Author: joeyh
Date: 2007-01-19 09:14:12 +0100 (Fri, 19 Jan 2007)
New Revision: 5299
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-18 20:54:37 UTC (rev 5298)
+++ data/CVE/list 2007-01-19 08:14:12 UTC (rev 5299)
@@ -1,3 +1,147 @@
+CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in
(1) ...)
+ TODO: check
+CVE-2007-0362 (Cross-site scripting (XSS) vulnerability in the RSS feed
component in ...)
+ TODO: check
+CVE-2007-0361 (PHP remote file inclusion vulnerability in mep/frame.php in ...)
+ TODO: check
+CVE-2007-0360 (PHP remote file inclusion vulnerability in lang/index.php in
Oreon ...)
+ TODO: check
+CVE-2007-0359 (PHP remote file inclusion vulnerability in frontpage.php in
Uberghey ...)
+ TODO: check
+CVE-2007-0358 (Unspecified vulnerability in the FTP server implementation in
HP ...)
+ TODO: check
+CVE-2007-0357 (Directory traversal vulnerability in the AVM IGD CTRL Service
in ...)
+ TODO: check
+CVE-2007-0356 (The Common Controls Replacement Project (CCRP) FolderTreeview
(FTV) ...)
+ TODO: check
+CVE-2007-0355 (Buffer overflow in the Apple Minimal SLP v2 Service Agent
(slpd) in ...)
+ TODO: check
+CVE-2007-0354 (SQL injection vulnerability in email.php in MGB OpenSource
Guestbook ...)
+ TODO: check
+CVE-2007-0353 (Cross-site scripting (XSS) vulnerability in (1) index.php and
(2) ...)
+ TODO: check
+CVE-2007-0352 (Stack-based buffer overflow in Microsoft Help Workshop
4.03.0002 ...)
+ TODO: check
+CVE-2007-0351 (Microsoft Windows XP and Windows Server 2003 do not properly
handle ...)
+ TODO: check
+CVE-2007-0350 (Multiple SQL injection vulnerabilities in (a) index.php and (b)
dl.php ...)
+ TODO: check
+CVE-2007-0349 (Directory traversal vulnerability in upgrade.php in
nicecoder.com ...)
+ TODO: check
+CVE-2007-0348
+ RESERVED
+CVE-2007-0347
+ RESERVED
+CVE-2007-0346 (SQL injection vulnerability in index.php in SmE FileMailer 1.21
allows ...)
+ TODO: check
+CVE-2007-0345 (The (1) Activity Monitor.app/Contents/Resources/pmTool, (2)
Keychain ...)
+ TODO: check
+CVE-2007-0344 (Multiple format string vulnerabilities in (1) _invitedToRoom:
and (2) ...)
+ TODO: check
+CVE-2007-0343 (OpenBSD before 20070116 allows remote attackers to cause a
denial of ...)
+ TODO: check
+CVE-2007-0342 (WebCore in Apple WebKit build 18794 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2007-0341 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1
and ...)
+ TODO: check
+CVE-2007-0340 (SQL injection vulnerability in inc/header.inc.php in ThWboard
...)
+ TODO: check
+CVE-2007-0339 (SQL injection vulnerability in index.php (aka the login form)
in ...)
+ TODO: check
+CVE-2007-0338 (Heap-based buffer overflow in Dream FTP Server allows remote
attackers ...)
+ TODO: check
+CVE-2007-0337 (Directory traversal vulnerability in sesskglogadmin.php in KGB
1.9 and ...)
+ TODO: check
+CVE-2007-0336 (Undercover.app/Contents/Resources/uc in Rixstep Undercover
allows ...)
+ TODO: check
+CVE-2007-0335 (Multiple directory traversal vulnerabilities in Jax Petition
Book ...)
+ TODO: check
+CVE-2007-0334 (Unspecified vulnerability in the SIP module in InGate Firewall
and ...)
+ TODO: check
+CVE-2007-0333 (Agnitum Outpost Firewall PRO 4.0 allows local users to bypass
access ...)
+ TODO: check
+CVE-2007-0332 ((1) admin/adminlien.php3 and (2) admin/modif.php3 in
liens_dynamiques ...)
