joeyh at alioth.debian.org
2007-Oct-15 21:14 UTC
[Secure-testing-commits] r6973 - data/CVE
Author: joeyh
Date: 2007-10-15 21:14:08 +0000 (Mon, 15 Oct 2007)
New Revision: 6973
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-10-15 19:14:12 UTC (rev 6972)
+++ data/CVE/list 2007-10-15 21:14:08 UTC (rev 6973)
@@ -1,3 +1,236 @@
+CVE-2007-5459 (Cross-site scripting (XSS) vulnerability in the sidebar HTML
page in ...)
+ TODO: check
+CVE-2007-5458 (SQL injection vulnerability in index.php in the newsletter
module 1.0 ...)
+ TODO: check
+CVE-2007-5457 (Multiple PHP remote file inclusion vulnerabilities in Michael
Dempfle ...)
+ TODO: check
+CVE-2007-5456 (Microsoft Internet Explorer 7 and earlier allows remote
attackers to ...)
+ TODO: check
+CVE-2007-5455 (Cross-site scripting (XSS) vulnerability in cgi-bin/wxis.exe in
...)
+ TODO: check
+CVE-2007-5454 (Directory traversal vulnerability in index.php in PHP File
Sharing ...)
+ TODO: check
+CVE-2007-5453 (Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2
allow ...)
+ TODO: check
+CVE-2007-5452 (Multiple SQL injection vulnerabilities in php-stats.recjs.php in
...)
+ TODO: check
+CVE-2007-5451 (PHP remote file inclusion vulnerability in admin.color.php in
the ...)
+ TODO: check
+CVE-2007-5450 (Unspecified vulnerability in Safari on the Apple iPod touch (aka
...)
+ TODO: check
+CVE-2007-5449 (SQL injection vulnerability in searchresult.php in Softbiz
Recipes ...)
+ TODO: check
+CVE-2007-5448 (Madwifi 0.9.3.2 and earlier allows remote attackers to cause a
denial ...)
+ TODO: check
+CVE-2007-5447 (ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension
for PHP ...)
+ TODO: check
+CVE-2007-5446 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
+ TODO: check
+CVE-2007-5445 (Buffer overflow in the DB Software Laboratory VImpX (VImpAX1)
ActiveX ...)
+ TODO: check
+CVE-2007-5444 (CMS Made Simple 1.1.3.1 allows remote attackers to obtain the
full ...)
+ TODO: check
+CVE-2007-5443 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made
Simple ...)
+ TODO: check
+CVE-2007-5442 (CMS Made Simple 1.1.3.1 does not check the permissions assigned
to ...)
+ TODO: check
+CVE-2007-5441 (CMS Made Simple 1.1.3.1 does not check the permissions assigned
to ...)
+ TODO: check
+CVE-2007-5440 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-5439 (CA (formerly Computer Associates) eTrust ITM (Threat Manager)
8.1 ...)
+ TODO: check
+CVE-2007-5438 (Unspecified vulnerability in a certain ActiveX control in
Reconfig.DLL ...)
+ TODO: check
+CVE-2007-5437 (The web console in CA (formerly Computer Associates) eTrust ITM
...)
+ TODO: check
+CVE-2007-5436 (Buffer overflow in a certain ActiveX control in
ScanObjectBrowser.DLL ...)
+ TODO: check
+CVE-2007-5435 (Unspecified vulnerability in CA ERwin Process Modeler (formerly
...)
+ TODO: check
+CVE-2007-5434 (Cross-site scripting (XSS) vulnerability in PRO-search 0.17.1
and ...)
+ TODO: check
+CVE-2007-5433 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi
in ...)
+ TODO: check
+CVE-2007-5432 (Stride 1.0 has a default administrator username of
"scott" with the ...)
+ TODO: check
+CVE-2007-5431 (include/imageupload.js in the MyFTPUploader module in Stride 1.0
...)
+ TODO: check
+CVE-2007-5430 (Multiple SQL injection vulnerabilities in Stride 1.0 allow
remote ...)
