Author: stef-guest
Date: 2007-07-31 19:33:49 +0000 (Tue, 31 Jul 2007)
New Revision: 6198
Modified:
data/CVE/list
Log:
- already fixed: tor
- new: festival, mldonkey
- CVEified: asterisk
- NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-07-31 17:40:03 UTC (rev 6197)
+++ data/CVE/list 2007-07-31 19:33:49 UTC (rev 6198)
@@ -1,89 +1,89 @@
CVE-2007-4116 (SQL injection vulnerability in philboard_forum.asp in Metyus
Forum ...)
- TODO: check
+ NOT-FOR-US: Metyus Forum Portal
CVE-2007-4115 (Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS
(itcms) ...)
- TODO: check
+ NOT-FOR-US: IT!CMS (itcms)
CVE-2007-4114 (Multiple SQL injection vulnerabilities in unuttum.asp in ...)
- TODO: check
+ NOT-FOR-US: SuskunDuygular Uyelik Sistemi
CVE-2007-4113 (Unspecified vulnerability in Advanced Webhost Billing System
(AWBS) ...)
- TODO: check
+ NOT-FOR-US: Advanced Webhost Billing System (AWBS)
CVE-2007-4112 (Multiple SQL injection vulnerabilities in Advanced Webhost
Billing ...)
- TODO: check
+ NOT-FOR-US: Advanced Webhost Billing System (AWBS)
CVE-2007-4111 (SQL injection vulnerability in the login script in Real Estate
listing ...)
- TODO: check
+ NOT-FOR-US: Real Estate listing website
CVE-2007-4110 (SQL injection vulnerability in sign_in.aspx in Message Board /
...)
- TODO: check
+ NOT-FOR-US: Message Board / Threaded Discussion Forum Application
Template
CVE-2007-4109 (SQL injection vulnerability in sign_in.aspx in WebStore (Online
Store ...)
- TODO: check
+ NOT-FOR-US: WebStore (Online StoreWebStore (Online Store Application
Template)
CVE-2007-4108 (SQL injection vulnerability in sign_in.aspx in WebEvents
(Online Event ...)
- TODO: check
+ NOT-FOR-US: WebEvents (Online Event Registration Template)
CVE-2007-4107 (SQL injection vulnerability in editpost.php in phpMyForum
before 4.1.4 ...)
- TODO: check
+ NOT-FOR-US: phpMyForum
CVE-2007-4106 (SQL injection vulnerability in login.asp in CodeWidgets Pay
Roll - ...)
- TODO: check
+ NOT-FOR-US: CodeWidgets Pay Roll - Time Sheet and Punch Card
Application With Web Interface
CVE-2007-4105 (A certain ActiveX control in BaiduBar.dll in Baidu Soba Search
Bar 5.4 ...)
- TODO: check
+ NOT-FOR-US: Baidu Soba Search Bar
CVE-2007-4104 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: WP-FeedStats plugin for WordPress
CVE-2007-4103 (The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x
before ...)
- TODO: check
+ - asterisk 1:1.4.9~dfsg-1
CVE-2007-4102 (Cross-site scripting (XSS) vulnerability in search.php for
sBlog 0.7.3 ...)
- TODO: check
+ NOT-FOR-US: sBlog
CVE-2007-4101 (Multiple PHP remote file inclusion vulnerabilities in Madoa
Poll 1.1 ...)
- TODO: check
+ NOT-FOR-US: Madoa Poll
CVE-2007-4100 (MLDonkey before 2.9.0 does not load certain code from ...)
- TODO: check
+ - mldonkey <unfixed> (bug #435439)
CVE-2007-4099 (Tor before 0.1.2.15 can select a guard node beyond the first
listed ...)
- TODO: check
+ - tor 0.1.2.15-1
CVE-2007-4098 (Tor before 0.1.2.15 does not properly distinguish
"streamids from ...)
- TODO: check
+ - tor 0.1.2.15-1
CVE-2007-4097 (Tor before 0.1.2.15 sends "destroy cells" containing
the reason for ...)
- TODO: check
+ - tor 0.1.2.15-1
CVE-2007-4096 (Buffer overflow in Tor before 0.1.2.15, when using BSD natd
support, ...)
