2.09 allows
user-assisted ...)
+	TODO: check
+CVE-2007-4198 (The fs_data_put_str function in ntfs.c in fls in Brian Carrier
The ...)
+	TODO: check
+CVE-2007-4197 (icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 omits
NULL ...)
+	TODO: check
+CVE-2007-4196 (icat in Brian Carrier The Sleuth Kit (TSK) before 2.09
misinterprets a ...)
+	TODO: check
+CVE-2007-4195 (Use-after-free vulnerability in ext2fs.c in Brian Carrier The
Sleuth ...)
+	TODO: check
+CVE-2007-4194 (Guidance Software EnCase 5.0 allows user-assisted remote
attackers to ...)
+	TODO: check
+CVE-2007-4193 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+	TODO: check
+CVE-2007-4192 (Multiple cross-site scripting (XSS) vulnerabilities in IDE Group
DVD ...)
+	TODO: check
+CVE-2007-4191 (Panda Antivirus 2008 stores service executables under the
product''s ...)
+	TODO: check
+CVE-2007-4190 (CRLF injection vulnerability in Joomla! before 1.0.13 (aka
Sunglow) ...)
+	TODO: check
+CVE-2007-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
before ...)
+	TODO: check
+CVE-2007-4188 (Session fixation vulnerability in Joomla! before 1.0.13 (aka
Sunglow) ...)
+	TODO: check
+CVE-2007-4187 (Multiple eval injection vulnerabilities in the com_search
component in ...)
+	TODO: check
+CVE-2007-4186 (PHP remote file inclusion vulnerability in admin.tour_toto.php
in the ...)
+	TODO: check
+CVE-2007-4185 (Joomla! 1.0.12 allows remote attackers to obtain sensitive
information ...)
+	TODO: check
+CVE-2007-4184 (SQL injection vulnerability in
administrator/popups/pollwindow.php in ...)
+	TODO: check
+CVE-2007-4183 (SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and
...)
+	TODO: check
+CVE-2007-4182 (Unrestricted file upload vulnerability in index.php in
WikiWebWeaver ...)
+	TODO: check
+CVE-2007-4181 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-4180 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-4179 (Unspecified vulnerability in the Address and Routing Parameter
Area ...)
+	TODO: check
+CVE-2007-4178 (Cross-site scripting (XSS) vulnerability in index.php in
WebDirector ...)
+	TODO: check
+CVE-2007-4177 (Multiple cross-site scripting (XSS) vulnerabilities in Interact
before ...)
+	TODO: check
+CVE-2007-4176 (Multiple unspecified vulnerabilities in EQDKP Plus before
0.4.4.5 have ...)
+	TODO: check
+CVE-2007-4175 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2007-4174 (Unspecified vulnerability in Tor before 0.1.2.16, when
ControlPort is ...)
+	TODO: check
+CVE-2007-4173 (SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul
Portali ...)
+	TODO: check
+CVE-2007-4172 (Multiple cross-site scripting (XSS) vulnerabilities in Open
Webmail ...)
+	TODO: check
+CVE-2007-4171 (SQL injection vulnerability in komentar.php in the Forum Module
for ...)
+	TODO: check
+CVE-2007-4170 (Multiple PHP remote file inclusion vulnerabilities in AL-Athkar
2.0 ...)
+	TODO: check
+CVE-2007-4169 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-4167 (PHP remote file inclusion vulnerability in cat_viewed.php in
...)
+	TODO: check
+CVE-2007-4166 (Cross-site scripting (XSS) vulnerability in index.php in the
Unnamed ...)
+	TODO: check
+CVE-2007-4165 (Cross-site scripting (XSS) vulnerability in index.php in the
Blue ...)
+	TODO: check
+CVE-2007-4164 (CRLF injection vulnerability in the redirect feature in Sun Java
...)
+	TODO: check
+CVE-2007-4163 (Multiple SQL injection vulnerabilities in IndexScript 2.7 and
2.8 ...)
+	TODO: check
+CVE-2007-4162 (TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or
...)
+	TODO: check
+CVE-2007-4161 (rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted,
might ...)
+	TODO: check
+CVE-2007-4160 (The default configuration of TIBCO Rendezvous (RV) 7.5.2
clients, when ...)
+	TODO: check
+CVE-2007-4159 (index.html in the HTTP administration interface in certain
daemons in ...)
+	TODO: check
+CVE-2007-4158 (Unspecified vulnerability in rvd 7.5.2 in TIBCO Rendezvous (RV)
allows ...)
+	TODO: check
+CVE-2007-4157 (PHPBlogger stores sensitive information under the web root with
...)
