[Secure-testing-commits] r5774 - data/CVE

Kees Cook keescook-guest at alioth.debian.org
Thu May 3 00:41:29 UTC 2007


Author: keescook-guest
Date: 2007-05-03 00:41:26 +0000 (Thu, 03 May 2007)
New Revision: 5774

Modified:
   data/CVE/list
Log:
NFUs: 51
unfixed: iceweasel kdelibs lftp
fixed: proftpd tomcat5.5


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-05-02 21:57:19 UTC (rev 5773)
+++ data/CVE/list	2007-05-03 00:41:26 UTC (rev 5774)
@@ -74,17 +74,17 @@
 CVE-2007-2383 (The Prototype (prototypejs) framework exchanges data using JavaScript ...)
 	TODO: check glpi hobix knowledgeroot libbio-ruby1.8 mt-daapd op-panel poker-web python-webhelpers qwik rails wordpress 
 CVE-2007-2382 (The Moo.fx framework exchanges data using JavaScript Object Notation ...)
-	TODO: check
+	NOT-FOR-US: MochiKit framework
 CVE-2007-2381 (The MochiKit framework exchanges data using JavaScript Object Notation ...)
 	TODO: check python-paste
 CVE-2007-2380 (The Microsoft Atlas framework exchanges data using JavaScript Object ...)
 	TODO: check
 CVE-2007-2379 (The jQuery framework exchanges data using JavaScript Object Notation ...)
-	TODO: check
+	NOT-FOR-US: jQuery framework
 CVE-2007-2378 (The Google Web Toolkit (GWT) framework exchanges data using JavaScript ...)
 	NOT-FOR-US: Google Web Toolkit (GWT)
 CVE-2007-2377 (The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data ...)
-	TODO: check
+	NOT-FOR-US: Getahead Direct Web Remoting
 CVE-2007-2376 (The Dojo framework exchanges data using JavaScript Object Notation ...)
 	NOT-FOR-US: Dojo
 CVE-2007-2375 (The agent remote upgrade interface in Symantec Enterprise Security ...)
@@ -135,15 +135,15 @@
 	- axis <unfixed> (unimportant)
 	NOTE: only path disclosure
 CVE-2007-2352 (Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote ...)
-	TODO: check
+	NOT-FOR-US: AFFLIB
 CVE-2007-2351 (Unspecified vulnerability in the HP Power Manager Remote Agent (RA) ...)
-	TODO: check
+	NOT-FOR-US: HP Power Manager Remote Agent
 CVE-2007-2350 (admin/config.php in the music-on-hold module in freePBX 2.2.x allows ...)
-	TODO: check
+	NOT-FOR-US: freePBX
 CVE-2007-2349 (Cross-site scripting (XSS) vulnerability in Invision Power Board ...)
-	TODO: check
+	NOT-FOR-US: Invision Power Board
 CVE-2007-2348 (mirror --script in lftp before 3.5.9 does not properly quote shell ...)
-	TODO: check
+	- lftp <unfixed> (low)
 CVE-2007-2347 (PHP remote file inclusion vulnerability in main/forum/komentar.php in ...)
 	NOT-FOR-US: OneClick CMS
 CVE-2007-2346 (Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 ...)
@@ -177,15 +177,15 @@
 CVE-2007-2332 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before ...)
 	NOT-FOR-US: Nortel
 CVE-2006-7201 (EMC RSA Security SiteKey does not set the secure qualifier on the ...)
-	TODO: check
+	NOT-FOR-US: EMC RSA Security SiteKey
 CVE-2006-7200 (EMC RSA Security SiteKey issues challenge-bypass tokens that persist ...)
-	TODO: check
+	NOT-FOR-US: EMC RSA Security SiteKey
 CVE-2006-7199 (EMC RSA Security SiteKey allows remote attackers to display the ...)
-	TODO: check
+	NOT-FOR-US: EMC RSA Security SiteKey
 CVE-2006-7198 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2005-4839 (PureTLS before 0.9b5 does not clear optional Extensions and ...)
-	TODO: check
+	NOT-FOR-US: PureTLS
 CVE-2007-2331 (PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 ...)
 	NOT-FOR-US: Shop-Script
 CVE-2007-2330 (PHP remote file inclusion vulnerability in includes_handler.php in ...)
@@ -330,23 +330,23 @@
 CVE-2007-2263
 	RESERVED
 CVE-2006-7197 (The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for ...)
-	TODO: check
+	- tomcat5.5 5.5.17-1 (low)
 CVE-2005-4838 (Multiple cross-site scripting (XSS) vulnerabilities in the example web ...)
-	TODO: check
+	- tomcat5.5 5.5.15-1 (low)
 CVE-2007-2262 (Multiple PHP remote file inclusion vulnerabilities in ...)
 	NOT-FOR-US: jmuffin
 CVE-2007-2261 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: C-Arbre
 CVE-2007-2260 (Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta ...)
-	TODO: check
+	NOT-FOR-US: bibtex mase
 CVE-2007-2259 (SQL injection vulnerability in forum.php in EsForum 3.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: EsForum
 CVE-2007-2258 (PHP remote file inclusion vulnerability in includes/init.inc.php in ...)
-	TODO: check
+	NOT-FOR-US: PHPMyBibli
