automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5228 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Joey Hess <joeyh@debian.org> 2007-01-09 20:14:21 +0000
committer: Joey Hess <joeyh@debian.org> 2007-01-09 20:14:21 +0000
commit: f369bafb7dcf971bf74ddfb0b6a2286708db7b77 (patch)
tree: 39dd45ada8da80c1a2421358e71b44b8072d384b /data/CVE
parent: 8ea71d406f36e26b5c2dc699a023fda6c044b98d (diff)
5 files changed, 305 insertions, 19 deletions
diff --git a/data/CVE/1999.list b/data/CVE/1999.list
index ff10da4a1d..98b5794b7d 100644
--- a/data/CVE/1999.list
+++ b/data/CVE/1999.list
@@ -2081,7 +2081,7 @@ CVE-1999-1304 (Vulnerability in login in SCO UNIX 4.2 and earlier allows local u
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-1303 (Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-1302 (Vulnerability in pt_chmod in SCO UNIX 4.2 and earlier allows local ...)
+CVE-1999-1302 (Unspecified vulnerability in pt_chmod in SCO UNIX 4.2 and earlier ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-1300 (Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
diff --git a/data/CVE/2003.list b/data/CVE/2003.list
index c6225415fd..022ff04b3f 100644
--- a/data/CVE/2003.list
+++ b/data/CVE/2003.list
@@ -1,3 +1,7 @@
+CVE-2003-1317 (Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 ...)
+	TODO: check
+CVE-2003-1316 (mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive ...)
+	TODO: check
 CVE-2003-1315 (SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 ...)
 	NOT-FOR-US: Land Down Under (LDU)
 CVE-2003-1314 (PHP remote file inclusion vulnerability in admin/auth.php in ...)
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index aeeb93e710..16f5a26fac 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -1,3 +1,7 @@
+CVE-2004-2671 (mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2004-2670 (Multiple cross-site scripting (XSS) vulnerabilities in mod.php in ...)
+	TODO: check
 CVE-2004-2669 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 ...)
 	NOT-FOR-US: Land Down Under
 CVE-2004-2668 (SQL injection vulnerability in Interchange before 4.8.9 allows remote ...)
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 1870e65a09..a3e3f63429 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -1,6 +1,108 @@
+CVE-2006-6910 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO ...)
+	TODO: check
+CVE-2006-6909 (Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka ...)
+	TODO: check
+CVE-2006-6908 (Buffer overflow in the Bluetooth Stack COM Server in the Widcomm ...)
+	TODO: check
+CVE-2006-6907 (Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown ...)
+	TODO: check
+CVE-2006-6906 (Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and ...)
+	TODO: check
+CVE-2006-6905 (Unspecified vulnerability in the Widcomm Bluetooth stack allows remote ...)
+	TODO: check
+CVE-2006-6904 (Unspecified vulnerability in the Broadcom Bluetooth stack allows ...)
+	TODO: check
+CVE-2006-6903 (Unspecified vulnerability in the Toshiba Bluetooth stack allows remote ...)
+	TODO: check
+CVE-2006-6902 (Unspecified vulnerability in the Bluetooth stack in Microsoft Windows ...)
+	TODO: check
+CVE-2006-6901 (Unspecified vulnerability in the Bluetooth stack in Microsoft Windows ...)
+	TODO: check
+CVE-2006-6900 (Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 ...)
+	TODO: check
+CVE-2006-6899 (hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to ...)
+	TODO: check
+CVE-2006-6898 (Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote ...)
+	TODO: check
+CVE-2006-6897 (Directory traversal vulnerability in Widcomm Bluetooth for Windows ...)
+	TODO: check
+CVE-2006-6896 (The Bluetooth stack in the Plantronic Headset does not properly ...)
+	TODO: check
+CVE-2006-6895 (The Bluetooth stack in the Sony Ericsson T60 does not properly ...)
+	TODO: check
+CVE-2006-6894 (Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown ...)
+	TODO: check
+CVE-2006-6893 (Tor allows remote attackers to discover the IP address of a hidden ...)
+	TODO: check
+CVE-2006-6892 (Cross-site scripting (XSS) vulnerability in the GetLocation function ...)