+	TODO: check
+CVE-2007-4156 (Multiple SQL injection vulnerabilities in wolioCMS allow remote
...)
+	TODO: check
+CVE-2007-4155 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
+	TODO: check
+CVE-2007-4154 (SQL injection vulnerability in options.php in WordPress 2.2.1
allows ...)
+	TODO: check
+CVE-2007-4153 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress
2.2.1 ...)
+	TODO: check
+CVE-2007-4152 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft
Audit ...)
+	TODO: check
+CVE-2007-4151 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft
Audit ...)
+	TODO: check
+CVE-2007-4150 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft
Audit ...)
+	TODO: check
+CVE-2007-4149 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft
Audit ...)
+	TODO: check
+CVE-2007-4148 (Heap-based buffer overflow in the Visionsoft Audit on Demand
Service ...)
+	TODO: check
+CVE-2007-4147 (Multiple unspecified vulnerabilities in Interspire ArticleLive
NX ...)
+	TODO: check
+CVE-2007-4146 (Cross-site scripting (XSS) vulnerability in webevent.cgi in
WebEvent ...)
+	TODO: check
+CVE-2007-4145 (Heap-based buffer overflow in the BlueSkychat (BlueSkyCat)
ActiveX ...)
+	TODO: check
+CVE-2007-4144 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2007-4143 (user.php in the Billing Control Panel in phpCoupon allows remote
...)
+	TODO: check
+CVE-2007-4142 (Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime
Server ...)
+	TODO: check
+CVE-2007-4141 (OpenRat CMS 0.8-beta1 and earlier allows remote attackers to
obtain ...)
+	TODO: check
+CVE-2007-4140 (Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x
allows ...)
+	TODO: check
+CVE-2007-4139 (Cross-site scripting (XSS) vulnerability in the Temporary
Uploads ...)
+	TODO: check
+CVE-2007-4138
+	RESERVED
+CVE-2007-4137
+	RESERVED
+CVE-2007-4136
+	RESERVED
+CVE-2007-4135
+	RESERVED
+CVE-2007-4134
+	RESERVED
+CVE-2007-4133
+	RESERVED
+CVE-2007-4132
+	RESERVED
+CVE-2007-4131
+	RESERVED
+CVE-2007-4130
+	RESERVED
+CVE-2007-4129
+	RESERVED
+CVE-2007-4128 (SQL injection vulnerability in index.php in the Firestorm
Technologies ...)
+	TODO: check
+CVE-2007-4127 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-4126 (Unspecified vulnerability in the dynamic tracing framework
(DTrace) on ...)
+	TODO: check
+CVE-2007-4125 (Unspecified vulnerability in the Address and Routing Parameter
Area ...)
+	TODO: check
+CVE-2007-4124 (The session failover function in Cosminexus Component Container
in ...)
+	TODO: check
+CVE-2007-4123 (The Groupmax Scheduler_Facilities management tool in Hitachi
Groupmax ...)
+	TODO: check
+CVE-2007-4122 (Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer
(HV) ...)
+	TODO: check
+CVE-2007-4121 (Multiple SQL injection vulnerabilities in admin.aspx in
E-Commerce ...)
+	TODO: check
+CVE-2007-4120 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-4119 (Multiple SQL injection vulnerabilities in yonetici.asp in
Berthanas ...)
+	TODO: check
+CVE-2007-4118 (PHP remote file inclusion vulnerability in
includes/functions.inc.php ...)
+	TODO: check
+CVE-2007-4117 (** DISPUTED ** ...)
+	TODO: check
+CVE-2005-4860 (Spectrum Cash Receipting System before 6.504 uses weak
cryptography ...)
+	TODO: check
 CVE-2007-XXXX [teamspeak-server arbitrary file disclosure]
 	- teamspeak-server 2.0.23.19-1 (bug #435707; medium)
 CVE-2007-XXXX [tor insufficient authentication on control port]
@@ -128,7 +422,7 @@
 	NOT-FOR-US: EMC VMware
 CVE-2007-4057 (Unrestricted file upload vulnerability in pfs.php in Neocrome
Seditio ...)
 	NOT-FOR-US: Neocrome Seditio
-CVE-2007-4056 (SQL injection vulnerability in directory.php in Adult Directory
allows ...)
+CVE-2007-4056 (SQL injection vulnerability in directory.php in Prozilla Adult
...)
 	NOT-FOR-US: Adult Directory
 CVE-2007-4055 (SQL injection vulnerability in comments_get.asp in SimpleBlog
3.0 ...)
 	NOT-FOR-US: SimpleBlog
@@ -170,11 +464,11 @@
 CVE-2007-4038 (Argument injection vulnerability in Mozilla Firefox before
2.0.0.5, ...)
