joeyh at alioth.debian.org
2007-Oct-25 21:14 UTC
[Secure-testing-commits] r7103 - data/CVE
Author: joeyh
Date: 2007-10-25 21:14:08 +0000 (Thu, 25 Oct 2007)
New Revision: 7103
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-10-25 19:04:21 UTC (rev 7102)
+++ data/CVE/list 2007-10-25 21:14:08 UTC (rev 7103)
@@ -1,3 +1,181 @@
+CVE-2007-5679 (SQL injection vulnerability in index.php in DeeEmm.com DM CMS
...)
+ TODO: check
+CVE-2007-5678 (SQL injection vulnerability in the Music module in phpBasic
allows ...)
+ TODO: check
+CVE-2007-5677 (Cross-site scripting (XSS) vulnerability in shoutbox/blocco.php
in ...)
+ TODO: check
+CVE-2007-5676 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-5675 (Stack-based buffer overflow in the DebugPrint function in
MultiXTpm ...)
+ TODO: check
+CVE-2007-5674 (Directory traversal vulnerability in index.php in InstaGuide
Weather ...)
+ TODO: check
+CVE-2007-5673 (Cross-site scripting (XSS) vulnerability in cgi-bin/webif.exe in
ifnet ...)
+ TODO: check
+CVE-2007-5672
+ RESERVED
+CVE-2007-5671
+ RESERVED
+CVE-2007-5670
+ RESERVED
+CVE-2007-5669
+ RESERVED
+CVE-2007-5668
+ RESERVED
+CVE-2007-5667
+ RESERVED
+CVE-2007-5666
+ RESERVED
+CVE-2007-5665
+ RESERVED
+CVE-2007-5664
+ RESERVED
+CVE-2007-5663
+ RESERVED
+CVE-2007-5662
+ RESERVED
+CVE-2007-5661
+ RESERVED
+CVE-2007-5660
+ RESERVED
+CVE-2007-5659
+ RESERVED
+CVE-2007-5658
+ RESERVED
+CVE-2007-5657
+ RESERVED
+CVE-2007-5656
+ RESERVED
+CVE-2007-5655
+ RESERVED
+CVE-2007-5654 (LiteSpeed Web Server before 3.2.4 allows remote attackers to
trigger ...)
+ TODO: check
+CVE-2007-5653 (The Component Object Model (COM) functions in PHP 5.x on Windows
do ...)
+ TODO: check
+CVE-2007-5652 (Unspecified vulnerability in IBM DB2 9.1 before Fix Pack 4 might
allow ...)
+ TODO: check
+CVE-2007-5651 (Unspecified vulnerability in the Extensible Authentication
Protocol ...)
+ TODO: check
+CVE-2007-5650 (Directory traversal vulnerability in system.php in ReloadCMS
1.2.7 ...)
+ TODO: check
+CVE-2007-5649 (Cross-site scripting (XSS) vulnerability in lostpwd.php in
Creative ...)
+ TODO: check
+CVE-2007-5648 (Multiple cross-site scripting (XSS) vulnerabilities in rnote.php
in ...)
+ TODO: check
+CVE-2007-5647 (Multiple cross-site scripting (XSS) vulnerabilities in SocketKB
1.1.5 ...)
+ TODO: check
+CVE-2007-5646 (SQL injection vulnerability in Sources/Search.php in Simple
Machines ...)
+ TODO: check
+CVE-2007-5644 (Lussumo Vanilla 1.1.3 and earlier does not require admin
privileges ...)
+ TODO: check
+CVE-2007-5643 (Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3
and ...)
+ TODO: check
+CVE-2007-5642 (Multiple directory traversal vulnerabilities in PHP Project
Management ...)
+ TODO: check
+CVE-2007-5641 (Multiple PHP remote file inclusion vulnerabilities in PHP
Project ...)
+ TODO: check
+CVE-2007-5640 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and
additional ...)
+ TODO: check
+CVE-2007-5639 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other
Nortel ...)
+ TODO: check
+CVE-2007-5638 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and
additional ...)
+ TODO: check
+CVE-2007-5637 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and
additional ...)
+ TODO: check
+CVE-2007-5636 (Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows
remote ...)
+ TODO: check
+CVE-2007-5635 (Multiple unspecified vulnerabilities in Salford Software Support
...)
+ TODO: check
+CVE-2007-5634 (Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when
used on ...)
