joeyh at alioth.debian.org
2007-Aug-22 09:14 UTC
[Secure-testing-commits] r6374 - data/CVE
Author: joeyh Date: 2007-08-22 09:14:07 +0000 (Wed, 22 Aug 2007) New Revision: 6374 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-08-22 08:48:25 UTC (rev 6373) +++ data/CVE/list 2007-08-22 09:14:07 UTC (rev 6374) @@ -1,3 +1,197 @@ +CVE-2007-4465 + RESERVED +CVE-2007-4464 (CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total ...) + TODO: check +CVE-2007-4463 (The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted ...) + TODO: check +CVE-2007-4462 (lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to ...) + TODO: check +CVE-2007-4461 (NuFW 2.2.3, and certain other versions after 2.0, allows remote ...) + TODO: check +CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) ...) + TODO: check +CVE-2007-4459 (The Cisco IP Phone 7940 with P0S3-08-6-00 firmware allows remote ...) + TODO: check +CVE-2007-4458 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2007-4457 (Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 ...) + TODO: check +CVE-2007-4456 (SQL injection vulnerability in index.php in the SimpleFAQ ...) + TODO: check +CVE-2007-4455 (The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before ...) + TODO: check +CVE-2007-4454 (Eval injection vulnerability in environment.php in Olate Download (od) ...) + TODO: check +CVE-2007-4453 (** DISPUTED ** ...) + TODO: check +CVE-2007-4452 (The client in Toribash 2.71 and earlier allows remote attackers to ...) + TODO: check +CVE-2007-4451 (The server in Toribash 2.71 and earlier on Windows allows remote ...) + TODO: check +CVE-2007-4450 (The server in Toribash 2.71 and earlier does not properly handle long ...) + TODO: check +CVE-2007-4449 (The client in Toribash 2.71 and earlier allows remote attackers to ...) + TODO: check +CVE-2007-4448 (The server in Toribash 2.71 and earlier does not properly handle ...) + TODO: check +CVE-2007-4447 (Multiple buffer overflows in the client in Toribash 2.71 and earlier ...) + TODO: check +CVE-2007-4446 (Format string vulnerability in the server in Toribash 2.71 and earlier ...) + TODO: check +CVE-2007-4445 (Image Space rFactor 1.250 and earlier allows remote attackers to cause ...) + TODO: check +CVE-2007-4444 (Multiple buffer overflows in Image Space rFactor 1.250 and earlier ...) + TODO: check +CVE-2007-4443 (The UCC dedicated server for the Unreal engine, possibly 2003 and ...) + TODO: check +CVE-2007-4442 (Stack-based buffer overflow in the logging function in the Unreal ...) + TODO: check +CVE-2007-4441 (Buffer overflow in php_win32std.dll in the win32std extension for PHP ...) + TODO: check +CVE-2007-4440 (Stack-based buffer overflow in the SMTP server in Mercury Mail ...) + TODO: check +CVE-2007-4439 (PHP remote file inclusion vulnerability in popup_window.php in ...) + TODO: check +CVE-2007-4438 (Session fixation vulnerability in Ampache before 3.3.3.5 allows remote ...) + TODO: check +CVE-2007-4437 (SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 ...) + TODO: check +CVE-2007-4436 (The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and ...) + TODO: check +CVE-2007-4435 (Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 ...) + TODO: check +CVE-2007-4434 (Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the ...) + TODO: check +CVE-2007-4433 (Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the ...) + TODO: check +CVE-2007-4432 (Untrusted search path vulnerability in the wrapper scripts for the (1) ...) + TODO: check +CVE-2007-4431 (Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and ...) + TODO: check +CVE-2007-4430 (Unspecified vulnerability in Cisco IOS allows context-dependent ...) + TODO: check +CVE-2007-4429 (Unspecified vulnerability in Skype allows remote attackers to cause a ...) + TODO: