Author: stef-guest
Date: 2007-08-02 19:10:40 +0000 (Thu, 02 Aug 2007)
New Revision: 6215
Modified:
data/CVE/list
Log:
new: teamspeak-server, bandersnatch, zoph
already fixed: sun-java[56]
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-08-02 18:21:36 UTC (rev 6214)
+++ data/CVE/list 2007-08-02 19:10:40 UTC (rev 6215)
@@ -1,3 +1,5 @@
+CVE-2007-XXXX [teamspeak-server arbitrary file disclosure]
+ - teamspeak-server <unfixed> (bug #435707; medium)
CVE-2007-XXXX [tor insufficient authentication on control port]
- tor 0.1.2.16-1
CVE-2007-4116 (SQL injection vulnerability in philboard_forum.asp in Metyus
Forum ...)
@@ -333,7 +335,7 @@
CVE-2007-3957 (Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote
...)
NOT-FOR-US: Nipun Jain xserver
CVE-2007-3956 (TeamSpeak WebServer 2.0 for Windows does not validate parameter
value ...)
- TODO: check
+ - teamspeak-server <unfixed> (bug #435707)
CVE-2007-3955 (Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX
control in ...)
NOT-FOR-US: LinkedIn Toolbar
CVE-2007-3954 (Argument injection vulnerability in Microsoft Internet
Explorer, when ...)
@@ -381,27 +383,29 @@
CVE-2007-3933 (SQL injection vulnerability in insertorder.cfm in QuickEStore
8.2 and ...)
NOT-FOR-US: QuickEStore
CVE-2007-3932 (uploadimg.php in the Expose RC35 and earlier (com_expose)
component ...)
- TODO: check
+ NOT-FOR-US: Expose RC35 for Joomla
CVE-2007-3931 (The wrap_setuid_third_party_application function in the
installation ...)
- TODO: check
+ NOT-FOR-US: Samsung SCX-4200 Driver installation script
CVE-2007-3930 (Interpretation conflict between Microsoft Internet Explorer and
...)
NOT-FOR-US: Microsoft
CVE-2007-3929 (Use-after-free vulnerability in the BitTorrent support in Opera
before ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2007-3928 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted
remote ...)
- TODO: check
+ NOT-FOR-US: Yahoo! Messenger
CVE-2007-3927 (Multiple buffer overflows in Ipswitch IMail Server 2006 before
2006.21 ...)
NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3926 (Ipswitch IMail Server 2006 before 2006.21 allows remote
attackers to ...)
NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3925 (Multiple buffer overflows in the IMAP service (imapd32.exe) in
...)
- TODO: check
+ NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3924 (Argument injection vulnerability in Microsoft Internet
Explorer, when ...)
NOT-FOR-US: Microsoft
CVE-2007-3923 (The Common Internet File System (CIFS) optimization in Cisco
Wide Area ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-3922 (Unspecified vulnerability in the Java Runtime Environment (JRE)
Applet ...)
- TODO: check
+ - sun-java5 1.5.0-12-2
+ [etch] - sun-java5 <no-dsa> (non-free not supported)
+ - sun-java6 6-02-1
CVE-2007-3921
RESERVED
CVE-2007-3920
@@ -423,19 +427,19 @@
CVE-2007-3912
RESERVED
CVE-2007-3911 (Multiple heap-based buffer overflows in (1) clsscheduler.exe
(aka ...)
- TODO: check
+ NOT-FOR-US: BakBone NetVault Reporter
CVE-2007-3910 (Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4
allows ...)
- TODO: check
+ - bandersnatch <unfixed> (low; bug #435709)
CVE-2007-3909 (Multiple SQL injection vulnerabilities in Bandersnatch 0.4
allow ...)
- TODO: check
+ - bandersnatch <unfixed> (low; bug #435709)
CVE-2007-3908 (Unspecified vulnerability in HP ServiceGuard for Linux for Red
Hat ...)
- TODO: check
+ NOT-FOR-US: HP ServiceGuard
CVE-2007-3907 (Unspecified vulnerability in login.pl in LedgerSMB 1.2.0
through 1.2.6 ...)
- TODO: check
+ NOT-FOR-US: LedgerSMB
CVE-2007-3906 (Unspecified vulnerability in Kaspersky Anti-Virus for Check
Point ...)
NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-3905 (SQL injection vulnerability in Zoph before 0.7.0.1 might allow
remote ...)