+ TODO: check
+CVE-2007-5633 (Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when
used on ...)
+ TODO: check
+CVE-2007-5632 (Multiple unspecified vulnerabilities in the kernel in Sun
Solaris 8 ...)
+ TODO: check
+CVE-2007-5631 (Multiple PHP remote file inclusion vulnerabilities in
PeopleAggregator ...)
+ TODO: check
+CVE-2007-5630 (SQL injection vulnerability in tnews.php in BBsProcesS BBPortalS
...)
+ TODO: check
+CVE-2007-5629 (Cross-site scripting (XSS) vulnerability in admin/logon.asp in
...)
+ TODO: check
+CVE-2007-5628 (PHP remote file inclusion vulnerability in src/scripture.php in
TOWeLS ...)
+ TODO: check
+CVE-2007-5627 (PHP remote file inclusion vulnerability in
content/fnc-readmail3.php ...)
+ TODO: check
+CVE-2007-5626 (make_catalog_backup in Bacula 2.2.5, and probably earlier, sends
a ...)
+ TODO: check
+CVE-2007-5625 (Cross-site scripting (XSS) vulnerability in filename.asp in ASP
Site ...)
+ TODO: check
+CVE-2007-5624 (Cross-site scripting (XSS) vulnerability in Nagios 2.x before
2.10 ...)
+ TODO: check
+CVE-2007-5623 (Buffer overflow in the check_snmp function in Nagios Plugins
...)
+ TODO: check
+CVE-2003-1494 (Unspecified vulnerability in HP OpenView Network Node Manager
(NNM) ...)
+ TODO: check
+CVE-2003-1493 (Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and
6.4 ...)
+ TODO: check
+CVE-2003-1492 (Netscape Navigator 7.0.2 and Mozilla allows remote attackers to
access ...)
+ TODO: check
+CVE-2003-1491 (Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept
...)
+ TODO: check
+CVE-2003-1490 (SonicWall Pro running firmware 6.4.0.1 allows remote attackers
to ...)
+ TODO: check
+CVE-2003-1489 (upload.php in Truegalerie 1.0 allows remote attackers to read
...)
+ TODO: check
+CVE-2003-1488 (The (1) verif_admin.php and (2) check_admin.php scripts in
Truegalerie ...)
+ TODO: check
+CVE-2003-1487 (Multiple "command injection" vulnerabilities
in Phorum 3.4 through ...)
+ TODO: check
+CVE-2003-1486 (Phorum 3.4 through 3.4.2 allows remote attackers to obtain the
full ...)
+ TODO: check
+CVE-2003-1485 (Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers
to ...)
+ TODO: check
+CVE-2003-1484 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2003-1483 (FlashFXP 1.4 uses a weak encryption algorithm for user
passwords, ...)
+ TODO: check
+CVE-2003-1482 (The backup configuration file for Microsoft MN-500 wireless base
...)
+ TODO: check
+CVE-2003-1481 (CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the
referer ...)
+ TODO: check
+CVE-2003-1480 (MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed
passwords, ...)
+ TODO: check
+CVE-2003-1479 (Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432
and ...)
+ TODO: check
+CVE-2003-1478 (Konqueror in KDE 3.0.3 allows remote attackers to cause a denial
of ...)
+ TODO: check
+CVE-2003-1477 (MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to
cause ...)
+ TODO: check
+CVE-2003-1476 (Cerberus FTP Server 2.1 stores usernames and passwords in
plaintext, ...)
+ TODO: check
+CVE-2003-1475 (Netbus 1.5 through 1.7 allows more than one client to be
connected at ...)
+ TODO: check
+CVE-2003-1474 (slashem-tty in the FreeBSD Ports Collection is installed with
write ...)
+ TODO: check
+CVE-2003-1473 (Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection
2003-02-25 ...)
+ TODO: check
+CVE-2003-1472 (Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers
to ...)
+ TODO: check
+CVE-2003-1471 (MDaemon POP server 6.0.7 and earlier allows remote authenticated
users ...)
+ TODO: check
+CVE-2003-1470 (Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier
allows ...)
+ TODO: check
+CVE-2003-1469 (The default configuration of ColdFusion MX has the
"Enable Robust ...)
+ TODO: check
+CVE-2003-1468 (The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows
remote ...)
+ TODO: check
+CVE-2003-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1)
login.php, ...)
+ TODO: check
+CVE-2003-1466 (Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows
remote ...)
