thr3ads.net - Secure testing commits - [Secure-testing-commits] r7001

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Oct-18 09:14 UTC
[Secure-testing-commits] r7001 - data/CVE

Author: joeyh
Date: 2007-10-18 09:14:14 +0000 (Thu, 18 Oct 2007)
New Revision: 7001

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-10-18 06:39:03 UTC (rev 7000)
+++ data/CVE/list	2007-10-18 09:14:14 UTC (rev 7001)
@@ -1,10 +1,180 @@
-CVE-2007-5488 [Asterisk SQL Injection Vulnerability in cdr_addon_mysql]
+CVE-2007-5541 (Unspecified vulnerability in Opera before 9.24, when using an
...)
+	TODO: check
+CVE-2007-5540 (Unspecified vulnerability in Opera before 9.24 allows remote
attackers ...)
+	TODO: check
+CVE-2007-5539 (Unspecified vulnerability in Cisco Unified Intelligent Contact
...)
+	TODO: check
+CVE-2007-5538 (Buffer overflow in the Centralized TFTP File Locator Service in
Cisco ...)
+	TODO: check
+CVE-2007-5537 (Cisco Unified Communications Manager (CUCM, formerly
CallManager) 5.1 ...)
+	TODO: check
+CVE-2007-5536 (Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX
...)
+	TODO: check
+CVE-2007-5535 (Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has
unknown ...)
+	TODO: check
+CVE-2007-5534 (Unspecified vulnerability in the HCM component in Oracle
PeopleSoft ...)
+	TODO: check
+CVE-2007-5533 (Unspecified vulnerability in the People Tools component in
Oracle ...)
+	TODO: check
+CVE-2007-5532 (Unspecified vulnerability in the People Tools component in
Oracle ...)
+	TODO: check
+CVE-2007-5531 (Unspecified vulnerability in Oracle Help for Web, as used in
Oracle ...)
+	TODO: check
+CVE-2007-5530 (Unspecified vulnerability in the Database Control component in
Oracle ...)
+	TODO: check
+CVE-2007-5529 (Unspecified vulnerability in the Oracle Self-Service Web
Applications ...)
+	TODO: check
+CVE-2007-5528 (Multiple unspecified vulnerabilities in Oracle E-Business Suite
12.0.2 ...)
+	TODO: check
+CVE-2007-5527 (Multiple unspecified vulnerabilities in Oracle E-Business Suite
...)
+	TODO: check
+CVE-2007-5526 (Unspecified vulnerability in the Oracle Portal component in
Oracle ...)
+	TODO: check
+CVE-2007-5525 (Unspecified vulnerability in the Oracle Single Sign-On component
in ...)
+	TODO: check
+CVE-2007-5524 (Unspecified vulnerability in the Oracle Single Sign-On component
in ...)
+	TODO: check
+CVE-2007-5523 (Unspecified vulnerability in the Oracle Internet Directory
component ...)
+	TODO: check
+CVE-2007-5522 (Unspecified vulnerability in the Oracle Portal component in
Oracle ...)
+	TODO: check
+CVE-2007-5521 (Unspecified vulnerability in the Oracle Containers for J2EE
component ...)
+	TODO: check
+CVE-2007-5520 (Unspecified vulnerability in the Oracle Internet Directory
component ...)
+	TODO: check
+CVE-2007-5519 (Unspecified vulnerability in the Oracle Portal component in
Oracle ...)
+	TODO: check
+CVE-2007-5518 (Unspecified vulnerability in the Oracle HTTP Server component in
...)
+	TODO: check
+CVE-2007-5517 (Unspecified vulnerability in the Oracle Portal component in
Oracle ...)
+	TODO: check
+CVE-2007-5516 (Unspecified vulnerability in the Oracle Process Mgmt &amp;
Notification ...)
+	TODO: check
+CVE-2007-5515 (Unspecified vulnerability in the Spatial component in Oracle
Database ...)
