[Secure-testing-commits] r5431 - data/CVE
Kees Cook
keescook-guest at alioth.debian.org
Fri Feb 9 20:14:02 CET 2007
Author: keescook-guest
Date: 2007-02-09 20:13:59 +0100 (Fri, 09 Feb 2007)
New Revision: 5431
Modified:
data/CVE/list
Log:
NFUs, phpbb2 unimportant, drupal not-affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-09 08:14:08 UTC (rev 5430)
+++ data/CVE/list 2007-02-09 19:13:59 UTC (rev 5431)
@@ -3,17 +3,17 @@
CVE-2007-0857 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before ...)
TODO: check
CVE-2007-0856 (TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module ...)
- TODO: check
+ NOT-FOR-US: Trend Micro Anti-Rootkit Common Module
CVE-2007-0855 (Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR ...)
TODO: check
CVE-2007-0854 (Remote file inclusion vulnerability in objcache in cPanel WebHost ...)
- TODO: check
+ NOT-FOR-US: cPanel WebHost Manager
CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers ...)
TODO: check
CVE-2007-0852 (Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote ...)
TODO: check
CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300, before ...)
- TODO: check
+ NOT-FOR-US: Trend Micro Scan Engine
CVE-2007-0850 (scripts/cronscript.php in SysCP 1.2.15 and earlier includes and ...)
TODO: check
CVE-2007-0849 (scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly ...)
@@ -41,9 +41,9 @@
CVE-2007-0837 (PHP remote file inclusion vulnerability in examples/inc/top.inc.php in ...)
TODO: check
CVE-2007-0836 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, ...)
- TODO: check
+ NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0835 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, ...)
- TODO: check
+ NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0834 (Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows ...)
TODO: check
CVE-2007-0833 (VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and ...)
@@ -59,7 +59,7 @@
CVE-2007-0828 (PHP remote file inclusion vulnerability in affichearticles.php3 in ...)
TODO: check
CVE-2007-0827 (The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote ...)
- TODO: check
+ NOT-FOR-US: Alibaba Alipay PTA Module ActiveX control
CVE-2007-0826 (SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows ...)
TODO: check
CVE-2007-0825 (FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of ...)
@@ -75,14 +75,14 @@
CVE-2007-0820 (Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE ...)
TODO: check
CVE-2007-0819 (HP Network Node Manager (NNM) Remote Console 7.50 assigns Everyone ...)
- TODO: check
+ NOT-FOR-US: HP Network Node Manager
CVE-2007-0818
REJECTED
TODO: check
CVE-2007-0817 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion web server
CVE-2007-0816 (CA RPC Server service (catirpc.exe) for BrightStor ARCserve Backup ...)
- TODO: check
+ NOT-FOR-US: (CA) BrightStor
CVE-2007-0815 (Cross-site scripting (XSS) vulnerability in images_archive.asp in ...)
TODO: check
CVE-2007-0814 (Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP ...)
@@ -104,7 +104,7 @@
CVE-2007-0806 (Les News 2.2 allows remote attackers to bypass authentication and gain ...)
TODO: check
CVE-2007-0805 (The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local ...)
- TODO: check
+ NOT-FOR-US: HP Tru64 UNIX
CVE-2007-0804 (Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 ...)
TODO: check
CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote ...)
@@ -126,27 +126,28 @@
CVE-2007-0795 (Multiple PHP remote file inclusion vulnerabilities in Wap Portal ...)
TODO: check
CVE-2007-0794 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: GlobalMegaCorp dvddb
CVE-2007-0793 (PHP remote file inclusion vulnerability in inc/common.php in ...)
- TODO: check
+ NOT-FOR-US: GlobalMegaCorp dvddb
CVE-2007-0792 (The mod_perl initialization script in Bugzilla 2.23.3 does not set the ...)
TODO: check
CVE-2007-0791 (Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla ...)
TODO: check
CVE-2007-0790 (Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP ...)
- TODO: check
+ NOT-FOR-US: SmartFTP
CVE-2007-0789 (SQL injection vulnerability in Mambo before 4.5.5 allows remote ...)
- TODO: check
+ - mambo 4.6.1-1 (medium)
+ NOTE: only the 4.5.x tree was vulnerable
CVE-2007-0788 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before ...)
- TODO: check
+ - mediawiki <not-affected> (Only in 1.9 branch, fixed in 1.9.2)
CVE-2007-0787 (PHP remote file inclusion vulnerability in controller.php in Simple ...)
- TODO: check
+ NOT-FOR-US: Simple Invoices
CVE-2007-0786 (SQL injection vulnerability in view.php in Noname Media Photo Galerie ...)
