[Secure-testing-commits] r5455 - data/CVE
Kees Cook
keescook-guest at alioth.debian.org
Tue Feb 13 23:52:09 UTC 2007
Author: keescook-guest
Date: 2007-02-14 00:52:07 +0100 (Wed, 14 Feb 2007)
New Revision: 5455
Modified:
data/CVE/list
Log:
NFUs, joomla, stlport5
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-13 22:22:42 UTC (rev 5454)
+++ data/CVE/list 2007-02-13 23:52:07 UTC (rev 5455)
@@ -53,41 +53,41 @@
CVE-2007-0871 (Unrestricted file upload vulnerability in eXtremePow eXtreme File ...)
TODO: check
CVE-2006-7010 (The mosgetparam implementation in Joomla! before 1.0.10, does not set ...)
- TODO: check
+ - joomla <itp> (bug #326398)
CVE-2006-7009 (Joomla! before 1.0.10 allows remote attackers to spoof the frontend ...)
- TODO: check
+ - joomla <itp> (bug #326398)
CVE-2006-7008 (Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact ...)
- TODO: check
+ - joomla <itp> (bug #326398)
CVE-2006-7007 (Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Tiny FTPd
CVE-2006-7006 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Somery
CVE-2006-7005 (SQL injection vulnerability in item.php in PSY Auction allows remote ...)
- TODO: check
+ NOT-FOR-US: PSY Auction
CVE-2006-7004 (Cross-site scripting (XSS) vulnerability in email_request.php in PSY ...)
- TODO: check
+ NOT-FOR-US: PSY Auction
CVE-2006-7003 (PHP remote file inclusion vulnerability in admin/index.php in Fusion ...)
- TODO: check
+ NOT-FOR-US: Fusion Polls
CVE-2006-7002 (Cross-site scripting (XSS) vulnerability in add_comment.php in ...)
- TODO: check
+ NOT-FOR-US: Wheatblog
CVE-2006-7001 (Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 ...)
- TODO: check
+ NOT-FOR-US: PhpMyChat Plus
CVE-2006-7000 (Headstart Solutions DeskPRO allows remote attackers to obtain the full ...)
- TODO: check
+ NOT-FOR-US: DeskPRO
CVE-2006-6999 (attachment.php in Headstart Solutions DeskPRO allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: DeskPRO
CVE-2006-6998 (install/loader_help.php in Headstart Solutions DeskPRO allows remote ...)
- TODO: check
+ NOT-FOR-US: DeskPRO
CVE-2006-6997 (Unspecified vulnerability in a cryptographic feature in MailEnable ...)
- TODO: check
+ NOT-FOR-US: MailEnable
CVE-2006-6996 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS ...)
- TODO: check
+ NOT-FOR-US: warforge.NEWS
CVE-2006-6995 (mycontacts.php in V3 Chat allows remote authenticated users to gain ...)
- TODO: check
+ NOT-FOR-US: V3 Chat
CVE-2006-6994 (Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, ...)
- TODO: check
+ NOT-FOR-US: OzzyWork Gallery
CVE-2006-6993 (Multiple SQL injection vulnerabilities in pages/addcomment2.php in ...)
- TODO: check
+ NOT-FOR-US: Neuron Blog
CVE-2005-4828 (Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large ...)
- kolabd <not-affected> (Only vulnerable in 2.0-2.1; not packaged Debian)
CVE-2007-XXXX [dokuwiki conf directory accessible by web users]
@@ -117,25 +117,25 @@
CVE-2007-0859
RESERVED
CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote ...)
- TODO: check
+ NOT-FOR-US: GoSuRF Browser
CVE-2006-6991 (Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: Fast Browser Pro
CVE-2006-6990 (Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote ...)
- TODO: check
+ NOT-FOR-US: Enigma Browser
CVE-2006-6989 (Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows ...)
- TODO: check
+ NOT-FOR-US: NetCaptor
CVE-2006-6988 (Cross-domain vulnerability in Slim Browser 4.07 build 100 allows ...)
- TODO: check
+ NOT-FOR-US: Slim Browser
CVE-2006-6987 (Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote ...)
- TODO: check
+ NOT-FOR-US: FineBrowser Freeware
CVE-2006-6986 (Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: PhaseOut
CVE-2006-6985 (Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote ...)
- TODO: check
+ NOT-FOR-US: Maxthon
CVE-2006-6984 (Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote ...)
- TODO: check
+ NOT-FOR-US: GreenBrowser
CVE-2006-6983 (Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: MYweb4net Browser
CVE-2007-XXXX [Firefox-sage XSS]
- firefox-sage <unfixed>
NOTE: http://secunia.com/advisories/24086/
@@ -263,7 +263,7 @@
CVE-2007-0804 (Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 ...)
TODO: check
CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote ...)
- TODO: check
+ - stlport5 <unfixed> (bug #410864; low)
CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...)
TODO: check
CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox ...)
@@ -271,15 +271,15 @@
CVE-2007-0800 (Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked ...)
TODO: check
CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 ...)
- TODO: check
+ NOT-FOR-US: Ublog Reload
CVE-2007-0798 (Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload ...)
- TODO: check
+ NOT-FOR-US: Ublog Reload
CVE-2007-0797 (PHP remote file inclusion vulnerability in theme/settings.php in ...)
- TODO: check
+ NOT-FOR-US: SMA-DB
CVE-2007-0796 (Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, ...)
- TODO: check
+ NOT-FOR-US: WinProxy
CVE-2007-0795 (Multiple PHP remote file inclusion vulnerabilities in Wap Portal ...)
- TODO: check
+ NOT-FOR-US: Wap Portal Server
CVE-2007-0794 (** DISPUTED ** ...)
NOT-FOR-US: GlobalMegaCorp dvddb
CVE-2007-0793 (PHP remote file inclusion vulnerability in inc/common.php in ...)
@@ -339,6 +339,7 @@
NOT-FOR-US: 3proxy
CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to cause a ...)
TODO: check
+ NOTE: This seems to only be a crash. Needs further investigation.
CVE-2006-6979 (The ruby handlers in Amarok do not properly quote text in certain ...)
- amarok <unfixed> (bug #410850; medium)
CVE-2006-6978 (Cross-site scripting (XSS) vulnerability in the "Basic Toolbar ...)
@@ -1102,7 +1103,7 @@
CVE-2007-0447
RESERVED
CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for Hewlett-Packard ...)
- TODO: check
+ NOT-FOR-US: HP Mercury
CVE-2007-0445
RESERVED
CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) ...)
More information about the Secure-testing-commits
mailing list