thr3ads.net - Secure testing commits - [Secure-testing-commits] r6880

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Oct-09 21:14 UTC
[Secure-testing-commits] r6880 - data/CVE

Author: joeyh
Date: 2007-10-09 21:14:11 +0000 (Tue, 09 Oct 2007)
New Revision: 6880

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-10-09 20:44:04 UTC (rev 6879)
+++ data/CVE/list	2007-10-09 21:14:11 UTC (rev 6880)
@@ -1,3 +1,95 @@
+CVE-2007-5288 (The TSC Domain Manager in Hitachi TPBroker Object Transaction
Monitor ...)
+	TODO: check
+CVE-2007-5287 (Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus
Library ...)
+	TODO: check
+CVE-2007-5286 (The Java Secure Socket Extension (JSSE) in the Hitachi
Cosminexus ...)
+	TODO: check
+CVE-2007-5285 (Multiple cross-site scripting (XSS) vulnerabilities in
messages.jsp in ...)
+	TODO: check
+CVE-2007-5284 (Heap-based buffer overflow in ConeXware PowerArchiver before
10.20.21 ...)
+	TODO: check
+CVE-2007-5283 (The TSC Domain Manager in Hitachi TPBroker Object Transaction
Monitor ...)
+	TODO: check
+CVE-2007-5282 (Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus
Library ...)
+	TODO: check
+CVE-2007-5281 (The Java Secure Socket Extension (JSSE) in the Hitachi
Cosminexus ...)
+	TODO: check
+CVE-2007-5280 (Multiple cross-site scripting (XSS) vulnerabilities in
messages.jsp in ...)
+	TODO: check
+CVE-2007-5279 (Heap-based buffer overflow in ConeXware PowerArchiver before
10.20.21 ...)
+	TODO: check
+CVE-2007-5278 (Zomplog 3.8.1 and earlier stores potentially sensitive
information ...)
+	TODO: check
+CVE-2007-5277 (Microsoft Internet Explorer 6 drops DNS pins based on failed
...)
+	TODO: check
+CVE-2007-5276 (Opera 9 drops DNS pins based on failed connections to irrelevant
TCP ...)
+	TODO: check
+CVE-2007-5275 (The Adobe Macromedia Flash 9 plug-in allows remote attackers to
cause ...)
+	TODO: check
+CVE-2007-5274 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and
...)
+	TODO: check
+CVE-2007-5273 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and
...)
+	TODO: check
+CVE-2007-5272 (SQL injection vulnerability in kategori.asp in Furkan Tastan
Blog ...)
+	TODO: check
+CVE-2007-5271 (Multiple PHP remote file inclusion vulnerabilities in Trionic
Cite CMS ...)
+	TODO: check
+CVE-2007-5270 (Unspecified vulnerability in the Boost module before 4.7.x-1.0,
and ...)
+	TODO: check
+CVE-2007-5269 (Certain chunk handlers in libpng before 1.0.29 and 1.2.x before
1.2.21 ...)
+	TODO: check
+CVE-2007-5268 (pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use
(1) ...)
+	TODO: check
+CVE-2007-5267 (Off-by-one error in ICC profile chunk handling in the
png_set_iCCP ...)
+	TODO: check
+CVE-2007-5266 (Off-by-one error in ICC profile chunk handling in the
png_set_iCCP ...)
+	TODO: check
+CVE-2007-5265 (Multiple format string vulnerabilities in websrv.cpp in Dawn of
Time ...)
+	TODO: check
+CVE-2007-5264 (Battlefront Dropteam 1.3.3 and earlier sends the
client''s online ...)
+	TODO: check
+CVE-2007-5263 (Multiple buffer overflows in Battlefront Dropteam 1.3.3 and
earlier ...)
+	TODO: check
+CVE-2007-5262 (Multiple format string vulnerabilities in Battlefront Dropteam
1.3.3 ...)
+	TODO: check
+CVE-2004-2744 (Unspecified vulnerability in Tincan Limited PHPlist before
2.8.12 has ...)
+	TODO: check
+CVE-2004-2743 (upload.cgi in Mega Upload Progress Bar before 1.45 allows remote
...)
+	TODO: check
+CVE-2004-2742 (Cross-site scripting (XSS) vulnerability in the report viewer in
