thr3ads.net - Secure testing commits - [Secure-testing-commits] r7069

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Oct-23 09:14 UTC
[Secure-testing-commits] r7069 - data/CVE

Author: joeyh
Date: 2007-10-23 09:14:08 +0000 (Tue, 23 Oct 2007)
New Revision: 7069

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-10-23 08:57:06 UTC (rev 7068)
+++ data/CVE/list	2007-10-23 09:14:08 UTC (rev 7069)
@@ -1,4 +1,144 @@
-CVE-2007-5589 [ phpMyAdmin XSS PMASA-2007-6 ]
+CVE-2007-5622
+	RESERVED
+CVE-2007-5621 (Multiple cross-site scripting (XSS) vulnerabilities in the Token
...)
+	TODO: check
+CVE-2007-5620 (Directory traversal vulnerability in admin/inc/help.php in ...)
+	TODO: check
+CVE-2007-5619 (Unspecified vulnerability in VMware Server before 1.0.4 causes
user ...)
+	TODO: check
+CVE-2007-5618 (Unquoted Windows search path in the Authorization and other
services ...)
+	TODO: check
+CVE-2007-5617 (Unspecified vulnerability in VMware Player 1.0.x before 1.0.5
and 2.0 ...)
+	TODO: check
+CVE-2007-5616
+	RESERVED
+CVE-2007-5615
+	RESERVED
+CVE-2007-5614
+	RESERVED
+CVE-2007-5613
+	RESERVED
+CVE-2007-5612
+	RESERVED
+CVE-2007-5611
+	RESERVED
+CVE-2007-5610
+	RESERVED
+CVE-2007-5609
+	RESERVED
+CVE-2007-5608
+	RESERVED
+CVE-2007-5607
+	RESERVED
+CVE-2007-5606
+	RESERVED
+CVE-2007-5605
+	RESERVED
+CVE-2007-5604
+	RESERVED
+CVE-2007-5603
+	RESERVED
+CVE-2007-5602
+	RESERVED
+CVE-2007-5601 (Stack-based buffer overflow in the Database Component in
MPAMedia.dll ...)
+	TODO: check
+CVE-2007-5600 (Incomplete blacklist vulnerability in index.php in Artmedic CMS
3.4 ...)
+	TODO: check
+CVE-2007-5599 (Multiple PHP remote file inclusion vulnerabilities in awrate 1.0
allow ...)
+	TODO: check
+CVE-2007-5598 (Cross-site scripting (XSS) vulnerability in Weblinks for Drupal
4.7.x ...)
+	TODO: check
+CVE-2007-5597 (The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x
before 5.3 ...)
+	TODO: check
+CVE-2007-5596 (The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x
before 5.3 ...)
+	TODO: check
+CVE-2007-5595 (CRLF injection vulnerability in the drupal_goto function in ...)
+	TODO: check
+CVE-2007-5594 (Drupal 5.x before 5.3 does not apply its Drupal Forms API
protection ...)
+	TODO: check
+CVE-2007-5593 (install.php in Drupal 5.x before 5.3, when the configured
database ...)
+	TODO: check
+CVE-2007-5592 (Multiple PHP remote file inclusion vulnerabilities in awzMB 4.2
beta 1 ...)
+	TODO: check
+CVE-2007-5591 (The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS
1000M ...)
+	TODO: check
+CVE-2007-5590 (Multiple buffer overflows in Miranda before 0.7.1 allow remote
...)
+	TODO: check
+CVE-2007-5588 (Cross-site scripting (XSS) vulnerability in mnoGoSearch before
3.2.43 ...)
+	TODO: check
+CVE-2007-5587 (Buffer overflow in Macrovision SafeDisc secdrv.sys, as shipped
in ...)
+	TODO: check
+CVE-2007-5586 (Unspecified vulnerability in a driver in Microsoft Windows XP
SP2 and ...)
