automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6133 e39458fd-73e7-0310-bf30-c45bca0a0e42

5 files changed, 405 insertions, 45 deletions

diff --git a/data/CVE/1999.list b/data/CVE/1999.list
index 227faa235b..b0c2fa5ed8 100644
--- a/data/CVE/1999.list
+++ b/data/CVE/1999.list
@@ -1,3 +1,5 @@
+CVE-1999-1591 (Microsoft Internet Information Services (IIS) server 4.0 SP4, without ...)
+	TODO: check
 CVE-1999-1590 (Directory traversal vulnerability in Muhammad A. Muquit wwwcount ...)
 	NOT-FOR-US: Muhammad A. Muquit wwwcoun
 CVE-1999-1589 (Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users ...)
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index 50a7334e11..50e97c16d2 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -1,3 +1,7 @@
+CVE-2004-2682 (PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which ...)
+	TODO: check
+CVE-2004-2681 (PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely ...)
+	TODO: check
 CVE-2004-2680 (mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly ...)
 	- libapache2-mod-python 3.2.8-1 (low)
 CVE-2004-2679 (Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to ...)
@@ -2593,7 +2597,7 @@ CVE-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog 1.6.2
 	NOT-FOR-US: KorWeblog
 CVE-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and ...)
 	- moodle 1.4.3-1
-CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in Moodle 1.4.2 and earlier ...)
+CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 ...)
 	- moodle 1.4.3-1
 CVE-2004-1423 (Multiple PHP remote file inclusion vulnerabilities in Sean Proctor ...)
 	NOT-FOR-US: PHP-Calendar
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index f3737196c5..772eb88c71 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -1,3 +1,25 @@
+CVE-2005-4859 (mimicboard2 (Mimic2) 086 and earlier stores sensitive information ...)
+	TODO: check
+CVE-2005-4858 (Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in ...)
+	TODO: check
+CVE-2005-4857 (eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and ...)
+	TODO: check
+CVE-2005-4856 (The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, ...)
+	TODO: check
+CVE-2005-4855 (Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, ...)
+	TODO: check
+CVE-2005-4854 (eZ publish 3.5 through 3.7 before 20050830 does not use a folder's ...)
+	TODO: check
+CVE-2005-4853 (The default configuration of the forum package in eZ publish 3.5 ...)
+	TODO: check
+CVE-2005-4852 (The siteaccess URIMatching implementation in eZ publish 3.5 through ...)
+	TODO: check
+CVE-2005-4851 (eZ publish 3.4.4 through 3.7 before 20050722 applies certain ...)
+	TODO: check
+CVE-2005-4850 (eZ publish 3.5 through 3.7 before 20050608 requires both edit and ...)
+	TODO: check
+CVE-2005-4849 (Apache Derby before 10.1.2.1 exposes the (1) user and (2) password ...)
+	TODO: check
 CVE-2005-4848 (Buffer overflow in the decompression algorithm in Research in Motion ...)
 	NOT-FOR-US: BlackBerry Enterprise Server
 CVE-2005-4847 (Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack ...)
@@ -1092,7 +1114,7 @@ CVE-2005-4362 (SQL injection vulnerability in page.php in Komodo CMS 2.1 allows
 	NOT-FOR-US: Komodo CMS
 CVE-2005-4361 (Cross-site scripting (XSS) vulnerability in search.html in Magnolia ...)
 	NOT-FOR-US: Magnolia Content Management Suite
-CVE-2005-4360 (Microsoft IIS 5.1 allows remote attackers to cause a denial of service ...)
+CVE-2005-4360 (The URL parser in Microsoft Internet Information Services (IIS) 5.1 on ...)
 	NOT-FOR-US: IIS
 CVE-2005-4359 (SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 ...)
 	NOT-FOR-US: ODFaq
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 7eba391a89..45fb1b3e9a 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -1,3 +1,15 @@
+CVE-2006-7220 (Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote ...)
+	TODO: check
+CVE-2006-7219 (eZ publish before 3.8.5 does not properly enforce permissions for ...)
