[Secure-testing-commits] r6201 - data/CVE

stef-guest at alioth.debian.org stef-guest at alioth.debian.org
Tue Jul 31 20:38:30 UTC 2007


Author: stef-guest
Date: 2007-07-31 20:38:30 +0000 (Tue, 31 Jul 2007)
New Revision: 6201

Modified:
   data/CVE/list
Log:
already fixed: lighttpd
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-07-31 20:07:36 UTC (rev 6200)
+++ data/CVE/list	2007-07-31 20:38:30 UTC (rev 6201)
@@ -252,83 +252,85 @@
 CVE-2007-3994
 	RESERVED
 CVE-2007-3993 (Unspecified vulnerability in the attachment filter in Kerio MailServer ...)
-	TODO: check
+	NOT-FOR-US: Kerio MailServer
 CVE-2007-3992 (SQL injection vulnerability in vir_login.asp in iExpress Property Pro ...)
-	TODO: check
+	NOT-FOR-US: iExpress Property Pro
 CVE-2007-3991 (Multiple cross-site scripting (XSS) vulnerabilities in cv.asp in Asp ...)
-	TODO: check
+	NOT-FOR-US: Asp cvmatik
 CVE-2007-3990 (SQL injection vulnerability in default.asp in Dora Emlak 1.0, when the ...)
-	TODO: check
+	NOT-FOR-US: Dora Emlak
 CVE-2007-3989 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...)
-	TODO: check
+	NOT-FOR-US: Dora Emlak
 CVE-2007-3988 (Session fixation vulnerability in Virtual Hosting Control System ...)
-	TODO: check
+	NOT-FOR-US: Virtual Hosting Control System
 CVE-2007-3987 (SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, ...)
-	TODO: check
+	NOT-FOR-US: ImageRacer
 CVE-2007-3986 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...)
-	TODO: check
+	NOT-FOR-US: Secure Computing SecurityReporter
 CVE-2007-3985 (Directory traversal vulnerability in file.cgi in Secure Computing ...)
-	TODO: check
+	NOT-FOR-US: Secure Computing SecurityReporter
 CVE-2007-3984 (Buffer overflow in a certain ActiveX control in the NixonMyPrograms ...)
-	TODO: check
+	NOT-FOR-US: Zenturi ProgramChecker
 CVE-2007-3983 (Absolute path traversal vulnerability in the Data Dynamics ...)
-	TODO: check
+	NOT-FOR-US: ActiveReports
 CVE-2007-3982 (Absolute path traversal vulnerability in the Data Dynamics ...)
-	TODO: check
+	NOT-FOR-US: ActiveReports
 CVE-2007-3981 (SQL injection vulnerability in index.php in WSN Links Basic Edition ...)
-	TODO: check
+	NOT-FOR-US: WSN Links
 CVE-2007-3980 (PHP remote file inclusion vulnerability in page.php in RCMS Pro ...)
-	TODO: check
+	NOT-FOR-US: RCMS Pro RGameScript Pro
 CVE-2007-3979 (SQL injection vulnerability in index.php in BlogSite Professional (aka ...)
-	TODO: check
+	NOT-FOR-US: BlogSite Professional
 CVE-2007-3978 (Session fixation vulnerability in bwired allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: bwired
 CVE-2007-3977 (Cross-site scripting (XSS) vulnerability in bwired allows remote ...)
-	TODO: check
+	NOT-FOR-US: bwired
 CVE-2007-3976 (SQL injection vulnerability in index.php in bwired allows remote ...)
-	TODO: check
+	NOT-FOR-US: bwired
 CVE-2007-3975 (Cross-site scripting (XSS) vulnerability in index.php in Elite Forum ...)
-	TODO: check
+	NOT-FOR-US: Elite Forum
 CVE-2007-3974 (admin/ajoutaut.php in JBlog 1.0 does not require authentication, which ...)
-	TODO: check
+	NOT-FOR-US: JBlog
 CVE-2007-3973 (Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow ...)
-	TODO: check
+	NOT-FOR-US: JBlog
 CVE-2007-3972 (ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a ...)
-	TODO: check
+	NOT-FOR-US: ESET NOD32 Antivirus
 CVE-2007-3971 (Integer overflow in ESET NOD32 Antivirus before 2.2289 allows remote ...)
-	TODO: check
+	NOT-FOR-US: ESET NOD32 Antivirus
 CVE-2007-3970 (Race condition in ESET NOD32 Antivirus before 2.2289 allows remote ...)
-	TODO: check
+	NOT-FOR-US: ESET NOD32 Antivirus
 CVE-2007-3969 (Buffer overflow in Panda Antivirus before 20070720 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Panda Antivirus
 CVE-2007-3968 (index.php in dirLIST before 0.1.1 allows remote attackers to list the ...)
-	TODO: check
+	NOT-FOR-US: dirLIST
