[Secure-testing-commits] r5623 - in data: . CVE

Kees Cook keescook-guest at alioth.debian.org
Thu Apr 5 00:30:37 UTC 2007


Author: keescook-guest
Date: 2007-04-05 00:30:33 +0000 (Thu, 05 Apr 2007)
New Revision: 5623

Modified:
   data/CVE/list
   data/mopb.txt
Log:
NFUs: 164
unfixed: asterisk flyspray iceweasel imagemagick ktorrent ldap-account-manager libapache2-mod-perl2 libapache-mod-perl linux-2.6 madwifi php4 php5 pulseaudio tinymux
fixed: asterisk wordpress
not-affected: python2.5
MOBP: updated 35, 36


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-04-04 20:16:12 UTC (rev 5622)
+++ data/CVE/list	2007-04-05 00:30:33 UTC (rev 5623)
@@ -2,139 +2,141 @@
 	- dovecot <unfixed>
 	[sarge] - dovecot <not-affected> (Vulnerable code not present)
 CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not ...)
-	TODO: check
+	- ldap-account-manager <unfixed> (medium)
 CVE-2007-1839 (Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and ...)
-	TODO: check
+	NOT-FOR-US: CodeBB
 CVE-2007-1838 (SQL injection vulnerability in view.php in the Friendfinder 3.3 and ...)
-	TODO: check
+	NOT-FOR-US: Friendfinder module for Xoops
 CVE-2007-1837 (Multiple PHP remote file inclusion vulnerabilities in MangoBery CMS ...)
-	TODO: check
+	NOT-FOR-US: MangoBery CMS
 CVE-2007-1836 (The command line administration interface in Data Domain OS before ...)
-	TODO: check
+	NOT-FOR-US: Data Domain OS
 CVE-2007-1835 (PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...)
-	TODO: check
+	- php4 <unfixed> (unimportant)
+	- php5 <unfixed> (unimportant)
+	NOTE: open_basedir bypasses not supported
 CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco Unified Presence Server
 CVE-2007-1833 (The Skinny Call Control Protocol (SCCP) implementation in Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco Unified CallManager
 CVE-2007-1832 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...)
-	TODO: check
+	NOT-FOR-US: WebAPP
 CVE-2007-1831 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...)
-	TODO: check
+	NOT-FOR-US: WebAPP
 CVE-2007-1830 (Unspecified vulnerability in the Username Hijacking Patch 20070312 for ...)
-	TODO: check
+	NOT-FOR-US: WebAPP
 CVE-2007-1829 (Multiple unspecified vulnerabilities in web-app.net WebAPP have ...)
-	TODO: check
+	NOT-FOR-US: WebAPP
 CVE-2007-1828 (Multiple cross-site scripting (XSS) vulnerabilities in web-app.org ...)
-	TODO: check
+	NOT-FOR-US: WebAPP
 CVE-2007-1827 (Multiple unspecified vulnerabilities in form input validation in ...)
-	TODO: check
+	NOT-FOR-US: WebAPP
 CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco Unified CallManager
 CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before ...)
 	TODO: check
 CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 ...)
 	TODO: check
 CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve or ...)
-	TODO: check
+	NOT-FOR-US: T-Mobile
 CVE-2007-1822 (Alcatel-Lucent Lucent Technologies voice mail systems allow remote ...)
-	TODO: check
+	NOT-FOR-US: Alcatel-Lucent
 CVE-2007-1821 (Sprint Nextel Sprint voice mail systems allow remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Sprint Nextel
 CVE-2007-1820 (Nortel Networks CallPilot and Meridian Mail voicemail systems, when a ...)
-	TODO: check
+	NOT-FOR-US: Nortel Networks
 CVE-2007-1819 (Unspecified vulnerability in a certain ActiveX control in TestDirector ...)
-	TODO: check
+	NOT-FOR-US: ActiveX control in TestDirector
 CVE-2007-1818 (PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php ...)
-	TODO: check
+	NOT-FOR-US: Forum picture and META tags module for phpBB
 CVE-2007-1817 (SQL injection vulnerability in index.php in the Lykos Reviews ...)
-	TODO: check
+	NOT-FOR-US: Lykos Reviews module for Xoops
 CVE-2007-1816 (SQL injection vulnerability in viewcat.php in the Tutoriais module for ...)
