diff options
author | Joey Hess <joeyh@debian.org> | 2007-07-11 09:14:09 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2007-07-11 09:14:09 +0000 |
commit | 3822a92df7cc44d5ad82252f7cbb73ff6255067c (patch) | |
tree | 0376f3518ce8eb07cc36695e4700e33c1fba4af3 /data/CVE | |
parent | 227b13c49879126fc58a43e7d87a606b21db4ae3 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6133 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/1999.list | 2 | ||||
-rw-r--r-- | data/CVE/2004.list | 6 | ||||
-rw-r--r-- | data/CVE/2005.list | 24 | ||||
-rw-r--r-- | data/CVE/2006.list | 18 | ||||
-rw-r--r-- | data/CVE/2007.list | 400 |
5 files changed, 405 insertions, 45 deletions
diff --git a/data/CVE/1999.list b/data/CVE/1999.list index 227faa235b..b0c2fa5ed8 100644 --- a/data/CVE/1999.list +++ b/data/CVE/1999.list @@ -1,3 +1,5 @@ +CVE-1999-1591 (Microsoft Internet Information Services (IIS) server 4.0 SP4, without ...) + TODO: check CVE-1999-1590 (Directory traversal vulnerability in Muhammad A. Muquit wwwcount ...) NOT-FOR-US: Muhammad A. Muquit wwwcoun CVE-1999-1589 (Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users ...) diff --git a/data/CVE/2004.list b/data/CVE/2004.list index 50a7334e11..50e97c16d2 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -1,3 +1,7 @@ +CVE-2004-2682 (PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which ...) + TODO: check +CVE-2004-2681 (PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely ...) + TODO: check CVE-2004-2680 (mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly ...) - libapache2-mod-python 3.2.8-1 (low) CVE-2004-2679 (Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to ...) @@ -2593,7 +2597,7 @@ CVE-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog 1.6.2 NOT-FOR-US: KorWeblog CVE-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and ...) - moodle 1.4.3-1 -CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in Moodle 1.4.2 and earlier ...) +CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 ...) - moodle 1.4.3-1 CVE-2004-1423 (Multiple PHP remote file inclusion vulnerabilities in Sean Proctor ...) NOT-FOR-US: PHP-Calendar diff --git a/data/CVE/2005.list b/data/CVE/2005.list index f3737196c5..772eb88c71 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -1,3 +1,25 @@ +CVE-2005-4859 (mimicboard2 (Mimic2) 086 and earlier stores sensitive information ...) + TODO: check +CVE-2005-4858 (Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in ...) + TODO: check +CVE-2005-4857 (eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and ...) + TODO: check +CVE-2005-4856 (The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, ...) + TODO: check +CVE-2005-4855 (Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, ...) + TODO: check +CVE-2005-4854 (eZ publish 3.5 through 3.7 before 20050830 does not use a folder's ...) + TODO: check +CVE-2005-4853 (The default configuration of the forum package in eZ publish 3.5 ...) + TODO: check +CVE-2005-4852 (The siteaccess URIMatching implementation in eZ publish 3.5 through ...) + TODO: check +CVE-2005-4851 (eZ publish 3.4.4 through 3.7 before 20050722 applies certain ...) + TODO: check +CVE-2005-4850 (eZ publish 3.5 through 3.7 before 20050608 requires both edit and ...) + TODO: check +CVE-2005-4849 (Apache Derby before 10.1.2.1 exposes the (1) user and (2) password ...) + TODO: check CVE-2005-4848 (Buffer overflow in the decompression algorithm in Research in Motion ...) NOT-FOR-US: BlackBerry Enterprise Server CVE-2005-4847 (Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack ...) @@ -1092,7 +1114,7 @@ CVE-2005-4362 (SQL injection vulnerability in page.php in Komodo CMS 2.1 allows NOT-FOR-US: Komodo CMS CVE-2005-4361 (Cross-site scripting (XSS) vulnerability in search.html in Magnolia ...) NOT-FOR-US: Magnolia Content Management Suite -CVE-2005-4360 (Microsoft IIS 5.1 allows remote attackers to cause a denial of service ...) +CVE-2005-4360 (The URL parser in Microsoft Internet Information Services (IIS) 5.1 on ...) NOT-FOR-US: IIS CVE-2005-4359 (SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 ...) NOT-FOR-US: ODFaq diff --git a/data/CVE/2006.list b/data/CVE/2006.list index 7eba391a89..45fb1b3e9a 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -1,3 +1,15 @@ +CVE-2006-7220 (Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote ...) + TODO: check +CVE-2006-7219 (eZ publish before 3.8.5 does not properly enforce permissions for ...) + TODO: check +CVE-2006-7218 (eZ publish before 3.8.1 does not properly