Author: keescook-guest
Date: 2007-02-07 23:18:55 +0100 (Wed, 07 Feb 2007)
New Revision: 5424
Modified:
data/CVE/list
Log:
NFUs, smb4k, nexuiz
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-07 10:54:21 UTC (rev 5423)
+++ data/CVE/list 2007-02-07 22:18:55 UTC (rev 5424)
@@ -1,31 +1,31 @@
CVE-2007-0769 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Phorum
CVE-2007-0768 (Multiple cross-site scripting (XSS) vulnerabilities in the
Contact ...)
- TODO: check
+ NOT-FOR-US: Yahoo! Messenger
CVE-2007-0767 (Cross-site scripting (XSS) vulnerability in the core in Phorum
before ...)
- TODO: check
+ NOT-FOR-US: Phorum
CVE-2007-0766 (Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1
allows ...)
- TODO: check
+ NOT-FOR-US: .NET Explorer
CVE-2007-0765 (SQL injection vulnerability in news.php in dB Masters Curium
CMS 1.03 ...)
- TODO: check
+ NOT-FOR-US: Curium CMS
CVE-2007-0764 (Unrestricted file upload vulnerability in F3Site 2.1 and
earlier ...)
- TODO: check
+ NOT-FOR-US: F3Site
CVE-2007-0763 (Cross-site scripting (XSS) vulnerability in the news comment
...)
- TODO: check
+ NOT-FOR-US: F3Site
CVE-2007-0762 (PHP remote file inclusion vulnerability in
includes/functions.php in ...)
- TODO: check
+ NOT-FOR-US: phpBB++
CVE-2007-0761 (PHP remote file inclusion vulnerability in config.php in phpBB
ezBoard ...)
- TODO: check
+ NOT-FOR-US: phpBB ezBoard converter
CVE-2007-0760 (EQdkp 1.3.1 and earlier authenticates administrative requests
by ...)
- TODO: check
+ NOT-FOR-US: EQdkp
CVE-2007-0759 (Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1
allow ...)
- TODO: check
+ NOT-FOR-US: EasyMoblog
CVE-2007-0758 (PHP remote file inclusion vulnerability in lang.php in
PHPProbid 5.24 ...)
- TODO: check
+ NOT-FOR-US: PHPProbid
CVE-2007-0757 (PHP remote file inclusion vulnerability in index.php in Miguel
Nunes ...)
- TODO: check
+ NOT-FOR-US: CoD2 DreamStats
CVE-2007-0756 (Chicken of the VNC (cotv) 2.0 allows remote attackers to cause
a ...)
- TODO: check
+ NOT-FOR-US: Chicken of the VNC
CVE-2007-0755
RESERVED
CVE-2007-0754
@@ -119,35 +119,35 @@
CVE-2007-0710
RESERVED
CVE-2007-0709 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal
Firewall) ...)
- TODO: check
+ NOT-FOR-US: Comodo Firewall Pro
CVE-2007-0708 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal
Firewall) ...)
- TODO: check
+ NOT-FOR-US: Comodo Firewall Pro
CVE-2007-0707 (Stack-based buffer overflow in GOM Player 2.0.12.3375 allows
...)
- TODO: check
+ NOT-FOR-US: GOM Player
CVE-2007-0706 (Cross-zone scripting vulnerability in Darksky RSS bar for
Internet ...)
- TODO: check
+ NOT-FOR-US: Darksky RSS
CVE-2007-0705 (Cross-zone scripting vulnerability in Sleipnir 2.49 and
earlier, and ...)
- TODO: check
+ NOT-FOR-US: Sleipnir
CVE-2007-0704 (PHP remote file inclusion vulnerability in install.php in
Somery 0.4.6 ...)
- TODO: check
+ NOT-FOR-US: Somery
CVE-2007-0703 (PHP remote file inclusion vulnerability in
library/StageLoader.php in ...)
- TODO: check
+ NOT-FOR-US: WebBuilder
CVE-2007-0702 (Multiple PHP remote file inclusion vulnerabilities in
phpEventMan ...)
- TODO: check
+ NOT-FOR-US: phpEventMan
CVE-2007-0701 (PHP remote file inclusion vulnerability in inc/common.inc.php
in ...)
- TODO: check
+ NOT-FOR-US: Epistemon
CVE-2007-0700 (Directory traversal vulnerability in index.php in Guernion
Sylvain ...)
- TODO: check
+ NOT-FOR-US: Portail Web
CVE-2007-0699 (PHP remote file inclusion vulnerability in
includes/includes.php in ...)
- TODO: check
+ NOT-FOR-US: Portail Web
CVE-2007-0698 (Multiple SQL injection vulnerabilities in ACGVannu 1.3 and
earlier ...)
- TODO: check
+ NOT-FOR-US: ACGVannu
CVE-2007-0697 (index2.php in ACGVannu 1.3 and earlier allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: ACGVannu
CVE-2007-0696 (Cross-site scripting (XSS) vulnerability in error messages in
Free LAN ...)
- TODO: check
+ NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0695 (Multiple SQL injection vulnerabilities in Free LAN
In(tra|ter)net ...)
- TODO: check
+ NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0694
RESERVED
CVE-2007-0693
@@ -161,11 +161,11 @@
CVE-2007-0689
RESERVED
CVE-2006-6968 (Cross-site scripting (XSS) vulnerability in the group
moderation ...)