-	TODO: check
+	NOT-FOR-US: Tutorials module for Xoops
 CVE-2007-1815 (SQL injection vulnerability in viewcat.php in the Library module for ...)
-	TODO: check
+	NOT-FOR-US: Library module for Xoops
 CVE-2007-1814 (SQL injection vulnerability in viewcat.php in the Core module for ...)
-	TODO: check
+	NOT-FOR-US: Core module for Xoops
 CVE-2007-1813 (SQL injection vulnerability in display.php in the eCal 2.24 and ...)
-	TODO: check
+	NOT-FOR-US: eCal module for Xoops
 CVE-2007-1812 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: BT-Sondage
 CVE-2007-1811 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) ...)
-	TODO: check
+	NOT-FOR-US: Tiny Event module for Xoops
 CVE-2007-1810 (SQL injection vulnerability in product_details.php in the Kshop 1.17 ...)
-	TODO: check
+	NOT-FOR-US: Kshop module for Xoops
 CVE-2007-1809 (Multiple PHP remote file inclusion vulnerabilities in GraFX Company ...)
-	TODO: check
+	NOT-FOR-US: WebSite Builder
 CVE-2007-1808 (SQL injection vulnerability in show.php in the Camportail 1.1 and ...)
-	TODO: check
+	NOT-FOR-US: Camportail module for Xoops
 CVE-2007-1807 (SQL injection vulnerability in modules/myalbum/viewcat.php in the ...)
-	TODO: check
+	NOT-FOR-US: myAlbum-P module for Xoops
 CVE-2007-1806 (SQL injection vulnerability in categos.php in the RM+Soft Gallery ...)
-	TODO: check
+	NOT-FOR-US: RM+Soft Gallery module for Xoops
 CVE-2007-1805 (SQL injection vulnerability in genre.php in the debaser 0.92 and ...)
-	TODO: check
+	NOT-FOR-US: debaser module for Xoops
 CVE-2007-1804 (PulseAudio 0.9.5 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	- pulseaudio <unfixed> (medium)
 CVE-2007-1803 (Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: MailDwarf
 CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier ...)
-	TODO: check
+	NOT-FOR-US: MailDwarf
 CVE-2007-1801 (Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta ...)
-	TODO: check
+	NOT-FOR-US: sBLOG
 CVE-2007-1800 (Cisco Secure ACS does not require authentication when Cisco Trust ...)
-	TODO: check
+	NOT-FOR-US: Cisco Secure ACS
 CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...)
-	TODO: check
+	- ktorrent <unfixed> (medium)
 CVE-2007-1798 (Buffer overflow in the drmgr command for IBM AIX 5.2 and 5.3 allows ...)
 	TODO: check
 CVE-2007-1797 (Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote ...)
-	TODO: check
+	- imagemagick <unfixed> (medium)
 CVE-2007-1796 (Multiple unspecified vulnerabilities in JCcorp URLshrink before 1.3.2 ...)
-	TODO: check
+	NOT-FOR-US: URLshrink
 CVE-2007-1795 (JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary ...)
-	TODO: check
+	NOT-FOR-US: URLshrink
 CVE-2007-1794 (The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, ...)
 	TODO: check
 CVE-2007-1793 (SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and ...)
-	TODO: check
+	NOT-FOR-US: Symantec Norton Personal Firewall
 CVE-2007-1792
 	RESERVED
 CVE-2007-1791 (SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and ...)
-	TODO: check
+	NOT-FOR-US: Picture-Engine
 CVE-2007-1790 (Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction ...)
-	TODO: check
+	NOT-FOR-US: Kaqoo Auction Software
 CVE-2007-1789 (Flyspray 0.9.9 allows remote attackers to obtain sensitive information ...)
-	TODO: check
+	- flyspray <unfixed> (medium)
 CVE-2007-1788 (Flyspray 0.9.9, when output_buffering is disabled or &quot;set to a low ...)
-	TODO: check
+	- flyspray <unfixed> (medium)
 CVE-2007-1787 (Multiple PHP remote file inclusion vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Time-Assistant
 CVE-2007-1786 (SQL injection vulnerability in Hitachi Collaboration - Online ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Collaboration
 CVE-2007-1785 (The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 ...)
