Author: joeyh
Date: 2007-06-08 21:14:08 +0000 (Fri, 08 Jun 2007)
New Revision: 5983
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-06-08 18:04:03 UTC (rev 5982)
+++ data/CVE/list 2007-06-08 21:14:08 UTC (rev 5983)
@@ -1,3 +1,329 @@
+CVE-2007-3129
+ RESERVED
+CVE-2007-3128
+ RESERVED
+CVE-2007-3127
+ RESERVED
+CVE-2007-3126 (Gimp 2.3.14 allows context-dependent attackers to cause a
denial of ...)
+ TODO: check
+CVE-2007-3125 (Format string vulnerability in the inputAnswer function in
file.c in ...)
+ TODO: check
+CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup
utility) in ...)
+ TODO: check
+CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before
0.91rc1 ...)
+ TODO: check
+CVE-2007-3122 (The parsing engine in ClamAV before 0.90.3 and 0.91 before
0.91rc1 ...)
+ TODO: check
+CVE-2007-3121 (Buffer overflow in the CCdecode function in contrib/ntsc-cc.c
in the ...)
+ TODO: check
+CVE-2007-3120 (Cross-site scripting (XSS) vulnerability in
public/code/cp_dpage.php ...)
+ TODO: check
+CVE-2007-3119 (SQL injection vulnerability in news.asp in Kartli Alisveris
Sistemi ...)
+ TODO: check
+CVE-2007-3118 (Multiple PHP remote file inclusion vulnerabilities in Kravchuk
letter ...)
+ TODO: check
+CVE-2007-3117 (Cross-site scripting (XSS) vulnerability in the SEO module in
ADPLAN 3 ...)
+ TODO: check
+CVE-2007-3116 (Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05
allows ...)
+ TODO: check
+CVE-2007-3115 (Multiple memory leaks in server/MaraDNS.c in MaraDNS before
1.2.12.06, ...)
+ TODO: check
+CVE-2007-3114 (Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05,
and 1.3.x ...)
+ TODO: check
+CVE-2007-3113 (Cacti 0.8.6i, and possibly other versions, allows remote
authenticated ...)
+ TODO: check
+CVE-2007-3112 (Cacti 0.8.6i, and possibly other versions, allows remote
authenticated ...)
+ TODO: check
+CVE-2007-3111 (Buffer overflow in the Provideo Camimage ActiveX control in ...)
+ TODO: check
+CVE-2007-3110 (Cross-site scripting (XSS) vulnerability in the Andy Frank
Beatnik 1.0 ...)
+ TODO: check
+CVE-2007-3109 (The CERN Image Map Dispatcher (htimage.exe) in Microsoft
FrontPage ...)
+ TODO: check
+CVE-2007-3108
+ RESERVED
+CVE-2007-3107
+ RESERVED
+CVE-2007-3106
+ RESERVED
+CVE-2007-3105
+ RESERVED
+CVE-2007-3104
+ RESERVED
+CVE-2007-3103
+ RESERVED
+CVE-2007-3102
+ RESERVED
+CVE-2007-3101
+ RESERVED
+CVE-2007-3100
+ RESERVED
+CVE-2007-3099
+ RESERVED
+CVE-2007-3098 (The SNMPc Server (crserv.exe) process in Castle Rock Computing
SNMPc ...)
+ TODO: check
+CVE-2007-3097 (my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote
attackers ...)
+ TODO: check
+CVE-2007-3096 (Directory traversal vulnerability in login.php in PBLang (PBL)
...)
+ TODO: check
+CVE-2007-3095 (Unspecified vulnerability in Symantec Reporting Server
1.0.197.0, and ...)
+ TODO: check
+CVE-2007-3094 (Unspecified vulnerability in the authentication mechanism in
Solaris ...)
+ TODO: check
+CVE-2007-3093 (Unspecified vulnerability in the logging mechanism in Solaris
...)
+ TODO: check
+CVE-2007-3092 (Microsoft Internet Explorer 6 allows remote attackers to spoof
the URL ...)
+ TODO: check
+CVE-2007-3091 (Race condition in Microsoft Internet Explorer 6 and 7 allows
remote ...)
+ TODO: check
+CVE-2007-3090 (Mozilla Firefox does not properly manage a delay timer used in
...)
+ TODO: check
+CVE-2007-3089 (Mozilla Firefox does not prevent use of document.write to
replace an ...)
+ TODO: check
+CVE-2007-3088 (SQL injection vulnerability in index.php in Comicsense allows
remote ...)
