Author: joeyh
Date: 2007-06-27 09:14:24 +0000 (Wed, 27 Jun 2007)
New Revision: 6064
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-06-26 18:02:58 UTC (rev 6063)
+++ data/CVE/list 2007-06-27 09:14:24 UTC (rev 6064)
@@ -1,21 +1,185 @@
-CVE-2007-3389 [wireshark 1]
+CVE-2007-3455 (cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan
...)
+ TODO: check
+CVE-2007-3454 (Buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend
Micro ...)
+ TODO: check
+CVE-2007-3453 (SQL injection vulnerability in Papoo 3.6, and possibly earlier,
allows ...)
+ TODO: check
+CVE-2007-3452 (SQL injection vulnerability in essentials/minutes/doc.php in
eDocStore ...)
+ TODO: check
+CVE-2007-3451 (PHP remote file inclusion vulnerability in admin/index.php in
6ALBlog ...)
+ TODO: check
+CVE-2007-3450 (SQL injection vulnerability in member.php in 6ALBlog allows
remote ...)
+ TODO: check
+CVE-2007-3449 (SQL injection vulnerability in member.php in 6ALBlog allows
remote ...)
+ TODO: check
+CVE-2007-3448 (Cross-site scripting (XSS) vulnerability in index.php in
BugMall ...)
+ TODO: check
+CVE-2007-3447 (SQL injection vulnerability in BugMall Shopping Cart 2.5 and
earlier ...)
+ TODO: check
+CVE-2007-3446 (BugMall Shopping Cart 2.5 and earlier has a default username
"demo" ...)
+ TODO: check
+CVE-2007-3445 (Buffer overflow in SJ Labs SJphone 1.60.303c, running under
Windows ...)
+ TODO: check
+CVE-2007-3444 (The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83
allows ...)
+ TODO: check
+CVE-2007-3443 (The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle
108 does ...)
+ TODO: check
+CVE-2007-3442 (Format string vulnerability on the Research in Motion
BlackBerry 7270 ...)
+ TODO: check
+CVE-2007-3441 (Format string vulnerability in the Aastra 9112i SIP Phone with
...)
+ TODO: check
+CVE-2007-3440 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP
6.2.3, ...)
+ TODO: check
+CVE-2007-3439 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP
6.2.3, ...)
+ TODO: check
+CVE-2007-3438 (Buffer overflow in the SIP header parsing module in the Nortel
PC ...)
+ TODO: check
+CVE-2007-3437 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows
remote ...)
+ TODO: check
+CVE-2007-3436 (Microsoft MSN Messenger 4.7 on Windows XP allows remote
attackers to ...)
+ TODO: check
+CVE-2007-3435 (Stack-based buffer overflow in the BeginPrint method in a
certain ...)
+ TODO: check
+CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote
attackers to ...)
+ TODO: check
+CVE-2007-3433 (SQL injection vulnerability in index.php in Pharmacy System 2
and ...)
+ TODO: check
+CVE-2007-3432 (Unrestricted file upload vulnerability in admin/images.php in
Pluxml ...)
+ TODO: check
+CVE-2007-3431 (PHP remote file inclusion vulnerability in cal.func.php in
Valerio ...)
+ TODO: check
+CVE-2007-3430 (SQL injection vulnerability in index.php in Simple Invoices
2007 05 25 ...)
+ TODO: check
+CVE-2007-3429 (Unrestricted file upload vulnerability in signup.php in e107
0.7.8 and ...)
+ TODO: check
+CVE-2007-3428 (Multiple unspecified vulnerabilities in phpTrafficA before
1.4.2 allow ...)
+ TODO: check
+CVE-2007-3427 (SQL injection vulnerability in index.php in phpTrafficA 1.4.2
and ...)
+ TODO: check
+CVE-2007-3426 (Cross-site scripting (XSS) vulnerability in index.php in
phpTrafficA ...)
+ TODO: check
+CVE-2007-3425 (Directory traversal vulnerability in index.php in phpTrafficA
1.4.2 ...)
+ TODO: check
+CVE-2007-3424 (The moveim function in cgi-bin/cgi-lib/instantmessage.pl in ...)
