Author: joeyh
Date: 2007-05-17 09:14:10 +0000 (Thu, 17 May 2007)
New Revision: 5858
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-05-17 09:11:12 UTC (rev 5857)
+++ data/CVE/list 2007-05-17 09:14:10 UTC (rev 5858)
@@ -1,3 +1,259 @@
+CVE-2007-2715 (Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers
to ...)
+ TODO: check
+CVE-2007-2714 (Unspecified vulnerability in akismet.php in Matt Mullenweg
Akismet ...)
+ TODO: check
+CVE-2007-2713 (ifdate 2.x sends a redirect to the web browser but does not
exit when ...)
+ TODO: check
+CVE-2007-2712 (Unspecified vulnerability in MH Software Connect Daily before
3.3.3 ...)
+ TODO: check
+CVE-2007-2711 (Stack-based buffer overflow in TinyIdentD 2.2 and earlier
allows ...)
+ TODO: check
+CVE-2007-2710 (PHP remote file inclusion vulnerability in
functions/prepend_adm.php ...)
+ TODO: check
+CVE-2007-2709 (PHP remote file inclusion vulnerability in
functions/prepend_adm.php ...)
+ TODO: check
+CVE-2007-2708 (PHP remote file inclusion vulnerability in newsadmin.php in
Feindt ...)
+ TODO: check
+CVE-2007-2707 (PHP remote file inclusion vulnerability in
linksnet_linkslog_rss.php ...)
+ TODO: check
+CVE-2007-2706 (PHP remote file inclusion vulnerability in maint/ftpmedia.php
in Media ...)
+ TODO: check
+CVE-2007-2705 (Directory traversal vulnerability in the Test View Console in
BEA ...)
+ TODO: check
+CVE-2007-2704 (BEA WebLogic Server 9.0 through 9.2 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2007-2703 (BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements
role if ...)
+ TODO: check
+CVE-2007-2702 (Cross-site scripting (XSS) vulnerability in the GroupSpace
application ...)
+ TODO: check
+CVE-2007-2701 (The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7
and 8.1 ...)
+ TODO: check
+CVE-2007-2700 (The WLST script generated by the configToScript command in BEA
...)
+ TODO: check
+CVE-2007-2699 (The Administration Console in BEA WebLogic Express and WebLogic
Server ...)
+ TODO: check
+CVE-2007-2698 (The Administration Console in BEA WebLogic Server 9.0 may show
...)
+ TODO: check
+CVE-2007-2697 (The embedded LDAP server in BEA WebLogic Express and WebLogic
Server ...)
+ TODO: check
+CVE-2007-2696 (The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0
through ...)
+ TODO: check
+CVE-2007-2695 (The HttpClusterServlet and HttpProxyServlet in BEA WebLogic
Express ...)
+ TODO: check
+CVE-2007-2694 (Multiple cross-site scripting (XSS) vulnerabilities in BEA
WebLogic ...)
+ TODO: check
+CVE-2007-2693 (MySQL before 5.1.18 allows remote authenticated users without
SELECT ...)
+ TODO: check
+CVE-2007-2692 (The mysql_change_db function in MySQL 5.0.x before 5.0.40 and
5.1.x ...)
+ TODO: check
+CVE-2007-2691 (MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before
5.1.18 does ...)
+ TODO: check
+CVE-2007-2690 (Multiple IBM ISS Proventia Series products, including the A, G,
and M ...)
+ TODO: check
+CVE-2007-2689 (Check Point Web Intelligence does not properly handle certain
...)
+ TODO: check
+CVE-2007-2688 (The Cisco Intrusion Prevention System (IPS) and IOS with
Firewall/IPS ...)
+ TODO: check
+CVE-2007-2687
+ RESERVED
+CVE-2007-2686
+ RESERVED
+CVE-2007-2685
+ RESERVED
+CVE-2007-2684
+ RESERVED
+CVE-2007-2683 (Buffer overflow in Mutt 1.4.2 might allow local users to
execute ...)
+ TODO: check
+CVE-2007-2682
+ RESERVED
+CVE-2007-2681 (Directory traversal vulnerability in blogs/index.php in
b2evolution ...)
+ TODO: check
+CVE-2007-2680 (Cross-site scripting (XSS) vulnerability in the management
interface ...)