+ TODO: check
+CVE-2007-5429 (Cross-site scripting (XSS) vulnerability in index.php in Nucleus
3.01 ...)
+ TODO: check
+CVE-2007-5428 (Cross-site scripting (XSS) vulnerability in UMI CMS allows
remote ...)
+ TODO: check
+CVE-2007-5427 (Cross-site scripting (XSS) vulnerability in the com_search
component ...)
+ TODO: check
+CVE-2007-5426 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB
NX ...)
+ TODO: check
+CVE-2007-5425 (SQL injection vulnerability in admin/index.php in Interspire
ActiveKB ...)
+ TODO: check
+CVE-2007-5424 (The disable_functions feature in PHP 4 and 5 allows attackers to
...)
+ TODO: check
+CVE-2007-5423 (Eval injection vulnerability in tiki-graph_formula.php in
TikiWiki ...)
+ TODO: check
+CVE-2007-5422 (Unspecified vulnerability in "Solaris
Auditing" in the Basic Security ...)
+ TODO: check
+CVE-2007-5421
+ REJECTED
+ TODO: check
+CVE-2007-5420 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote
...)
+ TODO: check
+CVE-2007-5419 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when
enabling an ...)
+ TODO: check
+CVE-2007-5418 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G
2.2 ...)
+ TODO: check
+CVE-2007-5417 (Directory traversal vulnerability in index.php in boastMachine
(aka ...)
+ TODO: check
+CVE-2007-5416 (Drupal 5.2 and earlier does not properly unset variables when
the ...)
+ TODO: check
+CVE-2007-5415 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0,
when ...)
+ TODO: check
+CVE-2007-5414 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox
before ...)
+ TODO: check
+CVE-2007-5413
+ RESERVED
+CVE-2007-5412 (Multiple PHP remote file inclusion vulnerabilities in the
Quoc-Huy MP3 ...)
+ TODO: check
+CVE-2007-5411 (Cross-site scripting (XSS) vulnerability in the Linksys SPA941
VoIP ...)
+ TODO: check
+CVE-2007-5410 (PHP remote file inclusion vulnerability in
admin.wmtrssreader.php in ...)
+ TODO: check
+CVE-2007-5409 (PHP remote file inclusion vulnerability in
admin/nuseo_admin_d.php in ...)
+ TODO: check
+CVE-2007-5408 (SQL injection vulnerability in category.php in cpDynaLinks 1.02
allows ...)
+ TODO: check
+CVE-2007-5407 (Multiple PHP remote file inclusion vulnerabilities in the ...)
+ TODO: check
+CVE-2007-5406
+ RESERVED
+CVE-2007-5405
+ RESERVED
+CVE-2007-5404
+ RESERVED
+CVE-2007-5403
+ RESERVED
+CVE-2007-5402
+ RESERVED
+CVE-2007-5401
+ RESERVED
+CVE-2007-5400
+ RESERVED
+CVE-2007-5399
+ RESERVED
+CVE-2007-5398
+ RESERVED
+CVE-2007-5397
+ RESERVED
+CVE-2007-5396
+ RESERVED
+CVE-2007-5395
+ RESERVED
+CVE-2007-5394
+ RESERVED
+CVE-2007-5393
+ RESERVED
+CVE-2007-5392
+ RESERVED
+CVE-2003-1357 (ProxyView has a default administrator password of Administrator
for ...)
+ TODO: check
+CVE-2003-1356 (The "file handling" in sort in HP-UX 10.01
through 10.20, and 11.00 ...)
+ TODO: check
+CVE-2003-1355 (Buffer overflow in the remote console (rcon) in Battlefield 1942
1.2 ...)
+ TODO: check
+CVE-2003-1354 (Multiple GameSpy 3D 2.62 compatible gaming servers generate very
large ...)
+ TODO: check
+CVE-2003-1353 (Multiple cross-site scripting (XSS) vulnerabilities in Outreach
...)
