[Secure-testing-commits] r6036 - data/CVE
keescook-guest at alioth.debian.org
keescook-guest at alioth.debian.org
Wed Jun 20 20:41:05 UTC 2007
Author: keescook-guest
Date: 2007-06-20 20:41:05 +0000 (Wed, 20 Jun 2007)
New Revision: 6036
Modified:
data/CVE/list
Log:
unfixed: jffnms, fixed: jffnms vim
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-06-20 16:59:37 UTC (rev 6035)
+++ data/CVE/list 2007-06-20 20:41:05 UTC (rev 6036)
@@ -97,7 +97,8 @@
- php4 <unfixed> (low)
- php5 <unfixed> (low)
CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network ...)
- NOT-FOR-US: Just For Fun Network Management System (JFFNMS)
+ - jffnms <unfixed> (high)
+ NOTE: the fix for CVE-2007-3190 is incomplete (the 'pass' param can still contain an injection)
CVE-2007-3203 (Stack-based buffer overflow in smtpdll.dll in the SMTP service in ...)
NOT-FOR-US: 602Pro LAN SUITE
CVE-2007-3202 (Cross-site scripting (XSS) vulnerability in the rich text editor in ...)
@@ -121,13 +122,13 @@
CVE-2007-3193 (lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the ...)
- phpwiki <unfixed> (low; bug #429201)
CVE-2007-3192 (admin/setup.php in Just For Fun Network Management System (JFFNMS) ...)
- NOT-FOR-US: Just For Fun Network Management System (JFFNMS)
+ - jffnms <unfixed> (medium)
CVE-2007-3191 (Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote ...)
- NOT-FOR-US: Just For Fun Network Management System (JFFNMS)
+ - jffnms 0.8.3dfsg.1-4
CVE-2007-3190 (Multiple SQL injection vulnerabilities in auth.php in Just For Fun ...)
- NOT-FOR-US: Just For Fun Network Management System (JFFNMS)
+ - jffnms 0.8.3dfsg.1-4
CVE-2007-3189 (Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun ...)
- NOT-FOR-US: Just For Fun Network Management System (JFFNMS)
+ - jffnms 0.8.3dfsg.1-4
CVE-2007-3188 (SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX ...)
NOT-FOR-US: Fullaspsite GeometriX Download Portal
CVE-2007-3187 (Multiple unspecified vulnerabilities in Apple Safari for Windows allow ...)
@@ -266,8 +267,6 @@
NOT-FOR-US: Microsoft
CVE-2005-4841 (The Outlook Progress Ctl control allows remote attackers to cause a ...)
NOT-FOR-US: Microsoft
-CVE-2007-XXXX [jffnms multiple issues]
- - jffnms 0.8.3dfsg.1-4
CVE-2007-3129
RESERVED
CVE-2007-3128
@@ -1017,7 +1016,7 @@
CVE-2007-2793 (PHP remote file inclusion vulnerability in ImageImageMagick.php in ...)
- geeklog <itp> (bug #203818)
CVE-2007-2792 (SQL injection vulnerability in index.php in the com_yanc 1.4 beta ...)
- NOT-FOR-US: com_yanc
+ NOT-FOR-US: com_yanc for Mambo
NOTE: com_yanc component not in Mambo Debian package
CVE-2007-2791 (Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX ...)
NOT-FOR-US: HP Tru64
@@ -1058,7 +1057,7 @@
CVE-2007-2775 (AlstraSoft Live Support 1.21 sends a redirect to the web browser but ...)
NOT-FOR-US: AlstraSoft Live Support
CVE-2007-2774 (Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 ...)
- NOT-FOR-US: SunLight CMS
+ NOT-FOR-US: SunLight CMS
CVE-2007-2773 (SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in ...)
NOT-FOR-US: Zomplog
CVE-2007-2772 ((1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and ...)
@@ -1082,7 +1081,7 @@
CVE-2007-2765 (blockhosts.py in BlockHosts before 2.0.3 does not properly parse ...)
NOT-FOR-US: BlockHosts
CVE-2007-2764 (The embedded Linux kernel in certain Sun-Brocade SilkWorm switches ...)
- NOT-FOR-US: Sun switches
+ NOT-FOR-US: Sun-Brocade SilkWorm
CVE-2007-2763 (Buffer overflow in the UnlockSupport function in the LockModules ...)
NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control
CVE-2007-2762 (Multiple PHP remote file inclusion vulnerabilities in Build it Fast ...)
@@ -1122,9 +1121,9 @@
CVE-2007-2747 (Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before ...)
NOT-FOR-US: rdiffWeb
CVE-2007-2746 (The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain ...)
- NOT-FOR-US: Plain Black WebGUI
+ NOT-FOR-US: Plain Black WebGUI
CVE-2007-2745 (Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk ...)
- NOT-FOR-US: vDesk
+ NOT-FOR-US: vDesk Webmail
CVE-2007-2744 (Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX ...)
NOT-FOR-US: PrecisionID
CVE-2007-2743 (PHP remote file inclusion vulnerability in custom_vars.php in ...)
@@ -1146,7 +1145,7 @@
CVE-2007-2735 (SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 ...)
NOT-FOR-US: ResManager for Xoops
CVE-2007-2734 (The 3Com TippingPoint IPS do not properly handle certain full-width ...)
- NOT-FOR-US: TippingPoint IPS
+ NOT-FOR-US: 3Com TippingPoint IPS
CVE-2007-2733 (Unrestricted file upload vulnerability in Jetbox CMS allows remote ...)
NOT-FOR-US: Jetbox CMS
CVE-2007-2732 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS ...)
@@ -1420,7 +1419,7 @@
CVE-2007-2607 (PHP remote file inclusion vulnerability in views/print/printbar.php in ...)
NOT-FOR-US: LaVague
CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to trigger ...)
- TODO: check
+ - vim 1:7.1-000+1 (medium)
CVE-2007-2605 (Unspecified vulnerability in the GetPropertyById function in ...)
NOT-FOR-US: Brujula Toolbar
CVE-2007-2604 (Unspecified vulnerability in the FlexLabel ActiveX control allows ...)
@@ -1778,11 +1777,11 @@
CVE-2007-2442
RESERVED
CVE-2007-2441 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
- NOT-FOR-US: Caucho Resin
+ NOT-FOR-US: Caucho Resin Professional
CVE-2007-2440 (Directory traversal vulnerability in Caucho Resin Professional 3.1.0 ...)
- NOT-FOR-US: Caucho Resin
+ NOT-FOR-US: Caucho Resin Professional
CVE-2007-2439 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
- NOT-FOR-US: Caucho Resin
+ NOT-FOR-US: Caucho Resin Professional
CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1) writefile, ...)
- vim <unfixed> (medium)
NOTE: Exploitable through modelines.
More information about the Secure-testing-commits
mailing list