joeyh at alioth.debian.org
2007-Oct-30 21:14 UTC
[Secure-testing-commits] r7149 - data/CVE
Author: joeyh
Date: 2007-10-30 21:14:08 +0000 (Tue, 30 Oct 2007)
New Revision: 7149
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-10-30 20:30:45 UTC (rev 7148)
+++ data/CVE/list 2007-10-30 21:14:08 UTC (rev 7149)
@@ -1,3 +1,175 @@
+CVE-2007-5706 (Absolute path traversal vulnerability in download.php in Jeebles
...)
+ TODO: check
+CVE-2007-5705 (Unspecified vulnerability in the Settings component in the ...)
+ TODO: check
+CVE-2007-5704 (Multiple SQL injection vulnerabilities in CodeWidgets.com Online
Event ...)
+ TODO: check
+CVE-2007-5703 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
+ TODO: check
+CVE-2007-5702 (Cross-site scripting (XSS) vulnerability in
swamp/action/LoginActions ...)
+ TODO: check
+CVE-2007-5701 (Incomplete blacklist vulnerability in the Certificate Authority
(CA) ...)
+ TODO: check
+CVE-2007-5700 (The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3
uses ...)
+ TODO: check
+CVE-2007-5699 (Stack-based buffer overflow in eIQNetworks Enterprise Security
...)
+ TODO: check
+CVE-2007-5698 (Cross-site scripting (XSS) vulnerability in default.asp in
CREApark ...)
+ TODO: check
+CVE-2007-5697 (Multiple PHP remote file inclusion vulnerabilities in PHP Image
1.2 ...)
+ TODO: check
+CVE-2007-5696 (PHP remote file inclusion vulnerability in includes.php in
phpBasic ...)
+ TODO: check
+CVE-2007-5695 (command.php in SiteBar 3.3.8 allows remote attackers to redirect
users ...)
+ TODO: check
+CVE-2007-5694 (Absolute path traversal vulnerability in the translation module
...)
+ TODO: check
+CVE-2007-5693 (Eval injection vulnerability in the translation module ...)
+ TODO: check
+CVE-2007-5692 (Multiple cross-site scripting (XSS) vulnerabilities in SiteBar
3.3.8 ...)
+ TODO: check
+CVE-2007-5691 (ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP
servers ...)
+ TODO: check
+CVE-2007-5690 (Buffer overflow in sethdlc.c in the Asterisk Zaptel 1.4.5.1
might ...)
+ TODO: check
+CVE-2007-5689 (The Java Virtual Machine (JVM) in Sun Java Runtime Environment
(JRE) ...)
+ TODO: check
+CVE-2007-5688 (Multiple SQL injection vulnerabilities in directory.php in the
...)
+ TODO: check
+CVE-2007-5687 (Multiple buffer overflows in the rich text processing
functionality in ...)
+ TODO: check
+CVE-2007-5686 (initscripts in rPath Linux 1 sets insecure permissions for the
...)
+ TODO: check
+CVE-2007-5685 (The safe_path function in shttp before 0.0.5 allows remote
attackers ...)
+ TODO: check
+CVE-2007-5684 (Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1
and ...)
+ TODO: check
+CVE-2007-5683 (Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki
...)
+ TODO: check
+CVE-2007-5682 (Unspecified vulnerability in tiki-graph_formula.php in TikiWiki
before ...)
+ TODO: check
+CVE-2007-5681
+ RESERVED
+CVE-2007-5680
+ RESERVED
+CVE-2003-1527 (BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when
...)
+ TODO: check
+CVE-2002-2364 (Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and
earlier ...)
+ TODO: check
+CVE-2002-2363 (VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could
allow ...)
+ TODO: check
+CVE-2002-2362 (Cross-site scripting (XSS) vulnerability in form_header.php in
...)
+ TODO: check
+CVE-2002-2361 (The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not
verify ...)
+ TODO: check
+CVE-2002-2360 (The RPC module in Webmin 0.21 through 0.99, when installed
without ...)
+ TODO: check
+CVE-2002-2359 (Cross-site scripting (XSS) vulnerability in the FTP view feature
in ...)
+ TODO: check
+CVE-2002-2358 (Cross-site scripting (XSS) vulnerability in the FTP view feature
in ...)