+ TODO: check
+CVE-2007-2679 (PHP file inclusion vulnerability in index.php in Ivan Peevski
gallery ...)
+ TODO: check
+CVE-2007-2678 (Buffer overflow in the isChecked function in toolbar.dll in
Netsprint ...)
+ TODO: check
+CVE-2007-2677 (Multiple PHP remote file inclusion vulnerabilities in phpChess
...)
+ TODO: check
+CVE-2007-2676 (PHP remote file inclusion vulnerability in skins/header.php in
Open ...)
+ TODO: check
+CVE-2007-2675 (SQL injection vulnerability in search.php in Pre Classifieds
Listings ...)
+ TODO: check
+CVE-2007-2674 (SQL injection vulnerability in detail.php in Pre Shopping Mall
1.0 ...)
+ TODO: check
+CVE-2007-2673 (SQL injection vulnerability in censura.php in Censura 1.15.04
allows ...)
+ TODO: check
+CVE-2007-2672 (SQL injection vulnerability in index.php in PHP Coupon Script
3.0 ...)
+ TODO: check
+CVE-2007-2671 (Mozilla Firefox 2.0.0.3 allows remote attackers to cause a
denial of ...)
+ TODO: check
+CVE-2007-2670 (PHPChain 1.0 and earlier allows remote attackers to obtain the
...)
+ TODO: check
+CVE-2007-2669 (Multiple cross-site scripting (XSS) vulnerabilities in PHPChain
1.0 ...)
+ TODO: check
+CVE-2007-2668 (Buffer overflow in webdesproxy 0.0.1 allows remote attackers to
...)
+ TODO: check
+CVE-2007-2667 (Buffer overflow in the DB Software Laboratory VImpX ActiveX
control in ...)
+ TODO: check
+CVE-2007-2666 (Stack-based buffer overflow in SciLexer.dll in notepad++ 4.1.1
and ...)
+ TODO: check
+CVE-2007-2665 (PHP remote file inclusion vulnerability in block.php in
PhpFirstPost ...)
+ TODO: check
+CVE-2007-2664 (PHP remote file inclusion vulnerability in includes/common.php
in Yaap ...)
+ TODO: check
+CVE-2007-2663 (PHP remote file inclusion vulnerability in
language/1/splash.lang.php ...)
+ TODO: check
+CVE-2007-2662 (SQL injection vulnerability in EfesTECH Haber 5.0 allows remote
...)
+ TODO: check
+CVE-2007-2661 (SQL injection vulnerability in archshow.asp in BlogMe 3.0
allows ...)
+ TODO: check
+CVE-2007-2660 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-2659 (Directory traversal vulnerability in index.php in PHP Advanced
...)
+ TODO: check
+CVE-2007-2658 (Unspecified vulnerability in the ID Automation Linear Barcode
1.6.0.5 ...)
+ TODO: check
+CVE-2007-2657 (Unspecified vulnerability in the PrecisionID Barcode 1.3
ActiveX ...)
+ TODO: check
+CVE-2007-2656 (Stack-based buffer overflow in the Hewlett-Packard (HP) Magview
...)
+ TODO: check
+CVE-2007-2655 (Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail
before ...)
+ TODO: check
+CVE-2007-2654 (xfs_fsr in xfsdump creates a temporary directory with insecure
...)
+ TODO: check
+CVE-2007-2653 (Unspecified vulnerability in Vim (Vi IMproved) before 7.1 has
...)
+ TODO: check
+CVE-2007-2652 (Multiple unspecified vulnerabilities in Free-SA before 1.2.2
allow ...)
+ TODO: check
+CVE-2007-2651 (Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27
allow ...)
+ TODO: check
+CVE-2007-2650 (The OLE2 parser in Clam AntiVirus (ClamAV) allows remote
attackers to ...)
+ TODO: check
+CVE-2007-2649 (Deutsche Telekom (T-com) Speedport W 700v uses JavaScript
delays for ...)
+ TODO: check
+CVE-2007-2648 (Stack-based buffer overflow in the Clever Database Comparer 2.2
...)
+ TODO: check
+CVE-2007-2647 (Static code injection vulnerability in
admin/admin_configuration.php ...)
+ TODO: check
+CVE-2007-2646 (Heap-based buffer overflow in yEnc32 1.0.7.207 allows
user-assisted ...)