+ TODO: check
+CVE-2003-1352 (Gabber 0.8.7 sends an email to a specific address during user
login ...)
+ TODO: check
+CVE-2003-1351 (Directory traversal vulnerability in edittag.cgi in EditTag 1.1
allows ...)
+ TODO: check
+CVE-2003-1350 (List Site Pro 2.0 allows remote attackers to hijack user
accounts by ...)
+ TODO: check
+CVE-2003-1349 (Directory traversal vulnerability in NITE ftp-server
(NiteServer) 1.83 ...)
+ TODO: check
+CVE-2003-1348 (Cross-site scripting (XSS) vulnerability in guestbook.cgi in
ftls.org ...)
+ TODO: check
+CVE-2003-1347 (Cross-site scripting (XSS) vulnerability in Geeklog 1.3.7 allows
...)
+ TODO: check
+CVE-2003-1346 (D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly
2.5 ...)
+ TODO: check
+CVE-2003-1345 (Directory traversal vulnerability in s.dll in WebCollection Plus
5.00 ...)
+ TODO: check
+CVE-2003-1344 (Trend Micro Virus Control System (TVCS) Log Collector allows
remote ...)
+ TODO: check
+CVE-2003-1343 (Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before
6.1 ...)
+ TODO: check
+CVE-2003-1342 (Trend Micro Virus Control System (TVCS) 1.8 running with IIS
allows ...)
+ TODO: check
+CVE-2003-1341 (The default installation of Trend Micro OfficeScan 3.0 through
3.54 ...)
+ TODO: check
+CVE-2002-2258 (Moby NetSuite allows remote attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2002-2257 (Stack-based buffer overflow in the parse_field function in
cgi_lib.c ...)
+ TODO: check
+CVE-2002-2256 (Directory traversal vulnerability in pWins Webserver 0.2.5 and
earlier ...)
+ TODO: check
+CVE-2002-2255 (Cross-site scripting (XSS) vulnerability in search.php in phpBB
2.0.3 ...)
+ TODO: check
+CVE-2002-2254 (The experimental IP packet queuing feature in Netfilter /
IPTables in ...)
+ TODO: check
+CVE-2002-2253 (Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and
earlier ...)
+ TODO: check
+CVE-2002-2252 (SQL injection vulnerability in auth.inc.php in Thatware 0.5.0
and ...)
+ TODO: check
+CVE-2002-2251 (Buffer overflow in the changevalue function in libcgi.h for
Marcos ...)
+ TODO: check
+CVE-2002-2250 (Multiple buffer overflows in Sybase Adaptive Server 12.0 and
12.5 ...)
+ TODO: check
+CVE-2002-2249 (PHP remote file inclusion vulnerability in News Evolution 2.0
allows ...)
+ TODO: check
+CVE-2002-2248 (Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java
class ...)
+ TODO: check
+CVE-2002-2247 (The administrator/phpinfo.php script in Mambo Site Server 4.0.11
...)
+ TODO: check
+CVE-2002-2246 (Cross-site scripting (XSS) vulnerability in VisNetic Website
before ...)
+ TODO: check
+CVE-2002-2245 (ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote
a ...)
+ TODO: check
+CVE-2002-2244 (Akfingerd 0.5 and earlier versions allow local users to cause a
denial ...)
+ TODO: check
+CVE-2002-2243 (Akfingerd 0.5 and possibly earlier versions only allows one
connection ...)
+ TODO: check
+CVE-2002-2242 (The Apple Package Manager in KisMAC 0.02a and earlier modifies
file ...)
+ TODO: check
+CVE-2002-2241 (Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite
before ...)
+ TODO: check
+CVE-2002-2240 (Directory traversal vulnerability in MyServer 0.11 and 0.2
allows ...)
+ TODO: check
+CVE-2002-2239 (The Cisco Optical Service Module (OSM) for the Catalyst 6500 and
7600 ...)
+ TODO: check
+CVE-2002-2238 (Directory traversal vulnerability in the Kunani ODBC FTP Server
1.0.10 ...)