+	TODO: check
+CVE-2006-7218 (eZ publish before 3.8.1 does not properly enforce permissions for ...)
+	TODO: check
+CVE-2006-7217 (Apache Derby before 10.2.1.6 does not determine schema privilege ...)
+	TODO: check
+CVE-2006-7216 (Apache Derby before 10.2.1.6 does not determine privilege requirements ...)
+	TODO: check
+CVE-2006-7215 (The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop ...)
+	TODO: check
 CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow remote ...)
 	NOT-FOR-US: Firebird
 CVE-2006-7213 (Firebird 1.5 allows remote authenticated users without SYSDBA and ...)
@@ -5894,8 +5906,8 @@ CVE-2006-4521 (The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS
 	NOT-FOR-US: Novell eDirectory
 CVE-2006-4520 (ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 ...)
 	NOT-FOR-US: Novell eDirectory
-CVE-2006-4519
-	RESERVED
+CVE-2006-4519 (Multiple integer overflows in the image loader plug-ins in GIMP before ...)
+	TODO: check
 CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a ...)
 	NOT-FOR-US: Qbik WinGate
 CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a ...)
@@ -9009,7 +9021,7 @@ CVE-2006-3144 (PHP remote file inclusion vulnerability in microcms-include.php i
 	NOT-FOR-US: IBD Micro CMS
 CVE-2006-3143 (Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus ...)
 	NOT-FOR-US: Maximus SchoolMAX
-CVE-2006-3142 (SQL injection vulnerability in Forum.php in VBZooM 1.11 allows remote ...)
+CVE-2006-3142 (SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote ...)
 	NOT-FOR-US: VBZooM
 CVE-2006-3141 (Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye ...)
 	NOT-FOR-US: Tradingeye Shop
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 419df83851..6f2de2a991 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -1,3 +1,327 @@
+CVE-2007-3676
+	RESERVED
+CVE-2007-3675
+	RESERVED
+CVE-2007-3674
+	RESERVED
+CVE-2007-3673
+	RESERVED
+CVE-2007-3672 (Cross-site scripting (XSS) vulnerability in ecrire/tools.php in ...)
+	TODO: check
+CVE-2007-3671 (Unspecified vulnerability in the kernel in Microsoft Windows Vista has ...)
+	TODO: check
+CVE-2007-3670 (Argument injection vulnerability in Microsoft Internet Explorer, when ...)
+	TODO: check
+CVE-2007-3669 (Multiple unspecified vulnerabilities in the Innovasys DockStudioXP ...)
+	TODO: check
+CVE-2007-3668 (Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia ...)
+	TODO: check
+CVE-2007-3667 (Unspecified vulnerability in EXCLEXPT.DLL in ActiveReportsExcelReport ...)
+	TODO: check
+CVE-2007-3666 (Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 ...)
+	TODO: check
+CVE-2007-3665 (Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec ...)
+	TODO: check
+CVE-2007-3664 (Multiple unspecified vulnerabilities in Eltima Software RunService ...)
+	TODO: check
+CVE-2007-3663 (Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows ...)
+	TODO: check
+CVE-2007-3662 (Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote ...)
+	TODO: check
+CVE-2007-3661 (Eltima Software Virtual Serial Port (VSPAX) ActiveX control ...)
+	TODO: check
+CVE-2007-3660 (The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows ...)
+	TODO: check
+CVE-2007-3659 (Buffer overflow in the doBrowserAction function in FreeWRL 1.19.3 ...)
+	TODO: check
+CVE-2007-3658 (Unspecified vulnerability in Microsoft Register Server (REGSVR) allows ...)
+	TODO: check
+CVE-2007-3657 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not ...)
+	TODO: check
+CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE ...)
+	TODO: check
+CVE-2007-3654
+	RESERVED
+CVE-2007-3653
+	RESERVED
+CVE-2007-3652
+	RESERVED
+CVE-2007-3651
+	RESERVED
+CVE-2007-3650
+	RESERVED
+CVE-2007-3649 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
+	TODO: check
+CVE-2007-3648 (SQL injection vulnerability in Webmatic before 2.6.2, and possibly ...)