...)
+	TODO: check
+CVE-2004-2741 (Cross-site scripting (XSS) vulnerability in the &quot;help
window&quot; ...)
+	TODO: check
+CVE-2004-2740 (PHP remote file inclusion vulnerability in authform.inc.php in
...)
+	TODO: check
+CVE-2004-2739 (The setup routine (setup.php) in PHProjekt 4.2.1 and earlier
allows ...)
+	TODO: check
+CVE-2004-2738 (Cross-site scripting (XSS) vulnerability in check_user_id.php in
...)
+	TODO: check
+CVE-2004-2737 (SQL injection vulnerability in problist.asp in NetSupport DNA
HelpDesk ...)
+	TODO: check
+CVE-2004-2736 (Polar HelpDesk 3.0 allows remote attackers to bypass
authentication by ...)
+	TODO: check
+CVE-2004-2735 (Cross-site scripting (XSS) vulnerability in P4DB 2.01 and
earlier ...)
+	TODO: check
+CVE-2004-2734 (webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5
uses ...)
+	TODO: check
+CVE-2004-2733 (Web Wiz Forums 7.7a uses invalid logic to determine user
privileges, ...)
+	TODO: check
+CVE-2004-2732 (nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain
...)
+	TODO: check
+CVE-2004-2731 (Multiple integer overflows in Sbus PROM driver ...)
+	TODO: check
+CVE-2004-2730 (Sysinternals PsTools before 2.05, including (1) PsExec before
1.54, ...)
+	TODO: check
+CVE-2004-2729 (Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and
9.0 ...)
+	TODO: check
+CVE-2004-2728 (Buffer overflow in the FTP server of Hummingbird Connectivity
7.1 and ...)
+	TODO: check
+CVE-2004-2727 (Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional
1.5 ...)
+	TODO: check
+CVE-2004-2726 (HTTPMail service in MailEnable Professional 1.18 does not
properly ...)
+	TODO: check
 CVE-2007-XXXX
 	- libpng <not-affected> (vulnerable code not present)
 	NOTE: the version in Debian does not use strncpy to copy the buffer so this
off-by-one
@@ -745,7 +837,7 @@
 	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2007-4975 (Cross-site scripting (XSS) vulnerability in hilfe.php in b1gMail
6.3.1 ...)
 	NOT-FOR-US: b1gMail
-CVE-2007-4974 (Heap-based buffer overflow in libsndfile 1.0.17 and earlier
might ...)
+CVE-2007-4974 (Heap-based buffer overflow in the flac_buffer_copy function in
...)
 	- libsndfile 1.0.17-4 (bug #443386; medium)
 	- ardour <unfixed> (medium; bug #445889)
 CVE-2007-4973
@@ -850,8 +942,8 @@
 	NOT-FOR-US: Axis firmware
 CVE-2007-4925 (The ewirePC_Decrypt function in ewirepcfunctions.php in eWire
Payment ...)
 	NOT-FOR-US: eWire Payment Client
-CVE-2007-4924
-	RESERVED
+CVE-2007-4924 (The Open Phone Abstraction Library (opal), as used by (1) Ekiga
before ...)
+	TODO: check
 CVE-2007-4923 (PHP remote file inclusion vulnerability in
admin.joomlaradiov5.php in ...)
 	NOT-FOR-US: Joomla extension
 CVE-2007-4922 (SQL injection vulnerability in play.php in the jeuxflash 1.0
module ...)
@@ -1012,7 +1104,7 @@
 CVE-2007-4852
 	RESERVED
 CVE-2007-4851
-	RESERVED
+	REJECTED
 CVE-2006-7223 (PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the
...)
 	NOT-FOR-US: Xwiki
 CVE-2005-4862 (The search functionality in XWiki 0.9.793 indexes cleartext user
...)
@@ -1298,6 +1390,7 @@
 CVE-2007-4728
 	RESERVED
 CVE-2007-4727 (Buffer overflow in the fcgi_env_add function in ...)
+	{DSA-1362-1}
 	- lighttpd 1.4.18-1 (medium; bug #441555)
 	NOTE: http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
 	NOTE:
http://www.lighttpd.net/download/lighttpd-1.4.x_mod_fastcgi_overrun.patch
Secure testing commits - Oct 2007 - r6880 - data/CVE

[Secure-testing-commits] r6880 - data/CVE
