Author: stef-guest
Date: 2007-08-13 20:01:38 +0000 (Mon, 13 Aug 2007)
New Revision: 6296
Modified:
data/CVE/list
Log:
- already fixed: dovecot (low), moodle (low), java
- new issues: php (low), wordpress (maybe fixed)
- bugnum
- NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-08-13 19:27:48 UTC (rev 6295)
+++ data/CVE/list 2007-08-13 20:01:38 UTC (rev 6296)
@@ -19,70 +19,74 @@
CVE-2007-4258 (SQL injection vulnerability in directory.php in Prozilla Pub
Site ...)
NOT-FOR-US: Prozilla
CVE-2007-4257 (Multiple buffer overflows in Live for Speed (LFS) S1 and S2
allow ...)
- TODO: check
+ NOT-FOR-US: Live for Speed
CVE-2007-4256 (Directory traversal vulnerability in showpage.cgi in YNP Portal
System ...)
- TODO: check
+ NOT-FOR-US: YNP Portal System
CVE-2007-4255 (Buffer overflow in the mSQL extension in PHP 5.2.3 allows ...)
- TODO: check
+ - php5 <unfixed>
+ - php4 <removed>
+ [etch] - php5 <no-dsa> (requires malicious script)
+ [etch] - php4 <no-dsa> (requires malicious script)
+ [sarge] - php4 <no-dsa> (requires malicious script)
CVE-2007-4254 (Stack-based buffer overflow in a certain ActiveX control in
VDT70.DLL ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-4253 (SQL injection vulnerability in the News module in modules.php
in ...)
- TODO: check
+ NOT-FOR-US: Envolution
CVE-2007-4252 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
- TODO: check
+ NOT-FOR-US: CHILKAT ASP String
CVE-2007-4251 (OpenOffice.org (OOo) 2.2 does not properly handle files with
multiple ...)
- openoffice.org (unimportant)
NOTE: Only a crasher with malformed documents
CVE-2007-4250 (The isChecked function in Toolbar.DLL in Advanced Searchbar
allows ...)
- TODO: check
+ NOT-FOR-US: Advanced Searchbar
CVE-2007-4249 (The isChecked function in Toolbar.DLL in the ExportNation
toolbar for ...)
- TODO: check
+ NOT-FOR-US: ExportNation toolbar
CVE-2007-4248 (The CallCmd function in toolbar_gaming.dll in the Toolbar
Gaming ...)
- TODO: check
+ NOT-FOR-US: Toolbar Gaming toolbar
CVE-2007-4247 (Windows Calendar on Microsoft Windows Vista allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-4246 (Unspecified vulnerability, possibly a buffer overflow, in
Justsystem ...)
- TODO: check
+ NOT-FOR-US: Justsystem Ichitaro
CVE-2007-4245 (Cross-site scripting (XSS) vulnerability in Search.php in
DiMeMa ...)
- TODO: check
+ NOT-FOR-US: DiMeMa CONTENTdm
CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in the
J! ...)
- TODO: check
+ NOT-FOR-US: com_jreactions for Joomla!
CVE-2007-4243 (Unspecified vulnerability in pfilter-reporter.pl in Astaro
Security ...)
- TODO: check
+ NOT-FOR-US: Astaro
CVE-2007-4242 (The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not
perform ...)
- TODO: check
+ NOT-FOR-US: Astaro
CVE-2007-4241 (Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller
for ...)
- TODO: check
+ NOT-FOR-US: Hewlett-Packard
CVE-2007-4240 (The check_logout function in class/auth.php in Help Center Live
(hcl) ...)
- TODO: check
+ NOT-FOR-US: Help Center Live
CVE-2007-4239 (Cross-site scripting (XSS) vulnerability in
user/forgotPassStep2.jsp ...)
- TODO: check
+ NOT-FOR-US: C-SAM oneWallet
CVE-2007-4238 (AIX 5.2 and 5.3 install pioinit with user and group ownership
of bin, ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2007-4237 (Buffer overflow in the atm subset in arp in
devices.common.IBM.atm.rte ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2007-4236 (Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3
allows ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2007-4235 (Multiple PHP remote file inclusion vulnerabilities in VietPHP
allow ...)
- TODO: check
+ NOT-FOR-US: VietPHP
CVE-2007-4234 (Unspecified vulnerability in Camera Life before 2.6 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Camera Life
CVE-2007-4233 (Multiple unspecified vulnerabilities in Camera Life before 2.6
allow ...)
- TODO: check
+ NOT-FOR-US: Camera Life
CVE-2007-4232 (PHP remote file inclusion vulnerability in
admin/inc/change_action.php ...)
