[Secure-testing-commits] r5686 - data/CVE
Kees Cook
keescook-guest at alioth.debian.org
Thu Apr 19 22:29:50 UTC 2007
Author: keescook-guest
Date: 2007-04-19 22:29:46 +0000 (Thu, 19 Apr 2007)
New Revision: 5686
Modified:
data/CVE/list
Log:
NFUs: 116
unfixed: apache2 elinks file freeradius kdelibs lha quagga
fixed: phpmyadmin
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-04-19 22:24:02 UTC (rev 5685)
+++ data/CVE/list 2007-04-19 22:29:46 UTC (rev 5686)
@@ -1,103 +1,103 @@
CVE-2007-2107 (SQL injection vulnerability in visit.php in the Rha7 Downloads ...)
- TODO: check
+ NOT-FOR-US: Rha7 Downloads
CVE-2007-2106 (Directory traversal vulnerability in index.php in Kai Content ...)
- TODO: check
+ NOT-FOR-US: Kai Content Management System
CVE-2007-2105 (Directory traversal vulnerability in admin/index.php in Monkey CMS ...)
- TODO: check
+ NOT-FOR-US: Monkey CMS
CVE-2007-2104 (Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow ...)
- TODO: check
+ NOT-FOR-US: iXon CMS
CVE-2007-2103 (Multiple PHP remote file inclusion vulnerabilities in my little forum ...)
- TODO: check
+ NOT-FOR-US: my little forum
CVE-2007-2102 (Cross-site scripting (XSS) vulnerability in weblog.php in my little ...)
- TODO: check
+ NOT-FOR-US: my little weblog
CVE-2007-2101 (FAC Guestbook 3.01 stores sensitive information under the web root ...)
- TODO: check
+ NOT-FOR-US: FAC Guestbook
CVE-2007-2100 (FAC Guestbook 2.0 stores sensitive information under the web root with ...)
- TODO: check
+ NOT-FOR-US: FAC Guestbook
CVE-2007-2099 (Cross-site scripting (XSS) vulnerability in htdocs/php.php in ...)
- TODO: check
+ NOT-FOR-US: OpenConcept Back-End CMS
CVE-2007-2098 (Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in ...)
- TODO: check
+ NOT-FOR-US: Wabbit PHP Gallery
CVE-2007-2097 (Multiple PHP remote file inclusion vulnerabilities in OpenConcept ...)
- TODO: check
+ NOT-FOR-US: OpenConcept Back-End CMS
CVE-2007-2096 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...)
- TODO: check
+ NOT-FOR-US: PHPHD Download System
CVE-2007-2095 (PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 ...)
- TODO: check
+ NOT-FOR-US: MySpeach
CVE-2007-2094 (PHP remote file inclusion vulnerability in index.php in Anthologia ...)
- TODO: check
+ NOT-FOR-US: Anthologia
CVE-2007-2093 (Direct static code injection vulnerability in index.php in Limesoft ...)
- TODO: check
+ NOT-FOR-US: Limesoft Guestbook
CVE-2007-2092 (Direct static code injection vulnerability in index.php in Limesoft ...)
- TODO: check
+ NOT-FOR-US: Limesoft Guestbook
CVE-2007-2091 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: tsdisplay4xoops
CVE-2007-2090 (Cross-site scripting (XSS) vulnerability in index.php in TuMusika ...)
- TODO: check
+ NOT-FOR-US: TuMusika Evolution
CVE-2007-2089 (Multiple PHP remote file inclusion vulnerabilities in the Jx ...)
- TODO: check
+ NOT-FOR-US: Jx Development Article component for Mambo and Joomla
CVE-2007-2088 (Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 ...)
- TODO: check
+ NOT-FOR-US: Sitebar
CVE-2007-2087 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, ...)
- TODO: check
+ NOT-FOR-US: CNStats
CVE-2007-2086 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 ...)
- TODO: check
+ NOT-FOR-US: CNStats
CVE-2007-2085 (Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS ...)
- TODO: check
+ NOT-FOR-US: oe2edit CMS
CVE-2007-2084 (PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 ...)
- TODO: check
+ NOT-FOR-US: MobilePublisherphp
CVE-2007-2083 (vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 ...)
NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2082 (Direct static code injection vulnerability in admin/settings.php in ...)
- TODO: check
+ NOT-FOR-US: MyBlog
CVE-2007-2081 (MyBlog 0.9.8 and earlier allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: MyBlog
CVE-2007-2080 (Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows ...)
- TODO: check
+ NOT-FOR-US: XAMPP
CVE-2007-2079 (The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and ...)
- TODO: check
+ NOT-FOR-US: XAMPP
CVE-2007-2078 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Maian Weblog
CVE-2007-2077 (PHP remote file inclusion vulnerability in search.php in Maian Search ...)
