Author: fw
Date: 2007-08-04 09:22:50 +0000 (Sat, 04 Aug 2007)
New Revision: 6225
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-08-04 09:18:21 UTC (rev 6224)
+++ data/CVE/list 2007-08-04 09:22:50 UTC (rev 6225)
@@ -147,15 +147,15 @@
CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in
phpSysInfo ...)
TODO: check
CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for
(1) ...)
- TODO: check
+ NOT-FOR-US: geoBlog
CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery
...)
- TODO: check
+ NOT-FOR-US: Pony Gallery
CVE-2007-4045 (The CUPS service on SUSE Linux before 20070720 allows remote
attackers ...)
TODO: check
CVE-2007-4044 (Incomplete blacklist vulnerability in the MS-RPC functionality
in smbd ...)
TODO: check
CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network
Security ...)
- TODO: check
+ NOT-FOR-US: Secure Computing SecurityReporter
CVE-2007-4042 (Multiple argument injection vulnerabilities in Netscape
Navigator 9 ...)
TODO: check
CVE-2007-4041 (Multiple argument injection vulnerabilities in Mozilla Firefox
2.0.0.5 ...)
@@ -167,39 +167,39 @@
CVE-2007-4038 (Argument injection vulnerability in Mozilla Firefox before
2.0.0.5, ...)
TODO: check
CVE-2007-4037 (** DISPUTED ** Guidance Software EnCase allows user-assisted
remote ...)
- TODO: check
+ NOT-FOR-US: Guidance Software
CVE-2007-4036 (** DISPUTED ** Guidance Software EnCase allows user-assisted
remote ...)
- TODO: check
+ NOT-FOR-US: Guidance Software
CVE-2007-4035 (** DISPUTED ** Guidance Software EnCase does not properly
handle (1) ...)
- TODO: check
+ NOT-FOR-US: Guidance Software
CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 ActiveX
control ...)
- TODO: check
+ NOT-FOR-US: Yahoo! Widgets
CVE-2007-4033 (Buffer overflow in php_gd2.dll in the gd (PHP_GD2) extension in
PHP ...)
TODO: check
CVE-2007-4032 (Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted
remote ...)
- TODO: check
+ NOT-FOR-US: CrystalPlayer
CVE-2007-4031 (Directory traversal vulnerability in a certain ActiveX control
in ...)
- TODO: check
+ NOT-FOR-US: Nessus ActiveX control
CVE-2007-4030
RESERVED
CVE-2007-4029 (libvorbis 1.1.2, and possibly other versions before 1.2.0,
allows ...)
TODO: check
CVE-2007-4028 (Absolute path traversal vulnerability in index.php in Webspell
4.01.02 ...)
- TODO: check
+ NOT-FOR-US: WebSPELL
CVE-2007-4027 (Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier
might allow ...)
- TODO: check
+ NOT-FOR-US: Areca
CVE-2007-4026 (epesi framework before 0.8.6 does not properly verify file
extensions, ...)
- TODO: check
+ NOT-FOR-US: epesi
CVE-2007-4025 (Unspecified vulnerability in Sun Java System (SJS) Application
Server ...)
- TODO: check
+ NOT-FOR-US: Sun Java System Application Server
CVE-2007-4024 (Cross-site scripting (XSS) vulnerability in
W1L3D4_aramasonuc.asp in ...)
- TODO: check
+ NOT-FOR-US: W1L3D4
CVE-2007-4023 (Cross-site scripting (XSS) vulnerability in the login CGI
program in ...)
- TODO: check
+ NOT-FOR-US: Aruba Mobility Controller
CVE-2007-4022 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2007-4021 (Multiple cross-site scripting (XSS) vulnerabilities in
login.php in ...)
- TODO: check
+ NOT-FOR-US: Brain Book Software Secure
CVE-2007-4020 (Multiple cross-site scripting (XSS) vulnerabilities in
login.php in ...)
TODO: check
CVE-2007-4019
@@ -208,17 +208,17 @@
REJECTED
NOTE: duplicate of CVE-2006-5645
CVE-2007-4018 (Citrix Access Gateway Advanced Edition before firmware 4.5.5
allows ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2007-4017 (Cross-site request forgery (CSRF) vulnerability in the
web-based ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2007-4016 (Unspecified vulnerability in the client components in Citrix
Access ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2007-4015 (Citrix Access Gateway Advanced Edition before 4.5 HF1 allows
attackers ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2007-4014 (Cross-site scripting (XSS) vulnerability in a certain index.php
...)
- TODO: check
+ NOT-FOR-US: Blix themes for WordPress
CVE-2007-4013 (Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka
...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2007-4012 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750
...)
NOT-FOR-US: Cisco
CVE-2007-4011 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750
...)
@@ -226,19 +226,19 @@
CVE-2007-4010 (The win32std extension in PHP 5.2.3 does not follow safe_mode
and ...)
TODO: check
CVE-2007-4009 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: SWSoft Confixx
CVE-2007-4008 (Directory traversal vulnerability in custom.php in
Entertainment Media ...)
- TODO: check
+ NOT-FOR-US: Entertainment CMS
CVE-2007-4007 (PHP remote file inclusion vulnerability in index.php in Article
...)
- TODO: check
+ NOT-FOR-US: Article Directory
CVE-2007-4006 (Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7
has ...)