+ TODO: check
+CVE-2007-2645 (Integer overflow in the exif_data_load_data_entry function in
...)
+ TODO: check
+CVE-2007-2644 (A certain ActiveX control in Morovia Barcode ActiveX
Professional ...)
+ TODO: check
+CVE-2007-2643 (Directory traversal vulnerability in phpThumb.php in PinkCrow
Designs ...)
+ TODO: check
+CVE-2007-2642 (Directory traversal vulnerability in galeria.php in R2K Gallery
1.7 ...)
+ TODO: check
+CVE-2007-2641 (SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4
Philboard ...)
+ TODO: check
+CVE-2007-2640 (LibTMCG before 1.1.1 does not perform a range check to avoid
"trivial ...)
+ TODO: check
+CVE-2007-2639 (Directory traversal vulnerability in TFTPdWin 0.4.2 allows
remote ...)
+ TODO: check
+CVE-2007-2638 (eFileCabinet 3.3 allows remote attackers to bypass
authentication and ...)
+ TODO: check
+CVE-2007-2637 (MoinMoin before 20070507 does not properly enforce ACLs for
calendars ...)
+ TODO: check
+CVE-2007-2636 (Unspecified vulnerability in phpTodo before 0.8.1 allows remote
...)
+ TODO: check
+CVE-2007-2635 (Unspecified vulnerability in Interchange before 5.4.2 allows
remote ...)
+ TODO: check
+CVE-2007-2634 (PHP remote file inclusion vulnerability in common/errormsg.php
in ...)
+ TODO: check
+CVE-2007-2633 (Directory traversal vulnerability in H-Sphere SiteStudio 1.6
allows ...)
+ TODO: check
+CVE-2007-2632 (Multiple cross-site scripting (XSS) vulnerabilities in PHP
Multi User ...)
+ TODO: check
+CVE-2007-2631 (Cross-site request forgery (CSRF) vulnerability in SquirrelMail
...)
+ TODO: check
+CVE-2007-2630 (Incomplete blacklist vulnerability in ...)
+ TODO: check
+CVE-2007-2629 (Bradford CampusManager Network Control Application Server
3.1(6) ...)
+ TODO: check
+CVE-2007-2628 (PHP remote file inclusion vulnerability in include/logout.php
in ...)
+ TODO: check
+CVE-2007-2627 (Cross-site scripting (XSS) vulnerability in sidebar.php in
WordPress, ...)
+ TODO: check
+CVE-2007-2626 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-2625 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2007-2624 (Dynamic variable evaluation vulnerability in ...)
+ TODO: check
+CVE-2007-2623 (Multiple buffer overflows in RControl.dll in Remote Display Dev
kit ...)
+ TODO: check
+CVE-2007-2622 (Multiple SQL injection vulnerabilities in TaskDriver 1.2 and
earlier ...)
+ TODO: check
+CVE-2007-2621 (SQL injection vulnerability in event_view.php in Thyme Calendar
1.3 ...)
+ TODO: check
+CVE-2007-2620 (PHP remote file inclusion vulnerability in inc/config.inc.php
in Jakub ...)
+ TODO: check
+CVE-2007-2619 (Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login
...)
+ TODO: check
+CVE-2007-2618 (CRLF injection vulnerability in index.php in Drake CMS 0.4.0
allows ...)
+ TODO: check
+CVE-2007-2617 (srsexec in Sun Remote Services (SRS) Net Connect Software Proxy
Core ...)
+ TODO: check
+CVE-2007-2616 (Stack-based buffer overflow in the SSL version of the NMDMC.EXE
...)
+ TODO: check
+CVE-2007-2615 (Multiple PHP remote file inclusion vulnerabilities in Crie seu
...)
+ TODO: check
+CVE-2007-2614 (PHP remote file inclusion vulnerability in examples/widget8.php
in ...)
+ TODO: check
+CVE-2007-2613 (WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a
shared ...)
+ TODO: check
+CVE-2007-2612 (SQL injection vulnerability in libs/Wakka.class.php in
WikkaWiki ...)
+ TODO: check
+CVE-2007-2611 (Multiple PHP remote file inclusion vulnerabilities in CGX
20050314 ...)
+ TODO: check
+CVE-2007-2610 (Cross-site scripting (XSS) vulnerability in OpenLD before
1.1.9, and ...)
