Author: joeyh
Date: 2007-08-28 21:14:08 +0000 (Tue, 28 Aug 2007)
New Revision: 6419
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-08-28 20:58:20 UTC (rev 6418)
+++ data/CVE/list 2007-08-28 21:14:08 UTC (rev 6419)
@@ -1,239 +1,239 @@
-CVE-2007-4580 (Buffer underflow in redlight.sys in BufferZone 2.1 and 2.5
allows ...)
+CVE-2007-4580
TODO: check
-CVE-2007-4579 (Heap-based buffer overflow in Microsoft MSN Messenger 7.x and
Live ...)
+CVE-2007-4579
TODO: check
-CVE-2007-4578 (Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0
allows ...)
+CVE-2007-4578
TODO: check
-CVE-2007-4577 (Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote
attackers ...)
+CVE-2007-4577
TODO: check
CVE-2007-4576
- RESERVED
+ TODO: check
CVE-2007-4575
- RESERVED
+ TODO: check
CVE-2007-4574
- RESERVED
+ TODO: check
CVE-2007-4573
- RESERVED
+ TODO: check
CVE-2007-4572
- RESERVED
+ TODO: check
CVE-2007-4571
- RESERVED
+ TODO: check
CVE-2007-4570
- RESERVED
+ TODO: check
CVE-2007-4569
- RESERVED
+ TODO: check
CVE-2007-4568
- RESERVED
+ TODO: check
CVE-2007-4567
- RESERVED
-CVE-2007-4566 (Multiple buffer overflows in the login mechanism in sidvault in
Alpha ...)
TODO: check
-CVE-2007-4565 (fetchmail before 6.3.9 allows context-dependent attackers to
cause a ...)
+CVE-2007-4566
TODO: check
-CVE-2007-4564 (Cosminexus Manager in Cosminexus Application Server 07-00 and
later ...)
+CVE-2007-4565
TODO: check
-CVE-2007-4563 (Cosminexus Manager in Cosminexus Application Server 06-50 and
later ...)
+CVE-2007-4564
TODO: check
-CVE-2007-4562 (Unspecified vulnerability in Hitachi DABroker before 03-02-/D
and ...)
+CVE-2007-4563
TODO: check
-CVE-2007-4561 (Heap-based buffer overflow in the RTSP service in Helix DNA
Server ...)
+CVE-2007-4562
TODO: check
-CVE-2007-4560 (clamav-milter in ClamAV before 0.91.2, when run in black hole
mode, ...)
+CVE-2007-4561
TODO: check
-CVE-2007-4559 (Directory traversal vulnerability in the (1) extract and (2)
...)
+CVE-2007-4560
TODO: check
-CVE-2007-4558 (Directory traversal vulnerability in extract.c in star before
1.5a84 ...)
+CVE-2007-4559
TODO: check
-CVE-2007-4557 (Cross-site scripting (XSS) vulnerability in the webacc servlet
in ...)
+CVE-2007-4558
TODO: check
-CVE-2007-4556 (Struts support in OpenSymphony XWork before 1.2.3, and 2.x
before ...)
+CVE-2007-4557
TODO: check
-CVE-2007-4555 (Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP
allows ...)
+CVE-2007-4556
TODO: check
-CVE-2007-4554 (Cross-site scripting (XSS) vulnerability in
tiki-remind_password.php ...)
+CVE-2007-4555
TODO: check
-CVE-2007-4553 (The Thomson ST 2030 SIP phone with software 1.52.1 allows
remote ...)
+CVE-2007-4554
TODO: check
-CVE-2007-4552 (SQL injection vulnerability in index.php in Agares Media
Arcadem 2.01 ...)
+CVE-2007-4553
TODO: check
-CVE-2007-4551 (PHP remote file inclusion vulnerability in index.php in Agares
Media ...)
+CVE-2007-4552
TODO: check
-CVE-2007-4550 (Format string vulnerability in ALPass 2.7 English and 3.02
Korean ...)
+CVE-2007-4551
TODO: check
-CVE-2007-4549 (Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean
allow ...)
+CVE-2007-4550
TODO: check
-CVE-2007-4548 (The login method in LoginModule implementations in Apache
Geronimo 2.0 ...)
+CVE-2007-4549
TODO: check
-CVE-2007-4547 (Unreal Commander 0.92 build 565 and 573 writes portions of heap
memory ...)
