Author: stef-guest
Date: 2007-05-16 19:22:14 +0000 (Wed, 16 May 2007)
New Revision: 5847

Modified:
   data/CVE/list
Log:
CVE-2007-1673: new zoo issue
CVE-2007-141[23], CVE-2007-1864: new php issues
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-05-16 18:33:40 UTC (rev 5846)
+++ data/CVE/list       2007-05-16 19:22:14 UTC (rev 5847)
@@ -143,7 +143,7 @@
        RESERVED
 CVE-2007-2518
        REJECTED
-       TODO: check
+       NOTE: duplicate of CVE-2007-2518
 CVE-2007-2517
        RESERVED
 CVE-2007-2516
@@ -166,27 +166,28 @@
 CVE-2007-2508 (Multiple stack-based buffer overflows in Trend Micro 
ServerProtect ...)
        NOT-FOR-US: Trend Micro
 CVE-2007-2507 (Directory traversal vulnerability in includes/download.php in 
Treble ...)
-       TODO: check
+       NOT-FOR-US: Treble Designs 1024 CMS
 CVE-2007-2506 (WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 
9.1e, and ...)
        NOT-FOR-US: OpenEdge WebSpeed
 CVE-2007-2505 (Stack-based buffer overflow in InterVations MailCOPA 8.01 
20070323 ...)
        NOT-FOR-US: MailCOPA
 CVE-2007-2504 (** DISPUTED ** ...)
-       TODO: check
+       NOT-FOR-US: PHP Turbulence
 CVE-2007-2503 (** DISPUTED ** ...)
-       TODO: check
+       NOT-FOR-US: PHP Turbulence
 CVE-2007-2502 (Unspecified vulnerability in HP ProCurve 9300m Series switches 
with ...)
        NOT-FOR-US: HP ProCurve 9300m Series switches
 CVE-2007-2501 (Eval injection vulnerability in codepress.html in CodePress 
before ...)
-       TODO: check
+       NOT-FOR-US: CodePress
 CVE-2007-2500 (server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash 
...)
        - gnash <unfixed> (bug #423433)
 CVE-2007-2499 (Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 
0.6 and ...)
-       TODO: check
+       NOT-FOR-US: DVDdb
 CVE-2007-2498 (libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted 
remote ...)
        NOT-FOR-US: Winamp
 CVE-2007-2497 (RealNetworks RealPlayer 10 Gold allows remote attackers to 
cause a ...)
-       TODO: check
+       NOT-FOR-US: RealPlayer
+       NOTE: helix-player not affected
 CVE-2007-2496 (The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows 
remote ...)
        NOT-FOR-US: WordViewer.ocx
 CVE-2007-2495 (Multiple stack-based buffer overflows in the ExcelOCX ActiveX 
control ...)
@@ -194,29 +195,29 @@
 CVE-2007-2494 (Multiple stack-based buffer overflows in the PowerPointOCX 
ActiveX ...)
        NOT-FOR-US: PowerPointViewer .ocx
 CVE-2007-2493 (PHP remote file inclusion vulnerability in faq.php in the FAQ 
&amp; RULES ...)
-       TODO: check
+       NOT-FOR-US: FAQ & RULES module for mxBB
 CVE-2007-2492 (SQL injection vulnerability in index.php in the v4bJournal 
module for ...)
-       TODO: check
+       NOT-FOR-US: v4bJournal module for PostNuke
 CVE-2007-2491 (The PIIX4 power management subsystem in EMC VMware Workstation 
...)
-       TODO: check
+       NOT-FOR-US: EMC VMware
 CVE-2007-2490 (Unspecified vulnerability in LiveData Server before 5.00.62 
allows ...)
-       TODO: check
+       NOT-FOR-US: LiveData Server
 CVE-2007-2489 (Heap-based buffer overflow in LiveData Protocol Server 
5.00.045, and ...)
-       TODO: check
+       NOT-FOR-US: LiveData Protocol Server
 CVE-2007-2487 (Stack-based buffer overflow in AtomixMP3 allows remote 
attackers to ...)