+ TODO: check
+CVE-2007-3087 (Peercast places a cleartext password in a query string, which
might ...)
+ TODO: check
+CVE-2007-3086 (Unrestricted critical resource lock in Agnitum Outpost Firewall
PRO ...)
+ TODO: check
+CVE-2007-3085 (Multiple PHP remote file inclusion vulnerabilities in PBSite
allow ...)
+ TODO: check
+CVE-2007-3084 (PHP remote file inclusion vulnerability in sampleblogger.php in
Comdev ...)
+ TODO: check
+CVE-2007-3083 (Z-Blog 1.7 stores sensitive information under the web root with
...)
+ TODO: check
+CVE-2007-3082 (Directory traversal vulnerability in sendcard.php in Sendcard
3.4.1 ...)
+ TODO: check
+CVE-2007-3081 (PHP remote file inclusion vulnerability in sampleecommerce.php
in ...)
+ TODO: check
+CVE-2007-3080 (SQL injection vulnerability in haberoku.asp in Hunkaray Okul
Portaly ...)
+ TODO: check
+CVE-2007-3079 (listmembers.php in EQdkp 1.3.2c and earlier allows remote
attackers to ...)
+ TODO: check
+CVE-2007-3078 (Multiple cross-site scripting (XSS) vulnerabilities in Aigaion
before ...)
+ TODO: check
+CVE-2007-3077 (SQL injection vulnerability in listmembers.php in EQdkp 1.3.2
and ...)
+ TODO: check
+CVE-2007-3076 (A certain ActiveX control in sasatl.dll in Zenturi
ProgramChecker ...)
+ TODO: check
+CVE-2007-3075 (Directory traversal vulnerability in Microsoft Internet
Explorer ...)
+ TODO: check
+CVE-2007-3074 (Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to
read ...)
+ TODO: check
+CVE-2007-3073 (Directory traversal vulnerability in Mozilla Firefox 2.0.0.4
and ...)
+ TODO: check
+CVE-2007-3072 (Directory traversal vulnerability in Mozilla Firefox before
2.0.0.4 on ...)
+ TODO: check
+CVE-2007-3071 (Buffer overflow in the GetWebStoreURL function in a certain
ActiveX ...)
+ TODO: check
+CVE-2007-3070 (Cross-site scripting (XSS) vulnerability in index.php in
BDigital Web ...)
+ TODO: check
+CVE-2007-3069 (xscreensaver in Sun Solaris 10 before 20070604, when a GNOME
session ...)
+ TODO: check
+CVE-2007-3068 (Stack-based buffer overflow in DVD X Player 4.1 Professional
allows ...)
+ TODO: check
+CVE-2007-3067 (Cross-site scripting (XSS) vulnerability in the Attunement and
Key ...)
+ TODO: check
+CVE-2007-3066 (Multiple PHP remote file inclusion vulnerabilities in
php(Reactor) ...)
+ TODO: check
+CVE-2007-3065 (SQL injection vulnerability in viewimage.php in Particle Soft
Particle ...)
+ TODO: check
+CVE-2007-3064 (Cross-site scripting (XSS) vulnerability in diary.php in My
Databook ...)
+ TODO: check
+CVE-2007-3063 (SQL injection vulnerability in diary.php in My Databook allows
remote ...)
+ TODO: check
+CVE-2007-3062 (Cross-site scripting (XSS) vulnerability in HP System
Management ...)
+ TODO: check
+CVE-2007-3061 (Cactushop 6 and earlier stores sensitive information under the
web ...)
+ TODO: check
+CVE-2007-3060 (Multiple cross-site scripting (XSS) vulnerabilities in PHP
Live! 3.2.2 ...)
+ TODO: check
+CVE-2007-3059 (SendCard 3.3.0 allows remote attackers to obtain sensitive
information ...)
+ TODO: check
+CVE-2007-3058 (Multiple PHP remote file inclusion vulnerabilities in Madirish
Webmail ...)
+ TODO: check
+CVE-2007-3057 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-3056 (Cross-site scripting (XSS) vulnerability in filedetails.php in
WebSVN ...)
+ TODO: check
+CVE-2007-3055 (Cross-site scripting (XSS) vulnerability in index.php in
Codelib ...)
+ TODO: check
+CVE-2007-3054 (Cross-site scripting (XSS) vulnerability in search.php in
Codelib ...)
+ TODO: check
+CVE-2007-3053 (Session fixation vulnerability in Calimero.CMS 3.3.1232 and
earlier ...)