- TODO: check
+ NOT-FOR-US: Maian Search
CVE-2007-2076 (PHP remote file inclusion vulnerability in index.php in Maian Gallery ...)
- TODO: check
+ NOT-FOR-US: Maian Gallery
CVE-2007-2075 (ScramDisk 4 Linux before 1.0-1 does not perform permission checks on ...)
- TODO: check
+ NOT-FOR-US: ScramDisk
CVE-2007-2074 (Certain programs in containers in ScramDisk 4 Linux before 1.0-1 ...)
- TODO: check
+ NOT-FOR-US: ScramDisk
CVE-2007-2073 (PHP remote file inclusion vulnerability in index.php in Ivan Gallery ...)
- TODO: check
+ NOT-FOR-US: Ivan Gallery Script
CVE-2007-2072 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Ivan Gallery Script
CVE-2007-2071 (Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto ...)
- TODO: check
+ NOT-FOR-US: Open-gorotto
CVE-2007-2070 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...)
- TODO: check
+ NOT-FOR-US: SunShop Shopping Cart
CVE-2007-2069 (Directory traversal vulnerability in scr/soustab.php in openMairie ...)
- TODO: check
+ NOT-FOR-US: openMairie
CVE-2007-2068 (Multiple PHP remote file inclusion vulnerabilities in the StoreFront ...)
TODO: check
CVE-2007-2067 (Multiple PHP remote file inclusion vulnerabilities in Marco Antonio ...)
- TODO: check
+ NOT-FOR-US: WebSlider
CVE-2007-2066 (UseBB before 1.0.6 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: UseBB
CVE-2007-2065 (PHP remote file inclusion vulnerability in db/PollDB.php in Robert ...)
- TODO: check
+ NOT-FOR-US: ActionPoll
CVE-2007-2064 (Multiple PHP remote file inclusion vulnerabilities in Robert ...)
- TODO: check
+ NOT-FOR-US: ActionPoll
CVE-2007-2063 (SSH Tectia Server for IBM z/OS before 5.4.0, when _BPX_BATCH_UMASK is ...)
- TODO: check
+ NOT-FOR-US: IBM zOS
CVE-2007-2062 (Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows ...)
- TODO: check
+ NOT-FOR-US: VCDGear
CVE-2007-2061 (Cross-site scripting (XSS) vulnerability in check_login.asp in ...)
- TODO: check
+ NOT-FOR-US: MailBee WebMail Pro
CVE-2007-2060 (Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 ...)
- TODO: check
+ NOT-FOR-US: Wizz RSS Reader
CVE-2007-2059 (Multiple buffer overflows in the ESA protocol implementation in ...)
- TODO: check
+ NOT-FOR-US: eIQnetworks Enterprise Security Analyzer
CVE-2007-2058 (Directory traversal vulnerability in Acubix PicoZip 4.02 allows ...)
- TODO: check
+ NOT-FOR-US: Acubix PicoZip
CVE-2007-2057 (Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows ...)
TODO: check
CVE-2007-2056
@@ -111,25 +111,25 @@
CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in ...)
TODO: check
CVE-2007-2051 (Buffer overflow in the parsecmd function in bftpd before 1.8 has ...)
- TODO: check
+ NOT-FOR-US: bftpd
CVE-2007-2050 (Multiple directory traversal vulnerabilities in header.php in ...)
- TODO: check
+ NOT-FOR-US: RicarGBooK
CVE-2007-2049 (Multiple PHP remote file inclusion vulnerabilities in the Calendar ...)
- TODO: check
+ NOT-FOR-US: Calendar Module for Mambo
CVE-2007-2048 (Directory traversal vulnerability in /console in the Management ...)
- TODO: check
+ NOT-FOR-US: webMethods Glue
CVE-2007-2047 (CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 ...)
- TODO: check
+ NOT-FOR-US: Openads
CVE-2007-2046 (Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads ...)
- TODO: check
+ NOT-FOR-US: Openads
CVE-2007-2045 (Unspecified vulnerability in the IP implementation in Sun Solaris 8 ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2007-2044 (PHP remote file inclusion vulnerability in mod_weather.php in the ...)
- TODO: check
+ NOT-FOR-US: Weather module for Mambo and Joomla
CVE-2007-2043 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...)
- TODO: check
+ NOT-FOR-US: MOSMedia Lite
CVE-2007-2042 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...)
- TODO: check
+ NOT-FOR-US: MOSMedia Lite
CVE-2007-2041 (Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ...)
TODO: check
CVE-2007-2040 (Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points ...)
@@ -151,129 +151,129 @@
CVE-2007-2032 (Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded ...)
TODO: check
CVE-2007-2031 (Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, ...)
- TODO: check
+ NOT-FOR-US: 3proxy
CVE-2007-2030 (lharc.c in lha does not securely create temporary files, which might ...)
