joeyh at alioth.debian.org
2007-Nov-27 21:14 UTC
[Secure-testing-commits] r7409 - data/CVE
Author: joeyh
Date: 2007-11-27 21:14:10 +0000 (Tue, 27 Nov 2007)
New Revision: 7409
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-11-27 21:11:53 UTC (rev 7408)
+++ data/CVE/list 2007-11-27 21:14:10 UTC (rev 7409)
@@ -1,3 +1,167 @@
+CVE-2007-6132
+ RESERVED
+CVE-2007-6131 (buttonpressed.sh in scanbuttond 0.2.3 allows local users to
overwrite ...)
+ TODO: check
+CVE-2007-6130 (gnump3d 2.9final does not apply password protection to its
plugins, ...)
+ TODO: check
+CVE-2007-6129 (Directory traversal vulnerability in
scripts/include/show_content.php ...)
+ TODO: check
+CVE-2007-6128 (SQL injection vulnerability in events.php in WorkingOnWeb
2.0.1400 ...)
+ TODO: check
+CVE-2007-6127 (Multiple SQL injection vulnerabilities in project alumni 1.0.9
and ...)
+ TODO: check
+CVE-2007-6126 (Multiple cross-site scripting (XSS) vulnerabilities in project
alumni ...)
+ TODO: check
+CVE-2007-6125 (SQL injection vulnerability in search_form.php in Softbiz
Freelancers ...)
+ TODO: check
+CVE-2007-6124 (Cross-site scripting (XSS) vulnerability in signin.php in
Softbiz ...)
+ TODO: check
+CVE-2007-6123 (Unspecified vulnerability in IRC Services 5.1.8 has unknown
impact and ...)
+ TODO: check
+CVE-2007-6122 (The default_encrypt function in encrypt.c in IRC Services before
...)
+ TODO: check
+CVE-2007-6110 (Cross-site scripting (XSS) vulnerability in htsearch in htdig
3.2.0b6 ...)
+ TODO: check
+CVE-2007-6109
+ RESERVED
+CVE-2007-6108
+ RESERVED
+CVE-2007-6107
+ RESERVED
+CVE-2007-6106 (SQL injection vulnerability in index.php in AlstraSoft E-Friends
4.98 ...)
+ TODO: check
+CVE-2007-6105 (Multiple PHP remote file inclusion vulnerabilities in TalkBack
2.2.7 ...)
+ TODO: check
+CVE-2007-6104 (Cross-site scripting (XSS) vulnerability in the Instant Web
Publishing ...)
+ TODO: check
+CVE-2007-6103 (I Hear U (IHU) 0.5.6 and earlier allows remote attackers to
cause (1) ...)
+ TODO: check
+CVE-2007-6102 (Cross-site scripting (XSS) vulnerability in Feed to JavaScript
...)
+ TODO: check
+CVE-2007-6101 (Ability Mail Server before 2.61 allows remote authenticated
users to ...)
+ TODO: check
+CVE-2007-6100 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2007-6099 (Unspecified vulnerability in Ingate Firewall before 4.6.0 and
...)
+ TODO: check
+CVE-2007-6098 (Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not
log ...)
+ TODO: check
+CVE-2007-6097 (Unspecified vulnerability in the ICMP implementation in Ingate
...)
+ TODO: check
+CVE-2007-6096 (Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use
cleartext ...)
+ TODO: check
+CVE-2007-6095 (The SIP component in Ingate Firewall before 4.6.0 and SIParator
before ...)
+ TODO: check
+CVE-2007-6094 (The IPsec module in the VPN component in Ingate Firewall before
4.6.0 ...)
+ TODO: check
+CVE-2007-6093 (The SRTP implementation in Ingate Firewall before 4.6.0 and
SIParator ...)
+ TODO: check
+CVE-2007-6092 (Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and
...)
+ TODO: check
+CVE-2007-6091 (Multiple SQL injection vulnerabilities in files/login.asp in
JiRo''s ...)
+ TODO: check
+CVE-2007-6090 (Cross-site scripting (XSS) vulnerability in index.php in
Nuked-Klan ...)
+ TODO: check
+CVE-2007-6089 (PHP remote file inclusion vulnerability in index.php in meBiblio
0.4.5 ...)
+ TODO: check
+CVE-2007-6088 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-6087 (Cross-site request forgery (CSRF) vulnerability in index.php in
...)
+ TODO: check
+CVE-2007-6086 (Directory traversal vulnerability in index.php in VigileCMS 1.4
allows ...)
+ TODO: check
+CVE-2007-6085 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+ TODO: check
+CVE-2007-6084 (SQL injection vulnerability in software-description.php in
HotScripts ...)
+ TODO: check
+CVE-2007-6083 (SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6
allows ...)