+	TODO: check
+CVE-2006-6891 (Vz (Adp) Forum 2.0.3 stores sensitive information under the web root ...)
+	TODO: check
+CVE-2006-6890 (Voodoo chat 1.0RC1b stores sensitive information under the web root ...)
+	TODO: check
+CVE-2006-6889 (FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information ...)
+	TODO: check
+CVE-2006-6888 (P-News 1.16 and 1.17 store sensitive information under the web root ...)
+	TODO: check
+CVE-2006-6887 (Unrestricted file upload vulnerability in logahead UNU 1.0 allows ...)
+	TODO: check
+CVE-2006-6886 (phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2006-6885 (An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows ...)
+	TODO: check
+CVE-2006-6884 (Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka ...)
+	TODO: check
+CVE-2006-6883 (** DISPUTED ** PHP remote file inclusion vulnerability in php4you.php ...)
+	TODO: check
+CVE-2006-6882 (Cross-site scripting (XSS) vulnerability in golden book allows remote ...)
+	TODO: check
+CVE-2006-6881 (Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux ...)
+	TODO: check
+CVE-2006-6880 (Multiple SQL injection vulnerabilities in code/guestadd.php in ...)
+	TODO: check
+CVE-2006-6879 (Unrestricted file upload vulnerability in admin/uploads.php in ...)
+	TODO: check
+CVE-2006-6878 (admin/uploads.php in PHP-Update 2.7 and earlier allows remote ...)
+	TODO: check
+CVE-2006-6877 (Directory traversal vulnerability in index.php in Matteo Lucarelli ...)
+	TODO: check
+CVE-2006-6876 (The fetchsms function in the SMS handling module (libsms_getsms.c) in ...)
+	TODO: check
+CVE-2006-6875 (Buffer overflow in the validateospheader function in the Open ...)
+	TODO: check
+CVE-2006-6874 (Multiple cross-site scripting (XSS) vulnerabilities in friend.php in ...)
+	TODO: check
+CVE-2006-6873 (Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 ...)
+	TODO: check
+CVE-2006-6872 (Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows ...)
+	TODO: check
+CVE-2006-6871 (Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 ...)
+	TODO: check
+CVE-2006-6869 (Directory traversal vulnerability in ...)
+	TODO: check
+CVE-2006-6868 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web ...)
+	TODO: check
+CVE-2006-6867 (Multiple PHP remote file inclusion vulnerabilities in Vladimir ...)
+	TODO: check
+CVE-2006-6866 (STphp EasyNews PRO 4.0 stores sensitive information under the web root ...)
+	TODO: check
+CVE-2006-6865 (Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp ...)
+	TODO: check
+CVE-2006-6864 (PHP remote file inclusion vulnerability in E2_header.inc.php in ...)
+	TODO: check
+CVE-2006-6863 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-6862 (Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky ...)
+	TODO: check
+CVE-2006-6861 (Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 ...)
+	TODO: check
+CVE-2006-6860 (Buffer overflow in the sendToMythTV function in MythControlServer.c in ...)
+	TODO: check
+CVE-2006-6859 (SQL injection vulnerability in coupon_detail.asp in Website Designs ...)
+	TODO: check
 CVE-2006-XXXX [ssmtp password leak]
 	- ssmtp 2.61-10.1 (bug #369542; low)
-CVE-2006-6870 [avahi DoS]
+CVE-2006-6870 (The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 ...)
 	- avahi 0.6.16-1
 CVE-2006-6858 (Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo ...)
 	- miredo 1.0.4-2 (bug #405412; bug #405111)
@@ -26,7 +128,7 @@ CVE-2006-6848 (SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows
 	NOT-FOR-US: ASPTicker
 CVE-2006-6847 (An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 ...)
 	NOT-FOR-US: RealPlayer for Windows
-CVE-2006-6846 (Multiple SQL injection vulnerabilities in WYWO - InOut Board 1.0 allow ...)
+CVE-2006-6846 (Multiple SQL injection vulnerabilities in While You Were Out (WYWO) ...)
 	NOT-FOR-US: WYWO - InOut Board 
 CVE-2006-6845 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...)
