[Secure-testing-commits] r5456 - data/CVE
Kees Cook
keescook-guest at alioth.debian.org
Wed Feb 14 00:43:11 UTC 2007
Author: keescook-guest
Date: 2007-02-14 01:43:08 +0100 (Wed, 14 Feb 2007)
New Revision: 5456
Modified:
data/CVE/list
Log:
NFUs, various not-affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-13 23:52:07 UTC (rev 5455)
+++ data/CVE/list 2007-02-14 00:43:08 UTC (rev 5456)
@@ -3,55 +3,56 @@
NOTE: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5318
NOTE: CVE assignment being pursued by ASF procedure
CVE-2007-0895 (Race condition in recursive directory deletion with the (1) -r or (2) ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2007-0894 (MediaWiki before 1.9.2 allows remote attackers to obtain sensitive ...)
- TODO: check
+ - mediawiki <unfixed> (unimportant)
+ NOTE: Only path disclosure
CVE-2007-0893 (Directory traversal vulnerability in phpMyVisites before 2.2 allows ...)
- TODO: check
+ NOT-FOR-US: phpMyVisites
CVE-2007-0892 (CRLF injection vulnerability in phpMyVisites before 2.2 allows remote ...)
- TODO: check
+ NOT-FOR-US: phpMyVisites
CVE-2007-0891 (Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath ...)
- TODO: check
+ NOT-FOR-US: phpMyVisites
CVE-2007-0890 (Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2007-0889 (Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible ...)
- TODO: check
+ NOT-FOR-US: Kiwi CatTools
CVE-2007-0888 (Directory traversal vulnerability in the TFTP server in Kiwi CatTools ...)
- TODO: check
+ NOT-FOR-US: Kiwi CatTools
CVE-2007-0887 (axigen 1.2.6 through 2.0.0b1 does not properly parse login ...)
- TODO: check
+ NOT-FOR-US: Axigen
CVE-2007-0886 (Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows ...)
- TODO: check
+ NOT-FOR-US: Axigen
CVE-2007-0885 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Rainbow.Zen
CVE-2007-0884 (Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows ...)
- TODO: check
+ - mimedefang <not-affected> (Only versions 2.59 and 2.60 vulnerable)
CVE-2007-0883 (Directory traversal vulnerability in ...)
- TODO: check
+ NOT-FOR-US: IP3 NetAccess
CVE-2007-0882 (The telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2007-0881 (PHP remote file inclusion vulnerability in the Seitenschutz plugin for ...)
- TODO: check
+ NOT-FOR-US: OPENi-CMS
CVE-2007-0880 (Capital Request Forms stores sensitive information under the web root ...)
- TODO: check
+ NOT-FOR-US: Capital Request Forms
CVE-2007-0879 (Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows ...)
- TODO: check
+ NOT-FOR-US: PEBrowse
CVE-2007-0878 (Unspecified vulnerability in Microsoft Internet Explorer on Windows ...)
TODO: check
CVE-2007-0877 (Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital ...)
- TODO: check
+ NOT-FOR-US: March Networks DVR
CVE-2007-0876 (Cross-site scripting (XSS) vulnerability in Quick Digital Image ...)
- TODO: check
+ NOT-FOR-US: Quick Digital Image Gallery
CVE-2007-0875 (SQL injection vulnerability in install.php in mcRefer allows remote ...)
- TODO: check
+ NOT-FOR-US: mcRefer
CVE-2007-0874 (Allons_voter 1.0 allows remote attackers to bypass authentication and ...)
- TODO: check
+ NOT-FOR-US: Allons_voter
CVE-2007-0873 (nabopoll 1.1.2 allows remote attackers to bypass authentication and ...)
- TODO: check
+ NOT-FOR-US: nabopoll
CVE-2007-0872 (Directory traversal vulnerability in the Plain Old Webserver (POW) ...)
- TODO: check
+ NOT-FOR-US: Plain Old Webserver
CVE-2007-0871 (Unrestricted file upload vulnerability in eXtremePow eXtreme File ...)
- TODO: check
+ NOT-FOR-US: eXtreme File Hosting
CVE-2006-7010 (The mosgetparam implementation in Joomla! before 1.0.10, does not set ...)
- joomla <itp> (bug #326398)
CVE-2006-7009 (Joomla! before 1.0.10 allows remote attackers to spoof the frontend ...)
@@ -95,25 +96,25 @@
CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote ...)
TODO: check
CVE-2007-0869 (Cross-site scripting (XSS) vulnerability in the Attachment Manager ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2007-0868 (Unspecified vulnerability in the Chat Room functionality in Yahoo! ...)
- TODO: check
+ NOT-FOR-US: Yahoo! Messenger
CVE-2007-0867 (PHP remote file inclusion vulnerability in classes/menu.php in ...)
- TODO: check
+ NOT-FOR-US: Site-Assistant
CVE-2007-0866 (Unspecified vulnerability in HP OpenView Storage Data Protector on ...)
- TODO: check
+ NOT-FOR-US: HP OpenView
CVE-2007-0865 (SQL injection vulnerability in comments.php in LushiNews 1.01 and ...)
- TODO: check
+ NOT-FOR-US: LushiWarPlaner
CVE-2007-0864 (SQL injection vulnerability in register.php in LushiWarPlaner 1.0 ...)
- TODO: check
+ NOT-FOR-US: LushiWarPlaner
CVE-2007-0863 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Trevorchan
CVE-2007-0862 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: gnopaste
CVE-2007-0861 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: phpCOIN
CVE-2007-0860 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: local Calendar System
CVE-2007-0859
RESERVED
CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote ...)
@@ -165,71 +166,71 @@
CVE-2007-0854 (Remote file inclusion vulnerability in objcache in cPanel WebHost ...)
