thr3ads.net - Secure testing commits - [Secure-testing-commits] r6646

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Sep-19 21:14 UTC
[Secure-testing-commits] r6646 - data/CVE

Author: joeyh
Date: 2007-09-19 21:14:09 +0000 (Wed, 19 Sep 2007)
New Revision: 6646

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-09-19 20:26:42 UTC (rev 6645)
+++ data/CVE/list	2007-09-19 21:14:09 UTC (rev 6646)
@@ -1,3 +1,99 @@
+CVE-2007-4972 (RegMon 7.04 does not properly validate certain parameters to
System ...)
+	TODO: check
+CVE-2007-4971 (ProSecurity 1.40 Beta 2 does not properly validate certain
parameters ...)
+	TODO: check
+CVE-2007-4970 (ProcessGuard 3.410 does not properly validate certain parameters
to ...)
+	TODO: check
+CVE-2007-4969 (Process Monitor 1.22 does not properly validate certain
parameters to ...)
+	TODO: check
+CVE-2007-4968 (Privatefirewall 5.0.14.2 does not properly validate certain
parameters ...)
+	TODO: check
+CVE-2007-4967 (Online Armor Personal Firewall 2.0.1.215 does not properly
validate ...)
+	TODO: check
+CVE-2007-4966 (SQL injection vulnerability in www/people/editprofile.php in
GForge ...)
+	TODO: check
+CVE-2007-4965 (Multiple integer overflows in the imageop module in Python 2.5.1
and ...)
+	TODO: check
+CVE-2007-4964 (WinImage 8.10 and earlier allows remote attackers to cause a
denial of ...)
+	TODO: check
+CVE-2007-4963 (Visual truncation vulnerability in WinImage 8.10 and earlier
allows ...)
+	TODO: check
+CVE-2007-4962 (Directory traversal vulnerability in WinImage 8.10 and earlier
allows ...)
+	TODO: check
+CVE-2007-4961 (The login_to_simulator method in Linden Lab Second Life, as used
by ...)
+	TODO: check
+CVE-2007-4960 (Argument injection vulnerability in the Linden Lab Second Life
...)
+	TODO: check
+CVE-2007-4959 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2007-4958 (Multiple cross-site scripting (XSS) vulnerabilities in
TinyWebGallery ...)
+	TODO: check
+CVE-2007-4957 (Multiple directory traversal vulnerabilities in download.php in
Chupix ...)
+	TODO: check
+CVE-2007-4956 (Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow
remote ...)
+	TODO: check
+CVE-2007-4955 (PHP remote file inclusion vulnerability in
admin.joomlaflashfun.php in ...)
+	TODO: check
+CVE-2007-4954 (PHP remote file inclusion vulnerability in admin.joom12pic.php
in the ...)
+	TODO: check
+CVE-2007-4953 (SQL injection vulnerability in index.php in SimpCMS allows
remote ...)
+	TODO: check
+CVE-2007-4952 (SQL injection vulnerability in article.php in OmniStar Article
Manager ...)
+	TODO: check
+CVE-2007-4951 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-4950 (** DISPUTED ** PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-4949 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-4948 (Multiple PHP remote file inclusion vulnerabilities in Webmedia
...)
+	TODO: check
+CVE-2007-4947 (Multiple PHP remote file inclusion vulnerabilities in
myphpPagetool ...)
+	TODO: check
+CVE-2007-4946 (LetterGrade allows remote attackers to obtain sensitive
information ...)
+	TODO: check
+CVE-2007-4945 (Multiple cross-site scripting (XSS) vulnerabilities in
LetterGrade ...)
+	TODO: check
+CVE-2007-4944 (The canvas.createPattern function in Opera 9.x before 9.22 for
Linux, ...)
+	TODO: check
+CVE-2007-4943 (Multiple buffer overflows in a certain ActiveX control in
sparser.dll ...)
+	TODO: check
+CVE-2007-4942 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-4941 (KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause
a ...)
+	TODO: check
+CVE-2007-4940 (Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0
and ...)
+	TODO: check
+CVE-2007-4939 (Heap-based buffer overflow in mplayerc.exe in Media Player
Classic ...)
+	TODO: check
+CVE-2007-4938 (Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer
1.0rc1 ...)
+	TODO: check
+CVE-2007-4937 (CS Guestbook stores sensitive information under the web root
with ...)
+	TODO: check
+CVE-2007-4936 (Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x
has ...)
+	TODO: check
+CVE-2007-4935 (Multiple PHP remote file inclusion vulnerabilities in phpFFL
1.24 ...)
+	TODO: check
+CVE-2007-4934 (Multiple PHP remote file inclusion vulnerabilities in phpFFL
1.24 ...)
+	TODO: check
+CVE-2007-4933 (Direct static code injection vulnerability in ...)
+	TODO: check
+CVE-2007-4932 (admin.php in Shop-Script FREE 2.0 and earlier sends a redirect
to the ...)
+	TODO: check
+CVE-2007-4931 (HP System Management Homepage (SMH) for Windows, when used in
...)
+	TODO: check