enforce permissions for ...) + TODO: check +CVE-2006-7217 (Apache Derby before 10.2.1.6 does not determine schema privilege ...) + TODO: check +CVE-2006-7216 (Apache Derby before 10.2.1.6 does not determine privilege requirements ...) + TODO: check +CVE-2006-7215 (The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop ...) + TODO: check CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow remote ...) NOT-FOR-US: Firebird CVE-2006-7213 (Firebird 1.5 allows remote authenticated users without SYSDBA and ...) @@ -5894,8 +5906,8 @@ CVE-2006-4521 (The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS NOT-FOR-US: Novell eDirectory CVE-2006-4520 (ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 ...) NOT-FOR-US: Novell eDirectory -CVE-2006-4519 - RESERVED +CVE-2006-4519 (Multiple integer overflows in the image loader plug-ins in GIMP before ...) + TODO: check CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Qbik WinGate CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a ...) @@ -9009,7 +9021,7 @@ CVE-2006-3144 (PHP remote file inclusion vulnerability in microcms-include.php i NOT-FOR-US: IBD Micro CMS CVE-2006-3143 (Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus ...) NOT-FOR-US: Maximus SchoolMAX -CVE-2006-3142 (SQL injection vulnerability in Forum.php in VBZooM 1.11 allows remote ...) +CVE-2006-3142 (SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote ...) NOT-FOR-US: VBZooM CVE-2006-3141 (Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye ...) NOT-FOR-US: Tradingeye Shop diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 419df83851..6f2de2a991 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -1,3 +1,327 @@ +CVE-2007-3676 + RESERVED +CVE-2007-3675 + RESERVED +CVE-2007-3674 + RESERVED +CVE-2007-3673 + RESERVED +CVE-2007-3672 (Cross-site scripting (XSS) vulnerability in ecrire/tools.php in ...) + TODO: check +CVE-2007-3671 (Unspecified vulnerability in the kernel in Microsoft Windows Vista has ...) + TODO: check +CVE-2007-3670 (Argument injection vulnerability in Microsoft Internet Explorer, when ...) + TODO: check +CVE-2007-3669 (Multiple unspecified vulnerabilities in the Innovasys DockStudioXP ...) + TODO: check +CVE-2007-3668 (Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia ...) + TODO: check +CVE-2007-3667 (Unspecified vulnerability in EXCLEXPT.DLL in ActiveReportsExcelReport ...) + TODO: check +CVE-2007-3666 (Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 ...) + TODO: check +CVE-2007-3665 (Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec ...) + TODO: check +CVE-2007-3664 (Multiple unspecified vulnerabilities in Eltima Software RunService ...) + TODO: check +CVE-2007-3663 (Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows ...) + TODO: check +CVE-2007-3662 (Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote ...) + TODO: check +CVE-2007-3661 (Eltima Software Virtual Serial Port (VSPAX) ActiveX control ...) + TODO: check +CVE-2007-3660 (The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows ...) + TODO: check +CVE-2007-3659 (Buffer overflow in the doBrowserAction function in FreeWRL 1.19.3 ...) + TODO: check +CVE-2007-3658 (Unspecified vulnerability in Microsoft Register Server (REGSVR) allows ...) + TODO: check +CVE-2007-3657 (** DISPUTED ** ...) + TODO: check +CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not ...) + TODO: check +CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE ...) + TODO: check +CVE-2007-3654 + RESERVED +CVE-2007-3653 + RESERVED +CVE-2007-3652 + RESERVED +CVE-2007-3651 + RESERVED +CVE-2007-3650 + RESERVED +CVE-2007-3649 (Absolute path traversal vulnerability in a certain ActiveX control in ...) + TODO: check +CVE-2007-3648 (SQL injection vulnerability in Webmatic before 2.6.2, and possibly ...) + TODO: check +CVE-2007-3647 (The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and ...) + TODO: check +CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7 and ...) + TODO: check +CVE-2007-3645 + RESERVED +CVE-2007-3644 + RESERVED +CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative privileges ...) + TODO: check +CVE-2007-3642 (The decode_choice function in net/netfilter/bf_conntrack_h323_asn1.c ...) + TODO: check +CVE-2007-3641 + RESERVED +CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent ...) + TODO: check +CVE-2007-3639 (WordPress before 2.2.2 allows remote attackers to redirect visitors to ...) + TODO: check +CVE-2007-3638 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote ...) + TODO: check +CVE-2007-3637 (SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers ...) + TODO: check +CVE-2007-3636 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for ...) + TODO: check +CVE-2007-3635 (Unspecified vulnerability in the G/PGP (GPG) Plugin before 2.1 for ...) + TODO: check +CVE-2007-3634 (Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for ...) + TODO: check +CVE-2007-3633 (Absolute path traversal vulnerability in the Chilkat Software Chilkat ...) + TODO: check +CVE-2007-3632 (Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka ...) + TODO: check +CVE-2007-3631 (SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 ...) + TODO: check +CVE-2007-3630 (changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require ...) + TODO: check +CVE-2007-3629 (SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 ...) + TODO: check +CVE-2007-3628 (Unspecified vulnerability in the fetch function in MDB2.php in PEAR ...) + TODO: check +CVE-2007-3627 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express ...) + TODO: check +CVE-2007-3626 (Unspecified vulnerability in the ADM daemon in Hitachi TPBroker before ...) + TODO: check +CVE-2007-3625 (The Program Neighborhood Agent in Citrix Presentation Server Clients ...) + TODO: check +CVE-2007-3624 (Heap-based buffer overflow in the Message HTTP Server in SAP Message ...) + TODO: check +CVE-2007-3623 (Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand ...) + TODO: check +CVE-2007-3622 (Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon ...) + TODO: check +CVE-2007-3621 (Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex ...) + TODO: check +CVE-2007-3620 (Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 ...) + TODO: check +CVE-2007-3619 (Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 ...) + TODO: check +CVE-2007-3618 + RESERVED +CVE-2007-3617 (The report module in vtiger CRM before 5.0.3 does not properly apply ...) + TODO: check +CVE-2007-3616 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...) + TODO: check +CVE-2007-3615 (Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver ...) + TODO: check +CVE-2007-3614 (Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB ...) + TODO: check +CVE-2007-3613 (Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP ...) + TODO: check +CVE-2007-3612 (Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC ...) + TODO: check +CVE-2007-3611 (admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not ...) + TODO: check +CVE-2007-3610 (SQL injection vulnerability in categories_type.php in phpVID 0.9.9 ...) + TODO: check +CVE-2007-3609 (Multiple SQL injection vulnerabilities in eMeeting Online Dating ...) + TODO: check +CVE-2007-3608 (Multiple unspecified vulnerabilities in ActiveX controls in the ...) + TODO: check +CVE-2007-3607 (Multiple unspecified vulnerabilities in ActiveX controls in the ...) + TODO: check +CVE-2007-3606 (Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX ...) + TODO: check +CVE-2007-3605 (Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX ...) + TODO: check +CVE-2007-3604 (vtiger CRM before 5.0.3 allows remote authenticated users with access ...) + TODO: check +CVE-2007-3603 (SQL injection vulnerability in the dashboard ...) + TODO: check +CVE-2007-3602 (The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that ...) + TODO: check +CVE-2007-3601 (vtiger CRM before 5.0.3, when a migrated build is used, allows remote ...) + TODO: check +CVE-2007-3600 (WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 ...) + TODO: check +CVE-2007-3599 (vtiger CRM before 5.0.3 allows remote authenticated users to import ...) + TODO: check +CVE-2007-3598 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...) + TODO: check +CVE-2007-3597 (Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows ...) + TODO: check +CVE-2007-3596 (inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric ...) + TODO: check +CVE-2007-3595 (SQL injection vulnerability in include/get_userdata.php in ...) + TODO: check +CVE-2007-3594 (Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ...) + TODO: check +CVE-2007-3593 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...) + TODO: check +CVE-2007-3592 (PM.php in Elite Bulletin Board before 1.0.10 allows remote ...) + TODO: check +CVE-2007-3591 (Unspecified vulnerability in Profile.php in Elite Bulletin Board ...) + TODO: check +CVE-2007-3590 (Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB ...) + TODO: check +CVE-2007-3589 (Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote ...) + TODO: check +CVE-2007-3588 (SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote ...) + TODO: check +CVE-2007-3587 (MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via ...) + TODO: check +CVE-2007-3586 (Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 ...) + TODO: check +CVE-2007-3585 (PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 ...) + TODO: check +CVE-2007-3584 (SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and ...) + TODO: check +CVE-2007-3583 (SQL injection vulnerability in details_news.php in Girlserv ads 1.5 ...) + TODO: check +CVE-2007-3582 (SQL injection vulnerability in index.php in SuperCali PHP Event ...) + TODO: check +CVE-2007-3581 (The Jedox Palo 1.5 client transmits the password in cleartext, which ...) + TODO: check +CVE-2007-3580 (PHPIDS does not properly handle certain code containing newlines, as ...) + TODO: check +CVE-2007-3579 (PHPIDS before 20070703 does not properly handle setting the .text ...) + TODO: check +CVE-2007-3578 (PHPIDS before 20070703 does not properly handle (1) arithmetic ...) + TODO: check +CVE-2007-3577 (PHPIDS before 20070703 does not properly handle use of the substr ...) + TODO: check +CVE-2007-3576 (** DISPUTED ** ...) + TODO: check +CVE-2007-3575 (SQL injection vulnerability in includes/functions in FreeDomain.co.nr ...) + TODO: check +CVE-2007-3574 (Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on ...) + TODO: check +CVE-2007-3573 (Multiple SQL injection vulnerabilities in akocomment allow remote ...) + TODO: check +CVE-2007-3572 (Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in ...) + TODO: check +CVE-2007-3571 (The Apache Web Server as used in Novell NetWare 6.5 and GroupWise ...) + TODO: check +CVE-2007-3570 (The Linux Access Gateway in Novell Access Manager before 3.0 SP1 ...) + TODO: check +CVE-2007-3569 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library ...) + TODO: check +CVE-2007-3568 (The _LoadBMP function in imlib 1.9.15 and earlier allows ...) + TODO: check +CVE-2007-3567 (MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in ...) + TODO: check +CVE-2007-3566 + RESERVED +CVE-2007-3565 + RESERVED +CVE-2007-3564 + RESERVED +CVE-2007-3563 (SQL injection vulnerability in includes/view_page.php in AV Arcade ...) + TODO: check +CVE-2007-3562 (SQL injection vulnerability in videos.php in PHP Director 0.21 and ...) + TODO: check +CVE-2007-3561 (Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 ...) + TODO: check +CVE-2007-3560 (Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have ...) + TODO: check +CVE-2007-3559 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check +CVE-2007-3558 (SQL injection vulnerability in Coppermine Photo Gallery (CPG) before ...) + TODO: check +CVE-2007-3557 (SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, ...) + TODO: check +CVE-2007-3556 (Liesbeth base CMS stores sensitive information under the web root with ...) + TODO: check +CVE-2007-3555 (Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 ...) + TODO: check +CVE-2007-3554 (Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control ...) + TODO: check +CVE-2007-3553 (Cross-site scripting (XSS) vulnerability in Rapid Install Web Server ...) + TODO: check +CVE-2007-3552 (Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote ...) + TODO: check +CVE-2007-3551 (Buffer overflow in bbs100 before 3.2 allows remote attackers to cause ...) + TODO: check +CVE-2007-3550 (Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to ...) + TODO: check +CVE-2007-3549 (SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 ...) + TODO: check +CVE-2007-3548 (Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers ...) + TODO: check +CVE-2007-3547 (Directory traversal vulnerability in qti_checkname.php in QuickTicket ...) + TODO: check +CVE-2007-3546 (Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus ...) + TODO: check +CVE-2007-3545 (Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows ...) + TODO: check +CVE-2007-3544 (Unrestricted file upload vulnerability in (1) wp-app.php and (2) ...) + TODO: check +CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1 and ...) + TODO: check +CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml ...) + TODO: check +CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 ...) + TODO: check +CVE-2007-3540 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in ...) + TODO: check +CVE-2007-3539 (Multiple SQL injection vulnerabilities in