[Secure-testing-commits] r5397 - data/CVE
Kees Cook
keescook-guest at alioth.debian.org
Thu Feb 1 21:14:27 CET 2007
Author: keescook-guest
Date: 2007-02-01 21:14:24 +0100 (Thu, 01 Feb 2007)
New Revision: 5397
Modified:
data/CVE/list
Log:
NFSs, assigned CVE for chmlib, opened mpg123 bug, fixed up a typo
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-01 10:44:18 UTC (rev 5396)
+++ data/CVE/list 2007-02-01 20:14:24 UTC (rev 5397)
@@ -1,51 +1,51 @@
CVE-2007-0633 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: MyNews
CVE-2007-0632 (SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and ...)
- TODO: check
+ NOT-FOR-US: ASP EDGE
CVE-2007-0631 (SQL injection vulnerability in index.php in Eclectic Designs ...)
- TODO: check
+ NOT-FOR-US: Eclectic Designs CascadianFAQ
CVE-2007-0630 (Multiple SQL injection vulnerabilities in the generate_csv function in ...)
- TODO: check
+ NOT-FOR-US: xNews
CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8 does not ...)
- TODO: check
+ NOT-FOR-US: Plain Black WebGUI
CVE-2007-0628 (Cross-site scripting (XSS) vulnerability in Sun Java System Access ...)
- TODO: check
+ NOT-FOR-US: Sun Java System Access Manager
CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password ...)
- TODO: check
+ NOT-FOR-US: gtalkbot
CVE-2007-0626 (The comment_form_add_preview function in comment.module in Drupal ...)
TODO: check
CVE-2007-0625 (nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not ...)
- TODO: check
+ NOT-FOR-US: NoMachine NX Server
CVE-2007-0624 (user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the ...)
- TODO: check
+ NOT-FOR-US: MAXdev MDPro
CVE-2007-0623 (SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows ...)
- TODO: check
+ NOT-FOR-US: MAXdev MDPro
CVE-2007-0622 (Cross-site request forgery (CSRF) vulnerability in MyBB (aka ...)
- TODO: check
+ NOT-FOR-US: MyBulletinBoard
CVE-2007-0621 (Unspecified vulnerability in Microsoft Word 2003 has unknown impact ...)
- TODO: check
+ NOT-FOR-US: Microsoft Word
CVE-2007-0620 (download.php in FD Script 1.3.2 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: FD Script
CVE-2007-0619 (chmlib before 0.39 allows user-assisted remote attackers to execute ...)
- TODO: check
+ - chmlib 2:0.39-1 (bug #408603; medium)
CVE-2007-0618 (Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2007-0617 (The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked ...)
- TODO: check
+ NOT-FOR-US: Earthlink TotalAccess
CVE-2007-0616 (Directory traversal vulnerability in zen/template-functions.php in ...)
- TODO: check
+ NOT-FOR-US: zenphoto
CVE-2007-0615 (Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2007-0614 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2007-0613 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2007-0612 (Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft ActiveX
CVE-2007-0611 (Multiple cross-site scripting (XSS) vulnerabilities in Free LAN ...)
- TODO: check
+ NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature in ...)
- TODO: check
+ NOT-FOR-US: CMSimple
CVE-2007-0609
RESERVED
CVE-2007-0608
@@ -57,101 +57,101 @@
CVE-2007-0605
RESERVED
CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) before ...)
- TODO: check
+ NOT-FOR-US: Movable Type
CVE-2007-0603 (PGP Desktop before 9.5.1 does not validate data objects received over ...)
- TODO: check
+ NOT-FOR-US: PGP Desktop
CVE-2007-0602 (Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro ...)
- TODO: check
+ NOT-FOR-US: Trend Micro AntiVirus
CVE-2007-0601 (common/safety.php in Aztek Forum 4.00 allows remote attackers to enter ...)
- TODO: check
+ NOT-FOR-US: Aztek Forum
CVE-2007-0600 (SQL injection vulnerability in news_page.asp in Martyn Kilbryde ...)
- TODO: check
+ NOT-FOR-US: makit news
CVE-2007-0599 (Variable overwrite vulnerability in common/config.php in Aztek Forum ...)
- TODO: check
+ NOT-FOR-US: Aztek Forum
CVE-2007-0598 (SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 ...)
- TODO: check
+ NOT-FOR-US: Aztek Forum
CVE-2007-0597 (Aztek Forum 4.00 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: Aztek Forum
CVE-2007-0596 (PHP remote file inclusion vulnerability in index/main.php in Aztek ...)
- TODO: check
+ NOT-FOR-US: Aztek Forum
CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in high5 Review script allows ...)
- TODO: check
+ NOT-FOR-US: high5 Review
CVE-2007-0594 (Siteman 2.0.x2 stores sensitive information under the web root with ...)
- TODO: check
+ NOT-FOR-US: Siteman
CVE-2007-0593 (Siteman 1.1.11 stores sensitive information under the web root with ...)
- TODO: check
+ NOT-FOR-US: Siteman
CVE-2007-0592 (Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows ...)
- TODO: check
+ NOT-FOR-US: EzDatabase
CVE-2007-0591 (PHP remote file inclusion vulnerability in configure.php in Vu Le An ...)
- TODO: check
+ NOT-FOR-US: VirtualPath
CVE-2007-0590 (Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre ...)