+	TODO: check
+CVE-2007-3647 (The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and ...)
+	TODO: check
+CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7 and ...)
+	TODO: check
+CVE-2007-3645
+	RESERVED
+CVE-2007-3644
+	RESERVED
+CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative privileges ...)
+	TODO: check
+CVE-2007-3642 (The decode_choice function in net/netfilter/bf_conntrack_h323_asn1.c ...)
+	TODO: check
+CVE-2007-3641
+	RESERVED
+CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent ...)
+	TODO: check
+CVE-2007-3639 (WordPress before 2.2.2 allows remote attackers to redirect visitors to ...)
+	TODO: check
+CVE-2007-3638 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote ...)
+	TODO: check
+CVE-2007-3637 (SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers ...)
+	TODO: check
+CVE-2007-3636 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for ...)
+	TODO: check
+CVE-2007-3635 (Unspecified vulnerability in the G/PGP (GPG) Plugin before 2.1 for ...)
+	TODO: check
+CVE-2007-3634 (Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for ...)
+	TODO: check
+CVE-2007-3633 (Absolute path traversal vulnerability in the Chilkat Software Chilkat ...)
+	TODO: check
+CVE-2007-3632 (Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka ...)
+	TODO: check
+CVE-2007-3631 (SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 ...)
+	TODO: check
+CVE-2007-3630 (changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require ...)
+	TODO: check
+CVE-2007-3629 (SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 ...)
+	TODO: check
+CVE-2007-3628 (Unspecified vulnerability in the fetch function in MDB2.php in PEAR ...)
+	TODO: check
+CVE-2007-3627 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express ...)
+	TODO: check
+CVE-2007-3626 (Unspecified vulnerability in the ADM daemon in Hitachi TPBroker before ...)
+	TODO: check
+CVE-2007-3625 (The Program Neighborhood Agent in Citrix Presentation Server Clients ...)
+	TODO: check
+CVE-2007-3624 (Heap-based buffer overflow in the Message HTTP Server in SAP Message ...)
+	TODO: check
+CVE-2007-3623 (Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand ...)
+	TODO: check
+CVE-2007-3622 (Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon ...)
+	TODO: check
+CVE-2007-3621 (Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex ...)
+	TODO: check
+CVE-2007-3620 (Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 ...)
+	TODO: check
+CVE-2007-3619 (Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 ...)
+	TODO: check
+CVE-2007-3618
+	RESERVED
+CVE-2007-3617 (The report module in vtiger CRM before 5.0.3 does not properly apply ...)
+	TODO: check
+CVE-2007-3616 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...)
+	TODO: check
+CVE-2007-3615 (Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver ...)
+	TODO: check
+CVE-2007-3614 (Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB ...)
+	TODO: check
+CVE-2007-3613 (Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP ...)
+	TODO: check
+CVE-2007-3612 (Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC ...)
+	TODO: check
+CVE-2007-3611 (admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not ...)
+	TODO: check
+CVE-2007-3610 (SQL injection vulnerability in categories_type.php in phpVID 0.9.9 ...)
+	TODO: check
+CVE-2007-3609 (Multiple SQL injection vulnerabilities in eMeeting Online Dating ...)
+	TODO: check
+CVE-2007-3608 (Multiple unspecified vulnerabilities in ActiveX controls in the ...)
+	TODO: check
+CVE-2007-3607 (Multiple unspecified vulnerabilities in ActiveX controls in the ...)
+	TODO: check
+CVE-2007-3606 (Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX ...)
+	TODO: check
+CVE-2007-3605 (Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX ...)
+	TODO: check
+CVE-2007-3604 (vtiger CRM before 5.0.3 allows remote authenticated users with access ...)
+	TODO: check
+CVE-2007-3603 (SQL injection vulnerability in the dashboard ...)
+	TODO: check
+CVE-2007-3602 (The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that ...)
+	TODO: check
+CVE-2007-3601 (vtiger CRM before 5.0.3, when a migrated build is used, allows remote ...)