-	TODO: check
+	NOT-FOR-US: CA BrightStor ARCserve Backup
 CVE-2007-1784 (The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus ...)
-	TODO: check
+	NOT-FOR-US: JNILoader ActiveX control
 CVE-2007-1783
 	RESERVED
 CVE-2006-7191 (Untrusted search path vulnerability in lamdaemon.pl in LDAP Account ...)
-	TODO: check
+	- ldap-account-manager <unfixed> (medium)
 CVE-2006-7190 (Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl ...)
-	TODO: check
+	NOT-FOR-US: WebAPP
 CVE-2006-7189 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in ...)
-	TODO: check
+	NOT-FOR-US: WebAPP
 CVE-2006-7188 (The search function in cgi-lib/user-lib/search.pl in web-app.net ...)
-	TODO: check
+	NOT-FOR-US: WebAPP
 CVE-2006-7187 (Cross-site scripting (XSS) vulnerability in the show_recent_searches ...)
-	TODO: check
+	NOT-FOR-US: WebAPP
 CVE-2006-7186 (cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows ...)
-	TODO: check
+	NOT-FOR-US: WebAPP
 CVE-2006-7185 (PHP remote file inclusion vulnerability in includes/user_standard.php ...)
-	TODO: check
+	NOT-FOR-US: CMSmelborp
 CVE-2006-7184 (Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine ...)
-	TODO: check
+	NOT-FOR-US: Exhibit Engine
 CVE-2006-7183 (PHP remote file inclusion vulnerability in styles.php in Exhibit ...)
-	TODO: check
+	NOT-FOR-US: Exhibit Engine
 CVE-2007-XXXX [low-entropy default passphrase in Debian's dtc-xen]
 	- dtc-xen 0.2.8-1 (low; bug #414480)
 CVE-2007-XXXX [file permission race conidition in Debian's dtc-xen]
@@ -146,47 +148,47 @@
 CVE-2007-XXXX [various crashes and infinite loops in ffmpeg]
 	- ffmpeg 0.cvs20060823-8 (low; bug #407003)
 CVE-2007-1782 (CruiseWorks 1.09e and earlier does not properly restrict user access ...)
-	TODO: check
+	NOT-FOR-US: CruiseWorks
 CVE-2007-1781 (Minna De Office 1.x and 2.x does not properly restrict user access to ...)
-	TODO: check
+	NOT-FOR-US: Minna De Office
 CVE-2007-1780 (Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) ...)
-	TODO: check
+	NOT-FOR-US: Overlay Weaver
 CVE-2007-1779 (Multiple SQL injection vulnerabilities in the MySQL back-end in ...)
-	TODO: check
+	NOT-FOR-US: Advanced Website Creator
 CVE-2007-1778 (PHP remote file inclusion vulnerability in db/mysql.php in the ...)
-	TODO: check
+	NOT-FOR-US: Eve-Nuke
 CVE-2007-1777 (Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ...)
-	TODO: check
+	- php4 <unfixed> (medium)
 CVE-2007-1776 (SQL injection vulnerability in index.php in the DesignForJoomla.com ...)
-	TODO: check
+	NOT-FOR-US: D4J eZine
 CVE-2007-1775 (Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 ...)
-	TODO: check
+	NOT-FOR-US: JBrowser
 CVE-2007-1774 (Multiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy ...)
-	TODO: check
+	NOT-FOR-US: aBitWhizzy
 CVE-2007-1773 (Multiple directory traversal vulnerabilities in aBitWhizzy allow ...)
-	TODO: check
+	NOT-FOR-US: aBitWhizzy
 CVE-2007-1772 (The FTP service in HP JetDirect print servers allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: HP JetDirect
 CVE-2007-1771 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Ay System Solutions Web Content System
 CVE-2007-1770 (ESRI ArcSDE 8.3, 9.0, and 9.1 before 20070327, when using three tiered ...)
-	TODO: check
+	NOT-FOR-US: ArcSDE
 CVE-2007-1769 (Cross-site scripting (XSS) vulnerability in /search in Mephisto 0.7.3 ...)
-	TODO: check
+	NOT-FOR-US: Mephisto
 CVE-2007-1768 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Mephisto
 CVE-2007-1767 (Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in ...)
