[Secure-testing-commits] r5388 - data/CVE
Kees Cook
keescook-guest at alioth.debian.org
Tue Jan 30 22:00:24 CET 2007
Author: keescook-guest
Date: 2007-01-30 22:00:21 +0100 (Tue, 30 Jan 2007)
New Revision: 5388
Modified:
data/CVE/list
Log:
marking NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-30 13:15:15 UTC (rev 5387)
+++ data/CVE/list 2007-01-30 21:00:21 UTC (rev 5388)
@@ -1,35 +1,35 @@
CVE-2007-0557 (rMake before 1.0.4 drops root privileges in a way that retains the ...)
- TODO: check
+ NOT-FOR-US: rPath
CVE-2007-0556
RESERVED
CVE-2007-0555
RESERVED
CVE-2007-0554 (SQL injection vulnerability in print.asp in Guo Xu Guos Posting System ...)
- TODO: check
+ NOT-FOR-US: Guos Posting System
CVE-2007-0553 (Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php ...)
- TODO: check
+ NOT-FOR-US: PHProxy
CVE-2007-0552 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Onnac
CVE-2007-0551 (Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php ...)
- TODO: check
+ NOT-FOR-US: CMSimple
CVE-2007-0550 (Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard ...)
- TODO: check
+ NOT-FOR-US: 212cafe Guestbook
CVE-2007-0549 (Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard ...)
- TODO: check
+ NOT-FOR-US: 212cafe Guestbook
CVE-2007-0548 (KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: KarjaSoft
CVE-2007-0547 (Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and ...)
- TODO: check
+ NOT-FOR-US: CGI RESCUE
CVE-2007-0546 (Toxiclab Shoutbox 1 stores sensitive information under the web root ...)
- TODO: check
+ NOT-FOR-US: Toxiclab Shoutbox
CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the web root ...)
- TODO: check
+ NOT-FOR-US: Maxtricity Tagger
CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka ...)
- TODO: check
+ NOT-FOR-US: MyBulletinBoard)
CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under the web ...)
- TODO: check
+ NOT-FOR-US: ZixForum
CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe ...)
- TODO: check
+ NOT-FOR-US: 212cafe Guestbook
CVE-2007-0541 (WordPress allows remote attackers to determine the existence of ...)
- wordpress 2.1.0-1 (low)
CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service ...)
@@ -37,33 +37,33 @@
CVE-2007-0539 (WordPress before 2.1 allows remote attackers to cause a denial of ...)
- wordpress 2.1.0-1 (low)
CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Telligent
CVE-2007-0537 (Konqueror 3.5.5 does not properly parse HTML comments, which allows ...)
TODO: check
CVE-2007-0536 (The chroot helper in rMake for rPath Linux 1 does not drop ...)
- TODO: check
+ NOT-FOR-US: rPath
CVE-2007-0535 (Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly ...)
- TODO: check
+ NOT-FOR-US: Vote! Pro
CVE-2007-0534 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project ...)
TODO: check
CVE-2007-0533 (The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and ...)
- TODO: check
+ NOT-FOR-US: Borland Delphi
CVE-2007-0532 (Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive ...)
- TODO: check
+ NOT-FOR-US: Uploader
CVE-2007-0531 (PHP remote file inclusion vulnerability in includes/login.php in ...)
- TODO: check
+ NOT-FOR-US: FreeWebShop
CVE-2007-0530 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Advanced Guestbook
CVE-2007-0529 (Cross-site scripting (XSS) vulnerability in index.html (aka the ...)
- TODO: check
+ NOT-FOR-US: PHP Link Directory
CVE-2007-0528 (The admin web console implemented by the Centrality Communications ...)
- TODO: check
+ NOT-FOR-US: Centrality Communications
CVE-2007-0527 (SQL injection vulnerability in class.login.php in Website Baker 2.6.5 ...)
- TODO: check
+ NOT-FOR-US: Website Baker
CVE-2007-0526 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 ...)
- TODO: check
+ NOT-FOR-US: Bitweaver
CVE-2007-0525 (Multiple buffer overflows in Nickolas Grigoriadis Mini Web server ...)
- TODO: check
+ NOT-FOR-US: Mini Web server
CVE-2007-0524 (The LG Chocolate KG800 phone allows remote attackers to cause a denial ...)
NOT-FOR-US: LG
CVE-2007-0523 (The Nokia N70 phone allows remote attackers to cause a denial of ...)
@@ -73,29 +73,30 @@
CVE-2007-0521 (The Sony Ericsson K700i and W810i phones allow remote attackers to ...)
NOT-FOR-US: Sony Ericsson
CVE-2007-0520 (SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x ...)
- TODO: check
+ NOT-FOR-US: Unique Ads
CVE-2007-0519 (Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U ...)
- TODO: check
+ NOT-FOR-US: XMB Host
CVE-2007-0518 (Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive ...)
- TODO: check
+ NOT-FOR-US: Scriptsez
CVE-2007-0517 (Scriptsez Random PHP Quote 1.0 stores sensitive information under the ...)
- TODO: check
+ NOT-FOR-US: Scriptsez
CVE-2007-0516 (Yana Framework before 2.8.5a allows remote authenticated users with ...)
- TODO: check
+ NOT-FOR-US: Yana
CVE-2007-0515 (Unspecified vulnerability in Microsoft Word allows user-assisted ...)