+ TODO: check
+CVE-2002-2237 (tftp32 TFTP server 2.21 and earlier allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2002-2236 (Format string vulnerability in the awp_log function in
apt-www-proxy ...)
+ TODO: check
+CVE-2002-2235 (member2.php in vBulletin 2.2.9 and earlier does not properly
restrict ...)
+ TODO: check
+CVE-2002-2234 (NetScreen ScreenOS before 4.0.1 allows remote attackers to
bypass the ...)
+ TODO: check
+CVE-2002-2233 (Directory traversal vulnerability in Enceladus Server Suite 3.9
allows ...)
+ TODO: check
+CVE-2002-2232 (Buffer overflow in Enceladus Server Suite 3.9 allows remote
attackers ...)
+ TODO: check
+CVE-2002-2231 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1
allows ...)
+ TODO: check
+CVE-2002-2230 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1
allows ...)
+ TODO: check
+CVE-2002-2229 (Directory traversal vulnerability in Sapio Design Ltd. WebReflex
1.53 ...)
+ TODO: check
+CVE-2002-2228 (MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote
attackers ...)
+ TODO: check
CVE-2007-5461 [path traversal vulnerability in apache tomcat]
TODO: check
CVE-2007-5391 (Unspecified vulnerability in HP Select Identity 4.01 through
4.01.010 ...)
@@ -73,8 +306,8 @@
RESERVED
CVE-2007-5359
RESERVED
-CVE-2007-5358
- RESERVED
+CVE-2007-5358 (Multiple buffer overflows in the voicemail functionality in
Asterisk ...)
+ TODO: check
CVE-2007-5357
RESERVED
CVE-2007-5356
@@ -125,24 +358,24 @@
RESERVED
CVE-2007-5333
RESERVED
-CVE-2007-5332
- RESERVED
-CVE-2007-5331
- RESERVED
-CVE-2007-5330
- RESERVED
-CVE-2007-5329
- RESERVED
-CVE-2007-5328
- RESERVED
-CVE-2007-5327
- RESERVED
-CVE-2007-5326
- RESERVED
-CVE-2007-5325
- RESERVED
+CVE-2007-5332 (Multiple unspecified vulnerabilities in (1) mediasvr and (2)
caloggerd ...)
+ TODO: check
+CVE-2007-5331 (Queue.dll for the message queuing service (LQserver.exe) in CA
...)
+ TODO: check
+CVE-2007-5330 (The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01
through ...)
+ TODO: check
+CVE-2007-5329 (Unspecified vulnerability in dbasvr in CA BrightStor ARCServe
BackUp ...)
+ TODO: check
+CVE-2007-5328 (CA BrightStor ARCServe BackUp v9.01 through R11.5, and
Enterprise ...)
+ TODO: check
+CVE-2007-5327 (Stack-based buffer overflow in the RPC interface for the Message
...)
+ TODO: check
+CVE-2007-5326 (Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA
BrightStor ...)
+ TODO: check
+CVE-2007-5325 (Multiple buffer overflows in (1) the Message Engine and (2)
AScore.dll ...)
+ TODO: check
CVE-2007-5324
- RESERVED
+ REJECTED
CVE-2007-5323 (The RepliStor Server Service in EMC Replistor 6.1.3 allows
remote ...)
NOT-FOR-US: RepliStor Server Service
CVE-2007-5322 (The FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual
FoxPro ...)
@@ -546,8 +779,8 @@
NOT-FOR-US: Peakflow
CVE-2007-5209 (Stack-based buffer overflow in DriveLock.exe in CenterTools
DriveLock ...)
NOT-FOR-US: CenterTools
-CVE-2007-5208
- RESERVED
+CVE-2007-5208 (hpssd in Hewlett-Packard Linux Imaging and Printing Project
(hplip) ...)
+ TODO: check
CVE-2007-5206
RESERVED
CVE-2007-5205
@@ -560,8 +793,8 @@
RESERVED
CVE-2007-5201 (The FTP backend for Duplicity sends the password as a command
line ...)