-	TODO: check
+	NOT-FOR-US: AOL
 CVE-2007-1766 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Advanced Login
 CVE-2007-1765 (Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista ...)
 	TODO: check
 CVE-2007-1764 (Stack-based buffer overflow in FastStone Image Viewer 2.8 allows ...)
-	TODO: check
+	NOT-FOR-US: FastStone Image Viewer
 CVE-2007-1763 (The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows ...)
 	TODO: check
 CVE-2007-1762 (Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs ...)
-	TODO: check
+	- iceweasel <unfixed> (low)
 CVE-2007-1761
 	RESERVED
 CVE-2007-1760
@@ -233,45 +235,45 @@
 	REJECTED
 	TODO: check
 CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus Domino ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Domino
 CVE-2007-1738 (TrueCrypt 4.3, when installed setuid root, allows local users to cause ...)
-	TODO: check
+	NOT-FOR-US: TrueCrypt
 CVE-2007-1737 (Opera 9.10 does not check URLs embedded in (1) object or (2) iframe ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2007-1736 (Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or ...)
-	TODO: check
+	- iceweasel <unfixed> (low)
 CVE-2007-1735 (Stack-based buffer overflow in Corel WordPerfect Office X3 ...)
-	TODO: check
+	NOT-FOR-US: Corel WordPerfect
 CVE-2007-1734 (The DCCP support in the do_dccp_getsockopt function in ...)
-	TODO: check
+	- linux-2.6 <unfixed> (medium)
 CVE-2007-1733 (Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows ...)
-	TODO: check
+	NOT-FOR-US: NaviCOPA HTTP Server
 CVE-2007-1732 (** DISPUTED ** ...)
-	TODO: check
+	- wordpress 2.1.3-1
 CVE-2007-1731 (Multiple stack-based buffer overflows in High Performance Anonymous ...)
-	TODO: check
+	NOT-FOR-US: hpaftpd
 CVE-2007-1730 (Integer signedness error in the DCCP support in the do_dccp_getsockopt ...)
-	TODO: check
+	- linux-2.6 <unfixed> (medium)
 CVE-2007-1729 (SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 ...)
-	TODO: check
+	NOT-FOR-US: Flexbb
 CVE-2007-1728 (The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and ...)
-	TODO: check
+	NOT-FOR-US: Sony Playstation 3
 CVE-2007-1727 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
-	TODO: check
+	NOT-FOR-US: HP OpenView
 CVE-2007-1726 (Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 ...)
-	TODO: check
+	NOT-FOR-US: IceBB
 CVE-2007-1725 (SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows ...)
-	TODO: check
+	NOT-FOR-US: IceBB
 CVE-2007-1724 (Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and ...)
-	TODO: check
+	NOT-FOR-US: ReactOS
 CVE-2007-1723 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: IronMail
 CVE-2007-1722 (Buffer overflow in the DownloadCertificateExt function in SignKorea ...)
-	TODO: check
+	NOT-FOR-US: SKCommAX ActiveX control
 CVE-2007-1721 (Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 ...)
-	TODO: check
+	NOT-FOR-US: C-Arbre
 CVE-2007-1720 (Directory traversal vulnerability in addressbook.php in the ...)
-	TODO: check
+	NOT-FOR-US: Addressbook 1.2 module for PHP-Nuke
 CVE-2007-1719 (Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, ...)
 	TODO: check
 CVE-2007-1718 (CRLF injection vulnerability in the mail function in PHP 4.0.0 through ...)
@@ -284,13 +286,13 @@
 CVE-2007-1716 (pam_console does not properly restore ownership for certain console ...)
 	TODO: check
 CVE-2007-1715 (PHP remote file inclusion vulnerability in frontpage.php in Free Image ...)
-	TODO: check
+	NOT-FOR-US: Free Image Hosting
 CVE-2007-1714 (Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 ...)
-	TODO: check
+	NOT-FOR-US: CcCounter
 CVE-2007-1713 (CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, ...)
-	TODO: check
+	NOT-FOR-US: BASP21
 CVE-2007-1712 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
-	TODO: check
+	NOT-FOR-US: Active Auction Pro
 CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 ...)
