[Secure-testing-commits] r5847 - data/CVE
stef-guest at alioth.debian.org
stef-guest at alioth.debian.org
Wed May 16 19:22:15 UTC 2007
Author: stef-guest
Date: 2007-05-16 19:22:14 +0000 (Wed, 16 May 2007)
New Revision: 5847
Modified:
data/CVE/list
Log:
CVE-2007-1673: new zoo issue
CVE-2007-141[23], CVE-2007-1864: new php issues
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-05-16 18:33:40 UTC (rev 5846)
+++ data/CVE/list 2007-05-16 19:22:14 UTC (rev 5847)
@@ -143,7 +143,7 @@
RESERVED
CVE-2007-2518
REJECTED
- TODO: check
+ NOTE: duplicate of CVE-2007-2518
CVE-2007-2517
RESERVED
CVE-2007-2516
@@ -166,27 +166,28 @@
CVE-2007-2508 (Multiple stack-based buffer overflows in Trend Micro ServerProtect ...)
NOT-FOR-US: Trend Micro
CVE-2007-2507 (Directory traversal vulnerability in includes/download.php in Treble ...)
- TODO: check
+ NOT-FOR-US: Treble Designs 1024 CMS
CVE-2007-2506 (WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and ...)
NOT-FOR-US: OpenEdge WebSpeed
CVE-2007-2505 (Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 ...)
NOT-FOR-US: MailCOPA
CVE-2007-2504 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: PHP Turbulence
CVE-2007-2503 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: PHP Turbulence
CVE-2007-2502 (Unspecified vulnerability in HP ProCurve 9300m Series switches with ...)
NOT-FOR-US: HP ProCurve 9300m Series switches
CVE-2007-2501 (Eval injection vulnerability in codepress.html in CodePress before ...)
- TODO: check
+ NOT-FOR-US: CodePress
CVE-2007-2500 (server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash ...)
- gnash <unfixed> (bug #423433)
CVE-2007-2499 (Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and ...)
- TODO: check
+ NOT-FOR-US: DVDdb
CVE-2007-2498 (libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote ...)
NOT-FOR-US: Winamp
CVE-2007-2497 (RealNetworks RealPlayer 10 Gold allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: RealPlayer
+ NOTE: helix-player not affected
CVE-2007-2496 (The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote ...)
NOT-FOR-US: WordViewer.ocx
CVE-2007-2495 (Multiple stack-based buffer overflows in the ExcelOCX ActiveX control ...)
@@ -194,29 +195,29 @@
CVE-2007-2494 (Multiple stack-based buffer overflows in the PowerPointOCX ActiveX ...)
NOT-FOR-US: PowerPointViewer .ocx
CVE-2007-2493 (PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES ...)
- TODO: check
+ NOT-FOR-US: FAQ & RULES module for mxBB
CVE-2007-2492 (SQL injection vulnerability in index.php in the v4bJournal module for ...)
- TODO: check
+ NOT-FOR-US: v4bJournal module for PostNuke
CVE-2007-2491 (The PIIX4 power management subsystem in EMC VMware Workstation ...)
- TODO: check
+ NOT-FOR-US: EMC VMware
CVE-2007-2490 (Unspecified vulnerability in LiveData Server before 5.00.62 allows ...)
- TODO: check
+ NOT-FOR-US: LiveData Server
CVE-2007-2489 (Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and ...)
- TODO: check
+ NOT-FOR-US: LiveData Protocol Server
CVE-2007-2487 (Stack-based buffer overflow in AtomixMP3 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: AtomixMP3
CVE-2007-2486 (Directory traversal vulnerability in download.asp in Motobit 1.3 and ...)
- TODO: check
+ NOT-FOR-US: Motobit
CVE-2007-2485 (PHP remote file inclusion vulnerability in myflash-button.php in the ...)
- TODO: check
+ NOT-FOR-US: myflash
CVE-2007-2484 (PHP remote file inclusion vulnerability in js/wptable-button.php in ...)
- TODO: check
+ NOT-FOR-US: wp-Table plugin for WordPress
CVE-2007-2483 (Directory traversal vulnerability in js/wptable-button.php in the ...)
- TODO: check
+ NOT-FOR-US: wp-Table plugin for WordPress
CVE-2007-2482 (Directory traversal vulnerability in wordtube-button.php in the ...)
- TODO: check
+ NOT-FOR-US: wordTube plugin for WordPress
CVE-2007-2481 (PHP remote file inclusion vulnerability in wordtube-button.php in the ...)
- TODO: check
+ NOT-FOR-US: wordTube plugin for WordPress
CVE-2006-7202 (The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not ...)
TODO: check
CVE-2007-XXXX [schroot may use outdated configuration information]
@@ -1572,7 +1573,8 @@
CVE-2007-1865
RESERVED
CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, ...)
- TODO: check
+ - php4 <unfixed>
+ - php5 5.2.2-1
CVE-2007-1863
RESERVED
CVE-2007-1862
@@ -2027,7 +2029,8 @@
CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in ...)
NOT-FOR-US: LANDesk Management Suite
CVE-2007-1673 (unzoo.c allows remote attackers to cause a denial of service (infinite ...)
- TODO: check
+ - zoo <unfixed> (bug filed)
+ - unzoo <unfixed>
CVE-2007-1672 (avast! antivirus before 4.7.981 allows remote attackers to cause a ...)
NOT-FOR-US: avast
CVE-2007-1671 (avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers ...)
@@ -2664,9 +2667,12 @@
CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo ...)
NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-1413 (Buffer overflow in the snmpget function in the snmp extension in PHP ...)
- TODO: check
+ - php4 <unfixed> (unimportant)
+ - php5 <unfixed> (unimportant)
+ NOTE: Only triggerable by malicious script
CVE-2007-1412 (The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 ...)
- TODO: check
+ - php4 <unfixed>
+ - php5 <unfixed>
CVE-2007-1411 (Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 ...)
TODO: check
NOTE: Haven't been able to reproduce the issue in either php4 or php5
@@ -4969,15 +4975,15 @@
CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature in ...)
NOT-FOR-US: CMSimple
CVE-2007-0609 (Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows ...)
- TODO: check
+ NOT-FOR-US: Advanced Guestbook
CVE-2007-0608 (Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: Advanced Guestbook
CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores ...)
NOT-FOR-US: Web-Agora
CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive information ...)
NOT-FOR-US: Web-Agora
CVE-2007-0605 (Cross-site scripting (XSS) vulnerability in picture.php in Advanced ...)
- TODO: check
+ NOT-FOR-US: Advanced Guestbook
CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) before ...)
NOT-FOR-US: Movable Type
CVE-2007-0603 (PGP Desktop before 9.5.1 does not validate data objects received over ...)
More information about the Secure-testing-commits
mailing list