thr3ads.net - Secure testing commits - [Secure-testing-commits] r6868

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Oct-08 21:14 UTC
[Secure-testing-commits] r6868 - data/CVE

Author: joeyh
Date: 2007-10-08 21:14:08 +0000 (Mon, 08 Oct 2007)
New Revision: 6868

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-10-08 14:53:15 UTC (rev 6867)
+++ data/CVE/list	2007-10-08 21:14:08 UTC (rev 6868)
@@ -1,4 +1,174 @@
-CVE-2007-5225 (Unspecified vulnerability in Named Pipes on Sun Solaris 8
through 10 ...)
+CVE-2007-5261 (Multiple SQL injection vulnerabilities in MultiCart 1.0 allow
remote ...)
+	TODO: check
+CVE-2007-5260 (ASP-CMS 1.0 stores sensitive information under the web root with
...)
+	TODO: check
+CVE-2007-5259 (Cross-site request forgery (CSRF) vulnerability in Ilient SysAid
...)
+	TODO: check
+CVE-2007-5258 (PHP remote file inclusion vulnerability in log.php in phpFreeLog
alpha ...)
+	TODO: check
+CVE-2007-5257 (Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX
control ...)
+	TODO: check
+CVE-2007-5256 (Multiple stack-based buffer overflows in FSD 2.052 d9 and
earlier, and ...)
+	TODO: check
+CVE-2007-5255 (Cross-site scripting (XSS) vulnerability in Google Mini Search
...)
+	TODO: check
+CVE-2007-5254 (VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions ...)
+	TODO: check
+CVE-2007-5253 (c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote
...)
+	TODO: check
+CVE-2007-5252 (Buffer overflow in NetSupport Manager (NSM) Client 10.00 and
10.20, ...)
+	TODO: check
+CVE-2007-5251 (Multiple cross-site scripting (XSS) vulnerabilities in Helm
3.2.16 ...)
+	TODO: check
+CVE-2007-5250 (The Windows dedicated server for the Unreal engine, as used by
...)
+	TODO: check
+CVE-2007-5249 (Multiple buffer overflows in the logging function in the Unreal
...)
+	TODO: check
+CVE-2007-5248 (Multiple format string vulnerabilities in the ID Software Doom 3
...)
+	TODO: check
+CVE-2007-5247 (Multiple format string vulnerabilities in the Monolith Lithtech
...)
+	TODO: check
+CVE-2007-5246 (Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748
and ...)
+	TODO: check
+CVE-2007-5245 (Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870
and ...)
+	TODO: check
+CVE-2007-5244 (Stack-based buffer overflow in Borland InterBase LI 8.0.0.53
through ...)
+	TODO: check
+CVE-2007-5243 (Multiple stack-based buffer overflows in Borland InterBase LI
8.0.0.53 ...)
+	TODO: check
+CVE-2007-5242 (Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) ...)
+	TODO: check
+CVE-2007-5241 (Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier
allows ...)
+	TODO: check
+CVE-2007-5240 (Visual truncation vulnerability in the Java Runtime Environment
in Sun ...)
+	TODO: check
+CVE-2007-5239 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK
and JRE ...)
+	TODO: check
+CVE-2007-5238 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK
and JRE ...)
+	TODO: check
+CVE-2007-5237 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does
not ...)
+	TODO: check
+CVE-2007-5236 (Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and
SDK ...)
+	TODO: check
+CVE-2007-5235 (Cross-site scripting (XSS) vulnerability in index.php in
Uebimiau ...)
+	TODO: check
+CVE-2007-5234 (PHP remote file inclusion vulnerability in
upload/common/footer.php in ...)
+	TODO: check
+CVE-2007-5233 (SQL injection vulnerability in index.php in Web Template
Management ...)
+	TODO: check
+CVE-2007-5232 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and
...)
+	TODO: check
+CVE-2007-5231 (Unrestricted file upload vulnerability in admin/upload_files.php
in ...)
+	TODO: check
+CVE-2007-5230 (admin/upload_files.php in Zomplog 3.8.1 and earlier does not
check for ...)
+	TODO: check
+CVE-2007-5229 (Cross-site request forgery (CSRF) vulnerability in the
FeedBurner ...)
+	TODO: check
+CVE-2007-5228 (Cross-site scripting (XSS) vulnerability in the subscription
...)
+	TODO: check
+CVE-2007-5227 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2007-5226 (irc_server.c in dircproxy 1.2.0 and earlier allows remote
attackers to ...)
+	TODO: check
+CVE-2005-4871 (Certain XML functions in IBM DB2 8.1 run with the privileges of
DB2 ...)
+	TODO: check
+CVE-2005-4870 (Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2)
...)
+	TODO: check
+CVE-2005-4869 (The (1) to_char and (2) to_date function in IBM DB2 8.1 allows
local ...)
+	TODO: check
+CVE-2005-4868 (Shared memory sections and events in IBM DB2 8.1 have default
...)