check +CVE-2007-4428 (Lhaz 1.33 allows remote attackers to execute arbitrary code via ...) + TODO: check +CVE-2007-4427 (Unspecified vulnerability in the login page redirection logic in the ...) + TODO: check +CVE-2007-4426 (Live for Speed (LFS) S1 and S2 allows remote attackers to cause a ...) + TODO: check +CVE-2007-4425 (Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 ...) + TODO: check +CVE-2007-4424 (Apple Safari for Windows 3.0.3 and earlier does not prompt the user ...) + TODO: check +CVE-2007-4423 (Unspecified vulnerability in the AUTH_LIST_GROUPS_FOR_AUTHID function ...) + TODO: check +CVE-2007-4422 (The login interface in Symantec Enterprise Firewall 6.x, when a VPN ...) + TODO: check +CVE-2007-4421 (SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 ...) + TODO: check +CVE-2007-4420 (Absolute path traversal vulnerability in a certain ActiveX control in ...) + TODO: check +CVE-2007-4419 (Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin ...) + TODO: check +CVE-2007-4418 (IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, ...) + TODO: check +CVE-2007-4417 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not ...) + TODO: check +CVE-2007-4416 (** DISPUTED ** ...) + TODO: check +CVE-2007-4415 (Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 ...) + TODO: check +CVE-2007-4414 (Cisco VPN Client on Windows before 4.8.02.0010 allows local users to ...) + TODO: check +CVE-2007-4413 (Direct static code injection vulnerability in admincp/user_help.php in ...) + TODO: check +CVE-2007-4412 (Multiple cross-site scripting (XSS) vulnerabilities in Headstart ...) + TODO: check +CVE-2007-4411 (ircu 2.10.12.05 and earlier allows remote attackers to discover the ...) + TODO: check +CVE-2007-4410 (ircu 2.10.12.05 and earlier does not properly synchronize a kick ...) + TODO: check +CVE-2007-4409 (Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote ...) + TODO: check +CVE-2007-4408 (ircu 2.10.12.05 and earlier ignores timestamps in bounces, which ...) + TODO: check +CVE-2007-4407 (ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops ...) + TODO: check +CVE-2007-4406 (ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after ...) + TODO: check +CVE-2007-4405 (ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a ...) + TODO: check +CVE-2007-4404 (ircu 2.10.12.01 allows remote attackers to (1) cause a denial of ...) + TODO: check +CVE-2007-4403 (The mIRC Control Plug-in for Winamp allows user-assisted remote ...) + TODO: check +CVE-2007-4402 (Multiple unspecified scripts in mIRC allow user-assisted remote ...) + TODO: check +CVE-2007-4401 (Multiple CRLF injection vulnerabilities in the Advanced mIRC ...) + TODO: check +CVE-2007-4400 (CRLF injection vulnerability in the included media script in ...) + TODO: check +CVE-2007-4399 (CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX ...) + TODO: check +CVE-2007-4398 (Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and ...) + TODO: check +CVE-2007-4397 (Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) ...) + TODO: check +CVE-2007-4396 (Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) ...) + TODO: check +CVE-2007-4395 (Multiple unspecified vulnerabilities in the Role Based Access Control ...) + TODO: check +CVE-2007-4394 (Unspecified vulnerability in a "core clean" cron job created by the ...) + TODO: check +CVE-2007-4393 (The installation script for orarun on SUSE Linux before 20070810 ...) + TODO: check +CVE-2007-4392 (Winamp 5.35 allows remote attackers to cause a denial of service ...) + TODO: check +CVE-2007-4391 (Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger ...) + TODO: check +CVE-2007-4390 (The Command Line Interface (CLI) on the BlueCat Networks Adonis ...) + TODO: check +CVE-2007-4389 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire ...) + TODO: check +CVE-2007-4388 (2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly ...) + TODO: check +CVE-2007-4387 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire ...) + TODO: check +CVE-2007-4386 (SQL injection vulnerability in search.php in GetMyOwnArcade allows ...) + TODO: check +CVE-2007-4385 (OWASP Stinger before 2.5 allows remote attackers to bypass input ...) + TODO: check +CVE-2007-4384 (Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in ...) + TODO: check +CVE-2007-4383 (** DISPUTED ** ...) + TODO: check +CVE-2007-4382 (CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote ...) + TODO: check +CVE-2007-4381 (Unspecified vulnerability in the font parsing implementation in Sun ...) + TODO: check +CVE-2007-4380 (Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 ...) + TODO: check +CVE-2007-4379 (Babo Violent 2 2.08.00 and earlier allows remote attackers to cause a ...) + TODO: check +CVE-2007-4378 (Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and ...) + TODO: check +CVE-2007-4377 (Stack-based buffer overflow in the IMAP service in SurgeMail 38k ...) + TODO: check +CVE-2007-4376 (Unrestricted file upload vulnerability in banner-upload.php in Szymon ...) + TODO: check +CVE-2007-4375 (The administrative interface (aka DkService.exe) in Diskeeper 9 ...) + TODO: check +CVE-2007-4374 (Babo Violent 2 2.08.00 does not validate the sender field of a chat ...) + TODO: check +CVE-2007-4373 (The server in Babo Violent 2 2.08.00 and earlier does not properly ...) + TODO: check +CVE-2007-4372 (Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server ...) + TODO: check +CVE-2004-2684 (Unspecified vulnerability in the %template package in InterSystems ...) + TODO: check +CVE-2004-2683 (Unspecified vulnerability in the %XML.Utils.SchemaServer class in ...) + TODO: check +CVE-2003-1333 (Unspecified vulnerability in the Cache'' Server Page (CSP) ...) + TODO: check CVE-2007-XXXX [clamav htmlnorm DoS] - clamav <not-affected> (Only exploitable if CL_EXPERIMENTAL is set) CVE-2007-XXXX [clamav floating point exception in OLE2 scanner DoS] @@ -207,25 +401,25 @@ - knowledgetree <removed> CVE-2007-4279 (PHP remote file inclusion vulnerability in config.php in ...) NOT-FOR-US: FrontAccounting -CVE-2007-4278 (Stack-based buffer overflow in ESRI ArcSDE service 9.2, as used with ...) +CVE-2007-4278 (Stack-based buffer overflow in the giomgr process in ESRI ArcSDE ...) NOT-FOR-US: ESRI ArcSDE CVE-2007-4277 RESERVED -CVE-2007-4276 - RESERVED -CVE-2007-4275 - RESERVED +CVE-2007-4276 (Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 ...) + TODO: check +CVE-2007-4275 (Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before ...) + TODO: check CVE-2007-4274 REJECTED NOT-FOR-US: Duplicate of CVE-2007-4275 -CVE-2007-4273 - RESERVED -CVE-2007-4272 - RESERVED -CVE-2007-4271 - RESERVED -CVE-2007-4270 - RESERVED +CVE-2007-4273 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local ...) + TODO: check +CVE-2007-4272 (Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 ...) + TODO: check +CVE-2007-4271 (Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 ...) + TODO: check +CVE-2007-4270 (Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 ...) + TODO: check CVE-2007-4269 RESERVED CVE-2007-4268 @@ -343,14 +537,14 @@ RESERVED CVE-2007-4217 RESERVED -CVE-2007-4216 - RESERVED +CVE-2007-4216 (vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before ...) + TODO: check CVE-2007-4215 RESERVED CVE-2007-4214 RESERVED -CVE-2007-4213 - RESERVED +CVE-2007-4213 (Palm OS on Treo 650, 680, 700p, and 755p Smart phones allows remote ...) + TODO: check CVE-2007-4212 (Multiple cross-site scripting (XSS) vulnerabilities in the Search ...) NOT-FOR-US: PHP-Nuke CVE-2007-4211 (The ACL plugin in Dovecot