- TODO: check
+ - tor 0.1.2.15-1
CVE-2007-4095 (SQL injection vulnerability in BSM Store Dependent Forums 1.02
allows ...)
- TODO: check
+ NOT-FOR-US: BSM Store Dependent Forums
CVE-2007-4094 (PHP remote file inclusion vulnerability in
library/authorize.php in ...)
- TODO: check
+ NOT-FOR-US: IDevSpot PhpHostBot
CVE-2007-4093 (Minb Is Not a Blog (minb) stores sensitive information under
the web ...)
- TODO: check
+ NOT-FOR-US: Minb Is Not a Blog (minb)
CVE-2007-4092 (Directory traversal vulnerability in index.php in iFoto 1.0.1
and ...)
- TODO: check
+ NOT-FOR-US: iFoto
CVE-2007-4091
RESERVED
CVE-2007-4090 (Multiple cross-site scripting (XSS) vulnerabilities in
Vikingboard ...)
- TODO: check
+ NOT-FOR-US: Vikingboard
CVE-2007-4089 (Vikingboard 0.1.2 allows remote attackers to obtain sensitive
...)
- TODO: check
+ NOT-FOR-US: Vikingboard
CVE-2007-4088 (Multiple cross-site scripting (XSS) vulnerabilities in
Vikingboard ...)
- TODO: check
+ NOT-FOR-US: Vikingboard
CVE-2007-4087 (AlstraSoft Video Share Enterprise allows remote attackers to
obtain ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-4086 (Multiple SQL injection vulnerabilities in AlstraSoft Video
Share ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-4085 (Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro
allow ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2007-4084 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate
Network ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2007-4083 (Multiple cross-site scripting (XSS) vulnerabilities in
AlstraSoft ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2007-4082 (Cross-site scripting (XSS) vulnerability in contact_author.php
...)
- TODO: check
+ NOT-FOR-US: AlstraSoft Article Manager Pro
CVE-2007-4081 (Multiple cross-site scripting (XSS) vulnerabilities in
AlstraSoft ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft Affiliate Network Pro
CVE-2007-4080 (Cross-site scripting (XSS) vulnerability in index.php
AlstraSoft ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft
CVE-2007-4079 (Multiple cross-site scripting (XSS) vulnerabilities in
AlstraSoft SMS ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft
CVE-2007-4078 (Multiple cross-site scripting (XSS) vulnerabilities in
AlstraSoft Text ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft
CVE-2007-4077 (Multiple cross-site scripting (XSS) vulnerabilities in
AlstraSoft ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft
CVE-2007-4076 (Multiple SQL injection vulnerabilities in index.asp in
Alisveris ...)
- TODO: check
+ NOT-FOR-US: Alisveris Sitesi Scripti
CVE-2007-4075 (Cross-site scripting (XSS) vulnerability in index.asp in
Alisveris ...)
- TODO: check
+ NOT-FOR-US: Alisveris Sitesi Scripti
CVE-2007-4074 (The default configuration of Centre for Speech Technology
Research ...)
- TODO: check
+ - festival <unfixed> (bug filed; low)
CVE-2007-4073 (Webbler CMS before 3.1.6 does not properly restrict use of
"mail a ...)
TODO: check
CVE-2007-4072 (Webbler CMS before 3.1.6 provides the full installation path
within ...)
@@ -203,7 +203,7 @@
RESERVED
CVE-2007-5645
REJECTED
- TODO: check
+ NOTE: duplicate of CVE-2006-5645
CVE-2007-4018 (Citrix Access Gateway Advanced Edition before firmware 4.5.5
allows ...)
TODO: check
CVE-2007-4017 (Cross-site request forgery (CSRF) vulnerability in the
web-based ...)
@@ -502,9 +502,6 @@
RESERVED
CVE-2006-7221 (Multiple off-by-one errors in fsplib.c in fsplib before 0.8
allow ...)
TODO: check
-CVE-2007-XXXX [asterisk DoS in IAX2 channel driver]
- - asterisk 1:1.4.9~dfsg-1
- NOTE: ASA-2007-018
CVE-2007-XXXX [dokuwiki XSS in spellchecker]
- dokuwiki 0.0.20070626b-1 (unimportant; bug #434134)
NOTE: IE browser bug are not treated as security issues in packages
applications
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
