[Secure-testing-commits] r5210 - data/CVE

Sat Jan 6 16:43:41 CET 2007

Author: stef-guest
Date: 2007-01-06 16:43:38 +0100 (Sat, 06 Jan 2007)
New Revision: 5210

Modified:
   data/CVE/list
Log:
- CVE-2007-0017: new vlc issue
- CVE-2006-6858: new miredo issue
- CVE-2006-6811: new ksirc issue
- tdiary CVEified
- some NFUs


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2007-01-05 20:03:10 UTC (rev 5209)
+++ data/CVE/list	2007-01-06 15:43:38 UTC (rev 5210)
@@ -1,11 +1,11 @@
 CVE-2007-0050 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: OpenPinboard
 CVE-2007-0049 (Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: TaskTracker
 CVE-2007-0048 (Adobe Acrobat Reader Plugin before 8.0.0, when used with Internet ...)
-	TODO: check
+	NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer
 CVE-2007-0047 (CRLF injection vulnerability in Adobe Acrobat Reader Plugin before ...)
-	TODO: check
+	NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer
 CVE-2007-0046 (Double free vulnerability in the Adobe Acrobat Reader Plugin before ...)
 	TODO: check
 CVE-2007-0045 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat ...)
@@ -65,43 +65,43 @@
 CVE-2007-0018
 	RESERVED
 CVE-2007-0017 (Format string vulnerability in VideoLAN VLC 0.8.6 allows user-assisted ...)
-	TODO: check
+	- vlc <unfixed> (bug #405425; medium)
 CVE-2007-0016 (Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: MoviePlay
 CVE-2006-6858 (Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo ...)
-	TODO: check
+	- miredo <unfixed> (bug #405412; bug #405111)
 CVE-2006-6857 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Docebo LMS
 CVE-2006-6856 (Direct static code injection vulnerability in WebText CMS 0.4.5.2 and ...)
-	TODO: check
+	NOT-FOR-US: WebText CMS
 CVE-2006-6855 (AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: AIDeX Mini-WebServer
 CVE-2006-6854 (The qcamvc_video_init function in qcamvc.c in De Marchi Daniele ...)
 	TODO: check
 CVE-2006-6853 (Buffer overflow in Durian Web Application Server 3.02 freeware on ...)
-	TODO: check
+	NOT-FOR-US: Durian Web Application Server
 CVE-2006-6852 (Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 ...)
-	TODO: check
+	- tdiary 2.1.4-6 (bug #403345; medium)
 CVE-2006-6851 (Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php ...)
-	TODO: check
+	NOT-FOR-US: ac4p Mobilelib gold 
 CVE-2006-6850 (PHP remote file inclusion vulnerability in include.php in the Roster ...)
-	TODO: check
+	NOT-FOR-US: Shadowed Portal / Roster Module
 CVE-2006-6849 (administration/index.php in Cahier de texte (CDT) 2.2 does not ...)
-	TODO: check
+	NOT-FOR-US: Cahier de texte (CDT)
 CVE-2006-6848 (SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows ...)
-	TODO: check
+	NOT-FOR-US: ASPTicker
 CVE-2006-6847 (An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 ...)
 	TODO: check
 CVE-2006-6846 (Multiple SQL injection vulnerabilities in WYWO - InOut Board 1.0 allow ...)
-	TODO: check
+	NOT-FOR-US: WYWO - InOut Board 
 CVE-2006-6845 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple
 CVE-2006-6844 (Cross-site scripting (XSS) vulnerability in the optional user comment ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple
 CVE-2006-6843 (PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 ...)
-	TODO: check
+	NOT-FOR-US: EasyPartner component for Joomla!
 CVE-2006-6842 (SQL injection vulnerability in admin/admin_acronyms.php in the Acronym ...)
-	TODO: check
+	NOT-FOR-US: Acronym Mod for phpBB2
 CVE-2006-6841 (Certain forms in phpBB before 2.0.22 lack session checks, which has ...)
 	TODO: check
 CVE-2006-6840 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...)
@@ -109,9 +109,9 @@
 CVE-2006-6839 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...)
 	TODO: check
 CVE-2006-6838 (Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Rediff Bol Downloader ActiveX (OCX) control
 CVE-2006-6837 (Multiple stack-based buffer overflows in the (1) LoadTree, (2) ...)
-	TODO: check
+	NOT-FOR-US: Total Commander
 CVE-2007-XXXX [webcam-server unspecified vulnerability]
 	- webcam-server 0.50-2
 CVE-2007-XXXX [libsoup parse_headers_DoS]
@@ -177,11 +177,11 @@
 CVE-2006-6812 (Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar ...)
 	NOT-FOR-US: myPHPCalendar
 CVE-2006-6811 (Buffer overflow in KsIRC 1.3.12 allows remote attackers to execute ...)
-	TODO: check
+	- kdenetwork <unfixed> (bug filed)
 CVE-2006-6810 (Unspecified vulnerability in the clear_user_list function in ...)
-	TODO: check
+	NOT-FOR-US: DB Hub
 CVE-2006-6809 (Multiple PHP remote file inclusion vulnerabilities in process.php in ...)
-	TODO: check
+	NOT-FOR-US: buratinable templator (aka bubla) 
 CVE-2006-6808 (Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in ...)
 	TODO: check
 CVE-2006-6807 (SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda ...)
@@ -750,8 +750,6 @@
 	- moodle 1.6.3-2
 CVE-2006-XXXX [znc file access security hole]
 	- znc 0.045-3 (bug #403141; medium)
-CVE-2006-XXXX [tdiary arbitrary code execution]
-	- tdiary 2.1.4-6 (bug #403345; medium)
 CVE-2006-6573 (Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced ...)
 	NOT-FOR-US: Citrix
 CVE-2006-6572 (Unspecified vulnerability in Citrix Advanced Access Control (AAC) ...)


