Author: joeyh
Date: 2007-02-14 09:14:14 +0100 (Wed, 14 Feb 2007)
New Revision: 5459
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-14 07:02:43 UTC (rev 5458)
+++ data/CVE/list 2007-02-14 08:14:14 UTC (rev 5459)
@@ -1,4 +1,39 @@
-CVE-2007-0451 (DoS in spamassassin URI parsing causes SA to enter loop eating
all RAM)
+CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in
admin/admin.adm.php ...)
+ TODO: check
+CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1
might allow ...)
+ TODO: check
+CVE-2007-0910 (Unspecified vulnerability PHP before 5.2.1 allows attackers to
...)
+ TODO: check
+CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1
might allow ...)
+ TODO: check
+CVE-2007-0908 (The wddx extension in PHP before 5.2.1 allows remote attackers
to ...)
+ TODO: check
+CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause
a ...)
+ TODO: check
+CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers
to cause ...)
+ TODO: check
+CVE-2007-0905 (PHP before 5.2.1 allows attackers to bypass safe_mode and
open_basedir ...)
+ TODO: check
+CVE-2007-0904 (SQL injection vulnerability in projects.php in LightRO CMS 1.0
allows ...)
+ TODO: check
+CVE-2007-0903 (Unspecified vulnerability in the mod_roster_odbc module in
ejabberd ...)
+ TODO: check
+CVE-2007-0902 (Unspecified vulnerability in the "Show debugging
information" feature ...)
+ TODO: check
+CVE-2007-0901 (Multiple cross-site scripting (XSS) vulnerabilities in Info
pages in ...)
+ TODO: check
+CVE-2007-0900 (Multiple PHP remote file inclusion vulnerabilities in TagIt!
Tagboard ...)
+ TODO: check
+CVE-2007-0899
+ RESERVED
+CVE-2007-0898
+ RESERVED
+CVE-2007-0897
+ RESERVED
+CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before
...)
+ TODO: check
+CVE-2007-0451
+ RESERVED
- spamassassin 3.1.8 (bug #410843)
NOTE: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5318
CVE-2007-0895 (Race condition in recursive directory deletion with the (1) -r
or (2) ...)
@@ -162,7 +197,7 @@
NOTE: which probably turns this into remote code execution
NOTE: clamav can also call unrar -p-, but AFAICS not in default
configuration
TODO: unrar-free and clamav (which embeds unrar-free code) need to be
checked
-CVE-2007-0854 (Remote file inclusion vulnerability in objcache in cPanel
WebHost ...)
+CVE-2007-0854 (Remote file inclusion vulnerability in scripts2/objcache in
cPanel ...)
NOT-FOR-US: cPanel WebHost Manager
CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote
attackers ...)
NOT-FOR-US: DevTrack
@@ -184,8 +219,8 @@
NOT-FOR-US: Advanced Poll
CVE-2007-0843
RESERVED
-CVE-2007-0842
- RESERVED
+CVE-2007-0842 (The 64-bit versions of Microsoft Visual C++ 8.0 standard
library ...)
+ TODO: check
CVE-2007-0841 (Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0
have ...)
NOT-FOR-US: vbDrupal
CVE-2007-0840 (Cross-site scripting (XSS) vulnerability in HLstats before 1.35
allows ...)
@@ -1623,30 +1658,30 @@
RESERVED
CVE-2007-0220
RESERVED
-CVE-2007-0219
- RESERVED
+CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM
objects ...)
+ TODO: check
CVE-2007-0218
RESERVED
-CVE-2007-0217
- RESERVED
+CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer
5.01 ...)
+ TODO: check
CVE-2007-0216
RESERVED
CVE-2007-0215
RESERVED
-CVE-2007-0214
- RESERVED
+CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows
2000 ...)
+ TODO: check
CVE-2007-0213
RESERVED
CVE-2007-0212
RESERVED
-CVE-2007-0211
- RESERVED
-CVE-2007-0210
- RESERVED
-CVE-2007-0209
- RESERVED
-CVE-2007-0208
- RESERVED
+CVE-2007-0211 (The hardware detection functionality in the Windows Shell in
Microsoft ...)
+ TODO: check
+CVE-2007-0210 (The Window Image Acquisition (WIA) Service in Microsoft Windows
XP SP2 ...)
+ TODO: check
+CVE-2007-0209 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2,
Works ...)
+ TODO: check
+CVE-2007-0208 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2,
Works ...)
