[Secure-testing-commits] r5358 - data/CVE
Alex de Oliveira Silva
enerv-guest at alioth.debian.org
Sat Jan 27 21:11:56 CET 2007
Author: enerv-guest
Date: 2007-01-27 21:11:54 +0100 (Sat, 27 Jan 2007)
New Revision: 5358
Modified:
data/CVE/list
Log:
some NFUs
wordpress issue
drupal CVEfied
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-27 20:00:39 UTC (rev 5357)
+++ data/CVE/list 2007-01-27 20:11:54 UTC (rev 5358)
@@ -94,7 +94,7 @@
CVE-2007-0436
RESERVED
CVE-2005-4824 (PHP remote file inclusion vulnerability in web/classes.php in ...)
- TODO: check
+ NOT-FOR-US: siteframe
CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote attackers ...)
NOT-FOR-US: T-Com Speedport
CVE-2007-0434 (BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 ...)
@@ -172,13 +172,13 @@
CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in MisterSP ...)
NOT-FOR-US: MisterSPa-forum
CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog ...)
- TODO: check
+ NOT-FOR-US: Odysseus Blog
CVE-2006-6950 (Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 ...)
- TODO: check
+ NOT-FOR-US: Conti FtpServer
CVE-2006-6949 (Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in ...)
- TODO: check
+ NOT-FOR-US: Conti FtpServer
CVE-2006-6948 (MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 ...)
- TODO: check
+ NOT-FOR-US: JVN
CVE-2006-6947 (The FTP server in the NEC MultiWriter 1700C allows remote attackers to ...)
NOT-FOR-US: NEC
CVE-2006-6946 (The web server in the NEC MultiWriter 1700C allows remote attackers to ...)
@@ -261,7 +261,7 @@
CVE-2007-0364 (Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com ...)
NOT-FOR-US: nicecoder.com INDEXU
CVE-2006-6945 (SQL injection vulnerability in Virtuemart 1.0.7 allows remote ...)
- TODO: check
+ NOT-FOR-US: VirtueMart
CVE-2007-XXXX [libjabber DoS]
- centericq 4.21.0-18 (bug #406982)
CVE-2007-XXXX [python-django flup/FastCGI/debugging issue]
@@ -554,7 +554,7 @@
CVE-2007-0234
REJECTED
CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly ...)
- TODO: check
+ - wordpress 2.1.0-1 (medium)
CVE-2007-0232 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Jshop Server
CVE-2007-0231 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, ...)
@@ -874,7 +874,7 @@
CVE-2007-0125 (Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux ...)
NOT-FOR-US: Kaspersky Labs
CVE-2007-0124 (Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before ...)
- TODO: check
+ - drupal 4.7.5-1 (low)
CVE-2007-0123 (Unrestricted file upload vulnerability in Uber Uploader 4.2 allows ...)
NOT-FOR-US: Uber Uploader
CVE-2007-0122 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery ...)
@@ -902,9 +902,9 @@
CVE-2007-0111 (Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as ...)
NOT-FOR-US: PocketPC
CVE-2007-0110 (Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell ...)
- TODO: check
+ NOT-FOR-US: Novell Access Manager
CVE-2007-0109 (wp-login.php in WordPress 2.0.5 and earlier displays different error ...)
- TODO: check
+ - wordpress <not-affected>
CVE-2007-0108 (nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not ...)
NOT-FOR-US: Novell Client
CVE-2007-0105 (Stack-based buffer overflow in the CSAdmin service in Cisco Secure ...)
@@ -924,17 +924,17 @@
CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat ...)
NOT-FOR-US: Acrobat Reader
CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2007-0101 (Cross-site request forgery (CSRF) vulnerability in SPINE allows remote ...)
- TODO: check
+ NOT-FOR-US: SPINE
CVE-2007-0100 (The Perforce client does not restrict the set of files that it ...)
- TODO: check
+ NOT-FOR-US: Perforce
CVE-2007-0099 (Race condition in the msxml3 module in Microsoft Internet Explorer 6 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0098 (Directory traversal vulnerability in language.php in VerliAdmin 0.3 ...)
- TODO: check
+ NOT-FOR-US: VerliAdmin
CVE-2007-0097 (Multiple stack-based buffer overflows in the (1) LoadTree and (2) ...)
- TODO: check
+ NOT-FOR-US: ConeXware PowerArchive
CVE-2007-0096 (CarbonCommunities stores sensitive information under the web root with ...)
TODO: check
CVE-2007-0095 (phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive ...)
@@ -1061,7 +1061,7 @@
CVE-2006-6895 (The Bluetooth stack in the Sony Ericsson T60 does not properly ...)
TODO: check
CVE-2006-6894 (Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown ...)
- TODO: check
+ NOT-FOR-US: SPINE
CVE-2006-6893 (Tor allows remote attackers to discover the IP address of a hidden ...)
TODO: check
CVE-2006-6892 (Cross-site scripting (XSS) vulnerability in the GetLocation function ...)
@@ -1145,9 +1145,6 @@
CVE-2007-XXXX [drupal XSS]
- drupal 4.7.5-1 (low)
NOTE: DRUPAL-SA-2007-001
-CVE-2007-XXXX [drupal DoS]
- - drupal 4.7.5-1 (low)
- NOTE: DRUPAL-SA-2007-002
CVE-2007-0106 (Cross-site scripting (XSS) vulnerability in the CSRF protection scheme ...)
- wordpress 2.0.6-1 (bug #405691; medium)
NOTE: http://www.hardened-php.net/advisory_022007.141.html
More information about the Secure-testing-commits
mailing list