+	TODO: check
+CVE-2007-5514 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3
have ...)
+	TODO: check
+CVE-2007-5513 (The XML DB (XMLDB) component in Oracle Database 9.2.0.8,
9.2.0.8DV, ...)
+	TODO: check
+CVE-2007-5512 (Unspecified vulnerability in the Oracle Database Vault component
in ...)
+	TODO: check
+CVE-2007-5511 (SQL injection vulnerability in Workspace Manager for Oracle
Database ...)
+	TODO: check
+CVE-2007-5510 (Multiple unspecified vulnerabilities in the Workspace Manager
...)
+	TODO: check
+CVE-2007-5509 (Unspecified vulnerability in the Spatial component in Oracle
Database ...)
+	TODO: check
+CVE-2007-5508 (Multiple SQL injection vulnerabilities in the CTXSYS Intermedia
...)
+	TODO: check
+CVE-2007-5507 (The GIOP service in TNS Listener in the Oracle Net Services
component ...)
+	TODO: check
+CVE-2007-5506 (The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8,
...)
+	TODO: check
+CVE-2007-5505 (Multiple unspecified vulnerabilities in Oracle Database
9.0.1.5+, ...)
+	TODO: check
+CVE-2007-5504 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+
and ...)
+	TODO: check
+CVE-2007-5503
+	RESERVED
+CVE-2007-5502
+	RESERVED
+CVE-2007-5501
+	RESERVED
+CVE-2007-5500
+	RESERVED
+CVE-2007-5499
+	RESERVED
+CVE-2007-5498
+	RESERVED
+CVE-2007-5497
+	RESERVED
+CVE-2007-5496
+	RESERVED
+CVE-2007-5495
+	RESERVED
+CVE-2007-5494
+	RESERVED
+CVE-2007-5493 (The SMS handler for Windows Mobile 2005 Pocket PC Phone edition
allows ...)
+	TODO: check
+CVE-2007-5492 (Static code injection vulnerability in the translation module
...)
+	TODO: check
+CVE-2007-5491 (Directory traversal vulnerability in the translation module ...)
+	TODO: check
+CVE-2007-5490 (SQL injection vulnerability in default.asp in Okul Otomasyon
Portal ...)
+	TODO: check
+CVE-2007-5489 (Directory traversal vulnerability in index.php in Artmedic CMS
3.4 and ...)
+	TODO: check
+CVE-2007-5487 (Stack-based buffer overflow in COWON America jetAudio Basic
7.0.3 ...)
+	TODO: check
+CVE-2007-5486 (dotProject before 2.1 does not properly check privileges when
invoking ...)
+	TODO: check
+CVE-2007-5485 (SQL injection vulnerability in index.php in the mg2 1.0 module
for ...)
+	TODO: check
+CVE-2007-5484 (Directory traversal vulnerability in wxis.exe in WWWISIS 7.1
allows ...)
+	TODO: check
+CVE-2007-5483 (Unspecified vulnerability in the Administrative Scripting Tools
(such ...)
+	TODO: check
+CVE-2007-5482 (Unspecified vulnerability in the FTP service in Sun ...)
+	TODO: check
+CVE-2007-5481 (Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote
...)
+	TODO: check
+CVE-2007-5480 (Multiple cross-site scripting (XSS) vulnerabilities in InnovaAge
...)
+	TODO: check
+CVE-2007-5479 (Cross-site scripting (XSS) vulnerability in Search.asp in
Xcomputer ...)
+	TODO: check
+CVE-2007-5478 (Cross-site scripting (XSS) vulnerability in projects in Nabh
...)
+	TODO: check
+CVE-2007-5477 (Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net
WebMod ...)
+	TODO: check
+CVE-2007-5476 (Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and
earlier, ...)
+	TODO: check
+CVE-2007-5475
+	RESERVED
+CVE-2007-5474
+	RESERVED
+CVE-2007-5473
+	RESERVED
+CVE-2007-5472
+	RESERVED
+CVE-2003-1373 (Direcory traversal vulnerability in auth.php for PhpBB 1.4.0
through ...)