+ TODO: check
+CVE-2007-2609 (Multiple PHP remote file inclusion vulnerabilities in gnuedu
1.3b2 ...)
+ TODO: check
+CVE-2007-2608 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-2607 (PHP remote file inclusion vulnerability in
views/print/printbar.php in ...)
+ TODO: check
+CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to
trigger ...)
+ TODO: check
+CVE-2007-2605 (Unspecified vulnerability in the GetPropertyById function in
...)
+ TODO: check
+CVE-2007-2604 (Unspecified vulnerability in the FlexLabel ActiveX control
allows ...)
+ TODO: check
+CVE-2007-2603 (Unspecified vulnerability in the Init function in the Audio CD
Ripper ...)
+ TODO: check
+CVE-2007-2602 (Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11
allows ...)
+ TODO: check
+CVE-2007-2601 (Buffer overflow in a certain ActiveX control in the GDivX
Zenith ...)
+ TODO: check
+CVE-2007-2600 (Multiple cross-site scripting (XSS) vulnerabilities in
TutorialCMS ...)
+ TODO: check
+CVE-2007-2599 (Multiple SQL injection vulnerabilities in TutorialCMS (aka
Photoshop ...)
+ TODO: check
+CVE-2007-2598 (SQL injection vulnerability in print.php in SimpleNews 1.0.0
FINAL ...)
+ TODO: check
+CVE-2007-2597 (Multiple PHP remote file inclusion vulnerabilities in
telltarget CMS ...)
+ TODO: check
+CVE-2007-2596 (PHP remote file inclusion vulnerability in common/func.php in
aForum ...)
+ TODO: check
+CVE-2007-2595 (RSAuction 2.73.1.3 allows remote authenticated users to move
their own ...)
+ TODO: check
+CVE-2007-2594 (PHP remote file inclusion vulnerability in inc/articles.inc.php
in ...)
+ TODO: check
+CVE-2007-2593 (The Terminal Server in Microsoft Windows 2003 Server, when
using TLS, ...)
+ TODO: check
+CVE-2007-2592 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia
...)
+ TODO: check
+CVE-2007-2591 (usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2,
...)
+ TODO: check
+CVE-2007-2590 (Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and
6.6.2.2, ...)
+ TODO: check
+CVE-2007-2589 (Cross-site request forgery (CSRF) vulnerability in compose.php
in ...)
+ TODO: check
+CVE-2003-1327 (Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and
...)
+ TODO: check
CVE-2006-XXXX [PHP SOAP Extension HTTP Authentication Weak Nonce]
NOTE: see http://secunia.com/advisories/25306/
- php5 <unfixed> (low)
@@ -2,3 +258,3 @@
- php4 <not-affected> (no soap functions in php4)
-CVE-2006-7203 [mount compat local DoS]
+CVE-2006-7203 (The compat_sys_mount function in fs/compat.c in Linux kernel
2.6.20 ...)
- linux-2.6 <unfixed> (low)
@@ -14,7 +270,7 @@
NOT-FOR-US: BarCodeWiz ActiveX control
CVE-2007-2584 (Buffer overflow in the IsOldAppInstalled function in the ...)
NOT-FOR-US: Subscription Manager ActiveX control
-CVE-2007-2583 (MySQL 5.x before 5.0.40 allows context-dependent attackers to
cause a ...)
+CVE-2007-2583 (The in_decimal::set function in item_cmpfunc.cc in MySQL before
...)
- mysql-dfsg-5.0 <unfixed> (low)
NOTE: http://bugs.mysql.com/bug.php?id=27513
CVE-2007-2582 (Unspecified vulnerability in the DB2 JDBC Applet Server
(DB2JDS) ...)
@@ -135,10 +391,10 @@
- linux-2.6 <unfixed>
CVE-2007-2524 (Cross-site scripting (XSS) vulnerability in index.pl in OTRS
(Open ...)
- otrs2 <unfixed> (bug #423524)
-CVE-2007-2523
- RESERVED
-CVE-2007-2522
- RESERVED
+CVE-2007-2523 (CA Anti-Virus for the Enterprise r8 and Threat Manager r8
before ...)
+ TODO: check
+CVE-2007-2522 (Stack-based buffer overflow in the inoweb Console Server in CA
...)