TODO: check
CVE-2007-0514 (Multiple cross-site scripting (XSS) vulnerabilities in multiple ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2007-0513 (Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2007-0512 (Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2007-0511 (Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM ...)
- TODO: check
+ NOT-FOR-US: phpXD
CVE-2007-0510 (Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) ...)
- TODO: check
+ - awffull <unfixed> (unimportant)
+ NOTE: This appears to be a bug without a vulnerability vector.
CVE-2007-0509 (Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have ...)
- TODO: check
+ NOT-FOR-US: MaklerPlus
CVE-2007-0507 (SQL injection vulnerability in the Acidfree module for Drupal before ...)
TODO: check
CVE-2007-0506 (The project_issue_access function in the Project issue tracking 4.7.0 ...)
@@ -103,41 +104,41 @@
CVE-2007-0505 (Unrestricted file upload vulnerability in the Project issue tracking ...)
TODO: check
CVE-2007-0504 (Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and ...)
- TODO: check
+ NOT-FOR-US: Vote! Pro
CVE-2007-0503 (Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 ...)
- TODO: check
+ NOT-FOR-US: Sun
CVE-2007-0502 (SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows ...)
- TODO: check
+ NOT-FOR-US: webSPELL
CVE-2007-0501 (PHP remote file inclusion vulnerability in index.php in Mafia Scum ...)
- TODO: check
+ NOT-FOR-US: Advanced Random Generators
CVE-2007-0500 (PHP remote file inclusion vulnerability in include/includes.php in ...)
- TODO: check
+ NOT-FOR-US: Bradabra
CVE-2007-0499 (PHP remote file inclusion vulnerability in config.php in Sangwan Kim ...)
- TODO: check
+ NOT-FOR-US: phpIndexPage
CVE-2007-0498 (PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta ...)
- TODO: check
+ NOT-FOR-US: MySpeach
CVE-2007-0497 (PHP remote file inclusion vulnerability in upload/top.php in ...)
- TODO: check
+ NOT-FOR-US: Upload-Service
CVE-2007-0496 (PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs ...)
- TODO: check
+ NOT-FOR-US: Neon Lab
CVE-2007-0495 (PHP remote file inclusion vulnerability in include/config.inc.php in ...)
- TODO: check
+ NOT-FOR-US: PhpSherpa
CVE-2007-0492 (Multiple SQL injection vulnerabilities in gallery.php in webSPELL ...)
- TODO: check
+ NOT-FOR-US: webSPELL
CVE-2007-0491 (PHP remote file inclusion vulnerability in up.php in Sky GUNNING ...)
NOT-FOR-US: MySpeach
CVE-2007-0490 (index.php in Open-Realty 2.3.4 allows remote attackers to obtain ...)
NOT-FOR-US: Open-Realty
CVE-2007-0489 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: VisoHotlink
CVE-2007-0488 (The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2007-0487 (PHP remote file inclusion vulnerability in index.php in FreeForum ...)
NOT-FOR-US: FreeForum
CVE-2007-0486 (Multiple PHP remote file inclusion vulnerabilities in Openads (aka ...)
NOT-FOR-US: Openads
CVE-2007-0485 (PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 ...)
- TODO: check
+ NOT-FOR-US: Webdev
CVE-2007-0484 (Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote ...)
NOT-FOR-US: ReviewPost
CVE-2007-0483 (Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 ...)
@@ -155,7 +156,7 @@
CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads before 2.3.31 (aka ...)
NOT-FOR-US: Openads
CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, ...)
- TODO: check
+ - openldap2 <not-affected> (Gentoo packaging bug)
CVE-2007-0475
RESERVED
CVE-2007-0474
@@ -279,7 +280,7 @@
CVE-2007-0445
RESERVED
CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2007-0443
RESERVED
CVE-2007-0442 (Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown ...)
@@ -507,6 +508,7 @@
RESERVED
CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not ...)
TODO: check
+ NOTE: it is unclear if 1.1.5 is vulnerable (is_repository_file is not in 1.1.5 source)
CVE-2007-0346 (SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows ...)
NOT-FOR-US: FileMailer
CVE-2007-0345 (The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain ...)
@@ -1422,7 +1424,7 @@
CVE-2007-0019 (Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and ...)
NOT-FOR-US: Maxum Rumpus
CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control ...)
- TODO: check
+ NOT-FOR-US: NCTAudioFile2 ActiveX control
CVE-2007-0017 (Multiple format string vulnerabilities in (1) the cdio_log_handler ...)
{DSA-1252-1}
- vlc 0.8.6-svn20061012.debian-1.2 (bug #405425; medium)
@@ -11785,7 +11787,7 @@
CVE-2006-2308 (Directory traversal vulnerability in the IMAP service in EServ/3 3.25 ...)
NOT-FOR-US: EServ
CVE-2006-2307 (Cross-site scripting (XSS) vulnerability in Website Baker CMS before ...)
- NOT-FOR-US: Webiste Banker
+ NOT-FOR-US: Website Baker
CVE-2006-2306 (Cross-site scripting (XSS) vulnerability in moreinfo.asp in ...)
NOT-FOR-US: EPublisherPro
CVE-2006-2305 (Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS allow ...)
More information about the Secure-testing-commits
mailing list