 CVE-2007-3967 (Directory traversal vulnerability in index.php in PHP Directory Lister ...)
-	TODO: check
+	NOT-FOR-US: dirLIST
 CVE-2007-3966 (SQL injection vulnerability in Munch Pro allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Munch Pro
 CVE-2007-3965 (Unspecified vulnerability in uFMOD before 1.2.5 has unknown impact and ...)
-	TODO: check
+	NOT-FOR-US: uFMOD
 CVE-2007-3964 (Itaka before 0.2.1, when using Authentication mode, allows remote ...)
-	TODO: check
+	NOT-FOR-US: Itaka
 CVE-2007-3963 (Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, ...)
-	TODO: check
+	NOT-FOR-US: UseBB
 CVE-2007-3962 (Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 ...)
-	TODO: check
+	NOT-FOR-US: fsplib
+	NOTE: vulnerable code not present in fsp
 CVE-2007-3961 (Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib ...)
-	TODO: check
+	NOT-FOR-US: fsplib
+	NOTE: vulnerable code not present in fsp
 CVE-2007-3960 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2007-3959 (The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier ...)
-	TODO: check
+	NOT-FOR-US: Ipswitch Collaboration Suite (ICS)
 CVE-2007-3958 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...)
 	NOT-FOR-US: Microsoft
 CVE-2007-3957 (Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote ...)
-	TODO: check
+	NOT-FOR-US: Nipun Jain xserver
 CVE-2007-3956 (TeamSpeak WebServer 2.0 for Windows does not validate parameter value ...)
 	TODO: check
 CVE-2007-3955 (Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in ...)
-	TODO: check
+	NOT-FOR-US: LinkedIn Toolbar
 CVE-2007-3954 (Argument injection vulnerability in Microsoft Internet Explorer, when ...)
 	NOT-FOR-US: Microsoft
 CVE-2007-3953 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote ...)
@@ -338,17 +340,17 @@
 CVE-2007-3951 (Multiple buffer overflows in Norman Antivirus 5.90 allow remote ...)
 	NOT-FOR-US: Norman Antivirus
 CVE-2007-3950 (lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers ...)
-	TODO: check
+	- lighttpd 1.4.16-1 (bug #434888)
 CVE-2007-3949 (mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters ...)
-	TODO: check
+	- lighttpd 1.4.16-1 (bug #434888)
 CVE-2007-3948 (connections.c in lighttpd before 1.4.16 might accept more connections ...)
-	TODO: check
+	- lighttpd 1.4.16-1 (bug #434888)
 CVE-2007-3947 (request.c in lighttpd 1.4.15 allows remote attackers to cause a denial ...)
-	TODO: check
+	- lighttpd 1.4.16-1 (bug #434888)
 CVE-2007-3946 (mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote ...)
-	TODO: check
+	- lighttpd 1.4.16-1 (bug #434888)
 CVE-2007-3945 (Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly ...)
-	TODO: check
+	NOT-FOR-US: Rule Set Based Access Control (RSBAC)
 CVE-2007-3944 (Unspecified vulnerability in Safari (MobileSafari) on the Apple iPhone ...)
 	TODO: check
 CVE-2007-3943 (SQL injection vulnerability in Infinite Responder before 1.48 allows ...)
@@ -384,9 +386,9 @@
 CVE-2007-3928 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote ...)
 	TODO: check
 CVE-2007-3927 (Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 ...)
-	TODO: check
+	NOT-FOR-US: Ipswitch IMail Server
 CVE-2007-3926 (Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Ipswitch IMail Server
 CVE-2007-3925 (Multiple buffer overflows in the IMAP service (imapd32.exe) in ...)
 	TODO: check
 CVE-2007-3924 (Argument injection vulnerability in Microsoft Internet Explorer, when ...)
@@ -426,7 +428,7 @@
 CVE-2007-3907 (Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 ...)
 	TODO: check
 CVE-2007-3906 (Unspecified vulnerability in Kaspersky Anti-Virus for Check Point ...)
-	TODO: check
+	NOT-FOR-US: Kaspersky Anti-Virus
 CVE-2007-3905 (SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote ...)
 	TODO: check
 CVE-2007-3904




More information about the Secure-testing-commits mailing list