before 1.0.3 allows remote authenticated ...) @@ -707,7 +901,8 @@ NOT-FOR-US: Pony Gallery CVE-2007-4045 (The CUPS service on SUSE Linux before 20070720 allows remote attackers ...) - cupsys <not-affected> (SuSE-specific regression) -CVE-2007-4044 (Incomplete blacklist vulnerability in the MS-RPC functionality in smbd ...) +CVE-2007-4044 + REJECTED - samba <not-affected> (SuSE-specific regression) NOTE: I''ve contacted SuSE: It''s a functional regression in SuSE, not a security problem CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...) @@ -730,7 +925,7 @@ NOT-FOR-US: Guidance Software CVE-2007-4035 (** DISPUTED ** ...) NOT-FOR-US: Guidance Software -CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 ActiveX control ...) +CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! ...) NOT-FOR-US: Yahoo! Widgets CVE-2007-4033 (Buffer overflow in php_gd2.dll in the gd (PHP_GD2) extension in PHP ...) TODO: check @@ -1653,8 +1848,8 @@ NOT-FOR-US: Maia Mailguard CVE-2007-3619 (Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 ...) NOT-FOR-US: Maia Mailguard -CVE-2007-3618 - RESERVED +CVE-2007-3618 (Stack-based buffer overflow in the NetWorker Remote Exec Service ...) + TODO: check CVE-2007-3617 (The report module in vtiger CRM before 5.0.3 does not properly apply ...) NOT-FOR-US: vtiger CRM CVE-2007-3616 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...) @@ -1792,7 +1987,7 @@ NOT-FOR-US: bbs100 CVE-2007-3551 (Buffer overflow in bbs100 before 3.2 allows remote attackers to cause ...) NOT-FOR-US: bbs100 -CVE-2007-3550 (Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to ...) +CVE-2007-3550 (** DISPUTED ** ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3549 (SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 ...) NOT-FOR-US: Buddy Zone @@ -1829,7 +2024,7 @@ NOT-FOR-US: WebChat CVE-2007-3533 (The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote ...) NOT-FOR-US: 3Com -CVE-2007-3532 (nvidia-drivers before 1.0.7185, 1.0.9639, and 100.14.11, as used in ...) +CVE-2007-3532 (NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and ...) TODO: check CVE-2007-3531 (The set_default_speeds function in backend/backend.c in NVidia NVClock ...) TODO: check @@ -4240,7 +4435,7 @@ NOT-FOR-US: CA Anti-Virus CVE-2007-2522 (Stack-based buffer overflow in the inoweb Console Server in CA ...) NOT-FOR-US: CA Anti-Virus -CVE-2007-2521 (PHP remote file inclusion vulnerability in common.php in E-GADS! 2.2.6 ...) +CVE-2007-2521 (PHP remote file inclusion vulnerability in common.php in E-GADS! ...) NOT-FOR-US: E-GADS! CVE-2007-2520 (SQL injection vulnerability in admin.php in MyNews 0.10, when ...) NOT-FOR-US: MyNews @@ -4965,7 +5160,7 @@ NOT-FOR-US: Microsoft CVE-2007-2217 RESERVED -CVE-2007-2216 (Unspecified vulnerability in the tblinf32.dll (aka vstlbinf.dll) ...) +CVE-2007-2216 (The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-2215 RESERVED @@ -9636,8 +9831,8 @@ RESERVED CVE-2007-0438 RESERVED -CVE-2007-0437 - RESERVED +CVE-2007-0437 (Multiple cross-site scripting (XSS) vulnerabilities in the sample ...) + TODO: check CVE-2007-0436 (Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install ...) NOT-FOR-US: X-Kryptor CVE-2005-4824 (PHP remote file inclusion vulnerability in web/classes.php in ...) @@ -31677,8 +31872,8 @@ - uw-imap 7:2002edebian1-12 (medium; bug #332215) - pine 4.64-1 (medium; bug #348407) [sarge] - pine <no-dsa> (pine is non-free; doesn''t permit distribution of modified binaries) -CVE-2005-2932 - RESERVED +CVE-2005-2932 (Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, ...) + TODO: check CVE-2005-2931 (Format string vulnerability in the SMTP service in IMail Server 8.20 ...) NOT-FOR-US: Ipswitch Collaboration Suite CVE-2005-2929 (Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote ...)