[Secure-testing-commits] r8226 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Tue Feb 26 18:13:01 UTC 2008
Author: nion
Date: 2008-02-26 18:13:00 +0000 (Tue, 26 Feb 2008)
New Revision: 8226
Modified:
data/CVE/list
Log:
NFUs, cleaning trailing whitespaces
new issue: cupsys (CVE-2008-0882)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-02-26 17:44:34 UTC (rev 8225)
+++ data/CVE/list 2008-02-26 18:13:00 UTC (rev 8226)
@@ -121,61 +121,61 @@
CVE-2008-0922 (SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke ...)
NOT-FOR-US: Manuales module for PHP-Nuke
CVE-2008-0921 (SQL injection vulnerability in news.php in beContent 0.3.1 allows ...)
- TODO: check
+ NOT-FOR-US: beContent
CVE-2008-0920 (SQL injection vulnerability in port/modifyportform.php in Open Source ...)
- TODO: check
+ NOT-FOR-US: OSSIM
CVE-2008-0919 (Cross-site scripting (XSS) vulnerability in session/login.php in Open ...)
- TODO: check
+ NOT-FOR-US: OSSIM
CVE-2008-0918 (SQL injection vulnerability in includes/count_dl_or_link.inc.php in ...)
- TODO: check
+ NOT-FOR-US: astatsPRO component for Joomla!
CVE-2008-0917 (Cross-site scripting (XSS) vulnerability in Tor World Tor Search 1.1 ...)
- TODO: check
+ NOT-FOR-US: TorWorld software
CVE-2008-0916 (SQL injection vulnerability in the Highwood Design hwdVideoShare ...)
- TODO: check
+ NOT-FOR-US: com_hwdvideoshare component for Joomla!
CVE-2008-0915 (The Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and ...)
- TODO: check
+ NOT-FOR-US: IPdiva SSL VPN Server
CVE-2008-0914 (Multiple cross-site scripting (XSS) vulnerabilities in the Mediation ...)
- TODO: check
+ NOT-FOR-US: IPdiva SSL VPN Server
CVE-2008-0913 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB ...)
- TODO: check
+ NOT-FOR-US: Invision Power Board
CVE-2008-0912 (Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink ...)
- TODO: check
+ NOT-FOR-US: Sybase MobiLink
CVE-2008-0911 (SQL injection vulnerability in productdetails.php in iScripts ...)
- TODO: check
+ NOT-FOR-US: iScripts MultiCart
CVE-2008-0910 (Multiple F-Secure anti-virus products, including Internet Security ...)
- TODO: check
+ NOT-FOR-US: Internet Security, Anti-Virus, F-Secure Protection Service
CVE-2008-0909 (Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires ...)
- TODO: check
+ NOT-FOR-US: Schoolwires Academic Portal
CVE-2008-0908 (SQL injection vulnerability in browse.asp in Schoolwires Academic ...)
- TODO: check
+ NOT-FOR-US: Schoolwires Academic Portal
CVE-2008-0907 (SQL injection vulnerability in the Inhalt module for PHP-Nuke allows ...)
- TODO: check
+ NOT-FOR-US: Inhalt module for PHP-Nuke
CVE-2008-0906 (SQL injection vulnerability in the Docum module in PHP-Nuke allows ...)
- TODO: check
+ NOT-FOR-US: Docum module for PHP-Nuke
CVE-2008-0905 (Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 ...)
- TODO: check
+ NOT-FOR-US: Globsy
CVE-2008-0904 (Unspecified vulnerability in the download servlet in BEA Plumtree ...)
- TODO: check
+ NOT-FOR-US: BEA Plumtree Collaboration and AquaLogic Interaction
CVE-2008-0903 (Unspecified vulnerability in the BEA WebLogic Server and Express proxy ...)
- TODO: check
+ NOT-FOR-US: BEA WebLogic Server and Express proxy plugin
CVE-2008-0902 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
- TODO: check
+ NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0901 (BEA WebLogic Server and Express 7.0 through 10.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0900 (Session fixation vulnerability in BEA WebLogic Server and Express 8.1 ...)
- TODO: check
+ NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0899 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
- TODO: check
+ NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0898 (The distributed queue feature in JMS in BEA WebLogic Server 9.0 ...)