QuickTicket 1.2 ...) + TODO: check +CVE-2007-3538 (SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook ...) + TODO: check +CVE-2007-3537 (IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends ...) + TODO: check +CVE-2007-3536 (Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX ...) + TODO: check +CVE-2007-3535 (Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 ...) + TODO: check +CVE-2007-3534 (SQL injection vulnerability in login.php in WebChat 0.78 allows remote ...) + TODO: check +CVE-2007-3533 (The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote ...) + TODO: check +CVE-2007-3532 + RESERVED +CVE-2007-3531 + RESERVED +CVE-2007-3530 (PHPDirector 0.21 and earlier stores the admin account name and ...) + TODO: check +CVE-2007-3529 (videos.php in PHPDirector 0.21 and earlier allows remote attackers to ...) + TODO: check +CVE-2007-3528 (The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC ...) + TODO: check +CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated users ...) + TODO: check +CVE-2007-3526 (Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier ...) + TODO: check +CVE-2007-3525 (Ripe Website Manager 0.8.9 and earlier allows remote attackers to ...) + TODO: check +CVE-2007-3524 (Multiple PHP remote file inclusion vulnerabilities in Ripe Website ...) + TODO: check +CVE-2007-3523 (Multiple directory traversal vulnerabilities in Module/Galerie.php in ...) + TODO: check +CVE-2007-3522 (Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 ...) + TODO: check +CVE-2007-3521 (SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 ...) + TODO: check +CVE-2007-3520 (SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store ...) + TODO: check +CVE-2007-3519 (SQL injection vulnerability in eventdisplay.php in phpEventCalendar ...) + TODO: check +CVE-2007-3518 (SQL injection vulnerability in msg.php in HispaH YouTube Clone Script ...) + TODO: check +CVE-2007-3517 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 ...) + TODO: check +CVE-2007-3516 (Multiple cross-site scripting (XSS) vulnerabilities in kayit.asp in ...) + TODO: check +CVE-2007-3515 (SQL injection vulnerability in view_event.php in TotalCalendar 2.402 ...) + TODO: check CVE-2007-XXXX [silc-toolkit several buffer overflows] - silc-toolkit 1.1.2-1 NOTE: http://silcnet.org/docs/changelog/SILC Toolkit 1.1.2 @@ -17,8 +341,7 @@ CVE-2007-3510 RESERVED CVE-2007-3509 RESERVED -CVE-2007-3508 [glibc hwcaps integer overflow] - RESERVED +CVE-2007-3508 (** DISPUTED ** ...) - glibc 2.6-2 (unimportant; bug #431858) NOTE: Not security-relevant CVE-2007-3507 (Stack-based buffer overflow in the local__vcentry_parse_value function ...) @@ -67,19 +390,19 @@ CVE-2007-3489 (Cross-site request forgery (CSRF) vulnerability in pop/WizU.html NOT-FOR-US: Check Point VPN-1 Edge X CVE-2007-3488 (Heap-based buffer overflow in the viewer ActiveX control in Sony ...) NOT-FOR-US: Sony Network Camera SNC-P5 1.0 -CVE-2007-3487 (Absolute directory traversal in a certain ActiveX control in ...) +CVE-2007-3487 (Absolute path traversal in a certain ActiveX control in hpqxml.dll ...) NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control CVE-2007-3486 (Cross-site scripting (XSS) vulnerability in AltaVista search engine ...) NOT-FOR-US: AltaVista CVE-2007-3485 (Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server ...) NOT-FOR-US: Yandex.Server -CVE-2007-3484 (Cross-site scripting (XSS) vulnerability in search.php in Google ...) +CVE-2007-3484 (** DISPUTED ** ...) NOT-FOR-US: Google Custom Search Engine CVE-2007-3483 (Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a ...) NOT-FOR-US: BlackBerry Enterprise Server -CVE-2007-3482 (Cross-domain vulnerability in Apple Safari allows remote attackers to ...) +CVE-2007-3482 (Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows ...) NOT-FOR-US: Apple Safari -CVE-2007-3481 (Cross-domain vulnerability in Microsoft Internet Explorer allows ...) +CVE-2007-3481 (** DISPUTED ** ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3480 (PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to ...) NOT-FOR-US: PCSoft WinDEV @@ -250,7 +573,7 @@ CVE-2007-3402 (SQL injection vulnerability in index.php in pagetool 1.07 allows NOT-FOR-US: pagetool CVE-2007-3401 (PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB ...) NOT-FOR-US: B1GBB -CVE-2007-3400 (The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157 ...) +CVE-2007-3400 (The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as ...) NOT-FOR-US: NCTAudioEditor2 