- TODO: check
+ NOT-FOR-US: Forum Livre
CVE-2007-0589 (SQL injection vulnerability in Forum Livre 1.0 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Forum Livre
CVE-2007-0588 (The InternalUnpackBits function in Apple QuickDraw, as used by ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2007-0587
RESERVED
CVE-2007-0586
RESERVED
CVE-2007-0585 (include/debug.php in Webfwlog 0.92 and earlier, when register_globals ...)
- TODO: check
+ NOT-FOR-US: Webfwlog
CVE-2007-0584 (PHP remote file inclusion vulnerability in membres/membreManager.php ...)
- TODO: check
+ NOT-FOR-US: PhP Generic
CVE-2007-0583 (Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander ...)
- TODO: check
+ NOT-FOR-US: HTTP Commander
CVE-2007-0582 (SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows ...)
- TODO: check
+ NOT-FOR-US: ChernobiLe
CVE-2007-0581 (PHP remote file inclusion vulnerability in functions.php in EclipseBB ...)
- TODO: check
+ NOT-FOR-US: EclipseBB
CVE-2007-0580 (PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 ...)
- TODO: check
+ NOT-FOR-US: Foro Domus
CVE-2007-0579 (Unspecified vulnerability in the calendar component in Horde Groupware ...)
- TODO: check
+ NOT-FOR-US: Horde Groupware
CVE-2007-0578 (The http_open function in httpget.c in mpg123 before 0.64 allows ...)
- TODO: check
+ - mpg123 <unfixed> (bug #409296; low)
CVE-2007-0577 (PHP remote file inclusion vulnerability in function.inc.php in ...)
- TODO: check
+ NOT-FOR-US: ACGVclick
CVE-2007-0576 (PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats ...)
- TODO: check
+ NOT-FOR-US: Xt-Stats
CVE-2007-0575 (Multiple SQL injection vulnerabilities in the administrative login ...)
- TODO: check
+ NOT-FOR-US: ASPCode.net AdMentor
CVE-2007-0574 (SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo ...)
- TODO: check
+ NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
CVE-2007-0573 (PHP remote file inclusion vulnerability in includes/config.inc.php in ...)
- TODO: check
+ NOT-FOR-US: nsGalPHP
CVE-2007-0572 (PHP remote file inclusion vulnerability in include/irc/phpIRC.php in ...)
- TODO: check
+ NOT-FOR-US: Drunken:Golem Gaming Portal
CVE-2007-0571 (PHP remote file inclusion vulnerability in include/lib/lib_head.php in ...)
- TODO: check
+ NOT-FOR-US: phpMyReports
CVE-2007-0570 (PHP remote file inclusion vulnerability in ains_main.php in Johannes ...)
- TODO: check
+ NOT-FOR-US: Ad Fundum Integratable News Script
CVE-2007-0569 (SQL injection vulnerability in xNews.php in xNews 1.3 allows remote ...)
- TODO: check
+ NOT-FOR-US: xNews
CVE-2007-0568 (PHP remote file inclusion vulnerability in system/lib/package.php in ...)
- TODO: check
+ NOT-FOR-US: MyPHPCommander
CVE-2007-0567 (Cross-site scripting (XSS) vulnerability in admin.php in ...)
- TODO: check
+ NOT-FOR-US: Interactive-Scripts.Com
CVE-2007-0566 (SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and ...)
- TODO: check
+ NOT-FOR-US: ASP NEWS
CVE-2007-0565 (CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: CGI RESCUE
CVE-2007-0564 (The license registering interface in Symantec Web Security (SWS) ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2007-0563 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2007-0562 (Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP ...)
- TODO: check
+ NOT-FOR-US: Windows Explorer
CVE-2007-0561 (Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 ...)
- TODO: check
+ NOT-FOR-US: Xero Portal
CVE-2007-0560 (SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier ...)
- TODO: check
+ NOT-FOR-US: ASP EDGE
CVE-2007-0559 (PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 ...)
- TODO: check
+ NOT-FOR-US: RPW
CVE-2007-0558 (PHP remote file inclusion vulnerability in modules/mail/main.php in ...)
- TODO: check
+ NOT-FOR-US: vHostAdmin
CVE-2005-4826 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-0557 (rMake before 1.0.4 drops root privileges in a way that retains the ...)
NOT-FOR-US: rPath
CVE-2007-0556
@@ -179,7 +179,7 @@
CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the web root ...)
NOT-FOR-US: Maxtricity Tagger
CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka ...)
- NOT-FOR-US: MyBulletinBoard)
+ NOT-FOR-US: MyBulletinBoard
CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under the web ...)
NOT-FOR-US: ZixForum
CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe ...)
@@ -357,8 +357,6 @@
- bbclone <unfixed> (bug #408839; medium)
CVE-2007-XXXX [hinfo code injection]
- hinfo 1.02-3.1 (bug #402316)
-CVE-2007-XXXX [unsafe alloca() call in chmlib]
- - chmlib 2:0.39-1 (bug #408603; medium)
CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 ...)
{DSA-1254-1}
- bind9 1:9.3.4-2 (medium; bug #408432)
@@ -384,7 +382,7 @@
CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the admin ...)
TODO: check
CVE-2007-0466 (Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 ...)
- TODO: check
+ NOT-FOR-US: Telestream
CVE-2007-0465 (Format string vulnerability in Apple Installer 2.1.5 on Mac OS X ...)
TODO: check
CVE-2007-0464 (The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 ...)
More information about the Secure-testing-commits
mailing list