- TODO: check
+ NOT-FOR-US: BEA WebLogic Server
CVE-2008-0897 (Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 ...)
- TODO: check
+ NOT-FOR-US: BEA WebLogic Server
CVE-2008-0896 (BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator ...)
- TODO: check
+ NOT-FOR-US: BEA WebLogic Portal
CVE-2008-0895 (BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows ...)
- TODO: check
+ NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0894 (Apple Safari might allow remote attackers to obtain potentially ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2008-0893
RESERVED
CVE-2008-0892
@@ -197,7 +197,7 @@
CVE-2008-0884
RESERVED
CVE-2008-0882 (Double free vulnerability in the process_browse_data function in CUPS ...)
- TODO: check
+ - cupsys <unfixed> (medium; bug #467653)
CVE-2008-0881 (SQL injection vulnerability in modules.php in the Okul 1.0 module for ...)
TODO: check
CVE-2008-0880 (SQL injection vulnerability in modules.php in the EasyContent module ...)
@@ -1458,7 +1458,7 @@
CVE-2008-0332 (Directory traversal vulnerability in arias/help/effect.php in aria ...)
NOT-FOR-US: Aria ERP (not the aria we ship)
CVE-2008-0331 (Unspecified vulnerability in Funkwerk System Software before 7.4.1 ...)
- NOT-FOR-US: Funkwerk
+ NOT-FOR-US: Funkwerk
CVE-2008-0330 (Open System Consultants (OSC) Radiator before 4.0 allows remote ...)
NOT-FOR-US: Radiator
CVE-2008-0329 (LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) ...)
@@ -2809,9 +2809,9 @@
CVE-2007-6409 (The gg protocol handler in Gadu-Gadu, when this product is installed ...)
NOT-FOR-US: Gadu-Gadu client
CVE-2007-6408 (IBM Tivoli Provisioning Manager Express provides unspecified ...)
- NOT-FOR-US: IBM Tivoli Provisioning Manager Express
+ NOT-FOR-US: IBM Tivoli Provisioning Manager Express
CVE-2007-6407 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...)
- NOT-FOR-US: IBM Tivoli Provisioning Manager Express
+ NOT-FOR-US: IBM Tivoli Provisioning Manager Express
CVE-2007-6406 (Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly ...)
NOT-FOR-US: CA eTrust Threat Management Console
CVE-2007-6405 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows ...)
@@ -3304,7 +3304,7 @@
- pulseaudio 0.9.9-1
CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that ...)
{DSA-1504-1 DSA-1503-1}
- - linux-2.6 <unfixed>
+ - linux-2.6 <unfixed>
CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont ...)
{DSA-1466-2 DTSA-110-1}
- xorg-server 2:1.4.1~git20080105-2
@@ -3393,7 +3393,7 @@
CVE-2007-6188 (Multiple directory traversal vulnerabilities in TuMusika Evolution ...)
NOT-FOR-US: TuMusika Evolution
CVE-2007-6187 (Multiple directory traversal vulnerabilities in PHP Content Architect ...)
- NOT-FOR-US: PHP Content Architect
+ NOT-FOR-US: PHP Content Architect
CVE-2007-6186 (Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown ...)
NOT-FOR-US: PHPDevShell
CVE-2007-6185 (Directory traversal vulnerability in users/files.php in Eurologon CMS ...)
@@ -3519,8 +3519,8 @@
NOTE: 0.2.3-6 adds a security note about this script
CVE-2007-6130 (gnump3d 2.9final does not apply password protection to its plugins, ...)
- gnump3d 3.0-1 (medium)
- [sarge] - gnump3d <not-affected> (Vulnerable code not present)
- [etch] - gnump3d <not-affected> (Vulnerable code not present)
+ [sarge] - gnump3d <not-affected> (Vulnerable code not present)
+ [etch] - gnump3d <not-affected> (Vulnerable code not present)
CVE-2007-6129 (Directory traversal vulnerability in scripts/include/show_content.php ...)
NOT-FOR-US: Amber script
CVE-2007-6128 (SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 ...)
@@ -3602,7 +3602,7 @@
CVE-2007-6083 (SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows ...)
