Author: keescook-guest
Date: 2007-06-20 20:41:05 +0000 (Wed, 20 Jun 2007)
New Revision: 6036

Modified:
   data/CVE/list
Log:
unfixed: jffnms, fixed: jffnms vim


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-06-20 16:59:37 UTC (rev 6035)
+++ data/CVE/list       2007-06-20 20:41:05 UTC (rev 6036)
@@ -97,7 +97,8 @@
        - php4 <unfixed> (low)
        - php5 <unfixed> (low)
 CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network 
...)
-       NOT-FOR-US: Just For Fun Network Management System (JFFNMS)
+       - jffnms <unfixed> (high)
+       NOTE: the fix for CVE-2007-3190 is incomplete (the 'pass' param can 
still contain an injection)
 CVE-2007-3203 (Stack-based buffer overflow in smtpdll.dll in the SMTP service 
in ...)
        NOT-FOR-US: 602Pro LAN SUITE
 CVE-2007-3202 (Cross-site scripting (XSS) vulnerability in the rich text 
editor in ...)
@@ -121,13 +122,13 @@
 CVE-2007-3193 (lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the ...)
        - phpwiki <unfixed> (low; bug #429201)
 CVE-2007-3192 (admin/setup.php in Just For Fun Network Management System 
(JFFNMS) ...)
-       NOT-FOR-US: Just For Fun Network Management System (JFFNMS)
+       - jffnms <unfixed> (medium)
 CVE-2007-3191 (Just For Fun Network Management System (JFFNMS) 0.8.3 allows 
remote ...)
-       NOT-FOR-US: Just For Fun Network Management System (JFFNMS)
+       - jffnms 0.8.3dfsg.1-4
 CVE-2007-3190 (Multiple SQL injection vulnerabilities in auth.php in Just For 
Fun ...)
-       NOT-FOR-US: Just For Fun Network Management System (JFFNMS)
+       - jffnms 0.8.3dfsg.1-4
 CVE-2007-3189 (Cross-site scripting (XSS) vulnerability in auth.php in Just 
For Fun ...)
-       NOT-FOR-US: Just For Fun Network Management System (JFFNMS)
+       - jffnms 0.8.3dfsg.1-4
 CVE-2007-3188 (SQL injection vulnerability in down_indir.asp in Fullaspsite 
GeometriX ...)
        NOT-FOR-US: Fullaspsite GeometriX Download Portal
 CVE-2007-3187 (Multiple unspecified vulnerabilities in Apple Safari for 
Windows allow ...)
@@ -266,8 +267,6 @@
        NOT-FOR-US: Microsoft
 CVE-2005-4841 (The Outlook Progress Ctl control allows remote attackers to 
cause a ...)
        NOT-FOR-US: Microsoft
-CVE-2007-XXXX [jffnms multiple issues]
-       - jffnms 0.8.3dfsg.1-4
 CVE-2007-3129
        RESERVED
 CVE-2007-3128
@@ -1017,7 +1016,7 @@
 CVE-2007-2793 (PHP remote file inclusion vulnerability in ImageImageMagick.php 
in ...)
        - geeklog <itp> (bug #203818)
 CVE-2007-2792 (SQL injection vulnerability in index.php in the com_yanc 1.4 
beta ...)
-       NOT-FOR-US: com_yanc
+       NOT-FOR-US: com_yanc for Mambo
        NOTE: com_yanc component not in Mambo Debian package
 CVE-2007-2791 (Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 
UNIX ...)
        NOT-FOR-US: HP Tru64
@@ -1058,7 +1057,7 @@
 CVE-2007-2775 (AlstraSoft Live Support 1.21 sends a redirect to the web 
browser but ...)
        NOT-FOR-US: AlstraSoft Live Support
 CVE-2007-2774 (Multiple PHP remote file inclusion vulnerabilities in SunLight 
CMS 5.3 ...)
-       NOT-FOR-US:  SunLight CMS
+       NOT-FOR-US: SunLight CMS
 CVE-2007-2773 (SQL injection vulnerability in 