+ TODO: check
+CVE-2007-3052 (SQL injection vulnerability in index.php in the PNphpBB2 1.2i
and ...)
+ TODO: check
+CVE-2007-3051 (SQL injection vulnerability in inc/class_users.php in
RevokeSoft ...)
+ TODO: check
+CVE-2007-3050 (Session fixation vulnerability in chameleon cms 3.0 and earlier
allows ...)
+ TODO: check
+CVE-2007-3049 (Cross-site scripting (XSS) vulnerability in index.php in
Buttercup web ...)
+ TODO: check
+CVE-2007-3048 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-3047 (The Vonage VoIP Telephone Adapter has a default administrator
username ...)
+ TODO: check
+CVE-2007-3046 (Buffer overflow in Advanced Software Production Line Vortex
Library ...)
+ TODO: check
+CVE-2007-3045 (Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on
...)
+ TODO: check
+CVE-2007-3044 (Unspecified vulnerability in the Map I/O Service (xpwmap) in
Hitachi ...)
+ TODO: check
+CVE-2007-3043 (Cross-site scripting (XSS) vulnerability in Collaboration -
File ...)
+ TODO: check
+CVE-2007-3042 (Cross-site scripting (XSS) vulnerability in Meneame before 2
allows ...)
+ TODO: check
+CVE-2007-3041
+ RESERVED
+CVE-2007-3040
+ RESERVED
+CVE-2007-3039
+ RESERVED
+CVE-2007-3038
+ RESERVED
+CVE-2007-3037
+ RESERVED
+CVE-2007-3036
+ RESERVED
+CVE-2007-3035
+ RESERVED
+CVE-2007-3034
+ RESERVED
+CVE-2007-3033
+ RESERVED
+CVE-2007-3032
+ RESERVED
+CVE-2007-3031
+ RESERVED
+CVE-2007-3030
+ RESERVED
+CVE-2007-3029
+ RESERVED
+CVE-2007-3028
+ RESERVED
+CVE-2007-3027
+ RESERVED
+CVE-2007-3026
+ RESERVED
+CVE-2007-3025 (Unspecified vulnerability in libclamav/phishcheck.c in ClamAV
before ...)
+ TODO: check
+CVE-2007-3024 (libclamav/others.c in ClamAV before 0.90.3 and 0.91 before
0.91rc1 ...)
+ TODO: check
+CVE-2007-3023 (unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not
...)
+ TODO: check
+CVE-2007-3022 (Symantec Reporting Server 1.0.197.0, and other versions before
...)
+ TODO: check
+CVE-2007-3021 (Symantec Reporting Server 1.0.197.0, and other versions before
...)
+ TODO: check
+CVE-2007-3020
+ RESERVED
+CVE-2007-3019
+ RESERVED
+CVE-2007-3018
+ RESERVED
+CVE-2007-3017
+ RESERVED
+CVE-2007-3016
+ RESERVED
+CVE-2007-3015
+ RESERVED
+CVE-2007-3014
+ RESERVED
+CVE-2007-3013
+ RESERVED
+CVE-2007-3012
+ RESERVED
+CVE-2007-3011
+ RESERVED
+CVE-2007-3010
+ RESERVED
+CVE-2007-3009 (Format string vulnerability in the MprLogToFile::logEvent
function in ...)
+ TODO: check
+CVE-2007-3008 (Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method,
which has ...)
+ TODO: check
+CVE-2007-3007 (PHP 5 before 5.2.3 does not enforce the open_basedir or
safe_mode ...)
+ TODO: check
+CVE-2007-3006 (Buffer overflow in Acoustica MP3 CD Burner 4.32 allows
user-assisted ...)
+ TODO: check
+CVE-2007-3005 (Unspecified vulnerability in the Sun Java Runtime Environment
in JDK ...)
+ TODO: check
+CVE-2007-3004 (Buffer overflow in the image parsing implementation in the Sun
Java ...)
+ TODO: check
+CVE-2007-3003 (Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and
earlier ...)
+ TODO: check
+CVE-2007-3002 (PHP JackKnife (PHPJK) allows remote attackers to obtain
sensitive ...)
+ TODO: check
+CVE-2007-3001 (Multiple cross-site scripting (XSS) vulnerabilities in PHP
JackKnife ...)
+ TODO: check
+CVE-2007-3000 (Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK)
allow ...)
+ TODO: check
+CVE-2007-2999 (Microsoft Windows Server 2003, when time restrictions are in
effect ...)
