Author: joeyh
Date: 2007-10-19 21:14:08 +0000 (Fri, 19 Oct 2007)
New Revision: 7022
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-19 17:31:08 UTC (rev 7021)
+++ data/CVE/list 2007-10-19 21:14:08 UTC (rev 7022)
@@ -1,3 +1,135 @@
+CVE-2007-5579 (login.php in Pligg CMS 9.5 uses a guessable confirmation code
when ...)
+ TODO: check
+CVE-2007-5578 (Basic Analysis and Security Engine (BASE) before 1.3.8 sends a
...)
+ TODO: check
+CVE-2007-5577 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
before ...)
+ TODO: check
+CVE-2007-5576 (BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic
...)
+ TODO: check
+CVE-2007-5575 (Cross-site request forgery (CSRF) vulnerability in 1024 CMS
1.2.5 ...)
+ TODO: check
+CVE-2007-5574 (PHP remote file inclusion vulnerability in djpage.php in PHPDJ
0.5 ...)
+ TODO: check
+CVE-2007-5573 (PHP remote file inclusion vulnerability in
classes/core/language.php ...)
+ TODO: check
+CVE-2007-5572 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Simple ...)
+ TODO: check
+CVE-2007-5571 (Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and
earlier, ...)
+ TODO: check
+CVE-2007-5570 (Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and
earlier, ...)
+ TODO: check
+CVE-2007-5569 (Cisco PIX and ASA appliances with 7.1 and 7.2 software, when
...)
+ TODO: check
+CVE-2007-5568 (Cisco PIX and ASA appliances with 7.0 through 8.0 software, and
Cisco ...)
+ TODO: check
+CVE-2007-5567 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-5566 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-5565 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-5564 (Multiple cross-site scripting (XSS) vulnerabilities in NSSboard
...)
+ TODO: check
+CVE-2007-5563 (Unspecified vulnerability in VirtueMart before 1.0.13 allows
remote ...)
+ TODO: check
+CVE-2007-5562 (Cross-site scripting (XSS) vulnerability in cgi-bin/welcome
(aka the ...)
+ TODO: check
+CVE-2007-5561 (Format string vulnerability in the logging function in the
Oracle OPMN ...)
+ TODO: check
+CVE-2007-5560 (Heap-based buffer overflow in the Juniper HTTP Service allows
remote ...)
+ TODO: check
+CVE-2007-5559 (Heap-based buffer overflow in the IBM ThinkVantage TPM Service
allows ...)
+ TODO: check
+CVE-2007-5558 (Integer overflow in the LG Mobile handset allows remote
attackers to ...)
+ TODO: check
+CVE-2007-5557 (Unspecified vulnerability in the NEC mobile handset allows
remote ...)
+ TODO: check
+CVE-2007-5556 (Unspecified vulnerability in the Avaya VoIP Handset allows
remote ...)
+ TODO: check
+CVE-2007-5555 (Symantec Altiris Deployment Solution 6 allows local users to
obtain ...)
+ TODO: check
+CVE-2007-5554 (Oracle allows remote attackers to obtain server memory contents
via ...)
+ TODO: check
+CVE-2007-5553 (Unspecified vulnerability in rvd in TIBCO Rendezvous allows
remote ...)
+ TODO: check
+CVE-2007-5552 (Integer overflow in Cisco IOS allows remote attackers to
execute ...)
+ TODO: check
+CVE-2007-5551 (Off-by-one error in Cisco IOS allows remote attackers to
execute ...)
+ TODO: check
+CVE-2007-5550 (Unspecified vulnerability in Cisco IOS allows remote attackers
to ...)
+ TODO: check
+CVE-2007-5549 (Unspecified vulnerability in Command EXEC in Cisco IOS allows
local ...)
+ TODO: check
+CVE-2007-5548 (Multiple stack-based buffer overflows in Command EXEC in Cisco
IOS ...)
+ TODO: check
+CVE-2007-5547 (Cross-site scripting (XSS) vulnerability in Cisco IOS allows
remote ...)
+ TODO: check
+CVE-2007-5546 (Multiple stack-based buffer overflows in TIBCO SmartPGM FX
allow ...)
+ TODO: check
+CVE-2007-5545 (Format string vulnerability in TIBCO SmartPGM FX allows remote
...)