+	TODO: check
+CVE-2003-1372 (Cross-site scripting (XSS) vulnerability in links.php script in
...)
+	TODO: check
+CVE-2003-1371 (Nuked-Klan 1.3b, and possibly earlier versions, allows remote
...)
+	TODO: check
+CVE-2003-1370 (Multiple cross-site scripting (XSS) vulnerabilities in
Nuked-Klan 1.2b ...)
+	TODO: check
+CVE-2003-1369 (Buffer overflow in ByteCatcher FTP client 1.04b allows remote
...)
+	TODO: check
+CVE-2003-1368 (Buffer overflow in the 32bit FTP client 9.49.1 allows remote
attackers ...)
+	TODO: check
+CVE-2003-1367 (The which_access variable for Majordomo 2.0 through 1.94.4, and
...)
+	TODO: check
+CVE-2003-1366 (chpass in OpenBSD 2.0 through 3.2 allows local users to read
portions ...)
+	TODO: check
+CVE-2003-1365 (The escape_dangerous_chars function in CGI::Lite 2.0 and earlier
does ...)
+	TODO: check
+CVE-2003-1364 (Aprelium Technologies Abyss Web Server 1.1.2, and possibly other
...)
+	TODO: check
+CVE-2003-1363 (The remote web management interface of Aprelium Technologies
Abyss Web ...)
+	TODO: check
+CVE-2003-1362 (Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly
...)
+	TODO: check
+CVE-2003-1361 (Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of
Tivoli ...)
+	TODO: check
+CVE-2003-1360 (Buffer overflow in the setupterm function of (1) lanadmin and
(2) ...)
+	TODO: check
+CVE-2003-1359 (Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22
allows ...)
+	TODO: check
+CVE-2003-1358 (rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment
...)
+	TODO: check
+CVE-2007-5488 (Multiple SQL injection vulnerabilities in cdr_addon_mysql in
...)
 	- asterisk-addons 1.4.4-1
 CVE-2007-5471 (libgssapi before 0.6-13.7, as used by the ISC BIND named daemon
in ...)
 	- libgssapi 0.8-1
 CVE-2007-5470 (Microsoft Expression Media stores the catalog password in
cleartext in ...)
 	NOT-FOR-US: Microsoft Expression Media
-CVE-2007-5469 (OpenSER 1.2.2 does not verify the Digest authentication header
URI ...)
+CVE-2007-5469 (** DISPUTED ** ...)
 	- openser <unfixed> (unimportant; bug #446956)
 	NOTE: should be only "exploitable" in local network with untrusted
users
 CVE-2007-5468 (Cisco CallManager 5.1.1.3000-5 does not verify the Digest ...)
@@ -15,7 +185,7 @@
 	NOT-FOR-US: eXtremail
 CVE-2007-5465 (Directory traversal vulnerability in doop CMS 1.3.7 and earlier
allows ...)
 	NOT-FOR-US: doop CMS
-CVE-2007-5464 (Buffer overflow in Live for Speed 0.5X10 and earlier allows
remote ...)
+CVE-2007-5464 (Stack-based buffer overflow in Live for Speed 0.5X10 and earlier
...)
 	NOT-FOR-US: Live for Speed
 CVE-2007-5463 (ideal_process.php in the iDEAL payment module in ViArt Shop 3.3
beta ...)
 	NOT-FOR-US: ViArt Shop
@@ -31,7 +201,7 @@
 	NOT-FOR-US: Joomla! extension
 CVE-2007-5456 (Microsoft Internet Explorer 7 and earlier allows remote
attackers to ...)
 	NOT-FOR-US: Internet Explorer
-CVE-2007-5455 (Cross-site scripting (XSS) vulnerability in cgi-bin/wxis.exe in
...)
