[Secure-testing-commits] r5592 - data/CVE
Kees Cook
keescook-guest at alioth.debian.org
Mon Mar 26 22:35:51 CET 2007
Author: keescook-guest
Date: 2007-03-26 21:35:48 +0000 (Mon, 26 Mar 2007)
New Revision: 5592
Modified:
data/CVE/list
Log:
NFUs: 38
unfixed: kdelibs php5 xmms
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-03-26 20:16:53 UTC (rev 5591)
+++ data/CVE/list 2007-03-26 21:35:48 UTC (rev 5592)
@@ -23,37 +23,37 @@
- php5 <unfixed> (unimportant)
NOTE: Only triggerable by malicious script
CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOT-FOR-US: FTPDMIN
CVE-2007-1579 (Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote ...)
- TODO: check
+ NOT-FOR-US: MERCUR IMAPD
CVE-2007-1578 (Multiple integer signedness errors in the NTLM implementation in ...)
- TODO: check
+ NOT-FOR-US: MERCUR IMAPD
CVE-2007-1577 (Directory traversal vulnerability in index.php in GeBlog 0.1 allows ...)
- TODO: check
+ NOT-FOR-US: GeBlog
CVE-2007-1576 (Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt ...)
- TODO: check
+ NOT-FOR-US: PHProjekt
CVE-2007-1575 (Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when ...)
- TODO: check
+ NOT-FOR-US: PHProjekt
CVE-2007-1574 (CARE2X 2.2, and possibly earlier, allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: CARE2X
CVE-2007-1573 (SQL injection vulnerability in admincp/attachment.php in Jelsoft ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2007-1572 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and ...)
- TODO: check
+ NOT-FOR-US: JGBBS
CVE-2007-1571 (PHP remote file inclusion vulnerability in includes/base.php in ...)
- TODO: check
+ NOT-FOR-US: Activist Mobilization Platform
CVE-2007-1570 (SQL injection vulnerability in devami.asp in X-ice Haber Sistemi (aka ...)
- TODO: check
+ NOT-FOR-US: Haber Sistemi
CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote ...)
- TODO: check
+ NOT-FOR-US: NewsBin Pro
CVE-2007-1568 (Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 ...)
- TODO: check
+ NOT-FOR-US: NewsReactor
CVE-2007-1567 (Stack-based buffer overflow in War FTP Daemon 1.65, and possibly ...)
NOT-FOR-US: WarFTPd
CVE-2007-1566 (SQL injection vulnerability in News/page.asp in NetVIOS Portal allows ...)
- TODO: check
+ NOT-FOR-US: NetVIOS Portal
CVE-2007-1565 (Konqueror 3.5.5 allows remote attackers to cause a denial of service ...)
- TODO: check
+ - kdelibs <unfixed> (unimportant)
CVE-2007-1564 (The FTP protocol implementation in Konqueror 3.5.5 allows remote ...)
- kdelibs 4:3.5.5a.dfsg.1-7
CVE-2007-1563 (The FTP protocol implementation in Opera 9.10 allows remote attackers ...)
@@ -69,23 +69,23 @@
CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client Security ...)
NOT-FOR-US: F-Secure
CVE-2007-1556 (SQL injection vulnerability in kommentare.php in Creative Files 1.2 ...)
- TODO: check
+ NOT-FOR-US: Creative Files
CVE-2007-1555 (SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 ...)
- TODO: check
+ NOT-FOR-US: Minerva module of phpBB
CVE-2007-1554 (Direct static code injection vulnerability in admin/configuration.php ...)
- TODO: check
+ NOT-FOR-US: Guestbara
CVE-2007-1553 (admin/configuration.php in Guestbara 1.2 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: Guestbara
CVE-2007-1552 (Unrestricted file upload vulnerability in usercp.php in MetaForum ...)
- TODO: check
+ NOT-FOR-US: MetaForum
CVE-2007-1551 (Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 ...)
- TODO: check
+ NOT-FOR-US: phpx
CVE-2007-1550 (Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote ...)
- TODO: check
+ NOT-FOR-US: phpx
CVE-2007-1549 (Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 ...)
- TODO: check
+ NOT-FOR-US: phpx
CVE-2007-1548 (SQL injection vulnerability in functions/functions_filters.asp in Web ...)
- TODO: check
+ NOT-FOR-US: Web Wiz Forums
CVE-2007-1547 (The ReadRequestFromClient function in server/os/io.c in Network Audio ...)
- nas 1.8-4 (low; bug #416038)
CVE-2007-1546 (Array index error in Network Audio System (NAS) before 1.8a SVN 237 ...)
@@ -103,7 +103,7 @@
CVE-2007-1540 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 and ...)