 	{DSA-1338-1}
 	- iceweasel 2.0.0.5-1
-CVE-2007-4037 (** DISPUTED ** Guidance Software EnCase allows user-assisted
remote ...)
+CVE-2007-4037 (** DISPUTED ** ...)
 	NOT-FOR-US: Guidance Software
-CVE-2007-4036 (** DISPUTED ** Guidance Software EnCase allows user-assisted
remote ...)
+CVE-2007-4036 (** DISPUTED ** ...)
 	NOT-FOR-US: Guidance Software
-CVE-2007-4035 (** DISPUTED ** Guidance Software EnCase does not properly handle
(1) ...)
+CVE-2007-4035 (** DISPUTED ** ...)
 	NOT-FOR-US: Guidance Software
 CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 ActiveX
control ...)
 	NOT-FOR-US: Yahoo! Widgets
@@ -361,7 +655,7 @@
 	- lighttpd 1.4.16-1 (bug #434888)
 CVE-2007-3945 (Rule Set Based Access Control (RSBAC) before 1.3.5 does not
properly ...)
 	NOT-FOR-US: Rule Set Based Access Control (RSBAC)
-CVE-2007-3944 (Unspecified vulnerability in Safari (MobileSafari) on the Apple
iPhone ...)
+CVE-2007-3944 (Multiple heap-based buffer overflows in the Perl Compatible
Regular ...)
 	NOT-FOR-US: MobileSafari
 CVE-2007-3943 (SQL injection vulnerability in Infinite Responder before 1.48
allows ...)
 	NOT-FOR-US: Infinite Responder
@@ -566,15 +860,13 @@
 	RESERVED
 CVE-2007-3846
 	RESERVED
-CVE-2007-3845 [firefox external URI handler escaping vulnerability]
-	RESERVED
+CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and
2.x ...)
 	{DSA-1346-1 DSA-1345-1 DSA-1344-1}
 	- iceweasel 2.0.0.6-1 (medium)
 	- xulrunner 1.8.1.6-1 (medium)
 	- iceape 1.1.3-2 (medium)
 	- icedove <unfixed> (medium)
-CVE-2007-3844 [firefox about:blank regression]
-	RESERVED
+CVE-2007-3844 (Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before
1.5.0.13, and ...)
 	{DSA-1346-1 DSA-1345-1 DSA-1344-1}
 	- iceweasel 2.0.0.6-1 (medium)
 	- xulrunner 1.8.1.6-1 (medium)
@@ -785,20 +1077,20 @@
 	RESERVED
 CVE-2007-3749
 	RESERVED
-CVE-2007-3748
-	RESERVED
-CVE-2007-3747
-	RESERVED
-CVE-2007-3746
-	RESERVED
-CVE-2007-3745
-	RESERVED
-CVE-2007-3744
-	RESERVED
-CVE-2007-3743
-	RESERVED
-CVE-2007-3742
-	RESERVED
+CVE-2007-3748 (Buffer overflow in the UPnP IGD (Internet Gateway Device
Standardized ...)
+	TODO: check
+CVE-2007-3747 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and
10.4.10 ...)
+	TODO: check
+CVE-2007-3746 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and
10.4.10 ...)
+	TODO: check
+CVE-2007-3745 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and
10.4.10 ...)
+	TODO: check
+CVE-2007-3744 (Buffer overflow in the UPnP IGD (Internet Gateway Device
Standardized ...)
+	TODO: check
+CVE-2007-3743 (Stack-based buffer overflow in bookmark handling in Apple Safari
3 ...)
+	TODO: check
+CVE-2007-3742 (WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone
before ...)
+	TODO: check
 CVE-2007-3741
 	RESERVED
 CVE-2007-3740
@@ -1610,8 +1902,7 @@
 	REJECTED
 CVE-2007-3394 (Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow
remote ...)
 	NOT-FOR-US: eNdonesia
-CVE-2007-3388 [qt vulnerability in QTextEdit]
-	RESERVED
+CVE-2007-3388 (Multiple format string vulnerabilities in (1) qtextedit.cpp, (2)
...)
 	- qt-x11-free 3:3.3.7-6
 	- qt4-x11 4.3.0-5
 	NOTE: there is some dissagreement whether qt4 is affected
@@ -1636,16 +1927,15 @@
 	RESERVED
 CVE-2007-3385
 	RESERVED
-CVE-2007-3384
-	RESERVED
+CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
 CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in
the ...)
 	- tomcat4 <removed> (low)
 	[sarge] - tomcat4 <no-dsa> (minor issue)
 	NOTE: affects example app in tomcat4-webapps
 CVE-2007-3382
 	RESERVED
-CVE-2007-3381 [gdm DoS]
-	RESERVED
+CVE-2007-3381 (The GDM daemon in GNOME Display Manager (GDM) before 2.14.13,
2.16.x ...)