 	NOT-FOR-US: CMS Made Simple
@@ -275,7 +377,7 @@ CVE-2006-6723 (The Workstation service in Microsoft Windows 2000 SP4 and XP SP2
 	NOT-FOR-US: Microsoft
 CVE-2006-6722 (Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers ...)
 	NOT-FOR-US: Bandwebsite (aka Bandsite portal system)
-CVE-2006-6721 (Cross-site scripting (XSS) vulnerability in shout.php in Knusperleicht ...)
+CVE-2006-6721 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php in ...)
 	NOT-FOR-US: Knusperleicht ShoutBox
 CVE-2006-6720 (PHP remote file inclusion vulnerability in admin/index_sitios.php in ...)
 	NOT-FOR-US: Azucar CMS
@@ -1172,8 +1274,8 @@ CVE-2006-6338 (Unrestricted file upload vulnerability in upload/index.php in deV
 	NOT-FOR-US: deV!L`z Clanportal
 CVE-2006-6337 (Multiple SQL injection vulnerabilities in giris.asp in Aspee and ...)
 	NOT-FOR-US: Aspee Ziyaretci Defteri
-CVE-2006-6336
-	RESERVED
+CVE-2006-6336 (Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) ...)
+	TODO: check
 CVE-2006-6335 (Multiple buffer overflows in Sophos Anti-Virus scanning engine before ...)
 	NOT-FOR-US: Sophos Anti-Virus
 CVE-2006-6334 (Heap-based buffer overflow in the SendChannelData function in wfica.ocx in ...)
@@ -1211,7 +1313,7 @@ CVE-2006-6320
 	RESERVED
 CVE-2006-6319
 	RESERVED
-CVE-2006-6318 (elogd in elog 2.6.2 and earlier allows remote authenticated users to cause a ...)
+CVE-2006-6318 (The show_elog_list function in elogd.c in elog 2.6.2 and earlier ...)
 	{DSA-1242-1}
 CVE-2006-6317
 	RESERVED
@@ -1948,8 +2050,7 @@ CVE-2006-5976 (Multiple SQL injection vulnerabilities in admin_login.asp in Blog
 	NOT-FOR-US: BlogMe
 CVE-2006-5975 (Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in ...)
 	NOT-FOR-US: BlogMe
-CVE-2006-5974 [fetchmail DoS]
-	RESERVED
+CVE-2006-5974 (fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message ...)
 	- fetchmail 6.3.6~rc3-1
 CVE-2006-5973 (Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and ...)
 	- dovecot 1.0.rc15-1
@@ -2179,8 +2280,7 @@ CVE-2006-5869 (pstotext before 1.9 allows user-assisted attackers to execute ...
 CVE-2006-5868 (Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 ...)
 	{DSA-1213}
 	- imagemagick 7:6.2.4.5.dfsg1-0.11
-CVE-2006-5867 [fetchmail cannot enforce TLS]
-	RESERVED
+CVE-2006-5867 (fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit ...)
 	- fetchmail 6.3.6~rc5-1
 CVE-2006-5866 (Directory traversal vulnerability in Mdoc/view-sourcecode.php for ...)
 	NOT-FOR-US: phpManta
@@ -2416,8 +2516,8 @@ CVE-2006-5757 (Race condition in the __find_get_block_slow function in the ISO96
 	- linux-2.6 <unfixed> (low)
 CVE-2006-5756
 	RESERVED
-CVE-2006-5755
-	RESERVED
+CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does not ...)
+	TODO: check
 CVE-2006-5754
 	RESERVED
 CVE-2006-5753
@@ -5088,7 +5188,7 @@ CVE-2006-4539 ((1) includes/widgets/module_company_tickets.php and (2) ...)
 CVE-2006-4538 (Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC ...)
 	{DSA-1237 DSA-1233}
 	- linux-2.6 2.6.17-9
-CVE-2006-4537 (NET$SESSION_CONTROL.EXE before 20060825 in DECnet-Plus in OpenVMS ...)
+CVE-2006-4537 (NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and ...)
 	NOT-FOR-US: OpenVMS
 CVE-2006-4536 (SQL injection vulnerability in module/rejestracja.php in CMS Frogss ...)