+	TODO: check
+CVE-2007-3600 (WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 ...)
+	TODO: check
+CVE-2007-3599 (vtiger CRM before 5.0.3 allows remote authenticated users to import ...)
+	TODO: check
+CVE-2007-3598 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...)
+	TODO: check
+CVE-2007-3597 (Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows ...)
+	TODO: check
+CVE-2007-3596 (inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric ...)
+	TODO: check
+CVE-2007-3595 (SQL injection vulnerability in include/get_userdata.php in ...)
+	TODO: check
+CVE-2007-3594 (Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ...)
+	TODO: check
+CVE-2007-3593 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
+	TODO: check
+CVE-2007-3592 (PM.php in Elite Bulletin Board before 1.0.10 allows remote ...)
+	TODO: check
+CVE-2007-3591 (Unspecified vulnerability in Profile.php in Elite Bulletin Board ...)
+	TODO: check
+CVE-2007-3590 (Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB ...)
+	TODO: check
+CVE-2007-3589 (Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote ...)
+	TODO: check
+CVE-2007-3588 (SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote ...)
+	TODO: check
+CVE-2007-3587 (MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via ...)
+	TODO: check
+CVE-2007-3586 (Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 ...)
+	TODO: check
+CVE-2007-3585 (PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 ...)
+	TODO: check
+CVE-2007-3584 (SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and ...)
+	TODO: check
+CVE-2007-3583 (SQL injection vulnerability in details_news.php in Girlserv ads 1.5 ...)
+	TODO: check
+CVE-2007-3582 (SQL injection vulnerability in index.php in SuperCali PHP Event ...)
+	TODO: check
+CVE-2007-3581 (The Jedox Palo 1.5 client transmits the password in cleartext, which ...)
+	TODO: check
+CVE-2007-3580 (PHPIDS does not properly handle certain code containing newlines, as ...)
+	TODO: check
+CVE-2007-3579 (PHPIDS before 20070703 does not properly handle setting the .text ...)
+	TODO: check
+CVE-2007-3578 (PHPIDS before 20070703 does not properly handle (1) arithmetic ...)
+	TODO: check
+CVE-2007-3577 (PHPIDS before 20070703 does not properly handle use of the substr ...)
+	TODO: check
+CVE-2007-3576 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-3575 (SQL injection vulnerability in includes/functions in FreeDomain.co.nr ...)
+	TODO: check
+CVE-2007-3574 (Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on ...)
+	TODO: check
+CVE-2007-3573 (Multiple SQL injection vulnerabilities in akocomment allow remote ...)
+	TODO: check
+CVE-2007-3572 (Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in ...)
+	TODO: check
+CVE-2007-3571 (The Apache Web Server as used in Novell NetWare 6.5 and GroupWise ...)
+	TODO: check
+CVE-2007-3570 (The Linux Access Gateway in Novell Access Manager before 3.0 SP1 ...)
+	TODO: check
+CVE-2007-3569 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library ...)
+	TODO: check
+CVE-2007-3568 (The _LoadBMP function in imlib 1.9.15 and earlier allows ...)
+	TODO: check
+CVE-2007-3567 (MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in ...)
+	TODO: check
+CVE-2007-3566
+	RESERVED
+CVE-2007-3565
+	RESERVED
+CVE-2007-3564
+	RESERVED
+CVE-2007-3563 (SQL injection vulnerability in includes/view_page.php in AV Arcade ...)
+	TODO: check
+CVE-2007-3562 (SQL injection vulnerability in videos.php in PHP Director 0.21 and ...)
+	TODO: check
+CVE-2007-3561 (Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 ...)
+	TODO: check
+CVE-2007-3560 (Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have ...)
+	TODO: check
+CVE-2007-3559 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2007-3558 (SQL injection vulnerability in Coppermine Photo Gallery (CPG) before ...)
+	TODO: check
+CVE-2007-3557 (SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, ...)
+	TODO: check
+CVE-2007-3556 (Liesbeth base CMS stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2007-3555 (Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 ...)