- TODO: check
+ NOT-FOR-US: PHPNews
CVE-2007-4231 (PHP remote file inclusion vulnerability in order/login.php in
IDevSpot ...)
- TODO: check
+ NOT-FOR-US: PhpHostBot
CVE-2007-4230 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: BellaBiblio
CVE-2007-4229 (Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier
allows ...)
TODO: check
CVE-2007-4228 (rmpvc on IBM AIX 4.3 allows local users to cause a denial of
service ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2007-4227 (Microsoft Windows Explorer (explorer.exe) allows user-assisted
remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-4226 (Directory traversal vulnerability in the BlueCat Networks
Proteus IPAM ...)
- TODO: check
+ NOT-FOR-US: BlueCat Networks Proteus IPAM appliance
CVE-2007-4225 (Visual truncation vulnerability in KDE Konqueror 3.5.7 allows
remote ...)
TODO: check
CVE-2007-4224 (KDE Konqueror 3.5.7 allows remote attackers to spoof the URL
address ...)
@@ -110,13 +114,15 @@
CVE-2007-4213
RESERVED
CVE-2007-4212 (Multiple cross-site scripting (XSS) vulnerabilities in the
Search ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2007-4211 (The ACL plugin in Dovecot before 1.0.3 allows remote
authenticated ...)
- TODO: check
+ - dovecot 1:1.0.3-2 (low)
+ [etch] - dovecot <no-dsa> (minor issue)
+ [sarge] - dovecot <no-dsa> (minor issue)
CVE-2007-4210 (Multiple SQL injection vulnerabilities in module.php in LANAI
(la-nai) ...)
- TODO: check
+ NOT-FOR-US: LANAI CMS
CVE-2007-4209 (SQL injection vulnerability in Recherche.php in Aceboard forum
allows ...)
- TODO: check
+ NOT-FOR-US: Aceboard
CVE-2007-4208 (SQL injection vulnerability in default.asp in Next Gen
Portfolio ...)
TODO: check
CVE-2007-4207 (SQL injection vulnerability in admin_console/index.asp in
Gallery In A ...)
@@ -1312,7 +1318,8 @@
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start
in JRE ...)
- TODO: check
+ - sun-java5 1.5.0-12-1
+ - sun-java6 6-02-1
CVE-2007-3654
RESERVED
CVE-2007-3653
@@ -1487,7 +1494,7 @@
CVE-2007-3569 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver
Library ...)
NOT-FOR-US: Oliver Library Management System
CVE-2007-3568 (The _LoadBMP function in imlib 1.9.15 and earlier allows ...)
- - imlib <unfixed> (bug filed; low)
+ - imlib <unfixed> (bug #437708; low)
CVE-2007-3567 (MySQLDumper 1.21b through 1.23 REV227 uses a "Limit
GET" statement in ...)
NOT-FOR-US: MysqlDumper
CVE-2007-3566 (Stack-based buffer overflow in the database service
(ibserver.exe) in ...)
@@ -1514,7 +1521,7 @@
CVE-2007-3556 (Liesbeth base CMS stores sensitive information under the web
root with ...)
NOT-FOR-US: Liesbeth
CVE-2007-3555 (Cross-site scripting (XSS) vulnerability in index.php in Moodle
1.7.1 ...)
- TODO: check
+ - moodle 1.8.2-1 (low)
CVE-2007-3554 (Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX
control ...)
NOT-FOR-US: HP
CVE-2007-3553 (Cross-site scripting (XSS) vulnerability in Rapid Install Web
Server ...)
@@ -1524,7 +1531,7 @@
CVE-2007-3551 (Buffer overflow in bbs100 before 3.2 allows remote attackers to
cause ...)
NOT-FOR-US: bbs100
CVE-2007-3550 (Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3549 (SQL injection vulnerability in view_sub_cat.php in Buddy Zone
1.5 ...)
NOT-FOR-US: Buddy Zone
CVE-2007-3548 (Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP
servers ...)
@@ -1536,9 +1543,10 @@
CVE-2007-3545 (Buffer overflow in Warzone 2100 Resurrection before 2.0.7
allows ...)
NOT-FOR-US: Warzone
CVE-2007-3544 (Unrestricted file upload vulnerability in (1) wp-app.php and
(2) ...)
- TODO: check
+ - wordpress <unfixed>
+ TODO: check whether this is fixed in 2.2.2, file bug if not
CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before
2.2.1 and ...)
- TODO: check
+ - wordpress 2.2.1-1
CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in
Pluxml ...)
NOT-FOR-US: Pluxml
CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd
20070408 ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