NOT-FOR-US: IceBB
CVE-2007-6082 (Direct static code injection vulnerability in acp/savenews.php in ...)
- NOT-FOR-US: Sciurus Hosting Panel
+ NOT-FOR-US: Sciurus Hosting Panel
CVE-2007-6081 (AdventNet EventLog Analyzer build 4030 for Windows, and possibly other ...)
NOT-FOR-US: Windows
CVE-2007-6080 (SQL injection vulnerability in modules/banners/click.php in the ...)
@@ -3657,7 +3657,7 @@
CVE-2007-6058 (Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 ...)
NOT-FOR-US: ProfileCMS
CVE-2007-6057 (PHP remote file inclusion vulnerability in index.php in datecomm ...)
- NOT-FOR-US: datecomm Social Networking Script
+ NOT-FOR-US: datecomm Social Networking Script
CVE-2007-6056 (frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a ...)
NOT-FOR-US: Aida-Web
CVE-2007-6055 (Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay ...)
@@ -4420,7 +4420,7 @@
CVE-2007-5789 (The Grandstream HT-488 0.1 allows remote attackers to cause a denial ...)
NOT-FOR-US: Grandstream HT-488
CVE-2007-5788 (Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows ...)
- NOT-FOR-US: Grandstream HT-488
+ NOT-FOR-US: Grandstream HT-488
CVE-2007-5787 (Micro Login System 1.0 stores sensitive information under the web root ...)
NOT-FOR-US: Micro Login System
CVE-2007-5786 (Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 ...)
@@ -5992,7 +5992,7 @@
{DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
- poppler 0.6.2-1 (medium; bug #450628)
- kdegraphics 4:3.5.8-2 (medium; bug #450630)
- [etch] - kdegraphics <not-affected> (Vulnerable code not used)
+ [etch] - kdegraphics <not-affected> (Vulnerable code not used)
- xpdf 3.02-1.3 (medium; bug #450629)
- koffice 1:1.6.3-4 (medium; bug #450631)
- libextractor 0.5.9-1
@@ -6123,7 +6123,7 @@
NOT-FOR-US: Pindorama
CVE-2007-5386 (Cross-site scripting (XSS) vulnerability in scripts/setup.php in ...)
{DSA-1403-1}
- - phpmyadmin 4:2.11.1.2-1 (unimportant; bug #446451)
+ - phpmyadmin 4:2.11.1.2-1 (unimportant; bug #446451)
[sarge] - phpmyadmin <not-affected> (vulnerable script not present)
CVE-2007-5385 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
@@ -7150,7 +7150,7 @@
NOTE: Can be fixed in a point update
CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in Java ...)
- sun-java6-jre <unfixed> (unimportant)
- - sun-java5-jre <unfixed> (unimportant)
+ - sun-java5-jre <unfixed> (unimportant)
NOTE: exploiting this would not work under Linux
CVE-2007-5018 (Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote ...)
NOT-FOR-US: Pegasus Mail Mercury
@@ -7581,7 +7581,7 @@
NOTE: MFSA2007-36
NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=394974
CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a ...)
- - glibc 2.7-1 (unimportant)
+ - glibc 2.7-1 (unimportant)
NOTE: Original PHP issue only triggerable by malicious script
CVE-2007-4839 (Unspecified vulnerability in the PD tools component in IBM WebSphere ...)
NOT-FOR-US: IBM WebSphere
@@ -7980,27 +7980,27 @@
CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote authenticated ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
[etch] - firebird2 <unfixed>
- [sarge] - firebird2 <unfixed>
+ [sarge] - firebird2 <unfixed>
CVE-2007-4668 (Unspecified vulnerability in the server in Firebird before 2.0.2 ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
[etch] - firebird2 <unfixed>
- [sarge] - firebird2 <unfixed>
+ [sarge] - firebird2 <unfixed>
CVE-2007-4667 (Unspecified vulnerability in the Services API in Firebird before 2.0.2 ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
[etch] - firebird2 <unfixed>
- [sarge] - firebird2 <unfixed>
+ [sarge] - firebird2 <unfixed>
CVE-2007-4666 (Unspecified vulnerability in the server in Firebird before 2.0.2, when ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
[etch] - firebird2 <unfixed>
- [sarge] - firebird2 <unfixed>
+ [sarge] - firebird2 <unfixed>
CVE-2007-4665 (Unspecified vulnerability in the server in Firebird before 2.0.2 ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
[etch] - firebird2 <unfixed>
- [sarge] - firebird2 <unfixed>
+ [sarge] - firebird2 <unfixed>
CVE-2007-4664 (Unspecified vulnerability in the (1) attach database and (2) create ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
[etch] - firebird2 <unfixed>
- [sarge] - firebird2 <unfixed>
+ [sarge] - firebird2 <unfixed>
CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...)