+ TODO: check
+CVE-2002-2357 (MailEnable 1.5 015 through 1.5 018 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2002-2356 (HAMweather 2.x allows remote attackers to modify administrative
...)
+ TODO: check
+CVE-2002-2355 (Netgear FM114P firmware 1.3 wireless firewall, when configured
to ...)
+ TODO: check
+CVE-2002-2354 (Netgear FM114P firmware 1.3 wireless firewall allows remote
attackers ...)
+ TODO: check
+CVE-2002-2353 (tftpd32 2.50 and 2.50.2 allows remote attackers to read or write
...)
+ TODO: check
+CVE-2002-2352 (The NBActiveX.ocx ActiveX control in NeoBook 4 allows remote
attackers ...)
+ TODO: check
+CVE-2002-2351 (Eudora 5.1 allows remote attackers to bypass security warnings
and ...)
+ TODO: check
+CVE-2002-2350 (Cross-site scripting (XSS) vulnerability in z_user_show.php in
...)
+ TODO: check
+CVE-2002-2349 (phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function,
which ...)
+ TODO: check
+CVE-2002-2348 (Cross-site scripting (XSS) vulnerability in athcgi.exe in
Authoria HR ...)
+ TODO: check
+CVE-2002-2347 (Cross-site scripting (XSS) vulnerability in Oracle Java Server
Page ...)
+ TODO: check
+CVE-2002-2346 (phpBB 2.0 through 2.0.3 generates names for uploaded avatar
files with ...)
+ TODO: check
+CVE-2002-2345 (Oracle 9i Application Server 9.0.2 stores the web cache
administrator ...)
+ TODO: check
+CVE-2002-2344 (Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read
mail ...)
+ TODO: check
+CVE-2002-2343 (Cross-site scripting (XSS) vulnerability in NOCC 0.9 through
0.9.5 ...)
+ TODO: check
+CVE-2002-2342 (Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3)
...)
+ TODO: check
+CVE-2002-2341 (Cross-site scripting (XSS) vulnerability in content blocking in
...)
+ TODO: check
+CVE-2002-2340 (Cross-site scripting (XSS) vulnerability in read.php in Phorum
3.3.2a ...)
+ TODO: check
+CVE-2002-2339 (Cross-site scripting (XSS) vulnerability in configure.asp in
...)
+ TODO: check
+CVE-2002-2338 (The POP3 mail client in Mozilla 1.0 and earlier, and Netscape
...)
+ TODO: check
+CVE-2002-2337 (Kaspersky Anti-Hacker 1.0, when configured to automatically
block ...)
+ TODO: check
+CVE-2002-2336 (Norton Personal Firewall 2002 4.0, when configured to
automatically ...)
+ TODO: check
+CVE-2002-2335 (Killer Protection 1.0 stores the vars.inc include file under the
web ...)
+ TODO: check
+CVE-2002-2334 (Joe text editor 2.8 through 2.9.7 does not remove the group and
user ...)
+ TODO: check
+CVE-2002-2333 (Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2
allows ...)
+ TODO: check
+CVE-2002-2332 (Buffer overflow in Opera 6.01 allows remote attackers to cause a
...)
+ TODO: check
+CVE-2002-2331 (W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI)
enabled in ...)
+ TODO: check
+CVE-2002-2330 (Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus
1.25 ...)
+ TODO: check
+CVE-2002-2329 (ICQ client 2001b, 2002a and 2002b allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2002-2328 (Active Directory in Windows 2000, when supporting Kerberos V
...)
+ TODO: check
+CVE-2002-2327 (Unspecified vulnerability in the environmental monitoring
subsystem in ...)
+ TODO: check
+CVE-2002-2326 (The default configuration of Mail.app in Mac OS X 10.0 through
10.0.4 ...)
+ TODO: check
+CVE-2002-2325 (The c-client library in Internet Message Access Protocol (IMAP)
dated ...)
+ TODO: check
+CVE-2002-2324 (The "System Restore" directory and
subdirectories, and possibly other ...)
+ TODO: check
+CVE-2002-2323 (Sun PC NetLink 1.0 through 1.2 does not properly set the access
...)