+ TODO: check
+CVE-2007-2998 (The Pascal run-time library (PAS$RTL.EXE) before 20070418 on
OpenVMS ...)
+ TODO: check
+CVE-2007-2997 (Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp
in ...)
+ TODO: check
+CVE-2007-2996 (Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95
on IBM ...)
+ TODO: check
+CVE-2007-2995 (Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0
and ...)
+ TODO: check
+CVE-2007-2994 (SQL injection vulnerability in news.php in DGNews 2.1 allows
remote ...)
+ TODO: check
+CVE-2007-2993 (Multiple cross-site scripting (XSS) vulnerabilities in
OmegaMw7.asp in ...)
+ TODO: check
+CVE-2007-2992 (Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA
(aka ...)
+ TODO: check
+CVE-2007-2991 (Cross-site scripting (XSS) vulnerability in
includes/send.inc.php in ...)
+ TODO: check
+CVE-2007-2990 (Unspecified vulnerability in inetd in Sun Solaris 10 before
20070529 ...)
+ TODO: check
+CVE-2007-2989 (The libike library in Sun Solaris 9 before 20070529 contains a
logic ...)
+ TODO: check
+CVE-2007-2988 (A certain admin script in Inout Meta Search Engine sends a
redirect to ...)
+ TODO: check
+CVE-2007-2987 (Multiple buffer overflows in certain ActiveX controls in
sasatl.dll in ...)
+ TODO: check
+CVE-2007-2986 (PHP remote file inclusion vulnerability in
lib/live_status.lib.php in ...)
+ TODO: check
+CVE-2007-2985 (Pheap 2.0 allows remote attackers to bypass authentication by
setting ...)
+ TODO: check
+CVE-2007-2984 (Multiple stack-based buffer overflows in the Media Technology
Group ...)
+ TODO: check
+CVE-2007-2982 (Multiple buffer overflows in the British Telecommunications
Business ...)
+ TODO: check
+CVE-2007-2981 (Buffer overflow in a certain ActiveX control in LEAD
Technologies ...)
+ TODO: check
+CVE-2007-2980 (Heap-based buffer overflow in a certain ActiveX control in
LEADTOOLS ...)
+ TODO: check
+CVE-2007-2979 (Techno Dreams Web Directory / Search Engine 2.0 stores
sensitive ...)
+ TODO: check
+CVE-2007-2978 (Session fixation vulnerability in eggblog 3.1.0 and earlier
allows ...)
+ TODO: check
+CVE-2007-2977 (Buffer overflow in the receive function in
submit/submitcommon.c in ...)
+ TODO: check
+CVE-2007-2976 (Centrinity FirstClass 8.3 and earlier, and Server and Internet
...)
+ TODO: check
+CVE-2007-2975 (Unspecified vulnerability in the built-in admin console in
Ignite ...)
+ TODO: check
+CVE-2007-2974 (Buffer overflow in the file parsing engine in Avira Antivir
Antivirus ...)
+ TODO: check
+CVE-2007-2973 (Avira Antivir Antivirus before 7.03.00.09 allows remote
attackers to ...)
+ TODO: check
+CVE-2007-2972 (The file parsing engine in Avira Antivir Antivirus before
7.04.00.24 ...)
+ TODO: check
+CVE-2007-2971 (SQL injection vulnerability in getnewsitem.php in gCards 1.46
and ...)
+ TODO: check
+CVE-2007-2970 (Multiple cross-site scripting (XSS) vulnerabilities in
cgi/block.cgi ...)
+ TODO: check
+CVE-2007-2969 (PHP remote file inclusion vulnerability in newsletter.php in
...)
+ TODO: check
+CVE-2007-2968 (Cross-site scripting (XSS) vulnerability in register.php in
cpCommerce ...)
+ TODO: check
+CVE-2005-4840 (The Outlook Express Address Book control, when using Internet
Explorer ...)
+ TODO: check
+CVE-2000-1243 (Privacy leak in Dansie Shopping Cart 3.04, and probably earlier
...)
+ TODO: check
CVE-2007-XXXX [wordpress SQL injection]
- wordpress <unfixed> (bug #428073)
CVE-2007-XXXX [webpy HTTP response splitting vulnerability]
@@ -46,8 +372,7 @@
RESERVED
CVE-2007-2949
RESERVED
-CVE-2007-2948 [stack overflow in mplayer cddb queries]
- RESERVED
+CVE-2007-2948 (Multiple stack-based buffer overflows in stream/stream_cddb.c
in ...)
