[Secure-testing-commits] r5773 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Wed May 2 21:57:23 UTC 2007
Author: stef-guest
Date: 2007-05-02 21:57:19 +0000 (Wed, 02 May 2007)
New Revision: 5773
Modified:
data/CVE/list
Log:
- new libimager-perl issue
- new javascript hijacking issue in various ajax toolkits
- new mydns issue fixed
- new gimp issue fixed
- new axis issue unimportant
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-05-02 21:14:17 UTC (rev 5772)
+++ data/CVE/list 2007-05-02 21:57:19 UTC (rev 5773)
@@ -5,17 +5,17 @@
CVE-2007-2417
RESERVED
CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote ...)
- TODO: check
+ NOT-FOR-US: E-Annu
CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial ...)
- TODO: check
+ NOT-FOR-US: Pi3Web Web Server
CVE-2007-2414 (MyServer before 0.8.8 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: MyServer
CVE-2007-2413 (Heap-based buffer overflow in Imager before 0.57 allows remote ...)
- TODO: check
+ - libimager-perl <unfixed> (bug #421582)
CVE-2007-2412 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Seir Anphin
CVE-2007-2411 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Sphider
CVE-2007-2410
RESERVED
CVE-2007-2409
@@ -67,71 +67,73 @@
CVE-2007-2386
RESERVED
CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object ...)
- TODO: check
+ TODO: check yui
+ TODO: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
CVE-2007-2384 (The Script.aculo.us framework exchanges data using JavaScript Object ...)
- TODO: check
+ TODO: check glpi knowledgeroot mt-daapd op-panel python-webhelpers qwik rails wordpress
CVE-2007-2383 (The Prototype (prototypejs) framework exchanges data using JavaScript ...)
- TODO: check
+ TODO: check glpi hobix knowledgeroot libbio-ruby1.8 mt-daapd op-panel poker-web python-webhelpers qwik rails wordpress
CVE-2007-2382 (The Moo.fx framework exchanges data using JavaScript Object Notation ...)
TODO: check
CVE-2007-2381 (The MochiKit framework exchanges data using JavaScript Object Notation ...)
- TODO: check
+ TODO: check python-paste
CVE-2007-2380 (The Microsoft Atlas framework exchanges data using JavaScript Object ...)
TODO: check
CVE-2007-2379 (The jQuery framework exchanges data using JavaScript Object Notation ...)
TODO: check
CVE-2007-2378 (The Google Web Toolkit (GWT) framework exchanges data using JavaScript ...)
- TODO: check
+ NOT-FOR-US: Google Web Toolkit (GWT)
CVE-2007-2377 (The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data ...)
TODO: check
CVE-2007-2376 (The Dojo framework exchanges data using JavaScript Object Notation ...)
- TODO: check
+ NOT-FOR-US: Dojo
CVE-2007-2375 (The agent remote upgrade interface in Symantec Enterprise Security ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2007-2374 (Unspecified vulnerability in Microsoft Windows 2000, XP, and Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-2373 (SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) ...)
- TODO: check
+ NOT-FOR-US: WF-Links (wflinks) module for XOOPS
CVE-2007-2372 (admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...)
- TODO: check
+ NOT-FOR-US: phpMyNewsletter
CVE-2007-2371 (admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...)
- TODO: check
+ NOT-FOR-US: phpMyNewsletter
CVE-2007-2370 (SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 ...)
- TODO: check
+ NOT-FOR-US: Jobs module for XOOPS
CVE-2007-2369 (Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 ...)
- TODO: check
+ NOT-FOR-US: WebSPELL
CVE-2007-2368 (picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: WebSPELL
CVE-2007-2367 (Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) ...)
- TODO: check
+ NOT-FOR-US: Wserve HTTP Server (whttp)
CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted ...)
- TODO: check
+ NOT-FOR-US: Corel
CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2007-2364 (Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and ...)
- TODO: check
+ NOT-FOR-US: burnCMS
CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted ...)
- TODO: check
+ NOT-FOR-US: IrfanView
CVE-2007-2362 (Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) ...)
- TODO: check
+ - mydns 1:1.1.0-8
CVE-2007-2361 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2007-2360 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2007-2359 (Buffer overflow in Ghost Service Manager, as used in Symantec Norton ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2007-2358 (** DISPUTED ** ...)
TODO: check
CVE-2007-2357 (Cross-site scripting (XSS) vulnerability in mods/Core/result.php in ...)
- TODO: check
+ NOT-FOR-US: SineCms
CVE-2007-2356 (Stack-based buffer overflow in the set_color_table function in ...)
- TODO: check
+ - gimp 2.2.14-2
CVE-2007-2355 (The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP ...)
- TODO: check
+ NOT-FOR-US: OPeNDAP
CVE-2007-2354 (Progress Webspeed Messenger allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: Progress Webspeed Messenger
CVE-2007-2353 (Apache Axis 1.0 allows remote attackers to obtain sensitive ...)
- TODO: check
+ - axis <unfixed> (unimportant)
+ NOTE: only path disclosure
CVE-2007-2352 (Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote ...)
TODO: check
CVE-2007-2351 (Unspecified vulnerability in the HP Power Manager Remote Agent (RA) ...)
More information about the Secure-testing-commits
mailing list