+	TODO: check
+CVE-2007-5585 (xscreensaver 5.03 and earlier, when running without ...)
+	TODO: check
+CVE-2007-5584
+	RESERVED
+CVE-2007-5583
+	RESERVED
+CVE-2007-5582
+	RESERVED
+CVE-2007-5581
+	RESERVED
+CVE-2007-5580
+	RESERVED
+CVE-2003-1428 (Gallery 1.3.3 creates directories with insecure permissions,
which ...)
+	TODO: check
+CVE-2003-1427 (Directory traversal vulnerability in the web configuration
interface ...)
+	TODO: check
+CVE-2003-1426 (Openwebmail in cPanel 5.0, when run using suid Perl, adds the
...)
+	TODO: check
+CVE-2003-1425 (guestbook.cgi in cPanel 5.0 allows remote attackers to execute
...)
+	TODO: check
+CVE-2003-1424 (message.php in Petitforum does not properly authenticate users,
which ...)
+	TODO: check
+CVE-2003-1423 (Petitforum stores the liste.txt data file under the web document
root ...)
+	TODO: check
+CVE-2003-1422 (Multiple unspecified vulnerabilities in the installer for
SYSLINUX ...)
+	TODO: check
+CVE-2003-1421 (Unspecified vulnerability in mod_mysql_logger shared object in
SuckBot ...)
+	TODO: check
+CVE-2003-1420 (Cross-site scripting (XSS) vulnerability in Opera 6.0 through
7.0 with ...)
+	TODO: check
+CVE-2003-1419 (Netscape 7.0 allows remote attackers to cause a denial of
service ...)
+	TODO: check
+CVE-2003-1418 (Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows
remote ...)
+	TODO: check
+CVE-2003-1417 (nCipher Support Software 6.00, when using generatekey KeySafe to
...)
+	TODO: check
+CVE-2003-1416 (BisonFTP Server 4 release 2 allows remote attackers to cause a
denial ...)
+	TODO: check
+CVE-2003-1415 (NetCharts XBRL Server 4.0.0 allows remote attackers to obtain
...)
+	TODO: check
+CVE-2003-1414 (Directory traversal vulnerability in parse_xml.cg Apple Darwin
...)
+	TODO: check
+CVE-2003-1413 (parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows
remote ...)
+	TODO: check
+CVE-2003-1412 (PHP remote file inclusion vulnerability in index.php for GONiCUS
...)
+	TODO: check
+CVE-2003-1411 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2003-1410 (PHP remote file inclusion vulnerability in email.php (aka
email.php3) ...)
+	TODO: check
+CVE-2003-1409 (TOPo 1.43 allows remote attackers to obtain sensitive
information by ...)
+	TODO: check
+CVE-2003-1408 (Lotus Domino Server 5.0 and 6.0 allows remote attackers to read
the ...)
+	TODO: check
+CVE-2003-1407 (Buffer overflow in cmd.exe in Windows NT 4.0 may allow local
users to ...)
+	TODO: check
+CVE-2003-1406 (PHP remote file inclusion vulnerability in D-Forum 1.00 through
1.11 ...)
+	TODO: check
+CVE-2003-1405 (DotBr 0.1 allows remote attackers to execute arbitrary shell
commands ...)
+	TODO: check
+CVE-2003-1404 (DotBr 0.1 stores config.inc with insufficient access control
under the ...)
+	TODO: check
+CVE-2003-1403 (foo.php3 in DotBr 0.1 allows remote attackers to obtain
sensitive ...)
+	TODO: check
+CVE-2003-1402 (PHP remote file inclusion vulnerability in hit.php for Kietu 2.0
and ...)
+	TODO: check
+CVE-2003-1401 (login.php in php-Board 1.0 stores plaintext passwords in
$username.txt ...)
+	TODO: check
+CVE-2007-5589 (Muliple cross-site scripting (XSS) vulnerabilities in phpMyAdmin
...)