- mplayer 1.0~rc1-14
CVE-2007-2947 (Multiple PHP remote file inclusion vulnerabilities in OpenBASE
Alpha ...)
NOT-FOR-US: OpenBASE Alpha
@@ -105,12 +430,12 @@
RESERVED
CVE-2007-2920
RESERVED
-CVE-2007-2919
- RESERVED
-CVE-2007-2918
- RESERVED
-CVE-2007-2917
- RESERVED
+CVE-2007-2919 (Multiple stack-based buffer overflows in the FViewerLoading
ActiveX ...)
+ TODO: check
+CVE-2007-2918 (Multiple stack-based buffer overflows in ActiveX controls (1)
VibeC in ...)
+ TODO: check
+CVE-2007-2917 (Multiple buffer overflows in a certain ActiveX control in
odapi.dll in ...)
+ TODO: check
CVE-2007-2916 (Cross-site scripting (XSS) vulnerability in showown.php in GMTT
Music ...)
NOT-FOR-US: GMTT Music Distro
CVE-2007-2915 (Cross-site scripting (XSS) vulnerability in RM EasyMail Plus
allows ...)
@@ -199,8 +524,7 @@
RESERVED
CVE-2007-2873
RESERVED
-CVE-2007-2872 [php5 chunk_split() integer overflow]
- RESERVED
+CVE-2007-2872 (Multiple integer overflows in the chunk_split function in PHP 5
before ...)
- php5 <unfixed>
NOTE: Fix from 5.2.3 was ineffective
CVE-2007-2871 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4,
and ...)
@@ -232,10 +556,10 @@
NOT-FOR-US: PHPEcho CMS
CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in
phpPgAdmin ...)
- phppgadmin 4.1.2-1 (low; bug #427151)
-CVE-2007-2864
- RESERVED
-CVE-2007-2863
- RESERVED
+CVE-2007-2864 (Stack-based buffer overflow in the Anti-Virus engine before
content ...)
+ TODO: check
+CVE-2007-2863 (Stack-based buffer overflow in the Anti-Virus engine before
content ...)
+ TODO: check
CVE-2007-2862 (Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might
allow ...)
NOT-FOR-US: CubeCart
CVE-2007-2861 (Multiple PHP remote file inclusion vulnerabilities in Simple
...)
@@ -988,12 +1312,12 @@
RESERVED
CVE-2007-2515
RESERVED
-CVE-2007-2514
- RESERVED
-CVE-2007-2513
- RESERVED
-CVE-2007-2512
- RESERVED
+CVE-2007-2514 (Stack-based buffer overflow in XferWan.exe as used in multiple
...)
+ TODO: check
+CVE-2007-2513 (Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before
6.5 ...)
+ TODO: check
+CVE-2007-2512 (Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise
7.0 and ...)
+ TODO: check
CVE-2007-2511 (Buffer overflow in the user_filter_factory_create function in
PHP ...)
{DTSA-39-1}
- php5 5.2.2-1 (unimportant)
@@ -1125,8 +1449,7 @@
NOT-FOR-US: Parallels
CVE-2007-2453
RESERVED
-CVE-2007-2452 [locate heap buffer overflow]
- RESERVED
+CVE-2007-2452 (Heap-based buffer overflow in the visit_old_format function in
...)
- findutils 4.2.31-1 (low; bug #426862)
CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in
GEODE-AES ...)
- linux-2.6 2.6.21-3
@@ -1213,8 +1536,8 @@
NOTE: SSO cookies sent over secure connections do not require
NOTE: secure connections, possibly defeating HTTPS encryption.
NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
-CVE-2007-2419
- RESERVED
+CVE-2007-2419 (Multiple buffer overflows in an ActiveX control (boisweb.dll)
in ...)
+ TODO: check
CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible
Messaging ...)
NOT-FOR-US: Cerulean Trillian
CVE-2007-2417
@@ -1275,10 +1598,10 @@
NOT-FOR-US: Apple
CVE-2007-2389 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not
clear ...)
NOT-FOR-US: Apple
-CVE-2007-2388 (Unspecified vulnerability in Apple QuickTime for Java 7.1.6 on
Mac OS ...)
+CVE-2007-2388 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not
...)
NOT-FOR-US: Apple
-CVE-2007-2387
- RESERVED
+CVE-2007-2387 (Apple Xserve Lights-Out Management before Firmware Update 1.0
on Intel ...)
+ TODO: check
CVE-2007-2386 (Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to
10.4.9 ...)
TODO: check
CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object
...)