 CVE-2007-2257 (PHP remote file inclusion vulnerability in subscp.php in Fully Modded ...)
-	TODO: check
+	NOT-FOR-US: Fully Modded phpBB2
 CVE-2007-2256 (Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 ...)
-	TODO: check
+	NOT-FOR-US: TJSChat
 CVE-2007-2255 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...)
 	NOT-FOR-US: Download-Engine
 CVE-2007-2254 (PHP remote file inclusion vulnerability in admin/setup/level2.php in ...)
@@ -436,7 +436,7 @@
 CVE-2007-2215
 	RESERVED
 CVE-2007-2214 (Unrestricted file upload vulnerability in includes/upload_file.php in ...)
-	TODO: check
+	NOT-FOR-US: DmCMS
 CVE-2007-2213 (Unspecified vulnerability in the Initialize function in ...)
 	NOT-FOR-US: WS_FTP
 CVE-2007-2212 (Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka ...)
@@ -448,43 +448,43 @@
 CVE-2007-2209 (Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ...)
 	NOT-FOR-US: AccuSoft
 CVE-2007-2208 (Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 ...)
-	TODO: check
+	NOT-FOR-US: Extreme PHPBB2
 CVE-2007-2207 (SQL injection vulnerability in contact/index.php in Ripe Website ...)
-	TODO: check
+	NOT-FOR-US: Ripe Website Manager
 CVE-2007-2206 (Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe ...)
-	TODO: check
+	NOT-FOR-US: Ripe Website Manager
 CVE-2007-2205 (PHP remote file inclusion vulnerability in modules/rtmessageadd.php in ...)
-	TODO: check
+	NOT-FOR-US: LAN Management System
 CVE-2007-2204 (Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board ...)
-	TODO: check
+	NOT-FOR-US: GPL PHP Board
 CVE-2007-2203 (Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows ...)
-	TODO: check
+	NOT-FOR-US: Big Blue Guestbook
 CVE-2007-2202 (PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php ...)
-	TODO: check
+	NOT-FOR-US: Accueil et Conseil en Visites et Sejours Web Services
 CVE-2007-2201 (Multiple PHP remote file inclusion vulnerabilities in Post Revolution ...)
-	TODO: check
+	NOT-FOR-US: Post Revolution
 CVE-2007-2200 (Directory traversal vulnerability in navigator/navigator_ok.php in ...)
-	TODO: check
+	NOT-FOR-US: Pagode
 CVE-2007-2199 (PHP remote file inclusion vulnerability in libraries/pcl/pcltar.php in ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2007-2198 (Cross-site scripting (XSS) vulnerability in LAN Management System ...)
-	TODO: check
+	NOT-FOR-US: LAN Management System
 CVE-2007-2197 (Race condition in the NeatUpload ASP.NET component 1.2.11 through ...)
 	NOT-FOR-US: NeatUpload
 CVE-2007-2196 (PHP remote file inclusion vulnerability in jambook.php in the Jambook ...)
-	TODO: check
+	NOT-FOR-US: Jambook module for Mambo and Joomla
 CVE-2007-2195 (aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers ...)
 	NOT-FOR-US: Alvaro's Messenger
 CVE-2007-2194 (Stack-based buffer overflow in XnView 1.90.3 allows user-assisted ...)
-	TODO: check
+	NOT-FOR-US: XnView
 CVE-2007-2193 (Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build ...)
 	NOT-FOR-US: ACDSee
 CVE-2007-2192 (Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted ...)
 	NOT-FOR-US: Photofiltre
 CVE-2007-2191 (Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x ...)
-	TODO: check
+	NOT-FOR-US: freePBX
 CVE-2007-2190 (PHP remote file inclusion vulnerability in admin/public/webpages.php ...)
-	TODO: check
+	NOT-FOR-US: Eba News
 CVE-2007-2189 (PHP remote file inclusion vulnerability in admin/admin_album_otf.php ...)
 	NOT-FOR-US: mxBB Smartor Album
 CVE-2007-2188 (eXtremail 2.1.1 and earlier does not verify the ID field (aka ...)
@@ -498,7 +498,7 @@
 CVE-2007-2184 (Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 ...)
 	NOT-FOR-US: jchit
 CVE-2007-2183 (SQL injection vulnerability in index.php in PHP-Ring Webring System ...)
-	TODO: check
+	NOT-FOR-US: PHP-Ring Webring System
 CVE-2007-2182 (Unrestricted file upload vulnerability in forum_write.php in Maran PHP ...)
 	NOT-FOR-US: Maran PHP Forum
 CVE-2007-2181 (PHP remote file inclusion vulnerability in admin/login.php in Webinsta ...)
@@ -512,13 +512,13 @@
 CVE-2007-2177 (Stack-based buffer overflow in the Microgaming Download Helper ActiveX ...)
 	NOT-FOR-US: Microgaming Download Helper
 CVE-2007-2176 (Unspecified vulnerability in Mozilla Firefox allows remote attackers ...)
-	TODO: check
+	- iceweasel <unfixed> (low)
 CVE-2007-2175 (Unspecified vulnerability in Apple QuickTime, as used in Safari and ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2007-2174 (The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal ...)