+ TODO: check
CVE-2007-2521 (PHP remote file inclusion vulnerability in common.php in
E-GADS! 2.2.6 ...)
NOT-FOR-US: E-GADS!
CVE-2007-2520
@@ -297,20 +553,17 @@
RESERVED
CVE-2007-2448
RESERVED
-CVE-2007-2447 [samba: Unescaped user input parameters are passed as arguments
to /bin/sh allowing for remote command execution]
- RESERVED
+CVE-2007-2447 (The MS-RPC functionality in smbd in Samba 3.0.0 through
3.0.25rc3 ...)
{DSA-1291-1}
- samba 3.0.25-1 (high)
-CVE-2007-2446 [samba: Multiple heap overflows allow remote code execution]
- RESERVED
+CVE-2007-2446 (Multiple heap-based buffer overflows in the NDR parsing in smbd
in ...)
{DSA-1291-1}
- samba 3.0.25-1 (high)
CVE-2007-2445 [libpng tRNS Chunk Denial of Service]
RESERVED
- libpng 1.2.15~beta5-2
- libpng3 <unfixed>
-CVE-2007-2444 [samba: User privilege elevation because of a local SID/Name
translation bug]
- RESERVED
+CVE-2007-2444 (Logic error in the SID/Name translation functionality in smbd
in Samba ...)
{DSA-1291-1}
- samba 3.0.25-1
CVE-2007-2443
@@ -864,7 +1117,7 @@
NOT-FOR-US: Post Revolution
CVE-2007-2200 (Directory traversal vulnerability in navigator/navigator_ok.php
in ...)
NOT-FOR-US: Pagode
-CVE-2007-2199 (PHP remote file inclusion vulnerability in
libraries/pcl/pcltar.php in ...)
+CVE-2007-2199 (PHP remote file inclusion vulnerability in lib/pcltar.lib.php
(aka ...)
NOT-FOR-US: Joomla
CVE-2007-2198 (Cross-site scripting (XSS) vulnerability in LAN Management
System ...)
NOT-FOR-US: LAN Management System
@@ -1170,7 +1423,7 @@
CVE-2007-2058 (Directory traversal vulnerability in Acubix PicoZip 4.02 allows
...)
NOT-FOR-US: Acubix PicoZip
CVE-2007-2057 (Stack-based buffer overflow in aircrack-ng airodump-ng 0.7
allows ...)
- {DSA-1280-1}
+ {DSA-1280-1 DTSA-33-1}
- aircrack-ng 1:0.7-3 (medium)
NOTE: http://trac.aircrack-ng.org/changeset/288
CVE-2007-2056
@@ -1231,7 +1484,7 @@
- lha <unfixed> (low)
[sarge] - lha <no-dsa> (Non-free not supported)
[etch] - lha <no-dsa> (Non-free not supported)
-CVE-2007-2029 (The PDF handler in Clam AntiVirus (ClamAV) allows remote
attackers to ...)
+CVE-2007-2029 (File descriptor leak in the PDF handler in Clam AntiVirus
(ClamAV) ...)
{DSA-1281-1}
- clamav 0.90.2-1 (low; bug #418849)
NOTE: closed report:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=459
@@ -1509,12 +1762,12 @@
NOT-FOR-US: QuizShock
CVE-2007-1904 (Directory traversal vulnerability in AOL Instant Messenger
(AIM) 5.9 ...)
NOT-FOR-US: AOL Instant Messenger
-CVE-2007-1903
- RESERVED
-CVE-2007-1902
- RESERVED
-CVE-2007-1901
- RESERVED
+CVE-2007-1903 (Cross-site scripting (XSS) vulnerability in search.php in
SonicBB 1.0 ...)
+ TODO: check
+CVE-2007-1902 (Multiple SQL injection vulnerabilities in SonicBB 1.0 allow
remote ...)
+ TODO: check
+CVE-2007-1901 (SonicBB 1.0 allows remote attackers to obtain sensitive
information ...)
+ TODO: check
CVE-2007-1900 (CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL
filter in ...)
{DSA-1283-1}
- php5 5.2.0-11 (low)
@@ -3161,8 +3414,7 @@
- gnupg 1.4.6-2 (bug #413922; low)
- gpgme1.0 1.1.2-3 (bug #414170; low)
- gnupg2 2.0.3-1
-CVE-2007-1262 [squirrelmail cross site scripting in the HTML filter]
- RESERVED
+CVE-2007-1262 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML
filter ...)