+ TODO: check
+CVE-2007-5544
+ RESERVED
+CVE-2007-5543
+ RESERVED
+CVE-2007-5542
+ RESERVED
+CVE-2003-1400 (Cross-site scripting (XSS) vulnerability in the Your_Account
module ...)
+ TODO: check
+CVE-2003-1399 (eject 2.0.10, when installed setuid on systems such as SuSE
Linux 7.3, ...)
+ TODO: check
+CVE-2003-1398 (Cisco IOS 12.0 through 12.2, when IP routing is disabled,
accepts ...)
+ TODO: check
+CVE-2003-1397 (The PluginContext object of Opera 6.05 and 7.0 allows remote
attackers ...)
+ TODO: check
+CVE-2003-1396 (Heap-based buffer overflow in Opera 6.05 through 7.10 allows
remote ...)
+ TODO: check
+CVE-2003-1395 (Buffer overflow in KaZaA Media Desktop 2.0 allows remote
attackers to ...)
+ TODO: check
+CVE-2003-1394 (CoffeeCup Software Password Wizard 4.0 stores sensitive
information ...)
+ TODO: check
+CVE-2003-1393 (Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers
to ...)
+ TODO: check
+CVE-2003-1392 (CryptoBuddy 1.0 and 1.2 does not use the user-supplied
passphrase to ...)
+ TODO: check
+CVE-2003-1391 (RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm
for the ...)
+ TODO: check
+CVE-2003-1390 (RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a
...)
+ TODO: check
+CVE-2003-1389 (RTS CryptoBuddy 1.2 and earlier truncates long passphrases
without ...)
+ TODO: check
+CVE-2003-1388 (Buffer overflow in Opera 7.02 Build 2668 allows remote
attackers to ...)
+ TODO: check
+CVE-2003-1387 (Buffer overflow in Opera 6.05 and 6.06, and possibly other
versions, ...)
+ TODO: check
+CVE-2003-1386 (AXIS 2400 Video Server 2.00 through 2.33 allows remote
attackers to ...)
+ TODO: check
+CVE-2003-1385 (ipchat.php in Invision Power Board 1.1.1 allows remote
attackers to ...)
+ TODO: check
+CVE-2003-1384 (Cross-site scripting (XSS) vulnerability in index.php in
PY-Livredor ...)
+ TODO: check
+CVE-2003-1383 (WEB-ERP 0.1.4 and earlier allows remote attackers to obtain
sensitive ...)
+ TODO: check
+CVE-2003-1382 (Buffer overflow in ISMail 1.4.3 and earlier allow remote
attackers to ...)
+ TODO: check
+CVE-2003-1381 (Format string vulnerability in AMX 0.9.2 and earlier, a plugin
for ...)
+ TODO: check
+CVE-2003-1380 (Directory traversal vulnerability in BisonFTP Server 4 release
2 ...)
+ TODO: check
+CVE-2003-1379 (clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers
to ...)
+ TODO: check
+CVE-2003-1378 (Microsoft Outlook Express 6.0 and Outlook 2000, with the
security zone ...)
+ TODO: check
+CVE-2003-1377 (Buffer overflow in the reverse DNS lookup of Smart IRC Daemon
(SIRCD) ...)
+ TODO: check
+CVE-2003-1376 (WinZip 8.0 uses weak random number generation for password
protected ...)
+ TODO: check
+CVE-2003-1375 (Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow
local ...)
+ TODO: check
+CVE-2003-1374 (Buffer overflow in disable of HP-UX 11.0 may allow local users
to ...)
+ TODO: check
+CVE-2002-2306 (Sharman Networks KaZaA Media Desktop 1.7.1 allows remote
attackers to ...)
+ TODO: check
CVE-2002-2305 (SQL injection vulnerability in agentadmin.php in Immobilier
allows ...)
NOT-FOR-US: Immobilier
CVE-2002-2304 (SQL injection vulnerability in admin/auth/checksession.php in
...)
@@ -229,11 +361,11 @@
RESERVED
CVE-2007-5474
RESERVED
-CVE-2007-5473
- RESERVED
+CVE-2007-5473 (StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when
...)
+ TODO: check
CVE-2007-5472
RESERVED
-CVE-2003-1373 (Direcory traversal vulnerability in auth.php for PhpBB 1.4.0
through ...)
+CVE-2003-1373 (Directory traversal vulnerability in auth.php for PhpBB 1.4.0
through ...)