ActiveX control CVE-2007-3399 (SQL injection vulnerability in include/get_userdata.php in Power ...) NOT-FOR-US: Power Phlogger @@ -911,8 +1234,8 @@ CVE-2007-3109 (The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPag NOT-FOR-US: Microsoft FrontPage CVE-2007-3108 RESERVED -CVE-2007-3107 - RESERVED +CVE-2007-3107 (The signal handling in the Linux kernel 2.6.2 and later, when run on ...) + TODO: check CVE-2007-3106 RESERVED CVE-2007-3105 @@ -1063,8 +1386,8 @@ CVE-2007-3040 RESERVED CVE-2007-3039 RESERVED -CVE-2007-3038 - RESERVED +CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64 Edition ...) + TODO: check CVE-2007-3037 RESERVED CVE-2007-3036 @@ -1079,12 +1402,12 @@ CVE-2007-3032 RESERVED CVE-2007-3031 RESERVED -CVE-2007-3030 - RESERVED -CVE-2007-3029 - RESERVED -CVE-2007-3028 - RESERVED +CVE-2007-3030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows ...) + TODO: check +CVE-2007-3029 (Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 ...) + TODO: check +CVE-2007-3028 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...) + TODO: check CVE-2007-3027 (Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3026 @@ -1117,10 +1440,10 @@ CVE-2007-3014 RESERVED CVE-2007-3013 RESERVED -CVE-2007-3012 - RESERVED -CVE-2007-3011 - RESERVED +CVE-2007-3012 (The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch ...) + TODO: check +CVE-2007-3011 (The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens ...) + TODO: check CVE-2007-3010 RESERVED CVE-2007-3009 (Format string vulnerability in the MprLogToFile::logEvent function in ...) @@ -1254,8 +1577,7 @@ CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KV - kvirc <unfixed> (medium) CVE-2007-2950 RESERVED -CVE-2007-2949 [heap overflow in GIMP's PSD importer] - RESERVED +CVE-2007-2949 (Integer overflow in the seek_to_and_unpack_pixeldata function in the ...) - gimp 2.2.16-1 (medium) - ingimp 2.2.16.20070710-1 NOTE: http://secunia.com/secunia_research/2007-63/advisory @@ -1518,16 +1840,14 @@ CVE-2007-2841 RESERVED CVE-2007-2840 RESERVED -CVE-2007-2839 [gfax: local users can maniplate root's contrab] - RESERVED +CVE-2007-2839 (gfax 0.4.2 and probably other versions creates temporary files ...) {DSA-1329-1} - gfax 0.6 (bug #431893; low) NOTE: Vulnerable code no longer present since 0.6, so marking this as fixed version CVE-2007-2838 (The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 ...) {DSA-1327-1} - gsambad 0.1.6-2 (bug #431331) -CVE-2007-2837 - RESERVED +CVE-2007-2837 (The (1) getRule and (2) getChains functions in server/rules.cpp in ...) {DSA-1326-1} - fireflier 1.1.7 CVE-2007-2836 (Directory traversal vulnerability in session.rb in Hiki 0.8.0 through ...) @@ -1693,7 +2013,7 @@ CVE-2007-2768 (OpenSSH, when using OPIE (One-Time Passwords in Everything) for P [sarge] - openssh <no-dsa> (Minor issue) CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) ...) NOT-FOR-US: OPeNDAP -CVE-2007-2766 (Backup Manager before 0.7.6 provides the MySQL password as a plaintext ...) +CVE-2007-2766 (lib/backup-methods.sh in Backup Manager before 0.7.6 provides the ...) - backup-manager <unfixed> (low) [sarge] - backup-manager <no-dsa> (Minor issue) [etch] - backup-manager <no-dsa> (Minor issue) @@ -3920,12 +4240,12 @@ CVE-2007-1758 RESERVED CVE-2007-1757 RESERVED -CVE-2007-1756 - RESERVED +CVE-2007-1756 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office ...) + TODO: check CVE-2007-1755 RESERVED -CVE-2007-1754 - RESERVED +CVE-2007-1754 (Microsoft Office Publisher 2007 does not properly clear memory when ...) + TODO: check CVE-2007-1753 RESERVED CVE-2007-1752 @@ -7858,14 +8178,14 @@ CVE-2007-0045 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acro NOTE: and icape 1.0.8-1 CVE-2007-0044 (Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet ...) NOT-FOR-US: Adobe Acrobat Reader Plugin -CVE-2007-0043 - RESERVED -CVE-2007-0042 - RESERVED -CVE-2007-0041 - RESERVED -CVE-2007-0040 - RESERVED +CVE-2007-0043 (The Just In Time (JIT) Compiler service in Microsoft .NET Framework ...) + TODO: check +CVE-2007-0042 (ASP.NET in Microsoft .NET Framework 2.0 SP2 and earlier for Windows ...) + TODO: check +CVE-2007-0041 (The PE Loader service in Microsoft .NET Framework 2.0 SP2 and earlier ...) + TODO: check +CVE-2007-0040 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...) + TODO: check CVE-2007-0039 (The Exchange Collaboration Data Objects (EXCDO) functionality in ...) NOT-FOR-US: Microsoft CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in Microsoft ...) |