- TODO: check
+ NOT-FOR-US: Noname Media Photo Galerie Standard
CVE-2007-0785 (PHP remote file inclusion vulnerability in previewtheme.php in ...)
- TODO: check
+ NOT-FOR-US: Flipsource Flip
CVE-2007-0784 (SQL injection vulnerability in login.asp for tPassword in the Raymond ...)
- TODO: check
+ NOT-FOR-US: RBL ASP tPassword
CVE-2007-0783
RESERVED
CVE-2007-0782
@@ -176,37 +177,37 @@
CVE-2007-0770
RESERVED
CVE-2006-6982 (3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic ...)
- TODO: check
+ NOT-FOR-US: 3proxy
CVE-2006-6981 (3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows ...)
- TODO: check
+ NOT-FOR-US: 3proxy
CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to cause a ...)
TODO: check
CVE-2006-6979 (The ruby handlers in Amarok do not properly quote text in certain ...)
TODO: check
CVE-2006-6978 (Cross-site scripting (XSS) vulnerability in the "Basic Toolbar ...)
- TODO: check
+ NOT-FOR-US: FCKEditor
CVE-2006-6977 (Cross-site scripting (XSS) vulnerability in the "Basic Toolbar ...)
- TODO: check
+ NOT-FOR-US: FreeTextBox
CVE-2006-6976 (PHP remote file inclusion vulnerability in centipaid_class.php in ...)
- TODO: check
+ NOT-FOR-US: CentiPaid
CVE-2006-6975 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: CentiPaid
CVE-2006-6974 (Headstart Solutions DeskPRO stores sensitive information under the web ...)
- TODO: check
+ NOT-FOR-US: DeskPRO
CVE-2006-6973 (Headstart Solutions DeskPRO does not require authentication for ...)
- TODO: check
+ NOT-FOR-US: DeskPRO
CVE-2006-6972 (SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: BtitTracker
CVE-2006-6971 (Mozilla Firefox 2.0, possibly only when running on Windows, allows ...)
TODO: check
CVE-2006-6970 (Opera 9.10 Final allows remote attackers to bypass the Fraud ...)
TODO: check
CVE-2006-6969 (Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 ...)
- TODO: check
+ NOT-FOR-US: Jetty
CVE-2005-4827 (Internet Explorer 6.0, and possibly other versions, allows remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2003-1319 (Multiple buffer overflows in SmartFTP 1.0.973, and other versions ...)
- TODO: check
+ NOT-FOR-US: SmartFTP
CVE-2007-0844 (The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when ...)
- libpam-ssh <unfixed> (bug #410236; medium)
CVE-2007-0769 (** DISPUTED ** ...)
@@ -446,7 +447,7 @@
CVE-2007-0659 (download.php in the MuddyDogPaws FileDownload snippet before 2.5 for ...)
NOT-FOR-US: MODx MuddyDogPaws FileDownload
CVE-2007-0658 (The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module ...)
- TODO: check
+ - drupal <not-affected> (Drupal module "Textimage")
CVE-2007-0657 (Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to ...)
- nexuiz 2.2.3-1 (medium)
CVE-2007-0656 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
@@ -12650,9 +12651,11 @@
CVE-2006-2221 (A third-party installer generation tool, possibly BitRock ...)
- ejabberd <not-affected> (only binary distribution is affected)
CVE-2006-2220 (phpBB 2.0.20 does not properly verify user-specified input variables ...)
- TODO: check
+ - phpbb2 <unfixed> (unimportant)
+ NOTE: SQL query disclosure
CVE-2006-2219 (phpBB 2.0.20 does not verify user-specified input variable types ...)
- TODO: check
+ - phpbb2 <unfixed> (unimportant)
+ NOTE: path disclosure
CVE-2006-2218 (Unspecified vulnerability in Internet Explorer 6.0 on Microsoft ...)
NOT-FOR-US: MS IE
CVE-2006-2217 (SQL injection vulnerability in index.php in Invision Power Board ...)
@@ -15319,7 +15322,7 @@
{DSA-1149-1}
- ncompress 4.2.4-16
CVE-2006-1167 (SGI ProPack 3 SP6 kernel displays the frame buffer contents of the ...)
- TODO: check
+ NOT-FOR-US: SGI
CVE-2006-1165 (Cross-site scripting (XSS) vulnerability in the mediamanager module in ...)
- dokuwiki 0.0.20060309-3 (bug #357436)
CVE-2006-1164 (Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file ...)
More information about the Secure-testing-commits
mailing list