+ TODO: check
+CVE-2007-0331 (Cross-site scripting (XSS) vulnerability in liens.php3 in ...)
+ TODO: check
+CVE-2007-0330 (Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in
Ipswitch ...)
+ TODO: check
+CVE-2007-0329 (download.php in Joonas Viljanen JV2 Folder Gallery allows
remote ...)
+ TODO: check
+CVE-2007-0328
+ RESERVED
+CVE-2007-0327
+ RESERVED
+CVE-2007-0326
+ RESERVED
+CVE-2007-0325
+ RESERVED
+CVE-2007-0324
+ RESERVED
+CVE-2007-0323
+ RESERVED
+CVE-2007-0322
+ RESERVED
+CVE-2007-0321
+ RESERVED
+CVE-2007-0320
+ RESERVED
+CVE-2007-0319
+ RESERVED
+CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows ...)
+ TODO: check
+CVE-2007-0317 (Format string vulnerability in the LogMessage function in
FileZilla ...)
+ TODO: check
+CVE-2007-0316 (Multiple SQL injection vulnerabilities in All In One Control
Panel ...)
+ TODO: check
+CVE-2007-0315 (Multiple buffer overflows in FileZilla before 2.2.30a allow
remote ...)
+ TODO: check
+CVE-2007-0314 (Multiple PHP remote file inclusion vulnerabilities in Article
System ...)
+ TODO: check
+CVE-2007-0313 (Unspecified vulnerability in GONICUS System Administration
(GOsa) ...)
+ TODO: check
+CVE-2007-0312 (wcSimple Poll stores sensitive information under the web root
with ...)
+ TODO: check
+CVE-2007-0311 (Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and
earlier ...)
+ TODO: check
+CVE-2007-0310 (BMC Remedy Action Request System 5.01.02 Patch 1267 generates
...)
+ TODO: check
+CVE-2007-0309 (SQL injection vulnerability in blocks/block-Old_Articles.php in
...)
+ TODO: check
+CVE-2007-0308 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI
before ...)
+ TODO: check
+CVE-2007-0307 (PHP remote file inclusion vulnerability in include/common.php
in ...)
+ TODO: check
+CVE-2007-0306 (SQL injection vulnerability in visu_user.asp in Digiappz
DigiAffiliate ...)
+ TODO: check
+CVE-2007-0305 (SQL injection vulnerability in etkinlikbak.asp in Okul Web
Otomasyon ...)
+ TODO: check
+CVE-2007-0304 (SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi
2.7 ...)
+ TODO: check
+CVE-2007-0303 (Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier
have ...)
+ TODO: check
+CVE-2007-0302 (Multiple cross-site scripting (XSS) vulnerabilities in
InstantASP ...)
+ TODO: check
+CVE-2007-0301 (PHP remote file inclusion vulnerability in
_admin/admin_menu.php in ...)
+ TODO: check
+CVE-2007-0300 (PHP remote file inclusion vulnerability in i-accueil.php in TLM
CMS ...)
+ TODO: check
+CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in ...)
+ TODO: check
+CVE-2007-0298 (PHP remote file inclusion vulnerability in show.php in
LunarPoll, when ...)
+ TODO: check
+CVE-2006-6944 (phpMyAdmin before 2.9.1.1 allows remote attackers to bypass
Allow/Deny ...)
+ TODO: check
+CVE-2006-6943 (hpMyAdmin before 2.9.1.1 allows remote attackers to obtain the
full ...)
+ TODO: check
+CVE-2006-6942 (Multiple cross-site scripting (XSS) vulnerabilities in
PhpMyAdmin ...)
+ TODO: check
+CVE-2006-6941 (index.php in FreeWebshop 2.2.2 and earlier allows remote
attackers to ...)
+ TODO: check
+CVE-2006-6940 (Buffer overflow in the ParseHeader function in clsOWA.cls in
POP3/SMTP ...)
+ TODO: check
+CVE-2003-1318 (Twilight Webserver 1.3.3.0 allows remote attackers to cause a
denial ...)
+ TODO: check
CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and
JD ...)