 	- php4 <unfixed> (unimportant)
 	- php5 <unfixed> (unimportant)
@@ -300,21 +302,21 @@
 	- php5 <unfixed> (unimportant)
 	NOTE: Safe mode violations not supported, insufficient measure
 CVE-2007-1709 (Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC ...)
-	TODO: check
+	NOT-FOR-US: PECL phpDOC
 CVE-2007-1708 (PHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS ...)
-	TODO: check
+	NOT-FOR-US: ttCMS
 CVE-2007-1707 (PHP remote file inclusion vulnerability in index.php in Net Side ...)
-	TODO: check
+	NOT-FOR-US: Net-Side.net CMS
 CVE-2007-1706 (SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows ...)
-	TODO: check
+	NOT-FOR-US: eWebQuiz
 CVE-2007-1705 (SQL injection vulnerability in default.asp in Active Trade 2 allows ...)
-	TODO: check
+	NOT-FOR-US: Active Trade
 CVE-2007-1704 (SQL injection vulnerability in index.php in the Car Manager ...)
-	TODO: check
+	NOT-FOR-US: Joomla module Car Manager
 CVE-2007-1703 (SQL injection vulnerability in index.php in the RWCards (com_rwcards) ...)
-	TODO: check
+	NOT-FOR-US: Joomla module RWCards
 CVE-2007-1702 (PHP remote file inclusion vulnerability in mod_flatmenu.php in the ...)
-	TODO: check
+	NOT-FOR-US: Flatmenu
 CVE-2007-1701 (PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is ...)
 	- php4 <unfixed> (unimportant)
 	- php5 <unfixed> (unimportant)
@@ -324,13 +326,13 @@
 	- php5 <unfixed> (unknown)
 	NOTE: Should be fixed, if remotely exploitable
 CVE-2007-1699 (Multiple PHP remote file inclusion vulnerabilities in the SWmenu ...)
-	TODO: check
+	NOT-FOR-US: Mambo module SWmenu
 CVE-2007-1698 (download.php in Philex 0.2.3 and earlier allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Philex
 CVE-2007-1697 (PHP remote file inclusion vulnerability in header.inc.php in Philex ...)
-	TODO: check
+	NOT-FOR-US: Philex
 CVE-2007-1696 (SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter ...)
-	TODO: check
+	NOT-FOR-US: Active Newsletter
 CVE-2007-1695 (** DISPUTED ** ...)
 	TODO: check
 CVE-2007-1694
@@ -366,13 +368,13 @@
 CVE-2007-1679 (** DISPUTED ** ...)
 	TODO: check
 CVE-2007-1678 (Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension ...)
-	TODO: check
+	NOT-FOR-US: Fizzle 0.5 extension for Firefox
 CVE-2007-1677 (Multiple buffer overflows in the ISO network protocol support in the ...)
-	TODO: check
+	NOT-FOR-US: NetBSD
 CVE-2007-1676
 	RESERVED
 CVE-2007-1675 (Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Domino
 CVE-2007-1674
 	RESERVED
 CVE-2007-1673
@@ -390,7 +392,7 @@
 CVE-2007-1667 (Multiple integer overflows in (1) the XGetPixel function in ImUtil.c ...)
 	- libx11 2:1.0.3-7 (bug #414045)
 CVE-2007-1666 (The processor_request function in the debugger server for DataRescue ...)
-	TODO: check
+	NOT-FOR-US: IDA Pro
 CVE-2007-1665
 	RESERVED
 	- ekg 1:1.7~rc2-2
@@ -411,157 +413,157 @@
 CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow user-assisted ...)
 	TODO: check
 CVE-2007-1657 (Stack-based buffer overflow in the file_compress function in minigzip ...)
-	TODO: check
+	- python2.5 <not-affected> (does not build minigzip.c)
 CVE-2007-1656 (Multiple SQL injection vulnerabilities in index.php in Katalog Plyt ...)
-	TODO: check
+	NOT-FOR-US: Plyt Audio
 CVE-2007-1655 (Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX ...)
-	TODO: check
+	- tinymux <unfixed> (medium)
 CVE-2007-1654 (Buffer overflow in the Ne7sshSftp::addOpenHandle function in ...)
-	TODO: check
+	NOT-FOR-US: ne7ssh
 CVE-2007-1653 (GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial ...)
