[Secure-testing-commits] r5481 - data/CVE
Kees Cook
keescook-guest at alioth.debian.org
Thu Feb 22 00:38:57 UTC 2007
Author: keescook-guest
Date: 2007-02-22 01:38:54 +0100 (Thu, 22 Feb 2007)
New Revision: 5481
Modified:
data/CVE/list
Log:
NFUs, ekiga(high), gnucash(medium), slocate bug
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-21 23:18:11 UTC (rev 5480)
+++ data/CVE/list 2007-02-22 00:38:54 UTC (rev 5481)
@@ -9,9 +9,9 @@
CVE-2007-1049 [wordpress security issue related to code used to prevent XSS]
- wordpress 2.1.1-1 (low)
CVE-2007-1070 (Multiple stack-based buffer overflows in Trend Micro ServerProtect for ...)
- TODO: check
+ NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1036 (The default configuration of JBoss does not restrict access to the (1) ...)
- TODO: check
+ NOT-FOR-US: JBoss
CVE-2007-1035 (Unspecified vulnerability in certain demonstration scripts in getID3 ...)
TODO: check
CVE-2007-1034 (SQL injection vulnerability in modules.php in the Emporium 2.3.0 and ...)
@@ -19,63 +19,63 @@
CVE-2007-1033 (Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and ...)
TODO: check
CVE-2007-1032 (Unspecified vulnerability in phpMyFAQ before 1.6.9, when ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2007-1031 (Directory traversal vulnerability in include/db_conn.php in SpoonLabs ...)
- TODO: check
+ NOT-FOR-US: Vivvo Article Management CMS
CVE-2007-1030 (Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a ...)
TODO: check
CVE-2007-1029 (Stack-based buffer overflow in the Connect method in the IMAP4 ...)
- TODO: check
+ NOT-FOR-US: Quiksoft EasyMail Objects
CVE-2007-1028 (Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image ...)
- TODO: check
+ NOT-FOR-US: Image Pager
CVE-2007-1027 (Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux ...)
- TODO: check
+ NOT-FOR-US: IBM DB2
CVE-2007-1026 (SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier ...)
- TODO: check
+ NOT-FOR-US: XLAtunes
CVE-2007-1025 (PHP remote file inclusion vulnerability in inc/functions_inc.php in ...)
- TODO: check
+ NOT-FOR-US: VS-Link-Partner
CVE-2007-1024 (PHP remote file inclusion vulnerability in include.php in Meganoide's ...)
- TODO: check
+ NOT-FOR-US: Meganoide's news
CVE-2007-1023 (SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 ...)
- TODO: check
+ NOT-FOR-US: Snitz Forums 2000
CVE-2007-1022 (SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 ...)
- TODO: check
+ NOT-FOR-US: Turuncu Portal
CVE-2007-1021 (SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News ...)
- TODO: check
+ NOT-FOR-US: CodeAvalanche News
CVE-2007-1020 (Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 ...)
- TODO: check
+ NOT-FOR-US: CedStat
CVE-2007-1019 (SQL injection vulnerability in news.php in webSPELL 4.01.02, when ...)
- TODO: check
+ NOT-FOR-US: webSPELL
CVE-2007-1018 (PHP remote file inclusion vulnerability in tpl/header.php in ...)
- TODO: check
+ NOT-FOR-US: VS-News-System
CVE-2007-1017 (PHP remote file inclusion vulnerability in show_news_inc.php in ...)
- TODO: check
+ NOT-FOR-US: VS-News-System
CVE-2007-1016 (SQL injection vulnerability in Aktueldownload Haber script allows ...)
- TODO: check
+ NOT-FOR-US: Aktueldownload Haber
CVE-2007-1015 (SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber ...)
- TODO: check
+ NOT-FOR-US: Aktueldownload Haber
CVE-2007-1014 (Stack-based buffer overflow in VicFTPS before 5.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: VicFTPS
CVE-2007-1013 (PHP remote file inclusion vulnerability in generate.php in ...)