NOT-FOR-US: Oracle
CVE-2007-0296 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and
JD ...)
@@ -78,7 +222,7 @@
NOT-FOR-US: Ezboxx Portal
CVE-2007-0258 (Cross-site scripting (XSS) vulnerability in index.php in (1)
Fastilo ...)
NOT-FOR-US: Fastilo
-CVE-2007-0257 (Unspecified vulnerability in the expand_stack function in
grsecurity ...)
+CVE-2007-0257 (** DISPUTED ** ...)
- kernel-patch-grsecurity2 <unfixed> (unimportant; bug #407350)
NOTE: This is most possibly scam:
http://www.grsecurity.net/news.php#digitalfud
NOTE: If this ever turns real we can re-raise severity.
@@ -91,7 +235,7 @@
NOTE: My understanding is that this CVE is bogus.
NOTE: I failed to see where the format string vulnerability is, I have
report
NOTE: a bug in case I have missed something.
-CVE-2007-0253 (Unspecified vulnerability in the grsecurity patch has
unspecified ...)
+CVE-2007-0253 (** DISPUTED ** ...)
- kernel-patch-grsecurity2 <unfixed> (unimportant; bug #407350)
NOTE: See CVE-2007-0257
CVE-2007-0252 (Unspecified vulnerability in easy-content filemanager allows
remote ...)
@@ -111,8 +255,8 @@
RESERVED
CVE-2007-0244
RESERVED
-CVE-2007-0243
- RESERVED
+CVE-2007-0243 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE)
5.0 ...)
+ TODO: check
CVE-2007-0242
RESERVED
CVE-2007-0241
@@ -130,7 +274,8 @@
CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s
function in ...)
- libgtop2 2.14.4-3 (medium; bug #407020)
NOTE: libgtop does not contain the affected code.
-CVE-2007-0234 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE)
5.0 ...)
+CVE-2007-0234
+ REJECTED
- sun-java5 1.5.0-10-1
CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not
properly ...)
TODO: check
@@ -1721,13 +1866,13 @@
- openldap2.3 <not-affected> (kerberos support not enabled)
- openldap2 <not-affected> (kerberos support not enabled)
CVE-2006-6492
- RESERVED
+ REJECTED
CVE-2006-6491
- RESERVED
+ REJECTED
CVE-2006-6490
RESERVED
-CVE-2006-6489
- RESERVED
+CVE-2006-6489 (The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit
for ...)
+ TODO: check
CVE-2006-6488 (Stack-based buffer overflow in the DoModal function in the
Dialog Wrapper ...)
NOT-FOR-US: ICONICS
CVE-2006-6487 (Cross-site scripting (XSS) vulnerability in index.php in DT
Guestbook ...)
@@ -2856,10 +3001,10 @@
NOT-FOR-US: Panda ActiveScan
CVE-2006-5965 (PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses
insecure ...)
NOT-FOR-US: PassGo SSO Plus
-CVE-2006-5964
- RESERVED
-CVE-2006-5963
- RESERVED
+CVE-2006-5964 (choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221
allows local ...)
+ TODO: check
+CVE-2006-5963 (Directory traversal vulnerability in PentaZip 8.5.1.190 and
PentaSuite-PRO ...)
+ TODO: check
CVE-2006-5962 (Multiple SQL injection vulnerabilities in Hpecs Shopping Cart
allow ...)
NOT-FOR-US: Hpecs Shopping Cart
CVE-2006-5961 (Buffer overflow in Mercury Mail Transport System 4.01b for
Windows has ...)
@@ -10745,7 +10890,7 @@
NOT-FOR-US: IceWarp
CVE-2006-2483 (PHP remote file inclusion vulnerability in cart_content.php in
...)
NOT-FOR-US: Squirrelcart
-CVE-2006-2482 (Heap-based buffer overflow in ZipTV for Delphi 7 2006.1.26 and
for C++ ...)
+CVE-2006-2482 (Heap-based buffer overflow in the TZipTV component in (1) ZipTV
for ...)
NOT-FOR-US: ZipTV
CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch
4 ...)
NOT-FOR-US: VMware ESX
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
