Author: stef-guest
Date: 2007-07-31 20:07:36 +0000 (Tue, 31 Jul 2007)
New Revision: 6200
Modified:
data/CVE/list
Log:
nessus not-affected
apache issue unimportant
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-07-31 19:50:33 UTC (rev 6199)
+++ data/CVE/list 2007-07-31 20:07:36 UTC (rev 6200)
@@ -85,19 +85,19 @@
CVE-2007-4074 (The default configuration of Centre for Speech Technology
Research ...)
- festival <unfixed> (bug #435445; low)
CVE-2007-4073 (Webbler CMS before 3.1.6 does not properly restrict use of
"mail a ...)
- TODO: check
+ NOT-FOR-US: Webbler CMS
CVE-2007-4072 (Webbler CMS before 3.1.6 provides the full installation path
within ...)
- TODO: check
+ NOT-FOR-US: Webbler CMS
CVE-2007-4071 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Webbler CMS
CVE-2007-4070 (Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy)
on Sun ...)
TODO: check
CVE-2007-4069 (SQL injection vulnerability in show_cat.php in IndexScript 2.8
and ...)
- TODO: check
+ NOT-FOR-US: IndexScript
CVE-2007-4068 (Multiple SQL injection vulnerabilities in Webyapar 2.0 allow
remote ...)
- TODO: check
+ NOT-FOR-US: Webyapar
CVE-2007-4067 (Absolute path traversal vulnerability in the
clInetSuiteX6.clWebDav ...)
- TODO: check
+ NOT-FOR-US: Clever Internet ActiveX Suite
CVE-2007-4066
RESERVED
CVE-2007-4065
@@ -110,33 +110,34 @@
- drupal5 5.2-1 (low)
NOTE: DRUPAL-SA-2007-017
CVE-2007-4062 (The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in
Nessus ...)
- TODO: check
+ - nessus <not-affected> (Windows only)
CVE-2007-4061 (Directory traversal vulnerability in a certain ActiveX control
in ...)
- TODO: check
+ - nessus <not-affected> (Windows only)
CVE-2007-4060 (Multiple buffer overflows in the HttpSprockMake function in
http.c in ...)
- TODO: check
+ NOT-FOR-US: corehttp
CVE-2007-4059 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
- TODO: check
+ NOT-FOR-US: EMC VMware
CVE-2007-4058 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
- TODO: check
+ NOT-FOR-US: EMC VMware
CVE-2007-4057 (Unrestricted file upload vulnerability in pfs.php in Neocrome
Seditio ...)
- TODO: check
+ NOT-FOR-US: Neocrome Seditio
CVE-2007-4056 (SQL injection vulnerability in directory.php in Adult Directory
allows ...)
- TODO: check
+ NOT-FOR-US: Adult Directory
CVE-2007-4055 (SQL injection vulnerability in comments_get.asp in SimpleBlog
3.0 ...)
- TODO: check
+ NOT-FOR-US: SimpleBlog
CVE-2007-4054 (SQL injection vulnerability in category.php in PHP123 Top Sites
allows ...)
- TODO: check
+ NOT-FOR-US: PHP123 Top Sites
CVE-2007-4053 (SQL injection vulnerability in include/img_view.class.php in
LinPHA ...)
- TODO: check
+ NOT-FOR-US: LinPHA
CVE-2007-4052 (Cross-site scripting (XSS) vulnerability in utilities/login.asp
in ...)
- TODO: check
+ NOT-FOR-US: nukedit
CVE-2007-4051 (Heap-based buffer overflow in the FindFiles function in
UltraDefrag ...)
- TODO: check
+ NOT-FOR-US: UltraDefrag
CVE-2007-4050 (Unspecified vulnerability in WebUI in ADempiere Bazaar before
3.3 beta ...)
- TODO: check
+ NOT-FOR-US: ADempiere Bazaar
CVE-2007-4049 (Cross-site scripting (XSS) vulnerability in the printenv.pl
test CGI ...)
- TODO: check
+ - apache <unfixed> (unimportant)
+ NOTE: only an example script /usr/share/doc/apache-common/examples/
CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in
phpSysInfo ...)
TODO: check
CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for
(1) ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