+ TODO: check
+CVE-2002-2322 (Ultimate PHP Board (UPB) 1.0b stores the users.dat data file
under the ...)
+ TODO: check
+CVE-2002-2321 (Cross-site scripting (XSS) vulnerability in (1) showcat.php and
(2) ...)
+ TODO: check
+CVE-2002-2320 (MySimpleNews 1.0 allows remote attackers to delete arbitrary
email ...)
+ TODO: check
+CVE-2002-2319 (Static code injection vulnerability in users.php in MySimpleNews
...)
+ TODO: check
+CVE-2002-2318 (Cross-site scripting (XSS) vulnerability in Falcon web server
...)
+ TODO: check
+CVE-2002-2317 (Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in
...)
+ TODO: check
+CVE-2002-2316 (Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5,
and ...)
+ TODO: check
+CVE-2002-2315 (Cisco IOS 11.2.x and 12.0.x does not limit the size of its
redirect ...)
+ TODO: check
+CVE-2002-2314 (Mozilla 1.0 allows remote attackers to steal cookies from other
...)
+ TODO: check
+CVE-2002-2313 (Eudora email client 5.1.1, with "use Microsoft
viewer" enabled, allows ...)
+ TODO: check
+CVE-2002-2312 (Opera 6.0.1 allows remote attackers to upload arbitrary file
contents ...)
+ TODO: check
+CVE-2002-2311 (Microsoft Internet Explorer 6.0 and possibly others allows
remote ...)
+ TODO: check
+CVE-2002-2310 (ClickCartPro 4.0 stores the admin_user.db data file under the
web ...)
+ TODO: check
+CVE-2002-2309 (php.exe in PHP 3.0 through 4.2.2, when running on Apache, does
not ...)
+ TODO: check
+CVE-2002-2308 (Netscape Communicator 6.2.1 allows remote attackers to cause a
denial ...)
+ TODO: check
+CVE-2002-2307 (The default configuration of BenHur Firewall release 3 update
066 fix ...)
+ TODO: check
CVE-2007-5707 [remote denial of service caused by double free in slapd]
- openldap2.3 2.3.38-1 (medium; bug #440632)
CVE-2007-5708 [remote denial of service via unknown vectors]
@@ -168,7 +340,7 @@
NOT-FOR-US: BBsProcesS BBPortalS
CVE-2007-5629 (Cross-site scripting (XSS) vulnerability in admin/logon.asp in
...)
NOT-FOR-US: ShoppingTree CandyPress Store #
-CVE-2007-5628 (PHP remote file inclusion vulnerability in src/scripture.php in
TOWeLS ...)
+CVE-2007-5628 (PHP remote file inclusion vulnerability in src/scripture.php in
The ...)
NOT-FOR-US: TOWeLS
CVE-2007-5627 (PHP remote file inclusion vulnerability in
content/fnc-readmail3.php ...)
NOT-FOR-US: Socketmail
@@ -312,8 +484,8 @@
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1429 (Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers
to ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2007-5622
- RESERVED
+CVE-2007-5622 (Double-free vulnerability in the ftpprchild function in ftppr in
...)
+ TODO: check
CVE-2007-5621 (Multiple cross-site scripting (XSS) vulnerabilities in the Token
...)
NOT-FOR-US: Token Drupal
NOTE: Token is not included in the drupal packages
@@ -538,8 +710,8 @@
NOT-FOR-US: TIBCO SmartPGM FX
CVE-2007-5545 (Format string vulnerability in TIBCO SmartPGM FX allows remote
...)
NOT-FOR-US: TIBCO SmartPGM FX
-CVE-2007-5544
- RESERVED
+CVE-2007-5544 (IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino
before ...)
+ TODO: check
CVE-2007-5543
RESERVED
CVE-2007-5542
@@ -994,8 +1166,8 @@
NOTE: mailed mozilla
CVE-2007-5414 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox
before ...)
- iceweasel 2.0+dfsg-1
-CVE-2007-5413
- RESERVED
+CVE-2007-5413 (Unspecified vulnerability in httpd.tkd in HP OpenView
Configuration ...)
+ TODO: check
CVE-2007-5412 (Multiple PHP remote file inclusion vulnerabilities in the
Quoc-Huy MP3 ...)