- php5 <unfixed> (unimportant)
NOTE: open_basedir not supported
@@ -8170,7 +8170,7 @@
CVE-2007-4598 (IBM SurePOS 500 has (1) a default password of "12345" for the manager ...)
NOT-FOR-US: IBM
CVE-2007-4597 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop ...)
- NOT-FOR-US: SunShop Shopping Cart
+ NOT-FOR-US: SunShop Shopping Cart
CVE-2007-4596 (The perl extension in PHP does not follow safe_mode restrictions, ...)
- php5 <unfixed> (unimportant)
NOTE: Safe mode violations not treated as vulnerabilities
@@ -8765,7 +8765,7 @@
{DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
- poppler 0.6.2-1 (medium; bug #450628)
- kdegraphics 4:3.5.8-2 (medium; bug #450630)
- [etch] - kdegraphics <not-affected> (Vulnerable code not used)
+ [etch] - kdegraphics <not-affected> (Vulnerable code not used)
- xpdf 3.02-1.3 (medium; bug #450629)
- koffice 1:1.6.3-4 (medium; bug #450631)
- libextractor 0.5.9-1
@@ -10136,19 +10136,19 @@
[etch] - kdebase <no-dsa> (Minor issue)
NOTE: http://marc.info/?l=full-disclosure&m=118437069815691&w=2
CVE-2007-3761 (Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone ...)
- NOT-FOR-US: Safari
+ NOT-FOR-US: Safari
CVE-2007-3760 (Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone ...)
- NOT-FOR-US: Safari
+ NOT-FOR-US: Safari
CVE-2007-3759 (Safari in Apple iPhone 1.1.1, when requested to disable Javascript, ...)
- NOT-FOR-US: Safari
+ NOT-FOR-US: Safari
CVE-2007-3758 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on ...)
- NOT-FOR-US: Safari
+ NOT-FOR-US: Safari
CVE-2007-3757 (Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to ...)
- NOT-FOR-US: Safari
+ NOT-FOR-US: Safari
CVE-2007-3756 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on ...)
- NOT-FOR-US: Safari
+ NOT-FOR-US: Safari
CVE-2007-3755 (Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to ...)
- NOT-FOR-US: Aplle iPhone
+ NOT-FOR-US: Aplle iPhone
CVE-2007-3754 (Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user ...)
NOT-FOR-US: Aplle iPhone
CVE-2007-3753 (Apple iPhone 1.1.1, with Bluetooth enabled, allows physically ...)
@@ -10353,7 +10353,7 @@
CVE-2007-3676 (IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before ...)
NOT-FOR-US: IBM DB2
CVE-2007-3675 (Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ...)
- NOT-FOR-US: Kaspersky Online Scanner
+ NOT-FOR-US: Kaspersky Online Scanner
CVE-2007-3674
RESERVED
CVE-2007-3673 (Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus ...)
@@ -10672,7 +10672,7 @@
CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated users ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
[etch] - firebird2 <unfixed>
- [sarge] - firebird2 <unfixed>
+ [sarge] - firebird2 <unfixed>
CVE-2007-3526 (Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier ...)
NOT-FOR-US: Buddy Zone
CVE-2007-3525 (Ripe Website Manager 0.8.9 and earlier allows remote attackers to ...)
@@ -10944,7 +10944,7 @@
CVE-2007-3437 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote ...)
NOT-FOR-US: AOL Instant Messenger
CVE-2007-3436 (Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to ...)
- NOT-FOR-US: Microsoft
+ NOT-FOR-US: Microsoft
CVE-2007-3435 (Stack-based buffer overflow in the BeginPrint method in a certain ...)
