joeyh at alioth.debian.org
2007-Nov-01 21:14 UTC
[Secure-testing-commits] r7184 - data/CVE
Author: joeyh
Date: 2007-11-01 21:14:11 +0000 (Thu, 01 Nov 2007)
New Revision: 7184
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-11-01 20:20:20 UTC (rev 7183)
+++ data/CVE/list 2007-11-01 21:14:11 UTC (rev 7184)
@@ -1,6 +1,234 @@
-CVE-2007-5740 [format string vulnerability in perdition]
+CVE-2007-5793 (Stonesoft StoneGate IPS before 4.0 does not properly decode ...)
+ TODO: check
+CVE-2007-5792 (The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt
RTP ...)
+ TODO: check
+CVE-2007-5791 (The Vonage Motorola Phone Adapter VT 2142-VD does not properly
verify ...)
+ TODO: check
+CVE-2007-5790 (The Globe7 soft phone client 7.3 uses weak cryptography
(reversed ...)
+ TODO: check
+CVE-2007-5789 (The Grandstream HT-488 0.1 allows remote attackers to cause a
denial ...)
+ TODO: check
+CVE-2007-5788 (Buffer overflow in the SIP parser on the Grandstream HT-488 0.1
allows ...)
+ TODO: check
+CVE-2007-5787 (Micro Login System 1.0 stores sensitive information under the
web root ...)
+ TODO: check
+CVE-2007-5786 (Multiple PHP remote file inclusion vulnerabilities in GoSamba
1.0.1 ...)
+ TODO: check
+CVE-2007-5785 (SQL injection vulnerability in file.php in JobSite Professional
2.0 ...)
+ TODO: check
+CVE-2007-5784 (PHP remote file inclusion vulnerability in index.php in
CaupoShop Pro ...)
+ TODO: check
+CVE-2007-5783 (SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0
allows ...)
+ TODO: check
+CVE-2007-5782 (Directory traversal vulnerability in dl.php in FireConfig 0.5
allows ...)
+ TODO: check
+CVE-2007-5781 (PHP remote file inclusion vulnerability in inc/sige_init.php in
Sige ...)
+ TODO: check
+CVE-2007-5780 (PHP remote file inclusion vulnerability in
pub/pub08_comments.php in ...)
+ TODO: check
+CVE-2007-5779 (Buffer overflow in the GomManager (GomWeb Control) ActiveX
control in ...)
+ TODO: check
+CVE-2007-5778 (Mobile Spy (1) stores login credentials in cleartext under the
...)
+ TODO: check
+CVE-2007-5777 (Blue-Collar Productions i-Gallery 3.4 stores sensitive
information ...)
+ TODO: check
+CVE-2007-5776 (Directory traversal vulnerability in igallery.asp in Blue-Collar
...)
+ TODO: check
+CVE-2007-5775 (Unspecified vulnerability in BitDefender allows attackers to
execute ...)
+ TODO: check
+CVE-2007-5774 (index.php in the File Manager module in Flatnuke 3 allows remote
...)
+ TODO: check
+CVE-2007-5773 (Cross-site request forgery (CSRF) vulnerability in index.php in
the ...)
+ TODO: check
+CVE-2007-5772 (Direct static code injection vulnerability in the download
module in ...)
+ TODO: check
+CVE-2007-5771 (Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain ...)
+ TODO: check
+CVE-2007-5770
+ RESERVED
+CVE-2007-5769
+ RESERVED
+CVE-2007-5768 (The Globe7 soft phone client 7.3 sends username and password
...)
+ TODO: check
+CVE-2007-5767
+ RESERVED
+CVE-2007-5766
+ RESERVED
+CVE-2007-5765
+ RESERVED
+CVE-2007-5764
+ RESERVED
+CVE-2007-5763
+ RESERVED
+CVE-2007-5762
+ RESERVED
+CVE-2007-5761
+ RESERVED
+CVE-2007-5760
+ RESERVED
+CVE-2007-5759
+ RESERVED
+CVE-2007-5758
+ RESERVED
+CVE-2007-5757
+ RESERVED
+CVE-2007-5756
+ RESERVED
+CVE-2007-5755
+ RESERVED
+CVE-2007-5754 (PHP remote file inclusion vulnerability in
urlinn_includes/config.php ...)