 	- phpmyadmin 4:2.11.1.2-1
 CVE-2007-5579 (login.php in Pligg CMS 9.5 uses a guessable confirmation code
when ...)
 	NOT-FOR-US: Pligg CMS
@@ -367,8 +507,8 @@
 	RESERVED
 CVE-2007-5473 (StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when
...)
 	- mono <not-affected> (Windows-specific vulnerability)
-CVE-2007-5472
-	RESERVED
+CVE-2007-5472 (Cross-site scripting (XSS) vulnerability in the Server component
in CA ...)
+	TODO: check
 CVE-2003-1373 (Directory traversal vulnerability in auth.php for PhpBB 1.4.0
through ...)
 	- phpbb2 <not-affected> (phpbb was the vulnerable one)
 CVE-2003-1372 (Cross-site scripting (XSS) vulnerability in links.php script in
...)
@@ -696,10 +836,10 @@
 	NOT-FOR-US: CiscoWorks
 CVE-2007-5381 (Stack-based buffer overflow in the Line Printer Daemon (LPD) in
Cisco ...)
 	NOT-FOR-US: Line Printer Daemon (LPD) Cisco
-CVE-2007-5380
-	RESERVED
-CVE-2007-5379
-	RESERVED
+CVE-2007-5380 (Session fixation vulnerability in Rails before 1.2.4, as used
for Ruby ...)
+	TODO: check
+CVE-2007-5379 (Rails before 1.2.4, as used for Ruby on Rails, allows remote
attackers ...)
+	TODO: check
 CVE-2007-5378 (Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk
...)
 	- tk8.3 8.3.5-10 (medium; bug #446465)
 	- tk8.4 8.4.16-1 (medium)
@@ -785,33 +925,28 @@
 	RESERVED
 CVE-2007-5341
 	RESERVED
-CVE-2007-5340
-	RESERVED
-	{DSA-1392-1 DSA-1391-1}
+CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla
Firefox ...)
+	{DSA-1392-1 DSA-1391-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1
 	TODO: check other ice*
-CVE-2007-5339
-	RESERVED
-	{DSA-1392-1 DSA-1391-1}
+CVE-2007-5339 (Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, ...)
+	{DSA-1392-1 DSA-1391-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1
 	TODO: check other ice*
-CVE-2007-5338
-	RESERVED
-	{DSA-1392-1}
+CVE-2007-5338 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows
...)
+	{DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1
 	TODO: check other ice*
-CVE-2007-5337
-	RESERVED
-	{DSA-1392-1}
+CVE-2007-5337 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when
...)
+	{DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1
 	TODO: check other ice*
 CVE-2007-5336
 	RESERVED
 CVE-2007-5335
 	RESERVED
-CVE-2007-5334
-	RESERVED
-	{DSA-1392-1}
+CVE-2007-5334 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can
hide the ...)
+	{DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1
 	TODO: check other ice*
 CVE-2007-5333
@@ -1269,8 +1404,8 @@
 	{DTSA-64-1}
 	- util-linux 2.13-8 (low)
 	- loop-aes-utils 2.13-2 (low)
-CVE-2007-5190
-	RESERVED
+CVE-2007-5190 (Multiple cross-site scripting (XSS) vulnerabilities in Alcatel
...)
+	TODO: check
 CVE-2007-5189 (Multiple SQL injection vulnerabilities in mes_add.php in
x-script ...)
 	NOT-FOR-US: X-Script
 CVE-2007-5188 (Unspecified vulnerability in the XOOPS uploader class in Xoops
...)
@@ -2058,7 +2193,8 @@
 	NOT-FOR-US: Unreal Commander
 CVE-2007-4842 (Directory traversal vulnerability in Enriva Development Magellan
...)
 	NOT-FOR-US: Magellan Explorer
-CVE-2007-4841 (Mozilla Firefox 2.0.0.6 allows remote attackers to execute
arbitrary ...)