NOT-FOR-US: cPanel WebHost Manager
CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: DevTrack
CVE-2007-0852 (Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote ...)
- TODO: check
+ NOT-FOR-US: DevTrack
CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300, before ...)
NOT-FOR-US: Trend Micro Scan Engine
CVE-2007-0850 (scripts/cronscript.php in SysCP 1.2.15 and earlier includes and ...)
- TODO: check
+ NOT-FOR-US: SysCP
CVE-2007-0849 (scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly ...)
- TODO: check
+ NOT-FOR-US: SysCP
CVE-2007-0848 (PHP remote file inclusion vulnerability in classes/class_mail.inc.php ...)
- TODO: check
+ NOT-FOR-US: Maian Recipe
CVE-2007-0847 (SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server ...)
- TODO: check
+ NOT-FOR-US: Open Tibia Server CMS
CVE-2007-0846 (Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia ...)
- TODO: check
+ NOT-FOR-US: Open Tibia Server CMS
CVE-2007-0845 (admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote ...)
- TODO: check
+ NOT-FOR-US: Advanced Poll
CVE-2007-0843
RESERVED
CVE-2007-0842
RESERVED
CVE-2007-0841 (Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have ...)
- TODO: check
+ NOT-FOR-US: vbDrupal
CVE-2007-0840 (Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows ...)
- TODO: check
+ NOT-FOR-US: HLstats
CVE-2007-0839 (Multiple PHP remote file inclusion vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: WebMatic
CVE-2007-0838 (FreeProxy before 3.92 Build 1626 allows malicious users to cause a ...)
- TODO: check
+ NOT-FOR-US: FreeProxy
CVE-2007-0837 (PHP remote file inclusion vulnerability in examples/inc/top.inc.php in ...)
- TODO: check
+ NOT-FOR-US: AgerMenu
CVE-2007-0836 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, ...)
NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0835 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, ...)
NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0834 (Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows ...)
- TODO: check
+ NOT-FOR-US: FlashChat
CVE-2007-0833 (VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2007-0832 (VMware Workstation 5.5.3 34685 does not immediately change the ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2007-0831 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Atsphp
CVE-2007-0830 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2007-0829 (avast! Server Edition before 4.7.726 does not demand a password in a ...)
- TODO: check
+ NOT-FOR-US: avast!
CVE-2007-0828 (PHP remote file inclusion vulnerability in affichearticles.php3 in ...)
- TODO: check
+ NOT-FOR-US: MySQLNewsEngine
CVE-2007-0827 (The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote ...)
NOT-FOR-US: Alibaba Alipay PTA Module ActiveX control
CVE-2007-0826 (SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows ...)
- TODO: check
+ NOT-FOR-US: Kisisel Site
CVE-2007-0825 (FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: FlashFXP
CVE-2007-0824 (PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS ...)
- TODO: check
+ NOT-FOR-US: LightRO CMS
CVE-2007-0823 (xterm on Slackware Linux 10.2 stores information that had been ...)
- TODO: check
+ - xterm <not-affected> (Not a security problem)
CVE-2007-0822 (umount, when running with the Linux 2.6.15 kernel on Slackware Linux ...)
- TODO: check
+ - mount <not-affected> (Not a security problem)
CVE-2007-0821 (Multiple directory traversal vulnerabilities in Cedric CLAIRE ...)
- TODO: check
+ NOT-FOR-US: PortailPhp
CVE-2007-0820 (Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE ...)
- TODO: check
+ NOT-FOR-US: PortailPhp
CVE-2007-0819 (HP Network Node Manager (NNM) Remote Console 7.50 assigns Everyone ...)
NOT-FOR-US: HP Network Node Manager
CVE-2007-0818
@@ -239,29 +240,29 @@
CVE-2007-0816 (CA RPC Server service (catirpc.exe) for BrightStor ARCserve Backup ...)
NOT-FOR-US: (CA) BrightStor
CVE-2007-0815 (Cross-site scripting (XSS) vulnerability in images_archive.asp in ...)
- TODO: check
+ NOT-FOR-US: Uphotogallery
CVE-2007-0814 (Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP ...)
- TODO: check
+ NOT-FOR-US: ASP Chat
CVE-2007-0813 (Cross-site scripting (XSS) vulnerability in Home production ...)
- TODO: check
+ NOT-FOR-US: MySearchEngine
CVE-2007-0812 (SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) ...)
- TODO: check
+ NOT-FOR-US: Woltlab Burning Board
CVE-2007-0811 (Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on ...)
TODO: check
CVE-2007-0810 (PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in ...)
- TODO: check
+ NOT-FOR-US: GeekLog
CVE-2007-0809 (PHP remote file inclusion vulnerability in includes/class_template.php ...)
- TODO: check
+ NOT-FOR-US: Categories Hierarchy
CVE-2007-0808 (PHP remote file inclusion vulnerability in Mina Ajans Script allows ...)
- TODO: check
+ NOT-FOR-US: Mina Ajans Script
CVE-2007-0807 (Cross-site scripting (XSS) vulnerability in info.php in flashChat ...)
- TODO: check
+ NOT-FOR-US: flashChat
CVE-2007-0806 (Les News 2.2 allows remote attackers to bypass authentication and gain ...)
- TODO: check
+ NOT-FOR-US: Les News
CVE-2007-0805 (The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local ...)
NOT-FOR-US: HP Tru64 UNIX
CVE-2007-0804 (Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 ...)
- TODO: check
+ NOT-FOR-US: GGCMS
CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote ...)
- stlport5 <unfixed> (bug #410864; low)
CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...)
More information about the Secure-testing-commits
mailing list