- TODO: check
+ NOT-FOR-US: Phorum
CVE-2006-6967 (Check Point FireWall-1 allows remote attackers to obtain
certificate ...)
- TODO: check
+ NOT-FOR-US: Check Point Firewall-1
CVE-2006-6966 (phpGraphy before 0.9.13a does not properly unset variables when
the ...)
- TODO: check
+ NOT-FOR-US: phpGraphy
CVE-2007-XXXX [remctl ACL bypass vulnerability]
- remctl 2.2-2
[sarge] - remctl <not-affected> (Vulnerable code not present)
@@ -199,7 +199,7 @@
CVE-2007-0676 (SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and
earlier ...)
NOT-FOR-US: ExoPHPDesk
CVE-2007-0675 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Windows Vista
CVE-2007-0674 (Pictures and Videos on Windows Mobile 5.0 and Windows Mobile
2003 and ...)
NOT-FOR-US: Windows Mobile
CVE-2007-0673 (LGSERVER.EXE in BrightStor ARCserve Backup for Laptops &
Desktops ...)
@@ -227,19 +227,20 @@
CVE-2007-0663 (SQL injection vulnerability in index.php in Eclectic Designs
...)
NOT-FOR-US: Eclectic Designs CascadianFAQ
CVE-2007-0662 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Hailboards
CVE-2007-0661 (Intel Enterprise Southbridge 2 Baseboard Management Controller
(BMC), ...)
- TODO: check
+ NOT-FOR-US: Intel BMC
CVE-2007-0660 (Cross-site scripting (XSS) vulnerability in the IFrame module
before ...)
- TODO: check
+ NOT-FOR-US: DotNetNuke
CVE-2007-0659 (download.php in the MuddyDogPaws FileDownload snippet before
2.5 for ...)
- TODO: check
+ NOT-FOR-US: MODx MuddyDogPaws FileDownload
CVE-2007-0658 (The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1
module ...)
TODO: check
CVE-2007-0657 (Unspecified vulnerability in Nexuiz 2.2.2 allows remote
attackers to ...)
- TODO: check
+ - nexuiz 2.2.3-1 (medium)
CVE-2007-0656 (PHP remote file inclusion vulnerability in
includes/functions.php in ...)
- TODO: check
+ - phpbb2 <not-affected>
+ NOTE: phpBB2-MODificat it is a module to phpbb2.
CVE-2007-0655
RESERVED
CVE-2007-0654
@@ -275,11 +276,11 @@
CVE-2007-0639 (Multiple static code injection vulnerabilities in error.php in
GuppY ...)
NOT-FOR-US: GuppY
CVE-2007-0638 (show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: PHPFootball
CVE-2007-0637 (Directory traversal vulnerability in zd_numer.php in Galeria
Zdjec 3.0 ...)
- TODO: check
+ NOT-FOR-US: Galeria Zdjec
CVE-2007-0636 (Unspecified vulnerability in inotify before 0.3.5 has unknown
impact ...)
- TODO: check
+ NOT-FOR-US: incron
CVE-2007-0635 (Multiple PHP remote file inclusion vulnerabilities in EncapsCMS
0.3.6 ...)
NOT-FOR-US: EncapsCMS
CVE-2007-0634 (Unspecified vulnerability in Sun Solaris 10 before 20070130
allows ...)
@@ -613,13 +614,13 @@
CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before
2.1.30-r10, ...)
- openldap2 <not-affected> (Gentoo packaging bug)
CVE-2007-0475 (Multiple stack-based buffer overflows in utilities/smb4k_*.cpp
in ...)
- TODO: check
+ - smb4k 0.8.0-1 (low)
CVE-2007-0474 (Smb4K before 0.8.0 allow local users, when present on the Smb4K
...)
- TODO: check
+ - smb4k <unfixed> (low)
CVE-2007-0473 (The writeFile function in core/smb4kfileio.cpp in Smb4K before
0.8.0 ...)
- TODO: check
+ - smb4k 0.8.0-1 (low)
CVE-2007-0472 (Multiple race conditions in Smb4K before 0.8.0 allow local
users to ...)
- TODO: check
+ - smb4k 0.8.0-1 (low)
CVE-2006-6965 (CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki
...)
- dokuwiki 0.0.20061106-1 (low)
CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user
password ...)
@@ -646,6 +647,7 @@
- iceweasel <unfixed> (unimportant)
NOTE: Browser crashes not treated as security problems
NOTE: Tested the proof of concept in iceweasel 2.0.0.1 and it crash.
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=239840
CVE-2006-6953 (The virtual keyboard implementation in GlobeTrotter Mobility
Manager ...)
NOT-FOR-US: GlobeTrotter Mobility Manager
CVE-2006-6952 (Computer Associates Host Intrusion Prevention System (HIPS)
drivers ...)
@@ -749,7 +751,7 @@
CVE-2007-0437
RESERVED
CVE-2007-0436 (Unspecified vulnerability in Barron McCann X-Kryptor Driver ...)
- TODO: check
+ NOT-FOR-US: X-Kryptor
CVE-2005-4824 (PHP remote file inclusion vulnerability in web/classes.php in
...)
NOT-FOR-US: siteframe
CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote
attackers ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