 	NOT-FOR-US: CMS Frogss
@@ -6073,10 +6173,10 @@ CVE-2006-4100
 	RESERVED
 CVE-2006-4099 (Business Objects Crystal Enterprise 9 and 10 generates predictable ...)
 	NOT-FOR-US: Business Objects
-CVE-2006-4098
-	RESERVED
-CVE-2006-4097
-	RESERVED
+CVE-2006-4098 (Stack-based buffer overflow in the CSRadius service in Cisco Secure Access ...)
+	TODO: check
+CVE-2006-4097 (Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure ...)
+	TODO: check
 CVE-2006-4096 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to ...)
 	{DSA-1172-1}
 	- bind <not-affected> (Not vulnerable according to CERT advisory)
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 21f580736d..dd227942be 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -1,3 +1,181 @@
+CVE-2007-0139 (Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in ...)
+	TODO: check
+CVE-2007-0138 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO ...)
+	TODO: check
+CVE-2007-0137 (Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ ...)
+	TODO: check
+CVE-2007-0136 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal before ...)
+	TODO: check
+CVE-2007-0135 (PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix ...)
+	TODO: check
+CVE-2007-0134 (Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow ...)
+	TODO: check
+CVE-2007-0133 (Multiple SQL injection vulnerabilities in display_review.php in ...)
+	TODO: check
+CVE-2007-0132 (SQL injection vulnerability in compare_product.php in iGeneric iG Shop ...)
+	TODO: check
+CVE-2007-0131 (JAMWiki before 0.5.0 does not properly check permissions during moves ...)
+	TODO: check
+CVE-2007-0130 (SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 ...)
+	TODO: check
+CVE-2007-0129 (SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and ...)
+	TODO: check
+CVE-2007-0128 (SQL injection vulnerability in info_book.asp in Digirez 3.4 and ...)
+	TODO: check
+CVE-2007-0127 (The Javascript SVG support in Opera before 9.10 does not properly ...)
+	TODO: check
+CVE-2007-0126 (Heap-based buffer overflow in Opera 9.02 allows remote attackers to ...)
+	TODO: check
+CVE-2007-0125 (Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux ...)
+	TODO: check
+CVE-2007-0124 (Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before ...)
+	TODO: check
+CVE-2007-0123 (Unrestricted file upload vulnerability in Uber Uploader 4.2 allows ...)
+	TODO: check
+CVE-2007-0122 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery ...)
+	TODO: check
+CVE-2007-0121 (Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 ...)
+	TODO: check
+CVE-2007-0120 (Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and ...)
+	TODO: check
+CVE-2007-0119 (Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 ...)
+	TODO: check
+CVE-2007-0118 (Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow ...)
+	TODO: check
+CVE-2007-0117 (DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X ...)
+	TODO: check
+CVE-2007-0116 (Digger Solutions Intranet Open Source (IOS) stores sensitive ...)
+	TODO: check
+CVE-2007-0115 (Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 ...)
+	TODO: check
+CVE-2007-0114 (Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote ...)
+	TODO: check
+CVE-2007-0113 (Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote ...)
+	TODO: check
+CVE-2007-0112 (SQL injection vulnerability in cats.asp in createauction allows remote ...)
+	TODO: check
+CVE-2007-0111 (Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as ...)
+	TODO: check
+CVE-2007-0110 (Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell ...)
+	TODO: check
+CVE-2007-0109 (wp-login.php in WordPress 2.0.5 and earlier displays different error ...)
+	TODO: check
+CVE-2007-0108 (nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not ...)
+	TODO: check
+CVE-2007-0107 (WordPress before 2.0.6, when mbstring is enabled for PHP, decodes ...)
+	TODO: check
+CVE-2007-0106 (Cross-site scripting (XSS) vulnerability in the CSRF protection scheme ...)
+	TODO: check
+CVE-2007-0105 (Stack-based buffer overflow in the CSAdmin service in Cisco Secure ...)
+	TODO: check
+CVE-2007-0104 (The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, ...)
+	TODO: check
+CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat ...)
+	TODO: check
+CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS X ...)
+	TODO: check
+CVE-2007-0101 (Cross-site request forgery (CSRF) vulnerability in SPINE allows remote ...)
+	TODO: check
+CVE-2007-0100 (The Perforce client does not restrict the set of files that it ...)