+CVE-2007-4548
TODO: check
-CVE-2007-4546 (Unreal Commander 0.92 build 565 and 573 lists the filenames
from the ...)
+CVE-2007-4547
TODO: check
-CVE-2007-4545 (Multiple directory traversal vulnerabilities in Unreal
Commander 0.92 ...)
+CVE-2007-4546
TODO: check
-CVE-2007-4544 (Cross-site scripting (XSS) vulnerability in wp-newblog.php in
...)
+CVE-2007-4545
TODO: check
-CVE-2007-4543 (Cross-site scripting (XSS) vulnerability in enter_bug.cgi in
Bugzilla ...)
+CVE-2007-4544
TODO: check
-CVE-2007-4542 (Multiple cross-site scripting (XSS) vulnerabilities in
MapServer ...)
+CVE-2007-4543
TODO: check
-CVE-2007-4541 (Multiple cross-site scripting (XSS) vulnerabilities in Olate
Download ...)
+CVE-2007-4542
TODO: check
-CVE-2007-4540 (Multiple SQL injection vulnerabilities in download.php in Olate
...)
+CVE-2007-4541
TODO: check
-CVE-2007-4539 (The WebService (XML-RPC) interface in Bugzilla 2.23.3 through
3.0.0 ...)
+CVE-2007-4540
TODO: check
-CVE-2007-4538 (email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote
attackers ...)
+CVE-2007-4539
TODO: check
-CVE-2007-4537 (Heap-based buffer overflow in the Huffman decompression
algorithm ...)
+CVE-2007-4538
TODO: check
-CVE-2007-4536 (TorrentTrader 1.07 and earlier sets insecure permissions for
files in ...)
+CVE-2007-4537
TODO: check
-CVE-2007-4535 (The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier
allows ...)
+CVE-2007-4536
TODO: check
-CVE-2007-4534 (Buffer overflow in the VThinker::BroadcastPrintf function in
...)
+CVE-2007-4535
TODO: check
-CVE-2007-4533 (Format string vulnerability in the Say command in sv_main.cpp
in ...)
+CVE-2007-4534
TODO: check
-CVE-2007-4532 (Soldat game server 1.4.2 and earlier, and dedicated server
2.6.2 and ...)
+CVE-2007-4533
TODO: check
-CVE-2007-4531 (Soldat game server 1.4.2 and earlier, and dedicated server
2.6.2 and ...)
+CVE-2007-4532
TODO: check
-CVE-2007-4530 (Multiple cross-site scripting (XSS) vulnerabilities in
TeamSpeak ...)
+CVE-2007-4531
TODO: check
-CVE-2007-4529 (The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows
remote ...)
+CVE-2007-4530
TODO: check
-CVE-2007-4528 (The Foreign Function Interface (ffi) extension in PHP 5.0.5
does not ...)
+CVE-2007-4529
TODO: check
-CVE-2007-4527 (Unrestricted file upload vulnerability in phUploader.php in
phphq.Net ...)
+CVE-2007-4528
TODO: check
-CVE-2007-4526 (The Client Login Extension (CLE) in Novell Identity Manager
before ...)
+CVE-2007-4527
TODO: check
-CVE-2007-4525 (** DISPUTED ** ...)
+CVE-2007-4526
TODO: check
-CVE-2007-4524 (PHP remote file inclusion vulnerability in adisplay.php in
PhPress ...)
+CVE-2007-4525
TODO: check
-CVE-2007-4523 (Multiple cross-site scripting (XSS) vulnerabilities in Ripe
Website ...)
+CVE-2007-4524
TODO: check
-CVE-2007-4522 (Multiple SQL injection vulnerabilities in Ripe Website Manager
0.8.9 ...)
+CVE-2007-4523
TODO: check
-CVE-2007-4521 (Asterisk Open Source 1.4.5 through 1.4.11, when configured to
use an ...)
+CVE-2007-4522
TODO: check
+CVE-2007-4521
+ TODO: check
CVE-2007-4520
- RESERVED
+ TODO: check
CVE-2007-4519
- RESERVED
+ TODO: check
CVE-2007-4518
- RESERVED
+ TODO: check
CVE-2007-4517
- RESERVED
+ TODO: check
CVE-2007-4516
- RESERVED
+ TODO: check
CVE-2007-4515
- RESERVED
+ TODO: check
CVE-2007-4514
- RESERVED
+ TODO: check
CVE-2007-4513
- RESERVED
+ TODO: check
CVE-2007-4512
- RESERVED
-CVE-2007-4511 (The Sun Admin Console in Sun Application Server 9.0_0.1 does
not apply ...)
