Author: nion Date: 2007-09-09 19:53:06 +0000 (Sun, 09 Sep 2007) New Revision: 6556 Modified: data/CVE/list Log: php5 issues confirmed NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-09-09 19:37:16 UTC (rev 6555) +++ data/CVE/list 2007-09-09 19:53:06 UTC (rev 6556) @@ -200,19 +200,20 @@ [etch] - firebird2 <unfixed> [sarge] - firebird2 <unfixed> CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...) - TODO: check + - php5 <unfixed> (medium) CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP before ...) - TODO: check + - php5 <unfixed> (medium) CVE-2007-4661 (The chunk_split function in string.c in PHP 5.2.3 does not properly ...) - TODO: check + - php5 <unfixed> (medium) CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP before ...) - TODO: check + - php5 <unfixed> (low) CVE-2007-4659 (The zend_alter_ini_entry function in PHP before 5.2.4 does not ...) - TODO: check + - php5 <unfixed> (low) CVE-2007-4658 (The money_format function in PHP before 5.2.4 permits multiple (1) %i ...) - TODO: check + - php5 <unfixed> CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before ...) - TODO: check + - php5 <unfixed> + - php4 <removed> CVE-2007-4656 (backup-manager-upload in Backup Manager before 0.6.3 provides the FTP ...) - backup-manager 0.7.6-3 (bug #439392) CVE-2007-4655 (Multiple directory traversal vulnerabilities in CGI RESCUE Shopping ...) @@ -222,7 +223,7 @@ CVE-2007-4653 (SQL injection vulnerability in links.php in the Links MOD 1.2.2 and ...) NOT-FOR-US: Cisco Content Services Switch CVE-2007-4652 (PHP before 5.2.4 might allow local users to bypass open_basedir ...) - TODO: check + - php5 <unfixed> (low) CVE-2007-4651 RESERVED CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow ...) @@ -584,7 +585,7 @@ CVE-2007-4490 (Multiple buffer overflows in EarthAgent.exe in Trend Micro ...) NOT-FOR-US: Trend Micro CVE-2007-4489 (Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 ...) - TODO: check + NOT-FOR-US: eCentrex VOIP CVE-2007-4488 (Multiple cross-site scripting (XSS) vulnerabilities in the Siemens ...) NOT-FOR-US: Siemens GigaSet firmware CVE-2007-4487 (Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision ...)