TODO: check
CVE-2007-4005 (Stack-based buffer overflow in Mike Dubman Windows RSH daemon
(rshd) ...)
- TODO: check
+ NOT-FOR-US: Mike Dubman Windows RSH daemon
CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0
allows ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2007-4003 (pioout in IBM AIX 5.3 SP6 allows local users to execute
arbitrary code ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2007-4002
RESERVED
CVE-2007-4001
@@ -605,7 +605,7 @@
CVE-2007-3829 (Multiple stack-based buffer overflows in (a) InterActual Player
...)
NOT-FOR-US: InterActual Player
CVE-2007-3828 (Unspecified vulnerability in mDNSResponder in Apple Mac OS X
allows ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2007-3827 (Mozilla Firefox allows for cookies to be set with a null domain
(aka ...)
TODO: check
CVE-2007-3826 (Microsoft Internet Explorer 7 on Windows XP SP2 allows remote
...)
@@ -720,13 +720,13 @@
CVE-2007-3772 (Directory traversal vulnerability in news/show.php in PsNews
1.1 ...)
NOT-FOR-US: PsNews
CVE-2007-3771 (Stack-based buffer overflow in the Internet E-mail Auto-Protect
...)
- TODO: check
+ NOT-FOR-US: Symantec Antivirus
CVE-2007-3770 (The terminal_helper_execute function in terminal/terminal.c in
Xfce ...)
TODO: check
CVE-2007-3769 (Cross-site scripting (XSS) vulnerability in the mirrored server
...)
- TODO: check
+ NOT-FOR-US: SurgeFTP
CVE-2007-3768 (The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted,
remote ...)
- TODO: check
+ NOT-FOR-US: SurgeFTP
CVE-2007-3767
RESERVED
CVE-2007-3766
@@ -836,13 +836,13 @@
CVE-2007-3730 (The default configuration of the POP server in TCP/IP Services
5.6 for ...)
TODO: check
CVE-2007-3729 (The default configuration of the POP server in TCP/IP Services
5.6 for ...)
- TODO: check
+ NOT-FOR-US: HP OpenVMS
CVE-2007-3728 (Buffer overflow in lib/silcclient/client_notify.c of SILC
Client and ...)
- silc-toolkit 1.1.2-1
[etch] - silc-toolkit <not-affected> (Only the 1.1.x branch is affected)
NOTE: http://silcnet.org/docs/changelog/SILC Toolkit 1.1.2
CVE-2007-3727 (Multiple unspecified vulnerabilities in Webmatic before 2.7
have ...)
- TODO: check
+ NOT-FOR-US: WebMatic
CVE-2007-3726 (Integer signedness error in the SET_VALUE function in rarvm.cpp
in ...)
TODO: check
CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91
allows ...)
@@ -864,7 +864,7 @@
CVE-2007-3718 (Multiple unspecified vulnerabilities in the SVG parsing engine
in ...)
TODO: check
CVE-2007-3717 (rcp on Sun Solaris 8, 9, and 10 before 20070710 does not
properly call ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2007-3716 (The Java XML Digital Signature implementation in Sun JDK and
JRE 6 ...)
TODO: check
CVE-2007-3715 (Sun Java System Application Server and Web Server 7.0 through
9.0 ...)
@@ -874,9 +874,9 @@
CVE-2007-3713 (Multiple buffer overflows in Konst CenterICQ 4.9.11 through
4.21 allow ...)
TODO: check
CVE-2007-3712 (Multiple cross-site scripting (XSS) vulnerabilities in
HiddenChest "is ...)
- TODO: check
+ NOT-FOR-US: HiddenChest
CVE-2007-3711 (Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and
2.5.x ...)
- TODO: check
+ NOT-FOR-US: TippingPoint IPS
CVE-2007-3710 (PHP remote file inclusion vulnerability in ...)
TODO: check
CVE-2007-3709 (CRLF injection vulnerability in the redirect function in ...)
@@ -888,15 +888,15 @@
CVE-2007-3706 (The _sanitize_globals function in CodeIgniter 1.5.3 before
20070628 ...)
TODO: check
CVE-2007-3705 (SQL injection vulnerability in FuseTalk 2.0 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: FuseTalk
CVE-2007-3704 (Entertainment CMS allows remote attackers to bypass
authentication and ...)
- TODO: check
+ NOT-FOR-US: Entertainment CMS
CVE-2007-3703 (Stack-based buffer overflow in a certain ActiveX control in
sasatl.dll ...)
- TODO: check
+ NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-3702 (Directory traversal vulnerability in the load function in ...)
TODO: check
CVE-2007-3701 (TippingPoint IPS before 20070710 does not properly handle a ...)
- TODO: check
+ NOT-FOR-US: TippingPoint IPS
CVE-2007-3700 (Sun Java System Access Manager (formerly Java System Identity
Server) ...)
TODO: check
CVE-2007-3699
@@ -1010,7 +1010,7 @@
CVE-2007-3649 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
TODO: check
CVE-2007-3648 (SQL injection vulnerability in Webmatic before 2.6.2, and
possibly ...)
- TODO: check
+ NOT-FOR-US: WebMatic
CVE-2007-3647 (The isloggedin function in Php/login.inc.php in phpTrafficA
1.4.3 and ...)
TODO: check
CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7
and ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