- TODO: check
+ NOT-FOR-US: VirtualSystem Htaccess Password Generator
CVE-2007-1012 (Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 ...)
- TODO: check
+ NOT-FOR-US: DeskPRO
CVE-2007-1011 (PHP remote file inclusion vulnerability in functions_inc.php in ...)
- TODO: check
+ NOT-FOR-US: VS-Gastebuch
CVE-2007-1010 (Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, ...)
- TODO: check
+ NOT-FOR-US: ZebraFeeds
CVE-2007-1009
RESERVED
CVE-2007-1008 (Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes
CVE-2007-1007 (Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows ...)
- TODO: check
+ - gnomemeeting <unfixed> (high)
CVE-2007-1006 (Multiple format string vulnerabilities in the ...)
- TODO: check
+ - ekiga <unfixed> (bug #411944; high)
CVE-2007-1005
RESERVED
CVE-2007-1004 (Mozilla Firefox mmight allow remote attackers to condut spoofing and ...)
- TODO: check
+ - iceweasel <unfixed> (low)
CVE-2007-1003
RESERVED
CVE-2007-1002
@@ -109,17 +109,17 @@
CVE-2007-0988 (The zend_hash_init function in PHP, when running on a 64-bit platform, ...)
TODO: check
CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 ...)
- TODO: check
+ NOT-FOR-US: Jupiter CMS
CVE-2007-0986 (PHP remote file inclusion vulnerability in index.php in Jupiter CMS ...)
- TODO: check
+ NOT-FOR-US: Jupiter CMS
CVE-2007-0985 (SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and ...)
- TODO: check
+ NOT-FOR-US: phpCC
CVE-2007-0984 (SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows ...)
- TODO: check
+ NOT-FOR-US: PollMentor
CVE-2007-0983 (PHP remote file inclusion vulnerability in _admin/nav.php in AT ...)
- TODO: check
+ NOT-FOR-US: AT Contenator
CVE-2007-0982 (Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! ...)
- TODO: check
+ NOT-FOR-US: TaskFreak!
CVE-2007-XXXX [capi_{cmsg,message}2str not thread-safe; vulnerable to buffer overflow]
- isdnutils <unfixed> (bug #408530)
- asterisk-chan-capi <unfixed> (bug #411293)
@@ -1746,7 +1746,7 @@
CVE-2007-0326
RESERVED
CVE-2007-0325 (Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment ...)
- TODO: check
+ NOT-FOR-US: Trend Micro OfficeScan
CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in ...)
NOT-FOR-US: LizardTech DjVu Browser Plug-in
CVE-2007-0323
@@ -1969,13 +1969,10 @@
CVE-2007-0228 (The DataCollector service in EIQ Networks Network Security Analyzer ...)
NOT-FOR-US: EIQ Networks Network Security Analyzer
CVE-2007-0227 (slocate 3.1 does not properly manage database entries that specify ...)
- - slocate <unfixed> (unimportant)
+ - slocate <unfixed> (bug #411937; low)
NOTE: slocate will allow users to find files in directories with the
- NOTE: executable bit set but without the readable bit set - files the
- NOTE: user can access if the user knows the exact path but couldn't
- NOTE: otherwise find. I'm not convinced this is an issue - the executable
- NOTE: bit means "searchable" for directories - but the original argument
- NOTE: is plausible.
+ NOTE: executable bit set but without the readable bit set. This is
+ NOTE: an information leak.
CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier ...)
NOT-FOR-US: uniForum
CVE-2007-0225 (Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in ...)
@@ -3098,7 +3095,7 @@
CVE-2007-0008
RESERVED
CVE-2007-0007 (gnucash 2.0.4 and earlier allows local users to overwrite arbitrary ...)
- TODO: check
+ - gnucash <unfixed> (bug #411942; medium)
CVE-2007-0006 (The key serial number collision avoidance code in the key_alloc_serial ...)
- linux-2.6 <unfixed>
CVE-2007-0005
More information about the Secure-testing-commits
mailing list