+CVE-2007-4930 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the AXIS ...)
+	TODO: check
+CVE-2007-4929 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS
207W ...)
+	TODO: check
+CVE-2007-4928 (The AXIS 207W camera stores a WEP or WPA key in cleartext in the
...)
+	TODO: check
+CVE-2007-4927 (axis-cgi/buffer/command.cgi on the AXIS 207W camera allows
remote ...)
+	TODO: check
+CVE-2007-4926 (The AXIS 207W camera uses a base64-encoded cleartext username
and ...)
+	TODO: check
+CVE-2007-4925 (The ewirePC_Decrypt function in ewirepcfunctions.php in eWire
Payment ...)
+	TODO: check
 CVE-2007-4924
 	RESERVED
 CVE-2007-4923 (PHP remote file inclusion vulnerability in
admin.joomlaradiov5.php in ...)
@@ -381,10 +477,10 @@
 	- alien-arena 6.05-4.1 (medium; bug #442075)
 CVE-2007-4753 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote
...)
 	NOT-FOR-US: Thomson ST 2030 SIP phone
-CVE-2007-4751
-	RESERVED
-CVE-2007-4750
-	RESERVED
+CVE-2007-4751 (RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file
data in ...)
+	TODO: check
+CVE-2007-4750 (Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768
...)
+	TODO: check
 CVE-2007-4749 (The cmdjob utility in Autodesk Backburner 3.0.2 allows remote
...)
 	NOT-FOR-US: Autodesk Backburner
 CVE-2007-4752 (ssh in OpenSSH before 4.7 does not properly handle when an
untrusted ...)
@@ -1756,8 +1852,7 @@
 	- samba 3.0.26-1
 	[etch] - samba <not-affected> (Vulnerable code was introduced in 3.0.25)
 	[sarge] - samba <not-affected> (Vulnerable code was introduced in
3.0.25)
-CVE-2007-4137 [buffer overflow in QUtf8Decoder]
-	RESERVED
+CVE-2007-4137 (Off-by-one error in the QUtf8Decoder::toUnicode function in
Trolltech ...)
 	- qt-x11-free 3:3.3.7-8 (medium; bug #442780)
 	- qt4-x11 <not-affected> (Not exploitable according to upstream)
 CVE-2007-4136
@@ -4426,8 +4521,8 @@
 	NOT-FOR-US: Fujitsu-Siemens
 CVE-2007-3011 (The DBAsciiAccess CGI Script in the web interface in
Fujitsu-Siemens ...)
 	NOT-FOR-US: Fujitsu-Siemens
-CVE-2007-3010
-	RESERVED
+CVE-2007-3010 (masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX
...)
+	TODO: check
 CVE-2007-3009 (Format string vulnerability in the MprLogToFile::logEvent
function in ...)
 	NOT-FOR-US: Mbedthis AppWeb
 CVE-2007-3008 (Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method,
which has ...)
@@ -4861,8 +4956,7 @@
 CVE-2007-2835 (Multiple stack-based buffer overflows in (1) CCE_pinyin.c and
(2) ...)
 	{DSA-1328-1}
 	- unicon 3.0.4-12 (bug #431336)
-CVE-2007-2834 [OO TIFF heap overflow]
-	RESERVED
+CVE-2007-2834 (Integer overflow in the TIFF parser in OpenOffice.org (OOo)
before 2.3 ...)
 	- openoffice.org 2.2.1-9 (medium)
 CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of
service ...)
 	{DSA-1316-1}
@@ -7085,8 +7179,8 @@
 	NOT-FOR-US: IrfanView
 CVE-2007-1866 (Stack-based buffer overflow in the dns_decode_reverse_name
function in ...)
 	NOT-FOR-US: dproxy-nexgen
-CVE-2007-1865
-	RESERVED
+CVE-2007-1865 (** DISPUTED ** ...)
+	TODO: check
 CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before
4.4.7, ...)
 	{DSA-1331-1 DSA-1330-1}
 	- php4 <unfixed>
@@ -9501,8 +9595,8 @@
 	- xen-3.0 <unfixed> (bug #436250; medium)
 	NOTE: Fedora disabled the VNC access to the Qemu monitor
 	NOTE: An adjusted patch has been sent to the debian bugreport
-CVE-2007-0997
-	RESERVED
+CVE-2007-0997 (Race condition in the tee (sys_tee) system call in the Linux
kernel ...)
+	TODO: check
 CVE-2007-0996 (The child frames in Mozilla Firefox before 1.5.0.10 and 2.x
before ...)
 	{DSA-1336-1}
 	NOTE: MFSA-2007-02
@@ -11250,8 +11344,8 @@
 	NOT-FOR-US: Macrovision
 CVE-2007-0327
 	RESERVED
-CVE-2007-0326
-	RESERVED
+CVE-2007-0326 (Multiple stack-based buffer overflows in the PhotoChannel
Networks PNI ...)
+	TODO: check
 CVE-2007-0325 (Multiple buffer overflows in the Trend Micro OfficeScan
Web-Deployment ...)
 	NOT-FOR-US: Trend Micro OfficeScan
 CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in
...)
@@ -12643,8 +12737,8 @@
 CVE-2007-0005 (Multiple buffer overflows in the (1) read and (2) write handlers
in ...)
 	{DSA-1286-1}
 	- linux-2.6 2.6.20-1
-CVE-2007-0004
-	RESERVED
+CVE-2007-0004 (The NFS client implementation in the kernel in Red Hat
Enterprise ...)
+	TODO: check
 CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent
attackers ...)
 	- pam <not-affected> (Only pam 0.99.7 affected)
 CVE-2007-0002 (Multiple heap-based buffer overflows in WordPerfect Document
...)
Secure testing commits - Sep 2007 - r6646 - data/CVE

[Secure-testing-commits] r6646 - data/CVE