- TODO: check
+ - zoph <unfixed> (bug filed)
CVE-2007-3904
RESERVED
CVE-2007-3903
@@ -467,23 +471,23 @@
CVE-2007-3890
RESERVED
CVE-2007-3889 (Multiple SQL injection vulnerabilities in Insanely Simple Blog
0.5 and ...)
- TODO: check
+ NOT-FOR-US: Insanely Simple Blog
CVE-2007-3888 (Multiple cross-site scripting (XSS) vulnerabilities in Insanely
Simple ...)
- TODO: check
+ NOT-FOR-US: Insanely Simple Blog
CVE-2007-3887 (Multiple cross-site scripting (XSS) vulnerabilities in
mesaj_formu.asp ...)
- TODO: check
+ NOT-FOR-US: ASP Ziyaretci Defteri
CVE-2007-3886 (Cross-site scripting (XSS) vulnerability in default.asp in
Element CMS ...)
- TODO: check
+ NOT-FOR-US: Element CMS
CVE-2007-3885 (Cross-site scripting (XSS) vulnerability in
philboard_search.asp in ...)
- TODO: check
+ NOT-FOR-US: husrevforum
CVE-2007-3884 (SQL injection vulnerability in philboard_forum.asp in
husrevforum ...)
- TODO: check
+ NOT-FOR-US: husrevforum
CVE-2007-3883 (The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.1
and ...)
- TODO: check
+ NOT-FOR-US: Data Dynamics ActiveBar ActiveX control
CVE-2007-3882 (SQL injection vulnerability in index.php in Expert Advisor
allows ...)
- TODO: check
+ NOT-FOR-US: Expert Advisor
CVE-2007-3881 (SQL injection vulnerability in index.php in Pictures Rating
(Picture ...)
- TODO: check
+ NOT-FOR-US: Pictures Rating
CVE-2007-3880
RESERVED
CVE-2007-3879
@@ -495,7 +499,7 @@
CVE-2007-3876
RESERVED
CVE-2007-3875 (arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust
Antivirus) ...)
- TODO: check
+ NOT-FOR-US: CA Anti-Virus
CVE-2007-3874
RESERVED
CVE-2007-3873
@@ -510,41 +514,41 @@
- dokuwiki 0.0.20070626b-1 (unimportant; bug #434134)
NOTE: IE browser bug are not treated as security issues in packages
applications
CVE-2007-3870 (Multiple unspecified vulnerabilities in the Human Capital
Management ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3869 (Multiple unspecified vulnerabilities in the Customer
Relationship ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3868 (Multiple unspecified vulnerabilities in PeopleTools in Oracle
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3867 (Multiple unspecified vulnerabilities in Oracle E-Business Suite
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3866 (Multiple unspecified vulnerabilities in Oracle E-Business Suite
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3865 (Unspecified vulnerability in the Oracle Customer Intelligence
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3864 (Multiple unspecified vulnerabilities in Oracle Collaboration
Suite ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3863 (Unspecified vulnerability in Oracle JDeveloper for Application
Server ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3862 (Unspecified vulnerability in Oracle Application Server 9.0.4.3
and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3861 (Unspecified vulnerability in Oracle Jdeveloper in Oracle
Application ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3860 (Unspecified vulnerability in Oracle Application Express
(formerly ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3859 (Unspecified vulnerability in the Oracle Internet Directory
component ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3858 (Multiple unspecified vulnerabilities in Oracle Database
10.2.0.3 allow ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3857 (Multiple unspecified vulnerabilities in Oracle Database
10.1.0.5 allow ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3856 (Unspecified vulnerability in the Oracle Data Mining component
for ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3855 (Multiple unspecified vulnerabilities in Oracle Database
9.0.1.5+, ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3854 (Multiple unspecified vulnerabilities in Oracle Database
9.0.1.5+, ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3853 (Multiple unspecified vulnerabilities in Oracle Database
10.1.0.5 and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3852
RESERVED
CVE-2007-3851
@@ -574,7 +578,7 @@
CVE-2007-3843
RESERVED
CVE-2007-3842 (Cross-site scripting (XSS) vulnerability in the 8e6 R3000
Enterprise ...)
- TODO: check
+ NOT-FOR-US: 8e6 R3000 Enterprise Filter
CVE-2007-3841 (Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for
Linux ...)
TODO: check
CVE-2007-3840 (SQL injection vulnerability in referralUrl.php in Traffic Stats
allows ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