+ TODO: check
+CVE-2007-5753 (Unspecified vulnerability in Light FMan PHP (lfman or lightfman)
...)
+ TODO: check
+CVE-2007-5752 (adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a
does ...)
+ TODO: check
+CVE-2007-5750
+ RESERVED
+CVE-2007-5749
+ RESERVED
+CVE-2007-5748
+ RESERVED
+CVE-2007-5747
+ RESERVED
+CVE-2007-5746
+ RESERVED
+CVE-2007-5745
+ RESERVED
+CVE-2007-5744
+ RESERVED
+CVE-2007-5743
+ RESERVED
+CVE-2007-5742
+ RESERVED
+CVE-2007-5741
+ RESERVED
+CVE-2004-2745 (Directory traversal vulnerability in Anteco Visual Technologies
...)
+ TODO: check
+CVE-2002-2425 (Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to
execute ...)
+ TODO: check
+CVE-2002-2424 (Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7
pl1 ...)
+ TODO: check
+CVE-2002-2423 (Sendmail 8.12.0 through 8.12.6 truncates log messages longer
than 100 ...)
+ TODO: check
+CVE-2002-2422 (Cross-site scripting (XSS) vulnerability in Compaq Insight
Management ...)
+ TODO: check
+CVE-2002-2421 (acWEB 1.14 allows remote attackers to cause a denial of service
...)
+ TODO: check
+CVE-2002-2420 (site_searcher.cgi in Super Site Searcher allows remote attackers
to ...)
+ TODO: check
+CVE-2002-2419 (Direct connect text client (DCTC) client 0.83.3 allows remote
...)
+ TODO: check
+CVE-2002-2418 (Cross-site scripting (XSS) vulnerability in acFreeProxy (aka
acFP) ...)
+ TODO: check
+CVE-2002-2417 (acFTP 1.4 does not properly handle when an invalid password is
...)
+ TODO: check
+CVE-2002-2416 (Directory traversal vulnerability in Zeroo web server 1.5 allows
...)
+ TODO: check
+CVE-2002-2415 (Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote
...)
+ TODO: check
+CVE-2002-2414 (Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not
...)
+ TODO: check
+CVE-2002-2413 (WebSite Pro 3.1.11.0 on Windows allows remote attackers to read
script ...)
+ TODO: check
+CVE-2002-2412 (Winamp 2.80 stores authentication credentials in plaintext in
the (1) ...)
+ TODO: check
+CVE-2002-2411 (Buffer overflow in badmin.c in BannerWheel 1.0 allows remote
attackers ...)
+ TODO: check
+CVE-2002-2410 (openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive
...)
+ TODO: check
+CVE-2002-2409 (Photon microGUI in QNX Neutrino realtime operating system (RTOS)
6.1.0 ...)
+ TODO: check
+CVE-2002-2408 (Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only
filters ...)
+ TODO: check
+CVE-2002-2407 (Certain patches for QNX Neutrino realtime operating system
(RTOS) ...)
+ TODO: check
+CVE-2002-2406 (Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2
...)
+ TODO: check
+CVE-2002-2405 (Check Point FireWall-1 4.1 and Next Generation (NG), with
UserAuth ...)
+ TODO: check
+CVE-2002-2404 (Buffer overflow in IISPop email server 1.161 and 1.181 allows
remote ...)
+ TODO: check
+CVE-2002-2403 (Directory traversal vulnerability in KeyFocus web server 1.0.8
allows ...)
+ TODO: check
+CVE-2002-2402 (SURECOM broadband router EP-4501 uses a default SNMP read
community ...)
+ TODO: check
+CVE-2002-2401 (NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP
does not ...)
+ TODO: check
+CVE-2002-2400 (Buffer overflow in the httpdProcessRequest function in LibHTTPD
1.2 ...)
+ TODO: check
+CVE-2002-2399 (Directory traversal vulnerability in viewAttachment.cgi in
W3Mail ...)
+ TODO: check
+CVE-2002-2398 (The new thread posting page in APBoard 2.02 and 2.03 allows
remote ...)
+ TODO: check
+CVE-2002-2397 (Sygate personal firewall 5.0 could allow remote attackers to
bypass ...)