-       TODO: check
+       NOT-FOR-US: AtomixMP3
 CVE-2007-2486 (Directory traversal vulnerability in download.asp in Motobit 
1.3 and ...)
-       TODO: check
+       NOT-FOR-US: Motobit
 CVE-2007-2485 (PHP remote file inclusion vulnerability in myflash-button.php 
in the ...)
-       TODO: check
+       NOT-FOR-US: myflash
 CVE-2007-2484 (PHP remote file inclusion vulnerability in 
js/wptable-button.php in ...)
-       TODO: check
+       NOT-FOR-US: wp-Table plugin for WordPress
 CVE-2007-2483 (Directory traversal vulnerability in js/wptable-button.php in 
the ...)
-       TODO: check
+       NOT-FOR-US: wp-Table plugin for WordPress
 CVE-2007-2482 (Directory traversal vulnerability in wordtube-button.php in the 
...)
-       TODO: check
+       NOT-FOR-US: wordTube plugin for WordPress
 CVE-2007-2481 (PHP remote file inclusion vulnerability in wordtube-button.php 
in the ...)
-       TODO: check
+       NOT-FOR-US: wordTube plugin for WordPress
 CVE-2006-7202 (The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does 
not ...)
        TODO: check
 CVE-2007-XXXX [schroot may use outdated configuration information]
@@ -1572,7 +1573,8 @@
 CVE-2007-1865
        RESERVED
 CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 
4.4.7, ...)
-       TODO: check
+       - php4 <unfixed>
+       - php5 5.2.2-1
 CVE-2007-1863
        RESERVED
 CVE-2007-1862
@@ -2027,7 +2029,8 @@
 CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) 
in ...)
        NOT-FOR-US: LANDesk Management Suite
 CVE-2007-1673 (unzoo.c allows remote attackers to cause a denial of service 
(infinite ...)
-       TODO: check
+       - zoo <unfixed> (bug filed)
+       - unzoo <unfixed>
 CVE-2007-1672 (avast! antivirus before 4.7.981 allows remote attackers to 
cause a ...)
        NOT-FOR-US: avast
 CVE-2007-1671 (avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote 
attackers ...)
@@ -2664,9 +2667,12 @@
 CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in 
Coppermine Photo ...)
        NOT-FOR-US: Coppermine Photo Gallery
 CVE-2007-1413 (Buffer overflow in the snmpget function in the snmp extension 
in PHP ...)
-       TODO: check
+       - php4 <unfixed> (unimportant)
+       - php5 <unfixed> (unimportant)
+       NOTE: Only triggerable by malicious script
 CVE-2007-1412 (The cpdf_open function in the ClibPDF (cpdf) extension in PHP 
4.4.6 ...)
-       TODO: check
+       - php4 <unfixed>
+       - php5 <unfixed>
 CVE-2007-1411 (Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 
...)
        TODO: check
        NOTE: Haven't been able to reproduce the issue in either php4 or php5
@@ -4969,15 +4975,15 @@
 CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform 
feature in ...)
        NOT-FOR-US: CMSimple
 CVE-2007-0609 (Directory traversal vulnerability in Advanced Guestbook 2.4.2 
allows ...)
-       TODO: check
+       NOT-FOR-US: Advanced Guestbook
 CVE-2007-0608 (Advanced Guestbook 2.4.2 allows remote attackers to obtain 
sensitive ...)
-       TODO: check
+       NOT-FOR-US: Advanced Guestbook
 CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, 
stores ...)
        NOT-FOR-US: Web-Agora
 CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive 
information ...)
        NOT-FOR-US: Web-Agora
 CVE-2007-0605 (Cross-site scripting (XSS) vulnerability in picture.php in 
Advanced ...)
-       TODO: check
+       NOT-FOR-US: Advanced Guestbook
 CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 
before ...)
        NOT-FOR-US: Movable Type
 CVE-2007-0603 (PGP Desktop before 9.5.1 does not validate data objects 
received over ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to