- TODO: check
+ - lha <unfixed> (low)
CVE-2007-2029
RESERVED
CVE-2007-2028 (Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to ...)
- TODO: check
+ - freeradius <unfixed> (low)
CVE-2007-2027 (Untrusted search path vulnerability in the add_filename_to_string ...)
- TODO: check
+ - elinks <unfixed> (bug #417789; medium)
CVE-2007-2026 (The gnu regular expression code in file 4.20 allows context-dependent ...)
- TODO: check
+ - file <unfixed> (medium)
CVE-2007-2025 (Unrestricted file upload vulnerability in the UpLoad feature ...)
- TODO: check
+ NOT-FOR-US: PhpWiki
CVE-2007-2024 (Unrestricted file upload vulnerability in the UpLoad feature ...)
- TODO: check
+ NOT-FOR-US: PhpWiki
CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the authorization and ...)
- TODO: check
+ NOT-FOR-US: Secustick USB flash drive
CVE-2007-2022 (Unspecified vulnerability in the Adobe Macromedia Flash Player 7.x and ...)
- TODO: check
+ - kdelibs <unfixed> (low)
CVE-2007-2021 (Multiple PHP remote file inclusion vulnerabilities in Pineapple ...)
- TODO: check
+ NOT-FOR-US: Pineapple Technologies Lore
CVE-2007-2020 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: xodagallery
CVE-2007-2019 (PHP remote file inclusion vulnerability in init.gallery.php in ...)
- TODO: check
+ NOT-FOR-US: phpGalleryScript
CVE-2007-2018 (SQL injection vulnerability in msg.php in AlstraSoft Video Share ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-2017 (siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-2016 (Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in ...)
- TODO: check
+ - phpmyadmin 4:2.6.2-3 (unimportant)
CVE-2007-2015 (PHP remote file inclusion vulnerability in index.php in Request It ...)
- TODO: check
+ NOT-FOR-US: Request It
CVE-2007-2014 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: MyNews
CVE-2007-2013 (Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme ...)
- TODO: check
+ NOT-FOR-US: Passworschutz
CVE-2007-2012 (Multiple directory traversal vulnerabilities in MimarSinan CompreXX ...)
- TODO: check
+ NOT-FOR-US: CompreXX
CVE-2007-2011 (Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 ...)
- TODO: check
+ NOT-FOR-US: DeskPro
CVE-2007-2010 (Double-free vulnerability in bftpd before 1.8 allows remote ...)
- TODO: check
+ NOT-FOR-US: bftpd
CVE-2007-2009 (PHP remote file inclusion vulnerability in index.php in SimpCMS Light ...)
- TODO: check
+ NOT-FOR-US: SimpCMS Light
CVE-2007-2008 (Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 ...)
- TODO: check
+ NOT-FOR-US: pL-PHP
CVE-2007-2007 (admin.php in pL-PHP beta 0.9 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: pL-PHP
CVE-2007-2006 (Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 ...)
- TODO: check
+ NOT-FOR-US: pL-PHP
CVE-2007-2005 (Multiple PHP remote file inclusion vulnerabilities in the Taskhopper ...)
- TODO: check
+ NOT-FOR-US: Taskhopper component for Mambo and Joomla
CVE-2007-2004 (Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 ...)
- TODO: check
+ NOT-FOR-US: InoutMailingListManager
CVE-2007-2003 (InoutMailingListManager 3.1 and earlier sends a Location redirect ...)
- TODO: check
+ NOT-FOR-US: InoutMailingListManager
CVE-2007-2002 (InoutMailingListManager 3.1 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: InoutMailingListManager
CVE-2007-2001 (Multiple direct static code injection vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Crea-Book
CVE-2007-2000 (Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book ...)
- TODO: check
+ NOT-FOR-US: Crea-Book
CVE-2007-1999 (PHP remote file inclusion vulnerability in index.php in Weatimages ...)
- TODO: check
+ NOT-FOR-US: Weatimages
CVE-2007-1998 (Direct static code injection vulnerability in HIOX Guest Book (HGB) ...)
- TODO: check
+ NOT-FOR-US: HIOX Guest Book
CVE-2007-1997 (Integer signedness error in the (1) cab_unstore and (2) cab_extract ...)
TODO: check
CVE-2007-1996 (PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, ...)
- TODO: check
+ NOT-FOR-US: CodeBreak
CVE-2007-1995 (bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier ...)
- TODO: check
+ - quagga <unfixed> (low)
CVE-2007-1994 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
- TODO: check
+ NOT-FOR-US: HP-UX ARPA transport
CVE-2007-1993 (Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File ...)
- TODO: check
+ NOT-FOR-US: HP-UX Portable File System
CVE-2007-1992 (Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 ...)