+ TODO: check
+CVE-2007-3423 (cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before
0.9.9.7 ...)
+ TODO: check
+CVE-2007-3422 (The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org
WebAPP ...)
+ TODO: check
+CVE-2007-3421 (The (1) login, (2) admin profile edit, (3) reminder, (4) edit
profile, ...)
+ TODO: check
+CVE-2007-3420 (The Random Cookie Password functionality in the loaduser
function in ...)
+ TODO: check
+CVE-2007-3419 (The editprofile3 function in cgi-bin/cgi-lib/user.pl in
web-app.org ...)
+ TODO: check
+CVE-2007-3418 (The displaypost function in cgi-bin/cgi-lib/forum_display.pl in
...)
+ TODO: check
+CVE-2007-3417 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2007-3416 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+ TODO: check
+CVE-2007-3415 (Multiple SQL injection vulnerabilities in index.php in
phpRaider 1.0.0 ...)
+ TODO: check
+CVE-2007-3414 (Multiple cross-site scripting (XSS) vulnerabilities in
access2asp 4.5 ...)
+ TODO: check
+CVE-2007-3413 (Multiple cross-site scripting (XSS) vulnerabilities in
bosDataGrid ...)
+ TODO: check
+CVE-2007-3412 (Cross-site scripting (XSS) vulnerability in edit_image.asp in
...)
+ TODO: check
+CVE-2007-3411 (SQL injection vulnerability in edit_image.asp in ClickGallery
Server ...)
+ TODO: check
+CVE-2007-3410 (Buffer overflow in the wallclock functionality ...)
+ TODO: check
+CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to
cause ...)
+ TODO: check
+CVE-2007-3408 (Multiple unspecified vulnerabilities in Dia before 0.96.1-6
have ...)
+ TODO: check
+CVE-2007-3407 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote
attackers to ...)
+ TODO: check
+CVE-2007-3406 (Multiple absolute path traversal vulnerabilities in Microsoft
Internet ...)
+ TODO: check
+CVE-2007-3405 (Multiple cross-site scripting (XSS) vulnerabilities in
defter_yaz.asp ...)
+ TODO: check
+CVE-2007-3404 (Directory traversal vulnerability in ShowImage.php in SiteDepth
CMS ...)
+ TODO: check
+CVE-2007-3403 (Unrestricted file upload vulnerability in upload.php in
dreamLog (aka ...)
+ TODO: check
+CVE-2007-3402 (SQL injection vulnerability in index.php in pagetool 1.07
allows ...)
+ TODO: check
+CVE-2007-3401 (PHP remote file inclusion vulnerability in footer.inc.php in
B1G b1gBB ...)
+ TODO: check
+CVE-2007-3400 (The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll
2.6.2.157 ...)
+ TODO: check
+CVE-2007-3399 (SQL injection vulnerability in include/get_userdata.php in
Power ...)
+ TODO: check
+CVE-2007-3398 (LiteWEB 2.7 allows remote attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2007-3397 (The web container in IBM WebSphere Application Server (WAS)
before ...)
+ TODO: check
+CVE-2007-3396 (Cross-site scripting (XSS) vulnerability in index.wkf in
KeyFocus (KF) ...)
+ TODO: check
+CVE-2007-3395 (Directory traversal vulnerability in session.rb in Hiki 0.8.0
through ...)
+ TODO: check
+CVE-2007-3394 (Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow
remote ...)
+ TODO: check
+CVE-2007-3388
+ RESERVED
+CVE-2007-3387
+ RESERVED
+CVE-2007-3386
+ RESERVED
+CVE-2007-3385
+ RESERVED
+CVE-2007-3384
+ RESERVED
+CVE-2007-3383
+ RESERVED
+CVE-2007-3382
+ RESERVED
+CVE-2007-3381
+ RESERVED
+CVE-2007-3380
+ RESERVED
+CVE-2007-3379
+ RESERVED
+CVE-2007-3378
+ RESERVED
+CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates
...)
+ TODO: check
+CVE-2007-3376 (Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows
...)
+ TODO: check
+CVE-2007-3375 (Stack-based buffer overflow in Lhaca File Archiver allows ...)
+ TODO: check
+CVE-2007-3374 (Buffer overflow in cluster/cman/daemon/daemon.c in cman ...)