+ TODO: check
+CVE-2002-2396 (Buffer overflow in Advanced TFTP (atftp) 0.5 and 0.6, if
installed ...)
+ TODO: check
+CVE-2002-2395 (InterScan VirusWall 3.52 for Windows allows remote attackers to
bypass ...)
+ TODO: check
+CVE-2002-2394 (InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows
remote ...)
+ TODO: check
+CVE-2002-2393 (Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new
connections ...)
+ TODO: check
+CVE-2002-2392 (Winamp 2.65 through 3.0 stores skin files in a predictable file
...)
+ TODO: check
+CVE-2002-2391 (SQL injection vulnerability in index.php of WebChat 1.5 included
in ...)
+ TODO: check
+CVE-2002-2390 (Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351,
...)
+ TODO: check
+CVE-2002-2389 (TheServer 1.74 web server stores server.ini under the web
document ...)
+ TODO: check
+CVE-2002-2388 (Buffer overflow in INweb POP3 mail server 2.01 allows remote
attackers ...)
+ TODO: check
+CVE-2002-2387 (Directory traversal vulnerability in Hyperion FTP server 2.8.1
allows ...)
+ TODO: check
+CVE-2002-2386 (Cross-site scripting (XSS) vulnerability in the Quizz module for
XOOPS ...)
+ TODO: check
+CVE-2002-2385 (Buffer overflow in hotfoon4.exe in Hotfoon 4.0 allows remote
attackers ...)
+ TODO: check
+CVE-2002-2384 (hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in
...)
+ TODO: check
+CVE-2002-2383 (SQL injection vulnerability in f2html.pl 0.1 through 0.4 allows
remote ...)
+ TODO: check
+CVE-2002-2382 (cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary
files ...)
+ TODO: check
+CVE-2002-2381 (Multiple buffer overflows in (1) tetrinet_inmessage, (2)
speclist_add ...)
+ TODO: check
+CVE-2002-2380 (NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11
allows ...)
+ TODO: check
+CVE-2002-2379 (** DISPUTED ** ...)
+ TODO: check
+CVE-2002-2378 (Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows
...)
+ TODO: check
+CVE-2002-2377 (Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP
1.0.3 ...)
+ TODO: check
+CVE-2002-2376 (Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in
E-Guest ...)
+ TODO: check
+CVE-2002-2375 (Directory traversal vulnerability in CommuniGate Pro 4.0b4 and
...)
+ TODO: check
+CVE-2002-2374 (Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has
unknown ...)
+ TODO: check
+CVE-2002-2373 (The default configuration of the TCP/IP printer configuration
utility ...)
+ TODO: check
+CVE-2002-2372 (The telnet server in Infoprint 21 running controller software
before ...)
+ TODO: check
+CVE-2002-2371 (Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to
cause ...)
+ TODO: check
+CVE-2002-2370 (SWS web server 0.0.4, 0.0.3 and 0.1.0 allows remote attackers to
cause ...)
+ TODO: check
+CVE-2002-2369 (Perception LiteServe 2.0 allows remote attackers to read
password ...)
+ TODO: check
+CVE-2002-2368 (Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier
allow ...)
+ TODO: check
+CVE-2002-2367 (Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier
allows ...)
+ TODO: check
+CVE-2002-2366 (Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and
0.73 ...)
+ TODO: check
+CVE-2002-2365 (Simple WAIS (SWAIS) 1.11 allows remote attackers to execute
arbitrary ...)
+ TODO: check
+CVE-2007-5740 (The format string protection mechanism in IMAPD for Perdition
Mail ...)
- perdition 1.17.1-1 (medium; bug #448853)
-CVE-2007-5751 [insecure file permissions of feedlist.ompl backup file]
+CVE-2007-5751 (Liferea before 1.4.6 uses weak permissions (0644) for the ...)
- liferea 1.4.6-1 (low; bug #448850)
[etch] - liferea <not-affected> (backup feedlist introduced in 1.2.7)
[sarge] - liferea <not-affected> (backup feedlist introduced in 1.2.7)
@@ -1998,7 +2226,7 @@
NOTE: Requires the webserver, which has to be checked, to be compromised
CVE-2007-5197
RESERVED
- {DTSA-75-1}
+ {DTSA-76-1}
- mono 1.2.5.1-2
CVE-2007-5196 (Unspecified vulnerability in the SSL implementation in Groupwise
...)