 	NOT-FOR-US: ZoneAlarm
 CVE-2007-2173 (Eval injection vulnerability in (1) courier-imapd.indirect and (2) ...)
-	TODO: check
+	NOT-FOR-US: Gentoo's packaging of courier
 CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 causes RTA_MAX to be used ...)
 	- linux-2.6 <unfixed> (medium)
 CVE-2007-2171 (Stack-based buffer overflow in the base64_decode function in ...)
@@ -528,35 +528,35 @@
 CVE-2007-2169 (Static code injection vulnerability in add.php in Mozzers SubSystem ...)
 	NOT-FOR-US: Mozzers SubSystem
 CVE-2007-2168 (Static code injection vulnerability in process.php in AimStats 3.2 and ...)
-	TODO: check
+	NOT-FOR-US: AimStats
 CVE-2007-2167 (Static code injection vulnerability in process.php in AimStats 3.2 ...)
-	TODO: check
+	NOT-FOR-US: AimStats
 CVE-2007-2166 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: OpenSurveyPilot
 CVE-2007-2165 (The Auth API in ProFTPD before 20070417, when multiple simultaneous ...)
-	TODO: check
+	- proftpd 1.3.0-22 (low)
 CVE-2007-2164 (Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial ...)
-	TODO: check
+	- kdelibs <unfixed> (low)
 CVE-2007-2163 (Apple Safari allows remote attackers to cause a denial of service ...)
 	NOT-FOR-US: Apple Safari
 CVE-2007-2162 ((1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote ...)
-	TODO: check
+	- iceweasel <unfixed> (low)
 CVE-2007-2161 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-2160 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: dba module for Drupal
 CVE-2007-2159 (Multiple cross-site scripting (XSS) vulnerabilities in the Database ...)
-	TODO: check
+	NOT-FOR-US: dba module for Drupal
 CVE-2007-2158 (PHP remote file inclusion vulnerability in index.php in jGallery 1.3 ...)
 	NOT-FOR-US: jGallery
 CVE-2007-2157 (Directory traversal vulnerability in upload/force_download.php in ...)
 	NOT-FOR-US: Zomplog
 CVE-2007-2156 (Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic ...)
-	TODO: check
+	NOT-FOR-US: Rezervi Generic
 CVE-2007-2155 (Directory traversal vulnerability in template.php in in phpFaber ...)
 	NOT-FOR-US: phpFaber TopSites
 CVE-2007-2154 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Cabron Connector
 CVE-2007-2153 (Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 ...)
 	NOT-FOR-US: @Mail
 CVE-2007-2152 (Buffer overflow in the On-Access Scanner in McAfee VirusScan ...)
@@ -576,15 +576,15 @@
 CVE-2007-2145 (The imagecomments function in classes.php in MiniGal b13 allows remote ...)
 	NOT-FOR-US: MiniGal
 CVE-2007-2144 (PHP remote file inclusion vulnerability in includes/CAltInstaller.php ...)
-	TODO: check
+	NOT-FOR-US: JoomlaPack
 CVE-2007-2143 (PHP remote file inclusion vulnerability in index.php in the Be2004-2 ...)
-	TODO: check
+	NOT-FOR-US: Be2004-2 template for Joomla
 CVE-2007-2142 (Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php ...)
-	TODO: check
+	NOT-FOR-US: AjPortal2Php
 CVE-2007-2141 (Direct static code injection vulnerability in shoutbox.php in ShoutPro ...)
-	TODO: check
+	NOT-FOR-US: ShoutPro
 CVE-2007-2140 (PHP remote file inclusion vulnerability in everything.php in Franklin ...)
-	TODO: check
+	NOT-FOR-US: Flip-search-add-on
 CVE-2007-2139 (Multiple stack-based buffer overflows in the SUN RPC service in CA ...)
 	NOT-FOR-US: CA BrightStor
 CVE-2007-2137 (Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express ...)
@@ -773,11 +773,11 @@
 CVE-2007-2056
 	REJECTED
 CVE-2007-2055 (AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary ...)
-	TODO: check
+	NOT-FOR-US: AFFLIB
 CVE-2007-2054 (Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow ...)
-	TODO: check
+	NOT-FOR-US: AFFLIB
 CVE-2007-2053 (Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow ...)
-	TODO: check
+	NOT-FOR-US: AFFLIB
 CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in ...)
 	- python2.4 2.4.4-3 (bug #416931; low)
 	- python2.5 <unfixed> (bug #416934; low)
@@ -11420,7 +11420,7 @@
 CVE-2006-4521 (The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS ...)
 	NOT-FOR-US: Novell eDirectory
 CVE-2006-4520 (ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 ...)
-	TODO: check
+	NOT-FOR-US: Novell eDirectory
 CVE-2006-4519
 	RESERVED
 CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a ...)




More information about the Secure-testing-commits mailing list