+ TODO: check
+CVE-2007-3373 (daemon.c in cman (redhat-cluster-suite) before 20070622 does
not clear ...)
+ TODO: check
+CVE-2006-7209 (Multiple cross-site scripting (XSS) vulnerabilities in
phpTrafficA ...)
+ TODO: check
+CVE-2006-7208 (PHP remote file inclusion vulnerability in download.php in the
Adam ...)
+ TODO: check
+CVE-2003-1332 (Stack-based buffer overflow in the reply_nttrans function in
Samba ...)
+ TODO: check
+CVE-2003-1331 (Stack-based buffer overflow in the mysql_real_connect function
in the ...)
+ TODO: check
+CVE-2007-3389 (Wireshark before 0.99.6 allows remote attackers to cause a
denial of ...)
- wireshark 0.99.6pre1-1
- ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-3390 [wireshark 2]
+CVE-2007-3390 (Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on
certain ...)
- wireshark 0.99.6pre1-1
- ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-3391 [wireshark 3]
+CVE-2007-3391 (Wireshark 0.99.5 allows remote attackers to cause a denial of
service ...)
- wireshark 0.99.6pre1-1
- ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-3392 [wireshark 4]
+CVE-2007-3392 (Wireshark before 0.99.6 allows remote attackers to cause a
denial of ...)
- wireshark 0.99.6pre1-1
- ethereal <not-affected> (Vulnerable code not present)
-CVE-2007-3393 [wireshark 5]
+CVE-2007-3393 (Off-by-one error in the DHCP/BOOTP dissector in Wireshark
before ...)
- wireshark 0.99.6pre1-1
- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-XXXX [jailer unsave tempfile usage]
- jailer 0.4-10 (bug #410548)
-CVE-2007-3372 [avahi assert() local machine DoS]
+CVE-2007-3372 (The Avahi daemon in Avahi before 0.6.20 allows attackers to
cause a ...)
- avahi <unfixed> (low)
[etch] - avahi <no-dsa> (Minor issue, only affects local users)
CVE-2007-3371 (PHP remote file inclusion vulnerability in ...)
@@ -249,8 +413,8 @@
TODO: check
CVE-2007-3260 (HP System Management Homepage (SMH) before 2.1.9 for Linux,
when used ...)
TODO: check
-CVE-2007-3259
- RESERVED
+CVE-2007-3259 (Calendarix 0.7.20070307 allows remote attackers to obtain
sensitive ...)
+ TODO: check
CVE-2007-3258
RESERVED
CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for
Evolution Data ...)
@@ -423,10 +587,10 @@
NOT-FOR-US: Apple
CVE-2007-3184 (Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS
X, ...)
NOT-FOR-US: Cisco
-CVE-2007-3183
- RESERVED
-CVE-2007-3182
- RESERVED
+CVE-2007-3183 (Multiple SQL injection vulnerabilities in Calendarix
0.7.20070307, ...)
+ TODO: check
+CVE-2007-3182 (Multiple cross-site scripting (XSS) vulnerabilities in
Calendarix ...)
+ TODO: check
CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1
allows ...)
TODO: check
CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP
Windows ...)
@@ -613,8 +777,8 @@
RESERVED
CVE-2007-3105
RESERVED
-CVE-2007-3104
- RESERVED
+CVE-2007-3104 (The sysfs_readdir function in the Linux kernel in Red Hat
Enterprise ...)
+ TODO: check
CVE-2007-3103
RESERVED
CVE-2007-3102
@@ -936,8 +1100,8 @@
RESERVED
CVE-2007-2952
RESERVED
-CVE-2007-2951
- RESERVED
+CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in
KVIrc ...)
+ TODO: check
CVE-2007-2950
RESERVED
CVE-2007-2949
@@ -1288,8 +1452,8 @@
RESERVED
CVE-2007-2799 (Integer overflow in the "file" program 4.20, when
running on 32-bit ...)
- file 4.21-1 (medium)
-CVE-2007-2798
- RESERVED
+CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc
function in ...)
+ TODO: check
CVE-2006-7205 (The array_fill function in ext/standard/array.c in PHP 4.4.2
and 5.1.2 ...)