TODO: check
-CVE-2007-4510 (ClamAV before 0.91.2, as used in Kolab Server 2.0 through
2.2beta1 and ...)
+CVE-2007-4511
TODO: check
-CVE-2007-4509 (SQL injection vulnerability in index.php in the EventList
component ...)
+CVE-2007-4510
TODO: check
-CVE-2007-4508 (Stack-based buffer overflow in Rebellion Asura engine, as used
for the ...)
+CVE-2007-4509
TODO: check
-CVE-2007-4507 (Multiple buffer overflows in the php_ntuser component for PHP
5.2.3 ...)
+CVE-2007-4508
TODO: check
-CVE-2007-4506 (SQL injection vulnerability in index.php in the NeoRecruit
component ...)
+CVE-2007-4507
TODO: check
-CVE-2007-4505 (SQL injection vulnerability in index.php in the RemoSitory
component ...)
+CVE-2007-4506
TODO: check
-CVE-2007-4504 (Directory traversal vulnerability in index.php in the RSfiles
...)
+CVE-2007-4505
TODO: check
-CVE-2007-4503 (SQL injection vulnerability in index.php in the Nice Talk
component ...)
+CVE-2007-4504
TODO: check
-CVE-2007-4502 (SQL injection vulnerability in index.php in the BibTeX
component ...)
+CVE-2007-4503
TODO: check
-CVE-2007-4501 (Unspecified vulnerability in PassphraseRequester in SSHKeychain
before ...)
+CVE-2007-4502
TODO: check
-CVE-2007-4500 (Unspecified vulnerability in TunnelRunner in SSHKeychain before
0.8.2 ...)
+CVE-2007-4501
TODO: check
-CVE-2007-4499 (Unrestricted file upload vulnerability in output.php in
American ...)
+CVE-2007-4500
TODO: check
-CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7,
Loader ...)
+CVE-2007-4499
TODO: check
+CVE-2007-4498
+ TODO: check
CVE-2007-4497
- RESERVED
+ TODO: check
CVE-2007-4496
- RESERVED
-CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris
10 on ...)
TODO: check
-CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9
before ...)
+CVE-2007-4495
TODO: check
-CVE-2007-4493 (eZ publish before 3.8.9, and 3.9 before 3.9.3, does not
properly check ...)
+CVE-2007-4494
TODO: check
-CVE-2007-4492 (Multiple unspecified vulnerabilities in the ata disk driver in
Sun ...)
+CVE-2007-4493
TODO: check
-CVE-2007-4491 (SQL injection vulnerability in uyeler2.php in Gurur haber 2.0
allows ...)
+CVE-2007-4492
TODO: check
-CVE-2007-4490 (Multiple buffer overflows in EarthAgent.exe in Trend Micro ...)
+CVE-2007-4491
TODO: check
-CVE-2007-4489 (Buffer overflow in the IUAComFormX ActiveX control in
uacomx.ocx 2.0.1 ...)
+CVE-2007-4490
TODO: check
-CVE-2007-4488 (Multiple cross-site scripting (XSS) vulnerabilities in the
Siemens ...)
+CVE-2007-4489
TODO: check
-CVE-2007-4487 (Cross-site scripting (XSS) vulnerability in D22-Shoutbox for
Invision ...)
+CVE-2007-4488
TODO: check
-CVE-2007-4486 (Multiple PHP remote file inclusion vulnerabilities in index.php
in ...)
+CVE-2007-4487
TODO: check
-CVE-2007-4485 (PHP remote file inclusion vulnerability in visitor.php in
Butterfly ...)
+CVE-2007-4486
TODO: check
-CVE-2007-4484 (PHP remote file inclusion vulnerability in login.php in
My_REFERER ...)
+CVE-2007-4485
TODO: check
-CVE-2007-4483 (Cross-site scripting (XSS) vulnerability in index.php in the
WordPress ...)
+CVE-2007-4484
TODO: check
-CVE-2007-4482 (Cross-site scripting (XSS) vulnerability in index.php in the
Pool ...)
