[Secure-testing-commits] r5344 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Wed Jan 24 19:02:42 CET 2007
Author: stef-guest
Date: 2007-01-24 19:02:39 +0100 (Wed, 24 Jan 2007)
New Revision: 5344
Modified:
data/CVE/list
Log:
- CVE-2007-0469: new RubyGems issue (low)
- CVE-2007-0461: new dazuko issue
- CVE-2007-0243: sun java issue already fixed
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-24 17:19:38 UTC (rev 5343)
+++ data/CVE/list 2007-01-24 18:02:39 UTC (rev 5344)
@@ -7,7 +7,7 @@
CVE-2007-0470 (Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and ...)
NOT-FOR-US: Sun Solaris
CVE-2007-0469 (The extract_files function in installer.rb in RubyGems before 0.9.1 ...)
- TODO: check
+ - libgems-ruby <unfixed> (low; bug #408299)
CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ ...)
NOT-FOR-US: Visual C++
CVE-2007-0467
@@ -23,7 +23,7 @@
CVE-2007-0462
RESERVED
CVE-2007-0461 (Multiple memory leaks in the Dazuko anti-virus helper module before ...)
- TODO: check
+ - dazuko-source <unfixed> (bug #408300)
CVE-2007-0460 (Buffer overflow in ulogd for SUSE Linux 9.3 up to 10.1, and possibly ...)
TODO: check if ulogd is vulnerable in Debian.
CVE-2007-0459
@@ -149,9 +149,9 @@
CVE-2007-0400 (Cross-site scripting (XSS) vulnerability in admin/memberlist.php in ...)
NOT-FOR-US: Easebay Resources
CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
- TODO: check
+ NOT-FOR-US: Simple Machines Forum
CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in MisterSP ...)
- TODO: check
+ NOT-FOR-US: MisterSPa-forum
CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog ...)
TODO: check
CVE-2006-6950 (Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 ...)
@@ -173,7 +173,7 @@
CVE-2007-0396 (Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in ...)
NOT-FOR-US: HP-UX
CVE-2007-0395 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: ComVironment
CVE-2007-0394 (HP HP-UX B11.11 does not properly verify the status of file ...)
NOT-FOR-US: HP-UX
CVE-2007-0393 (Sun Solaris 9 does not properly verify the status of file descriptors ...)
@@ -181,37 +181,37 @@
CVE-2007-0392 (IBM AIX 5.3 does not properly verify the status of file descriptors ...)
NOT-FOR-US: IBM AIX
CVE-2007-0391 (Format string vulnerability in the log creation functionality of ...)
- TODO: check
+ NOT-FOR-US: BitDefender
CVE-2007-0390 (Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 ...)
- TODO: check
+ NOT-FOR-US: sabros.us
CVE-2007-0389 (Directory traversal vulnerability in ArsDigita Community System (ACS) ...)
- TODO: check
+ NOT-FOR-US: ArsDigita Community System
CVE-2007-0388 (SQL injection vulnerability in search.php in Woltlab Burning Board ...)
- TODO: check
+ NOT-FOR-US: Woltlab Burning Board
CVE-2007-0387 (SQL injection vulnerability in models/category.php in the Weblinks ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2007-0386 (Unspecified vulnerability in the rating section in PostNuke 0.764 has ...)
NOT-FOR-US: PostNuke
CVE-2007-0385 (The faq section in PostNuke 0.764 allows remote attackers to obtain ...)
NOT-FOR-US: PostNuke
CVE-2007-0384 (Cross-site scripting (XSS) vulnerability in preview in the reviews ...)
- TODO: check
+ NOT-FOR-US: PostNuke
CVE-2007-0383 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: WDaemon
CVE-2007-0382 (Multiple SQL injection vulnerabilities in letterman.class.php in the ...)
- TODO: check
+ NOT-FOR-US: Letterman 1.2.3 (com_letterman) component for Joomla!
CVE-2007-0381 (Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote ...)
NOT-FOR-US: ATutor
CVE-2007-0380 (DocMan 1.3 RC2 allows remote attackers to obtain sensitive information ...)
- TODO: check
+ NOT-FOR-US: DocMan
CVE-2007-0379 (Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows ...)
- TODO: check
+ NOT-FOR-US: DocMan
CVE-2007-0378 (Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow ...)
- TODO: check
+ NOT-FOR-US: DocMan
CVE-2007-0377 (Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote ...)
NOT-FOR-US: Xoops
CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows ...)
- TODO: check
+ NOT-FOR-US: Virtuemart
CVE-2007-0375 (Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive ...)
- joomla <not-affected>
CVE-2007-0374 (SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and ...)
@@ -236,9 +236,9 @@
CVE-2007-0366 (Untrusted search path vulnerability in Rumpus 5.1 and earlier allows ...)