-	TODO: check
+	NOT-FOR-US: GlowWorm FW
 CVE-2007-1652 (OpenID allows remote attackers to forcibly log a user into an OpenID ...)
 	TODO: check
 CVE-2007-1651 (Cross-site request forgery (CSRF) vulnerability in OpenID allows ...)
 	TODO: check
 CVE-2007-1650 (pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: pcapsipdump
 CVE-2007-1649 (PHP 5.2.1 allows context-dependent attackers to read portions of heap ...)
-	TODO: check
+	- php5 <unfixed>
 CVE-2007-1648 (0irc 1345 build 20060823 allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: 0irc
 CVE-2007-1647 (Moodle 1.5.2 and earlier stores sensitive information under the web ...)
 	TODO: check
 CVE-2007-1646 (Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 ...)
-	TODO: check
+	NOT-FOR-US: SubHub
 CVE-2007-1645 (Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows ...)
 	TODO: check
 CVE-2007-1644 (The dynamic DNS update mechanism in the DNS Server service on ...)
 	TODO: check
 CVE-2007-1643 (Multiple PHP remote file inclusion vulnerabilities in LAN Management ...)
-	TODO: check
+	NOT-FOR-US: LAN Management System
 CVE-2007-1642 (Unspecified vulnerability in ManageEngine Firewall Analyzer allows ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine Firewall Analyzer
 CVE-2007-1641 (SQL injection vulnerability in index.php in PortailPHP 2.0 allows ...)
-	TODO: check
+	NOT-FOR-US: PortailPHP
 CVE-2007-1640 (Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 ...)
-	TODO: check
+	NOT-FOR-US: ClassWeb
 CVE-2007-1639 (Unrestricted file upload vulnerability in PHProjekt 5.2.0, when ...)
-	TODO: check
+	NOT-FOR-US: PHProjekt
 CVE-2007-1638 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: PHProjekt
 CVE-2007-1637 (Multiple buffer overflows in the IMAILAPILib ActiveX control ...)
-	TODO: check
+	NOT-FOR-US: IMAILAPILib ActiveX control
 CVE-2007-1636 (Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 ...)
-	TODO: check
+	NOT-FOR-US: RoseOnlineCMS
 CVE-2007-1635 (Static code injection vulnerability in admin/settings.php in Net ...)
-	TODO: check
+	NOT-FOR-US: Net Portal Dynamic System
 CVE-2007-1634 (Variable extraction vulnerability in grab_globals.php in Net Portal ...)
-	TODO: check
+	NOT-FOR-US: Net Portal Dynamic System
 CVE-2007-1633 (Directory traversal vulnerability in bbcode_ref.php in the Giorgio ...)
-	TODO: check
+	NOT-FOR-US: Splatt Forum
 CVE-2007-1632 (Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has ...)
-	TODO: check
+	NOT-FOR-US: webCMS
 CVE-2007-1631 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: CLBOX
 CVE-2007-1630 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
-	TODO: check
+	NOT-FOR-US: Active Link Engine
 CVE-2007-1629 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
-	TODO: check
+	NOT-FOR-US: Active Photo Gallery
 CVE-2007-1628 (Multiple PHP remote file inclusion vulnerabilities in Study planner ...)
-	TODO: check
+	NOT-FOR-US: Study planner
 CVE-2007-1627 (Multiple SQL injection vulnerabilities in php-revista 1.1.2 and ...)
-	TODO: check
+	NOT-FOR-US: php-revista
 CVE-2007-1626 (PHP remote file inclusion vulnerability in iframe.php in the iFrame ...)
-	TODO: check
+	NOT-FOR-US: iFrame Module for PHP-NUKE
 CVE-2007-1625 (Cross-site scripting (XSS) vulnerability in save_entry.php in ...)
-	TODO: check
+	NOT-FOR-US: realGuestbook
 CVE-2007-1624 (Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow ...)
-	TODO: check
+	NOT-FOR-US: realGuestbook
 CVE-2007-1623 (Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook ...)
-	TODO: check
+	NOT-FOR-US: realGuestbook
 CVE-2007-1622 (Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in ...)
-	TODO: check
+	- wordpress 2.1.3-1 (medium)
 CVE-2007-1621 (PHP remote file inclusion vulnerability in templates/head.php in ...)
-	TODO: check
+	NOT-FOR-US: Active PHP Bookmark Notes
 CVE-2007-1620 (Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer ...)
