Author: joeyh
Date: 2007-05-22 09:14:08 +0000 (Tue, 22 May 2007)
New Revision: 5892
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-05-21 14:24:04 UTC (rev 5891)
+++ data/CVE/list 2007-05-22 09:14:08 UTC (rev 5892)
@@ -1,3 +1,169 @@
+CVE-2007-2797
+ RESERVED
+CVE-2007-2796
+ RESERVED
+CVE-2007-2795
+ RESERVED
+CVE-2007-2794
+ RESERVED
+CVE-2007-2793 (PHP remote file inclusion vulnerability in ImageImageMagick.php
in ...)
+ TODO: check
+CVE-2007-2792 (SQL injection vulnerability in index.php in the com_yanc 1.4
beta ...)
+ TODO: check
+CVE-2007-2791 (Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64
UNIX ...)
+ TODO: check
+CVE-2007-2790 (Cross-site scripting (XSS) vulnerability in shopcontent.asp in
VP-ASP ...)
+ TODO: check
+CVE-2007-2789 (The BMP image parser in Sun Java Development Kit (JDK) before
...)
+ TODO: check
+CVE-2007-2788 (Integer overflow in the embedded ICC profile image parser in
Sun Java ...)
+ TODO: check
+CVE-2007-2787 (Stack-based buffer overflow in the BrowseDir function in the
(1) ...)
+ TODO: check
+CVE-2007-2786 (Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows
remote ...)
+ TODO: check
+CVE-2007-2785 (manage-admins.php in eSyndiCat Pro 1.x allows remote attackers
to ...)
+ TODO: check
+CVE-2007-2784 (Unspecified vulnerability in globus-job-manager in Globus
Toolkit ...)
+ TODO: check
+CVE-2007-2783 (Unspecified vulnerability in Rational Soft Hidden Administrator
1.7 ...)
+ TODO: check
+CVE-2007-2782 (Packeteer PacketShaper uses fixed increments in TCP initial
sequence ...)
+ TODO: check
+CVE-2007-2781 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2007-2780 (PsychoStats 3.0.6b and earlier allows remote attackers to
obtain ...)
+ TODO: check
+CVE-2007-2779 (PHP remote file inclusion vulnerability in template_csv.php in
...)
+ TODO: check
+CVE-2007-2778 (Multiple directory traversal vulnerabilities in MolyX BOARD
2.5.0 ...)
+ TODO: check
+CVE-2007-2777 (Unrestricted file upload vulnerability in
admin/addsptemplate.php in ...)
+ TODO: check
+CVE-2007-2776 (AlstraSoft Template Seller Pro 3.25 and earlier sends a
redirect to ...)
+ TODO: check
+CVE-2007-2775 (AlstraSoft Live Support 1.21 sends a redirect to the web
browser but ...)
+ TODO: check
+CVE-2007-2774 (Multiple PHP remote file inclusion vulnerabilities in SunLight
CMS 5.3 ...)
+ TODO: check
+CVE-2007-2773 (SQL injection vulnerability in
plugins/mp3playlist/mp3playlist.php in ...)
+ TODO: check
+CVE-2007-2772 ((1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe
(catirpc.dll and ...)
+ TODO: check
+CVE-2007-2771 (Stack-based buffer overflow in the LEAD Technologies LeadTools
JPEG ...)
+ TODO: check
+CVE-2007-2770 (Stack-based buffer overflow in Eudora 7.1 allows user-assisted,
remote ...)
+ TODO: check
+CVE-2007-2769 (BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not
properly ...)
+ TODO: check
+CVE-2007-2768 (OpenSSH, when using OPIE (One-Time Passwords in Everything) for
PAM, ...)
+ TODO: check
+CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4
(Hydrax) ...)
+ TODO: check
+CVE-2007-2766 (Backup Manager before 0.7.6 provides the MySQL password as a
plaintext ...)
+ TODO: check
+CVE-2007-2765 (blockhosts.py in BlockHosts before 2.0.3 does not properly
parse ...)
+ TODO: check
+CVE-2007-2764 (The embedded Linux kernel in certain Sun-Brocade SilkWorm
switches ...)
+ TODO: check
+CVE-2007-2763 (Buffer overflow in the UnlockSupport function in the
LockModules ...)
+ TODO: check
+CVE-2007-2762 (Multiple PHP remote file inclusion vulnerabilities in Build it
Fast ...)
+ TODO: check
+CVE-2007-2761 (Stack-based buffer overflow in MagicISO 5.4 build 239 and
earlier ...)
+ TODO: check
+CVE-2007-2760 (The canUpdate function in model/MRole.java in Adempiere before
3.1.6 ...)