+	TODO: check
+CVE-2007-3554 (Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control ...)
+	TODO: check
+CVE-2007-3553 (Cross-site scripting (XSS) vulnerability in Rapid Install Web Server ...)
+	TODO: check
+CVE-2007-3552 (Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote ...)
+	TODO: check
+CVE-2007-3551 (Buffer overflow in bbs100 before 3.2 allows remote attackers to cause ...)
+	TODO: check
+CVE-2007-3550 (Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to ...)
+	TODO: check
+CVE-2007-3549 (SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 ...)
+	TODO: check
+CVE-2007-3548 (Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers ...)
+	TODO: check
+CVE-2007-3547 (Directory traversal vulnerability in qti_checkname.php in QuickTicket ...)
+	TODO: check
+CVE-2007-3546 (Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus ...)
+	TODO: check
+CVE-2007-3545 (Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows ...)
+	TODO: check
+CVE-2007-3544 (Unrestricted file upload vulnerability in (1) wp-app.php and (2) ...)
+	TODO: check
+CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1 and ...)
+	TODO: check
+CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml ...)
+	TODO: check
+CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 ...)
+	TODO: check
+CVE-2007-3540 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in ...)
+	TODO: check
+CVE-2007-3539 (Multiple SQL injection vulnerabilities in QuickTicket 1.2 ...)
+	TODO: check
+CVE-2007-3538 (SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook ...)
+	TODO: check
+CVE-2007-3537 (IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends ...)
+	TODO: check
+CVE-2007-3536 (Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX ...)
+	TODO: check
+CVE-2007-3535 (Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 ...)
+	TODO: check
+CVE-2007-3534 (SQL injection vulnerability in login.php in WebChat 0.78 allows remote ...)
+	TODO: check
+CVE-2007-3533 (The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote ...)
+	TODO: check
+CVE-2007-3532
+	RESERVED
+CVE-2007-3531
+	RESERVED
+CVE-2007-3530 (PHPDirector 0.21 and earlier stores the admin account name and ...)
+	TODO: check
+CVE-2007-3529 (videos.php in PHPDirector 0.21 and earlier allows remote attackers to ...)
+	TODO: check
+CVE-2007-3528 (The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC ...)
+	TODO: check
+CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated users ...)
+	TODO: check
+CVE-2007-3526 (Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier ...)
+	TODO: check
+CVE-2007-3525 (Ripe Website Manager 0.8.9 and earlier allows remote attackers to ...)
+	TODO: check
+CVE-2007-3524 (Multiple PHP remote file inclusion vulnerabilities in Ripe Website ...)
+	TODO: check
+CVE-2007-3523 (Multiple directory traversal vulnerabilities in Module/Galerie.php in ...)
+	TODO: check
+CVE-2007-3522 (Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 ...)
+	TODO: check
+CVE-2007-3521 (SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 ...)
+	TODO: check
+CVE-2007-3520 (SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store ...)
+	TODO: check
+CVE-2007-3519 (SQL injection vulnerability in eventdisplay.php in phpEventCalendar ...)
+	TODO: check
+CVE-2007-3518 (SQL injection vulnerability in msg.php in HispaH YouTube Clone Script ...)
+	TODO: check
+CVE-2007-3517 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 ...)
+	TODO: check
+CVE-2007-3516 (Multiple cross-site scripting (XSS) vulnerabilities in kayit.asp in ...)
+	TODO: check
+CVE-2007-3515 (SQL injection vulnerability in view_event.php in TotalCalendar 2.402 ...)
+	TODO: check
 CVE-2007-XXXX [silc-toolkit several buffer overflows]
 	- silc-toolkit 1.1.2-1
 	NOTE: http://silcnet.org/docs/changelog/SILC Toolkit 1.1.2
@@ -17,8 +341,7 @@ CVE-2007-3510
 	RESERVED
 CVE-2007-3509
 	RESERVED
-CVE-2007-3508 [glibc hwcaps integer overflow]
-	RESERVED
+CVE-2007-3508 (** DISPUTED ** ...)