+CVE-2007-4841 (Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and
...)
+	{DTSA-69-1}
 	- iceweasel 2.0.0.8-1
 	- iceape <unfixed>
 	- mozilla-firefox <removed>
@@ -5127,8 +5263,8 @@
 	NOTE: in Linus'' tree.
 CVE-2007-3512 (Stack-based buffer overflow in Lhaca File Archiver before 1.22
allows ...)
 	NOT-FOR-US: Lhaca
-CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox
1.5.0.12 ...)
-	{DSA-1392-1}
+CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox
...)
+	{DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1 (bug #438873; low)
 CVE-2007-3510
 	RESERVED
@@ -5567,7 +5703,7 @@
 	NOT-FOR-US: HTTP Server 1.6.2
 CVE-2007-3339 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: ColdFusion
-CVE-2007-3338 (Multiple buffer stack-based overflows in Ingres database server
2006 ...)
+CVE-2007-3338 (Multiple stack-based buffer overflows in Ingres database server
2006 ...)
 	NOT-FOR-US: Ingres
 CVE-2007-3337 (wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5,
as used ...)
 	NOT-FOR-US: Ingres
@@ -5811,7 +5947,7 @@
 	NOT-FOR-US: Singapore Gallery
 CVE-2007-3228 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Sitellite CMS
-CVE-2007-3227 (Cross-site scripting (XSS) vulnerability in the to_json function
in ...)
+CVE-2007-3227 (Cross-site scripting (XSS) vulnerability in the to_json ...)
 	- rails 1.2.4-1 (bug #429177)
 CVE-2007-3226 (Cross-site scripting (XSS) vulnerability in dotProject before
2.1 RC2 ...)
 	NOT-FOR-US: dotProject
@@ -8060,7 +8196,7 @@
 	[lenny] - asterisk <not-affected> (vulnerable code not present)
 	NOTE: http://ftp.digium.com/pub/asa/ASA-2007-010.html
 CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication
support for ...)
-	{DSA-1392-1}
+	{DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1 (low)
 	[etch] - iceweasel <no-dsa> (Minor issue)
 	- firefox <removed> (low)
@@ -11039,8 +11175,8 @@
 	NOT-FOR-US: Wiclear
 CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in
VirtueMart ...)
 	NOT-FOR-US: VirtueMart
-CVE-2007-1095 (Mozilla Firefox does not properly implement JavaScript onUnload
...)
-	{DSA-1392-1}
+CVE-2007-1095 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 does
not ...)
+	{DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1 (low; bug #445514)
 	NOTE: Pending for upcoming security releases
 CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a
...)
@@ -23084,8 +23220,8 @@
 	NOT-FOR-US: Funkboard
 CVE-2006-2895 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up
to ...)
 	- mediawiki <not-affected> (Affects only 1.6.0-1.6.6)
-CVE-2006-2894 (Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13, Mozilla SeaMonkey
...)
-	{DSA-1392-1}
+CVE-2006-2894 (Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite
1.7.13, ...)
+	{DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1
 	NOTE: There are very few scenarios, where this could be exploited
 	NOTE: We can probably ignore this
@@ -38414,7 +38550,7 @@
 	NOT-FOR-US: Cybozu Share
 CVE-2002-1959 (Nagios 1.0b1 through 1.0b3 allows remote attackers to execute
...)
 	NOTE: Nagios was packaged for Debian after these vulnerable versions have been
released
-CVE-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0 through
1.0b ...)
+CVE-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a,
and 1.0b ...)
 	NOT-FOR-US: kmMail
 CVE-2002-1957 (Buffer overflow in the netlog function in pen.c for Pen 0.9.1
and ...)
 	- pen <not-affected> (pen was introduced after this old vulnerability)
Secure testing commits - Oct 2007 - r7069 - data/CVE

[Secure-testing-commits] r7069 - data/CVE