+	TODO: check
+CVE-2007-0099 (Race condition in the msxml3 module in Microsoft Internet Explorer 6 ...)
+	TODO: check
+CVE-2007-0098 (Directory traversal vulnerability in language.php in VerliAdmin 0.3 ...)
+	TODO: check
+CVE-2007-0097 (Multiple stack-based buffer overflows in the (1) LoadTree and (2) ...)
+	TODO: check
+CVE-2007-0096 (CarbonCommunities stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2007-0095 (phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2007-0094 (Sven Moderow GuestBook 0.3a stores sensitive information under the web ...)
+	TODO: check
+CVE-2007-0093 (SQL injection vulnerability in page.php in Simple Web Content ...)
+	TODO: check
+CVE-2007-0092 (SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 ...)
+	TODO: check
+CVE-2007-0091 (newsCMSlite stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2007-0090 (WineGlass stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2007-0089 (jgbbs stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2007-0088 (Multiple directory traversal vulnerabilities in openmedia allow remote ...)
+	TODO: check
+CVE-2007-0087 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-0086 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-0085 (Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics ...)
+	TODO: check
+CVE-2007-0084 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-0083 (Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier ...)
+	TODO: check
+CVE-2007-0082 (users_adm/start1.php in IMGallery 2.5 and earlier does not properly ...)
+	TODO: check
+CVE-2007-0081 (Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and ...)
+	TODO: check
+CVE-2007-0080 (Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 ...)
+	TODO: check
+CVE-2007-0079 (rblog stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2007-0078 (BattleBlog stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2007-0077 (lblog stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2007-0076 (Openforum stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2007-0075 (AspBB stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2007-0074
+	RESERVED
+CVE-2007-0073
+	RESERVED
+CVE-2007-0072
+	RESERVED
+CVE-2007-0071
+	RESERVED
+CVE-2007-0070
+	RESERVED
+CVE-2007-0069
+	RESERVED
+CVE-2007-0068
+	RESERVED
+CVE-2007-0067
+	RESERVED
+CVE-2007-0066
+	RESERVED
+CVE-2007-0065
+	RESERVED
+CVE-2007-0064
+	RESERVED
+CVE-2007-0063
+	RESERVED
+CVE-2007-0062
+	RESERVED
+CVE-2007-0061
+	RESERVED
+CVE-2007-0060
+	RESERVED
+CVE-2007-0059 (Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 ...)
+	TODO: check
+CVE-2007-0058 (Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 ...)
+	TODO: check
+CVE-2007-0057 (Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through ...)
+	TODO: check
+CVE-2007-0056 (Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe ...)
+	TODO: check
+CVE-2007-0055 (Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in ...)
+	TODO: check
+CVE-2007-0054 (Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior ...)
+	TODO: check
+CVE-2007-0053 (SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer ...)
+	TODO: check
+CVE-2007-0052 (SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows ...)
+	TODO: check
+CVE-2007-0051 (Format string vulnerability in Apple iPhoto 6.0.5 (316), and possibly ...)
+	TODO: check
 CVE-2007-XXXX [CenterICQ buffer overflow]
 	- centericq 4.21.0-17
 	NOTE: http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051663.html
@@ -79,7 +257,7 @@ CVE-2007-0019
 	RESERVED
 CVE-2007-0018
 	RESERVED
-CVE-2007-0017 (Format string vulnerability in VideoLAN VLC 0.8.6 allows user-assisted ...)
+CVE-2007-0017 (Multiple format string vulnerabilities in (1) the cdio_log_handler ...)
 	- vlc 0.8.6-svn20061012.debian-1.2 (bug #405425; medium)
 CVE-2007-0016 (Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers ...)
 	NOT-FOR-US: MoviePlay
author	Joey Hess <joeyh@debian.org>	2007-01-09 20:14:21 +0000
committer	Joey Hess <joeyh@debian.org>	2007-01-09 20:14:21 +0000
commit	f369bafb7dcf971bf74ddfb0b6a2286708db7b77 (patch)
tree	39dd45ada8da80c1a2421358e71b44b8072d384b /data/CVE
parent	8ea71d406f36e26b5c2dc699a023fda6c044b98d (diff)