+ TODO: check
+CVE-2007-2759 (Multiple SQL injection vulnerabilities in the insert function
in the ...)
+ TODO: check
+CVE-2007-2758 (Multiple buffer overflows in WinImage 8.0.8000 allow
user-assisted ...)
+ TODO: check
+CVE-2007-2757 (Multiple cross-site scripting (XSS) vulnerabilities in Redoable
1.2 ...)
+ TODO: check
+CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted
...)
+ TODO: check
+CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in ...)
+ TODO: check
+CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype
2.3.4 and ...)
+ TODO: check
+CVE-2007-2753 (RunawaySoft Haber portal 1.0 stores sensitive information under
the ...)
+ TODO: check
+CVE-2007-2752 (SQL injection vulnerability in devami.asp in RunawaySoft Haber
portal ...)
+ TODO: check
+CVE-2007-2751 (Multiple PHP remote file inclusion vulnerabilities in
PHPGlossar 0.8 ...)
+ TODO: check
+CVE-2007-2750 (SQL injection vulnerability in print.php in SimpNews 2.40.01
and ...)
+ TODO: check
+CVE-2007-2749 (SQL injection vulnerability in question.php in FAQEngine
4.16.03 and ...)
+ TODO: check
+CVE-2007-2748 (The substr_count function in PHP 5.2.1 and earlier allows ...)
+ TODO: check
+CVE-2007-2747 (Directory traversal vulnerability in rdw_helpers.py in rdiffWeb
before ...)
+ TODO: check
+CVE-2007-2746 (The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm
in Plain ...)
+ TODO: check
+CVE-2007-2745 (Cross-site scripting (XSS) vulnerability in printcal.pl in
vDesk ...)
+ TODO: check
+CVE-2007-2744 (Stack-based buffer overflow in the PrecisionID Barcode 1.9
ActiveX ...)
+ TODO: check
+CVE-2007-2743 (PHP remote file inclusion vulnerability in custom_vars.php in
...)
+ TODO: check
+CVE-2007-2742 (Unrestricted file upload vulnerability in labs.beffa.org w2box
4.0.0 ...)
+ TODO: check
+CVE-2007-2741 (Stack-based buffer overflow in Little CMS (lmcs) before 1.15
allows ...)
+ TODO: check
+CVE-2007-2740 (Unspecified vulnerability in xajax before 0.2.5 has unknown
impact and ...)
+ TODO: check
+CVE-2007-2739 (Cross-site scripting (XSS) vulnerability in xajax before 0.2.5
allows ...)
+ TODO: check
+CVE-2007-2738 (SQL injection vulnerability in glossaire-p-f.php in the
Glossaire 1.7 ...)
+ TODO: check
+CVE-2007-2737 (SQL injection vulnerability in index.php in the MyConference
1.0 ...)
+ TODO: check
+CVE-2007-2736 (PHP remote file inclusion vulnerability in index.php in Achievo
1.1.0 ...)
+ TODO: check
+CVE-2007-2735 (SQL injection vulnerability in edit_day.php in the ResManager
1.2.1 ...)
+ TODO: check
+CVE-2007-2734 (The 3Com TippingPoint IPS do not properly handle certain
full-width ...)
+ TODO: check
+CVE-2007-2733 (Unrestricted file upload vulnerability in Jetbox CMS allows
remote ...)
+ TODO: check
+CVE-2007-2732 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox
CMS ...)
+ TODO: check
+CVE-2007-2731 (CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1
might ...)
+ TODO: check
+CVE-2007-2730 (Check Point ZoneAlarm Pro before 6.5.737.000 does not properly
test ...)
+ TODO: check
+CVE-2007-2729 (Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall
2.3.6.81, ...)
+ TODO: check
+CVE-2007-2728 (The soap extension in PHP calls php_rand_r with an
uninitialized seed ...)
+ TODO: check
+CVE-2007-2727 (The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP
before ...)
+ TODO: check
+CVE-2007-2726 (BitsCast 0.13.0 allows remote attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2007-2725 (The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX
control ...)
+ TODO: check
+CVE-2007-2724 (Cross-site scripting (XSS) vulnerability in all_photos.html in
fotolog ...)
+ TODO: check
+CVE-2007-2723 (Media Player Classic 6.4.9.0 allows user-assisted remote
attackers to ...)
+ TODO: check
+CVE-2007-2722 (Unspecified vulnerability in NewzCrawler 1.8 allows remote
attackers ...)
+ TODO: check
+CVE-2007-2721 (The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the
JasPer ...)
+ TODO: check
+CVE-2007-2720 (Group-Office before 2.16-13 does not properly validate user
IDs, which ...)