+ TODO: check
+CVE-2007-6082 (Direct static code injection vulnerability in acp/savenews.php
in ...)
+ TODO: check
+CVE-2007-6081 (AdventNet EventLog Analyzer build 4030 for Windows, and possibly
other ...)
+ TODO: check
+CVE-2007-6080 (SQL injection vulnerability in modules/banners/click.php in the
...)
+ TODO: check
+CVE-2007-6079 (Directory traversal vulnerability in include/common.php in bcoos
...)
+ TODO: check
+CVE-2007-6078 (Multiple SQL injection vulnerabilities in SkyPortal RC6 allow
remote ...)
+ TODO: check
+CVE-2007-6076
+ RESERVED
+CVE-2007-6075
+ RESERVED
+CVE-2007-6074
+ RESERVED
+CVE-2007-6073
+ RESERVED
+CVE-2007-6072
+ RESERVED
+CVE-2007-6071
+ RESERVED
+CVE-2007-6070
+ RESERVED
+CVE-2007-6069
+ RESERVED
+CVE-2007-6068
+ RESERVED
+CVE-2007-6067
+ RESERVED
+CVE-2007-6066
+ RESERVED
+CVE-2007-6065
+ RESERVED
+CVE-2007-6064
+ RESERVED
+CVE-2007-6063 (Buffer overflow in the isdn_net_setcfg function in isdn_net.c in
Linux ...)
+ TODO: check
+CVE-2007-6062 (irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to
cause ...)
+ TODO: check
+CVE-2007-6061 (Audacity 1.3.2 creates a temporary directory with a predictable
name ...)
+ TODO: check
+CVE-2007-6060 (AhnLab Antivirus 3 Internet Security 2008 Platinum appends data
to a ...)
+ TODO: check
+CVE-2007-6059 (Javamail does not properly handle a series of invalid login
attempts ...)
+ TODO: check
+CVE-2007-6058 (Multiple SQL injection vulnerabilities in index.php in
ProfileCMS 1.0 ...)
+ TODO: check
+CVE-2007-6057 (PHP remote file inclusion vulnerability in index.php in datecomm
...)
+ TODO: check
+CVE-2007-6056 (frame.html in Aida-Web (Aida Web) allows remote attackers to
bypass a ...)
+ TODO: check
+CVE-2007-6055 (Cross-site scripting (XSS) vulnerability in c/portal/login in
Liferay ...)
+ TODO: check
+CVE-2007-6054 (Cross-site scripting (XSS) vulnerability in the login page in
the ...)
+ TODO: check
+CVE-2007-6053 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of
large ...)
+ TODO: check
+CVE-2007-6052 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector
...)
+ TODO: check
+CVE-2007-6051 (IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to
the ...)
+ TODO: check
+CVE-2007-6050 (Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before
Fixpak ...)
+ TODO: check
+CVE-2007-6049 (Unspecified vulnerability in the SSL LOAD GSKIT action in IBM
DB2 UDB ...)
+ TODO: check
+CVE-2007-6048 (IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on
ACLs for ...)
+ TODO: check
+CVE-2007-6047 (Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1
...)
+ TODO: check
+CVE-2007-6046 (Unspecified vulnerability in unspecified setuid programs in IBM
DB2 ...)
+ TODO: check
+CVE-2007-6045 (Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in
IBM DB2 ...)
+ TODO: check
+CVE-2007-6044 (Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0
have ...)
+ TODO: check
+CVE-2007-6043 (The CryptGenRandom function in Microsoft Windows 2000 generates
...)
+ TODO: check
+CVE-2007-6042 (PHP remote file inclusion vulnerability in fehler.inc.php in
SWSoft ...)
+ TODO: check
+CVE-2007-6041 (Buffer overflow in the Sequencer::queueMessage function in ...)
+ TODO: check
+CVE-2007-6040 (The Belkin F5D7230-4 Wireless G Router allows remote attackers
to ...)
+ TODO: check
+CVE-2007-6039 (PHP 5.2.5 and earlier allows context-dependent attackers to
cause a ...)
+ TODO: check
CVE-2007-XXXX [phpmyadmin PMASA-2007-8: XSS in convcharset param]
- phpmyadmin 4:2.11.2.2-1
[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -2,39 +166,44 @@
[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2007-6077 [unauthorized disclosure of information]
+CVE-2007-6077 (The session fixation protection mechanism in cgi_process.rb in
Rails ...)
- rails <unfixed> (low; bug #452748)
-CVE-2007-6111 [multiple security issues leading to denial of service]
+CVE-2007-6111 (Multiple unspecified vulnerabilities in Wireshark (formerly
Ethereal) ...)
- wireshark 0.99.7~pre1-1 (low)
[etch] - wireshark <not-affected> (Vulnerable code not present)
[sarge] - ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-6112 [buffer overflow in ppp dissector]
+CVE-2007-6112 (Buffer overflow in the PPP dissector Wireshark (formerly
Ethereal) ...)