+CVE-2007-4483
TODO: check
-CVE-2007-4481 (Cross-site scripting (XSS) vulnerability in index.php in the
(1) Blix ...)
+CVE-2007-4482
TODO: check
-CVE-2007-4480 (Cross-site scripting (XSS) vulnerability in index.php in the
Sirius ...)
+CVE-2007-4481
TODO: check
-CVE-2007-4479 (Cross-site scripting (XSS) vulnerability in search.html in
Search ...)
+CVE-2007-4480
TODO: check
-CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet
...)
+CVE-2007-4479
TODO: check
-CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router
allows ...)
+CVE-2007-4478
TODO: check
+CVE-2007-4477
+ TODO: check
CVE-2007-4476
- RESERVED
+ TODO: check
CVE-2007-4475
- RESERVED
+ TODO: check
CVE-2007-4474
- RESERVED
+ TODO: check
CVE-2007-4473
- RESERVED
+ TODO: check
CVE-2007-4472
- RESERVED
+ TODO: check
CVE-2007-4471
- RESERVED
+ TODO: check
CVE-2007-4470
- RESERVED
+ TODO: check
CVE-2007-4469
- RESERVED
+ TODO: check
CVE-2007-4468
- RESERVED
+ TODO: check
CVE-2007-4467
- RESERVED
+ TODO: check
CVE-2007-4466
- RESERVED
-CVE-2006-7222 (Buffer overflow in the CFLICStream::_deltachunk function in ...)
TODO: check
-CVE-2003-1335 (Directory traversal vulnerability in Kai Blankenhorn Bitfolge
simple ...)
+CVE-2006-7222
TODO: check
-CVE-2003-1334 (Cross-site scripting (XSS) vulnerability in Kai Blankenhorn
Bitfolge ...)
+CVE-2003-1335
TODO: check
+CVE-2003-1334
+ TODO: check
CVE-2007-4465
RESERVED
CVE-2007-4464 (CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for
Total ...)
@@ -247,7 +247,7 @@
[etch] - nufw <not-affected>
CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka
libid3) ...)
- id3lib3.8.3 3.8.3-7 (bug #438540)
-CVE-2007-4459 (Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and
other SIP ...)
+CVE-2007-4459 (The Cisco IP Phone 7940 with P0S3-08-6-00 firmware allows
remote ...)
NOT-FOR-US: Cisco IP Phone
CVE-2007-4458 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Firesoft
@@ -394,7 +394,7 @@
NOT-FOR-US: winamp
CVE-2007-4391 (Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo!
Messenger ...)
NOT-FOR-US: kakadu
-CVE-2007-4390 (The Command Line Interface (CLI), aka Adonis Administration
Console, ...)
+CVE-2007-4390 (The Command Line Interface (CLI) on the BlueCat Networks Adonis
...)
NOT-FOR-US: BlueCat
CVE-2007-4389 (Cross-site request forgery (CSRF) vulnerability in /xslt in
2wire ...)
NOT-FOR-US: 2wire
@@ -526,7 +526,7 @@
NOT-FOR-US: phpDVD
CVE-2007-4339 (Multiple PHP remote file inclusion vulnerabilities in
PHPCentral Poll ...)
NOT-FOR-US: PHPCentral Poll Script
-CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) before
0.9 ...)
+CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) 0.6
and ...)
NOT-FOR-US: Family Connections
CVE-2007-4337 (Multiple buffer overflows in the httplib_parse_sc_header
function in ...)
- streamripper 1.62.2-1 (medium)
@@ -729,7 +729,7 @@
NOT-FOR-US: Justsystem Ichitaro
CVE-2007-4245 (Cross-site scripting (XSS) vulnerability in Search.php in
DiMeMa ...)
NOT-FOR-US: DiMeMa CONTENTdm
-CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in J!
...)
+CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in the
J! ...)
NOT-FOR-US: com_jreactions for Joomla!
CVE-2007-4243 (Unspecified vulnerability in pfilter-reporter.pl in Astaro
Security ...)
NOT-FOR-US: Astaro Security Gateway
@@ -784,9 +784,11 @@
RESERVED
CVE-2007-4220
RESERVED
-CVE-2007-4219 (Integer overflow in the RPCFN_SYNC_TASK function in
StRpcSrv.dll, as ...)
+CVE-2007-4219
+ RESERVED
TODO: check
-CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service
(SpntSvc.exe) ...)
