stef-guest at alioth.debian.org
2007-Aug-13 20:01 UTC
[Secure-testing-commits] r6296 - data/CVE
Author: stef-guest Date: 2007-08-13 20:01:38 +0000 (Mon, 13 Aug 2007) New Revision: 6296 Modified: data/CVE/list Log: - already fixed: dovecot (low), moodle (low), java - new issues: php (low), wordpress (maybe fixed) - bugnum - NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-08-13 19:27:48 UTC (rev 6295) +++ data/CVE/list 2007-08-13 20:01:38 UTC (rev 6296) @@ -19,70 +19,74 @@ CVE-2007-4258 (SQL injection vulnerability in directory.php in Prozilla Pub Site ...) NOT-FOR-US: Prozilla CVE-2007-4257 (Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow ...) - TODO: check + NOT-FOR-US: Live for Speed CVE-2007-4256 (Directory traversal vulnerability in showpage.cgi in YNP Portal System ...) - TODO: check + NOT-FOR-US: YNP Portal System CVE-2007-4255 (Buffer overflow in the mSQL extension in PHP 5.2.3 allows ...) - TODO: check + - php5 <unfixed> + - php4 <removed> + [etch] - php5 <no-dsa> (requires malicious script) + [etch] - php4 <no-dsa> (requires malicious script) + [sarge] - php4 <no-dsa> (requires malicious script) CVE-2007-4254 (Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-4253 (SQL injection vulnerability in the News module in modules.php in ...) - TODO: check + NOT-FOR-US: Envolution CVE-2007-4252 (Absolute path traversal vulnerability in a certain ActiveX control in ...) - TODO: check + NOT-FOR-US: CHILKAT ASP String CVE-2007-4251 (OpenOffice.org (OOo) 2.2 does not properly handle files with multiple ...) - openoffice.org (unimportant) NOTE: Only a crasher with malformed documents CVE-2007-4250 (The isChecked function in Toolbar.DLL in Advanced Searchbar allows ...) - TODO: check + NOT-FOR-US: Advanced Searchbar CVE-2007-4249 (The isChecked function in Toolbar.DLL in the ExportNation toolbar for ...) - TODO: check + NOT-FOR-US: ExportNation toolbar CVE-2007-4248 (The CallCmd function in toolbar_gaming.dll in the Toolbar Gaming ...) - TODO: check + NOT-FOR-US: Toolbar Gaming toolbar CVE-2007-4247 (Windows Calendar on Microsoft Windows Vista allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-4246 (Unspecified vulnerability, possibly a buffer overflow, in Justsystem ...) - TODO: check + NOT-FOR-US: Justsystem Ichitaro CVE-2007-4245 (Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa ...) - TODO: check + NOT-FOR-US: DiMeMa CONTENTdm CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in the J! ...) - TODO: check + NOT-FOR-US: com_jreactions for Joomla! CVE-2007-4243 (Unspecified vulnerability in pfilter-reporter.pl in Astaro Security ...) - TODO: check + NOT-FOR-US: Astaro CVE-2007-4242 (The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform ...) - TODO: check + NOT-FOR-US: Astaro CVE-2007-4241 (Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for ...) - TODO: check + NOT-FOR-US: Hewlett-Packard CVE-2007-4240 (The check_logout function in class/auth.php in Help Center Live (hcl) ...) - TODO: check + NOT-FOR-US: Help Center Live CVE-2007-4239 (Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp ...) - TODO: check + NOT-FOR-US: C-SAM oneWallet CVE-2007-4238 (AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, ...) - TODO: check + NOT-FOR-US: AIX CVE-2007-4237 (Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte ...) - TODO: check + NOT-FOR-US: AIX CVE-2007-4236 (Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows ...) - TODO: check + NOT-FOR-US: AIX CVE-2007-4235 (Multiple PHP remote file inclusion vulnerabilities in VietPHP allow ...) - TODO: check + NOT-FOR-US: VietPHP CVE-2007-4234 (Unspecified vulnerability in Camera Life before 2.6 allows remote ...) - TODO: check + NOT-FOR-US: Camera Life CVE-2007-4233 (Multiple unspecified vulnerabilities in Camera Life before 2.6 allow ...) - TODO: check + NOT-FOR-US: Camera Life CVE-2007-4232 (PHP remote file inclusion vulnerability in admin/inc/change_action.php ...) - TODO: check + NOT-FOR-US: PHPNews CVE-2007-4231 (PHP remote file inclusion vulnerability in order/login.php in IDevSpot ...) - TODO: check + NOT-FOR-US: PhpHostBot CVE-2007-4230 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: BellaBiblio CVE-2007-4229 (Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows ...) TODO: check CVE-2007-4228 (rmpvc on IBM AIX 4.3 allows local users to cause a denial of service ...) - TODO: check + NOT-FOR-US: AIX CVE-2007-4227 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-4226 (Directory traversal vulnerability in the BlueCat Networks Proteus IPAM ...) - TODO: check + NOT-FOR-US: BlueCat Networks Proteus IPAM appliance CVE-2007-4225 (Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote ...) TODO: check CVE-2007-4224 (KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address ...) @@ -110,13 +114,15 @@ CVE-2007-4213 RESERVED CVE-2007-4212 (Multiple cross-site scripting (XSS) vulnerabilities in the Search ...) - TODO: check + NOT-FOR-US: PHP-Nuke CVE-2007-4211 (The ACL plugin in Dovecot before 1.0.3 allows remote authenticated ...) - TODO: check + - dovecot 1:1.0.3-2 (low) + [etch] - dovecot <no-dsa> (minor issue) + [sarge] - dovecot <no-dsa> (minor issue) CVE-2007-4210 (Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) ...) - TODO: check + NOT-FOR-US: LANAI CMS CVE-2007-4209 (SQL injection vulnerability in Recherche.php in Aceboard forum allows ...) - TODO: check + NOT-FOR-US: Aceboard CVE-2007-4208 (SQL injection vulnerability in default.asp in Next Gen Portfolio ...) TODO: check CVE-2007-4207 (SQL injection vulnerability in admin_console/index.asp in Gallery In A ...) @@ -1312,7 +1318,8 @@ - iceape 1.1.3-1 (high) - xulrunner 1.8.1.5-1 (high) CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE ...) - TODO: check + - sun-java5 1.5.0-12-1 + - sun-java6 6-02-1 CVE-2007-3654 RESERVED CVE-2007-3653 @@ -1487,7 +1494,7 @@ CVE-2007-3569 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library ...) NOT-FOR-US: Oliver Library Management System CVE-2007-3568 (The _LoadBMP function in imlib 1.9.15 and earlier allows ...) - - imlib <unfixed> (bug filed; low) + - imlib <unfixed> (bug #437708; low) CVE-2007-3567 (MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in ...) NOT-FOR-US: MysqlDumper CVE-2007-3566 (Stack-based buffer overflow in the database service (ibserver.exe) in ...) @@ -1514,7 +1521,7 @@ CVE-2007-3556 (Liesbeth base CMS stores sensitive information under the web root with ...) NOT-FOR-US: Liesbeth CVE-2007-3555 (Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 ...) - TODO: check + - moodle 1.8.2-1 (low) CVE-2007-3554 (Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control ...) NOT-FOR-US: HP CVE-2007-3553 (Cross-site scripting (XSS) vulnerability in Rapid Install Web Server ...) @@ -1524,7 +1531,7 @@ CVE-2007-3551 (Buffer overflow in bbs100 before 3.2 allows remote attackers to cause ...) NOT-FOR-US: bbs100 CVE-2007-3550 (Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3549 (SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 ...) NOT-FOR-US: Buddy Zone CVE-2007-3548 (Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers ...) @@ -1536,9 +1543,10 @@ CVE-2007-3545 (Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows ...) NOT-FOR-US: Warzone CVE-2007-3544 (Unrestricted file upload vulnerability in (1) wp-app.php and (2) ...) - TODO: check + - wordpress <unfixed> + TODO: check whether this is fixed in 2.2.2, file bug if not CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1 and ...) - TODO: check + - wordpress 2.2.1-1 CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml ...) NOT-FOR-US: Pluxml CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 ...)