- phpbb2 <not-affected> (phpbb was the vulnerable one)
CVE-2003-1372 (Cross-site scripting (XSS) vulnerability in links.php script in
...)
NOT-FOR-US: myPHPNuke
@@ -647,8 +779,10 @@
RESERVED
CVE-2007-5340
RESERVED
+ {DSA-1391-1}
CVE-2007-5339
RESERVED
+ {DSA-1391-1}
CVE-2007-5338
RESERVED
CVE-2007-5337
@@ -1176,7 +1310,7 @@
- ruby1.9 <not-affected> (Vulnerable code no longer present)
- ruby1.8 <unfixed> (low; bug #444929)
NOTE: fix for 1.8
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504
-CVE-2007-5161 (Cross-site scripting (XSS) vulnerability in the internal
browser in ...)
+CVE-2007-5161 (Cross-zone scripting vulnerability in the internal browser in
...)
NOT-FOR-US: Feedreader 3
NOTE: editor not included in native wordpress
CVE-2007-5160 (Multiple PHP remote file inclusion vulnerabilities in Thierry
Leriche ...)
@@ -2466,8 +2600,8 @@
NOT-FOR-US: ACG news
CVE-2007-4602 (SQL injection vulnerability in cms/revert-content.php in
Implied by ...)
NOT-FOR-US: Micro-CMS
-CVE-2007-4600
- RESERVED
+CVE-2007-4600 (The "Protect Worksheet" functionality in Mathsoft
Mathcad 12 through ...)
+ TODO: check
CVE-2007-4599
RESERVED
CVE-2007-4598 (IBM SurePOS 500 has (1) a default password of "12345"
for the manager ...)
@@ -3729,6 +3863,7 @@
CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka
Yahoo! ...)
NOT-FOR-US: Yahoo! Widgets
CVE-2007-4033 (Buffer overflow in the intT1_EnvGetCompletePath function in ...)
+ {DSA-1390-1}
- t1lib 5.1.0-3 (bug #439927)
NOTE: originally posted as a php vuln, actually in libt1
NOTE: http://www.securityfocus.com/bid/25079 (particularly the
discussions)
@@ -4151,13 +4286,13 @@
CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5,
as used ...)
NOT-FOR-US: TortoiseSVN on Windows
CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and
2.x ...)
- {DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
+ {DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1
DTSA-53-1}
- iceweasel 2.0.0.6-1 (medium)
- xulrunner 1.8.1.6-1 (medium)
- iceape 1.1.3-2 (medium)
- icedove <unfixed> (medium)
CVE-2007-3844 (Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before
1.5.0.13, and ...)
- {DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
+ {DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1
DTSA-53-1}
- iceweasel 2.0.0.6-1 (medium)
- xulrunner 1.8.1.6-1 (medium)
- iceape 1.1.3-2 (medium)
@@ -4432,14 +4567,14 @@
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine
in ...)
- {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+ {DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1
DTSA-51-1}
- iceweasel 2.0.0.5-1 (high)
- icedove <unfixed> (low)
NOTE: Affects only broken setups, enabling js in Icedove is strongly
not recommended
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+ {DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1
DTSA-51-1}
- iceweasel 2.0.0.5-1 (high)
- icedove 2.0.0.6-1 (high; bug #444010)
- iceape 1.1.3-1 (high)
@@ -5985,8 +6120,8 @@
CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on various
Linux ...)
{DSA-1342-1}
- xfs 1:1.0.4-2
-CVE-2007-3102
- RESERVED
+CVE-2007-3102 (Unspecified vulnerability in the linux_audit_record_event
function in ...)
+ TODO: check
CVE-2007-3101 (Multiple cross-site scripting (XSS) vulnerabilities in certain
JSF ...)
NOT-FOR-US: Apache MyFaces Tomahawk
CVE-2007-3100 (usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils)
before ...)
@@ -60929,7 +61064,7 @@
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0104 (MDaemon Pro 3.5.1 and earlier allows local users to bypass the
"lock ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2001-0103 (CoffeeCup Direct and Free FTP clients useas weak encryption to
store ...)
+CVE-2001-0103 (CoffeeCup Direct and Free FTP clients uses weak encryption to
store ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0102 ("Multiple Users" Control Panel in Mac OS 9 allows
Normal users to gain ...)
NOT-FOR-US: Data pre-dating the Security Tracker
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