- duplicity 0.4.3-2 (medium; bug #442840)
-CVE-2007-5200
- RESERVED
+CVE-2007-5200 (hugin in SUSE openSUSE 10.2 and 10.3 allows local users to
overwrite ...)
+ TODO: check
CVE-2007-5199
RESERVED
CVE-2007-5198 (Buffer overflow in the redir function in check_http.c in Nagios
...)
@@ -569,10 +802,10 @@
NOTE: Requires the webserver, which has to be checked, to be compromised
CVE-2007-5197
RESERVED
-CVE-2007-5196
- RESERVED
-CVE-2007-5195
- RESERVED
+CVE-2007-5196 (Unspecified vulnerability in the SSL implementation in Groupwise
...)
+ TODO: check
+CVE-2007-5195 (Unspecified vulnerability in the SSL implementation in Groupwise
...)
+ TODO: check
CVE-2007-5194 (The Chroot server in rMake 1.0.11 creates a /dev/zero device
file with ...)
NOT-FOR-US: rMake
CVE-2007-5192
@@ -1019,8 +1252,7 @@
CVE-2007-4996 (libpurple in Pidgin before 2.2.1 does not properly handle MSN
nudge ...)
- pidgin 2.2.1-1 (medium)
NOTE: Gaim not affected, vulnerable code was introduced in 2.2.0
-CVE-2007-4995 [remote code execution in openssl 0.9.8 DTLS]
- RESERVED
+CVE-2007-4995 (Off-by-one error in the DTLS implementation in OpenSSL 0.9.8
before ...)
- openssl 0.9.8f-1 (low)
- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
- openssl096 <not-affected> (DTLS support was introduced in 0.9.8)
@@ -1898,8 +2130,8 @@
RESERVED
CVE-2007-4620
RESERVED
-CVE-2007-4619
- RESERVED
+CVE-2007-4619 (Multiple integer overflows in Free Lossless Audio Codec (FLAC)
libFLAC ...)
+ TODO: check
CVE-2007-4618 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold
through SP7 ...)
NOT-FOR-US: BEA WebLogic
CVE-2007-4617 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold
through SP7, ...)
@@ -3454,7 +3686,8 @@
CVE-2007-3918 (Cross-site scripting (XSS) vulnerability in account/verify.php
in ...)
{DSA-1383-1}
- gforge 4.6.99+svn6094-1
-CVE-2007-3917 (Unspecified vulnerability in the multiplayer engine in Wesnoth
before ...)
+CVE-2007-3917 (The multiplayer engine in Wesnoth before 1.2.7 allows remote
servers ...)
+ {DSA-1386-1}
- wesnoth 1.2.7-1
CVE-2007-3916 (The main function in skkdic-expr.c in SKK Tools 1.2 allows local
users ...)
- skktools 1.2+0.20061004-3
@@ -4040,8 +4273,8 @@
- sendmail <not-affected> (Concerns only ancient sendmail V5)
CVE-2007-3676
RESERVED
-CVE-2007-3675
- RESERVED
+CVE-2007-3675 (Multiple format string vulnerabilities in the
kavwebscan.CKAVWebScan ...)
+ TODO: check
CVE-2007-3674
RESERVED
CVE-2007-3673 (Symantec symtdi.sys before 7.0.0, as distributed in Symantec
AntiVirus ...)
@@ -6669,7 +6902,7 @@
CVE-2007-2583 (The in_decimal::set function in item_cmpfunc.cc in MySQL before
...)
- mysql-dfsg-5.0 5.0.41-1 (low)
NOTE: http://bugs.mysql.com/bug.php?id=27513
-CVE-2007-2582 (Unspecified vulnerability in the DB2 JDBC Applet Server (DB2JDS)
...)
+CVE-2007-2582 (Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS)
...)
NOT-FOR-US: IBM DB2
CVE-2007-2581 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft
...)
NOT-FOR-US: Microsoft