+CVE-2007-4218
+ RESERVED
TODO: check
CVE-2007-4217
RESERVED
@@ -966,7 +968,8 @@
RESERVED
CVE-2007-4132
RESERVED
-CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot
function in ...)
+CVE-2007-4131
+ RESERVED
TODO: check
CVE-2007-4130
RESERVED
@@ -1141,8 +1144,7 @@
NOT-FOR-US: UltraDefrag
CVE-2007-4050 (Unspecified vulnerability in WebUI in ADempiere Bazaar before
3.3 beta ...)
NOT-FOR-US: ADempiere Bazaar
-CVE-2007-4049
- REJECTED
+CVE-2007-4049 (Cross-site scripting (XSS) vulnerability in the printenv.pl
test CGI ...)
NOTE: Rediscovery / dupe of CVE-2000-1205
CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in
phpSysInfo ...)
- phpsysinfo <unfixed> (low; bug #435935)
@@ -1507,7 +1509,8 @@
NOT-FOR-US: CA Anti-Virus
CVE-2007-3874
RESERVED
-CVE-2007-3873 (Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the
SSAPI ...)
+CVE-2007-3873
+ RESERVED
TODO: check
CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace
Service ...)
NOT-FOR-US: HP OpenView
@@ -1567,9 +1570,11 @@
CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to
send ...)
{DSA-1356-1}
TODO: check
-CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c
(mod_proxy) in ...)
+CVE-2007-3847
+ RESERVED
TODO: check
-CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5,
as used ...)
+CVE-2007-3846
+ RESERVED
TODO: check
CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and
2.x ...)
{DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
@@ -1820,7 +1825,8 @@
NOT-FOR-US: Apple Safari
CVE-2007-3742 (WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone
before ...)
NOT-FOR-US: Apple Safari
-CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins
in gimp ...)
+CVE-2007-3741
+ RESERVED
TODO: check
CVE-2007-3740
RESERVED
@@ -3687,7 +3693,8 @@
NOT-FOR-US: Scallywag
CVE-2007-2959 (SQL injection vulnerability in manufacturer.php in cpCommerce
before ...)
NOT-FOR-US: cpCommerce
-CVE-2007-2958 (Format string vulnerability in the inc_put_error function in
src/inc.c ...)
+CVE-2007-2958
+ RESERVED
TODO: check
CVE-2007-2957
RESERVED
@@ -4092,7 +4099,8 @@
CVE-2007-XXXX [NTFS driver for FUSE unspecified issue]
- ntfs-3g 1:1.516-1
NOTE: local root exploit
-CVE-2007-2797 (xterm, including 192-7.el4 in Red Hat Enterprise Linux and
208-3.1 in ...)
+CVE-2007-2797
+ RESERVED
- xterm <not-affected> (Debian uses safe compile-time settings)
CVE-2007-2796 (Arris Cadant C3 CMTS allows remote attackers to cause a denial
of ...)
NOT-FOR-US: Arris Cadant
@@ -4419,8 +4427,7 @@
NOT-FOR-US: NetWin
CVE-2007-2654 (xfs_fsr in xfsdump creates a .fsr temporary directory with
insecure ...)
- xfsdump 2.2.45-1 (bug #417894; low)
-CVE-2007-2653
- REJECTED
+CVE-2007-2653 (Unspecified vulnerability in Vim (Vi IMproved) before 7.1 has
...)
NOT-FOR-US: This is bogus, the annoucement refers to the recently
discovered modelines issues
CVE-2007-2652 (Multiple unspecified vulnerabilities in Free-SA before 1.2.2
allow ...)
NOT-FOR-US: Free-SA
@@ -7475,7 +7482,7 @@
{DSA-1304 DSA-1286-1}
- linux-2.6 2.6.20-1
CVE-2007-1356
- REJECTED
+ RESERVED
CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- tomcat4 <removed> (low)
- tomcat5 <unfixed> (low)
@@ -33831,7 +33838,7 @@
- kernel-source-2.4.27 2.4.27-11 (medium)
CVE-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read
...)
NOT-FOR-US: Greasemonkey
-CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses
insecure ...)
+CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and .0.0 and 7.0.1, uses
insecure ...)
NOT-FOR-US: IBM Lotus Notes
CVE-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web
Server ...)
NOT-FOR-US: NetworkActiv Web Server
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