NOT-FOR-US: BarCodeAx.dll
CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote attackers to ...)
@@ -11608,7 +11608,7 @@
- moin 1.5.8-4.1 (unimportant; bug #429205)
- knowledgeroot 0.9.8.2-2 (unimportant; bug #429204)
- karrigell <unfixed> (unimportant; bug #429207)
- NOTE: This is only exploitable on NTFS filesystems
+ NOTE: This is only exploitable on NTFS filesystems
NOTE: Given the state of Linux' NTFS support it seems highly unlikely
NOTE: and given the state of ext3/XFS highly stupid to run a Debian-based
NOTE: web server with NTFS
@@ -12223,7 +12223,7 @@
CVE-2007-2904 (Cross-site scripting (XSS) vulnerability in Sun Java System Messaging ...)
NOT-FOR-US: Sun Java System Messaging Server
CVE-2007-2903 (Buffer overflow in the HelpPopup method in the Microsoft Office 2000 ...)
- NOT-FOR-US: Microsoft Office ActiveX control
+ NOT-FOR-US: Microsoft Office ActiveX control
CVE-2007-2902 (SQL injection vulnerability in main/auth/my_progress.php in Dokeos ...)
NOT-FOR-US: Dokeos
CVE-2007-2901 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 ...)
@@ -12736,21 +12736,21 @@
CVE-2007-2702 (Cross-site scripting (XSS) vulnerability in the GroupSpace application ...)
NOT-FOR-US: BEA WebLogic Portal
CVE-2007-2701 (The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 ...)
- NOT-FOR-US: BEA WebLogic
+ NOT-FOR-US: BEA WebLogic
CVE-2007-2700 (The WLST script generated by the configToScript command in BEA ...)
- NOT-FOR-US: BEA WebLogic
+ NOT-FOR-US: BEA WebLogic
CVE-2007-2699 (The Administration Console in BEA WebLogic Express and WebLogic Server ...)
- NOT-FOR-US: BEA WebLogic
+ NOT-FOR-US: BEA WebLogic
CVE-2007-2698 (The Administration Console in BEA WebLogic Server 9.0 may show ...)
- NOT-FOR-US: BEA WebLogic
+ NOT-FOR-US: BEA WebLogic
CVE-2007-2697 (The embedded LDAP server in BEA WebLogic Express and WebLogic Server ...)
- NOT-FOR-US: BEA WebLogic
+ NOT-FOR-US: BEA WebLogic
CVE-2007-2696 (The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through ...)
- NOT-FOR-US: BEA WebLogic
+ NOT-FOR-US: BEA WebLogic
CVE-2007-2695 (The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express ...)
- NOT-FOR-US: BEA WebLogic
+ NOT-FOR-US: BEA WebLogic
CVE-2007-2694 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
- NOT-FOR-US: BEA WebLogic
+ NOT-FOR-US: BEA WebLogic
CVE-2007-2693 (MySQL before 5.1.18 allows remote authenticated users without SELECT ...)
- mysql-dfsg-5.0 <not-affected> (Only MySQL 5.1 affected)
[sarge] - mysql-dfsg-4.1 <not-affected> (Only MySQL 5.1 affected)
@@ -12917,7 +12917,7 @@
CVE-2007-2621 (SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 ...)
NOT-FOR-US: Thyme Calendar
CVE-2007-2620 (PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub ...)
- NOT-FOR-US: Jakub Steiner (aka jimmac) original
+ NOT-FOR-US: Jakub Steiner (aka jimmac) original
CVE-2007-2619 (Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login ...)
NOT-FOR-US: Symantec pcAnywhere
CVE-2007-2618 (CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows ...)
@@ -13307,7 +13307,7 @@
- tomcat4 <removed> (low)
- tomcat5 <unfixed> (low)
- tomcat5.5 5.5.25-1 (low)
- [sarge] - tomcat4 <no-dsa> (Contrib not supported)
+ [sarge] - tomcat4 <no-dsa> (Contrib not supported)
CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSP ...)