- wireshark 0.99.7~pre1-1 (medium)
[etch] - wireshark <not-affected> (Vulnerable code not present)
[sarge] - ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-6113 [remote denial of service via malformed dnp paket]
+CVE-2007-6113 (Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote
...)
- wireshark 0.99.7~pre1-1 (low)
NOTE: This is likely a dupe of CVE-2007-4721, pinged MITRE
-CVE-2007-6114 [multiple buffer overflows in SSL dissector]
+CVE-2007-6114 (Multiple buffer overflows in Wireshark (formerly Ethereal)
0.99.0 ...)
+ {DSA-1414-1}
- wireshark 0.99.7~pre1-1 (medium)
[sarge] - ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-6115 [buffer overflow in ANSI MAP dissector]
+CVE-2007-6115 (Buffer overflow in the ANSI MAP dissector for Wireshark
(formerly ...)
- wireshark 0.99.7~pre1-1 (medium)
[etch] - wireshark <not-affected> (Vulnerable code not present)
[sarge] - ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-6116 [infinite loop in firebird/interbase dissector]
+CVE-2007-6116 (The Firebird/Interbase dissector in Wireshark (formerly
Ethereal) ...)
- wireshark 0.99.7~pre1-1 (low)
[etch] - wireshark <not-affected> (Vulnerable code not present)
[sarge] - ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-6117 [unspecified vulnerability in HTTP dissector]
+CVE-2007-6117 (Unspecified vulnerability in the HTTP dissector for Wireshark
...)
+ {DSA-1414-1}
- wireshark 0.99.7~pre1-1
[sarge] - ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-6118 [loop in MEGACO dissector]
+CVE-2007-6118 (The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to
0.99.6 ...)
+ {DSA-1414-1}
- wireshark 0.99.7~pre1-1 (low)
-CVE-2007-6119 [loop in DCP ETSI dissector]
+CVE-2007-6119 (The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6
allows ...)
- wireshark 0.99.7~pre1-1 (low)
[etch] - wireshark <not-affected> (Vulnerable code not present)
[sarge] - ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-6120 [infinite loop in bluetooth SDP dissector]
+CVE-2007-6120 (The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2
to ...)
+ {DSA-1414-1}
- wireshark 0.99.7~pre1-1 (low)
[sarge] - ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-6121 [remote denial of service via malformed RPC portmap paket]
+CVE-2007-6121 (Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote
attackers ...)
+ {DSA-1414-1}
- wireshark 0.99.7~pre1-1 (low)
@@ -46,7 +215,8 @@
NOT-FOR-US: Citrix NetScaler
CVE-2007-6036 (The parseRTSPRequestString function in LIVE555 Media Server
2007.11.01 ...)
NOT-FOR-US: LIVE555 Media Server
-CVE-2007-6034 (ngIRCd before 0.10.3 allows remote attackers to cause a denial
of ...)
+CVE-2007-6034
+ REJECTED
- ngircd 0.10.3-1
[etch] - ngircd <no-dsa> (Minor issue)
CVE-2007-6033 (Invensys Wonderware InTouch 8.0 creates a NetDDE share with
insecure ...)
@@ -90,7 +260,7 @@
RESERVED
CVE-2007-6014
RESERVED
-CVE-2007-6013 (Wordpress 1.5 to 2.3.1 uses cookie values based on the MD5 hash
of a ...)
+CVE-2007-6013 (Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5
hash ...)
- wordpress <unfixed> (unimportant; bug #452251)
NOTE: if untrusted people are allowed to read the database they could still
NOTE: crack the hash with more work, so maybe this is unimportant?
@@ -102,7 +272,7 @@
NOT-FOR-US: Xoops
CVE-2002-2426 (Cross-site request forgery (CSRF) vulnerability in Citrix
Presentation ...)
NOT-FOR-US: predating security tracker
-CVE-2007-6035 (SQL injection vulnerability in Cacti before 0.8.7a allows remote
...)
+CVE-2007-6035 (SQL injection vulnerability in graph.php in Cacti before 0.8.7a
allows ...)
- cacti 0.8.7a-1 (medium; bug #452085)
CVE-2007-6011 (Unspecified vulnerability in main.php of BugHotel Reservation
System ...)
NOT-FOR-US: BugHotel
@@ -220,11 +390,9 @@
RESERVED
CVE-2007-5961
RESERVED
-CVE-2007-5960 [CSRF protection bypass]
- RESERVED
+CVE-2007-5960 (Mozilla Firefox before 2.0.0.10 and SeaMonkey 1.1.7 sets the
Referer ...)