+ TODO: check
CVE-2007-0207
RESERVED
CVE-2007-0206 (Unspecified vulnerability in HP OpenView Network Node Manager
(OV NNM) ...)
@@ -2244,10 +2279,10 @@
NOT-FOR-US: Microsoft Excel
CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and
v.X for Mac ...)
NOT-FOR-US: Microsoft Excel
-CVE-2007-0026
- RESERVED
-CVE-2007-0025
- RESERVED
+CVE-2007-0026 (The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2,
and 2003 SP1 ...)
+ TODO: check
+CVE-2007-0025 (The MFC component in Microsoft Windows 2000 SP4, XP SP2, and
2003 SP1 and ...)
+ TODO: check
CVE-2007-0024 (Integer overflow in the Vector Markup Language (VML)
implementation ...)
NOT-FOR-US: Microsoft IE
CVE-2007-0023 (The CFUserNotificationSendRequest function in ...)
@@ -5844,8 +5879,8 @@
RESERVED
CVE-2006-5271
RESERVED
-CVE-2006-5270
- RESERVED
+CVE-2006-5270 (Integer overflow in the Microsoft Malware Protection Engine ...)
+ TODO: check
CVE-2006-5269
RESERVED
CVE-2006-5268
@@ -7082,8 +7117,8 @@
RESERVED
CVE-2006-4698
RESERVED
-CVE-2006-4697
- RESERVED
+CVE-2006-4697 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM
objects ...)
+ TODO: check
CVE-2006-4696 (Unspecified vulnerability in the Server service in Microsoft
Windows ...)
NOT-FOR-US: Microsoft
CVE-2006-4695
@@ -9718,7 +9753,7 @@
NOT-FOR-US: McAfee VirusScan Enterprise
CVE-2006-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi
...)
NOT-FOR-US: Hitachi Groupmax Collaboration Portal and Web Client and
uCosminexus Collaboration Portal and Forum/File Sharing
-CVE-2006-3573 (Format string vulnerability in agl_text.cpp in Milan Mimica
Sparklet ...)
+CVE-2006-3573 (Format string vulnerability in the WriteText function in
agl_text.cpp ...)
NOT-FOR-US: Milan Mimica Sparklet
CVE-2006-3572 (SQL injection vulnerability in forumthread.php in Papoo 3 RC3
and ...)
NOT-FOR-US: Papoo
@@ -9981,8 +10016,8 @@
NOT-FOR-US: Microsoft
CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through
2003, ...)
NOT-FOR-US: Microsoft
-CVE-2006-3448
- RESERVED
+CVE-2006-3448 (The Step-by-Step Interactive Training in Microsoft Windows 2000
SP4, ...)
+ TODO: check
CVE-2006-3447
RESERVED
CVE-2006-3446
@@ -12562,7 +12597,7 @@
NOTE: Beginning with version 7.5.4, postgresql is a transition
NOTE: package which does not contain actual code. That's why
NOTE: it's marked as fixed here. (Previous versions are vulnerable.)
-CVE-2006-2312 (Unspecified vulnerability in the URI handler in Skype 2.0.*.104
and ...)
+CVE-2006-2312 (Argument injection vulnerability in the URI handler in Skype
2.0.*.104 ...)
NOT-FOR-US: Skype
CVE-2006-2311 (Cross-site scripting (XSS) vulnerability in BlueDragon Server
and ...)
NOT-FOR-US: BlueDragon Server and Server JX
@@ -15058,8 +15093,8 @@
NOT-FOR-US: Microsoft JScript
CVE-2006-1312
RESERVED
-CVE-2006-1311
- RESERVED
+CVE-2006-1311 (The RichEdit component in Microsoft Windows 2000 SP4, XP SP2,
and 2003 SP1; ...)
+ TODO: check
CVE-2006-1310
RESERVED
CVE-2006-1309 (Microsoft Excel 2000 through 2004 allows user-assisted
attackers to ...)
@@ -16405,7 +16440,7 @@
- wordpress <unfixed> (unimportant)
CVE-2006-0732 (Directory traversal vulnerability in SAP Business Connector
(BC) 4.6 ...)
NOT-FOR-US: SAP Business Connector
-CVE-2006-0731 (Unspecified vulnerability in SAP Business Connector Core Fix 7
and ...)
+CVE-2006-0731 (WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7
and ...)
NOT-FOR-US: SAP Business Connector
CVE-2006-0730 (Multiple unspecified vulnerabilities in Dovecot before 1.0beta3
allow ...)
- dovecot 1.0.beta3-1 (bug #353341; medium)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