+ TODO: check
+CVE-2003-1465 (Directory traversal vulnerability in download.php in Phorum 3.4
...)
+ TODO: check
+CVE-2003-1464 (Buffer overflow in Siemens 45 series mobile phones allows remote
...)
+ TODO: check
+CVE-2003-1463 (Absolute path traversal vulnerability in Alt-N Technologies
WebAdmin ...)
+ TODO: check
+CVE-2003-1462 (mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a
survey ...)
+ TODO: check
CVE-2003-1461 (Buffer overflow in rwrite for HP-UX 11.0 could allow local users
to ...)
NOT-FOR-US: HP-UX
CVE-2003-1460 (Worker Filemanager 1.0 through 2.7 sets the permissions on the
...)
@@ -1002,11 +1180,11 @@
CVE-2007-5341
RESERVED
CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla
Firefox ...)
- {DSA-1392-1 DSA-1391-1 DTSA-69-1}
+ {DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1}
- iceweasel 2.0.0.8-1
TODO: check other ice*
CVE-2007-5339 (Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, ...)
- {DSA-1392-1 DSA-1391-1 DTSA-69-1}
+ {DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1}
- iceweasel 2.0.0.8-1
TODO: check other ice*
CVE-2007-5338 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows
...)
@@ -1018,9 +1196,9 @@
- iceweasel 2.0.0.8-1
TODO: check other ice*
CVE-2007-5336
- RESERVED
-CVE-2007-5335
- RESERVED
+ REJECTED
+CVE-2007-5335 (Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to
obtain ...)
+ TODO: check
CVE-2007-5334 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can
hide the ...)
{DSA-1392-1 DTSA-69-1}
- iceweasel 2.0.0.8-1
@@ -1444,6 +1622,7 @@
CVE-2007-5209 (Stack-based buffer overflow in DriveLock.exe in CenterTools
DriveLock ...)
NOT-FOR-US: CenterTools
CVE-2007-5208 (hpssd in Hewlett-Packard Linux Imaging and Printing Project
(hplip) ...)
+ {DTSA-72-1}
- hplip 1.6.10-4.3 (medium; bug #447341)
[sarge] - hplip <not-affected> (This code was using smtp directly)
CVE-2007-5206
@@ -4360,6 +4539,7 @@
- gnome-screensaver 2.20.0-1.1
CVE-2007-3919
RESERVED
+ {DSA-1395-1}
CVE-2007-3918 (Cross-site scripting (XSS) vulnerability in account/verify.php
in ...)
{DSA-1383-1}
- gforge 4.6.99+svn6094-1
@@ -4523,13 +4703,13 @@
CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as
used ...)
NOT-FOR-US: TortoiseSVN on Windows
CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and
2.x ...)
- {DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
+ {DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1
DTSA-71-1}
- iceweasel 2.0.0.6-1 (medium)
- xulrunner 1.8.1.6-1 (medium)
- iceape 1.1.3-2 (medium)
- icedove <unfixed> (medium)
CVE-2007-3844 (Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before
1.5.0.13, and ...)
- {DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
+ {DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1
DTSA-71-1}
- iceweasel 2.0.0.6-1 (medium)
- xulrunner 1.8.1.6-1 (medium)
- iceape 1.1.3-2 (medium)
@@ -4806,14 +4986,14 @@
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in
...)
- {DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+ {DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1
DTSA-71-1}
- iceweasel 2.0.0.5-1 (high)
- icedove <unfixed> (low)
NOTE: Affects only broken setups, enabling js in Icedove is strongly not
recommended
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- {DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+ {DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1
DTSA-71-1}
- iceweasel 2.0.0.5-1 (high)
- icedove 2.0.0.6-1 (high; bug #444010)
- iceape 1.1.3-1 (high)
@@ -8044,7 +8224,7 @@
NOTE: This allows to steal data from affected websites. Therefore web
applications should
NOTE: only be considered vunerabile if they process confidential data.
NOTE: The frameworks should be fixed in any case.
-CVE-2007-2383 (The Prototype (prototypejs) framework exchanges data using
JavaScript ...)
+CVE-2007-2383 (The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges
data ...)
TODO: check glpi hobix knowledgeroot libbio-ruby1.8 mt-daapd op-panel
poker-web python-webhelpers qwik rails wordpress
NOTE: see
http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
NOTE: This allows to steal data from affected websites. Therefore web
applications should