- sql-ledger <unfixed> (bug #409703)
CVE-2007-1539 (Directory traversal vulnerability in inc/map.func.php in pragmaMX ...)
- TODO: check
+ NOT-FOR-US: pragmaMX Landkarten
CVE-2007-1538 (** DISPUTED ** ...)
NOT-FOR-US: McAfee
CVE-2007-1537 (\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 ...)
@@ -131,11 +131,11 @@
CVE-2007-1527 (The LLTD Mapper in Microsoft Windows Vista does not verify that an IP ...)
NOT-FOR-US: Microsoft
CVE-2007-1526 (Sun Java System Web Server 6.1 before 20070314 allows remote ...)
- TODO: check
+ NOT-FOR-US: Sun Java System Web Server
CVE-2007-1525 (Direct static code injection vulnerability in postpost.php in Dayfox ...)
- TODO: check
+ NOT-FOR-US: Dayfox Blog
CVE-2007-1524 (Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 ...)
- TODO: check
+ NOT-FOR-US: ZomPlog
CVE-2007-1523 (Heap-based buffer overflow in the kernel in NetBSD 3.0, certain ...)
TODO: check
CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0 and ...)
@@ -143,19 +143,19 @@
CVE-2007-1521 (Double free vulnerability in PHP 5.2.1 and earlier allows ...)
- php5 <unfixed>
CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 does ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2007-1518 (SQL injection vulnerability in usergroups.php in Woltlab Burning Board ...)
- TODO: check
+ NOT-FOR-US: Woltlab Burning Board
CVE-2007-1517 (SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 ...)
- TODO: check
+ NOT-FOR-US: WSN Guest
CVE-2006-7174 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
- TODO: check
+ NOT-FOR-US: Dimension module of phpBB
CVE-2006-7173 (Direct static code injection vulnerability in admin.php in PHP-Stats ...)
- TODO: check
+ NOT-FOR-US: PHP-Stats
CVE-2006-7172 (Multiple SQL injection vulnerabilities in php-stats.recphp.php in ...)
- TODO: check
+ NOT-FOR-US: PHP-Stats
CVE-2003-1322 (Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR ...)
TODO: check
CVE-2007-1561 (Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers ...)
@@ -302,7 +302,7 @@
CVE-2007-1453 (Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ...)
- php5 <unfixed> (medium)
CVE-2007-1452 (The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement ...)
- TODO: check
+ - php5 <unfixed>
CVE-2007-1451 (GuppY 4.0 allows remote attackers to delete arbitrary files via a ...)
NOT-FOR-US: GuppY
CVE-2007-1450 (SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and ...)
@@ -438,7 +438,7 @@
CVE-2007-1397 (Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) ...)
NOT-FOR-US: FiSH IRC Encryption
CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through 5.2.1, when ...)
- TODO: check
+ - php5 <unfixed>
CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 ...)
- phpmyadmin <unfixed> (medium)
CVE-2007-1394 (Direct static code injection vulnerability in startsession.php in Flat ...)
@@ -607,7 +607,7 @@
CVE-2007-1314
RESERVED
CVE-2007-1313 (NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly ...)
- TODO: check
+ NOT-FOR-US: NETxAutomation NETxEIB OPC Server
CVE-2007-1312
RESERVED
CVE-2007-1311
@@ -2576,9 +2576,9 @@
CVE-2007-0655
RESERVED
CVE-2007-0654 (Integer underflow in X MultiMedia System (xmms) 1.2.10 allows ...)
- TODO: check
+ - xmms <unfixed> (low)
CVE-2007-0653 (Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly ...)
- TODO: check
+ - xmms <unfixed> (low)
CVE-2007-0652 (Cross-site request forgery (CSRF) vulnerability in MailEnable Professional ...)
NOT-FOR-US: MailEnable Professional
CVE-2007-0651 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable ...)
@@ -2676,9 +2676,9 @@
CVE-2007-0608
RESERVED
CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores ...)
- TODO: check
+ NOT-FOR-US: Web-Agora
CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive information ...)
- TODO: check
+ NOT-FOR-US: Web-Agora
CVE-2007-0605
RESERVED
CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) before ...)
@@ -3301,7 +3301,7 @@
CVE-2007-0349 (Directory traversal vulnerability in upgrade.php in nicecoder.com ...)
NOT-FOR-US: INDEXU
CVE-2007-0348 (Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in ...)
- TODO: check
+ NOT-FOR-US: ActiveX control in InterActual Player
CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not ...)
TODO: check
NOTE: it is unclear if 1.1.5 is vulnerable (is_repository_file is not in 1.1.5 source)
More information about the Secure-testing-commits
mailing list