NOT-FOR-US: novell-groupwise-client
@@ -2254,10 +2482,10 @@
NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
CVE-2002-2227 (Buffer underflow in ssldump 0.9b2 and earlier allows remote
attackers ...)
- ssldump 0.9b3-1 (low)
-CVE-2007-5081
- RESERVED
-CVE-2007-5080
- RESERVED
+CVE-2007-5081 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10 and
10.1; ...)
+ TODO: check
+CVE-2007-5080 (Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne
...)
+ TODO: check
CVE-2007-5079 (Red Hat Enterprise Linux 4 does not properly compile and link
gdm with ...)
- gdm <not-affected> (Red Hat-specific packaging flaw)
CVE-2007-5078 (Multiple cross-site scripting (XSS) vulnerabilities in eGov
Manager ...)
@@ -3373,8 +3601,8 @@
NOT-FOR-US: Micro-CMS
CVE-2007-4600 (The "Protect Worksheet" functionality in
Mathsoft Mathcad 12 through ...)
NOT-FOR-US: Mathsoft Mathcad
-CVE-2007-4599
- RESERVED
+CVE-2007-4599 (Stack-based buffer overflow in RealNetworks RealPlayer 10, and
RealOne ...)
+ TODO: check
CVE-2007-4598 (IBM SurePOS 500 has (1) a default password of
"12345" for the manager ...)
NOT-FOR-US: IBM
CVE-2007-4597 (SQL injection vulnerability in index.php in TurnkeyWebTools
SunShop ...)
@@ -3949,8 +4177,7 @@
NOT-FOR-US: AIX
CVE-2007-4352
RESERVED
-CVE-2007-4351
- RESERVED
+CVE-2007-4351 (Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS
1.3.3 ...)
- cupsys <unfixed> (medium; bug #448866)
CVE-2007-4350
RESERVED
@@ -3962,8 +4189,8 @@
RESERVED
CVE-2007-4346
RESERVED
-CVE-2007-4345
- RESERVED
+CVE-2007-4345 (Buffer overflow in IMail Client 9.22, as shipped with IPSwitch
IMail ...)
+ TODO: check
CVE-2007-4344
RESERVED
CVE-2007-4343 (Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows
...)
@@ -7248,8 +7475,8 @@
- sylpheed 2.4.5-1 (low)
NOTE: the cvs referenced in redhat bugzilla is not available anymore however
NOTE: http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes
the bug
-CVE-2007-2957
- RESERVED
+CVE-2007-2957 (Integer overflow in McAfee E-Business Server before 8.5.3 for
Solaris, ...)
+ TODO: check
CVE-2007-2956 (Stack-based buffer overflow in the readRadianceHeader function
in (1) ...)
NOT-FOR-US: Qtpfsgui and pfstools
CVE-2007-2955 (Multiple unspecified "input validation error"
vulnerabilities in ...)
@@ -8890,10 +9117,10 @@
NOT-FOR-US: Progress Webspeed Messenger
CVE-2007-2265 (Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha
allows ...)
NOT-FOR-US: YA Book
-CVE-2007-2264
- RESERVED
-CVE-2007-2263
- RESERVED
+CVE-2007-2264 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, and
10.1; ...)
+ TODO: check
+CVE-2007-2263 (Heap-based buffer overflow in RealNetworks RealPlayer 10.0 and
10.1, ...)
+ TODO: check
CVE-2006-7197 (The AJP connector in Apache Tomcat 5.5.15 uses an incorrect
length for ...)
- tomcat5.5 5.5.17-1 (low)
CVE-2005-4838 (Multiple cross-site scripting (XSS) vulnerabilities in the
example web ...)
@@ -39593,7 +39820,7 @@
NOT-FOR-US: Cool Cafe Chat
CVE-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for
...)
NOT-FOR-US: iGallery
-CVE-2005-2033 (Directory traversal vulnerability in folderview.asp for
BlueCollar ...)
+CVE-2005-2033 (Directory traversal vulnerability in folderview.asp for
Blue-Collar ...)
NOT-FOR-US: iGallery
CVE-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9
allows ...)
NOT-FOR-US: Solaris