TODO: check
CVE-2006-7204 (The imap_body function in PHP before 4.4.4 does not implement
safemode ...)
@@ -1898,8 +2062,8 @@
NOT-FOR-US: CA Anti-Virus
CVE-2007-2521 (PHP remote file inclusion vulnerability in common.php in
E-GADS! 2.2.6 ...)
NOT-FOR-US: E-GADS!
-CVE-2007-2520
- RESERVED
+CVE-2007-2520 (SQL injection vulnerability in admin.php in MyNews 0.10, when
...)
+ TODO: check
CVE-2007-2519 (Directory traversal vulnerability in the installer in PEAR 1.0
through ...)
TODO: check
CVE-2007-2518
@@ -2073,10 +2237,10 @@
CVE-2007-2444 (Logic error in the SID/Name translation functionality in smbd
in Samba ...)
{DSA-1291-2 DTSA-41-1}
- samba 3.0.25-1
-CVE-2007-2443
- RESERVED
-CVE-2007-2442
- RESERVED
+CVE-2007-2443 (Integer signedness error in the gssrpc__svcauth_unix function
in ...)
+ TODO: check
+CVE-2007-2442 (The gssrpc__svcauth_gssapi function in the RPC library in MIT
Kerberos ...)
+ TODO: check
CVE-2007-2441 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and
earlier for ...)
NOT-FOR-US: Caucho Resin Professional
CVE-2007-2440 (Directory traversal vulnerability in Caucho Resin Professional
3.1.0 ...)
@@ -2172,12 +2336,12 @@
RESERVED
CVE-2007-2402
RESERVED
-CVE-2007-2401
- RESERVED
-CVE-2007-2400
- RESERVED
-CVE-2007-2399
- RESERVED
+CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X
10.3.9, and ...)
+ TODO: check
+CVE-2007-2400 (Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X,
...)
+ TODO: check
+CVE-2007-2399 (WebKit in Apple Mac OS X 10.3.9, and 10.4.9 and later performs
an ...)
+ TODO: check
CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote
attackers ...)
TODO: check
CVE-2007-2397
@@ -2883,7 +3047,7 @@
NOT-FOR-US: CNStats
CVE-2007-2085 (Cross-site scripting (XSS) vulnerability in oe2edit.cgi in
oe2edit CMS ...)
NOT-FOR-US: oe2edit CMS
-CVE-2007-2084 (PHP remote file inclusion vulnerability in MobilePublisherphp
1.1.2 ...)
+CVE-2007-2084 (** DISPUTED ** ...)
NOT-FOR-US: MobilePublisherphp
CVE-2007-2083 (vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before
7.0.302.000 ...)
NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
@@ -3851,18 +4015,15 @@
RESERVED
CVE-2007-1666 (The processor_request function in the debugger server for
DataRescue ...)
NOT-FOR-US: IDA Pro
-CVE-2007-1665
- RESERVED
+CVE-2007-1665 (Memory leak in the token OCR functionality in ekg before ...)
{DSA-1318-1}
- ekg 1:1.7~rc2-2 (low)
[sarge] - ekg <not-affected> (Vulnerable code not present)
-CVE-2007-1664
- RESERVED
+CVE-2007-1664 (ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows
remote ...)
{DSA-1318-1}
- ekg 1:1.7~rc2-2 (low)
[sarge] - ekg <not-affected> (Vulnerable code not present)
-CVE-2007-1663
- RESERVED
+CVE-2007-1663 (Memory leak in the image message functionality in ekg before
...)
{DSA-1318-1}
- ekg 1:1.7~rc2-2 (low)
[sarge] - ekg <not-affected> (Vulnerable code not present)
@@ -6403,8 +6564,8 @@
[sarge] - libapache-mod-jk <not-affected>
[etch] - libapache-mod-jk <not-affected>
NOTE: affects only 1.2.19 and 1.2.20
-CVE-2007-0773
- RESERVED
+CVE-2007-0773 (The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows
local users ...)
+ TODO: check
CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1
allows ...)
- linux-2.6 2.6.18.dfsg.1-11
CVE-2007-0771 (Unspecified vulnerability in the utrace support for Linux
kernel ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