- tomcat4 <removed> (unimportant)
- tomcat5 <removed> (unimportant)
@@ -13350,7 +13350,7 @@
CVE-2007-2437 (The X render (Xrender) extension in X.org X Window System 7.0, 7.1, ...)
- xorg-server 2:1.3.0.0.dfsg-4 (unimportant; bug #422936)
NOTE: etch vulnerable (patch below applies)
- NOTE: git url to fix the issue
+ NOTE: git url to fix the issue
NOTE: http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=71fc5b3e9309182978ead676965d65ca93a4e3b9
NOTE: Not considered a security problem, only exploitable by authenticated users
NOTE: If an attacker convinces such a user to run his exploit code blindly she could
@@ -13473,7 +13473,7 @@
NOTE: only be considered vunerabile if they process confidential data.
NOTE: The frameworks should be fixed in any case.
CVE-2007-2383 (The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ...)
- TODO: check glpi hobix knowledgeroot libbio-ruby1.8 mt-daapd op-panel poker-web python-webhelpers qwik rails wordpress
+ TODO: check glpi hobix knowledgeroot libbio-ruby1.8 mt-daapd op-panel poker-web python-webhelpers qwik rails wordpress
NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
NOTE: This allows to steal data from affected websites. Therefore web applications should
NOTE: only be considered vunerabile if they process confidential data.
@@ -15939,7 +15939,7 @@
- libapache-mod-security <removed>
CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications using ...)
- tomcat4 <removed> (low)
- [sarge] - tomcat4 <no-dsa> (Contrib not supported)
+ [sarge] - tomcat4 <no-dsa> (Contrib not supported)
CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before ...)
{DSA-1304 DSA-1286-1}
- linux-2.6 2.6.20-1
@@ -18043,7 +18043,7 @@
NOT-FOR-US: WS_FTP Server
CVE-2007-0664 (thttpd before 2.25b-r6 in Gentoo Linux is started from the system root ...)
- thttpd <not-affected> (Gentoo-specific packaging flaw)
- NOTE: In accordance with Debian Policy is not possible start Webserver
+ NOTE: In accordance with Debian Policy is not possible start Webserver
NOTE: in root directory (/).
CVE-2007-0663 (SQL injection vulnerability in index.php in Eclectic Designs ...)
NOT-FOR-US: Eclectic Designs CascadianFAQ
@@ -18089,7 +18089,7 @@
CVE-2007-0644 (Format string vulnerability in Apple Safari 2.0.4 (419.3) allows ...)
NOT-FOR-US: Apple Safari
CVE-2007-0643 (Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows ...)
- NOT-FOR-US: Bloodshed Dev-C++
+ NOT-FOR-US: Bloodshed Dev-C++
CVE-2007-0642 (SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU ...)
NOT-FOR-US: Raymond BERTHOU script collection
CVE-2007-0641 (Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 ...)
@@ -18122,7 +18122,7 @@
CVE-2007-0630 (Multiple SQL injection vulnerabilities in the generate_csv function in ...)
NOT-FOR-US: xNews
CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8 does not ...)
- NOT-FOR-US: Plain Black WebGUI
+ NOT-FOR-US: Plain Black WebGUI
CVE-2007-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
NOT-FOR-US: Sun Java System Access Manager
CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password ...)
@@ -18482,7 +18482,7 @@
CVE-2005-4825 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager ...)
NOT-FOR-US: Cisco
CVE-2004-2676 (The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy ...)
- NOT-FOR-US: WebRoot Spy Sweeper
+ NOT-FOR-US: WebRoot Spy Sweeper
CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php in ...)
- bbclone 0.4.6-8 (bug #408839; medium)
CVE-2007-XXXX [hinfo code injection]
@@ -19467,7 +19467,7 @@
CVE-2007-0093 (SQL injection vulnerability in page.php in Simple Web Content ...)
NOT-FOR-US: Simple Web Content Management System
CVE-2007-0092 (SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 ...)
- NOT-FOR-US: E-SMARTCART
+ NOT-FOR-US: E-SMARTCART
CVE-2007-0091 (newsCMSlite stores sensitive information under the web root with ...)
NOT-FOR-US: newsCMSlite
CVE-2007-0090 (WineGlass stores sensitive information under the web root with ...)
More information about the Secure-testing-commits
mailing list