{DSA-1290-1}
- squirrelmail 2:1.4.10a-1
CVE-2007-1261 (Unspecified vulnerability in the reports system in OpenBiblio
before ...)
@@ -3292,7 +3544,7 @@
NOT-FOR-US: Microsoft Windows
CVE-2007-1203 (Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002
SP3, 2003 ...)
NOT-FOR-US: Microsoft Excel
-CVE-2007-1202 (Microsoft Word 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004
for ...)
+CVE-2007-1202 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3,
2003 SP2, ...)
NOT-FOR-US: Microsoft Word
CVE-2007-1201
RESERVED
@@ -4685,8 +4937,8 @@
NOT-FOR-US: Chicken of the VNC
CVE-2007-0755
RESERVED
-CVE-2007-0754
- RESERVED
+CVE-2007-0754 (Heap-based buffer overflow in Apple QuickTime before 7.1.3
allows ...)
+ TODO: check
CVE-2007-0753
RESERVED
CVE-2007-0752
@@ -4695,10 +4947,10 @@
RESERVED
CVE-2007-0750
RESERVED
-CVE-2007-0749
- RESERVED
-CVE-2007-0748
- RESERVED
+CVE-2007-0749 (Multiple stack-based buffer overflows in the is_command
function in ...)
+ TODO: check
+CVE-2007-0748 (Heap-based buffer overflow in Apple Darwin Streaming Proxy,
when using ...)
+ TODO: check
CVE-2007-0747 (load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not
properly ...)
NOT-FOR-US: Apple Mac OS X
CVE-2007-0746 (Heap-based buffer overflow in the VideoConference framework in
Apple ...)
@@ -4817,8 +5069,8 @@
REJECTED
CVE-2007-0690
RESERVED
-CVE-2007-0689
- RESERVED
+CVE-2007-0689 (MyBB 1.2.4 allows remote attackers to obtain sensitive
information via ...)
+ TODO: check
CVE-2006-6968 (Cross-site scripting (XSS) vulnerability in the group
moderation ...)
NOT-FOR-US: Phorum
CVE-2006-6967 (Check Point FireWall-1 allows remote attackers to obtain
certificate ...)
@@ -5861,9 +6113,9 @@
RESERVED
CVE-2007-0245
RESERVED
-CVE-2007-0244
- RESERVED
+CVE-2007-0244 (pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd)
before ...)
{DSA-1288-1}
+ TODO: check
CVE-2007-0243 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE)
5.0 ...)
- sun-java5 1.5.0-10-1
CVE-2007-0242 (The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3
does ...)
@@ -5925,7 +6177,7 @@
NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server
side ...)
NOT-FOR-US: Oracle Application Server
-CVE-2007-0221 (IMAP support in Microsoft Exchange Server 2000 SP3 allows
remote ...)
+CVE-2007-0221 (Integer overflow in the IMAP (IMAP4) support in Microsoft
Exchange ...)
NOT-FOR-US: Microsoft
CVE-2007-0220 (Cross-site scripting (XSS) vulnerability in Outlook Web Access
(OWA) ...)
NOT-FOR-US: Microsoft
@@ -6568,7 +6820,7 @@
NOT-FOR-US: Panic Transmit
CVE-2007-0019 (Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1
and ...)
NOT-FOR-US: Maxum Rumpus
-CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile
ActiveX control ...)
+CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile
ActiveX ...)
NOT-FOR-US: NCTAudioFile2 ActiveX control
CVE-2007-0017 (Multiple format string vulnerabilities in (1) the
cdio_log_handler ...)
{DSA-1252-1}
@@ -14325,8 +14577,8 @@
NOTE: Only DoS possible, only root can trigger this -> non-issue
CVE-2006-3457 (Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and
the ...)
NOT-FOR-US: Symantec
-CVE-2006-3456
- RESERVED
+CVE-2006-3456 (The Symantec NAVOPTS.DLL ActiveX control (aka ...)
+ TODO: check
CVE-2006-3455 (The SAVRT.SYS device driver, as used in Symantec AntiVirus
Corporate ...)
NOT-FOR-US: Symantec
CVE-2006-3454 (Multiple format string vulnerabilities in Symantec AntiVirus
Corporate ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