NOT-FOR-US: Joomla! extension
CVE-2007-5411 (Cross-site scripting (XSS) vulnerability in the Linksys SPA941
VoIP ...)
@@ -1138,7 +1310,7 @@
NOT-FOR-US: WebReflex
CVE-2002-2228 (MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote
attackers ...)
- mailscanner 4.22.5-1
-CVE-2007-5461 (Absolute path traversal vulnerability in Apache Tomcat, under
certain ...)
+CVE-2007-5461 (Absolute path traversal vulnerability in Apache Tomcat 4.0.0
through ...)
- tomcat5.5 <not-affected> (Tomcat 6.x specific vulnerability referring
to upstream)
- tomcat5 <not-affected> (Tomcat 6.x specific vulnerability referring to
upstream)
CVE-2007-5391 (Unspecified vulnerability in HP Select Identity 4.01 through
4.01.010 ...)
@@ -2169,8 +2341,7 @@
RESERVED
CVE-2007-5000
RESERVED
-CVE-2007-4999
- RESERVED
+CVE-2007-4999 (libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML
logging, ...)
- pidgin 2.2.2-1 (medium)
CVE-2007-4998
RESERVED
@@ -3149,7 +3320,7 @@
RESERVED
CVE-2007-4575
RESERVED
-CVE-2007-4574 (Unspecified vulnerability in the stack unwinder fixes in Red Hat
...)
+CVE-2007-4574 (Unspecified vulnerability in the "stack unwinder
fixes" in kernel in ...)
- linux-2.6 <not-affected> (Redhat specific vulnerability)
NOTE: I contacted the redhat security team about this, this was caused by an
incomplete
NOTE: backport for stack unwinder fixes in the linux kernel made by them.
@@ -3946,8 +4117,8 @@
[etch] - kdebase <no-dsa> (Minor issue)
CVE-2007-4223
RESERVED
-CVE-2007-4222
- RESERVED
+CVE-2007-4222 (Buffer overflow in the TagAttributeListCopy function in
nnotes.dll in ...)
+ TODO: check
CVE-2007-4221 (Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5
for ...)
NOT-FOR-US: Motorola Timbuktu
CVE-2007-4220 (Directory traversal vulnerability in Motorola Timbuktu Pro
before ...)
@@ -4613,12 +4784,11 @@
- sun-java6 6-02-1
CVE-2007-3921
RESERVED
-CVE-2007-3920
- RESERVED
+CVE-2007-3920 (GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz,
does not ...)
- gnome-screensaver 2.20.0-1.1
-CVE-2007-3919
- RESERVED
+CVE-2007-3919 ((1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow
local ...)
{DSA-1395-1}
+ TODO: check
CVE-2007-3918 (Cross-site scripting (XSS) vulnerability in account/verify.php
in ...)
{DSA-1383-1}
- gforge 4.6.99+svn6094-1
@@ -5599,8 +5769,8 @@
CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox
...)
{DSA-1396-1 DSA-1392-1 DTSA-69-1}
- iceweasel 2.0.0.8-1 (bug #438873; low)
-CVE-2007-3510
- RESERVED
+CVE-2007-3510 (Buffer overflow in the IMAP service in IBM Lotus Domino before
6.5.6 ...)
+ TODO: check
CVE-2007-3509 (Heap-based buffer overflow in the RPC subsystem in Symantec
Backup ...)
NOT-FOR-US: Symantec
CVE-2007-3508 (** DISPUTED ** ...)
@@ -43911,9 +44081,9 @@
NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-1761 (Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows
attackers to ...)
- ethereal 0.10.3
-CVE-2004-1760 (The default installation of Cisco IBM Director agent does not
require ...)
+CVE-2004-1760 (The default installation of Cisco voice products, when running
the IBM ...)
NOT-FOR-US: Cisco
-CVE-2004-1759 (The Cisco IBM Director agent allows remote attackers to cause a
denial ...)
+CVE-2004-1759 (Cisco voice products, when running the IBM Director Agent on IBM
...)
NOT-FOR-US: Cisco
CVE-2004-1758 (BEA WebLogic Server and WebLogic Express version 8.1 up to SP2,
7.0 up ...)
NOT-FOR-US: BEA WebLogic Server