-	TODO: check
+	NOT-FOR-US: PHP DB Designer
 CVE-2007-1619 (SQL injection vulnerability in viewcomments.php in ScriptMagix Photo ...)
-	TODO: check
+	NOT-FOR-US: ScriptMagix
 CVE-2007-1618 (SQL injection vulnerability in index.php in ScriptMagix FAQ Builder ...)
-	TODO: check
+	NOT-FOR-US: ScriptMagix
 CVE-2007-1617 (SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 ...)
-	TODO: check
+	NOT-FOR-US: ScriptMagix
 CVE-2007-1616 (SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and ...)
-	TODO: check
+	NOT-FOR-US: ScriptMagix
 CVE-2007-1615 (SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and ...)
-	TODO: check
+	NOT-FOR-US: ScriptMagix
 CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function in ...)
-	TODO: check
+	NOT-FOR-US: ZZIPlib
 CVE-2007-1613 (Directory traversal vulnerability in view.php in MPM Chat 2.5 allows ...)
-	TODO: check
+	NOT-FOR-US: MPM Chat
 CVE-2007-1612 (SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and ...)
-	TODO: check
+	NOT-FOR-US: Plyt Audio
 CVE-2007-1611 (Cross-site scripting (XSS) vulnerability in the RSS reader in a ...)
-	TODO: check
+	NOT-FOR-US: IKANARI JIJYOU
 CVE-2007-1610 (Cross-site scripting (XSS) vulnerability in the RSS reader in Glue ...)
-	TODO: check
+	NOT-FOR-US: NewsGlue
 CVE-2007-1609 (Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic ...)
-	TODO: check
+	NOT-FOR-US: Oracle Application Server
 CVE-2007-1608 (CRLF injection vulnerability in IBM WebSphere Application Server (WAS) ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2007-1607 (search.php in w-Agora (Web-Agora) allows remote attackers to obtain ...)
-	TODO: check
+	NOT-FOR-US: Web-Agora
 CVE-2007-1606 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora ...)
-	TODO: check
+	NOT-FOR-US: Web-Agora
 CVE-2007-1605 (w-Agora (Web-Agora) allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOT-FOR-US: Web-Agora
 CVE-2007-1604 (Multiple unrestricted file upload vulnerabilities in w-Agora ...)
-	TODO: check
+	NOT-FOR-US: Web-Agora
 CVE-2007-1603 (admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Weekly Drawing Contest
 CVE-2007-1602 (SQL injection vulnerability in check_vote.php in Weekly Drawing ...)
-	TODO: check
+	NOT-FOR-US: Weekly Drawing Contest
 CVE-2007-1601 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: Weekly Drawing Contest
 CVE-2007-1600 (PHP remote file inclusion vulnerability in module.php in Digital Eye ...)
-	TODO: check
+	NOT-FOR-US: Digital Eye Gallery
 CVE-2007-1599 (wp-login.php in WordPress allows remote attackers to redirect ...)
 	TODO: check
 CVE-2007-1598 (Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 ...)
-	TODO: check
+	NOT-FOR-US: FileCOPA FTP
 CVE-2007-1597 (Unclassified NewsBoard 1.6.3 stores sensitive information under the ...)
-	TODO: check
+	NOT-FOR-US: Unclassified NewsBoard
 CVE-2007-1596 (Multiple PHP remote file inclusion vulnerabilities in the NFN Address ...)
-	TODO: check
+	NOT-FOR-US: NFN Address Book
 CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk ...)
-	TODO: check
+	- asterisk <unfixed> (low)
 CVE-2007-1594 (The handle_response function in chan_sip.c in Asterisk before 1.2.17 ...)
-	TODO: check
+	- asterisk 1.4.2~dfsg-1 (medium)
 CVE-2007-1593
 	RESERVED
 CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...)
-	TODO: check
+	- linux-2.6 <unfixed> (medium)
 CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus ...)
 	TODO: check
 CVE-2006-7182 (PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 ...)
-	TODO: check
+	NOT-FOR-US: MNews
 CVE-2006-7181 (Multiple PHP remote file inclusion vulnerabilities in Morcego CMS ...)
-	TODO: check
+	NOT-FOR-US: Morcego CMS
 CVE-2006-7180 (ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets ...)