+ TODO: check
+CVE-2007-2719 (Session fixation vulnerability in HP Systems Insight Manager
(SIM) 4.2 ...)
+ TODO: check
+CVE-2007-2718 (Cross-site scripting (XSS) vulnerability in the WebMail system
in ...)
+ TODO: check
+CVE-2007-2717 (SQL injection vulnerability in shop/page.php in iGeneric (iG)
Shop 1.4 ...)
+ TODO: check
+CVE-2007-2716 (Multiple cross-site scripting (XSS) vulnerabilities in EQdkp
1.3.2c ...)
+ TODO: check
+CVE-2003-1329 (ftpd.c in wu-ftpd 2.6.2, when running on "operating
systems that only ...)
+ TODO: check
CVE-2007-2715 (Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers
to ...)
NOT-FOR-US: Snaps! Gallery
CVE-2007-2714 (Unspecified vulnerability in akismet.php in Matt Mullenweg
Akismet ...)
@@ -66,14 +232,14 @@
RESERVED
CVE-2007-2686
RESERVED
-CVE-2007-2685
- RESERVED
-CVE-2007-2684
- RESERVED
+CVE-2007-2685 (Multiple SQL injection vulnerabilities in index.php in Jetbox
CMS 2.1 ...)
+ TODO: check
+CVE-2007-2684 (Jetbox CMS 2.1 allows remote attackers to obtain sensitive
information ...)
+ TODO: check
CVE-2007-2683 (Buffer overflow in Mutt 1.4.2 might allow local users to
execute ...)
- mutt <unfixed> (low)
-CVE-2007-2682
- RESERVED
+CVE-2007-2682 (The installer for Adobe Version Cue CS3 Server on Apple Mac OS
X, as ...)
+ TODO: check
CVE-2007-2681 (Directory traversal vulnerability in blogs/index.php in
b2evolution ...)
TODO: check
CVE-2007-2680 (Cross-site scripting (XSS) vulnerability in the management
interface ...)
@@ -104,7 +270,7 @@
NOT-FOR-US: webdesproxy
CVE-2007-2667 (Buffer overflow in the DB Software Laboratory VImpX ActiveX
control in ...)
NOT-FOR-US: VImpX
-CVE-2007-2666 (Stack-based buffer overflow in SciLexer.dll in notepad++ 4.1.1
and ...)
+CVE-2007-2666 (Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in
Scintilla ...)
NOT-FOR-US: notepad++
CVE-2007-2665 (PHP remote file inclusion vulnerability in block.php in
PhpFirstPost ...)
NOT-FOR-US: PhpFirstPost
@@ -309,8 +475,8 @@
NOT-FOR-US: Wikivi5
CVE-2007-2569 (Multiple PHP remote file inclusion vulnerabilities in Friendly
1.0d1 ...)
NOT-FOR-US: Friendly
-CVE-2007-2568
- RESERVED
+CVE-2007-2568 (Multiple stack-based buffer overflows in VCDGear 3.55 allow ...)
+ TODO: check
CVE-2007-2567 (Buffer overflow in the SaveBarCode function in the Taltech Tal
Bar ...)
NOT-FOR-US: Taltech Tal Bar Code ActiveX control
CVE-2007-2566 (The SaveBarCode function in the Taltech Tal Bar Code ActiveX
control ...)
@@ -569,8 +735,7 @@
CVE-2007-2446 (Multiple heap-based buffer overflows in the NDR parsing in smbd
in ...)
{DSA-1291-2}
- samba 3.0.25-1 (high)
-CVE-2007-2445 [libpng tRNS Chunk Denial of Service]
- RESERVED
+CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before
1.0.25 and ...)
- libpng 1.2.15~beta5-2 (unimportant)
- libpng3 <unfixed> (unimportant)
NOTE: Only a crash, no code injection. Calling this DoS stretches
things rather far
@@ -581,12 +746,12 @@
RESERVED
CVE-2007-2442
RESERVED
-CVE-2007-2441
- RESERVED
-CVE-2007-2440
- RESERVED
-CVE-2007-2439
- RESERVED
+CVE-2007-2441 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and
earlier for ...)
+ TODO: check
+CVE-2007-2440 (Directory traversal vulnerability in Caucho Resin Professional
3.1.0 ...)
+ TODO: check
+CVE-2007-2439 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and
earlier for ...)
+ TODO: check
CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1)
writefile, ...)
- vim <unfixed> (medium)
NOTE: Exploitable through modelines.
@@ -1789,8 +1954,8 @@
- php5 5.2.0-11 (low)
CVE-2007-1899
RESERVED
-CVE-2007-1898
- RESERVED
+CVE-2007-1898 (formmail.php in Jetbox CMS 2.1 allows remote attackers to send
...)