+CVE-2007-5455 (Cross-site scripting (XSS) vulnerability in wxis.exe in WWWISIS
7.1 ...)
 	NOT-FOR-US: WWWISIS
 CVE-2007-5454 (Directory traversal vulnerability in index.php in PHP File
Sharing ...)
 	NOT-FOR-US: PHP File Sharing
@@ -2792,8 +2962,8 @@
 	RESERVED
 CVE-2007-4344
 	RESERVED
-CVE-2007-4343
-	RESERVED
+CVE-2007-4343 (Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows
...)
+	TODO: check
 CVE-2007-4342 (PHP remote file inclusion vulnerability in include.php in
PHPCentral ...)
 	NOT-FOR-US: PHPCentral
 CVE-2007-4341 (PHP remote file inclusion vulnerability in adm/my_statistics.php
in ...)
@@ -5719,7 +5889,7 @@
 	- linux-2.6 2.6.22-4
 CVE-2007-3104 (The sysfs_readdir function in the Linux kernel in Red Hat
Enterprise ...)
 	- linux-2.6 2.6.22-4 (low)
-CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on Red Hat
...)
+CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on various
Linux ...)
 	{DSA-1342-1}
 	- xfs 1:1.0.4-2
 CVE-2007-3102
@@ -32713,7 +32883,7 @@
 	NOT-FOR-US: Sage
 CVE-2003-1241 (Cross-site scripting vulnerability (XSS) in (1) admin_index.php,
(2) ...)
 	NOT-FOR-US: MyGuestbook
-CVE-2003-1240 (CuteNews 0.88 allows remote attackers to execute arbitrary PHP
code by ...)
+CVE-2003-1240 (PHP remote file inclusion vulnerability in CuteNews 0.88 allows
remote ...)
 	NOT-FOR-US: CuteNews
 CVE-2003-1239 (Directory traversal vulnerability in sendphoto.php in WihPhoto
0.86 ...)
 	NOT-FOR-US: WihPhoto
@@ -32758,7 +32928,8 @@
 	- samba 2.2.5 (high)
 CVE-2002-2195 (Buffer overflow in the version update check for Winamp 2.80 and
...)
 	NOT-FOR-US: Winamp
-CVE-2002-2194 (Solaris 8 allows local users to cause a denial of service
(kernel ...)
+CVE-2002-2194
+	REJECTED
 	NOT-FOR-US: Solaris
 CVE-2002-2193 (Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo
Mail 2.7 ...)
 	NOT-FOR-US: Mojo Mail
@@ -32826,13 +32997,15 @@
 	NOT-FOR-US: Cerulean Trillian
 CVE-2002-2161 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote
...)
 	NOT-FOR-US: Kerio Personal Firewall
-CVE-2002-2160 (MidiCart (1) PHP, (2) PHP Plus, and (3) PHP Maxi does not
restrict ...)
+CVE-2002-2160
+	REJECTED
 	NOT-FOR-US: MidiCart
 CVE-2002-2159 (Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with
the ...)
 	NOT-FOR-US: Linksys hardware
 CVE-2002-2158 (zenTrack 2.0.3 and earlier allows remote attackers to obtain the
full ...)
 	NOT-FOR-US: zenTrack
-CVE-2002-2157 (calendar.php in Jelsoft Enterprises vBulletin 2.2.0 and earlier
allows ...)
+CVE-2002-2157
+	REJECTED
 	NOT-FOR-US: vBulletin
 CVE-2002-2156 (Buffer overflow in Trillian 0.73 allows remote IRC servers to
execute ...)
 	NOT-FOR-US: Cerulean Trillian
@@ -32844,7 +33017,8 @@
 	NOT-FOR-US: Oracle Application Server
 CVE-2002-2152 (The Czech edition of Software602''s Web Server before
2002.0.02.0916 ...)
 	NOT-FOR-US: Software602
-CVE-2002-2151 (Cross-site scripting (XSS) vulnerability in Verity Search97
allows ...)