@@ -1534,8 +1857,8 @@
RESERVED
CVE-2007-2280
RESERVED
-CVE-2007-2279
- RESERVED
+CVE-2007-2279 (The Scheduler Service (VxSchedService.exe) in Symantec Storage
...)
+ TODO: check
CVE-2007-2278 (Multiple PHP remote file inclusion vulnerabilities in
DCP-Portal 6.1.1 ...)
NOT-FOR-US: DCP-Portal
CVE-2007-2277 (Session fixation vulnerability in Plogger allows remote
attackers to ...)
@@ -1631,8 +1954,8 @@
NOT-FOR-US: AXIS Camera Control
CVE-2007-2238
RESERVED
-CVE-2007-2237
- RESERVED
+CVE-2007-2237 (Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll)
allows ...)
+ TODO: check
CVE-2007-2236 (footer.php in PunBB 1.2.14 and earlier allows remote attackers
to ...)
NOT-FOR-US: PunBB
CVE-2007-2235 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB
1.2.14 ...)
@@ -2000,7 +2323,7 @@
NOT-FOR-US: ActionPoll
CVE-2007-2064 (Multiple PHP remote file inclusion vulnerabilities in Robert
...)
NOT-FOR-US: ActionPoll
-CVE-2007-2063 (SSH Tectia Server for IBM z/OS before 5.4.0, when
_BPX_BATCH_UMASK is ...)
+CVE-2007-2063 (SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure ...)
NOT-FOR-US: IBM zOS
CVE-2007-2062 (Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA
allows ...)
NOT-FOR-US: VCDGear
@@ -2426,7 +2749,7 @@
RESERVED
CVE-2007-1874 (Adobe ColdFusion MX 7 for Linux and Solaris uses insecure
permissions ...)
NOT-FOR-US: Adobe ColdFusion MX
-CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in mephisto 0.7.3
allows ...)
+CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3
allows ...)
NOT-FOR-US: mephisto
CVE-2007-1872 (Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3
allows ...)
NOT-FOR-US: toendaCMS
@@ -2449,8 +2772,8 @@
- php5 5.2.2-1
CVE-2007-1863
RESERVED
-CVE-2007-1862
- RESERVED
+CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4
does not ...)
+ TODO: check
CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux
Kernel ...)
{DSA-1289-1}
- linux-2.6 2.6.21-1
@@ -2686,7 +3009,8 @@
NOT-FOR-US: Ay System Solutions Web Content System
CVE-2007-1770 (Buffer overflow in the ArcSDE service (giomgr) in Environmental
...)
NOT-FOR-US: ArcSDE
-CVE-2007-1769 (Cross-site scripting (XSS) vulnerability in /search in Mephisto
0.7.3 ...)
+CVE-2007-1769
+ REJECTED
NOT-FOR-US: Mephisto
CVE-2007-1768 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Mephisto
@@ -3074,8 +3398,8 @@
NOT-FOR-US: NFN Address Book
CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in
Asterisk ...)
- asterisk <unfixed> (low)
-CVE-2007-1593
- RESERVED
+CVE-2007-1593 (The administrative service in Symantec Veritas Volume
Replicator (VVR) ...)
+ TODO: check
CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...)
{DSA-1286-1}
- linux-2.6 2.6.20-1 (medium)
@@ -4820,7 +5144,7 @@
CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and
1.x ...)
- iceweasel 2.0.0.2+dfsg-2 (medium)
CVE-2007-0993
- RESERVED
+ REJECTED
CVE-2007-0992
RESERVED
CVE-2007-0991
@@ -4952,8 +5276,8 @@
RESERVED
CVE-2007-0934
RESERVED
-CVE-2007-0933
- RESERVED
+CVE-2007-0933 (Buffer overflow in the wireless driver 6.0.0.18 for D-Link
DWL-G650+ ...)
+ TODO: check
CVE-2007-0932 (The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and
(2) ...)
NOT-FOR-US: Aruba Mobility Controller
CVE-2007-0931 (Heap-based buffer overflow in the management interfaces in (1)
Aruba ...)
@@ -7201,10 +7525,10 @@
RESERVED
CVE-2007-0069
RESERVED
-CVE-2007-0068
- RESERVED
-CVE-2007-0067
- RESERVED
+CVE-2007-0068 (IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the
signature ...)
+ TODO: check
+CVE-2007-0067 (Unspecified vulnerability in the Lotus Domino Web Server 6.0,
6.5.x ...)
+ TODO: check
CVE-2007-0066
RESERVED
CVE-2007-0065
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