+ TODO: check
CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress
2.1.2, ...)
{DSA-1285-1}
- wordpress 2.1.3-1 (medium)
@@ -2285,8 +2450,7 @@
NOTE: Vulnerability is disputed, but is a non-issue anyway.
CVE-2007-1694
RESERVED
-CVE-2007-1693
- RESERVED
+CVE-2007-1693 (The SIP channel module in Yet Another Telephony Engine (Yate)
before ...)
- yate 1.2.0-1.dfsg-1 (medium; bug #421994)
CVE-2007-1692 (The default configuration of Microsoft Windows uses the Web
Proxy ...)
NOT-FOR-US: Microsoft
@@ -2294,8 +2458,8 @@
NOT-FOR-US: Second Sight Software
CVE-2007-1690 (Multiple stack-based buffer overflows in Second Sight Software
...)
NOT-FOR-US: Second Sight Software
-CVE-2007-1689
- RESERVED
+CVE-2007-1689 (Buffer overflow in the ISAlertDataCOM ActiveX control in
ISLALERT.DLL ...)
+ TODO: check
CVE-2007-1688
RESERVED
CVE-2007-1687 (Multiple buffer overflows in the Internet Pictures Corporation
iPIX ...)
@@ -2685,7 +2849,7 @@
CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0
and ...)
{DSA-1283-1}
- php5 <unfixed> (medium)
-CVE-2007-1521 (Double free vulnerability in PHP before 4.4.7, and 5.x before
5.22, ...)
+CVE-2007-1521 (Double free vulnerability in PHP before 4.4.7, and 5.x before
5.2.2, ...)
{DSA-1283-1 DSA-1282-1}
- php5 5.2.0-11 (medium)
- php4 <unfixed> (medium)
@@ -3039,7 +3203,7 @@
NOTE: Only triggerable by malicious PHP scripts, PHP5 not "affected"
CVE-2007-1382 (The PHP COM extensions for PHP on Windows systems allow ...)
NOT-FOR-US: Windows PHP COM extensions
-CVE-2007-1381 (The wddx_deserialize function in wddx.c in PHP CVS as of
20070304 ...)
+CVE-2007-1381 (The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and ...)
- php5 <not-affected> (Affected only a php5 CVS version, not a release)
CVE-2007-1380 (The php_binary serialization handler in the session extension
in PHP ...)
{DSA-1283-1 DSA-1282-1}
@@ -3101,8 +3265,8 @@
- linux-2.6 2.6.20-1
CVE-2007-1356
RESERVED
-CVE-2007-1355
- RESERVED
+CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
CVE-2007-1354
RESERVED
CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support
in the ...)
@@ -3622,8 +3786,8 @@
NOT-FOR-US: WebAPP
CVE-2007-1174 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP
before ...)
NOT-FOR-US: WebAPP
-CVE-2007-1173
- RESERVED
+CVE-2007-1173 (Multiple buffer overflows in the CentennialIPTransferServer
service ...)
+ TODO: check
CVE-2007-1172 (SQL injection vulnerability in nukesentinel.php in NukeSentinel
...)
NOT-FOR-US: WebAPP
CVE-2007-1171 (SQL injection vulnerability in includes/nsbypass.php in
NukeSentinel ...)
@@ -6808,7 +6972,7 @@
RESERVED
CVE-2007-0036
RESERVED
-CVE-2007-0035 (Microsoft Word 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004
for ...)
+CVE-2007-0035 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3,
2003 SP2, ...)
NOT-FOR-US: Microsoft Word
CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of
...)
NOT-FOR-US: Microsoft Outlook
@@ -8253,7 +8417,7 @@
NOT-FOR-US: Expinion.net iNews
CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs
file, ...)
- fail2ban <not-affected> (looks fixed in 0.6, see #401793)
-CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd logs file, which
allows ...)
+CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd log files, which
allows ...)
- denyhosts 2.6-1 (medium; bug #401795)
CVE-2006-6273 (sp_index.php in Simple PHP Gallery 1.1 allows remote attackers
to ...)
NOT-FOR-US: Simple PHP Gallery
@@ -37981,7 +38145,7 @@
- phpbb2 2.0.12-1
CVE-2005-0257
RESERVED
-CVE-2005-0256 (The wu_fnmatch function in wu_fnmatch.c for wu-fptd 2.6.1 and
2.6.2 ...)
+CVE-2005-0256 (The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and
2.6.2 ...)
{DSA-705-1}
- wu-ftpd 2.6.2-19
CVE-2005-0255 (String handling functions in Mozilla 1.7.3, Firefox 1.0, and
...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