NOT-FOR-US: Maxum Rumpus
CVE-2007-0365 (Multiple cross-site scripting (XSS) vulnerabilities in All In One ...)
- TODO: check
+ NOT-FOR-US: All In One Control Panel
CVE-2007-0364 (Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com ...)
- TODO: check
+ NOT-FOR-US: nicecoder.com INDEXU
CVE-2006-6945 (SQL injection vulnerability in Virtuemart 1.0.7 allows remote ...)
TODO: check
CVE-2007-XXXX [libjabber DoS]
@@ -318,13 +318,13 @@
CVE-2007-0333 (Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access ...)
NOT-FOR-US: Outpost Firewall Pro
CVE-2007-0332 ((1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques ...)
- TODO: check
+ NOT-FOR-US: liens_dynamiques
CVE-2007-0331 (Cross-site scripting (XSS) vulnerability in liens.php3 in ...)
- TODO: check
+ NOT-FOR-US: liens_dynamiques
CVE-2007-0330 (Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch ...)
NOT-FOR-US: Ipswitch WS_FTP
CVE-2007-0329 (download.php in Joonas Viljanen JV2 Folder Gallery allows remote ...)
- TODO: check
+ NOT-FOR-US: Joonas Viljanen JV2 Folder Gallery
CVE-2007-0328
RESERVED
CVE-2007-0327
@@ -364,11 +364,11 @@
CVE-2007-0310 (BMC Remedy Action Request System 5.01.02 Patch 1267 generates ...)
NOT-FOR-US: BMC Software
CVE-2007-0309 (SQL injection vulnerability in blocks/block-Old_Articles.php in ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2007-0308 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before ...)
NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0307 (PHP remote file inclusion vulnerability in include/common.php in ...)
- TODO: check
+ NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0306 (SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate ...)
NOT-FOR-US: Digiappz
CVE-2007-0305 (SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon ...)
@@ -386,7 +386,7 @@
CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in ...)
NOT-FOR-US: Apple Mac OS
CVE-2007-0298 (PHP remote file inclusion vulnerability in show.php in LunarPoll, when ...)
- TODO: check
+ NOT-FOR-US: LunarPoll
CVE-2006-6944 (phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny ...)
- phpmyadmin 4:2.9.1.1-2 (medium)
CVE-2006-6943 (PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full ...)
@@ -516,7 +516,7 @@
CVE-2007-0244
RESERVED
CVE-2007-0243 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 ...)
- TODO: check
+ - sun-java5 1.5.0-10-1
CVE-2007-0242
RESERVED
CVE-2007-0241
@@ -539,13 +539,13 @@
CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly ...)
TODO: check
CVE-2007-0232 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Jshop Server
CVE-2007-0231 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, ...)
NOT-FOR-US: Movable Type
CVE-2007-0230 (** DISPUTED ** PHP remote file inclusion vulnerability in install.php ...)
- TODO: check
+ NOT-FOR-US: CS-Cart
CVE-2007-0229 (Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and ...)
- TODO: check
+ TODO: check kfreebsd
CVE-2007-0228 (The DataCollector service in EIQ Networks Network Security Analyzer ...)
NOT-FOR-US: EIQ Networks Network Security Analyzer
CVE-2007-0227 (slocate 3.1 does not properly manage database entries that specify ...)
@@ -557,7 +557,7 @@
CVE-2007-0224 (SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP ...)
NOT-FOR-US: Shopping Cart
CVE-2007-0223 (SQL injection vulnerability in shared/code/cp_functions_downloads.php ...)
- TODO: check
+ NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server side ...)
NOT-FOR-US: Oracle Application Server
CVE-2007-0221
@@ -861,21 +861,21 @@
CVE-2007-0120 (Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and ...)
NOT-FOR-US: Acunetix Web Vulnerability Scanner
CVE-2007-0119 (Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 ...)
- TODO: check
+ NOT-FOR-US: EditTag
CVE-2007-0118 (Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow ...)
- TODO: check
+ NOT-FOR-US: EditTag
CVE-2007-0117 (DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Mac OS
CVE-2007-0116 (Digger Solutions Intranet Open Source (IOS) stores sensitive ...)
- TODO: check
+ NOT-FOR-US: Digger Solutions Intranet Open Source (IOS)
CVE-2007-0115 (Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 ...)
- TODO: check
+ NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0114 (Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote ...)
NOT-FOR-US: Sun Java System Content Delivery Server
CVE-2007-0113 (Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote ...)
NOT-FOR-US: PacketWise
CVE-2007-0112 (SQL injection vulnerability in cats.asp in createauction allows remote ...)
- TODO: check
+ NOT-FOR-US: createauction
CVE-2007-0111 (Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as ...)
NOT-FOR-US: PocketPC
CVE-2007-0110 (Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell ...)
More information about the Secure-testing-commits
mailing list