- TODO: check
+ NOT-FOR-US: com_zoom
CVE-2007-1991 (Cross-site scripting (XSS) vulnerability in mail/signup.asp in ...)
- TODO: check
+ NOT-FOR-US: CmailServer WebMail
CVE-2007-1990 (PHP remote file inclusion vulnerability in games.php in Sam Crew ...)
- TODO: check
+ NOT-FOR-US: MyBlog
CVE-2007-1989 (Multiple cross-site scripting (XSS) vulnerabilities in DotClear before ...)
- TODO: check
+ NOT-FOR-US: DotClear
CVE-2007-1988 (Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in ...)
- TODO: check
+ NOT-FOR-US: PHPEcho CMS
CVE-2007-1987 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: PHPEcho CMS
CVE-2007-1986 (Multiple PHP remote file inclusion vulnerabilities in barnraiser ...)
- TODO: check
+ NOT-FOR-US: AROUNDMe
CVE-2007-1985 (Multiple PHP remote file inclusion vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: phpexplorator
CVE-2007-1984 (PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 ...)
- TODO: check
+ NOT-FOR-US: lite-cms
CVE-2007-1983 (PHP remote file inclusion vulnerability in include/default_header.php ...)
- TODO: check
+ NOT-FOR-US: Cyboards PHP Lite
CVE-2007-1982 (Multiple PHP remote file inclusion vulnerabilities in Really Simple ...)
- TODO: check
+ NOT-FOR-US: Really Simple PHP and Ajax
CVE-2007-1981 (The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on ...)
- TODO: check
+ NOT-FOR-US: Metamod-P
CVE-2007-1980 (SQL injection vulnerability in index.php in the Topliste 1.0 module ...)
- TODO: check
+ NOT-FOR-US: Topliste module for PHP-Fusion
CVE-2007-1979 (SQL injection vulnerability in index.php in the PopnupBlog 2.52 and ...)
- TODO: check
+ NOT-FOR-US: PopnupBlog module for Xoops
CVE-2007-1978 (SQL injection vulnerability in index.php in the Arcade 1.00 module for ...)
- TODO: check
+ NOT-FOR-US: Arcade module for PHP-Fusion
CVE-2007-1977 (Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS ...)
- TODO: check
+ NOT-FOR-US: holaCMS
CVE-2007-1976 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Virii Info module for Xoops
CVE-2007-1975 (Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 ...)
- TODO: check
+ NOT-FOR-US: SLAED CMS
CVE-2007-1974 (SQL injection vulnerability in the getArticle function in ...)
- TODO: check
+ NOT-FOR-US: Xoops modules
CVE-2007-1973 (Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel ...)
TODO: check
CVE-2007-1972
RESERVED
CVE-2006-7194 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Agora
CVE-2006-7193 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: disputed (SMARTY_DIR is a constant)
CVE-2003-1325 (The SV_CheckForDuplicateNames function in Valve Software Half-Life ...)
TODO: check
CVE-2007-XXXX [mydms SQL injection]
@@ -485,13 +485,13 @@
CVE-2007-1875
RESERVED
CVE-2007-1874 (Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion MX
CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in mephisto 0.7.3 allows ...)
- TODO: check
+ NOT-FOR-US: mephisto
CVE-2007-1872 (Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows ...)
- TODO: check
+ NOT-FOR-US: toendaCMS
CVE-2007-1871 (Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows ...)
- TODO: check
+ NOT-FOR-US: chcounter
CVE-2007-1870 (lighttpd before 1.4.14 allows attackers to cause a denial of service ...)
TODO: check
CVE-2007-1869 (lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial ...)
@@ -796,11 +796,11 @@
CVE-2007-1744
RESERVED
CVE-2007-1743 (suexec in Apache HTTP Server (httpd) 2.2.3 does not verify ...)
- TODO: check
+ - apache2 <unfixed> (unimportant)
CVE-2007-1742 (suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison ...)
- TODO: check
+ - apache2 <unfixed> (unimportant)
CVE-2007-1741 (Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 ...)
- TODO: check
+ - apache2 <unfixed> (unimportant)
CVE-2007-1740
REJECTED
CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus Domino ...)
@@ -947,7 +947,7 @@
CVE-2007-1675 (Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP ...)
NOT-FOR-US: IBM Lotus Domino
CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in ...)
- TODO: check
+ NOT-FOR-US: LANDesk Management Suite
CVE-2007-1673
RESERVED
CVE-2007-1672
@@ -1680,9 +1680,9 @@
CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows ...)
NOT-FOR-US: OpenBSD Kernel
CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain ...)
- TODO: check
+ NOT-FOR-US: DropAFew
CVE-2007-1363 (Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow ...)
- TODO: check
+ NOT-FOR-US: DropAFew
CVE-2007-1362
RESERVED
CVE-2007-1361 (Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in ...)
More information about the Secure-testing-commits
mailing list