-	TODO: check
+	- madwifi <unfixed> (low)
 CVE-2006-7179 (ieee80211_input.c in MadWifi before 0.9.3 does not properly process ...)
-	TODO: check
+	- madwifi <unfixed> (low)
 CVE-2006-7178 (MadWifi before 0.9.3 does not properly handle reception of an AUTH ...)
-	TODO: check
+	- madwifi <unfixed> (low)
 CVE-2006-7177 (MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a ...)
-	TODO: check
+	- madwifi <unfixed> (low)
 CVE-2006-7176 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...)
 	TODO: check
 CVE-2006-7175 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...)
 	TODO: check
 CVE-2005-4835 (The ath_rate_sample function in the ath_rate/sample/sample.c sample ...)
-	TODO: check
+	- madwifi <unfixed> (low)
 CVE-2003-1324 (Race condition in the can_open function in Elm ME+ 2.4, when installed ...)
 	TODO: check
 CVE-2003-1323 (Elm ME+ 2.4 before PL109S, when installed setgid mail and the ...)
@@ -849,7 +851,7 @@
 CVE-2007-1466 (Integer overflow in the the WP6GeneralTextPacket::_readContents ...)
 	- libwpd 0.8.9-1 (medium)
 CVE-2007-1465 (Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 ...)
-	TODO: check
+	NOT-FOR-US: dproxy
 CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol in ...)
 	- inkscape <unfixed> (medium)
 CVE-2007-1463 (Format string vulnerability in Inkscape before 0.45.1 allows ...)
@@ -1113,7 +1115,8 @@
 CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 ...)
 	NOT-FOR-US: Novell NetMail
 CVE-2007-1349 (PerlRun.pm in Apache mod_perl 1.30 and earlier, and RegistryCooker.pm ...)
-	TODO: check
+	- libapache-mod-perl <unfixed> (low)
+	- libapache2-mod-perl2 <unfixed> (low)
 CVE-2007-1348
 	RESERVED
 CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and ...)
@@ -7230,7 +7233,7 @@
 CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ...)
 	NOT-FOR-US: Citrix
 CVE-2006-5820 (The LinkSBIcons method in the SuperBuddy ActiveX control ...)
-	TODO: check
+	NOT-FOR-US: SuperBuddy ActiveX control
 CVE-2006-5819 (Verity Ultraseek before 5.7 allows remote attackers to use the server ...)
 	NOT-FOR-US: Verity Ultraseek
 CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c for GNU ...)
@@ -9369,7 +9372,7 @@
 CVE-2006-4844 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Claroline
 CVE-2006-4843 (Cross-site scripting (XSS) vulnerability in the Active Content Filter ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Domino
 CVE-2006-4842 (The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in ...)
 	- xulrunner 1.8.0.9-1 (low; bug #405062)
 	[sarge] - mozilla <unfixed> (low)
@@ -10941,7 +10944,7 @@
 CVE-2006-4176
 	RESERVED
 CVE-2006-4175 (The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Directory Server
 CVE-2006-4174
 	RESERVED
 CVE-2006-4173

Modified: data/mopb.txt
===================================================================
--- data/mopb.txt	2007-04-04 20:16:12 UTC (rev 5622)
+++ data/mopb.txt	2007-04-05 00:30:33 UTC (rev 5623)
@@ -24,10 +24,10 @@
 N/A Only triggerable by malicious script
 
 36  PHP session.save_path open_basedir Bypass Vulnerability
-N/A open_basedir bypasses not supported, CVE-2007-1461
+#N/A open_basedir bypasses not supported, CVE-2007-1461
 
 35  PHP 4 zip_entry_read() Integer Overflow Vulnerability
-TODO
+#TODO, needs to be fixed, CVE-2007-1777
 
 34  PHP mail() Header Injection Through Subject and To Parameters
 #TODO, needs to be fixed, CVE-2007-1718
@@ -132,4 +132,4 @@
 01  PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability
 #N/A -> Only triggerable by malicious script, CVE-2007-1383
 
-(Comments starting with # indicate that information has been fed to the tracker)
\ No newline at end of file
+(Comments starting with # indicate that information has been fed to the tracker)




More information about the Secure-testing-commits mailing list