 	- gdm 2.18.4-1 (low)
 	[sarge] - gdm <no-dsa> (Minor issue)
 	[etch] - gdm <no-dsa> (Minor issue)
@@ -1870,7 +2160,7 @@
 	NOT-FOR-US: Web Thunderbolt
 CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board
(YaBB) ...)
 	NOT-FOR-US: YaBB
-CVE-2007-3294 (Multiple buffer overflows in the Tidy extension for PHP 5.2.3
allow ...)
+CVE-2007-3294 (Multiple buffer overflows in libtidy, as used in the Tidy
extension ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: Only exploitable by malicious script
 CVE-2007-3293 (SQL injection vulnerability in categoria.php in LiveCMS 3.4 and
...)
@@ -2313,8 +2603,8 @@
 	NOT-FOR-US: Andy Frank Beatnik
 CVE-2007-3109 (The CERN Image Map Dispatcher (htimage.exe) in Microsoft
FrontPage ...)
 	NOT-FOR-US: Microsoft FrontPage
-CVE-2007-3108
-	RESERVED
+CVE-2007-3108 (The BN_from_montgomery function in crypto/bn/bn_mont.c in
OpenSSL ...)
+	TODO: check
 CVE-2007-3107 (The signal handling in the Linux kernel 2.6.2 and later, when
run on ...)
 	- linux-2.6 <unfixed> (unimportant)
 	NOTE: Not reproducibly reliably by an attacker, mostly a bug
@@ -2715,8 +3005,8 @@
 	RESERVED
 CVE-2007-2928
 	RESERVED
-CVE-2007-2927
-	RESERVED
+CVE-2007-2927 (Unspecified vulnerability in Atheros 802.11 a/b/g wireless
adapter ...)
+	TODO: check
 CVE-2007-2926 (ISC BIND 9 through 9.5.0a5 uses a weak random number generator
during ...)
 	{DSA-1341-2}
 	- bind9 1:9.4.1-P1-1
@@ -3926,29 +4216,29 @@
 	NOT-FOR-US: Seir Anphin
 CVE-2007-2411 (** DISPUTED ** ...)
 	NOT-FOR-US: Sphider
-CVE-2007-2410
-	RESERVED
-CVE-2007-2409
-	RESERVED
-CVE-2007-2408
-	RESERVED
-CVE-2007-2407
-	RESERVED
-CVE-2007-2406
-	RESERVED
-CVE-2007-2405
-	RESERVED
-CVE-2007-2404
-	RESERVED
-CVE-2007-2403
-	RESERVED
+CVE-2007-2410 (WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties
of ...)
+	TODO: check
+CVE-2007-2409 (Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9
and ...)
+	TODO: check
+CVE-2007-2408 (WebKit in Apple Safari 3 Beta before Update 3.0.3 does not
properly ...)
+	TODO: check
+CVE-2007-2407 (The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when
Windows ...)
+	TODO: check
+CVE-2007-2406 (Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a
...)
+	TODO: check
+CVE-2007-2405 (Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10
...)
+	TODO: check
+CVE-2007-2404 (CRLF injection vulnerability in CFNetwork on Apple Mac OS X
10.3.9 and ...)
+	TODO: check
+CVE-2007-2403 (CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly
...)
+	TODO: check
 CVE-2007-2402 (QuickTime for Java in Apple Quicktime before 7.2 does not
perform ...)
 	NOT-FOR-US: Apple Quicktime
-CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X
10.3.9, and ...)
+CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X
10.3.9, ...)
 	NOT-FOR-US: Apple
 CVE-2007-2400 (Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X,
...)
 	NOT-FOR-US: Apple
-CVE-2007-2399 (WebKit in Apple Mac OS X 10.3.9, and 10.4.9 and later performs
an ...)
+CVE-2007-2399 (WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone
before ...)
 	NOT-FOR-US: Apple
 CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote
attackers ...)
 	NOT-FOR-US: Apple Safari
@@ -8888,7 +9178,7 @@
 	NOT-FOR-US: Cisco
 CVE-2007-0479 (Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x,
and 12.x ...)
 	NOT-FOR-US: Cisco
-CVE-2007-0478 (Apple Safari does not properly parse HTML comments, which allows
...)
+CVE-2007-0478 (WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari,
does ...)
 	NOT-FOR-US: Apple Safari
 CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads 2.0.x before
...)
 	NOT-FOR-US: Openads
Secure testing commits - Aug 2007 - r6265 - data/CVE

[Secure-testing-commits] r6265 - data/CVE