plugins/mp3playlist/mp3playlist.php in ...)
        NOT-FOR-US: Zomplog
 CVE-2007-2772 ((1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe 
(catirpc.dll and ...)
@@ -1082,7 +1081,7 @@
 CVE-2007-2765 (blockhosts.py in BlockHosts before 2.0.3 does not properly 
parse ...)
        NOT-FOR-US: BlockHosts
 CVE-2007-2764 (The embedded Linux kernel in certain Sun-Brocade SilkWorm 
switches ...)
-       NOT-FOR-US: Sun switches
+       NOT-FOR-US: Sun-Brocade SilkWorm
 CVE-2007-2763 (Buffer overflow in the UnlockSupport function in the 
LockModules ...)
        NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control
 CVE-2007-2762 (Multiple PHP remote file inclusion vulnerabilities in Build it 
Fast ...)
@@ -1122,9 +1121,9 @@
 CVE-2007-2747 (Directory traversal vulnerability in rdw_helpers.py in rdiffWeb 
before ...)
        NOT-FOR-US: rdiffWeb
 CVE-2007-2746 (The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm 
in Plain ...)
-       NOT-FOR-US: Plain Black WebGUI 
+       NOT-FOR-US: Plain Black WebGUI
 CVE-2007-2745 (Cross-site scripting (XSS) vulnerability in printcal.pl in 
vDesk ...)
-       NOT-FOR-US: vDesk
+       NOT-FOR-US: vDesk Webmail
 CVE-2007-2744 (Stack-based buffer overflow in the PrecisionID Barcode 1.9 
ActiveX ...)
        NOT-FOR-US: PrecisionID
 CVE-2007-2743 (PHP remote file inclusion vulnerability in custom_vars.php in 
...)
@@ -1146,7 +1145,7 @@
 CVE-2007-2735 (SQL injection vulnerability in edit_day.php in the ResManager 
1.2.1 ...)
        NOT-FOR-US: ResManager for Xoops
 CVE-2007-2734 (The 3Com TippingPoint IPS do not properly handle certain 
full-width ...)
-       NOT-FOR-US: TippingPoint IPS
+       NOT-FOR-US: 3Com TippingPoint IPS
 CVE-2007-2733 (Unrestricted file upload vulnerability in Jetbox CMS allows 
remote ...)
        NOT-FOR-US: Jetbox CMS
 CVE-2007-2732 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox 
CMS ...)
@@ -1420,7 +1419,7 @@
 CVE-2007-2607 (PHP remote file inclusion vulnerability in 
views/print/printbar.php in ...)
        NOT-FOR-US: LaVague
 CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to 
trigger ...)
-       TODO: check
+       - vim 1:7.1-000+1 (medium)
 CVE-2007-2605 (Unspecified vulnerability in the GetPropertyById function in 
...)
        NOT-FOR-US: Brujula Toolbar
 CVE-2007-2604 (Unspecified vulnerability in the FlexLabel ActiveX control 
allows ...)
@@ -1778,11 +1777,11 @@
 CVE-2007-2442
        RESERVED
 CVE-2007-2441 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and 
earlier for ...)
-       NOT-FOR-US: Caucho Resin
+       NOT-FOR-US: Caucho Resin Professional
 CVE-2007-2440 (Directory traversal vulnerability in Caucho Resin Professional 
3.1.0 ...)
-       NOT-FOR-US: Caucho Resin
+       NOT-FOR-US: Caucho Resin Professional
 CVE-2007-2439 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and 
earlier for ...)
-       NOT-FOR-US: Caucho Resin
+       NOT-FOR-US: Caucho Resin Professional
 CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1) 
writefile, ...)
        - vim <unfixed> (medium)
        NOTE: Exploitable through modelines.


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to