+	TODO: check
+CVE-2005-4867 (Stack-based buffer overflow in the SATENCRYPT function in IBM
DB2 8.1, ...)
+	TODO: check
+CVE-2005-4866 (Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1
...)
+	TODO: check
+CVE-2005-4865 (Stack-based buffer overflow in call in IBM DB2 7.x and 8.1
allows ...)
+	TODO: check
+CVE-2005-4864 (Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1
allows ...)
+	TODO: check
+CVE-2005-4863 (Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1
allows ...)
+	TODO: check
+CVE-2004-2725 (Multiple cross-site scripting (XSS) vulnerabilities in Aztek
Forum 4.0 ...)
+	TODO: check
+CVE-2004-2724 (LionMax Software Chat Anywhere 2.72a allows remote attackers to
cause ...)
+	TODO: check
+CVE-2004-2723 (NessusWX 1.4.4 stores account passwords in plaintext in .session
...)
+	TODO: check
+CVE-2004-2722 (** DISPUTED ** ...)
+	TODO: check
+CVE-2004-2721 (The CheckGroup function in openSkat VTMF before 2.1 generates
public ...)
+	TODO: check
+CVE-2004-2720 (Cross-site scripting (XSS) vulnerability in register.asp in
Snitz ...)
+	TODO: check
+CVE-2004-2719 (Buffer overflow in the UrlToLocal function in PunyLib.dll of
Foxmail ...)
+	TODO: check
+CVE-2004-2718 (PHPMyChat 0.14.5 does not remove or protect setup.php3 after
...)
+	TODO: check
+CVE-2004-2717 (Multiple directory traversal vulnerabilities in admin.php3 in
...)
+	TODO: check
+CVE-2004-2716 (Multiple SQL injection vulnerabilities in usersL.php3 in
PHPMyChat ...)
+	TODO: check
+CVE-2004-2715 (edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to
bypass ...)
+	TODO: check
+CVE-2004-2714 (Unspecified vulnerability in Window Maker 0.80.2 and earlier
allows ...)
+	TODO: check
+CVE-2004-2713 (** DISPUTED ** ...)
+	TODO: check
+CVE-2004-2712 (Buffer overflow in Gyach Enhanced (Gyach-E) before
1.0.0-SneakPeek-3 ...)
+	TODO: check
+CVE-2004-2711 (Multiple buffer overflows in Gyach Enhanced (Gyach-E) before
1.0.2 ...)
+	TODO: check
+CVE-2004-2710 (Multiple buffer overflows in Gyach Enhanced (Gyach-E) before
1.0.3 ...)
+	TODO: check
+CVE-2004-2709 (Buffer overflow in the strip_html_tags method for Gyach Enhanced
...)
+	TODO: check
+CVE-2004-2708 (Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in
plaintext, ...)
+	TODO: check
+CVE-2004-2707 (Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E)
...)
+	TODO: check
+CVE-2004-2706 (Unspecified vulnerability in Gyach Enhanced (Gyach-E) before
1.0.4 ...)
+	TODO: check
+CVE-2004-2705 (Unspecified vulnerability in Player vs. Player Gaming Network
(PvPGN) ...)
+	TODO: check
+CVE-2004-2704 (Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier
(development) ...)
+	TODO: check
+CVE-2004-2703 (Clearswift MIMEsweeper 5.0.5, when it has been upgraded from
...)
+	TODO: check
+CVE-2004-2702 (Cross-site scripting (XSS) vulnerability in login_up.php3 in
Plesk 7.0 ...)
+	TODO: check
+CVE-2004-2701 (Cross-site scripting (XSS) vulnerability in signin.aspx for ...)
+	TODO: check
+CVE-2004-2700 (Unrestricted file upload vulnerability in AspDotNetStorefront
3.3 ...)
+	TODO: check
+CVE-2004-2699 (deleteicon.aspx in AspDotNetStorefront 3.3 allows remote
attackers to ...)
+	TODO: check
+CVE-2004-2698 (Race condition in IMWheel 1.0.0pre11 and earlier, when running
with ...)
+	TODO: check
+CVE-2004-2697 (The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX
4.3.3 ...)
+	TODO: check
+CVE-2004-2696 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when
using ...)
+	TODO: check
+CVE-2004-2695 (SQL injection vulnerability in the Authorize.net callback code
...)
+	TODO: check
+CVE-2004-2694 (Microsoft Outlook Express 6.0 allows remote attackers to bypass
...)
+	TODO: check
+CVE-2004-2693 (HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries
...)
+	TODO: check
+CVE-2004-2692 (The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with
safe ...)
+	TODO: check
+CVE-2004-2691 (Unspecified vulnerability in 3Com SuperStack 3 4400 switches
with ...)
+	TODO: check
+CVE-2004-2690 (Unrestricted file upload vulnerability in the Administration
Panel for ...)
+	TODO: check
+CVE-2004-2689 (NewsPHP allows remote attackers to gain unauthorized
administrative ...)