+CVE-2002-2151
+	REJECTED
 	NOT-FOR-US: Search97
 CVE-2002-2150 (Firewalls from multiple vendors empty state tables more slowly
than ...)
 	NOTE: SYN floods etc generally filed as issues in linux specifically
@@ -32853,7 +33027,8 @@
 	NOT-FOR-US: Lucent Access Point
 CVE-2002-2148 (Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline
...)
 	NOT-FOR-US: Lucent MAX Router
-CVE-2002-2147 (Savant Web Server 3.1 and earlier allows remote attackers to
cause a ...)
+CVE-2002-2147
+	REJECTED
 	NOT-FOR-US: Savant Web Server
 CVE-2002-2146 (cgitest.exe in Savant Web Server 3.1 and earlier allows remote
...)
 	NOT-FOR-US: Savant Web Server
@@ -32876,8 +33051,10 @@
 CVE-2002-2137 (GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T,
and ...)
 	NOT-FOR-US: GlobalSunTech Wireless Access Points
 CVE-2002-2136 (The Web-Based Enterprise Management (WBEM) packages (1)
SUNWwbdoc, (2) ...)
+	REJECTED
 	NOT-FOR-US: SUNW*
-CVE-2002-2135 (OnlineJFS and JournalFS.VXFS-BASE-KRN (JFS 3.1) in HP-UX 10.20
through ...)
+CVE-2002-2135
+	REJECTED
 	NOT-FOR-US: HP-UX
 CVE-2002-2134 (haut.php in PEEL 1.0b allows remote attackers to execute
arbitrary PHP ...)
 	NOT-FOR-US: PEEL
@@ -38315,7 +38492,7 @@
 	NOT-FOR-US: phpRank
 CVE-2002-1799 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows
remote ...)
 	NOT-FOR-US: phpRank
-CVE-2002-1798 (MidiCart PHP 1 allows remote attackers to (1) upload arbitrary
php ...)
+CVE-2002-1798 (MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to
(1) ...)
 	NOT-FOR-US: MidiCart
 CVE-2002-1797 (ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100
and ...)
 	NOT-FOR-US: ChaiVM
@@ -40833,7 +41010,7 @@
 	NOT-FOR-US: Sun JVM
 CVE-2003-1133 (Rit Research Labs The Bat! 1.0.11 through 2.0 creates new
accounts ...)
 	NOT-FOR-US: The Bat!
-CVE-2002-1660 (calendar.php in vBulletin 2.0.3 and earlier allows remote
attackers to ...)
+CVE-2002-1660 (calendar.php in vBulletin before 2.2.0 allows remote attackers
to ...)
 	NOT-FOR-US: vBulletin
 CVE-2002-1659 (user_profile.asp in PortalApp 2.2 allows local users to gain
...)
 	NOT-FOR-US: PortalApp
@@ -42369,7 +42546,8 @@
 	NOT-FOR-US: Oracle
 CVE-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows
remote ...)
 	NOT-FOR-US: Oracle
-CVE-2002-1638 (Format string vulnerability in the PL/SQL module for Oracle 9i
...)
+CVE-2002-1638
+	REJECTED
 	NOT-FOR-US: Oracle
 CVE-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are
...)
 	NOT-FOR-US: Oracle
@@ -44916,7 +45094,7 @@
 	NOT-FOR-US: Solaris
 CVE-2003-1055 (Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8
and 9 ...)
 	NOT-FOR-US: Solaris
-CVE-2002-1590 (Web Based Enterprise Management (WBEM) for Solaris 8 with update
1/01 ...)
+CVE-2002-1590 (The Web-Based Enterprise Management (WBEM) packages (1)
SUNWwbdoc, (2) ...)
 	NOT-FOR-US: Solaris
 CVE-2002-1589 (Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST,
...)
 	NOT-FOR-US: Solaris
Secure testing commits - Oct 2007 - r7001 - data/CVE

[Secure-testing-commits] r7001 - data/CVE