- iceweasel 2.0.0.10-1
-CVE-2007-5959 [multiple security issues]
- RESERVED
+CVE-2007-5959 (Multiple unspecified vulnerabilities in Mozilla Firefox before
...)
- iceweasel 2.0.0.10-1
CVE-2007-5958
RESERVED
@@ -263,7 +431,7 @@
NOT-FOR-US: IBM Tivoli Service Desk
CVE-2007-5948 (Multiple cross-site scripting (XSS) vulnerabilities in main.php
in ...)
NOT-FOR-US: SF-Shoutbox
-CVE-2007-5947 (The jar protocol handler in Mozilla Firefox retrieves the inner
URL ...)
+CVE-2007-5947 (The jar protocol handler in Mozilla Firefox before 2.0.0.10 and
...)
- iceweasel 2.0.0.10-1 (low; bug #451624)
CVE-2007-5946 (Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX
...)
NOT-FOR-US: HP-UX
@@ -362,7 +530,8 @@
NOT-FOR-US: IBM Lotus Notes, Symantec Mail Security, and others
CVE-2007-5909 (Multiple stack-based buffer overflows in Autonomy (formerly
Verity) ...)
NOT-FOR-US: IBM Lotus Notes, Symantec Mail Security, and others
-CVE-2007-5908 (Buffer overflow in the (1) sysfs_show_available_clocksources and
(2) ...)
+CVE-2007-5908
+ REJECTED
NOTE: there is a list of possible clocksource names which consits of short
enough names
NOTE: this is a bug in the kernel but not a security issue, there is no way
for a user to
NOTE: exploit this, they can only chose an item from the list
@@ -383,12 +552,12 @@
RESERVED
CVE-2007-5901
RESERVED
-CVE-2007-5900
- RESERVED
-CVE-2007-5899
- RESERVED
-CVE-2007-5898
- RESERVED
+CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection
mechanisms ...)
+ TODO: check
+CVE-2007-5899 (The output_add_rewrite_var function in PHP before 5.2.5 rewrites
local ...)
+ TODO: check
+CVE-2007-5898 (The (1) htmlentities and (2) htmlspecialchars functions in PHP
before ...)
+ TODO: check
CVE-2007-5897 (Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3,
9iR1, ...)
NOT-FOR-US: Oracle
CVE-2007-5896 (Mozilla Firefox 2.0.0.9 allows remote attackers to cause a
denial of ...)
@@ -1245,7 +1414,7 @@
NOT-FOR-US: LiteSpeed
CVE-2007-5653 (The Component Object Model (COM) functions in PHP 5.x on Windows
do ...)
- php5 <not-affected> (windows only)
-CVE-2007-5652 (Unspecified vulnerability in IBM DB2 9.1 before Fix Pack 4 might
allow ...)
+CVE-2007-5652 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage
of a ...)
NOT-FOR-US: IBM DB2
CVE-2007-5651 (Unspecified vulnerability in the Extensible Authentication
Protocol ...)
NOT-FOR-US: Cisco IOS
@@ -1459,8 +1628,8 @@
RESERVED
CVE-2007-5613
RESERVED
-CVE-2007-5612
- RESERVED
+CVE-2007-5612 (CIM Server in IBM Director 5.20.1 and earlier allows remote
attackers ...)
+ TODO: check
CVE-2007-5611
RESERVED
CVE-2007-5610
@@ -1912,7 +2081,7 @@
- linux-2.6 <unfixed>
NOTE: kernel-sec is already tracking this
CVE-2007-5499
- RESERVED
+ REJECTED
CVE-2007-5498
RESERVED
CVE-2007-5497
@@ -2378,8 +2547,8 @@
NOT-FOR-US: Joomla! extension
CVE-2007-5362 (Multiple PHP remote file inclusion vulnerabilities in the
Avant-Garde ...)
NOT-FOR-US: Joomla! and mambo extension
-CVE-2007-5361
- RESERVED
+CVE-2007-5361 (The Communication Server in Alcatel-Lucent OmniPCX Enterprise
7.1 and ...)
+ TODO: check
CVE-2007-5360
RESERVED
CVE-2007-5359
@@ -24704,9 +24873,9 @@
- openssl097 0.9.7k-2
- openssl096 <removed>
CVE-2006-2939
- RESERVED
+ REJECTED
CVE-2006-2938
- RESERVED
+ REJECTED
CVE-2006-2937 (OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows
remote ...)
{DSA-1185-2}
- openssl 0.9.8c-2 (bug #389940)
@@ -51274,8 +51443,8 @@
CVE-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local
users to ...)
{DSA-415}
- quagga 0.96.4x-4
-CVE-2003-0857
- RESERVED
+CVE-2003-0857 (The (1) ipq_read and (2) ipulog_read functions in iptables allow
local ...)
+ TODO: check
CVE-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial
of ...)
{DSA-492}
- iproute 20010824-13.1