+	TODO: check
+CVE-2004-2688 (Cross-site scripting (XSS) vulnerability in index.php in NewsPHP
...)
+	TODO: check
+CVE-2001-1585 (SSH protocol 2 (aka SSH-2) public key authentication in the ...)
+	TODO: check
+CVE-2001-1584 (CardBoard 2.4 greeting card CGI by Michael Barretto allows
remote ...)
+	TODO: check
+CVE-2007-5225 (Integer signedness error in FIFO filesystems (named pipes) on
Sun ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2007-5224 (inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier
allows ...)
 	NOT-FOR-US: Original Photo Gallery
@@ -516,10 +686,10 @@
 	RESERVED
 CVE-2007-4991 (The SOCKS4 Proxy in Microsoft Internet Security and Acceleration
(ISA) ...)
 	NOT-FOR-US: Microsoft Internet Security and Acceleration
-CVE-2007-4990
-	RESERVED
+CVE-2007-4990 (The swap_char2b function in X.Org X Font Server (xfs) before
1.0.5 ...)
+	TODO: check
 CVE-2007-4989
-	RESERVED
+	REJECTED
 CVE-2007-4988 (Sign extension error in the ReadDIBImage function in ImageMagick
...)
 	{DTSA-63-1}
 	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
@@ -1485,8 +1655,7 @@
 	- kdebase 4:3.5.7-4
 	[sarge] - kdebase <not-affected> (problem not present in code)
 	NOTE: http://www.kde.org/info/security/advisory-20070919-1.txt
-CVE-2007-4568 [multiple vulnerabilities in X font server]
-	RESERVED
+CVE-2007-4568 (Integer overflow in the build_range function in X.Org X Font
Server ...)
 	- xfs 1:1.0.5-1
 CVE-2007-4567
 	RESERVED
@@ -2925,8 +3094,7 @@
 	RESERVED
 CVE-2007-3919
 	RESERVED
-CVE-2007-3918 [gforge xss]
-	RESERVED
+CVE-2007-3918 (Cross-site scripting (XSS) vulnerability in account/verify.php
in ...)
 	{DSA-1383-1}
 	- gforge 4.6.99+svn6094-1
 CVE-2007-3917
@@ -3190,9 +3358,11 @@
 	NOT-FOR-US: Clavister CorePlus
 CVE-2007-3803 (The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00,
does ...)
 	NOT-FOR-US: Clavister CorePlus
-CVE-2007-3802 (The Decomposer component in multiple Symantec products may allow
...)
+CVE-2007-3802
+	REJECTED
 	NOT-FOR-US: Symantec
-CVE-2007-3801 (The Decomposer component in multiple Symantec products allows
remote ...)
+CVE-2007-3801
+	REJECTED
 	NOT-FOR-US: Symantec
 CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan)
component ...)
 	NOT-FOR-US: Symantec
@@ -3461,8 +3631,8 @@
 	NOT-FOR-US: TippingPoint IPS
 CVE-2007-3700 (Sun Java System Access Manager (formerly Java System Identity
Server) ...)
 	NOT-FOR-US: Sun Java System Access Manager
-CVE-2007-3699
-	RESERVED
+CVE-2007-3699 (The Decomposer component in multiple Symantec products allows
remote ...)
+	TODO: check
 CVE-2007-3698 (The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6
Update 1 ...)
 	- sun-java5 1.5.0-12-1
 	- sun-java6 6-02-1
@@ -11673,8 +11843,8 @@
 CVE-2007-0448 (The fopen function in PHP 5.2.0 does not properly handle invalid
URI ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: open_basedir bypasses not supported
-CVE-2007-0447
-	RESERVED
+CVE-2007-0447 (Heap-based buffer overflow in the Decomposer component in
multiple ...)
+	TODO: check
 CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for
Hewlett-Packard ...)
 	NOT-FOR-US: HP Mercury
 CVE-2007-0445 (Heap-based buffer overflow in the arj.ppl module in the OnDemand
...)
@@ -16970,7 +17140,7 @@
 	NOT-FOR-US: PollXT component (com_pollxt) for Joomla!
 CVE-2006-5044 (Unspecified vulnerability in Prince Clan (Princeclan) Chess
component ...)
 	NOT-FOR-US: Prince Clan (Princeclan) Chess componen (com_pcchess) for Mambo
and Joomla!
-CVE-2006-5043 (Unspecified vulnerability in JoomlaBoard (com_joomlaboard) 1.1.1
and ...)
+CVE-2006-5043 (Multiple PHP remote file inclusion vulnerabilities in the
Joomlaboard ...)
 	NOT-FOR-US: JoomlaBoard (com_joomlaboard) for Joomla!
 CVE-2006-5042 (Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and
earlier ...)
 	NOT-FOR-US: mosMedia (com_mosmedia) for Joomla!
Secure testing commits - Oct 2007 - r6868 - data/CVE

[Secure-testing-commits] r6868 - data/CVE
