[Secure-testing-commits] r5761 - data/CVE
Florian Weimer
fw at alioth.debian.org
Tue May 1 12:39:13 UTC 2007
Author: fw
Date: 2007-05-01 12:39:10 +0000 (Tue, 01 May 2007)
New Revision: 5761
Modified:
data/CVE/list
Log:
CVE-2007-2318: filezilla
CVE-2007-2293, CVE-2007-2294: asterisk
CVE-2007-2292: Mozilla browsers
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-05-01 12:04:47 UTC (rev 5760)
+++ data/CVE/list 2007-05-01 12:39:10 UTC (rev 5761)
@@ -23,49 +23,50 @@
CVE-2007-2320 (SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier ...)
NOT-FOR-US: Papoo
CVE-2007-2319 (PHP remote file inclusion vulnerability in the AutoStand 1.1 and ...)
- TODO: check
+ NOT-FOR-US: AutoStand
CVE-2007-2318 (Multiple format string vulnerabilities in FileZilla before 2.2.32 ...)
- TODO: check
+ - filezilla <unfixed> (bug #421776)
+ NOTE: http://sourceforge.net/project/shownotes.php?release_id=501534&group_id=21558
CVE-2007-2317 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...)
NOT-FOR-US: MiniBB
CVE-2007-2316 (Unspecified vulnerability in the admin script in Open Business ...)
- TODO: check
+ NOT-FOR-US: Open Business Management
CVE-2007-2315 (MiniShare 1.5.4, and possibly earlier, allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: MiniShare
CVE-2007-2314 (Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly ...)
NOT-FOR-US: Crea-Book
CVE-2007-2313 (PHP remote file inclusion vulnerability in getinfo1.php in the ...)
- TODO: check
+ NOT-FOR-US: Shotcast module for mxBB
CVE-2007-2312 (Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 ...)
NOT-FOR-US: Virtual War (VWar)
CVE-2007-2311 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: BlooFoxCMS
CVE-2007-2310 (Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php ...)
- TODO: check
+ NOT-FOR-US: BloofoxCMS
CVE-2007-2309 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 ...)
- TODO: check
+ NOT-FOR-US: FloweRS
CVE-2007-2308 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 ...)
- TODO: check
+ NOT-FOR-US: FloweRS
CVE-2007-2307 (PHP remote file inclusion vulnerability in engine/engine.inc.php in ...)
- TODO: check
+ NOT-FOR-US: WebKalk2
CVE-2007-2306 (Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War ...)
NOT-FOR-US: Virtual War (VWar)
CVE-2007-2305 (Multiple SQL injection vulnerabilities in authenticate.php in Quick ...)
- TODO: check
+ NOT-FOR-US: QDBlog
CVE-2007-2304 (Multiple directory traversal vulnerabilities in Quick and Dirty Blog ...)
- TODO: check
+ NOT-FOR-US: QDBlog
CVE-2007-2303 (Directory traversal vulnerability in includes/footer.php in News ...)
NOT-FOR-US: NMDeluxe
CVE-2007-2302 (PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 ...)
- TODO: check
+ NOT-FOR-US: Expow
CVE-2007-2301 (Multiple PHP remote file inclusion vulnerabilities in audioCMS arash ...)
- TODO: check
+ NOT-FOR-US: audioCMS
CVE-2007-2300 (Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto ...)
- TODO: check
+ NOT-FOR-US: phpwebnews
CVE-2007-2299 (Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier ...)
NOT-FOR-US: CMS Frogss
CVE-2007-2298 (Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 ...)
- TODO: check
+ NOT-FOR-US: Garennes
CVE-2007-2297 (The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x ...)
TODO: check
CVE-2007-2296 (Integer overflow in the FlipFileTypeAtom_BtoN function in Apple ...)
@@ -73,15 +74,19 @@
CVE-2007-2295 (Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple ...)
NOT-FOR-US: Apple QuickTime
CVE-2007-2294 (The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 ...)
- TODO: check
+ - asterisk 1:1.4.3~dfsg-1 (low)
CVE-2007-2293 (Multiple stack-based buffer overflows in the process_sdp function in ...)
- TODO: check
+ - asterisk 1:1.4.3~dfsg-1 (high)
CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication in Mozilla ...)
- TODO: check
+ - iceweasel (low)
+ - firefox <removed> (low)
+ - mozilla <removed> (low)
CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication in Microsoft ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2290 (Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and ...)
- TODO: check
+ NOT-FOR-US: B2 Weblog
+ NOTE: Debian's b2evolution does not contain the string "b2inc",
+ NOTE: and does not seem to suffer from this vulnerability.
CVE-2007-2289 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Download-Engine
CVE-2007-2288 (PHP remote file inclusion vulnerability in info.php in Doruk100.net ...)
@@ -171,7 +176,7 @@
CVE-2007-2248 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...)
NOT-FOR-US: Phorum
CVE-2007-2247 (SQL injection vulnerability in modules/news/article.php in phpMySpace ...)
- TODO: check
+ NOT-FOR-US: phpMySpace
CVE-2007-2246 (Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running ...)
NOT-FOR-US: HP-UX
CVE-2007-2245 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
More information about the Secure-testing-commits
mailing list