 	- glibc 2.6-2 (unimportant; bug #431858)
 	NOTE: Not security-relevant
 CVE-2007-3507 (Stack-based buffer overflow in the local__vcentry_parse_value function ...)
@@ -67,19 +390,19 @@ CVE-2007-3489 (Cross-site request forgery (CSRF) vulnerability in pop/WizU.html
 	NOT-FOR-US: Check Point VPN-1 Edge X
 CVE-2007-3488 (Heap-based buffer overflow in the viewer ActiveX control in Sony ...)
 	NOT-FOR-US: Sony Network Camera SNC-P5 1.0
-CVE-2007-3487 (Absolute directory traversal in a certain ActiveX control in ...)
+CVE-2007-3487 (Absolute path traversal in a certain ActiveX control in hpqxml.dll ...)
 	NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control
 CVE-2007-3486 (Cross-site scripting (XSS) vulnerability in AltaVista search engine ...)
 	NOT-FOR-US: AltaVista
 CVE-2007-3485 (Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server ...)
 	NOT-FOR-US: Yandex.Server
-CVE-2007-3484 (Cross-site scripting (XSS) vulnerability in search.php in Google ...)
+CVE-2007-3484 (** DISPUTED ** ...)
 	NOT-FOR-US: Google Custom Search Engine
 CVE-2007-3483 (Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a ...)
 	NOT-FOR-US: BlackBerry Enterprise Server
-CVE-2007-3482 (Cross-domain vulnerability in Apple Safari allows remote attackers to ...)
+CVE-2007-3482 (Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows ...)
 	NOT-FOR-US: Apple Safari
-CVE-2007-3481 (Cross-domain vulnerability in Microsoft Internet Explorer allows ...)
+CVE-2007-3481 (** DISPUTED ** ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-3480 (PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to ...)
 	NOT-FOR-US: PCSoft WinDEV
@@ -250,7 +573,7 @@ CVE-2007-3402 (SQL injection vulnerability in index.php in pagetool 1.07 allows
 	NOT-FOR-US: pagetool
 CVE-2007-3401 (PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB ...)
 	NOT-FOR-US: B1GBB
-CVE-2007-3400 (The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157 ...)
+CVE-2007-3400 (The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as ...)
 	NOT-FOR-US: NCTAudioEditor2 ActiveX control
 CVE-2007-3399 (SQL injection vulnerability in include/get_userdata.php in Power ...)
 	NOT-FOR-US: Power Phlogger
@@ -911,8 +1234,8 @@ CVE-2007-3109 (The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPag
 	NOT-FOR-US: Microsoft FrontPage
 CVE-2007-3108
 	RESERVED
-CVE-2007-3107
-	RESERVED
+CVE-2007-3107 (The signal handling in the Linux kernel 2.6.2 and later, when run on ...)
+	TODO: check
 CVE-2007-3106
 	RESERVED
 CVE-2007-3105
@@ -1063,8 +1386,8 @@ CVE-2007-3040
 	RESERVED
 CVE-2007-3039
 	RESERVED
-CVE-2007-3038
-	RESERVED
+CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64 Edition ...)
+	TODO: check
 CVE-2007-3037
 	RESERVED
 CVE-2007-3036
@@ -1079,12 +1402,12 @@ CVE-2007-3032
 	RESERVED
 CVE-2007-3031
 	RESERVED
-CVE-2007-3030
-	RESERVED
-CVE-2007-3029
-	RESERVED
-CVE-2007-3028
-	RESERVED
+CVE-2007-3030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows ...)
+	TODO: check
+CVE-2007-3029 (Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 ...)
+	TODO: check
+CVE-2007-3028 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...)
+	TODO: check
 CVE-2007-3027 (Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-3026
@@ -1117,10 +1440,10 @@ CVE-2007-3014
 	RESERVED
 CVE-2007-3013
 	RESERVED
-CVE-2007-3012
-	RESERVED
-CVE-2007-3011
-	RESERVED
+CVE-2007-3012 (The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch ...)
+	TODO: check
+CVE-2007-3011 (The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens ...)
+	TODO: check
 CVE-2007-3010
 	RESERVED
 CVE-2007-3009 (Format string vulnerability in the MprLogToFile::logEvent function in ...)
@@ -1254,8 +1577,7 @@ CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KV
 	- kvirc <unfixed> (medium)
 CVE-2007-2950
 	RESERVED
-CVE-2007-2949 [heap overflow in GIMP's PSD importer]
-	RESERVED
+CVE-2007-2949 (Integer overflow in the seek_to_and_unpack_pixeldata function in the ...)
 	- gimp 2.2.16-1 (medium)
 	- ingimp 2.2.16.20070710-1
 	NOTE: http://secunia.com/secunia_research/2007-63/advisory
@@ -1518,16 +1840,14 @@ CVE-2007-2841
 	RESERVED
 CVE-2007-2840
 	RESERVED
-CVE-2007-2839 [gfax: local users can maniplate root's contrab]
-	RESERVED
+CVE-2007-2839 (gfax 0.4.2 and probably other versions creates temporary files ...)
 	{DSA-1329-1}
 	- gfax 0.6 (bug #431893; low)
 	NOTE: Vulnerable code no longer present since 0.6, so marking this as fixed version
 CVE-2007-2838 (The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 ...)
 	{DSA-1327-1}
 	- gsambad 0.1.6-2 (bug #431331)
-CVE-2007-2837
-	RESERVED
+CVE-2007-2837 (The (1) getRule and (2) getChains functions in server/rules.cpp in ...)
 	{DSA-1326-1}
 	- fireflier 1.1.7
 CVE-2007-2836 (Directory traversal vulnerability in session.rb in Hiki 0.8.0 through ...)
@@ -1693,7 +2013,7 @@ CVE-2007-2768 (OpenSSH, when using OPIE (One-Time Passwords in Everything) for P
 	[sarge] - openssh <no-dsa> (Minor issue)
 CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) ...)
 	NOT-FOR-US: OPeNDAP
-CVE-2007-2766 (Backup Manager before 0.7.6 provides the MySQL password as a plaintext ...)
+CVE-2007-2766 (lib/backup-methods.sh in Backup Manager before 0.7.6 provides the ...)
 	- backup-manager <unfixed> (low)
 	[sarge] - backup-manager <no-dsa> (Minor issue)
 	[etch] - backup-manager <no-dsa> (Minor issue)
@@ -3920,12 +4240,12 @@ CVE-2007-1758
 	RESERVED
 CVE-2007-1757
 	RESERVED
-CVE-2007-1756
-	RESERVED
+CVE-2007-1756 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office ...)
+	TODO: check
 CVE-2007-1755
 	RESERVED
-CVE-2007-1754
-	RESERVED
+CVE-2007-1754 (Microsoft Office Publisher 2007 does not properly clear memory when ...)
+	TODO: check
 CVE-2007-1753
 	RESERVED
 CVE-2007-1752
@@ -7858,14 +8178,14 @@ CVE-2007-0045 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acro
 	NOTE: and icape 1.0.8-1
 CVE-2007-0044 (Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet ...)
 	NOT-FOR-US: Adobe Acrobat Reader Plugin
-CVE-2007-0043
-	RESERVED
-CVE-2007-0042
-	RESERVED
-CVE-2007-0041
-	RESERVED
-CVE-2007-0040
-	RESERVED
+CVE-2007-0043 (The Just In Time (JIT) Compiler service in Microsoft .NET Framework ...)
+	TODO: check
+CVE-2007-0042 (ASP.NET in Microsoft .NET Framework 2.0 SP2 and earlier for Windows ...)
+	TODO: check
+CVE-2007-0041 (The PE Loader service in Microsoft .NET Framework 2.0 SP2 and earlier ...)
+	TODO: check
+CVE-2007-0040 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...)
+	TODO: check
 CVE-2007-0039 (The Exchange Collaboration Data Objects (EXCDO) functionality in ...)
 	NOT-FOR-US: Microsoft
 CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in Microsoft ...)